Do you have any thoughts on expanding this to SIGHASH_NONE? Perhaps someone else on the dev list can enlighten me, but is there a current use case for SIGHASH_NONE that would suffer from it being non standard?

-Chris

On Thu, May 31, 2018 at 1:53 PM, Johnson Lau via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:

I’ve made a PR to add a new policy to disallow using SIGHASH_SINGLE without matched output:

https://github.com/bitcoin/bitcoin/pull/13360

Signature of this form is insecure, as it commits to no output while users might think it commits to one. It is even worse in non-segwit scripts, which is effectively SIGHASH_NOINPUT|SIGHASH_NONE, so any UTXO of the same key could be stolen. (It’s restricted to only one UTXO in segwit, but it’s still like a SIGHASH_NONE.)

This is one of the earliest unintended consensus behavior. Since these signatures are inherently unsafe, I think it does no harm to disable this unintended “feature” with a softfork. But since these signatures are currently allowed, the first step is to make them non-standard.
_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev