BIP idea: Timelock-Recovery storage format

In the realm of cryptocurrency security and hardware wallet usage, an important concern has been highlighted regarding the visibility and verification of transaction parameters, specifically the nSequence and nLocktime fields, by users. It's been observed that many hardware wallets do not display custom nSequence fields to the user, and only a subset present the nLocktime values. This poses a significant security risk as these wallets indiscriminately agree to sign transactions with whatever nSequence/nLocktime values are provided in the Partially Signed Bitcoin Transaction (PSBT), without validation against common or expected values. The range for nSequence mentioned spans from 0xFFFFFFFD to 0xFFFFFFFF.

This oversight opens a vulnerability where a malicious entity could manipulate these fields, particularly the nSequence, to create transactions that appear corrupt or invalid at the time of signing but may become valid in the future. Such manipulation could lead to users unknowingly signing off on transactions that do not align with their intentions or understanding.

To mitigate this issue and enhance user control and security, there is an initiative to enable hardware wallets to display exact nSequence values, thereby allowing users to verify the relative lock-time of transactions directly on their devices. A practical step towards this goal is exemplified by a proposed Pull Request (PR) to the Specter-DIY project, which aims to introduce functionality for displaying these critical transaction details to users. The intention behind this PR is not only to improve the Specter-DIY wallet but also to set a precedent for other hardware wallets to incorporate similar transparency and security features.

The initiative underscores the necessity of giving users the capability to validate all aspects of their transactions, including those technical details typically abstracted away by wallet interfaces. For further details on the implementation and the ongoing discussion, one can refer to the pull request on GitHub via this link.