Author: Christian Decker 2018-07-03 12:05:09
Published on: 2018-07-03T12:05:09+00:00
Bitcoin Core developer Gregory Maxwell has suggested that the formal name of the flag for noinput, a feature designed to simplify Bitcoin transactions, should include a reference to its vulnerability. Specifically, he suggests "SIGHASH_REPLAY_VULNERABLE" or "SIGHASH_WEAK_REPLAYABLE." Maxwell is concerned that some wallets may start using the feature without realising it is insecure for traditional applications where a third party might pay to an address a second time. While the feature is useful in protocols that make mistakes unlikely, it carries a risk as third-party address reusers have no way of knowing that a particular scriptpubkey has been used with a specific sighash flag. Another Bitcoin Core developer, Johnson Lau, agrees that the potential risks of using non-sighash_all sighashes are significant and could be better communicated to developers.
Updated on: 2023-05-25T00:26:52.638937+00:00