Bitcoinjs-lib: [Question] Transitioning from txb to bitcoin.Transaction() or bitcoin.Psbt()
In June 2018 I began developing my vision of a bitcoin UI.
Unfortunately txb is deprecated and I have to update to Transaction & Psbt.
I don't understand why when using Psbt I must get the tx from the node(for each utxo) when with txb I didn't need that. Why is it necessary now and it worked before without that?
What's wrong with txb?
The new way of creating the transactions is extremely more difficult and a much greater load for the bitcoin node (which must return every transaction for each utxo). My web has been designed to handle thousands of users (100% non-custodial wallet, multisignature, complex scripts & inheritance) but requesting every utxo's tx is too much.
If all the utxos are to addresses m/49'/0'/0'/0/x, can I recreate the scripts without having to ask them to the node?
Thanks.
educob
All 4 comments
BIP49 is p2sh-p2wpkh.
That is segwit.
you can create the witnessUtxo by using the p2sh output and value.
non-segwit utxos need the full tx to verify the input value.
TransactionBuilder was insecure in that way. A Block Explorer run by a miner could lie to you and say your utxo was 1 BTC, but in reality it was 100BTC and the miner steals the 99BTC as fees.
with full tx we hash the tx and verify it matches the input, and grab the input value from the tx, so there is no way to cheat.
junderw
on 28 Oct 2019
Thanks.
I'll have to see how to get the p2sh output.
In my case I use my own bitcoin node so using txb would be secure (I think).
But I'll eventually try to upgrade to the new way of doing things (firstly to stop receiving these annoying deprecation warning :)
When talking to developers (one of them Alex Bosworth from lightning labs) about my web the conversation has been like this:
me: My web is 100% non-custodial
dev: no way. A web is custodial.
me: No. My web is 100% non-custodial.
dev: no way.
...
How do you think would be the best way to prove that the service is 100% non-custodial (keys created at client side when needed it by mnemonic (encrypted with passphrase in client and then sent to server) + passphrase the user has to enter when sending bitcoins?
educob
on 28 Oct 2019
It would be simple to make a flag to ignore those checks during signing.
But the whole idea of PSBT is to allow for wallet interoperability. And the rules of PSBT says you need the full tx of non-segwit inputs.
junderw
on 28 Oct 2019
do like coinbin and make your whole source code open source so people can download your site from github and use the files locally.
junderw
on 28 Oct 2019
Related issues
itsMikeLowrey
路
3Comments
silence-may
路
3Comments
namnv04
路
3Comments
dakk
路
3Comments
LeonYanghaha
路
3Comments
Most helpful comment
BIP49 is p2sh-p2wpkh.
That is segwit.
you can create the witnessUtxo by using the p2sh output and value.
non-segwit utxos need the full tx to verify the input value.
TransactionBuilder was insecure in that way. A Block Explorer run by a miner could lie to you and say your utxo was 1 BTC, but in reality it was 100BTC and the miner steals the 99BTC as fees.
with full tx we hash the tx and verify it matches the input, and grab the input value from the tx, so there is no way to cheat.