Author: Christian Decker 2018-07-03 12:05:09
Published on: 2018-07-03T12:05:09+00:00
Gregory Maxwell, a Bitcoin developer, has expressed concerns about the use of the noinput flag and has proposed that it should be named "SIGHASH_REPLAY_VULNERABLE" or "SIGHASH_WEAK_REPLAYABLE". He believes that wallets may use this flag without realizing that funds could be lost if a third party reuses a script pubkey. While the use of noinput is secure for special protocols where mistakes are unlikely, it is materially insecure for traditional applications. Maxwell supports using the _unsafe suffix suggested by jb55 to signal the danger of using noinput. He also suggests marking all non-sighash_all sighashes as unsafe or communicating the danger on a higher level through documentation.
Updated on: 2023-06-13T01:51:43.895200+00:00