Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
SegWit inputs in PSBT must provide full UTXO
See original GitHub issueA security issue* in the design of BIP-143 allows an attacker to lie about segwit input amounts and get the user to pay an unexpectedly high transaction fee. The problem affects all HWW vendors.
For Trezor, we are fixing this by requiring the full UTXO for all types of inputs, so we can validate that the input amount is correct.
To facilitate that, we need BTCPay to provide full UTXOs for all input types.
This goes against the recommendation in BIP-174, saying that NON_WITNESS_UTXO should not be provided for SegWit inputs. Nevertheless, the resulting PSBT is still valid AFAICT.
Without this modification, it will be impossible to sign SegWit transactions on Trezor firmwares starting with 1.9.1 and 2.3.1. Also, an issue in HWI must be fixed first: https://github.com/bitcoin-core/HWI/issues/338
*) Details in our blogpost: https://blog.trezor.io/details-of-firmware-updates-for-trezor-one-version-1-9-1-and-trezor-model-t-version-2-3-1-1eba8f60f2dd
Issue Analytics
- State:
- Created 3 years ago
- Reactions:2
- Comments:23 (17 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@AvivMilner that said, I don’t know Ledger stance on it. I don’t think they will fix it as it breaks lot’s of thing, but I may be wrong.
This is a difficult decision for hardware wallets. I personally think that the pill is worse than the disease.
An issue for another day that I’m already looking into.