[tapsend]: don't broadcast transaction until asset witness is valid (if time locked) #1312
Comments
|
Isn't that what |
Yes and no. Bubbling up the time locks from the asset level to the anchor transaction level assumes that the BTC anchor transaction has the same time lock restrictions (which IMO in most cases makes sense, mostly to just prevent this case). Thinking about it a bit more, there would also be interactions with potential re-orgs. Time locks and re-orgs aren't a problem on BTC in general because when a re-org happens, the transactions just go back into the mempool. And if a time lock witness isn't valid anymore because of the re-org, the transaction would just be rejected and would need to be re-broadcasted at a later time. So perhaps we should make it very clear that for safety reasons the BTC level transaction should always have the same time lock in place? |
Discovered in #1287 (reply in thread).
When an asset is time locked (but the BTC anchor transaction is not), we currently publish a transfer transaction in the normal
tapfreightersend flow, even if the asset would become invalid and factually burned because its time lock hasn't expired yet.We need to add a check in the send flow that makes sure every asset's witness is valid with the current block height before publishing the transaction.
The text was updated successfully, but these errors were encountered: