Bitcoin Pitfalls

🔴 Critical (Loss of Funds or Chain Integrity)

Key Loss
- Roles: wallet, user
- Fix: Seed backups, multisig, hardware wallets
- BIPs: BIP‑32, BIP‑39, BIP‑44

Nonce Reuse in Signatures
- Roles: core, wallet
- Fix: Deterministic signing (RFC 6979) or Schnorr
- BIPs: RFC 6979, BIP‑340

Poor Randomness
- Roles: wallet, core
- Fix: Secure RNG (/dev/urandom, HSMs)
- BIPs: BIP‑32, BIP‑340

Transaction Malleability
- Roles: wallet, infra, core
- Fix: Deploy SegWit
- BIPs: BIP‑141, BIP‑143, BIP‑62

Finality Delay
- Roles: infra, wallet, dapp
- Fix: Wait ≥ 6 confirmations
- BIPs: (Concept — no specific BIP)

Signature Replay
- Roles: infra, wallet, user
- Fix: Apply replay protection during forks
- BIPs: BIP‑143, BIP‑148

Time Lock Errors
- Roles: wallet, core
- Fix: Use CLTV/CSV correctly
- BIPs: BIP‑65, BIP‑112

Incorrect BIP Paths
- Roles: wallet
- Fix: Follow derivation standards
- BIPs: BIP‑44, BIP‑49, BIP‑84, BIP‑86

Non-Deterministic Wallets
- Roles: wallet
- Fix: Use HD wallets
- BIPs: BIP‑32, BIP‑39

Multisig Misuse
- Roles: wallet, infra
- Fix: Use descriptors/PSBT
- BIPs: BIP‑67, BIP‑174, BIP‑380

UTXO Bloat
- Roles: wallet, infra
- Fix: Consolidate UTXOs
- BIPs: (None)

Address Checksum Ignored
- Roles: wallet, user
- Fix: Use libraries enforcing Base58Check/Bech32
- BIPs: BIP‑173

Wrong Fee or Input Selection
- Roles: wallet
- Fix: Robust coin-selection logic
- BIPs: BIP‑125, BIP‑143

🟠 Major (Security, Privacy, or Resource Risks)

Change Output Exposure
- Roles: wallet, infra, user
- Fix: Coin control and output randomization
- BIPs: (None)

RBF (Replace-by-Fee) Confusion
- Roles: wallet, dapp
- Fix: Detect/display RBF properly
- BIPs: BIP‑125

Address Reuse
- Roles: wallet, infra, user
- Fix: Generate fresh address each tx
- BIPs: Bech32 hygiene (BIP‑173)

OP_RETURN Misuse
- Roles: core, infra
- Fix: Favor off‑chain alternatives
- BIPs: BIP‑62

Schnorr/Taproot Misuse
- Roles: wallet, core
- Fix: Use proper scripts/descriptors
- BIPs: BIP‑340, BIP‑341, BIP‑342

Script Complexity
- Roles: core, wallet
- Fix: Use standard script types
- BIPs: BIP‑141, BIP‑62

Hard Fork Confusion
- Roles: core, infra, wallet
- Fix: Education + replay protection
- BIPs: BIP‑148

Dust Outputs
- Roles: wallet, infra
- Fix: Avoid uneconomical UTXOs
- BIPs: (None)

Fee Sniping / Overpayment
- Roles: wallet, infra
- Fix: Dynamic fee & CPFP
- BIPs: BIP‑125, BIP‑141

🟡 Moderate (UX Friction, Performance, Edge Cases)

Block Size vs Block Weight Confusion
- Roles: core, wallet
- Fix: Use vbytes, not raw size
- BIPs: BIP‑141

Watch-Only Wallet Confusion
- Roles: wallet, user
- Fix: Clear UI labels and docs
- BIPs: (None)

Non-Standard Transactions
- Roles: core, wallet
- Fix: Adhere to standard tx types
- BIPs: BIP‑141, BIP‑341

BIP Compatibility Fragmentation
- Roles: wallet, infra
- Fix: Cross-test; follow specs
- BIPs: BIP‑32, BIP‑44, BIP‑49, BIP‑84, BIP‑86

Time Warp Attack
- Roles: core
- Fix: Enforce Median Time Past
- BIPs: BIP‑113

Dust Consolidation Timing
- Roles: wallet
- Fix: Consolidate when fees are low
- BIPs: (None)

Non-Final Mempool Policy Differences
- Roles: infra, wallet
- Fix: Adapt to local mempool rules
- BIPs: BIP‑125

Address Format Confusion
- Roles: wallet, user
- Fix: Clearly label address type
- BIPs: BIP‑173, BIP‑350