On Mon, Oct 23, 2023 at 12:43:10PM +1030, Rusty Russell via bitcoin-dev wrote:
> 2. Was there a concrete rationale for maintaining 520 bytes?
Without a limit of 520 bytes, then you can construct a script:
<p> CHECKSIGVERIFY
{DUP CAT}x10
(we know have a string that is the second witness repeated 1024 times
on the stack; if it was 9 bytes, call it 9216B total)
{DUP} x 990
(we now have 1000 strings each of length 9216B bytes, for ~9.2MB total)
SHA256SUM {CAT SHA256SUM}x999
(we now have a single 32B field on the stack)
<h> EQUAL
(and can do a hardcoded check to make sure there weren't any
shortcuts taken)
That raises the max memory to verify a single script from ~520kB (1000
stack elements by 520 bytes each) to ~10MB (1000 stack elements by
10kB each).
> 10k is the current script limit, can we get closer to that? :)
The 10k limit applies to scriptPubKey, scriptSig and segwit v0 scripts.
There's plenty of examples of larger tapscripts, eg:
https://mempool.space/tx/0301e0480b374b32851a9462db29dc19fe830a7f7d7a88b81612b9d42099c0ae
(3,938,182 bytes of script, non-standard due to being an oversized tx)
https://mempool.space/tx/2d4ad78073f1187c689c693bde62094abe6992193795f838e8be0db898800434
(360,543 bytes of script, standard, I believe)
Cheers,
aj
_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
