Transaction Form about sia HOT 3 CLOSED

I'm going to hijack this and make it about transactions in general instead of just the miner fee.

Transactions are weirdly complicated b/c there's so many ways to build them and so many ways for things to go wrong.

We could just make them dirt simple, which might be the best idea. This would remove the fee, and you sign inputs and outputs but don't have an option to sign all of them.

The things that we really want though:

• Adjustable miner fees, but only up
• assurance contracts

Assurance contracts are potentially useful to us because you can sign a contribution to a contract, and know that your funds are going directly to the contract. Without signing all potential outputs though, you can't be certain that the target goal won't be overshot and some malicious guy will run away with the spillover.

If you do sign all outputs, it means that people can't add refund outputs, which is annoying but not fatal. I think that the only time it's a real problem is when you have multiple people adding inputs to a contract without adding new outputs that weren't previously specified. Idk it seems like a really complicated problem so I'm going to make the potentially-fatal mistake of keeping things simple and not allowing you to sign all outputs.

But I think that I will add multiple miner fees because that's the only way that people can arbitrarily add to the miner fee without screwing up others who have signed the miner fee.

from sia.

The ultra simple thing to do is just get rid of CoveredFields entirely and just have every single signature sign the entire transaction - which means everyone has to agree on the final state of the txn including the fees before making any signatures. More of a pain for people trying to make transactions... but makes implementation a lot simpler. Also potentially a lot safer.

The only dangers I can think of from having malleability that prevents you from signing all outputs and all inputs is that if multiple people are adding funds to the same contract, but don't know that each other exist, then they could be duped and some middle-guy could take whatever funds overlap.

So I guess the solution is to avoid situations where you are adding funds to a transaction along with unknown other parties. If you do that, then you should be safe even though you can't sign every output and guarantee that someone isn't adding more.

from sia.

I guess we just need to make sure that the flexibility justifies the complexity, since the vast majority of transactions would be just fine without a CoveredFields object.

from sia.