You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: bip-0078.mediawiki
+26-16Lines changed: 26 additions & 16 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -230,7 +230,7 @@ Our recommendation for <code>maxadditionalfeecontribution=</code> is <code>origi
230
230
The receiver needs to do some check on the original PSBT before proceeding:
231
231
232
232
* Non-interactive receivers (like a payment processor) need to check that the original PSBT is broadcastable. <code>*</code>
233
-
* If the sender included inputs in the original PSBT owned by the receiver, the receiver must either return error <code>invalid-transaction</code> or make sure they do not sign those inputs in the payjoin proposal.
233
+
* If the sender included inputs in the original PSBT owned by the receiver, the receiver must either return error <code>original-psbt-rejected</code> or make sure they do not sign those inputs in the payjoin proposal.
234
234
* If the sender's inputs are all from the same scriptPubKey type, the receiver must match the same type. If the receiver can't match the type, they must return error <code>unavailable</code>.
235
235
* Make sure that the inputs included in the original transaction has never been seen before. (Prevent [[#probing-attack|probing attacks]].)
236
236
@@ -240,22 +240,32 @@ The receiver needs to do some check on the original PSBT before proceeding:
240
240
241
241
The sender should check the payjoin proposal before signing it to prevent a malicious receiver from stealing money.
242
242
243
-
* Check that all the spent outpoints in the original PSBT still exist in the coinjoin PSBT.
244
-
* Check that all the spent outpoints in the original PSBT do not have any partial signature and are not finalized.
245
-
* If the sender is not using inputs with mixed types, check that the receiver inputs type match the inputs type of the sender. (ie. both using P2SH-P2WPKH or both using P2WPKH)
246
-
* Check that any inputs added by the receiver are finalized.
247
-
* Check that the transaction version, and nLockTime are unchanged.
243
+
* Verify that the transaction version, and the nLockTime are unchanged.
248
244
* Check that the sender's inputs' sequence numbers are unchanged.
249
-
* If the sender's inputs' sequence numbers are all the same, check that the receiver's contributed inputs match those.
250
-
* If <code>minfeerate</code> was specified, check that the estimated fee rate of the payjoin proposal is not less than this value.
251
-
* Check that outputs from the original PSBT has not been modified except if:
252
-
** The output can contribute to fee (see below)
253
-
** The output does not belong to the sender.
254
-
255
-
If a [[#fee-output|fee ouptut]] exists, the sender must checks:
256
-
* The amount that was substracted from the output's value is less or equal to <code>maxadditionalfeecontribution</code>. Let's call this amount <code>actual contribution</code>.
257
-
* Make sure the contribution are only paying fee: The <code>actual contribution</code> is less or equals to the difference of absolute fee between the payjoin proposal and the original PSBT.
258
-
* Make sure the contribution are only paying for fee incurred by additional inputs: <code>actual contribution</code> is less or equals to <code>originalPSBTFeeRate * vsize(sender_input_type) * (count(original_psbt_inputs) - count(payjoin_proposal_inputs))</code>. (see [[#fee-output|Fee output]] section)
245
+
* For each inputs in the proposal:
246
+
** Verify that no keypaths is in the PSBT input
247
+
** Verify that no partial signature has been filled
248
+
** If it is one of the sender's input
249
+
*** Verify that input's sequence is unchanged.
250
+
*** Verify the PSBT input is not finalized
251
+
*** Verify that <code>non_witness_utxo</code> and <code>witness_utxo</code> are not specified.
252
+
** If it is one of the receiver's input
253
+
*** Verify the PSBT input is finalized
254
+
*** Verify that <code>non_witness_utxo</code> or <code>witness_utxo</code> are filled in.
255
+
** Verify that the payjoin proposal did not introduced mixed input's sequence.
256
+
** Verify that the payjoin proposal did not introduced mixed input's type.
257
+
** Verify that all of sender's inputs from the original PSBT are in the proposal.
258
+
* For each outputs in the proposal:
259
+
** Verify that no keypaths is in the PSBT output
260
+
** If it is one of the sender's output
261
+
*** If that's the [[#fee-output|fee ouptut]]:
262
+
**** The amount that was substracted from the output's value is less or equal to <code>maxadditionalfeecontribution</code>. Let's call this amount <code>actual contribution</code>.
263
+
**** Make sure the actual contribution is only paying fee: The <code>actual contribution</code> is less or equals to the difference of absolute fee between the payjoin proposal and the original PSBT.
264
+
**** Make sure the actual contribution is only paying for fee incurred by additional inputs: <code>actual contribution</code> is less or equals to <code>originalPSBTFeeRate * vsize(sender_input_type) * (count(original_psbt_inputs) - count(payjoin_proposal_inputs))</code>. (see [[#fee-output|Fee output]] section)
265
+
*** If it is not the fee output:
266
+
**** Make sure the output's value did not changed.
267
+
** Verify that all sender's outputs (ie, all outputs except the output actually paid to the receiver) from the original PSBT are in the proposal.
268
+
* Once the proposal is signed, if <code>minfeerate</code> was specified, check that the fee rate of the payjoin transaction is not less than this value.
259
269
260
270
The sender must be careful to only sign the inputs that were present in the original PSBT and nothing else.
0 commit comments