search

bitcoin-core / btcdeb

Bitcoin Script Debugger
MIT License
529 stars 133 forks source link

Wrong TapLeaf for scripts 253 bytes and longer #99

Closed brqgoo-zz closed 2 years ago

brqgoo-zz commented 2 years ago

"tf tagged-hash TapLeaf" results in wrong outputs for 253 bytes and longer scripts. This is apparently due to the wrong var int compact_size(script size).

For example; For a 252-byte long script, compact_size(script size) should set to = 0xfc For a 253-byte long script, compact_size(script size) should set to = 0xfdfd00

kallewoof commented 2 years ago

I'm not sure, where does the compact size enter the picture? Is there a test vector I can compare with a tf command?

brqgoo-zz commented 2 years ago

I made 3 test cases;

1. Using btcdeb constructed a P2TR output based on a 252-byte tapscript and spent it:

tf tagged-hash TapLeaf c0 prefix_compact_size(0x4cf8ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7551)

a1e71b6931108b8c06034581a34c532de5329661464d13579d94d4077aeca3bc

tf tagged-hash TapTweak 1dae61a4a8f841952be3a511502d4f56e889ffa0685aa0098773ea2d4309f624 a1e71b6931108b8c06034581a34c532de5329661464d13579d94d4077aeca3bc

da15e88adcabfa40bb98c217a68e5d56455ce01dbe9a3227e2cd2610b97e4d11

tf taproot-tweak-pubkey 1dae61a4a8f841952be3a511502d4f56e889ffa0685aa0098773ea2d4309f624 da15e88adcabfa40bb98c217a68e5d56455ce01dbe9a3227e2cd2610b97e4d11

03232390b735d68e57cce5869a7f8e2c1e8dda9c2cd886957209893e6571c4560a

scriptPubkey: 5120232390b735d68e57cce5869a7f8e2c1e8dda9c2cd886957209893e6571c4560a

Succefully spent here.

2. Using btcdeb constructed a P2TR output based on a 253-byte tapscript and could not spend it:

tf tagged-hash TapLeaf c0 prefix_compact_size(0x4cf9ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7551)

b6d7e0097571f1bc976ef16248d89b6d56eb554c55660db31d4cdc7192536f90

tf tagged-hash TapTweak 1dae61a4a8f841952be3a511502d4f56e889ffa0685aa0098773ea2d4309f624 b6d7e0097571f1bc976ef16248d89b6d56eb554c55660db31d4cdc7192536f90

f5baef14ee7a2fd3bd9e44084b36320a0a1e8e47c143dccf58c9cbe8414e8c81

tf taproot-tweak-pubkey 1dae61a4a8f841952be3a511502d4f56e889ffa0685aa0098773ea2d4309f624 f5baef14ee7a2fd3bd9e44084b36320a0a1e8e47c143dccf58c9cbe8414e8c81

0260fe3ed9c8dde6bd010bfcd871e4c764969a9fcc5ccb34883eb9b57b603ffdb6

scriptPubKey: 512060fe3ed9c8dde6bd010bfcd871e4c764969a9fcc5ccb34883eb9b57b603ffdb6

Getting "Witness program hash mismatch" error when broadcasting spending tx:

02000000000101bc841d725db94cd5bee1e52e97cc5a2f465762ec766e2f2fb27433d5b70207810100000000ffffffff01bc020000000000001600204c6151d027d90736570e55ca360e57443dc8487502fdfd004cf9ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff755121c01dae61a4a8f841952be3a511502d4f56e889ffa0685aa0098773ea2d4309f62400000000

3. Manually constructed a P2TR output based on the same 253-byte tapscript and spent it:

Script Bytedata: 0x4cf9ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7551

TapLeaf (c0 + fdfd00 + script): f86b37926994e8da32c5827a41bb569028854e6fbadc0e0e7520a1884db4238d

TapWeak (TapLeaf + 1dae61a4a8f841952be3a511502d4f56e889ffa0685aa0098773ea2d4309f624) efa683e72fdcde9b18dd4677ac82069814b81506896349dad8cae07cac2b6c85

Tweaked Key: 0229d8547309cd94f03a893d32719a583f0b384a178f214104d759abe9aa7084c6

scriptPubKey: 512029d8547309cd94f03a893d32719a583f0b384a178f214104d759abe9aa7084c6

Succefully spent here.

kallewoof commented 2 years ago

Thanks a lot for the feedback! The prefix-compact-size function turned out to be broken! I've added tests to check this + a fix in master.

Let me know if there are still issues!