Author: Sergio Demian Lerner 2016-08-18 00:11:16
Published on: 2016-08-18T00:11:16+00:00
The issue at hand is that witness data size is not signed, leading to potential malleability issues and problems for systems with hard limits on the size of witness programs they can accept. A proposed solution is to soft-fork and add an opcode OP_PROGSIZE that pushes the size of the segwit program being evaluated onto the stack, which would allow scripts to take action based on the size. This would prevent an attacker from creating a clone of a transaction with a witness ECDSA signature longer than 0x50 bytes. The discussion also touches on workarounds for current behavior and the need to enforce MINIMALIF in some cases, with the suggestion to make it a relay policy first before considering a softfork.
Updated on: 2023-06-11T19:44:41.380097+00:00