elements icon indicating copy to clipboard operation
elements copied to clipboard
verified publisher icon ElementsProject

signrawtransactionwithwallet seems to break the existing signatures of some of the inputs

Open andreabonel opened this issue 3 years ago • 5 comments

It seems that this rpc alters the scriptSig of all of the inputs that were already signed (second and third vins in this case), except for the first one. This is an example with 4 inputs, where the first 3 are transactions that are already signed:

Before executing signrawtransactionwithwallet, I have this transaction:

020000000004ff0a2172ff5119e6ceafa3a88b4bd178476375225519152b485602c042a4484008000000fd5c010047304402207c702a95f503941cc00f66fe3c92f20309ab8984d8bb222cd9ef194b199e8aff02207d0de0750281be7d95051b23786f35273c419479bf63ceb5d5ecc55c93edcef583473044022076d7cf8fd0fd19747867c666c3641a6911a7538bc20746b60a96bab37c8c8bc3022051b1fb4ac04745602d6475ba09cc2affac80307019122406e2e12caddd6b3ae4834cc95241043a7594b3c4e81c077abe207f032d165d6ce9bbe2358b1e805ed129ef8db41c4f135fdf1baf1e5b38c4a4098528440442aa957b88bbf1cafba28cf7e664528323410421ac264d13783e632bfb89824b71358eef878b53d76f8b6496862f6923b41a03fb961f2dada51e798280883d6c1aa793790a8bb6c22cb143fbdc34c6c084a90641041046622bfdb7c9b8c6122302cefa35571dc9003e6901accdd9aec6de08a1cd61bf40713a6afbfd3ef6537aabe024298b27c27ebe14d2980b04f99e8abb39a95d53aeffffffffff0a2172ff5119e6ceafa3a88b4bd178476375225519152b485602c042a4484009000000fd5c010047304402200f8d228329148cfb72e6cbb7db42e864b5fed723c3af1e9b0af561a36390540902204f74bec6a657fb5284b155f8a674fa53fcdeac9f20363d733dc7537b799b172d834730440220552d3b086755dba80fb378666e1404573fee7f9e98861d2ae0d9222665d7a996022078ff9ca1990dab021ca6dc6c419c7b7df85538e4520d2cda96cf01397df808d2834cc9524104fa9f5ee69acce271c8cd755c78f5e1f30e1404abd68407beb6ab0af4879541f27c5b5757d7eed95f213432f09d7ee0b65d69ea111ee80535fc449bdbc479e7ed4104eba0f0ecd5c1f09c053a3484d76d9f4c96572d62006bf3924d0c567794960688aa7e6ca87c1257d4da45f67f216824b337d22a03299d6073637fa25c85d579084104a9428ff8a66c8f31f01fdbada31e486df4a962c592c0b00cc226c019e1bae33a9dbafc50dd1e8d776783a0eefa50456360c572f8be7414f1dbc2fd6c75b129bc53aeffffffffff0a2172ff5119e6ceafa3a88b4bd178476375225519152b485602c042a448400a000000fd5c01004730440220394933c87fdb499cfe375d54521c78df9f31deea9596d726477e0dbb5b36453b02206b7e38629c24a1b4eb35fc560f93935dcc8e7d7df1cb29bb060d5cbc949a148783473044022022e5416c0746833bc90f56c0da5c3047be2a4b844d07d5f28b69610bd4e1a949022046f6565206af96c047b22a4a33978fd6699ea1033bce924143f6b90b962e4088834cc9524104fc96e62933ea63d9d80192f091063226c5e94a9ec4f380077d0668fc0b41efcaa0b2f39289b269581f33d9902c5e1e9898dccd3ffb32bb43346f45ac64dc159141045b46bf4029c8ed854ee8ea90f543462605fd9ef22f96e8fd24e51f358748ef93a949c38811dd747a12305df60a61974b1864b89235ce095e093933ab83c1ce04410472d3374399fcedbdb45cf0cc1c051314a271ab8f8faec201067ca6be2a5d90162744122b652f56f87814e99a0c8670a66de6230dd624d4bfafdaa41ecfdb8c7353aeffffffffff0a2172ff5119e6ceafa3a88b4bd178476375225519152b485602c042a448400600000000ffffffff05016821fda49e6e9f519784aea7cd0e689ad23dee5c8e81c4c4cde0f53c2dc889cd010000000005f5e1000017a914f9cf23091ced4a959eb9ae92425d9fe9cd54c1f38701ee4b615c5f1c4b6e0263694a9cf8024b897a6f36bf56296a65e24ba178881334010000000005f5e1000017a9147a00ee43e9933935ade93bfe0c4a698e090e5e268701d3fad029969614858e51d18eb11e8b247889de22134ac13aba1201e8ea8daef2010000000005f5e1000017a914baff33860807eed178d9c67eed3df8faf7db279a8701230f4f5d4b7c6fa845806ee4f67713459e1b69e8e60fcee2e4940c7a0d5de1b201000000000098486000160014adfdea76689a4d6d37f5e1720a4f1ccd35a7b37501230f4f5d4b7c6fa845806ee4f67713459e1b69e8e60fcee2e4940c7a0d5de1b2010000000000002710000000000000

and after executing it, I get this one:

020000000104ff0a2172ff5119e6ceafa3a88b4bd178476375225519152b485602c042a4484008000000fd5c010047304402207c702a95f503941cc00f66fe3c92f20309ab8984d8bb222cd9ef194b199e8aff02207d0de0750281be7d95051b23786f35273c419479bf63ceb5d5ecc55c93edcef583473044022076d7cf8fd0fd19747867c666c3641a6911a7538bc20746b60a96bab37c8c8bc3022051b1fb4ac04745602d6475ba09cc2affac80307019122406e2e12caddd6b3ae4834cc95241043a7594b3c4e81c077abe207f032d165d6ce9bbe2358b1e805ed129ef8db41c4f135fdf1baf1e5b38c4a4098528440442aa957b88bbf1cafba28cf7e664528323410421ac264d13783e632bfb89824b71358eef878b53d76f8b6496862f6923b41a03fb961f2dada51e798280883d6c1aa793790a8bb6c22cb143fbdc34c6c084a90641041046622bfdb7c9b8c6122302cefa35571dc9003e6901accdd9aec6de08a1cd61bf40713a6afbfd3ef6537aabe024298b27c27ebe14d2980b04f99e8abb39a95d53aeffffffffff0a2172ff5119e6ceafa3a88b4bd178476375225519152b485602c042a4484009000000cd00004cc9524104fa9f5ee69acce271c8cd755c78f5e1f30e1404abd68407beb6ab0af4879541f27c5b5757d7eed95f213432f09d7ee0b65d69ea111ee80535fc449bdbc479e7ed4104eba0f0ecd5c1f09c053a3484d76d9f4c96572d62006bf3924d0c567794960688aa7e6ca87c1257d4da45f67f216824b337d22a03299d6073637fa25c85d579084104a9428ff8a66c8f31f01fdbada31e486df4a962c592c0b00cc226c019e1bae33a9dbafc50dd1e8d776783a0eefa50456360c572f8be7414f1dbc2fd6c75b129bc53aeffffffffff0a2172ff5119e6ceafa3a88b4bd178476375225519152b485602c042a448400a000000cd00004cc9524104fc96e62933ea63d9d80192f091063226c5e94a9ec4f380077d0668fc0b41efcaa0b2f39289b269581f33d9902c5e1e9898dccd3ffb32bb43346f45ac64dc159141045b46bf4029c8ed854ee8ea90f543462605fd9ef22f96e8fd24e51f358748ef93a949c38811dd747a12305df60a61974b1864b89235ce095e093933ab83c1ce04410472d3374399fcedbdb45cf0cc1c051314a271ab8f8faec201067ca6be2a5d90162744122b652f56f87814e99a0c8670a66de6230dd624d4bfafdaa41ecfdb8c7353aeffffffffff0a2172ff5119e6ceafa3a88b4bd178476375225519152b485602c042a448400600000000ffffffff05016821fda49e6e9f519784aea7cd0e689ad23dee5c8e81c4c4cde0f53c2dc889cd010000000005f5e1000017a914f9cf23091ced4a959eb9ae92425d9fe9cd54c1f38701ee4b615c5f1c4b6e0263694a9cf8024b897a6f36bf56296a65e24ba178881334010000000005f5e1000017a9147a00ee43e9933935ade93bfe0c4a698e090e5e268701d3fad029969614858e51d18eb11e8b247889de22134ac13aba1201e8ea8daef2010000000005f5e1000017a914baff33860807eed178d9c67eed3df8faf7db279a8701230f4f5d4b7c6fa845806ee4f67713459e1b69e8e60fcee2e4940c7a0d5de1b201000000000098486000160014adfdea76689a4d6d37f5e1720a4f1ccd35a7b37501230f4f5d4b7c6fa845806ee4f67713459e1b69e8e60fcee2e4940c7a0d5de1b20100000000000027100000000000000000000000000000000000000000024730440220681779b0139739a05106145e5330bd5fe7b7912703f66eec66a3b013e0c0fb2702204eeb650604ea22bb80c8b876639331d9b4effed25a0bf134505f4cc6264fce430121023b55d6a7ba7edb876268584d2f12cb26d5cdf9f364e2eb75715df6f95dc1e9470000000000000000000000

By decoding both, it seems that this RPC alters the scriptSig of all of the inputs that were already signed, except for the first one.

The error that is returned by the RPC on the inputs that were already signed (second and third vins in this case) is: "Unable to sign input, invalid stack size (possibly missing key)"

andreabonel avatar Sep 30 '22 20:09 andreabonel

Can you reproduce this upstream?

What if you run signrawtransactionwithkey but provide no keys?

apoelstra avatar Oct 01 '22 13:10 apoelstra

Yes, it seems to happen in bitcoin too. I've prepared a bash script that reproduces it, as close as possible. About signrawtransactionwithkey, the key is mandatory so it doesn't work.

andreabonel avatar Oct 22 '22 00:10 andreabonel

Great, thank you! I remember a discussion about this upstream but I'm not able to find it. I do think it's a bug and worth filing a new issue there (even if it turns out to be a dupe).

apoelstra avatar Oct 22 '22 16:10 apoelstra

Maybe this one https://github.com/bitcoin/bitcoin/issues/21151? It's a very similar case.

andreabonel avatar Oct 22 '22 20:10 andreabonel

Yeah, it's possible that that's what I'm thinking of -- though it was fixed, and the fixed pulled into Elements, so this must be something different.

apoelstra avatar Oct 23 '22 15:10 apoelstra