Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unsafe reduce_output when new coins are added #28180

Closed
1 task done
Sjors opened this issue Jul 28, 2023 · 3 comments · Fixed by #28505
Closed
1 task done

Unsafe reduce_output when new coins are added #28180

Sjors opened this issue Jul 28, 2023 · 3 comments · Fixed by #28505
Labels
RPC/REST/ZMQ Wallet
Milestone
26.0

Comments

@Sjors
Copy link
Member

Sjors commented Jul 28, 2023

Is there an existing issue for this?

  • I have searched the existing issues

Current behaviour

See inline discussion at #26467 (comment)

@whitslack:

Consider the case where I am paying someone on chain under the stipulation that they will eat the mining fee. (Thus, I specify their address in subtractfeefrom when I'm constructing my transaction.) Later, they tell me that they can't wait for confirmation any longer and need an urgent fee bump. If I naïvely specify their output as the reduce_output, I may end up paying them much more than I intended to if I only have large UTxOs in my wallet.

Expected behaviour

Not sure.

Improving the docs is one option, but this behaviour seem quite counter intuitive.

My own suggestion:

Should we disable the adding of new inputs when reduce_output is set? If someone really intends to do that, they should probably use outputs.

Steps to reproduce

Haven't tried.

Relevant log output

No response

How did you obtain Bitcoin Core

Compiled from source

What version of Bitcoin Core are you using?

Master after #26467

Operating system and version

Any

Machine specifications

No response
@Sjors Sjors mentioned this issue Jul 28, 2023
Merged
@fanquake fanquake added this to the 26.0 milestone Jul 28, 2023
@maflcko maflcko added the Wallet label Jul 28, 2023
@furszy
Copy link
Member

furszy commented Jul 31, 2023
edited

Should we disable the adding of new inputs when reduce_output is set? If someone really intends to do that, they should probably use outputs.

I don't think so. This is more an implementation issue rather than a missing doc or a missing restriction.
This could also happen without someone intending to do it. For instance, could be a higher bump fee that make the tx require another input.

The issue arises because the code (as is now) mixes two different concepts; it treats the change output and the reduce output (output from where the fees will be taken) as they would be the same, when they are not. It can easily be seen here.
Instead of instructing the wallet to deduce the fee from certain output (by using SFFO), we discard the output from the recipients list and make the output script the custom change destination, so the wallet automatically adds the change output, at the end of the transaction creation process, going to the discarded output script, with an amount equal to the remainder: inputs - outputs - new_bump_fee.

To untangle the two concepts, we need to fix #27601 first. It is the reason why we drop the change output from the recipients list instead of simply mark it as SFFO (which would be the easiest implementation for a "reduce output" mechanism).

@maflcko
Copy link
Member

maflcko commented Sep 5, 2023

What is the status here? This is the only issue tagged 26.0 that doesn't have a pull request associated

@furszy
Copy link
Member

furszy commented Sep 5, 2023
edited

What is the status here? This is the only issue tagged 26.0 that doesn't have a pull request associated

Status is "waiting for others" in #27601 since July 27th. Happy to receive feedback on my last message there (#27601 (review)).

The reason why this happens is explained above #28180 (comment). if we manage to merge #27601 (in any form), we can fix this issue cleanly.

Basically, the only remaining point to discuss there is whether to have the transaction creation process automatically detecting change outputs when they match the custom change address or not.
I could also code a different version of the PR moving the automatic change output detection outside of the tx creation process too. Placing it on the upper layer (similar to what we do with the duplicate recipients check). But, in any case, concluding the discussion there prior to any changes would be preferable.

@furszy furszy mentioned this issue Sep 19, 2023
Merged
Frank-GER pushed a commit to syscoin/syscoin that referenced this issue Oct 5, 2023
@achow101
Merge bitcoin#28505: rpc: bumpfee, improve doc for 'reduce_output' arg
521291b 
b3db8c9 rpc: bumpfee, improve doc for 'reduce_output' arg (furszy)

Pull request description:

  Fixes bitcoin#28180. Resulted from discussions with S3RK, achow101, and Murch.

  The current argument name and description are dangerous as it don't
  describe the case where the user selects the recipient output as the
  change address. This one could end up been increased by the inputs
  minus outputs remainder. Which, when `bumpfee` adds new inputs
  to the transaction, leads the process to send more coins to the
  recipient. Which is not what the user would expect from a
  'reduce_output' param naming.

ACKs for top commit:
  S3RK:
    ACK b3db8c9
  achow101:
    ACK b3db8c9
  murchandamus:
    ACK b3db8c9

Tree-SHA512: 91f607e2f5849041d7c099afdddae11af8bed5b1ac90c9d22921267f272e21b44e107d6968e037f05f958a61fe29e94e5fb44b224fb3606f197f83ec4ba3b1e7
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
RPC/REST/ZMQ Wallet
Projects
None yet
Milestone
26.0
Development

Successfully merging a pull request may close this issue.

rpc: bumpfee, improve doc for 'reduce_output' arg furszy/bitcoin-core
4 participants
@Sjors @fanquake @furszy @maflcko