maaku
commented
4 years ago So it turns out that we can't use the nSequence field, at least not until version 2 of the protocol cleanup hard-fork activates (released with v12.1.3.3-10198, yesterday). This is because the coinbase-mtp soft-fork forces the lock_height of the coinbase transaction to be the medium-time-past, which is guaranteed to be less than the block's timestamp, which means the coinbase transaction is subject to finality rules, which means its nSequence MUST be set to 0xffffffff. Oops.
With release v12.1.3.3-10198 the protocol cleanup rule changes now include that the coinbase is not subject to finality rules after activation, which has also been extended to be no earlier than June of 2022. Until then, the nSequence field of all coinbases must be set to -1. In the interim, another field must be used for the Stratum extranonce2 field, and excluded from the witness commitment. The most obvious candidate is the coinbase input's scriptSig, AKA the coinbase string. I have updated this PR to exclude both fields, nSequence and scriptSig, from the witness commitment.
The Stratum mining protocol requires some number of bytes of the coinbase, typically 4 bytes, to be under the miner's control. And existing mining software is unaware of block-final transactions or our witness commitment mechanism. To maintain compatibility with this critical, already deployed infrastructure, the nSequence field of the coinbase transaction is zero'd when calculating the witness commitment hash. This allows these 4 bytes to be set by the miner without altering the witness hash, which would require re-calculating the transaction Merkle tree.