mirror of https://github.com/bitcoin/bitcoin.git synced 2025-02-21 14:34:49 +01:00

Bitcoin Core integration/staging tree

bitcoin c-plus-plus cryptocurrency cryptography p2p

Find a file

Samuel Dobson bdda137878 Merge #16766 : wallet: Make IsTrusted scan parents recursively `4671fc3d9e` Expand on wallet_balance.py comment from https://github.com/bitcoin/bitcoin/pull/16766\#issuecomment-527563982 (Jeremy Rubin) `91f3073f08` Update release notes to mention changes to IsTrusted and impact on wallet (Jeremy Rubin) `8f174ef112` Systematize style of IsTrusted single line if (Jeremy Rubin) `b49dcbedf7` update variable naming conventions for IsTrusted (Jeremy Rubin) `5ffe0d1449` Update comment in test/functional/wallet_balance.py (Jeremy Rubin) `a550c58267` Update wallet_balance.py test to reflect new behavior (Jeremy Rubin) `5dd7da4ccd` Reuse trustedParents in looped calls to IsTrusted (Jeremy Rubin) `595f09d6de` Cache tx Trust per-call to avoid DoS (Jeremy Rubin) `dce032ce29` Make IsTrusted scan parents recursively (Jeremy Rubin) Pull request description: This slightly modifies the behavior of IsTrusted to recursively check the parents of a transaction. Otherwise, it's possible that a parent is not IsTrusted but a child is. If a parent is not trusted, then a child should not be either. This recursive scan can be a little expensive, so ~it might be beneficial to have a way of caching IsTrusted state, but this is a little complex because various conditions can change between calls to IsTrusted (e.g., re-org).~ I added a cache which works per call/across calls, but does not store the results semi-permanently. Which reduces DoS risk of this change. There is no risk of untrusted parents causing a resource exploitation, as we immediately return once that is detected. This is a change that came up as a bug-fix esque change while working on OP_SECURETHEBAG. You can see the branch where this change is important here: https://github.com/bitcoin/bitcoin/compare/master...JeremyRubin:stb-with-rpc?expand=1. Essentially, without this change, we can be tricked into accepting an OP_SECURETHEBAG output because we don't properly check the parents. As this was a change which, on its own, was not dependent on OP_SECURETHEBAG, I broke it out as I felt the change stands on its own by fixing a long standing wallet bug. The test wallet_balance.py has been corrected to meet the new behavior. The below comment, reproduced, explains what the issue is and the edge cases that can arise before this change. # Before `test_balance()`, we have had two nodes with a balance of 50 # each and then we: # # 1) Sent 40 from node A to node B with fee 0.01 # 2) Sent 60 from node B to node A with fee 0.01 # # Then we check the balances: # # 1) As is # 2) With transaction 2 from above with 2x the fee # # Prior to #16766, in this situation, the node would immediately report # a balance of 30 on node B as unconfirmed and trusted. # # After #16766, we show that balance as unconfirmed. # # The balance is indeed "trusted" and "confirmed" insofar as removing # the mempool transactions would return at least that much money. But # the algorithm after #16766 marks it as unconfirmed because the 'taint' # tracking of transaction trust for summing balances doesn't consider # which inputs belong to a user. In this case, the change output in # question could be "destroyed" by replace the 1st transaction above. # # The post #16766 behavior is correct; we shouldn't be treating those # funds as confirmed. If you want to rely on that specific UTXO existing # which has given you that balance, you cannot, as a third party # spending the other input would destroy that unconfirmed. # # For example, if the test transactions were: # # 1) Sent 40 from node A to node B with fee 0.01 # 2) Sent 10 from node B to node A with fee 0.01 # # Then our node would report a confirmed balance of 40 + 50 - 10 = 80 # BTC, which is more than would be available if transaction 1 were # replaced. The release notes have been updated to note the new behavior. ACKs for top commit: ariard: Code Review ACK `4671fc3`, maybe extend DoS protection in a follow-up PR. fjahr: Code review ACK `4671fc3d9e` ryanofsky: Code review ACK `4671fc3d9e`. Changes since last review: 2 new commits adding suggested release note and python test comment, also a clean rebase with no changes to the earlier commits. The PR description is more comprehensive now, too. Looks good! promag: Code review ACK `4671fc3d9e`. Tree-SHA512: 6b183ff425304fef49724290053514cb2770f4a2350dcb83660ef24af5c54f7c4c2c345b0f62bba60eb2d2f70625ee61a7fab76a7f491bb5a84be5c4cc86b92f		2019-11-05 21:59:27 +13:00
.github	github: Add warning for bug reports	2019-10-15 08:53:42 +02:00
.tx	gui: Update transifex slug for 0.19	2019-09-02 13:40:01 +02:00
build-aux/m4	Merge #16110 : depends: Add Android NDK support	2019-11-04 13:32:19 +01:00
build_msvc	doc: update MSVC instructions to remove Qt configuration	2019-11-01 15:25:52 -04:00
ci	Merge #17233 : travis: Run unit and functional tests on native arm	2019-11-04 08:23:21 -05:00
contrib	doc: Fix some misspellings	2019-11-04 04:22:53 -05:00
depends	Merge #16110 : depends: Add Android NDK support	2019-11-04 13:32:19 +01:00
doc	Merge #16766 : wallet: Make IsTrusted scan parents recursively	2019-11-05 21:59:27 +13:00
share	nsis: Write to correct filename in first place	2019-10-29 15:12:52 -04:00
src	Merge #16766 : wallet: Make IsTrusted scan parents recursively	2019-11-05 21:59:27 +13:00
test	Merge #16766 : wallet: Make IsTrusted scan parents recursively	2019-11-05 21:59:27 +13:00
.appveyor.yml	Added libbitcoin_qt and bitcoin-qt to the msbuild configuration.	2019-09-08 14:13:05 +02:00
.cirrus.yml	ci: Remove ccache requirement on the host	2019-10-24 18:37:38 -04:00
.gitattributes	Separate protocol versioning from clientversion	2014-10-29 00:24:40 -04:00
.gitignore	Merge #16371 : build: ignore macOS make deploy artefacts & add them to clean-local	2019-08-21 08:02:20 +08:00
.python-version	.python-version: Specify full version 3.5.6	2019-03-02 12:06:26 -05:00
.style.yapf	test: .style.yapf: Set column_limit=160	2019-03-04 18:28:13 -05:00
.travis.yml	Merge #17233 : travis: Run unit and functional tests on native arm	2019-11-04 08:23:21 -05:00
autogen.sh	Added double quotes	2019-10-07 17:02:46 -04:00
configure.ac	Merge #16110 : depends: Add Android NDK support	2019-11-04 13:32:19 +01:00
CONTRIBUTING.md	doc: Added instructions for how to add an upsteam to forked repo	2019-10-20 11:47:42 +01:00
COPYING	[Trivial] Update license year range to 2019	2018-12-31 04:27:59 +01:00
INSTALL.md	Update INSTALL landing redirection notice for build instructions.	2016-10-06 12:27:23 +13:00
libbitcoinconsensus.pc.in	Unify package name to as few places as possible without major changes	2015-12-14 02:11:10 +00:00
Makefile.am	Merge #17091 : tests: Add test for loadblock option and linearize scripts	2019-10-23 11:21:46 +02:00
README.md	doc: Fix some misspellings	2019-11-04 04:22:53 -05:00
SECURITY.md	doc: Remove explicit mention of version from SECURITY.md	2019-06-14 06:39:17 -04:00

README.md

Bitcoin Core integration/staging tree

https://bitcoincore.org

What is Bitcoin?

Bitcoin is an experimental digital currency that enables instant payments to anyone, anywhere in the world. Bitcoin uses peer-to-peer technology to operate with no central authority: managing transactions and issuing money are carried out collectively by the network. Bitcoin Core is the name of open source software which enables the use of this currency.

For more information, as well as an immediately usable, binary version of the Bitcoin Core software, see https://bitcoincore.org/en/download/, or read the original whitepaper.

License

Bitcoin Core is released under the terms of the MIT license. See COPYING for more information or see https://opensource.org/licenses/MIT.

Development Process

The master branch is regularly built and tested, but is not guaranteed to be completely stable. Tags are created regularly to indicate new official, stable release versions of Bitcoin Core.

The contribution workflow is described in CONTRIBUTING.md and useful hints for developers can be found in doc/developer-notes.md.

Testing

Testing and code review is the bottleneck for development; we get more pull requests than we can review and test on short notice. Please be patient and help out by testing other people's pull requests, and remember this is a security-critical project where any mistake might cost people lots of money.

Automated Testing

Developers are strongly encouraged to write unit tests for new code, and to submit new unit tests for old code. Unit tests can be compiled and run (assuming they weren't disabled in configure) with: make check. Further details on running and extending unit tests can be found in /src/test/README.md.

There are also regression and integration tests, written in Python, that are run automatically on the build server. These tests can be run (if the test dependencies are installed) with: test/functional/test_runner.py

The Travis CI system makes sure that every pull request is built for Windows, Linux, and macOS, and that unit/sanity tests are run automatically.

Manual Quality Assurance (QA) Testing

Changes should be tested by somebody other than the developer who wrote the code. This is especially important for large or high-risk changes. It is useful to add a test plan to the pull request description if testing the changes is not straightforward.

Translations

Changes to translations as well as new translations can be submitted to Bitcoin Core's Transifex page.

Translations are periodically pulled from Transifex and merged into the git repository. See the translation process for details on how this works.

Important: We do not accept translation changes as GitHub pull requests because the next pull from Transifex would automatically overwrite them again.

Translators should also subscribe to the mailing list.