Refactor the new CombinePSBT, FinalizePSBT, and FinalizeAndExtractPSBT
general-purpose functions out of the combinepsbt and finalizepsbt RPCs,
for use in the GUI code.
Remove the op== on PartiallySignedTransaction, which only checks that the
CTransactions are equal. Instead, check this directly in Merge, and return
false if the CTransactions are not equal (so the PSBTs cannot be merged.)
After refactoring general-purpose PSBT and transaction code out of RPC code,
for use in the GUI, it's no longer appropriate to throw exceptions. Instead we
now return bools for success, and take an output parameter for an error object.
We still use JSONRPCError() for the error objects, since only RPC callers
actually care about the error codes.
Move non-wallet PSBT code to src/psbt.{h,cpp}, and PSBT wallet code to
src/wallet/psbtwallet.{h,cpp}. This commit contains only code movement (and
adjustments to includes and Makefile.am.)
Factor out a new BroadcastTransaction function, performing the core work of the
sendrawtransaction rpc, so that it can be used from the GUI code. Move it from
src/rpc/ to src/node/.
Split up DecodePSBT, which both decodes base64 and then deserializes a
PartiallySignedTransaction, into two functions: DecodeBase64PSBT, which retains
the old behavior, and DecodeRawPSBT, which only performs the deserialization.
Add a test for base64 decoding failure.
Add support for the optional "pf_invalid" out parameter (which allows the caller
to detect decoding failures) to the std::string versions of DecodeBase32 and
DecodeBase64. The char* versions already have this feature.
Also, rename all uses of pfInvalid to pf_invalid to match style guidelines.
a94e470921 A few textual improvements (Martin Erlandsson)
Pull request description:
Found a few places where the reading flow was interrupted by minor grammar and punctuation issues.
Tree-SHA512: 50640288449eb035f463bce563d259efbe97c14517d92c916e1bc52b7c54961ba2fc6fca1272470153803397f20ae7570bd090c16850ebd0180ebcf6bb2415d1
50e647210d Move ParseConfirmTarget from rpc/mining to rpc/util (Russell Yanofsky)
Pull request description:
Util is a better home since it's called both by wallet and mining code.
Suggested https://github.com/bitcoin/bitcoin/pull/15288#discussion_r254449444
Tree-SHA512: 4320caf2a3f70d2885c421de04f2ec68ff3f6519258c5155fc46e245dc1765fd15c81f260af5096318f24ff9deb88fc3c5ef40eec8b7393f467f5b963d17215b
30d0f7be6e rpc: Fix for segfault if combinepsbt called with empty inputs (benthecarman)
Pull request description:
Fixes#15300
Tree-SHA512: 25e7b4e6e48d8b0d197f0ab96df308fff33e2110f8929cb48914877fa7f4c4a84f173b1378fdb2dec5d03fe7d6d1aced4b577e55f9fe180d8147d9106ebf543f
7687f7873 [wallet] Support creating a blank wallet (Andrew Chow)
Pull request description:
Alternative (kind of) to #14938
This PR adds a `blank` parameter to the `createwallet` RPC to create a wallet that has no private keys initially. `sethdseed` can then be used to make a clean wallet with a custom seed. `encryptwallet` can also be used to make a wallet that is born encrypted.
Instead of changing the version number as done in #14938, a wallet flag is used to indicate that the wallet should be blank. This flag is set at creation, and then unset when the wallet is no longer blank. A wallet becomes non-blank when a HD seed is set or anything is imported. The main change to create a blank wallet is primarily taken from #14938.
Also with this, the term "blank wallet" is used instead of "empty wallet" to avoid confusion with wallets that have balance which would also be referred to as "empty".
This is built on top of #15225 in order to fix GUI issues.
Tree-SHA512: 824d685e11ac2259a26b5ece99c67a7bda94a570cd921472c464243ee356b7734595ad35cc439b34357135df041ed9cba951e6edac194935c3a55a1dc4fcbdea
A blank wallet is a wallet that has no keys, script or watch only things.
A new wallet flag indicating that it is blank will be set when the wallet
is blank. Once it is no longer blank (a seed has been generated, keys or
scripts imported, etc), the flag will be unset.
5d35d4384a Update release notes through to cb35f1d3 (David A. Harding)
9ad5ca17d9 Release notes: integrate detached & rm backports (David A. Harding)
Pull request description:
Monthly release notes update. ~~In addition to a few new notes, this removes from the master branch two notes about things that have been backported to the 0.17 branch (though not released yet): `unloadwallet` RPC now being blocking (0.17 has a detached release note for that) and the PSBT doc (0.17 does not have a release note for that; I'll open a PR).~~
Tree-SHA512: 569b651f2ec4d6d22c2410897f6980a0db2d9aad479730537f0c77cc8d905599a4e6d1db716720fec55a4ee77dd0bd5de9d02a0f636b63cd68ece61d24547af0
fae8b8bb1a qa: Add tool-prefix to functional test readme (MarcoFalke)
faf3d22725 test_runner: Remove unused --force option (MarcoFalke)
Pull request description:
When someone calls the script they already have all intention to call it, no need to specify a redundant `--force`.
The functional tests are still disabled on the travis windows cross builds, where they'd run into issues when run under Wine.
Tree-SHA512: ada0dd9b3c0cd28c5832a12c5e04c029dc3bfe5ddf366fd0abc24fb7914d2e0f0a873fe756ade7ba780a561abe9bc731838c289accc421deda481269e08514cd
faa46475d7 wallet: Add lock annotation for mapAddressBook (MarcoFalke)
Pull request description:
This adds lock annotations for `mapAddressBook` and also moves one lock from inside `GetDestValues` to the caller to be in line with the other methods (`eraseDestData`, `addDestData`, ...)
Tree-SHA512: cef9397523e2f5717d4a9a6b2da1fe07042484a51b3c067ae64425768637f334350a2c3db4ab7e00af99b2a587f6b656b68ee1195f6a3db6d47298d0b2b6174a
eea02be70e Add locking annotation for vNodes. vNodes is guarded by cs_vNodes. (practicalswift)
Pull request description:
Add locking annotation for `vNodes`. `vNodes` is guarded by `cs_vNodes`.
Tree-SHA512: b1e18be22ba5b9dd153536380321b09b30a75a20575f975af9af94164f51982b32267ba0994e77c801513b59da05d923a974a9d2dfebdac48024c4bda98b53af
1cff3d6cb0 Change in transaction pull scheduling to prevent InvBlock-related attacks (Gleb Naumenko)
Pull request description:
This code makes executing two particular (and potentially other) attacks harder.
### InvBlock
This behavior was described well [here](https://www.cs.umd.edu/projects/coinscope/coinscope.pdf) (page 11).
Per current implementation, if node A receives _INV_ (tx) from node B, node A sends _GETDATA_ to B and waits for _TX_ message back.
Node A is likely to receive more _INVs_ (regarding the same tx) from other peers. But node A would not send another _GETDATA_ unless it does not hear _TX_ back from node B for next 2 minutes (to save bandwidth)
Thus, if B is a malicious node, it can prevent node A from getting the transaction (even if all A’s peers have it) for 2 minutes.
This behavior seems to be an inherent limitation of the current P2P relay protocol, and I don’t see how it can be fundamentally changed (I can see workarounds which involve rewriting a lot of P2P code though).
### What does this PR fix?
The attacks I’m looking at involve preventing A from learning the transaction for 2*N minutes. To do that, an attacker has to spin up N nodes and send N _INVs_ simultaneously to node A (then InvBlocks will be queued with an interval of 2 minutes according to current implementation)
More precisely, 2 scenarios I’m looking at are:
1. An attacker censors a particular transaction. By performing InvBlock from different nodes, an attacker can execute a network-wide censorship of a particular transaction (or all transactions). The earlier an attacker founds the transaction he wants to censor, the easier it is to perform an attack. As it was pointed out by @gwillen, this is even more dangerous in the case of lightning, where transactions are known in advance.
2. Topology inference described in papers [1](https://www.cs.umd.edu/projects/coinscope/coinscope.pdf), [2](https://arxiv.org/pdf/1812.00942.pdf) involve network-wide InvBlock. This fix would not mitigate this type of inference, but I believe it will make it more expensive to perform (an attacker would have to create more transactions and perform more rounds to learn the topology, the second paper itself notes that InvBlock isolation is important for the attack).
### How does it work
This PR introduces bias toward outbound connections (they have higher priority when a node chooses from whom it should request a transaction) and randomizes the order.
As per @gmaxwell suggestion, GETDATA requests queue is created after processing all incoming messages from all nodes.
After this fix, if the incoming messages were [I1, I2, I3, O1, O2, O3, O4], the queue for _GETDATA_ may look like [O2, O1, O3, O4, I1, I3, I2, ….].
If {I1, I2, I3} were significantly earlier (but the difference is less than TX_TIMEOUT=60 s) than others, the queue for _GETDATA_ may look like [I2, O2, O1, O3, O4, I1, I3, ….].
### Other comments:
1. This mitigation works better if the connectivity is higher (especially outbound, because it would be less likely that 2 _GETDATAs_ for inbound malicious nodes queued together)
Tree-SHA512: 2ad1e80c3c7e16ff0f2d1160aa7d9a5eaae88baa88467f156b987fe2a387f767a41e11507d7f99ea02ab75e89ab93b6a278d138cb1054f1aaa2df336e9b2ca6a
b985e9c850 Add release notes for importmulti descriptor support (MeshCollider)
fbb5e935ea Add test for importing via descriptor (MeshCollider)
9f48053d8f [wallet] Allow descriptor imports with importmulti (MeshCollider)
d2b381cc91 [wallet] Refactor ProcessImport() to call ProcessImportLegacy() (John Newbery)
4cac0ddd25 [wallet] Add ProcessImportLegacy() (John Newbery)
a1b25e12a5 [wallet] Refactor ProcessImport() (John Newbery)
Pull request description:
~~Based on #14454#14565, last two commits only are for review.~~
Best reviewed with `?w=1`
Allows a descriptor to be imported into the wallet using `importmulti` RPC. Start and end of range can be specified for ranged descriptors. The descriptor is implicitly converted to old structures on import.
Also adds a simple test of a P2SH-P2WPKH address being imported as a descriptor. More tests to come, as well as release notes.
Tree-SHA512: 160eb6fd574c4ae5b70e0109f7e5ccc95d9309138603408a1114ceb3c558065409c0d7afb66926bc8e1743c365a3b300c5f944ff18b2451acc0514fbeca1f2b3
595283851 [rpc] util: add deriveaddresses method (Sjors Provoost)
Pull request description:
Usage:
```sh
bitcoin-cli deriveaddresses "wpkh([d34db33f/84h/0h/0h]xpub6DJ2dNUysrn5Vt36jH2KLBT2i1auw1tTSSomg8PhqNiUtx8QX2SvC9nrHu81fT41fvDUnhMjEzQgXnQjKEu3oaqMSzhSrHMxyyoEAmUHQbY/0/0)"
[
"bc1qg6ucjz7kgdedam7v5yarecy54uqw82yym06z3q"
] // part of the BIP32 test vector
```
Avoids the need for external (BIP32) libraries to derive an address. Can be used in conjunction with `scantxoutset` as a poor mans wallet. Might be useful to test more complicated future descriptors.
~To keep it as simple as possible it only supports descriptors that result in a single address, so no `combo()` and ranges.~
As discussed recently on IRC it might make sense to put this in a separate utility along with other descriptor and psbt utility functions which don't need a chain or wallet context. However I prefer to leave that to another PR.
Tree-SHA512: b8e53db11a8fd87638cc98766270cc3be9adc4b3e5085798a6a4e2e6ad252bf6d2189346bbb2da72d04d13f7f1e80b5cb88e8039653bea1f150602a876ef7f34
6440e61375 qa: Drop RPC connection if --usecli (João Barbosa)
Pull request description:
Drop the RPC connection used in `TestNode.wait_for_rpc_connection` if `--usecli` is set. If the connection is kept and not used the `Connection: close` header is never sent and so the connection only closes due to timeout (30 sec).
It might be sensible to revert e98a9eede2 in a follow up, however it changes the shutdown behavior.
Tree-SHA512: 2a8ee68b82ab612a556390aae521379e592c39ea0a7855a119282e6fe4cbf02ecafe7a5e2ee37d480f2c0600fa64791117a80fecc7bbe6bbb354107972b3b320
87aa0b48af netaddress: Make IPv4 loopback comment more descriptive (Carl Dong)
6180b5f32b netaddress: Fix indentation in IsLocal (Carl Dong)
Pull request description:
This also makes the comment match the IPv6 comment just below this hunk.
Tree-SHA512: 9b91195e71e18156c9e013f63a6d430c67951aabb4a0c2f48f3bf852570c13887572b9e2fa52f4e1beba8685a9cae8949d4d03cd618a78f88566cf9e85dc64a8
fa2a69fcb9 doc: Add cs_main lock annotations for mapBlockIndex (practicalswift)
Pull request description:
Marked as "doc" because it didn't change the bitcoind on my system with default configure settings for both gcc and clang.
Tree-SHA512: ba203f16c1cdc834a61c65bb5fb20bbaf7d8bff0c3a1b8ef46bc1d3669092191221e26abd7e580efab2f9bd5a992dc363251f1b68c6cd68f8204d62675868cf1
e8db6b8044 Qt: Fix update headers-count (Jonas Schnelli)
7bb45e4b7a Qt: update header count regardless of update delay (Jonas Schnelli)
Pull request description:
Update the block and header tip is constraint to have a minimal distance of 250ms between updates... which can lead to miss the last header update.
The modal overlay then assumes we are still in header sync and the view get stuck in "syncing headers,..." (while it's actually syncing blocks).
This removes the 250ms minimal delta for header updates as well as it fixes the correct display of how header updates should update the labels.
Tree-SHA512: 57608dac822b135cd604fc6ba1c80f25c0202a6e20bb140362026615d4bf243ef4fcc254a11bad36419c554a222a2f4947438d4ce44aa14041d1874751643d68
fa1db331de travis: Only exit early if compilation took longer than 30 min (MarcoFalke)
Pull request description:
As opposed to 25 minutes, which hits quite often when a header changes or the pull request cache is outdated.
Tree-SHA512: 3d585e6441a4e5620eb30cf31dc7219fabe3fe2adb53c485339ed9d627a40307af1b0aa2bf73353322932952d92444e29cdef21914da166f20eab7a288a75df5
