From f23e3c7318df79655bfa073ef835afe7e7942710 Mon Sep 17 00:00:00 2001
From: Nadav Ivgi <nadav@shesek.info>
Date: Sat, 22 Mar 2025 23:40:12 +0200
Subject: [PATCH] BIP 345: Fix OP_VAULT_RECOVER specification for the
 recovery-sPK-hash

The recovery scriptPubKey needs to be prefixed with its CompactSize-encoded length.
---
 bip-0345.mediawiki | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/bip-0345.mediawiki b/bip-0345.mediawiki
index 5ce6e450..8237cc56 100644
--- a/bip-0345.mediawiki
+++ b/bip-0345.mediawiki
@@ -307,7 +307,8 @@ where
 After the stack is parsed, the following validation checks are performed:
 
 * Let the output at index <code><recovery-vout-idx></code> be called ''recoveryOut''.
-* If the scriptPubKey of ''recoveryOut'' does not have a tagged hash equal to <code><recovery-sPK-hash></code> (<code>tagged_hash("VaultRecoverySPK", recoveryOut.scriptPubKey) == recovery-sPK-hash</code>, where <code>tagged_hash()</code> is from the [https://github.com/bitcoin/bips/blob/master/bip-0340/reference.py BIP-0340 reference code]), script execution MUST fail and terminate immediately.
+* Compute the scriptPubKey tagged hash for ''recoveryOut'' as <code>output-sPK-hash = tagged_hash("VaultRecoverySPK", CompactSize(len(recoveryOut.scriptPubKey)) || recoveryOut.scriptPubKey)</code>, where <code>tagged_hash()</code> is from the [https://github.com/bitcoin/bips/blob/master/bip-0340/reference.py BIP-0340 reference code].
+* If the ''recoveryOut'' <code>output-sPK-hash</code> is not equal to <code><recovery-sPK-hash></code>, script execution MUST fail and terminate immediately.
 ** Implementation recommendation: if ''recoveryOut'' does not have an <code>nValue</code> greater than or equal to this input's amount, the script SHOULD fail and terminate immediately.
 * Queue a deferred check that ensures the <code>nValue</code> of ''recoveryOut'' contains the entire <code>nValue</code> of this input.<ref>'''How do recovery transactions pay for fees?''' If the recovery is unauthorized, fees are attached either via CPFP with an ephemeral anchor or as inputs which are solely spent to fees (i.e. no change output). If the recovery is authorized, fees can be attached in any manner, e.g. unrelated inputs and outputs or CPFP via anchor.</ref>
 ** This deferred check could be characterized in terms of the pseudocode below as <code>RecoveryCheck(<recovery-vout-idx>, input_amount)</code>.