From 5918b4666c4c4fbf54a2ef8550877f02328a2afc Mon Sep 17 00:00:00 2001
From: Orfeas Litos <o.thyfronitis@ed.ac.uk>
Date: Tue, 26 Nov 2019 12:43:34 +0000
Subject: Mention hash_type malleability would change wtxid

---
 bip-taproot.mediawiki | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bip-taproot.mediawiki b/bip-taproot.mediawiki
index 491dd4b..dc59c51 100644
--- a/bip-taproot.mediawiki
+++ b/bip-taproot.mediawiki
@@ -93,7 +93,7 @@ The following rules apply:
 * If the signature is not 64<ref>'''Why permit two signature lengths?''' By making the most common type of <code>hash_type</code> implicit, a byte can often be saved.</ref> or 65 bytes, fail.
 * If the signature size is 65 bytes:
 ** If the final byte is not a valid <code>hash_type</code> (defined hereinafter), fail.
-** If the final byte is <code>0x00</code>, fail<ref>'''Why can the <code>hash_type</code> not be <code>0x00</code> in 65-byte signatures?''' Permitting that would enable malleating 64-byte signatures into 65-byte ones, resulting a different fee rate than the creator intended</ref>.
+** If the final byte is <code>0x00</code>, fail<ref>'''Why can the <code>hash_type</code> not be <code>0x00</code> in 65-byte signatures?''' Permitting that would enable malleating 64-byte signatures into 65-byte ones, resulting in a different `wtxid` and a different fee rate than the creator intended</ref>.
 ** If the first 64 bytes are not a valid signature according to bip-schnorr for the public key and message set to the transaction digest with <code>hash_type</code> set as the final byte, fail.
 * If the signature size is 64 bytes:
 ** If it is not a valid signature according to bip-schnorr for the public key and the <code>hash_type = 0x00</code> transaction digest as message, fail.
-- 
cgit v1.2.3