pull down to refresh

That transaction does a lot of interesting things. Here is a partial list:
  • it sends money to a non-standard bitcoin address that only contains 2 bytes ("bc1pfeessrawgf") where the standard is for addresses to be 20 bytes long
  • that nonstandard address should appear on bitcoin explorers as the plain text term "non-standard" but the transaction author knew that mempool.space has a naive/buggy address parser and exploited that to make the address look like a valid-but-incredibly-short segwit address
  • the transaction seems to attempt use every form of valid bitcoin input and output type: p2pk (the oldest output type, where you send money directly to someone's public key), legacy (the format widely used from 2010 to 2017 -- also tied for oldest, since Satoshi included this format as a non-default option in bitcoin v0), "bare multisig" where the output is a list of two or more public keys, P2SH multisig where the output is a "hash" of two or more public keys, "nested segwit," "native segwit v0," segwit v1 (i.e. taproot), plus two unusual lightning-related utxos: an in-flight HTLC and a force closure tx
  • the input amounts contain several interesting numbers: 6102 is the executive order by which Roosevelt implemented a partial ban on self-custodied gold in the USA, 1913 is the year he did that, 1971 is the year the USA abandoned the gold standard, 2140 is the year bitcoin's block subsidy stops, 5139 refers to the CVE report number of bitcoin's inflation bug from 2010 where someone created billions of bitcoins and the network forked & rolled back to override it, 3220 refers to the CVE report number of one of bitcoin's only hard forks: the berkeley database fork, 17144 refers to the CVE report number of the 2018 "would-be" inflation bug that never got exploited, 8149 refers to the pull request that integrated segwit, 19953 refers to the pull request that integrated schnorr signatures, and I don't know what 9001 refers to, but there was a relatively minor bug in bitcoin core which was fixed in 2016 and had that issue number -- it involved getting a corrupted database if you had pruning enabled in bitcoin core and your pc crashed during initial block download...if it happened you would have to restart from scratch. I suspect 9001 is more likely a reference to the "It's over 9000!" meme from Dragon Ball Z
  • the output amounts are the dust limits for bitcoin's various address formats: 576 for p2pk addresses, 540 for legacy addresses, 582 for bare multisig addresses, 546 for p2sh addresses, 294 for segwit v0 "regular addresses," 330 for segwit v0 "script addresses" and segwit v1 "taproot addresses", 240 for the non-standard 2-byte address, and 0 for OP_RETURNs
  • the first and third inputs use uncompressed pubkeys, which are unusual in bitcoin because compressed pubkeys are smaller and cheaper (and required in segwit addresses)
  • the fourth input (p2sh multisig) use a proof-of-work technique called "signature grinding" to produce a valid bitcoin signature that is only 57 bytes long. Normal bitcoin signatures are 73 bytes long (except schnorr signatures, which are shorter). It took the tx author a long time to do that and it was very expensive.
  • the various signatures in the transaction use all of bitcoin's six sighash flags: SIGHASH_ALL, SIGHASH_NONE, SIGHASH_ONE, SIGHASH_ALL | ANYONE_CAN_PAY, SIGHASH_NONE | ANYONE_CAN_PAY, and SIGHASH_ONE | ANYONE_CAN_PAY -- and the last input (which is a taproot input) also uses SIGHASH_DEFAULT which was added for taproot and means you do "not" use a sighash flag, which bitcoin (post taproot) now interprets as being equivalent to SIGHASH_ALL (that is the flag most commonly used in bitcoin, and not adding a sighash flag saves you 1 byte, thus slightly lowering tx fees)
  • the OP_RETURN output not only pushes text (which is normal) but also pushes all 17 numbers that bitcoin has special opcodes for
  • the transaction hash is customized to have the tx author's twitter handle and a bunch of leading zeroes, which is very expensive to do and takes a lot of work
that nonstandard address should appear on bitcoin explorers as the plain text term "non-standard" but the transaction author knew that mempool.space has a naive/buggy address parser and exploited that to make the address look like a valid-but-incredibly-short segwit address
"bc1pfeessrawgf" is the correct address rendering for this output, since it is a valid segwit v1 witness program, even though the combination of witness version & program length does not correspond to any defined spending rules.
(although the 2-byte 0x4e73 output script does match a proposal for ephemeral outputs).
Fun fact: undefined segwit outputs like this are completely standard to create, and only non-standard to spend.
However, this transaction did prompt us to fix a bug on mempool.space that calculated the dust limit incorrectly for this kind of output, which caused the transaction to be falsely labeled as non-standard for a short time.
reply
the transaction hash is customized to have the tx author's twitter handle and a bunch of leading zeroes
This part is incorrect :) I only learned about this transaction from mononauts tweet. While I did create b10c007c60e14f9d087e0291d4d0c7869697c6681d979c6639dbd960792b4d41 a while ago, I'm not related to this transaction. I obviously can't prove it..
reply
-----BEGIN BITCOIN SIGNED MESSAGE----- Excellent analysis! You are correct to call it a partial list though, as there's still a lot left to uncover. -----BEGIN BITCOIN SIGNATURE----- 1J7SZJry7CX4zWdH3P8E8UJjZrhcLEjJ39
IMhlCYnVs6tFHuBs4GmS703mUBqj1ak4JCHGHHLm1YpPAT7ephH/gY4thTLeM5vvl6PU/OR/c/3C3VjM8eWdMXY= -----END BITCOIN SIGNATURE-----
reply
Cool! What does 9001 refer to? I couldn't figure that one out
reply
-----BEGIN BITCOIN SIGNED MESSAGE----- It is indeed a meme reference, and actually the only Easter egg not related to Bitcoin. I appreciate you trying to find deeper meaning in it though. -----BEGIN BITCOIN SIGNATURE----- 1J7SZJry7CX4zWdH3P8E8UJjZrhcLEjJ39
ILzuilPnRAiL78nGmho0/VCHkIVZtPbiEAinTj33UfR3FFRDje0Nd0BqQWzKrcA0+ie2a3kXutc5cYbh3o36Yps= -----END BITCOIN SIGNATURE-----
reply
Dragon ball z ref?
reply
This is what real art on the bitcoin blockchain looks like.
reply
Lit up this transaction like a Christmas Tree.
reply
that nonstandard address should appear on bitcoin explorers as the plain text term "non-standard" but the transaction author knew that mempool.space has a naive/buggy address parser and exploited that to make the address look like a valid-but-incredibly-short segwit address
I believe that address is actually an ephemeral anchor output: https://github.com/bitcoin/bitcoin/pull/30352/files
IIUC they are standard to create at the moment. It's spending them that is non-standard.
reply
Fascinating! But that pull request is still pending right? I don't think they will be standard as outputs til it is merged
reply
So quirky.
Thanks for the analysis. So much to be learned from one transaction.
reply
The nLocktime is an epoch timestamp which matches the genesis block!
‎1,231,006,505 = Sat Jan 03 2009 18:15:05 GMT+0000
reply
That is an astounding insight!
reply
6102 is the executive order by which Roosevelt implemented a partial ban on self-custodied gold in the USA, 1913 is the year he did that
EO 6102 was in 1933 The FED was created in 1913
great post
reply
the OP_RETURN output not only pushes text (which is normal) but also pushes all 17 numbers that bitcoin has special opcodes for
The author also could have put an OP_Reserved in there too, as bizarrely Bitcoin considers it to also be a data opcode!
That's the only way I can think of for this transaction to be improved.
reply
I wish he exploited the sighash_single bug. I thought he did in input 8 (whose signature uses sighash_one) but I checked the sig and the sighash wasn't one -- because the op_return counts as an output for purposes of calculating the sighash, so he signed a hash of his input plus that op_return "output"
reply
Oh! Good point, that would have been cool!
reply
That would require a different layout of inputs/outputs, since the only input with index higher than all outputs is a P2TR input, and the sighash_single bug is fixed in Taproot.
reply
Yeah but that would be totally worth it imo. It's a very cool bug and no one ever uses it, an art piece like this would be a great opportunity to showcase it
reply
Some people have a lot of fun in the blockchain :)
reply
I've recently started studying https://learnmeabitcoin.com/ and on multiple places Greg mentions that non-standard aspects of a transaction (which this one obviously has) causes the transaction to not be relayed by the nodes. Can anyone clarify how did it get into the block, then? Could have it been placed there manually and, therefore, point to the Braiins pool?
reply
Can anyone clarify how did it get into the block, then?
In the past I've gotten nonstandard transactions mined by emailing a miner and asking nicely. A lot of them have contact info in the footers of their websites, and bitcoin core has an RPC method for "injecting" a valid transaction directly into a block you're mining even if that transaction is non-standard. A few pools also have web apis for submitting non-standard transactions to them as long as you pay a high fee. I don't know if Braiins pool has such an api, but if they don't he probably emailed the transaction to them and asked nicely, or maybe the tx author works for them. I can confirm the tx was mined by Braiins -- the block it's in has a signature that includes Braiins's name.
reply
the transaction is actually completely standard, and in fact was observed in mempool.space's mempool before it was mined.
reply
Then that is perhaps the most fascinating thing about this transaction
reply
Yes. The fact that this transaction made it into block 850000 (definitely not an accident) also suggests that it is completely standard. It would have been very risky to ask nicely of every major miner and risk that 850000 got mined by someone else.
reply
That makes sense, thanks for explaining.
reply
Some more things:
  • wtxid also seems to have been subject to grinding: 0000000001d549a7df6bb3346ab8d390ea517bb284fc0c081647068f9b72e641
  • inputs have interesting sequences:
    • 0: 20090103 (genesis block)
    • 1: 20081031 (white paper)
    • 2: 19750504 (???)
    • 3: 16 (???)
    • 4: 141 (BIP-141)
    • 5: 3735928559 (deadbeef)
    • 6: 21000000
    • 7: 4190024921 / f9beb4d9 / d9b4bef9 (???)
    • 8: 341 (BIP-341)
    • 9: 342 (BIP-342)
reply
1975-05-04 is Satoshi's birthdate.
reply
source?
reply
Satoshi himself :-)
He put this as his birthdate on an application for P2P Foundation or his profile or something. I don't remember exactly.
reply
reply
block 850000 is also intentional
reply
Fees 71,294
71+294 = 365
Bookmarked!
reply
1913 is when the Federal Reserve was founded, not 6102
reply
6102 is the executive order by FDR that banned the personal ownership of gold
reply
that banned the personal ownership of gold
partially, under some circumstances, for some people
The order had loopholes
But it was still heinous
reply
6102 took effect April 5, 1933
ended on Dec 31, 1974
reply
For anyone interested, I've published the full list of Easter eggs: #600187
reply
which is very expensive to do and takes a lot of work
Which suggests that tx author has mining infrastructure that was used to produce this? I am unclear if sha-256 ASICs are the right tool for this particular type of hashing?
Are there many other examples of vanity hashes out there, or is this something new?
reply
Vanity hashes are hardly anything new, 0xB10C has done a similar one (see https://b10c.me/7). I don't have any mining infrastructure, and I don't think you could even use it for vanity hashes. However, 5 custom bytes isn't that expensive, it took me around a month on a relatively recent CPU.
reply
the OP_RETURN output not only pushes text (which is normal) but also pushes all 17 numbers that bitcoin has special opcodes for
I am seeing just "Not your inputs, not your outputs." in OP_RETURN. Where are you seeing all 17 numbers?
reply
On mempool.space, you need to click the "Details" button which reveals more details about each input and output. These 17 numbers can be seen in the decoded output script ("ScriptPubKey").
reply
So many details. It feels like it is you doing this?
reply
It wasn't me, I would have done it on testnet, and I wouldn't have spent all that money grinding for short signatures. But other than those two things I wish it was me! It's a very creative idea and as a piece of geek art I think it's wonderful
reply
In another study, 0xB10C identified selective transaction filtering by certain Bitcoin mining pools, particularly f2pool
reply
Whoa interesting! This is technically waaay over my head but thanks for posting anyway.
reply
Federal Reserve Act of 1913 322 = Skull N Bones
reply
Thanks for the great explanation and deep dive, so much info in such complete and minimalistic transaction! What's the need of signing it over mainnet instead of playing on testnet?
reply
On testnet it would probably go unnoticed, and testnet is occasionally reset. I wanted to make something that would last.
reply
I would have done it on testnet and then told people "hey look what I made!" on social media, but the author apparently does not want to be known, and since weird transactions happen all the time on testnet, it might easily have gone unnoticed by others
reply
What a headscratcher. Somebody knows what they're doing here. I've never seen many of these transaction types before.
reply
Imagine satoshi sitting somewhere creating these fun transactions:)
reply
Alrighty, the author clearly knows his shit and has been around for a while, aye?
reply
yeah you could attend his workshops if you wanted to collect some of his knowledge
reply
I ment the author of the transaction, but supertestnet is also knowledgeable.
reply
oh for sure
reply
Someone having fun or something nefarious?
reply
reply
stackers have outlawed this. turn on wild west mode in your /settings to see outlawed content.
deleted by author