Title: 2 BTC bounty for fixing our multi-signature bug in the Bitcore API Post by: Bitalo_Martin on March 22, 2015, 01:23:29 PM Dear all,
Bitalo wants to deliver more decentralized service applications, however we are currently blocked for our escrow mechanism by a bug that we simply cannot solve. We try to use the bitcore API for 2 out of 3 multi signature escrow, but for unknown reasons it does not work. all info and the complete bug description is available here: https://github.com/bitpay/bitcore/issues/1136 We hope that someone here might be smart enough to help us out here. Title: Re: 2 BTC bounty for fixing our multi-signature bug in the Bitcore API Post by: yakuza699 on March 22, 2015, 01:36:45 PM I might be wrong but if it decodes to this and you are trying to spend this transaction 5c2fbdb2624875dd5cb55783974de1b815f2b1562d70bcfb0ab42377e925e8a8:1 it shouldn't be this
Code: "script_string":"OP_HASH160 6e785c7efebeefbf201533ed5c8d07b6a524eadc OP_EQUAL", Code: "script_string":"OP_HASH160 9614b156f8fa5721f0fed587378af46bd1503bfe OP_EQUAL", Title: Re: 2 BTC bounty for fixing our multi-signature bug in the Bitcore API Post by: amaclin on March 22, 2015, 02:48:13 PM Code: 01000000 21029c17ce9a40a71d21cf53844704dd611c85a2dc0072e22c9f14a485e6bb4ad4f4 2102b732df6d447e7fc04466522ebefe48fd07d9b5810ca1f572985f4386e36d5d13 2103e5c93bd1fbf87b30b093c2613b5c6ad7727005fd39fbee95136368c6918f13c0 53ae this 2-of-3 msig is redeeming the p2sh address 3R1UQV2dHeXN2S3fiUqzFZnKougMdyEYv9 but a8e825e97723b40afbbc702d56b1f215b8e14d978357b55cdd754862b2bd2f5c:1 is funding address 3FNa55HKt54bjfJMFssPFLX5KwJv39hsUj Title: Re: 2 BTC bounty for fixing our multi-signature bug in the Bitcore API Post by: hhanh00 on March 22, 2015, 04:07:45 PM - Take the raw transaction
Code: 0100000001a8e825e97723b40afbbc702d56b1f215b8e14d978357b55cdd754862b2bd2f5c01000000fdfd0000473044022001f4524959d67cbb94ec3b467701855994a28105190a116402996f82fdbf210b02205579e4a9fb3a79619aab36e839140907924afa9aedc56f0d0a4ffa91e16ae7150148304502210089d971e533932f4052c03c888525ba5d41f833a7e0ecef565e4106ef2dd4caff022060aa16868d08c85f7864b5be2b3f3d715b3aff15e36aeb47d48d7182684e2fae014c695221029c17ce9a40a71d21cf53844704dd611c85a2dc0072e22c9f14a485e6bb4ad4f42102b732df6d447e7fc04466522ebefe48fd07d9b5810ca1f572985f4386e36d5d132103e5c93bd1fbf87b30b093c2613b5c6ad7727005fd39fbee95136368c6918f13c053aeffffffff01905f01000000000017a9146e785c7efebeefbf201533ed5c8d07b6a524eadc8700000000 - Decode it with `decoderawtransaction` Code: { The last push is the p2sh redeem script. `decodescript` gives Code: { Notice that it's a different address than the one you are trying to spend `3FNa55HKt54bjfJMFssPFLX5KwJv39hsUj`. In your javascript, Code: var utxo = { You form the redeem script from the pubkeys. With 3 public keys, there are 6 different permutations. Each of them leads to a different multi-sig address. Interestingly, none of them matches the one you need. - 123 3R1UQV2dHeXN2S3fiUqzFZnKougMdyEYv9 - 213 37yynZQMVYP2c7aU3MMQuRNT35Ef4n7gMA - 132 36Dpfp5JqZXnkRQE6QTCRPxUmsbp9iQVSR - 231 3DYmesQmQF5LrYG948bQfsuK7J9waZ9ZyG - 312 36zHiQfWSnWVeLXSY9qGqHTXqCLad1Qdyk - 321 3Lc3xpDc2TGgr4PukALsa4GMXvK69fA76h" Either you are trying to redeem from the wrong address, or you don't have the right pubkeys. Title: Re: 2 BTC bounty for fixing our multi-signature bug in the Bitcore API Post by: hhanh00 on March 22, 2015, 04:12:07 PM @amaclin, I don't know if you did it on purpose but you had a totally different explanation (bogus).
Then just after I post mine, your message is edited and voila - your explanation is the right one. It looks really shady. Title: Re: 2 BTC bounty for fixing our multi-signature bug in the Bitcore API Post by: amaclin on March 22, 2015, 04:24:30 PM @amaclin, I don't know if you did it on purpose but you had a totally different explanation (bogus). First I put this transaction to http://webbtc.com/relay_tx and got a message about invalid signatureThen just after I post mine, your message is edited and voila - your explanation is the right one. It looks really shady. And next I continued to find the problem with my own tools and code Title: Re: 2 BTC bounty for fixing our multi-signature bug in the Bitcore API Post by: duckydonald on March 22, 2015, 05:47:24 PM There should be a bountry escrow, how you know hes gonna pay after he sees the solutions here?
Title: Re: 2 BTC bounty for fixing our multi-signature bug in the Bitcore API Post by: Bitalo_Martin on March 22, 2015, 05:59:36 PM There should be a bountry escrow, how you know hes gonna pay after he sees the solutions here? i hope to close this chapter quickly, but sure, we can appoint an escrower in case of a dispute ;-) Title: This message was too old and has been purged Post by: Evil-Knievel on March 22, 2015, 07:09:25 PM This message was too old and has been purged
Title: Re: 2 BTC bounty for fixing our multi-signature bug in the Bitcore API Post by: amaclin on March 22, 2015, 07:25:50 PM wat? ;D
...53ae OP_3 OP_CHECKMULTISIG 53 AE is OP_3 OP_CHECKMULTISIG Title: Re: 2 BTC bounty for fixing our multi-signature bug in the Bitcore API Post by: Bitalo_Martin on March 22, 2015, 07:27:30 PM wow great :-)
I will ask the developer to implement and test it, then i will send the coins asap Title: This message was too old and has been purged Post by: Evil-Knievel on March 22, 2015, 07:29:30 PM This message was too old and has been purged
Title: This message was too old and has been purged Post by: Evil-Knievel on March 22, 2015, 07:30:18 PM This message was too old and has been purged
Title: Re: 2 BTC bounty for fixing our multi-signature bug in the Bitcore API Post by: amaclin on March 22, 2015, 07:34:15 PM wow great :-) This fix wouldn't work :)I will ask the developer to implement and test it, then i will send the coins asap Title: This message was too old and has been purged Post by: Evil-Knievel on March 22, 2015, 07:35:42 PM This message was too old and has been purged
Title: This message was too old and has been purged Post by: Evil-Knievel on March 22, 2015, 07:36:46 PM This message was too old and has been purged
Title: Re: 2 BTC bounty for fixing our multi-signature bug in the Bitcore API Post by: amaclin on March 22, 2015, 07:45:05 PM Also, amaclin ... if you like the 0,5 BTC (in case I am right) just give me your address via PM. The most correct answer was given by @hhanh00 Your answer is wrong. Title: Re: 2 BTC bounty for fixing our multi-signature bug in the Bitcore API Post by: ncsupanda on March 22, 2015, 08:34:37 PM Also, amaclin ... if you like the 0,5 BTC (in case I am right) just give me your address via PM. The most correct answer was given by @hhanh00 Your answer is wrong. I would trust his answers over yours. @hhanh00 even claimed you edited your post to match his and you didn't acknowledge it. Besides, I see his point about the OP_PUSHDATA being parsed in an incorrect way. Title: Re: 2 BTC bounty for fixing our multi-signature bug in the Bitcore API Post by: TrevinHofmann on March 22, 2015, 09:38:47 PM ... and you will see that the "OP_3 OP_CHECKMULTISIG" suffix is missing. I do not believe this is the problem, unfortunately. The final 105 bytes would be the redeemScript. Code: 00 Edit: And here is the redeemScript decoded. Code: 52 Title: Re: 2 BTC bounty for fixing our multi-signature bug in the Bitcore API Post by: cr1776 on March 22, 2015, 09:50:23 PM ... and you will see that the "OP_3 OP_CHECKMULTISIG" suffix is missing. I do not believe this is the problem, unfortunately. The final 105 bytes would be the redeemScript. Code: 00 Edit: And here is the redeemScript decoded. Code: 52 This is right. Note the 53 ae is the op_3 op_chechmultisig. See another example here: https://bitcoin.org/en/developer-reference#decodescript Title: Re: 2 BTC bounty for fixing our multi-signature bug in the Bitcore API Post by: TrevinHofmann on March 22, 2015, 09:51:50 PM You form the redeem script from the pubkeys. With 3 public keys, there are 6 different permutations. Each of them leads to a different multi-sig address. Interestingly, none of them matches the one you need. - 123 3R1UQV2dHeXN2S3fiUqzFZnKougMdyEYv9 - 213 37yynZQMVYP2c7aU3MMQuRNT35Ef4n7gMA - 132 36Dpfp5JqZXnkRQE6QTCRPxUmsbp9iQVSR - 231 3DYmesQmQF5LrYG948bQfsuK7J9waZ9ZyG - 312 36zHiQfWSnWVeLXSY9qGqHTXqCLad1Qdyk - 321 3Lc3xpDc2TGgr4PukALsa4GMXvK69fA76h" Either you are trying to redeem from the wrong address, or you don't have the right pubkeys. This does seem to accurately identify the problem. I will start looking to see if I can find the cause. Edit: The problem has been solved, thanks to the information from hhanh00! The indices being used to derive public keys from master keys were out of order in one location, which resulted in the wrong public keys being used. Title: Re: 2 BTC bounty for fixing our multi-signature bug in the Bitcore API Post by: Bitalo_Martin on March 23, 2015, 12:42:50 AM OK, i agreed with Trevin that "hhanh00" helped us to solve our issue.
I would propose to give him the full bounty Title: Re: 2 BTC bounty for fixing our multi-signature bug in the Bitcore API Post by: hhanh00 on March 23, 2015, 08:51:22 AM I'm glad I could help and I have received the bounty. Thanks!
--h |