Author: Peter Todd 2014-11-06 11:04:03
Published on: 2014-11-06T11:04:03+00:00
The emails between Pieter Wuille and Peter Todd discuss the vulnerability of pubkey formats that are not recognized by the STRICTENC flag. Although this does not affect IsStandard() transactions, it can allow garbage transactions to fill up the mempool. Wuille suggests adding a second validity check with the actual consensus rules. Todd proposes two solutions: either make STRICTENC fail unrecognized pubkeys immediately or fail the script if the pubkey is non-standard and signature verification succeeds. They decide to implement the latter as a "least invasive" measure, as hybrid encoding for pubkeys still needs to be supported for a while. They plan to get rid of hybrid-encoded pubkeys in a further tightening of the rules.
Updated on: 2023-06-09T03:50:45.761982+00:00