Return-Path: Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 8EBD2C0032 for ; Fri, 8 Sep 2023 15:07:25 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 5B71881FB4 for ; Fri, 8 Sep 2023 15:07:25 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 5B71881FB4 Authentication-Results: smtp1.osuosl.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20221208 header.b=TNY2Jt7R X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -1.599 X-Spam-Level: X-Spam-Status: No, score=-1.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, PDS_BTC_ID=0.499, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bHT6zbJo2G4k for ; Fri, 8 Sep 2023 15:07:24 +0000 (UTC) Received: from mail-qv1-xf36.google.com (mail-qv1-xf36.google.com [IPv6:2607:f8b0:4864:20::f36]) by smtp1.osuosl.org (Postfix) with ESMTPS id 53EE181FB3 for ; Fri, 8 Sep 2023 15:07:24 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 53EE181FB3 Received: by mail-qv1-xf36.google.com with SMTP id 6a1803df08f44-64a70194fbeso13704126d6.0 for ; Fri, 08 Sep 2023 08:07:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1694185643; x=1694790443; darn=lists.linuxfoundation.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=apVrpYmv0ckVBelozlLgRdznR2Ym2LiGk+MaEnoKZiM=; b=TNY2Jt7RszMh4aRYxYuRbLPcQs5MxyVmgzDFFyCqAV/MRzCZv+JIrChmC8gG7ZiH1t CSY79V0/kmkxppL8ifOvcOC4CscutYI1rWROtjEC7IO0Iih245l8VIggApP/va3arHTn wLam3j8ezksjTAPi546Mk5pM5bid54D76zOx0G78zHqHWqDZsP/Wrii2e2Gw74iM5uue HOYUr1t8Ao5vBSm6O2a7YQUhQYvpayfs/SppjVO83VV1ssVrqUDeriJdzLSTqM4LMeO/ ch+uTTWl/x9266kIrA7rdRwYTug1/meemo22o8AQwxDvK4t5yO83If0ABu4nDb3BZ3UK FI9A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1694185643; x=1694790443; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=apVrpYmv0ckVBelozlLgRdznR2Ym2LiGk+MaEnoKZiM=; b=mnekJpsXm/M5gL2g2tjjNLyNXNWbOcBLD1Vjr3Ztsispgw0JxFRPMlrNbvLkNwpb9I F6Prk3aGITy56G9yerRnaQj09TzMniXi2xcMapCNynYlKDuTuqqewIxZe7ZvoLPaMByH com+mV/O/tkWEtwW7pfpy6vEkDkMnaGPRxZi6aVWj40/740yGUuZkDR6tBoMJHwPIDub POM+V72VHeO7rOordqP+jGUtdcGAPIHe43iAQ7ZbCj/7cDZ0BMUPK928YbkEd3jDOEnX Q0vgtiJpDjsP71Ipk/sghZXCEsQKUlSCXXbq+4/Im41n+dx4EO/yfaGxgDRggcW0Vyu/ E2YA== X-Gm-Message-State: AOJu0YyvtzwW/GhcD1W6BcNWWTcTC1bof6gdF811JMn6FF1FVIT2R41M C34ih9nBQ1F5ImV4RYgidhU5f7n2ByXgt6KZE1E= X-Google-Smtp-Source: AGHT+IGiLXJPNMqBstGVKOn7szi7FyOV6UkqUMsr6A7NiCjNuiC9olsfrcStj90U/5u/EqBo3kotWD9/TN2zWKTdszk= X-Received: by 2002:a0c:f711:0:b0:653:5a81:4ac2 with SMTP id w17-20020a0cf711000000b006535a814ac2mr2615958qvn.35.1694185643042; Fri, 08 Sep 2023 08:07:23 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Lucas Ontivero Date: Fri, 8 Sep 2023 15:07:11 +0000 Message-ID: To: kiminuo , Bitcoin Protocol Discussion Content-Type: multipart/alternative; boundary="0000000000006fed850604da55aa" X-Mailman-Approved-At: Sun, 10 Sep 2023 16:06:03 +0000 Subject: Re: [bitcoin-dev] Parameters in BIP21 URIs X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Sep 2023 15:07:25 -0000 --0000000000006fed850604da55aa Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Kiminuo, this was discussed here: https://github.com/bitcoin/bips/pull/49 On Fri, Sep 8, 2023 at 2:39=E2=80=AFPM kiminuo via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > [Formatted version of this post is here: > https://gist.github.com/kiminuo/cc2f19a4c5319e439fc7be8cbe5a39f9] > > Hi all, > > BIP 21 [https://github.com/bitcoin/bips/blob/master/bip-0021.mediawiki] > defines a URI scheme for making Bitcoin payments and the purpose of the U= RI > scheme is to enable users to easily make payments by simply clicking link= s > on webpages or scanning QR Codes. An example of a BIP21 URI is: > > > bitcoin:bc1qd4fxq8y8c7qh76gfnvl7amuhag3z27uw0w9f8p?amount=3D0.004&label= =3DKiminuo&message=3DDonation > > Now to make it easier, these URIs are typically clickable. Bitcoin wallet= s > register the "bitcoin" URI scheme so that a BIP21 URI is parsed and data > are pre-filled in a form to send your bitcoin to a recipient. Notably, > wallets do not send your bitcoin once you click a BIP21 URI, there is sti= ll > a confirmation step that requires user's attention. Very similar experien= ce > is with a QR code that encodes a BIP21 URI where one just scans a QR code > and data is, again, pre-filled in a wallet's UI for your convenience. > > While working on Wasabi's BIP21 implementation I noticed that based on th= e > BIP21 grammar [ > https://github.com/bitcoin/bips/blob/master/bip-0021.mediawiki#abnf-gramm= ar], > it is actually allowed to specify URI parameters multiple times. This mea= ns > that the following URI is actually valid: > > bitcoin:bc1qd4fxq8y8c7qh76gfnvl7amuhag3z27uw0w9f8p?amount=3D0.004&label= =3DKiminuo&message=3DDonation&amount=3D1.004 > (note that the 'amount' parameter is specified twice) > > Bitcoin Core implements "the last value wins" behavior[^3] so amount=3D1.= 004 > will be taken into account and not "amount=3D0.004"[^4]. However, in gene= ral, > the fact that the same parameter can be specified multiple times can lead > to a confusion for users and developers[^1][^2]. In the worst case, it > might be exploited by some social engineering attempts by attempting to > craft a 'clever' BIP21 URI and exploting behavior of a particular wallet > software. For the record, I'm not aware that it actually happens, so this > is rather a concern. > > The main question of this post is: Is it useful to allow specifying BIP21 > parameters multiple times or is it rather harmful? > > Regards, > K. > > [^1]: https://github.com/JoinMarket-Org/joinmarket-clientserver/pull/1510 > [^2]: > https://github.com/MetacoSA/NBitcoin/blob/93ef4532b9f2ea52b2c910266eeb668= 4f3bd25de/NBitcoin/Payment/BitcoinUrlBuilder.cs#L74-L78 > [^3]: I added a test to that effect in > https://github.com/bitcoin/bitcoin/pull/27928/files, see > https://github.com/bitcoin/bitcoin/blob/83719146047947e588aa0c7b5eee02f44= 884553d/src/qt/test/uritests.cpp#L68-L73 > . > [^4]: You can test your wallet's behavior by scanning the last image here > https://github.com/zkSNACKs/WalletWasabi/pull/10578#issue-1687564404 (or > directly > https://user-images.githubusercontent.com/58662979/265389405-16893ce8-7c1= 9-4262-bb60-5fd711336685.png > ). > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > --0000000000006fed850604da55aa Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Kiminuo, this was discussed here: https://github.com/bitcoin/bips/pull/49


[Formatted version of this post is here: https://gist.github.com/kiminuo/cc2f19a4c53= 19e439fc7be8cbe5a39f9]

Hi all,

BIP 21 [https://github.com/bitcoin= /bips/blob/master/bip-0021.mediawiki] defines a URI scheme for making Bitcoin payments and the purpose of the URI scheme is to enable users to easily make payments by simply=20 clicking links on webpages or scanning QR Codes. An example of a BIP21=20 URI is:

bitcoin:bc1qd4fxq8y8c7qh76gfn= vl7amuhag3z27uw0w9f8p?amount=3D0.004&label=3DKiminuo&message=3DDona= tion

Now to make it easier, these URIs are typically clickable. Bitcoin wallets=20 register the "bitcoin" URI scheme so that a BIP21 URI is parsed a= nd data are pre-filled in a form to send your bitcoin to a recipient. Notably,=20 wallets do not send your bitcoin once you click a BIP21 URI, there is=20 still a confirmation step that requires user's attention. Very similar= =20 experience is with a QR code that encodes a BIP21 URI where one just=20 scans a QR code and data is, again, pre-filled in a wallet's UI for you= r convenience.

While working on Wasabi= 's BIP21 implementation I noticed that based on the BIP21 grammar [https://git= hub.com/bitcoin/bips/blob/master/bip-0021.mediawiki#abnf-grammar], it i= s actually allowed to specify URI parameters multiple times. This means tha= t the following URI is actually valid:

bitcoin:bc1qd4fxq8y8c7qh76gfnvl7amuhag3z27uw0w9f8p?amount=3D0.004&lab= el=3DKiminuo&message=3DDonation&amount=3D1.004 (note that the 'amount' parameter is specified twice)
=

Bitcoin Core implements "the last value wins" behavior[^3] so amount=3D1= .004 will be taken into account and not "amount=3D0.004"[^4]. However, in = general,=20 the fact that the same parameter can be specified multiple times can=20 lead to a confusion for users and developers[^1][^2]. In the worst case, it might be exploited by some social engineering attempts by attempting to craft a 'clever' BIP21 URI and exploting behavior of a particul= ar=20 wallet software. For the record, I'm not aware that it actually happens= , so this is rather a concern.

The mai= n question of this post is: Is it useful to allow specifying BIP21 paramete= rs multiple times or is it rather harmful?

= Regards,
K.

[^1]: https= ://github.com/JoinMarket-Org/joinmarket-clientserver/pull/1510
--0000000000006fed850604da55aa--