ok, looked at it again:
the blockID is a hash over everything in the block (including a payloadHash).
so as soon as you change a transaction, your block will get a different id.
and the id of the previous block is also saved in a block, because that's the reference to building up the chain.
so: everything safe
Wait, wait, wait... Back to Bloody Rookies attack from page 37 of this thread.
The result was: That attack won't work cause every block has the id of the previous block. And if you change one transaction, payloadHash will change and so the id of the block will change, making the blockchain corrupt.
Lets take a look at the method that returns the block id:
byte[] hash = MessageDigest.getInstance("SHA-256").digest(getBytes());
BigInteger bigInteger = new BigInteger(1, new byte[] {hash[7], hash[6], hash[5], hash[4], hash[3], hash[2], hash[1], hash[0]});
return bigInteger.longValue();
The hash consists of hash[7], hash[6], ... hash[0]. So it consists of the first
64 bytes of the getByte method.
Lets take a look at the initialization of the ByteBuffer that is used:
byte[] getBytes() {
ByteBuffer buffer = ByteBuffer.allocate(4 + 4 + 8 + 4 + 4 + 4 + 4 + 32 + 32 + 64 + 64);
buffer.order(ByteOrder.LITTLE_ENDIAN);
buffer.putInt(version);
buffer.putInt(timestamp);
buffer.putLong(previousBlock);
buffer.putInt(numberOfTransactions);
buffer.putInt(totalAmount);
buffer.putInt(totalFee);
buffer.putInt(payloadLength);
buffer.put(payloadHash);
buffer.put(generatorPublicKey);
buffer.put(generationSignature);
buffer.put(blockSignature);
return buffer.array();
}
The first 64 bytes of the getBytes() method (that are setting the blockID) are: version, timestamp, previousBlock, numberOfTransactions, totalAmount, totalFee, payloadLength AND NOT PAYLOADHASH! SO this attack is possible.
So: We can replace the transaction (going to the nxt/btcexchance) with another of the same amount (so numberOfTransactions, totalAmount, totalFee is the same), but we don't send the coins to the exchance anymore but to another account that is mine.
Could you follow me?
//EDIT: This attack would only be possible in 0.4.7e because now a block contains the hash of the previous one (and not only the id).
