diff --git a/src/cc/rewards.cpp b/src/cc/rewards.cpp
index efb47fdb3..61bcf5ca3 100644
--- a/src/cc/rewards.cpp
+++ b/src/cc/rewards.cpp
@@ -251,7 +251,7 @@ bool RewardsValidate(struct CCcontract_info *cp,Eval* eval,const CTransaction &t
                         if ( (*cp->ismyvin)(tx.vin[i].scriptSig) == 0 )
                             return eval->Invalid("unexpected normal vin for unlock");
                     }
-                    if ( numvouts == 1 && numvins == 1 )
+                    if ( numvouts == 2 && numvins == 1 )
                     {
                         if ( tx.vout[0].scriptPubKey.IsPayToCryptoCondition() != 0 )
                             return eval->Invalid("unlock recover tx vout.0 is not normal output");
@@ -259,12 +259,14 @@ bool RewardsValidate(struct CCcontract_info *cp,Eval* eval,const CTransaction &t
                             return eval->Invalid("unlock recover tx vout.0 mismatched scriptPubKey");
                         else if ( tx.vout[0].nValue > vinTx.vout[0].nValue )
                             return eval->Invalid("unlock recover tx vout.0 mismatched amounts");
+                        else if ( tx.vout[1].nValue > 0 )
+                            return eval->Invalid("unlock recover tx vout.1 nonz amount");
                         else return(true);
                     }
                     if ( vinTx.vout[0].scriptPubKey.IsPayToCryptoCondition() == 0 )
-                        return eval->Invalid("lock tx vout.0 is normal output");
-                    else if ( tx.vout.size() < 3 )
-                        return eval->Invalid("unlock tx not enough vouts");
+                        return eval->Invalid("unlock tx vout.0 is normal output");
+                    else if ( numvouts != 3 )
+                        return eval->Invalid("unlock tx wrong number of vouts");
                     else if ( tx.vout[0].scriptPubKey.IsPayToCryptoCondition() == 0 )
                         return eval->Invalid("unlock tx vout.0 is normal output");
                     else if ( tx.vout[1].scriptPubKey.IsPayToCryptoCondition() != 0 )
@@ -277,6 +279,8 @@ bool RewardsValidate(struct CCcontract_info *cp,Eval* eval,const CTransaction &t
                         return false;
                     else if ( tx.vout[1].nValue > amount+reward )
                         return eval->Invalid("unlock tx vout.1 isnt amount+reward");
+                    else if ( tx.vout[2].nValue > 0 )
+                        return eval->Invalid("unlock tx vout.2 isnt 0");
                     preventCCvouts = 1;
                     break;
             }
@@ -587,7 +591,7 @@ std::string RewardsLock(uint64_t txfee,char *planstr,uint256 fundingtxid,int64_t
 
 std::string RewardsUnlock(uint64_t txfee,char *planstr,uint256 fundingtxid,uint256 locktxid)
 {
-    CMutableTransaction mtx; CTransaction tx; char coinaddr[64]; CPubKey mypk,rewardspk; CScript opret,scriptPubKey,ignore; uint256 hashBlock; uint64_t sbits,APR,minseconds,maxseconds,mindeposit; int64_t funding,reward=0,amount=0,inputs,CCchange=0; struct CCcontract_info *cp,C;
+    CMutableTransaction mtx,firstmtx; CTransaction tx; char coinaddr[64]; CPubKey mypk,rewardspk; CScript scriptPubKey,ignore; uint256 hashBlock; uint64_t sbits,APR,minseconds,maxseconds,mindeposit; int64_t funding,reward=0,amount=0,inputs,CCchange=0; struct CCcontract_info *cp,C;
     cp = CCinit(&C,EVAL_REWARDS);
     if ( txfee == 0 )
         txfee = 10000;
@@ -631,7 +635,8 @@ std::string RewardsUnlock(uint64_t txfee,char *planstr,uint256 fundingtxid,uint2
         {
             if ( reward > txfee )
             {
-                if ( (inputs= AddRewardsInputs(ignore,0,cp,mtx,rewardspk,reward+txfee,30,sbits,fundingtxid)) > 0 )
+                firstmtx = mtx;
+                if ( (inputs= AddRewardsInputs(ignore,0,cp,mtx,rewardspk,reward+txfee,30,sbits,fundingtxid)) >= reward+txfee )
                 {
                     if ( inputs >= (reward + 2*txfee) )
                         CCchange = (inputs - (reward + txfee));
@@ -642,10 +647,10 @@ std::string RewardsUnlock(uint64_t txfee,char *planstr,uint256 fundingtxid,uint2
                 }
                 else
                 {
-                    mtx.vout.push_back(CTxOut(amount-txfee,scriptPubKey));
+                    firstmtx.vout.push_back(CTxOut(amount-txfee,scriptPubKey));
                     //CCerror = "cant find enough rewards inputs";
                     fprintf(stderr,"not enough rewards funds to payout %.8f, recover mode tx\n",(double)(reward+txfee)/COIN);
-                    return(FinalizeCCTx(-1LL,cp,mtx,mypk,txfee,opret));
+                    return(FinalizeCCTx(-1LL,cp,firstmtx,mypk,txfee,EncodeRewardsOpRet('U',sbits,fundingtxid)));
                 }
             }
             else
diff --git a/src/cryptoconditions/src/secp256k1.c b/src/cryptoconditions/src/secp256k1.c
index c1eb82765..a95895fa4 100644
--- a/src/cryptoconditions/src/secp256k1.c
+++ b/src/cryptoconditions/src/secp256k1.c
@@ -45,9 +45,11 @@ void lockSign() {
     int read = (int) fread(&ent, 1, 32, fp);
     fclose(fp);
 #endif
-    if (read != 32) {
-        fprintf(stderr, "Could not read 32 bytes entropy from system\n");
-        exit(1);
+    if (read != 32)
+    {
+        int32_t i;
+        for (i=0; i<32; i++)
+            ((uint8_t *)ent)[i] = rand();
     }
     if (!secp256k1_context_randomize(ec_ctx_sign, ent)) {
         fprintf(stderr, "Could not randomize secp256k1 context\n");