wallet: Consume ReserveDestination on successful CreateTransaction #16208
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
|
Maybe just ditch |
Contributor
|
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. ConflictsReviewers, this pull request conflicts with the following ones:
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first. |
fanquake
changed the title
Member
Author
Contributor
Even with this change this happens even when creating the transaction fails: ret = reservekey.GetReservedKey(vchPubKey, true);
LearnRelatedScripts(vchPubKey, change_type); // will call AddCScript
So IIUC it should always keep the key. |
Member
Author
|
@promag AFAICT there is no case, except maybe mempool chain limits being busted, where keys will be burned. I'm not sure what you're saying with respect to |
Contributor
|
I mean that once |
Member
Author
|
@promag That's not the case though. There are a number of reasons why a valid transaction is unable to be made, after the key is reserved. Insufficient fee, transaction too large, etc. This results in additional burned keys. |
Contributor
| Needs rebase |
instagibbs
force-pushed
the
createtransaction_keepkey
branch
from
b535a06 to
5819967
Compare
Member
Author
|
rebased |
instagibbs
force-pushed
the
createtransaction_keepkey
branch
from
5819967 to
e18a67d
Compare
achow101
reviewed
Jul 10, 2019
Member
achow101
left a comment
achow101
left a comment
There was a problem hiding this comment.
Concept ACK. I think this is a reasonable assumption.
Please update the OP and commit messages to use the new naming.
src/wallet/wallet.cpp
Outdated
Member
There was a problem hiding this comment.
This change should be in the previous commit.
src/wallet/wallet.h
Outdated
Member
There was a problem hiding this comment.
nit: should be reserve an address.
instagibbs
force-pushed
the
createtransaction_keepkey
branch
from
e18a67d to
e10e1e8
Compare
instagibbs
changed the title
Member
Author
|
fixed and updated OP/description as per @achow101 suggestions |
Member
|
ACK e10e1e8 Reviewed the diff |
Contributor
|
utACK e10e1e8 |
Contributor
|
Looks good. I initially thought this includes "createrawtransaction" which I think should be stateless,... but Concept ACK. |
Contributor
There was a problem hiding this comment.
utACK e10e1e8
I think my one comment is not merge-blocking
| * ReserveDestination is used to reserve an address. It is passed around | ||
| * during the CreateTransaction/CommitTransaction procedure. | ||
| * ReserveDestination is used to reserve an address. | ||
| * It is currently only used inside of CreateTransaction. |
Contributor
There was a problem hiding this comment.
Not quite true, it is still used in GetNewChangeDestination() which is called by the getrawchangeaddress RPC
meshcollider
added a commit
that referenced
this pull request
Jul 17, 2019
…Transaction e10e1e8 Restrict lifetime of ReserveDestination to CWallet::CreateTransaction (Gregory Sanders) d9ff862 CreateTransaction calls KeepDestination on ReserveDestination before success (Gregory Sanders) Pull request description: The typical usage pattern of `ReserveDestination` is to explicitly `KeepDestination`, or `ReturnDestination` when it's detected it will not be used. Implementers such as myself may fail to complete this pattern, and could result in key re-use: #15557 (comment) Since ReserveDestination is currently only used directly in the `CreateTransaction`/`CommitTransaction` flow(or fee bumping where it's just used in `CreateTransaction`), I instead make the assumption that if a transaction is returned by `CreateTransaction` it's highly likely that it will be accepted by the caller, and the `ReserveDestination` kept. This simplifies the API as well. There are very few cases where this would not be the case which may result in keys being burned. Those failure cases appear to be: `CommitTransaction` failing to get the transaction into the mempool Belt and suspenders check in `WalletModel::prepareTransaction` Alternative to #15796 ACKs for top commit: achow101: ACK e10e1e8 Reviewed the diff stevenroose: utACK e10e1e8 meshcollider: utACK e10e1e8 Tree-SHA512: 78d047a00f39ab41cfa297052cc1e9c224d5f47d3d2299face650d71827635de077ac33fb4ab9f7dc6fc5a27f4a68415a1bc9ca33a3cb09a78f4f15b2a48411b
ryanofsky
added a commit
to ryanofsky/bitcoin
that referenced
this pull request
Jul 18, 2019
No reason for this class to exist if it doesn't have any code to run in the destructor. e10e1e8 from bitcoin#16208 recently removed code destructor code that would return an unused key if the transaction wasn't committed.
Contributor
|
Should this have release notes? IIUC before this change, if you created a transaction in the GUI and pressed "Cancel" instead of "Yes" in the confirmation dialog, it would previously not affect the change keypool, but now it will remove the key from the pool and mark it used. |
Member
Author
|
@ryanofsky Forgot this case in OP. Considering it's unlikely(?) to be an automated process I don't think it necessitates release notes but that is just my estimation. |
Contributor
|
Sure, could just add the Needs release note tag for consideration when there is a release. |
meshcollider
added a commit
that referenced
this pull request
Jul 27, 2019
4d94916 Get rid of PendingWalletTx class. (Russell Yanofsky) Pull request description: No reason for this class to exist if it doesn't have any code to run in the destructor. e10e1e8 from #16208 recently removed the destructor code that would return an unused key if the transaction wasn't committed. This is just cleanup, there's no change in behavior. ACKs for top commit: ariard: utACK 4d94916. Successfully built both `bitcoind` and `bitcoin-qt`. `PendingWalletTx` was only a wrapper to enforce call to `ReturnDestination` if `CommitTransaction` doesn't `KeepDestination` before. promag: ACK 4d94916, refactor looks good to me. meshcollider: utACK 4d94916 Tree-SHA512: f3f93d2f2f5d8f1e7810d609d881c1b1cbbaa8629f483f4293e20b3210292605e947bc4903fde9d2d8736277ca3bd6de182f7eac1e13515d5a327f2ebc130839
konez2k
pushed a commit
to bitcoin-green/bitcoingreen
that referenced
this pull request
Jul 27, 2019
4d94916 Get rid of PendingWalletTx class. (Russell Yanofsky) Pull request description: No reason for this class to exist if it doesn't have any code to run in the destructor. e10e1e8 from bitcoin#16208 recently removed the destructor code that would return an unused key if the transaction wasn't committed. This is just cleanup, there's no change in behavior. ACKs for top commit: ariard: utACK 4d94916. Successfully built both `bitcoind` and `bitcoin-qt`. `PendingWalletTx` was only a wrapper to enforce call to `ReturnDestination` if `CommitTransaction` doesn't `KeepDestination` before. promag: ACK 4d94916, refactor looks good to me. meshcollider: utACK 4d94916 Tree-SHA512: f3f93d2f2f5d8f1e7810d609d881c1b1cbbaa8629f483f4293e20b3210292605e947bc4903fde9d2d8736277ca3bd6de182f7eac1e13515d5a327f2ebc130839
sidhujag
pushed a commit
to syscoin/syscoin
that referenced
this pull request
Jul 29, 2019
… CreateTransaction e10e1e8 Restrict lifetime of ReserveDestination to CWallet::CreateTransaction (Gregory Sanders) d9ff862 CreateTransaction calls KeepDestination on ReserveDestination before success (Gregory Sanders) Pull request description: The typical usage pattern of `ReserveDestination` is to explicitly `KeepDestination`, or `ReturnDestination` when it's detected it will not be used. Implementers such as myself may fail to complete this pattern, and could result in key re-use: bitcoin#15557 (comment) Since ReserveDestination is currently only used directly in the `CreateTransaction`/`CommitTransaction` flow(or fee bumping where it's just used in `CreateTransaction`), I instead make the assumption that if a transaction is returned by `CreateTransaction` it's highly likely that it will be accepted by the caller, and the `ReserveDestination` kept. This simplifies the API as well. There are very few cases where this would not be the case which may result in keys being burned. Those failure cases appear to be: `CommitTransaction` failing to get the transaction into the mempool Belt and suspenders check in `WalletModel::prepareTransaction` Alternative to bitcoin#15796 ACKs for top commit: achow101: ACK e10e1e8 Reviewed the diff stevenroose: utACK e10e1e8 meshcollider: utACK e10e1e8 Tree-SHA512: 78d047a00f39ab41cfa297052cc1e9c224d5f47d3d2299face650d71827635de077ac33fb4ab9f7dc6fc5a27f4a68415a1bc9ca33a3cb09a78f4f15b2a48411b
sidhujag
pushed a commit
to syscoin/syscoin
that referenced
this pull request
Jul 29, 2019
No reason for this class to exist if it doesn't have any code to run in the destructor. e10e1e8 from bitcoin#16208 recently removed code destructor code that would return an unused key if the transaction wasn't committed.
HashUnlimited
pushed a commit
to HashUnlimited/chaincoin
that referenced
this pull request
Aug 30, 2019
No reason for this class to exist if it doesn't have any code to run in the destructor. e10e1e8 from bitcoin#16208 recently removed code destructor code that would return an unused key if the transaction wasn't committed.
barrystyle
pushed a commit
to zentoshi/zentoshi
that referenced
this pull request
Nov 11, 2019
No reason for this class to exist if it doesn't have any code to run in the destructor. e10e1e8 from bitcoin/bitcoin#16208 recently removed code destructor code that would return an unused key if the transaction wasn't committed.
konez2k
added a commit
to bitcoin-green/bitcoingreen
that referenced
this pull request
Jun 2, 2020
No reason for this class to exist if it doesn't have any code to run in the destructor. e10e1e8 from bitcoin#16208 recently removed code destructor code that would return an unused key if the transaction wasn't committed.
jasonbcox
pushed a commit
to Bitcoin-ABC/bitcoin-abc
that referenced
this pull request
Jul 2, 2020
…veDestination before success Summary: bitcoin/bitcoin@d9ff862 --- Partial backport of Core [[bitcoin/bitcoin#16208 | PR16208]] Test Plan: ninja check-all Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D6800
jasonbcox
pushed a commit
to Bitcoin-ABC/bitcoin-abc
that referenced
this pull request
Jul 2, 2020
Summary: No reason for this class to exist if it doesn't have any code to run in the destructor. e10e1e8db043e9b7c113e07faf408f337c1b732d from bitcoin/bitcoin#16208 recently removed code destructor code that would return an unused key if the transaction wasn't committed. bitcoin/bitcoin@4d94916 --- Backport of Core [[bitcoin/bitcoin#16415 | PR16415]] Test Plan: ninja check-all Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D6804
ShengguangXiao
pushed a commit
to DeFiCh/ain
that referenced
this pull request
Aug 28, 2020
619685e Get rid of PendingWalletTx class. (Russell Yanofsky) Pull request description: No reason for this class to exist if it doesn't have any code to run in the destructor. d3edeaa from bitcoin/bitcoin#16208 recently removed the destructor code that would return an unused key if the transaction wasn't committed. This is just cleanup, there's no change in behavior. ACKs for top commit: ariard: utACK 619685e. Successfully built both `bitcoind` and `bitcoin-qt`. `PendingWalletTx` was only a wrapper to enforce call to `ReturnDestination` if `CommitTransaction` doesn't `KeepDestination` before. promag: ACK 619685e, refactor looks good to me. meshcollider: utACK 619685e Tree-SHA512: f3f93d2f2f5d8f1e7810d609d881c1b1cbbaa8629f483f4293e20b3210292605e947bc4903fde9d2d8736277ca3bd6de182f7eac1e13515d5a327f2ebc130839
monstrobishi
pushed a commit
to DeFiCh/ain
that referenced
this pull request
Sep 6, 2020
No reason for this class to exist if it doesn't have any code to run in the destructor. e10e1e8 from bitcoin/bitcoin#16208 recently removed code destructor code that would return an unused key if the transaction wasn't committed.
monstrobishi
pushed a commit
to DeFiCh/ain
that referenced
this pull request
Sep 6, 2020
4d94916 Get rid of PendingWalletTx class. (Russell Yanofsky) Pull request description: No reason for this class to exist if it doesn't have any code to run in the destructor. e10e1e8 from bitcoin/bitcoin#16208 recently removed the destructor code that would return an unused key if the transaction wasn't committed. This is just cleanup, there's no change in behavior. ACKs for top commit: ariard: utACK 4d94916. Successfully built both `bitcoind` and `bitcoin-qt`. `PendingWalletTx` was only a wrapper to enforce call to `ReturnDestination` if `CommitTransaction` doesn't `KeepDestination` before. promag: ACK 4d94916, refactor looks good to me. meshcollider: utACK 4d94916 Tree-SHA512: f3f93d2f2f5d8f1e7810d609d881c1b1cbbaa8629f483f4293e20b3210292605e947bc4903fde9d2d8736277ca3bd6de182f7eac1e13515d5a327f2ebc130839
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
9 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The typical usage pattern of
ReserveDestinationis to explicitlyKeepDestination, orReturnDestinationwhen it's detected it will not be used.Implementers such as myself may fail to complete this pattern, and could result in key re-use: #15557 (comment)
Since ReserveDestination is currently only used directly in the
CreateTransaction/CommitTransactionflow(or fee bumping where it's just used inCreateTransaction), I instead make the assumption that if a transaction is returned byCreateTransactionit's highly likely that it will be accepted by the caller, and theReserveDestinationkept. This simplifies the API as well. There are very few cases where this would not be the case which may result in keys being burned.Those failure cases appear to be:
CommitTransactionfailing to get the transaction into the mempoolBelt and suspenders check in
WalletModel::prepareTransactionAlternative to #15796