New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
client: add support for dcr spv wallets #788
Conversation
a669641
to
81a850c
Compare
4673470
to
7862ae4
Compare
The commit message on 9b51633 provides my reasoning for making clients re-audit contracts before acting. Copied below for posterity:
The risk of fund loss I describe above feels less real than when I first thought about it. I've made that change a separate commit so I can easily remove it if the risk identified is not realistic. |
Yeah barring hash collisions, I don't think the txns are malleable in any way that is significant for the counterparty, but checking again sounds just fine to me. |
I plan to add some new tests but code's set for review in the meantime. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oops.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Partial review. I'm still going through externaltx.go, but I wanted to point out the block header thing.
af92dec
to
1f6423c
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Code mostly makes sense, but there are somethings I think you can help me understand, plus I need to actually fire up dcrwallet with --spv
to test.
1f6423c
to
6ab26fc
Compare
- Don't error for missing dcrdjsonrpcapi, instead set wallet.spvMode=true. - Replace getblockchaininfo with syncstatus to determine sync status.
There is a very slight possibility that contract outputs that pass audit while in mempool or in some cases before they are broadcasted (rawtx audit) may differ from the output later observed in a block for the same coin. This risk is higher for spv wallets that will mostly only perform audits on rawtxs before broadcasting the txs, without a guarantee that the tx is accepted to the mempool. A malicious actor could broadcast a different tx with same hash (theoretically possible) but with a different output at the expected vout index. There is risk of funds if clients only later check that the hash for the earlier-audited tx is found in a block and proceed to send their counter swap or expose their contract secret via a redemption. This commit aims to mitigate that risk by repeating contract audits after the initial tx hash is observed on the blockchain, ensuring that the tx now observed on the blockchain is as desired.
The getrawtransaction rpc requires txindex to be enabled on full nodes but clients may run full nodes without enabling txindex as it is not a requirement. Use gettransaction where possible instead of getrawtransaction to avoid errors when clients use full nodes without txindex enabled.
fix dcr harness spv wallets startup issues fix SwapConfirmations error for wallet contracts fix output spent check bug and repaired log messages
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the follow through. This seems solid now.
I'll be following up quickly to propose some small changes to the Wallet
interface.
9ae9f12
to
a991e82
Compare
a991e82
to
b20b179
Compare
The following is a summary of changes made to support dcr spv wallets:
gettxout
andgettransaction
can't find a tx. Both rpcs only returns results for wallet unspent outputs.The dcr harness is modified to use SPV for the second trading wallet to facilitate testing.