There may be multiple utxos that the same script would unlock. The most common example is two that both pay the same address. If weren’t , an attacker could replace one input utxo by a different utxo that pays the same address, and this would be bad.

Consider the following scenario. Alice has received two payments to her address 1Alice, both in the amount of 1 BTC: one with txid 234abc in the amount of 1 BTC, and another with txid 567def. She wishes to pay 0.5 BTC to Bob, so she creates and signs a transaction using the 234abc utxo as input, with the following outputs: 0.5 BTC to the address 1Bob, and 0.4999 BTC to some “change” address, 1AliceChange. (This leaves a transaction fee of 0.0001 BTC.)

After this transaction is broadcast and confirmed, Bob modifies the transaction so that the input is 567def instead. The scriptSig equally well for every transaction that pays 1Alice (they all have the same scriptPubKey), so this new transaction is also valid. Bob broadcasts it and effectively steals an additional 0.5 BTC from Alice, which she never intended to give him.

This only works as long as 567def has the same value, or greater, than 234abc, but that’s not much of a restriction. (If 567def has a greater value, say BTC, then Bob’s new transaction still only returns BTC 0.4999 to 1AliceChange, so it effectively has a transaction fee of BTC 9.0001. Any miner would be extremely happy to confirm this transaction; indeed, maybe a miner will perform this attack even if Bob doesn’t care to.)

Source link
Based Blockchain Network


Please enter your comment!
Please enter your name here