Rusty Russell via bitcoin-dev 於 2015-12-19 23:14 寫到:
Jonathan Toomim via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org>
writes:
On Dec 18, 2015, at 10:30 AM, Pieter Wuille via bitcoin-dev
<bitcoin-dev@lists.linuxfoundation.org> wrote:
1) The risk of an old full node wallet accepting a transaction that
is
invalid to the new rules.
The receiver wallet chooses what address/script to accept coins on.
They'll upgrade to the new softfork rules before creating an address
that depends on the softfork's features.
So, not a problem.
Mallory wants to defraud Bob with a 1 BTC payment for some beer. Bob
runs the old rules. Bob creates a p2pkh address for Mallory to
use. Mallory takes 1 BTC, and creates an invalid SegWit transaction
that Bob cannot properly validate and that pays into one of Mallory's
wallets. Mallory then immediately spends the unconfirmed transaction
into Bob's address. Bob sees what appears to be a valid transaction
chain which is not actually valid.
Pretty sure Bob's wallet will be looking for "OP_DUP OP_HASH160
<pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG" scriptSig. The SegWit-usable
outputs will (have to) look different, won't they?
Cheers,
Rusty.
I think he means Mallory is paying with an invalid Segwit input, not
output (there is no "invalid output" anyway). However, this is not a
issue if Bob waits for a few confirmations.
_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
