| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
23179a0 wallet: fix multisig key memory leak (jeffro256)
|
|
e191083 epee: remove dead code in math_helper and string_tools (jeffro256)
|
|
Multisig keys per-transfer were being wiped, but not erased, which lead to a ginormous
quadratic bloat the more transfers and exports you performed with the wallet.
|
|
932bba3 depends: remove libiconv: unused (tobtoht)
|
|
759293d wallet2: fix version check at hf version 1 (j-berman)
|
|
8190f25 KV_SERIALIZE: remove extraneous semicolons in DSL (jeffro256)
|
|
|
|
|
|
The Monero GUI code was calling `Monero::wallet::setPassword()` on every open/close for some reason,
and the old `store_to()` code called `store_keys()` with `watch_only=false`, even for watch-only wallets.
This caused a bug where the watch-only keys file got saved with with the JSON field `watch_only` set to 0,
and after saving a watch-only wallet once, a user could never open it back up against because `load()` errored out.
This never got brought up before this because you would have to change the file location of the watch-only
wallet to see this bug, and I guess that didn't happen often, but calling the new `store_to()` function with the
new `force_rewrite` parameter set to `true` triggers key restoring and the bug appeared.
|
|
Resolves #8932 and:
2. Not storing cache when new path is different from old in `store_to()` and
3. Detecting same path when new path contains entire string of old path in `store_to()` and
4. Changing your password / decrypting your keys (in this method or others) and providing a bad original password and getting no error and
5. Changing your password and storing to a new file
|
|
|
|
f7fb5c7 scan_tx: fix custom comparator for == case; fixes #8951 (j-berman)
|
|
a0e5c3c wallet2: when checking frozen multisig tx set, don't assume order (jeffro256)
|
|
45b52de wallet-rpc: restore from multisig seed (jeffro256)
|
|
a8d2a58 wallet2: ensure transfers and sweeps use same fee calc logic (j-berman)
|
|
Prereq of https://github.com/monero-project/monero/pull/8867
|
|
|
|
Co-authored-by: woodser <woodser@protonmail.com>
|
|
|
|
369a5a8 wallet: respect frozen key images in multisig wallets (jeffro256)
|
|
c138a28 wallet2: take ignored-by-value outputs into account in balance (Crypto City)
|
|
a668312 wallet: remove CLI code for non default ring sizes (Jeffro256)
|
|
a6639df wallet_rpc_server: dedup transfer RPC responses (jeffro256)
Very special PR.
|
|
|
|
eeda4a8 wallet2: do not lose exception in current thread on refresh (Crypto City
f868768 wallet2: fix missing exceptions from failing wallet refresh (Crypto City)
|
|
87e2a64 Allow option 'non-interactive' in monerod config file (almalh)
|
|
- Detach & re-process txs >= lowest scan height
- ensures that if a user calls scan_tx(tx1) after scanning tx2,
the wallet correctly processes tx1 and tx2
- if a user provides a tx with a height higher than the wallet's
last scanned height, the wallet will scan starting from that tx's
height
- scan_tx requires trusted daemon iff need to re-process existing
txs: in addition to querying a daemon for txids, if a user
provides a txid of a tx with height *lower* than any *already*
scanned txs in the wallet, then the wallet will also query the
daemon for all the *higher* txs as well. This is likely
unexpected behavior to a caller, and so to protect a caller from
revealing txid's to an untrusted daemon in an unexpected way,
require the daemon be trusted.
|
|
Before this change, if a multisig peer asked you to sign a transaction with a frozen enote, the wallet will do it without any error or warning. This change makes it
so that wallets will refuse to sign multisig transactions with frozen enotes.
Disclaimer: This PR was generously funded by @LocalMonero.
|
|
|
|
|
|
|
|
|
|
Ensures both transfers and sweeps use a fee that's calculated
from the tx's weight. Using different logic could theoretically
enable distinguishability between the two types of txs. We don't
want that.
|
|
|
|
|
|
d2a591d wallet, simplewallet: Drop support for mine-to-use RPC system (Jeffrey Ryan)
|
|
eb0e405 gamma picker: relax constructor requirements and test for selecting outputs from first spendable block (jeffro256)
|
|
f383fd3 wallet2: make m_process_pool_txs local to refresh method (jeffro256)
|
|
7a4a03d wallet2: do not commit transactions more than once (moneromooo-monero)
|
|
c61d33e wallet2: fix outdated wallet check (Crypto City)
|
|
Using post-PR wallet with pre-PR node will generate error message specific to this PR and not generic "command failed" mesages.
|
|
9e09093 wallet_rpc_server: allow creating more than 64 addresses at once (moneromooo-monero)
|
|
9c7d28b wallet2: add on_reorg callback (Crypto City)
|
|
5b4fea7 Copyright: Update to 2023 (mj-xmr)
|
|
|
|
from first spendable block
|
|
The gamma picker and the caller code did not quite agree on the
number of rct outputs available for use - by one block - which
caused an infinite loop if the picker could never pick outputs
from that block but already had picked all other outputs from
previous blocks.
Also change the range to select from using code from UkoeHB.
|
|
|
|
Fixes #8793
|
|
it was mistaking the number of forks in the fork table for
the last fork, and assuming the table was including every
single fork
|
|
c4af33e Enforce restricted # pool txs served via RPC + optimize chunked reqs (j-berman)
9752116 wallet2, RPC: Optimize RPC calls for periodic refresh from 3 down to 1 call (rbrunner7)
|
|
- `/getblocks.bin` respects the `RESTRICTED_TX_COUNT` (=100) when
returning pool txs via a restricted RPC daemon.
- A restricted RPC daemon includes a max of `RESTRICTED_TX_COUNT` txs
in the `added_pool_txs` field, and returns any remaining pool hashes
in the `remaining_added_pool_txids` field. The client then requests
the remaining txs via `/gettransactions` in chunks.
- `/gettransactions` no longer does expensive no-ops for ALL pool txs
if the client requests a subset of pool txs. Instead it searches for
the txs the client explicitly requests.
- Reset `m_pool_info_query_time` when a user:
(1) rescans the chain (so the wallet re-requests the whole pool)
(2) changes the daemon their wallets points to (a new daemon would
have a different view of the pool)
- `/getblocks.bin` respects the `req.prune` field when returning
pool txs.
- Pool extension fields in response to `/getblocks.bin` are optional
with default 0'd values.
|
|
it's too low a limit (at least one person mentioned having to
call create_address in a loop due to it)
|
|
|
|
Co-authored-by: plowsof <plowsof@protonmail.com>
extra files
|
|
7a3a593 common: move boost_serialization_helper.h out and cleanup includes (Jeffrey Ryan)
|
|
- Straight-forward call interface: `void rx_slow_hash(const char *seedhash, const void *data, size_t length, char *result_hash)`
- Consensus chain seed hash is now updated by calling `rx_set_main_seedhash` whenever a block is added/removed or a reorg happens
- `rx_slow_hash` will compute correct hash no matter if `rx_set_main_seedhash` was called or not (the only difference is performance)
- New environment variable `MONERO_RANDOMX_FULL_MEM` to force use the full dataset for PoW verification (faster block verification)
- When dataset is used for PoW verification, dataset updates don't stall other threads (verification is done in light mode then)
- When mining is running, PoW checks now also use dataset for faster verification
|
|
|
|
|
|
1114e7e fix(trezor-tests): fix trezor tests build, fix integrated addr test (Dusan Klinec)
|
|
cac5083 wallet2: fix create view-only wallet from existing wallet (j-berman)
|
|
97b86a0 wallet_api: take priority into account when estimating fee (selsta)
|
|
- fix integrated address test, it was not testing integrated address suport
- fix trezor test build as dependent classes were changed
- add a friend test class for Monero::WalletImpl to support wallet api tests
When using wallet_api in tests, synthetic chain is used. Without being able to set `allow_mismatched_daemon_version` in the underlying wallet, we are not able to use a synthetic chain with the tests
|
|
09d69b6 rpc: remove overwriting value (SerHack)
|
|
501db2c Wallet RPC: remove duplicate line (SerHack)
|
|
23fde15 wallet_rpc_server: chunk refresh to keep responding to RPC while refreshing (moneromooo-monero) 5bb2369 wallet_rpc_server: add --no-initial-sync flag for quicker network binding (moneromooo-monero)
|
|
|
|
|
|
e9ce347 wallet2: fail to establish daemon cxn == 'Disconnected' cxn status (j-berman)
|
|
28f25c0 Second thread pool for IO (SChernykh)
|
|
4b0785f add an option to force-update multisig key exchange under some circumstances (koe)
|
|
|
|
|
|
|
|
b8271ab wallet2: check wallet compatibility with daemon's hard fork version (j-berman)
|
|
eca7f6a Fix segfault restoring encrypted multisig seed (j-berman)
f713c3c Require user ack multisig is experimental to restore (j-berman)
564a7a3 multisig: fix #8537 seed restore (suggestions by @UkoeHB) (j-berman)
|
|
|
|
76a5b54 Fix missing semi-colon in error message (j-berman)
|
|
959a3e6 wallet2: ensure imported outputs subaddresses are created (moneromooo-monero)
a098504 wallet2: better test on whether to allow output import (moneromooo-monero)
c5579ac allow exporting outputs in chunks (moneromooo-monero)
1e912ec wallet2: fixes for export/import output flow (j-berman)
692f1d4 wallet2: do not assume imported outputs must be non empty (moneromooo-monero)
67b6d6a wallet2: prevent importing outputs in a hot wallet (moneromooo-monero)
d9fc666 wallet2: fix missing subaddress indices in 'light' exported outputs (moneromooo-monero)
|
|
Co-authored-by: woodser <woodser@protonmail.com>
|
|
- spend secret key is no longer the sum of multisig key shares;
no need to check that is the case upon restore.
- restoring a multisig wallet from multisig info means that the
wallet must have already completed all setup rounds. Upon restore,
set the number of rounds completed accordingly.
|
|
reported by j-berman
|
|
600de07 wallet_rpc_server: longer timeout for stop_mining (moneromooo-monero)
ac6db92 functional_tests: silence the cpu power test program (moneromooo-monero)
|
|
4d7f6f5 GCC: fix some unused warnings (Jeffrey Ryan)
|
|
|
|
|
|
Being offline is not a good enough heuristic, so we keep track
of whether the wallet ever refreshed from a daemon, which is a
lot better, and probably the best we can do without manual user
designation (which would break existing cold wallet setups till
the user designates those wallets)
|
|
this will make it easier huge wallets to do so without hitting
random limits (eg, max string size in node).
|
|
- only allow offline wallets to import outputs
- don't import empty outputs
- export subaddress indexes when exporting outputs
|
|
|
|
|
|
|
|
That RPC will wait for mining to actually stop, which can be a while
if randomx has just started on randomx_init_dataset.
This fixes occasional failures in the mining functional test
|
|
db8181a wallet2: force using output distribution for ringct outs (tobtoht)
|
|
edcc094 derive multisig tx secret keys from an entropy source plus the tx inputs' key images (koe)
|
|
5770265 wallet2: keep around transaction prefix for confirmed transfers (tobtoht)
|
|
key images
|
|
bd1e7c5 wallet2: prevent crash when reading tx w/fewer outputs than expected (j-berman)
|
|
c7b2944 multisig: fix critical vulnerabilities in signing (anon)
|
|
hash_extra: don't test for success in `jh_hash` and `skein_hash` since its guaranteed
device_ledger: move anonymous global variable apdu_verbose into .cpp file
Add comments to `refreshed` method variable in wallet2
|
|
09a597b wallet2: don't use DNS to obtain segregation heights (tobtoht)
|
|
50ccc7e wallet2: remove obsolete rpc version check (tobtoht)
|
|
4278a3a cryptonote_basic: catch crypto api errors (moneromooo-monero)
|
|
04c0da2 Chunk /gettransactions to avoid hitting restricted RPC limit (tobtoht)
|
|
16f8e04 Remove erraneous commas (Luke Parker)
da0715e Improve consistency between on_money_received and on_money_received_unconfirmed (Luke Parker)
|
|
|
|
de2f0d0 wallet_api: add scanTransactions function (selsta)
|
|
|
|
|
|
|
|
Co-authored-by: j-berman <justinberman@protonmail.com>
|
|
|
|
|
|
|
|
|
|
unconfirmed solely uses a - b, and received now accepts b so it can
provide more detailed logs on what occurred (printing a - b, yet with a
and b).
|
|
fde7c96 wallet2: fix spurious reorg detection with untrusted nodes (moneromooo-monero)
|
|
2979474 disable multisig by default (moneromooo-monero)
|
|
|
|
|
|
There are vulnerabilities in multisig protocol if the parties do not
trust each other, and while there is a patch for it, it has not been
throroughly reviewed yet, so it is felt safer to disable multisig by
default for now.
If all parties in a multisig setup trust each other, then it is safe
to enable multisig.
|
|
f63f7dc wallet2: fix a couple unused variable warnings (selsta)
|
|
When forced to deal with an untrusted node, a wallet will quantize
its current height to disguise the real height to the adversary, to
try and minimize the daemon's ability to distinguish returning
wallets.
Daemons will thus return more blocks than the wallet needs, starting
from earlier in the chain. These extra blocks will be disregarded
by the wallet, which had already scanned them.
However, for the purposes of reorg size detection, the wallet assumes
all blocks the daemon sends are different, which is only correct if
the wallet hasn't been coy, which is only the case for trusted
daemons (which you should use). This causes an issue when the size
of this "fake reorg" is above the sanity check threshold at which
the wallet refuses a reorg.
To fix this, the reorg size check is moved later on, when the reorg
is about to actually happen, after the wallet has checked which
blocks are actually different from the ones it expects.
|
|
2.8 seconds -> 2.6 seconds on a test case
|
|
3.3 seconds -> 2.8 seconds on a test case
|
|
5.2 seconds -> 4.1 seconds on a test case
|
|
5.9 second -> 5.2 seconds on a test case
|
|
baee2c0 Preserve commitment format inside transactions (kayabaNerve)
|
|
0d6ecb1 multisig: add post-kex verification round to check that all participants have completed the multisig address (koe)
|
|
|
|
have completed the multisig address
|
|
a14fdf8 Remove /include (Jeffrey)
|
|
5d388eb Bump ring size to 16 for v15 & remove set default in wallet cli (j-berman)
|
|
|
|
9df7179 wallet2: use BP+ for cold signing (moneromooo-monero)
|
|
|
|
Implements view tags as proposed by @UkoeHB in MRL issue
https://github.com/monero-project/research-lab/issues/73
At tx construction, the sender adds a 1-byte view tag to each
output. The view tag is derived from the sender-receiver
shared secret. When scanning for outputs, the receiver can
check the view tag for a match, in order to reduce scanning
time. When the view tag does not match, the wallet avoids the
more expensive EC operations when deriving the output public
key using the shared secret.
|
|
reported by ukoehb
|
|
https://github.com/ArticMine/Monero-Documents/blob/master/MoneroScaling2021-02.pdf
with a change to use 1.7 instead of 2.0 for the max long term increase rate
|
|
* `IWallet.h` hasn't been touched since 2014, and has been replaced by `src/wallet/api/wallet2_api.h`
* `INode.h` is in a similar situation with `src/p2p/net_node.h`
|
|
d1f1947 wallet_rpc_server: support regex for get_accounts tag (reemuru)
|
|
7dcfccb wallet_rpc_server: fix make_integrated_address with no payment id (moneromooo-monero)
|
|
da9aa1f Copyright: Update to 2022 (mj-xmr)
|
|
3c82958 wallet2: update stagenet rollback blocks (selsta)
|
|
ae0a840 wallet2: decrease the amount of data exchanged for output export (moneromooo-monero)
|
|
bd27deb Bulletproofs+ (SarangNoether)
b7713cc Precompute initial transcript hash (SarangNoether)
b535d66 Updates from security audit (SarangNoether)
a0d80b1 plug bulletproofs plus into consensus (moneromooo-monero)
75bd004 ringct: a few minor optimizations from review (moneromooo-monero)
a345060 ringct: port some of vtnerd's review changes from BP+ to BP (moneromooo-monero)
4c94cfe store outPk/8 in the tx for speed (moneromooo-monero)
5acdd0e bulletproofs+: some minor cleanup from vtnerd's review (moneromooo-monero)
|
|
354e1d9 Make the wallet name optional when locked. (Norman Moeschter)
|
|
It avoids dividing by 8 when deserializing a tx, which is a slow
operation, and multiplies by 8 when verifying and extracing the
amount, which is much faster as well as less frequent
|
|
|
|
|
|
e5000a9 Balance includes unconfirmed transfers to self (woodser)
|
|
This commit adds a 'regexp' boolean field to the get_accounts
request. The flag is set to false by default and maintains backwards
compatibility. When set to true the user can search tags by regular
expression filters. An additional error message was added for failed
regular expression searches. Bump minor version to 25.
|
|
|
|
|
|
|
|
fb5b2b3 support authentication in monero-wallet-rpc set_daemon (woodser)
|
|
e08abaa multisig key exchange update and refactor (koe)
|
|
|
|
|
|
|
|
4446cc8 wallet inits cache if file and blob missing (woodser)
|
|
a02b342 Avoid unnecessary 'Invalid hashing blob' error message (rbrunner7)
|
|
|
|
|
|
|
|
|
|
47e7a43 wallet_api: enable set_strict_default_file_permissions (tobtoht)
|
|
a15466d wallet2: remove 2 unused variables (selsta)
|
|
2cad563 wallet2: fix key encryption when changing ask-password from 0/1 to 2 (moneromooo-monero)
|
|
|
|
|
|
|
|
we reuse the wallet_keys_unlocker object, which does the right thing
in conjunction with other users of decrypt/encrypt (ie, refresh).
|
|
84c5257 Decrease the 'recent spend window' in gamma re-select to 15 blocks (j-berman)
|
|
eed7e79 UB: Not calling virtual method in destructor of WalletImpl (mj-xmr)
|
|
76542ea Fix precision of average_output_time (j-berman)
|
|
13a8a57 trezor: try empty passphrase first (Dusan Klinec)
|
|
- combined with patching integer truncation (#7798), this gets the algorithm marginally closer to mirroring empirically observed output ages
- 50 was originally chosen assuming integer truncation would remain in the client for that client release version. But patching integer truncation causes the client to select more outputs in the 10-100 block range, and therefore the benefit of choosing a larger recent spend window of 50 has less merit
- 15 seems well-suited to cover the somewhat sizable observable gap in the early window of blocks
|
|
|
|
The fix as suggested by <jberman> on IRC. Before the fix, it would truncate 1.9 to 1 skewing the output selection.
|
|
cd76eb7 wallet: fix unused lambda capture warning (selsta)
|
|
f353c29 wallet_rpc_server: fix help text remaining bold (selsta)
|
|
24d3d65 monero-wallet-rpc: Prevent --password-file from being used with --wallet-dir (Kermit Alexander II)
|
|
520ce1c Attempt to carve the fee from a partial payment early (lxop)
|
|
|
|
|
|
|
|
RefreshOptimizeCoinbase was an optimization to speed up scanning of coinbase transactions before RingCT (tx version 2) where they split miner reward into multiple denominations, all to the same wallet.
When RingCT was introduced, all coinbase transactions became 1 output only, so this optimization does nothing now.
With p2pool, this optimization will skip scanning p2pool payouts because they use more than 1 output in coinbase transaction.
Fix it by applying this optimization only to pre-RingCT transactions (version < 2).
|
|
a9aaa47 wallet_api: add make_uri (tobtoht)
|
|
6f15a0c Make sure node returns to wallet that real output is unlocked (j-berman)
|
|
e1af8dc Protect client from divide by 0 caused by integer truncation (j-berman)
|
|
da2955f Apply gamma distr from chain tip when selecting decoys (j-berman)
|
|
|
|
|
|
- matches the paper by Miller et al to apply the gamma from chain tip, rather than after unlock time
- if the gamma produces an output more recent than the unlock time, the algo packs that output into one of the first 50 spendable blocks, respecting the block density factor
|
|
|
|
a3d2b71 wallet_api: expose offline mode status (rating89us)
|
|
9c6e094 fix #7784 - deinit wallet in wallet dtor (Dusan Klinec)
|
|
|
|
- Try empty passphrase first when opening a wallet, as all Trezors will have passphrase enabled by default by Trezor Suite by default.
This feature enables easier access to all users using disabled passphrase (or empty passhprase)
- If wallet address differs from device address with empty passphrase, another opening attempt is made, without passphrase suppression,
so user can enter his passhprase if using some. In this scenario, nothing changes to user, wallet opening just consumes one more call
to Trezor (get wallet address with empty passphrase)
- also change how m_passphrase is used. Previous version did not work well with recent passphrase entry mechanism change (made in Trezor),
thus this commit fixes the behaviour).
|
