Author: Russell O'Connor 2023-02-07 18:35:12
Published on: 2023-02-07T18:35:12+00:00
Taproot has a bug that allows the same Tapleaf to be repeated multiple times in the same Taproot, potentially at different Taplevels incurring different Tapfee rates. The countermeasure is to always know the entire Taptree when interacting with someone's Tapspend. Andrew Poelstra via bitcoin-dev clarified that in Taproot, the tapleaf hash is always covered by the signature, so signatures cannot migrate between tapbranches. The CODESEPARATOR opcode can be used in Taproot to prevent signatures from migrating to another branch or within a branch. BIP 341 specifies much of the sighash, but not all of it. The tapleaf hash is added in BIP 342.
Updated on: 2023-06-16T15:27:05.778663+00:00