Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 4A9B8EA2 for ; Sun, 20 Dec 2015 19:16:32 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from s47.web-hosting.com (s47.web-hosting.com [199.188.200.16]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id BAC14F3 for ; Sun, 20 Dec 2015 19:16:31 +0000 (UTC) Received: from localhost ([::1]:44028 helo=server47.web-hosting.com) by server47.web-hosting.com with esmtpa (Exim 4.85) (envelope-from ) id 1aAjT3-0028qL-TU; Sun, 20 Dec 2015 14:16:29 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Date: Sun, 20 Dec 2015 14:16:29 -0500 From: jl2012 To: Rusty Russell In-Reply-To: <878u4poixq.fsf@rustcorp.com.au> References: <878u4poixq.fsf@rustcorp.com.au> Message-ID: X-Sender: jl2012@xbt.hk User-Agent: Roundcube Webmail/1.0.5 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - server47.web-hosting.com X-AntiAbuse: Original Domain - lists.linuxfoundation.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - xbt.hk X-Get-Message-Sender-Via: server47.web-hosting.com: authenticated_id: jl2012@xbt.hk X-Source: X-Source-Args: X-Source-Dir: X-From-Rewrite: unmodified, already matched X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: Bitcoin Dev Subject: Re: [bitcoin-dev] On the security of softforks X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Development Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Dec 2015 19:16:32 -0000 Rusty Russell via bitcoin-dev 於 2015-12-19 23:14 寫到: > Jonathan Toomim via bitcoin-dev > writes: >> On Dec 18, 2015, at 10:30 AM, Pieter Wuille via bitcoin-dev >> wrote: >> >>> 1) The risk of an old full node wallet accepting a transaction that >>> is >>> invalid to the new rules. >>> >>> The receiver wallet chooses what address/script to accept coins on. >>> They'll upgrade to the new softfork rules before creating an address >>> that depends on the softfork's features. >>> >>> So, not a problem. >> >> >> Mallory wants to defraud Bob with a 1 BTC payment for some beer. Bob >> runs the old rules. Bob creates a p2pkh address for Mallory to >> use. Mallory takes 1 BTC, and creates an invalid SegWit transaction >> that Bob cannot properly validate and that pays into one of Mallory's >> wallets. Mallory then immediately spends the unconfirmed transaction >> into Bob's address. Bob sees what appears to be a valid transaction >> chain which is not actually valid. > > Pretty sure Bob's wallet will be looking for "OP_DUP OP_HASH160 > OP_EQUALVERIFY OP_CHECKSIG" scriptSig. The SegWit-usable > outputs will (have to) look different, won't they? > > Cheers, > Rusty. I think he means Mallory is paying with an invalid Segwit input, not output (there is no "invalid output" anyway). However, this is not a issue if Bob waits for a few confirmations.