Add warning about the merkle-tree algorithm duplicate txid flaw

Lots of people read the Bitcoin Core codebase to learn more about crypto; better to warn about flaws explicitly so they don't blindly copy the code for other uses and create broken systems.
author: Peter Todd <pete@petertodd.org> 2014-09-20 12:32:42 -0400
committer: Peter Todd <pete@petertodd.org> 2014-09-20 13:23:44 -0400
commit: 01c28073ba2cae5a53124c7dc7123240b98513ce (patch)
tree: 331e58ff43d1736966e21aca2b08c5d4bdc0c081 /src
parent: 25308337d659108e3320257fb6c1c16d5fe24aa9 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/src/core.cpp b/src/core.cpp
index 491e4fa68b..e52327ba8e 100644
--- a/src/core.cpp
+++ b/src/core.cpp
@@ -226,6 +226,13 @@ uint256 CBlockHeader::GetHash() const
 
 uint256 CBlock::BuildMerkleTree() const
 {
+    // WARNING! If you're reading this because you're learning about crypto
+    // and/or designing a new system that will use merkle trees, keep in mind
+    // that the following merkle tree algorithm has a serious flaw related to
+    // duplicate txids, resulting in a vulnerability. (CVE-2012-2459) Bitcoin
+    // has since worked around the flaw, but for new applications you should
+    // use something different; don't just copy-and-paste this code without
+    // understanding the problem first.
     vMerkleTree.clear();
     BOOST_FOREACH(const CTransaction& tx, vtx)
         vMerkleTree.push_back(tx.GetHash());
author	Peter Todd <pete@petertodd.org>	2014-09-20 12:32:42 -0400
committer	Peter Todd <pete@petertodd.org>	2014-09-20 13:23:44 -0400
commit	01c28073ba2cae5a53124c7dc7123240b98513ce (patch)
tree	331e58ff43d1736966e21aca2b08c5d4bdc0c081 /src
parent	25308337d659108e3320257fb6c1c16d5fe24aa9 (diff)