Age | Commit message (Collapse) | Author | Files | Lines |
|
ff49444 @tobtoht: undo rebase changes tx.dsts -> tx_dsts (jeffro256)
38f354e Enforce Tx unlock_time is Zero by Relay Rule (jeffro256)
|
|
8d94d08 replace 'multisig()' with 'get_multisig_status()' using multisig_account_status and including '.kex_is_done' member (koe)
|
|
|
|
|
|
Related to https://github.com/monero-project/research-lab/issues/78
Added a relay rule that enforces the `unlock_time` field is equal to 0 for non-coinbase transactions.
UIs changed:
* Removed `locked_transfer` and `locked_sweep_all` commands from `monero-wallet-cli`
APIs changed:
* Removed `unlock_time` parameters from `wallet2` transfer methods
* Wallet RPC transfer endpoints send error codes when requested unlock time is not 0
* Removed `unlock_time` parameters from `construct_tx*` cryptonote core functions
|
|
c50ade5 Daemon-specific proxy for the wallet-rpc. (0xFFFC0000)
|
|
47042ce wallet2: call on_reorg callback in handle_reorg (j-berman)
|
|
To transfer ~5 XMR to an address such that your balance drops by exactly 5 XMR, provide a `subtractfeefrom` flag to the `transfer` command. For example:
transfer 76bDHojqFYiFCCYYtzTveJ8oFtmpNp3X1TgV2oKP7rHmZyFK1RvyE4r8vsJzf7SyNohMnbKT9wbcD3XUTgsZLX8LU5JBCfm 5 subtractfeefrom=all
If my walet balance was exactly 30 XMR before this transaction, it will be exactly 25 XMR afterwards and the destination address will receive slightly
less than 5 XMR. You can manually select which destinations fund the transaction fee and which ones do not by providing the destination index.
For example:
transfer 75sr8AAr... 3 74M7W4eg... 4 7AbWqDZ6... 5 subtractfeefrom=0,2
This will drop your balance by exactly 12 XMR including fees and will spread the fee cost proportionally (3:5 ratio) over destinations with addresses
`75sr8AAr...` and `7AbWqDZ6...`, respectively.
Disclaimer: This feature was paid for by @LocalMonero.
|
|
1. Daemon-specific proxy is exclusive with global proxy (--proxy).
2. If you set global proxy (--proxy) you cannot set daemon-specific proxy.
3. If you don't set global proxy, you can set proxy (or not set) proxy for
each daemon connection with the proxy field in jsonrpc to the wallet-rpc.
|
|
2525200 serialization: remove container wrappers and serialize directly (jeffro256)
|
|
2766d12 MMS: Ignore 2 more API errors thrown by latest PyBitmessage (rbrunner7)
|
|
1062b17 wallet: sign_tx: get tx pubkey from extra (tobtoht)
|
|
b2eb47d wallet: mitigate statistical dependence for decoy selection within rings (jeffro256)
|
|
Some downstream code (most notably PR https://github.com/UkoeHB/monero/pull/25) wants to use the src/serialization lib
for storing information persistently. When one builds classes/machines wishing to serialize containers, they must use
the `serializable_*` container classes. In this case, this makes the Seraphis library code unnecessarily tightly coupled
with the src/serialization code since one cannot swap out their type of storage format without major refactoring of class
field types. By serializing STL containers directly, we can abstract the serialization details away, making for much
cleaner design. Also small bonus side effect of this change is that STL containers with custom Comparators, Allocators,
and Hashers are serializable. `std::multimap` is added to the list of serializable containers.
Depends upon https://github.com/monero-project/monero/pull/9069.
|
|
23179a0 wallet: fix multisig key memory leak (jeffro256)
|
|
e191083 epee: remove dead code in math_helper and string_tools (jeffro256)
|
|
|
|
|
|
Multisig keys per-transfer were being wiped, but not erased, which lead to a ginormous
quadratic bloat the more transfers and exports you performed with the wallet.
|
|
932bba3 depends: remove libiconv: unused (tobtoht)
|
|
759293d wallet2: fix version check at hf version 1 (j-berman)
|
|
8190f25 KV_SERIALIZE: remove extraneous semicolons in DSL (jeffro256)
|
|
|
|
Since we are required to check for uniqueness of decoy picks within any given
ring, and since some decoy picks may fail due to unlock time or malformed EC points,
the wallet2 decoy selection code was building up a larger than needed *unique* set of
decoys for each ring according to a certain distribution *without replacement*. After
filtering out the outputs that it couldn't use, it chooses from the remaining decoys
uniformly random *without replacement*.
The problem with this is that the picks later in the picking process are not independent
from the picks earlier in the picking process, and the later picks do not follow the
intended decoy distribution as closely as the earlier picks. To understand this
intuitively, imagine that you have 1023 marbles. You label 512 marbles with the letter A,
label 256 with the letter B, so on and so forth, finally labelling one marble with the
letter J. You put them all into a bag, shake it well, and pick 8 marbles from the bag,
but everytime you pick a marble of a certain letter, you remove all the other marbles
from that bag with the same letter. That very first pick, the odds of picking a certain
marble are exactly how you would expect: you are twice as likely to pick A as you are B,
twice as likely to pick B as you are C, etc. However, on the second pick, the odds of
getting the first pick are 0%, and the chances for everything else is higher. As you go
down the line, your picked marbles will have letters that are increasingly more unlikely
to pick if you hadn't remove the other marbles. In other words, the distribution of the
later marbles will be more "skewed" in comparison to your original distribution of marbles.
In Monero's decoy selection, this same statistical effect applies. It is not as dramatic
since the distribution is not so steep, and we have more unique values to choose from,
but the effect *is* measureable. Because of the protocol rules, we cannot have duplicate
ring members, so unless that restriction is removed, we will never have perfectly
independent picking. However, since the earlier picks are less affected by this
statistical effect, the workaround that this commit offers is to store the order that
the outputs were picked and commit to this order after fetching output information over RPC.
|
|
|
|
|
|
The Monero GUI code was calling `Monero::wallet::setPassword()` on every open/close for some reason,
and the old `store_to()` code called `store_keys()` with `watch_only=false`, even for watch-only wallets.
This caused a bug where the watch-only keys file got saved with with the JSON field `watch_only` set to 0,
and after saving a watch-only wallet once, a user could never open it back up against because `load()` errored out.
This never got brought up before this because you would have to change the file location of the watch-only
wallet to see this bug, and I guess that didn't happen often, but calling the new `store_to()` function with the
new `force_rewrite` parameter set to `true` triggers key restoring and the bug appeared.
|
|
Resolves #8932 and:
2. Not storing cache when new path is different from old in `store_to()` and
3. Detecting same path when new path contains entire string of old path in `store_to()` and
4. Changing your password / decrypting your keys (in this method or others) and providing a bad original password and getting no error and
5. Changing your password and storing to a new file
|
|
|
|
f7fb5c7 scan_tx: fix custom comparator for == case; fixes #8951 (j-berman)
|
|
a0e5c3c wallet2: when checking frozen multisig tx set, don't assume order (jeffro256)
|
|
45b52de wallet-rpc: restore from multisig seed (jeffro256)
|
|
a8d2a58 wallet2: ensure transfers and sweeps use same fee calc logic (j-berman)
|
|
Prereq of https://github.com/monero-project/monero/pull/8867
|
|
|
|
Co-authored-by: woodser <woodser@protonmail.com>
|
|
|
|
369a5a8 wallet: respect frozen key images in multisig wallets (jeffro256)
|
|
c138a28 wallet2: take ignored-by-value outputs into account in balance (Crypto City)
|
|
a668312 wallet: remove CLI code for non default ring sizes (Jeffro256)
|
|
a6639df wallet_rpc_server: dedup transfer RPC responses (jeffro256)
Very special PR.
|
|
|
|
eeda4a8 wallet2: do not lose exception in current thread on refresh (Crypto City
f868768 wallet2: fix missing exceptions from failing wallet refresh (Crypto City)
|
|
87e2a64 Allow option 'non-interactive' in monerod config file (almalh)
|
|
- Detach & re-process txs >= lowest scan height
- ensures that if a user calls scan_tx(tx1) after scanning tx2,
the wallet correctly processes tx1 and tx2
- if a user provides a tx with a height higher than the wallet's
last scanned height, the wallet will scan starting from that tx's
height
- scan_tx requires trusted daemon iff need to re-process existing
txs: in addition to querying a daemon for txids, if a user
provides a txid of a tx with height *lower* than any *already*
scanned txs in the wallet, then the wallet will also query the
daemon for all the *higher* txs as well. This is likely
unexpected behavior to a caller, and so to protect a caller from
revealing txid's to an untrusted daemon in an unexpected way,
require the daemon be trusted.
|
|
Before this change, if a multisig peer asked you to sign a transaction with a frozen enote, the wallet will do it without any error or warning. This change makes it
so that wallets will refuse to sign multisig transactions with frozen enotes.
Disclaimer: This PR was generously funded by @LocalMonero.
|
|
|
|
|
|
|
|
|
|
Ensures both transfers and sweeps use a fee that's calculated
from the tx's weight. Using different logic could theoretically
enable distinguishability between the two types of txs. We don't
want that.
|
|
|
|
|
|
d2a591d wallet, simplewallet: Drop support for mine-to-use RPC system (Jeffrey Ryan)
|
|
eb0e405 gamma picker: relax constructor requirements and test for selecting outputs from first spendable block (jeffro256)
|
|
f383fd3 wallet2: make m_process_pool_txs local to refresh method (jeffro256)
|
|
7a4a03d wallet2: do not commit transactions more than once (moneromooo-monero)
|
|
c61d33e wallet2: fix outdated wallet check (Crypto City)
|
|
Using post-PR wallet with pre-PR node will generate error message specific to this PR and not generic "command failed" mesages.
|
|
9e09093 wallet_rpc_server: allow creating more than 64 addresses at once (moneromooo-monero)
|
|
9c7d28b wallet2: add on_reorg callback (Crypto City)
|
|
5b4fea7 Copyright: Update to 2023 (mj-xmr)
|
|
|
|
from first spendable block
|
|
The gamma picker and the caller code did not quite agree on the
number of rct outputs available for use - by one block - which
caused an infinite loop if the picker could never pick outputs
from that block but already had picked all other outputs from
previous blocks.
Also change the range to select from using code from UkoeHB.
|
|
|
|
Fixes #8793
|
|
it was mistaking the number of forks in the fork table for
the last fork, and assuming the table was including every
single fork
|
|
c4af33e Enforce restricted # pool txs served via RPC + optimize chunked reqs (j-berman)
9752116 wallet2, RPC: Optimize RPC calls for periodic refresh from 3 down to 1 call (rbrunner7)
|
|
- `/getblocks.bin` respects the `RESTRICTED_TX_COUNT` (=100) when
returning pool txs via a restricted RPC daemon.
- A restricted RPC daemon includes a max of `RESTRICTED_TX_COUNT` txs
in the `added_pool_txs` field, and returns any remaining pool hashes
in the `remaining_added_pool_txids` field. The client then requests
the remaining txs via `/gettransactions` in chunks.
- `/gettransactions` no longer does expensive no-ops for ALL pool txs
if the client requests a subset of pool txs. Instead it searches for
the txs the client explicitly requests.
- Reset `m_pool_info_query_time` when a user:
(1) rescans the chain (so the wallet re-requests the whole pool)
(2) changes the daemon their wallets points to (a new daemon would
have a different view of the pool)
- `/getblocks.bin` respects the `req.prune` field when returning
pool txs.
- Pool extension fields in response to `/getblocks.bin` are optional
with default 0'd values.
|
|
multisig_account_status and including '.kex_is_done' member
|
|
it's too low a limit (at least one person mentioned having to
call create_address in a loop due to it)
|
|
|
|
Co-authored-by: plowsof <plowsof@protonmail.com>
extra files
|
|
7a3a593 common: move boost_serialization_helper.h out and cleanup includes (Jeffrey Ryan)
|
|
- Straight-forward call interface: `void rx_slow_hash(const char *seedhash, const void *data, size_t length, char *result_hash)`
- Consensus chain seed hash is now updated by calling `rx_set_main_seedhash` whenever a block is added/removed or a reorg happens
- `rx_slow_hash` will compute correct hash no matter if `rx_set_main_seedhash` was called or not (the only difference is performance)
- New environment variable `MONERO_RANDOMX_FULL_MEM` to force use the full dataset for PoW verification (faster block verification)
- When dataset is used for PoW verification, dataset updates don't stall other threads (verification is done in light mode then)
- When mining is running, PoW checks now also use dataset for faster verification
|
|
|
|
|
|
1114e7e fix(trezor-tests): fix trezor tests build, fix integrated addr test (Dusan Klinec)
|
|
cac5083 wallet2: fix create view-only wallet from existing wallet (j-berman)
|
|
97b86a0 wallet_api: take priority into account when estimating fee (selsta)
|
|
- fix integrated address test, it was not testing integrated address suport
- fix trezor test build as dependent classes were changed
- add a friend test class for Monero::WalletImpl to support wallet api tests
When using wallet_api in tests, synthetic chain is used. Without being able to set `allow_mismatched_daemon_version` in the underlying wallet, we are not able to use a synthetic chain with the tests
|
|
09d69b6 rpc: remove overwriting value (SerHack)
|
|
501db2c Wallet RPC: remove duplicate line (SerHack)
|
|
23fde15 wallet_rpc_server: chunk refresh to keep responding to RPC while refreshing (moneromooo-monero) 5bb2369 wallet_rpc_server: add --no-initial-sync flag for quicker network binding (moneromooo-monero)
|
|
|
|
|
|
e9ce347 wallet2: fail to establish daemon cxn == 'Disconnected' cxn status (j-berman)
|
|
28f25c0 Second thread pool for IO (SChernykh)
|
|
4b0785f add an option to force-update multisig key exchange under some circumstances (koe)
|
|
|
|
|
|
|
|
b8271ab wallet2: check wallet compatibility with daemon's hard fork version (j-berman)
|
|
eca7f6a Fix segfault restoring encrypted multisig seed (j-berman)
f713c3c Require user ack multisig is experimental to restore (j-berman)
564a7a3 multisig: fix #8537 seed restore (suggestions by @UkoeHB) (j-berman)
|
|
|
|
76a5b54 Fix missing semi-colon in error message (j-berman)
|
|
959a3e6 wallet2: ensure imported outputs subaddresses are created (moneromooo-monero)
a098504 wallet2: better test on whether to allow output import (moneromooo-monero)
c5579ac allow exporting outputs in chunks (moneromooo-monero)
1e912ec wallet2: fixes for export/import output flow (j-berman)
692f1d4 wallet2: do not assume imported outputs must be non empty (moneromooo-monero)
67b6d6a wallet2: prevent importing outputs in a hot wallet (moneromooo-monero)
d9fc666 wallet2: fix missing subaddress indices in 'light' exported outputs (moneromooo-monero)
|
|
Co-authored-by: woodser <woodser@protonmail.com>
|
|
- spend secret key is no longer the sum of multisig key shares;
no need to check that is the case upon restore.
- restoring a multisig wallet from multisig info means that the
wallet must have already completed all setup rounds. Upon restore,
set the number of rounds completed accordingly.
|
|
reported by j-berman
|
|
600de07 wallet_rpc_server: longer timeout for stop_mining (moneromooo-monero)
ac6db92 functional_tests: silence the cpu power test program (moneromooo-monero)
|
|
4d7f6f5 GCC: fix some unused warnings (Jeffrey Ryan)
|
|
|
|
|
|
Being offline is not a good enough heuristic, so we keep track
of whether the wallet ever refreshed from a daemon, which is a
lot better, and probably the best we can do without manual user
designation (which would break existing cold wallet setups till
the user designates those wallets)
|
|
this will make it easier huge wallets to do so without hitting
random limits (eg, max string size in node).
|
|
- only allow offline wallets to import outputs
- don't import empty outputs
- export subaddress indexes when exporting outputs
|
|
|
|
|
|
|
|
That RPC will wait for mining to actually stop, which can be a while
if randomx has just started on randomx_init_dataset.
This fixes occasional failures in the mining functional test
|
|
db8181a wallet2: force using output distribution for ringct outs (tobtoht)
|
|
edcc094 derive multisig tx secret keys from an entropy source plus the tx inputs' key images (koe)
|
|
5770265 wallet2: keep around transaction prefix for confirmed transfers (tobtoht)
|
|
key images
|
|
bd1e7c5 wallet2: prevent crash when reading tx w/fewer outputs than expected (j-berman)
|
|
c7b2944 multisig: fix critical vulnerabilities in signing (anon)
|
|
hash_extra: don't test for success in `jh_hash` and `skein_hash` since its guaranteed
device_ledger: move anonymous global variable apdu_verbose into .cpp file
Add comments to `refreshed` method variable in wallet2
|
|
09a597b wallet2: don't use DNS to obtain segregation heights (tobtoht)
|
|
50ccc7e wallet2: remove obsolete rpc version check (tobtoht)
|
|
4278a3a cryptonote_basic: catch crypto api errors (moneromooo-monero)
|
|
04c0da2 Chunk /gettransactions to avoid hitting restricted RPC limit (tobtoht)
|
|
16f8e04 Remove erraneous commas (Luke Parker)
da0715e Improve consistency between on_money_received and on_money_received_unconfirmed (Luke Parker)
|
|
|
|
de2f0d0 wallet_api: add scanTransactions function (selsta)
|
|
|
|
|
|
|
|
Co-authored-by: j-berman <justinberman@protonmail.com>
|
|
|
|
|
|
|
|
|
|
unconfirmed solely uses a - b, and received now accepts b so it can
provide more detailed logs on what occurred (printing a - b, yet with a
and b).
|
|
fde7c96 wallet2: fix spurious reorg detection with untrusted nodes (moneromooo-monero)
|
|
2979474 disable multisig by default (moneromooo-monero)
|
|
|
|
|
|
There are vulnerabilities in multisig protocol if the parties do not
trust each other, and while there is a patch for it, it has not been
throroughly reviewed yet, so it is felt safer to disable multisig by
default for now.
If all parties in a multisig setup trust each other, then it is safe
to enable multisig.
|
|
f63f7dc wallet2: fix a couple unused variable warnings (selsta)
|
|
When forced to deal with an untrusted node, a wallet will quantize
its current height to disguise the real height to the adversary, to
try and minimize the daemon's ability to distinguish returning
wallets.
Daemons will thus return more blocks than the wallet needs, starting
from earlier in the chain. These extra blocks will be disregarded
by the wallet, which had already scanned them.
However, for the purposes of reorg size detection, the wallet assumes
all blocks the daemon sends are different, which is only correct if
the wallet hasn't been coy, which is only the case for trusted
daemons (which you should use). This causes an issue when the size
of this "fake reorg" is above the sanity check threshold at which
the wallet refuses a reorg.
To fix this, the reorg size check is moved later on, when the reorg
is about to actually happen, after the wallet has checked which
blocks are actually different from the ones it expects.
|
|
2.8 seconds -> 2.6 seconds on a test case
|
|
3.3 seconds -> 2.8 seconds on a test case
|
|
5.2 seconds -> 4.1 seconds on a test case
|
|
5.9 second -> 5.2 seconds on a test case
|
|
baee2c0 Preserve commitment format inside transactions (kayabaNerve)
|
|
0d6ecb1 multisig: add post-kex verification round to check that all participants have completed the multisig address (koe)
|
|
|
|
have completed the multisig address
|
|
a14fdf8 Remove /include (Jeffrey)
|
|
5d388eb Bump ring size to 16 for v15 & remove set default in wallet cli (j-berman)
|
|
|
|
9df7179 wallet2: use BP+ for cold signing (moneromooo-monero)
|
|
|
|
Implements view tags as proposed by @UkoeHB in MRL issue
https://github.com/monero-project/research-lab/issues/73
At tx construction, the sender adds a 1-byte view tag to each
output. The view tag is derived from the sender-receiver
shared secret. When scanning for outputs, the receiver can
check the view tag for a match, in order to reduce scanning
time. When the view tag does not match, the wallet avoids the
more expensive EC operations when deriving the output public
key using the shared secret.
|
|
reported by ukoehb
|
|
https://github.com/ArticMine/Monero-Documents/blob/master/MoneroScaling2021-02.pdf
with a change to use 1.7 instead of 2.0 for the max long term increase rate
|
|
* `IWallet.h` hasn't been touched since 2014, and has been replaced by `src/wallet/api/wallet2_api.h`
* `INode.h` is in a similar situation with `src/p2p/net_node.h`
|
|
d1f1947 wallet_rpc_server: support regex for get_accounts tag (reemuru)
|
|
7dcfccb wallet_rpc_server: fix make_integrated_address with no payment id (moneromooo-monero)
|
|
da9aa1f Copyright: Update to 2022 (mj-xmr)
|
|
3c82958 wallet2: update stagenet rollback blocks (selsta)
|
|
ae0a840 wallet2: decrease the amount of data exchanged for output export (moneromooo-monero)
|
|
bd27deb Bulletproofs+ (SarangNoether)
b7713cc Precompute initial transcript hash (SarangNoether)
b535d66 Updates from security audit (SarangNoether)
a0d80b1 plug bulletproofs plus into consensus (moneromooo-monero)
75bd004 ringct: a few minor optimizations from review (moneromooo-monero)
a345060 ringct: port some of vtnerd's review changes from BP+ to BP (moneromooo-monero)
4c94cfe store outPk/8 in the tx for speed (moneromooo-monero)
5acdd0e bulletproofs+: some minor cleanup from vtnerd's review (moneromooo-monero)
|
|
354e1d9 Make the wallet name optional when locked. (Norman Moeschter)
|
|
It avoids dividing by 8 when deserializing a tx, which is a slow
operation, and multiplies by 8 when verifying and extracing the
amount, which is much faster as well as less frequent
|
|
|
|
|
|
e5000a9 Balance includes unconfirmed transfers to self (woodser)
|
|
This commit adds a 'regexp' boolean field to the get_accounts
request. The flag is set to false by default and maintains backwards
compatibility. When set to true the user can search tags by regular
expression filters. An additional error message was added for failed
regular expression searches. Bump minor version to 25.
|
|
|
|
|
|
|
|
fb5b2b3 support authentication in monero-wallet-rpc set_daemon (woodser)
|
|
e08abaa multisig key exchange update and refactor (koe)
|
|
|
|
|
|
|
|
4446cc8 wallet inits cache if file and blob missing (woodser)
|
|
a02b342 Avoid unnecessary 'Invalid hashing blob' error message (rbrunner7)
|
|
|
|
|
|
|
|
|
|
47e7a43 wallet_api: enable set_strict_default_file_permissions (tobtoht)
|
|
a15466d wallet2: remove 2 unused variables (selsta)
|
|
2cad563 wallet2: fix key encryption when changing ask-password from 0/1 to 2 (moneromooo-monero)
|
|
|
|
|
|
|
|
we reuse the wallet_keys_unlocker object, which does the right thing
in conjunction with other users of decrypt/encrypt (ie, refresh).
|
|
84c5257 Decrease the 'recent spend window' in gamma re-select to 15 blocks (j-berman)
|
|
eed7e79 UB: Not calling virtual method in destructor of WalletImpl (mj-xmr)
|
|
76542ea Fix precision of average_output_time (j-berman)
|
|
13a8a57 trezor: try empty passphrase first (Dusan Klinec)
|
|
- combined with patching integer truncation (#7798), this gets the algorithm marginally closer to mirroring empirically observed output ages
- 50 was originally chosen assuming integer truncation would remain in the client for that client release version. But patching integer truncation causes the client to select more outputs in the 10-100 block range, and therefore the benefit of choosing a larger recent spend window of 50 has less merit
- 15 seems well-suited to cover the somewhat sizable observable gap in the early window of blocks
|
|
|
|
The fix as suggested by <jberman> on IRC. Before the fix, it would truncate 1.9 to 1 skewing the output selection.
|
|
cd76eb7 wallet: fix unused lambda capture warning (selsta)
|