-
Notifications
You must be signed in to change notification settings - Fork 36.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Relax IsStandard rules for pay-to-script-hash transactions #4365
Conversation
ACK |
{ | ||
int tmpExpected; | ||
if (whichType2 == TX_SCRIPTHASH) // HASH160 <hash> OP_EQUAL | ||
tmpExpected = 1; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this special-case just to make things explicit? I checked and ScriptSigArgsExpected returns 1 for TX_SCRIPTHASH.
I worry that this will have the same effect as the fee drop - users and merchants will upgrade, miners won't, and the resulting lack of mempool consensus makes double spending easier. When we did the fee drop we didn't worry about this much because we'd done it before and it worked out OK, but this time seems to be different and miners aren't bothering to upgrade, perhaps because 0.9 had nothing for them. I don't want to make things unnecessarily complicated, but I wonder if the change should be marked in the coinbase. Then IsStandard changes once a sufficient percentage of hashing power has upgraded. Alternatively maybe if @dgenr8 gets his double spend relaying code in, that might also help. |
@mikehearn Are we going to hold up every feature just because it might impact zeroconf transactions? Eligius already has implemented this patch with ~10% of hashing power; if you're worried about double-spends that opportunity already exists. |
oneAndTwo << OP_2 << key[3].GetPubKey() << key[4].GetPubKey() << key[5].GetPubKey(); | ||
oneAndTwo << OP_3 << OP_CHECKMULTISIG; | ||
oneAndTwo << OP_AND; | ||
keystore.AddCScript(oneAndTwo); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pedantic: This example isn't actually spendable. Right now the first CHECKMULTISIG will leave a '1' on the stack making the second CHECKMULTISIG always fail. Change it to a CHECKMULTISIGVERIFY instead and remove the AND.
ACK modulo CHECKMULTISIG nit. I had been working on my own version of this patch and came up with a pretty similar design. Tested this with real-world non-std P2SH transactions on mainnet, no issues found. I also can't see any way that this could be a DoS issue - the 'limit sigops' approach taken is exactly how my version worked as well. |
Relax the AreInputsStandard() tests for P2SH transactions -- allow any Script in a P2SH transaction to be relayed/mined, as long as it has 15 or fewer signature operations. Rationale: https://gist.github.com/gavinandresen/88be40c141bc67acb247 I don't have an easy way to test this, but the code changes are straightforward and I've updated the AreInputsStandard unit tests.
Nits picked (removed unneeded test @laanwj found, fixed the sigop-counting unit test so it uses a 'realistic' Script) and rebased for the CMutableTransaction change. |
Automatic sanity-testing: PASSED, see http://jenkins.bluematt.me/pull-tester/p4365_7f3b4e95695d50a4970e6eb91faa956ab276f161/ for binaries and test log. |
ACK |
FYI, as @petertodd suggested, I added an index of the "inner" P2SH script types to bitcoin-ruby/webbtc, so you can see unusual p2sh scripts that are already spent: |
Relax IsStandard rules for pay-to-script-hash transactions
Since bitcoin#4365 (6259937) P2SH scripts do not have to be IsStandard scripts.
Since bitcoin#4365 (6259937) P2SH scripts do not have to be IsStandard scripts. Github-Pull: bitcoin#7266 Rebased-From: 6cd198f
Since bitcoin#4365 (6259937) P2SH scripts do not have to be IsStandard scripts.
Relax the AreInputsStandard() tests for P2SH transactions --
allow any Script in a P2SH transaction to be relayed/mined,
as long as it has 15 or fewer signature operations.
Rationale: https://gist.github.com/gavinandresen/88be40c141bc67acb247
I don't have an easy way to test this, but the code changes are
straightforward and I've updated the AreInputsStandard unit tests.