Age | Commit message (Collapse) | Author | Files | Lines |
|
d20ff4f64 functional_tests: add a large (many randomx epochs) p2p reorg test (moneromooo-monero)
6a0b3b1f8 functional_tests: add randomx tests (moneromooo-monero)
9d42649d5 core: fix mining from a block that's not the current top (moneromooo-monero)
|
|
v13 enforces claiming the full block reward, so we need to keep
track of tx fees to add them to the coinbase
|
|
|
|
|
|
They are allowed from v12, and MLSAGs are rejected from v13.
|
|
844fb4e94 enforce claiming maximum coinbase amount (moneromooo-monero)
|
|
Claiming a slightly lesser amount does not yield the size gains
that were seen pre rct, so this closes a fingerprinting vector
|
|
This reduces the attack surface for data that can come from
malicious sources (exported output and key images, multisig
transactions...) since the monero serialization is already
exposed to the outside, and the boost lib we were using had
a few known crashers.
For interoperability, a new load-deprecated-formats wallet
setting is added (off by default). This allows loading boost
format data if there is no alternative. It will likely go
at some point, along with the ability to load those.
Notably, the peer lists file still uses the boost serialization
code, as the data it stores is define in epee, while the new
serialization code is in monero, and migrating it was fairly
hairy. Since this file is local and not obtained from anyone
else, the marginal risk is minimal, but it could be migrated
later if needed.
Some tests and tools also do, this will stay as is for now.
|
|
5ef0607da Update copyright year to 2020 (SomaticFanatic)
|
|
|
|
|
|
Update copyright year to 2020
|
|
- New flag in NOTIFY_NEW_TRANSACTION to indicate stem mode
- Stem loops detected in tx_pool.cpp
- Embargo timeout for a blackhole attack during stem phase
|
|
|
|
f1091c41 core_tests: remove some useless verbose logs (moneromooo-monero)
|
|
6f330865 fix tests bug added in #6110 (Dusan Klinec)
|
|
70c9cd3c Change to Tx diffusion (Dandelion++ fluff) instead of flooding (Lee Clagett)
|
|
- e.g., fixes gen_block_big_major_version test, error: generation failed: what=events not set, cannot compute valid RandomX PoW
- ask for events only if difficulty > 1 (when it really matters)
- throwing an exception changed to logging, so it is easy to spot a problem if tests start to fail.
|
|
27522aaa core_tests: reset thread pool between tests (moneromooo-monero)
|
|
da6c807f tests: fix HF12 chaingen - construct bc object from events (Dusan Klinec)
|
|
|
|
Avoids a DB error (leading to an assert) where a thread uses
a read txn previously created with an environment that was
since closed and reopened. While this usually works since
BlockchainLMDB renews txns if it detects the environment has
changed, this will not work if objects end up being allocated
at the same address as the previous instance, leading to stale
data usage.
Thanks hyc for the LMDB debugging.
|
|
|
|
|
|
It causes link errors at least on mac
|
|
|
|
8330e77 monerod can now sync from pruned blocks (moneromooo-monero)
|
|
If the peer (whether pruned or not itself) supports sending pruned blocks
to syncing nodes, the pruned version will be sent along with the hash
of the pruned data and the block weight. The original tx hashes can be
reconstructed from the pruned txes and theur prunable data hash. Those
hashes and the block weights are hashes and checked against the set of
precompiled hashes, ensuring the data we received is the original data.
It is currently not possible to use this system when not using the set
of precompiled hashes, since block weights can not otherwise be checked
for validity.
This is off by default for now, and is enabled by --sync-pruned-blocks
|
|
Support RandomX PoW algorithm
|
|
a444f06 blockchain: enforce 10 block age for spending outputs (moneromooo-monero)
|
|
2cd4fd8 Changed the use of boost:value_initialized for C++ list initializer (JesusRami)
4ad191f Removed unused boost/value_init header (whyamiroot)
928f4be Make null hash constants constexpr (whyamiroot)
|
|
Some custom wallet code apparently ignores this, which causes users
of that code to be fingerprinted
|
|
|
|
|
|
|
|
|
|
ac874e2d tests: fix test_options initialization error (Dusan Klinec)
|
|
5e673c03 blockchain_db: fix db txn ending too early (moneromooo-monero)
|
|
The db txn in add_block ending caused the entire overarching
batch txn to stop.
Also add a new guard class so a db txn can be stopped in the
face of exceptions.
Also use a read only db txn in init when the db itself is
read only, and do not save the max tx size in that case.
|
|
- configurable hardforks via env vars
|
|
|
|
c9b13fbb tests/trezor: HF9 and HF10 tests (Dusan Klinec)
a1fd1d49 device/trezor: HF10 support added, wallet::API (Dusan Klinec)
d74d26f2 crypto: hmac_keccak added (Dusan Klinec)
|
|
- tests fixes for HF10, builder change, rct_config; fix_chain
- get_tx_key test
- proper testing after live refresh added
- live refresh synthetic test
- log available funds for easier test construction
- wallet::API tests with mocked daemon
|
|
1f2930ce Update 2019 copyright (binaryFate)
|
|
5ea17909 device/trezor: debugging features, trezor tests (Dusan Klinec)
|
|
|
|
|
|
|
|
This curbs runaway growth while still allowing substantial
spikes in block weight
Original specification from ArticMine:
here is the scaling proposal
Define: LongTermBlockWeight
Before fork:
LongTermBlockWeight = BlockWeight
At or after fork:
LongTermBlockWeight = min(BlockWeight, 1.4*LongTermEffectiveMedianBlockWeight)
Note: To avoid possible consensus issues over rounding the LongTermBlockWeight for a given block should be calculated to the nearest byte, and stored as a integer in the block itself. The stored LongTermBlockWeight is then used for future calculations of the LongTermEffectiveMedianBlockWeight and not recalculated each time.
Define: LongTermEffectiveMedianBlockWeight
LongTermEffectiveMedianBlockWeight = max(300000, MedianOverPrevious100000Blocks(LongTermBlockWeight))
Change Definition of EffectiveMedianBlockWeight
From (current definition)
EffectiveMedianBlockWeight = max(300000, MedianOverPrevious100Blocks(BlockWeight))
To (proposed definition)
EffectiveMedianBlockWeight = min(max(300000, MedianOverPrevious100Blocks(BlockWeight)), 50*LongTermEffectiveMedianBlockWeight)
Notes:
1) There are no other changes to the existing penalty formula, median calculation, fees etc.
2) There is the requirement to store the LongTermBlockWeight of a block unencrypted in the block itself. This is to avoid possible consensus issues over rounding and also to prevent the calculations from becoming unwieldy as we move away from the fork.
3) When the EffectiveMedianBlockWeight cap is reached it is still possible to mine blocks up to 2x the EffectiveMedianBlockWeight by paying the corresponding penalty.
Note: the long term block weight is stored in the database, but not in the actual block itself,
since it requires recalculating anyway for verification.
|
|
Found by knaccc
|
|
This makes it easier to modify the bulletproof format
|
|
524bf750 core_tests: add a --list_tests command line switch (moneromooo-monero)
|
|
|
|
|
|
Found by codacy.com
|
|
|
|
* support in wallet2
* support in monero-wallet-cli
* support in monero-wallet-rpc
* support in wallet api
* support in monero-gen-trusted-multisig
* unit tests for multisig wallets creation
|
|
|
|
|
|
|
|
|
|
Also constrains bulletproofs to simple rct, for simplicity
|
|
|
|
|
|
also use reserve where appropriate
|
|
|
|
|
|
The basic approach it to delegate all sensitive data (master key, secret
ephemeral key, key derivation, ....) and related operations to the device.
As device has low memory, it does not keep itself the values
(except for view/spend keys) but once computed there are encrypted (with AES
are equivalent) and return back to monero-wallet-cli. When they need to be
manipulated by the device, they are decrypted on receive.
Moreover, using the client for storing the value in encrypted form limits
the modification in the client code. Those values are transfered from one
C-structure to another one as previously.
The code modification has been done with the wishes to be open to any
other hardware wallet. To achieve that a C++ class hw::Device has been
introduced. Two initial implementations are provided: the "default", which
remaps all calls to initial Monero code, and the "Ledger", which delegates
all calls to Ledger device.
|
|
Coverity 136394 136397 136409 136526 136529 136533 175302
|
|
|
|
|
|
|
|
|
|
Thanks to kenshi84 for help getting this work
|
|
|
|
As a followon side effect, this makes a lot of inline code
included only in particular cpp files (and instanciated
when necessary.
|
|
|
|
It's nasty, and actually breaks on Solaris, where if.h fails to
build due to:
struct map *if_memmap;
|
|
937e7f8a Initialize openssl on startup (moneromooo-monero)
|
|
f92f1606 core_tests: do not include chaingen_tests_list.h in all tests (moneromooo-monero)
|
|
21b9f6f3 always use core_tests for consistency, not coretests (moneromooo-monero)
|
|
|
|
This fixes all tests being annoyingly rebuilt when one changes
|
|
Other tests use unit_tests, performance_tests, etc.
This fixes getting it wrong half the time when typing.
|
|
|
|
|
|
|
|
28b72b6e tx_pool: pre-init tvc.m_verifivation_failed before processing (moneromooo-monero)
50a629b2 core_tests: catch (impossible in practice) tx extra api failure (moneromooo-monero)
fee15ef1 wallet2: catch failure to parse address (moneromooo-monero)
1399e26d net_peerlist: remove dead code (moneromooo-monero)
50e09698 tx_pool: guard against failure getting tx hash (moneromooo-monero)
54cc209a wallet_rpc_server: catch failure to create directory (moneromooo-monero)
3e55099c wallet_rpc_server: init m_vm to NULL in ctor (moneromooo-monero)
7d0dde5e wallet_args: remove redundant default value for --log-file (moneromooo-monero)
ed4a3350 wallet2: catch failure to save keys file (moneromooo-monero)
44434c8a wallet2_api: check whether dynamic_cast returns NULL (moneromooo-monero)
92f2f687 core: check return value from parse_hexstr_to_binbuff (moneromooo-monero)
5475692e wallet2_api: remove an unused, uninitialized, field (moneromooo-monero)
a7ba3de1 libwallet_api_tests: initialize newblock_triggered on reset (moneromooo-monero)
b2763ace wallet2_api: init error code to "no error" in the ctor (moneromooo-monero)
b5faac53 get_blockchain_top now returns void (moneromooo-monero)
2e44d8f2 wallet_rpc_server: guard against exceptions (moneromooo-monero)
4230876b simplewallet: guard against I/O exceptions (moneromooo-monero)
06c1e057 daemon: initialize decode_as_json in RPC request (moneromooo-monero)
11f71af5 http_base: init size_t in http_request_info ctor (moneromooo-monero)
|
|
CID 175301
|
|
|
|
transactions
|
|
89b2f306 tests: fix invalid key image test (moneromooo-monero)
a374a522 wallet2: check key image validity domain in import_key_images (moneromooo-monero)
|
|
Integration could go further (ie, return_tx_to_pool calls should
not be needed anymore, possibly other things).
poolstate.bin is now obsolete.
|
|
It was using an invalid key image which wasn't in the key image
domain, so the transaction was rejected earlier than the test
was expecting
|
|
|
|
|
|
It had become very, very spammy
|
|
This replaces the epee and data_loggers logging systems with
a single one, and also adds filename:line and explicit severity
levels. Categories may be defined, and logging severity set
by category (or set of categories). epee style 0-4 log level
maps to a sensible severity configuration. Log files now also
rotate when reaching 100 MB.
To select which logs to output, use the MONERO_LOGS environment
variable, with a comma separated list of categories (globs are
supported), with their requested severity level after a colon.
If a log matches more than one such setting, the last one in
the configuration string applies. A few examples:
This one is (mostly) silent, only outputting fatal errors:
MONERO_LOGS=*:FATAL
This one is very verbose:
MONERO_LOGS=*:TRACE
This one is totally silent (logwise):
MONERO_LOGS=""
This one outputs all errors and warnings, except for the
"verify" category, which prints just fatal errors (the verify
category is used for logs about incoming transactions and
blocks, and it is expected that some/many will fail to verify,
hence we don't want the spam):
MONERO_LOGS=*:WARNING,verify:FATAL
Log levels are, in decreasing order of priority:
FATAL, ERROR, WARNING, INFO, DEBUG, TRACE
Subcategories may be added using prefixes and globs. This
example will output net.p2p logs at the TRACE level, but all
other net* logs only at INFO:
MONERO_LOGS=*:ERROR,net*:INFO,net.p2p:TRACE
Logs which are intended for the user (which Monero was using
a lot through epee, but really isn't a nice way to go things)
should use the "global" category. There are a few helper macros
for using this category, eg: MGINFO("this shows up by default")
or MGINFO_RED("this is red"), to try to keep a similar look
and feel for now.
Existing epee log macros still exist, and map to the new log
levels, but since they're used as a "user facing" UI element
as much as a logging system, they often don't map well to log
severities (ie, a log level 0 log may be an error, or may be
something we want the user to see, such as an important info).
In those cases, I tried to use the new macros. In other cases,
I left the existing macros in. When modifying logs, it is
probably best to switch to the new macros with explicit levels.
The --log-level options and set_log commands now also accept
category settings, in addition to the epee style log levels.
|
|
Also print its value when printing pool
|
|
Keep the immediate direct deps at the library that depends on them,
declare deps as PUBLIC so that targets that link against that library
get the library's deps as transitive deps.
Break dep cycle between blockchain_db <-> crytonote_core.
No code refactoring, just hide cycle from cmake so that
it doesn't complain (cycles are allowed only between
static libs, not shared libs).
This is in preparation for supproting BUILD_SHARED_LIBS cmake
built-in option for building internal libs as shared.
|
|
|
|
When RingCT is enabled, outputs from coinbase transactions
are created as a single output, and stored as RingCT output,
with a fake mask. Their amount is not hidden on the blockchain
itself, but they are then able to be used as fake inputs in
a RingCT ring. Since the output amounts are hidden, their
"dustiness" is not an obstacle anymore to mixing, and this
makes the coinbase transactions a lot smaller, as well as
helping the TXO set to grow more slowly.
Also add a new "Null" type of rct signature, which decreases
the size required when no signatures are to be stored, as
in a coinbase tx.
|
|
This allows the key to be not the same for two outputs sent to
the same address (eg, if you pay yourself, and also get change
back). Also remove the key amounts lists and return parameters
since we don't actually generate random ones, so we don't need
to save them as we can recalculate them when needed if we have
the correct keys.
|
|
for future expansion
|
|
|
|
|
|
Scheme design from luigi1114.
|
|
|
|
|
|
to protect the non-signatures parts of the tx from tampering.
|
|
|
|
It is not yet constrained to a fork, so don't use on the real network
or you'll be orphaned or rejected.
|
|
The tests for rejection of unmixable outputs in v2 are commented out,
as there are no unmixable outputs created anymore. This should be
restored at some point.
|
|
|
|
Reported and tested by smooth
|
|
Ain't nobody got time for link/cmake skullduggery.
This reverts commit fff238ec94ac6d45fc18c315d7bc590ddfaad63d.
|
|
Useful for debugging users' logs
|
|
This avoids the need to define that variable in every program
which uses epee.
|
|
d56b2e5 core_tests: fix a compile problem with CLANG (moneromooo-monero)
|
|
It doesn't like const objects from classes that do not have
a user defined ctor, apparently.
Reported by othe.
|
|
Forgot to add them before commit
|
|
We also replace the --fakechain option with an optional structure
containing details about configuration for the core/blockchain,
for test purposes. This seems more future friendly.
|
|
|
|
|
|
|
|
This fixes a use after free by ioservice threads
|
|
Either smaller coin values (as monero has smaller block rewards),
or pre-hard fork values (full reward zone), or post-Bytecoin values
(emission speed).
|
|
Some tests assume the first output in a transaction goes to the recipient.
However, it can be the change. When it is, the recipient's keys will not
recognize this output. To fix this, we send all we have, to ensure there
is no change, and the first output goes to the recipient.
I'm not sure why this worked with Cryptonote. The tests sent 17 coins,
which seems way smaller than the first Bytecoin block reward, so there
would have been change too. Maybe outputs were not shuffled originally.
|
|
While the original cryptonote accepted only the current major
version, we can accept higher ones.
|
|
Block reward may now be less than the full amount allowed.
This was breaking the bitflipping test.
We now keep track of whether a block which was accepted by the core
has a lower than allowed block reward, and allow this in the test.
|
|
They were trying to send too much monero, and thus failing.
The parameters were set in such a way that the (simple) output
gathering code could fulfill them for 4 block rewards for the
original Bytecoin emission, but that does not work with monero
so we need to use smaller values.
|
|
The current monero consensus uses 0.01 per kB fees, so use enough
for 2 kB transactions for now. It'll probably have to be either
bumped further or changed to calculate the proper fee.
|
|
The core tests use the blockchain, and reset it to be able
to add test data to it. This does not play nice with the
databases, since those will save that data without an explicit
save call.
We add a fakechain flag that the tests will set, which tells
the core and blockchain code to use a separate database, as
well as skip a few things like checkpoints and fixup, which
only make sense for real data.
|
|
It is already registered in cryptonote::core::init_options,
which we now call
|
|
The last relayed time of a transaction is maintained, and
transactions will be relayed again if they are still in the
pool after a certain amount of time, which increases with
the transaction's age. All such transactions are resent,
whether or not they originated on the local node.
|
|
Use the correct block time for realtime fuzz on locktime
Use the correct block time to calculate next_difficulty on alt chains (will not work as-is with voting)
Lock unit tests to original block time for now
|
|
version 2
|
|
|
|
|
|
+toc -doc -drmonero
Fixed the windows path, and improved logging and data
(for graph) logging, fixed some locks and added more checks.
Still there is a locking error,
not added by my patches, but present in master version
(locking of map/list of peers).
|
|
|
|
Older versions of CMake support LINK_{PUBLIC,PRIVATE} while newer
versions prefer PUBLIC and PRIVATE instead, but still support the LINK_
prefix.
|
|
|
|
|
|
Source: cryptonotefoundation
|
|
|
|
|
|
|
|
|
|
|