Attempting to verify the signature for a single signing flag transaction where the ouput is non existant

signhash_single.py

import ecdsa

# https://bitcoin.stackexchange.com/questions/114850/sighash-single-with-no-corresponding-output


pubkey = "044edfcf9dfe6c0b5c83d1ab3f78d1b39a46ebac6798e08e19761f5ed89ec83c108172c4776865f02047b39cd704135c00c1b00085e0d1b9255405ac7079fa50a2"
signature = "912f994094193109a9faedf7ef855220638f95ac51c66d4eb46740dd1c0813fa100bc99adb8b64fb784173ca8883a78835e156b74f143c02e071dc82695e8472"
msg = bytes.fromhex("0100000000000000000000000000000000000000000000000000000000000000")

verify_key = ecdsa.VerifyingKey.from_string(bytearray.fromhex(pubkey), curve=ecdsa.SECP256k1)
# To verify a digest we need to call a special function because `hashfunc=None` will use the default hashfunc on the msg
# see https://github.com/tlsfuzzer/python-ecdsa/blob/5db1d2d2c415b25e741c06451dbc72cb44f75e23/src/ecdsa/keys.py#L671
# verify_key.verify(bytearray.fromhex(signature), msg, hashfunc=None)
verify_key.verify_digest(bytes.fromhex(signature), msg)

You still need the other person to sign the HASH_ONE value. Then people can re-use this signature to steal what funds are left on the address. The signature can be reuse because it sign the simple value 0100000000000000000000000000000000000000000000000000000000000000 (aka HASH_ONE) and not a real unique transaction.

Ah! You're right! Thank you for explanation! I was missing that info wondering if it is possible to adapt the code. Now I know it is impossible.

Is HASH_ONE hashed/signed always the same?