Segwit Code Review Update
Just a quick follow-up to my segwit code review:
Suhas Daftuar reproduced the mempool DoS vulnerability I found, and has a partial fix addressing the case where prior to segwit activation, an attacker adds fake witness data to transactions. Unfortunately it’s far from a complete fix: once segwit is deployed attackers can still malleate segwit transactions on the P2P level (kind of like how I can give you a json-encoded tx, rather than the binary one you were expecting, tricking you into thinking that txid is garbage; this is not malleating the txid at the consensus layer). So we’ve got more work to do on the mempool.
Johnson Lau raised a few issues with my review; in particular correcting a flaw in my reasoning about the P2WPKH case.
Mark Friedenbach raised an issue with the midstate compatibility of the segwit commitment, which we all discussed, and I think resolved for now.
Other recent dev work:
I attended the W3C Blockchain Workshop held at MIT last week. Gave a short talk on my Dex work, though mostly the conference was about workshopping rather than talks; spent a ton of time discussing this stuff with others, and started writing a preliminary in-depth specification for Dex. I also spent a bunch of time discussing Bitcoin scaling issues with some of the MIT students.
Hard fork discussion with other devs; Ethereum’s DAO bailout proposal is quite interesting there… I noticed that they’re doing an unofficial coin vote, which currently has 10% voting no… but just 2.8% of the market cap participating. Also, the implementation of the voting isn’t very good: major censorship concerns (though Ethereum has very poor privacy in general).
Watched Americans celebrate the birth of their country by blowing up a small part of it.
UTXO Set Size vs. Value Distribution
Pieter Wuille posted an interesting chart of how the UTXO set size (serialized bytes) is distributed across the value of those unspent outputs. As you can see over half the storage cost is from outputs worth less than $0.65 USD, with around a third of the size taken up by outputs under 6 cents. Still, that’s not that bad: the supermajority of the UTXO size is outputs that can be spent profitably, with only a relatively small minority unspendable “spam”.