Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[security] [bug/help] I can not verify self-custody-vault Taproot Address with this repo's code #737

Open
luca0077 opened this issue Aug 27, 2024 · 4 comments

Comments

@luca0077
Copy link

luca0077 commented Aug 27, 2024

Summary of Bug

I use babylon\btcstaking\staking_testvectors_test.go with modified file "testvectors\vectors.json" to verify on-chain StakingOutputPkScript and StakingOutputAddress(taproot address). However, all failed with a few choosed on-chain (signet) stakings.
I just can not reproduce the exactly on-chain taproot StakingOutputAddress by offering the same parameters( staker pubkey, FP , covenant pubkeys, covenant quorum, staking time). And, then, I am not sure if some malicious script path is hidden in the taproot address.

Version

repo: https://github.com/babylonchain/babylon.git remote branch: origin/dev
HEAD: 6dbcf44 (git clone yestoday)

Steps to Reproduce

  1. modify babylon\btcstaking\types.go (just add log):
    in function BuildStakingInfo, add:
	taprootPkScript, err := sh.taprootPkScript(net)
	//begin add
	fmt.Println("[My-Verify]: taprootPkScript:", hex.EncodeToString(taprootPkScript))
	taprootAddress, err := sh.my_taprootAddress(net)
	fmt.Println("[My-Verify]: taprootAddress:", taprootAddress)
	//end add
  1. modify babylon\btcstaking\testvectors\vectors.json
    add a new testcase with parameters I got from babylon website and api, details is :
    I open "https://api.babylonchain.io/v2/btc-delegations?pagination.key=&pagination.reverse=true&pagination.limit=100" and choose one staking as test.
    as below:
    { "delegation": { "btc_pk_hex": "37781a858ff4f5b864576d38722dde1f4e5e377cb1b132672da9db9322635386", "staking_amount": 44800, "start_height": 195515, "end_height": 196523, "bbn_pk": { "hex": "035dd47f21291fcbcc9ea74fe3ae12497aa892a60f8bb2f5ed6dd203337ff87a36", "acc_addr": "bbn1tcj49av2xncfa8pl57ua4azfqrxv7m6wjf96ea" } }, "finality_providers": [ { "description": { "moniker": "Babylon Foundation 3", "website": "https://babylonchain.io" }, "commission": "0.050000000000000000", "bbn_pk": { "hex": "03e990c3d05d8b34d6c4d1082a035f971b7b9d0910a686238b0942fe3ca6f2115f", "acc_addr": "bbn1t3gu0t7hysvcmneu0rk6epqvu53epw3d39jcx4" }, "btc_pk_hex": "977a2d15c19bd1bfa32bcd4fad70733e1189dffac65d3aee60067e59f0f3df30" } ], "status": { "status": "Active", "status_time": "0001-01-01T00:00:00Z" }, "activation_time": "0001-01-01T00:00:00Z", "staking_tx_hex": "020000000001010af4be395dd258153c9ad59f07d6b431ed0907430791283b8b16ac9215ae1e7a0000000000ffffffff0200af0000000000002251203d9b0c9affb576190f9a113c2d42479a6c18bd928999a5e70c7735de9b746fe99b8d0e00000000001600147b12ba8dce7bf45e7c8324726a8adcc4c6e5bd8a02483045022100aae0fa5f2716156f5f389c9c2414062fe8453c55e6312a0c4923aed9dda1c23f022068558e312b03890a4892af51d1fbc915ded4bd3b17bb4dc65fb56029dc3d9f9901210237781a858ff4f5b864576d38722dde1f4e5e377cb1b132672da9db932263538600000000", "staking_output_idx": 0, "slashing_tx_hex": "020000000165158a94797b40b49734d7780d6e51635456d50ae794ff6d39f577af97b872e20000000000ffffffff02801100000000000016001463e2edfae6bf51aebbed63bb823c55565ab5eace9899000000000000225120f0a6d11cdb6793ba8b450108348a1471cc27f0633df28e4a15eae4fed27fb23300000000", "unbonding_tx_hex": "020000000165158a94797b40b49734d7780d6e51635456d50ae794ff6d39f577af97b872e20000000000ffffffff0118ab000000000000225120160f85b09c35ab474a94b5e8a44f2f96419060c8ea647f88f612b49da0317d9100000000", "unbonding_tx_sig_hex": "", "unbonding_slashing_tx_hex": "0200000001198f309e3d6839823cfe1e4d28f0e7a680221a1bba03942c8067d36d9acf17f90000000000ffffffff021c1100000000000016001463e2edfae6bf51aebbed63bb823c55565ab5eace1496000000000000225120f0a6d11cdb6793ba8b450108348a1471cc27f0633df28e4a15eae4fed27fb23300000000", "covenant_unbonding_sigs": [ { "btc_pk_hex": "59d3532148a597a2d05c0395bf5f7176044b1cd312f37701a9b4d0aad70bc5a4", "sig_hex": "89c67943a1bf0cbd7c18152d86674cbb062125eba3effeeb6d4e640427cab79f93022568caf500e537019397aea744bcc1279846a546776186ad63c2756cd056" }, { "btc_pk_hex": "a5c60c2188e833d39d0fa798ab3f69aa12ed3dd2f3bad659effa252782de3c31", "sig_hex": "3e0bed68cae48c2318ac88303a6517f5a351c0b827f1279b772a4b1ff536d0d9cc46e89af695dab8c6f9a4aa3c4e5f1b1bbe288b7904d4c4258223e389ec13f6" }, { "btc_pk_hex": "57349e985e742d5131e1e2b227b5170f6350ac2e2feb72254fcc25b3cee21a18", "sig_hex": "9857ba1833b5dbae846c63c979b9cdca5500ee775128ef08a4e260110cdd1f7e8cc458c0b35cb51f3b0d95682d967b5b8c4761b2206af364b5745f83942c3078" } ] },

    by the tool (https#//www.blockchain.com/explorer/assets/btc/decode-transaction) ,I decode the staking_tx_hex field to get txid(signet) is e272b897af77f5396dff94e70ad5565463516e0d78d73497b4407b79948a1565, then I query the txid on mempool.space(https#//mempool.space/signet/tx/e272b897af77f5396dff94e70ad5565463516e0d78d73497b4407b79948a1565), I now know the expected stakingoutputPKscript is 51203d9b0c9affb576190f9a113c2d42479a6c18bd928999a5e70c7735de9b746fe9 and the expected stakingouputaddress is tb1p8kdsexhlk4mpjru6zy7z6sj8nfkp30vj3xv6tecvwu6aaxm5dl5skfllzm (taproot).

with the same txid, I get sender(staker) 's pubkey on the witness field which is 0237781a858ff4f5b864576d38722dde1f4e5e377cb1b132672da9db9322635386 on mempool.

for vectors.json,

set staker_public_key with 0237781a858ff4f5b864576d38722dde1f4e5e377cb1b132672da9db9322635386 ,
set finality_provider_public_keys with data fetched from btc-delegations api query.
set covenant_public_keys with data fetched from btc-delegations api query.
set covenant_quorum with 2 ( I also tried 1 , 3 for the total number is 3)
set staking_time with 1008 ( end_height- start_height) (btw, 1008 = 10080 mins = 168 hours = 7 days)
set network = signet
save vectors.json !

  1. run "go test -v .\btcstaking\staking_testvectors_test.go "

  2. I got different script pubkey and different taproot address which is not expected.

(I also tried other parameters , like :https://staking-api.testnet.babylonchain.io/v1/global-params ; https://staking-api.babylonlabs.io/v1/global-params, all failed to test/verify stakingoutput address)

@luca0077 luca0077 changed the title [security] [bug/help] I Can not verify self-custody-vault Taproot Address with this repo's code [security] [bug/help] I can not verify self-custody-vault Taproot Address with this repo's code Aug 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants
@luca0077 and others