I'm glad I could help and I have received the bounty. Thanks!
--h
Topic: 2 BTC bounty for fixing our multi-signature bug in the Bitcore API (Read 2570 times)
March 22, 2015, 07:42:50 PM
OK, i agreed with Trevin that "hhanh00" helped us to solve our issue.
I would propose to give him the full bounty
I would propose to give him the full bounty
March 22, 2015, 04:51:50 PM
You form the redeem script from the pubkeys. With 3 public keys, there are 6 different permutations. Each of them leads to a different multi-sig address.
Interestingly, none of them matches the one you need.
- 123 3R1UQV2dHeXN2S3fiUqzFZnKougMdyEYv9
- 213 37yynZQMVYP2c7aU3MMQuRNT35Ef4n7gMA
- 132 36Dpfp5JqZXnkRQE6QTCRPxUmsbp9iQVSR
- 231 3DYmesQmQF5LrYG948bQfsuK7J9waZ9ZyG
- 312 36zHiQfWSnWVeLXSY9qGqHTXqCLad1Qdyk
- 321 3Lc3xpDc2TGgr4PukALsa4GMXvK69fA76h"
Either you are trying to redeem from the wrong address, or you don't have the right pubkeys.
Interestingly, none of them matches the one you need.
- 123 3R1UQV2dHeXN2S3fiUqzFZnKougMdyEYv9
- 213 37yynZQMVYP2c7aU3MMQuRNT35Ef4n7gMA
- 132 36Dpfp5JqZXnkRQE6QTCRPxUmsbp9iQVSR
- 231 3DYmesQmQF5LrYG948bQfsuK7J9waZ9ZyG
- 312 36zHiQfWSnWVeLXSY9qGqHTXqCLad1Qdyk
- 321 3Lc3xpDc2TGgr4PukALsa4GMXvK69fA76h"
Either you are trying to redeem from the wrong address, or you don't have the right pubkeys.
This does seem to accurately identify the problem. I will start looking to see if I can find the cause.
Edit: The problem has been solved, thanks to the information from hhanh00! The indices being used to derive public keys from master keys were out of order in one location, which resulted in the wrong public keys being used.
March 22, 2015, 04:50:23 PM
... and you will see that the "OP_3 OP_CHECKMULTISIG" suffix is missing.
I do not believe this is the problem, unfortunately.
The final 105 bytes would be the redeemScript.
Code:
00
[OP_FALSE]
47
[PUSH 71 BYTES]
3044022001f4524959d67cbb94ec3b467701855994a28105190a116402996f82fdbf210b02205579e4a9fb3a79619aab36e839140907924afa9aedc56f0d0a4ffa91e16ae71501
[71 BYTES, Signature]
48
[PUSH 72 BYTES]
304502210089d971e533932f4052c03c888525ba5d41f833a7e0ecef565e4106ef2dd4caff022060aa16868d08c85f7864b5be2b3f3d715b3aff15e36aeb47d48d7182684e2fae01
[72 BYTES, signature]
4c
[OP_PUSHDATA1]
69
[PUSH 105 BYTES]
5221029c17ce9a40a71d21cf53844704dd611c85a2dc0072e22c9f14a485e6bb4ad4f42102b732df6d447e7fc04466522ebefe48fd07d9b5810ca1f572985f4386e36d5d132103e5c93bd1fbf87b30b093c2613b5c6ad7727005fd39fbee95136368c6918f13c053ae
[105 BYTES, redeemScript]
[OP_FALSE]
47
[PUSH 71 BYTES]
3044022001f4524959d67cbb94ec3b467701855994a28105190a116402996f82fdbf210b02205579e4a9fb3a79619aab36e839140907924afa9aedc56f0d0a4ffa91e16ae71501
[71 BYTES, Signature]
48
[PUSH 72 BYTES]
304502210089d971e533932f4052c03c888525ba5d41f833a7e0ecef565e4106ef2dd4caff022060aa16868d08c85f7864b5be2b3f3d715b3aff15e36aeb47d48d7182684e2fae01
[72 BYTES, signature]
4c
[OP_PUSHDATA1]
69
[PUSH 105 BYTES]
5221029c17ce9a40a71d21cf53844704dd611c85a2dc0072e22c9f14a485e6bb4ad4f42102b732df6d447e7fc04466522ebefe48fd07d9b5810ca1f572985f4386e36d5d132103e5c93bd1fbf87b30b093c2613b5c6ad7727005fd39fbee95136368c6918f13c053ae
[105 BYTES, redeemScript]
Edit: And here is the redeemScript decoded.
Code:
52
[OP_2]
21
[PUSH 33 BYTES]
029c17ce9a40a71d21cf53844704dd611c85a2dc0072e22c9f14a485e6bb4ad4f4
[33 BYTES, pubkey]
21
[PUSH 33 BYTES]
02b732df6d447e7fc04466522ebefe48fd07d9b5810ca1f572985f4386e36d5d13
[33 BYTES, pubkey]
21
[PUSH 33 BYTES]
03e5c93bd1fbf87b30b093c2613b5c6ad7727005fd39fbee95136368c6918f13c0
[33 BYTES, pubkey]
53
[OP_3]
ae
[OP_CHECKMULTISIG]
[OP_2]
21
[PUSH 33 BYTES]
029c17ce9a40a71d21cf53844704dd611c85a2dc0072e22c9f14a485e6bb4ad4f4
[33 BYTES, pubkey]
21
[PUSH 33 BYTES]
02b732df6d447e7fc04466522ebefe48fd07d9b5810ca1f572985f4386e36d5d13
[33 BYTES, pubkey]
21
[PUSH 33 BYTES]
03e5c93bd1fbf87b30b093c2613b5c6ad7727005fd39fbee95136368c6918f13c0
[33 BYTES, pubkey]
53
[OP_3]
ae
[OP_CHECKMULTISIG]
This is right. Note the 53 ae is the op_3 op_chechmultisig.
See another example here:
https://bitcoin.org/en/developer-reference#decodescript
March 22, 2015, 04:38:47 PM
... and you will see that the "OP_3 OP_CHECKMULTISIG" suffix is missing.
I do not believe this is the problem, unfortunately.
The final 105 bytes would be the redeemScript.
Code:
00
[OP_FALSE]
47
[PUSH 71 BYTES]
3044022001f4524959d67cbb94ec3b467701855994a28105190a116402996f82fdbf210b02205579e4a9fb3a79619aab36e839140907924afa9aedc56f0d0a4ffa91e16ae71501
[71 BYTES, Signature]
48
[PUSH 72 BYTES]
304502210089d971e533932f4052c03c888525ba5d41f833a7e0ecef565e4106ef2dd4caff022060aa16868d08c85f7864b5be2b3f3d715b3aff15e36aeb47d48d7182684e2fae01
[72 BYTES, signature]
4c
[OP_PUSHDATA1]
69
[PUSH 105 BYTES]
5221029c17ce9a40a71d21cf53844704dd611c85a2dc0072e22c9f14a485e6bb4ad4f42102b732df6d447e7fc04466522ebefe48fd07d9b5810ca1f572985f4386e36d5d132103e5c93bd1fbf87b30b093c2613b5c6ad7727005fd39fbee95136368c6918f13c053ae
[105 BYTES, redeemScript]
[OP_FALSE]
47
[PUSH 71 BYTES]
3044022001f4524959d67cbb94ec3b467701855994a28105190a116402996f82fdbf210b02205579e4a9fb3a79619aab36e839140907924afa9aedc56f0d0a4ffa91e16ae71501
[71 BYTES, Signature]
48
[PUSH 72 BYTES]
304502210089d971e533932f4052c03c888525ba5d41f833a7e0ecef565e4106ef2dd4caff022060aa16868d08c85f7864b5be2b3f3d715b3aff15e36aeb47d48d7182684e2fae01
[72 BYTES, signature]
4c
[OP_PUSHDATA1]
69
[PUSH 105 BYTES]
5221029c17ce9a40a71d21cf53844704dd611c85a2dc0072e22c9f14a485e6bb4ad4f42102b732df6d447e7fc04466522ebefe48fd07d9b5810ca1f572985f4386e36d5d132103e5c93bd1fbf87b30b093c2613b5c6ad7727005fd39fbee95136368c6918f13c053ae
[105 BYTES, redeemScript]
Edit: And here is the redeemScript decoded.
Code:
52
[OP_2]
21
[PUSH 33 BYTES]
029c17ce9a40a71d21cf53844704dd611c85a2dc0072e22c9f14a485e6bb4ad4f4
[33 BYTES, pubkey]
21
[PUSH 33 BYTES]
02b732df6d447e7fc04466522ebefe48fd07d9b5810ca1f572985f4386e36d5d13
[33 BYTES, pubkey]
21
[PUSH 33 BYTES]
03e5c93bd1fbf87b30b093c2613b5c6ad7727005fd39fbee95136368c6918f13c0
[33 BYTES, pubkey]
53
[OP_3]
ae
[OP_CHECKMULTISIG]
[OP_2]
21
[PUSH 33 BYTES]
029c17ce9a40a71d21cf53844704dd611c85a2dc0072e22c9f14a485e6bb4ad4f4
[33 BYTES, pubkey]
21
[PUSH 33 BYTES]
02b732df6d447e7fc04466522ebefe48fd07d9b5810ca1f572985f4386e36d5d13
[33 BYTES, pubkey]
21
[PUSH 33 BYTES]
03e5c93bd1fbf87b30b093c2613b5c6ad7727005fd39fbee95136368c6918f13c0
[33 BYTES, pubkey]
53
[OP_3]
ae
[OP_CHECKMULTISIG]
March 22, 2015, 03:34:37 PM
Also, amaclin ... if you like the 0,5 BTC (in case I am right) just give me your address via PM.
The most correct answer was given by @hhanh00
Your answer is wrong.
I would trust his answers over yours.
@hhanh00 even claimed you edited your post to match his and you didn't acknowledge it.
Besides, I see his point about the OP_PUSHDATA being parsed in an incorrect way.
March 22, 2015, 02:45:05 PM
Also, amaclin ... if you like the 0,5 BTC (in case I am right) just give me your address via PM.
The most correct answer was given by @hhanh00
Your answer is wrong.
March 22, 2015, 02:36:46 PM
This message was too old and has been purged
March 22, 2015, 02:35:42 PM
This message was too old and has been purged
March 22, 2015, 02:34:15 PM
wow great :-)
I will ask the developer to implement and test it, then i will send the coins asap
This fix wouldn't work I will ask the developer to implement and test it, then i will send the coins asap
March 22, 2015, 02:30:18 PM
This message was too old and has been purged
March 22, 2015, 02:29:30 PM
This message was too old and has been purged
March 22, 2015, 02:27:30 PM
wow great :-)
I will ask the developer to implement and test it, then i will send the coins asap
I will ask the developer to implement and test it, then i will send the coins asap
March 22, 2015, 02:25:50 PM
wat? 
53 AE is OP_3 OP_CHECKMULTISIG
...53ae OP_3 OP_CHECKMULTISIG
53 AE is OP_3 OP_CHECKMULTISIG
March 22, 2015, 02:09:25 PM
This message was too old and has been purged
March 22, 2015, 12:59:36 PM
There should be a bountry escrow, how you know hes gonna pay after he sees the solutions here?
i hope to close this chapter quickly, but sure, we can appoint an escrower in case of a dispute ;-)
March 22, 2015, 12:47:24 PM
There should be a bountry escrow, how you know hes gonna pay after he sees the solutions here?
March 22, 2015, 11:24:30 AM
@amaclin, I don't know if you did it on purpose but you had a totally different explanation (bogus).
Then just after I post mine, your message is edited and voila - your explanation is the right one. It looks really shady.
First I put this transaction to http://webbtc.com/relay_tx and got a message about invalid signatureThen just after I post mine, your message is edited and voila - your explanation is the right one. It looks really shady.
And next I continued to find the problem with my own tools and code
March 22, 2015, 11:12:07 AM
@amaclin, I don't know if you did it on purpose but you had a totally different explanation (bogus).
Then just after I post mine, your message is edited and voila - your explanation is the right one. It looks really shady.
Then just after I post mine, your message is edited and voila - your explanation is the right one. It looks really shady.
March 22, 2015, 11:07:45 AM
- Take the raw transaction
- Decode it with `decoderawtransaction`
The last push is the p2sh redeem script. `decodescript` gives
Notice that it's a different address than the one you are trying to spend `3FNa55HKt54bjfJMFssPFLX5KwJv39hsUj`.
In your javascript,
You form the redeem script from the pubkeys. With 3 public keys, there are 6 different permutations. Each of them leads to a different multi-sig address.
Interestingly, none of them matches the one you need.
- 123 3R1UQV2dHeXN2S3fiUqzFZnKougMdyEYv9
- 213 37yynZQMVYP2c7aU3MMQuRNT35Ef4n7gMA
- 132 36Dpfp5JqZXnkRQE6QTCRPxUmsbp9iQVSR
- 231 3DYmesQmQF5LrYG948bQfsuK7J9waZ9ZyG
- 312 36zHiQfWSnWVeLXSY9qGqHTXqCLad1Qdyk
- 321 3Lc3xpDc2TGgr4PukALsa4GMXvK69fA76h"
Either you are trying to redeem from the wrong address, or you don't have the right pubkeys.
Code:
0100000001a8e825e97723b40afbbc702d56b1f215b8e14d978357b55cdd754862b2bd2f5c01000000fdfd0000473044022001f4524959d67cbb94ec3b467701855994a28105190a116402996f82fdbf210b02205579e4a9fb3a79619aab36e839140907924afa9aedc56f0d0a4ffa91e16ae7150148304502210089d971e533932f4052c03c888525ba5d41f833a7e0ecef565e4106ef2dd4caff022060aa16868d08c85f7864b5be2b3f3d715b3aff15e36aeb47d48d7182684e2fae014c695221029c17ce9a40a71d21cf53844704dd611c85a2dc0072e22c9f14a485e6bb4ad4f42102b732df6d447e7fc04466522ebefe48fd07d9b5810ca1f572985f4386e36d5d132103e5c93bd1fbf87b30b093c2613b5c6ad7727005fd39fbee95136368c6918f13c053aeffffffff01905f01000000000017a9146e785c7efebeefbf201533ed5c8d07b6a524eadc8700000000
- Decode it with `decoderawtransaction`
Code:
{
...
"scriptSig" : {
"asm" : "0 3044022001f4524959d67cbb94ec3b467701855994a28105190a116402996f82fdbf210b02205579e4a9fb3a79619aab36e839140907924afa9aedc56f0d0a4ffa91e16ae71501 304502210089d971e533932f4052c03c888525ba5d41f833a7e0ecef565e4106ef2dd4caff022060aa16868d08c85f7864b5be2b3f3d715b3aff15e36aeb47d48d7182684e2fae01 5221029c17ce9a40a71d21cf53844704dd611c85a2dc0072e22c9f14a485e6bb4ad4f42102b732df6d447e7fc04466522ebefe48fd07d9b5810ca1f572985f4386e36d5d132103e5c93bd1fbf87b30b093c2613b5c6ad7727005fd39fbee95136368c6918f13c053ae",
"hex" : "00473044022001f4524959d67cbb94ec3b467701855994a28105190a116402996f82fdbf210b02205579e4a9fb3a79619aab36e839140907924afa9aedc56f0d0a4ffa91e16ae7150148304502210089d971e533932f4052c03c888525ba5d41f833a7e0ecef565e4106ef2dd4caff022060aa16868d08c85f7864b5be2b3f3d715b3aff15e36aeb47d48d7182684e2fae014c695221029c17ce9a40a71d21cf53844704dd611c85a2dc0072e22c9f14a485e6bb4ad4f42102b732df6d447e7fc04466522ebefe48fd07d9b5810ca1f572985f4386e36d5d132103e5c93bd1fbf87b30b093c2613b5c6ad7727005fd39fbee95136368c6918f13c053ae"
},
...
...
"scriptSig" : {
"asm" : "0 3044022001f4524959d67cbb94ec3b467701855994a28105190a116402996f82fdbf210b02205579e4a9fb3a79619aab36e839140907924afa9aedc56f0d0a4ffa91e16ae71501 304502210089d971e533932f4052c03c888525ba5d41f833a7e0ecef565e4106ef2dd4caff022060aa16868d08c85f7864b5be2b3f3d715b3aff15e36aeb47d48d7182684e2fae01 5221029c17ce9a40a71d21cf53844704dd611c85a2dc0072e22c9f14a485e6bb4ad4f42102b732df6d447e7fc04466522ebefe48fd07d9b5810ca1f572985f4386e36d5d132103e5c93bd1fbf87b30b093c2613b5c6ad7727005fd39fbee95136368c6918f13c053ae",
"hex" : "00473044022001f4524959d67cbb94ec3b467701855994a28105190a116402996f82fdbf210b02205579e4a9fb3a79619aab36e839140907924afa9aedc56f0d0a4ffa91e16ae7150148304502210089d971e533932f4052c03c888525ba5d41f833a7e0ecef565e4106ef2dd4caff022060aa16868d08c85f7864b5be2b3f3d715b3aff15e36aeb47d48d7182684e2fae014c695221029c17ce9a40a71d21cf53844704dd611c85a2dc0072e22c9f14a485e6bb4ad4f42102b732df6d447e7fc04466522ebefe48fd07d9b5810ca1f572985f4386e36d5d132103e5c93bd1fbf87b30b093c2613b5c6ad7727005fd39fbee95136368c6918f13c053ae"
},
...
The last push is the p2sh redeem script. `decodescript` gives
Code:
{
"asm" : "2 029c17ce9a40a71d21cf53844704dd611c85a2dc0072e22c9f14a485e6bb4ad4f4 02b732df6d447e7fc04466522ebefe48fd07d9b5810ca1f572985f4386e36d5d13 03e5c93bd1fbf87b30b093c2613b5c6ad7727005fd39fbee95136368c6918f13c0 3 OP_CHECKMULTISIG",
"reqSigs" : 2,
"type" : "multisig",
"addresses" : [
"13z5KYvFw3zTYLv3VutbEX1JZs9qCpzxBn",
"1AM7HytoKfkx2GqGkxzJ5GLAaQPimyaC7A",
"13FQsbdeZaN4uAUa4u9gsiF4qXX9Z3LbEk"
],
"p2sh" : "3R1UQV2dHeXN2S3fiUqzFZnKougMdyEYv9"
}
"asm" : "2 029c17ce9a40a71d21cf53844704dd611c85a2dc0072e22c9f14a485e6bb4ad4f4 02b732df6d447e7fc04466522ebefe48fd07d9b5810ca1f572985f4386e36d5d13 03e5c93bd1fbf87b30b093c2613b5c6ad7727005fd39fbee95136368c6918f13c0 3 OP_CHECKMULTISIG",
"reqSigs" : 2,
"type" : "multisig",
"addresses" : [
"13z5KYvFw3zTYLv3VutbEX1JZs9qCpzxBn",
"1AM7HytoKfkx2GqGkxzJ5GLAaQPimyaC7A",
"13FQsbdeZaN4uAUa4u9gsiF4qXX9Z3LbEk"
],
"p2sh" : "3R1UQV2dHeXN2S3fiUqzFZnKougMdyEYv9"
}
Notice that it's a different address than the one you are trying to spend `3FNa55HKt54bjfJMFssPFLX5KwJv39hsUj`.
In your javascript,
Code:
var utxo = {
txId: escrowTxid,
outputIndex: escrowTxVout,
script: Script.buildMultisigOut(pubkeys, 2).toScriptHashOut(),
satoshis: escrowAmount
};
txId: escrowTxid,
outputIndex: escrowTxVout,
script: Script.buildMultisigOut(pubkeys, 2).toScriptHashOut(),
satoshis: escrowAmount
};
You form the redeem script from the pubkeys. With 3 public keys, there are 6 different permutations. Each of them leads to a different multi-sig address.
Interestingly, none of them matches the one you need.
- 123 3R1UQV2dHeXN2S3fiUqzFZnKougMdyEYv9
- 213 37yynZQMVYP2c7aU3MMQuRNT35Ef4n7gMA
- 132 36Dpfp5JqZXnkRQE6QTCRPxUmsbp9iQVSR
- 231 3DYmesQmQF5LrYG948bQfsuK7J9waZ9ZyG
- 312 36zHiQfWSnWVeLXSY9qGqHTXqCLad1Qdyk
- 321 3Lc3xpDc2TGgr4PukALsa4GMXvK69fA76h"
Either you are trying to redeem from the wrong address, or you don't have the right pubkeys.
Jump to: