Hacker News new | ask | show | jobs
by moe 4365 days ago
the user signs their own transaction.

If I understand it right then that is a lie.

In reality you ask the user to sign a transaction that you create for him.

This is extremely dangerous for the user (pretty close to signing a blank cheque) and I don't like how you try to downplay this flaw.

Your API is broken by design and puts anyone who is naive enough to use it at great risk. You should take it offline.
2 comments
kordless 4365 days ago
I don't understand multisig well, but isn't the point that 2 or more people sign a transaction to cooperate on an address? You claim BlockCypher is asking the user to sign a transaction they created for him, but from what I understand that has to happen with multisig to work. There has to be a common destination everyone agrees on to fund - someone has to create that destination and the rules governing it.

From their documentation it appears Catheryne's comment is accurate regarding the user signing their own transaction: "Sign the returned hex string and post it with the transaction to txs/send. The multisig address is now funded." I'd have to sign my own transaction in my own wallet to fund a third wallet that was multisig enabled.

Can you clarify why you think they are lying and why you think it is so dangerous that you think they should take down their site? That's a fairly big claim from someone and I think it requires a bit more explaining to do before you go all nuclear on them. It's justified if true, but that would need to be established.

Disclaimer: I know Catheryne via the Bitcoin meetup in SF, which I attend regularly.

link
moe 4365 days ago
From what I see their API attempts to decouple two things that can not be decoupled; the creation and the signing of transactions (whether they are multisig or not).

I'm not even sure what benefit that is supposed to bring, but apparently they believe it is easier for developers to use a remote JSON API instead of a local bitcoin library[1] to generate transaction payloads.

The problem is that it is not trivial to inspect and verify the payload before signing it. It is an opaque hex-string. In order to verify that it contains what you want it to contain you need the same machinery that you'd use to create the transaction yourself in first place.

So if you choose to verify the transactions they make up for you before signing them then you could just as well generate the payload yourself.

If you don't verify the transactions they make up for you (which is what their documentation seems to expect) then you put your wallet at the mercy of whoever controls their servers. That is a very bad idea!

Meanwhile, creating and signing bitcoin transactions entirely in your own code, without talking to any remote party, isn't very hard to begin with. Mature libraries and toolkits exist.

Here's how to create a multisig transaction using the sx toolkit: http://sx.dyne.org/multisig.html

[1] http://libbitcoin.dyne.org/

link
mriou 4365 days ago
It is non-trivial to create and sign a transaction among multiple parties. The point of multisig is that you have several entities, some can be humans, some can be machines, programming languages can be widely different. And no matter what, signatures have to be assembled so someone has created some transaction for you to sign before and there has to be some correlation between the signatures of the different parties.

I've had in mind to add a section on how to verify the hex we return with a few simple rules. Following your feedback, we'll add that soon.

P.S. In case it wasn't clear already, I'm a co-founder and CTO at BlockCypher.

link
kordless 4364 days ago
Thank you for the detailed answer. It would appear wording/code that shows how to validate the transaction is in order.
link
ghkbrew 4365 days ago
Seems more like signing a check someone else filled out for you. You can still verify the amount and refuse if it's wrong. Or am I wrong? Doesn't the transaction have to include all the relevant details before it's signed?
link
moe 4365 days ago
Yes, technically the transaction body does include all details.

However, decoding and verifying a complex transaction takes about the same amount of work as generating it yourself to begin with...

Their documentation clearly expects you to blindly sign whatever tx they make up for you. There's not a word on verifying the transaction locally before signing it.

http://dev.blockcypher.com/#signing_sending

link
ghkbrew 4365 days ago
I see, that is disconcerting. Though it doesn't seem to be an issue with the multisig transaction api specifically. The single signatory api implies a certain amount trust that they'll produce the correct transaction as well.

I agree that that trust should be more explicitly explained.

link
mriou 4365 days ago
Thanks for the feedback, we will add a section on how to verify it.
link
CatheryneN 4365 days ago
Indeed, you are correct.
link