Tricking the complainAboutNode function

I'm trying to implement the FairSwap protocol and I'm having problems with proving that the _Zin1 and  _Zin2 are the inputs for the provided _Zout and not for a different element of the Merkle tree.

I've found that illustration helps understand what I'm saying, so I'll just give a simple example and please let me know if I'm mistaken:
```
  fileRoot 
   /  \
 AB    CD
 /\    /\
A  B  C  D
```
If I complain that the hash of A and B is not equal to CD I would need to provide the Merkle proof of A and Merkle proof for CD. 

The `vrfy` function would pass for both of those proofs, but the key issue is with the following line:
```
if (Xout != keccak256(cryptSmall(_indexIn, _Zin1), cryptSmall(_indexIn+1, _Zin2))) {
    selfdestruct(receiver);
}
```

Here, the hash of decoded values of A and B would be different than the decoded CD value, and the sale contract would end in favour of the receiver, even though the data provided generates the correct file hash.

Is there a way for the smart contract to verify that this is not the case?

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Tricking the complainAboutNode function #2

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Tricking the complainAboutNode function #2

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions