Yes—this is precisely how a real spam attack works. Attackers craft fake public keys that aren’t valid secp256k1 points to create outputs that appear normal but cannot be spent. Since these counterfeit keys don’t require real signatures, the outputs are smaller and cheaper to include in blocks, making it a low-cost way to inflate the UTXO set and shift storage burdens onto full node operators. That’s why validating public keys at the curve level is essential—it closes this loophole.
Discussion
So how much of a vector is that? If someone tried to automate something to do that like AI, to flood nodes with spam, really of any kind but especially this, wouldn't they just be feeding the miners? Wouldn't they just go broke first?
And by "validating at the curve level", I thought that was already a prerequisite for any transaction. Does that mean I can just type in random addresses on inputs and outputs and it won't get rejected as long as I pay the fee?
Yes, I thought the same, but unfortunately, any random address that passes the Base58Check will do. So the attacker does not have to "grind" for addresses that fit on the curve.
A spam‑style transaction begins when a wallet crafts an output script like OP_DATA_33
Checksum catches typos at the surface; a quick curve check one layer deeper—during relay or consensus—blocks those fake‑key outputs before they hard‑code themselves into the UTXO set, and forces spammers to pay at least some extra computation and density penalty.
I was playing with this the other day to demonstrate the difference it will make if we force the curve check.