signing a typical transaction with a bitcoinjs-lib fork for an altcoin fails

[msg768]

Code:

var swiftcash = require('swiftcashjs-lib');

var tx = new swiftcash.TransactionBuilder();
tx.setVersion(1);

var key = new swiftcash.ECPair.fromWIF('PRIVATEKEY');

tx.addInput("42a6bc0664e371a19cf3fd7b66e59dba7b48b7133d60b465f041350bca3b8ddb", 0);
tx.addOutput("SQdEi8ctwLBCswxEYnRG7ymn9913WVF9RH", 400600000)

tx.sign(0, key);
console.log(tx.build().toHex());

https://github.com/swiftcashproject/swiftcashjs-lib
https://github.com/swiftcashproject/swiftcash
https://explorer.swiftcash.cc/

Code:

swiftcash-cli sendrawtransaction 0100000001db8d3bca0b3541f065b4603d13b7487bba9de5667bfdf39ca171e36406bca642000000006a47304402204a248ab66525b734d460602ffcc3dc34e65a174ccaed327885eee538a758a07d022012dd13d94a37fff20f23fd6dfd6e21c18e257c44ed8f80e2b169d5a6e98268060121021d1c9229b6e9ce28db46b5e4cd777419ce103e42b2e31989ef7efb6fd5536ef4ffffffff01c0abe017000000001976a914248bb2ad8966fcb90083ce2b5ce71ebc34c1fc2688ac00000000
error code: -26
error message:
16: mandatory-script-verify-flag-failed (Script evaluated without error but finished with a false/empty top stack element)

The js library already uses keccak256 to encode and decode the transaction. I've checked the transaction it builds with the createrawtransaction of the wallet and they match so I doubt the issue is with the transaction or even key as it evaluates without any errors. The issue seems to be with signing whatever it is. Any help will be appreciated!

[1714964695]

1714964695

[1714964695]

1714964695

[msg768]

Bump!

[darosior]

Hi,

it means your script is evaluated to False or is empty after there is not anymore OP on the stack, it is represented as SCRIPT_ERR_EVAL_FALSE in the code, raised by the VerifyScript function (https://github.com/bitcoin/bitcoin/blob/ce74799a3c21355b35fed923106d13a0f8133721/src/script/interpreter.cpp#L1407) or other related (witness) script verification functions.

Concretely, it means that your transaction is well formed but the unlocking script doesn't satisfies the conditions set by the locking one : you have to review the ScriptSig field of your transaction.

[msg768]

Hi,

it means your script is evaluated to False or is empty after there is not anymore OP on the stack, it is represented as SCRIPT_ERR_EVAL_FALSE in the code, raised by the VerifyScript function (https://github.com/bitcoin/bitcoin/blob/ce74799a3c21355b35fed923106d13a0f8133721/src/script/interpreter.cpp#L1407) or other related (witness) script verification functions.

Concretely, it means that your transaction is well formed but the unlocking script doesn't satisfies the conditions set by the locking one : you have to review the ScriptSig field of your transaction.

Hi! Thank you for the response! The scriptsig part of the transaction is where the signature is placed, correct? That is the part I believe is wrong because it's different from the one I make with the wallet using signrawtransaction method. Whereas the result for createrawtransaction and tx.tx.toHex() is the same. I feel as though either a hash is different in the core wallet somewhere or a tx field is missing either in the js library or in the core wallet compared to the other. Been looking everywhere for two days but still can't figure out what it is

[BrewMaster]

The scriptsig part of the transaction is where the signature is placed, correct?

correct.

That is the part I believe is wrong because it's different from the one I make with the wallet using signrawtransaction method.

each time you sign a transaction because of the randomness of the process used to generate the signature, you will get a different signature and a scriptsig as a result of that.
so you can't conclude that your signature here is wrong just because you got a different one elsewhere.

by the way when you want to check a transaction (its scripts) you need to post the scriptpub of the previous output that you are spending. in this case it is

Code:

76a914d4f5b4f2963c7df270eb900e0186a37cb4f851e888ac

6a (push 106 byte)
47304402204a248ab66525b734d460602ffcc3dc34e65a174ccaed327885eee538a758a07d
022012dd13d94a37fff20f23fd6dfd6e21c18e257c44ed8f80e2b169d5a6e982680601
21 (push 33 byte)
021d1c9229b6e9ce28db46b5e4cd777419ce103e42b2e31989ef7efb6fd5536ef4
OP_DUP
OP_HASH160
14 (push 20 byte)
d4f5b4f2963c7df270eb900e0186a37cb4f851e
OP_EQUALVERIFY
OP_CHECKSIG

it is fine up to OP_CHECKSIG, i don't know how to check that yet so my guess would be something wrong in that part. i've bolded R and S. and S is smaller than N/2 too.

[msg768]

each time you sign a transaction because of the randomness of the process used to generate the signature, you will get a different signature and a scriptsig as a result of that. so you can't conclude that your signature here is wrong just because you got a different one elsewhere.

I didn't know that but then if that is the case why is it that I get the same signature using either method every single time? Like if I use the same method, say the signrawtransaction method, I get the same hex each time. But if I use swiftcashjs-lib's TransactionBuilder.sign method, I get a different hex. That's why I think TransactionBuilder.sign in the js library is not doing what the signrawtransaction in the core wallet does. It must be doing something different IMO.

by the way when you want to check a transaction (its scripts) you need to post the scriptpub of the previous output that you are spending. in this case it is

Code:

76a914d4f5b4f2963c7df270eb900e0186a37cb4f851e888ac

YES! The createrawtransaction method in the wallet demands that but the js library doesn't ask for it. So my guess so far has been that it adds it automatically somehow but I could be wrong. Maybe that's what's causing the problem but I think in your breakdown of the hex, the pubscript seems to be included in the hex.

6a (push 106 byte)
47304402204a248ab66525b734d460602ffcc3dc34e65a174ccaed327885eee538a758a07d
022012dd13d94a37fff20f23fd6dfd6e21c18e257c44ed8f80e2b169d5a6e982680601
21 (push 33 byte)
021d1c9229b6e9ce28db46b5e4cd777419ce103e42b2e31989ef7efb6fd5536ef4
OP_DUP
OP_HASH160
14 (push 20 byte)
d4f5b4f2963c7df270eb900e0186a37cb4f851e
OP_EQUALVERIFY
OP_CHECKSIG

it is fine up to OP_CHECKSIG, i don't know how to check that yet so my guess would be something wrong in that part. i've bolded R and S. and S is smaller than N/2 too.

Yeah I also believe it's fine up to signature. The transaction seems to be fine. It's just the signature that is not accurate and when I do signrawtransaction of the hex with the wallet, it works. This js library is not signing the transaction properly. It's doing something different and I still can't figure out what that is.

[BrewMaster]

I didn't know that but then if that is the case why is it that I get the same signature using either method every single time?

you made me doubt so i tested it using electrum. now i am 100% sure that what i said was correct, signature changes each time you sign. i have no idea why you get the same thing here though! maybe it is not using a truly random RNG in the signing process.

you can do it yourself too. go to send tab fill in the fields and then instead of clicking send, click preview and then click sign. you can see the tx id (you can also copy the raw transaction and paste it somewhere). close this window select no in the warning and click preview again without changing anything. click sign again and you will see that the tx id is different. you can also click copy and decode transactions to see the signatures are different.
* be careful not to spend your bitcoins suddenly by mistake if you tried this!

[BrewMaster]

i think i figured out what the problem with that library is.
in  the transaction.js file they have replaced the original "bcrypto.hash256" with "bcrypto.sha256". since everything else about this altcoin involving signing is the same as bitcoin i don't think this step is any different.
the difference between these two functions is that hash256 is a double SHA256 hash while sha256 is a one time SHA256 hash which is wrong since you need to double SHA your tx before signing it.

if i am correct then it is sending a wrong hash result to the signer which in turn will give you a wrong signature.
try changing "bcrypto.sha256" to "bcrypto.hash256" in the code and sign again to see if that fixes it.

[msg768]

i think i figured out what the problem with that library is.
in  the transaction.js file they have replaced the original "bcrypto.hash256" with "bcrypto.sha256". since everything else about this altcoin involving signing is the same as bitcoin i don't think this step is any different.
the difference between these two functions is that hash256 is a double SHA256 hash while sha256 is a one time SHA256 hash which is wrong since you need to double SHA your tx before signing it.

if i am correct then it is sending a wrong hash result to the signer which in turn will give you a wrong signature.
try changing "bcrypto.sha256" to "bcrypto.hash256" in the code and sign again to see if that fixes it.

OMG! You're a genius. That was the issue
Thank you so much man. I don't know how to properly thank you because your help was priceless! <3

[BrewMaster]

i think i figured out what the problem with that library is.
in  the transaction.js file they have replaced the original "bcrypto.hash256" with "bcrypto.sha256". since everything else about this altcoin involving signing is the same as bitcoin i don't think this step is any different.
the difference between these two functions is that hash256 is a double SHA256 hash while sha256 is a one time SHA256 hash which is wrong since you need to double SHA your tx before signing it.

if i am correct then it is sending a wrong hash result to the signer which in turn will give you a wrong signature.
try changing "bcrypto.sha256" to "bcrypto.hash256" in the code and sign again to see if that fixes it.

OMG! You're a genius. That was the issue
Thank you so much man. I don't know how to properly thank you because your help was priceless! <3

i'm glad it helped.

[msg768]

i'm glad it helped.

Thanks a lot for your help really. It would be my honor if I could send you a tip in the altcoin I'm contributing to, that is SwiftCash. You can access the paper wallet here https://swiftcash.cc/swiftaddress/paperwallet.html if you want to create an address without downloading the wallet and blockchain although the size is not big. And we'll soon get up a web wallet which is what this whole thing was about Once again thanks a bunch!

[BrewMaster]

i'm glad it helped.

Thanks a lot for your help really. It would be my honor if I could send you a tip in the altcoin I'm contributing to, that is SwiftCash. You can access the paper wallet here https://swiftcash.cc/swiftaddress/paperwallet.html if you want to create an address without downloading the wallet and blockchain although the size is not big. And we'll soon get up a web wallet which is what this whole thing was about Once again thanks a bunch!

cool thanks. here is the address i crated using the paper wallet tool:

Code:

Se3bz4VHwYkBdkZWJBBRdj5X4pBk9aJFAg

i wish you success 

[msg768]

cool thanks. here is the address i crated using the paper wallet tool:

Code:

Se3bz4VHwYkBdkZWJBBRdj5X4pBk9aJFAg

i wish you success  

Great. Just before I send you the tip, can you once again confirm that you have saved the the privkey? I'm going to send you 20,000 SWIFT so you can set up a masternode with it if you wish Sorry for asking again I'm just a bit paranoid about these things and always ask people to confirm I will ask for this amount back in my next proposal and if you have anything cool you would wanna work on, feel free to join us on discord.swiftcash.cc. We have onchain governance and budget like Dash and PIVX and would welcome any help

[BrewMaster]

cool thanks. here is the address i crated using the paper wallet tool:

Code:

Se3bz4VHwYkBdkZWJBBRdj5X4pBk9aJFAg

i wish you success 

Great. Just before I send you the tip, can you once again confirm that you have saved the the privkey? I'm going to send you 20,000 SWIFT so you can set up a masternode with it if you wish Sorry for asking again I'm just a bit paranoid about these things and always ask people to confirm I will ask for this amount back in my next proposal and if you have anything cool you would wanna work on, feel free to join us on discord.swiftcash.cc. We have onchain governance and budget like Dash and PIVX and would welcome any help

yes i wrote the private key down and stored it on paper.
i'll try to check out the project more and see how things work.

[msg768]

yes i wrote the private key down and stored it on paper.
i'll try to check out the project more and see how things work.

Excellent! Sent you 20K SWIFT so you can start a Masternode or try staking if you want! Of course you can dump it too but I hope you won't. The dump price now is about 0.017 BTC but it's not how much it should be like if you look at the order book on Escodex you should be able to tell. And yes please do that. Read the whitepaper if you have time! We come from the smartcash community basically. You can read the whitepaper here: https://swiftcash.cc/assets/whitepaper.pdf