Questions about Lighthouse Transactions

[No_2]

I've had a look on-line at the Bitcoin wiki and Lighthouse Git Hub page and can't seem to find a direct answer to these questions, hopefully this is not a repeat post.

I think I understand how lighthouse transactions are formed and verify differently through their use of SIGHASH_ALL and SIGHASH_ANYONECANPAY; the person who wishes to receive donations in an all or nothing capacity creates a transaction with an output spending to their address, where the inputs are effectively blank and then submitted by donors. Assuming I have this right I have two questions:

1. How can a recipient of pledges be sure that their pledges cannot be spent before they redeem their Lighthouse transaction - I'm guessing that they can't and they are reliant on their view of the blockchain and what the latest transaction sitting in all the miners' memory pools are to make sure all the Lighthouse transition's inputs are still valid and have not been spent. So this would be resolved (aside of malicious behaviour) by having an agreed end and start time for funding.

2. I've heard people say that transaction malleability is a benefit to the Lighthouse pledging system. Can someone please explain how this would work?

[1715598119]

1715598119

[1715598119]

1715598119

[1715598119]

1715598119

[gmaxwell]

Lighthouse is all or nothing funding;  nothing stops the pledges from being withdrawn at all, or even really discourages it (beyond the basic software behavior)--- the fact that they can be is a reason to hurry up and get your pledge in so the funding can go through. If one is withdrawn you take it out of the transaction and find a replacement source of funds.

Without the ability to modify transactions once signed what lighthouse does would just be impossible... to be able to add new participants without knowing in advance who they are you must be able to change the transaction.

[Mike Hearn]

The app itself lets you "revoke" a pledge i.e. double spending it back to yourself. That's pretty fundamental to the whole model and is why money doesn't get stuck if a project never makes it to the finishing line. It also keeps it low risk for the pledgor - if they suddenly need the money for some reason it's always available to them.

Without SIGHASH_ANYONECANPAY Lighthouse would still be possible, just with a much worse UX. Basically you'd have to inform the project owner of which output you wanted to use, and then once enough value was pledged, the owner would have to construct a transaction with everyones pledges in it and then pass it around for everyone to sign. It'd be a two step process - very ugly. With the malleability features it's "fire and forget", much easier.

[No_2]

Ah, that makes sense, thanks guys.