Fix transaction creation and signing

[ghost]

Right now our inputs are all messed up. Outputs look kind of okay.

Here's a transaction generated from this script:

import bitcash
key = bitcash.PrivateKeyTestnet('cU6s7jckL3bZUUkb3Q2CD9vNu8F1o58K5R5a3JFtidoccMbhEGKZ')
key.get_unspents()
print(key.address)
print(key.unspents)
print(key.create_transaction(([('n2eMqTT929pb1RDNuqEnxdaLau1rxy3efi', 10000, 'satoshi')])))

Output:

 #$ python3 test.py
muUFbvTKDEokGTVUjScMhw1QF2rtv5hxCz
[Unspent(amount=79449086, confirmations=72047, script='76a914990ef60d63b5b5964a1c2282061af45123e93fcb88ac', txid='1b461db5a015397c6ff05f4ecdd4c190fff675382d10390aa373a79268f478fc', txindex=1)]
0100000001fc78f46892a773a30a39102d3875f6ff90c1d4cd4e5ff06f7c3915a0b51d461b0100000000ffffffff0210270000000000001976a914e7c1345fc8f87c68170b3aa798a956c2fe6a9eff88ac8211bc04000000001976a914990ef60d63b5b5964a1c2282061af45123e93fcb88ac00000000

Deserialized:

{
    "inputs": [
        {
            "address": null, 
            "num_sig": 0, 
            "prevout_hash": "1b461db5a015397c6ff05f4ecdd4c190fff675382d10390aa373a79268f478fc", 
            "prevout_n": 1, 
            "pubkeys": [], 
            "scriptSig": "", 
            "sequence": 4294967295, 
            "signatures": {}, 
            "type": "unknown", 
            "x_pubkeys": []
        }
    ], 
    "lockTime": 0, 
    "outputs": [
        { 
           "address": "1N8QYQNAD8PLEJjmCGGR8iN1iuR9yXtY1x", 
            "prevout_n": 0, 
            "scriptPubKey": "76a914e7c1345fc8f87c68170b3aa798a956c2fe6a9eff88ac", 
            "type": 0, 
            "value": 10000
        }, 
        {
            "address": "1ExJJsNLQDNVVM1s1sdyt1o5P3GC5r32UG", 
            "prevout_n": 1, 
            "scriptPubKey": "76a914990ef60d63b5b5964a1c2282061af45123e93fcb88ac", 
            "type": 0, 
            "value": 79434114
        }
    ], 
    "version": 1
}

That was deserialized as mainnet so the addresses are wrong.

I ported this over from https://github.com/bjarnemagnussen/bit/tree/segwit, which is in turn a fork of ofek's bit library.

I am also using electron-cash as a reference: https://github.com/fyookball/electrum/blob/cash/lib/transaction.py

And I should probably understand this better: https://github.com/bitcoin/bips/blob/master/bip-0143.mediawiki

I dont know if it would make more sense to start with the original bit or the bit segwit branch. I think we need BIP-143 signatures and a 0x41 hash type for pay to public hash.

I am really lost on this. Would hugely appreciate help on this.

If you can get this library working (getting send() to work, ultimately), I'll pay you $300 USD equivalent of BCH.

Thanks,
Teran

[ghost]

@ofek, @fyookball, @bjarnemagnussen, wanted to let you know about the bounty in case you were interested. Thank you for your help already.

[bjarnemagnussen]

Since the segwit branch contains a lot of segwit soecific code I think that the cleanest way would be to start with ofek's bit branch and then change the signature generation algorithm found inside create_p2pkh_transaction with the bip-143 part of my segwit branch. BTW, ofek's original bit branch does not yet support multisig/p2sh.

[ghost]

Ah, heh. I guess that makes more sense then.

For me, I'm not worried about script hash, multisig, or anything like that.

I appreciate your feedback. If no one jumps on this today I'll probably try that tomorrow.

Thank you!

[ghost]

Library is now based on the original bit. Will work from there.

[ghost]

I tried to broadcast a transaction with electron-cash and it said FORKID had to be used. Understandable. I added that in and it says the same thing. Also with blockdozer it says I must use the FORKID. I am not sure if they are throwing a generic error message or if it's not working how I expect it to.

Judging by some older testing, it seems like multiple error types are possible: https://bitcoin.stackexchange.com/questions/63340/cannot-make-valid-bitcoin-cash-transaction/63345

I know I need to make it BIP-143, I am first wondering how I can inspect the signature and whether these error codes are generic or specific and something else is wrong.

[ghost]

I believe I've implemented in the logic. I am hardcoding sequence numbers as I don't know their purpose and everywhere I've seen has them set at 2^32.

In e126766 I am able to generate transactions again. blockdozer says the SIGHASH_FORKID is bad, electron-cash says it's missing inputs.

Deserializing in electron-cash looks just fine. I don't know if any good utilities to inspect signatures with.

Would appreciate any help you can give.

[fyookball]

i took a look at your transaction.py and it seems to define SIGHASH_FORKID constant and then never uses it ?

[ghost]

Thanks for taking a look. Yes, I have it defined as a stub. I will use it in the future but Python 3 doesn't have bitwise operations on bytes objects. Instead, I am setting 0x41 instead of 0x01 as the hash type.

[ghost]

I now have just a CHECK(MULTI)SIG error which I am working through, looking at the spec closely.

[ghost]

@bjarnemagnussen is this correct? https://github.com/bjarnemagnussen/bit/blob/segwit/bit/transaction.py#L444

I can see that you have scriptCode_len before scriptCode. That does not line up with the specification from what I can tell: https://github.com/bitcoin/bips/blob/master/bip-0143.mediawiki

Not sure if there's a bug or if I am missing something.

[ghost]

Pushed a couple small tweaks and am stopping for the night. No luck so far. Signature is still bad.

I found the "official" Bitcoin Cash signature doc which looks identical to BIP-143 from what I can tell.

https://github.com/Bitcoin-UAHF/spec/blob/master/replay-protected-sighash.md

[bjarnemagnussen]

Hey @teran-mckinney. Regarding the scriptCode_len apperaing before scriptCode: The reason is that scriptCode is used in the way that P2SH redeemscript are used in scriptSigs. The redeemscript is provided as a single element in a script with a simple push of 25 bytes. You can see that the scriptCode you reference to in the link under point 5 starts with the script push opcode of 25 bytes (0x19 in hex) and is part of the sciptCode. The scriptCode_len contains exactly this value 0x19. I hope that makes sense?

//Edit2: Actually also using P2PKH I think you need the scriptCode_len. See this step-by-step but using the old signature scheme: https://bitcoin.stackexchange.com/questions/32628/redeeming-a-raw-transaction-step-by-step-example-required

[fyookball]

you could also create the same TX in electron cash and step through to see where your code diverges

[ghost]

Thank you, to both of you. I'm narrowing down the only difference to the hashOuputs. The source is the same, the hash is different. I think there's some slight nuance I'm missing.

[ghost]

It works!!!

Thank you all for your help. You can see the stupid bug that was there.

Real pain to debug. Took me a few days. I'm glad to have this working so I can start using Bitcoin Cash now.