Commit graph

736 commits

Author SHA1 Message Date
practicalswift
1c7e25db0c wallet: Add missing locks 2018-10-09 11:58:32 +02:00
MarcoFalke
ae1cc010b8
Merge #14282: [wallet] Remove -usehd
7ac911afe7 [docs] Add release notes for removing `-usehd` (John Newbery)
25548b2958 [wallet] Remove -usehd (John Newbery)

Pull request description:

  `-usehd` is no longer used (except to tell the user that they've set it incorrectly for the wallet that they're loading). Remove it (in the same spirit as #14272)

Tree-SHA512: 5bdcd2bb9bb8504a01343595bcd1bd433d97b730255152c725103c1ac3fa3a9d9e5220a4c29d4c72307cf803e1c09d31080f83603c23dc77263846e17b1826f0
2018-09-26 17:36:28 -04:00
MarcoFalke
e798ae41e0
Merge #13546: wallet: Fix use of uninitialized value bnb_used in CWallet::CreateTransaction(...)
a23a7f60aa wallet: Avoid potential use of unitialized value bnb_used in CWallet::CreateTransaction(...) (practicalswift)

Pull request description:

  Avoid use of uninitialized value `bnb_used` in `CWallet::CreateTransaction(...)`.

Tree-SHA512: 22faf0711ae35af44d9a0ab7f251bc01661ac88b40ad7b0a87a510427b46bbc8caf16868cab2e0a05e7d8518e93ce666d6bd1d48d3707d37bab2c0fb56a0a4a2
2018-09-24 07:37:18 -04:00
John Newbery
25548b2958
[wallet] Remove -usehd 2018-09-20 17:26:14 -04:00
practicalswift
a23a7f60aa wallet: Avoid potential use of unitialized value bnb_used in CWallet::CreateTransaction(...) 2018-09-19 14:11:14 +02:00
Wladimir J. van der Laan
f09bc7ec98
Merge #12493: [wallet] Reopen CDBEnv after encryption instead of shutting down
c1dde3a949 No longer shutdown after encrypting the wallet (Andrew Chow)
d7637c5a3f After encrypting the wallet, reload the database environment (Andrew Chow)
5d296ac810 Add function to close all Db's and reload the databae environment (Andrew Chow)
a769461d5e Move BerkeleyEnvironment deletion from internal method to callsite (Andrew Chow)

Pull request description:

  This is the replacement for #11678 which implements @ryanofsky's [suggestion](https://github.com/bitcoin/bitcoin/pull/11678#pullrequestreview-76464511).

  Shutting down the software was to prevent the BDB environment from writing unencrypted private keys to disk in the database log files, as was noted [here](https://bitcointalk.org/index.php?topic=51474.msg616068#msg616068). This PR replaces the shutdown behavior with a CDBEnv flush, close, and reopen which achieves the same effect: everything is cleanly flushed and closed, the log files are removed, and then the environment reopened to continue normal operation.

  To ensure that no unencrypted private keys are in the log files after encrypting the wallet, I wrote [this script](https://gist.github.com/achow101/7f7143e6c3d3fdc034d3470e72823e9d) to pull private keys from the original wallet file and searches for these keys in the log files (note that you will have to change your file paths to make it work on your own machine).

  As for concerns about private keys being written to slack space or being kept in memory, these behaviors no longer exist after the original wallet encryption PR and the shutting down solution from 2011.

  cc @ryanofsky

Tree-SHA512: 34b894283b0677a873d06dee46dff8424dec85a2973009ac9b84bcf3d22d05f227c494168c395219d9aee3178e420cf70d4b3eeacc9785aa86b6015d25758e75
2018-09-14 10:43:35 +02:00
Wladimir J. van der Laan
d73205ef36
Merge #14192: utils: Convert fs::filesystem_error messages from local multibyte to utf-8 on Windows
e221368932 utils: Convert fs error messages from multibyte to utf-8 (Chun Kuan Lee)

Pull request description:

  Before:
  ![default](https://user-images.githubusercontent.com/11154118/45318798-8d83f480-b570-11e8-8cbb-c729a54f6b9e.png)
  After:
  ![2](https://user-images.githubusercontent.com/11154118/45318806-91177b80-b570-11e8-9474-a62342c92dbd.png)

Tree-SHA512: 0a598bd159286f6784d117b8a24888b2650d5402d687ab0e8d0849e0c3d53797e266647d8177bb6614307c9598019cd7477311bb9895b1bb52a6bd77b460fda1
2018-09-13 17:30:27 +02:00
Wladimir J. van der Laan
bcffd8743e
Merge #13558: Drop unused GetType() from CSizeComputer
893628be01 Drop minor GetSerializeSize template (Ben Woosley)
da74db0940 Drop unused GetType() from CSizeComputer (Ben Woosley)

Pull request description:

  Based on conversation in #13462, it seems the serialization `GetType` has very narrow use/effect. In every case except for `CAddress`, which specifically relates to a network peer's address, not a wallet address etc., the serialized representation of an object is irrespective of its destination / type.

  This removes the unused `GetType` method from `CSizeComputer` as a step to further narrowing that use.

Tree-SHA512: e72b8e9e5160396691e05aeaee3aba5a57935a75bd5005cfcc7fb51c936f3d1728a397f999da5c36696506dd815fafa5c738f3894df8864f25f91f639eba9c3d
2018-09-11 09:29:38 +02:00
Ben Woosley
da74db0940
Drop unused GetType() from CSizeComputer 2018-09-11 00:58:05 -04:00
Chun Kuan Lee
e221368932 utils: Convert fs error messages from multibyte to utf-8 2018-09-11 03:11:39 +08:00
Wladimir J. van der Laan
6eeac2e628
Merge #14138: wallet: Set encrypted_batch to nullptr after delete. Avoid double free in the case of NDEBUG.
fa462b3657 wallet: Set encrypted_batch to nullptr after delete. Avoid double free in the case of NDEBUG. (practicalswift)

Pull request description:

  Set `encrypted_batch` to `nullptr` after delete. Avoid double free in the case of `NDEBUG`.

Tree-SHA512: 6f5ab40c82dd8c8713bbf1aacacdc837277c04769807f985248546be1c7ea269813c95379fbef982ac5683a45af0225613460a7446c39673b033f5f5edde2f5a
2018-09-10 17:59:15 +02:00
Wladimir J. van der Laan
5c24d3b98c
Merge #13249: Make objects in range declarations immutable by default. Avoid unnecessary copying of objects in range declarations.
f34c8c466a Make objects in range declarations immutable by default. Avoid unnecessary copying of objects in range declarations. (practicalswift)

Pull request description:

  Make objects in range declarations immutable by default.

  Rationale:
  * Immutable objects are easier to reason about.
  * Prevents accidental or hard-to-notice change of value.

Tree-SHA512: cad69d35f0cf8a938b848e65dd537c621d96fe3369be306b65ef0cd1baf6cc0a9f28bc230e1e383d810c555a6743d08cb6b2b0bd51856d4611f537a12e5abb8b
2018-09-04 15:50:08 +02:00
practicalswift
fa462b3657 wallet: Set encrypted_batch to nullptr after delete. Avoid double free in the case of NDEBUG. 2018-09-03 15:41:02 +02:00
MarcoFalke
b012bbe358
Merge #10605: Add AssertLockHeld assertions in CWallet::ListCoins
62b6f0f21e Add EXCLUSIVE_LOCKS_REQUIRED to CWallet::ListCoins (Russell Yanofsky)
545e85eccc Add AssertLockHeld assertions in CWallet::ListCoins (Russell Yanofsky)

Pull request description:

  Fixes TODO from #10295

Tree-SHA512: 2dd03a8217e5e1313aa2119cb530e0c0daf3ae3a751b6fdec611df57b8090201a90b52ff05f8f696e978a1344aaf21989d67a03beb5ef6ef79b77be38d04b451
2018-08-31 09:03:05 -04:00
Wladimir J. van der Laan
07033a8f91
Merge #13825: [wallet] Kill accounts
c9c32e6b84 [wallet] Kill accounts (John Newbery)

Tree-SHA512: 783272e7df9042fb0a01826fa37a02b97218496459015d7457e56223da8690bdad930c223dd4a903a1d4df57f3f2f4a097d392d272a72419ea9a882b11e599f7
2018-08-30 16:18:36 +02:00
John Newbery
c9c32e6b84 [wallet] Kill accounts
This commit does the following changes:

- [wallet] Remove 'account' argument from GetLegacyBalance()
  - GetLegacyBalance() is never called with an account argument.
    Remove the argument and helper functions.
- [wallet] Remove CWallet::ListAccountCreditDebit()
  - Function no longer used.
- [wallet] Remove AccountMove()
  - Function no longer used.
- [wallet] Remove AddAccountingEntry()
  - Function no longer used.
- [wallet] Remove GetAccountCreditDebit()
  - Function no longer used.
- [wallet] Don't rewrite accounting entries when reordering wallet transactions.
 - Accounting entries are deprecated. Don't rewrite them to the wallet
   database when re-ordering transactions.
- [wallet] Remove WriteAccountingEntry()
  - Function no longer used.
- [wallet] Don't read acentry key-values from wallet on load.
- [wallet] Remove ListAccountCreditDebit()
  - Function no longer used.
- [wallet] Remove CAccountingEntry class
  - No longer used
- [wallet] Remove GetLabelDestination
  - Function no longer used.
- [wallet] Delete unused account functions
  - ReadAccount
  - WriteAccount
  - EraseAccount
  - DeleteLabel
- [wallet] Remove fromAccount argument from CommitTransaction()
- [wallet] Remove strFromAccount.
  - No longer used.
- [wallet] Remove strSentAccount from GetAmounts().
  - No longer used.
- [wallet] Update zapwallettxes comment to remove accounts.
- [wallet] Remove CAccount
  - No longer used
- [docs] fix typo in release notes for PR 14023
2018-08-30 16:08:42 +02:00
Wladimir J. van der Laan
aa39ca7645
Merge #13723: PSBT key path cleanups
917353c8b0 Make SignPSBTInput operate on a private SignatureData object (Pieter Wuille)
cad5dd2368 Pass HD path data through SignatureData (Pieter Wuille)
03a99586a3 Implement key origin lookup in CWallet (Pieter Wuille)
3b01efa0d1 [MOVEONLY] Move ParseHDKeypath to utilstrencodings (Pieter Wuille)
81e1dd5ce1 Generalize PublicOnlySigningProvider into HidingSigningProvider (Pieter Wuille)
84f1f1bfdf Make SigningProvider expose key origin information (Pieter Wuille)
611ab307fb Introduce KeyOriginInfo for fingerprint + path (Pieter Wuille)

Pull request description:

  This PR adds "key origin" (master fingeprint + key path) information to what is exposed from `SigningProvider`s, allowing this information to be used by the generic PSBT code instead of having the RPC pull it directly from the wallet.

  This is also a preparation to having PSBT interact with output descriptors, which can then directly expose key origin information for the scripts they generate.

Tree-SHA512: c718382ba8ba2d6fc9a32c062bd4cff08b6f39b133838aa03115c39aeca0f654c7cc3ec72d87005bf8306e550824cd8eb9d60f0bd41784a3e22e17b2afcfe833
2018-08-28 16:25:04 +02:00
practicalswift
f34c8c466a Make objects in range declarations immutable by default. Avoid unnecessary copying of objects in range declarations. 2018-08-27 18:19:33 +02:00
practicalswift
9e2de6b9d0 Move cs_main locking annotations from .cpp to .h 2018-08-26 11:15:17 +02:00
practicalswift
9e0a514112 Add compile time checking for all cs_main runtime locking assertions 2018-08-26 00:25:28 +02:00
Wladimir J. van der Laan
776fa60c4b
Merge #13631: Add CMerkleTx::IsImmatureCoinBase method
23f4343781 Add CMerkleTx::IsImmatureCoinBase method (Ben Woosley)

Pull request description:

  All but one call to `GetBlocksToMaturity` is testing it relative to 0
  for the purposes of determining whether the coinbase tx is immature.
  In such case, the value greater than 0 implies that the tx is coinbase,
  so there is no need to separately test that status.

  This names the concept for easy singular use.

Tree-SHA512: 4470d07404a0707144f9827b9a94c5c4905f23ee6f9248edc5df599a59d28e21ea0201d8abe5d5d73b39cb05b60c861ea8e04767eef04433e2ee95dcfed653ee
2018-08-25 16:53:21 +02:00
Pieter Wuille
03a99586a3 Implement key origin lookup in CWallet 2018-08-13 08:46:23 -07:00
Wladimir J. van der Laan
2115cba9c6
Merge #13666: Always create signatures with Low R values
e306be7429 Use 72 byte dummy signatures when watching only inputs may be used (Andrew Chow)
48b1473c89 Use 71 byte signature for DUMMY_SIGNATURE_CREATOR (Andrew Chow)
18dfea0dd0 Always create 70 byte signatures with low R values (Andrew Chow)

Pull request description:

  When creating signatures for transactions, always make one which has a 32 byte or smaller R and 32 byte or smaller S value. This results in signatures that are always less than 71 bytes (32 byte R + 32 byte S + 6 bytes DER + 1 byte sighash) with low R values. In most cases, the signature will be 71 bytes.

  Because R is not mutable in the same way that S is, a low R value can only be found by trying different nonces. RFC 6979 for deterministic nonce generation has the option to specify additional entropy, so we simply use that and add a uin32_t counter which we increment in order to try different nonces. Nonces are sill deterministically generated as the nonce used will the be the first one where the counter results in a nonce that results in a low R value. Because different nonces need to be tried, time to produce a signature does increase. On average, it takes twice as long to make a signature as two signatures need to be created, on average, to find one with a low R.

  Having a fixed size signature makes size calculations easier and also saves half a byte of transaction size, on average.

  DUMMY_SIGNATURE_CREATOR has been modified to produce 71 byte dummy signatures instead of 72 byte signatures.

Tree-SHA512: 3cd791505126ce92da7c631856a97ba0b59e87d9c132feff6e0eef1dc47768e81fbb38bfbe970371bedf9714b7f61a13a5fe9f30f962c81734092a4d19a4ef33
2018-08-13 12:07:20 +02:00
Andrew Chow
e306be7429 Use 72 byte dummy signatures when watching only inputs may be used
With watching only inputs, we do not know how large the signatures
for those inputs will be as their signers may not have implemented
71 byte signatures. Thus we estimate their fees using the 72 byte
dummy signature to ensure that we pay enough fees.

This only effects fundrawtransaction when includeWatching is true.
2018-08-09 18:39:56 -07:00
Andrew Chow
48b1473c89 Use 71 byte signature for DUMMY_SIGNATURE_CREATOR
Changes DUMMY_SIGNATURE_CREATOR to create 71 byte dummy signatures.

Update comments to reflect this change
2018-08-09 18:39:56 -07:00
Karl-Johan Alm
18f690ec2f
wallet: shuffle coins before grouping, where warranted
Issue brought up in https://github.com/bitcoin/bitcoin/pull/12257\#discussion_r204554549
2018-08-10 09:08:11 +09:00
Andrew Chow
d7637c5a3f After encrypting the wallet, reload the database environment
Calls ReloadDbEnv after encrypting the wallet so that the database
environment is flushed, closed, and reopened to prevent unencrypted
keys from being saved on disk.
2018-08-09 11:27:39 -07:00
MarcoFalke
3e3a50aeb8
Merge #13911: doc: Revert translated string change, clarify wallet log messages
c4a884d555 Trivial: Revert translated string change, clarify wallet log messages (Pierre Rochard)

Pull request description:

  Fixes https://github.com/bitcoin/bitcoin/pull/12992 post-merge nits from @jnewbery

Tree-SHA512: 002d8a69b489fd216e15b7d6200d7117c489b32405d5e9f514f120d43113fd97ca2f235452b0093e0760bc03baf714edc4564ae14af8456e1b2a54f83c577bf3
2018-08-09 08:11:17 -04:00
MarcoFalke
8eb9870052
Merge #13876: wallet: Catch filesystem_error and raise InitError
fa8527ffec wallet: Catch filesystem_error and raise InitError (MarcoFalke)

Pull request description:

  Fixes #13754 by restoring the previous behaviour

Tree-SHA512: f64052e89f6b332be395df2a5ea6f227c213fa2f38e415e83f30a4fad0938e947e5cddff7902368a43c07be135955a31b90f7eac5a46875c58d54ea95f87f6e6
2018-08-09 08:03:23 -04:00
Pierre Rochard
c4a884d555 Trivial: Revert translated string change, clarify wallet log messages 2018-08-08 11:00:55 -04:00
Wladimir J. van der Laan
78dae8cacc
Merge #13780: 0.17: Pre-branch maintenance
3fc20632a3 qt: Set BLOCK_CHAIN_SIZE = 220 (DrahtBot)
2b6a2f4a28 Regenerate manpages (DrahtBot)
eb7daf4d60 Update copyright headers to 2018 (DrahtBot)

Pull request description:

  Some trivial maintenance to avoid having to do it again after the 0.17 branch off.

  (The scripts to do this are in `./contrib/`)

Tree-SHA512: 16b2af45e0351b1c691c5311d48025dc6828079e98c2aa2e600dc5910ee8aa01858ca6c356538150dc46fe14c8819ed8ec8e4ec9a0f682b9950dd41bc50518fa
2018-08-08 13:55:27 +02:00
Wladimir J. van der Laan
e8f387f997
Merge #13843: [trivial] Add doxygen-compatible comments to CAffectedKeysVisitor
3339d84535 [trivial] add doxygen-compatible comments to CAffectedKeysVisitor (Pierre Rochard)

Pull request description:

Tree-SHA512: 0003fde198a6977d0c8988efc8f76428f9e095009fddf131b07bd9809ef76a778c86bb2b1305e33df16101b6b703cf43eb6193462bb9f3687f98c1d9b109dd96
2018-08-07 16:49:18 +02:00
Wladimir J. van der Laan
51c693d49e
Merge #13657: wallet: assert to ensure accuracy of CMerkleTx::GetBlocksToMaturity
93de2891fa wallet: assert to ensure accuracy of CMerkleTx::GetBlocksToMaturity (Ben Woosley)

Pull request description:

  According to my understanding, it should not be possible for coinbase
  transactions to be conflicting, thus it should not be possible for
  GetDepthInMainChain to return a negative result. If it did, this would
  also result in innacurate results for GetBlocksToMaturity due to the
  math therein. asserting ensures accuracy.

Tree-SHA512: 8e71c26f09fe457cfb00c362ca27066f7f018ea2af1f395090fdc7fd9f5964b76f4317c23f7a4923776f00087558511da5c1c368095be39fb1bacc614a93c32f
2018-08-07 14:19:50 +02:00
MarcoFalke
fa8527ffec
wallet: Catch filesystem_error and raise InitError 2018-08-04 12:04:38 -04:00
Pierre Rochard
3339d84535 [trivial] add doxygen-compatible comments to CAffectedKeysVisitor 2018-08-03 15:30:08 -04:00
Pierre Rochard
909f54c80a [wallet] Add wallet name to log messages
After multiple wallets became supported, wallet-related log messages
became ambiguous as to which wallet they were being emitted by.

fixes #11317
2018-08-02 12:09:39 -04:00
MarcoFalke
c88529a178
Merge #13805: [wallet] Correctly limit output group size
a13647b8bd [qa] Add test for too-large wallet output groups (Suhas Daftuar)
57ec1c97b2 [wallet] correctly limit output group size (Suhas Daftuar)

Pull request description:

  Also add a test to ensure that output groups are being limited, even if a wallet has many outputs corresponding to the same scriptPubKey (the test fails without the first commit).

Tree-SHA512: 2aaa82005b0910488f5cbf40690d4c5e2f46949e299ef70b4cb6e440713811443d411dcbc6d71b1701fd82423073125e21747787d70830cd021c841afb732d51
2018-08-01 12:03:20 -04:00
Suhas Daftuar
57ec1c97b2 [wallet] correctly limit output group size 2018-07-30 10:43:16 -04:00
Ben Woosley
23f4343781
Add CMerkleTx::IsImmatureCoinBase method
All but one call to GetBlocksToMaturity is testing it relative to 0
for the purposes of determining whether the coinbase tx is immature.
In such case, the value greater than 0 implies that the tx is coinbase,
so there is no need to separately test that status.

This names the concept for easy singular use.
2018-07-29 19:49:14 -04:00
MarcoFalke
fa5ed4f8d2
refactor: Avoid locking tx pool cs thrice 2018-07-29 08:04:06 -04:00
MarcoFalke
ad51e1372b
Merge #13774: Return void instead of bool for functions that cannot fail
d78a8dc3e8 Return void instead of bool for functions that cannot fail (practicalswift)

Pull request description:

  Return `void` instead of `bool` for functions that cannot fail:
  * `CBlockTreeDB::ReadReindexing(...)`
  * `CChainState::ResetBlockFailureFlags(...)`
  * `CTxMemPool::addUnchecked(...)`
  * `CWallet::CommitTransaction(...)`
  * `CWallet::LoadDestData(...)`
  * `CWallet::LoadKeyMetadata(...)`
  * `CWallet::LoadScriptMetadata(...)`
  * `CWallet::LoadToWallet(...)`
  * `CWallet::SetHDChain(...)`
  * `CWallet::SetHDSeed(...)`
  * `PendingWalletTx::commit(...)`
  * `RemoveLocal(...)`
  * `SetMinVersion(...)`
  * `StartHTTPServer(...)`
  * `StartRPC(...)`
  * `TorControlConnection::Disconnect(...)`

  Some of the functions can fail by throwing.

  Found by manually inspecting the following candidate functions:

  ```
  $ git grep -E '(^((static|virtual|inline|friend)[^a-z])*[^a-z]*bool [^=]*\(|return true|return false)' -- "*.cpp" "*.h"
  ```

Tree-SHA512: c0014e045362dbcd1a0cc8f69844e7b8cbae4f538e7632028daeca3a797ac11d8d3d86ebc480bedcb8626df3e96779d592747d52a12556fc49921b114fa0ccc6
2018-07-29 07:56:36 -04:00
practicalswift
620361fce8 Fix accidental use of the addition assignment operator ("+="). Remove newlines from error message. 2018-07-27 18:47:03 +02:00
practicalswift
d78a8dc3e8 Return void instead of bool for functions that cannot fail
* CBlockTreeDB::ReadReindexing(...)
* CChainState::ResetBlockFailureFlags(...)
* CTxMemPool::addUnchecked(...)
* CWallet::LoadDestData(...)
* CWallet::LoadKeyMetadata(...)
* CWallet::LoadScriptMetadata(...)
* CWallet::LoadToWallet(...)
* CWallet::SetHDChain(...)
* CWallet::SetHDSeed(...)
* RemoveLocal(...)
* SetMinVersion(...)
* StartHTTPServer(...)
* StartRPC(...)
* TorControlConnection::Disconnect(...)
2018-07-27 13:19:03 +02:00
DrahtBot
eb7daf4d60 Update copyright headers to 2018 2018-07-27 07:15:02 -04:00
Wladimir J. van der Laan
5f7575e263
Merge #12257: [wallet] Use destination groups instead of coins in coin select
232f96f5c8 doc: Add release notes for -avoidpartialspends (Karl-Johan Alm)
e00b4699cc clean-up: Remove no longer used ivars from CInputCoin (Karl-Johan Alm)
43e04d13b1 wallet: Remove deprecated OutputEligibleForSpending (Karl-Johan Alm)
0128121101 test: Add basic testing for wallet groups (Karl-Johan Alm)
59d6f7b4e2 wallet: Switch to using output groups instead of coins in coin selection (Karl-Johan Alm)
87ebce25d6 wallet: Add output grouping (Karl-Johan Alm)
bb629cb9dc Add -avoidpartialspends and m_avoid_partial_spends (Karl-Johan Alm)
65b3eda458 wallet: Add input bytes to CInputCoin (Karl-Johan Alm)
a443d7a0ca moveonly: CoinElegibilityFilter into coinselection.h (Karl-Johan Alm)
173e18a289 utils: Add insert() convenience templates (Karl-Johan Alm)

Pull request description:

  This PR adds an optional (off by default) `-avoidpartialspends` flag, which changes coin select to use output groups rather than outputs, where each output group corresponds to all outputs with the same destination.

  It is a privacy improvement, as each time you spend some output, any other output that is publicly associated with the destination (address) will also be spent at the same time, at the cost of fee increase for cases where coin select without group restriction would find a more optimal set of coins (see example below).

  For regular use without address reuse, this PR should have no effect on the user experience whatsoever; it only affects users who, for some reason, have multiple outputs with the same destination (i.e. address reuse).

  Nodes with this turned off will still try to avoid partial spending, if the fee of the resulting transaction is not greater than the fee of the original transaction.

  Example: a node has four outputs linked to two addresses `A` and `B`:

  * 1.0 btc to `A`
  * 0.5 btc to `A`
  * 1.0 btc to `B`
  * 0.5 btc to `B`

  The node sends 0.2 btc to `C`. Without `-avoidpartialspends`, the following coin selection will occur:
  * 0.5 btc to `A` or `B` is picked
  * 0.2 btc is output to `C`
  * 0.3 - fee is output to (unique change address)

  With `-avoidpartialspends`, the following will instead happen:
  * Both of (0.5, 1.0) btc to `A` or `B` is picked (one or the other pair)
  * 0.2 btc is output to `C`
  * 1.3 - fee is output to (unique change address)

  As noted, the pro here is that, assuming nobody sends to the address after you spend from it, you will only ever use one address once. The con is that the transaction becomes slightly larger in this case, because it is overpicking outputs to adhere to the no partial spending rule.

  This complements #10386, in particular it addresses @luke-jr and @gmaxwell's concerns in https://github.com/bitcoin/bitcoin/pull/10386#issuecomment-300667926 and https://github.com/bitcoin/bitcoin/pull/10386#issuecomment-302361381.

  Together with `-avoidreuse`, this fully addresses the concerns in #10065 I believe.

Tree-SHA512: 24687a4490ba59cf4198ed90052944ff4996653a4257833bb52ed24d058b3e924800c9b3790aeb6be6385b653b49e304453e5d7ff960e64c682fc23bfc447621
2018-07-24 16:34:03 +02:00
Karl-Johan Alm
43e04d13b1
wallet: Remove deprecated OutputEligibleForSpending 2018-07-24 15:05:38 +09:00
Karl-Johan Alm
59d6f7b4e2
wallet: Switch to using output groups instead of coins in coin selection 2018-07-24 15:05:37 +09:00
Karl-Johan Alm
87ebce25d6
wallet: Add output grouping 2018-07-24 15:05:37 +09:00
MarcoFalke
e8c74348d3
Merge #13683: wallet: Introduce assertion to document the assumption that cache and cache_used are always set in tandem
d06330396f wallet: Avoid potential null pointer dereference in CWalletTx::GetAvailableCredit(...) (practicalswift)

Pull request description:

  Avoid potential null pointer dereference in `CWalletTx::GetAvailableCredit(...)`.

  Introduced in 4279da4785.

Tree-SHA512: 92d1da9682f0bab11f6f96395ca30549331b0a056cbceb7e1a7f98b3d17d10082aaeed0907cafd46f4164b0e0f4b77e01f78bfd7d24e0503a66c6942ae842aa5
2018-07-22 08:34:09 -04:00
Wladimir J. van der Laan
6b6e854362
Merge #9662: Add createwallet "disableprivatekeys" option: a sane mode for watchonly-wallets
a3fa4d6a6a QA: Fix bug in -usecli logic that converts booleans to non-lowercase strings (Jonas Schnelli)
4704e5f074 [QA] add createwallet disableprivatekey test (Jonas Schnelli)
c7b8f343e9 [Qt] Disable creating receive addresses when private keys are disabled (Jonas Schnelli)
2f15c2bc20 Add disable privatekeys option to createwallet (Jonas Schnelli)
cebefba085 Add option to disable private keys during internal wallet creation (Jonas Schnelli)
9995a602a6 Add facility to store wallet flags (64 bits) (Jonas Schnelli)

Pull request description:

  This mode ('createwallet {"disableprivatekeys": true}') is intended for a sane pure watch-only mode, ideal for a use-case where one likes to use Bitcoin-Core in conjunction with a hardware-wallet or another solutions for cold-storage.

  Since we have support for custom change addresses in `fundrawtransaction`, pure watch-only wallets including coin-selection are possible and do make sense for some use cases.

  This new mode disables all forms of private key generation and ensure that no mix between hot and cold keys are possible.

Tree-SHA512: 3ebe7e8d54c4d4e5f790c348d4c292d456f573960a5b04d69ca5ef43a9217c7e7671761c6968cdc56f9a8bc235f3badd358576651af9f10855a0eb731f3fc508
2018-07-20 14:28:50 +02:00