[bitcoin-dev] On the security of softforks
jl2012 at xbt.hk
Sun Dec 20 19:16:29 UTC 2015
Rusty Russell via bitcoin-dev 於 2015-12-19 23:14 寫到:
> Jonathan Toomim via bitcoin-dev <bitcoin-dev at lists.linuxfoundation.org>
>> On Dec 18, 2015, at 10:30 AM, Pieter Wuille via bitcoin-dev
>> <bitcoin-dev at lists.linuxfoundation.org> wrote:
>>> 1) The risk of an old full node wallet accepting a transaction that
>>> invalid to the new rules.
>>> The receiver wallet chooses what address/script to accept coins on.
>>> They'll upgrade to the new softfork rules before creating an address
>>> that depends on the softfork's features.
>>> So, not a problem.
>> Mallory wants to defraud Bob with a 1 BTC payment for some beer. Bob
>> runs the old rules. Bob creates a p2pkh address for Mallory to
>> use. Mallory takes 1 BTC, and creates an invalid SegWit transaction
>> that Bob cannot properly validate and that pays into one of Mallory's
>> wallets. Mallory then immediately spends the unconfirmed transaction
>> into Bob's address. Bob sees what appears to be a valid transaction
>> chain which is not actually valid.
> Pretty sure Bob's wallet will be looking for "OP_DUP OP_HASH160
> <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG" scriptSig. The SegWit-usable
> outputs will (have to) look different, won't they?
I think he means Mallory is paying with an invalid Segwit input, not
output (there is no "invalid output" anyway). However, this is not a
issue if Bob waits for a few confirmations.
More information about the bitcoin-dev