Comments (4)
sanket1729
commented on July 18, 2024
2
@louisinger You can use these indirectly by using from_str_insane APIs for getting the Miniscript structure. And then using the descriptor APIs to construct a new descriptor. Refer to example below for details.
from elements-miniscript.
apoelstra
commented on July 18, 2024
1
It seems that we could avoid (or reduce?) malleability with more introspections or a signature is the only way ?
No, you're right. If you constrain all the outputs of the transaction (and I guess, the sequence/locktime/version) then that should prevent all malleability. Except perhaps "somebody adds another input, sending its entire amount to fees".
I wouldn't mind extending our type-checking logic to understand that "fully constrained transactions should count as having a signature". Though it feels a bit ad-hoc. In general we aren't sure how we should be reasoning about covenant-laden Miniscripts.
from elements-miniscript.
apoelstra
commented on July 18, 2024
Yes, though I believe you can override this using the parse_with_ext API. (I don't see a way to parse descriptors with extensions, only Miniscripts, which I guess is a gap in our API.)
It would be nice if we could allow introspection-only paths like this but in general they continue to be malleability vectors. Like, in your example if somebody was spending those coins in a transaction with no other inputs, then anybody could modify the locktime, add more inputs, etc. This is not great for the network since it can lead to inconsistent mempools and wasted bandwidth, and might also cause trouble for your wallet/protocol.
from elements-miniscript.
louisinger
commented on July 18, 2024
It would be nice if we could allow introspection-only paths like this but in general they continue to be malleability vectors. Like, in your example if somebody was spending those coins in a transaction with no other inputs, then anybody could modify the locktime, add more inputs, etc. This is not great for the network since it can lead to inconsistent mempools and wasted bandwidth, and might also cause trouble for your wallet/protocol.
Make sense but, in my example, we could add more introspection statements verifying all other parts of the transaction (number of inputs and outputs, locktimes etc..). It seems that we could avoid (or reduce?) malleability with more introspections or a signature is the only way ?
from elements-miniscript.
Related Issues (20)
- First release HOT 3
- Miniscript fragment to check conditions on signed message HOT 9
- Where's the documentation?
- Introspection HOT 8
- Miniscript MinimalIF bug? HOT 2
- Possible to hit assertion failure in malleability check HOT 2
- to_string_no_chksum is broken
- wasm-pack: crate-type must be cdylib to compile to wasm HOT 2
- `elements_miniscript::confidential::slip77` duplicates code from `elements::slip77` HOT 3
- Cannot use single "view" blinding key with a descriptor with xpubs HOT 1
- Think about to interpreter API design for checksigfromstack
- `DescriptorType` has wrong `Display` impl for variant `Cov` HOT 1
- `DescriptorType` has wrong `Display` impl for variant `Cov`
- The crate produce very big binary size HOT 2
- base64 feature should enable also elements/base64
- Can this test be uncommented? HOT 1
- Pegin example with pegin address generation from descriptors
- Covenant extension parse example HOT 5
- `to_string_no_chksum` returns debug representation instead of the descriptor string without the checksum? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from elements-miniscript.