From 68cd5b6ff97dd736df84201633bdb3fec02a24ea Mon Sep 17 00:00:00 2001 From: "David A. Harding" Date: Wed, 21 May 2014 23:08:57 -0400 Subject: [PATCH] Several Corrections & Clarifications Suggested On IRC **Suggested by @cbeams:** _includes/ref_block_chain.md: * Mention that coinbase is the first transaction in a block. **Suggested by @gmaxwell:** _includes/ref_core_rpcs-abcdefg.md: * Mention that you need to unlock your wallet when you run out of keys in the keypool. * Remove erroneous assertion that txindex=1 would allow `getreceivedbyaddress` to check balances of addresses not belonging to this wallet. _includes/ref_transactions.md: * Clarify that OP_RETURN scripts aren't usually executed because they always return false. en/developer-reference.md * Add a warning about using block chain or mempool data in executable context. --- _includes/ref_block_chain.md | 2 +- _includes/ref_core_rpcs-abcdefg.md | 7 ++++--- _includes/ref_transactions.md | 6 +++--- en/developer-reference.md | 9 +++++++++ 4 files changed, 17 insertions(+), 7 deletions(-) diff --git a/_includes/ref_block_chain.md b/_includes/ref_block_chain.md index 500b808c..98e2ebf1 100644 --- a/_includes/ref_block_chain.md +++ b/_includes/ref_block_chain.md @@ -27,7 +27,7 @@ As of version 2 blocks, each block consists of four root elements: 4. One or more transactions. -Every block must include a [coinbase transaction][]{:#term-coinbase-tx}{:.term} which should collect and +The first transaction in a block must be a [coinbase transaction][]{:#term-coinbase-tx}{:.term} which should collect and spend any transaction fees paid by transactions included in this block. All blocks with a block height less than 6,930,000 are entitled to receive a [block reward][]{:#term-block-reward}{:.term} of newly created bitcoin value, which also diff --git a/_includes/ref_core_rpcs-abcdefg.md b/_includes/ref_core_rpcs-abcdefg.md index 72177248..7de4fa25 100644 --- a/_includes/ref_core_rpcs-abcdefg.md +++ b/_includes/ref_core_rpcs-abcdefg.md @@ -786,7 +786,9 @@ encryptwallet Encrypts the wallet with 'passphrase'. This is only to enable encryption for the first time. After encryption is enabled, you will need to -enter the passphrase to use private keys. +enter the passphrase to use private keys (which includes generating +additional new addresses once the keypool is exhausted---see +`keypoolrefill`). *Warning:* there is no RPC to completely disable encryption. If you want to return to an unencrypted wallet, you must create a new wallet @@ -2657,8 +2659,7 @@ transactions with at least the indicated number of confirmations. {% autocrossref %} *String; required:* a Bitcoin address to check. Must be an address -belonging to the wallet unless `txindex=1` was added to the `bitcoind` -startup options. +belonging to the wallet. {% endautocrossref %} diff --git a/_includes/ref_transactions.md b/_includes/ref_transactions.md index 9f2e2859..a039f2ef 100644 --- a/_includes/ref_transactions.md +++ b/_includes/ref_transactions.md @@ -47,9 +47,9 @@ The op codes used in standard transactions are, error in the Bitcoin Core implementation. This value is not used, so scriptSigs prefix the signatures with a single OP_0 (0x00). -* [`OP_RETURN`][op_return]{:#term-op-return}{:.term} terminates the script in failure. However, this will not - invalidate a null data transaction which contains no more than 40 - bytes following `OP_RETURN` no more than once per transaction. +* [`OP_RETURN`][op_return]{:#term-op-return}{:.term} terminates the script in failure, + rendering the output unspendable and allowing a miner to claim the + satoshis sent to that OP_RETURN output as an additional transaction fee. A complete list of OP codes can be found on the Bitcoin Wiki [Script Page][wiki script], with an authoritative list in the `opcodetype` enum diff --git a/en/developer-reference.md b/en/developer-reference.md index ae13030b..4e4a8cf2 100644 --- a/en/developer-reference.md +++ b/en/developer-reference.md @@ -33,6 +33,15 @@ title: "Developer Reference - Bitcoin" ### Remote Procedure Calls (RPCs) +**Warning:** the block chain and memory pool can include arbitrary data +which several of the commands below will return in hex format. If you +convert this data to another format in an executable context, it could +be used in an exploit. For example, displaying an output script as +ASCII text in a webpage could add arbitrary Javascript to that page and +create a cross-site scripting (XSS) exploit. To avoid problems, please +treat block chain and memory pool data as an arbitrary input from an +untrusted source. + {% include ref_core_rpcs-abcdefg.md %} {% include ref_core_rpcs-hijklmn.md %} {% include ref_core_rpcs-opqrst.md %}