search

stacks-network / sbtc-bridge-web

Web tool to facilitage peg operations for sBTC
https://sbtc.world
GNU Affero General Public License v3.0
14 stars 5 forks source link

Withdrawal Transaction Creation should use both STX and BTC private keys from the Wallet #181

Open jferrant opened 1 year ago

jferrant commented 1 year ago

During alpha testing, it was discovered that assumptions were made about the private keys inside a Hiro wallet:

Kyran has explained our problem... My question: "what the relationship between the BTC private key and the STX private key is for a Hiro wallet?" Kyran's answer: "So the root key is the same, but the descendant keys are different And addresses for both come from different decendent keys"

Explanation: This is why we were not having success with our withdrawal transaction. We had previously sent a deposit to the STX address listed in the Hiro Wallet. When we tried to withdraw, we used the BTC private key corresponding to the BTC address in the Hiro wallet (which was holding all the bitcoin) to try to withdraw funds. HOWEVER, the corresponding STX address for this BTC private key of course does not match the STX address listed in the Hiro wallet (that contained our previously deposited sBTC). hence the "Not enough funds".

Conclusion: We need to be able to sign the BTC transaction with the BTC private key and fill the tx data with a signature signed with the STX private key.

Definition of Done:

The bridge creates a signed withdrawal BTC transaction with the private key associated with user's Hiro Wallet BTC address. The signature stored WITHIN the Withdrawal transaction data should be generated by signing the amount with the private key associated with the user's Hiro Wallet STX address. They are NOT the same.

markmhendrickson commented 1 year ago

Resources for arbitrary message signing with Hiro Wallet, for Bitcoin and Stacks respectively:

https://docs.hiro.so/build-apps/message-signing https://www.hiro.so/blog/how-arbitrary-message-signing-works-in-the-hiro-wallet https://hirowallet.gitbook.io/developers/bitcoin/sign-messages

radicleart commented 1 year ago

Related to https://github.com/leather-wallet/extension/issues/4223

friedger commented 10 months ago

Is this solved?

radicleart commented 10 months ago

@jferrant - as things stand, afaik, the payload is signed with the the stacks address private key. Are you saying this should be the cardinal/payment bitcoin private key ?

The PSBT is signed with the private key of the cardinal/payment bitcoin private key.