--- Log opened Tue Apr 12 00:00:52 2022
01:35 -!- Guest369 [~Guest3@103.151.209.229] has joined ##miniscript
02:03 -!- Guest369 [~Guest3@103.151.209.229] has quit [Quit: Client closed]
03:53 -!- meshcollider [meshcollid@jujube.rpblc.net] has quit [Ping timeout: 246 seconds]
03:54 -!- meshcollider [meshcollid@meshcollider.jujube.ircnow.org] has joined ##miniscript
05:35 < andytoshi> sanket1729: have you seen https://github.com/rust-bitcoin/rust-miniscript/discussions/341 ? this is a person confused by miniscript output. i think his question is a "normal" confusion about how script works, but unrelatedly i notice something that worries me
05:35 < andytoshi> specifically we have a DUP IF <n> CSV ENDIF
05:35 < andytoshi> used as a W
05:35 < andytoshi> which assumes that the output will be 0 or 1
05:35 < andytoshi> but actually, the output of this will be whatever the user provides as input to the IF
05:36 < andytoshi> ohh wait is minimalif consensus, in segwit?
05:36 <@sipa> miniscript assumes MINIMALIF, iirc
05:36 < andytoshi> right, but only for non-malleability ...here i think this is a security risk
05:37 < andytoshi> specifically this looks like a 3-of-N threshold construction. i think the user could fail all the sigchecks, provide a 3 to the IF, and then pass the whole threshold
05:37 < andytoshi> at least, in a legacy context
05:38 <@sipa> hmm
05:39 <@sipa> that would violate consensus soundness
05:41 < andytoshi> yeah :(
05:41 <@sipa> MINIMALIF is not consensus in segwit either, iirc
05:41 < andytoshi> yeah, looking at the code it looks like it's consensus in taproot, but not segwit
05:42 < andytoshi> oh conveniently you even wrote a comment in interpreter.cpp "Under witness v0 rules it is only a policy rule"
05:42 < andytoshi> ah it's jl's comment
05:42 < andytoshi> but ok i believe it :)
05:42 <@sipa> BIP141 also lists it explicitly as a policy rule
06:01 < darosior> If `d:` was not `u` i think it would solve this issue? As you would require another `n:` (OP_0NOTEQUAL) to pass the `u` requirement to get into a `thresh()`.
06:01 < darosior> And `d:` could be `u` under Taproot context, still.
06:02 <@sipa> @darosior That sounds like a simple solution.
06:03 <@sipa> And I don't see any other constructions that take elements from the input and leave them directly on the stack?
07:24 <@sipa> This is a pretty serious issue.
11:12 < andytoshi> yeah i line that solution darosior 
11:12 < andytoshi> and yes sipa this is actually serious enough that i should not have brought it up on the public channel, sorry
--- Log closed Wed Apr 13 00:00:53 2022