* fix vulnerability with mapMasternodeOrphanObjects
The vulnerability is that a malicious node can send a lot of NetMsgType::MNGOVERNANCEOBJECT messages which refer to many arbitrary MN's. In this case, mapMasternodeOrphanObjects will grow unrestrictedly.
* MN collateral moved to governance-object.cpp; ban score applied to misbehaving nodes
* recursive locks removed
* check for the mn collateral code segregated to a separate function
* CheckCollateral implementation moved to cpp
* Add hassentinelping to governanceinfo
* sentinelping rpc call
* additional fields in mnp
* sentinel ping implementation
* change sentinel state to byte in mnp
* use adjusted time in sentinel ping
* update nTimeLastWatchdogVote if sentinel ping is actual
* remove unused fields
* bump protocol to 70207
* Fix small issues
- fix the error message text in CActivbeMasternodeUpdateSentinelPing;
- add empty string before public: in CActiveMasternode class declaration;
- rename field sentinelPing in CMasternodePing to sentinelIsActual and change $
- decrease sentinelVersion field size to uint16_t;
* revert proto bump for MIN_... consts
* revert changes in getgovernanceinfo
* Update mn vote time for remote masternodes
- call UpdateWatchdogVoteTime in CMasternodeMan::ProcessMessage
- deserialize masternodeping from the previous version archive without exception
- add ability to set time in UpdateWatchdogVoteTime
- set nTimeLastWatchdogVote to masternode ping sigTime if sentinel is actual
- bump CMasternodeMan::SERIALIZATION_VERSION_STRING
* remove mn state checks and add correct rpc param convertion
* fix var names
* Helper class for version in string and integer form
* String version in sentinel ping
Version format is "x.x.x"
* test for bacward compatibility in serialization
* Change VersionInfo class to convert functions
* Add last ping time to masternode_info_t
* Use thread safe functions to access mnodeman in masternodelist.cpp
* Fix masternodelist widget locking
* Protect access to widget data from StartAlias button
* Flag governance items when MN's are removed
* Remove old broken update mechanism
* Do not flag MN state changes which are irrelevant to validity
* Call AddGovernanceVote
* Store time we saw mnb last time, bump sync timeout
if we received seen mnb but we are too close to MASTERNODE_NEW_START_REQUIRED_SECONDS
* Reset blockchain sync status if new blocks were accepted during sync
* Add some debug log output
* wait for at least one new block to be accepted
* bump CGovernanceManager-Version
* Few mn list sync changes:
- add more mn states
- only remove spent
- send mn ping in addition to mn announce on sync
- manage mn announces more carefully
- expire mns created from broadcasts with invalid ping
- old fWaitForPing logic for old nodes, should be helpful during migration period
This also adjusts active mn auto-start logic accordingly.
* Revert behaviour introduced in 5e1a6afe7f, make nLastDsq local variable instead of being network-wide one. Should fix mixing for new clients and for those who was offline for too long.
* fix docs
* Make local address discovery more robust in CActiveMasternode
* parameter interaction: -masternode=1 -> setting -listen=1
* slightly postpone first run to give net thread a chance to connect to some peers
* make sure local address detected in CActiveMasternode::ManageStateInitial is valid
* Simplified address detection logic
* Since we send all mnb's now regardless of mn state, ping check for sigTime being too old is obsolete (and wrong).
Also removing fRequireEnabled, this logic is deprecated too it seems.
* remove (pre-)enabled check in CMasternodeMan::Add
* PoSe changes:
- use helpers to alter nPoSeBanScore within predefined range only
- use nPoSeBanHeight instead of timeout of inactivity to ban masternodes till some block in the future (currently should block for the whole payment cycle)
- add log output on pose score increase in CheckSameAddr
* add GetStateString and static CMasternode::StateToString helpers
* Fix CActiveMasternode:
- should run `ManageStateLocal` only when `eType == MASTERNODE_LOCAL`
- should set `nState = ACTIVE_MASTERNODE_NOT_CAPABLE` in `ManageStateInitial` to let `GetStatus` return proper message
- more/better log output
* Allow MN broadcasts to update MN information regardless of state
* Add masternode public keys to log output for debugging
* Moved log message from start-alias to CMasternodeBroadcast::Create
* Fixed log message
Squashed:
* Replaced unsafe mnodeman.Find function with Get in governance-vote.cpp
* Reject unparsable governance objects
* Implemented sentinel watchdog objects (separated out from locking changes)
* Added WATCHDOG support to rpcgovernance.cpp
* Implemented WATCHDOG_EXPIRED state for masternodes
* Added serialization of watchdog timestamps
* Masternode fixes
- Added version check to CMasternodeMan deserialization
- Added several missing locking calls in CMasternodeMan
* Fixed missing member initialization in CMasternode constructor and added more logging
* Added MASTERNODE_WATCHDOG_MAX_SECONDS to governanceinfo
* Added masternodewatchdogmaxseconds info to getgovernanceinfo help
* Make masternodes remain in WATCHDOG_EXPIRED state unless removed or collateral expires
* Allow watchdog object creation by WATCHDOG_EXPIRED MN
* Fixed MN validation logic for governance object creation
* Count total masternodes instead of enabled masternodes in masternode-sync
* Transition out of WATCHDOG_EXPIRED state if the watchdog is inactive
* Fixed IsWatchdogExpired bug
* Fixed rate check for watchdog objects and no longer check MN state when validating governance objects
* Applied PR #1061 patch
* Ported locking changes from other branch
* Require only 1 block between new watchdog objects
* Accept pings for WATCHDOG_EXPIRED masternodes
* Lock CmasternodeMan::cs in CmasternodeMan::ProcessMessage
* Several governance changes
- Fixed uninitialized value in CGovernancePayment class
- Return an error on submission if any superblock payment cannot be parsed
- Added logging more statements
* Explicitly initialize all governance object members
* Fix deadlock
* Fixed non-threadsafe access to masternode in activemasternode.cpp
* Revert added wallet lock
* Changed CActiveMasternode so that watchdog expired nodes can still send pings
* Modified CActiveMasternode to run pinger regardless of state when MN is in list
* Added voter and time information to getvotes command
* Improved CActiveMasternode state management
* Implemented GetInfo functions for more efficient thread-safe access to masternode information
* Added CActiveMasternode debug logging messages
* Fixed initial type setting and error message for incorrect protocol version
* Changes based on code review comments
* Set active state for local mode
f0ed400 darkSendSigner.SignMessage() should not return error message
154f1b6 darkSendSigner.VerifyMessage() should return non-localized message, its callers should populate error to debug.log
b130c32 darkSendSigner.GetKeysFromSecret() should not return error message, its callers should handle it
068c178 Added DBG macro in util.h to facilitate debugging
- This macro allows debugging statements (typically printf's or cout's) to
be activated or deactivated with a single comment. Uncomment the line:
//#define ENABLE_DASH_DEBUG
in util.h to enable debugging statements.
- When commented any code wrapped with the DBG() macro will simply be removed
by the preprocessor. When not commented all such wrapped statements will
be present.
- For maximum effectiveness it is best that util.h be the first effective include
in all source files. It is also possible to enable the macro for a single file
by temporarily adding #define ENABLE_DASH_DEBUG to the top of the file.
- Code committed to non-development branches should always have the define
commented.
d125d9b V0.12.1.x -- merging trigger/generic object/superblock changes for testnet phase II
- This commit contains the core governance system changes for 0.12.1. Any unrelated
changes have either been removed or moved to separate commits.
120724c File mode fixes
- Changed mode 0755->0644 on several source files.
c7f9e11 Updated todo reminders
- Added reminder to revert temporary reduction of number of votes
required to trigger superblock to 1 for testing
92adc98 Made CSuperblockManager::IsValidSuperblockHeight an inline function
- This is for efficiency since this function is called often and is
only 1 line of code.
c050ed7 Added comment explaining rationale for no LOCK(cs) in CSuperblock::IsValid
dc933fe Removed unused CSuperblockManager::IsBlockValid function
decec88 Moved calls to SuperblockManager::IsValidSuperblockHeight into IsSuperblockTriggered.
- Since calls to the later function are always protected by the former there's
no reason to keep these separate and this simplifies the code in
masternode-payments.cpp.
8672885 Reestablished expected value check for non-superblocks in IsBlockValueValid
b01cbe0 Changes to IsBlockValueValid to fix rpc test failure
a937c76 Changed include order to allow per file activation of the DBG macro
d116aa5 Fixed IsValidSuperblockHeight logic
- Note this has an effect on testing because we can now only create
1 superblock per day. Devs may need to temporarily change testnet params
for easier testing.
2d0c2de Convert superblock payments to CAmount
- We assume that payment values in JSON are in units of DASH
for consistency with other RPC functions, such as
createrawtransaction.
376b833 Revert temporary testing value for nAbsVoteReq
- Also ensure that number of votes required is never smaller than 1
8c89f4b Cleaned up CSuperblock error handling
- Exceptions are now thrown consistently rather than using a mix of
exceptions and return code checking. Exceptions are now caught only
in AddNewTrigger when the CSuperblock constructor is called. Unnecessary object
status members have been removed.
d7c8a6b Removed utilstrencodings header
- This appears to help with travis tests, for unknown reasons.
c4dfc7a Fixed some minor code review issues
63c3580 Reverted locking change in miner.
- This should have been done in the original PR but was overlooked.
4ab72de Fixed variable name to match common practice and bracket formatting
886a678 Improvements to vote conversion code
- Replaced redundantly defined function with inclusion of governance-vote.h
- Replaced magic numbers with their corresponding constant symbols
0a37966 Reordered governance message handling
86d8505 Refactor CActiveMasternode
+ move strMasterNodeAddr to CActiveMasternode
a005c79 Refactor InstantSend
+ new lock cs_instantsend to protect maps on CleanTransactionLocksList()
+ new DEFAULT_INSTANTSEND_DEPTH constant
+ rename MIN_INSTANTX_PROTO_VERSION to MIN_INSTANTSEND_PROTO_VERSION and bump it
d24182c Refactor Privatesend
+ decouple from util.h and version.h
+ more functions for CDarksendBroadcastTx: constructors, signing, serialization
+ move from rand() to insecure_rand() in general but to GetRand() for session id
+ fix defaults
3249a63 Fix logging - CTransaction::ToString() always has `\n` at the end of a string, avoid adding empty line
ec03753 make mnw errors and ThreadCheckDarkSendPool less spammy
5b678af fix errorMessage - it should not have `\n`, let output code handle line endings instead
a81cdf7 rename `dash-darksend` thread to `dash-privatesend`
5e4f468 fix/remove outdated code
f1c9678 Break tooltip about third party urls in 2 lines
- try old format ipv6 if new format failed to verify
- sanitize log strings
- remove redundant ability to sign CMasternodeBroadcast in `protocolVersion < 70201` way
- verify CMasternodeBroadcast immediately on Sign
- move all CMasternodeBroadcast sig verification from CheckAndUpdate to VerifySignature
- initialize nDos at the beginning of functions so that we don't accidentally ban or reject legit MN if caller function forgot to reinitialize it
51696ac make use of getnameinfo() optional (default: true)
bec39b8 fix mnb sig bug for ipv6 addresses: use pure byte to hex conversion for construction of masternode broadcast signature, better logging
strMessage for masternode broadcast (which we sign and verify) looks like this currently:
[2001:1608:45:3::242:ac11:6]:199991464464536
?~}&?Q?S?Ǚ?q ?0??????O?I/Y?(
?f?jJF??m??bssknN??9鲜JXVs?ә?5T?8??????~70200
which I believe in some cases leads to "Got bad Masternode ping signature" errors and banning.
I propose to change the way strMessage is composed so that it looks like this:
[2002:82ff:c04:2:a90f:2261:43c4:2745]:1999514645552319591ec70225aacadfafa4ab5d21e87cdce641fd4030d029485434533c5e481578a9d471089fb5ec170200
Further more nDos for old masternodes is set to 0 to stop false positives (message still gets rejected though).