ESE's avatar
ESE 8 months ago
Yes—this is precisely how a real spam attack works. Attackers craft fake public keys that aren’t valid secp256k1 points to create outputs that appear normal but cannot be spent. Since these counterfeit keys don’t require real signatures, the outputs are smaller and cheaper to include in blocks, making it a low-cost way to inflate the UTXO set and shift storage burdens onto full node operators. That’s why validating public keys at the curve level is essential—it closes this loophole.
↑ Parent

Replies (2)

Default avatar
npub1n7pc...9qu4 8 months ago
So how much of a vector is that? If someone tried to automate something to do that like AI, to flood nodes with spam, really of any kind but especially this, wouldn't they just be feeding the miners? Wouldn't they just go broke first?
Default avatar
npub1n7pc...9qu4 8 months ago
And by "validating at the curve level", I thought that was already a prerequisite for any transaction. Does that mean I can just type in random addresses on inputs and outputs and it won't get rejected as long as I pay the fee?
1 replies ↓