undefined | Better HN

0 pointsstale20028y ago0 comments

Hmm? The steal segwit coins senario would work as follows:

1. Person A does a segwit transaction and sends coins to the anyone-can-spend output on the main chain. These coins aren't really "anyone can spend" because segwit stops invalid transactions.

2. The transaction gets replayed on the BCC chain. Segwit transactions work by sending via the anyone can spend output, but since segwit is not activated on BCC, the thefts aren't blocked, and any-can-spend really DOES mean anyone-can-spend instead of meaning segwit.

Or am I misinterpreting how it works?

I thought that segwit uses the anyone-can-spend output in order to be backwards compatible. That means that legacy nodes, or unupgraded nodes that don't have segwit, are perfectly fine will "theft" transactions.

A legacy fork, that does not have segwit activated, would thus be able to replay segwit transactions, but instead of being segwit transactions they would just be normal, anyone can spend transactions that can be stolen.

Anyways, yeah it is adversarial development.

But the other side was planning on doing the same kind of stuff, with User Activated Soft Fork, and POW changes. User activated soft fork threatens the other side with theft by doing a Wipeout of the other chain.

This stuff could have been solved much earlier if Core just compromised and merged the 4MB blocksize increase.

0 comments

kanzure8y ago

> Or am I misinterpreting how it works?

I had mentioned specifically post-fork coinbase output taint; if it's tainted, there's no way to replay, that's in fact one of the proposed replay protection mechanisms (unfortunately it's of the "opt-in" variety).

stale2002OP8y ago

Ahh, yeah, of course. If you taint it. But if you don't taint and don't opt in, then it can be stolen.

So yes, if you are on the Core chain, you can protect against replay, but only if you opt in. If you don't opt in, then they can be stolen on the other chain.

j / k navigate · click thread line to collapse