// Copyright (c) 2009-2010 Satoshi Nakamoto // Copyright (c) 2009-2014 The Bitcoin Core developers // Distributed under the MIT software license, see the accompanying // file COPYING or https://www.opensource.org/licenses/mit-license.php . #include "wallet/wallet.h" #include "asyncrpcqueue.h" #include "checkpoints.h" #include "coincontrol.h" #include "core_io.h" #include "consensus/upgrades.h" #include "consensus/validation.h" #include "consensus/consensus.h" #include "init.h" #include "key_io.h" #include "main.h" #include "net.h" #include "rpc/protocol.h" #include "rpc/server.h" #include "script/script.h" #include "script/sign.h" #include "timedata.h" #include "utilmoneystr.h" #include "zcash/Note.hpp" #include "crypter.h" #include "wallet/asyncrpcoperation_saplingmigration.h" #include "zcash/zip32.h" #include #include #include #include using namespace std; using namespace libzcash; extern UniValue sendrawtransaction(const UniValue& params, bool fHelp); /** * Settings */ CFeeRate payTxFee(DEFAULT_TRANSACTION_FEE); CAmount maxTxFee = DEFAULT_TRANSACTION_MAXFEE; unsigned int nTxConfirmTarget = DEFAULT_TX_CONFIRM_TARGET; bool bSpendZeroConfChange = true; bool fSendFreeTransactions = false; bool fPayAtLeastCustomFee = true; /** * Fees smaller than this (in satoshi) are considered zero fee (for transaction creation) * Override with -mintxfee */ CFeeRate CWallet::minTxFee = CFeeRate(1000); /** @defgroup mapWallet * * @{ */ struct CompareValueOnly { bool operator()(const pair >& t1, const pair >& t2) const { return t1.first < t2.first; } }; std::string JSOutPoint::ToString() const { return strprintf("JSOutPoint(%s, %d, %d)", hash.ToString().substr(0,10), js, n); } std::string COutput::ToString() const { return strprintf("COutput(%s, %d, %d) [%s]", tx->GetHash().ToString(), i, nDepth, FormatMoney(tx->vout[i].nValue)); } const CWalletTx* CWallet::GetWalletTx(const uint256& hash) const { LOCK(cs_wallet); std::map::const_iterator it = mapWallet.find(hash); if (it == mapWallet.end()) return NULL; return &(it->second); } // Generate a new spending key and return its public payment address libzcash::SproutPaymentAddress CWallet::GenerateNewSproutZKey() { AssertLockHeld(cs_wallet); // mapSproutZKeyMetadata auto k = SproutSpendingKey::random(); auto addr = k.address(); // Check for collision, even though it is unlikely to ever occur if (CCryptoKeyStore::HaveSproutSpendingKey(addr)) throw std::runtime_error("CWallet::GenerateNewSproutZKey(): Collision detected"); // Create new metadata int64_t nCreationTime = GetTime(); mapSproutZKeyMetadata[addr] = CKeyMetadata(nCreationTime); if (!AddSproutZKey(k)) throw std::runtime_error("CWallet::GenerateNewSproutZKey(): AddSproutZKey failed"); return addr; } // Generate a new Sapling spending key and return its public payment address SaplingPaymentAddress CWallet::GenerateNewSaplingZKey() { AssertLockHeld(cs_wallet); // mapSaplingZKeyMetadata // Create new metadata int64_t nCreationTime = GetTime(); CKeyMetadata metadata(nCreationTime); // Try to get the seed HDSeed seed; if (!GetHDSeed(seed)) throw std::runtime_error("CWallet::GenerateNewSaplingZKey(): HD seed not found"); auto m = libzcash::SaplingExtendedSpendingKey::Master(seed); uint32_t bip44CoinType = Params().BIP44CoinType(); // We use a fixed keypath scheme of m/32'/coin_type'/account' // Derive m/32' auto m_32h = m.Derive(32 | ZIP32_HARDENED_KEY_LIMIT); // Derive m/32'/coin_type' auto m_32h_cth = m_32h.Derive(bip44CoinType | ZIP32_HARDENED_KEY_LIMIT); // Derive account key at next index, skip keys already known to the wallet libzcash::SaplingExtendedSpendingKey xsk; do { xsk = m_32h_cth.Derive(hdChain.saplingAccountCounter | ZIP32_HARDENED_KEY_LIMIT); metadata.hdKeypath = "m/32'/" + std::to_string(bip44CoinType) + "'/" + std::to_string(hdChain.saplingAccountCounter) + "'"; metadata.seedFp = hdChain.seedFp; // Increment childkey index hdChain.saplingAccountCounter++; } while (HaveSaplingSpendingKey(xsk.expsk.full_viewing_key())); // Update the chain model in the database if (fFileBacked && !CWalletDB(strWalletFile).WriteHDChain(hdChain)) throw std::runtime_error("CWallet::GenerateNewSaplingZKey(): Writing HD chain model failed"); auto ivk = xsk.expsk.full_viewing_key().in_viewing_key(); mapSaplingZKeyMetadata[ivk] = metadata; auto addr = xsk.DefaultAddress(); if (!AddSaplingZKey(xsk, addr)) { throw std::runtime_error("CWallet::GenerateNewSaplingZKey(): AddSaplingZKey failed"); } // return default sapling payment address. return addr; } // Add spending key to keystore bool CWallet::AddSaplingZKey( const libzcash::SaplingExtendedSpendingKey &sk, const libzcash::SaplingPaymentAddress &defaultAddr) { AssertLockHeld(cs_wallet); // mapSaplingZKeyMetadata if (!CCryptoKeyStore::AddSaplingSpendingKey(sk, defaultAddr)) { return false; } if (!fFileBacked) { return true; } if (!IsCrypted()) { auto ivk = sk.expsk.full_viewing_key().in_viewing_key(); return CWalletDB(strWalletFile).WriteSaplingZKey(ivk, sk, mapSaplingZKeyMetadata[ivk]); } return true; } // Add payment address -> incoming viewing key map entry bool CWallet::AddSaplingIncomingViewingKey( const libzcash::SaplingIncomingViewingKey &ivk, const libzcash::SaplingPaymentAddress &addr) { AssertLockHeld(cs_wallet); // mapSaplingZKeyMetadata if (!CCryptoKeyStore::AddSaplingIncomingViewingKey(ivk, addr)) { return false; } if (!fFileBacked) { return true; } if (!IsCrypted()) { return CWalletDB(strWalletFile).WriteSaplingPaymentAddress(addr, ivk); } return true; } // Add spending key to keystore and persist to disk bool CWallet::AddSproutZKey(const libzcash::SproutSpendingKey &key) { AssertLockHeld(cs_wallet); // mapSproutZKeyMetadata auto addr = key.address(); if (!CCryptoKeyStore::AddSproutSpendingKey(key)) return false; // check if we need to remove from viewing keys if (HaveSproutViewingKey(addr)) RemoveSproutViewingKey(key.viewing_key()); if (!fFileBacked) return true; if (!IsCrypted()) { return CWalletDB(strWalletFile).WriteZKey(addr, key, mapSproutZKeyMetadata[addr]); } return true; } CPubKey CWallet::GenerateNewKey() { AssertLockHeld(cs_wallet); // mapKeyMetadata bool fCompressed = CanSupportFeature(FEATURE_COMPRPUBKEY); // default to compressed public keys if we want 0.6.0 wallets CKey secret; secret.MakeNewKey(fCompressed); // Compressed public keys were introduced in version 0.6.0 if (fCompressed) SetMinVersion(FEATURE_COMPRPUBKEY); CPubKey pubkey = secret.GetPubKey(); assert(secret.VerifyPubKey(pubkey)); // Create new metadata int64_t nCreationTime = GetTime(); mapKeyMetadata[pubkey.GetID()] = CKeyMetadata(nCreationTime); if (!nTimeFirstKey || nCreationTime < nTimeFirstKey) nTimeFirstKey = nCreationTime; if (!AddKeyPubKey(secret, pubkey)) throw std::runtime_error("CWallet::GenerateNewKey(): AddKey failed"); return pubkey; } bool CWallet::AddKeyPubKey(const CKey& secret, const CPubKey &pubkey) { AssertLockHeld(cs_wallet); // mapKeyMetadata if (!CCryptoKeyStore::AddKeyPubKey(secret, pubkey)) return false; // check if we need to remove from watch-only CScript script; script = GetScriptForDestination(pubkey.GetID()); if (HaveWatchOnly(script)) RemoveWatchOnly(script); if (!fFileBacked) return true; if (!IsCrypted()) { return CWalletDB(strWalletFile).WriteKey(pubkey, secret.GetPrivKey(), mapKeyMetadata[pubkey.GetID()]); } return true; } bool CWallet::AddCryptedKey(const CPubKey &vchPubKey, const vector &vchCryptedSecret) { if (!CCryptoKeyStore::AddCryptedKey(vchPubKey, vchCryptedSecret)) return false; if (!fFileBacked) return true; { LOCK(cs_wallet); if (pwalletdbEncryption) return pwalletdbEncryption->WriteCryptedKey(vchPubKey, vchCryptedSecret, mapKeyMetadata[vchPubKey.GetID()]); else return CWalletDB(strWalletFile).WriteCryptedKey(vchPubKey, vchCryptedSecret, mapKeyMetadata[vchPubKey.GetID()]); } return false; } bool CWallet::AddCryptedSproutSpendingKey( const libzcash::SproutPaymentAddress &address, const libzcash::ReceivingKey &rk, const std::vector &vchCryptedSecret) { if (!CCryptoKeyStore::AddCryptedSproutSpendingKey(address, rk, vchCryptedSecret)) return false; if (!fFileBacked) return true; { LOCK(cs_wallet); if (pwalletdbEncryption) { return pwalletdbEncryption->WriteCryptedZKey(address, rk, vchCryptedSecret, mapSproutZKeyMetadata[address]); } else { return CWalletDB(strWalletFile).WriteCryptedZKey(address, rk, vchCryptedSecret, mapSproutZKeyMetadata[address]); } } return false; } bool CWallet::AddCryptedSaplingSpendingKey(const libzcash::SaplingExtendedFullViewingKey &extfvk, const std::vector &vchCryptedSecret, const libzcash::SaplingPaymentAddress &defaultAddr) { if (!CCryptoKeyStore::AddCryptedSaplingSpendingKey(extfvk, vchCryptedSecret, defaultAddr)) return false; if (!fFileBacked) return true; { LOCK(cs_wallet); if (pwalletdbEncryption) { return pwalletdbEncryption->WriteCryptedSaplingZKey(extfvk, vchCryptedSecret, mapSaplingZKeyMetadata[extfvk.fvk.in_viewing_key()]); } else { return CWalletDB(strWalletFile).WriteCryptedSaplingZKey(extfvk, vchCryptedSecret, mapSaplingZKeyMetadata[extfvk.fvk.in_viewing_key()]); } } return false; } bool CWallet::LoadKeyMetadata(const CPubKey &pubkey, const CKeyMetadata &meta) { AssertLockHeld(cs_wallet); // mapKeyMetadata if (meta.nCreateTime && (!nTimeFirstKey || meta.nCreateTime < nTimeFirstKey)) nTimeFirstKey = meta.nCreateTime; mapKeyMetadata[pubkey.GetID()] = meta; return true; } bool CWallet::LoadZKeyMetadata(const SproutPaymentAddress &addr, const CKeyMetadata &meta) { AssertLockHeld(cs_wallet); // mapSproutZKeyMetadata mapSproutZKeyMetadata[addr] = meta; return true; } bool CWallet::LoadCryptedKey(const CPubKey &vchPubKey, const std::vector &vchCryptedSecret) { return CCryptoKeyStore::AddCryptedKey(vchPubKey, vchCryptedSecret); } bool CWallet::LoadCryptedZKey(const libzcash::SproutPaymentAddress &addr, const libzcash::ReceivingKey &rk, const std::vector &vchCryptedSecret) { return CCryptoKeyStore::AddCryptedSproutSpendingKey(addr, rk, vchCryptedSecret); } bool CWallet::LoadCryptedSaplingZKey( const libzcash::SaplingExtendedFullViewingKey &extfvk, const std::vector &vchCryptedSecret) { return CCryptoKeyStore::AddCryptedSaplingSpendingKey(extfvk, vchCryptedSecret, extfvk.DefaultAddress()); } bool CWallet::LoadSaplingZKeyMetadata(const libzcash::SaplingIncomingViewingKey &ivk, const CKeyMetadata &meta) { AssertLockHeld(cs_wallet); // mapSaplingZKeyMetadata mapSaplingZKeyMetadata[ivk] = meta; return true; } bool CWallet::LoadSaplingZKey(const libzcash::SaplingExtendedSpendingKey &key) { return CCryptoKeyStore::AddSaplingSpendingKey(key, key.DefaultAddress()); } bool CWallet::LoadSaplingPaymentAddress( const libzcash::SaplingPaymentAddress &addr, const libzcash::SaplingIncomingViewingKey &ivk) { return CCryptoKeyStore::AddSaplingIncomingViewingKey(ivk, addr); } bool CWallet::LoadZKey(const libzcash::SproutSpendingKey &key) { return CCryptoKeyStore::AddSproutSpendingKey(key); } bool CWallet::AddSproutViewingKey(const libzcash::SproutViewingKey &vk) { if (!CCryptoKeyStore::AddSproutViewingKey(vk)) { return false; } nTimeFirstKey = 1; // No birthday information for viewing keys. if (!fFileBacked) { return true; } return CWalletDB(strWalletFile).WriteSproutViewingKey(vk); } bool CWallet::RemoveSproutViewingKey(const libzcash::SproutViewingKey &vk) { AssertLockHeld(cs_wallet); if (!CCryptoKeyStore::RemoveSproutViewingKey(vk)) { return false; } if (fFileBacked) { if (!CWalletDB(strWalletFile).EraseSproutViewingKey(vk)) { return false; } } return true; } bool CWallet::LoadSproutViewingKey(const libzcash::SproutViewingKey &vk) { return CCryptoKeyStore::AddSproutViewingKey(vk); } bool CWallet::AddCScript(const CScript& redeemScript) { if (!CCryptoKeyStore::AddCScript(redeemScript)) return false; if (!fFileBacked) return true; return CWalletDB(strWalletFile).WriteCScript(Hash160(redeemScript), redeemScript); } bool CWallet::LoadCScript(const CScript& redeemScript) { /* A sanity check was added in pull #3843 to avoid adding redeemScripts * that never can be redeemed. However, old wallets may still contain * these. Do not add them to the wallet and warn. */ if (redeemScript.size() > MAX_SCRIPT_ELEMENT_SIZE) { std::string strAddr = EncodeDestination(CScriptID(redeemScript)); LogPrintf("%s: Warning: This wallet contains a redeemScript of size %i which exceeds maximum size %i thus can never be redeemed. Do not use address %s.\n", __func__, redeemScript.size(), MAX_SCRIPT_ELEMENT_SIZE, strAddr); return true; } return CCryptoKeyStore::AddCScript(redeemScript); } bool CWallet::AddWatchOnly(const CScript &dest) { if (!CCryptoKeyStore::AddWatchOnly(dest)) return false; nTimeFirstKey = 1; // No birthday information for watch-only keys. NotifyWatchonlyChanged(true); if (!fFileBacked) return true; return CWalletDB(strWalletFile).WriteWatchOnly(dest); } bool CWallet::RemoveWatchOnly(const CScript &dest) { AssertLockHeld(cs_wallet); if (!CCryptoKeyStore::RemoveWatchOnly(dest)) return false; if (!HaveWatchOnly()) NotifyWatchonlyChanged(false); if (fFileBacked) if (!CWalletDB(strWalletFile).EraseWatchOnly(dest)) return false; return true; } bool CWallet::LoadWatchOnly(const CScript &dest) { return CCryptoKeyStore::AddWatchOnly(dest); } bool CWallet::Unlock(const SecureString& strWalletPassphrase) { CCrypter crypter; CKeyingMaterial vMasterKey; { LOCK(cs_wallet); BOOST_FOREACH(const MasterKeyMap::value_type& pMasterKey, mapMasterKeys) { if(!crypter.SetKeyFromPassphrase(strWalletPassphrase, pMasterKey.second.vchSalt, pMasterKey.second.nDeriveIterations, pMasterKey.second.nDerivationMethod)) return false; if (!crypter.Decrypt(pMasterKey.second.vchCryptedKey, vMasterKey)) continue; // try another master key if (CCryptoKeyStore::Unlock(vMasterKey)) { // Now that the wallet is decrypted, ensure we have an HD seed. // https://github.com/zcash/zcash/issues/3607 if (!this->HaveHDSeed()) { this->GenerateNewSeed(); } return true; } } } return false; } bool CWallet::ChangeWalletPassphrase(const SecureString& strOldWalletPassphrase, const SecureString& strNewWalletPassphrase) { bool fWasLocked = IsLocked(); { LOCK(cs_wallet); Lock(); CCrypter crypter; CKeyingMaterial vMasterKey; BOOST_FOREACH(MasterKeyMap::value_type& pMasterKey, mapMasterKeys) { if(!crypter.SetKeyFromPassphrase(strOldWalletPassphrase, pMasterKey.second.vchSalt, pMasterKey.second.nDeriveIterations, pMasterKey.second.nDerivationMethod)) return false; if (!crypter.Decrypt(pMasterKey.second.vchCryptedKey, vMasterKey)) return false; if (CCryptoKeyStore::Unlock(vMasterKey)) { int64_t nStartTime = GetTimeMillis(); crypter.SetKeyFromPassphrase(strNewWalletPassphrase, pMasterKey.second.vchSalt, pMasterKey.second.nDeriveIterations, pMasterKey.second.nDerivationMethod); pMasterKey.second.nDeriveIterations = pMasterKey.second.nDeriveIterations * (100 / ((double)(GetTimeMillis() - nStartTime))); nStartTime = GetTimeMillis(); crypter.SetKeyFromPassphrase(strNewWalletPassphrase, pMasterKey.second.vchSalt, pMasterKey.second.nDeriveIterations, pMasterKey.second.nDerivationMethod); pMasterKey.second.nDeriveIterations = (pMasterKey.second.nDeriveIterations + pMasterKey.second.nDeriveIterations * 100 / ((double)(GetTimeMillis() - nStartTime))) / 2; if (pMasterKey.second.nDeriveIterations < 25000) pMasterKey.second.nDeriveIterations = 25000; LogPrintf("Wallet passphrase changed to an nDeriveIterations of %i\n", pMasterKey.second.nDeriveIterations); if (!crypter.SetKeyFromPassphrase(strNewWalletPassphrase, pMasterKey.second.vchSalt, pMasterKey.second.nDeriveIterations, pMasterKey.second.nDerivationMethod)) return false; if (!crypter.Encrypt(vMasterKey, pMasterKey.second.vchCryptedKey)) return false; CWalletDB(strWalletFile).WriteMasterKey(pMasterKey.first, pMasterKey.second); if (fWasLocked) Lock(); return true; } } } return false; } void CWallet::ChainTipAdded(const CBlockIndex *pindex, const CBlock *pblock, SproutMerkleTree sproutTree, SaplingMerkleTree saplingTree) { IncrementNoteWitnesses(pindex, pblock, sproutTree, saplingTree); UpdateSaplingNullifierNoteMapForBlock(pblock); } void CWallet::ChainTip(const CBlockIndex *pindex, const CBlock *pblock, SproutMerkleTree sproutTree, SaplingMerkleTree saplingTree, bool added) { if (added) { ChainTipAdded(pindex, pblock, sproutTree, saplingTree); // Prevent migration transactions from being created when node is syncing after launch, // and also when node wakes up from suspension/hibernation and incoming blocks are old. if (!IsInitialBlockDownload(Params()) && pblock->GetBlockTime() > GetAdjustedTime() - 3 * 60 * 60) { RunSaplingMigration(pindex->nHeight); } } else { DecrementNoteWitnesses(pindex); UpdateSaplingNullifierNoteMapForBlock(pblock); } } void CWallet::RunSaplingMigration(int blockHeight) { if (!NetworkUpgradeActive(blockHeight, Params().GetConsensus(), Consensus::UPGRADE_SAPLING)) { return; } LOCK(cs_wallet); if (!fSaplingMigrationEnabled) { return; } // The migration transactions to be sent in a particular batch can take // significant time to generate, and this time depends on the speed of the user's // computer. If they were generated only after a block is seen at the target // height minus 1, then this could leak information. Therefore, for target // height N, implementations SHOULD start generating the transactions at around // height N-5 if (blockHeight % 500 == 495) { std::shared_ptr q = getAsyncRPCQueue(); std::shared_ptr lastOperation = q->getOperationForId(saplingMigrationOperationId); if (lastOperation != nullptr) { lastOperation->cancel(); } pendingSaplingMigrationTxs.clear(); std::shared_ptr operation(new AsyncRPCOperation_saplingmigration(blockHeight + 5)); saplingMigrationOperationId = operation->getId(); q->addOperation(operation); } else if (blockHeight % 500 == 499) { std::shared_ptr q = getAsyncRPCQueue(); std::shared_ptr lastOperation = q->getOperationForId(saplingMigrationOperationId); if (lastOperation != nullptr) { lastOperation->cancel(); } for (const CTransaction& transaction : pendingSaplingMigrationTxs) { // The following is taken from z_sendmany/z_mergetoaddress // Send the transaction // TODO: Use CWallet::CommitTransaction instead of sendrawtransaction auto signedtxn = EncodeHexTx(transaction); UniValue params = UniValue(UniValue::VARR); params.push_back(signedtxn); UniValue sendResultValue = sendrawtransaction(params, false); if (sendResultValue.isNull()) { throw JSONRPCError(RPC_WALLET_ERROR, "sendrawtransaction did not return an error or a txid."); } } pendingSaplingMigrationTxs.clear(); } } void CWallet::AddPendingSaplingMigrationTx(const CTransaction& tx) { LOCK(cs_wallet); pendingSaplingMigrationTxs.push_back(tx); } void CWallet::SetBestChain(const CBlockLocator& loc) { CWalletDB walletdb(strWalletFile); SetBestChainINTERNAL(walletdb, loc); } std::set> CWallet::GetNullifiersForAddresses( const std::set & addresses) { std::set> nullifierSet; // Sapling ivk -> list of addrs map // (There may be more than one diversified address for a given ivk.) std::map> ivkMap; for (const auto & addr : addresses) { auto saplingAddr = boost::get(&addr); if (saplingAddr != nullptr) { libzcash::SaplingIncomingViewingKey ivk; this->GetSaplingIncomingViewingKey(*saplingAddr, ivk); ivkMap[ivk].push_back(*saplingAddr); } } for (const auto & txPair : mapWallet) { // Sprout for (const auto & noteDataPair : txPair.second.mapSproutNoteData) { auto & noteData = noteDataPair.second; auto & nullifier = noteData.nullifier; auto & address = noteData.address; if (nullifier && addresses.count(address)) { nullifierSet.insert(std::make_pair(address, nullifier.get())); } } // Sapling for (const auto & noteDataPair : txPair.second.mapSaplingNoteData) { auto & noteData = noteDataPair.second; auto & nullifier = noteData.nullifier; auto & ivk = noteData.ivk; if (nullifier && ivkMap.count(ivk)) { for (const auto & addr : ivkMap[ivk]) { nullifierSet.insert(std::make_pair(addr, nullifier.get())); } } } } return nullifierSet; } bool CWallet::IsNoteSproutChange( const std::set> & nullifierSet, const PaymentAddress & address, const JSOutPoint & jsop) { // A Note is marked as "change" if the address that received it // also spent Notes in the same transaction. This will catch, // for instance: // - Change created by spending fractions of Notes (because // z_sendmany sends change to the originating z-address). // - "Chaining Notes" used to connect JoinSplits together. // - Notes created by consolidation transactions (e.g. using // z_mergetoaddress). // - Notes sent from one address to itself. for (const JSDescription & jsd : mapWallet[jsop.hash].vJoinSplit) { for (const uint256 & nullifier : jsd.nullifiers) { if (nullifierSet.count(std::make_pair(address, nullifier))) { return true; } } } return false; } bool CWallet::IsNoteSaplingChange(const std::set> & nullifierSet, const libzcash::PaymentAddress & address, const SaplingOutPoint & op) { // A Note is marked as "change" if the address that received it // also spent Notes in the same transaction. This will catch, // for instance: // - Change created by spending fractions of Notes (because // z_sendmany sends change to the originating z-address). // - Notes created by consolidation transactions (e.g. using // z_mergetoaddress). // - Notes sent from one address to itself. for (const SpendDescription &spend : mapWallet[op.hash].vShieldedSpend) { if (nullifierSet.count(std::make_pair(address, spend.nullifier))) { return true; } } return false; } bool CWallet::SetMinVersion(enum WalletFeature nVersion, CWalletDB* pwalletdbIn, bool fExplicit) { LOCK(cs_wallet); // nWalletVersion if (nWalletVersion >= nVersion) return true; // when doing an explicit upgrade, if we pass the max version permitted, upgrade all the way if (fExplicit && nVersion > nWalletMaxVersion) nVersion = FEATURE_LATEST; nWalletVersion = nVersion; if (nVersion > nWalletMaxVersion) nWalletMaxVersion = nVersion; if (fFileBacked) { CWalletDB* pwalletdb = pwalletdbIn ? pwalletdbIn : new CWalletDB(strWalletFile); if (nWalletVersion > 40000) pwalletdb->WriteMinVersion(nWalletVersion); if (!pwalletdbIn) delete pwalletdb; } return true; } bool CWallet::SetMaxVersion(int nVersion) { LOCK(cs_wallet); // nWalletVersion, nWalletMaxVersion // cannot downgrade below current version if (nWalletVersion > nVersion) return false; nWalletMaxVersion = nVersion; return true; } set CWallet::GetConflicts(const uint256& txid) const { set result; AssertLockHeld(cs_wallet); std::map::const_iterator it = mapWallet.find(txid); if (it == mapWallet.end()) return result; const CWalletTx& wtx = it->second; std::pair range; BOOST_FOREACH(const CTxIn& txin, wtx.vin) { if (mapTxSpends.count(txin.prevout) <= 1) continue; // No conflict if zero or one spends range = mapTxSpends.equal_range(txin.prevout); for (TxSpends::const_iterator it = range.first; it != range.second; ++it) result.insert(it->second); } std::pair range_n; for (const JSDescription& jsdesc : wtx.vJoinSplit) { for (const uint256& nullifier : jsdesc.nullifiers) { if (mapTxSproutNullifiers.count(nullifier) <= 1) { continue; // No conflict if zero or one spends } range_n = mapTxSproutNullifiers.equal_range(nullifier); for (TxNullifiers::const_iterator it = range_n.first; it != range_n.second; ++it) { result.insert(it->second); } } } std::pair range_o; for (const SpendDescription &spend : wtx.vShieldedSpend) { uint256 nullifier = spend.nullifier; if (mapTxSaplingNullifiers.count(nullifier) <= 1) { continue; // No conflict if zero or one spends } range_o = mapTxSaplingNullifiers.equal_range(nullifier); for (TxNullifiers::const_iterator it = range_o.first; it != range_o.second; ++it) { result.insert(it->second); } } return result; } void CWallet::Flush(bool shutdown) { bitdb.Flush(shutdown); } bool CWallet::Verify(const string& walletFile, string& warningString, string& errorString) { if (!bitdb.Open(GetDataDir())) { // try moving the database env out of the way boost::filesystem::path pathDatabase = GetDataDir() / "database"; boost::filesystem::path pathDatabaseBak = GetDataDir() / strprintf("database.%d.bak", GetTime()); try { boost::filesystem::rename(pathDatabase, pathDatabaseBak); LogPrintf("Moved old %s to %s. Retrying.\n", pathDatabase.string(), pathDatabaseBak.string()); } catch (const boost::filesystem::filesystem_error&) { // failure is ok (well, not really, but it's not worse than what we started with) } // try again if (!bitdb.Open(GetDataDir())) { // if it still fails, it probably means we can't even create the database env string msg = strprintf(_("Error initializing wallet database environment %s!"), GetDataDir()); errorString += msg; return true; } } if (GetBoolArg("-salvagewallet", false)) { // Recover readable keypairs: if (!CWalletDB::Recover(bitdb, walletFile, true)) return false; } if (boost::filesystem::exists(GetDataDir() / walletFile)) { CDBEnv::VerifyResult r = bitdb.Verify(walletFile, CWalletDB::Recover); if (r == CDBEnv::RECOVER_OK) { warningString += strprintf(_("Warning: wallet.dat corrupt, data salvaged!" " Original wallet.dat saved as wallet.{timestamp}.bak in %s; if" " your balance or transactions are incorrect you should" " restore from a backup."), GetDataDir()); } if (r == CDBEnv::RECOVER_FAIL) errorString += _("wallet.dat corrupt, salvage failed"); } return true; } template void CWallet::SyncMetaData(pair::iterator, typename TxSpendMap::iterator> range) { // We want all the wallet transactions in range to have the same metadata as // the oldest (smallest nOrderPos). // So: find smallest nOrderPos: int nMinOrderPos = std::numeric_limits::max(); const CWalletTx* copyFrom = NULL; for (typename TxSpendMap::iterator it = range.first; it != range.second; ++it) { const uint256& hash = it->second; int n = mapWallet[hash].nOrderPos; if (n < nMinOrderPos) { nMinOrderPos = n; copyFrom = &mapWallet[hash]; } } // Now copy data from copyFrom to rest: for (typename TxSpendMap::iterator it = range.first; it != range.second; ++it) { const uint256& hash = it->second; CWalletTx* copyTo = &mapWallet[hash]; if (copyFrom == copyTo) continue; copyTo->mapValue = copyFrom->mapValue; // mapSproutNoteData and mapSaplingNoteData not copied on purpose // (it is always set correctly for each CWalletTx) copyTo->vOrderForm = copyFrom->vOrderForm; // fTimeReceivedIsTxTime not copied on purpose // nTimeReceived not copied on purpose copyTo->nTimeSmart = copyFrom->nTimeSmart; copyTo->fFromMe = copyFrom->fFromMe; copyTo->strFromAccount = copyFrom->strFromAccount; // nOrderPos not copied on purpose // cached members not copied on purpose } } /** * Outpoint is spent if any non-conflicted transaction * spends it: */ bool CWallet::IsSpent(const uint256& hash, unsigned int n) const { const COutPoint outpoint(hash, n); pair range; range = mapTxSpends.equal_range(outpoint); for (TxSpends::const_iterator it = range.first; it != range.second; ++it) { const uint256& wtxid = it->second; std::map::const_iterator mit = mapWallet.find(wtxid); if (mit != mapWallet.end() && mit->second.GetDepthInMainChain() >= 0) return true; // Spent } return false; } /** * Note is spent if any non-conflicted transaction * spends it: */ bool CWallet::IsSproutSpent(const uint256& nullifier) const { pair range; range = mapTxSproutNullifiers.equal_range(nullifier); for (TxNullifiers::const_iterator it = range.first; it != range.second; ++it) { const uint256& wtxid = it->second; std::map::const_iterator mit = mapWallet.find(wtxid); if (mit != mapWallet.end() && mit->second.GetDepthInMainChain() >= 0) { return true; // Spent } } return false; } bool CWallet::IsSaplingSpent(const uint256& nullifier) const { pair range; range = mapTxSaplingNullifiers.equal_range(nullifier); for (TxNullifiers::const_iterator it = range.first; it != range.second; ++it) { const uint256& wtxid = it->second; std::map::const_iterator mit = mapWallet.find(wtxid); if (mit != mapWallet.end() && mit->second.GetDepthInMainChain() >= 0) { return true; // Spent } } return false; } void CWallet::AddToTransparentSpends(const COutPoint& outpoint, const uint256& wtxid) { mapTxSpends.insert(make_pair(outpoint, wtxid)); pair range; range = mapTxSpends.equal_range(outpoint); SyncMetaData(range); } void CWallet::AddToSproutSpends(const uint256& nullifier, const uint256& wtxid) { mapTxSproutNullifiers.insert(make_pair(nullifier, wtxid)); pair range; range = mapTxSproutNullifiers.equal_range(nullifier); SyncMetaData(range); } void CWallet::AddToSaplingSpends(const uint256& nullifier, const uint256& wtxid) { mapTxSaplingNullifiers.insert(make_pair(nullifier, wtxid)); pair range; range = mapTxSaplingNullifiers.equal_range(nullifier); SyncMetaData(range); } void CWallet::AddToSpends(const uint256& wtxid) { assert(mapWallet.count(wtxid)); CWalletTx& thisTx = mapWallet[wtxid]; if (thisTx.IsCoinBase()) // Coinbases don't spend anything! return; for (const CTxIn& txin : thisTx.vin) { AddToTransparentSpends(txin.prevout, wtxid); } for (const JSDescription& jsdesc : thisTx.vJoinSplit) { for (const uint256& nullifier : jsdesc.nullifiers) { AddToSproutSpends(nullifier, wtxid); } } for (const SpendDescription &spend : thisTx.vShieldedSpend) { AddToSaplingSpends(spend.nullifier, wtxid); } } void CWallet::ClearNoteWitnessCache() { LOCK(cs_wallet); for (std::pair& wtxItem : mapWallet) { for (mapSproutNoteData_t::value_type& item : wtxItem.second.mapSproutNoteData) { item.second.witnesses.clear(); item.second.witnessHeight = -1; } for (mapSaplingNoteData_t::value_type& item : wtxItem.second.mapSaplingNoteData) { item.second.witnesses.clear(); item.second.witnessHeight = -1; } } nWitnessCacheSize = 0; } template void CopyPreviousWitnesses(NoteDataMap& noteDataMap, int indexHeight, int64_t nWitnessCacheSize) { for (auto& item : noteDataMap) { auto* nd = &(item.second); // Only increment witnesses that are behind the current height if (nd->witnessHeight < indexHeight) { // Check the validity of the cache // The only time a note witnessed above the current height // would be invalid here is during a reindex when blocks // have been decremented, and we are incrementing the blocks // immediately after. assert(nWitnessCacheSize >= nd->witnesses.size()); // Witnesses being incremented should always be either -1 // (never incremented or decremented) or one below indexHeight assert((nd->witnessHeight == -1) || (nd->witnessHeight == indexHeight - 1)); // Copy the witness for the previous block if we have one if (nd->witnesses.size() > 0) { nd->witnesses.push_front(nd->witnesses.front()); } if (nd->witnesses.size() > WITNESS_CACHE_SIZE) { nd->witnesses.pop_back(); } } } } template void AppendNoteCommitment(NoteDataMap& noteDataMap, int indexHeight, int64_t nWitnessCacheSize, const uint256& note_commitment) { for (auto& item : noteDataMap) { auto* nd = &(item.second); if (nd->witnessHeight < indexHeight && nd->witnesses.size() > 0) { // Check the validity of the cache // See comment in CopyPreviousWitnesses about validity. assert(nWitnessCacheSize >= nd->witnesses.size()); nd->witnesses.front().append(note_commitment); } } } template void WitnessNoteIfMine(std::map& noteDataMap, int indexHeight, int64_t nWitnessCacheSize, const OutPoint& key, const Witness& witness) { if (noteDataMap.count(key) && noteDataMap[key].witnessHeight < indexHeight) { auto* nd = &(noteDataMap[key]); if (nd->witnesses.size() > 0) { // We think this can happen because we write out the // witness cache state after every block increment or // decrement, but the block index itself is written in // batches. So if the node crashes in between these two // operations, it is possible for IncrementNoteWitnesses // to be called again on previously-cached blocks. This // doesn't affect existing cached notes because of the // NoteData::witnessHeight checks. See #1378 for details. LogPrintf("Inconsistent witness cache state found for %s\n- Cache size: %d\n- Top (height %d): %s\n- New (height %d): %s\n", key.ToString(), nd->witnesses.size(), nd->witnessHeight, nd->witnesses.front().root().GetHex(), indexHeight, witness.root().GetHex()); nd->witnesses.clear(); } nd->witnesses.push_front(witness); // Set height to one less than pindex so it gets incremented nd->witnessHeight = indexHeight - 1; // Check the validity of the cache assert(nWitnessCacheSize >= nd->witnesses.size()); } } template void UpdateWitnessHeights(NoteDataMap& noteDataMap, int indexHeight, int64_t nWitnessCacheSize) { for (auto& item : noteDataMap) { auto* nd = &(item.second); if (nd->witnessHeight < indexHeight) { nd->witnessHeight = indexHeight; // Check the validity of the cache // See comment in CopyPreviousWitnesses about validity. assert(nWitnessCacheSize >= nd->witnesses.size()); } } } void CWallet::IncrementNoteWitnesses(const CBlockIndex* pindex, const CBlock* pblockIn, SproutMerkleTree& sproutTree, SaplingMerkleTree& saplingTree) { LOCK(cs_wallet); for (std::pair& wtxItem : mapWallet) { ::CopyPreviousWitnesses(wtxItem.second.mapSproutNoteData, pindex->nHeight, nWitnessCacheSize); ::CopyPreviousWitnesses(wtxItem.second.mapSaplingNoteData, pindex->nHeight, nWitnessCacheSize); } if (nWitnessCacheSize < WITNESS_CACHE_SIZE) { nWitnessCacheSize += 1; } const CBlock* pblock {pblockIn}; CBlock block; if (!pblock) { ReadBlockFromDisk(block, pindex, Params().GetConsensus()); pblock = █ } for (const CTransaction& tx : pblock->vtx) { auto hash = tx.GetHash(); bool txIsOurs = mapWallet.count(hash); // Sprout for (size_t i = 0; i < tx.vJoinSplit.size(); i++) { const JSDescription& jsdesc = tx.vJoinSplit[i]; for (uint8_t j = 0; j < jsdesc.commitments.size(); j++) { const uint256& note_commitment = jsdesc.commitments[j]; sproutTree.append(note_commitment); // Increment existing witnesses for (std::pair& wtxItem : mapWallet) { ::AppendNoteCommitment(wtxItem.second.mapSproutNoteData, pindex->nHeight, nWitnessCacheSize, note_commitment); } // If this is our note, witness it if (txIsOurs) { JSOutPoint jsoutpt {hash, i, j}; ::WitnessNoteIfMine(mapWallet[hash].mapSproutNoteData, pindex->nHeight, nWitnessCacheSize, jsoutpt, sproutTree.witness()); } } } // Sapling for (uint32_t i = 0; i < tx.vShieldedOutput.size(); i++) { const uint256& note_commitment = tx.vShieldedOutput[i].cm; saplingTree.append(note_commitment); // Increment existing witnesses for (std::pair& wtxItem : mapWallet) { ::AppendNoteCommitment(wtxItem.second.mapSaplingNoteData, pindex->nHeight, nWitnessCacheSize, note_commitment); } // If this is our note, witness it if (txIsOurs) { SaplingOutPoint outPoint {hash, i}; ::WitnessNoteIfMine(mapWallet[hash].mapSaplingNoteData, pindex->nHeight, nWitnessCacheSize, outPoint, saplingTree.witness()); } } } // Update witness heights for (std::pair& wtxItem : mapWallet) { ::UpdateWitnessHeights(wtxItem.second.mapSproutNoteData, pindex->nHeight, nWitnessCacheSize); ::UpdateWitnessHeights(wtxItem.second.mapSaplingNoteData, pindex->nHeight, nWitnessCacheSize); } // For performance reasons, we write out the witness cache in // CWallet::SetBestChain() (which also ensures that overall consistency // of the wallet.dat is maintained). } template void DecrementNoteWitnesses(NoteDataMap& noteDataMap, int indexHeight, int64_t nWitnessCacheSize) { for (auto& item : noteDataMap) { auto* nd = &(item.second); // Only decrement witnesses that are not above the current height if (nd->witnessHeight <= indexHeight) { // Check the validity of the cache // See comment below (this would be invalid if there were a // prior decrement). assert(nWitnessCacheSize >= nd->witnesses.size()); // Witnesses being decremented should always be either -1 // (never incremented or decremented) or equal to the height // of the block being removed (indexHeight) assert((nd->witnessHeight == -1) || (nd->witnessHeight == indexHeight)); if (nd->witnesses.size() > 0) { nd->witnesses.pop_front(); } // indexHeight is the height of the block being removed, so // the new witness cache height is one below it. nd->witnessHeight = indexHeight - 1; } // Check the validity of the cache // Technically if there are notes witnessed above the current // height, their cache will now be invalid (relative to the new // value of nWitnessCacheSize). However, this would only occur // during a reindex, and by the time the reindex reaches the tip // of the chain again, the existing witness caches will be valid // again. // We don't set nWitnessCacheSize to zero at the start of the // reindex because the on-disk blocks had already resulted in a // chain that didn't trigger the assertion below. if (nd->witnessHeight < indexHeight) { // Subtract 1 to compare to what nWitnessCacheSize will be after // decrementing. assert((nWitnessCacheSize - 1) >= nd->witnesses.size()); } } } void CWallet::DecrementNoteWitnesses(const CBlockIndex* pindex) { LOCK(cs_wallet); for (std::pair& wtxItem : mapWallet) { ::DecrementNoteWitnesses(wtxItem.second.mapSproutNoteData, pindex->nHeight, nWitnessCacheSize); ::DecrementNoteWitnesses(wtxItem.second.mapSaplingNoteData, pindex->nHeight, nWitnessCacheSize); } nWitnessCacheSize -= 1; // TODO: If nWitnessCache is zero, we need to regenerate the caches (#1302) assert(nWitnessCacheSize > 0); // For performance reasons, we write out the witness cache in // CWallet::SetBestChain() (which also ensures that overall consistency // of the wallet.dat is maintained). } bool CWallet::EncryptWallet(const SecureString& strWalletPassphrase) { if (IsCrypted()) return false; CKeyingMaterial vMasterKey; vMasterKey.resize(WALLET_CRYPTO_KEY_SIZE); GetRandBytes(&vMasterKey[0], WALLET_CRYPTO_KEY_SIZE); CMasterKey kMasterKey; kMasterKey.vchSalt.resize(WALLET_CRYPTO_SALT_SIZE); GetRandBytes(&kMasterKey.vchSalt[0], WALLET_CRYPTO_SALT_SIZE); CCrypter crypter; int64_t nStartTime = GetTimeMillis(); crypter.SetKeyFromPassphrase(strWalletPassphrase, kMasterKey.vchSalt, 25000, kMasterKey.nDerivationMethod); kMasterKey.nDeriveIterations = 2500000 / ((double)(GetTimeMillis() - nStartTime)); nStartTime = GetTimeMillis(); crypter.SetKeyFromPassphrase(strWalletPassphrase, kMasterKey.vchSalt, kMasterKey.nDeriveIterations, kMasterKey.nDerivationMethod); kMasterKey.nDeriveIterations = (kMasterKey.nDeriveIterations + kMasterKey.nDeriveIterations * 100 / ((double)(GetTimeMillis() - nStartTime))) / 2; if (kMasterKey.nDeriveIterations < 25000) kMasterKey.nDeriveIterations = 25000; LogPrintf("Encrypting Wallet with an nDeriveIterations of %i\n", kMasterKey.nDeriveIterations); if (!crypter.SetKeyFromPassphrase(strWalletPassphrase, kMasterKey.vchSalt, kMasterKey.nDeriveIterations, kMasterKey.nDerivationMethod)) return false; if (!crypter.Encrypt(vMasterKey, kMasterKey.vchCryptedKey)) return false; { LOCK(cs_wallet); mapMasterKeys[++nMasterKeyMaxID] = kMasterKey; if (fFileBacked) { assert(!pwalletdbEncryption); pwalletdbEncryption = new CWalletDB(strWalletFile); if (!pwalletdbEncryption->TxnBegin()) { delete pwalletdbEncryption; pwalletdbEncryption = NULL; return false; } pwalletdbEncryption->WriteMasterKey(nMasterKeyMaxID, kMasterKey); } if (!EncryptKeys(vMasterKey)) { if (fFileBacked) { pwalletdbEncryption->TxnAbort(); delete pwalletdbEncryption; } // We now probably have half of our keys encrypted in memory, and half not... // die and let the user reload the unencrypted wallet. assert(false); } // Encryption was introduced in version 0.4.0 SetMinVersion(FEATURE_WALLETCRYPT, pwalletdbEncryption, true); if (fFileBacked) { if (!pwalletdbEncryption->TxnCommit()) { delete pwalletdbEncryption; // We now have keys encrypted in memory, but not on disk... // die to avoid confusion and let the user reload the unencrypted wallet. assert(false); } delete pwalletdbEncryption; pwalletdbEncryption = NULL; } Lock(); Unlock(strWalletPassphrase); NewKeyPool(); Lock(); // Need to completely rewrite the wallet file; if we don't, bdb might keep // bits of the unencrypted private key in slack space in the database file. CDB::Rewrite(strWalletFile); } NotifyStatusChanged(this); return true; } int64_t CWallet::IncOrderPosNext(CWalletDB *pwalletdb) { AssertLockHeld(cs_wallet); // nOrderPosNext int64_t nRet = nOrderPosNext++; if (pwalletdb) { pwalletdb->WriteOrderPosNext(nOrderPosNext); } else { CWalletDB(strWalletFile).WriteOrderPosNext(nOrderPosNext); } return nRet; } CWallet::TxItems CWallet::OrderedTxItems(std::list& acentries, std::string strAccount) { AssertLockHeld(cs_wallet); // mapWallet CWalletDB walletdb(strWalletFile); // First: get all CWalletTx and CAccountingEntry into a sorted-by-order multimap. TxItems txOrdered; // Note: maintaining indices in the database of (account,time) --> txid and (account, time) --> acentry // would make this much faster for applications that do this a lot. for (map::iterator it = mapWallet.begin(); it != mapWallet.end(); ++it) { CWalletTx* wtx = &((*it).second); txOrdered.insert(make_pair(wtx->nOrderPos, TxPair(wtx, (CAccountingEntry*)0))); } acentries.clear(); walletdb.ListAccountCreditDebit(strAccount, acentries); BOOST_FOREACH(CAccountingEntry& entry, acentries) { txOrdered.insert(make_pair(entry.nOrderPos, TxPair((CWalletTx*)0, &entry))); } return txOrdered; } void CWallet::MarkDirty() { { LOCK(cs_wallet); BOOST_FOREACH(PAIRTYPE(const uint256, CWalletTx)& item, mapWallet) item.second.MarkDirty(); } } /** * Ensure that every note in the wallet (for which we possess a spending key) * has a cached nullifier. */ bool CWallet::UpdateNullifierNoteMap() { { LOCK(cs_wallet); if (IsLocked()) return false; ZCNoteDecryption dec; for (std::pair& wtxItem : mapWallet) { for (mapSproutNoteData_t::value_type& item : wtxItem.second.mapSproutNoteData) { if (!item.second.nullifier) { if (GetNoteDecryptor(item.second.address, dec)) { auto i = item.first.js; auto hSig = wtxItem.second.vJoinSplit[i].h_sig( *pzcashParams, wtxItem.second.joinSplitPubKey); item.second.nullifier = GetSproutNoteNullifier( wtxItem.second.vJoinSplit[i], item.second.address, dec, hSig, item.first.n); } } } // TODO: Sapling. This method is only called from RPC walletpassphrase, which is currently unsupported // as RPC encryptwallet is hidden behind two flags: -developerencryptwallet -experimentalfeatures UpdateNullifierNoteMapWithTx(wtxItem.second); } } return true; } /** * Update mapSproutNullifiersToNotes and mapSaplingNullifiersToNotes * with the cached nullifiers in this tx. */ void CWallet::UpdateNullifierNoteMapWithTx(const CWalletTx& wtx) { { LOCK(cs_wallet); for (const mapSproutNoteData_t::value_type& item : wtx.mapSproutNoteData) { if (item.second.nullifier) { mapSproutNullifiersToNotes[*item.second.nullifier] = item.first; } } for (const mapSaplingNoteData_t::value_type& item : wtx.mapSaplingNoteData) { if (item.second.nullifier) { mapSaplingNullifiersToNotes[*item.second.nullifier] = item.first; } } } } /** * Update mapSaplingNullifiersToNotes, computing the nullifier from a cached witness if necessary. */ void CWallet::UpdateSaplingNullifierNoteMapWithTx(CWalletTx& wtx) { LOCK(cs_wallet); for (mapSaplingNoteData_t::value_type &item : wtx.mapSaplingNoteData) { SaplingOutPoint op = item.first; SaplingNoteData nd = item.second; if (nd.witnesses.empty()) { // If there are no witnesses, erase the nullifier and associated mapping. if (item.second.nullifier) { mapSaplingNullifiersToNotes.erase(item.second.nullifier.get()); } item.second.nullifier = boost::none; } else { uint64_t position = nd.witnesses.front().position(); SaplingFullViewingKey fvk = mapSaplingFullViewingKeys.at(nd.ivk); OutputDescription output = wtx.vShieldedOutput[op.n]; auto optPlaintext = SaplingNotePlaintext::decrypt(output.encCiphertext, nd.ivk, output.ephemeralKey, output.cm); if (!optPlaintext) { // An item in mapSaplingNoteData must have already been successfully decrypted, // otherwise the item would not exist in the first place. assert(false); } auto optNote = optPlaintext.get().note(nd.ivk); if (!optNote) { assert(false); } auto optNullifier = optNote.get().nullifier(fvk, position); if (!optNullifier) { // This should not happen. If it does, maybe the position has been corrupted or miscalculated? assert(false); } uint256 nullifier = optNullifier.get(); mapSaplingNullifiersToNotes[nullifier] = op; item.second.nullifier = nullifier; } } } /** * Iterate over transactions in a block and update the cached Sapling nullifiers * for transactions which belong to the wallet. */ void CWallet::UpdateSaplingNullifierNoteMapForBlock(const CBlock *pblock) { LOCK(cs_wallet); for (const CTransaction& tx : pblock->vtx) { auto hash = tx.GetHash(); bool txIsOurs = mapWallet.count(hash); if (txIsOurs) { UpdateSaplingNullifierNoteMapWithTx(mapWallet[hash]); } } } bool CWallet::AddToWallet(const CWalletTx& wtxIn, bool fFromLoadWallet, CWalletDB* pwalletdb) { uint256 hash = wtxIn.GetHash(); if (fFromLoadWallet) { mapWallet[hash] = wtxIn; mapWallet[hash].BindWallet(this); UpdateNullifierNoteMapWithTx(mapWallet[hash]); AddToSpends(hash); } else { LOCK(cs_wallet); // Inserts only if not already there, returns tx inserted or tx found pair::iterator, bool> ret = mapWallet.insert(make_pair(hash, wtxIn)); CWalletTx& wtx = (*ret.first).second; wtx.BindWallet(this); UpdateNullifierNoteMapWithTx(wtx); bool fInsertedNew = ret.second; if (fInsertedNew) { wtx.nTimeReceived = GetAdjustedTime(); wtx.nOrderPos = IncOrderPosNext(pwalletdb); wtx.nTimeSmart = wtx.nTimeReceived; if (!wtxIn.hashBlock.IsNull()) { if (mapBlockIndex.count(wtxIn.hashBlock)) { int64_t latestNow = wtx.nTimeReceived; int64_t latestEntry = 0; { // Tolerate times up to the last timestamp in the wallet not more than 5 minutes into the future int64_t latestTolerated = latestNow + 300; std::list acentries; TxItems txOrdered = OrderedTxItems(acentries); for (TxItems::reverse_iterator it = txOrdered.rbegin(); it != txOrdered.rend(); ++it) { CWalletTx *const pwtx = (*it).second.first; if (pwtx == &wtx) continue; CAccountingEntry *const pacentry = (*it).second.second; int64_t nSmartTime; if (pwtx) { nSmartTime = pwtx->nTimeSmart; if (!nSmartTime) nSmartTime = pwtx->nTimeReceived; } else nSmartTime = pacentry->nTime; if (nSmartTime <= latestTolerated) { latestEntry = nSmartTime; if (nSmartTime > latestNow) latestNow = nSmartTime; break; } } } int64_t blocktime = mapBlockIndex[wtxIn.hashBlock]->GetBlockTime(); wtx.nTimeSmart = std::max(latestEntry, std::min(blocktime, latestNow)); } else LogPrintf("AddToWallet(): found %s in block %s not in index\n", wtxIn.GetHash().ToString(), wtxIn.hashBlock.ToString()); } AddToSpends(hash); } bool fUpdated = false; if (!fInsertedNew) { // Merge if (!wtxIn.hashBlock.IsNull() && wtxIn.hashBlock != wtx.hashBlock) { wtx.hashBlock = wtxIn.hashBlock; fUpdated = true; } if (wtxIn.nIndex != -1 && (wtxIn.vMerkleBranch != wtx.vMerkleBranch || wtxIn.nIndex != wtx.nIndex)) { wtx.vMerkleBranch = wtxIn.vMerkleBranch; wtx.nIndex = wtxIn.nIndex; fUpdated = true; } if (UpdatedNoteData(wtxIn, wtx)) { fUpdated = true; } if (wtxIn.fFromMe && wtxIn.fFromMe != wtx.fFromMe) { wtx.fFromMe = wtxIn.fFromMe; fUpdated = true; } } //// debug print LogPrintf("AddToWallet %s %s%s\n", wtxIn.GetHash().ToString(), (fInsertedNew ? "new" : ""), (fUpdated ? "update" : "")); // Write to disk if (fInsertedNew || fUpdated) if (!wtx.WriteToDisk(pwalletdb)) return false; // Break debit/credit balance caches: wtx.MarkDirty(); // Notify UI of new or updated transaction NotifyTransactionChanged(this, hash, fInsertedNew ? CT_NEW : CT_UPDATED); // notify an external script when a wallet transaction comes in or is updated std::string strCmd = GetArg("-walletnotify", ""); if ( !strCmd.empty()) { boost::replace_all(strCmd, "%s", wtxIn.GetHash().GetHex()); boost::thread t(runCommand, strCmd); // thread runs free } } return true; } bool CWallet::UpdatedNoteData(const CWalletTx& wtxIn, CWalletTx& wtx) { bool unchangedSproutFlag = (wtxIn.mapSproutNoteData.empty() || wtxIn.mapSproutNoteData == wtx.mapSproutNoteData); if (!unchangedSproutFlag) { auto tmp = wtxIn.mapSproutNoteData; // Ensure we keep any cached witnesses we may already have for (const std::pair nd : wtx.mapSproutNoteData) { if (tmp.count(nd.first) && nd.second.witnesses.size() > 0) { tmp.at(nd.first).witnesses.assign( nd.second.witnesses.cbegin(), nd.second.witnesses.cend()); } tmp.at(nd.first).witnessHeight = nd.second.witnessHeight; } // Now copy over the updated note data wtx.mapSproutNoteData = tmp; } bool unchangedSaplingFlag = (wtxIn.mapSaplingNoteData.empty() || wtxIn.mapSaplingNoteData == wtx.mapSaplingNoteData); if (!unchangedSaplingFlag) { auto tmp = wtxIn.mapSaplingNoteData; // Ensure we keep any cached witnesses we may already have for (const std::pair nd : wtx.mapSaplingNoteData) { if (tmp.count(nd.first) && nd.second.witnesses.size() > 0) { tmp.at(nd.first).witnesses.assign( nd.second.witnesses.cbegin(), nd.second.witnesses.cend()); } tmp.at(nd.first).witnessHeight = nd.second.witnessHeight; } // Now copy over the updated note data wtx.mapSaplingNoteData = tmp; } return !unchangedSproutFlag || !unchangedSaplingFlag; } /** * Add a transaction to the wallet, or update it. * pblock is optional, but should be provided if the transaction is known to be in a block. * If fUpdate is true, existing transactions will be updated. */ bool CWallet::AddToWalletIfInvolvingMe(const CTransaction& tx, const CBlock* pblock, bool fUpdate) { { AssertLockHeld(cs_wallet); bool fExisted = mapWallet.count(tx.GetHash()) != 0; if (fExisted && !fUpdate) return false; auto sproutNoteData = FindMySproutNotes(tx); auto saplingNoteDataAndAddressesToAdd = FindMySaplingNotes(tx); auto saplingNoteData = saplingNoteDataAndAddressesToAdd.first; auto addressesToAdd = saplingNoteDataAndAddressesToAdd.second; for (const auto &addressToAdd : addressesToAdd) { if (!AddSaplingIncomingViewingKey(addressToAdd.second, addressToAdd.first)) { return false; } } if (fExisted || IsMine(tx) || IsFromMe(tx) || sproutNoteData.size() > 0 || saplingNoteData.size() > 0) { CWalletTx wtx(this,tx); if (sproutNoteData.size() > 0) { wtx.SetSproutNoteData(sproutNoteData); } if (saplingNoteData.size() > 0) { wtx.SetSaplingNoteData(saplingNoteData); } // Get merkle branch if transaction was found in a block if (pblock) wtx.SetMerkleBranch(*pblock); // Do not flush the wallet here for performance reasons // this is safe, as in case of a crash, we rescan the necessary blocks on startup through our SetBestChain-mechanism CWalletDB walletdb(strWalletFile, "r+", false); return AddToWallet(wtx, false, &walletdb); } } return false; } void CWallet::SyncTransaction(const CTransaction& tx, const CBlock* pblock) { LOCK2(cs_main, cs_wallet); if (!AddToWalletIfInvolvingMe(tx, pblock, true)) return; // Not one of ours MarkAffectedTransactionsDirty(tx); } void CWallet::MarkAffectedTransactionsDirty(const CTransaction& tx) { // If a transaction changes 'conflicted' state, that changes the balance // available of the outputs it spends. So force those to be // recomputed, also: BOOST_FOREACH(const CTxIn& txin, tx.vin) { if (mapWallet.count(txin.prevout.hash)) mapWallet[txin.prevout.hash].MarkDirty(); } for (const JSDescription& jsdesc : tx.vJoinSplit) { for (const uint256& nullifier : jsdesc.nullifiers) { if (mapSproutNullifiersToNotes.count(nullifier) && mapWallet.count(mapSproutNullifiersToNotes[nullifier].hash)) { mapWallet[mapSproutNullifiersToNotes[nullifier].hash].MarkDirty(); } } } for (const SpendDescription &spend : tx.vShieldedSpend) { uint256 nullifier = spend.nullifier; if (mapSaplingNullifiersToNotes.count(nullifier) && mapWallet.count(mapSaplingNullifiersToNotes[nullifier].hash)) { mapWallet[mapSaplingNullifiersToNotes[nullifier].hash].MarkDirty(); } } } void CWallet::EraseFromWallet(const uint256 &hash) { if (!fFileBacked) return; { LOCK(cs_wallet); if (mapWallet.erase(hash)) CWalletDB(strWalletFile).EraseTx(hash); } return; } /** * Returns a nullifier if the SpendingKey is available * Throws std::runtime_error if the decryptor doesn't match this note */ boost::optional CWallet::GetSproutNoteNullifier(const JSDescription &jsdesc, const libzcash::SproutPaymentAddress &address, const ZCNoteDecryption &dec, const uint256 &hSig, uint8_t n) const { boost::optional ret; auto note_pt = libzcash::SproutNotePlaintext::decrypt( dec, jsdesc.ciphertexts[n], jsdesc.ephemeralKey, hSig, (unsigned char) n); auto note = note_pt.note(address); // Check note plaintext against note commitment if (note.cm() != jsdesc.commitments[n]) { throw libzcash::note_decryption_failed(); } // SpendingKeys are only available if: // - We have them (this isn't a viewing key) // - The wallet is unlocked libzcash::SproutSpendingKey key; if (GetSproutSpendingKey(address, key)) { ret = note.nullifier(key); } return ret; } /** * Finds all output notes in the given transaction that have been sent to * PaymentAddresses in this wallet. * * It should never be necessary to call this method with a CWalletTx, because * the result of FindMySproutNotes (for the addresses available at the time) will * already have been cached in CWalletTx.mapSproutNoteData. */ mapSproutNoteData_t CWallet::FindMySproutNotes(const CTransaction &tx) const { LOCK(cs_SpendingKeyStore); uint256 hash = tx.GetHash(); mapSproutNoteData_t noteData; for (size_t i = 0; i < tx.vJoinSplit.size(); i++) { auto hSig = tx.vJoinSplit[i].h_sig(*pzcashParams, tx.joinSplitPubKey); for (uint8_t j = 0; j < tx.vJoinSplit[i].ciphertexts.size(); j++) { for (const NoteDecryptorMap::value_type& item : mapNoteDecryptors) { try { auto address = item.first; JSOutPoint jsoutpt {hash, i, j}; auto nullifier = GetSproutNoteNullifier( tx.vJoinSplit[i], address, item.second, hSig, j); if (nullifier) { SproutNoteData nd {address, *nullifier}; noteData.insert(std::make_pair(jsoutpt, nd)); } else { SproutNoteData nd {address}; noteData.insert(std::make_pair(jsoutpt, nd)); } break; } catch (const note_decryption_failed &err) { // Couldn't decrypt with this decryptor } catch (const std::exception &exc) { // Unexpected failure LogPrintf("FindMySproutNotes(): Unexpected error while testing decrypt:\n"); LogPrintf("%s\n", exc.what()); } } } } return noteData; } /** * Finds all output notes in the given transaction that have been sent to * SaplingPaymentAddresses in this wallet. * * It should never be necessary to call this method with a CWalletTx, because * the result of FindMySaplingNotes (for the addresses available at the time) will * already have been cached in CWalletTx.mapSaplingNoteData. */ std::pair CWallet::FindMySaplingNotes(const CTransaction &tx) const { LOCK(cs_SpendingKeyStore); uint256 hash = tx.GetHash(); mapSaplingNoteData_t noteData; SaplingIncomingViewingKeyMap viewingKeysToAdd; // Protocol Spec: 4.19 Block Chain Scanning (Sapling) for (uint32_t i = 0; i < tx.vShieldedOutput.size(); ++i) { const OutputDescription output = tx.vShieldedOutput[i]; for (auto it = mapSaplingFullViewingKeys.begin(); it != mapSaplingFullViewingKeys.end(); ++it) { SaplingIncomingViewingKey ivk = it->first; auto result = SaplingNotePlaintext::decrypt(output.encCiphertext, ivk, output.ephemeralKey, output.cm); if (!result) { continue; } auto address = ivk.address(result.get().d); if (address && mapSaplingIncomingViewingKeys.count(address.get()) == 0) { viewingKeysToAdd[address.get()] = ivk; } // We don't cache the nullifier here as computing it requires knowledge of the note position // in the commitment tree, which can only be determined when the transaction has been mined. SaplingOutPoint op {hash, i}; SaplingNoteData nd; nd.ivk = ivk; noteData.insert(std::make_pair(op, nd)); break; } } return std::make_pair(noteData, viewingKeysToAdd); } bool CWallet::IsSproutNullifierFromMe(const uint256& nullifier) const { { LOCK(cs_wallet); if (mapSproutNullifiersToNotes.count(nullifier) && mapWallet.count(mapSproutNullifiersToNotes.at(nullifier).hash)) { return true; } } return false; } bool CWallet::IsSaplingNullifierFromMe(const uint256& nullifier) const { { LOCK(cs_wallet); if (mapSaplingNullifiersToNotes.count(nullifier) && mapWallet.count(mapSaplingNullifiersToNotes.at(nullifier).hash)) { return true; } } return false; } void CWallet::GetSproutNoteWitnesses(std::vector notes, std::vector>& witnesses, uint256 &final_anchor) { LOCK(cs_wallet); witnesses.resize(notes.size()); boost::optional rt; int i = 0; for (JSOutPoint note : notes) { if (mapWallet.count(note.hash) && mapWallet[note.hash].mapSproutNoteData.count(note) && mapWallet[note.hash].mapSproutNoteData[note].witnesses.size() > 0) { witnesses[i] = mapWallet[note.hash].mapSproutNoteData[note].witnesses.front(); if (!rt) { rt = witnesses[i]->root(); } else { assert(*rt == witnesses[i]->root()); } } i++; } // All returned witnesses have the same anchor if (rt) { final_anchor = *rt; } } void CWallet::GetSaplingNoteWitnesses(std::vector notes, std::vector>& witnesses, uint256 &final_anchor) { LOCK(cs_wallet); witnesses.resize(notes.size()); boost::optional rt; int i = 0; for (SaplingOutPoint note : notes) { if (mapWallet.count(note.hash) && mapWallet[note.hash].mapSaplingNoteData.count(note) && mapWallet[note.hash].mapSaplingNoteData[note].witnesses.size() > 0) { witnesses[i] = mapWallet[note.hash].mapSaplingNoteData[note].witnesses.front(); if (!rt) { rt = witnesses[i]->root(); } else { assert(*rt == witnesses[i]->root()); } } i++; } // All returned witnesses have the same anchor if (rt) { final_anchor = *rt; } } isminetype CWallet::IsMine(const CTxIn &txin) const { { LOCK(cs_wallet); map::const_iterator mi = mapWallet.find(txin.prevout.hash); if (mi != mapWallet.end()) { const CWalletTx& prev = (*mi).second; if (txin.prevout.n < prev.vout.size()) return IsMine(prev.vout[txin.prevout.n]); } } return ISMINE_NO; } CAmount CWallet::GetDebit(const CTxIn &txin, const isminefilter& filter) const { { LOCK(cs_wallet); map::const_iterator mi = mapWallet.find(txin.prevout.hash); if (mi != mapWallet.end()) { const CWalletTx& prev = (*mi).second; if (txin.prevout.n < prev.vout.size()) if (IsMine(prev.vout[txin.prevout.n]) & filter) return prev.vout[txin.prevout.n].nValue; } } return 0; } isminetype CWallet::IsMine(const CTxOut& txout) const { return ::IsMine(*this, txout.scriptPubKey); } CAmount CWallet::GetCredit(const CTxOut& txout, const isminefilter& filter) const { if (!MoneyRange(txout.nValue)) throw std::runtime_error("CWallet::GetCredit(): value out of range"); return ((IsMine(txout) & filter) ? txout.nValue : 0); } bool CWallet::IsChange(const CTxOut& txout) const { // TODO: fix handling of 'change' outputs. The assumption is that any // payment to a script that is ours, but is not in the address book // is change. That assumption is likely to break when we implement multisignature // wallets that return change back into a multi-signature-protected address; // a better way of identifying which outputs are 'the send' and which are // 'the change' will need to be implemented (maybe extend CWalletTx to remember // which output, if any, was change). if (::IsMine(*this, txout.scriptPubKey)) { CTxDestination address; if (!ExtractDestination(txout.scriptPubKey, address)) return true; LOCK(cs_wallet); if (!mapAddressBook.count(address)) return true; } return false; } CAmount CWallet::GetChange(const CTxOut& txout) const { if (!MoneyRange(txout.nValue)) throw std::runtime_error("CWallet::GetChange(): value out of range"); return (IsChange(txout) ? txout.nValue : 0); } bool CWallet::IsMine(const CTransaction& tx) const { BOOST_FOREACH(const CTxOut& txout, tx.vout) if (IsMine(txout)) return true; return false; } bool CWallet::IsFromMe(const CTransaction& tx) const { if (GetDebit(tx, ISMINE_ALL) > 0) { return true; } for (const JSDescription& jsdesc : tx.vJoinSplit) { for (const uint256& nullifier : jsdesc.nullifiers) { if (IsSproutNullifierFromMe(nullifier)) { return true; } } } for (const SpendDescription &spend : tx.vShieldedSpend) { if (IsSaplingNullifierFromMe(spend.nullifier)) { return true; } } return false; } CAmount CWallet::GetDebit(const CTransaction& tx, const isminefilter& filter) const { CAmount nDebit = 0; BOOST_FOREACH(const CTxIn& txin, tx.vin) { nDebit += GetDebit(txin, filter); if (!MoneyRange(nDebit)) throw std::runtime_error("CWallet::GetDebit(): value out of range"); } return nDebit; } CAmount CWallet::GetCredit(const CTransaction& tx, const isminefilter& filter) const { CAmount nCredit = 0; BOOST_FOREACH(const CTxOut& txout, tx.vout) { nCredit += GetCredit(txout, filter); if (!MoneyRange(nCredit)) throw std::runtime_error("CWallet::GetCredit(): value out of range"); } return nCredit; } CAmount CWallet::GetChange(const CTransaction& tx) const { CAmount nChange = 0; BOOST_FOREACH(const CTxOut& txout, tx.vout) { nChange += GetChange(txout); if (!MoneyRange(nChange)) throw std::runtime_error("CWallet::GetChange(): value out of range"); } return nChange; } bool CWallet::IsHDFullyEnabled() const { // Only Sapling addresses are HD for now return false; } void CWallet::GenerateNewSeed() { LOCK(cs_wallet); auto seed = HDSeed::Random(HD_WALLET_SEED_LENGTH); int64_t nCreationTime = GetTime(); // If the wallet is encrypted and locked, this will fail. if (!SetHDSeed(seed)) throw std::runtime_error(std::string(__func__) + ": SetHDSeed failed"); // store the key creation time together with // the child index counter in the database // as a hdchain object CHDChain newHdChain; newHdChain.nVersion = CHDChain::VERSION_HD_BASE; newHdChain.seedFp = seed.Fingerprint(); newHdChain.nCreateTime = nCreationTime; SetHDChain(newHdChain, false); } bool CWallet::SetHDSeed(const HDSeed& seed) { if (!CCryptoKeyStore::SetHDSeed(seed)) { return false; } if (!fFileBacked) { return true; } { LOCK(cs_wallet); if (!IsCrypted()) { return CWalletDB(strWalletFile).WriteHDSeed(seed); } } return true; } bool CWallet::SetCryptedHDSeed(const uint256& seedFp, const std::vector &vchCryptedSecret) { if (!CCryptoKeyStore::SetCryptedHDSeed(seedFp, vchCryptedSecret)) { return false; } if (!fFileBacked) { return true; } { LOCK(cs_wallet); if (pwalletdbEncryption) return pwalletdbEncryption->WriteCryptedHDSeed(seedFp, vchCryptedSecret); else return CWalletDB(strWalletFile).WriteCryptedHDSeed(seedFp, vchCryptedSecret); } return false; } HDSeed CWallet::GetHDSeedForRPC() const { HDSeed seed; if (!pwalletMain->GetHDSeed(seed)) { throw JSONRPCError(RPC_WALLET_ERROR, "HD seed not found"); } return seed; } void CWallet::SetHDChain(const CHDChain& chain, bool memonly) { LOCK(cs_wallet); if (!memonly && fFileBacked && !CWalletDB(strWalletFile).WriteHDChain(chain)) throw std::runtime_error(std::string(__func__) + ": writing chain failed"); hdChain = chain; } bool CWallet::LoadHDSeed(const HDSeed& seed) { return CBasicKeyStore::SetHDSeed(seed); } bool CWallet::LoadCryptedHDSeed(const uint256& seedFp, const std::vector& seed) { return CCryptoKeyStore::SetCryptedHDSeed(seedFp, seed); } void CWalletTx::SetSproutNoteData(mapSproutNoteData_t ¬eData) { mapSproutNoteData.clear(); for (const std::pair nd : noteData) { if (nd.first.js < vJoinSplit.size() && nd.first.n < vJoinSplit[nd.first.js].ciphertexts.size()) { // Store the address and nullifier for the Note mapSproutNoteData[nd.first] = nd.second; } else { // If FindMySproutNotes() was used to obtain noteData, // this should never happen throw std::logic_error("CWalletTx::SetSproutNoteData(): Invalid note"); } } } void CWalletTx::SetSaplingNoteData(mapSaplingNoteData_t ¬eData) { mapSaplingNoteData.clear(); for (const std::pair nd : noteData) { if (nd.first.n < vShieldedOutput.size()) { mapSaplingNoteData[nd.first] = nd.second; } else { throw std::logic_error("CWalletTx::SetSaplingNoteData(): Invalid note"); } } } int64_t CWalletTx::GetTxTime() const { int64_t n = nTimeSmart; return n ? n : nTimeReceived; } int CWalletTx::GetRequestCount() const { // Returns -1 if it wasn't being tracked int nRequests = -1; { LOCK(pwallet->cs_wallet); if (IsCoinBase()) { // Generated block if (!hashBlock.IsNull()) { map::const_iterator mi = pwallet->mapRequestCount.find(hashBlock); if (mi != pwallet->mapRequestCount.end()) nRequests = (*mi).second; } } else { // Did anyone request this transaction? map::const_iterator mi = pwallet->mapRequestCount.find(GetHash()); if (mi != pwallet->mapRequestCount.end()) { nRequests = (*mi).second; // How about the block it's in? if (nRequests == 0 && !hashBlock.IsNull()) { map::const_iterator mi = pwallet->mapRequestCount.find(hashBlock); if (mi != pwallet->mapRequestCount.end()) nRequests = (*mi).second; else nRequests = 1; // If it's in someone else's block it must have got out } } } } return nRequests; } // GetAmounts will determine the transparent debits and credits for a given wallet tx. void CWalletTx::GetAmounts(list& listReceived, list& listSent, CAmount& nFee, string& strSentAccount, const isminefilter& filter) const { nFee = 0; listReceived.clear(); listSent.clear(); strSentAccount = strFromAccount; // Is this tx sent/signed by me? CAmount nDebit = GetDebit(filter); bool isFromMyTaddr = nDebit > 0; // debit>0 means we signed/sent this transaction // Compute fee if we sent this transaction. if (isFromMyTaddr) { CAmount nValueOut = GetValueOut(); // transparent outputs plus all Sprout vpub_old and negative Sapling valueBalance CAmount nValueIn = GetShieldedValueIn(); nFee = nDebit - nValueOut + nValueIn; } // Create output entry for vpub_old/new, if we sent utxos from this transaction if (isFromMyTaddr) { CAmount myVpubOld = 0; CAmount myVpubNew = 0; for (const JSDescription& js : vJoinSplit) { bool fMyJSDesc = false; // Check input side for (const uint256& nullifier : js.nullifiers) { if (pwallet->IsSproutNullifierFromMe(nullifier)) { fMyJSDesc = true; break; } } // Check output side if (!fMyJSDesc) { for (const std::pair nd : this->mapSproutNoteData) { if (nd.first.js < vJoinSplit.size() && nd.first.n < vJoinSplit[nd.first.js].ciphertexts.size()) { fMyJSDesc = true; break; } } } if (fMyJSDesc) { myVpubOld += js.vpub_old; myVpubNew += js.vpub_new; } if (!MoneyRange(js.vpub_old) || !MoneyRange(js.vpub_new) || !MoneyRange(myVpubOld) || !MoneyRange(myVpubNew)) { throw std::runtime_error("CWalletTx::GetAmounts: value out of range"); } } // Create an output for the value taken from or added to the transparent value pool by JoinSplits if (myVpubOld > myVpubNew) { COutputEntry output = {CNoDestination(), myVpubOld - myVpubNew, (int)vout.size()}; listSent.push_back(output); } else if (myVpubNew > myVpubOld) { COutputEntry output = {CNoDestination(), myVpubNew - myVpubOld, (int)vout.size()}; listReceived.push_back(output); } } // If we sent utxos from this transaction, create output for value taken from (negative valueBalance) // or added (positive valueBalance) to the transparent value pool by Sapling shielding and unshielding. if (isFromMyTaddr) { if (valueBalance < 0) { COutputEntry output = {CNoDestination(), -valueBalance, (int) vout.size()}; listSent.push_back(output); } else if (valueBalance > 0) { COutputEntry output = {CNoDestination(), valueBalance, (int) vout.size()}; listReceived.push_back(output); } } // Sent/received. for (unsigned int i = 0; i < vout.size(); ++i) { const CTxOut& txout = vout[i]; isminetype fIsMine = pwallet->IsMine(txout); // Only need to handle txouts if AT LEAST one of these is true: // 1) they debit from us (sent) // 2) the output is to us (received) if (nDebit > 0) { // Don't report 'change' txouts if (pwallet->IsChange(txout)) continue; } else if (!(fIsMine & filter)) continue; // In either case, we need to get the destination address CTxDestination address; if (!ExtractDestination(txout.scriptPubKey, address)) { LogPrintf("CWalletTx::GetAmounts: Unknown transaction type found, txid %s\n", this->GetHash().ToString()); address = CNoDestination(); } COutputEntry output = {address, txout.nValue, (int)i}; // If we are debited by the transaction, add the output as a "sent" entry if (nDebit > 0) listSent.push_back(output); // If we are receiving the output, add it as a "received" entry if (fIsMine & filter) listReceived.push_back(output); } } void CWalletTx::GetAccountAmounts(const string& strAccount, CAmount& nReceived, CAmount& nSent, CAmount& nFee, const isminefilter& filter) const { nReceived = nSent = nFee = 0; CAmount allFee; string strSentAccount; list listReceived; list listSent; GetAmounts(listReceived, listSent, allFee, strSentAccount, filter); if (strAccount == strSentAccount) { BOOST_FOREACH(const COutputEntry& s, listSent) nSent += s.amount; nFee = allFee; } { LOCK(pwallet->cs_wallet); BOOST_FOREACH(const COutputEntry& r, listReceived) { if (pwallet->mapAddressBook.count(r.destination)) { map::const_iterator mi = pwallet->mapAddressBook.find(r.destination); if (mi != pwallet->mapAddressBook.end() && (*mi).second.name == strAccount) nReceived += r.amount; } else if (strAccount.empty()) { nReceived += r.amount; } } } } bool CWalletTx::WriteToDisk(CWalletDB *pwalletdb) { return pwalletdb->WriteTx(GetHash(), *this); } void CWallet::WitnessNoteCommitment(std::vector commitments, std::vector>& witnesses, uint256 &final_anchor) { witnesses.resize(commitments.size()); CBlockIndex* pindex = chainActive.Genesis(); SproutMerkleTree tree; while (pindex) { CBlock block; ReadBlockFromDisk(block, pindex, Params().GetConsensus()); BOOST_FOREACH(const CTransaction& tx, block.vtx) { BOOST_FOREACH(const JSDescription& jsdesc, tx.vJoinSplit) { BOOST_FOREACH(const uint256 ¬e_commitment, jsdesc.commitments) { tree.append(note_commitment); BOOST_FOREACH(boost::optional& wit, witnesses) { if (wit) { wit->append(note_commitment); } } size_t i = 0; BOOST_FOREACH(uint256& commitment, commitments) { if (note_commitment == commitment) { witnesses.at(i) = tree.witness(); } i++; } } } } uint256 current_anchor = tree.root(); // Consistency check: we should be able to find the current tree // in our CCoins view. SproutMerkleTree dummy_tree; assert(pcoinsTip->GetSproutAnchorAt(current_anchor, dummy_tree)); pindex = chainActive.Next(pindex); } // TODO: #93; Select a root via some heuristic. final_anchor = tree.root(); BOOST_FOREACH(boost::optional& wit, witnesses) { if (wit) { assert(final_anchor == wit->root()); } } } /** * Scan the block chain (starting in pindexStart) for transactions * from or to us. If fUpdate is true, found transactions that already * exist in the wallet will be updated. */ int CWallet::ScanForWalletTransactions(CBlockIndex* pindexStart, bool fUpdate) { int ret = 0; int64_t nNow = GetTime(); const CChainParams& chainParams = Params(); CBlockIndex* pindex = pindexStart; std::vector myTxHashes; { LOCK2(cs_main, cs_wallet); // no need to read and scan block, if block was created before // our wallet birthday (as adjusted for block time variability) while (pindex && nTimeFirstKey && (pindex->GetBlockTime() < (nTimeFirstKey - 7200))) pindex = chainActive.Next(pindex); ShowProgress(_("Rescanning..."), 0); // show rescan progress in GUI as dialog or on splashscreen, if -rescan on startup double dProgressStart = Checkpoints::GuessVerificationProgress(chainParams.Checkpoints(), pindex, false); double dProgressTip = Checkpoints::GuessVerificationProgress(chainParams.Checkpoints(), chainActive.Tip(), false); while (pindex) { if (pindex->nHeight % 100 == 0 && dProgressTip - dProgressStart > 0.0) ShowProgress(_("Rescanning..."), std::max(1, std::min(99, (int)((Checkpoints::GuessVerificationProgress(chainParams.Checkpoints(), pindex, false) - dProgressStart) / (dProgressTip - dProgressStart) * 100)))); CBlock block; ReadBlockFromDisk(block, pindex, Params().GetConsensus()); BOOST_FOREACH(CTransaction& tx, block.vtx) { if (AddToWalletIfInvolvingMe(tx, &block, fUpdate)) { myTxHashes.push_back(tx.GetHash()); ret++; } } SproutMerkleTree sproutTree; SaplingMerkleTree saplingTree; // This should never fail: we should always be able to get the tree // state on the path to the tip of our chain assert(pcoinsTip->GetSproutAnchorAt(pindex->hashSproutAnchor, sproutTree)); if (pindex->pprev) { if (NetworkUpgradeActive(pindex->pprev->nHeight, Params().GetConsensus(), Consensus::UPGRADE_SAPLING)) { assert(pcoinsTip->GetSaplingAnchorAt(pindex->pprev->hashFinalSaplingRoot, saplingTree)); } } // Increment note witness caches ChainTipAdded(pindex, &block, sproutTree, saplingTree); pindex = chainActive.Next(pindex); if (GetTime() >= nNow + 60) { nNow = GetTime(); LogPrintf("Still rescanning. At block %d. Progress=%f\n", pindex->nHeight, Checkpoints::GuessVerificationProgress(chainParams.Checkpoints(), pindex)); } } // After rescanning, persist Sapling note data that might have changed, e.g. nullifiers. // Do not flush the wallet here for performance reasons. CWalletDB walletdb(strWalletFile, "r+", false); for (auto hash : myTxHashes) { CWalletTx wtx = mapWallet[hash]; if (!wtx.mapSaplingNoteData.empty()) { if (!wtx.WriteToDisk(&walletdb)) { LogPrintf("Rescanning... WriteToDisk failed to update Sapling note data for: %s\n", hash.ToString()); } } } ShowProgress(_("Rescanning..."), 100); // hide progress dialog in GUI } return ret; } void CWallet::ReacceptWalletTransactions() { // If transactions aren't being broadcasted, don't let them into local mempool either if (!fBroadcastTransactions) return; LOCK2(cs_main, cs_wallet); std::map mapSorted; // Sort pending wallet transactions based on their initial wallet insertion order BOOST_FOREACH(PAIRTYPE(const uint256, CWalletTx)& item, mapWallet) { const uint256& wtxid = item.first; CWalletTx& wtx = item.second; assert(wtx.GetHash() == wtxid); int nDepth = wtx.GetDepthInMainChain(); if (!wtx.IsCoinBase() && nDepth < 0) { mapSorted.insert(std::make_pair(wtx.nOrderPos, &wtx)); } } // Try to add wallet transactions to memory pool BOOST_FOREACH(PAIRTYPE(const int64_t, CWalletTx*)& item, mapSorted) { CWalletTx& wtx = *(item.second); LOCK(mempool.cs); wtx.AcceptToMemoryPool(false); } } bool CWalletTx::RelayWalletTransaction() { assert(pwallet->GetBroadcastTransactions()); if (!IsCoinBase()) { if (GetDepthInMainChain() == 0) { LogPrintf("Relaying wtx %s\n", GetHash().ToString()); RelayTransaction((CTransaction)*this); return true; } } return false; } set CWalletTx::GetConflicts() const { set result; if (pwallet != NULL) { uint256 myHash = GetHash(); result = pwallet->GetConflicts(myHash); result.erase(myHash); } return result; } CAmount CWalletTx::GetDebit(const isminefilter& filter) const { if (vin.empty()) return 0; CAmount debit = 0; if(filter & ISMINE_SPENDABLE) { if (fDebitCached) debit += nDebitCached; else { nDebitCached = pwallet->GetDebit(*this, ISMINE_SPENDABLE); fDebitCached = true; debit += nDebitCached; } } if(filter & ISMINE_WATCH_ONLY) { if(fWatchDebitCached) debit += nWatchDebitCached; else { nWatchDebitCached = pwallet->GetDebit(*this, ISMINE_WATCH_ONLY); fWatchDebitCached = true; debit += nWatchDebitCached; } } return debit; } CAmount CWalletTx::GetCredit(const isminefilter& filter) const { // Must wait until coinbase is safely deep enough in the chain before valuing it if (IsCoinBase() && GetBlocksToMaturity() > 0) return 0; int64_t credit = 0; if (filter & ISMINE_SPENDABLE) { // GetBalance can assume transactions in mapWallet won't change if (fCreditCached) credit += nCreditCached; else { nCreditCached = pwallet->GetCredit(*this, ISMINE_SPENDABLE); fCreditCached = true; credit += nCreditCached; } } if (filter & ISMINE_WATCH_ONLY) { if (fWatchCreditCached) credit += nWatchCreditCached; else { nWatchCreditCached = pwallet->GetCredit(*this, ISMINE_WATCH_ONLY); fWatchCreditCached = true; credit += nWatchCreditCached; } } return credit; } CAmount CWalletTx::GetImmatureCredit(bool fUseCache) const { if (IsCoinBase() && GetBlocksToMaturity() > 0 && IsInMainChain()) { if (fUseCache && fImmatureCreditCached) return nImmatureCreditCached; nImmatureCreditCached = pwallet->GetCredit(*this, ISMINE_SPENDABLE); fImmatureCreditCached = true; return nImmatureCreditCached; } return 0; } CAmount CWalletTx::GetAvailableCredit(bool fUseCache) const { if (pwallet == 0) return 0; // Must wait until coinbase is safely deep enough in the chain before valuing it if (IsCoinBase() && GetBlocksToMaturity() > 0) return 0; if (fUseCache && fAvailableCreditCached) return nAvailableCreditCached; CAmount nCredit = 0; uint256 hashTx = GetHash(); for (unsigned int i = 0; i < vout.size(); i++) { if (!pwallet->IsSpent(hashTx, i)) { const CTxOut &txout = vout[i]; nCredit += pwallet->GetCredit(txout, ISMINE_SPENDABLE); if (!MoneyRange(nCredit)) throw std::runtime_error("CWalletTx::GetAvailableCredit() : value out of range"); } } nAvailableCreditCached = nCredit; fAvailableCreditCached = true; return nCredit; } CAmount CWalletTx::GetImmatureWatchOnlyCredit(const bool& fUseCache) const { if (IsCoinBase() && GetBlocksToMaturity() > 0 && IsInMainChain()) { if (fUseCache && fImmatureWatchCreditCached) return nImmatureWatchCreditCached; nImmatureWatchCreditCached = pwallet->GetCredit(*this, ISMINE_WATCH_ONLY); fImmatureWatchCreditCached = true; return nImmatureWatchCreditCached; } return 0; } CAmount CWalletTx::GetAvailableWatchOnlyCredit(const bool& fUseCache) const { if (pwallet == 0) return 0; // Must wait until coinbase is safely deep enough in the chain before valuing it if (IsCoinBase() && GetBlocksToMaturity() > 0) return 0; if (fUseCache && fAvailableWatchCreditCached) return nAvailableWatchCreditCached; CAmount nCredit = 0; for (unsigned int i = 0; i < vout.size(); i++) { if (!pwallet->IsSpent(GetHash(), i)) { const CTxOut &txout = vout[i]; nCredit += pwallet->GetCredit(txout, ISMINE_WATCH_ONLY); if (!MoneyRange(nCredit)) throw std::runtime_error("CWalletTx::GetAvailableCredit() : value out of range"); } } nAvailableWatchCreditCached = nCredit; fAvailableWatchCreditCached = true; return nCredit; } CAmount CWalletTx::GetChange() const { if (fChangeCached) return nChangeCached; nChangeCached = pwallet->GetChange(*this); fChangeCached = true; return nChangeCached; } bool CWalletTx::IsTrusted() const { // Quick answer in most cases if (!CheckFinalTx(*this)) return false; int nDepth = GetDepthInMainChain(); if (nDepth >= 1) return true; if (nDepth < 0) return false; if (!bSpendZeroConfChange || !IsFromMe(ISMINE_ALL)) // using wtx's cached debit return false; // Trusted if all inputs are from us and are in the mempool: BOOST_FOREACH(const CTxIn& txin, vin) { // Transactions not sent by us: not trusted const CWalletTx* parent = pwallet->GetWalletTx(txin.prevout.hash); if (parent == NULL) return false; const CTxOut& parentOut = parent->vout[txin.prevout.n]; if (pwallet->IsMine(parentOut) != ISMINE_SPENDABLE) return false; } return true; } std::vector CWallet::ResendWalletTransactionsBefore(int64_t nTime) { std::vector result; LOCK(cs_wallet); // Sort them in chronological order multimap mapSorted; BOOST_FOREACH(PAIRTYPE(const uint256, CWalletTx)& item, mapWallet) { CWalletTx& wtx = item.second; // Don't rebroadcast if newer than nTime: if (wtx.nTimeReceived > nTime) continue; mapSorted.insert(make_pair(wtx.nTimeReceived, &wtx)); } BOOST_FOREACH(PAIRTYPE(const unsigned int, CWalletTx*)& item, mapSorted) { CWalletTx& wtx = *item.second; if (wtx.RelayWalletTransaction()) result.push_back(wtx.GetHash()); } return result; } void CWallet::ResendWalletTransactions(int64_t nBestBlockTime) { // Do this infrequently and randomly to avoid giving away // that these are our transactions. if (GetTime() < nNextResend || !fBroadcastTransactions) return; bool fFirst = (nNextResend == 0); nNextResend = GetTime() + GetRand(30 * 60); if (fFirst) return; // Only do it if there's been a new block since last time if (nBestBlockTime < nLastResend) return; nLastResend = GetTime(); // Rebroadcast unconfirmed txes older than 5 minutes before the last // block was found: std::vector relayed = ResendWalletTransactionsBefore(nBestBlockTime-5*60); if (!relayed.empty()) LogPrintf("%s: rebroadcast %u unconfirmed transactions\n", __func__, relayed.size()); } /** @} */ // end of mapWallet /** @defgroup Actions * * @{ */ CAmount CWallet::GetBalance() const { CAmount nTotal = 0; { LOCK2(cs_main, cs_wallet); for (map::const_iterator it = mapWallet.begin(); it != mapWallet.end(); ++it) { const CWalletTx* pcoin = &(*it).second; if (pcoin->IsTrusted()) nTotal += pcoin->GetAvailableCredit(); } } return nTotal; } CAmount CWallet::GetUnconfirmedBalance() const { CAmount nTotal = 0; { LOCK2(cs_main, cs_wallet); for (map::const_iterator it = mapWallet.begin(); it != mapWallet.end(); ++it) { const CWalletTx* pcoin = &(*it).second; if (!CheckFinalTx(*pcoin) || (!pcoin->IsTrusted() && pcoin->GetDepthInMainChain() == 0)) nTotal += pcoin->GetAvailableCredit(); } } return nTotal; } CAmount CWallet::GetImmatureBalance() const { CAmount nTotal = 0; { LOCK2(cs_main, cs_wallet); for (map::const_iterator it = mapWallet.begin(); it != mapWallet.end(); ++it) { const CWalletTx* pcoin = &(*it).second; nTotal += pcoin->GetImmatureCredit(); } } return nTotal; } CAmount CWallet::GetWatchOnlyBalance() const { CAmount nTotal = 0; { LOCK2(cs_main, cs_wallet); for (map::const_iterator it = mapWallet.begin(); it != mapWallet.end(); ++it) { const CWalletTx* pcoin = &(*it).second; if (pcoin->IsTrusted()) nTotal += pcoin->GetAvailableWatchOnlyCredit(); } } return nTotal; } CAmount CWallet::GetUnconfirmedWatchOnlyBalance() const { CAmount nTotal = 0; { LOCK2(cs_main, cs_wallet); for (map::const_iterator it = mapWallet.begin(); it != mapWallet.end(); ++it) { const CWalletTx* pcoin = &(*it).second; if (!CheckFinalTx(*pcoin) || (!pcoin->IsTrusted() && pcoin->GetDepthInMainChain() == 0)) nTotal += pcoin->GetAvailableWatchOnlyCredit(); } } return nTotal; } CAmount CWallet::GetImmatureWatchOnlyBalance() const { CAmount nTotal = 0; { LOCK2(cs_main, cs_wallet); for (map::const_iterator it = mapWallet.begin(); it != mapWallet.end(); ++it) { const CWalletTx* pcoin = &(*it).second; nTotal += pcoin->GetImmatureWatchOnlyCredit(); } } return nTotal; } /** * populate vCoins with vector of available COutputs. */ void CWallet::AvailableCoins(vector& vCoins, bool fOnlyConfirmed, const CCoinControl *coinControl, bool fIncludeZeroValue, bool fIncludeCoinBase) const { vCoins.clear(); { LOCK2(cs_main, cs_wallet); for (map::const_iterator it = mapWallet.begin(); it != mapWallet.end(); ++it) { const uint256& wtxid = it->first; const CWalletTx* pcoin = &(*it).second; if (!CheckFinalTx(*pcoin)) continue; if (fOnlyConfirmed && !pcoin->IsTrusted()) continue; if (pcoin->IsCoinBase() && !fIncludeCoinBase) continue; if (pcoin->IsCoinBase() && pcoin->GetBlocksToMaturity() > 0) continue; int nDepth = pcoin->GetDepthInMainChain(); if (nDepth < 0) continue; for (unsigned int i = 0; i < pcoin->vout.size(); i++) { isminetype mine = IsMine(pcoin->vout[i]); if (!(IsSpent(wtxid, i)) && mine != ISMINE_NO && !IsLockedCoin((*it).first, i) && (pcoin->vout[i].nValue > 0 || fIncludeZeroValue) && (!coinControl || !coinControl->HasSelected() || coinControl->fAllowOtherInputs || coinControl->IsSelected((*it).first, i))) vCoins.push_back(COutput(pcoin, i, nDepth, (mine & ISMINE_SPENDABLE) != ISMINE_NO)); } } } } static void ApproximateBestSubset(vector > >vValue, const CAmount& nTotalLower, const CAmount& nTargetValue, vector& vfBest, CAmount& nBest, int iterations = 1000) { vector vfIncluded; vfBest.assign(vValue.size(), true); nBest = nTotalLower; seed_insecure_rand(); for (int nRep = 0; nRep < iterations && nBest != nTargetValue; nRep++) { vfIncluded.assign(vValue.size(), false); CAmount nTotal = 0; bool fReachedTarget = false; for (int nPass = 0; nPass < 2 && !fReachedTarget; nPass++) { for (unsigned int i = 0; i < vValue.size(); i++) { //The solver here uses a randomized algorithm, //the randomness serves no real security purpose but is just //needed to prevent degenerate behavior and it is important //that the rng is fast. We do not use a constant random sequence, //because there may be some privacy improvement by making //the selection random. if (nPass == 0 ? insecure_rand()&1 : !vfIncluded[i]) { nTotal += vValue[i].first; vfIncluded[i] = true; if (nTotal >= nTargetValue) { fReachedTarget = true; if (nTotal < nBest) { nBest = nTotal; vfBest = vfIncluded; } nTotal -= vValue[i].first; vfIncluded[i] = false; } } } } } } bool CWallet::SelectCoinsMinConf(const CAmount& nTargetValue, int nConfMine, int nConfTheirs, vector vCoins, set >& setCoinsRet, CAmount& nValueRet) const { setCoinsRet.clear(); nValueRet = 0; // List of values less than target pair > coinLowestLarger; coinLowestLarger.first = std::numeric_limits::max(); coinLowestLarger.second.first = NULL; vector > > vValue; CAmount nTotalLower = 0; random_shuffle(vCoins.begin(), vCoins.end(), GetRandInt); BOOST_FOREACH(const COutput &output, vCoins) { if (!output.fSpendable) continue; const CWalletTx *pcoin = output.tx; if (output.nDepth < (pcoin->IsFromMe(ISMINE_ALL) ? nConfMine : nConfTheirs)) continue; int i = output.i; CAmount n = pcoin->vout[i].nValue; pair > coin = make_pair(n,make_pair(pcoin, i)); if (n == nTargetValue) { setCoinsRet.insert(coin.second); nValueRet += coin.first; return true; } else if (n < nTargetValue + CENT) { vValue.push_back(coin); nTotalLower += n; } else if (n < coinLowestLarger.first) { coinLowestLarger = coin; } } if (nTotalLower == nTargetValue) { for (unsigned int i = 0; i < vValue.size(); ++i) { setCoinsRet.insert(vValue[i].second); nValueRet += vValue[i].first; } return true; } if (nTotalLower < nTargetValue) { if (coinLowestLarger.second.first == NULL) return false; setCoinsRet.insert(coinLowestLarger.second); nValueRet += coinLowestLarger.first; return true; } // Solve subset sum by stochastic approximation sort(vValue.rbegin(), vValue.rend(), CompareValueOnly()); vector vfBest; CAmount nBest; ApproximateBestSubset(vValue, nTotalLower, nTargetValue, vfBest, nBest, 1000); if (nBest != nTargetValue && nTotalLower >= nTargetValue + CENT) ApproximateBestSubset(vValue, nTotalLower, nTargetValue + CENT, vfBest, nBest, 1000); // If we have a bigger coin and (either the stochastic approximation didn't find a good solution, // or the next bigger coin is closer), return the bigger coin if (coinLowestLarger.second.first && ((nBest != nTargetValue && nBest < nTargetValue + CENT) || coinLowestLarger.first <= nBest)) { setCoinsRet.insert(coinLowestLarger.second); nValueRet += coinLowestLarger.first; } else { for (unsigned int i = 0; i < vValue.size(); i++) if (vfBest[i]) { setCoinsRet.insert(vValue[i].second); nValueRet += vValue[i].first; } LogPrint("selectcoins", "SelectCoins() best subset: "); for (unsigned int i = 0; i < vValue.size(); i++) if (vfBest[i]) LogPrint("selectcoins", "%s ", FormatMoney(vValue[i].first)); LogPrint("selectcoins", "total %s\n", FormatMoney(nBest)); } return true; } bool CWallet::SelectCoins(const CAmount& nTargetValue, set >& setCoinsRet, CAmount& nValueRet, bool& fOnlyCoinbaseCoinsRet, bool& fNeedCoinbaseCoinsRet, const CCoinControl* coinControl) const { // Output parameter fOnlyCoinbaseCoinsRet is set to true when the only available coins are coinbase utxos. vector vCoinsNoCoinbase, vCoinsWithCoinbase; AvailableCoins(vCoinsNoCoinbase, true, coinControl, false, false); AvailableCoins(vCoinsWithCoinbase, true, coinControl, false, true); fOnlyCoinbaseCoinsRet = vCoinsNoCoinbase.size() == 0 && vCoinsWithCoinbase.size() > 0; // If coinbase utxos can only be sent to zaddrs, exclude any coinbase utxos from coin selection. bool fProtectCoinbase = Params().GetConsensus().fCoinbaseMustBeProtected; vector vCoins = (fProtectCoinbase) ? vCoinsNoCoinbase : vCoinsWithCoinbase; // Output parameter fNeedCoinbaseCoinsRet is set to true if coinbase utxos need to be spent to meet target amount if (fProtectCoinbase && vCoinsWithCoinbase.size() > vCoinsNoCoinbase.size()) { CAmount value = 0; for (const COutput& out : vCoinsNoCoinbase) { if (!out.fSpendable) { continue; } value += out.tx->vout[out.i].nValue; } if (value <= nTargetValue) { CAmount valueWithCoinbase = 0; for (const COutput& out : vCoinsWithCoinbase) { if (!out.fSpendable) { continue; } valueWithCoinbase += out.tx->vout[out.i].nValue; } fNeedCoinbaseCoinsRet = (valueWithCoinbase >= nTargetValue); } } // coin control -> return all selected outputs (we want all selected to go into the transaction for sure) if (coinControl && coinControl->HasSelected() && !coinControl->fAllowOtherInputs) { BOOST_FOREACH(const COutput& out, vCoins) { if (!out.fSpendable) continue; nValueRet += out.tx->vout[out.i].nValue; setCoinsRet.insert(make_pair(out.tx, out.i)); } return (nValueRet >= nTargetValue); } // calculate value from preset inputs and store them set > setPresetCoins; CAmount nValueFromPresetInputs = 0; std::vector vPresetInputs; if (coinControl) coinControl->ListSelected(vPresetInputs); BOOST_FOREACH(const COutPoint& outpoint, vPresetInputs) { map::const_iterator it = mapWallet.find(outpoint.hash); if (it != mapWallet.end()) { const CWalletTx* pcoin = &it->second; // Clearly invalid input, fail if (pcoin->vout.size() <= outpoint.n) return false; nValueFromPresetInputs += pcoin->vout[outpoint.n].nValue; setPresetCoins.insert(make_pair(pcoin, outpoint.n)); } else return false; // TODO: Allow non-wallet inputs } // remove preset inputs from vCoins for (vector::iterator it = vCoins.begin(); it != vCoins.end() && coinControl && coinControl->HasSelected();) { if (setPresetCoins.count(make_pair(it->tx, it->i))) it = vCoins.erase(it); else ++it; } bool res = nTargetValue <= nValueFromPresetInputs || SelectCoinsMinConf(nTargetValue - nValueFromPresetInputs, 1, 6, vCoins, setCoinsRet, nValueRet) || SelectCoinsMinConf(nTargetValue - nValueFromPresetInputs, 1, 1, vCoins, setCoinsRet, nValueRet) || (bSpendZeroConfChange && SelectCoinsMinConf(nTargetValue - nValueFromPresetInputs, 0, 1, vCoins, setCoinsRet, nValueRet)); // because SelectCoinsMinConf clears the setCoinsRet, we now add the possible inputs to the coinset setCoinsRet.insert(setPresetCoins.begin(), setPresetCoins.end()); // add preset inputs to the total value selected nValueRet += nValueFromPresetInputs; return res; } bool CWallet::FundTransaction(CMutableTransaction& tx, CAmount &nFeeRet, int& nChangePosRet, std::string& strFailReason) { vector vecSend; // Turn the txout set into a CRecipient vector BOOST_FOREACH(const CTxOut& txOut, tx.vout) { CRecipient recipient = {txOut.scriptPubKey, txOut.nValue, false}; vecSend.push_back(recipient); } CCoinControl coinControl; coinControl.fAllowOtherInputs = true; BOOST_FOREACH(const CTxIn& txin, tx.vin) coinControl.Select(txin.prevout); CReserveKey reservekey(this); CWalletTx wtx; if (!CreateTransaction(vecSend, wtx, reservekey, nFeeRet, nChangePosRet, strFailReason, &coinControl, false)) return false; if (nChangePosRet != -1) tx.vout.insert(tx.vout.begin() + nChangePosRet, wtx.vout[nChangePosRet]); // Add new txins (keeping original txin scriptSig/order) BOOST_FOREACH(const CTxIn& txin, wtx.vin) { bool found = false; BOOST_FOREACH(const CTxIn& origTxIn, tx.vin) { if (txin.prevout.hash == origTxIn.prevout.hash && txin.prevout.n == origTxIn.prevout.n) { found = true; break; } } if (!found) tx.vin.push_back(txin); } return true; } bool CWallet::CreateTransaction(const vector& vecSend, CWalletTx& wtxNew, CReserveKey& reservekey, CAmount& nFeeRet, int& nChangePosRet, std::string& strFailReason, const CCoinControl* coinControl, bool sign) { CAmount nValue = 0; unsigned int nSubtractFeeFromAmount = 0; BOOST_FOREACH (const CRecipient& recipient, vecSend) { if (nValue < 0 || recipient.nAmount < 0) { strFailReason = _("Transaction amounts must be positive"); return false; } nValue += recipient.nAmount; if (recipient.fSubtractFeeFromAmount) nSubtractFeeFromAmount++; } if (vecSend.empty() || nValue < 0) { strFailReason = _("Transaction amounts must be positive"); return false; } wtxNew.fTimeReceivedIsTxTime = true; wtxNew.BindWallet(this); int nextBlockHeight = chainActive.Height() + 1; CMutableTransaction txNew = CreateNewContextualCMutableTransaction( Params().GetConsensus(), nextBlockHeight); // Activates after Overwinter network upgrade if (NetworkUpgradeActive(nextBlockHeight, Params().GetConsensus(), Consensus::UPGRADE_OVERWINTER)) { if (txNew.nExpiryHeight >= TX_EXPIRY_HEIGHT_THRESHOLD){ strFailReason = _("nExpiryHeight must be less than TX_EXPIRY_HEIGHT_THRESHOLD."); return false; } } unsigned int max_tx_size = MAX_TX_SIZE_AFTER_SAPLING; if (!NetworkUpgradeActive(nextBlockHeight, Params().GetConsensus(), Consensus::UPGRADE_SAPLING)) { max_tx_size = MAX_TX_SIZE_BEFORE_SAPLING; } // Discourage fee sniping. // // However because of a off-by-one-error in previous versions we need to // neuter it by setting nLockTime to at least one less than nBestHeight. // Secondly currently propagation of transactions created for block heights // corresponding to blocks that were just mined may be iffy - transactions // aren't re-accepted into the mempool - we additionally neuter the code by // going ten blocks back. Doesn't yet do anything for sniping, but does act // to shake out wallet bugs like not showing nLockTime'd transactions at // all. txNew.nLockTime = std::max(0, chainActive.Height() - 10); // Secondly occasionally randomly pick a nLockTime even further back, so // that transactions that are delayed after signing for whatever reason, // e.g. high-latency mix networks and some CoinJoin implementations, have // better privacy. if (GetRandInt(10) == 0) txNew.nLockTime = std::max(0, (int)txNew.nLockTime - GetRandInt(100)); assert(txNew.nLockTime <= (unsigned int)chainActive.Height()); assert(txNew.nLockTime < LOCKTIME_THRESHOLD); { LOCK2(cs_main, cs_wallet); { nFeeRet = 0; while (true) { txNew.vin.clear(); txNew.vout.clear(); wtxNew.fFromMe = true; nChangePosRet = -1; bool fFirst = true; CAmount nTotalValue = nValue; if (nSubtractFeeFromAmount == 0) nTotalValue += nFeeRet; double dPriority = 0; // vouts to the payees BOOST_FOREACH (const CRecipient& recipient, vecSend) { CTxOut txout(recipient.nAmount, recipient.scriptPubKey); if (recipient.fSubtractFeeFromAmount) { txout.nValue -= nFeeRet / nSubtractFeeFromAmount; // Subtract fee equally from each selected recipient if (fFirst) // first receiver pays the remainder not divisible by output count { fFirst = false; txout.nValue -= nFeeRet % nSubtractFeeFromAmount; } } if (txout.IsDust(::minRelayTxFee)) { if (recipient.fSubtractFeeFromAmount && nFeeRet > 0) { if (txout.nValue < 0) strFailReason = _("The transaction amount is too small to pay the fee"); else strFailReason = _("The transaction amount is too small to send after the fee has been deducted"); } else strFailReason = _("Transaction amount too small"); return false; } txNew.vout.push_back(txout); } // Choose coins to use set > setCoins; CAmount nValueIn = 0; bool fOnlyCoinbaseCoins = false; bool fNeedCoinbaseCoins = false; if (!SelectCoins(nTotalValue, setCoins, nValueIn, fOnlyCoinbaseCoins, fNeedCoinbaseCoins, coinControl)) { if (fOnlyCoinbaseCoins && Params().GetConsensus().fCoinbaseMustBeProtected) { strFailReason = _("Coinbase funds can only be sent to a zaddr"); } else if (fNeedCoinbaseCoins) { strFailReason = _("Insufficient funds, coinbase funds can only be spent after they have been sent to a zaddr"); } else { strFailReason = _("Insufficient funds"); } return false; } BOOST_FOREACH(PAIRTYPE(const CWalletTx*, unsigned int) pcoin, setCoins) { CAmount nCredit = pcoin.first->vout[pcoin.second].nValue; //The coin age after the next block (depth+1) is used instead of the current, //reflecting an assumption the user would accept a bit more delay for //a chance at a free transaction. //But mempool inputs might still be in the mempool, so their age stays 0 int age = pcoin.first->GetDepthInMainChain(); if (age != 0) age += 1; dPriority += (double)nCredit * age; } CAmount nChange = nValueIn - nValue; if (nSubtractFeeFromAmount == 0) nChange -= nFeeRet; if (nChange > 0) { // Fill a vout to ourself // TODO: pass in scriptChange instead of reservekey so // change transaction isn't always pay-to-bitcoin-address CScript scriptChange; // coin control: send change to custom address if (coinControl && !boost::get(&coinControl->destChange)) scriptChange = GetScriptForDestination(coinControl->destChange); // no coin control: send change to newly generated address else { // Note: We use a new key here to keep it from being obvious which side is the change. // The drawback is that by not reusing a previous key, the change may be lost if a // backup is restored, if the backup doesn't have the new private key for the change. // If we reused the old key, it would be possible to add code to look for and // rediscover unknown transactions that were written with keys of ours to recover // post-backup change. // Reserve a new key pair from key pool CPubKey vchPubKey; bool ret; ret = reservekey.GetReservedKey(vchPubKey); assert(ret); // should never fail, as we just unlocked scriptChange = GetScriptForDestination(vchPubKey.GetID()); } CTxOut newTxOut(nChange, scriptChange); // We do not move dust-change to fees, because the sender would end up paying more than requested. // This would be against the purpose of the all-inclusive feature. // So instead we raise the change and deduct from the recipient. if (nSubtractFeeFromAmount > 0 && newTxOut.IsDust(::minRelayTxFee)) { CAmount nDust = newTxOut.GetDustThreshold(::minRelayTxFee) - newTxOut.nValue; newTxOut.nValue += nDust; // raise change until no more dust for (unsigned int i = 0; i < vecSend.size(); i++) // subtract from first recipient { if (vecSend[i].fSubtractFeeFromAmount) { txNew.vout[i].nValue -= nDust; if (txNew.vout[i].IsDust(::minRelayTxFee)) { strFailReason = _("The transaction amount is too small to send after the fee has been deducted"); return false; } break; } } } // Never create dust outputs; if we would, just // add the dust to the fee. if (newTxOut.IsDust(::minRelayTxFee)) { nFeeRet += nChange; reservekey.ReturnKey(); } else { // Insert change txn at random position: nChangePosRet = GetRandInt(txNew.vout.size()+1); vector::iterator position = txNew.vout.begin()+nChangePosRet; txNew.vout.insert(position, newTxOut); } } else reservekey.ReturnKey(); // Fill vin // // Note how the sequence number is set to max()-1 so that the // nLockTime set above actually works. BOOST_FOREACH(const PAIRTYPE(const CWalletTx*,unsigned int)& coin, setCoins) txNew.vin.push_back(CTxIn(coin.first->GetHash(),coin.second,CScript(), std::numeric_limits::max()-1)); // Check mempooltxinputlimit to avoid creating a transaction which the local mempool rejects size_t limit = (size_t)GetArg("-mempooltxinputlimit", 0); { LOCK(cs_main); if (NetworkUpgradeActive(chainActive.Height() + 1, Params().GetConsensus(), Consensus::UPGRADE_OVERWINTER)) { limit = 0; } } if (limit > 0) { size_t n = txNew.vin.size(); if (n > limit) { strFailReason = _(strprintf("Too many transparent inputs %zu > limit %zu", n, limit).c_str()); return false; } } // Grab the current consensus branch ID auto consensusBranchId = CurrentEpochBranchId(chainActive.Height() + 1, Params().GetConsensus()); // Sign int nIn = 0; CTransaction txNewConst(txNew); BOOST_FOREACH(const PAIRTYPE(const CWalletTx*,unsigned int)& coin, setCoins) { bool signSuccess; const CScript& scriptPubKey = coin.first->vout[coin.second].scriptPubKey; SignatureData sigdata; if (sign) signSuccess = ProduceSignature(TransactionSignatureCreator(this, &txNewConst, nIn, coin.first->vout[coin.second].nValue, SIGHASH_ALL), scriptPubKey, sigdata, consensusBranchId); else signSuccess = ProduceSignature(DummySignatureCreator(this), scriptPubKey, sigdata, consensusBranchId); if (!signSuccess) { strFailReason = _("Signing transaction failed"); return false; } else { UpdateTransaction(txNew, nIn, sigdata); } nIn++; } unsigned int nBytes = ::GetSerializeSize(txNew, SER_NETWORK, PROTOCOL_VERSION); // Remove scriptSigs if we used dummy signatures for fee calculation if (!sign) { BOOST_FOREACH (CTxIn& vin, txNew.vin) vin.scriptSig = CScript(); } // Embed the constructed transaction data in wtxNew. *static_cast(&wtxNew) = CTransaction(txNew); // Limit size if (nBytes >= max_tx_size) { strFailReason = _("Transaction too large"); return false; } dPriority = wtxNew.ComputePriority(dPriority, nBytes); // Can we complete this as a free transaction? if (fSendFreeTransactions && nBytes <= MAX_FREE_TRANSACTION_CREATE_SIZE) { // Not enough fee: enough priority? double dPriorityNeeded = mempool.estimatePriority(nTxConfirmTarget); // Not enough mempool history to estimate: use hard-coded AllowFree. if (dPriorityNeeded <= 0 && AllowFree(dPriority)) break; // Small enough, and priority high enough, to send for free if (dPriorityNeeded > 0 && dPriority >= dPriorityNeeded) break; } CAmount nFeeNeeded = GetMinimumFee(nBytes, nTxConfirmTarget, mempool); // If we made it here and we aren't even able to meet the relay fee on the next pass, give up // because we must be at the maximum allowed fee. if (nFeeNeeded < ::minRelayTxFee.GetFee(nBytes)) { strFailReason = _("Transaction too large for fee policy"); return false; } if (nFeeRet >= nFeeNeeded) break; // Done, enough fee included. // Include more fee and try again. nFeeRet = nFeeNeeded; continue; } } } return true; } /** * Call after CreateTransaction unless you want to abort */ bool CWallet::CommitTransaction(CWalletTx& wtxNew, CReserveKey& reservekey) { { LOCK2(cs_main, cs_wallet); LogPrintf("CommitTransaction:\n%s", wtxNew.ToString()); { // This is only to keep the database open to defeat the auto-flush for the // duration of this scope. This is the only place where this optimization // maybe makes sense; please don't do it anywhere else. CWalletDB* pwalletdb = fFileBacked ? new CWalletDB(strWalletFile,"r+") : NULL; // Take key pair from key pool so it won't be used again reservekey.KeepKey(); // Add tx to wallet, because if it has change it's also ours, // otherwise just for transaction history. AddToWallet(wtxNew, false, pwalletdb); // Notify that old coins are spent set setCoins; BOOST_FOREACH(const CTxIn& txin, wtxNew.vin) { CWalletTx &coin = mapWallet[txin.prevout.hash]; coin.BindWallet(this); NotifyTransactionChanged(this, coin.GetHash(), CT_UPDATED); } if (fFileBacked) delete pwalletdb; } // Track how many getdata requests our transaction gets mapRequestCount[wtxNew.GetHash()] = 0; if (fBroadcastTransactions) { // Broadcast if (!wtxNew.AcceptToMemoryPool(false)) { // This must not fail. The transaction has already been signed and recorded. LogPrintf("CommitTransaction(): Error: Transaction not valid\n"); return false; } wtxNew.RelayWalletTransaction(); } } return true; } CAmount CWallet::GetMinimumFee(unsigned int nTxBytes, unsigned int nConfirmTarget, const CTxMemPool& pool) { // payTxFee is user-set "I want to pay this much" CAmount nFeeNeeded = payTxFee.GetFee(nTxBytes); // user selected total at least (default=true) if (fPayAtLeastCustomFee && nFeeNeeded > 0 && nFeeNeeded < payTxFee.GetFeePerK()) nFeeNeeded = payTxFee.GetFeePerK(); // User didn't set: use -txconfirmtarget to estimate... if (nFeeNeeded == 0) nFeeNeeded = pool.estimateFee(nConfirmTarget).GetFee(nTxBytes); // ... unless we don't have enough mempool data, in which case fall // back to a hard-coded fee if (nFeeNeeded == 0) nFeeNeeded = minTxFee.GetFee(nTxBytes); // prevent user from paying a non-sense fee (like 1 satoshi): 0 < fee < minRelayFee if (nFeeNeeded < ::minRelayTxFee.GetFee(nTxBytes)) nFeeNeeded = ::minRelayTxFee.GetFee(nTxBytes); // But always obey the maximum if (nFeeNeeded > maxTxFee) nFeeNeeded = maxTxFee; return nFeeNeeded; } DBErrors CWallet::LoadWallet(bool& fFirstRunRet) { if (!fFileBacked) return DB_LOAD_OK; fFirstRunRet = false; DBErrors nLoadWalletRet = CWalletDB(strWalletFile,"cr+").LoadWallet(this); if (nLoadWalletRet == DB_NEED_REWRITE) { if (CDB::Rewrite(strWalletFile, "\x04pool")) { LOCK(cs_wallet); setKeyPool.clear(); // Note: can't top-up keypool here, because wallet is locked. // User will be prompted to unlock wallet the next operation // that requires a new key. } } if (nLoadWalletRet != DB_LOAD_OK) return nLoadWalletRet; fFirstRunRet = !vchDefaultKey.IsValid(); uiInterface.LoadWallet(this); return DB_LOAD_OK; } DBErrors CWallet::ZapWalletTx(std::vector& vWtx) { if (!fFileBacked) return DB_LOAD_OK; DBErrors nZapWalletTxRet = CWalletDB(strWalletFile,"cr+").ZapWalletTx(this, vWtx); if (nZapWalletTxRet == DB_NEED_REWRITE) { if (CDB::Rewrite(strWalletFile, "\x04pool")) { LOCK(cs_wallet); setKeyPool.clear(); // Note: can't top-up keypool here, because wallet is locked. // User will be prompted to unlock wallet the next operation // that requires a new key. } } if (nZapWalletTxRet != DB_LOAD_OK) return nZapWalletTxRet; return DB_LOAD_OK; } bool CWallet::SetAddressBook(const CTxDestination& address, const string& strName, const string& strPurpose) { bool fUpdated = false; { LOCK(cs_wallet); // mapAddressBook std::map::iterator mi = mapAddressBook.find(address); fUpdated = mi != mapAddressBook.end(); mapAddressBook[address].name = strName; if (!strPurpose.empty()) /* update purpose only if requested */ mapAddressBook[address].purpose = strPurpose; } NotifyAddressBookChanged(this, address, strName, ::IsMine(*this, address) != ISMINE_NO, strPurpose, (fUpdated ? CT_UPDATED : CT_NEW) ); if (!fFileBacked) return false; if (!strPurpose.empty() && !CWalletDB(strWalletFile).WritePurpose(EncodeDestination(address), strPurpose)) return false; return CWalletDB(strWalletFile).WriteName(EncodeDestination(address), strName); } bool CWallet::DelAddressBook(const CTxDestination& address) { { LOCK(cs_wallet); // mapAddressBook if(fFileBacked) { // Delete destdata tuples associated with address std::string strAddress = EncodeDestination(address); BOOST_FOREACH(const PAIRTYPE(string, string) &item, mapAddressBook[address].destdata) { CWalletDB(strWalletFile).EraseDestData(strAddress, item.first); } } mapAddressBook.erase(address); } NotifyAddressBookChanged(this, address, "", ::IsMine(*this, address) != ISMINE_NO, "", CT_DELETED); if (!fFileBacked) return false; CWalletDB(strWalletFile).ErasePurpose(EncodeDestination(address)); return CWalletDB(strWalletFile).EraseName(EncodeDestination(address)); } bool CWallet::SetDefaultKey(const CPubKey &vchPubKey) { if (fFileBacked) { if (!CWalletDB(strWalletFile).WriteDefaultKey(vchPubKey)) return false; } vchDefaultKey = vchPubKey; return true; } /** * Mark old keypool keys as used, * and generate all new keys */ bool CWallet::NewKeyPool() { { LOCK(cs_wallet); CWalletDB walletdb(strWalletFile); BOOST_FOREACH(int64_t nIndex, setKeyPool) walletdb.ErasePool(nIndex); setKeyPool.clear(); if (IsLocked()) return false; int64_t nKeys = max(GetArg("-keypool", 100), (int64_t)0); for (int i = 0; i < nKeys; i++) { int64_t nIndex = i+1; walletdb.WritePool(nIndex, CKeyPool(GenerateNewKey())); setKeyPool.insert(nIndex); } LogPrintf("CWallet::NewKeyPool wrote %d new keys\n", nKeys); } return true; } bool CWallet::TopUpKeyPool(unsigned int kpSize) { { LOCK(cs_wallet); if (IsLocked()) return false; CWalletDB walletdb(strWalletFile); // Top up key pool unsigned int nTargetSize; if (kpSize > 0) nTargetSize = kpSize; else nTargetSize = max(GetArg("-keypool", 100), (int64_t) 0); while (setKeyPool.size() < (nTargetSize + 1)) { int64_t nEnd = 1; if (!setKeyPool.empty()) nEnd = *(--setKeyPool.end()) + 1; if (!walletdb.WritePool(nEnd, CKeyPool(GenerateNewKey()))) throw runtime_error("TopUpKeyPool(): writing generated key failed"); setKeyPool.insert(nEnd); LogPrintf("keypool added key %d, size=%u\n", nEnd, setKeyPool.size()); } } return true; } void CWallet::ReserveKeyFromKeyPool(int64_t& nIndex, CKeyPool& keypool) { nIndex = -1; keypool.vchPubKey = CPubKey(); { LOCK(cs_wallet); if (!IsLocked()) TopUpKeyPool(); // Get the oldest key if(setKeyPool.empty()) return; CWalletDB walletdb(strWalletFile); nIndex = *(setKeyPool.begin()); setKeyPool.erase(setKeyPool.begin()); if (!walletdb.ReadPool(nIndex, keypool)) throw runtime_error("ReserveKeyFromKeyPool(): read failed"); if (!HaveKey(keypool.vchPubKey.GetID())) throw runtime_error("ReserveKeyFromKeyPool(): unknown key in key pool"); assert(keypool.vchPubKey.IsValid()); LogPrintf("keypool reserve %d\n", nIndex); } } void CWallet::KeepKey(int64_t nIndex) { // Remove from key pool if (fFileBacked) { CWalletDB walletdb(strWalletFile); walletdb.ErasePool(nIndex); } LogPrintf("keypool keep %d\n", nIndex); } void CWallet::ReturnKey(int64_t nIndex) { // Return to key pool { LOCK(cs_wallet); setKeyPool.insert(nIndex); } LogPrintf("keypool return %d\n", nIndex); } bool CWallet::GetKeyFromPool(CPubKey& result) { int64_t nIndex = 0; CKeyPool keypool; { LOCK(cs_wallet); ReserveKeyFromKeyPool(nIndex, keypool); if (nIndex == -1) { if (IsLocked()) return false; result = GenerateNewKey(); return true; } KeepKey(nIndex); result = keypool.vchPubKey; } return true; } int64_t CWallet::GetOldestKeyPoolTime() { int64_t nIndex = 0; CKeyPool keypool; ReserveKeyFromKeyPool(nIndex, keypool); if (nIndex == -1) return GetTime(); ReturnKey(nIndex); return keypool.nTime; } std::map CWallet::GetAddressBalances() { map balances; { LOCK(cs_wallet); BOOST_FOREACH(PAIRTYPE(uint256, CWalletTx) walletEntry, mapWallet) { CWalletTx *pcoin = &walletEntry.second; if (!CheckFinalTx(*pcoin) || !pcoin->IsTrusted()) continue; if (pcoin->IsCoinBase() && pcoin->GetBlocksToMaturity() > 0) continue; int nDepth = pcoin->GetDepthInMainChain(); if (nDepth < (pcoin->IsFromMe(ISMINE_ALL) ? 0 : 1)) continue; for (unsigned int i = 0; i < pcoin->vout.size(); i++) { CTxDestination addr; if (!IsMine(pcoin->vout[i])) continue; if(!ExtractDestination(pcoin->vout[i].scriptPubKey, addr)) continue; CAmount n = IsSpent(walletEntry.first, i) ? 0 : pcoin->vout[i].nValue; if (!balances.count(addr)) balances[addr] = 0; balances[addr] += n; } } } return balances; } set< set > CWallet::GetAddressGroupings() { AssertLockHeld(cs_wallet); // mapWallet set< set > groupings; set grouping; BOOST_FOREACH(PAIRTYPE(uint256, CWalletTx) walletEntry, mapWallet) { CWalletTx *pcoin = &walletEntry.second; if (pcoin->vin.size() > 0) { bool any_mine = false; // group all input addresses with each other BOOST_FOREACH(CTxIn txin, pcoin->vin) { CTxDestination address; if(!IsMine(txin)) /* If this input isn't mine, ignore it */ continue; if(!ExtractDestination(mapWallet[txin.prevout.hash].vout[txin.prevout.n].scriptPubKey, address)) continue; grouping.insert(address); any_mine = true; } // group change with input addresses if (any_mine) { BOOST_FOREACH(CTxOut txout, pcoin->vout) if (IsChange(txout)) { CTxDestination txoutAddr; if(!ExtractDestination(txout.scriptPubKey, txoutAddr)) continue; grouping.insert(txoutAddr); } } if (grouping.size() > 0) { groupings.insert(grouping); grouping.clear(); } } // group lone addrs by themselves for (unsigned int i = 0; i < pcoin->vout.size(); i++) if (IsMine(pcoin->vout[i])) { CTxDestination address; if(!ExtractDestination(pcoin->vout[i].scriptPubKey, address)) continue; grouping.insert(address); groupings.insert(grouping); grouping.clear(); } } set< set* > uniqueGroupings; // a set of pointers to groups of addresses map< CTxDestination, set* > setmap; // map addresses to the unique group containing it BOOST_FOREACH(set grouping, groupings) { // make a set of all the groups hit by this new group set< set* > hits; map< CTxDestination, set* >::iterator it; BOOST_FOREACH(CTxDestination address, grouping) if ((it = setmap.find(address)) != setmap.end()) hits.insert((*it).second); // merge all hit groups into a new single group and delete old groups set* merged = new set(grouping); BOOST_FOREACH(set* hit, hits) { merged->insert(hit->begin(), hit->end()); uniqueGroupings.erase(hit); delete hit; } uniqueGroupings.insert(merged); // update setmap BOOST_FOREACH(CTxDestination element, *merged) setmap[element] = merged; } set< set > ret; BOOST_FOREACH(set* uniqueGrouping, uniqueGroupings) { ret.insert(*uniqueGrouping); delete uniqueGrouping; } return ret; } std::set CWallet::GetAccountAddresses(const std::string& strAccount) const { LOCK(cs_wallet); set result; BOOST_FOREACH(const PAIRTYPE(CTxDestination, CAddressBookData)& item, mapAddressBook) { const CTxDestination& address = item.first; const string& strName = item.second.name; if (strName == strAccount) result.insert(address); } return result; } bool CReserveKey::GetReservedKey(CPubKey& pubkey) { if (nIndex == -1) { CKeyPool keypool; pwallet->ReserveKeyFromKeyPool(nIndex, keypool); if (nIndex != -1) vchPubKey = keypool.vchPubKey; else { return false; } } assert(vchPubKey.IsValid()); pubkey = vchPubKey; return true; } void CReserveKey::KeepKey() { if (nIndex != -1) pwallet->KeepKey(nIndex); nIndex = -1; vchPubKey = CPubKey(); } void CReserveKey::ReturnKey() { if (nIndex != -1) pwallet->ReturnKey(nIndex); nIndex = -1; vchPubKey = CPubKey(); } void CWallet::GetAllReserveKeys(set& setAddress) const { setAddress.clear(); CWalletDB walletdb(strWalletFile); LOCK2(cs_main, cs_wallet); BOOST_FOREACH(const int64_t& id, setKeyPool) { CKeyPool keypool; if (!walletdb.ReadPool(id, keypool)) throw runtime_error("GetAllReserveKeyHashes(): read failed"); assert(keypool.vchPubKey.IsValid()); CKeyID keyID = keypool.vchPubKey.GetID(); if (!HaveKey(keyID)) throw runtime_error("GetAllReserveKeyHashes(): unknown key in key pool"); setAddress.insert(keyID); } } void CWallet::UpdatedTransaction(const uint256 &hashTx) { { LOCK(cs_wallet); // Only notify UI if this transaction is in this wallet map::const_iterator mi = mapWallet.find(hashTx); if (mi != mapWallet.end()) NotifyTransactionChanged(this, hashTx, CT_UPDATED); } } void CWallet::GetScriptForMining(boost::shared_ptr &script) { if (!GetArg("-mineraddress", "").empty()) { return; } boost::shared_ptr rKey(new CReserveKey(this)); CPubKey pubkey; if (!rKey->GetReservedKey(pubkey)) return; script = rKey; script->reserveScript = CScript() << OP_DUP << OP_HASH160 << ToByteVector(pubkey.GetID()) << OP_EQUALVERIFY << OP_CHECKSIG; } void CWallet::LockCoin(COutPoint& output) { AssertLockHeld(cs_wallet); // setLockedCoins setLockedCoins.insert(output); } void CWallet::UnlockCoin(COutPoint& output) { AssertLockHeld(cs_wallet); // setLockedCoins setLockedCoins.erase(output); } void CWallet::UnlockAllCoins() { AssertLockHeld(cs_wallet); // setLockedCoins setLockedCoins.clear(); } bool CWallet::IsLockedCoin(uint256 hash, unsigned int n) const { AssertLockHeld(cs_wallet); // setLockedCoins COutPoint outpt(hash, n); return (setLockedCoins.count(outpt) > 0); } void CWallet::ListLockedCoins(std::vector& vOutpts) { AssertLockHeld(cs_wallet); // setLockedCoins for (std::set::iterator it = setLockedCoins.begin(); it != setLockedCoins.end(); it++) { COutPoint outpt = (*it); vOutpts.push_back(outpt); } } // Note Locking Operations void CWallet::LockNote(const JSOutPoint& output) { AssertLockHeld(cs_wallet); // setLockedSproutNotes setLockedSproutNotes.insert(output); } void CWallet::UnlockNote(const JSOutPoint& output) { AssertLockHeld(cs_wallet); // setLockedSproutNotes setLockedSproutNotes.erase(output); } void CWallet::UnlockAllSproutNotes() { AssertLockHeld(cs_wallet); // setLockedSproutNotes setLockedSproutNotes.clear(); } bool CWallet::IsLockedNote(const JSOutPoint& outpt) const { AssertLockHeld(cs_wallet); // setLockedSproutNotes return (setLockedSproutNotes.count(outpt) > 0); } std::vector CWallet::ListLockedSproutNotes() { AssertLockHeld(cs_wallet); // setLockedSproutNotes std::vector vOutpts(setLockedSproutNotes.begin(), setLockedSproutNotes.end()); return vOutpts; } void CWallet::LockNote(const SaplingOutPoint& output) { AssertLockHeld(cs_wallet); setLockedSaplingNotes.insert(output); } void CWallet::UnlockNote(const SaplingOutPoint& output) { AssertLockHeld(cs_wallet); setLockedSaplingNotes.erase(output); } void CWallet::UnlockAllSaplingNotes() { AssertLockHeld(cs_wallet); setLockedSaplingNotes.clear(); } bool CWallet::IsLockedNote(const SaplingOutPoint& output) const { AssertLockHeld(cs_wallet); return (setLockedSaplingNotes.count(output) > 0); } std::vector CWallet::ListLockedSaplingNotes() { AssertLockHeld(cs_wallet); std::vector vOutputs(setLockedSaplingNotes.begin(), setLockedSaplingNotes.end()); return vOutputs; } /** @} */ // end of Actions class CAffectedKeysVisitor : public boost::static_visitor { private: const CKeyStore &keystore; std::vector &vKeys; public: CAffectedKeysVisitor(const CKeyStore &keystoreIn, std::vector &vKeysIn) : keystore(keystoreIn), vKeys(vKeysIn) {} void Process(const CScript &script) { txnouttype type; std::vector vDest; int nRequired; if (ExtractDestinations(script, type, vDest, nRequired)) { BOOST_FOREACH(const CTxDestination &dest, vDest) boost::apply_visitor(*this, dest); } } void operator()(const CKeyID &keyId) { if (keystore.HaveKey(keyId)) vKeys.push_back(keyId); } void operator()(const CScriptID &scriptId) { CScript script; if (keystore.GetCScript(scriptId, script)) Process(script); } void operator()(const CNoDestination &none) {} }; void CWallet::GetKeyBirthTimes(std::map &mapKeyBirth) const { AssertLockHeld(cs_wallet); // mapKeyMetadata mapKeyBirth.clear(); // get birth times for keys with metadata for (std::map::const_iterator it = mapKeyMetadata.begin(); it != mapKeyMetadata.end(); it++) if (it->second.nCreateTime) mapKeyBirth[it->first] = it->second.nCreateTime; // map in which we'll infer heights of other keys CBlockIndex *pindexMax = chainActive[std::max(0, chainActive.Height() - 144)]; // the tip can be reorganised; use a 144-block safety margin std::map mapKeyFirstBlock; std::set setKeys; GetKeys(setKeys); BOOST_FOREACH(const CKeyID &keyid, setKeys) { if (mapKeyBirth.count(keyid) == 0) mapKeyFirstBlock[keyid] = pindexMax; } setKeys.clear(); // if there are no such keys, we're done if (mapKeyFirstBlock.empty()) return; // find first block that affects those keys, if there are any left std::vector vAffected; for (std::map::const_iterator it = mapWallet.begin(); it != mapWallet.end(); it++) { // iterate over all wallet transactions... const CWalletTx &wtx = (*it).second; BlockMap::const_iterator blit = mapBlockIndex.find(wtx.hashBlock); if (blit != mapBlockIndex.end() && chainActive.Contains(blit->second)) { // ... which are already in a block int nHeight = blit->second->nHeight; BOOST_FOREACH(const CTxOut &txout, wtx.vout) { // iterate over all their outputs CAffectedKeysVisitor(*this, vAffected).Process(txout.scriptPubKey); BOOST_FOREACH(const CKeyID &keyid, vAffected) { // ... and all their affected keys std::map::iterator rit = mapKeyFirstBlock.find(keyid); if (rit != mapKeyFirstBlock.end() && nHeight < rit->second->nHeight) rit->second = blit->second; } vAffected.clear(); } } } // Extract block timestamps for those keys for (std::map::const_iterator it = mapKeyFirstBlock.begin(); it != mapKeyFirstBlock.end(); it++) mapKeyBirth[it->first] = it->second->GetBlockTime() - 7200; // block times can be 2h off } bool CWallet::AddDestData(const CTxDestination &dest, const std::string &key, const std::string &value) { if (boost::get(&dest)) return false; mapAddressBook[dest].destdata.insert(std::make_pair(key, value)); if (!fFileBacked) return true; return CWalletDB(strWalletFile).WriteDestData(EncodeDestination(dest), key, value); } bool CWallet::EraseDestData(const CTxDestination &dest, const std::string &key) { if (!mapAddressBook[dest].destdata.erase(key)) return false; if (!fFileBacked) return true; return CWalletDB(strWalletFile).EraseDestData(EncodeDestination(dest), key); } bool CWallet::LoadDestData(const CTxDestination &dest, const std::string &key, const std::string &value) { mapAddressBook[dest].destdata.insert(std::make_pair(key, value)); return true; } bool CWallet::GetDestData(const CTxDestination &dest, const std::string &key, std::string *value) const { std::map::const_iterator i = mapAddressBook.find(dest); if(i != mapAddressBook.end()) { CAddressBookData::StringMap::const_iterator j = i->second.destdata.find(key); if(j != i->second.destdata.end()) { if(value) *value = j->second; return true; } } return false; } CKeyPool::CKeyPool() { nTime = GetTime(); } CKeyPool::CKeyPool(const CPubKey& vchPubKeyIn) { nTime = GetTime(); vchPubKey = vchPubKeyIn; } CWalletKey::CWalletKey(int64_t nExpires) { nTimeCreated = (nExpires ? GetTime() : 0); nTimeExpires = nExpires; } int CMerkleTx::SetMerkleBranch(const CBlock& block) { AssertLockHeld(cs_main); CBlock blockTmp; // Update the tx's hashBlock hashBlock = block.GetHash(); // Locate the transaction for (nIndex = 0; nIndex < (int)block.vtx.size(); nIndex++) if (block.vtx[nIndex] == *(CTransaction*)this) break; if (nIndex == (int)block.vtx.size()) { vMerkleBranch.clear(); nIndex = -1; LogPrintf("ERROR: SetMerkleBranch(): couldn't find tx in block\n"); return 0; } // Fill in merkle branch vMerkleBranch = block.GetMerkleBranch(nIndex); // Is the tx in a block that's in the main chain BlockMap::iterator mi = mapBlockIndex.find(hashBlock); if (mi == mapBlockIndex.end()) return 0; const CBlockIndex* pindex = (*mi).second; if (!pindex || !chainActive.Contains(pindex)) return 0; return chainActive.Height() - pindex->nHeight + 1; } int CMerkleTx::GetDepthInMainChainINTERNAL(const CBlockIndex* &pindexRet) const { if (hashBlock.IsNull() || nIndex == -1) return 0; AssertLockHeld(cs_main); // Find the block it claims to be in BlockMap::iterator mi = mapBlockIndex.find(hashBlock); if (mi == mapBlockIndex.end()) return 0; CBlockIndex* pindex = (*mi).second; if (!pindex || !chainActive.Contains(pindex)) return 0; // Make sure the merkle branch connects to this block if (!fMerkleVerified) { if (CBlock::CheckMerkleBranch(GetHash(), vMerkleBranch, nIndex) != pindex->hashMerkleRoot) return 0; fMerkleVerified = true; } pindexRet = pindex; return chainActive.Height() - pindex->nHeight + 1; } int CMerkleTx::GetDepthInMainChain(const CBlockIndex* &pindexRet) const { AssertLockHeld(cs_main); int nResult = GetDepthInMainChainINTERNAL(pindexRet); if (nResult == 0 && !mempool.exists(GetHash())) return -1; // Not in chain, not in mempool return nResult; } int CMerkleTx::GetBlocksToMaturity() const { if (!IsCoinBase()) return 0; return max(0, (COINBASE_MATURITY+1) - GetDepthInMainChain()); } bool CMerkleTx::AcceptToMemoryPool(bool fLimitFree, bool fRejectAbsurdFee) { CValidationState state; return ::AcceptToMemoryPool(mempool, state, *this, fLimitFree, NULL, fRejectAbsurdFee); } /** * Find notes in the wallet filtered by payment address, min depth and ability to spend. * These notes are decrypted and added to the output parameter vector, outEntries. */ void CWallet::GetFilteredNotes( std::vector& sproutEntries, std::vector& saplingEntries, std::string address, int minDepth, bool ignoreSpent, bool requireSpendingKey) { std::set filterAddresses; if (address.length() > 0) { filterAddresses.insert(DecodePaymentAddress(address)); } GetFilteredNotes(sproutEntries, saplingEntries, filterAddresses, minDepth, INT_MAX, ignoreSpent, requireSpendingKey); } /** * Find notes in the wallet filtered by payment addresses, min depth, max depth, * if the note is spent, if a spending key is required, and if the notes are locked. * These notes are decrypted and added to the output parameter vector, outEntries. */ void CWallet::GetFilteredNotes( std::vector& sproutEntries, std::vector& saplingEntries, std::set& filterAddresses, int minDepth, int maxDepth, bool ignoreSpent, bool requireSpendingKey, bool ignoreLocked) { LOCK2(cs_main, cs_wallet); for (auto & p : mapWallet) { CWalletTx wtx = p.second; // Filter the transactions before checking for notes if (!CheckFinalTx(wtx) || wtx.GetBlocksToMaturity() > 0 || wtx.GetDepthInMainChain() < minDepth || wtx.GetDepthInMainChain() > maxDepth) { continue; } for (auto & pair : wtx.mapSproutNoteData) { JSOutPoint jsop = pair.first; SproutNoteData nd = pair.second; SproutPaymentAddress pa = nd.address; // skip notes which belong to a different payment address in the wallet if (!(filterAddresses.empty() || filterAddresses.count(pa))) { continue; } // skip note which has been spent if (ignoreSpent && nd.nullifier && IsSproutSpent(*nd.nullifier)) { continue; } // skip notes which cannot be spent if (requireSpendingKey && !HaveSproutSpendingKey(pa)) { continue; } // skip locked notes if (ignoreLocked && IsLockedNote(jsop)) { continue; } int i = jsop.js; // Index into CTransaction.vJoinSplit int j = jsop.n; // Index into JSDescription.ciphertexts // Get cached decryptor ZCNoteDecryption decryptor; if (!GetNoteDecryptor(pa, decryptor)) { // Note decryptors are created when the wallet is loaded, so it should always exist throw std::runtime_error(strprintf("Could not find note decryptor for payment address %s", EncodePaymentAddress(pa))); } // determine amount of funds in the note auto hSig = wtx.vJoinSplit[i].h_sig(*pzcashParams, wtx.joinSplitPubKey); try { SproutNotePlaintext plaintext = SproutNotePlaintext::decrypt( decryptor, wtx.vJoinSplit[i].ciphertexts[j], wtx.vJoinSplit[i].ephemeralKey, hSig, (unsigned char) j); sproutEntries.push_back(SproutNoteEntry { jsop, pa, plaintext.note(pa), plaintext.memo(), wtx.GetDepthInMainChain() }); } catch (const note_decryption_failed &err) { // Couldn't decrypt with this spending key throw std::runtime_error(strprintf("Could not decrypt note for payment address %s", EncodePaymentAddress(pa))); } catch (const std::exception &exc) { // Unexpected failure throw std::runtime_error(strprintf("Error while decrypting note for payment address %s: %s", EncodePaymentAddress(pa), exc.what())); } } for (auto & pair : wtx.mapSaplingNoteData) { SaplingOutPoint op = pair.first; SaplingNoteData nd = pair.second; auto maybe_pt = SaplingNotePlaintext::decrypt( wtx.vShieldedOutput[op.n].encCiphertext, nd.ivk, wtx.vShieldedOutput[op.n].ephemeralKey, wtx.vShieldedOutput[op.n].cm); assert(static_cast(maybe_pt)); auto notePt = maybe_pt.get(); auto maybe_pa = nd.ivk.address(notePt.d); assert(static_cast(maybe_pa)); auto pa = maybe_pa.get(); // skip notes which belong to a different payment address in the wallet if (!(filterAddresses.empty() || filterAddresses.count(pa))) { continue; } if (ignoreSpent && nd.nullifier && IsSaplingSpent(*nd.nullifier)) { continue; } // skip notes which cannot be spent if (requireSpendingKey) { libzcash::SaplingIncomingViewingKey ivk; libzcash::SaplingFullViewingKey fvk; if (!(GetSaplingIncomingViewingKey(pa, ivk) && GetSaplingFullViewingKey(ivk, fvk) && HaveSaplingSpendingKey(fvk))) { continue; } } // skip locked notes if (ignoreLocked && IsLockedNote(op)) { continue; } auto note = notePt.note(nd.ivk).get(); saplingEntries.push_back(SaplingNoteEntry { op, pa, note, notePt.memo(), wtx.GetDepthInMainChain() }); } } } // // Shielded key and address generalizations // bool PaymentAddressBelongsToWallet::operator()(const libzcash::SproutPaymentAddress &zaddr) const { return m_wallet->HaveSproutSpendingKey(zaddr) || m_wallet->HaveSproutViewingKey(zaddr); } bool PaymentAddressBelongsToWallet::operator()(const libzcash::SaplingPaymentAddress &zaddr) const { libzcash::SaplingIncomingViewingKey ivk; // If we have a SaplingExtendedSpendingKey in the wallet, then we will // also have the corresponding SaplingFullViewingKey. return m_wallet->GetSaplingIncomingViewingKey(zaddr, ivk) && m_wallet->HaveSaplingFullViewingKey(ivk); } bool PaymentAddressBelongsToWallet::operator()(const libzcash::InvalidEncoding& no) const { return false; } bool HaveSpendingKeyForPaymentAddress::operator()(const libzcash::SproutPaymentAddress &zaddr) const { return m_wallet->HaveSproutSpendingKey(zaddr); } bool HaveSpendingKeyForPaymentAddress::operator()(const libzcash::SaplingPaymentAddress &zaddr) const { libzcash::SaplingIncomingViewingKey ivk; libzcash::SaplingFullViewingKey fvk; return m_wallet->GetSaplingIncomingViewingKey(zaddr, ivk) && m_wallet->GetSaplingFullViewingKey(ivk, fvk) && m_wallet->HaveSaplingSpendingKey(fvk); } bool HaveSpendingKeyForPaymentAddress::operator()(const libzcash::InvalidEncoding& no) const { return false; } boost::optional GetSpendingKeyForPaymentAddress::operator()( const libzcash::SproutPaymentAddress &zaddr) const { libzcash::SproutSpendingKey k; if (m_wallet->GetSproutSpendingKey(zaddr, k)) { return libzcash::SpendingKey(k); } else { return boost::none; } } boost::optional GetSpendingKeyForPaymentAddress::operator()( const libzcash::SaplingPaymentAddress &zaddr) const { libzcash::SaplingExtendedSpendingKey extsk; if (m_wallet->GetSaplingExtendedSpendingKey(zaddr, extsk)) { return libzcash::SpendingKey(extsk); } else { return boost::none; } } boost::optional GetSpendingKeyForPaymentAddress::operator()( const libzcash::InvalidEncoding& no) const { // Defaults to InvalidEncoding return libzcash::SpendingKey(); } SpendingKeyAddResult AddSpendingKeyToWallet::operator()(const libzcash::SproutSpendingKey &sk) const { auto addr = sk.address(); if (log){ LogPrint("zrpc", "Importing zaddr %s...\n", EncodePaymentAddress(addr)); } if (m_wallet->HaveSproutSpendingKey(addr)) { return KeyAlreadyExists; } else if (m_wallet-> AddSproutZKey(sk)) { m_wallet->mapSproutZKeyMetadata[addr].nCreateTime = nTime; return KeyAdded; } else { return KeyNotAdded; } } SpendingKeyAddResult AddSpendingKeyToWallet::operator()(const libzcash::SaplingExtendedSpendingKey &sk) const { auto fvk = sk.expsk.full_viewing_key(); auto ivk = fvk.in_viewing_key(); auto addr = sk.DefaultAddress(); { if (log){ LogPrint("zrpc", "Importing zaddr %s...\n", EncodePaymentAddress(addr)); } // Don't throw error in case a key is already there if (m_wallet->HaveSaplingSpendingKey(fvk)) { return KeyAlreadyExists; } else { if (!m_wallet-> AddSaplingZKey(sk, addr)) { return KeyNotAdded; } // Sapling addresses can't have been used in transactions prior to activation. if (params.vUpgrades[Consensus::UPGRADE_SAPLING].nActivationHeight == Consensus::NetworkUpgrade::ALWAYS_ACTIVE) { m_wallet->mapSaplingZKeyMetadata[ivk].nCreateTime = nTime; } else { // 154051200 seconds from epoch is Friday, 26 October 2018 00:00:00 GMT - definitely before Sapling activates m_wallet->mapSaplingZKeyMetadata[ivk].nCreateTime = std::max((int64_t) 154051200, nTime); } if (hdKeypath) { m_wallet->mapSaplingZKeyMetadata[ivk].hdKeypath = hdKeypath.get(); } if (seedFpStr) { uint256 seedFp; seedFp.SetHex(seedFpStr.get()); m_wallet->mapSaplingZKeyMetadata[ivk].seedFp = seedFp; } return KeyAdded; } } } SpendingKeyAddResult AddSpendingKeyToWallet::operator()(const libzcash::InvalidEncoding& no) const { throw JSONRPCError(RPC_INVALID_ADDRESS_OR_KEY, "Invalid spending key"); }