Analysis of 0xB10C's weird bitcoin transaction \ stacker news ~bitcoin

Analysis of 0xB10C's weird bitcoin transaction

16.3k sats \ 51 comments \ @supertestnet 1 Jul bitcoin

The following is an analysis of this bitcoin transaction: https://mempool.space/tx/b10c0000004da5a9d1d9b4ae32e09f0b3e62d21a5cce5428d4ad714fb444eb5d

That transaction does a lot of interesting things. Here is a partial list:

it sends money to a non-standard bitcoin address that only contains 2 bytes ("bc1pfeessrawgf") where the standard is for addresses to be 20 bytes long
that nonstandard address should appear on bitcoin explorers as the plain text term "non-standard" but the transaction author knew that mempool.space has a naive/buggy address parser and exploited that to make the address look like a valid-but-incredibly-short segwit address
the transaction seems to attempt use every form of valid bitcoin input and output type: p2pk (the oldest output type, where you send money directly to someone's public key), legacy (the format widely used from 2010 to 2017 -- also tied for oldest, since Satoshi included this format as a non-default option in bitcoin v0), "bare multisig" where the output is a list of two or more public keys, P2SH multisig where the output is a "hash" of two or more public keys, "nested segwit," "native segwit v0," segwit v1 (i.e. taproot), plus two unusual lightning-related utxos: an in-flight HTLC and a force closure tx
the input amounts contain several interesting numbers: 6102 is the executive order by which Roosevelt implemented a partial ban on self-custodied gold in the USA, 1913 is the year he did that, 1971 is the year the USA abandoned the gold standard, 2140 is the year bitcoin's block subsidy stops, 5139 refers to the CVE report number of bitcoin's inflation bug from 2010 where someone created billions of bitcoins and the network forked & rolled back to override it, 3220 refers to the CVE report number of one of bitcoin's only hard forks: the berkeley database fork, 17144 refers to the CVE report number of the 2018 "would-be" inflation bug that never got exploited, 8149 refers to the pull request that integrated segwit, 19953 refers to the pull request that integrated schnorr signatures, and I don't know what 9001 refers to, but there was a relatively minor bug in bitcoin core which was fixed in 2016 and had that issue number -- it involved getting a corrupted database if you had pruning enabled in bitcoin core and your pc crashed during initial block download...if it happened you would have to restart from scratch. I suspect 9001 is more likely a reference to the "It's over 9000!" meme from Dragon Ball Z
the output amounts are the dust limits for bitcoin's various address formats: 576 for p2pk addresses, 540 for legacy addresses, 582 for bare multisig addresses, 546 for p2sh addresses, 294 for segwit v0 "regular addresses," 330 for segwit v0 "script addresses" and segwit v1 "taproot addresses", 240 for the non-standard 2-byte address, and 0 for OP_RETURNs
the first and third inputs use uncompressed pubkeys, which are unusual in bitcoin because compressed pubkeys are smaller and cheaper (and required in segwit addresses)
the fourth input (p2sh multisig) use a proof-of-work technique called "signature grinding" to produce a valid bitcoin signature that is only 57 bytes long. Normal bitcoin signatures are 73 bytes long (except schnorr signatures, which are shorter). It took the tx author a long time to do that and it was very expensive.
the various signatures in the transaction use all of bitcoin's six sighash flags: SIGHASH_ALL, SIGHASH_NONE, SIGHASH_ONE, SIGHASH_ALL | ANYONE_CAN_PAY, SIGHASH_NONE | ANYONE_CAN_PAY, and SIGHASH_ONE | ANYONE_CAN_PAY -- and the last input (which is a taproot input) also uses SIGHASH_DEFAULT which was added for taproot and means you do "not" use a sighash flag, which bitcoin (post taproot) now interprets as being equivalent to SIGHASH_ALL (that is the flag most commonly used in bitcoin, and not adding a sighash flag saves you 1 byte, thus slightly lowering tx fees)
the OP_RETURN output not only pushes text (which is normal) but also pushes all 17 numbers that bitcoin has special opcodes for
the transaction hash is customized to have the tx author's twitter handle and a bunch of leading zeroes, which is very expensive to do and takes a lot of work

view all related items

2141 sats \ 0 replies \ @mononautical 2 Jul

that nonstandard address should appear on bitcoin explorers as the plain text term "non-standard" but the transaction author knew that mempool.space has a naive/buggy address parser and exploited that to make the address look like a valid-but-incredibly-short segwit address

"bc1pfeessrawgf" is the correct address rendering for this output, since it is a valid segwit v1 witness program, even though the combination of witness version & program length does not correspond to any defined spending rules.

(although the 2-byte 0x4e73 output script does match a proposal for ephemeral outputs).

Fun fact: undefined segwit outputs like this are completely standard to create, and only non-standard to spend.

However, this transaction did prompt us to fix a bug on mempool.space that calculated the dust limit incorrectly for this kind of output, which caused the transaction to be falsely labeled as non-standard for a short time.

200 sats \ 3 replies \ @anon 3 Jul

-----BEGIN BITCOIN SIGNED MESSAGE----- Excellent analysis! You are correct to call it a partial list though, as there's still a lot left to uncover. -----BEGIN BITCOIN SIGNATURE----- 1J7SZJry7CX4zWdH3P8E8UJjZrhcLEjJ39

IMhlCYnVs6tFHuBs4GmS703mUBqj1ak4JCHGHHLm1YpPAT7ephH/gY4thTLeM5vvl6PU/OR/c/3C3VjM8eWdMXY= -----END BITCOIN SIGNATURE-----

0 sats \ 2 replies \ @supertestnet OP 3 Jul

Cool! What does 9001 refer to? I couldn't figure that one out

0 sats \ 1 reply \ @anon 3 Jul

-----BEGIN BITCOIN SIGNED MESSAGE----- It is indeed a meme reference, and actually the only Easter egg not related to Bitcoin. I appreciate you trying to find deeper meaning in it though. -----BEGIN BITCOIN SIGNATURE----- 1J7SZJry7CX4zWdH3P8E8UJjZrhcLEjJ39

ILzuilPnRAiL78nGmho0/VCHkIVZtPbiEAinTj33UfR3FFRDje0Nd0BqQWzKrcA0+ie2a3kXutc5cYbh3o36Yps= -----END BITCOIN SIGNATURE-----

0 sats \ 0 replies \ @anon 20h

Dragon ball z ref?

462 sats \ 0 replies \ @0xB10C 1 Jul

the transaction hash is customized to have the tx author's twitter handle and a bunch of leading zeroes

This part is incorrect :) I only learned about this transaction from mononauts tweet. While I did create b10c007c60e14f9d087e0291d4d0c7869697c6681d979c6639dbd960792b4d41 a while ago, I'm not related to this transaction. I obviously can't prove it..

20 sats \ 1 reply \ @anon 1 Jul

that nonstandard address should appear on bitcoin explorers as the plain text term "non-standard" but the transaction author knew that mempool.space has a naive/buggy address parser and exploited that to make the address look like a valid-but-incredibly-short segwit address

I believe that address is actually an ephemeral anchor output: https://github.com/bitcoin/bitcoin/pull/30352/files

IIUC they are standard to create at the moment. It's spending them that is non-standard.

0 sats \ 0 replies \ @supertestnet OP 2 Jul

Fascinating! But that pull request is still pending right? I don't think they will be standard as outputs til it is merged

90 sats \ 1 reply \ @OneOneSeven 1 Jul

This is what real art on the bitcoin blockchain looks like.

21 sats \ 0 replies \ @DiedOnTitan 2 Jul

Lit up this transaction like a Christmas Tree.

101 sats \ 0 replies \ @random_ 1 Jul

So quirky.

Thanks for the analysis. So much to be learned from one transaction.

191 sats \ 1 reply \ @Rob1Ham 1 Jul

The nLocktime is an epoch timestamp which matches the genesis block!

‎1,231,006,505 = Sat Jan 03 2009 18:15:05 GMT+0000

0 sats \ 0 replies \ @DiedOnTitan 2 Jul

That is an astounding insight!

21 sats \ 0 replies \ @Lux 2 Jul

6102 is the executive order by which Roosevelt implemented a partial ban on self-custodied gold in the USA, 1913 is the year he did that

EO 6102 was in 1933 The FED was created in 1913

great post

69 sats \ 4 replies \ @petertodd 1 Jul

the OP_RETURN output not only pushes text (which is normal) but also pushes all 17 numbers that bitcoin has special opcodes for

The author also could have put an OP_Reserved in there too, as bizarrely Bitcoin considers it to also be a data opcode!

That's the only way I can think of for this transaction to be improved.

100 sats \ 3 replies \ @supertestnet OP 1 Jul

I wish he exploited the sighash_single bug. I thought he did in input 8 (whose signature uses sighash_one) but I checked the sig and the sighash wasn't one -- because the op_return counts as an output for purposes of calculating the sighash, so he signed a hash of his input plus that op_return "output"

29 sats \ 0 replies \ @petertodd 1 Jul

Oh! Good point, that would have been cool!

100 sats \ 1 reply \ @vostrnad 1 Jul

That would require a different layout of inputs/outputs, since the only input with index higher than all outputs is a P2TR input, and the sighash_single bug is fixed in Taproot.

100 sats \ 0 replies \ @supertestnet OP 1 Jul

Yeah but that would be totally worth it imo. It's a very cool bug and no one ever uses it, an art piece like this would be a great opportunity to showcase it

53 sats \ 0 replies \ @quark 1 Jul

Some people have a lot of fun in the blockchain :)

300 sats \ 1 reply \ @jirijakes 21h

Some more things:

wtxid also seems to have been subject to grinding: 0000000001d549a7df6bb3346ab8d390ea517bb284fc0c081647068f9b72e641
inputs have interesting sequences:
- 0: 20090103 (genesis block)
- 1: 20081031 (white paper)
- 2: 19750504 (???)
- 3: 16 (???)
- 4: 141 (BIP-141)
- 5: 3735928559 (deadbeef)
- 6: 21000000
- 7: 4190024921 / f9beb4d9 / d9b4bef9 (???)
- 8: 341 (BIP-341)
- 9: 342 (BIP-342)

20 sats \ 0 replies \ @jirijakes 21h

1975-05-04 is Satoshi's birthdate.

40 sats \ 5 replies \ @pycan 1 Jul

I've recently started studying https://learnmeabitcoin.com/ and on multiple places Greg mentions that non-standard aspects of a transaction (which this one obviously has) causes the transaction to not be relayed by the nodes. Can anyone clarify how did it get into the block, then? Could have it been placed there manually and, therefore, point to the Braiins pool?

21 sats \ 4 replies \ @supertestnet OP 1 Jul

Can anyone clarify how did it get into the block, then?

In the past I've gotten nonstandard transactions mined by emailing a miner and asking nicely. A lot of them have contact info in the footers of their websites, and bitcoin core has an RPC method for "injecting" a valid transaction directly into a block you're mining even if that transaction is non-standard. A few pools also have web apis for submitting non-standard transactions to them as long as you pay a high fee. I don't know if Braiins pool has such an api, but if they don't he probably emailed the transaction to them and asked nicely, or maybe the tx author works for them. I can confirm the tx was mined by Braiins -- the block it's in has a signature that includes Braiins's name.

109 sats \ 2 replies \ @mononautical 2 Jul

the transaction is actually completely standard, and in fact was observed in mempool.space's mempool before it was mined.

11 sats \ 1 reply \ @supertestnet OP 2 Jul

Then that is perhaps the most fascinating thing about this transaction

10 sats \ 0 replies \ @DiedOnTitan 2 Jul

Yes. The fact that this transaction made it into block 850000 (definitely not an accident) also suggests that it is completely standard. It would have been very risky to ask nicely of every major miner and risk that 850000 got mined by someone else.

0 sats \ 0 replies \ @pycan 1 Jul

That makes sense, thanks for explaining.

20 sats \ 1 reply \ @pycan 1 Jul

block 850000 is also intentional

1 sat \ 0 replies \ @pen877 2 Jul freebie

Fees 71,294

71+294 = 365

19 sats \ 0 replies \ @Rsync25 1 Jul

Bookmarked!

0 sats \ 0 replies \ @DiedOnTitan 2 Jul

which is very expensive to do and takes a lot of work

Which suggests that tx author has mining infrastructure that was used to produce this? I am unclear if sha-256 ASICs are the right tool for this particular type of hashing?

Are there many other examples of vanity hashes out there, or is this something new?

0 sats \ 1 reply \ @DiedOnTitan 2 Jul

the OP_RETURN output not only pushes text (which is normal) but also pushes all 17 numbers that bitcoin has special opcodes for

I am seeing just "Not your inputs, not your outputs." in OP_RETURN. Where are you seeing all 17 numbers?

68 sats \ 0 replies \ @vostrnad 2 Jul

On mempool.space, you need to click the "Details" button which reveals more details about each input and output. These 17 numbers can be seen in the decoded output script ("ScriptPubKey").

0 sats \ 1 reply \ @oliverweiss 1 Jul

So many details. It feels like it is you doing this?

57 sats \ 0 replies \ @supertestnet OP 1 Jul

It wasn't me, I would have done it on testnet, and I wouldn't have spent all that money grinding for short signatures. But other than those two things I wish it was me! It's a very creative idea and as a piece of geek art I think it's wonderful

0 sats \ 0 replies \ @160ed04091 1 Jul

In another study, 0xB10C identified selective transaction filtering by certain Bitcoin mining pools, particularly f2pool

0 sats \ 0 replies \ @cristaiji 1 Jul

Whoa interesting! This is technically waaay over my head but thanks for posting anyway.

0 sats \ 0 replies \ @GMONEY 1 Jul

Federal Reserve Act of 1913 322 = Skull N Bones

0 sats \ 1 reply \ @supratic 1 Jul

Thanks for the great explanation and deep dive, so much info in such complete and minimalistic transaction! What's the need of signing it over mainnet instead of playing on testnet?

112 sats \ 0 replies \ @supertestnet OP 1 Jul

I would have done it on testnet and then told people "hey look what I made!" on social media, but the author apparently does not want to be known, and since weird transactions happen all the time on testnet, it might easily have gone unnoticed by others

0 sats \ 0 replies \ @027d8853cb 1 Jul

What a headscratcher. Somebody knows what they're doing here. I've never seen many of these transaction types before.

0 sats \ 0 replies \ @Catcher 1 Jul

Imagine satoshi sitting somewhere creating these fun transactions:)

0 sats \ 3 replies \ @Fabs 1 Jul

Alrighty, the author clearly knows his shit and has been around for a while, aye?

100 sats \ 2 replies \ @plebpoet 2 Jul

yeah you could attend his workshops if you wanted to collect some of his knowledge

0 sats \ 1 reply \ @Fabs 2 Jul

I ment the author of the transaction, but supertestnet is also knowledgeable.

0 sats \ 0 replies \ @plebpoet 2 Jul

oh for sure

0 sats \ 1 reply \ @grayruby 1 Jul

Someone having fun or something nefarious?

50 sats \ 0 replies \ @supertestnet OP 1 Jul

just fun

0 sats \ 0 replies \ @vostrnad 1 Jul freebie

deleted by author

0 sats \ 0 replies \ @NaOD 2 Jul outlawed

stackers have outlawed this. turn on wild west mode in your /settings to see outlawed content.