Author: Sergio Demian Lerner 2016-08-26 13:16:36
Published on: 2016-08-26T13:16:36+00:00
There was a discussion on Reddit regarding a possible vulnerability in the segwit code. However, Johnson Lau clarified that there is no real attack and explained how a check in the code can prevent such an attack. The subject of the thread had a question mark, indicating that the community was being asked for clarification rather than asserting the existence of a vulnerability. The segwit code is complex, with key parts of the consensus code spread across source files. Johnson Lau's clarifications were appreciated by the community. He added that adding witness data to a non-segwit script is invalid by consensus and shared a pull request that detects such violations early and bans the peer. Another approach is to run the scripts of all incoming transactions, which is not too bad as the utxos have already been fetched, making validation easier.
Updated on: 2023-06-11T19:55:44.490598+00:00