drgo on Nostr: The ways to mess up are growing over time. For example, is it really self custody if ...
The ways to mess up are growing over time. For example, is it really self custody if you don’t also run your own node? I’d argue it’s not ideal because your hardware wallet has no idea about anything other than addresses and keys. The node you connect to in order to find out how much value is at each utxo is a potential attack vector.
Suppose you want to buy a coffee for $1. A maliciously node might report a value of 0.001BTC for the value of a utxo to use as an input and your transaction creation software will compute 0.00001 for the spend, 0.00099 for the change address (or less, allowing for tx fee). This would all be fine to sign with your hardware wallet if and only if the input value really is 0.001BTC…what if it really was 1 BTC? What happens then? Is the transaction still valid? Yes, it’s still valid, but your tx fee is now almost 1 entire BTC.
Remember, the tx fee is merely the difference between outputs and inputs. Anything not spent is by default a transaction fee. So, know your utxo! The only way to do that is for your transaction creation software to query your own node before constructing a transaction for your hardware wallet to sign.
Might even want to double check input utxo value on a few nodes if you don’t run your own!
Suppose you want to buy a coffee for $1. A maliciously node might report a value of 0.001BTC for the value of a utxo to use as an input and your transaction creation software will compute 0.00001 for the spend, 0.00099 for the change address (or less, allowing for tx fee). This would all be fine to sign with your hardware wallet if and only if the input value really is 0.001BTC…what if it really was 1 BTC? What happens then? Is the transaction still valid? Yes, it’s still valid, but your tx fee is now almost 1 entire BTC.
Remember, the tx fee is merely the difference between outputs and inputs. Anything not spent is by default a transaction fee. So, know your utxo! The only way to do that is for your transaction creation software to query your own node before constructing a transaction for your hardware wallet to sign.
Might even want to double check input utxo value on a few nodes if you don’t run your own!