3c6ef0393f msvc: Fix silent merge conflict between #13926 and #14372 part II (Chun Kuan Lee)
Pull request description:
In #15325, I added secp256k1 as a dependency of bitcoin-wallet. However, I didn't notice that leveldb is also a dependency of it.
Tree-SHA512: dc29b5cad6c529dd9517d6c2cbbe5297b69e73303e2fbbcd4b4842c9c5b51a4332df5a4bf3b82cd3ed2c1668cc95f8c9636f9485af0d722fed9c1319da3cc2e2
8c3fdd3a6d fixes m_assumed_blockchain_size variables values: (marcoagner)
Pull request description:
This is used by Qt but I'm not sure if this is the right tag here.
Please, edit the title if there's something better.
`m_assumed_blockchain_size` (src/chainparams.cpp:CChainParams) was
`BLOCK_CHAIN_SIZE` (src/qt/intro.cpp) and while the transition was being
made by PR 13216 (merged commit: 9d0e528), 3fc2063 changed its value
from 200 to 220, which 9d0e528 ended up reverting.
So, as per MarcoFalke's suggestion (https://github.com/bitcoin/bitcoin/pull/13216#discussion_r247560123), I'm bumping it to 240 before 0.18 is
branched to avoid any confusion.
Anything else (e.g. constexpr) that should/could be done here? Thanks.
Tree-SHA512: 4319739b870a2b96a57f268f9edc7dd9f9eff5c4ca3b01863e6b861b9ca58c245416ce362dae54d1673e3d5b1c7f5a16e4031842af250e1b1f0a5109b75fb3c3
This commit was a fix to `m_assumed_blockchain_size` reverted from
3fc2063's 220 to 9d0e528's 200 since work on 9d0e528 was being done in
parallel and ended up reverting `m_assumed_blockchain_size`.
This commits is now a intended to be a bump of
`m_assumed_blockchain_size` for both mainnet and testnet for new
reasonable values.
102faad81 Factor out combine / finalize / extract PSBT helpers (Glenn Willen)
78b9893d0 Remove op== on PSBTs; check compatibility in Merge (Glenn Willen)
bd0dbe876 Switch away from exceptions in refactored tx code (Glenn Willen)
c6c3d42a7 Move PSBT definitions and code to separate files (Glenn Willen)
81cd95884 Factor BroadcastTransaction out of sendrawtransaction (Glenn Willen)
c734aaa15 Split DecodePSBT into Base64 and Raw versions (Glenn Willen)
162ffefd2 Add pf_invalid arg to std::string DecodeBase{32,64} (Glenn Willen)
Pull request description:
* Move most PSBT definitions into psbt.h.
* Move most PSBT RPC utilities into psbt.{h,cpp}.
* Move wallet-touching PSBT RPC utilities (FillPSBT) into
wallet/psbtwallet.{h,cpp}.
* Switch exceptions from JSONRPCError() to new PSBTException class.
* Split DecodePSBT into DecodeBase64PSBT (old behavior) and DecodeRawPSBT.
* Add one new version of DecodeBase64 utility in strencodings.h (and
corresponding DecodeBase32 for completeness).
* Factor BroadcastTransaction utility function out of sendrawtransaction RPC
handler in rpc/rawtransaction.cpp
Note: For those keeping score at home wondering why refactor, this is in anticipation of (and developed in parallel with) a change to actually introduce GUI use of all this stuff, which is already under development and working-ish.
Tree-SHA512: 2197c448e657421f430943025357597e7b06c4c377d5d4b2622b9edea52a7193c48843dd731abb3a88ac4023a9c88d211991e0a9b740c22f2e1cbe72adefe390
318b1f7af1 [wallet] Close bdb when flushing wallet. (John Newbery)
Pull request description:
bdb would not be closed when closing the wallet in wallet-tool. Fix this by calling wallet->flush with true.
Tree-SHA512: f722e527e4806eca5254221e944f57853d11bf89a9264309fa558a6cc2b23feefb7bb2963e87b4fad9cfb31ac4cffe563688988e0614a481a8ff1d393aceb132
5039e4b61b Remove unnecessary const_cast (Julian Fleischer)
Pull request description:
The const_cast
```C++
CBlock &block = const_cast<CBlock&>(chainparams.GenesisBlock());
```
is not necessary as all the functions invoked form this block receive a `const CBlock&` anyway. Simply add the `const` to `block`:
```C++
const CBlock& block = chainparams.GenesisBlock();
```
Casting away `const`, especially from something as precious as the genesis block, feels really weird to me as a reader of bitcoin-core source code.
Tree-SHA512: 0290b2cabb216a60655ded153ed1f213c051fb216cec6f3f810f8b760e276f8def86eb696c492e89631682531e215f56d7897b59685d3aa787bcd80cc4f86c90
fa0ad4e7ce RPCHelpMan: Check default values are given at compile-time (MarcoFalke)
Pull request description:
Remove the run time assertions on the default values and ensure that the correct default type and value is provided at compile time.
Tree-SHA512: 80df2f3fab4379b500c773c27da63f22786c58be5963fe99744746320e43627a5d433eedf8b32209158df7805ebdce65ed4d242c829c4fe6e5d13deb4799ed42
b651ef7e1c submitheader: more directly test missing prev block header (Gregory Sanders)
1e7f741745 remove some magic mining constants in functional tests (Gregory Sanders)
Pull request description:
The fewer magic numbers the better.
Also more directly tested a `submitheader` case of bad previous blockhash.
Tree-SHA512: 52b01a6aa199fa909eea4e9e84409a901933e545724e33149cc4132c82168199fd678809b6d94d95c9ff6ad02238a9552363620d13b8beaa5d4b67ade9ef425c
1951ea434 gui: Show indeterminate progress dialog while opening walllet (João Barbosa)
8847cdaaa gui: Add OpenWalletActivity (João Barbosa)
4c8982a88 interfaces: Avoid interface instance if wallet is null (João Barbosa)
be82dea23 gui: Add thread to run background activity in WalletController (João Barbosa)
6c49a55b4 gui: Add Open Wallet menu (João Barbosa)
32a8c6abf gui: Add openWallet and getWalletsAvailableToOpen to WalletController (João Barbosa)
ab288b4e5 interfaces: Add loadWallet to Node (João Barbosa)
17abc0fd5 wallet: Factor out LoadWallet (João Barbosa)
Pull request description:
The *Open Wallet* menu has all the available wallets currently not loaded. The list of the available wallets comes from `listWalletDir`.
In the future the menu can be replaced by a custom dialog.
<img width="674" alt="screenshot 2019-01-12 at 12 17 02" src="https://user-images.githubusercontent.com/3534524/51073166-ac041480-1664-11e9-8302-be81702bc146.png">
Tree-SHA512: ebfd75eee0c8264863748899843afab67dadb7dff21313c11e3cb5b6108d954978dd1f1ae786bc07580c5a771ea4ab38d18c1643c9b9b3683ed53f0f6c582e38
1cdb9bb51f minor p2p_sendheaders fix of height in coinbase (Gregory Sanders)
Pull request description:
> \# Now announce a header that forks the last two blocks
Doesn't effect any behavior since BIP34 isn't active in regtest for many blocks.
Tree-SHA512: 3f214b956a94250bb640f63b6ff707930e1d4cb8df1bbf0fef4012d89a94bafbde0d7b42bbe7113ec33810169281c22c6e389445921d99decb74aa56e87a0f27
a99999cc04 util: Add SetupHelpOptions() (MarcoFalke)
Pull request description:
Every binary we have sets up the help option in their own way and wording.
Solve that by having one function take care of it for all of them.
Tree-SHA512: 6e947fa8bc2a46fa6ca9f45777020aa269a5df0dd916ebc863224f9a1e0f79e8e7754a1478567307edd9461e8babd77d26bc2710bbd56e8f8da9020aa85a8c9c
Refactor the new CombinePSBT, FinalizePSBT, and FinalizeAndExtractPSBT
general-purpose functions out of the combinepsbt and finalizepsbt RPCs,
for use in the GUI code.
Remove the op== on PartiallySignedTransaction, which only checks that the
CTransactions are equal. Instead, check this directly in Merge, and return
false if the CTransactions are not equal (so the PSBTs cannot be merged.)
After refactoring general-purpose PSBT and transaction code out of RPC code,
for use in the GUI, it's no longer appropriate to throw exceptions. Instead we
now return bools for success, and take an output parameter for an error object.
We still use JSONRPCError() for the error objects, since only RPC callers
actually care about the error codes.
Move non-wallet PSBT code to src/psbt.{h,cpp}, and PSBT wallet code to
src/wallet/psbtwallet.{h,cpp}. This commit contains only code movement (and
adjustments to includes and Makefile.am.)
Factor out a new BroadcastTransaction function, performing the core work of the
sendrawtransaction rpc, so that it can be used from the GUI code. Move it from
src/rpc/ to src/node/.
Split up DecodePSBT, which both decodes base64 and then deserializes a
PartiallySignedTransaction, into two functions: DecodeBase64PSBT, which retains
the old behavior, and DecodeRawPSBT, which only performs the deserialization.
Add a test for base64 decoding failure.
Add support for the optional "pf_invalid" out parameter (which allows the caller
to detect decoding failures) to the std::string versions of DecodeBase32 and
DecodeBase64. The char* versions already have this feature.
Also, rename all uses of pfInvalid to pf_invalid to match style guidelines.
a94e470921 A few textual improvements (Martin Erlandsson)
Pull request description:
Found a few places where the reading flow was interrupted by minor grammar and punctuation issues.
Tree-SHA512: 50640288449eb035f463bce563d259efbe97c14517d92c916e1bc52b7c54961ba2fc6fca1272470153803397f20ae7570bd090c16850ebd0180ebcf6bb2415d1
50e647210d Move ParseConfirmTarget from rpc/mining to rpc/util (Russell Yanofsky)
Pull request description:
Util is a better home since it's called both by wallet and mining code.
Suggested https://github.com/bitcoin/bitcoin/pull/15288#discussion_r254449444
Tree-SHA512: 4320caf2a3f70d2885c421de04f2ec68ff3f6519258c5155fc46e245dc1765fd15c81f260af5096318f24ff9deb88fc3c5ef40eec8b7393f467f5b963d17215b
30d0f7be6e rpc: Fix for segfault if combinepsbt called with empty inputs (benthecarman)
Pull request description:
Fixes#15300
Tree-SHA512: 25e7b4e6e48d8b0d197f0ab96df308fff33e2110f8929cb48914877fa7f4c4a84f173b1378fdb2dec5d03fe7d6d1aced4b577e55f9fe180d8147d9106ebf543f
7687f7873 [wallet] Support creating a blank wallet (Andrew Chow)
Pull request description:
Alternative (kind of) to #14938
This PR adds a `blank` parameter to the `createwallet` RPC to create a wallet that has no private keys initially. `sethdseed` can then be used to make a clean wallet with a custom seed. `encryptwallet` can also be used to make a wallet that is born encrypted.
Instead of changing the version number as done in #14938, a wallet flag is used to indicate that the wallet should be blank. This flag is set at creation, and then unset when the wallet is no longer blank. A wallet becomes non-blank when a HD seed is set or anything is imported. The main change to create a blank wallet is primarily taken from #14938.
Also with this, the term "blank wallet" is used instead of "empty wallet" to avoid confusion with wallets that have balance which would also be referred to as "empty".
This is built on top of #15225 in order to fix GUI issues.
Tree-SHA512: 824d685e11ac2259a26b5ece99c67a7bda94a570cd921472c464243ee356b7734595ad35cc439b34357135df041ed9cba951e6edac194935c3a55a1dc4fcbdea
A blank wallet is a wallet that has no keys, script or watch only things.
A new wallet flag indicating that it is blank will be set when the wallet
is blank. Once it is no longer blank (a seed has been generated, keys or
scripts imported, etc), the flag will be unset.
5d35d4384a Update release notes through to cb35f1d3 (David A. Harding)
9ad5ca17d9 Release notes: integrate detached & rm backports (David A. Harding)
Pull request description:
Monthly release notes update. ~~In addition to a few new notes, this removes from the master branch two notes about things that have been backported to the 0.17 branch (though not released yet): `unloadwallet` RPC now being blocking (0.17 has a detached release note for that) and the PSBT doc (0.17 does not have a release note for that; I'll open a PR).~~
Tree-SHA512: 569b651f2ec4d6d22c2410897f6980a0db2d9aad479730537f0c77cc8d905599a4e6d1db716720fec55a4ee77dd0bd5de9d02a0f636b63cd68ece61d24547af0
fae8b8bb1a qa: Add tool-prefix to functional test readme (MarcoFalke)
faf3d22725 test_runner: Remove unused --force option (MarcoFalke)
Pull request description:
When someone calls the script they already have all intention to call it, no need to specify a redundant `--force`.
The functional tests are still disabled on the travis windows cross builds, where they'd run into issues when run under Wine.
Tree-SHA512: ada0dd9b3c0cd28c5832a12c5e04c029dc3bfe5ddf366fd0abc24fb7914d2e0f0a873fe756ade7ba780a561abe9bc731838c289accc421deda481269e08514cd
faa46475d7 wallet: Add lock annotation for mapAddressBook (MarcoFalke)
Pull request description:
This adds lock annotations for `mapAddressBook` and also moves one lock from inside `GetDestValues` to the caller to be in line with the other methods (`eraseDestData`, `addDestData`, ...)
Tree-SHA512: cef9397523e2f5717d4a9a6b2da1fe07042484a51b3c067ae64425768637f334350a2c3db4ab7e00af99b2a587f6b656b68ee1195f6a3db6d47298d0b2b6174a
eea02be70e Add locking annotation for vNodes. vNodes is guarded by cs_vNodes. (practicalswift)
Pull request description:
Add locking annotation for `vNodes`. `vNodes` is guarded by `cs_vNodes`.
Tree-SHA512: b1e18be22ba5b9dd153536380321b09b30a75a20575f975af9af94164f51982b32267ba0994e77c801513b59da05d923a974a9d2dfebdac48024c4bda98b53af
1cff3d6cb0 Change in transaction pull scheduling to prevent InvBlock-related attacks (Gleb Naumenko)
Pull request description:
This code makes executing two particular (and potentially other) attacks harder.
### InvBlock
This behavior was described well [here](https://www.cs.umd.edu/projects/coinscope/coinscope.pdf) (page 11).
Per current implementation, if node A receives _INV_ (tx) from node B, node A sends _GETDATA_ to B and waits for _TX_ message back.
Node A is likely to receive more _INVs_ (regarding the same tx) from other peers. But node A would not send another _GETDATA_ unless it does not hear _TX_ back from node B for next 2 minutes (to save bandwidth)
Thus, if B is a malicious node, it can prevent node A from getting the transaction (even if all A’s peers have it) for 2 minutes.
This behavior seems to be an inherent limitation of the current P2P relay protocol, and I don’t see how it can be fundamentally changed (I can see workarounds which involve rewriting a lot of P2P code though).
### What does this PR fix?
The attacks I’m looking at involve preventing A from learning the transaction for 2*N minutes. To do that, an attacker has to spin up N nodes and send N _INVs_ simultaneously to node A (then InvBlocks will be queued with an interval of 2 minutes according to current implementation)
More precisely, 2 scenarios I’m looking at are:
1. An attacker censors a particular transaction. By performing InvBlock from different nodes, an attacker can execute a network-wide censorship of a particular transaction (or all transactions). The earlier an attacker founds the transaction he wants to censor, the easier it is to perform an attack. As it was pointed out by @gwillen, this is even more dangerous in the case of lightning, where transactions are known in advance.
2. Topology inference described in papers [1](https://www.cs.umd.edu/projects/coinscope/coinscope.pdf), [2](https://arxiv.org/pdf/1812.00942.pdf) involve network-wide InvBlock. This fix would not mitigate this type of inference, but I believe it will make it more expensive to perform (an attacker would have to create more transactions and perform more rounds to learn the topology, the second paper itself notes that InvBlock isolation is important for the attack).
### How does it work
This PR introduces bias toward outbound connections (they have higher priority when a node chooses from whom it should request a transaction) and randomizes the order.
As per @gmaxwell suggestion, GETDATA requests queue is created after processing all incoming messages from all nodes.
After this fix, if the incoming messages were [I1, I2, I3, O1, O2, O3, O4], the queue for _GETDATA_ may look like [O2, O1, O3, O4, I1, I3, I2, ….].
If {I1, I2, I3} were significantly earlier (but the difference is less than TX_TIMEOUT=60 s) than others, the queue for _GETDATA_ may look like [I2, O2, O1, O3, O4, I1, I3, ….].
### Other comments:
1. This mitigation works better if the connectivity is higher (especially outbound, because it would be less likely that 2 _GETDATAs_ for inbound malicious nodes queued together)
Tree-SHA512: 2ad1e80c3c7e16ff0f2d1160aa7d9a5eaae88baa88467f156b987fe2a387f767a41e11507d7f99ea02ab75e89ab93b6a278d138cb1054f1aaa2df336e9b2ca6a
MarcoFalke
