cf82a9e Do not allow users to get keys from keypool without reserving them (Matt Corallo)
Pull request description:
fundrawtransaction allows users to add a change output and then
not have it removed from keypool. While it would be nice to have
users follow the normal CreateTransaction/CommitTransaction process
we use internally, there isnt much benefit in exposing this option,
especially with HD wallets, while there is ample room for users to
misunderstand or misuse this option.
This partially reverts #9377. Would be nice to get this for 15 since its kinda crazy we have this option to begin with IMO, will need release notes as an RPC option is now ignored.
Tree-SHA512: 72b5ee9c4a229b84d799dfb00c56fe80d8bba914ce81a433c3f5ab325bf9bf2b839ee658c261734f0ee183ab19435039481014d09c41dbe155e6323e63beb01d
fundrawtransaction allows users to add a change output and then
not have it removed from keypool. While it would be nice to have
users follow the normal CreateTransaction/CommitTransaction process
we use internally, there isnt much benefit in exposing this option,
especially with HD wallets, while there is ample room for users to
misunderstand or misuse this option.
This could be particularly nasty in some use-cases (especially
pre-HD-split) - eg a user might fundrawtransaction, then call
getnewaddress, hand out the address for someone to pay them, then
sendrawtransaction. This may result in the user thinking they have
received payment, even though it was really just their own change!
This could obviously result in needless key-reuse.
6b9faf7 [QA] add basic multiwallet test (Jonas Schnelli)
979d0b8 [tests] [wallet] Add wallet endpoint support to authproxy (John Newbery)
76603b1 Select wallet based on the given endpoint (Jonas Schnelli)
32c9710 Fix test_bitcoin circular dependency issue (Jonas Schnelli)
31e0720 Add wallet endpoint support to bitcoin-cli (-usewallet) (Jonas Schnelli)
dd2185c Register wallet endpoint (Jonas Schnelli)
Pull request description:
Alternative for #10829 and #10650.
It adds the most simplest form of wallet based endpoint support (`/wallet/<filename>`).
No v1 and no node/wallet endpoint split.
Tree-SHA512: 23de1fd2f9b48d94682928b582fb6909e16ca507c2ee19e1f989d5a4f3aa706194c4b1fe8854d1d79ba531b7092434239776cae1ae715ff536e829424f59f9be
1fc8c3d No longer ever reuse keypool indexes (Matt Corallo)
Pull request description:
This fixes an issue where you could reserve a keypool entry, then
top up the keypool, writing out a new key at the given index, then
return they key from the pool. This isnt likely to cause issues,
but given there is no reason to ever re-use keypool indexes
(they're 64 bits...), best to avoid it alltogether.
Builds on #10235, should probably get a 15 tag.
Tree-SHA512: c13a18a90f1076fb74307f2d64e9d80149811524c6bda259698ff2c65adaf8c6c3f2a3a07a5f4bf03251bc942ba8f5fd33a4427aa4256748c40b062991682caf
077d01f random: only use getentropy on openbsd (Cory Fields)
Pull request description:
Follow-up from #10335. I can confirm that this fixes my issue when building against a new glibc + old linux headers for back-compat.
Tree-SHA512: a0fcf26995fbd3636f970e729a172c6e1d7c0de371e703f0653cd9776600f438ec43acd2b1eb92f2678a011968da8fbbeef8a54599434851f4c6ffe78291c172
06bcdb8da Convert named argument from nblocks to conf_target (Alex Morcos)
439c4e8ad Improve api to estimatesmartfee (Alex Morcos)
Pull request description:
Through 0.14 branch, the estimatesmartfee API was tagged "WARNING: This interface is unstable and may disappear or change!" and this warning is removed for 0.15, so any wanted API updates should happen now.
The changes here are to make the additional parameter for conservative estimates a more general estimate_mode string , to omit the feerate and include an error string instead of returning -1 on error, and to do better parameter checking initially.
~It is only the last 2 commits, but it's built on #10706 and #10543~.
See https://github.com/bitcoin/bitcoin/pull/10707#issuecomment-314869251 for renaming of nblocks argument to conf_target. Will need to be included before string freeze.
PR description edited for clarity
Tree-SHA512: 6d8ebee8bb410e2950ffd59663eebfed8d1611d995dc935bb91e430d9da7e2f306796f45631458376027d26341c660f09e825e61748103d2f2736ec6dc3df3ae
8276e70de Adding assert to avoid a memory access violation inside of PartialMerkleTree::CalcHash() (Chris Stewart)
Pull request description:
Fixing a possible memory access violation in CPartialMerkleTree::CalcHash().
This can happen if we some how a merkle tree with zero txids. I don't think this can happen in practice as we only send merkle block messages on the p2p network as of now -- we cannot receive them.
This was found with #8469, specifically using this [generator](https://github.com/Christewart/bitcoin/blob/rapidcheck/src/test/gen/merkleblock_gen.h#L52-L77) which will cause a memory access violation on [this test case](https://github.com/Christewart/bitcoin/blob/rapidcheck/src/test/merkleblock_properties.cpp#L48).
Tree-SHA512: b95904ec45ea3f082c7722161d93ee06b24c706fbffa909a6e995ed14788aed2830f91b626da6f0347660c45874a0735dab61c9440b59c949c690af4165c83fb
Any change output which would be dust at the discard_rate you are
willing to discard completely and add to fee (as well as continuing to
pay the fee that would have been needed for creating the change).
This fixes an issue where you could reserve a keypool entry, then
top up the keypool, writing out a new key at the given index, then
return they key from the pool. This isnt likely to cause issues,
but given there is no reason to ever re-use keypool indexes
(they're 64 bits...), best to avoid it alltogether.
b0e8e2d Print one log message per keypool top-up, not one per key. (Gregory Maxwell)
41dc163 Increase wallet default keypool size to 1000. (Gregory Maxwell)
30d8f3a Pushdown walletdb though CWallet::AddKeyPubKey to avoid flushes. (Gregory Maxwell)
3a53f19 Pushdown walletdb object through GenerateNewKey/DeriveNewChildKey. (Gregory Maxwell)
Pull request description:
This carries the walletdb object from top-up through GenerateNewKey/DeriveNewChildKey/CWallet::AddKeyPubKey, which allows us to avoid the flush on destruction until the top up finishes instead of flushing the wallet for every key.
This speeds up adding keys by well over 10x on my laptop (actually something like 17x), I wouldn't be surprised if it were an even bigger speedup on spinning rust.
Then it increases the keypool size to 1000. I would have preferred to use 10,000 but in the case where the user creates a new wallet and then turns on encryption it seems kind of dumb to have >400KB of marked-used born unencrypted keys just laying around.
(Thanks to Matt for cluesticking me on how to bypass the crypter spaghetti)
Tree-SHA512: 868303de38fce4c3f67d7fe133f765f15435c94b39d252d7450b5fee5c607a3cc2f5e531861a69d8c8877bf130e0ff4c539f97500a6bc0ff6d67e4a42c9385c7
dba485d init: Factor out AppInitLockDataDirectory (Wladimir J. van der Laan)
Pull request description:
Alternative to #10818, alternative solution to #10815.
After this change: All the AppInit steps before and inclusive AppInitLockDataDirectory must not have Shutdown() called in case of failure. Only when AppInitMain fails, Shutdown should be called.
Changes the GUI and bitcoind code to consistently do this.
Tree-SHA512: 393e1a0ae05eb8e791025069e3ac4f6f3cdeb459ec63feda85d01cf6696ab3fed7632b6a0ac3641b8c7015af51d46756b5bba77f5e5f0c446f0c2dea58bbc92e
Change parameter for conservative estimates to be an estimate_mode string.
Change to never return a -1 for failure but to instead omit the feerate and
return an error string. Throw JSONRPC error on invalid nblocks parameter.
Alternative to #10818, alternative solution to #10815.
After this change: All the AppInit steps before and inclusive
AppInitLockDataDirectory must not have Shutdown() called in case of
failure. Only when AppInitMain fails, Shutdown should be called.
Changes the GUI and bitcoind code to consistently do this.
This redefines dust to be the value of an output such that it would
cost that value in fees to (create and) spend the output at the dust
relay rate. The previous definition was that it would cost 1/3 of the
value. The default dust relay rate is correspondingly increased to
3000 sat/kB so the actual default dust output value of 546 satoshis
for a non-segwit output remains unchanged. This commit is a refactor
only unless a dustrelayfee is passed on the commandline in which case
that number now needs to be increased by a factor of 3 to get the same
behavior. -dustrelayfee is a hidden command line option.
Note: It's not exactly a refactor due to edge case changes in rounding
as evidenced by the required change to the unit test.
11590d3 Properly bound check conf_target in wallet RPC calls (Alex Morcos)
fd29d3d Remove checking of mempool min fee from estimateSmartFee. (Alex Morcos)
2fffaa9 Make QT fee displays use GetMinimumFee instead of estimateSmartFee (Alex Morcos)
1983ca6 Use CoinControl to pass custom fee setting from QT. (Alex Morcos)
03ee701 Refactor to use CoinControl in GetMinimumFee and FeeBumper (Alex Morcos)
ecd81df Make CoinControl a required argument to CreateTransaction (Alex Morcos)
Pull request description:
This builds on #10589 (first 5 commits from that PR, last 5 commits are new)
The first couple commits refactor to use the CCoinControl class to pass fee calculation parameters around.
This allows for fixing the buggy interaction in QT between the global payTxFee which can be modified by the RPC call settxfee or temporarily modified by the QT custom fee settings. Before these changes the GUI could sometimes send a transaction with a recently set payTxFee and not respect the settings displayed in the GUI. After these changes, using the GUI does not involve the global transaction confirm target or payTxFee.
The prospective fee displays in the smart fee slider and the coin control dialog are changed to use the fee calculation from GetMinimumFee, this simplifies the code and makes them slightly more correct in edge cases.
Maxing the fee calculation with the mempool min fee is move from estimateSmartFee to GetMinimumFee.
This fixes a long standing bug, and should be tagged for 0.15 as it is holding up finalizing the estimatesmartfee RPC API before release.
Tree-SHA512: 4d36a1bd5934aa62f3806d380fcafbef73e9fe5bdf190fc5259a3e3a13349e5ce796e50e7068c46dc630ccf56d061bce5804f0bfe2e082bb01ca725b63efd4c1
4c3b538 [logs] fix zapwallettxes startup logs (John Newbery)
e7a2181 [wallet] fix zapwallettxes interaction with persistent mempool (John Newbery)
ff7365e [tests] fix flake8 warnings in zapwallettxes.py (John Newbery)
Pull request description:
zapwallettxes previously did not interact well with persistent mempool.
zapwallettxes would cause wallet transactions to be zapped, but they
would then be reloaded from the mempool on startup. This commit softsets
persistmempool to false if zapwallettxes is enabled so transactions are
actually zapped.
This PR also fixes the zapwallettxes.py functional test, which did not properly test this feature. The test line:
```py
assert_raises(JSONRPCException, self.nodes[0].gettransaction, [txid3])
#there must be a expection because the unconfirmed wallettx0 must be gone by now
```
is not actually testing the presence of the transaction since the RPC is being called incorrectly (with an array instead of a string). The `assert_raises()` passes since an assert is raised, but it's not the one the test writer had in mind!
Fixes#9710 .
Tree-SHA512: e3236efc7a2fd2b3bf1d9e2e8a7726d470c57f5d95cf41b7bde264edc8817bd36a6f3feff52f8de8db0ef64b7247c88b24e7ff7cefaa706cba86fe4e2135a508
5618b7d Do not shadow upper local variable `state`. (Pavel Janík)
Pull request description:
Tests added in #10192 emit few shadowing warnings:
```
test/txvalidationcache_tests.cpp:268:26: warning: declaration shadows a local variable [-Wshadow]
test/txvalidationcache_tests.cpp:296:26: warning: declaration shadows a local variable [-Wshadow]
test/txvalidationcache_tests.cpp:357:26: warning: declaration shadows a local variable [-Wshadow]
```
Remove shadowing declarations and reuse the upper local declaration as in other already present test cases.
Tree-SHA512: 1e3c52cf963f8f33e729900c8ecdcd5cc6fe28caa441ba53c4636df9cc3d1a351ca231966d36384589f1340ae8ddd447424c2ee3e8527d334d0412f0d1a10c8f
6835cb0ab Avoid static analyzer warnings regarding uninitialized arguments (practicalswift)
Pull request description:
Avoid static analyzer warnings regarding _"Function call argument is a pointer to uninitialized value"_ in cases where we are intentionally using such arguments.
This is achieved by using `f(b.begin(), b.end())` (`std::array<char, N>`) instead of `f(b, b + N)` (`char b[N]`).
Rationale:
* Reduce false positives by guiding static analyzers regarding our intentions.
Before this commit:
```shell
$ clang-tidy-3.5 -checks=* src/bench/base58.cpp
bench/base58.cpp:23:9: warning: Function call argument is a pointer to uninitialized value [clang-analyzer-core.CallAndMessage]
EncodeBase58(b, b + 32);
^
$ clang-tidy-3.5 -checks=* src/bench/verify_script.cpp
bench/verify_script.cpp:59:5: warning: Function call argument is a pointer to uninitialized value [clang-analyzer-core.CallAndMessage]
key.Set(vchKey, vchKey + 32, false);
^
$
```
After this commit:
```shell
$ clang-tidy-3.5 -checks=* src/bench/base58.cpp
$ clang-tidy-3.5 -checks=* src/bench/verify_script.cpp
$
```
Tree-SHA512: 5814a320ca8b959d0954bb64393424bcad73f942d2e988de1cd6788f39153b93900325532f2e340de02d740a3953385d212ae08e7ec72bb4c394a40475f251df
d0413c670 Use range based for loop (René Nyffenegger)
Pull request description:
Instead of iterating over 0 .. 1 and then deciding on an actual desired
value, use a range based for loop for the desired value.
Tree-SHA512: 0a7a4a80516c9f16cf97fa7d257088b8386360e19b93c4deac3d745b6270ea452c513821686d7d14a159a235763e034f9b14eef222ca15f7eb71c37bd1c2c380
d40a72ccb Clarify *(--.end()) iterator semantics in CWallet::TopUpKeyPool (Matt Corallo)
28301b978 Meet code style on lines changed in the previous commit (Matt Corallo)
4a3fc3562 Track keypool entries as internal vs external in memory (Matt Corallo)
Pull request description:
This is an alternative version of #10184. As @jonasschnelli points out there, the performance regressions are pretty minimal, but given that this is a pretty simple, mechanical change, its probably worth doing.
Tree-SHA512: e83f9ebf2998f8164d1b2eebe5e6dcdeadea8c30b7612861f830758c08bf4093cd6a67b3bcfa9cfcb139e5e0b106fc8898a975fc69f334981aefc756568ab613
5c643241e [utils] allow square brackets for ipv6 addresses in bitcoin-cli (John Newbery)
fe4fabaf1 [refactor] move SplitHostPort() into utilstrencodings (John Newbery)
Pull request description:
bitcoin-cli's `-rpcconnect` can accept ipv6 addresses (as long as the libevent version is new enough), but fails to parse ipv6 with square brackets. This PR makes `bitcoin-cli` parse ipv6 in square brackets correctly.
`bitcoin-cli -rpcconnect=[::1] <command>`
should now be equivalent to
`bitcoin-cli -rpcconnect=::1 <command>`
This is useful so the `bitcoin-cli` option can now be in the same format as the `bitcoind` option.
Doesn't include tests. I have a branch that fully tests `bitcoin-cli`, but that's queued behind several intermediate PRs.
- first commit moves `SplitHostPort()` from libbitcoin_common into libbitcoin_util
- second commit adds proper ipv6 parsing to bitcoin-cli
Tree-SHA512: 249d409f10360c989474283341f458cc97364a56a7d004ae6d5f13d8bffe3a51b5dc2484d42218848e2d42cd9c0b13a1b92e94ea19b209f7e91c875c208d8409
0aadc11fd Avoid dereference-of-casted-pointer (Pieter Wuille)
Pull request description:
And prefer a static_cast to the intended reference type.
Tree-SHA512: e83b20023a4dca6029b46f7040a8a6fd54e1b42112ec0c87c3c3b567ed641de97a9e2335b57a2efb075491f641e5b977bc226a474276bea0c3c3c71d8d6ac54d
zapwallettxes previously did not interact well with persistent mempool.
zapwallettxes would cause wallet transactions to be zapped, but they
would then be reloaded from the mempool on startup. This commit softsets
persistmempool to false if zapwallettxes is enabled so transactions are
actually zapped.
228987d84 getbalance example covers at least 6 confirms (Gregory Sanders)
Tree-SHA512: 328d60b007ee75d809f4d28a7d9e5537d3c1446bd30c4c2ae57c690b8e83f6287cbcd3d8c955e8ba07ab62e27f9d27497c55219ff14fd5af7759dec465673fa2
Avoid static analyzer warnings regarding "Function call argument
is a pointer to uninitialized value" in cases where we are
intentionally using such arguments.
This is achieved by using ...
`f(b.begin(), b.end())` (`std::array<char, N>`)
... instead of ...
`f(b, b + N)` (`char b[N]`)
Rationale:
* Reduce false positives by guiding static analyzers regarding our
intentions.
Before this commit:
```
$ clang-tidy-3.5 -checks=* src/bench/base58.cpp
bench/base58.cpp:23:9: warning: Function call argument is a pointer to uninitialized value [clang-analyzer-core.CallAndMessage]
EncodeBase58(b, b + 32);
^
$ clang-tidy-3.5 -checks=* src/bench/verify_script.cpp
bench/verify_script.cpp:59:5: warning: Function call argument is a pointer to uninitialized value [clang-analyzer-core.CallAndMessage]
key.Set(vchKey, vchKey + 32, false);
^
$
```
After this commit:
```
$ clang-tidy-3.5 -checks=* src/bench/base58.cpp
$ clang-tidy-3.5 -checks=* src/bench/verify_script.cpp
$
```
This check has been moved to the wallet logic GetMinimumFee. The rpc call to
estimatesmartfee will now no longer return a result maxed with the mempool min
fee, but automated fee calculations from the wallet will produce the same result
as before and coincontrol and sendcoins dialogs in the GUI will correctly
display the right prospective fee.
changes to policy/fees.cpp include a big whitespace indentation change.
Remove helper function (CalculateEstimateType) for determining whether
estimates should be conservative or not, now that this is only called
once from GetMinimumFee and incorporate the logic directly there.
This fixes buggy behavior where we were temporarily setting and unsetting the
global payTxFee when trying to send a transaction with a custom fee from the
GUI. The previous behavior was inconsistent depending on the order of using the
RPC call settxfee and clicking various radio buttons in the sendcoinsdialog.
The new behavior is that transactions sent with the GUI will always use either
the smartfee slider value or the custom fee set on the GUI and they will not
affect the global defaults which are only for RPC and initial GUI values.
2aef1f182 [Qt] migrate old fee slider value to new dropbown Always round up (conservative) (Jonas Schnelli)
bc1be90e3 [Qt] replace fee slider with a Dropdown, extend conf. targets (Jonas Schnelli)
Tree-SHA512: 53796cf0b434dd3db5d4680dbeb6231a7df8f15d88187178fd4db8917cd7fc60091ce2c1589fd93668fc94bb13f989aba5b7ef3792fa95ee1f9f21a15709e2d3
dd97a529a Properly forbid -salvagewallet and -zapwallettxes for multi wallet. (Alex Morcos)
Tree-SHA512: dcde8f854ae957b4d3af4bcf1b811e0b6e9b93602764f86499e46a28d304cd4ee93ba058c03f6ca74ccb60e1310c83e53b698c64d93e5503115377655b80d44d
Warning from gcc 7.1 is ./prevector.h:450:25: warning:
'*((void*)(&<anonymous>)+8).prevector<28, unsigned char>::_union.prevector<28, unsigned char>::direct_or_indirect::<anonymous>.prevector<28, unsigned char>::direct_or_indirect::<unnamed struct>::indirect'
may be used uninitialized in this function [-Wmaybe-uninitialized]
Some people keep thinking that MAX_BLOCK_BASE_SIZE is a separate
size limit from the weight limit when it fact it is superfluous,
and used in early tests before the witness data has been
validated or just to compute worst case sizes. The size checks
that use it would not behave any differently consensus wise
if they were eliminated completely.
Its correct value is not independently settable but is a function
of the weight limit and weight formula.
This patch just eliminates it and uses the scale factor as
required to compute the worse case constants.
It also moves the weight factor out of primitives into consensus,
which is a more logical place for it.
18bacec6c Make check to distinguish between orphan txs and old txs more efficient. (Alex Morcos)
Tree-SHA512: b6b4bad89aa561975dce7b68b2fdad5623af5ebcb9c38fd6a72b5f6d0544ed441df4865591ac018f7ae0df9b5c60820cb4d9e55664f5667c9268458df70fd554
d34d77a build: verify that the assembler can handle crc32 functions (Cory Fields)
Pull request description:
Also, enable crc32 even if -msse4.2 wasn't added by us, as long as it works. This allows custom flags (such as -march=native) to work as expected.
Addresses #10670.
Tree-SHA512: e1a41a87b078d270bc645814315b229ad9c16556a4d14fb66b27a65b28d0caf9bf324f8c1e221854992aa17f53466eece06faebbf74d59b3d4ff2e6db6c614a4
69a4339ef missing white space in function arg (Lawrence Nahum)
Pull request description:
Tree-SHA512: 94d832eca0b5429cf48c7c1d4489942b53182c5b7ad9f24264867e7631301173c23a48f7b2e8fd22ff1b3137bafacb3f9d4320f4df235668c9096aaefff7afe8
959dd8781 Avoid printing incorrect block indexing time due to uninitialized variable (practicalswift)
Tree-SHA512: a76e43c3ffa734ed5c7eadf363f345f268aa0e6ce775aba8f856fe3bbc82f240dc7c734c5ca3ac500a12eb41fae00623413e79f484d5acf809b6e400851d771d
Adding comment to assert in PartialMerkleTree::CalcHash()
Adding comment on CMerkleBlock indicating it calls something that contains an assert
Removing EOL whitespace
Due to the iterative process of selecting new coins in each loop a new fee is
calculated that needs to be met each time. In the typical case if the most
recent iteration of the loop produced a much smaller transaction and we have now
gathered inputs with too many fees, we can just reduce the change. However in
the case where there is no change output, it is possible to end up with a
transaction which drastically overpays fees. This commit addresses that case,
by creating a change output if the overpayment is large enough to support it,
this is accomplished by rerunning the transaction creation loop without
selecting new coins.
Thanks to instagibbs for working on this as well
5e3b7b5 Improve error reporting for estimaterawfee (Alex Morcos)
1fafd70 Add function to report highest estimate target tracked per horizon (Alex Morcos)
9c85b91 Change API to estimaterawfee (Alex Morcos)
Tree-SHA512: e624c6e7967e9e48abe49f5818bd674e5710e571cc093029d2f90d39fdfba3c1f30e83bf89f6dce97052b59a7d9636a64642ccfb26effd149c417d0afbed0c0b
That OP_NOP10 is the last executable opcode is a bit of a obscure trivia, and the MAX_OPCODE constant already exists. This merely standardizes use of MAX_OPCODE over OP_NOP10 where it makes sense and is more clear.
1f668b6 Expose if CScheduler is being serviced, assert its not in EmptyQueue (Matt Corallo)
3192975 Flush CValidationInterface callbacks prior to destruction (Matt Corallo)
08096bb Support more than one CScheduler thread for serial clients (Matt Corallo)
2fbf2db Add default arg to CScheduler to schedule() a callback now (Matt Corallo)
cda1429 Give CMainSignals a reference to the global scheduler (Matt Corallo)
3a19fed Make ValidationInterface signals-type-agnostic (Matt Corallo)
ff6a834 Use TestingSetup to DRY qt rpcnestedtests (Matt Corallo)
Tree-SHA512: fab91e34e30b080ed4d0a6d8c1214910e383c45440676e37be61d0bde6ae98d61e8903d22b846e95ba4e73a6ce788798350266feba246d8a2ab357e8523e4ac5
