mirror of
https://github.com/dashpay/dash.git
synced 2024-12-25 12:02:48 +01:00
merge bitcoin#15039: Avoid leaking nLockTime fingerprint when anti-fee-sniping
This commit is contained in:
parent
4bf6dc07d4
commit
365e5c4205
@ -3294,6 +3294,66 @@ bool CWallet::SelectTxDSInsByDenomination(int nDenom, CAmount nValueMax, std::ve
|
|||||||
return nValueTotal > 0;
|
return nValueTotal > 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static bool IsCurrentForAntiFeeSniping(interfaces::Chain::Lock& locked_chain)
|
||||||
|
{
|
||||||
|
if (::ChainstateActive().IsInitialBlockDownload()) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
constexpr int64_t MAX_ANTI_FEE_SNIPING_TIP_AGE = 4 * 60; // in seconds
|
||||||
|
if (::ChainActive().Tip()->GetBlockTime() < (GetTime() - MAX_ANTI_FEE_SNIPING_TIP_AGE)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Return a height-based locktime for new transactions (uses the height of the
|
||||||
|
* current chain tip unless we are not synced with the current chain
|
||||||
|
*/
|
||||||
|
static uint32_t GetLocktimeForNewTransaction(interfaces::Chain::Lock& locked_chain)
|
||||||
|
{
|
||||||
|
uint32_t locktime;
|
||||||
|
// Discourage fee sniping.
|
||||||
|
//
|
||||||
|
// For a large miner the value of the transactions in the best block and
|
||||||
|
// the mempool can exceed the cost of deliberately attempting to mine two
|
||||||
|
// blocks to orphan the current best block. By setting nLockTime such that
|
||||||
|
// only the next block can include the transaction, we discourage this
|
||||||
|
// practice as the height restricted and limited blocksize gives miners
|
||||||
|
// considering fee sniping fewer options for pulling off this attack.
|
||||||
|
//
|
||||||
|
// A simple way to think about this is from the wallet's point of view we
|
||||||
|
// always want the blockchain to move forward. By setting nLockTime this
|
||||||
|
// way we're basically making the statement that we only want this
|
||||||
|
// transaction to appear in the next block; we don't want to potentially
|
||||||
|
// encourage reorgs by allowing transactions to appear at lower heights
|
||||||
|
// than the next block in forks of the best chain.
|
||||||
|
//
|
||||||
|
// Of course, the subsidy is high enough, and transaction volume low
|
||||||
|
// enough, that fee sniping isn't a problem yet, but by implementing a fix
|
||||||
|
// now we ensure code won't be written that makes assumptions about
|
||||||
|
// nLockTime that preclude a fix later.
|
||||||
|
if (IsCurrentForAntiFeeSniping(locked_chain)) {
|
||||||
|
locktime = locked_chain.getHeight().value_or(-1);
|
||||||
|
|
||||||
|
// Secondly occasionally randomly pick a nLockTime even further back, so
|
||||||
|
// that transactions that are delayed after signing for whatever reason,
|
||||||
|
// e.g. high-latency mix networks and some CoinJoin implementations, have
|
||||||
|
// better privacy.
|
||||||
|
if (GetRandInt(10) == 0)
|
||||||
|
locktime = std::max(0, (int)locktime - GetRandInt(100));
|
||||||
|
} else {
|
||||||
|
// If our chain is lagging behind, we can't discourage fee sniping nor help
|
||||||
|
// the privacy of high-latency transactions. To avoid leaking a potentially
|
||||||
|
// unique "nLockTime fingerprint", set nLockTime to a constant.
|
||||||
|
locktime = 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
assert(locktime <= (unsigned int)::ChainActive().Height());
|
||||||
|
assert(locktime < LOCKTIME_THRESHOLD);
|
||||||
|
return locktime;
|
||||||
|
}
|
||||||
|
|
||||||
bool CWallet::SelectCoinsGroupedByAddresses(std::vector<CompactTallyItem>& vecTallyRet, bool fSkipDenominated, bool fAnonymizable, bool fSkipUnconfirmed, int nMaxOupointsPerAddress) const
|
bool CWallet::SelectCoinsGroupedByAddresses(std::vector<CompactTallyItem>& vecTallyRet, bool fSkipDenominated, bool fAnonymizable, bool fSkipUnconfirmed, int nMaxOupointsPerAddress) const
|
||||||
{
|
{
|
||||||
auto locked_chain = chain().lock();
|
auto locked_chain = chain().lock();
|
||||||
@ -3487,8 +3547,6 @@ bool CWallet::GetBudgetSystemCollateralTX(interfaces::Chain::Lock& locked_chain,
|
|||||||
bool CWallet::CreateTransaction(interfaces::Chain::Lock& locked_chain, const std::vector<CRecipient>& vecSend, CTransactionRef& tx, CReserveKey& reservekey, CAmount& nFeeRet,
|
bool CWallet::CreateTransaction(interfaces::Chain::Lock& locked_chain, const std::vector<CRecipient>& vecSend, CTransactionRef& tx, CReserveKey& reservekey, CAmount& nFeeRet,
|
||||||
int& nChangePosInOut, std::string& strFailReason, const CCoinControl& coin_control, bool sign, int nExtraPayloadSize)
|
int& nChangePosInOut, std::string& strFailReason, const CCoinControl& coin_control, bool sign, int nExtraPayloadSize)
|
||||||
{
|
{
|
||||||
uint32_t const height = locked_chain.getHeight().value_or(-1);
|
|
||||||
|
|
||||||
CAmount nValue = 0;
|
CAmount nValue = 0;
|
||||||
int nChangePosRequest = nChangePosInOut;
|
int nChangePosRequest = nChangePosInOut;
|
||||||
unsigned int nSubtractFeeFromAmount = 0;
|
unsigned int nSubtractFeeFromAmount = 0;
|
||||||
@ -3511,39 +3569,8 @@ bool CWallet::CreateTransaction(interfaces::Chain::Lock& locked_chain, const std
|
|||||||
}
|
}
|
||||||
|
|
||||||
CMutableTransaction txNew;
|
CMutableTransaction txNew;
|
||||||
|
txNew.nLockTime = GetLocktimeForNewTransaction(locked_chain);
|
||||||
|
|
||||||
// Discourage fee sniping.
|
|
||||||
//
|
|
||||||
// For a large miner the value of the transactions in the best block and
|
|
||||||
// the mempool can exceed the cost of deliberately attempting to mine two
|
|
||||||
// blocks to orphan the current best block. By setting nLockTime such that
|
|
||||||
// only the next block can include the transaction, we discourage this
|
|
||||||
// practice as the height restricted and limited blocksize gives miners
|
|
||||||
// considering fee sniping fewer options for pulling off this attack.
|
|
||||||
//
|
|
||||||
// A simple way to think about this is from the wallet's point of view we
|
|
||||||
// always want the blockchain to move forward. By setting nLockTime this
|
|
||||||
// way we're basically making the statement that we only want this
|
|
||||||
// transaction to appear in the next block; we don't want to potentially
|
|
||||||
// encourage reorgs by allowing transactions to appear at lower heights
|
|
||||||
// than the next block in forks of the best chain.
|
|
||||||
//
|
|
||||||
// Of course, the subsidy is high enough, and transaction volume low
|
|
||||||
// enough, that fee sniping isn't a problem yet, but by implementing a fix
|
|
||||||
// now we ensure code won't be written that makes assumptions about
|
|
||||||
// nLockTime that preclude a fix later.
|
|
||||||
|
|
||||||
txNew.nLockTime = height;
|
|
||||||
|
|
||||||
// Secondly occasionally randomly pick a nLockTime even further back, so
|
|
||||||
// that transactions that are delayed after signing for whatever reason,
|
|
||||||
// e.g. high-latency mix networks and some CoinJoin implementations, have
|
|
||||||
// better privacy.
|
|
||||||
if (GetRandInt(10) == 0)
|
|
||||||
txNew.nLockTime = std::max(0, (int)txNew.nLockTime - GetRandInt(100));
|
|
||||||
|
|
||||||
assert(txNew.nLockTime <= height);
|
|
||||||
assert(txNew.nLockTime < LOCKTIME_THRESHOLD);
|
|
||||||
FeeCalculation feeCalc;
|
FeeCalculation feeCalc;
|
||||||
CFeeRate discard_rate = coin_control.m_discard_feerate ? *coin_control.m_discard_feerate : GetDiscardRate(*this, ::feeEstimator);
|
CFeeRate discard_rate = coin_control.m_discard_feerate ? *coin_control.m_discard_feerate : GetDiscardRate(*this, ::feeEstimator);
|
||||||
unsigned int nBytes{0};
|
unsigned int nBytes{0};
|
||||||
|
@ -202,6 +202,7 @@ BASE_SCRIPTS = [
|
|||||||
'rpc_mnauth.py',
|
'rpc_mnauth.py',
|
||||||
'rpc_verifyislock.py',
|
'rpc_verifyislock.py',
|
||||||
'rpc_verifychainlock.py',
|
'rpc_verifychainlock.py',
|
||||||
|
'wallet_create_tx.py',
|
||||||
'p2p_fingerprint.py',
|
'p2p_fingerprint.py',
|
||||||
'rpc_platform_filter.py',
|
'rpc_platform_filter.py',
|
||||||
'feature_dip0020_activation.py',
|
'feature_dip0020_activation.py',
|
||||||
|
35
test/functional/wallet_create_tx.py
Executable file
35
test/functional/wallet_create_tx.py
Executable file
@ -0,0 +1,35 @@
|
|||||||
|
#!/usr/bin/env python3
|
||||||
|
# Copyright (c) 2018 The Bitcoin Core developers
|
||||||
|
# Distributed under the MIT software license, see the accompanying
|
||||||
|
# file COPYING or http://www.opensource.org/licenses/mit-license.php.
|
||||||
|
|
||||||
|
from test_framework.test_framework import BitcoinTestFramework
|
||||||
|
from test_framework.util import (
|
||||||
|
assert_equal,
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
class CreateTxWalletTest(BitcoinTestFramework):
|
||||||
|
def set_test_params(self):
|
||||||
|
self.setup_clean_chain = False
|
||||||
|
self.num_nodes = 1
|
||||||
|
|
||||||
|
def skip_test_if_missing_module(self):
|
||||||
|
self.skip_if_no_wallet()
|
||||||
|
|
||||||
|
def run_test(self):
|
||||||
|
self.log.info('Check that we have some (old) blocks and that anti-fee-sniping is disabled')
|
||||||
|
assert_equal(self.nodes[0].getblockchaininfo()['blocks'], 200)
|
||||||
|
txid = self.nodes[0].sendtoaddress(self.nodes[0].getnewaddress(), 1)
|
||||||
|
tx = self.nodes[0].decoderawtransaction(self.nodes[0].gettransaction(txid)['hex'])
|
||||||
|
assert_equal(tx['locktime'], 0)
|
||||||
|
|
||||||
|
self.log.info('Check that anti-fee-sniping is enabled when we mine a recent block')
|
||||||
|
self.nodes[0].generate(1)
|
||||||
|
txid = self.nodes[0].sendtoaddress(self.nodes[0].getnewaddress(), 1)
|
||||||
|
tx = self.nodes[0].decoderawtransaction(self.nodes[0].gettransaction(txid)['hex'])
|
||||||
|
assert 0 < tx['locktime'] <= 201
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
CreateTxWalletTest().main()
|
@ -59,7 +59,7 @@ class TxnMallTest(BitcoinTestFramework):
|
|||||||
|
|
||||||
# Construct a clone of tx1, to be malleated
|
# Construct a clone of tx1, to be malleated
|
||||||
rawtx1 = self.nodes[0].getrawtransaction(txid1, 1)
|
rawtx1 = self.nodes[0].getrawtransaction(txid1, 1)
|
||||||
clone_inputs = [{"txid": rawtx1["vin"][0]["txid"], "vout": rawtx1["vin"][0]["vout"]}]
|
clone_inputs = [{"txid": rawtx1["vin"][0]["txid"], "vout": rawtx1["vin"][0]["vout"], "sequence": rawtx1["vin"][0]["sequence"]}]
|
||||||
clone_outputs = {rawtx1["vout"][0]["scriptPubKey"]["addresses"][0]: rawtx1["vout"][0]["value"],
|
clone_outputs = {rawtx1["vout"][0]["scriptPubKey"]["addresses"][0]: rawtx1["vout"][0]["value"],
|
||||||
rawtx1["vout"][1]["scriptPubKey"]["addresses"][0]: rawtx1["vout"][1]["value"]}
|
rawtx1["vout"][1]["scriptPubKey"]["addresses"][0]: rawtx1["vout"][1]["value"]}
|
||||||
clone_locktime = rawtx1["locktime"]
|
clone_locktime = rawtx1["locktime"]
|
||||||
|
Loading…
Reference in New Issue
Block a user