client can unknowingly reuse addresses when restoring old backup #3791

I am requesting a receive address, but I keep getting addresses that have been previously used. This may be facilitated by the fact I am using a wallet.dat that was previously used as a backup, but nevertheless, even so, this is not ideal and is misleading the user into thinking they will be using an unused address. I propose that bitcoin-qt could check that the address hasn't been previously used and keep looking until it finds an actually unused one.

There is no way that Bitcoin-Qt can know whether the address was used before somewhere in the world. It has only the local view provided by the keypool in the wallet.dat that you installed.

So if you restore an old backup it will think it's handing out new addresses.

You can 'skip ahead' by running the RPC call getrawchangeaddress as many times as needed (up to the keypoolsize to mark the entire keypool as used).

I'm reopening this. We can know when keys are used (see a transaction spending using them), and don't use this to mark keypool keys used.

In fact, this will be necessary for recovery from BIP32 wallet backups.

You can know whether the key has been used, but you cannot know for sure whether the key has not been used.

It could be given to someone as an invoice and not be in a visible transaction yet. Or it could be in a queued-up transaction. The "addresses is in the blockchain" assumption is very shallow.

It's still very reasonable to mark addresses as used if you see them used, imho :)

It it reasonable, but may be dangerous if people make the wrong assumptions (it looks as if it works in every case, but it doesn't).

Edit: If you use multiple copies of a wallet you're bound to have race conditions in which both give you the same key as 'new'. There is always a window for this confusion. The only solution would be to make them generate keys with different BIP32 parent keys.

In a GUI client we could notice this case and wag a popup at the user. "Woah, this wallet appears to be out of sync with the network, coins seem to be spent out from under it. [...] If you're using multiple copies of the same wallet, beware your impending doom. See [here] for more info."

WRT multiple copies beyond the reuse, the problem is that they'll double-spend each other... and if spending unconfirmed change end up totally borken.

But I think better handling a backup recovery doesn't prevent better catching of risky use. It's not like it replaying the keypool is the only or the most obvious mechanism we can use to point out that this doesn't really work.

Agreed that the client could warn in that case, but that's very different from claiming that 'reuse an existing receiving address' does not work which is the issue title.

Is this still an issue with a recent version of Bitcoin Core? If yes, what are the steps to reproduce?