Error when sending rawtransaction

I tried to write a transaction on my own in python to better understand how things work; when i decode the raw transaction, it seems properly written. When I use the rpc method sendrawtransaction I get this error message:

error code: -26 error message: 64: non-mandatory-script-verify-flag (Non-canonical signature: S value is unnecessarily high)

This is the raw transaction:

0100000002b0b7c617588ccf1de8799221bf87a5d70ce47da4e5531d51748c10e1e7755c37000000006b483045022075ff5ff5587b6e6a2f34114bf3801cd2c9b076fe787f5705ca6acd2940d46189022100a65f3f8bd0e3f8c56567b28a37d3c60ff383fb10f416d25261c8453d278f8b81012102b4db032138335cd047878eac44db0dc1714c8ea2eda5079a705bbad6fdaa853dffffffffe59e23b45d3d65abd7b11ef45ca6e37c3193f4ee7c198edee20fbdc76e77f2b5010000006b4830450221008a9dbbe078feed10f50135a5521c18188e782be560ec4c31120dbf4551c6f23602201b1c9e34e1d32de425480b4afcdf5fef4957011511e6c859658c6ad70aca23f3012103fea6936eb5e3fbd4c45a8fae01395972619ef16ba307d1609addfe40668f3ff6ffffffff0580969800000000001976a914db9c91ed4690c016140e84d4d2ec72cb4225e59a88ac80969800000000001976a914d51779439ce3441647f5f4813177be8eb0febd3d88ac80969800000000001976a914fc5da273aea2b3b1346fa9648e4020e7697ceb3b88ac80969800000000001976a91428ef437e0e48b8ed4d65a10ca47a129149de6b4788ac00093d00000000001976a914476f97a1bdd330fae9bbde17de407fbfd409170488ac00000000

How can I fix it ?

Why "decoderawtransaction" works but I can't send it?

Is it invalid or just poorly written?

I am following this approach: https://github.com/zeltsi/Mybitcoin/blob/master/tx%20with%20multiple%20inputs.py#L79

An these are my tx_tosign:

0100000002b0b7c617588ccf1de8799221bf87a5d70ce47da4e5531d51748c10e1e7755c37000000001976a9147c48aab4405b50ca5394fcf21bc08bb58bc91e0588acffffffffe59e23b45d3d65abd7b11ef45ca6e37c3193f4ee7c198edee20fbdc76e77f2b50100000000ffffffff0580969800000000001976a914db9c91ed4690c016140e84d4d2ec72cb4225e59a88ac80969800000000001976a914d51779439ce3441647f5f4813177be8eb0febd3d88ac80969800000000001976a914fc5da273aea2b3b1346fa9648e4020e7697ceb3b88ac80969800000000001976a91428ef437e0e48b8ed4d65a10ca47a129149de6b4788ac00093d00000000001976a914476f97a1bdd330fae9bbde17de407fbfd409170488ac0000000001000000

0100000002b0b7c617588ccf1de8799221bf87a5d70ce47da4e5531d51748c10e1e7755c370000000000b0b7c617588ccf1de8799221bf87a5d70ce47da4e5531d51748c10e1e7755c37000000001976a9147c48aab4405b50ca5394fcf21bc08bb58bc91e0588acffffffffffffffff0580969800000000001976a914db9c91ed4690c016140e84d4d2ec72cb4225e59a88ac80969800000000001976a914d51779439ce3441647f5f4813177be8eb0febd3d88ac80969800000000001976a914fc5da273aea2b3b1346fa9648e4020e7697ceb3b88ac80969800000000001976a91428ef437e0e48b8ed4d65a10ca47a129149de6b4788ac00093d00000000001976a914476f97a1bdd330fae9bbde17de407fbfd409170488ac0000000001000000

Thanks

domegabri

Posted 2018-03-09T08:56:52.770

Reputation: 59

the answer on here would be helpful for you https://bitcoin.stackexchange.com/questions/58176/what-does-16-mandatory-script-verify-flag-failed-non-canonical-der-signature

– Adam – 2018-03-09T11:14:15.400

one more hint: you can create in a bitcoin core client the transaction like described here: https://bitcoin.stackexchange.com/questions/71990/how-can-i-specify-multiple-txids-in-createrawtransaction-function, and then compare it to your output :-)

– pebwindkraft – 2018-03-10T07:14:22.323

Answers

The transaction has 2 inputs, and 5 outputs. I see you are on testnet3. I looked at the S-Values:

 21: OP_LENGTH_0x21:      this is SIG S (33 Bytes)
     00A65F3F8BD0E3F8:C56567B28A37D3C6:0FF383FB10F416D2:5261C8453D278F8B:81
checking S-value is less than N/2, S-value is zero padded - ok

 20: OP_LENGTH_0x20:      this is SIG S (32 Bytes)
     1B1C9E34E1D32DE4:25480B4AFCDF5FEF:4957011511E6C859:658C6AD70ACA23F3
 checking S-value is less than N/2, yup... - ok

I don't see an issue here... What have you used unsigned tx?

UPDATE 2018-Mar-10:

Quickly decoding first part of the unsigned transaction:

 01000000
 02
  375C75E7E1108C74511D53E5A47DE40CD7A587BF219279E81DCF8C5817C6B7B0
  00000000
  19
  76A9147C48AAB4405B50CA5394FCF21BC08BB58BC91E0588AC 
  FFFFFFFF
  B5F2776EC7BD0FE2DE8E197CEEF493317CE3A65CF41EB1D7AB653D5DB4239EE5
  01000000
  00
  FFFFFFFF

 05
  8096980000000000
  19
  76A914DB9C91ED4690C016140E84D4D2EC72CB4225E59A88AC
  8096980000000000
  19
  76A914D51779439CE3441647F5F4813177BE8EB0FEBD3D88AC
  8096980000000000
  19
  76A914FC5DA273AEA2B3B1346FA9648E4020E7697CEB3B88AC
  8096980000000000
  19
  76A91428EF437E0E48B8ED4D65A10CA47A129149DE6B4788AC
  00093D0000000000
  19
  76A914476F97A1BDD330FAE9BBDE17DE407FBFD409170488AC
00000000

I can see the scriptsig is only filled for one part of the tx. So ok for the first round. Then tx part two is somehow messed up:

 01000000
 02
  375C75E7E1108C74511D53E5A47DE40CD7A587BF219279E81DCF8C5817C6B7B0
  00000000
  00
  B0B7C617  <-- I think this should be FFFFFFFF (Sequence number)
  00000000375C75E7E1108C74511D53E5A47DE40CD7A587BF219279E81DCF8C58...

I thing the sequence number is missing, and then should somehow continue like this:

  Sequence number FFFFFFFF
  OutPoint hash   B5F2776EC7BD0FE2DE8E197CEEF493317CE3A65CF41EB1D7AB653D5DB4239EE5
  OutPoint index  hex=01000000, reversed=00000001, decimal=1
  Script Length   hex=19
  Script Sig      76A9147C48AAB4405B50CA5394FCF21BC08BB58BC91E0588AC
  Sequence        FFFFFFFF

and then the TX_OUT structure...

pebwindkraft

Posted 2018-03-09T08:56:52.770

Reputation: 4 568

I tried to spend these two outputs:

https://testnet.blockexplorer.com/tx/b5f2776ec7bd0fe2de8e197ceef493317ce3a65cf41eb1d7ab653d5db4239ee5

https://testnet.blockexplorer.com/tx/375c75e7e1108c74511d53e5a47de40cd7a587bf219279e81dcf8c5817c6b7b0

– domegabri – 2018-03-09T10:31:43.723

yup, this is clear. Can you show the unsigned tx, that you used? – pebwindkraft – 2018-03-09T11:02:51.877

Modified the question! – domegabri – 2018-03-09T12:51:29.647

I modified my answer, see section after "UPDATE 2018-Mar-10". – pebwindkraft – 2018-03-10T06:25:13.740

Thank you for the answer. I fixed the second message but it still gave me the same error. I tried to use the option sigencode=ecdsa.util.sigencode_der_canonize in the method sign_digest instead of ecdsa.util.sigencode_der and it worked. I understand that DER is the signature encoding used in bitcoin; but what does canonize means? – domegabri – 2018-03-12T10:52:06.807

It is properly written but it won't work because its theoretical, there are no actual coins in there.

chicko

Posted 2018-03-09T08:56:52.770

Reputation: 26

I have no clue what you're trying to say. – Pieter Wuille – 2018-03-10T07:55:24.027