[bitcoin-dev] Disallow insecure use of SIGHASH_SINGLE
chris at suredbits.com
Wed Jun 6 00:17:52 UTC 2018
Do you have any thoughts on expanding this to SIGHASH_NONE? Perhaps someone
else on the dev list can enlighten me, but is there a current use case for
SIGHASH_NONE that would suffer from it being non standard?
On Thu, May 31, 2018 at 1:53 PM, Johnson Lau via bitcoin-dev <
bitcoin-dev at lists.linuxfoundation.org> wrote:
> I’ve made a PR to add a new policy to disallow using SIGHASH_SINGLE
> without matched output:
> Signature of this form is insecure, as it commits to no output while users
> might think it commits to one. It is even worse in non-segwit scripts,
> which is effectively SIGHASH_NOINPUT|SIGHASH_NONE, so any UTXO of the same
> key could be stolen. (It’s restricted to only one UTXO in segwit, but it’s
> still like a SIGHASH_NONE.)
> This is one of the earliest unintended consensus behavior. Since these
> signatures are inherently unsafe, I think it does no harm to disable this
> unintended “feature” with a softfork. But since these signatures are
> currently allowed, the first step is to make them non-standard.
> bitcoin-dev mailing list
> bitcoin-dev at lists.linuxfoundation.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the bitcoin-dev