Solve problems using bitcoin smart contracts

Been trying to ask this to few people on different platforms but nothing was helpful so trying here and will keep trying because I don’t even know what else can I do to learn more and contribute.

What will be the best way or resources to refer if someone has an idea and want to implement it using bitcoin smart contracts?

For example: If I want to create a decentralized insurance product which might even need external data so won’t be completely decentralized but trust minimized, non custodial, non kyc and better than present solutions. Users will have to regularly pay some amount which should be locked in some multisig setup and used in a way that it gets interest so maybe provide liquidity in joinmarket, create a lending/borrowing thing using discreet log contracts or something else, these profits can be used to cover life and release amounts after verification on claims

How would I approach solving this problem using bitcoin?

What are best resources to learn more about discreet log contracts, it’s examples?

Bitcoin core wallet backup corrupted by an external tool

Do you know if my wallet.dat which has become wallet.axx due to incorrect handling of an external program
(I do not know the name of the program, but it is used to encrypt Windows files)
has the possibility of reverting to initial format ".dat"
by myself ?
And above all without damaging the backup "Core" that it is ?

Could CHECKSIGADD be used on new ECDSA multisignatures instead of CHECKMULTISIG?

The proposed Taproot soft fork (BIP 342) defines the new opcode OP_CHECKSIGADD to verify Schnorr multisignatures whilst OP_CHECKMULTISIG (and OP_CHECKMULTISIGVERIFY) are disabled for Taproot spends (SegWit version 1). Could we use the OP_CHECKSIGADD opcode for verifying new SegWit version 0 ECDSA multisignatures? Obviously you don’t get the same batch verification benefits if the individual signatures are ECDSA but it would still be more efficient to use the counter system of CHECKSIGADD?

For an explanation of how the opcode CHECKSIGADD works see this presentation from James Chiang. Or see Tapscript BIP 342.

"The opcode 186 (0xba) is named as OP_CHECKSIGADD"

"OP_CHECKSIGADD is functionally equivalent to OP_ROT OP_SWAP OP_CHECKSIG OP_ADD"

Should a node follow the longest chain, or the chain with most work while syncing?

I’m reading mixed things online – some saying to follow the longest chain, and some say to follow the chain with the most work. But I’m not convinced of the former.

If the node follows the longest chain, what is to stop the scenario of a bad actor sending a completely false chain to my node with a really easy target of 1? The chain could be longer than the main chain, and I can’t see any consensus mechanisms preventing that chain from technically being invalid.

If following the chain with the most work is the way to go, then how can we verify most work? Is it just a case of following the chain with the lowest integer value for its hash (as my understanding is that the hash needs to be below an ever-increasing target, and shrinks in size as more miners join the chain)?

Any guidance would be much appreciated.

Using BTCPay Server along with a web server in a single machine

For better context:

Hello community! I have setup an aws ec2 instance and installed BTCPay server on it. I used the Docker version.

I also bought a domain name and pointed to my BTCPay server with an A record.

I want to run a Web server along side BTCPay server at BTCPay Server has already taken up port 80 and 443 so I guess I’ll have to run my web server on another port but how can I specify port number in a DNS record?

With some help I learnt about reverse proxy and I see BTCPay server has an environment variable called "REVERSEPROXY_DEFAULT_HOST: Optional, if using a reverse proxy nginx, specify which website should be presented if the server is accessed by its IP." though I don’t understand how to configure this or if its the correct way.

Help please?

Bip39 tool – BIP32 Extended Private Key vs BIP32 Root Key

In the bip39 mnemonic tool there is three sections :

  1. Mnemonic : we input our words or a BIP39 seed and the tool compute for us the BIP32 Root Key
  2. Derivation Path: there is a BIP32 Extended Private/Public Key
  3. Derived Addresses

Questions :

1- If i want to use Electrum wallet and I have already a wallet. Which key should I have to import ? What is the difference if I import the BIP32 Root Key or if I import the BIP32 Extended Private Key ?

2- Should I use BIP44 instead of BIP32 to import my wallet in an Electrum one ?

How to search for an address in last block?

I want to check in bitcoin-core and see if there is any of my watching addresses in last block.
So my question is how can I know a specific address is included in last block or not?
I can search with getblock <hash> 2 but it returns only addresses in vout and I need the ones are in vin too.

CVE-2012-2459 , possible code and performance improvement, is my logic correct?

ok so, in my effort to create a fullnode from scratch both for learning purpose and need (not a topic for discussion, thanks), I was looking at the code that check Merkle Root to not be vulnerable to CVE-2012-2459.

That vulnerability basically allows you to create a block that has a valid merkle root but contains duplicate transactions, causing a node that receive such block before the correct one, to be stuck on a fork (because that block will be flagged as incorrect and having the same hash of a correct block will prevent the node to ask again for that block, causing a node to be stuck.

Anyway, this is an old CVE that was fixed back in 2012 and code changed during time.
Now in bitcoin core the code is not that pretty and the method to compute merkle root are polluted from a boolean parameter that when read back reflects if the block has been mutated (malleated) or not.

The code is this

uint256 ComputeMerkleRoot(std::vector<uint256> hashes, bool* mutated) {
    bool mutation = false;
    while (hashes.size() > 1) {
        if (mutated) {
            for (size_t pos = 0; pos + 1 < hashes.size(); pos += 2) {
                if (hashes[pos] == hashes[pos + 1]) mutation = true;
        if (hashes.size() & 1) {
        SHA256D64(hashes[0].begin(), hashes[0].begin(), hashes.size() / 2);
        hashes.resize(hashes.size() / 2);
    if (mutated) *mutated = mutation;
    if (hashes.size() == 0) return uint256();
    return hashes[0];

now thinking about the problem, I think I found a better approach that is O(log n) and way better both in readability and speed… if it works and the logic isn’t flawled… so I’d like to know your thought about this.
my paint skill can show you some of the logic:

A, B, C… etc… are transactions

the vertical line is what I call "safe point", basically all transactions before that safe point are guaranteed to be not duplicable (this is one of the assumption I do and one thing to check if it’s correct)

then, based on how merkle root is computed and how the CVE uses that to do nasty things, you can see some example of malleated blocks

I created then a gist, containing a LINQPad code that can be run as it is and produce outputs to see if the logc is correct and can spot malleated blocks.

this is an output example of that gist

enter image description here

The core logic relies into checking the last transaction against the previous, moving exponentially to the left at each iteration (see the picture with the vertical blue arrows showing which element it checks, or see the linqpad result where it’s explicitly detailed)

I handle both the cases where the tx count is even or odd.
To me it seems to work but would like to have some more eyes on that to see if the logic sounds correct or not.
Note how for 9000 tx I have just to compare 14 transactions instead of thousands like current bitcoin code is doing.
Apart from that in my case it has another pros that allow me to split the markle computation and markle cve check in two different places, without having to use a solution like that mutated boolean parameter

for those of you not having LINQPad I adapted the POC script to be run on dotnetfiddle here
for those who doesn’t have linqpad I adapted the script to be run on dotnetfiddle here