I'm glad I could help and I have received the bounty. Thanks!
--h
Topic: 2 BTC bounty for fixing our multi-signature bug in the Bitcore API (Read 2577 times)
March 22, 2015, 07:42:50 PM
OK, i agreed with Trevin that "hhanh00" helped us to solve our issue.
I would propose to give him the full bounty
I would propose to give him the full bounty
March 22, 2015, 04:51:50 PM
You form the redeem script from the pubkeys. With 3 public keys, there are 6 different permutations. Each of them leads to a different multi-sig address.
Interestingly, none of them matches the one you need.
- 123 3R1UQV2dHeXN2S3fiUqzFZnKougMdyEYv9
- 213 37yynZQMVYP2c7aU3MMQuRNT35Ef4n7gMA
- 132 36Dpfp5JqZXnkRQE6QTCRPxUmsbp9iQVSR
- 231 3DYmesQmQF5LrYG948bQfsuK7J9waZ9ZyG
- 312 36zHiQfWSnWVeLXSY9qGqHTXqCLad1Qdyk
- 321 3Lc3xpDc2TGgr4PukALsa4GMXvK69fA76h"
Either you are trying to redeem from the wrong address, or you don't have the right pubkeys.
Interestingly, none of them matches the one you need.
- 123 3R1UQV2dHeXN2S3fiUqzFZnKougMdyEYv9
- 213 37yynZQMVYP2c7aU3MMQuRNT35Ef4n7gMA
- 132 36Dpfp5JqZXnkRQE6QTCRPxUmsbp9iQVSR
- 231 3DYmesQmQF5LrYG948bQfsuK7J9waZ9ZyG
- 312 36zHiQfWSnWVeLXSY9qGqHTXqCLad1Qdyk
- 321 3Lc3xpDc2TGgr4PukALsa4GMXvK69fA76h"
Either you are trying to redeem from the wrong address, or you don't have the right pubkeys.
This does seem to accurately identify the problem. I will start looking to see if I can find the cause.
Edit: The problem has been solved, thanks to the information from hhanh00! The indices being used to derive public keys from master keys were out of order in one location, which resulted in the wrong public keys being used.
March 22, 2015, 04:50:23 PM
... and you will see that the "OP_3 OP_CHECKMULTISIG" suffix is missing.
I do not believe this is the problem, unfortunately.
The final 105 bytes would be the redeemScript.
Code:
00
[OP_FALSE]
47
[PUSH 71 BYTES]
3044022001f4524959d67cbb94ec3b467701855994a28105190a116402996f82fdbf210b02205579e4a9fb3a79619aab36e839140907924afa9aedc56f0d0a4ffa91e16ae71501
[71 BYTES, Signature]
48
[PUSH 72 BYTES]
304502210089d971e533932f4052c03c888525ba5d41f833a7e0ecef565e4106ef2dd4caff022060aa16868d08c85f7864b5be2b3f3d715b3aff15e36aeb47d48d7182684e2fae01
[72 BYTES, signature]
4c
[OP_PUSHDATA1]
69
[PUSH 105 BYTES]
5221029c17ce9a40a71d21cf53844704dd611c85a2dc0072e22c9f14a485e6bb4ad4f42102b732df6d447e7fc04466522ebefe48fd07d9b5810ca1f572985f4386e36d5d132103e5c93bd1fbf87b30b093c2613b5c6ad7727005fd39fbee95136368c6918f13c053ae
[105 BYTES, redeemScript]
Edit: And here is the redeemScript decoded.
Code:
52
[OP_2]
21
[PUSH 33 BYTES]
029c17ce9a40a71d21cf53844704dd611c85a2dc0072e22c9f14a485e6bb4ad4f4
[33 BYTES, pubkey]
21
[PUSH 33 BYTES]
02b732df6d447e7fc04466522ebefe48fd07d9b5810ca1f572985f4386e36d5d13
[33 BYTES, pubkey]
21
[PUSH 33 BYTES]
03e5c93bd1fbf87b30b093c2613b5c6ad7727005fd39fbee95136368c6918f13c0
[33 BYTES, pubkey]
53
[OP_3]
ae
[OP_CHECKMULTISIG]
This is right. Note the 53 ae is the op_3 op_chechmultisig.
See another example here:
https://bitcoin.org/en/developer-reference#decodescript
March 22, 2015, 04:38:47 PM
... and you will see that the "OP_3 OP_CHECKMULTISIG" suffix is missing.
I do not believe this is the problem, unfortunately.
The final 105 bytes would be the redeemScript.
Code:
00
[OP_FALSE]
47
[PUSH 71 BYTES]
3044022001f4524959d67cbb94ec3b467701855994a28105190a116402996f82fdbf210b02205579e4a9fb3a79619aab36e839140907924afa9aedc56f0d0a4ffa91e16ae71501
[71 BYTES, Signature]
48
[PUSH 72 BYTES]
304502210089d971e533932f4052c03c888525ba5d41f833a7e0ecef565e4106ef2dd4caff022060aa16868d08c85f7864b5be2b3f3d715b3aff15e36aeb47d48d7182684e2fae01
[72 BYTES, signature]
4c
[OP_PUSHDATA1]
69
[PUSH 105 BYTES]
5221029c17ce9a40a71d21cf53844704dd611c85a2dc0072e22c9f14a485e6bb4ad4f42102b732df6d447e7fc04466522ebefe48fd07d9b5810ca1f572985f4386e36d5d132103e5c93bd1fbf87b30b093c2613b5c6ad7727005fd39fbee95136368c6918f13c053ae
[105 BYTES, redeemScript]
Edit: And here is the redeemScript decoded.
Code:
52
[OP_2]
21
[PUSH 33 BYTES]
029c17ce9a40a71d21cf53844704dd611c85a2dc0072e22c9f14a485e6bb4ad4f4
[33 BYTES, pubkey]
21
[PUSH 33 BYTES]
02b732df6d447e7fc04466522ebefe48fd07d9b5810ca1f572985f4386e36d5d13
[33 BYTES, pubkey]
21
[PUSH 33 BYTES]
03e5c93bd1fbf87b30b093c2613b5c6ad7727005fd39fbee95136368c6918f13c0
[33 BYTES, pubkey]
53
[OP_3]
ae
[OP_CHECKMULTISIG]
March 22, 2015, 03:34:37 PM
Also, amaclin ... if you like the 0,5 BTC (in case I am right) just give me your address via PM.
The most correct answer was given by @hhanh00
Your answer is wrong.
I would trust his answers over yours.
@hhanh00 even claimed you edited your post to match his and you didn't acknowledge it.
Besides, I see his point about the OP_PUSHDATA being parsed in an incorrect way.
March 22, 2015, 02:45:05 PM
Also, amaclin ... if you like the 0,5 BTC (in case I am right) just give me your address via PM.
The most correct answer was given by @hhanh00
Your answer is wrong.
March 22, 2015, 02:36:46 PM
This message was too old and has been purged
March 22, 2015, 02:35:42 PM
This message was too old and has been purged
March 22, 2015, 02:34:15 PM
wow great :-)
I will ask the developer to implement and test it, then i will send the coins asap
This fix wouldn't work I will ask the developer to implement and test it, then i will send the coins asap
March 22, 2015, 02:30:18 PM
This message was too old and has been purged
March 22, 2015, 02:29:30 PM
This message was too old and has been purged
March 22, 2015, 02:27:30 PM
wow great :-)
I will ask the developer to implement and test it, then i will send the coins asap
I will ask the developer to implement and test it, then i will send the coins asap
March 22, 2015, 02:25:50 PM
wat? 
53 AE is OP_3 OP_CHECKMULTISIG
...53ae OP_3 OP_CHECKMULTISIG
53 AE is OP_3 OP_CHECKMULTISIG
March 22, 2015, 02:09:25 PM
This message was too old and has been purged
March 22, 2015, 12:59:36 PM
There should be a bountry escrow, how you know hes gonna pay after he sees the solutions here?
i hope to close this chapter quickly, but sure, we can appoint an escrower in case of a dispute ;-)
March 22, 2015, 12:47:24 PM
There should be a bountry escrow, how you know hes gonna pay after he sees the solutions here?
March 22, 2015, 11:24:30 AM
@amaclin, I don't know if you did it on purpose but you had a totally different explanation (bogus).
Then just after I post mine, your message is edited and voila - your explanation is the right one. It looks really shady.
First I put this transaction to http://webbtc.com/relay_tx and got a message about invalid signatureThen just after I post mine, your message is edited and voila - your explanation is the right one. It looks really shady.
And next I continued to find the problem with my own tools and code
March 22, 2015, 11:12:07 AM
@amaclin, I don't know if you did it on purpose but you had a totally different explanation (bogus).
Then just after I post mine, your message is edited and voila - your explanation is the right one. It looks really shady.
Then just after I post mine, your message is edited and voila - your explanation is the right one. It looks really shady.
March 22, 2015, 11:07:45 AM
- Take the raw transaction
- Decode it with `decoderawtransaction`
The last push is the p2sh redeem script. `decodescript` gives
Notice that it's a different address than the one you are trying to spend `3FNa55HKt54bjfJMFssPFLX5KwJv39hsUj`.
In your javascript,
You form the redeem script from the pubkeys. With 3 public keys, there are 6 different permutations. Each of them leads to a different multi-sig address.
Interestingly, none of them matches the one you need.
- 123 3R1UQV2dHeXN2S3fiUqzFZnKougMdyEYv9
- 213 37yynZQMVYP2c7aU3MMQuRNT35Ef4n7gMA
- 132 36Dpfp5JqZXnkRQE6QTCRPxUmsbp9iQVSR
- 231 3DYmesQmQF5LrYG948bQfsuK7J9waZ9ZyG
- 312 36zHiQfWSnWVeLXSY9qGqHTXqCLad1Qdyk
- 321 3Lc3xpDc2TGgr4PukALsa4GMXvK69fA76h"
Either you are trying to redeem from the wrong address, or you don't have the right pubkeys.
Code:
0100000001a8e825e97723b40afbbc702d56b1f215b8e14d978357b55cdd754862b2bd2f5c01000000fdfd0000473044022001f4524959d67cbb94ec3b467701855994a28105190a116402996f82fdbf210b02205579e4a9fb3a79619aab36e839140907924afa9aedc56f0d0a4ffa91e16ae7150148304502210089d971e533932f4052c03c888525ba5d41f833a7e0ecef565e4106ef2dd4caff022060aa16868d08c85f7864b5be2b3f3d715b3aff15e36aeb47d48d7182684e2fae014c695221029c17ce9a40a71d21cf53844704dd611c85a2dc0072e22c9f14a485e6bb4ad4f42102b732df6d447e7fc04466522ebefe48fd07d9b5810ca1f572985f4386e36d5d132103e5c93bd1fbf87b30b093c2613b5c6ad7727005fd39fbee95136368c6918f13c053aeffffffff01905f01000000000017a9146e785c7efebeefbf201533ed5c8d07b6a524eadc8700000000
- Decode it with `decoderawtransaction`
Code:
{
...
"scriptSig" : {
"asm" : "0 3044022001f4524959d67cbb94ec3b467701855994a28105190a116402996f82fdbf210b02205579e4a9fb3a79619aab36e839140907924afa9aedc56f0d0a4ffa91e16ae71501 304502210089d971e533932f4052c03c888525ba5d41f833a7e0ecef565e4106ef2dd4caff022060aa16868d08c85f7864b5be2b3f3d715b3aff15e36aeb47d48d7182684e2fae01 5221029c17ce9a40a71d21cf53844704dd611c85a2dc0072e22c9f14a485e6bb4ad4f42102b732df6d447e7fc04466522ebefe48fd07d9b5810ca1f572985f4386e36d5d132103e5c93bd1fbf87b30b093c2613b5c6ad7727005fd39fbee95136368c6918f13c053ae",
"hex" : "00473044022001f4524959d67cbb94ec3b467701855994a28105190a116402996f82fdbf210b02205579e4a9fb3a79619aab36e839140907924afa9aedc56f0d0a4ffa91e16ae7150148304502210089d971e533932f4052c03c888525ba5d41f833a7e0ecef565e4106ef2dd4caff022060aa16868d08c85f7864b5be2b3f3d715b3aff15e36aeb47d48d7182684e2fae014c695221029c17ce9a40a71d21cf53844704dd611c85a2dc0072e22c9f14a485e6bb4ad4f42102b732df6d447e7fc04466522ebefe48fd07d9b5810ca1f572985f4386e36d5d132103e5c93bd1fbf87b30b093c2613b5c6ad7727005fd39fbee95136368c6918f13c053ae"
},
...
The last push is the p2sh redeem script. `decodescript` gives
Code:
{
"asm" : "2 029c17ce9a40a71d21cf53844704dd611c85a2dc0072e22c9f14a485e6bb4ad4f4 02b732df6d447e7fc04466522ebefe48fd07d9b5810ca1f572985f4386e36d5d13 03e5c93bd1fbf87b30b093c2613b5c6ad7727005fd39fbee95136368c6918f13c0 3 OP_CHECKMULTISIG",
"reqSigs" : 2,
"type" : "multisig",
"addresses" : [
"13z5KYvFw3zTYLv3VutbEX1JZs9qCpzxBn",
"1AM7HytoKfkx2GqGkxzJ5GLAaQPimyaC7A",
"13FQsbdeZaN4uAUa4u9gsiF4qXX9Z3LbEk"
],
"p2sh" : "3R1UQV2dHeXN2S3fiUqzFZnKougMdyEYv9"
}
Notice that it's a different address than the one you are trying to spend `3FNa55HKt54bjfJMFssPFLX5KwJv39hsUj`.
In your javascript,
Code:
var utxo = {
txId: escrowTxid,
outputIndex: escrowTxVout,
script: Script.buildMultisigOut(pubkeys, 2).toScriptHashOut(),
satoshis: escrowAmount
};
You form the redeem script from the pubkeys. With 3 public keys, there are 6 different permutations. Each of them leads to a different multi-sig address.
Interestingly, none of them matches the one you need.
- 123 3R1UQV2dHeXN2S3fiUqzFZnKougMdyEYv9
- 213 37yynZQMVYP2c7aU3MMQuRNT35Ef4n7gMA
- 132 36Dpfp5JqZXnkRQE6QTCRPxUmsbp9iQVSR
- 231 3DYmesQmQF5LrYG948bQfsuK7J9waZ9ZyG
- 312 36zHiQfWSnWVeLXSY9qGqHTXqCLad1Qdyk
- 321 3Lc3xpDc2TGgr4PukALsa4GMXvK69fA76h"
Either you are trying to redeem from the wrong address, or you don't have the right pubkeys.
March 22, 2015, 09:48:13 AM
Code:
01000000
01
a8e825e97723b40afbbc702d56b1f215b8e14d978357b55cdd754862b2bd2f5c 01000000
fd fd00
00
47 3044 0220 01f4524959d67cbb94ec3b467701855994a28105190a116402996f82fdbf210b
0220 5579e4a9fb3a79619aab36e839140907924afa9aedc56f0d0a4ffa91e16ae71501
48 3045 0221 0089d971e533932f4052c03c888525ba5d41f833a7e0ecef565e4106ef2dd4caff
0220 60aa16868d08c85f7864b5be2b3f3d715b3aff15e36aeb47d48d7182684e2fae01
4c 69
52
21029c17ce9a40a71d21cf53844704dd611c85a2dc0072e22c9f14a485e6bb4ad4f4
2102b732df6d447e7fc04466522ebefe48fd07d9b5810ca1f572985f4386e36d5d13
2103e5c93bd1fbf87b30b093c2613b5c6ad7727005fd39fbee95136368c6918f13c0
53ae
ffffffff
01
905f010000000000
17a9146e785c7efebeefbf201533ed5c8d07b6a524eadc87
00000000
21029c17ce9a40a71d21cf53844704dd611c85a2dc0072e22c9f14a485e6bb4ad4f4
2102b732df6d447e7fc04466522ebefe48fd07d9b5810ca1f572985f4386e36d5d13
2103e5c93bd1fbf87b30b093c2613b5c6ad7727005fd39fbee95136368c6918f13c0
53ae
this 2-of-3 msig is redeeming the p2sh address 3R1UQV2dHeXN2S3fiUqzFZnKougMdyEYv9
but a8e825e97723b40afbbc702d56b1f215b8e14d978357b55cdd754862b2bd2f5c:1 is funding address 3FNa55HKt54bjfJMFssPFLX5KwJv39hsUj
March 22, 2015, 08:36:45 AM
I might be wrong but if it decodes to this and you are trying to spend this transaction 5c2fbdb2624875dd5cb55783974de1b815f2b1562d70bcfb0ab42377e925e8a8:1 it shouldn't be this I think it is supposed to be this.
Code:
"script_string":"OP_HASH160 6e785c7efebeefbf201533ed5c8d07b6a524eadc OP_EQUAL",
Code:
"script_string":"OP_HASH160 9614b156f8fa5721f0fed587378af46bd1503bfe OP_EQUAL",
March 22, 2015, 08:23:29 AM
Dear all,
Bitalo wants to deliver more decentralized service applications,
however we are currently blocked for our escrow mechanism by a bug that we simply cannot solve.
We try to use the bitcore API for 2 out of 3 multi signature escrow, but for unknown reasons it does not work.
all info and the complete bug description is available here:
https://github.com/bitpay/bitcore/issues/1136
We hope that someone here might be smart enough to help us out here.
Bitalo wants to deliver more decentralized service applications,
however we are currently blocked for our escrow mechanism by a bug that we simply cannot solve.
We try to use the bitcore API for 2 out of 3 multi signature escrow, but for unknown reasons it does not work.
all info and the complete bug description is available here:
https://github.com/bitpay/bitcore/issues/1136
We hope that someone here might be smart enough to help us out here.
Jump to: