Redeem multisig dust - Cannot broadcast (mandatory-script-verify-flag-failed)

Support
1

The service “Bitcoin Coin Sweeper - Redeem any multisig or dust output” at http://redeem.bitwatch.co/ lets you find unspent outputs from Counterwallet. If you used CW more than a year ago (now it uses op_return, so not an issue anymore), you may have a significant amount of “dust bitcoins” you should be able to redeem.

The coin sweeper gives a hex to sign. I verify and sign with https://coinb.in.

After I sign, I get a hex encoded bitcoin transaction. It cannot be broadcast!
Error 16: mandatory-script-verify-flag-failed (Non-canonical DER signature)

On services such as https://www.smartbit.com.au/txs/decodetx the tx appears ok.

P.S. The coin sweeper shows a list of outputs. They are of types ‘multisig’ and ‘pubkeyhash’. It works for those labeled ‘pubkeyhash’ so at least these outputs you can redeem.

2

A concrete example. Raw tx:

01000000012fd2659de7463e6b0f240df7db6a51261ee515142dea38f7664da74cac5cc83202000000910047304402205d45ba19515dd15ecb5eb9635520998e801bb1ef36cff314cffae400b678df0a022036b8247e58dcc4f51934cdc9e4a5c2b4b8a16f453cd3e88cd502f28febd7a0c80147512102f3d205c9d7353fbfa7aa0693822381b83497b2697b1e4c19fcc0eae998e04aad211065642064657465726d696e65732062650000000000000000000000000000000052aeffffffff01901a0000000000001976a914d88acffb4e8a087ba3d90f5168af540f749f593d88ac00000000

Broadcast error with BlockCypher:

Error sending transaction: Error running script for input 0 referencing 32c85cac4ca74d66f738ea2d1415e51e26516adbf70d240f6b3e46e79d65d22f at 2: Script was NOT verified successfully..

Decoded with https://www.smartbit.com.au/txs/decodetx :

{ "Version": "1", "LockTime": "0", "Vin": [ { "TxId": "32c85cac4ca74d66f738ea2d1415e51e26516adbf70d240f6b3e46e79d65d22f", "Vout": "2", "ScriptSig": { "Asm": "0 304402205d45ba19515dd15ecb5eb9635520998e801bb1ef36cff314cffae400b678df0a022036b8247e58dcc4f51934cdc9e4a5c2b4b8a16f453cd3e88cd502f28febd7a0c8[ALL] 512102f3d205c9d7353fbfa7aa0693822381b83497b2697b1e4c19fcc0eae998e04aad211065642064657465726d696e65732062650000000000000000000000000000000052ae", "Hex": "0047304402205d45ba19515dd15ecb5eb9635520998e801bb1ef36cff314cffae400b678df0a022036b8247e58dcc4f51934cdc9e4a5c2b4b8a16f453cd3e88cd502f28febd7a0c80147512102f3d205c9d7353fbfa7aa0693822381b83497b2697b1e4c19fcc0eae998e04aad211065642064657465726d696e65732062650000000000000000000000000000000052ae" }, "CoinBase": null, "TxInWitness": null, "Sequence": "4294967295" } ], "Vout": [ { "Value": 0.000068, "N": 0, "ScriptPubKey": { "Asm": "OP_DUP OP_HASH160 d88acffb4e8a087ba3d90f5168af540f749f593d OP_EQUALVERIFY OP_CHECKSIG", "Hex": "76a914d88acffb4e8a087ba3d90f5168af540f749f593d88ac", "ReqSigs": 1, "Type": "pubkeyhash", "Addresses": [ "1LjyFHwDwJXkqfwRsWyRWsqNaRxhK7v3Rh" ] } } ], "TxId": "79ac2bda94bc9d786117b6cc5fd61bdec6796c321e6c7bae629a70469c2a9834" }

3

Have you verified your DER sig is correct?

4

Reply on GitHub

How do you sign the failing transactions? Openssl?

`Did you make sure you confirming to BIP62: https://github.com/bitcoin/bips/blob/master/bip-0062.mediawiki (strict DER encoding)?``

I don’t know the technical details here. I just try to use services others built. If someone with the technical knowledge reads this, would be great if you look into it and answer on Github.

5

I tried to check the DER part yesterday but didn’t get anywhere as I kept getting errors about the missing previous (vin) transaction despite using the a option to fetch it from API providers. I used pycoin for that, by the way.

The question is basically similar to what I asked yesterday - how did you compose the transaction, with what tools and what parameters. That would answer whether the way you created it was correct.

pycoin here has a unit test that checks for non-standard transactions and can optionally sign with OpenSSL (but I understand it’s not on by default since it’s new) so if you used that, it would likely not use OpenSSL and it’d check for non-standard DER.

But if you used something else, then it could be some other setup.

6

Transaction generated with http://redeem.bitwatch.co

Verified and signed with https://coinb.in.

Broadcast failed with coinb.in. Tried broadcasting from other sites too, but all gave error.

1 Like
7

Ah, okay. I now realize you mentioned that at the top, but I never got the Redeem code to work for me so I didn’t see how it creates outputs (I could read the source, but I wouldn’t understand it). I’ll check if I have any addresses with multisig dust myself.
Edit: just realized the “default” address in there actually is a demo address. I used to think it’s a “donation” address. :slight_smile:

8

Well, it’s like this - assuming you swept the 1LjyFHwDwJXkqfwRsWyRWsqNaRxhK7v3Rh i.e. the info you provided is correct - when I look at Redeem’s potential outputs there’s close to 20 of them.

Consequently, if you swept all of them, you’re supposed to decode that to a long tx like this (using blockchain.info).

{
   "lock_time":0,
   "size":2196,
   "inputs":[
      {
         "prev_out":{
            "index":0,
            "hash":"500f1aea832ca388da54618bf35ba1e04b118ab94d6631115f9684ad566361cb"
         },
         "script":"512102f3d205c9d7353fbfa7aa0693822381b83497b2697b1e4c19fcc0eae998e04aad2120434e5452505254590000001e53f4531dbff0000000000000000027102754455352ae"
      },
      {
         "prev_out":{
            "index":1,
            "hash":"500f1aea832ca388da54618bf35ba1e04b118ab94d6631115f9684ad566361cb"
         },
         "script":"512102f3d205c9d7353fbfa7aa0693822381b83497b2697b1e4c19fcc0eae998e04aad212054202d20436f696e20466c6970202d2031203d2068656164732c2032203d207452ae"
      },
      {
         "prev_out":{
            "index":2,
            "hash":"500f1aea832ca388da54618bf35ba1e04b118ab94d6631115f9684ad566361cb"
         },
         "script":"512102f3d205c9d7353fbfa7aa0693822381b83497b2697b1e4c19fcc0eae998e04aad211061696c730000000000000000000000000000000000000000000000000000000052ae"
      },
      {
         "prev_out":{
            "index":0,
            "hash":"32c85cac4ca74d66f738ea2d1415e51e26516adbf70d240f6b3e46e79d65d22f"
         },
         "script":"512102f3d205c9d7353fbfa7aa0693822381b83497b2697b1e4c19fcc0eae998e04aad2120434e5452505254590000001e53f473c3bff000000000000000002710334c617352ae"
      },
      {
         "prev_out":{
            "index":1,
            "hash":"32c85cac4ca74d66f738ea2d1415e51e26516adbf70d240f6b3e46e79d65d22f"
         },
         "script":"512102f3d205c9d7353fbfa7aa0693822381b83497b2697b1e4c19fcc0eae998e04aad212074206469676974206f6620626c6f636b2068617368207768656e206d6174636852ae"
      },
      {
         "prev_out":{
            "index":2,
            "hash":"32c85cac4ca74d66f738ea2d1415e51e26516adbf70d240f6b3e46e79d65d22f"
         },
         "script":"512102f3d205c9d7353fbfa7aa0693822381b83497b2697b1e4c19fcc0eae998e04aad211065642064657465726d696e65732062650000000000000000000000000000000052ae"
      },
      {
         "prev_out":{
            "index":0,
            "hash":"c5c602c588c5c9ce00bf746b49511c8e5bdf5ae1abe6ba7ec2f10cb8e32e68e6"
         },
         "script":"512102f3d205c9d7353fbfa7aa0693822381b83497b2697b1e4c19fcc0eae998e04aad2120434e5452505254590000001e53f49aaabff000000000000000002710304d617452ae"
      },
      {
         "prev_out":{
            "index":1,
            "hash":"c5c602c588c5c9ce00bf746b49511c8e5bdf5ae1abe6ba7ec2f10cb8e32e68e6"
         },
         "script":"512102f3d205c9d7353fbfa7aa0693822381b83497b2697b1e4c19fcc0eae998e04aad2120636820626c6f636b2068617368206c617374206467743b206f64643d6865616452ae"
      },
      {
         "prev_out":{
            "index":2,
            "hash":"c5c602c588c5c9ce00bf746b49511c8e5bdf5ae1abe6ba7ec2f10cb8e32e68e6"
         },
         "script":"512102f3d205c9d7353fbfa7aa0693822381b83497b2697b1e4c19fcc0eae998e04aad2110732c206576656e3d7461696c730000000000000000000000000000000000000052ae"
      },
      {
         "prev_out":{
            "index":0,
            "hash":"2d2f93bfb3f0b9ec481930f7d60e1cf35e79c44251d8ae5d6b680548b84d9585"
         },
         "script":"512102f3d205c9d7353fbfa7aa0693822381b83497b2697b1e4c19fcc0eae998e04aad2120434e5452505254590000001e53f649264000000000000000000027101f54455352ae"
      },
      {
         "prev_out":{
            "index":1,
            "hash":"2d2f93bfb3f0b9ec481930f7d60e1cf35e79c44251d8ae5d6b680548b84d9585"
         },
         "script":"512102f3d205c9d7353fbfa7aa0693822381b83497b2697b1e4c19fcc0eae998e04aad211c54202d20436f696e20666c697020726573756c74203d205441494c530000000052ae"
      },
      {
         "prev_out":{
            "index":0,
            "hash":"1094bcfb74688413809d4974885b6418434046494c0abb05b9a2e8b61b02334e"
         },
         "script":"512102f3d205c9d7353fbfa7aa0693822381b83497b2697b1e4c19fcc0eae998e04aad2120434e5452505254590000001e53f64ff7bff0000000000000000027102e426c6f52ae"
      },
      {
         "prev_out":{
            "index":1,
            "hash":"1094bcfb74688413809d4974885b6418434046494c0abb05b9a2e8b61b02334e"
         },
         "script":"512102f3d205c9d7353fbfa7aa0693822381b83497b2697b1e4c19fcc0eae998e04aad2120636b20333136373030204c617374204469676974206f6620486173682c204f6452ae"
      },
      {
         "prev_out":{
            "index":2,
            "hash":"1094bcfb74688413809d4974885b6418434046494c0abb05b9a2e8b61b02334e"
         },
         "script":"512102f3d205c9d7353fbfa7aa0693822381b83497b2697b1e4c19fcc0eae998e04aad210b643d312c204576656e3d3200000000000000000000000000000000000000000052ae"
      },
      {
         "prev_out":{
            "index":0,
            "hash":"fc07c8e88f5e9a6f02e3a0ef92f7e4365b23ab396e03e6b3408b395d93857d7f"
         },
         "script":"51210357cc019f62354d34f6c51996428f663df6e2633555870680d51b17cae2bada892102f37b96967facc59985d45d9654b26a28cf5a49df5e7b2e7afc7871cfa3598a082102f3d205c9d7353fbfa7aa0693822381b83497b2697b1e4c19fcc0eae998e04aad53ae"
      },
      {
         "prev_out":{
            "index":0,
            "hash":"73e826959562ecb747838411688403d3d9b7ce0bad45c95b9ddcec97496c62de"
         },
         "script":"512102f4f6c05bd40a0264d8db3502f7ac49d065e3a8d2e78f9e4c426c5bb0c4ce918321023af48f63891e5a438ef6e85da43949cc459142b013c02480cd6334e8530850ff2102f3d205c9d7353fbfa7aa0693822381b83497b2697b1e4c19fcc0eae998e04aad53ae"
      },
      {
         "prev_out":{
            "index":0,
            "hash":"300b97fdd7a84619dc32c182a6e7bbdf66ae25495a87e7fc3b6bd18aca7de638"
         },
         "script":"5121030b978d45bef1a673a007830426f301b7d7d1cc24722700161dea08580654656a2102da3ae5ee02118df3ef09ba483cc92e7fbfebe5281ff68444787e971318d85e5d2102f3d205c9d7353fbfa7aa0693822381b83497b2697b1e4c19fcc0eae998e04aad53ae"
      },
      {
         "prev_out":{
            "index":0,
            "hash":"aea52a91e2caff47d1f2eb8fed821739e991bd03c0fa6d948df5c737f7c77831"
         },
         "script":"512103c3d1f6d3c720c641aee2c6cecf4bb3875ab0e2daef87a5f43362f0814a8a43c52103a1a24128ea3ee013a44a2d2093b234af4f47ed76f54967204cb57284e72f68322102f3d205c9d7353fbfa7aa0693822381b83497b2697b1e4c19fcc0eae998e04aad53ae"
      }
   ],
   "version":1,
   "vin_sz":18,
   "hash":"39207c798631111d5e7a07dc3e7b913c89fdbfb519f45d0e3760f4ff00efc338",
   "vout_sz":1,
   "out":[
      {
         "script_string":"OP_DUP OP_HASH160 d88acffb4e8a087ba3d90f5168af540f749f593d OP_EQUALVERIFY OP_CHECKSIG",
         "address":"1LjyFHwDwJXkqfwRsWyRWsqNaRxhK7v3Rh",
         "value":137400,
         "script":"76a914d88acffb4e8a087ba3d90f5168af540f749f593d88ac"
      }
   ]
}```
9

I checked the address 1JDogZzWJMuyeEDcuFpmLUQ2u4b6RfuDTd
It has 0.33 BTC of redeemable dust. That’s 330 USD and will probably require something like a $50 fee for the sweep transaction :smile:

@jdogresorg

My dust should be around this magnitude too, though spread over several addresses.

10

So you were trying to spend outputs of 1JDogZzWJMuyeEDcuFpmLUQ2u4b6RfuDTd by crafting a Send transaction to 1LjyFHwDwJXkqfwRsWyRWsqNaRxhK7v3Rh?

But there was no 1JDogZzWJMuyeEDcuFpmLUQ2u4b6RfuDTd in any of the inputs.

11

No. I cannot sign any tx from 1JDogZzWJMuyeEDcuFpmLUQ2u4b6RfuDTd.
I mentioned his address as an example.

12

New reply on Bitcoin Github:

Based on the other thread @Jpja used https://coinb.in to sign the transaction.

My guess is their service still produces high-S values.

Can you try to sign the transaction via CounterWallet or Bitcoin Core, as described here?

https://bitcointalk.org/index.php?topic=573342.msg6336408#msg6336408

13

In Counterwallet I get error
Invalid DER format public key

I don’t have Bitcoin Core. Maybe someone can try?

14

Okay, I assume you swept 1LjyFHwDwJXkqfwRsWyRWsqNaRxhK7v3Rh, then.

Where are your inputs, though? The JSON I pasted is correct for 1LjyFHwDwJXkqfwRsWyRWsqNaRxhK7v3Rh, whereas I don’t know what your transaction is supposed to mean (in terms of inputs).

15

Here’s one where I only try the hash
32c85cac4ca74d66f738ea2d1415e51e26516adbf70d240f6b3e46e79d65d22f

sweep multisig3.JPG1285×512 76.3 KB

Sign and broadcast this hex string to redeem the unspent outputs:
01000000032fd2659de7463e6b0f240df7db6a51261ee515142dea38f7664da74cac5cc8320000000047512102f3d205c9d7353fbfa7aa0693822381b83497b2697b1e4c19fcc0eae998e04aad2120434e5452505254590000001e53f473c3bff000000000000000002710334c617352aeffffffff2fd2659de7463e6b0f240df7db6a51261ee515142dea38f7664da74cac5cc8320100000047512102f3d205c9d7353fbfa7aa0693822381b83497b2697b1e4c19fcc0eae998e04aad212074206469676974206f6620626c6f636b2068617368207768656e206d6174636852aeffffffff2fd2659de7463e6b0f240df7db6a51261ee515142dea38f7664da74cac5cc8320200000047512102f3d205c9d7353fbfa7aa0693822381b83497b2697b1e4c19fcc0eae998e04aad211065642064657465726d696e65732062650000000000000000000000000000000052aeffffffff01480d0000000000001976a914d88acffb4e8a087ba3d90f5168af540f749f593d88ac00000000

Trying to sign it in CW, I get error
Invalid DER format public key

The same error applies whether I try few or many (or all) outputs.

16

  1. You maybe better update the github issue with the info on the address you used to compose that transaction

  2. DER keys come in compressed and uncompressed formats. I’d try to use the other format (from the one used by CounterWallet - you can dig that out from the CW code).
    Bitcore library can get you the both formats.
    If you use the wrong format, then CW understands it as an attempt to sign it from a different address.
    An easier way is to encode the transaction in Bitcoin Core and send it, rather than let someone encode it for you and then obtain the other, unusual format of your pubkey, but either way should do if that’s the only issue.

17

Okay, 3 more hours spent on this (I tried completely composing a lengthy transaction from one of my old addresses).

I was pretty sure DER signature used (or rather got from the Web site which composed the transaction) was wrong. But now after being unable to compose a valid transaction using several ways, I think this is the reason:

I don’t know which of them exactly, but basically compared to before new DER-related rules kicked in and now what used to work before can’t work any more. BIP62 rules can be found here: https://github.com/bitcoin/bips/blob/master/bip-0062.mediawiki#New_rules

So maybe the Redeem guy can update the script or someone can try to look at these rules and create a compliant transaction (I give up, too difficult).

18

This address has redeemed all multisig dust:
http://blockscan.com/address/1BADaNiGQ3GuF8Fb35oWpym4KfzLCbHvYb

Example redeem transaction:
https://www.blocktrail.com/BTC/tx/f4e2d186ed56aad9b965370411cece4e65fb8dba33ba04d03295299c273e527f

And indeed, http://redeem.bitwatch.co/ indicates that this address has
0 unspent outputs

Maybe it’s possible to figure out how they did it by studying the redeem transaction?

Check this funny thread. People were giving out passphrases with multisig dust and someone did indeed sweep them