Skip to content

GetExternalSigner(): fail if multiple signers are found #25235

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
fanquake merged 1 commit into from
Aug 13, 2022
Merged

GetExternalSigner(): fail if multiple signers are found #25235

fanquake merged 1 commit into from
Aug 13, 2022

Conversation

@amadeuszpawlik
Copy link
Contributor

@amadeuszpawlik amadeuszpawlik commented May 28, 2022
edited
Loading

If there are multiple external signers, GetExternalSigner() will
just pick the first one in the list. If the user has two or more
hardware wallets connected at the same time, he might not notice this.

This PR adds a check and fails with suitable message, forcing the user to disconnect all but one external signer, so that there is no ambiguity as to which external signer was used.

@fanquake fanquake requested a review from Sjors May 28, 2022 19:02
@amadeuszpawlik
Copy link
Contributor Author

amadeuszpawlik commented May 28, 2022

Resolves #22636

Sjors
Sjors reviewed May 30, 2022
View reviewed changes
Copy link
Member

@Sjors Sjors left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Concept ACK

Maybe add test/functional/mocks/multi_signers.py to cover the error message. It would only need the enumerate stub. This can later be expanded as we improve multisig support.

There are two scenarios where GetExternalSigner is called:

  1. When creating a new wallet
  2. When displaying an address

For the first scenario ideally we want the user to pick one, but this would involve adding a fingerprint argument to the RPC call and expanding the GUI to select a device.

For the second scenario ideally we want to display the address on both devices, if it's a multisig wallet. This would involve changing DisplayAddress to perform a two stage operation: first call enumerate, and then call GetExternalSigner for each fingerprint it recognises.

Until then though, I think it's fine to just tell the user to only connect one external signer at a time.

The only caveat I can think of is that a user might have one device permanently connected to their machine, e.g. a signer for their lightning node, that they don't want to use as a Bitcoin Core wallet. But that use case is handled poorly with or without this PR.

@Sjors Sjors mentioned this pull request May 30, 2022
Closed
@amadeuszpawlik amadeuszpawlik force-pushed the fail_with_multiple_ext_signers branch from 3035182 to f5341c2 Compare May 31, 2022 16:17
@amadeuszpawlik
Copy link
Contributor Author

amadeuszpawlik commented May 31, 2022

@Sjors thanks for the input, test added!

@amadeuszpawlik amadeuszpawlik force-pushed the fail_with_multiple_ext_signers branch from f5341c2 to 8e121cb Compare May 31, 2022 19:46
@amadeuszpawlik amadeuszpawlik marked this pull request as ready for review June 1, 2022 05:57
@Sjors
Copy link
Member

Sjors commented Jun 2, 2022

Looks good at first glance, will review and test in more detail.

@achow101
Copy link
Member

achow101 commented Jun 2, 2022

ACK 8e121cb43cd34239567c148e167c48d93097d1dc

It would really be preferable to allow the user to choose which signer rather than forcing one at a time, but this is fine for now.

@Rspigler
Copy link
Contributor

Rspigler commented Jun 3, 2022

Concept ACK.

Agree with @Sjors about the multisig additions we would have to make

furszy
furszy approved these changes Jun 4, 2022
View reviewed changes
Copy link
Member

@furszy furszy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code review ACK 8e121cb4

@Rspigler Rspigler mentioned this pull request Jun 5, 2022
Open
16 tasks
jonatack
jonatack reviewed Jun 6, 2022
View reviewed changes
Copy link
Member

@jonatack jonatack left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work, ACK 8e121cb43cd34239567c148e167c48d93097d1dc with one suggested simplification

@amadeuszpawlik amadeuszpawlik force-pushed the fail_with_multiple_ext_signers branch from 8e121cb to c4f2d06 Compare June 6, 2022 19:08
@Sjors
Copy link
Member

Sjors commented Jun 9, 2022
edited
Loading

c4f2d06ecc4c48b9d080be35e0ec03dfdf75ffe5 looks good, and works with bitcoind.

However, the GUI crashes when creating a new wallet. One solution is to add a check in CreateWalletActivity::create() in walletcontroller.cpp right before it calls setSigners().

@amadeuszpawlik
GetExternalSigner(): fail if multiple signers are found
292b1a3 
If there are multiple external signers, `GetExternalSigner()` will
just pick the first one in the list. If the user has two or more
hardware wallets connected at the same time, he might not notice this.

This PR adds a check and fails with suitable message.
@amadeuszpawlik amadeuszpawlik force-pushed the fail_with_multiple_ext_signers branch from c4f2d06 to 292b1a3 Compare June 9, 2022 18:35
@amadeuszpawlik
Copy link
Contributor Author

amadeuszpawlik commented Jun 9, 2022

Thanks @Sjors, I didn't catch that one.
I added a check as you proposed - if multiple signers are found, we prompt an error and clear the list of signers. That way the user can still proceed to create a wallet, but the option for external signers is inactive (as the signer list is empty).

@Sjors
Copy link
Member

Sjors commented Jun 10, 2022

tACK 292b1a3

@achow101
Copy link
Member

achow101 commented Jun 14, 2022

ACK 292b1a3

@DrahtBot
Copy link
Contributor

DrahtBot commented Jun 21, 2022
edited
Loading

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Conflicts

No conflicts as of last run.

@theStack
Copy link
Contributor

theStack commented Jul 28, 2022

Concept ACK

@fanquake fanquake merged commit dc9d662 into bitcoin:master Aug 13, 2022
sidhujag pushed a commit to syscoin/syscoin that referenced this pull request Aug 15, 2022
@fanquake
Merge bitcoin#25235: GetExternalSigner(): fail if multiple signers ar…
87d1411 
…e found

292b1a3 GetExternalSigner(): fail if multiple signers are found (amadeuszpawlik)

Pull request description:

  If there are multiple external signers, `GetExternalSigner()` will
  just pick the first one in the list. If the user has two or more
  hardware wallets connected at the same time, he might not notice this.

  This PR adds a check and fails with suitable message, forcing the user to disconnect all but one external signer, so that there is no ambiguity as to which external signer was used.

ACKs for top commit:
  Sjors:
    tACK 292b1a3
  achow101:
    ACK 292b1a3

Tree-SHA512: e2a41d3eecc607d4f94e708614bed0f3545f7abba85f300c5a5f0d3d17d72c815259734accc5ca370953eacd290f27894ba2c18016f5e9584cd50fa1ec2fbb0b
@bitcoin bitcoin locked and limited conversation to collaborators Jan 12, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

3 more reviewers

@Sjors Sjors Sjors left review comments

@jonatack jonatack jonatack left review comments

@furszy furszy furszy approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

Wallet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

9 participants

@amadeuszpawlik @Sjors @achow101 @Rspigler @DrahtBot @theStack @jonatack @furszy @fanquake