Published on: 2020-05-27T15:15:47+00:00
In a recent discussion on the bitcoin-dev mailing list, Thomas Voegtlin raised a question regarding the minimum transaction size of 82 bytes. He was specifically concerned about constructing a 60-byte transaction that was being rejected due to this requirement. ZmnSCPxj, another member of the mailing list, responded by explaining that the high minimum size is in place to protect against an attack known as CVE-2017-12842. This attack involves using a 32-bit hash collision to create a 'bad' block. ZmnSCPxj further elaborated that even with SHA256 padding, which includes a length value of the original message data, accepting 60-byte transactions could still leave them vulnerable to attacks. The discussion concluded that it may be safe to accept 65-byte or larger transactions, but this would not solve Thomas's specific issue. Additionally, it was noted that SHA256 also includes padding that ensures messages of different lengths have different padding.Another aspect of the discussion focused on the reasoning behind the current minimum transaction size and the potential vulnerabilities associated with smaller transactions. Greg Sanders joined the discussion and mentioned that the number was chosen to protect against the CVE-2017-12842 attack covertly. He shared a link to the pull request that updated the text explicitly mentioning this fact. The consensus among the participants of the discussion was that lowering the minimum transaction size to 60 bytes could pose security threats and risks. Therefore, it was deemed more feasible to maintain the current value of 82 bytes.The issue brought up by Thomas Voegtlin pertained to his attempt to CPFP (Child Pays For Parent) a transaction using OP_RETURN. Due to the remaining output value being lower than the dust threshold, the scriptPubkey of the output became OP_RETURN + OP_0 with a single p2wsh input. As a result, the transaction size without witness was 60 bytes, which fell below the MIN_STANDARD_TX_NONWITNESS_SIZE requirement of 82 bytes. Thomas questioned why this value was set so high and suggested lowering it to 60 bytes. Greg Sanders explained that the higher value was chosen to protect against CVE-2017-12842 covertly. He shared a link to the pull request on GitHub that explicitly mentioned this fact.Thomas Voegtlin's inquiry highlights the need for understanding the various requirements and protections within the Bitcoin network. The response from the mailing list members provides valuable insight into the reasoning behind certain standards, such as MIN_STANDARD_TX_NONWITNESS_SIZE. It is crucial for developers and users to stay informed and up-to-date on these standards to ensure the safety and efficiency of transactions in the network.
Updated on: 2023-08-02T02:16:26.957790+00:00