Testnet block 168867: Script exception, multisig verify

[GoogleCodeExporter]

Anyone else seen this?  Verify failure at block 168867 on Testnet3:

03:58:22 25 Peer.processBlock: [168.61.8.159]:18333: Block verification failed
com.google.bitcoin.core.VerificationException: Could not verify block 
00000000c13fe83dea058080509b82add0b5e6f343572027146d5c6e945a1218
v2 block: 
   previous block: 00000000fb20d877d409314bbcd4f7f537416fb66a3f606a775327f7ac4ec9e5
   merkle root: a8a25b8d3f542de344bd23db8719debdb83ce615a07b57c550e44f5feca8eb7d
   time: [1390414952] Wed Jan 22 18:22:32 UTC 2014
   difficulty target (nBits): 486604799
   nonce: 2722903808
   with 11 transaction(s):
  f26e5a52e32229d3e8508def6de6703f3be83ac20bf3f83f17026bb92369aea6: Unknown confidence level.
     == COINBASE TXN (scriptSig [a49302] [f004] [2f503253482f])  (scriptPubKey [03bb322150af8624e7cc078e9a71d96133a8a4f4cea1387925856b30b53559f57b] CHECKSIG)
  d15950fc83d4b8377bcae39923344b362a9e0a21fc94d030e7630e6343f6a930: Unknown confidence level.
     in   [304402207da780346fc8fc52df77cf6344433dd6fd9cac8a860c9a02d4daa7d4bf4a4f2c02207b2c58a10bca48702c4acc4f1fbc479f666a2c34e6e1c7e0ef1661f22bbf06fe01] [03eec2adfbe32474acf50661570e23203ce785eee853fc48c280f33991454a397b] / fdad654689324065e471ef0d13a5396eeda84389c64fd22a5a8e7a65298a7537:0
     out  DUP HASH160 [99a09b31bb10d8f840c55badf785b08e27071c31] EQUALVERIFY CHECKSIG 0.93 BTC
     out  DUP HASH160 [314bf557c63308a392c8917fd56c8cef6f9c678b] EQUALVERIFY CHECKSIG 648.05976004 BTC
  62f8651dadd7881976195e700828f30a2e3350dd7ed8277e2c36d3aa75ffa2fe: Unknown confidence level.
     in   [304502205d9ceb435c2f13ba8bb071c8157ff38d6b721febeac442e9438ea649a6dd5022022100f0347bd0ce35f5233786a2d117af9ab0609962c5c4c722a226dc465085c523f301] [031e9455ad7e81196b64c76927a785b9ddc67887a69597051d8b25999d9b3549c8] / c4d760409604379fa83d9a772a2af941be43218ca71b5544908eb8036aef4f82:0
     in   [3045022004015f4b3e7b17aff1ff9ec3caa1f3bd47edc7f994024b2c243b353d02980a06022100f1acd90b00bc9ac2305f5710b779928da06fbb3f5bde6f791ac1e07f9f4cc7e201] [02b22d90fcbdf84e48f4a57fe26edf7038cade25b38a36553dad2fd98ed6e51294] / c4d760409604379fa83d9a772a2af941be43218ca71b5544908eb8036aef4f82:1
     out  DUP HASH160 [daec4ba7ec6e4cb47c79d7fdce404e146ab01fa8] EQUALVERIFY CHECKSIG 31.00 BTC
     out  DUP HASH160 [bd40a2d0963e973d9c1be6b25c726917453cf642] EQUALVERIFY CHECKSIG 0.0103 BTC
  62d6d906607882084847bf058f69b7f55c0d26692cc9d19ef11271e1424e10a2: Unknown confidence level.
     in   [3044022009212af1c5333b7a6a0de53935a36840c7ff8afca35fffe452d0eb23f9564ccc022074ae3ea365ac0145de0bd49fa691de710afcfaf663ccad2f3a834ffb992f7aeb01] [03a4be7349c1d7c3a78d9b7e2e9207bfbfe952b92639e9765de89ce959bcab7b60] / 0cf80eadd060d819cc406d34248b0f9d057a44af4213744e9982bbdbe76ee49c:1
     out  DUP HASH160 [03a28c085f608e99bfaa46b566f9a4550f26c920] EQUALVERIFY CHECKSIG 0.929 BTC
     out  DUP HASH160 [9d66428da3536c6b812ce0b447be5a79d876ddbb] EQUALVERIFY CHECKSIG 0.004 BTC
  255942b1a9217ce91ce5ff865913e44a65ed6252470b84c0a817c12c84121e1c: Unknown confidence level.
     in   [] [3046022100a6ad0304388a4df35b444cb96ffee0b393700a6a8612f1e35cc3dc131314f893022100bcc8b2849b04dee59dcedc4fb21a96dda3fd067a381522f37a2b6813c4e1581d01] [30450220371b8ee29370e0d23f547163e3c238a40fe279e8edb2b838811cfca7bf5778e0022100f7e81c88ff7ea1c8da2666cae90c6a3c73a6817070c657068c678254fdb0b3f501] [520021039039f617d4bd3751bc0550d38e138e7ddd2042f2b137050c872e1be8df4d6aae2103a2b5af230018a36044a0638916829ed8cf6bf745a608fe6dd22ea266a7408e7e53ae] / b8e652f91d2fbae7292bd35f5b0e6bf6957a4cbac706ba499ab4f68211a0ce46:1
     out  DUP HASH160 [ed99b585a4c7b1578a08c599bf7e87351fe3e78e] EQUALVERIFY CHECKSIG 0.811 BTC
     out  HASH160 [bcce3f7e690e5f3bbd1ed6db54dc7317659fa87c] EQUAL 0.004155 BTC
  fdff5c62e8f4b55d49fa1e2d3d861c3553039ea87e5ba9d24a016c31fad7e227: Unknown confidence level.
     in   [3046022100ddc59614320494983a6d809e95a718fd01b28e6282b38fbe4a1c8b4110a10fb9022100ff7394fdc30870704d1dab34211c9db5302352e1eafe1a06e4f108b163eea00101] [02b22d90fcbdf84e48f4a57fe26edf7038cade25b38a36553dad2fd98ed6e51294] / 62f8651dadd7881976195e700828f30a2e3350dd7ed8277e2c36d3aa75ffa2fe:0
     in   [3045022100f4c169222794f48e04a22e53c2613cc34cb5543dd541a276c2f3b80de4d119da022003b86b07f4dad14cfb6435a3a11168ab77f1bc1cae4998fe345dcd783c9b124901] [0333c6a60e0a1e673dc4116dc9c4ca014cccf02d4d867ec371750e74ce752d6778] / 62f8651dadd7881976195e700828f30a2e3350dd7ed8277e2c36d3aa75ffa2fe:1
     out  DUP HASH160 [c6789c43e5d5d3182bcca0a73a08ce2609fd6728] EQUALVERIFY CHECKSIG 0.0102 BTC
     out  DUP HASH160 [daec4ba7ec6e4cb47c79d7fdce404e146ab01fa8] EQUALVERIFY CHECKSIG 31.00 BTC
  b45693978d69791a5ae4fdc43daf782b62a0cdffd28be75b23cbdcf1c4f475b0: Unknown confidence level.
     in   [3046022100f45ced31c2acb06e3229b955401777faa1e78766f5de1493d754f412c5b60730022100c8b0eb3c32446d0ad814fd9c85532c68263a28f95ffea15955102e2899f570f501] [02d15740a115fe6b15790b2d87695a891dd8b55edec32483ca4a2f9ea5cfa5495d] / 9ac01a031419ef6e5a17b316d12d070d9af78ff7cce1700365d243de917ccb8d:0
     in   [3045022024d1e34920197e1fa6284399f482cb30ad3b73769d66aa79f868bde7b382a4d8022100ab1df64975547583a4865f49001af8b2e89f408e7b7e38d398b96148ea6c687101] [03d6016ff2efe0aa8e0fd7232772bfb2833e6064cf2cef0ae1238d83b059f98480] / 9ac01a031419ef6e5a17b316d12d070d9af78ff7cce1700365d243de917ccb8d:1
     in   [304602210085fb7c2e43e562320853507ae9588fde7855da54700df6c947c099b92869f624022100d69be2ad797ff3a7503e0d53a36580b7d9bab4bd46363ea31f0baac09755f5b101] [023a76e7e1ab17b73bf2d162efc58340985b9f90127b5bab1cdc62271a2f324aad] / 5861363f4125fe211742c6b026ba87f93debda81bf7767aa8d5d8a882cdd471d:1
     out  DUP HASH160 [ddbdd73ab086d7a75c2bced28e10a1355ad8ae34] EQUALVERIFY CHECKSIG 0.0086 BTC
     out  DUP HASH160 [b25210109100cd4cee6e0721e27d9c93c0043a0a] EQUALVERIFY CHECKSIG 8.99 BTC
  2256a6fd85ea1a9e142931b04d13a8530e2a2274457d3e5fef77a43e779bb1f5: Unknown confidence level.
     in   [3044022063bc8abe0d4cb6b34e150d44cf57adc609fa960fe068da7390facbe07622e94602206ab1ea8a84bfdd62c307df454a5505cd11c6be01f37cd48394000eb78a713e4901] [023a76e7e1ab17b73bf2d162efc58340985b9f90127b5bab1cdc62271a2f324aad] / b45693978d69791a5ae4fdc43daf782b62a0cdffd28be75b23cbdcf1c4f475b0:1
     out  DUP HASH160 [d73a0bc8a46b4a37d87922abf22c19a95b42da1c] EQUALVERIFY CHECKSIG 1.00 BTC
     out  DUP HASH160 [0d11820fd2eb69ee034efaf82e499817674c1f28] EQUALVERIFY CHECKSIG 7.9899 BTC
  10e759043c2797c84ce6a22c9993a013b5b93e75086c85e701825f9c09006340: Unknown confidence level.
     in   [3045022001bb1b6eec0fdb963e86641f140b9d276c4b457a90bf25c3705da4653344082d022100d019b7df76ebfe7911521435d276d855143982992623822b8c59cc7743bba53501] [02d15740a115fe6b15790b2d87695a891dd8b55edec32483ca4a2f9ea5cfa5495d] / 2256a6fd85ea1a9e142931b04d13a8530e2a2274457d3e5fef77a43e779bb1f5:0
     out  DUP HASH160 [d73a0bc8a46b4a37d87922abf22c19a95b42da1c] EQUALVERIFY CHECKSIG 0.002 BTC
     out  DUP HASH160 [17696c405849497477a997323e4364a9d2d51829] EQUALVERIFY CHECKSIG 0.9979 BTC
  86c39f0217c078e574c62625c567b285b8e4271c43dd80dee84a60f661f88925: Unknown confidence level.
     in   [3045022100d3f44225ab11e36ad21fdb4e9c404fa218507b2104d1fcbbc8f183befb23eae202201bee47f61be14e51db6af819bc77e44c1da743def2dc64a7d489fdc71e8a02ec01] [03a17eaf4f2bb4171ddad578101758b375eef5a04c2ea3eb655ddd0953453ef013] / 2256a6fd85ea1a9e142931b04d13a8530e2a2274457d3e5fef77a43e779bb1f5:1
     out  DUP HASH160 [d73a0bc8a46b4a37d87922abf22c19a95b42da1c] EQUALVERIFY CHECKSIG 1.00 BTC
     out  DUP HASH160 [e6cda3e2d1272959022ec374291fe6da9be3bed8] EQUALVERIFY CHECKSIG 6.9898 BTC
  9ec12d075981d5cc53dd500b712e02cb6c52144d5b9a7b631d72eec532624d58: Unknown confidence level.
     in   [3045022100c8bdb831c21258a9ebc67cf55684dfdfb3b5c283853f707c7fe7bc399361d1a802202452e20838ce7defab37baa5b1727058582668f11c14ce4dba4956901962d2ce01] [03c88e4e72855e75cb039d0889777a5ab27401ca9617ce3c645942ce51f25f27fd] / 86c39f0217c078e574c62625c567b285b8e4271c43dd80dee84a60f661f88925:1
     out  DUP HASH160 [d73a0bc8a46b4a37d87922abf22c19a95b42da1c] EQUALVERIFY CHECKSIG 2.00 BTC
     out  DUP HASH160 [2ffb0256814df46600a11aaca9f5cff250ba986a] EQUALVERIFY CHECKSIG 4.9897 BTC

        at com.google.bitcoin.core.AbstractBlockChain.add(AbstractBlockChain.java:263)
        at com.google.bitcoin.core.Peer.processBlock(Peer.java:792)
        at com.google.bitcoin.core.Peer.processMessage(Peer.java:312)
        at com.google.bitcoin.core.PeerSocketHandler.receiveBytes(PeerSocketHandler.java:178)
        at com.google.bitcoin.net.ConnectionHandler.handleKey(ConnectionHandler.java:216)
        at com.google.bitcoin.net.NioClientManager.handleKey(NioClientManager.java:74)
        at com.google.bitcoin.net.NioClientManager.run(NioClientManager.java:110)
        at com.google.common.util.concurrent.AbstractExecutionThreadService$1$1.run(AbstractExecutionThreadService.java:52)
        at java.lang.Thread.run(Thread.java:724)
Caused by: com.google.bitcoin.core.ScriptException: Attempted 
OP_CHECKMULTISIG(VERIFY) with a pubkey of length 0
        at com.google.bitcoin.script.Script.executeMultiSig(Script.java:1162)
        at com.google.bitcoin.script.Script.executeScript(Script.java:1074)
        at com.google.bitcoin.script.Script.correctlySpends(Script.java:1281)
        at com.google.bitcoin.core.FullPrunedBlockChain$Verifier.call(FullPrunedBlockChain.java:134)
        at com.google.bitcoin.core.FullPrunedBlockChain$Verifier.call(FullPrunedBlockChain.java:119)
        at java.util.concurrent.FutureTask.run(FutureTask.java:262)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

Original issue reported on code.google.com by alex@bitpos.me on 30 Jan 2014 at 3:57

[GoogleCodeExporter]

My mistake - actually in block 168868 (next block)

Transaction hash: 
9ec12d075981d5cc53dd500b712e02cb6c52144d5b9a7b631d72eec532624d58

Here it is on blockexplorer:

http://blockexplorer.com/testnet/tx/9ec12d075981d5cc53dd500b712e02cb6c52144d5b9a
7b631d72eec532624d58

Original comment by alex@bitpos.me on 30 Jan 2014 at 4:00

[GoogleCodeExporter]

OK, I've done some analysis here.

The stack that is failing in executeMultiSig looks like the following:

byte[0]
byte[73] (Sig 1)
byte[72] (Sig 2)
byte[1]  (Sig count == 2)
byte[0]  ? not expected to be here by the function
byte[33] (Pub key 1)
byte[33] (Pub key 2)
byte[1]  (Key count == 3!)

The first thing you'll notice is the key count is 3, not 2 (as there are 2 keys)
So the function bombs out when it goes to read the (non-existant) third key.

Additionally, there is the phantom byte[0] between the pubkeys and the 
sig-count.

Interestingly, if I massage the data using the debugger - I.e. i manually set 
the keyCount to be 2, and do a pollLast on the stack to 'remove' the phantom 
byte, then the script executes correctly.  Thoughts?

Original comment by alex@bitpos.me on 30 Jan 2014 at 4:47

[GoogleCodeExporter]

I think the second byte[0] (aka OP_0) is a valid pubkey for bitcoind, as long 
as there's no signature attempted for that key.  So this is a bug in bitcoinj.

The throw statement should be removed from bitcoinj.

Original comment by c1.devra...@niftybox.net on 30 Jan 2014 at 4:53

[GoogleCodeExporter]

Ahh, of course! I must be blind - I didn't think that could be a public key.

I'll prepare a patch.

Original comment by alex@bitpos.me on 30 Jan 2014 at 4:55

[GoogleCodeExporter]

It looks like the fault is in:

LinkedList<byte[]> pubkeys = new LinkedList<byte[]>();
        for (int i = 0; i < pubKeyCount; i++) {
            byte[] pubKey = stack.pollLast();
            if (pubKey.length == 0)
                throw new ScriptException("Attempted OP_CHECKMULTISIG(VERIFY) with a pubkey of length 0");
            pubkeys.add(pubKey);
        }

That pubKey.length check should be at most a warning.  If the sig fails for 
that key, then it will be caught lower down anyway...

Original comment by alex@bitpos.me on 30 Jan 2014 at 5:00

[GoogleCodeExporter]

Agreed.

Original comment by c1.devra...@niftybox.net on 30 Jan 2014 at 6:13

[GoogleCodeExporter]

This can be pulled from my fork here:

https://code.google.com/r/alex-postgres/source/browse/core/src/main/java/com/goo
gle/bitcoin/script/Script.java?spec=svna458bc1a2ccb35756827c939aaf082f114a6241d&
r=a458bc1a2ccb35756827c939aaf082f114a6241d

Original comment by alex@bitpos.me on 30 Jan 2014 at 7:51

[GoogleCodeExporter]

I dont see a fix there?

Original comment by BlueMatt...@gmail.com on 30 Jan 2014 at 7:54

• Added labels: Type-Defect, Priority-High
• Removed labels: Type-Enhancement, Priority-Medium

[GoogleCodeExporter]

Line 1162.  Unfortunately it got rolled into the same commit as my postgres 
work (oops)  

The actual change is a 'throw new Exception' -> log.warn

Original comment by alex@bitpos.me on 30 Jan 2014 at 7:57

[GoogleCodeExporter]

Oh, I was looking at the next commit (your commits are titled strangely...)
In any case, I'm gonna just remove that whole if in both places and remove the 
whole section in OP_CHECKSIG in a minute when I finish writing test cases for 
all this crap.

Original comment by BlueMatt...@gmail.com on 30 Jan 2014 at 7:59

[GoogleCodeExporter]

Yep, that works for me :)

Original comment by alex@bitpos.me on 30 Jan 2014 at 8:01

[GoogleCodeExporter]

Resolved by 
https://code.google.com/p/bitcoinj/source/detail?r=28b24d0eaa8c75df7afdc43f5d78b
5ffd85003e9

Original comment by BlueMatt...@gmail.com on 30 Jan 2014 at 8:52

• Changed state: Fixed