Since the introduction of the ScriptForMining callback, the mining
functions (setgenerate and generate) crash with an assertion failure
(due to a NULL pointer script returned) if the keypool is empty. Fix
this by giving a proper error.
d042854 SQUASH "Implement watchonly support in fundrawtransaction" (Matt Corallo)
428a898 SQUASH "Add have-pubkey distinction to ISMINE flags" (Matt Corallo)
6bdb474 Implement watchonly support in fundrawtransaction (Matt Corallo)
f5813bd Add logic to track pubkeys as watch-only, not just scripts (Matt Corallo)
d3354c5 Add have-pubkey distinction to ISMINE flags (Matt Corallo)
5c17059 Update importaddress help to push its use to script-only (Matt Corallo)
a1d7df3 Add importpubkey method to import a watch-only pubkey (Matt Corallo)
907a425 Add p2sh option to importaddress to import redeemScripts (Matt Corallo)
983d2d9 Split up importaddress into helper functions (Matt Corallo)
cfc3dd3 Also remove pay-2-pubkey from watch when adding a priv key (Matt Corallo)
Add error checking to CLevelDBWrapper for errors from
leveldb::DestroyDB(). Without it, if unlink() or DeleteFileW() fail to
delete files, they will fail silent. If they fail to delete any files,
CLevelDBWrapper will silently open and read the existing database.
Typically any permissions issues would be caught by leveldb as it churns
through many files as part of its compaction process, but it is
conceivable that this could cause problems on Windows with anti-virus
and indexing software.
7f1f8f5 Move mempool rejections to new debug category (Wladimir J. van der Laan)
66daed5 Add information to errors in ConnectBlock, CheckBlock (Wladimir J. van der Laan)
6cab808 Remove most logging from transaction validation (Wladimir J. van der Laan)
9003c7c Add function to convert CValidationState to a human-readable message (Wladimir J. van der Laan)
dc58258 Introduce REJECT_INTERNAL codes for local AcceptToMempool errors (Wladimir J. van der Laan)
fbf44e6 Add debug message to CValidationState for optional extra information (Wladimir J. van der Laan)
Move mempool rejections to debug category `mempoolrej`, to make it possible
to show them without enabling the entire category `mempool` which is
high volume.
Add detailed state information to the errors, as it is no longer being
logged downstream.
Also add the state information to mempool rejection debug message in
ProcessMessages.
Remove unnecessary direct logging in CheckTransaction,
AcceptToMemoryPool, CheckTxInputs, CScriptCheck::operator()
All status information should be returned in the CValidationState.
Relevant debug information is also added to the CValidationState using
the recently introduced debug message.
Do keep the "BUG! PLEASE REPORT THIS! ConnectInputs failed against MANDATORY but not STANDARD flags"
error as it is meant to appear as bug in the log.
Add status codes specific to AcceptToMempool procession of transactions.
These can never happen due to block validation, and must never be sent
over the P2P network. Add assertions where appropriate.
- It seems these might cause clients to get stuck in rare cases, plus we sync all of this information from the network when the client loads up anyway. I think it's best to disable these features and see if the clients stop getting stuck on random reboots.
627468d Add support for data-based outputs (OP_RETURN) to bitcoin-tx. (Pavel Janík)
d707853 Add OP_RETURN support in createrawtransaction RPC call, add tests. (Pavel Janík)
9493803 Revert "Revert "Assert on probable deadlocks if the second lock isnt try_lock"" (Cory Fields)
605433f locks: don't lock cs_wallet before making rpc calls (Cory Fields)
- add static verifySize() function to PaymentServer and move the logging
on error into the function
- also use the new function in the unit test
- the function checks if the size is allowed as per BIP70
- remove an unneeded include of net.h in peertablemodel.cpp
- add const after size() in PeerTablePriv
- remove 2x unneeded else in functions
- replace a (int) typecast by (QVariant) to use Qt style
- remove unneeded include of peertablemodel.h from rpcconsole.cpp
Add a field `strDebugMessage` which can be passed to DoS or Invalid,
and queried using GetDebugMessage() to add extra troubleshooting
information to the validation state.
5922b67 Add assertion and cast before sending reject code (Wladimir J. van der Laan)
a651403 Add absurdly high fee message to validation state (for RPC propagation) (Shaul Kfir)
This gets rid of a warning. Add an assertion to make sure that the
reject code is in the correct range for the network protocol
(if it is outside the range it must be a bug)
7b79cbd limit total length of user agent comments (Pavol Rusnak)
557f8ea implement uacomment config parameter which can add comments to user agent as per BIP-0014 (Pavol Rusnak)
- do not lock cs_main for mnodeman.CheckAndRemove() - we have trylock inside CMasternode.Check, should be enough
- fast cs_main lock for ix
- use RelayInv instead of manually locking nodes / pushing inv
- do not lock cs_vNodes / ClearFulfilledRequest on every 100th block, CMasternodeSync should already handle resync by itself better now
Previously various user-facing strings have used inconsistent currency units "BTC",
"btc" and "bitcoins". This adds a single constant and uses it for each reference to
the currency unit.
Also adds a description of the unit for --maxtxfee, and adds the missing "amount"
field description to the (deprecated) move RPC command.
Fixes#2007
This checks to see if the system clock appears to be bad and gives a
helpful error message. If the user's clock is set incorrectly, hopefully
they'll abort, fix it, and then save themselves a fruitless resync.
a8d0407 Move recentRejects initialization to top of InitBlockIndex (Wladimir J. van der Laan)
0847d9c Keep track of recently rejected transactions (Peter Todd)
d741371 Only use randomly created nonces in CRollingBloomFilter. (Pieter Wuille)
d2d7ee0 Make CRollingBloomFilter set nTweak for you (Peter Todd)
a3d65fe Reuse vector hashing code for uint256 (Pieter Wuille)
bbe4108 Add uint256 support to CRollingBloomFilter (Peter Todd)
c6455c7 doc: mention change to option parsing behavior in release notes (Wladimir J. van der Laan)
c38c49d Fix argument parsing oddity with -noX (Wladimir J. van der Laan)
This avoids that premature return in the condition that a new chain is initialized
results in NULL pointer errors due to recentReject not being constructed.
Also add assertions where it is used.
Introduce a PlatformStyle to handle platform-specific customization of
the UI.
This replaces 'scicon', as well as #ifdefs to determine whether to place
icons on buttons.
The selected PlatformStyle defaults to the platform that the application
was compiled on, but can be overridden from the command line with
`-uiplatform=<x>`.
Also fixes the warning from #6328.
These changes decode valid SIGHASH types on signatures in assembly (asm) representations of scriptSig scripts.
This squashed commit incorporates substantial helpful feedback from jtimon, laanwj, and sipa.
- use map.insert instead of [] (should be safer)
- debug output / comments / spaces / names
- fix few long strings / make translatable one more label in UI
- move ds rounds calculation to wallet
- add cache to / rework anon/denom balance functions
- fix updates on new blocks for ds status on overview page
- fix after rebase
- always clear entries, do not try to reuse them
- unlock coins only when needed (do not unlock them every 10 blocks)
- make logic a bit more strightforward in few places
- clear all expired on timeout (not just the first found)
- add 2 additional statuses on doauto
- run DS checks when mn list sync started, do not wait for full sync
- move most class members to private
Clean up the code in chainparams a bit more after the recent
refactorings. In particular, make sure the structure of the "RegTest"
params matches the structure of the other classes. This makes the code
clearer to read.
Also remove redundant values of the genesis block in always-specified
optional arguments and mark variable/argument as "const".
59b49cd Eliminate signed/unsigned comparison warning (Suhas Daftuar)
04b5d23 Replace sleep with syncing using pings (Suhas Daftuar)
6b1066f Ignore whitelisting during IBD for unrequested blocks. (Suhas Daftuar)
bfc30b3 Ignore unrequested blocks too far ahead of tip (Suhas Daftuar)
Nodes can have divergent policies on which transactions they will accept
and relay. This can cause you to repeatedly request and reject the same
tx after its inved to you from various peers which have accepted it.
Here we add rolling bloom filter to keep track of such rejections,
clearing the filter every time the chain tip changes.
Credit goes to Alex Morcos, who created the patch that this code is
based on.
Original code by Peter Todd. Refactored to not construct the
filter at startup time by Pieter Wuille.
- Testnet budget adjustments to allow quick cycles that create no inflation in the testnet environment
- Budget proposal are sorted by YesCount-NoCount now
- Added nTime to proposals
- Only allow proposals more than 1 day old into budgets
While CBloomFilter is usually used with an explicitly set nTweak,
CRollingBloomFilter is only used internally. Requiring every caller to
set nTweak is error-prone and redundant; better to have the class handle
that for you with a high-quality randomness source.
Additionally when clearing the filter it makes sense to change nTweak as
well to recover from a bad setting, e.g. due to insufficient randomness
at initialization, so the clear() method is replaced by a reset() method
that sets a new, random, nTweak value.
As suggested by Greg Maxwell-- unit test to make sure a block
with a double-spend in it doesn't pass validation if half of
the double-spend is already in the memory pool (so full-blown
transaction validation is skipped) when the block is received.
`bitcoind -X -noX` ends up, unintuitively, with `X` set.
(for all boolean options X)
This result is due to the odd two-pass processing of arguments. This
patch fixes this oddity and simplifies the code at the same time.
Accept strings containing decimal values, in addition to bare values.
Useful from JSON-RPC implementations where it's not possible to have
direct control over the text of numbers (e.g. where numbers are always
doubles), and it's still desired to send an exact value.
This would allow users to post JSON content with numbers encoded like
`{"value": "0.00000001"}` instead of `{"value": 0.00000001}` which some
php/python encoders wrap into 1e-8, or worse.
060b3d3 fixup: qt 5.5 snuck in another module that needs path hand-holding (Cory Fields)
ecd6a89 depends: make more qt flags explicit (Cory Fields)
ab67dd7 depends: bump to qt 5.5 (Cory Fields)
5189fe3 depends: split qt config options to separate lines (Jacob Welsh)
fe997df build: fix building against qt5.4/5.5 (Cory Fields)
- Budgets now store the seen objects locally so they're not overwritten when saving/loading to check validity of budget.dat
- Added safer sync "failure" mode, that will retry an hour later if the sync fails for some reason. This will stop the client from thinking it has budget data and rejecting blocks when they're valid.
- protocol bump
- version bump
- if(pindexPrev->nHeight + 4 < pindexBestHeader->nHeight || pindexPrev->nTime + 600 < GetTime()) return;
-- && allowed skipping in various situations, which caused blocks to be rejected because of lack of mnfinalbudget data
ec249d4 util: use locale-independent parsing in ParseDouble (Wladimir J. van der Laan)
7650449 univalue: Avoid unnecessary roundtrip through double for numbers (Wladimir J. van der Laan)
e061e27 rpc: Make ValueFromAmount always return 8 decimals (Wladimir J. van der Laan)
- Use INV messages where possible in syncing process
- Ask 4 peers intend of 2 to send of inventory of mnw, and budgets
- Special regtest sync mode
- Fix mnw freezing issue (maybe)
a794284 locking: add a quick example of GUARDED_BY (Cory Fields)
2b890dd locking: fix a few small issues uncovered by -Wthread-safety (Cory Fields)
cd27bba locking: teach Clang's -Wthread-safety to cope with our scoped lock macros (Cory Fields)
Handle the case where no chain tip is available, in InvalidChainFound(). This fixes a null pointer deference when running unit tests, if the genesis block or block validation code is broken.
- Consensus system selects 1/10 of the oldest masternodes by payment, then selects payee by score from those. This fixes various race conditions when blocks are close together or inconsistant historical winner lists.
- Ask for up to 2 cycles of history
- Keep up to 5 cycles of history locally
- Cache saves masternode payment history
- On startup, the client will find the most recent block and calculate the amount of entries to ask for. The other peer will then send that amount of entries to save bandwidth on restarts.
This indicates that, eg, we have a public key for a key which may
be used as a pay-to-pubkey-hash. It generally means that we can
create a valid scriptSig except for missing private key(s) with
which to create signatures.
- Replaced coinbase cache in favor of using the masternode payments voting system only
- Syncing masternode payments now supports up to the syncing the entire payment list
If it's already more then MASTERNODE_SYNC_TIMEOUT seconds passed since we asked
and we still have nothing, assume there is nothing to sync but give it another
MASTERNODE_SYNC_TIMEOUT seconds until we move further
Since unspendable outputs can't be spent, there is no threshold at which it would be uneconomic to spend them.
This primarily targets transaction outputs with `OP_RETURN`.
---
Initially based on:
commit 9cf0ae26350033d43d5dd3c95054c0d1b1641eda
Author: zathras-crypto <zathrasc@gmail.com>
Date: Wed Mar 25 02:04:02 2015 -0700
Changes:
- cherry-picked on top of bitcoin:master
- added RPC test for fundrawtransaction
JSON makes no distinction between numbers and reals, and our code
doesn't need to do so either.
This removes VREAL, as well as its specific post-processing in
`UniValue::write`. Non-monetary amounts do not need to be forcibly
formatted with 8 decimals, so the extra roundtrip was unnecessary
(and potentially loses precision).
This is the format that was always returned to JSON clients.
The difference was not noticed before, because VREAL values
are post-processed by univalue.
By implementing the functionality directly it breaks the dependency
of rpcserver on utilmoneystr. FormatMoney is now only used for debugging
purposes.
To test, port over the formatting tests from util_tests.cpp to
rpc_tests.cpp.
- readability
- drop c_str()
- drop boost/lexical_cast
- ValueFromAmount for money
- fValid as bool
- fix/simplify descriptions
- more info on vote-many
- feedback on mnbudget vote
- do not call Added....() inside CMasternodeSync::Process() - that was "faking" sync process
- unify "RequestedMasternodeAttempt <= ..." logic and define MASTERNODE_SYNC_TIMEOUT
- add missing masternodeSync.AddedMasternodeList() to CMasternodeMan::ProcessMessage()
- fix "include"s
- don't check vecMasternodesUsed while not synced
- Client bump
- Improved syncing logic (sholud stop hanging issues)
- New spork for turning on super blocks
- Fixed issue with sending old/invalid finalized budgets
- Fixed issue with syncing clients and lack of confirmations with budget items (for IX)
QT_NO_KEYWORDS prevents Qt from defining the `foreach`, `signals`,
`slots` and `emit` macros.
Avoid overlap between Qt macros and boost - for example #undef hackiness
in #6421.
We don't want to erase orphans that still have missing inputs, they should still be tracked as orphans. Also, the transaction thats being accepted can't be an orphan otherwise it would have previously been accepted, so doesn't need to be added to the erase queue.
Github-Pull: #5985
Rebased-From: 14d4eef799
Make it possible to opt-out of the centralized alert system by providing
an option `-noalerts` or `-alerts=0`. The default remains unchanged.
This is a gentler form of #6260, in which I went a bit overboard by
removing the alert system completely.
I intend to add this to the GUI options in another pull after this.
Conflicts:
src/init.cpp
src/main.cpp
Github-Pull: #6274
Rebased-From: 02a6702a82
Chance "getbalance *" not to use IsTrusted. The method and result
now match the "getbalance <specific-account>" behavior. In
particular, "getbalance * 0" now works.
Also fixed a comment -- GetGalance has required 1 confirmation
for many years, and the default "getbalance *" behavior matches
that.
Github-Pull: #6276
Rebased-From: 7d6a85ab5b
Rebased-By: @trasher-
Change `read_string` to fail when not the entire input has been
consumed. This avoids unexpected, even dangerous behavior (fixes#6223).
The new JSON parser adapted in #6121 also solves this problem so in
master this is a temporary fix, but should be backported to older releases.
Also adds tests for the new behavior.
Github-Pull: #6226
Rebased-From: 4e157fc60d
To protect privacy, do not use UPNP when a proxy is set. The user may
still specify -listen=1 to listen locally (for a hidden service), so
don't rely on this happening through -listen.
Fixes#2927.
Conflicts:
src/init.cpp
Rebased-From: 8c35b6f3be
Github-Pull: #6153
Fix two CSubNet constructor problems:
- The use of `/x` where 8 does not divide x was broken, due to a
bit-order issue
- The use of e.g. `1.2.3.4/24` where the netmasked bits in the network
are not 0 was broken. Fix this by explicitly normalizing the netwok
according to the bitmask.
Also add tests for these cases.
Fixes#6179. Thanks to @jonasschnelli for reporting and initial fix.
Rebased-From: b45c50ce51
Github-Pull: #6186
- Do not rely on local lastTimeSeen and requested fRequested anymore. Use last know (signed) ping instead and base all logic on that. Should reduce mn list difference between
nodes.
- Rework CActiveMasternode accordingly along with states, errorMessages, rpc etc.
- Clean some related code, move parts from public to private
- drop c_str in LogPrintf that were related to this functionality (todo: drop it for LogPrintf everywhere else)
When no `-rpcpassword` is specified, use a special 'cookie' file for
authentication. This file is generated with random content when the
daemon starts, and deleted when it exits. Read access to this file
controls who can access through RPC. By default this file is stored in
the data directory but it be overriden with `-rpccookiefile`.
This is similar to Tor CookieAuthentication: see
https://www.torproject.org/docs/tor-manual.html.en
Alternative to #6258. Like that pull, this allows running bitcoind
without any manual configuration. However, daemons should ideally never write to
their configuration files, so I prefer this solution.
- Use OP_RETURN >> BudgetHash, with an output the size of BUDGET_FEE_TX. This will allow us to burn coins, that will be recreated and avoid hitting the "insane fee" checks
Submissions to the network now require a fee to be paid to the network (mining fee) using a special transaction with a OP_RETURN && ProposalHash in one of the outputs. This allows the network to filter spam quickly, while also allowing anyone to submit a proposal to the network.
To implement these changes we've introduced a few new commands:
mnbudget prepare PROPOSAL-NAME URL PAYMENT_COUNT BLOCK_START DASH_ADDRESS DASH_AMOUNT YES|NO|ABSTAIN [USE_IX(TRUE|FALSE)]
- To create the special transaction
mnbudget submit PROPOSAL-NAME URL PAYMENT_COUNT BLOCK_START DASH_ADDRESS DASH_AMOUNT YES|NO|ABSTAIN FEE_TX
- After the transaction is accepted by the network and has 3 confirmations, you can submit the transaction to the network here
mnbudget show
- Get the proposal hash from here
mnbudget vote PROPOSAL-HASH YES|NO|ABSTAIN
- You can now simply vote by hash using this command
Add a function `ParseFixedPoint` that parses numbers according
to the JSON number specification and returns a 64-bit integer.
Then this in `AmountFromValue`, rather than `ParseMoney`.
Also add lots of tests (thanks to @jonasschnelli for some of them).
Fixes issue #6297.
I've never liked the chain-specific exception to having to set a
password. It gives issues with #6388 which makes it valid to
set no password in every case (as it enables random cookie authentication).
This pull removes the flag, so that all chains are regarded the same.
It also removes the username==password test, which doesn't provide any
substantial extra security.
- show user and use in external calculations rounds that are calculated respecting current settings while use "real" rounds in internal calulation to store correct results in cache and easily provide user with updated info on settings change
- fix max real rounds limit (16)
Prevents stomping on debug logs in datadirs that are locked by other
instances and lost parameter interaction messages that can get wiped by
ShrinkDebugFile().
The log is now opened explicitly and all emitted messages are buffered
until this open occurs. The version message and log cut have also been
moved to the earliest possible sensible location.
Make outputs by looping through denominations: try to add every needed denomination, repeat up to 5-10 times.
This way we can be pretty sure that it should have at least one of each needed denomination.
We also do not care about full amount as long as we have right denominations, just pass what we found.
Four cases included:
* The CLTV operand type mismatches the tx locktime. In the script it is
1 (interpreted as block height), but in the tx is 500000000
(interpreted as date)
* The stack is empty when executing OP_CLTV
* The tx is final by having only one input with MAX_INT sequence number
* The operand for CLTV is negative (after OP_0 OP_1 OP_SUB)
-Syncing now happens in stages. Masternodes and Sporks, then Masternode winners, then proposals. Some of these require the masternode signatures, otherwise there are race conditions within the syncing process itself.
-Resigning - When a proposal is sent to the network initially it's signed by a masternode, if that masternode goes inactive the proposal becomes invalid. Resigning allows other masternodes to update proposal keep it valid with the coming and going of masternodes.
-Resigning compatibility - non masternodes will scan and flag proposals as invalid to accept updated owners.
-Invalid votes are now actively removed from the proposals when they go inactive
- Remove budgets with negative votes of more than 10% of network
- Only allow proposals into budget that have more than 10% of network support
- Faster removal of inactive masternodes
This assertion will occur any time that the client quits without
shutting down properly due to an error condition. As the user will
report this error instead of the error that was the root cause, it is
better to remove it.
- Show now shows every proposal that is known, which seems to be the general expected behavior of the users
- Added "projection" for showing what will end up in the budget if it was finalized currently
No longer relevant after #5957. This hack existed because of another
hack where the numthreads parameter, on regtest, doubled as how many
blocks to generate.
CTransAction::IsEquivalentTo was introduced in #5881.
This functionality is only useful to the wallet, and should never have
been added to the primitive transaction type.
72b9452 When processing RPC commands during warmup phase, parse the request object before returning an error so that id value can be used in the response. (Forrest Voight)
request object before returning an error so that id value can
be used in the response.
Prior to this commit, RPC commands sent during Bitcoin's
warmup/startup phase were responded to with a JSON-RPC error
with an id of null, which violated the JSON-RPC 2.0 spec:
id: This member is REQUIRED. It MUST be the same as the value
of the id member in the Request Object. If there was an error
in detecting the id in the Request object (e.g. Parse
error/Invalid Request), it MUST be Null.
- add missing strings and make inv strings a bit more consistent (imo)
- remove "unknown" types that were used to prevent errors thrown at user with old wallet,
just log such errors in debug mode for "net" category. Should also make behaviour of functions
relaing on CInv::IsKnownType() more adequate
(and it doesn't make sense to warn users by throwing errors at them in such situations anyway I guess)
To determine the default for `-par`, the number of script verification
threads, use [boost:🧵:physical_concurrency()](http://www.boost.org/doc/libs/1_58_0/doc/html/thread/thread_management.html#thread.thread_management.thread.physical_concurrency)
which counts only physical cores, not virtual cores.
Virtual cores are roughly a set of cached registers to avoid context
switches while threading, they cannot actually perform work, so spawning
a verification thread for them could even reduce efficiency and will put
undue load on the system.
Should fix issue #6358, as well as some other reported system overload
issues, especially on Intel processors.
The function was only introduced in boost 1.56, so provide a utility
function `GetNumCores` to fall back for older Boost versions.
- streamline initialization logic for litemode/masternode/ds
- call updateDarksendProgress on setBalance
- format amountAndRounds for 0 balance same way as for normal balance (see c3febd20a8)
- use style='white-space:pre' to show long strings in tooltips correctly, adapt few strings
- small fixes (cleanup naming, notr, use static where possible and get rid of unneeded class members)
4f40716 test: Move reindex test to standard tests (Wladimir J. van der Laan)
36c97b4 Bugfix: Don't check the genesis block header before accepting it (Jorge Timón)
ffd75ad Enable CHECKLOCKTIMEVERIFY as a standard script verify flag (Peter Todd)
bc60b2b Replace NOP2 with CHECKLOCKTIMEVERIFY (BIP65) (Peter Todd)
48e9c57 Move LOCKTIME_THRESHOLD to src/script/script.h (Peter Todd)
99088d6 Make CScriptNum() take nMaxNumSize as an argument (Peter Todd)
- Implemented spork for only paying new nodes after a period of time on mainnet
- protocol bump
- fixed a few issues with sporks. Spork show now shows all sporks, instead of the changed ones. IsSporkActive now supports sporks set to 0 as on.
b932953 Hardcoded seeds update June 2015 (Wladimir J. van der Laan)
884454a contrib: Add port parsing to makeseeds.py (Wladimir J. van der Laan)
ccd4369 contrib: Improvements to hardcoded seeds scripts (Wladimir J. van der Laan)
New, undocumented-on-purpose -mocktime=timestamp command-line
argument to startup with mocktime set. Needed because
time-related blockchain sanity checks are done on startup, before a
test has a chance to make a setmocktime RPC call.
And changed the setmocktime RPC call so calling it will not result in
currently connected peers being disconnected due to inactivity timeouts.
- With nodes coming and going on the network, the network could come to different opinions about who should get paid next in line due to some nodes being flagged as failing a PoSe check. This will have to be fixed by introducing a blockchain based PoSe system, but that's out of the scope of this release. To fix the issues in the interrim, I'm removing PoSe checks for the time being.
- Masternode nLastPaid is removed and a new caching system that keeps the last 30 days of coinbase payees replaces it
- To deal with some significant attack vectors, the masternode donation feature was removed. The donation feature was added to support developement anyway, so this will be replaced by the budgeting code.
- This code should allow the network to come to consensus about who should be paid pretty effectively
Transactions that fail CLTV verification will be rejected from the
mempool, making it easy to test the feature. However blocks containing
"invalid" CLTV-using transactions will still be accepted; this is *not*
the soft-fork required to actually enable CLTV for production use.
<nLockTime> CHECKLOCKTIMEVERIFY -> <nLockTime>
Fails if tx.nLockTime < nLockTime, allowing the funds in a txout to be
locked until some block height or block time in the future is reached.
Only the logic and unittests are implemented; this commit does not have
any actual soft-fork logic in it.
Thanks to Pieter Wuille for rebase.
Credit goes to Gregory Maxwell for the suggestion of comparing the
argument against the transaction nLockTime rather than the current
time/blockheight directly.
Now that the off-by-one error w/nLockTime txs issue has been fixed by
87550eef (75a4d512 in the 0.11 branch) we can make the anti-fee-sniping
protection create transactions with nLockTime set such that they're only
valid in the next block, rather than an earlier block.
There was also a concern about poor propagation, however testing with
transactions with nLockTime = GetAdjustedTime()+1 as a proxy for
nLockTime propagation, as well as a few transactions sent the moment
blocks were received, has turned up no detectable issues with
propagation. If you have a block at a given height you certainly have at
least one peer with that block who will accept the transaction. That
peer will certainly have other peers who will accept it, and soon
essentially the whole network has the transaction. In particular, if a
node recives a transaction that it rejects due to the tx being
non-final, it will be accepted again later as it winds its way around
the network.
- Fixed a bug causing the broadcasts to be ignored in some situations
- Added some logic to rebroadcast new masternodes, so the rest of the network finds out about unknown nodes quickly
- should help masternode payments to work properly
When responding to a getblocks message, only return inv's as
long as we HAVE_DATA for blocks in the chain, and only for blocks
that we aren't likely to delete in the near future.
- fixes#3136
- the problem is related to Boost path and a static initialized internal
pointer
- using a std::string in CDBEnv::EnvShutdown() prevents the problem
- this removes the boost::filesystem::path path field from CDBEnv
26a639e remove using namespace std from addrman.cpp (Philip Kaufmann)
40c592a make CAddrMan::size() return the correct type of size_t (Philip Kaufmann)
For leveldb "An iterator operates on a snapshot of the database taken
when the iterator is created". This means that it is unnecessary to
lock out other threads while computing statistics, and neither to hold
cs_main for the whole time. Let the thread run free.
- rpcwallet: No need to lock twice here
- openssl: Clang doesn't understand selective lock/unlock here. Ignore it.
- CNode: Fix a legitimate (though very unlikely) locking bug.
This allows us to use function/variable/class attributes to specify locking
requisites, allowing problems to be detected during static analysis.
This works perfectly with newer Clang versions (tested with 3.3-3.7). For older
versions (tested 3.2), it compiles fine but spews lots of false-positives.
Make it possible to opt-out of the centralized alert system by providing
an option `-noalerts` or `-alerts=0`. The default remains unchanged.
This is a gentler form of #6260, in which I went a bit overboard by
removing the alert system completely.
I intend to add this to the GUI options in another pull after this.
Conflicts:
src/init.cpp
src/main.cpp
Github-Pull: #6274
Rebased-From: 02a6702a82
Chance "getbalance *" not to use IsTrusted. The method and result
now match the "getbalance <specific-account>" behavior. In
particular, "getbalance * 0" now works.
Also fixed a comment -- GetGalance has required 1 confirmation
for many years, and the default "getbalance *" behavior matches
that.
Github-Pull: #6276
Rebased-From: 7d6a85ab5b
Rebased-By: @trasher-
Make it possible to opt-out of the centralized alert system by providing
an option `-noalerts` or `-alerts=0`. The default remains unchanged.
This is a gentler form of #6260, in which I went a bit overboard by
removing the alert system completely.
I intend to add this to the GUI options in another pull after this.
This sets aside a number of connection slots for whitelisted peers,
useful for ensuring your local users and miners can always get in,
even if your limit on inbound connections has already been reached.
Chance "getbalance *" not to use IsTrusted. The method and result
now match the "getbalance <specific-account>" behavior. In
particular, "getbalance * 0" now works.
Also fixed a comment -- GetGalance has required 1 confirmation
for many years, and the default "getbalance *" behavior matches
that.
Simplify and make the code in AppInit2 more clear.
This provides a straightforward flow, gets rid of .count() (which makes
it possible to override an earlier provided proxy option to nothing), as
well as comments the different cases.
Univalue's parsing of \u escape sequences did not handle NUL characters
correctly. They were, effectively, dropped. The extended test-case
fails with the old code, and is fixed with this patch.
Do not translate -help-debug options, Many technical terms, and
only a very small audience, so is unnecessary stress to translators.
Brings the code up to date with translation string policy in
`doc/translation_strings_policy.md`.
Also remove no-longer-relevant "In this mode -genproclimit controls how
many blocks are generated immediately." (as of #5957) from regtest help.
7d8ffac Changes necessary now that zero values accepted in AmountFromValue (Wladimir J. van der Laan)
a04bdef Get rid of fPlus argument to FormatMoney (Wladimir J. van der Laan)
4b4b9a8 Don't go through double in AmountFromValue and ValueFromAmount (Wladimir J. van der Laan)
The partition checking code was using chainActive timestamps
to detect partitioning; with headers-first syncing, it should use
(and with this pull request, does use) pIndexBestHeader timestamps.
Fixes issue #6251
- Add an accept test for zero amounts, and a reject test for negative
amounts
- Remove ugly hack in `settxfee` that is no longer necessary
- Do explicit zero checks in wallet RPC functions
- Don't add a check for zero amounts in `createrawtransaction` - this
could be seen as a feature
My prime gripe with JSON spirit was that monetary values still had to be
converted from and to floating point which can cause deviations (see #3759
and https://bitcoin.stackexchange.com/questions/22716/bitcoind-sendfrom-round-amount-error).
As UniValue stores internal values as strings, this is no longer
necessary. This avoids risky double-to-integer and integer-to-double
conversions completely, and results in more elegant code to boot.
This prevents an edge case where a block downloaded and pruned
in-between successive calls to FindNextBlocksToDownload could
cause the block to be unnecessarily re-requested.
Strict parsing functions for other numeric types.
- ParseInt64 analogous to ParseInt32, but for 64-bit values.
- ParseDouble for doubles.
- Make all three Parse* functions more strict (e.g. reject whitespace on
the inside)
Also add tests.
- implement find_value() function for UniValue
- replace all Array/Value/Object types with UniValues, remove JSON Spirit to UniValue wrapper
- remove JSON Spirit sources
In some corner cases, it may be possible for recent blocks to end up in
the same block file as much older blocks. Previously, the pruning code
would stop looking for files to remove upon first encountering a file
containing a block that cannot be pruned, now it will keep looking for
candidate files until the target is met and all other criteria are
satisfied.
This can result in a noncontiguous set of block files (by number) on
disk, which is fine except for during some reindex corner cases, so
make reindex preparation smarter such that we keep the data we can
actually use and throw away the rest. This allows pruning to work
correctly while downloading any blocks needed during the reindex.
Change `read_string` to fail when not the entire input has been
consumed. This avoids unexpected, even dangerous behavior (fixes#6223).
The new JSON parser adapted in #6121 also solves this problem so in
master this is a temporary fix, but should be backported to older releases.
Also adds tests for the new behavior.
Github-Pull: #6226
Rebased-From: 4e157fc60d
Change `read_string` to fail when not the entire input has been
consumed. This avoids unexpected, even dangerous behavior (fixes#6223).
The new JSON parser adapted in #6121 also solves this problem so in
master this is a temporary fix, but should be backported to older releases.
Also adds tests for the new behavior.
If/when CTransaction::CURRENT_VERSION is incremented, this will break CChainParams and the miner tests. This fix sets the transaction version explicitly where we depend on the hash value (genesis block, proof of work checks).
- Added strBudgetMode with modes of "auto", "output-vin" and "suggest". Auto votes for what the masternode sees as the most popular proposals, output-vin is a delegation mode to another party and "suggest" sends a message to the network, suggesting the most popular proposals
aa41bc8 Update help message to match the #4219 change (lpescher)
f60bb5e Update documentation to match the #4219 change (lpescher)
cb87386 Make command line option to show all debugging consistent with similar options (lpescher)
- Finalized budgets now pass proposal hash, payee and amount. This keeps them completely separate from the proposal system to aid in consensus.
- Added status messages for badly formed finalized budgets (probably attacks). If users see messages like this they should check the proposals to see if something is wrong with them before voting.
- Added FindProposal and FindFinalBudget to budgeting class
- Added 2 new sporks for Proposals and Budget payment enforcement. This is outside of the decentralized code so we can turn it off if there's a problem.
- Detect budget blocks and pay correct amounts in super blocks
- more SetNull calls on failures
- move collateral tx reset out of SetNull and redo verification/renewal on doAuto in one single place (should prevent fast keypool exhausting on failures)
- move lastNewBlock from SetNull to Reset
- sessionTotal doesn't makes sense anymore, get rid of it.
- GetDenominationsByAmount cleaned but it is not used anywhere else so maybe it should be removed too (placed a comment there but didn't remove it yet).
Under some circumstances it is possible for there to be a significant,
discontinuous jump in a node's clock value. On mining nodes, this can
result in block templates which are no longer valid due to time-based
nLockTime constraints. UpdateTime() is modified so that it will never
decrease a block's nLockTime, thereby preventing such invalidations.
- All budgeting code seems to be rather stable now. Serialization/caching is working rather well.
- Fixed some ambiguous variable names within the budgeting system that were causing the file caching to not work all of the time
Previously due to an off-by-one error the wallet ignored
nLockTime-by-height transactions that would be valid in the next block
even though they are accepted into the mempool. The transactions
wouldn't show up until confirmed, nor would they be included in the
unconfirmed balance. Similar to the mempool behavior fix in 665bdd3b,
the wallet code was calling IsFinalTx() directly without taking into
account the fact that doing so tells you if the transaction could have
been mined in the *current* block, rather than the next block.
To fix this we strip IsFinalTx() of non-consensus-critical
functionality, removing the default arguments, and add CheckFinalTx() to
check if a transaction will be final in the next block.
To protect privacy, do not use UPNP when a proxy is set. The user may
still specify -listen=1 to listen locally (for a hidden service), so
don't rely on this happening through -listen.
Fixes#2927.
Conflicts:
src/init.cpp
Rebased-From: 8c35b6f3be
Github-Pull: #6153
Fix two CSubNet constructor problems:
- The use of `/x` where 8 does not divide x was broken, due to a
bit-order issue
- The use of e.g. `1.2.3.4/24` where the netmasked bits in the network
are not 0 was broken. Fix this by explicitly normalizing the netwok
according to the bitmask.
Also add tests for these cases.
Fixes#6179. Thanks to @jonasschnelli for reporting and initial fix.
Rebased-From: b45c50ce51
Github-Pull: #6186
Fix two CSubNet constructor problems:
- The use of `/x` where 8 does not divide x was broken, due to a
bit-order issue
- The use of e.g. `1.2.3.4/24` where the netmasked bits in the network
are not 0 was broken. Fix this by explicitly normalizing the netwok
according to the bitmask.
Also add tests for these cases.
Fixes#6179. Thanks to @jonasschnelli for reporting and initial fix.
Don't clear `stopRequested` and `stopWhenEmpty` at the top of
`serviceQueue`, as this results in a race condition: on systems under
heavy load, some of the threads only get scheduled on the CPU when the
other threads have already finished their work. This causes the flags to
be cleared post-hoc and thus those threads to wait forever.
The potential drawback of this change is that the scheduler cannot be
restarted after being stopped (an explicit reset would be needed), but
we don't use this functionality anyway.
Most people expect a value of 1 to enable all for command line arguments.
However to do this for the -debug option you must type "-debug=".
This has been changed to allow "-debug=1" as well as "-debug=" to
enable all debug logging
To protect privacy, do not use UPNP when a proxy is set. The user may
still specify -listen=1 to listen locally (for a hidden service), so
don't rely on this happening through -listen.
Fixes#2927.
On a busy or slow system, the CScheduler unit test could fail because it
assumed all threads would be done after a couple of milliseconds.
Replace the hard-coded sleep with CScheduler stop() method that
will cleanly exit the servicing threads when all tasks are completely
finished.
Previously this was cleared only after UnlinkPrunedFiles, but it should really be cleared after FindFilesToPrune, regardless of whether there are any files to be pruned.
86a5f4b Relocate calls to CheckDiskSpace (Alex Morcos)
67708ac Write block index more frequently than cache flushes (Pieter Wuille)
b3ed423 Cache tweak and logging improvements (Pieter Wuille)
fc684ad Use accurate memory for flushing decisions (Pieter Wuille)
046392d Keep track of memory usage in CCoinsViewCache (Pieter Wuille)
540629c Add memusage.h (Pieter Wuille)
8f0947b Increase timeouts in pruning.py and modify warning language. (Alex Morcos)
b89f307 Fix incorrect variable name in FindFilesToPrune (Suhas Daftuar)
This assertion will occur any time that the client quits without
shutting down properly due to an error condition. As the user will
report this error instead of the error that was the root cause, it is
better to remove it.
- Added commands for using budgets "mnbudget" and "mnfinalbudget"
- Supports 100% decentralized budget control and view-only site with json meta data object
Create a monitoring task that counts how many blocks have been found in the last four hours.
If very few or too many have been found, an alert is triggered.
"Very few" and "too many" are set based on a false positive rate of once every fifty years of constant running with constant hashing power, which works out to getting 5 or fewer or 48 or more blocks in four hours (instead of the average of 24).
Only one alert per day is triggered, so if you get disconnected from the network (or are being Sybil'ed) -alertnotify will be triggered after 3.5 hours but you won't get another -alertnotify for 24 hours.
Tested with a new unit test and by running on the main network with -debug=partitioncheck
Run test/test_bitcoin --log_level=message to see the alert messages:
WARNING: check your network connection, 3 blocks received in the last 4 hours (24 expected)
WARNING: abnormally high number of blocks generated, 60 blocks received in the last 4 hours (24 expected)
The -debug=partitioncheck debug.log messages look like:
ThreadPartitionCheck : Found 22 blocks in the last 4 hours
ThreadPartitionCheck : likelihood: 0.0777702
ca5f688 [QT] don't colorize icons on win and mac (Jonas Schnelli)
7247d10 [QT] use alert icon with tooltip insted of "(out of sync)" text (Jonas Schnelli)
51c7c70 [QT] remove frame to avoid double-frame situation in sendcoinsentry.ui (Jonas Schnelli)
2a6b844 [QT] change transaction amount and height in overview page (Jonas Schnelli)
Instead of only checking height to decide whether to disable script checks,
actually check whether a block is an ancestor of a checkpoint, up to which
headers have been validated. This means that we don't have to prevent
accepting a side branch anymore - it will be safe, just less fast to
do.
We still need to prevent being fed a multitude of low-difficulty headers
filling up our memory. The mechanism for that is unchanged for now: once
a checkpoint is reached with headers, no headers chain branching off before
that point are allowed anymore.
This class groups transactions that have been confirmed in blocks into buckets, based on either their fee or their priority. Then for each bucket, the class calculates what percentage of the transactions were confirmed within various numbers of blocks. It does this by keeping an exponentially decaying moving history for each bucket and confirm block count of the percentage of transactions in that bucket that were confirmed within that number of blocks.
-Eliminate txs which didn't have all inputs available at entry from fee/pri calcs
-Add dynamic breakpoints and tracking of confirmation delays in mempool transactions
-Remove old CMinerPolicyEstimator and CBlockAverage code
-New smartfees.py
-Pass a flag to the estimation code, using IsInitialBlockDownload as a proxy for when we are still catching up and we shouldn't be counting how many blocks it takes for transactions to be included.
-Add a policyestimator unit test
We don't want to erase orphans that still have missing inputs, they should still be tracked as orphans. Also, the transaction thats being accepted can't be an orphan otherwise it would have previously been accepted, so doesn't need to be added to the erase queue.
When the internal miner is enabled at the start of a new node, there
is an near instant assert in TestBlockValidity because its attempting
to mine a block before the top checkpoint.
Also avoids a data race around vNodes.
Github-Pull: #6123
Rebased-From: bba7c24929
