You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I use babylon\btcstaking\staking_testvectors_test.go with modified file "testvectors\vectors.json" to verify on-chain StakingOutputPkScript and StakingOutputAddress(taproot address). However, all failed with a few choosed on-chain (signet) stakings.
I just can not reproduce the exactly on-chain taproot StakingOutputAddress by offering the same parameters( staker pubkey, FP , covenant pubkeys, covenant quorum, staking time). And, then, I am not sure if some malicious script path is hidden in the taproot address.
modify babylon\btcstaking\testvectors\vectors.json
add a new testcase with parameters I got from babylon website and api, details is :
I open "https://api.babylonchain.io/v2/btc-delegations?pagination.key=&pagination.reverse=true&pagination.limit=100" and choose one staking as test.
as below: { "delegation": { "btc_pk_hex": "37781a858ff4f5b864576d38722dde1f4e5e377cb1b132672da9db9322635386", "staking_amount": 44800, "start_height": 195515, "end_height": 196523, "bbn_pk": { "hex": "035dd47f21291fcbcc9ea74fe3ae12497aa892a60f8bb2f5ed6dd203337ff87a36", "acc_addr": "bbn1tcj49av2xncfa8pl57ua4azfqrxv7m6wjf96ea" } }, "finality_providers": [ { "description": { "moniker": "Babylon Foundation 3", "website": "https://babylonchain.io" }, "commission": "0.050000000000000000", "bbn_pk": { "hex": "03e990c3d05d8b34d6c4d1082a035f971b7b9d0910a686238b0942fe3ca6f2115f", "acc_addr": "bbn1t3gu0t7hysvcmneu0rk6epqvu53epw3d39jcx4" }, "btc_pk_hex": "977a2d15c19bd1bfa32bcd4fad70733e1189dffac65d3aee60067e59f0f3df30" } ], "status": { "status": "Active", "status_time": "0001-01-01T00:00:00Z" }, "activation_time": "0001-01-01T00:00:00Z", "staking_tx_hex": "020000000001010af4be395dd258153c9ad59f07d6b431ed0907430791283b8b16ac9215ae1e7a0000000000ffffffff0200af0000000000002251203d9b0c9affb576190f9a113c2d42479a6c18bd928999a5e70c7735de9b746fe99b8d0e00000000001600147b12ba8dce7bf45e7c8324726a8adcc4c6e5bd8a02483045022100aae0fa5f2716156f5f389c9c2414062fe8453c55e6312a0c4923aed9dda1c23f022068558e312b03890a4892af51d1fbc915ded4bd3b17bb4dc65fb56029dc3d9f9901210237781a858ff4f5b864576d38722dde1f4e5e377cb1b132672da9db932263538600000000", "staking_output_idx": 0, "slashing_tx_hex": "020000000165158a94797b40b49734d7780d6e51635456d50ae794ff6d39f577af97b872e20000000000ffffffff02801100000000000016001463e2edfae6bf51aebbed63bb823c55565ab5eace9899000000000000225120f0a6d11cdb6793ba8b450108348a1471cc27f0633df28e4a15eae4fed27fb23300000000", "unbonding_tx_hex": "020000000165158a94797b40b49734d7780d6e51635456d50ae794ff6d39f577af97b872e20000000000ffffffff0118ab000000000000225120160f85b09c35ab474a94b5e8a44f2f96419060c8ea647f88f612b49da0317d9100000000", "unbonding_tx_sig_hex": "", "unbonding_slashing_tx_hex": "0200000001198f309e3d6839823cfe1e4d28f0e7a680221a1bba03942c8067d36d9acf17f90000000000ffffffff021c1100000000000016001463e2edfae6bf51aebbed63bb823c55565ab5eace1496000000000000225120f0a6d11cdb6793ba8b450108348a1471cc27f0633df28e4a15eae4fed27fb23300000000", "covenant_unbonding_sigs": [ { "btc_pk_hex": "59d3532148a597a2d05c0395bf5f7176044b1cd312f37701a9b4d0aad70bc5a4", "sig_hex": "89c67943a1bf0cbd7c18152d86674cbb062125eba3effeeb6d4e640427cab79f93022568caf500e537019397aea744bcc1279846a546776186ad63c2756cd056" }, { "btc_pk_hex": "a5c60c2188e833d39d0fa798ab3f69aa12ed3dd2f3bad659effa252782de3c31", "sig_hex": "3e0bed68cae48c2318ac88303a6517f5a351c0b827f1279b772a4b1ff536d0d9cc46e89af695dab8c6f9a4aa3c4e5f1b1bbe288b7904d4c4258223e389ec13f6" }, { "btc_pk_hex": "57349e985e742d5131e1e2b227b5170f6350ac2e2feb72254fcc25b3cee21a18", "sig_hex": "9857ba1833b5dbae846c63c979b9cdca5500ee775128ef08a4e260110cdd1f7e8cc458c0b35cb51f3b0d95682d967b5b8c4761b2206af364b5745f83942c3078" } ] },
by the tool (https#//www.blockchain.com/explorer/assets/btc/decode-transaction) ,I decode the staking_tx_hex field to get txid(signet) is e272b897af77f5396dff94e70ad5565463516e0d78d73497b4407b79948a1565, then I query the txid on mempool.space(https#//mempool.space/signet/tx/e272b897af77f5396dff94e70ad5565463516e0d78d73497b4407b79948a1565), I now know the expected stakingoutputPKscript is 51203d9b0c9affb576190f9a113c2d42479a6c18bd928999a5e70c7735de9b746fe9 and the expected stakingouputaddress is tb1p8kdsexhlk4mpjru6zy7z6sj8nfkp30vj3xv6tecvwu6aaxm5dl5skfllzm (taproot).
with the same txid, I get sender(staker) 's pubkey on the witness field which is 0237781a858ff4f5b864576d38722dde1f4e5e377cb1b132672da9db9322635386 on mempool.
for vectors.json,
set staker_public_key with 0237781a858ff4f5b864576d38722dde1f4e5e377cb1b132672da9db9322635386 ,
set finality_provider_public_keys with data fetched from btc-delegations api query.
set covenant_public_keys with data fetched from btc-delegations api query.
set covenant_quorum with 2 ( I also tried 1 , 3 for the total number is 3)
set staking_time with 1008 ( end_height- start_height) (btw, 1008 = 10080 mins = 168 hours = 7 days)
set network = signet
save vectors.json !
run "go test -v .\btcstaking\staking_testvectors_test.go "
I got different script pubkey and different taproot address which is not expected.
The text was updated successfully, but these errors were encountered:
luca0077
changed the title
[security] [bug/help] I Can not verify self-custody-vault Taproot Address with this repo's code
[security] [bug/help] I can not verify self-custody-vault Taproot Address with this repo's code
Aug 27, 2024
Summary of Bug
I use babylon\btcstaking\staking_testvectors_test.go with modified file "testvectors\vectors.json" to verify on-chain StakingOutputPkScript and StakingOutputAddress(taproot address). However, all failed with a few choosed on-chain (signet) stakings.
I just can not reproduce the exactly on-chain taproot StakingOutputAddress by offering the same parameters( staker pubkey, FP , covenant pubkeys, covenant quorum, staking time). And, then, I am not sure if some malicious script path is hidden in the taproot address.
Version
repo: https://github.com/babylonchain/babylon.git remote branch: origin/dev
HEAD: 6dbcf44 (git clone yestoday)
Steps to Reproduce
in function BuildStakingInfo, add:
modify babylon\btcstaking\testvectors\vectors.json
add a new testcase with parameters I got from babylon website and api, details is :
I open "https://api.babylonchain.io/v2/btc-delegations?pagination.key=&pagination.reverse=true&pagination.limit=100" and choose one staking as test.
as below:
{ "delegation": { "btc_pk_hex": "37781a858ff4f5b864576d38722dde1f4e5e377cb1b132672da9db9322635386", "staking_amount": 44800, "start_height": 195515, "end_height": 196523, "bbn_pk": { "hex": "035dd47f21291fcbcc9ea74fe3ae12497aa892a60f8bb2f5ed6dd203337ff87a36", "acc_addr": "bbn1tcj49av2xncfa8pl57ua4azfqrxv7m6wjf96ea" } }, "finality_providers": [ { "description": { "moniker": "Babylon Foundation 3", "website": "https://babylonchain.io" }, "commission": "0.050000000000000000", "bbn_pk": { "hex": "03e990c3d05d8b34d6c4d1082a035f971b7b9d0910a686238b0942fe3ca6f2115f", "acc_addr": "bbn1t3gu0t7hysvcmneu0rk6epqvu53epw3d39jcx4" }, "btc_pk_hex": "977a2d15c19bd1bfa32bcd4fad70733e1189dffac65d3aee60067e59f0f3df30" } ], "status": { "status": "Active", "status_time": "0001-01-01T00:00:00Z" }, "activation_time": "0001-01-01T00:00:00Z", "staking_tx_hex": "020000000001010af4be395dd258153c9ad59f07d6b431ed0907430791283b8b16ac9215ae1e7a0000000000ffffffff0200af0000000000002251203d9b0c9affb576190f9a113c2d42479a6c18bd928999a5e70c7735de9b746fe99b8d0e00000000001600147b12ba8dce7bf45e7c8324726a8adcc4c6e5bd8a02483045022100aae0fa5f2716156f5f389c9c2414062fe8453c55e6312a0c4923aed9dda1c23f022068558e312b03890a4892af51d1fbc915ded4bd3b17bb4dc65fb56029dc3d9f9901210237781a858ff4f5b864576d38722dde1f4e5e377cb1b132672da9db932263538600000000", "staking_output_idx": 0, "slashing_tx_hex": "020000000165158a94797b40b49734d7780d6e51635456d50ae794ff6d39f577af97b872e20000000000ffffffff02801100000000000016001463e2edfae6bf51aebbed63bb823c55565ab5eace9899000000000000225120f0a6d11cdb6793ba8b450108348a1471cc27f0633df28e4a15eae4fed27fb23300000000", "unbonding_tx_hex": "020000000165158a94797b40b49734d7780d6e51635456d50ae794ff6d39f577af97b872e20000000000ffffffff0118ab000000000000225120160f85b09c35ab474a94b5e8a44f2f96419060c8ea647f88f612b49da0317d9100000000", "unbonding_tx_sig_hex": "", "unbonding_slashing_tx_hex": "0200000001198f309e3d6839823cfe1e4d28f0e7a680221a1bba03942c8067d36d9acf17f90000000000ffffffff021c1100000000000016001463e2edfae6bf51aebbed63bb823c55565ab5eace1496000000000000225120f0a6d11cdb6793ba8b450108348a1471cc27f0633df28e4a15eae4fed27fb23300000000", "covenant_unbonding_sigs": [ { "btc_pk_hex": "59d3532148a597a2d05c0395bf5f7176044b1cd312f37701a9b4d0aad70bc5a4", "sig_hex": "89c67943a1bf0cbd7c18152d86674cbb062125eba3effeeb6d4e640427cab79f93022568caf500e537019397aea744bcc1279846a546776186ad63c2756cd056" }, { "btc_pk_hex": "a5c60c2188e833d39d0fa798ab3f69aa12ed3dd2f3bad659effa252782de3c31", "sig_hex": "3e0bed68cae48c2318ac88303a6517f5a351c0b827f1279b772a4b1ff536d0d9cc46e89af695dab8c6f9a4aa3c4e5f1b1bbe288b7904d4c4258223e389ec13f6" }, { "btc_pk_hex": "57349e985e742d5131e1e2b227b5170f6350ac2e2feb72254fcc25b3cee21a18", "sig_hex": "9857ba1833b5dbae846c63c979b9cdca5500ee775128ef08a4e260110cdd1f7e8cc458c0b35cb51f3b0d95682d967b5b8c4761b2206af364b5745f83942c3078" } ] },
by the tool (https#//www.blockchain.com/explorer/assets/btc/decode-transaction) ,I decode the staking_tx_hex field to get txid(signet) is e272b897af77f5396dff94e70ad5565463516e0d78d73497b4407b79948a1565, then I query the txid on mempool.space(https#//mempool.space/signet/tx/e272b897af77f5396dff94e70ad5565463516e0d78d73497b4407b79948a1565), I now know the expected stakingoutputPKscript is 51203d9b0c9affb576190f9a113c2d42479a6c18bd928999a5e70c7735de9b746fe9 and the expected stakingouputaddress is tb1p8kdsexhlk4mpjru6zy7z6sj8nfkp30vj3xv6tecvwu6aaxm5dl5skfllzm (taproot).
with the same txid, I get sender(staker) 's pubkey on the witness field which is 0237781a858ff4f5b864576d38722dde1f4e5e377cb1b132672da9db9322635386 on mempool.
for vectors.json,
set staker_public_key with 0237781a858ff4f5b864576d38722dde1f4e5e377cb1b132672da9db9322635386 ,
set finality_provider_public_keys with data fetched from btc-delegations api query.
set covenant_public_keys with data fetched from btc-delegations api query.
set covenant_quorum with 2 ( I also tried 1 , 3 for the total number is 3)
set staking_time with 1008 ( end_height- start_height) (btw, 1008 = 10080 mins = 168 hours = 7 days)
set network = signet
save vectors.json !
run "go test -v .\btcstaking\staking_testvectors_test.go "
I got different script pubkey and different taproot address which is not expected.
(I also tried other parameters , like :https://staking-api.testnet.babylonchain.io/v1/global-params ; https://staking-api.babylonlabs.io/v1/global-params, all failed to test/verify stakingoutput address)
The text was updated successfully, but these errors were encountered: