What are the risks of OP_VAULT?

Question

In the past it has been argued that some covenant schemes could be risky. However AFAIK OP_VAULT is a very specific and limited construction.

What are the risks associated with it, if any?

Answer 1

The design of OP_VAULT at the time of writing (April 2023) seems to be in flux and isn't yet finalized. Unlike OP_CTV it is a recursive covenant opcode and the safety of recursive covenants has been discussed extensively on the bitcoin-dev mailing list. It shouldn't pose a network risk or a DoS vector to a node verifying OP_VAULT rules (assuming it was activated on mainnet).

The axis that is more relevant to these more limited covenant opcodes is the utility axis rather than the safety axis i.e. when compared to competing alternatives (SIGHASH_ANYPREVOUT, OP_TLUV, OP_TXHASH and OP_CHECKSIGFROMSTACKVERIFY etc) is this the optimal proposal for enabling this kind of functionality? Burak posted that OP_VAULT functionality could be emulated by other opcodes currently active on Elements.

The design space for opcodes is very large and we can't/shouldn't enable every single possible opcode on mainnet. For more explanation on why see this post. Hence the major risk here is probably that no one would end up using it especially if an alternative superior proposal was activated some time later. And having a slightly inferior proposal active onchain may impact whether that alternative superior proposal ends up getting activated at all. Hence there are lots of factors to consider and assuming we don't want to clog up the consensus rules with lots of unused opcodes we should be extremely selective on what we end up activating on mainnet (ignoring the activation chain split risks that are present with every attempted activation).

There are risks and trade-offs when assessing whether to use a particular vault design that could impact the usage of a covenant opcode like OP_VAULT. Some of the risks of using the Revault vault design are discussed here. However, these aren't systemic risks to the network, just risks to the user of a particular vault design.