Author: alicexbt 2023-06-12 19:28:47
Published on: 2023-06-12T19:28:47+00:00
The email thread is discussing a proof of concept for using nostr npub and relays for payjoin. SIGHASH_NONE is used when there is no change in the transaction and sender wants to spend whole UTXO for the payment, but this method enables the receiver to do whatever they want with the funds. It is also possible for anyone who sees the final broadcasted transaction to extract the sender's input and use it for any purpose they wish. The use of specific SIGHASH flags can be ignored and developers can use other flags or default. There are no incentives for sender or recipient to use RBF and double spend in a payjoin transaction. Based on the understanding of SIGHASH flags and a blog post by Raghav Sood, use of SIGHASH_ALL by the recipient will secure all outputs. However, it is still vulnerable in a tweet thread as mentioned by Symphonicbtc. The email suggests disabling the ability to use mainnet coins directly in the code as it is highly irresponsible to post in this state. Moreover, the email warns that this is not a proper implementation of a payjoin, even in a theoretical scenario, as it is trivial to discern which inputs belong to the sender and receiver respectively in the final transaction.
Updated on: 2023-06-16T18:50:23.792157+00:00