a42e9df06f
fix: createwallet to require 'load_on_startup' for descriptor wallets (Konstantin Akimov) Pull request description: ## Issue being fixed or feature implemented RPC `createwallet` has changed list of arguments: `createwallet "wallet_name" ( disable_private_keys blank "passphrase" avoid_reuse descriptors load_on_startup )` since https://github.com/dashpay/dash/pull/5965 `load_on_startup` used to be an argument 5 but now it has a number 6. Both arguments 5 and 6 are boolean and it can confuse an user: they may even not notice that something wrong when it meant to be "load on startup" but got "descriptor wallet" which is not expected. See also previous attempt to resolve issue: https://github.com/dashpay/dash/pull/6029 ## What was done? To prevent confusion if user is not aware about this breaking changes, the RPC createwallet throws an exception if user trying to create descriptor wallet but has not mentioned load_on_startup. This requirement can be removed when major amount of users updated to v21. ## How Has This Been Tested? Run unit/functional tests Tested with CLI: ``` $ createwallet "tmp-create" true true "" false true RPC createwallet would not accept creating descriptor wallets without specifying 'load_on_startup' flag. It is required explicitly in v21 due to breaking changes in createwallet RPC (code -8) $ createwallet "tmp-create" true true "" false true true { "name": "tmp-create", "warning": "Empty string given as passphrase, wallet will not be encrypted.\nWallet is an experimental descriptor wallet" } ``` ## Breaking Changes You can't more pass 'descriptor=NN' without https://github.com/dashpay/dash/pull/5965 which has not been released yet. ## Checklist: - [x] I have performed a self-review of my own code - [x] I have commented my code, particularly in hard-to-understand areas - [x] I have added or updated relevant unit/integration/functional/e2e tests - [ ] I have made corresponding changes to the documentation - [x] I have assigned this pull request to a milestone ACKs for top commit: UdjinM6: utACKa42e9df06f
PastaPastaPasta: utACKa42e9df06f
thephez: utACKa42e9df06f
Tree-SHA512: bf57fed40d04a32e756e4f8bfabbe39c0cbf87275546c92f4efc19523bc3c5dd3ddc5a884d67285971dc301a6c5808bef979db52c35645ca2db0810046fe1bdc
6.8 KiB
Wallet
Experimental Descriptor Wallets
Please note that Descriptor Wallets are still experimental and not all expected functionality is available. Additionally there may be some bugs and current functions may change in the future. Bugs and missing functionality can be reported to the issue tracker.
v21 introduces a new type of wallet - Descriptor Wallets. Descriptor Wallets store scriptPubKey information using descriptors. This is in contrast to the Legacy Wallet structure where keys are used to generate scriptPubKeys and addresses. Because of this shift to being script based instead of key based, many of the confusing things that Legacy Wallets do are not possible with Descriptor Wallets. Descriptor Wallets use a definition of "mine" for scripts which is simpler and more intuitive than that used by Legacy Wallets. Descriptor Wallets also uses different semantics for watch-only things and imports.
As Descriptor Wallets are a new type of wallet, their introduction does not affect existing wallets. Users who already have a Dash Core wallet can continue to use it as they did before without any change in behavior. Newly created Legacy Wallets (which is the default type of wallet) will behave as they did in previous versions of Dash Core.
The differences between Descriptor Wallets and Legacy Wallets are largely limited to non user facing things. They are intended to behave similarly except for the import/export and watchonly functionality as described below.
Creating Descriptor Wallets
Descriptor Wallets are not created by default. They must be explicitly created using the
createwallet
RPC or via the GUI. A descriptors
option has been added to createwallet
.
Setting descriptors
to true
will create a Descriptor Wallet instead of a Legacy Wallet.
In the GUI, a checkbox has been added to the Create Wallet Dialog to indicate that a Descriptor Wallet should be created.
Without those options being set, a Legacy Wallet will be created instead.
IsMine
Semantics
IsMine
refers to the function used to determine whether a script belongs to the wallet.
This is used to determine whether an output belongs to the wallet. IsMine
in Legacy Wallets
returns true if the wallet would be able to sign an input that spends an output with that script.
Since keys can be involved in a variety of different scripts, this definition for IsMine
can
lead to many unexpected scripts being considered part of the wallet.
With Descriptor Wallets, descriptors explicitly specify the set of scripts that are owned by
the wallet. Since descriptors are deterministic and easily enumerable, users will know exactly
what scripts the wallet will consider to belong to it. Additionally the implementation of IsMine
in Descriptor Wallets is far simpler than for Legacy Wallets. Notably, in Legacy Wallets, IsMine
allowed for users to take one type of address (e.g. P2PKH), mutate it into another address type
and the wallet would still detect outputs sending to the new address type
even without that address being requested from the wallet. Descriptor Wallets does not
allow for this and will only watch for the addresses that were explicitly requested from the wallet.
These changes to IsMine
will make it easier to reason about what scripts the wallet will
actually be watching for in outputs. However for the vast majority of users, this change is
largely transparent and will not have noticeable effect.
Imports and Exports
In Legacy Wallets, raw scripts and keys could be imported to the wallet. Those imported scripts
and keys are treated separately from the keys generated by the wallet. This complicates the IsMine
logic as it has to distinguish between spendable and watchonly.
Descriptor Wallets handle importing scripts and keys differently. Only complete descriptors can be
imported. These descriptors are then added to the wallet as if it were a descriptor generated by
the wallet itself. This simplifies the IsMine
logic so that it no longer has to distinguish
between spendable and watchonly. As such, the watchonly model for Descriptor Wallets is also
different and described in more detail in the next section.
To import into a Descriptor Wallet, a new importdescriptors
RPC has been added that uses a syntax
similar to that of importmulti
.
As Legacy Wallets and Descriptor Wallets use different mechanisms for storing and importing scripts and keys the existing import RPCs have been disabled for descriptor wallets. New export RPCs for Descriptor Wallets have not yet been added.
The following RPCs are disabled for Descriptor Wallets:
- importprivkey
- importpubkey
- importaddress
- importwallet
- importelectrumwallet
- dumpprivkey
- dumpwallet
- dumphdinfo
- importmulti
- addmultisigaddress
Watchonly Wallets
A Legacy Wallet contains both private keys and scripts that were being watched.
Those watched scripts would not contribute to your normal balance. In order to see the watchonly
balance and to use watchonly things in transactions, an include_watchonly
option was added
to many RPCs that would allow users to do that. However it is easy to forget to include this option.
Descriptor Wallets move to a per-wallet watchonly model. Instead an entire wallet is considered to be watchonly depending on whether it was created with private keys disabled. This eliminates the need to distinguish between things that are watchonly and things that are not within a wallet itself.
This change does have a caveat. If a Descriptor Wallet with private keys enabled has
a multiple key descriptor without all of the private keys (e.g. multi(...)
with only one private key),
then the wallet will fail to sign and broadcast transactions. Such wallets would need to use the PSBT
workflow but the typical GUI Send, sendtoaddress
, etc. workflows would still be available, just
non-functional.
This issue is worsened if the wallet contains both single key (e.g. pkh(...)
) descriptors and such
multiple key descriptors as some transactions could be signed and broadast and others not. This is
due to some transactions containing only single key inputs, while others would contain both single
key and multiple key inputs, depending on which are available and how the coin selection algorithm
selects inputs. However this is not considered to be a supported use case; multisigs
should be in their own wallets which do not already have descriptors. Although users cannot export
descriptors with private keys for now as explained earlier.
RPC changes
createwallet
has changed list of arguments:createwallet "wallet_name" ( disable_private_keys blank "passphrase" avoid_reuse descriptors load_on_startup )
load_on_startup
used to be an argument 5 but now has a number 6.createwallet
requires specifying theload_on_startup
flag when creating descriptor wallets due to breaking changes in v21.