Fix the InputWeightPrediction constants for DER signatures

The P2WPKH_MAX constant assumed DER signatures in the witness have a max length of 73. However, their maximum length in practice is 72, because BIP62 forbids nodes from relaying transactions whose ECDSA signatures are not canonical (i.e. all sigs must have an s value of less than n/2). This means s is never encoded with a leading zero byte, and the signature as a whole never exceeds 72 bytes in total encoded length. The ground_p2wpkh function was already correct; only the constant needed to be corrected.
2023-11-21 06:04:38 +00:00 · 2023-11-21 06:04:38 +00:00 · 4514a80a23
parent b5ce219c62
commit 4514a80a23
1 changed files with 1 additions and 1 deletions
--- a/bitcoin/src/blockdata/transaction.rs
+++ b/bitcoin/src/blockdata/transaction.rs
@ -1321,7 +1321,7 @@ impl InputWeightPrediction {
    /// under-paying. See [`ground_p2wpkh`](Self::ground_p2wpkh) if you do use signature grinding.
    ///
    /// [signature grinding]: https://bitcoin.stackexchange.com/questions/111660/what-is-signature-grinding
-    pub const P2WPKH_MAX: Self = InputWeightPrediction::from_slice(0, &[73, 33]);
+    pub const P2WPKH_MAX: Self = InputWeightPrediction::from_slice(0, &[72, 33]);

    /// Input weight prediction corresponding to spending of a P2PKH output with the largest possible
    /// DER-encoded signature, and a compressed public key.