I have a question about Simulfunding.
What exactly is being transmitted when a user sends the signed TXSIGCOLLECT back to the organizer? I guess it's my signature to allow sending my specified amount from my specified wallet. But what's to prevent the organizer to use my signed transaction twice?
What if the organizer doesn't sign and broadcast their part of the transaction until, let's say, 2018? Perhaps there should be a time limit. Do we currently have to manually empty the wallet if the transaction isn't made or you could get the funds sent sometime in the future when it might come as a surprise?
When you sign a simulfund transaction, you're signing a plain old Bitcoin transaction. The UI doesn't make it obvious, but this means that the outputs you're spending are fixed by that time.
In the time between when you issue your promissory note and when the final, signed transaction is broadcast (whether that's minutes or, as in your case, years), you spend your money/outputs that are inputs to that simulfund transaction (e.g. by sending everything in a wallet to that same wallet), the simulfund transaction becomes invalid, since it now refers to outputs that have already been spent.
Basically, the signature is not "You can take money from my wallet" that can be respent or spent any time, it's the standard "I authorize the following transaction: [...]" that cannot be respent and refers to specific outputs you own.
It seems the last signer (or organizer) has the advantage of choosing when the transaction takes place and the money is withdrawn from all others' wallets. What if this person waits one week, one month or one year?
Then they increase the probability that the transaction will never go through. If there is any lack of trust, all parties should wait until the simulfund transaction enters the blockchain to a suitable depth, or cancel the simulfund by spending at least one output that they signed into the transaction.
