rpc: include_unsafe option for fundrawtransaction #21359
Conversation
|
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. ConflictsReviewers, this pull request conflicts with the following ones:
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first. |
t-bast
force-pushed
the
fund-raw-transaction-allow-unsafe
branch
from
54bd3a1
to
92e5b3a
Compare
t-bast
force-pushed
the
fund-raw-transaction-allow-unsafe
branch
from
92e5b3a
to
0dc8808
Compare
| @@ -2797,7 +2798,7 @@ bool CWallet::CreateTransactionInternal( | |||
| txNew.nLockTime = GetLocktimeForNewTransaction(chain(), GetLastBlockHash(), GetLastBlockHeight()); | |||
| { | |||
| std::vector<COutput> vAvailableCoins; | |||
| AvailableCoins(vAvailableCoins, true, &coin_control, 1, MAX_MONEY, MAX_MONEY, 0); | |||
| AvailableCoins(vAvailableCoins, !coin_control.m_include_unsafe_inputs, &coin_control, 1, MAX_MONEY, MAX_MONEY, 0); | |||
There was a problem hiding this comment.
We could remove the fOnlySafe argument to AvailableCoins now that this is provided by coin_control.
The only gotcha is that AvailableCoins can be called without a coin_control, but I checked the codebase and in all the places where that happens fOnlySafe is set to true, so we could set it inside AvailableCoins to const bool only_safe = {coinControl ? !coinControl->m_include_unsafe_inputs : true};.
Do you want me to apply that change in this PR?
t-bast
force-pushed
the
fund-raw-transaction-allow-unsafe
branch
from
0dc8808
to
16076bb
Compare
|
ACK 16076bb |
|
Is there something I can do to help this PR move forward? We really need it to unblock anchor outputs in lightning (we can run a modified |
|
Looks good to me. Could there go anything other wrong than a transaction becoming invalid because an input disappeared? (this of course would not be really wrong) |
It's a very good question, it's part of my "unknown unknowns" and why I'm curious to get feedback from more people here. |
t-bast
force-pushed
the
fund-raw-transaction-allow-unsafe
branch
from
1bb2526
to
4e4d7c0
Compare
|
ACK 0709545 |
t-bast
force-pushed
the
fund-raw-transaction-allow-unsafe
branch
from
0709545
to
a5c3d9c
Compare
There was a problem hiding this comment.
ACK a5c3d9c
Happy to re-ack for #21359 (comment) and #21359 (comment).
t-bast
force-pushed
the
fund-raw-transaction-allow-unsafe
branch
from
a5c3d9c
to
2bf0b1e
Compare
t-bast
force-pushed
the
fund-raw-transaction-allow-unsafe
branch
from
ce70f32
to
1b1dad3
Compare
|
re-ACK 1b1dad3 |
| @@ -3205,6 +3210,9 @@ static RPCHelpMan fundrawtransaction() | |||
| {"options", RPCArg::Type::OBJ, RPCArg::Optional::OMITTED_NAMED_ARG, "for backward compatibility: passing in a true instead of an object will result in {\"includeWatching\":true}", | |||
| { | |||
| {"add_inputs", RPCArg::Type::BOOL, RPCArg::Default{true}, "For a transaction with existing inputs, automatically include more if they are not enough."}, | |||
| {"include_unsafe", RPCArg::Type::BOOL, RPCArg::Default{false}, "Include inputs that are not safe to spend (unconfirmed transactions from outside keys and unconfirmed replacement transactions).\n" | |||
There was a problem hiding this comment.
I think "opt-in RBF" is better than "replacement" to qualify transactions which may be evicted of the mempool due to bip 125 rules.
There was a problem hiding this comment.
It took the definition of fSafe here:
Line 595 in 2b45cf0
Is there consensus on updating this in every place where it's used?
| @@ -4030,6 +4038,9 @@ static RPCHelpMan send() | |||
| {"options", RPCArg::Type::OBJ, RPCArg::Optional::OMITTED_NAMED_ARG, "", | |||
| { | |||
| {"add_inputs", RPCArg::Type::BOOL, RPCArg::Default{false}, "If inputs are specified, automatically include more if they are not enough."}, | |||
| {"include_unsafe", RPCArg::Type::BOOL, RPCArg::Default{false}, "Include inputs that are not safe to spend (unconfirmed transactions from outside keys and unconfirmed replacement transactions).\n" | |||
There was a problem hiding this comment.
Did we already consider for spending replacement transactions from our wallets before this PR ? isRBFOptIndoesn't seem used in FundTransaction path. Unsafe inputs definition doesn't seem to be tied to replaceability only key externality ?
There was a problem hiding this comment.
I'm not 100% I understand your comment. Are you saying that FundTransaction doesn't check isRBFOptIn, which means that the wallet may currently use unconfirmed outputs from replaceable txs if they're our own txs (which could be an issue because we could replace that tx and invalidate its children)?
Allow RPC users to opt-in to unsafe inputs when funding a raw transaction. Applications that need to manage a complex RBF flow (such as lightning nodes using anchor outputs) are very limited if they can only use safe inputs. Fixes bitcoin#21299
t-bast
force-pushed
the
fund-raw-transaction-allow-unsafe
branch
from
1b1dad3
to
11d6459
Compare
|
🕵️ @harding has been requested to review this pull request as specified in the REVIEWERS file. |
|
Code review ACK 11d6459 |
The fOnlySafe argument to AvailableCoins is now redundant, since bitcoin#21359 added a similar field inside the CCoinControl struct. Not all code paths set a CCoinControl instance, but when it's missing we can default to using only safe inputs which is backwards-compatible.
c30dd02 refactor: remove redundant fOnlySafe argument (t-bast) Pull request description: The `fOnlySafe` argument to `AvailableCoins` is now redundant, since #21359 added a similar field inside the `CCoinControl` struct (see #21359 (comment)). Not all code paths create a `CCoinControl` instance, but when it's missing we can default to using only safe inputs which is backwards-compatible. ACKs for top commit: instagibbs: utACK c30dd02 promag: Code review ACK c30dd02. achow101: ACK c30dd02 meshcollider: Code review + test run ACK c30dd02 Tree-SHA512: af3cb598d06f233fc48a7c9c45bb14da92b5cf4168b8dbd4f134dc3e0c2b615c6590238ddb1eaf380aea5bbdd3386d2ac8ecd7d22dfc93579adc39248542839b
Allow RPC users to opt-in to unsafe inputs when funding a raw transaction. Applications that need to manage a complex RBF flow (such as lightning nodes using anchor outputs) are very limited if they can only use safe inputs. Fixes bitcoin#21299 Github-Pull: bitcoin#21359 Rebased-From: 11d6459
I hacked up rpc_fundrawtransaction.py a little bit because our `get_address` method here depends on nobody having called `createwallet` on a particular node ... the "correct" fix for this would be to redo the Elements changes to this functional test for the 0.20+ createwallet changes, but because there will be big future changes to this test (in Elements #900 (PSET)) I did the quick/hacky thing, and will defer cleanups to a separate post-rebase PR.
Allow RPC users to opt-in to unsafe inputs when funding a raw transaction.
Applications that need to manage a complex RBF flow (such as lightning nodes using anchor outputs) are very limited if they can only use safe inputs.
I also added this option to
sendandwalletcreatefundedpsbtwho internally delegate tofundrawtransaction.Fixes #21299