Author: ZmnSCPxj 2019-08-08 03:03:04
Published on: 2019-08-08T03:03:04+00:00
In this email thread, Sergio Demian Lerner mentioned a proposed "Tick Method" from 2013 and questioned its flaw. ZmnSCPxj responded that the use of `SIGHASH_NONE` for both inputs of the TxOut transactions and txid malleability might be the flaw. To fix these issues, he suggested not using `SIGHASH_NONE` for one of the inputs and requiring a hot privkey to sign with that. The second issue can be fixed by using SegWit outputs.In another part of the email thread, Bryan Bishop discussed the biggest problem with the vault scheme, which is an attacker silently stealing the hot wallet private key and waiting for the vault's owner to initiate a withdrawal from the vault. To mitigate this, it is important to choose a stipend or withdrawal amount per withdrawal period like x% of the funds. This limits the total stolen funds to x%. He also discussed the smallest least invasive soft-fork that would enable a timelock and mentioned several covenant proposals. Additionally, he provided links to related works on the subject.
Updated on: 2023-06-13T20:52:42.495522+00:00