diff options
| author | James O'Beirne <james.obeirne@pm.me> | 2023-02-15 13:56:22 -0500 |
|---|---|---|
| committer | James O'Beirne <james.obeirne@pm.me> | 2023-02-15 13:56:22 -0500 |
| commit | c589490f98ba1b0c606d0e2030463f1fde54b786 (patch) | |
| tree | a4477f593b1a08eb6d83b1662a1e52ddc40cadcc /bip-vaults.mediawiki | |
| parent | 9124f2940e6315deaaee4aca92a8250aeaa3aca7 (diff) | |
| download | bips-c589490f98ba1b0c606d0e2030463f1fde54b786.tar.xz | |
vaults: make recovery transaction explicit
Instead of implicitly detecting whether or not an OP_VAULT/OP_UNVAULT
spend is a recovery spend by scanning outputs for matching
scriptPubKeys, explicitly indicate recoveries by requiring a witness
stack element that is either -1 in the case of no recovery OR
corresponds to an output index that is the recovery output.
Diffstat (limited to 'bip-vaults.mediawiki')
| -rw-r--r-- | bip-vaults.mediawiki | 34 |
1 files changed, 14 insertions, 20 deletions
diff --git a/bip-vaults.mediawiki b/bip-vaults.mediawiki index 66bf7cb..c5738a0 100644 --- a/bip-vaults.mediawiki +++ b/bip-vaults.mediawiki @@ -279,32 +279,26 @@ where ** If <code><recovery-params></code> is less than 32 bytes, script execution when spending this output MUST fail and terminate immediately. ** Because the recovery scriptPubKey is committed to with a hash, witness version upgradeability is preserved. -==== Check for recovery ==== +==== Witness stack ==== After the witness program is parsed, it must be determined whether this input -is being spent towards a recovery. If an output in the spending transaction is -found whose scriptPubKey hashes to the recovery sPK hash (the -first component of <code><recovery-params></code>), the interpreter will -evaluate for recovery. Otherwise, the interpreter will evaluate assuming a withdrawal -is being triggered. +is being spent towards a recovery. -In pseudocode: +Witness stack shown top to bottom: -<source lang="python"> -is_recovery = False -recovery_out: Optional[CTxOut] = None - -for out in spending_tx.vout: - if tagged_hash("VaultRecoverySPK", out.scriptPubKey) == recovery_sPK_hash: - is_recovery = True - recovery_out = out - -if is_recovery: - eval_for_recovery(recovery_out) -else: - eval_for_withdrawal_trigger() +<source> +<recovery-vout-idx> +[other potential witness stack items ...] </source> +where + +* <code><recovery-vout-idx></code> is an integer indicating which output, if any, is a recovery output. +** If this value cannot be decoded as a CScriptNum and cast to an integer, script execution MUST fail and terminate immediately. +** If this value is less than -1, script execution MUST fail and terminate immediately. +** If this value is greater than or equal to 0, this spend is a recovery transaction and this value denotes the recovery output that corresponds to this vault input. +* The parse of the other stack items depends on whether or not this is a recovery spend. + ==== <code>OP_VAULT</code> evaluation for recovery spend ==== * If the recovery output does not have an <code>nValue</code> greater than this input's amount, the script MUST fail and terminate immediately. |