Author: Lloyd Fournier 2023-02-07 04:38:30
Published on: 2023-02-07T04:38:30+00:00
The email conversation between Yuval and LL discusses a potential attack scenario in multiparty transactions, exploiting the variable size of Taproot spends. The last input signed can use a larger signature to unfairly extract fee contributions from other parties, without affecting absolute fees but reducing the feerate for the transaction. In this scenario, Mallory registers a P2TR output with a large script spend path, such as an ordinal inscription commitment transaction output, and commits to a fee obligation calculated on the basis of a key spend. When all other participants have provided signatures, the script spend path can be used. This attack effectively steals a fee from other participants since their signatures do not directly or indirectly commit to a feerate. There are several mitigations proposed to prevent this attack, including negotiating a lower feerate ahead of time, enforcing minimal weight before signing, using a trusted coordinator, providing publicly verifiable protocol transcripts, increasing costliness, and requiring signature ordering. However, each mitigation has its limitations and trade-offs. For instance, RBF can be prevented by pinning attacks, while minimum confirmation age may not work in the context of lightning channels. Hence, the authors suggest implementing multiple mitigations simultaneously.
Updated on: 2023-06-16T15:26:46.316431+00:00