New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
rpc: include_unsafe option for fundrawtransaction #21359
rpc: include_unsafe option for fundrawtransaction #21359
Conversation
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. ConflictsReviewers, this pull request conflicts with the following ones:
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first. |
54bd3a1
to
92e5b3a
Compare
92e5b3a
to
0dc8808
Compare
@@ -2797,7 +2798,7 @@ bool CWallet::CreateTransactionInternal( | |||
txNew.nLockTime = GetLocktimeForNewTransaction(chain(), GetLastBlockHash(), GetLastBlockHeight()); | |||
{ | |||
std::vector<COutput> vAvailableCoins; | |||
AvailableCoins(vAvailableCoins, true, &coin_control, 1, MAX_MONEY, MAX_MONEY, 0); | |||
AvailableCoins(vAvailableCoins, !coin_control.m_include_unsafe_inputs, &coin_control, 1, MAX_MONEY, MAX_MONEY, 0); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We could remove the fOnlySafe
argument to AvailableCoins
now that this is provided by coin_control
.
The only gotcha is that AvailableCoins
can be called without a coin_control
, but I checked the codebase and in all the places where that happens fOnlySafe
is set to true
, so we could set it inside AvailableCoins
to const bool only_safe = {coinControl ? !coinControl->m_include_unsafe_inputs : true};
.
Do you want me to apply that change in this PR?
0dc8808
to
16076bb
Compare
ACK 16076bb |
Is there something I can do to help this PR move forward? We really need it to unblock anchor outputs in lightning (we can run a modified |
Looks good to me. Could there go anything other wrong than a transaction becoming invalid because an input disappeared? (this of course would not be really wrong) |
It's a very good question, it's part of my "unknown unknowns" and why I'm curious to get feedback from more people here. |
1bb2526
to
4e4d7c0
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ACK 4e4d7c0
Some comments below.
ACK 0709545 |
0709545
to
a5c3d9c
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ACK a5c3d9c
Happy to re-ack for #21359 (comment) and #21359 (comment).
a5c3d9c
to
2bf0b1e
Compare
ce70f32
to
1b1dad3
Compare
re-ACK 1b1dad3 |
@@ -3205,6 +3210,9 @@ static RPCHelpMan fundrawtransaction() | |||
{"options", RPCArg::Type::OBJ, RPCArg::Optional::OMITTED_NAMED_ARG, "for backward compatibility: passing in a true instead of an object will result in {\"includeWatching\":true}", | |||
{ | |||
{"add_inputs", RPCArg::Type::BOOL, RPCArg::Default{true}, "For a transaction with existing inputs, automatically include more if they are not enough."}, | |||
{"include_unsafe", RPCArg::Type::BOOL, RPCArg::Default{false}, "Include inputs that are not safe to spend (unconfirmed transactions from outside keys and unconfirmed replacement transactions).\n" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think "opt-in RBF" is better than "replacement" to qualify transactions which may be evicted of the mempool due to bip 125 rules.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It took the definition of fSafe
here:
Line 595 in 2b45cf0
bool fSafe; |
Is there consensus on updating this in every place where it's used?
@@ -4030,6 +4038,9 @@ static RPCHelpMan send() | |||
{"options", RPCArg::Type::OBJ, RPCArg::Optional::OMITTED_NAMED_ARG, "", | |||
{ | |||
{"add_inputs", RPCArg::Type::BOOL, RPCArg::Default{false}, "If inputs are specified, automatically include more if they are not enough."}, | |||
{"include_unsafe", RPCArg::Type::BOOL, RPCArg::Default{false}, "Include inputs that are not safe to spend (unconfirmed transactions from outside keys and unconfirmed replacement transactions).\n" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Did we already consider for spending replacement transactions from our wallets before this PR ? isRBFOptIn
doesn't seem used in FundTransaction
path. Unsafe inputs definition doesn't seem to be tied to replaceability only key externality ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not 100% I understand your comment. Are you saying that FundTransaction
doesn't check isRBFOptIn
, which means that the wallet may currently use unconfirmed outputs from replaceable txs if they're our own txs (which could be an issue because we could replace that tx and invalidate its children)?
Allow RPC users to opt-in to unsafe inputs when funding a raw transaction. Applications that need to manage a complex RBF flow (such as lightning nodes using anchor outputs) are very limited if they can only use safe inputs. Fixes bitcoin#21299
1b1dad3
to
11d6459
Compare
🕵️ @harding has been requested to review this pull request as specified in the REVIEWERS file. |
Code review ACK 11d6459 |
The fOnlySafe argument to AvailableCoins is now redundant, since bitcoin#21359 added a similar field inside the CCoinControl struct. Not all code paths set a CCoinControl instance, but when it's missing we can default to using only safe inputs which is backwards-compatible.
c30dd02 refactor: remove redundant fOnlySafe argument (t-bast) Pull request description: The `fOnlySafe` argument to `AvailableCoins` is now redundant, since #21359 added a similar field inside the `CCoinControl` struct (see #21359 (comment)). Not all code paths create a `CCoinControl` instance, but when it's missing we can default to using only safe inputs which is backwards-compatible. ACKs for top commit: instagibbs: utACK c30dd02 promag: Code review ACK c30dd02. achow101: ACK c30dd02 meshcollider: Code review + test run ACK c30dd02 Tree-SHA512: af3cb598d06f233fc48a7c9c45bb14da92b5cf4168b8dbd4f134dc3e0c2b615c6590238ddb1eaf380aea5bbdd3386d2ac8ecd7d22dfc93579adc39248542839b
Allow RPC users to opt-in to unsafe inputs when funding a raw transaction. Applications that need to manage a complex RBF flow (such as lightning nodes using anchor outputs) are very limited if they can only use safe inputs. Fixes bitcoin#21299 Github-Pull: bitcoin#21359 Rebased-From: 11d6459
I hacked up rpc_fundrawtransaction.py a little bit because our `get_address` method here depends on nobody having called `createwallet` on a particular node ... the "correct" fix for this would be to redo the Elements changes to this functional test for the 0.20+ createwallet changes, but because there will be big future changes to this test (in Elements #900 (PSET)) I did the quick/hacky thing, and will defer cleanups to a separate post-rebase PR.
Allow RPC users to opt-in to unsafe inputs when funding a raw transaction.
Applications that need to manage a complex RBF flow (such as lightning nodes using anchor outputs) are very limited if they can only use safe inputs.
I also added this option to
send
andwalletcreatefundedpsbt
who internally delegate tofundrawtransaction
.Fixes #21299