"there is a chance that input is unspendable" with Xverse wallet

[donnlee]

I have been chasing this error I see in Xverse for 6 days:

    if (
      res.script &&
      !this.opts.allowUnknownOutputs &&
      OutScript.decode(res.script).type === 'unknown'
    ) {
      throw new Error(
        'Transaction/output: unknown output script type, there is a chance that input is unspendable. Pass allowUnknownOutputs=true, if you sure'
      );
    }

https://github.com/paulmillr/scure-btc-signer/blob/342ad080071d7969f170ccfd3a2a8ac3aa25a03d/index.ts#L2115

First, I'm so glad I found you! Google couldn't find this. Been pulling my hair out.

When I try to list a "rare sats" utxo for-sale on MagicEden.io, Xverse wallet (Chrome extension) tries to sign & finalize the PSBT but fails and pops the error above. However, Xverse has no problem spending/transferring the problematic utxo to another Xverse address. Moreover that receiving Xverse wallet can list the rare sats utxo OK.

I searched here and found what might be the smoking gun: https://github.com/paulmillr/scure-btc-signer/issues/59 Thank you @radicleart

It seems an OP_RETURN output can trigger this error, and the transaction I'm having trouble with has an op_return output. However, I am trying to list/spend one "normal" p2tr utxo, not the op_return.

So my best theory right now is that Xverse or btc-signer is reading ALL utxo's of my transaction and then choking when it hits the op_return. Can anyone confirm if this is the case please? Why would btc-signer need to read all outputs when Xverse is trying to spend just one normal utxo?

And if true, would it be an acceptable solution for btc-signer to quietly ignore op_return outputs, instead of throwing an Error? How would Xverse pass allowUnknownOutputs=true? Maybe I can work with them, if there's an example.

Txn with the utxo's that fail when I try to list them for-sale on Magic Eden: https://mempool.space/tx/20a3c79e7e421122036e0efafcf5414840b5295e7ae479e1af488d17f12d9734 (op_return is the last output) Listing any of the 330 sats utxo's throws the error.

Xverse code that raises the btc-signer error "there is a chance that input is unspendable": https://github.com/secretkeylabs/xverse-core/blob/1caa304fe67064b6a70c0292332b46e0f7c8a2b3/transactions/psbt.ts#L136

When I search the MagicEden discord server, I see two other users who have hit this error last month. I also found a user suffering from this on Twitter/X, search: allowUnknownScript

I am willing to tip this project (or dev) if we can collaborate on a solution. Thank you

[donnlee]

Another thing I found strange: I was able to list vout=0 without any problem (this was on 2024/01/02). But then I tried to list any of the other utxo's and always hit this error.

[paulmillr]

Are you a user of xverse or a dev?

If you are a dev: simply adjust its code to pass the parameter.

If you are a user: report the issue to them.

No, we won’t do “silent ignores” by default, because with the financial stuff it is important to not lose any money. If someone does something bad, we would rather notify them and force them to override the checks.

[donnlee]

Hi @paulmillr, Thank you for the reply. I'm a Xverse user and will report the issue to them again, but this time I have the information in this github issue. Thank you

[donnlee]

@paulmillr What is the impact on security if Xverse passes allowUnknownOutputs=true? I think they will ask this. Thank you

[paulmillr]

It may create unspendable scripts, which will lock out user funds.

[victorkirov]

@donnlee Xverse dev here. Please open up an issue in Xverse-Core repo and add some screenshots of what's happening 🙏

[paulmillr]

@victorkirov @donnlee that was signer's issue. Fixed now

[victorkirov]

Thank you @paulmillr 🙌

[donnlee]

Oh sweet. I appreciate the fine work on this excellent project. Tipped via github sponsorship. Thank you @paulmillr !