Don’t assume signature grinding for external signers #26030

issue Sjors openend this issue on September 7, 2022
  1. Sjors commented at 7:58 am on September 7, 2022: member

    Since #13666 our fee calculation assumes that ECSDA signatures are a maximum of 71 bytes, rather than 72. However, not all hardware wallets implement R-value grinding.

    This can cause us to underpay fees when using an external signer. That’s especially problematic when the user picks 1 sat/vbyte as the fee, because it won’t even get into our own mempool.

    The easiest solution would be to modify ExternalSignerScriptPubKeyMan to assume 72 bytes for ECSDA signatures.

    Slightly more advanced would be to expand HWI to keep track of which devices and firmware versions (if any) support R-value grinding. We’d then have to store that in the wallet in some new field. Personally I’d rather work on better Taproot support, which thanks to Schnorr avoids this issue altogether.

  2. Sjors added the label Bug on Sep 7, 2022
  3. achow101 closed this on Feb 27, 2023

  4. sidhujag referenced this in commit a33432a148 on Feb 28, 2023
  5. bitcoin locked this on Feb 27, 2024


Sjors

Labels
Bug


github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-12-19 09:12 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me