policy: Ephemeral anchors #26403

pull instagibbs wants to merge 37 commits into bitcoin:master from instagibbs:ephemeral-anchors changing 52 files +2482 −229
  1. instagibbs commented at 8:14 pm on October 27, 2022: member

    TODO:

    I’ll be updating to segwit variant soon, with updated BIP text.


    Builds on top of #25038 for consideration of inclusion to the proposal. Requires V3, for simplicity of reasoning and usage. Implementation of idea written out at https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-October/021036.html

    BIP text here: https://github.com/instagibbs/bips/blob/ephemeral_anchor/bip-ephemeralanchors.mediawiki

  2. instagibbs renamed this:
    Ephemeral anchors
    [POLICY] Ephemeral anchors
    on Oct 27, 2022
  3. DrahtBot added the label Needs rebase on Oct 27, 2022
  4. glozow added the label Needs Conceptual Review on Oct 28, 2022
  5. glozow added the label TX fees and policy on Oct 28, 2022
  6. instagibbs force-pushed on Oct 28, 2022
  7. instagibbs force-pushed on Oct 28, 2022
  8. instagibbs force-pushed on Oct 28, 2022
  9. instagibbs force-pushed on Oct 31, 2022
  10. instagibbs force-pushed on Oct 31, 2022
  11. instagibbs force-pushed on Nov 1, 2022
  12. instagibbs force-pushed on Nov 1, 2022
  13. instagibbs force-pushed on Nov 1, 2022
  14. instagibbs force-pushed on Nov 1, 2022
  15. instagibbs force-pushed on Nov 1, 2022
  16. instagibbs force-pushed on Nov 1, 2022
  17. instagibbs force-pushed on Nov 3, 2022
  18. instagibbs force-pushed on Nov 3, 2022
  19. instagibbs marked this as ready for review on Nov 3, 2022
  20. instagibbs force-pushed on Nov 3, 2022
  21. DrahtBot removed the label Needs rebase on Nov 3, 2022
  22. instagibbs force-pushed on Nov 3, 2022
  23. instagibbs force-pushed on Nov 4, 2022
  24. instagibbs force-pushed on Nov 4, 2022
  25. DrahtBot commented at 12:16 pm on November 4, 2022: contributor

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    Code Coverage

    For detailed information about the code coverage, see the test coverage report.

    Reviews

    See the guideline for information on the review process.

    Type Reviewers
    Concept NACK luke-jr

    If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

    Conflicts

    Reviewers, this pull request conflicts with the following ones:

    • #bitcoin-core/gui/650 (Add Import to Wallet GUI by KolbyML)
    • #28246 (wallet: Use CTxDestination in CRecipient instead of just scriptPubKey by achow101)
    • #28244 (Break up script/standard.{h/cpp} by achow101)
    • #28217 (set DEFAULT_PERMIT_BAREMULTISIG to false by Retropex)
    • #28201 (Silent Payments: sending by josibake)
    • #28126 (wallet legacy: bugfix, disallow importing invalid scripts via importaddress by furszy)
    • #28122 (Silent Payments: Implement BIP352 by josibake)
    • #28031 (Package Relay 1/3: Introduce TxPackageTracker as Orphan Resolution Module by glozow)
    • #27827 (Silent Payments: send and receive by josibake)
    • #27432 (contrib: add tool to convert compact-serialized UTXO set to SQLite database by theStack)
    • #26840 (refactor: importpubkey, importprivkey, importaddress, importmulti, and importdescriptors rpc by KolbyML)
    • #26711 (validate package transactions with their in-package ancestor sets by glozow)
    • #26451 (Enforce incentive compatibility for all RBF replacements by sdaftuar)
    • #20892 (tests: Run both descriptor and legacy tests within a single test invocation by achow101)

    If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

  26. instagibbs force-pushed on Nov 4, 2022
  27. instagibbs force-pushed on Nov 4, 2022
  28. instagibbs force-pushed on Nov 4, 2022
  29. luke-jr commented at 3:48 pm on November 5, 2022: member
    Concept NACK as a mere policy. Without consensus enforcement, cost is a full UTXO which may potentially never be spent. OP_TRUE does not have a weight that reflects this high cost.
  30. instagibbs commented at 5:48 pm on November 5, 2022: member

    @luke-jr Can you elaborate more on what the potential issues are?

    This policy defines that any transaction with such an output must be 0-fee, which means there’s little incentive to mine it on its own, but only as part of a CPFP spend of that output.

    Assuming the PR is correct and being run on the network, there should be no way(aside from miners prioritizing the parent explicitly) to leaving the utxo in the uxto set. Prioritizing the parent could also be disallowed easily.

  31. luke-jr commented at 5:55 pm on November 5, 2022: member

    The main issue I see is that it has a very low weight, but rather high cost. There is no consensus rule requiring it to be spent immediately.

    Couldn’t it be CPFP’d by spending another of its outputs?

  32. instagibbs commented at 1:11 pm on November 6, 2022: member
    The argument here is that dust limits are already policy only, and this is basically a “cut-through” of potentially dust outputs. It’s no practical change of dust policy, except in the case where a miner prioritizes a parent tx with this kind of output after its included in mempool(it’s in the test cases)
  33. JeremyRubin commented at 4:38 pm on November 6, 2022: contributor

    @luke-jr either you do a consensus fork and everything that entails for something like tx sponsors, or your enable in policy only something like ephemeral anchors.

    One option that could be taken would be to make the OP_TRUE script contain an upgradable NOP that we document as reserved to in the future treat as a pre-execution parsed flag with a consensus must-spend rule, and then we’d be able to (if there was wide adoption of ephemeral anchors and we saw utxo bloat) add a consensus rule to enforce them as must-spend.

  34. luke-jr commented at 5:51 pm on November 6, 2022: member

    One option that could be taken would be to make the OP_TRUE script contain an upgradable NOP that we document as reserved to in the future treat as a pre-execution parsed flag with a consensus must-spend rule, and then we’d be able to (if there was wide adoption of ephemeral anchors and we saw utxo bloat) add a consensus rule to enforce them as must-spend.

    I think this would be better, since it allows a real OP_TRUE to be given a more cost-based weight in a future softfork.

  35. maflcko commented at 9:40 am on November 7, 2022: member
    It would also be possible to deploy a consensus change to treat them as unspendable, unless they are spent in the block they are created in, but it seems odd to enforce policy with consensus, and this is likely the wrong thread to discuss anyway.
  36. JeremyRubin commented at 5:09 pm on November 7, 2022: contributor
    @MarcoFalke that is an inverse timelock, which has nasty consequences for reorg safety and dependent transactions.
  37. instagibbs commented at 5:16 pm on November 7, 2022: member
    @JeremyRubin including a NOP would just be to not “camp” a raw single byte value push for a future soft fork? Making sure I didn’t miss the underlying motivation.
  38. JeremyRubin commented at 5:20 pm on November 7, 2022: contributor

    more or less, you might also be able to do a min byte segwit v1 script (2 bytes?) or something else similar too.

    Otherwise you end up with some “specific script template matching upgrade”, which is IMO messy & risks being uneccessarily confiscatory.

  39. ajtowns commented at 8:25 am on November 9, 2022: contributor

    Camping an OP_NOP and preventing it from being used for any other future soft fork seems worse than camping OP_TRUE.

    If in the future we have a soft fork that makes small scriptPubKeys more costly to limit utxo bloat with an exemption for ephmeral outputs that are spent in the same block, which should just apply both rules to all scriptPubKeys, whether they’re OP_TRUE, OP_2, or OP_NOP5 OP_TRUE…

  40. DrahtBot added the label Needs rebase on Nov 28, 2022
  41. instagibbs commented at 6:02 pm on December 16, 2022: member
    I’ll rebase on top of #25038 once it leaves draft mode, since I have to update my tests to new V3 packages.
  42. naumenkogs commented at 10:32 am on January 3, 2023: member

    What will happen at the p2p level, if the attacker manages to submit a transaction with ephemeral outputs to many nodes but without a child?

    It looks like its wtxid will make it into m_recent_rejects, and then the network won’t reconsider the tx even when the child is attached?

  43. instagibbs commented at 3:39 pm on January 3, 2023: member
    @naumenkogs Ideally I would hope it would be treated like any other too-low-fee transaction, and be re-evaluated again in the package context. I’ll double check, thanks!
  44. in test/functional/mempool_ephemeral_anchor.py:151 in 62f020d2de outdated
    146+        package_hex4, package_txns4 = self.create_simple_package(parent_coins=parent_coins, parent_fee=0, child_fee=DEFAULT_FEE*2, version=3, spend_anchors=2)
    147+        assert_raises_rpc_error(-26, "v3-tx-nonstandard", node.submitpackage, package_hex4)
    148+        self.assert_mempool_contents(expected=package_txns3, unexpected=[])
    149+
    150+        # All ephemeral anchors this time, make sure old child evicted
    151+        package_hex5, package_txns5 = self.create_simple_package(parent_coins=parent_coins, parent_fee=0, child_fee=DEFAULT_FEE*2, version=3)
    


    instagibbs commented at 4:23 pm on January 3, 2023:
    todo: double-check we can’t get blinded to a parent tx if submitted separately

    glozow commented at 5:05 pm on January 6, 2023:
    fwiw with package relay the plan is to add a separate rejects cache for transactions that failed but are eligible for reconsideration if submitted with another transaction. We wouldn’t validate/download these again by themselves (renews on every change in chain tip similar to recent rejects), but will reconsider if submitted with another tx. It’s intended for these kinds of situations, where a parent needs a child to be valid.
  45. instagibbs marked this as a draft on Jan 11, 2023
  46. in test/functional/mempool_ephemeral_anchor.py:334 in 04778d1289 outdated
    330@@ -331,11 +331,12 @@ def test_xor_rbf(self):
    331         self.generate(node, 1)
    332         self.assert_mempool_contents(expected=[second_package_txns[1]], unexpected=[])
    333 
    334-        # Parent can still be prioritised
    335+        # Parent can't be prioritised; RPC call succeeds but is modified fees are ignored if it has EAs
    


    ajtowns commented at 12:14 pm on January 12, 2023:
    “its modified fees” ?

    instagibbs commented at 6:48 pm on January 20, 2023:
    removed the test since it’s duplicated by v3 work which now trims lower than min relay fee txns
  47. in src/txmempool.cpp:410 in 04778d1289 outdated
    406@@ -402,6 +407,11 @@ void CTxMemPoolEntry::UpdateDescendantState(int64_t modifySize, CAmount modifyFe
    407 
    408 void CTxMemPoolEntry::UpdateAncestorState(int64_t modifySize, CAmount modifyFee, int64_t modifyCount, int64_t modifySigOps)
    409 {
    410+    // We don't want to encourage miners to mine these transacitons alone. Instead
    


    ajtowns commented at 12:14 pm on January 12, 2023:
    “transactions”

    instagibbs commented at 6:48 pm on January 20, 2023:
    no longer changing this
  48. instagibbs force-pushed on Jan 20, 2023
  49. instagibbs force-pushed on Jan 20, 2023
  50. instagibbs force-pushed on Jan 20, 2023
  51. instagibbs commented at 6:51 pm on January 20, 2023: member

    Rebased on top of latest #25038

    1. simplified spends checking due to 2-txn topology for better error reporting
    2. simplified tests, no longer messing with test utils at all
    3. removed prioritisetransaction considerations and code, since they are now evicted via V3 rules entirely
  52. instagibbs force-pushed on Jan 20, 2023
  53. DrahtBot removed the label Needs rebase on Jan 20, 2023
  54. instagibbs commented at 10:13 pm on February 2, 2023: member
  55. instagibbs force-pushed on Mar 13, 2023
  56. instagibbs force-pushed on Mar 13, 2023
  57. instagibbs commented at 4:35 pm on March 13, 2023: member
    Switched to OP_TRUE, as it was less confusing for at least a few people, and only requires light test editing. Having an odd conflict with master that I am not resolving until parent PR is rebased.
  58. instagibbs force-pushed on Mar 13, 2023
  59. in src/policy/policy.cpp:145 in 97d254e5f4 outdated
    141@@ -142,8 +142,12 @@ bool IsStandardTx(const CTransaction& tx, const std::optional<unsigned>& max_dat
    142             reason = "bare-multisig";
    143             return false;
    144         } else if (IsDust(txout, dust_relay_fee)) {
    145-            reason = "dust";
    146-            return false;
    147+            // We ensure ephemeral output is spent in the same mempool package
    


    instagibbs commented at 4:55 pm on March 13, 2023:
    suggested in other PR: “switch the ordering? else if (whichType != ANCHOR && IsDust())”
  60. instagibbs force-pushed on Mar 13, 2023
  61. DrahtBot added the label Needs rebase on Mar 13, 2023
  62. instagibbs commented at 3:02 pm on March 14, 2023: member

    Should a flag be threaded through to disallow any dust outputs even if they’re EA?

    ala https://github.com/bitcoin-inquisition/bitcoin/pull/23/commits/3f1b105b9ab2736f5b204329a10213c26bd74172

  63. instagibbs force-pushed on Mar 15, 2023
  64. instagibbs force-pushed on Mar 15, 2023
  65. instagibbs force-pushed on Apr 14, 2023
  66. instagibbs commented at 8:09 pm on April 14, 2023: member
    I reworked this PR with changes incorporated from https://github.com/bitcoin-inquisition/bitcoin/pull/23
  67. instagibbs force-pushed on Apr 14, 2023
  68. instagibbs force-pushed on Apr 14, 2023
  69. instagibbs force-pushed on Apr 14, 2023
  70. instagibbs force-pushed on Apr 17, 2023
  71. DrahtBot removed the label Needs rebase on Apr 17, 2023
  72. instagibbs commented at 7:29 am on April 27, 2023: member
    Should add a test showing that node restart dumps ephemeral transactions since re-admission to the mempool is done single tx by single tx only.
  73. instagibbs force-pushed on Apr 27, 2023
  74. DrahtBot added the label CI failed on Apr 27, 2023
  75. instagibbs force-pushed on May 1, 2023
  76. instagibbs commented at 6:44 pm on May 1, 2023: member

    https://github.com/bitcoin/bitcoin/pull/26403/commits/a1982f5773690bc0c74d1bb932cb7552b00aacaf shows that current re-submission logic on node restart fails to evict ephemeral transaction.

    Until there is package-aware re-submission, should these transactions just be dropped on the floor? These types of transactions are opting into fairly aggressive fee bumping patterns, maybe that’s an ok first cut.

  77. DrahtBot added the label Needs rebase on May 9, 2023
  78. instagibbs commented at 8:09 pm on June 8, 2023: member
    note to self: after rebased onto BIP331, need to make sure rejected ephemeral anchor tx is put in m_recent_rejects_reconsiderable filter instead of m_recent_rejects
  79. in src/policy/v3_policy.cpp:139 in bb3a55a306 outdated
    135     }
    136 
    137+    /* Only allow in package feerate context */
    138+    if (!package_context) {
    139+        /* Allows re-evaluation in package context */
    140+        return state.Invalid(TxValidationResult::TX_MEMPOOL_POLICY, "missing-ephemeral-spends");
    


    instagibbs commented at 8:19 pm on June 8, 2023:

    should return code like TX_LOW_FEE re:BIP331 to avoid blinding relay of an otherwise valid parent

    edit: does this actually matter? in the individual context we never want to reset, really. We only want to try again, per block period, if it’s sent in a package with a new combined hash?

  80. instagibbs commented at 2:47 pm on July 6, 2023: member

    Random thought:

    OP_TRUE is txid-malleable by block maker. e.g., they could theoretically add in superfluous pushes in the scriptSig and this would not fail validation because CLEANSTACK is a policy-only rule. Miner is of course taking less in fees by doing this.

    In this particular V3 context, it just means your CPFP could change txid, wouldn’t do anything else. Maybe in a more general context if we weren’t restricted to V3 topology this would be an issue? In the context of keyless anchors, I’m not sure that will ever make sense anyways.

    The “fix” would be: OP_DEPTH OP_0 OP_EQUAL, making it consensus-non-malleable at the cost of 8 additional WU. Seems like a bad tradeoff, noting anyways.

    0<_aj_> instagibbs: can't a blockmaker put "OP_NOP OP_NOP OP_NOP" in the scriptSig and also satisfy a scriptPubKey of "DEPTH 0 EQUAL" ?
    

    legacy script: i cri everytim

    This also means the child transaction spending the ephemeral anchor cannot be relied upon for further transaction chaining, e.g., spent in a splice-in for a LN channel, since the funding output can have its txid mutated. A soft-fork would be necessary.

  81. instagibbs renamed this:
    [POLICY] Ephemeral anchors
    policy: Ephemeral anchors
    on Aug 8, 2023
  82. instagibbs force-pushed on Aug 9, 2023
  83. instagibbs force-pushed on Aug 9, 2023
  84. instagibbs force-pushed on Aug 9, 2023
  85. DrahtBot removed the label Needs rebase on Aug 9, 2023
  86. glozow commented at 10:23 am on August 10, 2023: member

    @instagibbs pushed 1 commit. faeed68 nice crash bro

    hacked a quick-ish fix on top of this branch here (it fails some other tests). As discussed offline, the general problem is with calling TrimToSize in the middle of package validation (meaning something can go from already-in-mempool to evicted, or just-submitted to evicted) so a coin may be cached in m_view but then it disappears from the mempool/temporary coins in m_viewmempool. Crash is in CheckInputsFromMempoolAndCache which asserts the coin exists, but it doesn’t anymore. Will open a separate PR to address this since it’s also a problem pre-v3.

  87. [validation] refactor sub-package submissions, call AcceptSingle when only 1 tx
    Avoid calling PackageMempoolChecks() when there is only 1 transaction.
    Note to reviewers: there is a slight change in the error type returned,
    as shown in the txpackage_tests change.  When a transaction is the last
    one left in the package and its fee is too low, this returns a PCKG_TX
    instead of PCKG_POLICY. This interface is clearer;
    "package-fee-too-low" for 1 transaction would be a bit misleading.
    0678df31d5
  88. [validation] make PackageMempoolAcceptResult members mutable
    After the PackageMempoolAcceptResult is returned from
    AcceptMultipleTransactions, leave room for results to change due to
    LimitMempool() eviction.
    62eeee115c
  89. [refactor] back-filling m_tx_results in AcceptPackage 472de1dec9
  90. [validation] don't LimitMempoolSize in any subpackage submissions c2c9dfe95b
  91. [doc] cpfp carveout is excluded in packages
    The behavior is not new, but this rule exits earlier than before.
    Previously, a carve out could have been granted in PreChecks() but then
    nullified in PackageMempoolChecks() when CheckPackageLimits() is called
    with the default limits.
    9b576f0fb1
  92. [mempool] evict everything below min relay fee in TrimToSize()
    At this point it's not expected that there are any such transactions,
    except from reorgs and possibly when loading from mempool.dat.
    4e8ea37030
  93. [doc] nVersion 3 and package rbf policies 0f6f95c98f
  94. [policy] policy rules for nVersion=3 2c2d96b650
  95. [policy] allow V3 transactions under certain conditions a28288573d
  96. [policy] allow individual v3 txns to be below min relay feerate
    As long as they are otherwise paid for, i.e. through package CPFP.
    If a v3 transaction loses its sponsor, we can evict them with no trouble
    because it will not have other descendants or ancestors to make the
    feerate assessment more complicated.
    161b1bb777
  97. [test framework] parameterize version in create_self_transfer c16340d7dc
  98. [functional test] v3 transaction submission 89948086fb
  99. [refactor] make some members MemPoolAccept-wide
    No change in behavior.
    
    For single transaction acceptance, this is a simple refactor:
    Workspace::m_all_conflicting         -> MemPoolAccept::m_all_conflicts
    Workspace::m_replacement_transaction -> MemPoolAccept::m_rbf
    Workspace::m_conflicting_fees        -> MemPoolAccept::m_conflicting_fees
    Workspace::m_conflicting_size        -> MemPoolAccept::m_conflicting_size
    Workspace::m_replaced_transactions   -> MemPoolAccept::m_replaced_transactions
    
    And local variables m_total_vsize and m_total_modified_fees are now
    MemPoolAccept members so they can be accessed from PackageMempoolChecks.
    
    We want these to be package-wide variables because
    - Transactions could conflict with the same tx (just not the same
    prevout), or their conflicts could share descendants.
    - We want to compare conflicts with the package fee rather than
    individual transaction fee.
    5abf6ca5e0
  100. [policy] check whether replacement is more incentive compatible
    Avoid accepting replacements that are not more incentive compatible to
    mine.  For now, as a conservative estimate, require that the minimum
    between the transaction's individual feerate and ancestor feerate is
    higher than the individual feerates of directly conflicting transactions
    and the ancestor feerates of all original transactions.
    
    Note that a package/transaction's ancestor feerate is not perfectly
    representative of its incentive compatibility; it may overestimate (some
    subset of the ancestors could be included by itself if it has other
    high-feerate descendants or are themselves higher feerate than this
    package/transaction). This is a conservative estimate and works for now.
    
    Co-authored-by: Suhas Daftuar <sdaftuar@chaincode.com>
    78e202e13f
  101. [refactor] rename entries to be more descriptive 7e522d4a9a
  102. [unit test] for CheckAncestorScores 63dc362cf9
  103. [packages/policy] implement package RBF e642bd3db2
  104. [doc] doc assumptions package RBF
    Try to prevent accidental future breakage and document some assumptions
    that would break package RBF if changed.
    0ee425f6f7
  105. [test util] CreateValidMempoolTransaction version parameter, always signal bip125 5ff9462d6b
  106. [test] package rbf 06e4187468
  107. Add OP_TRUE as a standard output type
    This will be used in following commits
    as the flag for ephemeral anchors, allowing
    dust values, but also requiring
    the output to be spend in the same relay package.
    e4fee49ec2
  108. Allow dust anchor outputs
    Anchor outputs are not yet required
    to be spent in same mempool package.
    0bfd0a50cb
  109. Add -ephemeralanchors which when set to false disallows anchor outputs d3d6efbc4e
  110. Allow one ephemeral anchor per transaction c2ef3f67b9
  111. Enforce that ephemeral anchor transactions are 0 base fee b0f93855a3
  112. GetDustThreshold: Make anchor output dust threshold 0 explicitly 0f93c45f0e
  113. Functional tests for ephemeral anchors
    Does not have test coverage for making sure EA are spent,
    and package RBF cases, neither of which exist currently.
    e0b764359d
  114. Only allow ephemeral anchors in v3 transactions 1c837938c9
  115. Add anchor argument to transaction creation rpcs db1e5d39a5
  116. Require ephemeral anchors to be spent in mempool atomically
    Either in the same relay package, or by transactions RBFing
    the CPFP.
    1606792bc9
  117. Add test for more complicated ephemeral anchor scenarios a040e2f52e
  118. instagibbs force-pushed on Aug 10, 2023
  119. instagibbs force-pushed on Aug 10, 2023
  120. DrahtBot added the label Needs rebase on Aug 17, 2023
  121. DrahtBot commented at 1:51 pm on August 17, 2023: contributor

    🐙 This pull request conflicts with the target branch and needs rebase.

  122. Add test for ephemeral anchors on node restart 53e475358b
  123. Test failure to evict ephemeral transaction on node restart 1d2ed162ff
  124. Disallow individual submission of ephemeral transaction 8f9b0d91be
  125. Test to make sure that EA txns are evicted 6ed2626565
  126. Return complete reason for package submission failure c103a4c3c7
  127. Make sure test_sponsor_swap is testing the desired behavior 08b575f32c
  128. instagibbs force-pushed on Oct 31, 2023
  129. whitslack commented at 7:47 pm on November 15, 2023: contributor
    What’s the point of having a non-malleable version? Okay, so a miner cannot add extra pushes to the input script that spends the anchor, but there is nothing to stop the miner from mining an alternative child transaction that spends only the anchor. Thus, the party that had broadcast the original child transaction will be forced to construct a new spending transaction with a different TxID anyway. Indeed, anyone (not only a miner) is free to propose a replacement child that spends only the anchor, so it will never be okay to depend upon the TxID of a transaction that spends an ephemeral anchor. So again I ask, what is the point of having a non-malleable ephemeral anchor?
  130. instagibbs commented at 8:44 pm on November 15, 2023: member

    Thus, the party that had broadcast the original child transaction will be forced to construct a new spending transaction with a different TxID anyway

    Canonical example here which motivated the change was that of LN channel splicing being used to cpfp bump another transaction, would could be another channel’s commitment transaction itself. This requires the ephemeral anchor-spending tx(the splice) to retain txid stability otherwise funds are locked up in the new funding output.

    I understand that not all use-cases require such things, but two points:

    1. It’s easy to expand standardness, and really hard to restrict. In deploying one version, we’ll likely learn lessons we’d want to apply to other versions. If we see tons of uptake from wallets that explicitly don’t care about txid stability? That’s a signal as well.
    2. “I don’t see the problem” is much weaker than “there is no problem” and I’d rather be able to reason via modern bitcoin rules
  131. whitslack commented at 10:13 pm on November 15, 2023: contributor

    This requires the ephemeral anchor-spending tx(the splice) to retain txid stability otherwise funds are locked up in the new funding output.

    The point I was missing is that a non-malleable anchor ensures that the other output(s) do not get spent in a transaction whose TxID was not known in advance of signing. Thank you for the answer.

  132. instagibbs closed this on Dec 5, 2023

  133. bitcoin locked this on Dec 5, 2024

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-12-22 00:12 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me