mirror of
https://github.com/bitcoin/bitcoin.git
synced 2025-02-11 11:16:09 -05:00
c5f0cbefa3
1dc03dda05[doc] remove non-signaling mentions of BIP125 (glozow)32024d40f0scripted-diff: remove mention of BIP125 from non-signaling var names (glozow) Pull request description: We have pretty thorough documentation of our RBF policy in doc/policy/mempool-replacements.md. It enumerates each rule with several sentences of rationale. Also, each rule pretty much has its own function (3 and 4 share one), with extensive comments. The doc states explicitly that our rules are similar but differ from BIP125, and contains a record of historical changes to RBF policy. We should not use "BIP125" as synonymous with our RBF policy because: - Our RBF policy is different from what is specified in BIP125, for example: - the BIP does not mention our rule about the replacement feerate being higher (our Rule 6) - the BIP uses minimum relay feerate for Rule 4, while we have used incremental relay feerate since #9380 - the "inherited signaling" question (CVE-2021-31876). Call it discrepancy, ambiguous wording, doc misinterpretation, or implementation details, I would recommend users refer to doc/policy/mempool-replacements.md - the signaling policy is configurable, see #25353 - Our RBF policy may change further - We have already marked BIP125 as only "partially implemented" in docs/bips.md since1fd49eb498- See comments from people who are not me recently: - https://github.com/bitcoin/bitcoin/pull/25038#discussion_r909507429 - https://github.com/bitcoin/bitcoin/pull/25575#issuecomment-1179519204 This PR removes all non-signaling mentions of BIP125 (if people feel strongly, we can remove all mentions of BIP125 period). It may be useful to refer to the concept of "tx opts in to RBF if it has at least one nSequence less than (0xffffffff - 1)" as "BIP125 signaling" because: - It is succint. - It has already been widely marketed as BIP125 opt-in signaling. - Our API uses it when referring to signaling (e.g. getmempoolentry["bip125-replaceable"] and wallet error message "not BIP 125 replaceable"). Changing those is more invasive. - If/when we have other ways to signal in the future, we can disambiguate them this way. See #25038 which proposes another way of signaling, and where I pulled these commits from. Alternatives: - Changing our policy to match BIP125. This doesn't make sense as, for example, we would have to remove the requirement that a replacement tx has a higher feerate (Rule 6). - Changing BIP125 to match what we have. This doesn't make sense as it would be a significant change to a BIP years after it was finalized and already used as a spec to implement RBF in other places. - Document our policy as a new BIP and give it a number. This might make sense if we don't expect things to change a lot, and can be done as a next step. ACKs for top commit: darosior: ACK1dc03dda05ariard: ACK1dc03ddat-bast: ACK1dc03dda05Tree-SHA512: a3adc2039ec5785892d230ec442e50f47f7062717392728152bbbe27ce1c564141f85253143f53cb44e1331cf47476d74f5d2f4b3cd873fc3433d7a0aa783e02
334 lines
15 KiB
C++
334 lines
15 KiB
C++
// Copyright (c) 2017-2021 The Bitcoin Core developers
|
|
// Distributed under the MIT software license, see the accompanying
|
|
// file COPYING or http://www.opensource.org/licenses/mit-license.php.
|
|
|
|
#include <consensus/validation.h>
|
|
#include <interfaces/chain.h>
|
|
#include <policy/fees.h>
|
|
#include <policy/policy.h>
|
|
#include <util/moneystr.h>
|
|
#include <util/rbf.h>
|
|
#include <util/system.h>
|
|
#include <util/translation.h>
|
|
#include <wallet/coincontrol.h>
|
|
#include <wallet/feebumper.h>
|
|
#include <wallet/fees.h>
|
|
#include <wallet/receive.h>
|
|
#include <wallet/spend.h>
|
|
#include <wallet/wallet.h>
|
|
|
|
namespace wallet {
|
|
//! Check whether transaction has descendant in wallet or mempool, or has been
|
|
//! mined, or conflicts with a mined transaction. Return a feebumper::Result.
|
|
static feebumper::Result PreconditionChecks(const CWallet& wallet, const CWalletTx& wtx, bool require_mine, std::vector<bilingual_str>& errors) EXCLUSIVE_LOCKS_REQUIRED(wallet.cs_wallet)
|
|
{
|
|
if (wallet.HasWalletSpend(wtx.tx)) {
|
|
errors.push_back(Untranslated("Transaction has descendants in the wallet"));
|
|
return feebumper::Result::INVALID_PARAMETER;
|
|
}
|
|
|
|
{
|
|
if (wallet.chain().hasDescendantsInMempool(wtx.GetHash())) {
|
|
errors.push_back(Untranslated("Transaction has descendants in the mempool"));
|
|
return feebumper::Result::INVALID_PARAMETER;
|
|
}
|
|
}
|
|
|
|
if (wallet.GetTxDepthInMainChain(wtx) != 0) {
|
|
errors.push_back(Untranslated("Transaction has been mined, or is conflicted with a mined transaction"));
|
|
return feebumper::Result::WALLET_ERROR;
|
|
}
|
|
|
|
if (!SignalsOptInRBF(*wtx.tx)) {
|
|
errors.push_back(Untranslated("Transaction is not BIP 125 replaceable"));
|
|
return feebumper::Result::WALLET_ERROR;
|
|
}
|
|
|
|
if (wtx.mapValue.count("replaced_by_txid")) {
|
|
errors.push_back(strprintf(Untranslated("Cannot bump transaction %s which was already bumped by transaction %s"), wtx.GetHash().ToString(), wtx.mapValue.at("replaced_by_txid")));
|
|
return feebumper::Result::WALLET_ERROR;
|
|
}
|
|
|
|
if (require_mine) {
|
|
// check that original tx consists entirely of our inputs
|
|
// if not, we can't bump the fee, because the wallet has no way of knowing the value of the other inputs (thus the fee)
|
|
isminefilter filter = wallet.GetLegacyScriptPubKeyMan() && wallet.IsWalletFlagSet(WALLET_FLAG_DISABLE_PRIVATE_KEYS) ? ISMINE_WATCH_ONLY : ISMINE_SPENDABLE;
|
|
if (!AllInputsMine(wallet, *wtx.tx, filter)) {
|
|
errors.push_back(Untranslated("Transaction contains inputs that don't belong to this wallet"));
|
|
return feebumper::Result::WALLET_ERROR;
|
|
}
|
|
}
|
|
|
|
return feebumper::Result::OK;
|
|
}
|
|
|
|
//! Check if the user provided a valid feeRate
|
|
static feebumper::Result CheckFeeRate(const CWallet& wallet, const CWalletTx& wtx, const CFeeRate& newFeerate, const int64_t maxTxSize, CAmount old_fee, std::vector<bilingual_str>& errors)
|
|
{
|
|
// check that fee rate is higher than mempool's minimum fee
|
|
// (no point in bumping fee if we know that the new tx won't be accepted to the mempool)
|
|
// This may occur if the user set fee_rate or paytxfee too low, if fallbackfee is too low, or, perhaps,
|
|
// in a rare situation where the mempool minimum fee increased significantly since the fee estimation just a
|
|
// moment earlier. In this case, we report an error to the user, who may adjust the fee.
|
|
CFeeRate minMempoolFeeRate = wallet.chain().mempoolMinFee();
|
|
|
|
if (newFeerate.GetFeePerK() < minMempoolFeeRate.GetFeePerK()) {
|
|
errors.push_back(strprintf(
|
|
Untranslated("New fee rate (%s) is lower than the minimum fee rate (%s) to get into the mempool -- "),
|
|
FormatMoney(newFeerate.GetFeePerK()),
|
|
FormatMoney(minMempoolFeeRate.GetFeePerK())));
|
|
return feebumper::Result::WALLET_ERROR;
|
|
}
|
|
|
|
CAmount new_total_fee = newFeerate.GetFee(maxTxSize);
|
|
|
|
CFeeRate incrementalRelayFee = std::max(wallet.chain().relayIncrementalFee(), CFeeRate(WALLET_INCREMENTAL_RELAY_FEE));
|
|
|
|
// Given old total fee and transaction size, calculate the old feeRate
|
|
const int64_t txSize = GetVirtualTransactionSize(*(wtx.tx));
|
|
CFeeRate nOldFeeRate(old_fee, txSize);
|
|
// Min total fee is old fee + relay fee
|
|
CAmount minTotalFee = nOldFeeRate.GetFee(maxTxSize) + incrementalRelayFee.GetFee(maxTxSize);
|
|
|
|
if (new_total_fee < minTotalFee) {
|
|
errors.push_back(strprintf(Untranslated("Insufficient total fee %s, must be at least %s (oldFee %s + incrementalFee %s)"),
|
|
FormatMoney(new_total_fee), FormatMoney(minTotalFee), FormatMoney(nOldFeeRate.GetFee(maxTxSize)), FormatMoney(incrementalRelayFee.GetFee(maxTxSize))));
|
|
return feebumper::Result::INVALID_PARAMETER;
|
|
}
|
|
|
|
CAmount requiredFee = GetRequiredFee(wallet, maxTxSize);
|
|
if (new_total_fee < requiredFee) {
|
|
errors.push_back(strprintf(Untranslated("Insufficient total fee (cannot be less than required fee %s)"),
|
|
FormatMoney(requiredFee)));
|
|
return feebumper::Result::INVALID_PARAMETER;
|
|
}
|
|
|
|
// Check that in all cases the new fee doesn't violate maxTxFee
|
|
const CAmount max_tx_fee = wallet.m_default_max_tx_fee;
|
|
if (new_total_fee > max_tx_fee) {
|
|
errors.push_back(strprintf(Untranslated("Specified or calculated fee %s is too high (cannot be higher than -maxtxfee %s)"),
|
|
FormatMoney(new_total_fee), FormatMoney(max_tx_fee)));
|
|
return feebumper::Result::WALLET_ERROR;
|
|
}
|
|
|
|
return feebumper::Result::OK;
|
|
}
|
|
|
|
static CFeeRate EstimateFeeRate(const CWallet& wallet, const CWalletTx& wtx, const CAmount old_fee, const CCoinControl& coin_control)
|
|
{
|
|
// Get the fee rate of the original transaction. This is calculated from
|
|
// the tx fee/vsize, so it may have been rounded down. Add 1 satoshi to the
|
|
// result.
|
|
int64_t txSize = GetVirtualTransactionSize(*(wtx.tx));
|
|
CFeeRate feerate(old_fee, txSize);
|
|
feerate += CFeeRate(1);
|
|
|
|
// The node has a configurable incremental relay fee. Increment the fee by
|
|
// the minimum of that and the wallet's conservative
|
|
// WALLET_INCREMENTAL_RELAY_FEE value to future proof against changes to
|
|
// network wide policy for incremental relay fee that our node may not be
|
|
// aware of. This ensures we're over the required relay fee rate
|
|
// (Rule 4). The replacement tx will be at least as large as the
|
|
// original tx, so the total fee will be greater (Rule 3)
|
|
CFeeRate node_incremental_relay_fee = wallet.chain().relayIncrementalFee();
|
|
CFeeRate wallet_incremental_relay_fee = CFeeRate(WALLET_INCREMENTAL_RELAY_FEE);
|
|
feerate += std::max(node_incremental_relay_fee, wallet_incremental_relay_fee);
|
|
|
|
// Fee rate must also be at least the wallet's GetMinimumFeeRate
|
|
CFeeRate min_feerate(GetMinimumFeeRate(wallet, coin_control, /*feeCalc=*/nullptr));
|
|
|
|
// Set the required fee rate for the replacement transaction in coin control.
|
|
return std::max(feerate, min_feerate);
|
|
}
|
|
|
|
namespace feebumper {
|
|
|
|
bool TransactionCanBeBumped(const CWallet& wallet, const uint256& txid)
|
|
{
|
|
LOCK(wallet.cs_wallet);
|
|
const CWalletTx* wtx = wallet.GetWalletTx(txid);
|
|
if (wtx == nullptr) return false;
|
|
|
|
std::vector<bilingual_str> errors_dummy;
|
|
feebumper::Result res = PreconditionChecks(wallet, *wtx, /* require_mine=*/ true, errors_dummy);
|
|
return res == feebumper::Result::OK;
|
|
}
|
|
|
|
Result CreateRateBumpTransaction(CWallet& wallet, const uint256& txid, const CCoinControl& coin_control, std::vector<bilingual_str>& errors,
|
|
CAmount& old_fee, CAmount& new_fee, CMutableTransaction& mtx, bool require_mine)
|
|
{
|
|
// We are going to modify coin control later, copy to re-use
|
|
CCoinControl new_coin_control(coin_control);
|
|
|
|
LOCK(wallet.cs_wallet);
|
|
errors.clear();
|
|
auto it = wallet.mapWallet.find(txid);
|
|
if (it == wallet.mapWallet.end()) {
|
|
errors.push_back(Untranslated("Invalid or non-wallet transaction id"));
|
|
return Result::INVALID_ADDRESS_OR_KEY;
|
|
}
|
|
const CWalletTx& wtx = it->second;
|
|
|
|
// Retrieve all of the UTXOs and add them to coin control
|
|
// While we're here, calculate the input amount
|
|
std::map<COutPoint, Coin> coins;
|
|
CAmount input_value = 0;
|
|
std::vector<CTxOut> spent_outputs;
|
|
for (const CTxIn& txin : wtx.tx->vin) {
|
|
coins[txin.prevout]; // Create empty map entry keyed by prevout.
|
|
}
|
|
wallet.chain().findCoins(coins);
|
|
for (const CTxIn& txin : wtx.tx->vin) {
|
|
const Coin& coin = coins.at(txin.prevout);
|
|
if (coin.out.IsNull()) {
|
|
errors.push_back(Untranslated(strprintf("%s:%u is already spent", txin.prevout.hash.GetHex(), txin.prevout.n)));
|
|
return Result::MISC_ERROR;
|
|
}
|
|
if (wallet.IsMine(txin.prevout)) {
|
|
new_coin_control.Select(txin.prevout);
|
|
} else {
|
|
new_coin_control.SelectExternal(txin.prevout, coin.out);
|
|
}
|
|
input_value += coin.out.nValue;
|
|
spent_outputs.push_back(coin.out);
|
|
}
|
|
|
|
// Figure out if we need to compute the input weight, and do so if necessary
|
|
PrecomputedTransactionData txdata;
|
|
txdata.Init(*wtx.tx, std::move(spent_outputs), /* force=*/ true);
|
|
for (unsigned int i = 0; i < wtx.tx->vin.size(); ++i) {
|
|
const CTxIn& txin = wtx.tx->vin.at(i);
|
|
const Coin& coin = coins.at(txin.prevout);
|
|
|
|
if (new_coin_control.IsExternalSelected(txin.prevout)) {
|
|
// For external inputs, we estimate the size using the size of this input
|
|
int64_t input_weight = GetTransactionInputWeight(txin);
|
|
// Because signatures can have different sizes, we need to figure out all of the
|
|
// signature sizes and replace them with the max sized signature.
|
|
// In order to do this, we verify the script with a special SignatureChecker which
|
|
// will observe the signatures verified and record their sizes.
|
|
SignatureWeights weights;
|
|
TransactionSignatureChecker tx_checker(wtx.tx.get(), i, coin.out.nValue, txdata, MissingDataBehavior::FAIL);
|
|
SignatureWeightChecker size_checker(weights, tx_checker);
|
|
VerifyScript(txin.scriptSig, coin.out.scriptPubKey, &txin.scriptWitness, STANDARD_SCRIPT_VERIFY_FLAGS, size_checker);
|
|
// Add the difference between max and current to input_weight so that it represents the largest the input could be
|
|
input_weight += weights.GetWeightDiffToMax();
|
|
new_coin_control.SetInputWeight(txin.prevout, input_weight);
|
|
}
|
|
}
|
|
|
|
Result result = PreconditionChecks(wallet, wtx, require_mine, errors);
|
|
if (result != Result::OK) {
|
|
return result;
|
|
}
|
|
|
|
// Fill in recipients(and preserve a single change key if there is one)
|
|
// While we're here, calculate the output amount
|
|
std::vector<CRecipient> recipients;
|
|
CAmount output_value = 0;
|
|
for (const auto& output : wtx.tx->vout) {
|
|
if (!OutputIsChange(wallet, output)) {
|
|
CRecipient recipient = {output.scriptPubKey, output.nValue, false};
|
|
recipients.push_back(recipient);
|
|
} else {
|
|
CTxDestination change_dest;
|
|
ExtractDestination(output.scriptPubKey, change_dest);
|
|
new_coin_control.destChange = change_dest;
|
|
}
|
|
output_value += output.nValue;
|
|
}
|
|
|
|
old_fee = input_value - output_value;
|
|
|
|
if (coin_control.m_feerate) {
|
|
// The user provided a feeRate argument.
|
|
// We calculate this here to avoid compiler warning on the cs_wallet lock
|
|
// We need to make a temporary transaction with no input witnesses as the dummy signer expects them to be empty for external inputs
|
|
CMutableTransaction mtx{*wtx.tx};
|
|
for (auto& txin : mtx.vin) {
|
|
txin.scriptSig.clear();
|
|
txin.scriptWitness.SetNull();
|
|
}
|
|
const int64_t maxTxSize{CalculateMaximumSignedTxSize(CTransaction(mtx), &wallet, &new_coin_control).vsize};
|
|
Result res = CheckFeeRate(wallet, wtx, *new_coin_control.m_feerate, maxTxSize, old_fee, errors);
|
|
if (res != Result::OK) {
|
|
return res;
|
|
}
|
|
} else {
|
|
// The user did not provide a feeRate argument
|
|
new_coin_control.m_feerate = EstimateFeeRate(wallet, wtx, old_fee, new_coin_control);
|
|
}
|
|
|
|
// Fill in required inputs we are double-spending(all of them)
|
|
// N.B.: bip125 doesn't require all the inputs in the replaced transaction to be
|
|
// used in the replacement transaction, but it's very important for wallets to make
|
|
// sure that happens. If not, it would be possible to bump a transaction A twice to
|
|
// A2 and A3 where A2 and A3 don't conflict (or alternatively bump A to A2 and A2
|
|
// to A3 where A and A3 don't conflict). If both later get confirmed then the sender
|
|
// has accidentally double paid.
|
|
for (const auto& inputs : wtx.tx->vin) {
|
|
new_coin_control.Select(COutPoint(inputs.prevout));
|
|
}
|
|
new_coin_control.m_allow_other_inputs = true;
|
|
|
|
// We cannot source new unconfirmed inputs(bip125 rule 2)
|
|
new_coin_control.m_min_depth = 1;
|
|
|
|
constexpr int RANDOM_CHANGE_POSITION = -1;
|
|
auto res = CreateTransaction(wallet, recipients, RANDOM_CHANGE_POSITION, new_coin_control, false);
|
|
if (!res) {
|
|
errors.push_back(Untranslated("Unable to create transaction.") + Untranslated(" ") + util::ErrorString(res));
|
|
return Result::WALLET_ERROR;
|
|
}
|
|
|
|
const auto& txr = *res;
|
|
// Write back new fee if successful
|
|
new_fee = txr.fee;
|
|
|
|
// Write back transaction
|
|
mtx = CMutableTransaction(*txr.tx);
|
|
|
|
return Result::OK;
|
|
}
|
|
|
|
bool SignTransaction(CWallet& wallet, CMutableTransaction& mtx) {
|
|
LOCK(wallet.cs_wallet);
|
|
return wallet.SignTransaction(mtx);
|
|
}
|
|
|
|
Result CommitTransaction(CWallet& wallet, const uint256& txid, CMutableTransaction&& mtx, std::vector<bilingual_str>& errors, uint256& bumped_txid)
|
|
{
|
|
LOCK(wallet.cs_wallet);
|
|
if (!errors.empty()) {
|
|
return Result::MISC_ERROR;
|
|
}
|
|
auto it = txid.IsNull() ? wallet.mapWallet.end() : wallet.mapWallet.find(txid);
|
|
if (it == wallet.mapWallet.end()) {
|
|
errors.push_back(Untranslated("Invalid or non-wallet transaction id"));
|
|
return Result::MISC_ERROR;
|
|
}
|
|
const CWalletTx& oldWtx = it->second;
|
|
|
|
// make sure the transaction still has no descendants and hasn't been mined in the meantime
|
|
Result result = PreconditionChecks(wallet, oldWtx, /* require_mine=*/ false, errors);
|
|
if (result != Result::OK) {
|
|
return result;
|
|
}
|
|
|
|
// commit/broadcast the tx
|
|
CTransactionRef tx = MakeTransactionRef(std::move(mtx));
|
|
mapValue_t mapValue = oldWtx.mapValue;
|
|
mapValue["replaces_txid"] = oldWtx.GetHash().ToString();
|
|
|
|
wallet.CommitTransaction(tx, std::move(mapValue), oldWtx.vOrderForm);
|
|
|
|
// mark the original tx as bumped
|
|
bumped_txid = tx->GetHash();
|
|
if (!wallet.MarkReplaced(oldWtx.GetHash(), bumped_txid)) {
|
|
errors.push_back(Untranslated("Created new bumpfee transaction but could not mark the original transaction as replaced"));
|
|
}
|
|
return Result::OK;
|
|
}
|
|
|
|
} // namespace feebumper
|
|
} // namespace wallet
|