-
Notifications
You must be signed in to change notification settings - Fork 36.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make signrawtransaction* give an error when amount is needed but missing #13547
Conversation
Signatures using segregated witness commit to the amount being spent, so that value must be passed into signrawtransactionwithkey and signrawtransactionwithwallet. This ensures an error is issued if that doesn't happen, rather than just assuming the value is 0 and producing a signature that is almost certainly invalid.
Note that this does the signature, and then checks if it didn't make sense. It might be cleaner to work out if the scriptPubKey implies segwit is used and not do the signature at all, but that seemed a bit more invasive. It's currently missing tests to check signrawtransactionwithkey also fails correctly. |
Note to reviewers: This pull request conflicts with the following ones:
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first. |
Either works. Remaining differences are a few incidental invalid call tests and returning without updating the input on mine. @ajtowns? |
succ = self.nodes[0].signrawtransactionwithwallet(rawtx, [prevtx]) | ||
assert succ["complete"] | ||
|
||
if type != "legacy": |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like this condition is false when the above is true, so a plain else
seems more appropriate. Also, could move the del prevtx["amount"]
out of the scopes of the if-else and drop the line below this one?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Alternatively remove the prevtx
variable from the patch and always pass a fresh dict to signrawtransactionwithwallet
: prevtxs=dict(txid=txid, amount missing...)
utACK 685d1d8 tests only (haven't looked at the code changes, feel free to ignore my style nits) |
@@ -811,7 +811,7 @@ UniValue SignTransaction(CMutableTransaction& mtx, const UniValue& prevTxsUnival | |||
} | |||
Coin newcoin; | |||
newcoin.out.scriptPubKey = scriptPubKey; | |||
newcoin.out.nValue = 0; | |||
newcoin.out.nValue = MAX_MONEY; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
isn't MAX_MONEY theoretically a valid amount to send?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I left a similar comment in #12458 (review), which has been addressed by @Empact in a163673.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, MAX_MONEY
is defined as 21000000 BTC, but the actual maximum is 20999999.97690000 BTC so you couldn't actually have MAX_MONEY
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was wondering about the use of MAX_MONEY
understanding that it doesn't represent the maximum money supply (Note that this constant is *not* the total money supply, which in Bitcoin currently happens to be less than 21,000,000 BTC
), but still felt the need to comment on it, because it seemed a valid transaction amount to me on the basis of at least its documentation (No amount larger than this (in satoshi) is valid.
), the function MoneyRange
(which defines a range that includes MAX_MONEY
) and unit test vectors below.
Lines 17 to 27 in b641f60
/** No amount larger than this (in satoshi) is valid. | |
* | |
* Note that this constant is *not* the total money supply, which in Bitcoin | |
* currently happens to be less than 21,000,000 BTC for various reasons, but | |
* rather a sanity check. As this sanity check is used by consensus-critical | |
* validation code, the exact value of the MAX_MONEY constant is consensus | |
* critical; in unusual circumstances like a(nother) overflow bug that allowed | |
* for the creation of coins out of thin air modification could lead to a fork. | |
* */ | |
static const CAmount MAX_MONEY = 21000000 * COIN; | |
inline bool MoneyRange(const CAmount& nValue) { return (nValue >= 0 && nValue <= MAX_MONEY); } |
bitcoin/src/test/data/tx_valid.json
Lines 78 to 80 in b641f60
["MAX_MONEY output + 0 output"], | |
[[["0000000000000000000000000000000000000000000000000000000000000100", 0, "HASH160 0x14 0xb558cbf4930954aa6a344363a15668d7477ae716 EQUAL"]], | |
"01000000010001000000000000000000000000000000000000000000000000000000000000000000006d483045022027deccc14aa6668e78a8c9da3484fbcd4f9dcc9bb7d1b85146314b21b9ae4d86022100d0b43dece8cfb07348de0ca8bc5b86276fa88f7f2138381128b7c36ab2e42264012321029bb13463ddd5d2cc05da6e84e37536cb9525703cfd8f43afdb414988987a92f6acffffffff020040075af075070001510000000000000000015100000000", "P2SH"], |
bitcoin/src/test/data/tx_invalid.json
Lines 45 to 47 in b641f60
["MAX_MONEY output + 1 output"], | |
[[["0000000000000000000000000000000000000000000000000000000000000100", 0, "HASH160 0x14 0xb558cbf4930954aa6a344363a15668d7477ae716 EQUAL"]], | |
"01000000010001000000000000000000000000000000000000000000000000000000000000000000006d483045022027deccc14aa6668e78a8c9da3484fbcd4f9dcc9bb7d1b85146314b21b9ae4d86022100d0b43dece8cfb07348de0ca8bc5b86276fa88f7f2138381128b7c36ab2e42264012321029bb13463ddd5d2cc05da6e84e37536cb9525703cfd8f43afdb414988987a92f6acffffffff020040075af075070001510001000000000000015100000000", "P2SH"], |
To me the amount MAX_MONEY
is as valid as the value 0
that it replaces, but admittedly I don't fully comprehend all the details.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please ignore the explanation why the use of MAX_MONEY
is confusing to me. I needed @sipa's confirmation #12458 (comment) to connect the dots.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@achow101 True, thanks. Ok with me then.
utACK 685d1d8 |
1 similar comment
utACK 685d1d8 |
…eeded but missing 685d1d8 [tests] Check signrawtransaction* errors on missing prevtx info (Anthony Towns) a3b065b Error on missing amount in signrawtransaction* (Anthony Towns) Pull request description: Signatures using segregated witness commit to the amount being spent, so that value must be passed into signrawtransactionwithkey and signrawtransactionwithwallet. This ensures an error is issued if that doesn't happen, rather than just assuming the value is 0 and producing a signature that is almost certainly invalid. Based on Ben Woosley's #12458, Fixes: #12429. Tree-SHA512: 8e2ff89d5bcf79548e569210af0d850028bc98d86c149b92207c9300ab1d63664a7e2b222c1be403a15941aa5cf36ccc3c0d570ee1c1466f3496b4fe06c17e11
Signatures using segregated witness commit to the amount being spent, so that value must be passed into signrawtransactionwithkey and signrawtransactionwithwallet. This ensures an error is issued if that doesn't happen, rather than just assuming the value is 0 and producing a signature that is almost certainly invalid. Github-Pull: bitcoin#13547 Rebased-From: a3b065b
Github-Pull: bitcoin#13547 Rebased-From: 685d1d8
…t is needed but missing 212ef1f [tests] Check signrawtransaction* errors on missing prevtx info (Anthony Towns) 1825e37 Error on missing amount in signrawtransaction* (Anthony Towns) Pull request description: Backport of #13547 to 0.16 Tree-SHA512: 7a660023b6948632a1f949443c18fa45add75ec8c36df1ebbaccd181dd1560c1bef460f061f8dab36b6a5df295eb4967effaa2cf55ea06b41d8f7562842a39ec
Signatures using segregated witness commit to the amount being spent, so that value must be passed into signrawtransactionwithkey and signrawtransactionwithwallet. This ensures an error is issued if that doesn't happen, rather than just assuming the value is 0 and producing a signature that is almost certainly invalid. Github-Pull: bitcoin#13547 Rebased-From: a3b065b
Github-Pull: bitcoin#13547 Rebased-From: 685d1d8
…nt is needed but missing 685d1d8 [tests] Check signrawtransaction* errors on missing prevtx info (Anthony Towns) a3b065b Error on missing amount in signrawtransaction* (Anthony Towns) Pull request description: Signatures using segregated witness commit to the amount being spent, so that value must be passed into signrawtransactionwithkey and signrawtransactionwithwallet. This ensures an error is issued if that doesn't happen, rather than just assuming the value is 0 and producing a signature that is almost certainly invalid. Based on Ben Woosley's bitcoin#12458, Fixes: bitcoin#12429. Tree-SHA512: 8e2ff89d5bcf79548e569210af0d850028bc98d86c149b92207c9300ab1d63664a7e2b222c1be403a15941aa5cf36ccc3c0d570ee1c1466f3496b4fe06c17e11
Summary: * Error on missing amount in signrawtransaction* Signatures using segregated witness commit to the amount being spent, so that value must be passed into signrawtransactionwithkey and signrawtransactionwithwallet. This ensures an error is issued if that doesn't happen, rather than just assuming the value is 0 and producing a signature that is almost certainly invalid. * [tests] Check signrawtransaction* errors on missing prevtx info Backport of Core [[bitcoin/bitcoin#13547 | PR13547]] Test Plan: ninja all check-all Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D8082
…nt is needed but missing 685d1d8 [tests] Check signrawtransaction* errors on missing prevtx info (Anthony Towns) a3b065b Error on missing amount in signrawtransaction* (Anthony Towns) Pull request description: Signatures using segregated witness commit to the amount being spent, so that value must be passed into signrawtransactionwithkey and signrawtransactionwithwallet. This ensures an error is issued if that doesn't happen, rather than just assuming the value is 0 and producing a signature that is almost certainly invalid. Based on Ben Woosley's bitcoin#12458, Fixes: bitcoin#12429. Tree-SHA512: 8e2ff89d5bcf79548e569210af0d850028bc98d86c149b92207c9300ab1d63664a7e2b222c1be403a15941aa5cf36ccc3c0d570ee1c1466f3496b4fe06c17e11
…nt is needed but missing 685d1d8 [tests] Check signrawtransaction* errors on missing prevtx info (Anthony Towns) a3b065b Error on missing amount in signrawtransaction* (Anthony Towns) Pull request description: Signatures using segregated witness commit to the amount being spent, so that value must be passed into signrawtransactionwithkey and signrawtransactionwithwallet. This ensures an error is issued if that doesn't happen, rather than just assuming the value is 0 and producing a signature that is almost certainly invalid. Based on Ben Woosley's bitcoin#12458, Fixes: bitcoin#12429. Tree-SHA512: 8e2ff89d5bcf79548e569210af0d850028bc98d86c149b92207c9300ab1d63664a7e2b222c1be403a15941aa5cf36ccc3c0d570ee1c1466f3496b4fe06c17e11
…nt is needed but missing 685d1d8 [tests] Check signrawtransaction* errors on missing prevtx info (Anthony Towns) a3b065b Error on missing amount in signrawtransaction* (Anthony Towns) Pull request description: Signatures using segregated witness commit to the amount being spent, so that value must be passed into signrawtransactionwithkey and signrawtransactionwithwallet. This ensures an error is issued if that doesn't happen, rather than just assuming the value is 0 and producing a signature that is almost certainly invalid. Based on Ben Woosley's bitcoin#12458, Fixes: bitcoin#12429. Tree-SHA512: 8e2ff89d5bcf79548e569210af0d850028bc98d86c149b92207c9300ab1d63664a7e2b222c1be403a15941aa5cf36ccc3c0d570ee1c1466f3496b4fe06c17e11
Signatures using segregated witness commit to the amount being spent, so that value must be passed into signrawtransactionwithkey and signrawtransactionwithwallet. This ensures an error is issued if that doesn't happen, rather than just assuming the value is 0 and producing a signature that is almost certainly invalid.
Based on Ben Woosley's #12458, Fixes: #12429.