Redeem script shall have the following format: OP_DROP ... OP_DROP <PubKey> OP_CHECKSIG
Unlocking script shall have the following format: <signature> <data> ... <data> <redeem script>
The specification doesn't take any measures against the following attack:
My node receiving this transaction quickly; changing the data and my other nodes broadcasting the newer transaction so that the tx/txid is changed and the following of the transactions are invalid.
because The specification says only the redeemscript of P2SH is covered by the signature.
Or does it?
If it doesn't then I suggest many times (OP_CAT OP_HASH160) and storing the final hash in the redeemscript and checking for equality.
The other attack is stealing the P2SH output coins. No, the signature covers output values.
The specification doesn't take any measures against the following attack:
because The specification says only the redeemscript of P2SH is covered by the signature.
Or does it?
If it doesn't then I suggest many times (OP_CAT OP_HASH160) and storing the final hash in the redeemscript and checking for equality.
The other attack is stealing the P2SH output coins.No, the signature covers output values.