dgpv
commented
9 months ago @tiero
Closed dgpv closed 9 months ago
dgpv
commented
9 months ago @tiero
tiero
commented
9 months ago Thank you so much for the PR! Going to review and merge soon!
dgpv
commented
9 months ago (the force-push above is because I noticed and fixed a mistype in the commit message)
While testing B'SST with scripts in
beta/, I found two bugs in mint covenant.First bug is a serious one - it allows a functionary (an entity who can commit non-standard transaction into blockchain) to mint synth to an anyone-can-spend address. It is fixed in commit https://github.com/fuji-money/tapscripts/commit/3b3a40c09122c2e00c42a857b7220644215a28f6 (more detailed explanation is in the commit message)
Second bug is less severe - it is just a witness malleability. It could allow anyone to increase the weight of the mint transaction by increasing the size of the
oracleXPubIndexwitness, thus potentially delaying the confirmation of the transaction (without any cognestion in the blockchain, that will not affect anyone though). It is fixed in commit https://github.com/fuji-money/tapscripts/commit/09548cc87e14e828275aa5d99e7b9c755b0c61be (more detailed explanation is in the commit message)Also
mint-mint.tapscripthas annotations for B'SST added, which would increase readability of B'SST reports for this script.examples/mint.pyis updated to include fixes for two bugs mentioned above, and also to update it for the last versions of python-bitcointx and python-elementstx libraries