holy holy arbitrary blobs in taproot witnesses
quotingJameson Lopp (npub17u5…t4tp) Peter Todd (npub1ej4…ndrm) Luke Dashjr (npub1lh2…a9nk) lukedewolf (npub1fk8…cwld)
nevent1q…rrm0
honest question about core security:
why are we comfortable with arbitrary blobs in taproot witnesses going through a C++ parser on every validating node?
a crafted tapscript, a single parser bug, shellcode sitting in the same witness, and every node running bitcoind is a target.
as somebody said in 2010 "an accident waiting to happen" 🤔
https://claude.ai/public/artifacts/bd679297-ce62-475f-b658-7abf4f7e107c