Identify non-standard received legacy enotes

[SNeedlewoods]

This should address the issue #27

[j-berman]

Suggested change

	for (std::size_t enote_index{0}; legacy_additional_enote_ephemeral_pubkeys.size() > 0 &&
	for (std::size_t enote_index{0}; enote_index < legacy_additional_enote_ephemeral_pubkeys.size() && enote_index < enotes_in_tx.size(); ++enote_index)

Otherwise it's UB it can segfault if legacy_additional_enote_ephemeral_pubkeys.size() > 0 && legacy_additional_enote_ephemeral_pubkeys.size() < enotes_in_tx.size()

[SNeedlewoods]

Oopsie,
thanks for the review :)

[j-berman]

This looks like another mismatch to wallet2. wallet2 skips processing the transaction's enotes entirely if there is no main enote ephemeral pub key:

https://github.com/monero-project/monero/blob/ac02af92867590ca80b2779a7bbeafa99ff94dcb/src/wallet/wallet2.cpp#L2285-L2294

Can be handled in a follow-up PR, but I would suggest extract_legacy_enote_ephemeral_pubkeys_from_tx_extra can just return false if there is no main enote ephemeral pub key (don't even add rct::I), and try_find_legacy_enotes_in_tx can also return false immediately in that case too (and not process additional tx pub keys).

[j-berman]

To be clear, this comment is totally unrelated to this PR and this looks like a distinct issue already present :)

[UkoeHB]

I don't think it is necessary to replicate this particular quirk of wallet2's spaghetti, since it is strictly a 'feature reduction'.

[j-berman]

Ya I was debating this. Fine with me to keep it

[j-berman]

Biggest issue I can think of is you could theoretically send dust to someone who confirms / denies receipt in order to see if they're running a Seraphis lib wallet versus wallet2

[UkoeHB]

Biggest issue I can think of is you could theoretically send dust to someone who confirms / denies receipt in order to see if they're running a Seraphis lib wallet versus wallet2

Don't think this is significant enough to warrant a change.

[j-berman]

Good to squash, thanks :)

[UkoeHB]

I don't think it is necessary to replicate this particular quirk of wallet2's spaghetti, since it is strictly a 'feature reduction'.

[UkoeHB]

Suggested change

	// - this step is automatically skipped if legacy_additional_enote_ephemeral_pubkeys.size() == 0
	crypto::key_derivation temp_DH_derivation;
	std::vector<crypto::key_derivation> temp_DH_derivations;
	// - this step is automatically skipped if legacy_additional_enote_ephemeral_pubkeys.size() == 0
	crypto::key_derivation temp_DH_derivation;
	std::vector<crypto::key_derivation> temp_DH_derivations{};
	temp_DH_derivations.reserve(legacy_main_enote_ephemeral_pubkeys.size());

Also, move temp_DH_derivations closer to where it will be used so this allocation is below the early-return.

[UkoeHB]

I'd honestly go even further and make a variant<rct::key, vec<rct::key>> for this and legacy_main_enote_ephemeral_pubkeys since most of the time there will only be one normal pubkey, and this function is right on the hot path.

[SNeedlewoods]

I tried to implement this suggestion, but I'm not sure about it.
E.g. the castings between crypto::key_derivation<->rct::key<->crypto::public_key seem messy.
Also I initialize the variant legacy_main_enote_ephemeral_pubkey to rct::key, but then in extract_legacy_enote_ephemeral_pubkeys_from_tx_extra() I set it to rct::keyV, because this way the function needs less changes, but not sure if that defeats the whole purpose of introducing the new variant.