1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
|
Return-Path: <jlrubin@mit.edu>
Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133])
by lists.linuxfoundation.org (Postfix) with ESMTP id B622EC000E
for <bitcoin-dev@lists.linuxfoundation.org>;
Sun, 5 Sep 2021 03:20:15 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp2.osuosl.org (Postfix) with ESMTP id 97C1D400D7
for <bitcoin-dev@lists.linuxfoundation.org>;
Sun, 5 Sep 2021 03:20:15 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3,
SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from smtp2.osuosl.org ([127.0.0.1])
by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id M4SZxz-XtacU
for <bitcoin-dev@lists.linuxfoundation.org>;
Sun, 5 Sep 2021 03:20:14 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11])
by smtp2.osuosl.org (Postfix) with ESMTPS id 167424002B
for <bitcoin-dev@lists.linuxfoundation.org>;
Sun, 5 Sep 2021 03:20:13 +0000 (UTC)
Received: from mail-lj1-f174.google.com (mail-lj1-f174.google.com
[209.85.208.174]) (authenticated bits=0)
(User authenticated as jlrubin@ATHENA.MIT.EDU)
by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 1853K99f010933
(version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT)
for <bitcoin-dev@lists.linuxfoundation.org>; Sat, 4 Sep 2021 23:20:10 -0400
Received: by mail-lj1-f174.google.com with SMTP id d16so5244458ljq.4
for <bitcoin-dev@lists.linuxfoundation.org>;
Sat, 04 Sep 2021 20:20:10 -0700 (PDT)
X-Gm-Message-State: AOAM532A2zlULKb0+Sm7hlc+Ai85J48y+BoawCpFDEFeyCfvGIxnTKOX
CgMkjBSyXQ7BvS15YE48ZKMRLYq1mmNoSx8DZ4w=
X-Google-Smtp-Source: ABdhPJxnkI9xSMinNz9VsZ0D9w/eyES3/9tjVppA9XOh8csW0Zmt1M35lJBZUQumvJ7UkWVwm/csar/ZYbqwQAI16Hc=
X-Received: by 2002:a2e:88d0:: with SMTP id a16mr5108604ljk.81.1630812008572;
Sat, 04 Sep 2021 20:20:08 -0700 (PDT)
MIME-Version: 1.0
References: <CAD5xwhiKU1fuhqmKsx28f1nuw9CmvbyrS=BtM4X-L+WPgWY3Wg@mail.gmail.com>
In-Reply-To: <CAD5xwhiKU1fuhqmKsx28f1nuw9CmvbyrS=BtM4X-L+WPgWY3Wg@mail.gmail.com>
From: Jeremy <jlrubin@mit.edu>
Date: Sat, 4 Sep 2021 20:19:57 -0700
X-Gmail-Original-Message-ID: <CAD5xwhjrcTMSkikYFaNmMJeAhmR2cwTEbt7G80-G9Xj3vNnbrA@mail.gmail.com>
Message-ID: <CAD5xwhjrcTMSkikYFaNmMJeAhmR2cwTEbt7G80-G9Xj3vNnbrA@mail.gmail.com>
To: Jeremy <jlrubin@mit.edu>
Content-Type: multipart/alternative; boundary="000000000000776cc505cb37021b"
Cc: Bitcoin development mailing list <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Note on Sequence Lock Upgrades Defect
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Sep 2021 03:20:15 -0000
--000000000000776cc505cb37021b
Content-Type: text/plain; charset="UTF-8"
In working on resolving this issue, one issue that has come up is what
sequence values get used by wallet implementations?
E.g., in Bitcoin Core a script test says
BIP125_SEQUENCE_NUMBER = 0xfffffffd # Sequence number that is rbf-opt-in
(BIP 125) and csv-opt-out (BIP 68)
Are any other numbers currently expected by any wallet software to be
broadcastable with the DISABLE flag set? Does anyone use *this* number? Is
there any advantage of this number v.s. just 0? Do people commonly use
0xfffffffd? 0xfffffffe is special, but it seems the former has the
alternative of either 0 valued sequence lock (1<<22 or 0).
Are there any other sequence numbers that are not defined in a BIP that
might be used somewhere?
Cheers,
Jeremy
--
@JeremyRubin <https://twitter.com/JeremyRubin>
<https://twitter.com/JeremyRubin>
On Fri, Sep 3, 2021 at 8:32 PM Jeremy <jlrubin@mit.edu> wrote:
> Hi Bitcoin Devs,
>
> I recently noticed a flaw in the Sequence lock implementation with respect
> to upgradability. It might be the case that this is protected against by
> some transaction level policy (didn't see any in policy.cpp, but if not,
> I've put up a blogpost explaining the defect and patching it
> https://rubin.io/bitcoin/2021/09/03/upgradable-nops-flaw/
>
> I've proposed patching it here
> https://github.com/bitcoin/bitcoin/pull/22871, it is proper to widely
> survey the community before patching to ensure no one is depending on the
> current semantics in any live application lest this tightening of
> standardness rules engender a confiscatory effect.
>
> Best,
>
> Jeremy
>
> --
> @JeremyRubin <https://twitter.com/JeremyRubin>
> <https://twitter.com/JeremyRubin>
>
--000000000000776cc505cb37021b
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div class=3D"gmail_default" style=3D"font-family:arial,he=
lvetica,sans-serif;font-size:small;color:#000000">In working on resolving t=
his issue, one issue that has come up is what sequence values get used by w=
allet implementations?</div><div class=3D"gmail_default" style=3D"font-fami=
ly:arial,helvetica,sans-serif;font-size:small;color:#000000"><br></div><div=
class=3D"gmail_default" style=3D"font-family:arial,helvetica,sans-serif;fo=
nt-size:small;color:#000000">E.g., in Bitcoin Core a script test says</div>=
<div class=3D"gmail_default" style=3D"font-family:arial,helvetica,sans-seri=
f;font-size:small;color:#000000"><br></div><div class=3D"gmail_default" sty=
le=3D"font-family:arial,helvetica,sans-serif;font-size:small;color:#000000"=
>BIP125_SEQUENCE_NUMBER =3D 0xfffffffd =C2=A0# Sequence number that is rbf-=
opt-in (BIP 125) and csv-opt-out (BIP 68)<br></div><div class=3D"gmail_defa=
ult" style=3D"font-family:arial,helvetica,sans-serif;font-size:small;color:=
#000000"><br></div><div class=3D"gmail_default" style=3D"font-family:arial,=
helvetica,sans-serif;font-size:small;color:#000000">Are any other numbers c=
urrently expected by any wallet software to be broadcastable with the DISAB=
LE flag set? Does anyone use *this* number? Is there any advantage of this =
number v.s. just 0? Do=C2=A0people commonly use 0xfffffffd? 0xfffffffe is s=
pecial, but it seems the former has the alternative of either 0 valued sequ=
ence lock (1<<22 or 0).</div><div class=3D"gmail_default" style=3D"fo=
nt-family:arial,helvetica,sans-serif;font-size:small;color:#000000"><br></d=
iv><div class=3D"gmail_default" style=3D"font-family:arial,helvetica,sans-s=
erif;font-size:small;color:#000000">Are there any other sequence numbers th=
at are not defined in a BIP that might be used somewhere?</div><div class=
=3D"gmail_default" style=3D"font-family:arial,helvetica,sans-serif;font-siz=
e:small;color:#000000"><br></div><div class=3D"gmail_default" style=3D"font=
-family:arial,helvetica,sans-serif;font-size:small;color:#000000">Cheers,</=
div><div class=3D"gmail_default" style=3D"font-family:arial,helvetica,sans-=
serif;font-size:small;color:#000000"><br></div><div class=3D"gmail_default"=
style=3D"font-family:arial,helvetica,sans-serif;font-size:small;color:#000=
000">Jeremy</div><div><div dir=3D"ltr" data-smartmail=3D"gmail_signature"><=
div dir=3D"ltr">--<br><a href=3D"https://twitter.com/JeremyRubin" target=3D=
"_blank">@JeremyRubin</a><a href=3D"https://twitter.com/JeremyRubin" target=
=3D"_blank"></a></div></div></div><br></div><br><div class=3D"gmail_quote">=
<div dir=3D"ltr" class=3D"gmail_attr">On Fri, Sep 3, 2021 at 8:32 PM Jeremy=
<<a href=3D"mailto:jlrubin@mit.edu" target=3D"_blank">jlrubin@mit.edu</=
a>> wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0p=
x 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-c=
olor:rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr"><div class=3D"gmai=
l_default" style=3D"font-family:arial,helvetica,sans-serif;font-size:small;=
color:rgb(0,0,0)">Hi Bitcoin Devs,</div><div class=3D"gmail_default" style=
=3D"font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(0,0,0)=
"><br></div><div class=3D"gmail_default" style=3D"font-family:arial,helveti=
ca,sans-serif;font-size:small;color:rgb(0,0,0)">I recently noticed a flaw i=
n the Sequence lock implementation with respect to upgradability. It might =
be the case that this is protected against by some transaction level policy=
(didn't see any in policy.cpp, but if not, I've put up a blogpost=
=C2=A0explaining the defect and patching it=C2=A0<a href=3D"https://rubin.i=
o/bitcoin/2021/09/03/upgradable-nops-flaw/" target=3D"_blank">https://rubin=
.io/bitcoin/2021/09/03/upgradable-nops-flaw/</a></div><div class=3D"gmail_d=
efault" style=3D"font-family:arial,helvetica,sans-serif;font-size:small;col=
or:rgb(0,0,0)"><br></div><div class=3D"gmail_default" style=3D"font-family:=
arial,helvetica,sans-serif;font-size:small;color:rgb(0,0,0)">I've propo=
sed patching it here=C2=A0<a href=3D"https://github.com/bitcoin/bitcoin/pul=
l/22871" target=3D"_blank">https://github.com/bitcoin/bitcoin/pull/22871</a=
>, it is proper to widely survey the community before patching to ensure no=
one is depending on the current semantics in any live application lest thi=
s tightening of standardness rules engender a confiscatory effect.</div><di=
v class=3D"gmail_default" style=3D"font-family:arial,helvetica,sans-serif;f=
ont-size:small;color:rgb(0,0,0)"><br></div><div class=3D"gmail_default" sty=
le=3D"font-family:arial,helvetica,sans-serif;font-size:small;color:rgb(0,0,=
0)">Best,</div><div class=3D"gmail_default" style=3D"font-family:arial,helv=
etica,sans-serif;font-size:small;color:rgb(0,0,0)"><br></div><div class=3D"=
gmail_default" style=3D"font-family:arial,helvetica,sans-serif;font-size:sm=
all;color:rgb(0,0,0)">Jeremy</div><br clear=3D"all"><div><div dir=3D"ltr"><=
div dir=3D"ltr">--<br><a href=3D"https://twitter.com/JeremyRubin" target=3D=
"_blank">@JeremyRubin</a><a href=3D"https://twitter.com/JeremyRubin" target=
=3D"_blank"></a></div></div></div></div>
</blockquote></div>
--000000000000776cc505cb37021b--
|
