[raw] reject insanely high fees by default in sendrawtransaction #2949

pull gmaxwell wants to merge 1 commits into bitcoin:master from gmaxwell:fewer_fee_footguns changing 4 files +15 −5

gmaxwell commented at 10:50 pm on August 28, 2013: contributor

There have been several incidents where mainnet experimentation with raw transactions resulted in insane fees. This is hard to prevent in the raw transaction api because the inputs may not be known. Since sending doesn’t work if the inputs aren’t known, we can catch it there.

This rejects fees > than 10000 * nMinRelayTxFee or 1 BTC with the defaults and can be overridden with a bool at the rpc.

[raw] reject insanely high fees by default in sendrawtransaction

There have been several incidents where mainnet experimentation with
 raw transactions  resulted in insane fees.  This is hard to prevent
 in the raw transaction api because the inputs may not be known.
 Since sending doesn't work if the inputs aren't known, we can catch
 it there.

This rejects fees > than 10000 * nMinRelayTxFee or 1 BTC with the
 defaults and can be overridden with a bool at the rpc.

9d14e689c8

jgarzik commented at 11:02 pm on August 28, 2013: contributor

ACK
luke-jr commented at 4:55 pm on August 29, 2013: member

Instead of a bool, how about an amount of fees? If provided and the transaction fees don’t match the value, fail. (This can be in addition to the default rejection, for backward compatibility)
petertodd commented at 5:37 pm on August 29, 2013: contributor

@luke-jr Good idea, although I won’t make it a <= test, not a == test.

Actually, no, I’m going to take that back: app developers are just going to call sendrawtransaction with their nFees, which is likely to be calculated wrong anyway… So stick with the hard sanity limit.
BitcoinPullTester commented at 3:39 pm on September 1, 2013: none

Automatic sanity-testing: PASSED, see http://jenkins.bluematt.me/pull-tester/9d14e689c86a395c11a530767db4ddf895446ba8 for binaries and test log. This test script verifies pulls every time they are updated. It, however, dies sometimes and fails to test properly. If you are waiting on a test, please check timestamps to verify that the test.log is moving at http://jenkins.bluematt.me/pull-tester/current/ Contact BlueMatt on freenode if something looks broken.
DannyHamilton commented at 9:26 am on September 16, 2013: none

Sanity testing on fees would certainly have helped me. I’ve been using sendrawtransaction in a variety of circumstances for 5 months now. I was pretty confident with the raw transaction tools, and (until today) had created over 200 transactions without any issues. Then while creating a raw transaction today, I accidentally included vout=0 when I intended to include vout=1 in the input. The result was accidentally paying a fee of 3.78843458 BTC. I had thought that I had calculated a fee of 0.0001 BTC (if I had used the intended vout).

Any of the following would have prevented the issue: A hard coded sanity check of 1 BTC maxFee A bitcoin.conf entry of maxFee set by me before I started using raw transactions (I would have set it to 0.0003 BTC) An “intended fee” parameter in any of createrawtransaction, signrawtransaction, or sendrawtransaction that I would have set to 0.0001 BTC which can be compared to the actual fee in the transaction.

Issue reported at bitcointalk.org here: https://bitcointalk.org/index.php?topic=295101.0;topicseen

Transaction example can be seen here: https://blockchain.info/tx-index/89611419
Diapolo commented at 3:38 pm on September 16, 2013: none

Any reason to merge this?
gavinandresen referenced this in commit ff4e3e63e7 on Sep 22, 2013
gavinandresen merged this on Sep 22, 2013
gavinandresen closed this on Sep 22, 2013
Bushstar referenced this in commit 809aae73a1 on Apr 8, 2020
DrahtBot locked this on Sep 8, 2021

Contributors
gmaxwell jgarzik luke-jr petertodd BitcoinPullTester DannyHamilton Diapolo