Author: Anthony Towns 2023-02-11 05:14:55
Published on: 2023-02-11T05:14:55+00:00
On 9 February 2023, Russell O'Connor via bitcoin-dev reported a bug in Taproot that allows the same Tapleaf to be repeated multiple times in the same Taproot, potentially at different Taplevels incurring different Tapfee rates. The countermeasure is that you should always know the entire Taptree when interacting with someone's Tapspend. Michael Folkson responded, saying that he wouldn't call it a "bug" unless there is a remedy for the bug that wasn't included in the Taproot design. He pointed out that there seems to be a push to find "bugs" and "accidental blowups" in the Taproot design currently. Andrew Poelstra confirmed that the tapleaf hash is always covered by the signature (though not in some ANYONECANPAY proposals) so you can never migrate signatures between tapbranches. Poelstra also provided information about preventing signatures from moving within a branch using the CODESEPARATOR opcode, which was redesigned in Taproot for exactly this purpose. He noted that the tapleaf hash is added in BIP 342. O'Connor suggested fixing the bug by signing the entire tapbranch instead of the tapleaf. The discussion ends with aj asking if this is something that should be fixed in BIP118 signatures.
Updated on: 2023-05-22T23:34:19.915266+00:00