I guess most of you are familiar with the split transaction attack. If you are not, learn about it in this Ryan Charles video: https://www.youtube.com/watch?v=4S3uaBhsv5M
Datacash (https://github.com/unwriter/datacash) users are especially vulnerable to this attack. Datacash by default aggregates all outputs in a wallet and in case of split transaction attack it will poison all funds with 100% probability.
This type of attack is easily implementable. Memopay already does something similar. Targetting entire services is absolutely possible.

Protecting datacash wallets

To protect datacash wallets, I altered the original datacash module: https://gist.github.com/pmitchev/c16f56326ab295112016fc9c9c4ee7df
You can see the diff here: https://www.diffchecker.com/iTkQ46td
The changes introduce a new option - "excludeOpCodes". Here is how to use it to use only neutral UTXOs ():
const tx = { 'cash': { 'excludeOpCodes': [149, 131, 152, 153, 186, 187], 'key': pk, 'to': toArray } }
The option can also be used to ignore just UTXOs with the new ABC op_codes:
'excludeOpCodes': [186, 187],
or the new SV op_codes:
'excludeOpCodes': [149, 131, 152, 153],
You can see it in action on the Oyo.cash wallet:

Edit: This does not protect you from using not existent outputs. It just protect you from using UTXOs with invalid op_codes
 

$1.25
0.0¢