7
2
All the recent problems caused by transaction malleability have brought to the center stage the fact that tracking a transaction id is not good enough.
So here is my question, what is good enough?
The best I can come up with, is to create my own hash of the transaction I want to track before sending it to the network. Let's call that hash "tracking id". That hash would cover only signed portions of the transaction. The elements hashed would be
- for all inputs: txid, vout
- for all outputs: amount, address
Given the fact that the transaction must still be declared valid by the official client, would this "tracking id" be robust enough to track a transaction no matter how it may have been covertly "adjusted" through transaction malleability?
If this scheme does not work, do you know of any way that would allow me to safely track the transaction?
What's the minimal amount of things to hash for this to work? – Pacerier – 2014-05-22T16:05:14.460
You must include every single byte that is signed, and must exclude every singly byte that is not signed. If you don't respect that, you'll be vulnerable to some type of transaction malleability. You must follow this list precisely. – LordOfThePigs – 2014-05-26T11:06:48.730