Page MenuHomePhabricator

Fix RPC signrawtransaction silently accepting missing amount field, make it throw an error instead
ClosedPublic

Authored by CCulianu on Aug 8 2017, 17:11.

Details

Summary

After hard fork, replay protected tx's require the amount field to be non-zero for previous outputs in signed tx's. JSON RPC code was accepting transactions with this field missing when it should have been throwing an error. Users had the impression the transaction that was signed was good, but when trying to sent to network, they would get an error that the tx is bad. See github issue https://github.com/Bitcoin-ABC/bitcoin-abc/issues/63.

Depends on D448

Test Plan

Depends on D448

make check and also rpc-tests.py

Diff Detail

Repository
rABC Bitcoin ABC
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

CCulianu edited the test plan for this revision. (Show Details)
CCulianu retitled this revision from Fix RPC signrawtransaction silently accepting missing amount field, make it throw an error instead AbandonedPublic to Fix RPC signrawtransaction silently accepting missing amount field, make it throw an error instead.

You did not need to create a new diff. You could just have rebased the existing one.

qa/rpc-tests/signrawtransactions.py
39 ↗(On Diff #1112)

Where does these amount come from ?

95 ↗(On Diff #1112)

dito

src/rpc/rawtransaction.cpp
912 ↗(On Diff #1112)

I think we should just keep it a number. This is what the spec says and having to handle various string may lead to bad surprises down the road.

960 ↗(On Diff #1112)

likestamp

src/test/rpc_tests.cpp
195 ↗(On Diff #1112)

C++ tests >> python tests.

qa/rpc-tests/signrawtransactions.py
39 ↗(On Diff #1112)

They are invented out of thin air -- it is a test after all to see if a tx signs. This tx doesn't have to be valid or use valid inputs or anything. It's just testing the rpc signing code.

I hope that's ok...

src/rpc/rawtransaction.cpp
912 ↗(On Diff #1112)

Well as a general rule I'm all in favor of software being flexible with slightly malformed inputs if there isn't too much overhead in supporting them and if the intent is clear... so in that spirit I guess supporting both "2.002" and 2.002 is a decent idea.

This is especially in light of the fact that it would be an API change to make it more strict -- actually I am not sure how old this API is, but Core, for example, supports both forms.

Other people care to chime in on this?

Updated permissions on signrawtransaction.py to +x

src/rpc/rawtransaction.cpp
912 ↗(On Diff #1112)

But then we have all kind of edge cases when JS already handle that for us and provide a standard for numbers.

src/rpc/rawtransaction.cpp
912 ↗(On Diff #1112)

Well existing functionality accepted both. Let's just leave it to work like existing, why make things harder for people that already wrote code against this RPC server?

src/rpc/rawtransaction.cpp
912 ↗(On Diff #1112)

Because then the API becomes dependent of implementation details of AmountFromValue .

Got rid of redundant check for MoneyValue (AmountFromValue already did that), expanded on comments

This revision is now accepted and ready to land.Aug 10 2017, 10:57
This revision was automatically updated to reflect the committed changes.