Content-Type: text/plain;
	charset=us-ascii
Mime-Version: 1.0 (1.0)
From: Matt Corallo <lf-lists@mattcorallo.com>
In-Reply-To: <D2014BB7-1EFC-4604-ACF6-3C5AC74B6FC0@sprovoost.nl>
Date: Fri, 8 Mar 2019 15:14:02 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <D631175F-0704-4820-BE3C-110E63F9E3FF@mattcorallo.com>
References: <bf96c2fb-2e2e-a47f-e59f-87e56d83eca3@mattcorallo.com>
	<CAMZUoK=1kgZLR1YZ+cJgzwmEOwrABYFs=2Ri=xGX=BCr+w=VQw@mail.gmail.com>
	<6bb308f5-f478-d5ec-064f-e4972709f29c@mattcorallo.com>
	<D2014BB7-1EFC-4604-ACF6-3C5AC74B6FC0@sprovoost.nl>
To: Sjors Provoost <sjors@sprovoost.nl>
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] OP_CODESEPARATOR Re: BIP Proposal: The Great
	Consensus Cleanup
Precedence: list

Aside from the complexity issues here, note that for a user to be adversely a=
ffect, they probably have to have pre-signed lock-timed transactions. Otherw=
ise, in the crazy case that such a user exists, they should have no problem c=
laiming the funds before activation of a soft-fork (and just switching to th=
e swgwit equivalent, or some other equivalent scheme). Thus, adding addition=
al restrictions like tx size limits will equally break txn.

> On Mar 8, 2019, at 14:12, Sjors Provoost <sjors@sprovoost.nl> wrote:
>=20
>=20
>> (1) It has been well documented again and again that there is desire to r=
emove OP_CODESEPARATOR, (2) it is well-documented OP_CODESEPARATOR in non-se=
gwit scripts represents a rather significant vulnerability in Bitcoin today,=
 and (3) lots of effort has gone into attempting to find practical use-cases=
 for OP_CODESEPARATOR's specific construction, with no successes as of yet. I=
 strongly, strongly disagree that the highly-unlikely remote possibility tha=
t someone created something before which could be rendered unspendable is su=
fficient reason to not fix a vulnerability in Bitcoin today.
>>=20
>>> I suggest an alternative whereby the execution of OP_CODESEPARATOR incre=
ases the transactions weight suitably as to temper the vulnerability caused b=
y it.  Alternatively there could be some sort of limit (maybe 1) on the maxi=
mum number of OP_CODESEPARATORs allowed to be executed per script, but that w=
ould require an argument as to why exceeding that limit isn't reasonable.
>>=20
>> You could equally argue, however, that any such limit could render some m=
oderately-large transaction unspendable, so I'm somewhat skeptical of this a=
rgument. Note that OP_CODESEPARATOR is non-standard, so getting them mined i=
s rather difficult in any case.
>=20
> Although I'm not a fan of extra complicity, just to explore these two idea=
s a bit further.
>=20
> What if such a transaction:
>=20
> 1. must have one input; and
> 2. must be smaller than 400 vbytes; and
> 3. must spend from a UTXO older than fork activation
>=20
> Adding such a contextual check seems rather painful, perhaps comparable to=
 nLockTime. Anything more specific than the above, e.g. counting the number o=
f OP_CODESEPARATOR calls, seems like guess work.
>=20
> Transaction weight currently doesn't consider OP codes, it only considers i=
f bytes are part of the witness. Changing that to something more akin to Eth=
ereums gas pricing sounds too complicated to even consider.
>=20
>=20
> I would also like to believe that whoever went through the trouble of usin=
g OP_CODESEPARATOR reads this list.
>=20
> Sjors
>=20