steemit
diff --git a/‎docs/custom_json_operation_type_code_fix.md‎
Lines changed: 135 additions & 0 deletions b/‎docs/custom_json_operation_type_code_fix.md‎
Lines changed: 135 additions & 0 deletions
diff --git a/‎docs/signature_format_analysis.md‎
Lines changed: 89 additions & 0 deletions b/‎docs/signature_format_analysis.md‎
Lines changed: 89 additions & 0 deletions
diff --git a/‎docs/transaction_serialization_verification.md‎
Lines changed: 84 additions & 0 deletions b/‎docs/transaction_serialization_verification.md‎
Lines changed: 84 additions & 0 deletions
diff --git a/‎jsonrpc2/jsonrpc2.go‎
Lines changed: 8 additions & 0 deletions b/‎jsonrpc2/jsonrpc2.go‎
Lines changed: 8 additions & 0 deletions
@@ -0,0 +1,135 @@
+# CustomJSONOperation Operation Type Code Fix
+
+## Problem Summary
+
+The `CustomJSONOperation.MarshalTransaction` method was missing the operation type code encoding, causing transactions to be serialized incorrectly. This document explains why this bug wasn't caught earlier.
+
+## Why Other Operations Worked
+
+### Encoder Logic Flow
+
+The `encoder.Encode()` method follows this priority:
+
+1. **Check for `MarshalTransaction` method** (line 50):
+   ```go
+   if marshaller, ok := v.(TransactionMarshaller); ok {
+       return marshaller.MarshalTransaction(encoder)
+   }
+   ```
+
+2. **Check if it's an Operation interface** (line 55):
+   ```go
+   if op := encoder.checkOperation(v); op != nil {
+       return encoder.encodeOperation(op)  // Automatically encodes type code
+   }
+   ```
+
+### Two Paths for Operations
+
+**Path 1: Operations WITH `MarshalTransaction` method**
+- `VoteOperation`, `CommentOperation`, `CustomJSONOperation` (before fix)
+- These methods are called directly
+- **They must manually encode the operation type code**
+- Example from `VoteOperation`:
+  ```go
+  func (op *VoteOperation) MarshalTransaction(encoderObj *encoder.Encoder) error {
+      enc.EncodeUVarint(uint64(TypeVote.Code()))  // ✅ Encodes type code
+      enc.Encode(op.Voter)
+      // ...
+  }
+  ```
+
+**Path 2: Operations WITHOUT `MarshalTransaction` method**
+- Operations that don't implement `MarshalTransaction`
+- Go through `encodeOperation()` which **automatically encodes the type code**:
+  ```go
+  func (encoder *Encoder) encodeOperation(op *operationInterface) error {
+      // Encode the operation type code
+      code := op.getTypeCode()
+      encoder.EncodeUVarint(code)  // ✅ Automatically encoded
+      // Then encode operation data
+      return encoder.encodeByReflection(opData)
+  }
+  ```
+
+### Why CustomJSONOperation Failed
+
+`CustomJSONOperation` had a `MarshalTransaction` method but **didn't encode the type code**:
+
+```go
+// BEFORE FIX (WRONG)
+func (op *CustomJSONOperation) MarshalTransaction(encoderObj *encoder.Encoder) error {
+    // ❌ Missing: encoderObj.EncodeUVarint(uint64(op.Type().Code()))
+    encoderObj.EncodeUVarint(uint64(len(requiredAuths)))
+    // ... rest of encoding
+}
+```
+
+This caused the operation type code (18 for `custom_json`) to be missing, making the blockchain interpret it as operation type 0 (`vote`), which would fail validation.
+
+## Why Unit Tests Didn't Catch This
+
+### Test Implementation
+
+The unit test in `operation_custom_json_test.go` directly calls `MarshalTransaction`:
+
+```go
+err := tt.op.MarshalTransaction(enc)  // Direct call, not through encoder.Encode()
+```
+
+### What the Test Validated
+
+The test compared the output of `MarshalTransaction` with expected hex values from `old-steem-js`:
+
+```go
+expectedHex2 := "000105616c69636506666f6c6c6f77315b22666f6c6c6f77222c7b22666f6c6c6f776572223a22616c696365222c22666f6c6c6f77696e67223a22626f62227d5d"
+```
+
+### Why It Matched
+
+The expected hex from `old-steem-js` was generated using:
+
+```javascript
+const buf = custom_json.toBuffer(testCase.op);  // Only operation DATA, not full operation
+```
+
+This `custom_json.toBuffer()` method in steem-js **only serializes the operation data**, not the full operation tuple `[type_code, data]`. It's equivalent to Go's `MarshalTransaction` method.
+
+So the test was correctly validating that the **operation data** serialization matched, but it wasn't testing the **full operation** serialization (which includes the type code).
+
+### The Missing Test
+
+The test should have also tested the full operation encoding path:
+
+```go
+// Test full operation encoding (what actually happens in transactions)
+err := enc.Encode(tt.op)  // Goes through encoder.Encode() → encodeOperation()
+```
+
+This would have caught the missing type code.
+
+## Fix
+
+Added operation type code encoding to `CustomJSONOperation.MarshalTransaction`:
+
+```go
+// AFTER FIX (CORRECT)
+func (op *CustomJSONOperation) MarshalTransaction(encoderObj *encoder.Encoder) error {
+    // ✅ Encode operation type code first
+    if err := encoderObj.EncodeUVarint(uint64(op.Type().Code())); err != nil {
+        return errors.Wrap(err, "failed to encode operation type code")
+    }
+    // ... rest of encoding
+}
+```
+
+## Lessons Learned
+
+1. **Operations with `MarshalTransaction` must encode type code manually**
+2. **Unit tests should test both paths**:
+   - Direct `MarshalTransaction` call (operation data only)
+   - Through `encoder.Encode()` (full operation with type code)
+3. **When comparing with steem-js**, ensure you're comparing the same level:
+   - `custom_json.toBuffer()` = operation data only
+   - `operation.toBuffer([type, data])` = full operation with type code
+
@@ -0,0 +1,89 @@
+# Signature Format Analysis
+
+## Summary
+
+After analyzing the signature format used by `btcec.SignCompact` and comparing it with `steem-js` and Steem C++ implementations, we found:
+
+### Key Findings
+
+1. **Recovery Parameter Format**: ✅ Correct
+   - `btcec.SignCompact` returns recovery ID in format: `27 + 4 + recovery_param` for compressed keys (31-34)
+   - This matches Steem's expected format
+   - Steem C++ extracts recovery param as: `(recoveryID - 27) & 3`
+
+2. **Canonical Signature**: ✅ Correct
+   - `btcec.SignCompact` automatically generates canonical signatures
+   - Test confirms signatures pass `is_fc_canonical` check:
+     - `!(c.data[1] & 0x80)` - r[0] doesn't have high bit set
+     - `!(c.data[1] == 0 && !(c.data[2] & 0x80))` - if r[0] == 0, r[1] must have high bit set
+     - `!(c.data[33] & 0x80)` - s[0] doesn't have high bit set
+     - `!(c.data[33] == 0 && !(c.data[34] & 0x80))` - if s[0] == 0, s[1] must have high bit set
+
+3. **Public Key Recovery**: ✅ Correct
+   - Recovered public key matches expected public key
+   - Compression flag is correctly set
+
+### Comparison with steem-js
+
+**old-steem-js** (signature.js:88-90):
+```javascript
+i = ecdsa.calcPubKeyRecoveryParam(curve, e, ecsignature, private_key.toPublicKey().Q);
+i += 4;  // compressed
+i += 27; // compact
+// Final: 27 + 4 + (0-3) = 31-34
+```
+
+**steem-js** (signature.ts:88-89):
+```typescript
+const i = calcPubKeyRecoveryParam(secp256k1, new BN(buf_sha256), ecsignature, privKey.toPublic().Q!);
+return new Signature(ecsignature.r, ecsignature.s, i + 27);
+// Note: toCompact() method adds 4 for compressed keys
+```
+
+**Go (steemutil)**:
+```go
+sig, err := ecdsa.SignCompact(privKey.Raw.PrivKey, digest, true)
+// Returns recovery ID in format: 27 + 4 + recovery_param (31-34) for compressed keys
+```
+
+### Steem C++ Implementation
+
+**elliptic_secp256k1.cpp:164**:
+```cpp
+secp256k1_ecdsa_recover_compact(
+    detail::_get_context(),
+    (unsigned char*) digest.data(),
+    (unsigned char*) c.begin() + 1,  // Skip recovery ID byte
+    (unsigned char*) my->_key.begin(),
+    (int*) &pk_len,
+    1,  // compressed flag
+    (*c.begin() - 27) & 3  // Extract recovery param: (recoveryID - 27) & 3
+);
+```
+
+**elliptic_impl_pub.cpp:343-348**:
+```cpp
+if (nV >= 31) {
+    EC_KEY_set_conv_form(my->_key, POINT_CONVERSION_COMPRESSED);
+    nV -= 4;  // Remove compressed flag
+}
+```
+
+### Conclusion
+
+The `btcec.SignCompact` implementation is **correct** and matches Steem's expected format. The signature format, recovery parameter encoding, and canonical signature requirements are all properly handled.
+
+If signature verification fails on the blockchain, the issue is likely:
+1. **Not related to signature format** - the format is correct
+2. **May be related to transaction serialization** - ensure transaction bytes match exactly
+3. **May be related to digest calculation** - ensure chain ID and transaction bytes are concatenated correctly
+4. **May be related to key matching** - ensure the private key matches the account's posting key
+
+### Test Results
+
+```
+✅ Recovery ID 32 is in expected range for compressed keys (31-34)
+✅ Signature is canonical (fc_canonical format)
+✅ Recovered public key matches!
+```
+
@@ -0,0 +1,84 @@
+# Transaction Serialization and Digest Calculation Verification
+
+## Summary
+
+After thorough analysis and testing, we have verified that:
+
+### ✅ Transaction Serialization: Correct
+
+1. **Signatures are excluded**: Transaction serialization correctly excludes signatures when calculating the digest
+   - Test: `TestTransactionSerializationExcludesSignatures` confirms that transactions with and without signatures serialize to the same bytes
+   - This matches Steem C++ behavior where `transaction::sig_digest()` serializes the `transaction` object (not `signed_transaction`)
+
+2. **Serialization format**: The transaction serialization format matches Steem protocol:
+   - `ref_block_num` (uint16)
+   - `ref_block_prefix` (uint32)
+   - `expiration` (time_point_sec - uint32)
+   - `operations` (varint length + operations)
+   - `extensions` (varint length + extensions)
+   - **No signatures** in digest calculation
+
+### ✅ Digest Calculation: Correct
+
+1. **Chain ID format**: Chain ID is correctly decoded from hex string (64 hex chars = 32 bytes)
+   - Steem C++: `fc::sha256` (32 bytes) serialized via `fc::raw::pack`
+   - Go: `hex.DecodeString(chain.ID)` produces 32 bytes ✅
+
+2. **Digest formula**: `sha256(chain_id + serialized_transaction)`
+   - Steem C++: `fc::raw::pack(enc, chain_id); fc::raw::pack(enc, *this); return enc.result();`
+   - Go: `msgBuffer.Write(rawChainID); msgBuffer.Write(rawTx); sha256.Sum256(msgBuffer.Bytes())` ✅
+
+3. **Test verification**: `TestTransaction_Digest` passes with expected digest value
+
+### Comparison with steem-js
+
+**steem-js** (auth/index.ts:136-141):
+```typescript
+const chainId = (getConfig().get('chain_id') as string | undefined) || '';
+const cid = Buffer.from(chainId, 'hex');
+const buf = transaction.toBuffer(trx as unknown);
+const sig = Signature.signBuffer(Buffer.concat([cid, buf]), key);
+```
+
+**Go (steemutil)**:
+```go
+rawChainID, err := hex.DecodeString(chain.ID)
+msgBuffer.Write(rawChainID)
+rawTx, err := tx.Serialize()
+msgBuffer.Write(rawTx)
+digest := sha256.Sum256(msgBuffer.Bytes())
+```
+
+Both implementations:
+1. Decode chain ID from hex string to bytes
+2. Serialize transaction (without signatures)
+3. Concatenate chain_id + transaction
+4. Calculate SHA256 digest
+
+### Test Results
+
+```
+✅ Transaction serialization correctly excludes signatures
+✅ Digests match (signatures correctly excluded)
+✅ Digest calculation matches expected format
+```
+
+### Conclusion
+
+The transaction serialization and digest calculation are **correct** and match both Steem C++ and steem-js implementations. The issue with signature verification on the blockchain is **not** related to:
+- Transaction serialization format
+- Digest calculation method
+- Chain ID encoding
+
+The problem is likely related to:
+1. **Signature recovery**: The signature format is correct, but the blockchain may be using a different recovery method
+2. **Key matching**: The private key may not match the account's posting key (though we've verified this)
+3. **Transaction preparation**: The ref_block_num and ref_block_prefix may need to be set correctly before signing
+
+### Next Steps
+
+To debug further, we should:
+1. Compare the actual signed transaction bytes with steem-js output
+2. Verify the signature recovery process on the blockchain side
+3. Check if there are any differences in how the blockchain validates signatures
+
@@ -3,7 +3,9 @@ package jsonrpc2
 import (
 	"bytes"
 	"encoding/json"
+	"fmt"
 	"net/http"
+	"os"
 	"time"
 
 	"github.com/pkg/errors"
@@ -31,6 +33,12 @@ func (j *JsonRpc) BuildSendData(method string, params []any) (err error) {
 		return
 	}
 	j.SendData = tmp
+	
+	// Debug: Print JSON request if DEBUG is set
+	if os.Getenv("DEBUG") != "" && method == "condenser_api.broadcast_transaction_synchronous" {
+		fmt.Printf("=== JSON-RPC Request ===\n%s\n", string(tmp))
+	}
+	
 	return
 }