Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[custom channels]: proof invalid after sweeping delayed to_local from commitment TX #1099

Closed
guggero opened this issue Aug 22, 2024 · 1 comment · Fixed by #1103
Closed

[custom channels]: proof invalid after sweeping delayed to_local from commitment TX #1099

guggero opened this issue Aug 22, 2024 · 1 comment · Fixed by #1103
Labels
bug Something isn't working payment-channel proofs tap-channels
Milestone
v0.5

Comments

@guggero
Copy link
Member

guggero commented Aug 22, 2024
edited
Loading

Reported by @vanditshah99 on Slack.

Error message:

2024-08-22 05:23:15.914 [INF] TCHN: Funding new vPacket channel, asset_id=d75dae162be7cd0a2df76831ee1cce4eaeb74a32fabb0d46be7a0ad70fd6ad27, amt=2500000000
2024-08-22 05:23:16.005 [INF] FRTR: Identified 4 eligible asset inputs for send of 2500000000 to {{{true [215 93 174 22 43 231 205 10 45 247 104 49 238 28 206 78 174 183 74 50 250 187 13 70 190 122 10 215 15 214 173 39]} {true {{[34110241 1949323 48120036 40959240 24868899 21497998 20063886 41859510 24713038 2748180]} {[7917944 17651436 37337177 9952462 25770521 11959941 57927709 49520190 57251631 4178363]}}}} 2500000000 true}
2024-08-22 05:23:16.036 [INF] FRTR: Selected 1 asset inputs for send of 2500000000 to d75dae162be7cd0a2df76831ee1cce4eaeb74a32fabb0d46be7a0ad70fd6ad27
2024-08-22 05:23:16.071 [DBG] TAPD: Deriving new key for fam_family=212
2024-08-22 05:23:16.071 [DBG] RPCS: [/walletrpc.WalletKit/DeriveNextKey] requested
2024-08-22 05:23:16.089 [INF] TCHN: Generating input ownership proofs for 1 inputs
2024-08-22 05:23:16.089 [INF] FRTR: Generating ownership proof for asset d75dae162be7cd0a2df76831ee1cce4eaeb74a32fabb0d46be7a0ad70fd6ad27
2024-08-22 05:23:16.090 [DBG] RPCS: [/signrpc.Signer/SignOutputRaw] requested
2024-08-22 05:23:16.090 [DBG] SGNR: Generating sigs for 1 inputs:
2024-08-22 05:23:16.092 [DBG] TCHN: unlocking asset inputs: ([]wire.OutPoint) (len=1 cap=1) {
 (wire.OutPoint) f75b88f0dad035f6b8ad5c6b43081ee245eb24b76e24237fc322f083b4f9d1ee:0
}

2024-08-22 05:23:16.119 [ERR] TCHN: unable to send input ownership proofs: error signing ownership proof: unable to generate Taproot Asset witness data: invalid transfer asset witness:
2024-08-22 05:23:16.119 [ERR] RPCS: [/tapchannelrpc.TaprootAssetChannels/FundChannel]: error funding channel: unable to send input ownership proofs: error signing ownership proof: unable to generate Taproot Asset witness data: invalid transfer asset witness:
Asset output: 
        {
            "version": "ASSET_VERSION_V1",
            "asset_genesis": {
                "genesis_point": "845f3b8358ca69018d3f6acdd0df0fa4ee52e885d69c1d5d6f2864c4197db7a5:0",
                "name": "USDTL",
                "meta_hash": "2ae3dc4e0430e7e19134adb516d9a59237efa0c580479c5e983ca0c1b6777c65",
                "asset_id": "d75dae162be7cd0a2df76831ee1cce4eaeb74a32fabb0d46be7a0ad70fd6ad27",
                "asset_type": "NORMAL",
                "output_index": 0
            },
            "amount": "1000050000",
            "lock_time": 0,
            "relative_lock_time": 144,
            "script_version": 0,
            "script_key": "0272fb9fd14c7dc3a4dd81d8a9c5883bfe266f45bf87c2de137a39d08256844685",
            "script_key_is_local": true,
            "asset_group": {
                "raw_group_key": "03e58c2ff39aaa403e6362a63fa58fb6d4d04efed238a731a91dff990b939b0655",
                "tweaked_group_key": "02a7bc5179174e9fae6d932268e52022397b78239c3f422de40e4076fa2e087b21",
                "asset_witness": "0140f4bc2399acb4ec2d7b93e8e9ba3cf7f4f3202ec862ca5bd6acf8307a0c0d6ef4e966a92bb1d4a7b9e1f63661bb45c94371899cd3ae42677b087b60c91e1574a6",
                "tapscript_root": ""
            },
            "chain_anchor": {
                "anchor_tx": "02000000000103c2a385c9062caefefd87a7c3879a433dca97a0604ee7f8043a94a6d9336f0047020000000090000000c2a385c9062caefefd87a7c3879a433dca97a0604ee7f8043a94a6d9336f0047000000000000000000b34beb53c5c24c04898260419d1eb1aad59168eeb57ad04fcc59debbce2dfcb000000000000000000002e8030000000000002251205f9f1909d3d944e4f24f1236c6944929f6b391a4652eac717608e4120a2aad99a864000000000000225120d81f99ce24da5d8d31af5c17623439ec256826ce30fd4807bab9975ce89680720340531b07eaee0869084931d7feea2f2a0fb492f7ab92345562227816c88d80c1f75b4db0b4c72ef61971527b3fa81120ab1868c135854f20c5ea23bc310591d5dc27202f27091cd09f4c5fb389246f6adda8d4ed91bf485cae7b7cacff0326673b914dac029000b27561c0dca094751109d0bd055d03565874e8276dd53e926b44e3bd1bb6bf4bc130a2799137180ff3bf86c12cd6d09f1a5618c1bf59cff15ac3c65280031028ee9c4dea987945153758fb3d14692ed35011f06aa7f7cbcec1c60d5f90fbd84126d5f2380140878ba3ec6cac676c4806b7801699b96b71f7ac31f649f0de5f1279b37f42b6a1e13bf340a5f3487d5ed41b28b3f87449beee94ec85889f8b93e0fd8c43d3ea620140ba18ebb9aa97bce77f4606ec66d0b72118664848bacfb2234b07c394a634401ae8cde8a39c46b7c209dd9db2c4bd18d4d650ad5d8f1e55bf8aa9938960c106dc5d130d00",
                "anchor_block_hash": "0000000000000000000282687637844c7c3ceb760cf4e7e1b5e11d94ae8c2fa9",
                "anchor_outpoint": "37479479423e4c839c4c8445e5aba6c410e335bb7bf047dbbb2b111d12baaaf1:0",
                "internal_key": "03ed9be4fbfbc7a58b6d3f52b28a2badeb3be7250957a00e1113e52acbae0a76d2",
                "merkle_root": "22f95c28c6c97dc123f7b62557ae600a06a8cf7792f2d4d9975425bfd72ca71c",
                "tapscript_sibling": "",
                "block_height": 857873
            },
            "prev_witnesses": [],
            "is_spent": false,
            "lease_owner": "",
            "lease_expiry": "0",
            "is_burn": false,
            "script_key_declared_known": true,
            "script_key_has_script_path": false,
            "decimal_display": {
                "decimal_display": 5
            }
        }
Transfer output: 
                {
                    "anchor": {
                        "outpoint": "37479479423e4c839c4c8445e5aba6c410e335bb7bf047dbbb2b111d12baaaf1:0",
                        "value": "1000",
                        "internal_key": "03ed9be4fbfbc7a58b6d3f52b28a2badeb3be7250957a00e1113e52acbae0a76d2",
                        "taproot_asset_root": "22f95c28c6c97dc123f7b62557ae600a06a8cf7792f2d4d9975425bfd72ca71c",
                        "merkle_root": "22f95c28c6c97dc123f7b62557ae600a06a8cf7792f2d4d9975425bfd72ca71c",
                        "tapscript_sibling": "",
                        "num_passive_assets": 0
                    },
                    "script_key": "0272fb9fd14c7dc3a4dd81d8a9c5883bfe266f45bf87c2de137a39d08256844685",
                    "script_key_is_local": true,
                    "amount": "1000050000",
                    "new_proof_blob": "544150500004000000000224c2a385c9062caefefd87a7c3879a433dca97a0604ee7f8043a94a6d9336f0047000000020450000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000096e88000000000000000006fd022d02000000000103c2a385c9062caefefd87a7c3879a433dca97a0604ee7f8043a94a6d9336f0047020000000090000000c2a385c9062caefefd87a7c3879a433dca97a0604ee7f8043a94a6d9336f0047000000000000000000b34beb53c5c24c04898260419d1eb1aad59168eeb57ad04fcc59debbce2dfcb000000000000000000002e8030000000000002251205f9f1909d3d944e4f24f1236c6944929f6b391a4652eac717608e4120a2aad99a864000000000000225120d81f99ce24da5d8d31af5c17623439ec256826ce30fd4807bab9975ce89680720340531b07eaee0869084931d7feea2f2a0fb492f7ab92345562227816c88d80c1f75b4db0b4c72ef61971527b3fa81120ab1868c135854f20c5ea23bc310591d5dc27202f27091cd09f4c5fb389246f6adda8d4ed91bf485cae7b7cacff0326673b914dac029000b27561c0dca094751109d0bd055d03565874e8276dd53e926b44e3bd1bb6bf4bc130a2799137180ff3bf86c12cd6d09f1a5618c1bf59cff15ac3c65280031028ee9c4dea987945153758fb3d14692ed35011f06aa7f7cbcec1c60d5f90fbd84126d5f2380140878ba3ec6cac676c4806b7801699b96b71f7ac31f649f0de5f1279b37f42b6a1e13bf340a5f3487d5ed41b28b3f87449beee94ec85889f8b93e0fd8c43d3ea620140ba18ebb9aa97bce77f4606ec66d0b72118664848bacfb2234b07c394a634401ae8cde8a39c46b7c209dd9db2c4bd18d4d650ad5d8f1e55bf8aa9938960c106dc5d130d000801000afd01c8000101024fa5b77d19c464286f5d1d9cd685e852eea40fdfd0cd6a3f8d0169ca58833b5f840000000005555344544c2ae3dc4e0430e7e19134adb516d9a59237efa0c580479c5e983ca0c1b6777c6500000000000401000605fe3b9b8d500901900bfd011901fd01150165c2a385c9062caefefd87a7c3879a433dca97a0604ee7f8043a94a6d9336f004700000002d75dae162be7cd0a2df76831ee1cce4eaeb74a32fabb0d46be7a0ad70fd6ad2702e899c0ef2c4d15123069c54e07ee6d66a9c24266da0c83a15beed8b09020b16e03ac0340d8188c417e280290bee8be83f771115d90be0d6c874d2e4a8644c5fa3d74f27c92583435c14f2e8156aaf6edb3a33ee3ebffe82d212f152eb12633ae06130a0e27202f27091cd09f4c5fb389246f6adda8d4ed91bf485cae7b7cacff0326673b914dac029000b27541c0dca094751109d0bd055d03565874e8276dd53e926b44e3bd1bb6bf4bc130a2799137180ff3bf86c12cd6d09f1a5618c1bf59cff15ac3c65280031028ee9c4dea0e02000010210272fb9fd14c7dc3a4dd81d8a9c5883bfe266f45bf87c2de137a39d08256844685112102a7bc5179174e9fae6d932268e52022397b78239c3f422de40e4076fa2e087b210c9f000400000000022103ed9be4fbfbc7a58b6d3f52b28a2badeb3be7250957a00e1113e52acbae0a76d20374014900010102208e783d128da97b0c3fca189b7c04839c2f1dd7505b993ac7bc54f1bec22cec9504220000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff022700010202220000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0d30012e0004000000010221039f7a7b5f10a1a14303b4220960b63ccb30ee7cb1e3b8314410187383e3898bf20503040101160400000000",
                    "split_commit_root_hash": "",
                    "output_type": "OUTPUT_TYPE_SIMPLE",
                    "asset_version": "ASSET_VERSION_V1",
                    "lock_time": "0",
                    "relative_lock_time": "144",
                    "proof_delivery_status": "PROOF_DELIVERY_STATUS_NOT_APPLICABLE"
                }

Full proof:
proof-file.hex.txt

Short term mitigation

To make sure the incorrect proof isn't used in any new transfers, the asset UTXO was leased for a year.
SQLite query for future reference:

$ echo -n "manual"|sha256sum
36bde66f289a35683683b041c6d8f418a5f36607b547da25d00ad55891e80b88  -


UPDATE managed_utxos SET lease_owner = X'36bde66f289a35683683b041c6d8f418a5f36607b547da25d00ad55891e80b88' lease_expiry = '2025-08-22 08:00:00.140749415 +0000 UTC' WHERE outpoint = X'f1aaba121d112bbbdb47f07bbb35e310c4a6abe545844c9c834c3e427994473700000000';

Outpoint is 37479479423e4c839c4c8445e5aba6c410e335bb7bf047dbbb2b111d12baaaf1:0 serialized using https://guggero.github.io/cryptography-toolkit/#!/encoding-decoding (see "Bitcoin Outpoint" section)

Reproduction

Initial attempt at reproduction: lightninglabs/lightning-terminal#825
@guggero guggero mentioned this issue Aug 22, 2024
Merged
@dstadulis dstadulis moved this from 🆕 New to 🏗 In progress in Taproot-Assets Project Board Aug 22, 2024
@dstadulis dstadulis added this to the v0.4.2 milestone Aug 22, 2024
Roasbeef added a commit that referenced this issue Aug 23, 2024
@Roasbeef
commitment: splits shouldn't inherit locktime from inputs
523d723 
In this commit, we fix an existing bug related to lock times and split
commitments. Before this commit, if an input had a relative lock time,
then when we went to make the new split assets, we would _copy_ that
value into the split. This isn't correct as the input is
valid/confirmed, so we don't need to copy over the lock time
information.

The prior behavior would cause certain classes of spends to fail, as
we would be validating a new root asset that has no lock time, but the
root asset split inserted into the split commitment would be carrying
the old lock time. When verifying the split, we would set the lock times
of the split to that of the new asset:
https://github.com/lightninglabs/taproot-assets/blob/e893dee87e9d8f0de53b8ee9e2527add80df6491/vm/vm.go#L305-L307.

As we copied over the lock time from the input, we would now effectively
invalid the split commitment.

Fixes #1099
@Roasbeef Roasbeef mentioned this issue Aug 23, 2024
Merged
@Roasbeef
Copy link
Member

To make sure the incorrect proof isn't used in any new transfers, the asset UTXO was leased for a year.

Based on my investigation, the proof for the output on disk is correct. The bug was that we didn't clear the prior relative lock time when making the split leaf. So once #1103 is in, affected users should be able to spend the input again as normal.

@github-project-automation github-project-automation bot moved this from 🏗 In progress to ✅ Done in Taproot-Assets Project Board Aug 24, 2024
@github-project-automation github-project-automation bot moved this from 🏗 In progress to ✅ Done in Taproot-Assets Project Board Aug 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working payment-channel proofs tap-channels
Projects
Taproot-Assets Project Board
Status: ✅ Done
Milestone
v0.5
Development

Successfully merging a pull request may close this issue.

commitment: splits shouldn't inherit locktime from inputs lightninglabs/taproot-assets
3 participants
@Roasbeef @guggero @dstadulis