Author: Sjors Provoost 2019-03-08 19:12:29
Published on: 2019-03-08T19:12:29+00:00
The use of OP_CODESEPARATOR in non-segwit scripts has been identified as a significant vulnerability in Bitcoin. Despite efforts to find practical use-cases for its specific construction, none have been found. There is a suggestion to increase the weight of transactions executing OP_CODESEPARATOR as a way to temper the vulnerability. Another suggestion is to limit the maximum number of OP_CODESEPARATORs allowed per script, but this may render some moderately-large transactions unspendable. It is suggested that any such limit could be comparable to nLockTime. Additionally, transaction weight currently does not consider OP codes, so changing it would be complicated. A contextual check is proposed for such transactions, including having only one input, being smaller than 400 vbytes, and spending from a UTXO older than fork activation. However, anything more specific would be guesswork. The author hopes that whoever uses OP_CODESEPARATOR reads this list.
Updated on: 2023-06-13T17:32:16.332534+00:00