|
Title: how is the witness version 1+ being evaluated right now? Post by: BrewMaster on April 28, 2020, 04:19:35 PM BIP141 says there isn't any interpretation apart from a "castToBool" but when i look at the code i can't find where this rule is enforced. all i see is that any other version bigger than 0 is simply skipped without any verifications.
it always returns true (ignoring the standard flag): https://github.com/bitcoin/bitcoin/blob/master/src/script/interpreter.cpp#L1551-L1556 Title: Re: how is the witness version 1+ being evaluated right now? Post by: achow101 on April 28, 2020, 11:02:35 PM The BIP says:
Quote For backward compatibility, for any version byte from 0 to 16, the script must fail if the witness program has a CastToBool value of zero. However, having a hash like this is a successful preimage attack against the hash function, and the risk is negligible. (emphasis mine)So the CastToBool is actually part of old script interpreter code, not the new segwit stuff. Otherwise it would not say "For backward compatibility". The CastToBools are https://github.com/bitcoin/bitcoin/blob/master/src/script/interpreter.cpp#L1588 (native segwit) and https://github.com/bitcoin/bitcoin/blob/master/src/script/interpreter.cpp#L1634 (p2sh wrapped). The reason this requirement is in here is because the interpreter evaluates the scriptSig and scriptPubKey before doing witness program validation. The segwit script (version byte + program) is always the last bit of script executed before witness program validation. So the script interpreter will CastToBool the top stack element, which will always be the witness program. In order for validation to continue to the witness program evaluation, the witness program itself must CastToBool true to get past the script interpreter's check. |