On Tue, Jul 19, 2016 at 10:35:39PM -0600, Sean Bowe via bitcoin-dev wrote:
> I'm requesting feedback for Hash Time-Locked Contract (HTLC) transactions
> in Bitcoin.
> 
> HTLC transactions allow you to pay for the preimage of a hash. CSV/CLTV can
> be used to recover your funds if the other party is not cooperative. These
> scripts take the following general form:
> 
>     [HASHOP] <digest> OP_EQUAL
>     OP_IF
>         <seller pubkey>
>     OP_ELSE
>         <num> [TIMEOUTOP] OP_DROP <buyer pubkey>
>     OP_ENDIF
>     OP_CHECKSIG

Note that because you're hashing the top item on the stack regardless
scriptSig's that satisfy HTLC's are malleable: that top stack item can be
changed anything in the digest-not-provided case and the script still passes.

-- 
https://petertodd.org 'peter'[:-1]@petertodd.org