Make signrawtransaction* give an error when amount is needed but missing #13547
Conversation
Signatures using segregated witness commit to the amount being spent, so that value must be passed into signrawtransactionwithkey and signrawtransactionwithwallet. This ensures an error is issued if that doesn't happen, rather than just assuming the value is 0 and producing a signature that is almost certainly invalid.
|
Note that this does the signature, and then checks if it didn't make sense. It might be cleaner to work out if the scriptPubKey implies segwit is used and not do the signature at all, but that seemed a bit more invasive. It's currently missing tests to check signrawtransactionwithkey also fails correctly. |
Note to reviewers: This pull request conflicts with the following ones:
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first. |
|
Either works. Remaining differences are a few incidental invalid call tests and returning without updating the input on mine. @ajtowns? |
| succ = self.nodes[0].signrawtransactionwithwallet(rawtx, [prevtx]) | ||
| assert succ["complete"] | ||
|
|
||
| if type != "legacy": |
There was a problem hiding this comment.
Looks like this condition is false when the above is true, so a plain else seems more appropriate. Also, could move the del prevtx["amount"] out of the scopes of the if-else and drop the line below this one?
There was a problem hiding this comment.
Alternatively remove the prevtx variable from the patch and always pass a fresh dict to signrawtransactionwithwallet: prevtxs=dict(txid=txid, amount missing...)
|
utACK 685d1d8 tests only (haven't looked at the code changes, feel free to ignore my style nits) |
| @@ -811,7 +811,7 @@ UniValue SignTransaction(CMutableTransaction& mtx, const UniValue& prevTxsUnival | |||
| } | |||
| Coin newcoin; | |||
| newcoin.out.scriptPubKey = scriptPubKey; | |||
| newcoin.out.nValue = 0; | |||
| newcoin.out.nValue = MAX_MONEY; | |||
There was a problem hiding this comment.
isn't MAX_MONEY theoretically a valid amount to send?
There was a problem hiding this comment.
I left a similar comment in #12458 (review), which has been addressed by @Empact in a163673.
There was a problem hiding this comment.
No, MAX_MONEY is defined as 21000000 BTC, but the actual maximum is 20999999.97690000 BTC so you couldn't actually have MAX_MONEY.
There was a problem hiding this comment.
I was wondering about the use of MAX_MONEY understanding that it doesn't represent the maximum money supply (Note that this constant is *not* the total money supply, which in Bitcoin currently happens to be less than 21,000,000 BTC), but still felt the need to comment on it, because it seemed a valid transaction amount to me on the basis of at least its documentation (No amount larger than this (in satoshi) is valid.), the function MoneyRange (which defines a range that includes MAX_MONEY) and unit test vectors below.
Lines 17 to 27 in b641f60
bitcoin/src/test/data/tx_valid.json
Lines 78 to 80 in b641f60
bitcoin/src/test/data/tx_invalid.json
Lines 45 to 47 in b641f60
To me the amount MAX_MONEY is as valid as the value 0 that it replaces, but admittedly I don't fully comprehend all the details.
There was a problem hiding this comment.
Please ignore the explanation why the use of MAX_MONEY is confusing to me. I needed @sipa's confirmation #12458 (comment) to connect the dots.
There was a problem hiding this comment.
@achow101 True, thanks. Ok with me then.
|
utACK 685d1d8 |
1 similar comment
|
utACK 685d1d8 |
…eeded but missing 685d1d8 [tests] Check signrawtransaction* errors on missing prevtx info (Anthony Towns) a3b065b Error on missing amount in signrawtransaction* (Anthony Towns) Pull request description: Signatures using segregated witness commit to the amount being spent, so that value must be passed into signrawtransactionwithkey and signrawtransactionwithwallet. This ensures an error is issued if that doesn't happen, rather than just assuming the value is 0 and producing a signature that is almost certainly invalid. Based on Ben Woosley's #12458, Fixes: #12429. Tree-SHA512: 8e2ff89d5bcf79548e569210af0d850028bc98d86c149b92207c9300ab1d63664a7e2b222c1be403a15941aa5cf36ccc3c0d570ee1c1466f3496b4fe06c17e11
Signatures using segregated witness commit to the amount being spent, so that value must be passed into signrawtransactionwithkey and signrawtransactionwithwallet. This ensures an error is issued if that doesn't happen, rather than just assuming the value is 0 and producing a signature that is almost certainly invalid. Github-Pull: bitcoin#13547 Rebased-From: a3b065b
Github-Pull: bitcoin#13547 Rebased-From: 685d1d8
…t is needed but missing 212ef1f [tests] Check signrawtransaction* errors on missing prevtx info (Anthony Towns) 1825e37 Error on missing amount in signrawtransaction* (Anthony Towns) Pull request description: Backport of #13547 to 0.16 Tree-SHA512: 7a660023b6948632a1f949443c18fa45add75ec8c36df1ebbaccd181dd1560c1bef460f061f8dab36b6a5df295eb4967effaa2cf55ea06b41d8f7562842a39ec
Signatures using segregated witness commit to the amount being spent, so that value must be passed into signrawtransactionwithkey and signrawtransactionwithwallet. This ensures an error is issued if that doesn't happen, rather than just assuming the value is 0 and producing a signature that is almost certainly invalid. Github-Pull: bitcoin#13547 Rebased-From: a3b065b
Github-Pull: bitcoin#13547 Rebased-From: 685d1d8
…nt is needed but missing 685d1d8 [tests] Check signrawtransaction* errors on missing prevtx info (Anthony Towns) a3b065b Error on missing amount in signrawtransaction* (Anthony Towns) Pull request description: Signatures using segregated witness commit to the amount being spent, so that value must be passed into signrawtransactionwithkey and signrawtransactionwithwallet. This ensures an error is issued if that doesn't happen, rather than just assuming the value is 0 and producing a signature that is almost certainly invalid. Based on Ben Woosley's bitcoin#12458, Fixes: bitcoin#12429. Tree-SHA512: 8e2ff89d5bcf79548e569210af0d850028bc98d86c149b92207c9300ab1d63664a7e2b222c1be403a15941aa5cf36ccc3c0d570ee1c1466f3496b4fe06c17e11
Summary: * Error on missing amount in signrawtransaction* Signatures using segregated witness commit to the amount being spent, so that value must be passed into signrawtransactionwithkey and signrawtransactionwithwallet. This ensures an error is issued if that doesn't happen, rather than just assuming the value is 0 and producing a signature that is almost certainly invalid. * [tests] Check signrawtransaction* errors on missing prevtx info Backport of Core [[bitcoin/bitcoin#13547 | PR13547]] Test Plan: ninja all check-all Reviewers: #bitcoin_abc, Fabien Reviewed By: #bitcoin_abc, Fabien Differential Revision: https://reviews.bitcoinabc.org/D8082
…nt is needed but missing 685d1d8 [tests] Check signrawtransaction* errors on missing prevtx info (Anthony Towns) a3b065b Error on missing amount in signrawtransaction* (Anthony Towns) Pull request description: Signatures using segregated witness commit to the amount being spent, so that value must be passed into signrawtransactionwithkey and signrawtransactionwithwallet. This ensures an error is issued if that doesn't happen, rather than just assuming the value is 0 and producing a signature that is almost certainly invalid. Based on Ben Woosley's bitcoin#12458, Fixes: bitcoin#12429. Tree-SHA512: 8e2ff89d5bcf79548e569210af0d850028bc98d86c149b92207c9300ab1d63664a7e2b222c1be403a15941aa5cf36ccc3c0d570ee1c1466f3496b4fe06c17e11
…nt is needed but missing 685d1d8 [tests] Check signrawtransaction* errors on missing prevtx info (Anthony Towns) a3b065b Error on missing amount in signrawtransaction* (Anthony Towns) Pull request description: Signatures using segregated witness commit to the amount being spent, so that value must be passed into signrawtransactionwithkey and signrawtransactionwithwallet. This ensures an error is issued if that doesn't happen, rather than just assuming the value is 0 and producing a signature that is almost certainly invalid. Based on Ben Woosley's bitcoin#12458, Fixes: bitcoin#12429. Tree-SHA512: 8e2ff89d5bcf79548e569210af0d850028bc98d86c149b92207c9300ab1d63664a7e2b222c1be403a15941aa5cf36ccc3c0d570ee1c1466f3496b4fe06c17e11
…nt is needed but missing 685d1d8 [tests] Check signrawtransaction* errors on missing prevtx info (Anthony Towns) a3b065b Error on missing amount in signrawtransaction* (Anthony Towns) Pull request description: Signatures using segregated witness commit to the amount being spent, so that value must be passed into signrawtransactionwithkey and signrawtransactionwithwallet. This ensures an error is issued if that doesn't happen, rather than just assuming the value is 0 and producing a signature that is almost certainly invalid. Based on Ben Woosley's bitcoin#12458, Fixes: bitcoin#12429. Tree-SHA512: 8e2ff89d5bcf79548e569210af0d850028bc98d86c149b92207c9300ab1d63664a7e2b222c1be403a15941aa5cf36ccc3c0d570ee1c1466f3496b4fe06c17e11
Signatures using segregated witness commit to the amount being spent, so that value must be passed into signrawtransactionwithkey and signrawtransactionwithwallet. This ensures an error is issued if that doesn't happen, rather than just assuming the value is 0 and producing a signature that is almost certainly invalid.
Based on Ben Woosley's #12458, Fixes: #12429.