aboutsummaryrefslogtreecommitdiff
path: root/src/wallet/wallet_errors.h (unfollow)
AgeCommit message (Collapse)AuthorFilesLines
2019-10-25daemon, wallet: new pay for RPC use systemmoneromooo-monero1-0/+23
Daemons intended for public use can be set up to require payment in the form of hashes in exchange for RPC service. This enables public daemons to receive payment for their work over a large number of calls. This system behaves similarly to a pool, so payment takes the form of valid blocks every so often, yielding a large one off payment, rather than constant micropayments. This system can also be used by third parties as a "paywall" layer, where users of a service can pay for use by mining Monero to the service provider's address. An example of this for web site access is Primo, a Monero mining based website "paywall": https://github.com/selene-kovri/primo This has some advantages: - incentive to run a node providing RPC services, thereby promoting the availability of third party nodes for those who can't run their own - incentive to run your own node instead of using a third party's, thereby promoting decentralization - decentralized: payment is done between a client and server, with no third party needed - private: since the system is "pay as you go", you don't need to identify yourself to claim a long lived balance - no payment occurs on the blockchain, so there is no extra transactional load - one may mine with a beefy server, and use those credits from a phone, by reusing the client ID (at the cost of some privacy) - no barrier to entry: anyone may run a RPC node, and your expected revenue depends on how much work you do - Sybil resistant: if you run 1000 idle RPC nodes, you don't magically get more revenue - no large credit balance maintained on servers, so they have no incentive to exit scam - you can use any/many node(s), since there's little cost in switching servers - market based prices: competition between servers to lower costs - incentive for a distributed third party node system: if some public nodes are overused/slow, traffic can move to others - increases network security - helps counteract mining pools' share of the network hash rate - zero incentive for a payer to "double spend" since a reorg does not give any money back to the miner And some disadvantages: - low power clients will have difficulty mining (but one can optionally mine in advance and/or with a faster machine) - payment is "random", so a server might go a long time without a block before getting one - a public node's overall expected payment may be small Public nodes are expected to compete to find a suitable level for cost of service. The daemon can be set up this way to require payment for RPC services: monerod --rpc-payment-address 4xxxxxx \ --rpc-payment-credits 250 --rpc-payment-difficulty 1000 These values are an example only. The --rpc-payment-difficulty switch selects how hard each "share" should be, similar to a mining pool. The higher the difficulty, the fewer shares a client will find. The --rpc-payment-credits switch selects how many credits are awarded for each share a client finds. Considering both options, clients will be awarded credits/difficulty credits for every hash they calculate. For example, in the command line above, 0.25 credits per hash. A client mining at 100 H/s will therefore get an average of 25 credits per second. For reference, in the current implementation, a credit is enough to sync 20 blocks, so a 100 H/s client that's just starting to use Monero and uses this daemon will be able to sync 500 blocks per second. The wallet can be set to automatically mine if connected to a daemon which requires payment for RPC usage. It will try to keep a balance of 50000 credits, stopping mining when it's at this level, and starting again as credits are spent. With the example above, a new client will mine this much credits in about half an hour, and this target is enough to sync 500000 blocks (currently about a third of the monero blockchain). There are three new settings in the wallet: - credits-target: this is the amount of credits a wallet will try to reach before stopping mining. The default of 0 means 50000 credits. - auto-mine-for-rpc-payment-threshold: this controls the minimum credit rate which the wallet considers worth mining for. If the daemon credits less than this ratio, the wallet will consider mining to be not worth it. In the example above, the rate is 0.25 - persistent-rpc-client-id: if set, this allows the wallet to reuse a client id across runs. This means a public node can tell a wallet that's connecting is the same as one that connected previously, but allows a wallet to keep their credit balance from one run to the other. Since the wallet only mines to keep a small credit balance, this is not normally worth doing. However, someone may want to mine on a fast server, and use that credit balance on a low power device such as a phone. If left unset, a new client ID is generated at each wallet start, for privacy reasons. To mine and use a credit balance on two different devices, you can use the --rpc-client-secret-key switch. A wallet's client secret key can be found using the new rpc_payments command in the wallet. Note: anyone knowing your RPC client secret key is able to use your credit balance. The wallet has a few new commands too: - start_mining_for_rpc: start mining to acquire more credits, regardless of the auto mining settings - stop_mining_for_rpc: stop mining to acquire more credits - rpc_payments: display information about current credits with the currently selected daemon The node has an extra command: - rpc_payments: display information about clients and their balances The node will forget about any balance for clients which have been inactive for 6 months. Balances carry over on node restart.
2019-03-05Update 2019 copyrightbinaryFate1-1/+1
2019-02-22Better error when sending a tx with a too large extra fieldmoneromooo-monero1-3/+20
2018-12-12MMS (Multisig Messaging System): Initial versionrbrunner71-0/+25
2018-11-29device/trezor: passphrase entry on hostDusan Klinec1-0/+8
- simple device callback object added. Device can request passphrase/PIN entry via the callback or notify user some action is required - callback is routed to wallet2, which routes the callback to i_wallet_callback so CLI or GUI wallets can support passphrase entry for HW tokens - wallet: device open needs wallet callback first - passphrase protected device needs wallet callback so user can enter passphrase
2018-10-11Return appropriate RPC error code when key image signature check failsMichał Sałaban1-0/+9
2018-09-14remove obsolete daemon selection of fake outs and old tx constructionmoneromooo-monero1-3/+3
2018-09-11v8: per byte fee, pad bulletproofs, fixed 11 ring sizemoneromooo-monero1-6/+6
2018-08-16store secret keys encrypted where possiblemoneromooo-monero1-0/+9
The secret spend key is kept encrypted in memory, and decrypted on the fly when needed. Both spend and view secret keys are kept encrypted in a JSON field in the keys file. This avoids leaving the keys in memory due to being manipulated by the JSON I/O API.
2018-07-16wallet2: recover from index out of hashchain bounds errormoneromooo-monero1-0/+11
This can happen when there's a very large reorg on the daemon (ie, on testnet)
2018-03-16wallet: add shared ring databasemoneromooo-monero1-0/+1
This maps key images to rings, so that different forks can reuse the rings by key image. This avoids revealing the real inputs like would happen if two forks spent the same outputs with different rings. This database is meant to be shared with all Monero forks which don't bother making a new chain, putting users' privacy at risk in the process. It is placed in a shared data directory by default ($HOME/.shared-ringdb on UNIX like systems). You may use --shared-ringdb-dir to override this location, and should then do so for all Monero forks for them to share the database.
2018-03-16add RPC to get a histogram of outputs of a given amountmoneromooo-monero1-0/+9
2018-03-15Fix typos in various filesDimitris Apostolou1-1/+1
2018-03-05Stagenetstoffu1-8/+8
2018-01-26Update 2018 copyrightxmr-eric1-1/+1
2017-12-20wallet: support for multisig seedsmoneromooo-monero1-0/+11
They are hex rather than words, because they are a lot longer than "normal" seeds, as they have to embed a lot more information
2017-12-17Add N/N multisig tx generation and signingmoneromooo-monero1-1/+18
Scheme by luigi1111: Multisig for RingCT on Monero 2 of 2 User A (coordinator): Spendkey b,B Viewkey a,A (shared) User B: Spendkey c,C Viewkey a,A (shared) Public Address: C+B, A Both have their own watch only wallet via C+B, a A will coordinate spending process (though B could easily as well, coordinator is more needed for more participants) A and B watch for incoming outputs B creates "half" key images for discovered output D: I2_D = (Hs(aR)+c) * Hp(D) B also creates 1.5 random keypairs (one scalar and 2 pubkeys; one on base G and one on base Hp(D)) for each output, storing the scalar(k) (linked to D), and sending the pubkeys with I2_D. A also creates "half" key images: I1_D = (Hs(aR)+b) * Hp(D) Then I_D = I1_D + I2_D Having I_D allows A to check spent status of course, but more importantly allows A to actually build a transaction prefix (and thus transaction). A builds the transaction until most of the way through MLSAG_Gen, adding the 2 pubkeys (per input) provided with I2_D to his own generated ones where they are needed (secret row L, R). At this point, A has a mostly completed transaction (but with an invalid/incomplete signature). A sends over the tx and includes r, which allows B (with the recipient's address) to verify the destination and amount (by reconstructing the stealth address and decoding ecdhInfo). B then finishes the signature by computing ss[secret_index][0] = ss[secret_index][0] + k - cc[secret_index]*c (secret indices need to be passed as well). B can then broadcast the tx, or send it back to A for broadcasting. Once B has completed the signing (and verified the tx to be valid), he can add the full I_D to his cache, allowing him to verify spent status as well. NOTE: A and B *must* present key A and B to each other with a valid signature proving they know a and b respectively. Otherwise, trickery like the following becomes possible: A creates viewkey a,A, spendkey b,B, and sends a,A,B to B. B creates a fake key C = zG - B. B sends C back to A. The combined spendkey C+B then equals zG, allowing B to spend funds at any time! The signature fixes this, because B does not know a c corresponding to C (and thus can't produce a signature). 2 of 3 User A (coordinator) Shared viewkey a,A "spendkey" j,J User B "spendkey" k,K User C "spendkey" m,M A collects K and M from B and C B collects J and M from A and C C collects J and K from A and B A computes N = nG, n = Hs(jK) A computes O = oG, o = Hs(jM) B anc C compute P = pG, p = Hs(kM) || Hs(mK) B and C can also compute N and O respectively if they wish to be able to coordinate Address: N+O+P, A The rest follows as above. The coordinator possesses 2 of 3 needed keys; he can get the other needed part of the signature/key images from either of the other two. Alternatively, if secure communication exists between parties: A gives j to B B gives k to C C gives m to A Address: J+K+M, A 3 of 3 Identical to 2 of 2, except the coordinator must collect the key images from both of the others. The transaction must also be passed an additional hop: A -> B -> C (or A -> C -> B), who can then broadcast it or send it back to A. N-1 of N Generally the same as 2 of 3, except participants need to be arranged in a ring to pass their keys around (using either the secure or insecure method). For example (ignoring viewkey so letters line up): [4 of 5] User: spendkey A: a B: b C: c D: d E: e a -> B, b -> C, c -> D, d -> E, e -> A Order of signing does not matter, it just must reach n-1 users. A "remaining keys" list must be passed around with the transaction so the signers know if they should use 1 or both keys. Collecting key image parts becomes a little messy, but basically every wallet sends over both of their parts with a tag for each. Thia way the coordinating wallet can keep track of which images have been added and which wallet they come from. Reasoning: 1. The key images must be added only once (coordinator will get key images for key a from both A and B, he must add only one to get the proper key actual key image) 2. The coordinator must keep track of which helper pubkeys came from which wallet (discussed in 2 of 2 section). The coordinator must choose only one set to use, then include his choice in the "remaining keys" list so the other wallets know which of their keys to use. You can generalize it further to N-2 of N or even M of N, but I'm not sure there's legitimate demand to justify the complexity. It might also be straightforward enough to support with minimal changes from N-1 format. You basically just give each user additional keys for each additional "-1" you desire. N-2 would be 3 keys per user, N-3 4 keys, etc. The process is somewhat cumbersome: To create a N/N multisig wallet: - each participant creates a normal wallet - each participant runs "prepare_multisig", and sends the resulting string to every other participant - each participant runs "make_multisig N A B C D...", with N being the threshold and A B C D... being the strings received from other participants (the threshold must currently equal N) As txes are received, participants' wallets will need to synchronize so that those new outputs may be spent: - each participant runs "export_multisig FILENAME", and sends the FILENAME file to every other participant - each participant runs "import_multisig A B C D...", with A B C D... being the filenames received from other participants Then, a transaction may be initiated: - one of the participants runs "transfer ADDRESS AMOUNT" - this partly signed transaction will be written to the "multisig_monero_tx" file - the initiator sends this file to another participant - that other participant runs "sign_multisig multisig_monero_tx" - the resulting transaction is written to the "multisig_monero_tx" file again - if the threshold was not reached, the file must be sent to another participant, until enough have signed - the last participant to sign runs "submit_multisig multisig_monero_tx" to relay the transaction to the Monero network
2017-11-15Add out-of-bound exceptions and handle them in RPCMichał Sałaban1-0/+22
2017-11-14wallet: move some scoped_message_writer calls from the libsmoneromooo-monero1-0/+6
2017-10-16Distinguish "not enough money" and "not enough unlocked money"binaryFate1-4/+31
Fix #1530
2017-10-07Subaddresseskenshi841-2/+2
2017-08-07change mixin to ring size in user visible placesmoneromooo-monero1-2/+2
2017-06-03Prevent crash if performing certain actions before wallet is initializedRobby Weinberg1-0/+10
2017-02-21update copyright year, fix occasional lack of newline at line endRiccardo Spagni1-1/+1
2017-02-08extract some basic code from libcryptonote_core into libcryptonote_basickenshi841-1/+1
2017-01-16wallet: add a node RPC cache layer for simple RPC callsmoneromooo-monero1-0/+12
Mostly getinfo and get_hard_fork_info, which are called pretty often. This speeds up transfers as a bonus.
2016-10-15wallet: improve error messages when not enough money for transfermoneromooo-monero1-0/+27
2016-09-16wallet: change priority/fee to ArticMine's recommendationmoneromooo-monero1-4/+4
We keep 1, 2, 3 multipliers till the fee decrase from 0.01/kB to 0.002/kB, where we start using 1, 20, 166 multipliers. This ensures the higher multiplier will compensate for the block reward penalty when pushing past 100% of the past median. The fee-multiplier wallet setting is now rename to priority, since it keeps its [0..3] range, but maps to different multiplier values.
2016-08-11Fake outs set is now decided by the walletmoneromooo-monero1-3/+3
This plugs a privacy leak from the wallet to the daemon, as the daemon could previously see what input is included as a transaction input, which the daemon hadn't previously supplied. Now, the wallet requests a particular set of outputs, including the real one. This can result in transactions that can't be accepted if the wallet happens to select too many outputs with non standard unlock times. The daemon could know this and select another output, but the wallet is blind to it. It's currently very unlikely since I don't think anything uses non default unlock times. The wallet requests more outputs than necessary so it can use spares if any of the returns outputs are still locked. If there are not enough spares to reach the desired mixin, the transaction will fail.
2016-06-22wallet: add a fee multipliermoneromooo-monero1-0/+10
Fee can now be multiplied by 2 or 3, if users want to give priority to their transactions. There are only three levels to avoid too much fingerprinting. Default is 1 (minimum fee). The default multiplier can be set by "set fee-multiplier X".
2016-04-17Add GET_HASHES_FAST rpc, use it in walletHoward Chu1-0/+5
When m_refresh_from_block_height has been set, only hashes will be retrieved up to that height, instead of full blocks. The same will be done for "refresh <height>" when the specified height is beyond the current local blockchain.
2016-03-27Convey tx verification failure reasons to the RPC clientmoneromooo-monero1-1/+8
This allows appropriate action to be taken, like displaying the reason to the user. Do just that in simplewallet, which should help a lot in determining why users fail to send. Also make it so a tx which is accepted but not relayed is seen as a success rather than a failure.
2016-03-26wallet: change sweep_dust to sweep_unmixablemoneromooo-monero1-0/+9
With the change in mixin rules for v2, the "annoying" outputs are slightly changed. There is high correlation between dust and unmixable, but no equivalence.
2016-03-16Wallet::store_to(path, password) implemented;Ilya Kitaev1-1/+0
2016-03-11Use boost::thread instead of std::threadHoward Chu1-0/+1
and all other associated IPC
2016-01-29wallet: detect and handle failed outgoing transfersmoneromooo-monero1-0/+11
When a transaction is not found in the pool anymore, it is marked as failed, and displayed as such in show_transfers.
2015-12-31updated copyright yearRiccardo Spagni1-1/+1
2015-12-17wallet: save to a temporary file, then renamemoneromooo-monero1-0/+6
This should avoid most of wallet cache corruption cases
2015-08-11wallet: new rescan_spent command to update outputs' spent statusmoneromooo-monero1-0/+9
This obsoletes the need for a lengthy blockchain rescan when a transaction doesn't end up in the chain after being accepted by the daemon, or any other reason why the wallet's idea of spent and unspent outputs gets out of sync from the blockchain's.
2015-01-02year updated in licenseRiccardo Spagni1-1/+1
2014-09-15Give up on brace initializers in initializer lists (MSVC bug)Zachary Michaels1-9/+9
2014-09-15Separate testnet address prefixZachary Michaels1-11/+26
2014-07-23License updated to BSD 3-clausefluffypony1-3/+29
2014-07-01Explicit error constructorsZachary Michaels1-5/+5
2014-06-12most functions prototyped/modified for wallet recoveryThomas Winget1-0/+11
2014-05-03initial [broken] updatemydesktop1-23/+0
2014-04-07Improvements in JSON RPCAntonio Juarez1-1/+1
2014-04-02json rpc for wallet and bugfixAntonio Juarez1-0/+611