safety – Why does Miniscript add an additional measurement test for hash preimage comparisons?

0
63


That is to keep away from a preimage too massive to be claimed by one of many events in a contract.

For example with out this test it could be potential to create a Lightning HTLC that’s solely claimable by a preimage whose measurement is bigger than the utmost customary witness stack aspect measurement. An attacker cooperating with a miner would have the ability to declare the HTLC onchain on each side of the attacked node: on the sender facet with the “success” transaction (containing the preimage) included in a block by a cooperating miner and on the receiver facet after timeout because the Lightning node would not have been capable of broadcast the non-standard “success” transaction by way of the P2P community.

One other instance is a cross-chain atomic swap, to keep away from a preimage to be legitimate on one chain however not one other with extra restrictive measurement limits. For example with out the dimensions test an atomic swap between chain A which restricts witness stack components to (say) 50 bytes and chain B which restricts them to 51 bytes may very well be made non-claimable on A through the use of a 51 bytes preimage.

As a facet impact this makes positive the witness measurement for satisfying this script will be precisely calculated. (You’d in any other case have to have in mind the preimage could also be as massive as the utmost witness stack aspect measurement.)

A pull request including some rationale for this test on Pieter Wuille’s web site was not too long ago merged.

LEAVE A REPLY

Please enter your comment!
Please enter your name here