altafan
commented
9 months ago What if instead we make the asp signing with sighash_all all the inputs so that the tx can't be modified at all?
Open louisinger opened 9 months ago
altafan
commented
9 months ago What if instead we make the asp signing with sighash_all all the inputs so that the tx can't be modified at all?
louisinger
commented
9 months ago What if instead we make the asp signing with sighash_all all the inputs so that the tx can't be modified at all?
it works too. Note that script-only solution has the advantage to keep the tree builder "deterministic" = anybody can rebuild the whole tree with only the leaves + less computing work (no signatures at all).
tiero
commented
9 months ago the number of inputs & outputs
you can use OP_INSPECTNUMINPUTS and OP_INSPECTNUMOUTPUTS
tiero
commented
9 months ago how fees are paid? What if you need an external "fee supplier" service to pay the fees for you, if you cant allow any more input and output(s)? CPFP?
louisinger
commented
9 months ago how fees are paid? What if you need an external "fee supplier" service to pay the fees for you, if you cant allow any more input and output(s)? CPFP?
Yes, CPFP is the only way to bump the fees without modifying the initial transaction as far as I know (+ anchor outputs letting us bump the fees without touching the VTXO output)
Note that Liquid accepts and confirms min-relay-fee tx so the PoC client should not need to add an additional CPFP tx.
The congestion tree has a closure letting to "unroll" the tree. This unrolling closure checks the output amounts and output scripts. However it does not control the number of inputs/outputs. A malicious user could use that to change the txid of the next transaction and thus broadcast a fake format of the tree changing all the children txid (including VTXOs outpoints).
solution: add some introspection opcodes preventing anybody to modify the number of inputs & outputs of transactions.