Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

address reuse if generating multiple receive addresses #2340

Closed
btcpirate opened this issue Sep 24, 2019 · 8 comments · Fixed by #2688
Closed

address reuse if generating multiple receive addresses #2340

btcpirate opened this issue Sep 24, 2019 · 8 comments · Fixed by #2688
Assignees
Projects

Comments

@btcpirate
Copy link

@btcpirate btcpirate commented Sep 24, 2019

After trying to produce multiple receive addresses i have found that wasabi recreates the same public keys after around 10 to 20 addresses. I have replicated this issue with three new wasabi wallets version v.1.1.9. on a mac os.
This might be a risk for people that are generating multiple receive addresses for later usage and are not checking each of them (most people would not) So it leads to people reusing addresses without knowing it and what makes it worse is that they are thinking that address reuse is not possible in wasabi.
Attached a list of freshly created addresses with multiple similar addresses generated with a wallet that wont be used to showcase the issue:

bc1q9vqnjj5f4a7mens7ez8396qsmd2xk5mfkz6s9m
bc1qufdkwe5ujwg30k270kpzvqnnav9evhfyytng3l
bc1qxsqf9wpvc464zxvs7ay8cd5jsnqejejyqyf8l6
bc1qe70vf6p5njq2ccrvhvuv98sg7uwsu6r8h07jqn
bc1qku4zwydhk5u8wuawlprqjuhfpcm4w0qyuh7x83
bc1qcvk7mvj8z03y07szwgtnwxq4qcnu7ahdjpjfe0
bc1q9y76u8rm67stz3cql2ztryhyws6jnkkqyprqdt
bc1qtq5rgygssp7yhrjjpar95dzl8xpa7l7d33sxww
bc1q9dr9mkl73j8hv2v990939g47n424d2684n03h9
bc1qv6nd5jzy3n7d3dwnrqnvds24ec36k4s75ar09m
bc1qyvg76dysaawck9tv3qxpjxt284h44kjagvvll2
bc1qxsqf9wpvc464zxvs7ay8cd5jsnqejejyqyf8l6
bc1qmax52swcwus3389fcc83qc4n80vcashxyz8t0l
bc1q9vqnjj5f4a7mens7ez8396qsmd2xk5mfkz6s9m
bc1q0atz2n85j7mjg2tgqef8w0k5slu2mcje7sagrk
bc1qe70vf6p5njq2ccrvhvuv98sg7uwsu6r8h07jqn
bc1quxh9jzrfwpyle7cx6a38c3z7ygsylcp2e38kg7
bc1qku4zwydhk5u8wuawlprqjuhfpcm4w0qyuh7x83
bc1qrunrntpc5q33g27xwa7ukm5xjs0d3dyw43g9rs
bc1qxsqf9wpvc464zxvs7ay8cd5jsnqejejyqyf8l6
bc1qx4dc39wz085d8xru9v96af2xmegzzmwecvlrqd
bc1qmax52swcwus3389fcc83qc4n80vcashxyz8t0l
bc1q8eesx5050w4qe5z8wm00qph0tcu37hepx56rh6
bc1qtq5rgygssp7yhrjjpar95dzl8xpa7l7d33sxww
bc1q0atz2n85j7mjg2tgqef8w0k5slu2mcje7sagrk
bc1qv6nd5jzy3n7d3dwnrqnvds24ec36k4s75ar09m
bc1q9vqnjj5f4a7mens7ez8396qsmd2xk5mfkz6s9m
bc1qufdkwe5ujwg30k270kpzvqnnav9evhfyytng3l
bc1qxsqf9wpvc464zxvs7ay8cd5jsnqejejyqyf8l6
bc1qyvg76dysaawck9tv3qxpjxt284h44kjagvvll2
bc1q8eesx5050w4qe5z8wm00qph0tcu37hepx56rh6
bc1qjc8hcyn7g4ge54tqj8rd7k5fk5nhkwfmqe2qd5
bc1qmkj38pvvdyezeycvkx2any4c43m6x7hy45fgp9
bc1qtq5rgygssp7yhrjjpar95dzl8xpa7l7d33sxww
bc1q6rq535w24kvdxe6tta5sx7d7e9lhgep3fuu63d
bc1qmax52swcwus3389fcc83qc4n80vcashxyz8t0l
bc1qypf8cdu577qp4vrkkfyv5ecgch23pna6wf8jdt
bc1q9vqnjj5f4a7mens7ez8396qsmd2xk5mfkz6s9m
bc1qrunrntpc5q33g27xwa7ukm5xjs0d3dyw43g9rs
bc1q0atz2n85j7mjg2tgqef8w0k5slu2mcje7sagrk
bc1quxh9jzrfwpyle7cx6a38c3z7ygsylcp2e38kg7
bc1qx4dc39wz085d8xru9v96af2xmegzzmwecvlrqd
bc1qmkj38pvvdyezeycvkx2any4c43m6x7hy45fgp9
bc1q8eesx5050w4qe5z8wm00qph0tcu37hepx56rh6
bc1qmax52swcwus3389fcc83qc4n80vcashxyz8t0l
bc1qxsqf9wpvc464zxvs7ay8cd5jsnqejejyqyf8l6
bc1q9y76u8rm67stz3cql2ztryhyws6jnkkqyprqdt
bc1qv6nd5jzy3n7d3dwnrqnvds24ec36k4s75ar09m

@yahiheb yahiheb added the debug label Sep 24, 2019
@yahiheb

This comment has been minimized.

Copy link
Collaborator

@yahiheb yahiheb commented Sep 24, 2019

This is not a bug, it is related to the json property MinGapLimit in the wallet file. comment

i have found that wasabi recreates the same public keys after around 10 to 20 addresses

It recreates the addresses if there is 21 unused addresses.

This might be a risk for people that are generating multiple receive addresses for later usage and are not checking each of them (most people would not) So it leads to people reusing addresses without knowing it and what makes it worse is that they are thinking that address reuse is not possible in wasabi.

If people use Wasabi Wallet to determine the usage of the created addresses (with help of the labels) I think there is no risk. Because when you generate a supposedly new address you will give it a specific new label, this label will replace the label of the same previously generated address.

Now if you tell me that whenever you generate an address you copy it with its label to some file to use it later, then yes that can be a risk.

@btcpirate

This comment has been minimized.

Copy link
Author

@btcpirate btcpirate commented Sep 24, 2019

i see, thx for information.

is there a way to genereate more new unique/fresh addresses without funding the previous ones?

@yahiheb

This comment has been minimized.

Copy link
Collaborator

@yahiheb yahiheb commented Sep 25, 2019

Go to File/Open/Wallet Folder and open your wallet file.
Close Wasabi Wallet.
Edit the MinGapLimit json property in the wallet file.

Notes

  • This is not a gap limit. Wasabi may very well generate and monitor more addresses than this if needed, thus the name minimum gap limit.
  • It cannot be less than 21. If you set it smaller than 21, then Wasabi will autocorrect it to 21.
  • Why 21? Because there can be only 21 million bitcoins.
  • Issues can happen at wallet recovery if it's forgotten to be set to the same value again. So at wallet recovery, don't forget to set the min gap limit again.
  • This can be only set after a wallet has been successfully generated, recovered or imported.
@nopara73

This comment has been minimized.

Copy link
Collaborator

@nopara73 nopara73 commented Sep 25, 2019

This is correct. After many unused addresses we don't generate more to avoid wallet bloat. Considering we had numerous wallet bloat issues in the past and possibly even today the recovery process is problematic, there's no perfect solution here, but to live with this compromise.

@nopara73 nopara73 closed this Sep 25, 2019
@MaxHillebrand

This comment has been minimized.

Copy link
Collaborator

@MaxHillebrand MaxHillebrand commented Sep 25, 2019

Can/should we add a warning message that the same address is re-generated?

@btcpirate

This comment has been minimized.

Copy link
Author

@btcpirate btcpirate commented Sep 25, 2019

i think that would be very important, if there is no warning it will happen that people are reusing addresses 100%

@nopara73

This comment has been minimized.

Copy link
Collaborator

@nopara73 nopara73 commented Sep 25, 2019

Can/should we add a warning message that the same address is re-generated?

Good idea. Then, this issue is waiting for Avalonia notifications.

@nopara73

This comment has been minimized.

Copy link
Collaborator

@nopara73 nopara73 commented Nov 30, 2019

Fixed here: #2688 Not recycling anymore, but increase the gap limit on too much address generation with a warning notification.

1.1.10 automation moved this from ToDo to Done Dec 1, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
1.1.10
  
Done
5 participants
You can’t perform that action at this time.