The recent change #57 excludes signers from the txID preimage. This avoids making the txID depend on signature bytes, but it also removes signer identity from the txID calculation.
As a result, the same cross transaction can produce the same txID regardless of who is listed in signers, or even if signers is empty. This enables a front-running griefing attack.
Proposal
Instead of excluding the entire signers field from the txID preimage, we should keep signer identity in the txID calculation and exclude only the mutable signature value.
The recent change #57 excludes
signersfrom the txID preimage. This avoids making the txID depend on signature bytes, but it also removes signer identity from the txID calculation.As a result, the same cross transaction can produce the same txID regardless of who is listed in
signers, or even ifsignersis empty. This enables a front-running griefing attack.Proposal
Instead of excluding the entire
signersfield from the txID preimage, we should keep signer identity in the txID calculation and exclude only the mutable signature value.