Add SegWit support to importmulti

[meshcollider]

Add support for segwit to importmulti, supports P2WSH, P2WPKH, P2SH-P2WPKH, P2SH-P2WSH. Adds a new witnessscript parameter which must be used for the witness scripts in the relevant situations.

Also includes some tests for the various import types.

Also makes the change in #14019 redundant, but cherry-picks the test from that PR to test the behavior (@achow101).

Fixes #12253, also addresses the second point in #12703, and fixes #14407

[DrahtBot]

Reviewers, this pull request conflicts with the following ones:

• rpc: Early call once CWallet::MarkDirty in import calls #14303 (rpc: Early call once CWallet::MarkDirty in import calls by promag)
• Import watch only pubkeys to the keypool if private keys are disabled #14075 (Import watch only pubkeys to the keypool if private keys are disabled by achow101)

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

[practicalswift]

No longer needed?

[practicalswift]

Use another variable name to avoid shadowing existing local variable vData :-)

[meshcollider]

Thanks for reviewing @practicalswift, both comments addressed :)

[achow101]

Concept ACK

59f8e547130fc1cb756da7d990f65445ca196f5f could be squashed into 24092b3402693d8a2c39b640db18748b168863e9

acdba74ee011bfcafc9f28b528918815b1de4920 seems to be an unrelated change

[achow101]

Instead of checking that strRedeemScript is not empty, this should check that strWitnessScript is empty. Or it could check both: !strRedeemScript.empty() && strWitnessScript.empty().

[meshcollider]

It should be possible to provide a P2WSH scriptPubKey without providing the witness script for it, e.g. watch only, so I don't think that's right

[achow101]

I think checking both covers that case.

[meshcollider]

Checking both would mean that if witnessScript and redeemScript were both present, it would allow it, which makes no sense if its not a P2WSH address

[Sjors]

P2WSH scriptPubKey without providing the witness script for it, e.g. watch only

Do we already support that? And test it? If not, maybe it's easier to just treat it as P2SH until we know the witnessScript.

[sipa]

@Sjors Yes, of course, just importaddress it. It probably works fine without this PR even.

[Sjors]

@sipa so we currently support importing a 3... address as watch-only, but the wallet doesn't know or care if it's SegWit or not. The new code here is for a scenario where you do know it's SegWit script.IsPayToWitnessScriptHash(), which means you know the strRedeemScript, but you don't know the strWitnessScript. That seems a strange situation. Why would anyone give you the legacy redeem script but not the Segwit witness script?

[sipa]

@Sjors I have no idea what you're talking about. This is about the case where you're importing a bech32 P2WSH address (no P2SH), without revealing the script inside - which is a totally reasonable thing if you don't care about solvability.

[Sjors]

@sipa I see, I may have gotten confused because Github is showing if (isP2SH && !IsHex(strRedeemScript as the deleted line, but this thread is about an earlier code branch.

[achow101]

nit: snake_case

[achow101]

nit: snake_case

[achow101]

nit: snake_case

[achow101]

nit: snake_case

[achow101]

This error wouldn't make sense if only pubkeys were given.

[achow101]

Instead of checking pubkey size, check validity? (e.g. use IsValid() or IsFullyValid())

[meshcollider]

IsValid() just performs the same size check anyway, but yep I'll do that for the sake of clarity, I don't think we need an IsFullyValid() check here

[meshcollider]

Thanks @achow101, addressed all your points

[sipa]

@meshcollider I don't think it's necessary to import the pubkeys involved separately anymore since #14424, and in fact that sounds very dangerous (you could be tricked into importing a 2-of-3 multisig where you have 2 of the keys, but then receiving a payment to a P2PKH of the third key, and seeing it treated towards your watch-only balance). NACK until that is fixed (or at least restricted to not have that issue, but I believe that rebasing on 14424 will be sufficient).

[meshcollider]

@sipa good point, fixed, and rebased on master to include the public key fix

[sipa]

I think there are a few things that need fixing:

• There doesn't seem to be code for P2SH-P2WPKH (which matters at least when passing in a pubkey in that case, which won't be imported).
• The added tests only cover whether importmulti returns true, not whether it actually imported anything.
• The added tests are restricted to watchonly and spendable cases, but no solvable-but-not-spendable ones.

[meshcollider]

I believe I've addressed the points, thanks for the feedback so far

[sipa]

Concept ACK

[sipa]

I think it may make sense to repeat the trick from the P2SH block of 'descending' into scriptPubKey/address of the redeemscript, to the P2WSH block, and then do P2PK/P2PKH/P2WPKH as a totally new case rather than an else branch. This would make the code work correctly for P2PK/P2PKH nested inside P2WSH (maybe track that you don't permit P2WPKH inside P2WSH though).

[sipa]

There are a number more scenarios that make sense to test, I think:

• Address based import (without key/script) of P2WSH-multisig
• For all of P2WPKH, P2WSH-multisig, P2SH-P2WPKH, P2SH-P2WSH-multisig, versions with script/pubkey but no private key, and test that the result is solvable.
• P2WPKH with private key, result must be spendable (not just watchonly)
• P2WSH-multisig and P2SH-multisig with more than 1 key, where some of the keys are specified as private keys, and some as public keys.

[Sjors]

Re "Address based import", should this result in the following?

  "ismine": false,
  "iswatchonly": true,
  "issolvable": false,
  "isscript": true,
  "iswitness": true,
  "witness_version": 0

Re "must be spendable", this means "ismine": true and "iswatchonly": false?

[sipa]

@Sjors Correct.

[Sjors]

Concept ACK.

I tested 65ecf2d importing a watch-only bech32 address, which worked.

I also tested importing a watch-only p2sh-p2wpkh address like so: importmulti '[{"scriptPubKey": {"address": "2NFiDQiCdRYaRUdWMerff1qSTR4EC7zSBmB"}, "timestamp": "now", "pubkeys": ["03f33112792b07e9994933287ea71069d94176225f745822e47151d39e754d957f"]}]'. This is considered "issolvable": false. Once I add the private key it does know how to solve it.

Code looks good to me, but I don't pretend to understand all the edge cases involved. The tests really help illustrate it, so the more the better, see Sipa's suggestions:
480cba3#r225796932)

[Sjors]

Suggested change

	throw JSONRPCError(RPC_INVALID_PARAMETER, "Invalid scriptPubKey");
	throw JSONRPCError(RPC_INVALID_PARAMETER, "scriptPubKey must be string with script or JSON with address string");

[Sjors]

I'm not sure how the code suggestion feature works. I suspect it creates a new commit, in which case it's better to just copy-paste the text and amend an existing commit.

[Sjors]

Suggest using the same error message as the above comment: Internal addresses should not have a label

[instagibbs]

Could we also get a test for this?

[Sjors]

P2WSH scriptPubKey without providing the witness script for it, e.g. watch only

Do we already support that? And test it? If not, maybe it's easier to just treat it as P2SH until we know the witnessScript.

[Sjors]

Maybe move this function to a different file? Unless dump means dumping ground :-)

I understand if you prefer to keep this PR simple though.

[sipa]

It's specific to importing things, though, which is the scope of rpcdump.cpp?

[Sjors]

Re "Address based import", should this result in the following?

  "ismine": false,
  "iswatchonly": true,
  "issolvable": false,
  "isscript": true,
  "iswitness": true,
  "witness_version": 0

Re "must be spendable", this means "ismine": true and "iswatchonly": false?

[instagibbs]

Good time to give a more descriptive error?

[instagibbs]

Could we also get a test for this?

[instagibbs]

wording suggestion: "P2WSH addresses have an empty redeemscript. Please provide the witnessscript instead."

[instagibbs]

suggestion: "Invalid redeem script: must be hex string"

[instagibbs]

while we're here could we rename this to something more self-documenting?

[meshcollider]

@instagibbs what do you suggest? script_or_address?

[instagibbs]

I understand this is a transient commit, but could there be a TODO P2SH-P2WPKH comment somewhere around here?

[instagibbs]

// (P2SH-)P2WSH

Makes it more clear to me that the above block changed the script

[instagibbs]

And same thing with: // P2PK/P2PKH/P2WPKH

[instagibbs]

scriptpubkey_script more self-explanatory? "original" is context dependent.

[instagibbs]

scriptpubkey_dest more self-explanatory? "original" is context dependent.

[meshcollider]

All comments so far are addressed, lots more tests added. Thanks @sipa, @instagibbs, @Sjors

[Sjors]

@meshcollider I'm still seeing the same behavior I described above when importing a p2sh-p2wpkh address using just the address and public key.

[sipa]

@Sjors You need the redeemscript to make your example solvable (otherwise there is no way for the matcher to go from a P2SH hash to knowing what script the hash is of).

With the private key the weird-evil-but-necessary magic behaviour that causes us to automatically recognize P2WPKH and P2SH-P2WPKH payments to known private keys triggers.

[Sjors]

Your wording suggests you're not a fan of adding that weird-evil-but-optional magic behavior to the (very common) case of having one public key?

[meshcollider]

@Sjors I'm not really a fan of it, this code is already edge-cased enough without adding more ifs to test for, but I'm happy to add it if you really think its worthwhile.

[sipa]

@Sjors No, but I have suggested something else before, which would perhaps also solve your issue, namely that for all single-key schemes you can just provide the pubkey, and importmulti would automatically try the different schemes to see which matches your address/script.

At the very least, something for another PR, though.

[meshcollider]

And such a case would be so easy with descriptors too ;)

[Sjors]

I'm fine with focusing on descriptors, since those are an order of magnitude more intuitive than the current importmulti syntax.

[meshcollider]

Comments addressed + squashed some commits together

[sipa]

A small issue still: for P2SH-P2WSH it's unnecessary (and undesirable, I think) to also import the inner P2WSH script as watch-only.

It's not necessary because we're already marking the P2SH-P2WSH script as watch-only, and for solvability all we need is AddCScript, not AddWatchOnly.

It's undesirable because it will cause us to treat payments to the P2WSH address as watchonly IsMine (instead of just the P2SH-P2WSH version).

[meshcollider]

Good point, fixed

[Sjors]

I added a few more questions inline, hopefully merely to reduce my own confusion.

My above concerns are addressed in e4a66bb, modulo two tests that @sipa requested and are either missing or I overlooked them.

The added tests only cover whether importmulti returns true, not whether it actually imported anything.

This is done now by checking properties via getaddressinfo.

The added tests are restricted to watchonly and spendable cases, but no solvable-but-not-spendable ones.

Some of the ['solvable'], True) tests now check that ['ismine'], False, but none check for iswatchonly'],False].

Address based import (without key/script) of P2WSH-multisig

Covered in # P2WSH multisig address without scripts or keys and # P2SH-P2WSH 1-of-1 multisig + redeemscript with no private key

For all of P2WPKH, P2WSH-multisig, P2SH-P2WPKH, P2SH-P2WSH-multisig, versions with script/pubkey but no private key, and test that the result is solvable.

I think this one is still missing for P2WSH multisig, between the # P2WSH multisig address without scripts or keys and # Same P2WSH multisig address as above, but now with witnessscript + private keys tests?

P2WPKH with private key, result must be spendable (not just watchonly)

Where "spendable" means ("ismine": true and "iswatchonly": false). This is done.

P2WSH-multisig and P2SH-multisig with more than 1 key, where some of the keys are specified as private keys, and some as public keys.

Missing?

I made a commit that checks solvable for all legacy scenarios as well: Sjors@02d553b

[Sjors]

@sipa can you remind me why a Native Pay-to-Witness-Public-Key-Hash isn't solvable, even though legacy Pay-to-Public-Key-Hash addresses are? Is that just to reduce evil magic like in the P2SH-P2PKH case?
If so, maybe add a comment in the test or in the RPC doc?

[sipa]

In this example it's not solvable because the public key isn't included. It has nothing to do with the script/witness hashing type.

In general, solvability is very easy. Start at the scriptPubKey. Whenever it includes a script hash, we must receive the actual script, and recurse into it. Whenever you encounter a pubkey hash, we must receive the actual public key. A scriptPubKey is solvable whenever you can descend all the way to scripts and pubkeys without any hashes of unknown things.

The only exception to that is that whenever you have a private key X, we also automatically import the P2WPKH and P2SH-P2WPKH versions of it, so no separate importing is needed in that case.

[Sjors]

In this example it's not solvable because the public key isn't included.

OK, that makes sense. Actually I misread the legacy test: it does add the public key, which why it's solvable.

[sipa]

utACK e4a66bb. As @Sjors points out there are some combinations for which tests can be added, but I think that can be done later.

Please squash fixups?

[meshcollider]

Squashed fixups into their respective commits, thanks for the review :)

[sipa]

utACK c11875c

[instagibbs]

utACK

[instagibbs]

nit: if "sigsrequired" and "ismine" aren't in results can we assert their absence here?

[instagibbs]

nit: ismine?

[promag]

Could have release note.

[promag]

First time using RTTI? Maybe it could be avoided?

BTW, didn't test but I don't see variant::type() in boost 1.47 documentation.

[meshcollider]

@promag it seems to be there: https://www.boost.org/doc/libs/1_47_0/doc/html/boost/variant.html
I could also do dest.which() == 1 || dest.which() == 4 but that's very unclear, or define a new enum of the types, but that seemed over the top unless there's a good reason to avoid RTTI?

[promag]

Indeed it's in 1.47. Anyway this is removed in #14565.

[achow101]

utACK 201451b

[laanwj]

looks good to me, adding the solvable to getaddressinfo makes a lot of sense, and tests also look good to me
utACK c11875c