Merge #21201: rpc: Disallow sendtoaddress and sendmany when private keys disabled

6bfbc97d71 test: disallow sendtoaddress/sendmany when private keys disabled (Jon Atack) 0997019e76 Disallow sendtoaddress and sendmany when private keys disabled (Andrew Chow) Pull request description: Since `sendtoaddress` and `sendmany` (which use the `SendMoney` function) create and commit a transaction, they should not do anything when the wallet does not have private keys. Otherwise a valid transaction cannot be made. Fixes #21104 ACKs for top commit: jonatack: ACK 6bfbc97d71 meshcollider: utACK 6bfbc97d71 kristapsk: ACK 6bfbc97d71. "Error: Private keys are disabled for this wallet" is definitely a better error message than "Insufficient funds" here. Hopefully change of error code from -6 to -4 doesn't break any software using Bitcoin JSON-RPC API. Tree-SHA512: f277d6b5252e43942d568614032596f2c0827f00cd0cb71e44ffcb9822bfb15a71730a3e3688f31e59ba4eb7d275250c4e65ad4b6b3e96be6314c56a672432fb
4 years ago · 3a2d5bfeb3
parent b805dbb0b9 6bfbc97d71
commit 3a2d5bfeb3
2 changed files with 13 additions and 2 deletions
--- a/src/wallet/rpcwallet.cpp
+++ b/src/wallet/rpcwallet.cpp
@ -400,6 +400,12 @@ UniValue SendMoney(CWallet* const pwallet, const CCoinControl &coin_control, std
 {
    EnsureWalletIsUnlocked(pwallet);

+    // This function is only used by sendtoaddress and sendmany.
+    // This should always try to sign, if we don't have private keys, don't try to do anything here.
+    if (pwallet->IsWalletFlagSet(WALLET_FLAG_DISABLE_PRIVATE_KEYS)) {
+        throw JSONRPCError(RPC_WALLET_ERROR, "Error: Private keys are disabled for this wallet");
+    }
+
    // Shuffle recipient list
    std::shuffle(recipients.begin(), recipients.end(), FastRandomContext());

@ -409,7 +415,7 @@ UniValue SendMoney(CWallet* const pwallet, const CCoinControl &coin_control, std
    bilingual_str error;
    CTransactionRef tx;
    FeeCalculation fee_calc_out;
-    bool fCreated = pwallet->CreateTransaction(recipients, tx, nFeeRequired, nChangePosRet, error, coin_control, fee_calc_out, !pwallet->IsWalletFlagSet(WALLET_FLAG_DISABLE_PRIVATE_KEYS));
+    const bool fCreated = pwallet->CreateTransaction(recipients, tx, nFeeRequired, nChangePosRet, error, coin_control, fee_calc_out, true);
    if (!fCreated) {
        throw JSONRPCError(RPC_WALLET_INSUFFICIENT_FUNDS, error.original);
    }
--- a/test/functional/wallet_watchonly.py
+++ b/test/functional/wallet_watchonly.py
@ -2,7 +2,7 @@
 # Copyright (c) 2018-2019 The Bitcoin Core developers
 # Distributed under the MIT software license, see the accompanying
 # file COPYING or http://www.opensource.org/licenses/mit-license.php.
-"""Test createwallet arguments.
+"""Test createwallet watchonly arguments.
 """

 from test_framework.test_framework import BitcoinTestFramework
@ -49,6 +49,11 @@ class CreateWalletWatchonlyTest(BitcoinTestFramework):
        assert_equal(len(wo_wallet.listtransactions()), 1)
        assert_equal(wo_wallet.getbalance(include_watchonly=False), 0)

+        self.log.info('Test sending from a watch-only wallet raises RPC error')
+        msg = "Error: Private keys are disabled for this wallet"
+        assert_raises_rpc_error(-4, msg, wo_wallet.sendtoaddress, a1, 0.1)
+        assert_raises_rpc_error(-4, msg, wo_wallet.sendmany, amounts={a1: 0.1})
+
        self.log.info('Testing listreceivedbyaddress watch-only defaults')
        result = wo_wallet.listreceivedbyaddress()
        assert_equal(len(result), 1)