Ademan
commented
6 months ago https://github.com/Ademan/bdk-reserves/blob/wip-bip-0127/src/reserves.rs#L268 this is where my head is at currently. I think it might be better than verifying the sighash type because it's instantly more flexible¹
bip-0127 says "** MUST have signatures that commit to the commitment input (e.g. using SIGHASH_ALL)." I interpret this to mean the real requirement, is that the commitment input is committed to by every other input, validating sighash type is only one method (and only part of that method, too).
¹ on the other hand, a future softfork might render certain proofs invalid that are currently recognized as valid by libbitcoinconsensus, so even though it's fairly attractive to handle every type of transaction, maybe restricting to a set of known cases is safer²
² on the other, other hand, a future softfork could affect even known standard transactions like with BIP-0066, and maybe the onus is properly on verifiers to keep their verification code up-to-date?
At the moment we only verify the sighash type from the PSBT part. We should verify it from the signed transaction part. Especially for multisig wallets, it prooved to be more difficult to do so than expected.