| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
|
|
|
|
This allows flushing internal caches (for now, the bad tx cache,
which will allow debugging a stuck monerod after it has failed to
verify a transaction in a block, since it would otherwise not try
again, making subsequent log changes pointless)
|
|
Coverity 205394
|
|
|
|
|
|
Lists nodes exposing their RPC port for public use
|
|
Daemons intended for public use can be set up to require payment
in the form of hashes in exchange for RPC service. This enables
public daemons to receive payment for their work over a large
number of calls. This system behaves similarly to a pool, so
payment takes the form of valid blocks every so often, yielding
a large one off payment, rather than constant micropayments.
This system can also be used by third parties as a "paywall"
layer, where users of a service can pay for use by mining Monero
to the service provider's address. An example of this for web
site access is Primo, a Monero mining based website "paywall":
https://github.com/selene-kovri/primo
This has some advantages:
- incentive to run a node providing RPC services, thereby promoting the availability of third party nodes for those who can't run their own
- incentive to run your own node instead of using a third party's, thereby promoting decentralization
- decentralized: payment is done between a client and server, with no third party needed
- private: since the system is "pay as you go", you don't need to identify yourself to claim a long lived balance
- no payment occurs on the blockchain, so there is no extra transactional load
- one may mine with a beefy server, and use those credits from a phone, by reusing the client ID (at the cost of some privacy)
- no barrier to entry: anyone may run a RPC node, and your expected revenue depends on how much work you do
- Sybil resistant: if you run 1000 idle RPC nodes, you don't magically get more revenue
- no large credit balance maintained on servers, so they have no incentive to exit scam
- you can use any/many node(s), since there's little cost in switching servers
- market based prices: competition between servers to lower costs
- incentive for a distributed third party node system: if some public nodes are overused/slow, traffic can move to others
- increases network security
- helps counteract mining pools' share of the network hash rate
- zero incentive for a payer to "double spend" since a reorg does not give any money back to the miner
And some disadvantages:
- low power clients will have difficulty mining (but one can optionally mine in advance and/or with a faster machine)
- payment is "random", so a server might go a long time without a block before getting one
- a public node's overall expected payment may be small
Public nodes are expected to compete to find a suitable level for
cost of service.
The daemon can be set up this way to require payment for RPC services:
monerod --rpc-payment-address 4xxxxxx \
--rpc-payment-credits 250 --rpc-payment-difficulty 1000
These values are an example only.
The --rpc-payment-difficulty switch selects how hard each "share" should
be, similar to a mining pool. The higher the difficulty, the fewer
shares a client will find.
The --rpc-payment-credits switch selects how many credits are awarded
for each share a client finds.
Considering both options, clients will be awarded credits/difficulty
credits for every hash they calculate. For example, in the command line
above, 0.25 credits per hash. A client mining at 100 H/s will therefore
get an average of 25 credits per second.
For reference, in the current implementation, a credit is enough to
sync 20 blocks, so a 100 H/s client that's just starting to use Monero
and uses this daemon will be able to sync 500 blocks per second.
The wallet can be set to automatically mine if connected to a daemon
which requires payment for RPC usage. It will try to keep a balance
of 50000 credits, stopping mining when it's at this level, and starting
again as credits are spent. With the example above, a new client will
mine this much credits in about half an hour, and this target is enough
to sync 500000 blocks (currently about a third of the monero blockchain).
There are three new settings in the wallet:
- credits-target: this is the amount of credits a wallet will try to
reach before stopping mining. The default of 0 means 50000 credits.
- auto-mine-for-rpc-payment-threshold: this controls the minimum
credit rate which the wallet considers worth mining for. If the
daemon credits less than this ratio, the wallet will consider mining
to be not worth it. In the example above, the rate is 0.25
- persistent-rpc-client-id: if set, this allows the wallet to reuse
a client id across runs. This means a public node can tell a wallet
that's connecting is the same as one that connected previously, but
allows a wallet to keep their credit balance from one run to the
other. Since the wallet only mines to keep a small credit balance,
this is not normally worth doing. However, someone may want to mine
on a fast server, and use that credit balance on a low power device
such as a phone. If left unset, a new client ID is generated at
each wallet start, for privacy reasons.
To mine and use a credit balance on two different devices, you can
use the --rpc-client-secret-key switch. A wallet's client secret key
can be found using the new rpc_payments command in the wallet.
Note: anyone knowing your RPC client secret key is able to use your
credit balance.
The wallet has a few new commands too:
- start_mining_for_rpc: start mining to acquire more credits,
regardless of the auto mining settings
- stop_mining_for_rpc: stop mining to acquire more credits
- rpc_payments: display information about current credits with
the currently selected daemon
The node has an extra command:
- rpc_payments: display information about clients and their
balances
The node will forget about any balance for clients which have
been inactive for 6 months. Balances carry over on node restart.
|
|
|
|
|
|
|
|
|
|
It got switched to hexadecimal when we went to 128 bit values
|
|
|
|
|
|
|
|
add a 128/64 division routine so we can use a > 32 bit median block
size in calculations
|
|
|
|
|
|
|
|
|
|
|
|
as opposed to an absent record
|
|
as a safety to reject if it somehow does not get initialised
|
|
|
|
These are dummy ones
|
|
|
|
|
|
|
|
added for mainnet, testnet, and stagenet.
server is owner by snipa, both snipa and I have access to it. No idea where its hosted.
xmrchain.net is a block explorer thats been around a while.
|
|
|
|
* Faster cache initialization with SSSE3/AVX2
* Automatic detection of CPU capabilities in RandomX
* Fixed a possible out-of-bounds access in superscalar program generator
* Use MONERO_RANDOMX_UMASK to manually disable RandomX flags in monerod
|
|
Checking battery status uses x86-only headers and functions. Remove this functionality to get it to build on other architectures.
|
|
|
|
It may be more intuitive for some people
|
|
|
|
It was using the raw block weight median, which was not what was
intended in ArticMine's design
|
|
In case of a 0 tx weight, we use a placeholder value to insert in the
fee-per-byte set. This is used for pruning and mining, and those txes
are pruned, so will not be too large, nor added to the block template
if mining, so this is safe.
CID 204465
|
|
CID 204467
|
|
CID 204479
|
|
The weight of the prunable data is deterministic from the
unpruned data, so it can be determined from a pruned tx
|
|
|
|
since they're all locked for a fixed amount
|
|
|
|
Make sure dataset gets re-init'd if a reorg changes the epoch
|
|
|
|
|
|
We don't need to detect if the cache has changed, just always
call to set it on the VM. The call will be a no-op if the cache
hasn't changed.
|
|
|
|
Was using the wrong cache slot, and returning invalid PoW hashes to RPC clients
|
|
|
|
|
|
|
|
|
|
|
|
|
|
https://github.com/aeonix/aeon/pull/131
|
|
Fixed a typo ("and -are- not visible to the world by default"), removed a few redundant commas, and capitalized words inside the URL.
|
|
Use the lesser of the short and long terms medians, rather then
the long term median alone
From ArticMine:
I found a bug in the new fee calculation formula with using only the long term median
It actually needs to be the lesser of the long term median and the old (modified short term median)
short term median with the last 10 blocks calculated as empty
Yes the issue occurs if there is a large long term median and, the short term median then falls and tries to then rise again
The fees are could be not high enough
for example LTM and STM rise to say 2000000 bytes
STM falls back to 300000 bytes
Fees are now based on 2000000 bytes until LTM also falls
So the STM is could prevented from rising back up
STM short term median LTM long term median
|
|
|
|
|
|
If the peer (whether pruned or not itself) supports sending pruned blocks
to syncing nodes, the pruned version will be sent along with the hash
of the pruned data and the block weight. The original tx hashes can be
reconstructed from the pruned txes and theur prunable data hash. Those
hashes and the block weights are hashes and checked against the set of
precompiled hashes, ensuring the data we received is the original data.
It is currently not possible to use this system when not using the set
of precompiled hashes, since block weights can not otherwise be checked
for validity.
This is off by default for now, and is enabled by --sync-pruned-blocks
|
|
Support RandomX PoW algorithm
|
|
PoW is expensive to verify, so be strict
|
|
Unbound uses a 64 kb large character array on the stack, which
leads to a stack overflow for some libc implementations. musl
only gives 80 kb in total. This PR changes the stack size for
these threads to 1mb, which solves the segmentation fault.
|
|
This avoids most premature triggers
|
|
So it can be used by others without encumbrance
|
|
Some custom wallet code apparently ignores this, which causes users
of that code to be fingerprinted
|
|
Also fix part of the RPC results being returned as binary.
This makes the RPC backward incompatible.
|
|
|
|
|
|
As a side effect, colouring on Windows should now work
regardless of version
|
|
|
|
Such a template would yield an invalid block, though would require
an attacker to have mined a long blockchain with drifting times
(assuming the miner's clock is roughly correct)
Fixed by crCr62U0
|
|
|
|
This reverts commit a96c1a46d4b3854252de75cbe09458ad5d1aecb0.
|
|
This reverts commit adc16d2504d3e76b0115791caf10446684d45433.
|
|
|
|
|
|
|
|
The issue is triggered by the captured `this` in RPC server, which
passes reference to throwable `core_rpc_server`:
`core_rpc_server.cpp:164: m_bootstrap_daemon.reset(new bootstrap_daemon([this]{ return get_random_public_node(); }));`
The solution is to simply remove noexcept from the remaining `bootstrap_daemon`
constructors because noexcept is false in this context.
>"An exception of type "boost::exception_detail::clone_impl<boost::exception_detail::error_info_injector<boost::asio::invalid_service_owner>>" is thrown but the throw list "noexcept" doesn't allow it to be thrown. This will cause a call to unexpected() which usually calls terminate()."
|
|
|
|
Simplify m_template initialization in miner
|
|
One considers the blockchain, while the other considers the
blockchain and some recent actions, such as a recently created
transaction which spend some outputs, but isn't yet mined.
Typically, the "balance" command wants the latter, to reflect
the recent action, but things like proving ownership wants
the former.
This fixes a crash in get_reserve_proof, where a preliminary
check and the main code used two concepts of "balance".
|
|
Much easier to work with than the raw unlock_time field
|
|
IP addresses are stored in network byte order even on little
endian hosts
|
|
|
|
|
|
|
|
|
|
|
|
the setting
|
|
|
|
Best case is an address mined previously and it'll get returned,
worst case it was never initialized in the first place
|
|
|
|
|
|
|
|
|
|
|
|
The 98th percentile position in the agebytes map was incorrectly
calculated: it assumed the transactions in the mempool all have unique
timestamps at second-granularity. This commit fixes this by correctly
finding the right cumulative number of transactions in the map suffix.
This bug could lead to an out-of-bounds write in the rare case that
all transactions in the mempool were received (and added to the mempool)
at a rate of at least 50 transactions per second. (More specifically,
the number of *unique* receive_time values, which have second-
granularity, must be at most 2% of the number of transactions in the
mempool for this crash to trigger.) If this condition is satisfied, 'it'
points to *before* the agebytes map, 'delta' gets a nonsense value, and
the value of 'i' in the first stats.histo-filling loop will be out of
bounds of stats.histo.
|
|
|
|
|
|
It does not leak much since you can make a fair guess by RPC
version already, and some people want to avoid non release
clients when using third parties' nodes (because they'd never
lie about it)
|
|
Coverity 200185
|
|
Coverity 200183
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
New CLI wallet variable: export-format with options "binary" (the default),
or "ascii". "Binary" behaves as before, "ascii" forces the wallet to convert
data to ASCII using base64.
Reading files from the disk tries to auto detect what format has been
used (using a magic string added when exporting the data).
Implements https://github.com/monero-project/monero/issues/2859
|
|
|
|
spentness test
|
|
spent ratio
|
|
It lets the user add custom entropy to the PRNG.
It does this by hashing the new data and xoring the resulting
hash with the PRNG state.
|
|
Also remove the delta time fixup, since we now ignore those
as they're attacker controlled
|
|
It was here while debugging, and I forgot to move it away
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
We're supposed to have a fixed ring size now
Already checked by MLSAG verification, but here seems more intuitive
|
|
|
|
|
|
Apply the overflow logic used for computing already_generated_coins in
the main chain to alternative chains.
|
|
We've added a lot of new indices recently, and 20 isn't enough for them plus
new DBs opened during format migrations.
|
|
The check added here (in #5732/#5733) is supposed to disconnect behind
peers when the current node is syncing, but actually disconnects behind
peers always.
We are syncing when `target > our_height`, but the check here triggers
when `target > remote_height`, which is basically always true when the
preceding `m_core.have_block(hshd.top_id)` check is true.
|
|
|
|
According to [1], std::random_shuffle is deprecated in C++14 and removed
in C++17. Since std::shuffle is available since C++11 as a replacement
and monero already requires C++11, this is a good replacement.
A cryptographically secure random number generator is used in all cases
to prevent people from perhaps copying an insecure std::shuffle call
over to a place where a secure one would be warranted. A form of
defense-in-depth.
[1]: https://en.cppreference.com/w/cpp/algorithm/random_shuffle
|
|
|
|
|
|
|
|
|
|
std::logic_error()
|
|
new cli options (RPC ones also apply to wallet):
--p2p-bind-ipv6-address (default = "::")
--p2p-bind-port-ipv6 (default same as ipv4 port for given nettype)
--rpc-bind-ipv6-address (default = "::1")
--p2p-use-ipv6 (default false)
--rpc-use-ipv6 (default false)
--p2p-require-ipv4 (default true, if ipv4 bind fails and this is
true, will not continue even if ipv6 bind
successful)
--rpc-require-ipv4 (default true, description as above)
ipv6 addresses are to be specified as "[xx:xx:xx::xx:xx]:port" except
in the cases of the cli args for bind address. For those the square
braces can be omitted.
|
|
|
|
|
|
|
|
|
|
get_attribute expects 2 values instead of 1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
rather than their string representation
|
|
|
|
|
|
|
|
|
|
|
|
send_message_config isn't used anywhere else in the code, and it is clear from the help command that it should be named send_signer_config.
|
|
|
|
|
|
The code generated is exactly the same as the direct access
one on x86_64
|
|
Any peer that's behind us while syncing is useless to us (though
not to them). This ensures that we don't get our peer slots filled
with peers that we can't use. Once we've synced, we can connect
to them and they can then sync off us if they want.
|
|
|
|
The value was positive rather than zero, but the caller only
checks for negative errors
|
|
|
|
Circumvents the need to create a new blockhashing blob when you already
know the data you want to set in the extra_nonce (so use this instead of
reserve_size).
|
|
|
|
|
|
|
|
Coverity 199721
|
|
Older nodes don't pass that information around
|
|
|
|
This is likely to be done via a script
|
|
"Exploring the Monero Peer-to-Peer Network". https://eprint.iacr.org/2019/411
|
|
It is down permanently. See: https://xiala.net/
"Ende November 2018 werden alle Dienste von xiala.net abgeschaltet."
|
|
|
|
we don't want to prevent bona fide txes, just obvious bad ones
|
|
|
|
|
|
- getTxKey method throws an exception, e.g., when user declines txKey export
|
|
|
|
|
|
- Trezor: support for device address display (subaddress, integrated address)
- Wallet::API support added
- Simplewallet:
- address device [<index>]
- address new <label> // shows address on device also
- integrated_address [device] <payment_id|address> // new optional "device" arg to display also on the device
|
|
|
|
The wallet was ignoring --restore-height and --restore-date params and
prompting for them again.
|
|
This happens often when a pre-pruning node asks a pruned node
for data it does not have
|
|
Make bans control RPC sessions too. And auto-ban some bad requests.
Drops HTTP connections whenever response code is 500.
|
|
to avoid errors when the txn is too large
|
|
|
|
|
|
NULL is valid when size is 0, but memcpy uses nonnull attributes,
so let's not poke the bear
|
|
just in case
|
|
Large amounts might run out of stack
Reported by guidov
|
|
|
|
|
|
When asking for txes in a fluffy transaction, one might ask
for the same (large) tx many times
|
|
Count transactions as well
|
|
Essentially, one can send such a large amount of IDs that core exhausts
all free memory. This issue can theoretically be exploited using very
large CN blockchains, such as Monero.
This is a partial fix. Thanks and credit given to CryptoNote author
'cryptozoidberg' for collaboration and the fix. Also thanks to
'moneromooo'. Referencing HackerOne report #506595.
|
