PSBT Funding flow retry, instructions for converting binary PSBT to base64, and accept PSBT from file,

[kornpow]

Background

1. In the PSBT funding flow, if you input the base64 data wrong, it cancels the channel open. This requires you to go back to your hardware devices and resign the PSBT again.

2. I have a PSBT created in Electrum and signed with coldcards, I can only load it back into electrum, I do not know how to convert it to base64.

3. It would also be great to be able to input the PSBT as a file, but that is a little challenging since the PSBT address is only created after the command has run.

Your environment

• version of lnd
  "version": "0.10.99-beta commit=clock/v1.0.0-85-gacc698a6995b35976950282b29c9685c993a0364",
  "commit_hash": "acc698a6995b35976950282b29c9685c993a0364",
• which operating system (uname -a on *Nix)
  Ubuntu
• version of btcd, bitcoind, or other backend
  bitcoind
• any other relevant environment details

Steps to reproduce

Tell us how to reproduce this issue. Please provide stacktraces and links to code in question.
Generate base64 from electrum psbt file:
base64 testpsbt-signed.psbt -w 0

Expected behaviour

Channel funding flow complete

Actual behaviour

[lncli] verifying PSBT by lnd failed: rpc error: code = Unknown desc = error parsing psbt: Invalid PSBT serialization format

[kornpow]

This is the contents of my unsigned psbt. I cannot get it to be recognized with bitcoin-cli decodepsbt.
You can tell something about it is correct: "7073 6274" --> "psbt"
7073 6274 ff01 005e 0200 0000 0188 03bf a0a4 ab2f 9905 a3ee a49a 97d7 8ab3 fc3c 5772 90ab ea47 44e1 88fb 6d24 cb00 0000 0000 fdff ffff 01e0 9304 0000 0000 0022 0020 7b35 5fea e8b1 b0a7 a432 d00e d97a 4145 6de4 d40d caa4 f6fe cc7c 34c7 2cb0 9ec9 f0b2 0900 4f01 02aa 7ed3 0447 3714 1d80 0000 0274 1bc8 8607 0500 91d0 0a52 36b6 a82b ba5d a0ff 8e00 3924 6afa 2a7e d0e0 dc8d 8d03 8a8a 4b97 2fad ab9b 0b6d 79fe 770a 91e3 9867 0763 c63f 0992 a4fb ed91 e4e3 1346 149e 8652 e630 0000 8000 0000 8000 0000 8002 0000 804f 0102 aa7e d304 5756 cedd 8000 0002 9142 085d 9631 0e6a 4ef9 3ed9 766f 31a7 47b0 12d7 f044 689c 6952 ae01 8621 d52f 02a6 db07 672c 486b f446 519e dd74 e508 4346 4117 263d c0a0 819d 8b1a 98b9 2d84 3714 c671 ead0 3000 0080 0000 0080 0000 0080 0200 0080 4f01 02aa 7ed3 0425 1731 5480 0000 0291 26f9 81ae d99f 4756 ed02 8d20 825c f969 3ac3 f468 0017 19bd fcdc 733c f57d 9b03 d459 845a 0c88 888e be6f e890 c363 8a33 b660 77a0 f204 9aa8 b3ab ad39 9fbd 0410 1415 420b 2c30 0000 8000 0000 8000 0000 8002 0000 8000 0100 ea01 0000 0000 0101 f2c2 ad36 4731 fddf b0ae b84f 8c36 c7a8 a389 4dc5 6b2f da28 169f 62db 7b46 28b0 0100 0000 00ff ffff ff02 c897 0400 0000 0000 2200 2008 8394 1e35 1cf9 4587 4f38 195d 2d16 3a10 c7bf 77ca cb14 4e40 f935 2c57 8fbd a0ee df2f 0000 0000 0016 0014 b37c 2417 235b bffd 5bb0 c23f eabc 7865 ed90 d8bd 0247 3044 0220 1f23 7a29 b38f c0c7 5754 4219 eb69 4ee4 8393 3b87 4ec7 e7a9 8ab7 9e55 217a ad50 0220 6baf c7b4 edf9 a962 64e0 97a9 ae4f b39b 405e 04e4 4aa6 2858 af9a 8277 05e6 5408 0121 0332 8d82 c366 1dbd 2a4d c60f d9da 1a33 55f4 0db6 4e89 e716 fb88 c0fe 5726 1ebb 8e00 0000 0001 0569 5221 026d 17b0 2b38 8abd fb3a 3279 d7c8 6605 3692 8fbb b789 0132 deac 48fc e981 f567 0721 0362 68c6 2b99 4aea d09c ce68 2f87 11a1 03a8 2edb 3258 f338 cd37 1d7b 18ee ecd2 4421 0379 4b02 26d5 a925 a503 97f0 1a70 1853 66fd 1cda 6021 cbcc 2867 e267 dd2f 7357 4c53 ae22 0602 6d17 b02b 388a bdfb 3a32 79d7 c866 0536 928f bbb7 8901 32de ac48 fce9 81f5 6707 1c9e 8652 e630 0000 8000 0000 8000 0000 8002 0000 8000 0000 0003 0000 0022 0603 6268 c62b 994a ead0 9cce 682f 8711 a103 a82e db32 58f3 38cd 371d 7b18 eeec d244 1cc6 71ea d030 0000 8000 0000 8000 0000 8002 0000 8000 0000 0003 0000 0022 0603 794b 0226 d5a9 25a5 0397 f01a 7018 5366 fd1c da60 21cb cc28 67e2 67dd 2f73 574c 1c15 420b 2c30 0000 8000 0000 8000 0000 8002 0000 8000 0000 0003 0000 0000 00

[guggero]

I had a look at the PSBT. The binary encoding looks OK but it doesn't follow one of the rules for consistency that's why it's rejected.
Here's the decoded version (hashes might need to be reversed, still working on a proper decoder in lnd):

{
  "UnsignedTx": {
    "Version": 2,
    "TxIn": [
      {
        "PreviousOutPoint": {
          "Hash": "8803bfa0a[redacted]",
          "Index": 0
        },
        "SignatureScript": "",
        "Witness": null,
        "Sequence": 4294967293
      }
    ],
    "TxOut": [
      {
        "Value": 300000,
        "PkScript": "00207b35[redacted]"
      }
    ],
    "LockTime": 635632
  },
  "Inputs": [
    {
      "NonWitnessUtxo": {
        "Version": 1,
        "TxIn": [
          {
            "PreviousOutPoint": {
              "Hash": "f2c2ad3647[redacted]",
              "Index": 1
            },
            "SignatureScript": "",
            "Witness": [
              "304402201f237a2[redacted]",
              "03328d82c[redacted]"
            ],
            "Sequence": 4294967295
          }
        ],
        "TxOut": [
          {
            "Value": 301000,
            "PkScript": "00200883941e[redacted]"
          },
          {
            "Value": 3137518,
            "PkScript": "0014b37c[redacted]"
          }
        ],
        "LockTime": 0
      },
      "WitnessUtxo": null,
      "PartialSigs": null,
      "SighashType": 0,
      "RedeemScript": null,
      "WitnessScript": "5221026d17b02b388[redacted]",
      "Bip32Derivation": [
        {
          "PubKey": "026d17b02b3[redacted]",
          "MasterKeyFingerprint": 3864168094,
          "Bip32Path": [
            2147483696,
            2147483648,
            2147483648,
            2147483650,
            0,
            3
          ]
        },
        {
          "PubKey": "036268c62b99[redacted]",
          "MasterKeyFingerprint": 3505025478,
          "Bip32Path": [
            2147483696,
            2147483648,
            2147483648,
            2147483650,
            0,
            3
          ]
        },
        {
          "PubKey": "03794b0226d5a[redacted]",
          "MasterKeyFingerprint": 738935317,
          "Bip32Path": [
            2147483696,
            2147483648,
            2147483648,
            2147483650,
            0,
            3
          ]
        }
      ],
      "FinalScriptSig": null,
      "FinalScriptWitness": null,
      "Unknowns": null
    }
  ],
  "Outputs": [
    {
      "RedeemScript": null,
      "WitnessScript": null,
      "Bip32Derivation": null
    }
  ],
  "Unknowns": [
    {
      "Key": "0102aa7ed304[redacted]",
      "Value": "9e8652e6300[redacted]"
    },
    {
      "Key": "0102aa7ed304575[redacted]",
      "Value": "c671ead0300[redacted]"
    },
    {
      "Key": "0102aa7ed3042517[redacted]",
      "Value": "15420b2c300[redacted]"
    }
  ]
}

The violated rule is: if WitnessUtxo is nil then WitnessScript MUST also be nil.
It looks like Electrum might have accidentally put a witness UTXO as a NonWitnessUtxo? I can't find any of the UTXOs but that could be because my JSON serializer doesn't display them properly.

To me this sounds like an issue should be opened in the Electrum repo.

[kornpow]

@guggero Thanks for piecing that together. I will make an issue at Electrum, I am running pretty close to master of Electrum.

Items 1 & 3 are still valid though.

Can you confirm that base64 mypsbt-signed.psbt -w 0 would be the proper command for turning a binary psbt to base64 for LND?

[guggero]

Yes, you are right, items 1 and 3 are still valid.

About item 1: The code for the command line PSBT interaction is already pretty complex. Adding a loop to catch encoding errors and letting the user try again would have made it overkill for the initial PR. But I'll keep that in mind for a future PR.

About item 3: Yes, the command base64 -w 0 mypsbt-signed.psbt should encode the file correctly. I can add that to the documentation.

[SomberNight]

see spesmilo/electrum#6257 (comment)

[kornpow]

Thanks @SomberNight

[guggero]

@SomberNight thanks a lot for the links in spesmilo/electrum#6257 (comment)! I knew I should have read into the details of the PSBT vulnerability sooner, I just never got around to do so.

Going to create a fix in btcutil to remove the sanity check.