比特币跨链为何致符文离奇丢失?谈符文丢失带来的一些警示
本篇技术研报由 ScaleBit 研究团队的 Leon 撰写
TL;DR
本文就近期 BEVM 跨链操作中出现的一些符文“丢失”现象进行了深度分析,同时提出了避免此类问题再次发生的安全建议。
近期,我们注意到 BEVM 跨链操作中出现的一些符文“丢失”现象,引起了社区的关注和疑虑。本文将对这一问题进行深度分析,旨在为用户提供更全面的了解该问题,同时也借着这个话题给大家说说最近火热的铭文和符文使用过程中的一点注意事项。
背景
北京时间 2023 年 12 月 23 日,一些 BEVM 跨链交易用户发现账户中持有的部分 COOK、PSBTS 在不知情的情况下被转移到跨链桥,随后该部分用户向 BEVM 团队提出质疑。接着 BEVM 官方推特发出声明,称由于该部分符文不被主流钱包比如 Unisat 支持,所以在跨链到 BEVM 的时候,该类非主流的铭文会被当做普通的 UTXO 转到 BEVM 地址。
ScaleBit 安全团队注意到此事以后,随即进行了调研。经过 ScaleBit 团队的研究,确认该部分符文确实是在同一笔跨链交易中被当做普通的 UTXO 转移,而非 BEVM“盗取”。
正文
援引 BEVM 官网信息介绍,BEVM 是一个以 BTC 为 Gas 且兼容 EVM 的 BTC Layer2,核心目标是拓展比特币的智能合约场景,帮助 BTC 突破比特币区块链非图灵完备、不支持智能合约的束缚,让 BTC 可以在 BEVM 这个 Layer2 上构建以 BTC 为原生 Gas 的去中心化应用。
近来随着 BEVM 奥德赛活动的开启,很多用户开始将 BTC 跨链到 BEVM 进行交互,以期望能够在未来 BEVM 生态参与抢占先机。但是在跨链过程中,部分用户发现所持有部分 COOK、PSBTS 丢失,根据区块链浏览器,查到该部分符文被转移到了 BEVM 跨链桥,于是有了前面提到的情况。
接下来,就跟我们一起看看到底发生了什么。
首先,我们通过 BEVM 浏览器(https://scan.bevm.io/stats)找到了一些跨链交易信息,通过分析,我们找到跨链桥的接收地址为:
bc1p43kqxnf7yxcz5gacmqu98cr2r5gndtauzrwpypdzmsgp7n3lssgs5wruvy。
随后,我们在 Rune Alpha(支持 COOK 和 PSBTS 等 RUNES 协议的通用浏览器和服务)上查看,其地址上持有包括 11 万多的 COOK 和 28 万多的 PSBTS 在内的大量各种符文。
我们随即对该部分符文相关交易进行了研究和分析。
我们拿其中的某一笔交易举例:
https://runealpha.xyz/txs/c1bf015ce01a3610b436fb2e418685855cd7a37143cd52a4d1858a53e610b5f2
其交易内容如图所示:
我们可以看到,该笔交易的输入有两个,分别为 0.00000546 BTC(包含 1000 COOK)和 0.02169031 BTC,输出是 0.02 BTC(包含 1000 COOK)和 0.00148377 BTC。
作为对比,我们找了一笔不是跟跨链桥交易的 COOK 的交易,其输出如下图:
可以看到,不管是输入还是输出,都包含一个 0.00000546 BTC 的 UTXO。
为什么会这样呢?这里我们就需要了解一些相关的知识了。
UTXO
首先,我们了解一下什么是 UTXO。
UTXO,全称为 Unspent Transaction Output,直译即未花费交易输出,这是比特币的核心知识点。在比特币的交易中,每笔交易都有输入和输出,别人付给你的钱是“交易输入”,你收到的钱是“交易输出”。
UTXO 的核心设计思路是无状态,它记录的是交易事件,而不记录最终状态,也就是说只记录变更事件,用户需要根据历史记录自行计算余额。因此,比特币的交易模型和我们平时使用的银行账号有所不同,它并没有账户这个说法,比特币只有 UTXO。一个 UTXO 可以想象成一个任意金额的“硬币”。
UTXO 凑输入和找零
UTXO,就是跟硬币一样,不能掰开用,那么交易过程中如何凑够输入金额,又如何找零的呢?
比如小明给小刚转账 1 BTC。整个过程是这样的,小明要收集足够的输入,比如小明的地址对应的以往交易中,找到了一个面值为 0.9 的 UTXO,不够 1 BTC,好在交易中是允许有多个输入的,所以小明又找到了一个面值 0.2 的 UTXO,这样在这次转账的交易中,就会有两个输入。同时输出也会有两个,一个是指向小刚地址,面值是 1 BTC。另一个指向小明的地址,面值是约 0.1 BTC,这个输出就是找零了。
在比特币转账过程中,凑输入没有固定的算法,取决于钱包的实现。
比特币铭文和符文
其次,我们需要了解什么是铭文和符文。比特币铭文和符文是比特币生态中的两个重要概念。
比特币铭文主要的代表是 Ordinals 协议。Ordinals 诞生于 2022 年 12 月,内容完全在链上,由 Casey Rodarmor 开发。该协议利用了 Sat 编号系统,Ordinals 通过赋予每个聪序列号,在交易中追踪它们,同时用户可以通过 Ordinals 附加额外的数据(图像、视频、文本等)在比特币区块链上,使得每个聪都独一无二,从而具有 NFT 的性质。BRC-20 就是基于该协议创建。
Runes 协议,也被称为符文协议。随着 BRC-20 的火爆,BRC-20 相关代币的交易占据了 Ordinals 协议的大部分比例。2023 年 9 月 26 日,Casey Rodarmor 重新开发了一个名为 Runes 的协议(也就是大家现在提到的符文协议),作为 BRC-20 的替代品。该协议是一个简单的、基于 UTXO(未使用的交易输出)的、能使比特币使用者具有使用良好体验的 FT(Fungible Token、可替代代币)协议。符文主要的代表就是我们提到 COOK 和 PSBTS。
比特币铭文和符文的载体都是 UTXO,比特币铭文(Inscription)与符文(Rune)的一个关键区别在于,铭文是刻在隔离见证数据里,而符文是刻在 OP_RETURN 里。OP_RETURN 能存储的数据大小非常有限,但是用于发币绰绰有余,这个也并非什么新技术。
对于用户铸造铭文或者符文,本质上都是发送符合金额的比特币给协议,协议返给你一个带有铭文或者符文的 UTXO,一般是一个 0.00000546 BTC 的 UTXO。这里说下为什么是 0.00000546, 这个是比特币设置最低交易金额。
转移铭文,也是因为这些钱包识别了这些 UTXO 的特殊格式, 钱包通过对应的协议,将这些 UTXO 作为输入,并支付额外手续费,转给了对方。
为什么用户丢了“符文”?
对于用户丢失符文,由于它本质上还是 UTXO,在用户使用 UniSat 进行比特币跨链操作的时候,由于 UniSat 不识别该部分含符文的 UTXO ,并当做了普通的 UTXO 进行了处理,凑输入发送给了跨链桥。
实际上,不仅是跨链操作,用户在不支持符文的钱包中进行其他比特币转账操作,也有可能丢失符文。在 12 月 7 日就有用户在 Unisat 上进行 BRC-20 swap 操作丢失了 15, 000 COOK。
还有一个比较有意思的事情,在 Runes Alpha 上铸造符文的时候,也是有可能把用户的铭文的当成 Gas 转走的。
为什么没有人反馈丢铭文?
我们通过 BEVM 的官方文档,发现 BEVM 跨链是支持铭文跨链的,只需要用户通过 BSwap,即可将自己的铭文跨链到 BEVM 上。而跨链使用的钱包是 UniSat 钱包。这是一款用于 BTC 生态的 Chrome 插件钱包,帮助用户存储、铸造和传输 BRC-20 代币。它能够识别用户的铭文,从而避免将该部分 UTXO 进行合并,只有用户主动交易铭文的时候,才会被转移。
由于 Unisat 目前还不支持符文协议,这就是为什么用户跨链会“丢失”符文而不丢失铭文的原因。如果换做其他不支持符文的钱包,也会发生类似的情况。
符文还可以找回吗?
既然符文被转移到跨链桥了,用户还可以拿回该部分符文吗?
我们查阅了 BEVM 白皮书,BEVM 的资产跨链方案是基于比特币的 Taproot 技术构建的,是融合了 Schnorr 签名 + Mast 合约 + 1000 BTC 轻节点组成的 POS 网络来实现资产的去中心化跨链和管理,BTC- BEVM 的双向跨链是完全基于链上的节点共识来管理的,实现了完全的代码化和去信任化,而非依赖多签或者人为管理,这让 BTC 及比特币资产的跨链安全做到和 BFT POS 一样去中心化和安全,因此,BEVM 官方也无法发起单独的转账交易来取出用户的“符文资产”。
由于 BEVM 不支持符文协议,该部分符文被转出的概率是完全随机的,当托管合约执行交易时,这些“符文资产”可能会被当作普通的 UTXO 被转出,但是整个过程是完全随机的,不受人为控制的,如果要强制取出,必须彻底改变 BEVM 整个链的共识,这无疑于将 BEVM 硬分叉。
总的来说,该事件是由于多个原因造成的:
跨链操作所使用的钱包不支持符文。
BEVM 是分布式去中心化的的托管资产,无法人工取出 。
用户对于符文协议的不熟悉。
如何避免此类问题再次发生?
对于普通用户,如何避免该类问题再次发生呢?在做交互操作时候,我们建议用户做好以下几点:
确保使用的钱包支持铭文或者铭文协议。
确保要交互的协议(比如跨链桥)是否支持铭文符文协议。
使用协议之前,先研究是否有用户操作过程中出现问题。
使用多个钱包管理不同资产。
同时也提醒开发者,在开发设计的时候,需要进行充分考虑和准备,从代码层面上解决可能出现的协议不兼容问题。如果不能,要在上线之前做好调研并做出明确提醒,避免引起不必要的质疑和麻烦。
总结
铭文和符文的出现,是比特币生态不断探索和创新的重要的里程碑,极大的推动了大家对比特币生态的关注和参与热情,对于未来的比特币生态发展也起了极大的积极意义。但是,对于目前来说,铭文和符文还处于比较早期阶段,希望大家在参与的同时,一定要注意相关的风险,切忌盲目。
This technical research report is written by the research team. This paper makes an in-depth analysis of some runes lost in the recent cross-chain operation, and puts forward some safety suggestions to avoid the recurrence of such problems. Recently, we have noticed that some runes lost in the cross-chain operation have aroused the concern and doubts of the community. This paper will make an in-depth analysis of this problem in order to provide users with a more comprehensive understanding of the problem, and also tell you about the recent hot inscriptions and runes through this topic. Some cross-chain transaction users found that the part held in the account was transferred to the cross-chain bridge without knowing it, and then some users questioned the team. Then the official Twitter issued a statement saying that this kind of non-mainstream inscription would be regarded as ordinary when it crossed the chain, because the part of runes was not supported by mainstream wallets, so the security team immediately conducted research and confirmed it after the team noticed it. Some runes are indeed regarded as ordinary transfers in the same cross-chain transaction instead of stealing the text. It is a thought and compatible core goal to quote official website's information introduction. It is to expand the smart contract scene of Bitcoin, help break through the constraint that the bitcoin blockchain is not Turing complete and does not support smart contracts, and allow decentralized applications that can be built on this platform to be native. Recently, with the opening of Odyssey activities, many users have begun to cross-chain and interact with each other in the hope of being able to participate in ecology in the future to seize the opportunity. However, in the process of cross-chain, some users found that some of their holdings were lost. According to the blockchain browser, this part of the rune was transferred to the cross-chain bridge. So, with the above-mentioned situation, let's take a look at what happened. First, we found some cross-chain transaction information through the browser. Through analysis, we found the receiving address of the cross-chain bridge. Later, we looked at its addresses including more than 10,000 and more than 10,000 on the general browsers and services that support and other protocols. A large number of various runes, we immediately studied and analyzed the rune-related transactions in this part. We took one of the transactions as an example. As shown in the figure, we can see that the input of the transaction has two parts, namely, inclusion and output, and as a contrast, we found a transaction that is not traded with the cross-chain bridge. As shown in the figure below, we can see that both the input and the output contain one. Why is this so? Here we need to know some related knowledge. First of all, Let's know what is called literal translation, that is, transaction output without spending. This is the core knowledge point of Bitcoin. In every transaction of Bitcoin, there are inputs and outputs. The money paid by others is the transaction input, and the money you receive is the core design idea of transaction output. Stateless, it records the transaction events without recording the final state, that is to say, it only records the change events. Users need to calculate the balance by themselves according to the historical records, so the transaction model of Bitcoin and the bank account we usually use. It's different. It doesn't have an account. There is only one bitcoin that can be imagined as a coin with any amount. Input and change can't be broken just like coins. So how to get enough input and change in the transaction process? For example, Xiaoming transfers money to Xiaogang. The whole process is like this. Xiaoming has to collect enough inputs. For example, Xiaoming's address has found a face value in previous transactions, but fortunately, multiple inputs are allowed in the transaction, so Xiaoming found another one. In this way, there will be two inputs and two outputs in this transfer transaction, one pointing to Xiaogang's address and the other pointing to Xiaoming's address. The output is about change. There is no fixed algorithm for collecting inputs in the process of bitcoin transfer, depending on the realization of wallet. Secondly, we need to know what are inscriptions and runes. Bitcoin inscriptions and runes are two important concepts in the bitcoin ecology. The main representative of Bitcoin inscriptions is Xie. The content of the protocol was completely developed in the chain. This protocol uses the numbering system to track each Cong in the transaction. At the same time, users can make each Cong unique in the bitcoin blockchain by attaching additional data, images, video texts, etc. Therefore, it has the property of creating a protocol based on this protocol, also known as a rune protocol. With the popularity of related token transactions, a protocol named was re-developed on the day of the month, that is, The rune protocol mentioned by you now is a simple alternative token protocol based on unused transaction output, which can make bitcoin users have a good experience. The main representative is that we mentioned that the carriers of bitcoin inscriptions and runes are both bitcoin inscriptions and runes. A key difference between them is that the inscriptions are engraved in isolated witness data, while the rune is engraved in the database, and the data size that can be stored is very limited, but it is more than enough for coin distribution. What new technology casts inscriptions or runes for users is essentially to send a bitcoin with a matching amount to the agreement and return it to you with an inscription or rune. Let's talk about why this is bitcoin setting the minimum transaction amount to transfer the inscription, and it's also because these wallets recognize the special format of these. Through the corresponding agreement, they transfer these as input and pay an extra fee to the other party. Why do users lose runes? For users, they lose runes because of it. In essence, when users use the cross-chain operation of bitcoin, because they don't recognize the part containing runes and process it as ordinary, they send the input to the cross-chain bridge. In fact, it is not only the cross-chain operation that users do other bitcoin transfer operations in wallets that don't support runes, but also the runes may be lost. Another interesting thing is that when casting runes, it is also possible to treat the user's inscriptions as turning away. What? The official document we passed found that cross-chain supports inscription cross-chain, and the wallet used across the chain is a wallet. This is a plug-in wallet for ecology, which helps users to store, cast and transmit tokens. It can identify the user's inscription and avoid merging it. It will only be transferred when the user actively trades the inscription. Because the rune protocol is not supported at present, this is why the user will lose the rune but not the inscription across the chain. A similar situation will happen if he changes to other wallets that do not support runes. 比特币今日价格行情网_okx交易所app_永续合约_比特币怎么买卖交易_虚拟币交易所平台
注册有任何问题请添加 微信:MVIP619 拉你进入群
打开微信扫一扫
添加客服
进入交流群
1.本站遵循行业规范,任何转载的稿件都会明确标注作者和来源;2.本站的原创文章,请转载时务必注明文章作者和来源,不尊重原创的行为我们将追究责任;3.作者投稿可能会经我们编辑修改或补充。
