[bitcoin-dev] On the security of softforks

jl2012 jl2012 at xbt.hk
Sun Dec 20 19:16:29 UTC 2015


Rusty Russell via bitcoin-dev 於 2015-12-19 23:14 寫到:
> Jonathan Toomim via bitcoin-dev <bitcoin-dev at lists.linuxfoundation.org>
> writes:
>> On Dec 18, 2015, at 10:30 AM, Pieter Wuille via bitcoin-dev 
>> <bitcoin-dev at lists.linuxfoundation.org> wrote:
>> 
>>> 1) The risk of an old full node wallet accepting a transaction that 
>>> is
>>> invalid to the new rules.
>>> 
>>> The receiver wallet chooses what address/script to accept coins on.
>>> They'll upgrade to the new softfork rules before creating an address
>>> that depends on the softfork's features.
>>> 
>>> So, not a problem.
>> 
>> 
>> Mallory wants to defraud Bob with a 1 BTC payment for some beer. Bob
>> runs the old rules. Bob creates a p2pkh address for Mallory to
>> use. Mallory takes 1 BTC, and creates an invalid SegWit transaction
>> that Bob cannot properly validate and that pays into one of Mallory's
>> wallets. Mallory then immediately spends the unconfirmed transaction
>> into Bob's address. Bob sees what appears to be a valid transaction
>> chain which is not actually valid.
> 
> Pretty sure Bob's wallet will be looking for "OP_DUP OP_HASH160
> <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG" scriptSig.  The SegWit-usable
> outputs will (have to) look different, won't they?
> 
> Cheers,
> Rusty.

I think he means Mallory is paying with an invalid Segwit input, not 
output (there is no "invalid output" anyway). However, this is not a 
issue if Bob waits for a few confirmations.


More information about the bitcoin-dev mailing list