fix assert crash when specified change output spend size is unknown #14380

instagibbs · 2018-10-03T05:45:29Z

This is triggered anytime a fundraw type call(psbt or legacy) is used with a change output address that the wallet doesn't know how to sign for.

This regression was added in 6a34ff5 since BnB coin selection actually cares about this.

The fix is to assume the smallest typical spend, a P2SH-P2WPKH, which is calculated using a "prototype" dummy signature flow. Future work could generalize this infrastructure to get estimated sizes of inputs for a variety of types.

I also removed a comment which I believe is stale and misleading.

instagibbs · 2018-10-03T05:45:42Z

Opening this to see if people think this is the right solution.

practicalswift · 2018-10-03T07:57:58Z

Very nice find!

gmaxwell · 2018-10-03T23:45:14Z

The code wants to know the change signature size so it can figure out if it would have created change that was worthless to spend (because the spending will take more fees than the output is worth).

Assuming the size is smallest plausible signature size would be conservative: it'll overvalue the change, at a risk of keeping change it could have eliminated. I think doing that would be strictly superior to not using BnB at all, since preventing BnB will always keep change it should eliminate.

So, e.g. assuming any spend of an unknown type will take at least 32(txid)+4(vout)+4(sequence)+1(len)+64*0.25(signature) = 57 bytes would work. (don't assume my math is right. :) )

instagibbs · 2018-10-03T23:52:43Z

Hm yes I suppose you're right. Not running BnB is admitting defeat even if we actually end up being able to discard a larger value. I'll take a look at constructing something that makes a minimal segwit input weight.

DrahtBot · 2018-10-04T05:47:35Z

Coverage	Change (pull 14380)	Reference (master)
Lines	-0.0083 %	87.0471 %
Functions	+0.0154 %	84.1130 %
Branches	+0.0057 %	51.5403 %

src/wallet/wallet.cpp

practicalswift · 2018-10-04T09:42:55Z

Isn't the problem that coin_selection_params.change_spend_size is set to std::numeric_limits<size_t>::max() (SIZE_MAX) instead of the intended -1 since change_spend_size is of type size_t?

[cling]$ size_t change_spend_size = -1;
[cling]$ change_spend_size
(unsigned long) 18446744073709551615
[cling]$ (size_t)-1
(unsigned long) 18446744073709551615
[cling]$ #include <limits>
[cling]$ std::numeric_limits<size_t>::max()
(unsigned long) 18446744073709551615

The definition of change_spend_size:

bitcoin/src/wallet/wallet.h

Line 573 in b012bbe

size_t change_spend_size = 0;

CalculateMaximumSignedInputSize(…) returns -1 here:

bitcoin/src/wallet/wallet.cpp

Lines 1510 to 1520 in b012bbe

    
           int CalculateMaximumSignedInputSize(const CTxOut& txout, const CWallet* wallet, bool use_max_sig) 
        
           { 
        
               CMutableTransaction txn; 
        
               txn.vin.push_back(CTxIn(COutPoint())); 
        
               if (!wallet->DummySignInput(txn.vin[0], txout, use_max_sig)) { 
        
                   // This should never happen, because IsAllFromMe(ISMINE_SPENDABLE) 
        
                   // implies that we can sign for every input. 
        
                   return -1; 
        
               } 
        
               return GetVirtualTransactionInputSize(txn.vin[0]); 
        
           }

Thechange_spend_size assignment is performed here:

bitcoin/src/wallet/wallet.cpp

Line 2725 in b012bbe

    
           coin_selection_params.change_spend_size = CalculateMaximumSignedInputSize(change_prototype_txout, this);

Related open pull requests in need of review:

build: Run functional tests and benchmarks under the undefined behaviour sanitizer (UBSan) #14252 – build: Run functional tests and benchmarks under the undefined behaviour sanitizer (UBSan) (includes -fsanitize=integer which tackles unsigned integer wraparounds (non-UB!))
mempool: Fix unintended unsigned integer wraparound in CTxMemPool::UpdateAncestorsOf(bool add, …) when add is false #14226 – mempool: Fix unintended unsigned integer wraparound in CTxMemPool::UpdateAncestorsOf(bool add, …) when add is false
Document intentional and unintentional unsigned integer overflows (wraparounds) using annotations #14224 – Document intentional and unintentional unsigned integer overflows (wraparounds) using annotations
Fix unsigned integer wrap-around in GetBlockProofEquivalentTime #11551 – Fix unsigned integer wrap-around in GetBlockProofEquivalentTime
Avoid unintentional unsigned integer wraparounds #11535 – Avoid unintentional unsigned integer wraparounds

Please help reviewing those :-)

instagibbs · 2018-10-05T03:40:29Z

@practicalswift yes that's why the assert is finally hit, but it's faulty logic regardless

instagibbs · 2018-10-05T05:20:26Z

Pushed a fix in line with @gmaxwell suggestions. It's pretty hardcoded, so I'd rather make this more programmatic, perhaps giving a "hint" to the dummy signer of what type it should be?

src/wallet/wallet.cpp

DrahtBot · 2018-10-05T10:47:09Z

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Conflicts

Reviewers, this pull request conflicts with the following ones:

#14711 (Remove uses of chainActive and mapBlockIndex in wallet code by ryanofsky)
#10973 (Refactor: separate wallet from node by ryanofsky)
#10102 ([experimental] Multiprocess bitcoin by ryanofsky)

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

achow101 · 2018-10-05T22:42:01Z

Concept ACK

instagibbs · 2018-10-06T05:23:46Z

Updated the PR to use a function that uses DummySigner flow with an arbitrary valid pubkey as the P2SH-P2WPKH target to estimate the size more programatically.

src/wallet/wallet.cpp

meshcollider

utACK 198830e

meshcollider · 2018-10-08T08:35:44Z

test/functional/rpc_psbt.py

nit: typo in comment

not fixed. Suggest something like "Make sure that the wallet can successfully create a funded psbt when it isn't able to sign for the change output" or similar.

achow101 · 2018-10-09T00:49:43Z

utACK 198830e06bf4560cfb962e29c73c5b1357d90b37

Empact · 2018-10-09T02:36:31Z

~~How about a higher-level test exhibiting the original failure/assert condition? Absent that we don't have regression coverage or direct failure exhibition.~~
Never mind! The test/functional/rpc_psbt.py change covers this.

src/wallet/wallet.h

instagibbs · 2018-10-09T02:45:16Z

The functional test could be better explained: We need it to try BnB coin selection with a change output that is a script that it doesn't have knowledge of.

…change

instagibbs · 2018-11-12T18:12:54Z

rebased, just a test conflict

Empact · 2018-11-12T20:34:59Z

src/wallet/wallet.h

 static const bool DEFAULT_WALLETBROADCAST = true;
 static const bool DEFAULT_DISABLE_WALLET = false;

+//! Pre-calculated constants for input size estimation in *virtual size*


nit: how about Estimated nested input size in *virtual size*, see CalculateNestedKeyhashInputSize

Empact · 2018-11-12T20:35:27Z

utACK 0fb2e69

sipa · 2018-11-14T23:07:45Z

utACK 0fb2e69

TheBlueMatt · 2018-11-28T20:27:05Z

utACK 0fb2e69

ryanofsky

Slightly tested ACK 0fb2e69. Just confirmed python test fails before and succeeds after the fix.

jnewbery

utACK 0fb2e69.

Minor comment nit inline, but I suggest you don't change it in order not to invalidate previous ACKs.

jnewbery · 2018-11-28T22:56:25Z

test/functional/rpc_psbt.py

not fixed. Suggest something like "Make sure that the wallet can successfully create a funded psbt when it isn't able to sign for the change output" or similar.

gmaxwell · 2018-11-29T03:29:55Z

utACK

…e is unknown 0fb2e69 CreateTransaction: Assume minimum p2sh-p2wpkh spend size for unknown change (Gregory Sanders) b06483c Remove stale comment in CalculateMaximumSignedInputSize (Gregory Sanders) Pull request description: This is triggered anytime a fundraw type call(psbt or legacy) is used with a change output address that the wallet doesn't know how to sign for. This regression was added in 6a34ff5 since BnB coin selection actually cares about this. The fix is to assume the smallest typical spend, a P2SH-P2WPKH, which is calculated using a "prototype" dummy signature flow. Future work could generalize this infrastructure to get estimated sizes of inputs for a variety of types. I also removed a comment which I believe is stale and misleading. Tree-SHA512: c7e2be189e524f81a7aa4454ad9370cefba715e3781f1e462c8bab77e4d27540191419029e3ebda11e3744c0703271e479dcd560d05e4d470048d9633e34da16

maflcko · 2018-11-30T15:53:22Z

@instagibbs Would you mind creating a backport for 0.17 of this?

instagibbs · 2018-11-30T16:07:40Z

@MarcoFalke done

…t spend size is unknown 2a5cc40 CreateTransaction: Assume minimum p2sh-p2wpkh spend size for unknown change (Gregory Sanders) 53dcf2b Remove stale comment in CalculateMaximumSignedInputSize (Gregory Sanders) Pull request description: backport of #14380 Tree-SHA512: 42e261bd797d1938f8e041ccd10073ecd1d72695e2e4ce322e5a3ce262647e32108b01dde73361b6d2ac36438522ab3c4cd58ca072194f25011132437430cd27

fanquake · 2018-11-30T22:27:19Z

Backported in #14851.

…change Github-Pull: bitcoin#14380 Rebased-From: 0fb2e69

Summary: Remove stale comment in CalculateMaximumSignedInputSize CreateTransaction: Assume minimum p2sh-p2wpkh spend size for unknown change This is a backport of Core [[bitcoin/bitcoin#14380 | PR14380]] Test Plan: ninja check-all Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Subscribers: Fabien Differential Revision: https://reviews.bitcoinabc.org/D8500

fanquake added the Wallet label Oct 3, 2018

instagibbs force-pushed the unknown_change_size branch from a27865d to 268f495 Compare October 3, 2018 06:01

practicalswift reviewed Oct 4, 2018

View reviewed changes