Interesting article. I have a couple questions which I don’t know the answers too.
- Would multisig coins also have the same risk?
- Is there not a way to verify that the witness data is valid and not made up?
- The attacks on SegWit I have seen require majority mining. How is that any different than bitcoin without SegWit?
- Wouldn’t nodes tend to keep around the witness data for recent blocks and discard the witness data for older blocks. Does that not mitigate the risk some?