From 5b59a19731827398aa32754d1f327178247d3199 Mon Sep 17 00:00:00 2001 From: 4d55397500 Date: Wed, 18 Mar 2020 10:34:53 -0700 Subject: Update merkle.cpp Change comment from `The reason is that if the number of hashes in the list at a given time is odd`, to ` The reason is that if the number of hashes in the list at a given level is odd` (to be a bit more precise) --- src/consensus/merkle.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/consensus/merkle.cpp b/src/consensus/merkle.cpp index 843985e54c..241cc316a6 100644 --- a/src/consensus/merkle.cpp +++ b/src/consensus/merkle.cpp @@ -10,7 +10,7 @@ that the following merkle tree algorithm has a serious flaw related to duplicate txids, resulting in a vulnerability (CVE-2012-2459). - The reason is that if the number of hashes in the list at a given time + The reason is that if the number of hashes in the list at a given level is odd, the last one is duplicated before computing the next level (which is unusual in Merkle trees). This results in certain sequences of transactions leading to the same merkle root. For example, these two -- cgit v1.2.3