[24.x] wallet: bugfix, double-counted preset inputs during Coin Selection #26559

pull furszy wants to merge 3 commits into bitcoin:24.x from furszy:2022_v24_wallet_sad changing 5 files +143 −9
  1. furszy commented at 3:03 pm on November 23, 2022: member

    Here I make the wallet select the preset inputs twice during the coin selection process (on v24.0).

    Making it think that the selection process result covers the entire tx target when it does not. It’s actually creating a tx that sends more coins than what inputs are covering for.

    Which, combined with the SFFO option, makes the wallet incorrectly reduce the tx recipient’s amount by the difference between the original target and the double-counted inputs. Which means, a created and relayed tx sending less coins to the destination than what the user inputted.

    Technical Explanation

    The reason why this happens is that the CoinsResult::Erase method is removing only one output from the available coins vector (there is a loop break that should have never been there) and not all the preset inputs.

    Which makes the Coin Selection process receive the preset inputs inside the selectable coins and inside the preset inputs vector. Which is not good, because we merge the preset inputs inside the automatic Coin Selection result manually at the end of the process, so this result can already contain the preset inputs.

    So.. this ends up with the Coin Selection result having less inputs selected and not covering the entire target amount. Which, alone, makes the wallet crash inside the “insane fee” assertion.

    But.. to make it worst, adding the subtract fee from output functionality to this mix ends up with the wallet by-passing the “insane” fee assertion, decreasing the output amount to fulfill the insane fee, and.. sadly, broadcasting the tx, with a reduced recipient’s amount, to the network.

    Important Note

    This is only a problem for v24.0 and not in master. Since #25685, we no longer use the CoinsResult::Erase method inside the Coin Selection Process.

  2. wallet: bugfix, 'CoinsResult::Erase' is erasing only one output of the set 
    The loop break shouldn't have being there.
    1d8e96b78d
  3. test: wallet, coverage for CoinsResult::Erase function 01c7c63fe1
  4. test: Coin Selection, duplicated preset inputs selection 
    Here I confuse the wallet to make it select the preset
inputs twice during the coin selection process (on v24.0).

Making it think that the selection process result covers
the entire tx target when it does not. It's actually creating
a tx that sends more coins than what inputs are covering for.

Which, combined with the subtract fee from outputs option,
makes the wallet generate and broadcast a tx that pays
up to the sum of all the inputs, minus one, amounts in fee!

----------

Note:
To make review simpler, have coded the same test cases twice.
First as a unit test and secondly, inside a functional test
too.
    8ef560aaaf
  5. DrahtBot commented at 3:03 pm on November 23, 2022: contributor

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    Reviews

    See the guideline for information on the review process.

    Type Reviewers
    ACK S3RK

    If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

  6. DrahtBot added the label Backport on Nov 23, 2022
  7. maflcko renamed this:
    wallet: bugfix, insane fee tx creation due duplicated selection of the preset inputs
    [24.x] wallet: bugfix, insane fee tx creation due duplicated selection of the preset inputs
    on Nov 23, 2022
  8. maflcko added this to the milestone 24.1 on Nov 23, 2022
  9. maflcko added the label Wallet on Nov 23, 2022
  10. furszy renamed this:
    [24.x] wallet: bugfix, insane fee tx creation due duplicated selection of the preset inputs
    [24.x] wallet: bugfix, insane fee tx created due a duplicated selection of the preset inputs
    on Nov 24, 2022
  11. furszy renamed this:
    [24.x] wallet: bugfix, insane fee tx created due a duplicated selection of the preset inputs
    [24.x] wallet: bugfix, insane tx fee created due a duplicated selection of the preset inputs
    on Nov 24, 2022
  12. S3RK commented at 5:39 pm on November 26, 2022: contributor
    Code Review ACK 8ef560aaaf07c9c9adc87dcbdd9edc68617a66c9
  13. Sjors commented at 1:44 pm on November 28, 2022: member
    ~Is this only in v24 or also earlier versions?~ (moved question to other PR)
  14. fanquake marked this as a draft on Nov 28, 2022
  15. fanquake commented at 1:50 pm on November 28, 2022: member
    Moving this to draft for now, so it’s clear that what should be reviewed first is #26560. Once #26560 is merged, this PR can be updated, with any commits being backports, with the usual metadata etc.
  16. fanquake removed this from the milestone 24.1 on Nov 29, 2022
  17. fanquake added this to the milestone 24.0.1 on Nov 29, 2022
  18. furszy renamed this:
    [24.x] wallet: bugfix, insane tx fee created due a duplicated selection of the preset inputs
    [24.x] wallet: bugfix, double-counted preset inputs during Coin Selection
    on Dec 2, 2022
  19. achow101 referenced this in commit f0c4807a6a on Dec 5, 2022
  20. sidhujag referenced this in commit 8dde7021c5 on Dec 5, 2022
  21. fanquake commented at 6:17 pm on December 5, 2022: member
    I’ve now included this in #26616.
  22. fanquake closed this on Dec 5, 2022
  23. fanquake removed this from the milestone 24.0.1 on Dec 5, 2022
  24. furszy deleted the branch on May 27, 2023
  25. bitcoin locked this on May 26, 2024


furszy DrahtBot S3RK Sjors fanquake

Labels
Wallet Backport

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-07-05 22:12 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me