From c5024c5b73823380a51112935b77487f55da11b5 Mon Sep 17 00:00:00 2001 From: moneromooo-monero Date: Thu, 15 Mar 2018 09:56:49 +0000 Subject: simplewallet: add a warning when getting a daemon error in transfer A malicious daemon (or MITM) could attempt to add spurious errors so the wallet tries again, sending another set of fake outs. --- src/simplewallet/simplewallet.cpp | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) (limited to 'src') diff --git a/src/simplewallet/simplewallet.cpp b/src/simplewallet/simplewallet.cpp index 71ce1574f..7c0433e99 100644 --- a/src/simplewallet/simplewallet.cpp +++ b/src/simplewallet/simplewallet.cpp @@ -376,8 +376,9 @@ namespace return true; } - void handle_transfer_exception(const std::exception_ptr &e) + void handle_transfer_exception(const std::exception_ptr &e, bool trusted_daemon) { + bool warn_of_possible_attack = !trusted_daemon; try { std::rethrow_exception(e); @@ -405,6 +406,7 @@ namespace print_money(e.available()) % print_money(e.tx_amount())); fail_msg_writer() << tr("Not enough money in unlocked balance"); + warn_of_possible_attack = false; } catch (const tools::error::not_enough_money& e) { @@ -412,6 +414,7 @@ namespace print_money(e.available()) % print_money(e.tx_amount())); fail_msg_writer() << tr("Not enough money in unlocked balance"); + warn_of_possible_attack = false; } catch (const tools::error::tx_not_possible& e) { @@ -421,6 +424,7 @@ namespace print_money(e.tx_amount()) % print_money(e.fee())); fail_msg_writer() << tr("Failed to find a way to create transactions. This is usually due to dust which is so small it cannot pay for itself in fees, or trying to send more money than the unlocked balance, or not leaving enough for fees"); + warn_of_possible_attack = false; } catch (const tools::error::not_enough_outs_to_mix& e) { @@ -435,6 +439,7 @@ namespace catch (const tools::error::tx_not_constructed&) { fail_msg_writer() << tr("transaction was not constructed"); + warn_of_possible_attack = false; } catch (const tools::error::tx_rejected& e) { @@ -446,14 +451,17 @@ namespace catch (const tools::error::tx_sum_overflow& e) { fail_msg_writer() << e.what(); + warn_of_possible_attack = false; } catch (const tools::error::zero_destination&) { fail_msg_writer() << tr("one of destinations is zero"); + warn_of_possible_attack = false; } catch (const tools::error::tx_too_big& e) { fail_msg_writer() << tr("failed to find a suitable way to split transactions"); + warn_of_possible_attack = false; } catch (const tools::error::transfer_error& e) { @@ -464,6 +472,7 @@ namespace { LOG_ERROR("Multisig error: " << e.to_string()); fail_msg_writer() << tr("Multisig error: ") << e.what(); + warn_of_possible_attack = false; } catch (const tools::error::wallet_internal_error& e) { @@ -475,6 +484,9 @@ namespace LOG_ERROR("unexpected error: " << e.what()); fail_msg_writer() << tr("unexpected error: ") << e.what(); } + + if (warn_of_possible_attack) + fail_msg_writer() << tr("There was an error, which could mean the node may be trying to get you to retry creating a transaction, and zero in on which outputs you own. Or it could be a bona fide error. It may be prudent to disconnect from this node, and not try to send a tranasction immediately. Alternatively, connect to another node so the original node cannot correlate information."); } bool check_file_overwrite(const std::string &filename) @@ -1196,7 +1208,7 @@ bool simple_wallet::submit_multisig(const std::vector &args) } catch (const std::exception &e) { - handle_transfer_exception(std::current_exception()); + handle_transfer_exception(std::current_exception(), m_trusted_daemon); } catch (...) { @@ -4177,7 +4189,7 @@ bool simple_wallet::transfer_main(int transfer_type, const std::vector &args_) } catch (const std::exception &e) { - handle_transfer_exception(std::current_exception()); + handle_transfer_exception(std::current_exception(), m_trusted_daemon); } catch (...) { @@ -4518,7 +4530,7 @@ bool simple_wallet::sweep_main(uint64_t below, const std::vector &a } catch (const std::exception& e) { - handle_transfer_exception(std::current_exception()); + handle_transfer_exception(std::current_exception(), m_trusted_daemon); } catch (...) { @@ -4717,7 +4729,7 @@ bool simple_wallet::sweep_single(const std::vector &args_) } catch (const std::exception& e) { - handle_transfer_exception(std::current_exception()); + handle_transfer_exception(std::current_exception(), m_trusted_daemon); } catch (...) { @@ -5022,7 +5034,7 @@ bool simple_wallet::submit_transfer(const std::vector &args_) } catch (const std::exception& e) { - handle_transfer_exception(std::current_exception()); + handle_transfer_exception(std::current_exception(), m_trusted_daemon); } catch (...) { -- cgit v1.2.3