Add UTXO check detail

tip-0100.md

@@ -75,21 +75,23 @@ whose SBT you own is locked.
 The following data is required for the proof:
 
 * OutPoint (TXID + output index) of SBT's UTXO
-* An redeem script of SBT's UTXO (CP2SH)
+* An redeem script and scriptPubkey of SBT's UTXO (CP2SH)
 * Message to be signed
 * A valid digital signature (ECDSA or Schnorr signature) for the message and `SBT owner public key`
 
 The proof process for SBT owner (prover) and verifier is as follows:
 
-1. The prover provides to verifier with the SBT UTXO OutPoint and the SBT UTXO (CP2SH) redeem script.
-2. The verifier checks that the target UTXO is an unused UTXO of the SBT issued transaction.
-After passing the verification, send the message `m` as a signing request to the prover.
+1. The prover provides to verifier with the SBT UTXO OutPoint and the SBT UTXO (CP2SH) scriptPubkey and redeem script of it.
+2. The verifier checks:
+   * The target UTXO is an unused UTXO of the SBT issued transaction.
+   * The scriptPubkey type must be CP2SH and NFT.
+3. After passing the verification, send the message `m` as a signing request to the prover.
 The verifier must always generate a new message.
 This prevents an attacker who does not know the private key and reuse the digital signature of a prover obtained by some means to pass verification.
-3. The prover uses the private key corresponding to the `SBT owner public key` in the redeem script
+4. The prover uses the private key corresponding to the `SBT owner public key` in the redeem script
 to generate a digital signature (ECDSA or Schnorr signature) for the message to be signed.
 Then sends the generated digital signature to the verifier.
-4. The verifier checks that the received digital signature is a valid digital signature against the
+5. The verifier checks that the received digital signature is a valid digital signature against the
 `SBT owner public key` in the redeem script received in messages `m`.
 Once you pass the verification, you are verified as the owner of the SBT.