The send permission could be bypassed. Is my analysis right?

+1 vote
In the DOCS: For a multisig input (whether pay-to-scripthash or bare multisig), the address corresponding to at least one of the pubkeys, or the pay-to-scripthash address itself, must have send permissions.

I would like to know if the blockchain checks that one of the submitted signatures in the tx inputs  transaction has send permissions because if not then, there is a chance for foul play.

Come to think of it, A Malicious user can scan the blockchain for an old transaction that has a valid anyone can send permission,

create a new new 2 in 3 multsig  address using two addresses that cannot send and the address that can send.  he can use this to receive  coins and send without ever having to require send permission.
asked Dec 22, 2018 by ofumbi

1 Answer

0 votes

Yes, the blockchain checks the actual signatures in the input to ensure that one of them has send permissions.

And I'm not sure what you mean by a "transaction that has a valid anyone can send permission"?

answered Dec 22, 2018 by MultiChain
Thank you, this answers my questions.  Also You guys should setup a market place
...