Merge bitcoin/bitcoin#18554: wallet: ensure wallet files are not reused across chains

5f213213cb tests: add tests for cross-chain wallet use prevention (Seibart Nedor)
968765973b wallet: ensure wallet files are not reused across chains (Seibart Nedor)

Pull request description:

  This implements a proposal in #12805 and is a rebase of #14533.

  This seems to be a working approach, but I'm not sure why the `p2p_segwit.py` functional test needed a change, so I'll look into it more.

ACKs for top commit:
  achow101:
    ACK 5f213213cb
  dongcarl:
    Code Review ACK 5f213213cb
  [deleted]:
    tACK 5f213213cb

Tree-SHA512: 2c934300f113e772fc31c16ef5588526300bbc36e4dcef7d77bd0760c5c8f0ec77f766b1bed5503eb0157fa26dc900ed54d2ad1b41863c1f736ce5c1f3b67bec
This commit is contained in:
Andrew Chow 2022-04-28 15:51:48 -04:00
commit 606ce05ec2
No known key found for this signature in database
GPG key ID: 17565732E08E5E41
6 changed files with 78 additions and 0 deletions

View file

@ -50,6 +50,7 @@ void DummyWalletInit::AddWalletOptions(ArgsManager& argsman) const
"-flushwallet",
"-privdb",
"-walletrejectlongchains",
"-walletcrosschain",
"-unsafesqlitesync",
});
}

View file

@ -94,6 +94,7 @@ void WalletInit::AddWalletOptions(ArgsManager& argsman) const
#endif
argsman.AddArg("-walletrejectlongchains", strprintf("Wallet will not create transactions that violate mempool chain limits (default: %u)", DEFAULT_WALLET_REJECT_LONG_CHAINS), ArgsManager::ALLOW_ANY | ArgsManager::DEBUG_ONLY, OptionsCategory::WALLET_DEBUG_TEST);
argsman.AddArg("-walletcrosschain", strprintf("Allow reusing wallet files across chains (default: %u)", DEFAULT_WALLETCROSSCHAIN), ArgsManager::ALLOW_ANY | ArgsManager::DEBUG_ONLY, OptionsCategory::WALLET_DEBUG_TEST);
argsman.AddHiddenArgs({"-zapwallettxes"});
}

View file

@ -2939,6 +2939,20 @@ bool CWallet::AttachChain(const std::shared_ptr<CWallet>& walletInstance, interf
assert(!walletInstance->m_chain || walletInstance->m_chain == &chain);
walletInstance->m_chain = &chain;
// Unless allowed, ensure wallet files are not reused across chains:
if (!gArgs.GetBoolArg("-walletcrosschain", DEFAULT_WALLETCROSSCHAIN)) {
WalletBatch batch(walletInstance->GetDatabase());
CBlockLocator locator;
if (batch.ReadBestBlock(locator) && locator.vHave.size() > 0 && chain.getHeight()) {
// Wallet is assumed to be from another chain, if genesis block in the active
// chain differs from the genesis block known to the wallet.
if (chain.getBlockHash(0) != locator.vHave.back()) {
error = Untranslated("Wallet files should not be reused across chains. Restart bitcoind with -walletcrosschain to override.");
return false;
}
}
}
// Register wallet with validationinterface. It's done before rescan to avoid
// missing block connections between end of rescan and validation subscribing.
// Because of wallet lock being hold, block connection notifications are going to

View file

@ -102,6 +102,7 @@ static const unsigned int DEFAULT_TX_CONFIRM_TARGET = 6;
static const bool DEFAULT_WALLET_RBF = false;
static const bool DEFAULT_WALLETBROADCAST = true;
static const bool DEFAULT_DISABLE_WALLET = false;
static const bool DEFAULT_WALLETCROSSCHAIN = false;
//! -maxtxfee default
constexpr CAmount DEFAULT_TRANSACTION_MAXFEE{COIN / 10};
//! Discourage users to set fees higher than this amount (in satoshis) per kB

View file

@ -255,6 +255,7 @@ BASE_SCRIPTS = [
'rpc_bind.py --ipv4',
'rpc_bind.py --ipv6',
'rpc_bind.py --nonloopback',
'wallet_crosschain.py',
'mining_basic.py',
'feature_signet.py',
'wallet_bumpfee.py --legacy-wallet',

View file

@ -0,0 +1,60 @@
#!/usr/bin/env python3
# Copyright (c) 2020 The Bitcoin Core developers
# Distributed under the MIT software license, see the accompanying
# file COPYING or http://www.opensource.org/licenses/mit-license.php.
import os
from test_framework.test_framework import BitcoinTestFramework
from test_framework.util import assert_raises_rpc_error
class WalletCrossChain(BitcoinTestFramework):
def set_test_params(self):
self.num_nodes = 2
self.setup_clean_chain = True
def skip_test_if_missing_module(self):
self.skip_if_no_wallet()
def setup_network(self):
self.add_nodes(self.num_nodes)
# Switch node 1 to testnet before starting it.
self.nodes[1].chain = 'testnet3'
self.nodes[1].extra_args = ['-maxconnections=0'] # disable testnet sync
with open(self.nodes[1].bitcoinconf, 'r', encoding='utf8') as conf:
conf_data = conf.read()
with open (self.nodes[1].bitcoinconf, 'w', encoding='utf8') as conf:
conf.write(conf_data.replace('regtest=', 'testnet=').replace('[regtest]', '[test]'))
self.start_nodes()
def run_test(self):
self.log.info("Creating wallets")
node0_wallet = os.path.join(self.nodes[0].datadir, 'node0_wallet')
self.nodes[0].createwallet(node0_wallet)
self.nodes[0].unloadwallet(node0_wallet)
node1_wallet = os.path.join(self.nodes[1].datadir, 'node1_wallet')
self.nodes[1].createwallet(node1_wallet)
self.nodes[1].unloadwallet(node1_wallet)
self.log.info("Loading wallets into nodes with a different genesis blocks")
if self.options.descriptors:
assert_raises_rpc_error(-18, 'Wallet file verification failed.', self.nodes[0].loadwallet, node1_wallet)
assert_raises_rpc_error(-18, 'Wallet file verification failed.', self.nodes[1].loadwallet, node0_wallet)
else:
assert_raises_rpc_error(-4, 'Wallet files should not be reused across chains.', self.nodes[0].loadwallet, node1_wallet)
assert_raises_rpc_error(-4, 'Wallet files should not be reused across chains.', self.nodes[1].loadwallet, node0_wallet)
if not self.options.descriptors:
self.log.info("Override cross-chain wallet load protection")
self.stop_nodes()
self.start_nodes([['-walletcrosschain']] * self.num_nodes)
self.nodes[0].loadwallet(node1_wallet)
self.nodes[1].loadwallet(node0_wallet)
if __name__ == '__main__':
WalletCrossChain().main()