Sunday, January 23, 2022
HomeBitcoinscript - Was Bitcoin 0.3.7 really hard-forking?

script – Was Bitcoin 0.3.7 really hard-forking?


Reading through the wiki (bitcoin.it consensus versions) I noticed that release 0.3.7 (“scriptSig + scriptPubKey evaluations separated”) is listed as a hard-forking change. In BitMex's account of consensus forks (link), the same version is described as “potentially a non-deterministic hardfork”. I would like to understand the rationale for this description.

In previous versions to 0.3.7, the scriptSig was concatenated to the scriptPubKey, and also allowed executable opcodes (such as OP_RETURN, at the time when it finished the script's execution without failing, allowing for the OP_1 OP_RETURN bug). The commit with the changes can be found here.

I guess disabling OP_RETURN can be considered a soft-fork, because previously valid transactions are now invalid. But I cannot come up with any example of a transaction, previously unvalid, that would become valid after separating the evaluation of the scriptSig and scriptPubKey. The best I have come up with (with the old meaning of OP_RETURN in mind) is:

scriptSig: OP_2 (push the next 2 bytes to the stack)
scriptPubKey: OP_1 OP_RETURN OP_FALSE

Evaluated together, OP_1 OP_RETURN would be pushed to the stack as data instead of evaluated, therefore failing the script after OP_FALSE. However, when evaluated separately, the scriptPubKey would pass as valid (… but not the scriptSig, for providing no data to push?).

Thank you

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Recent Comments