HomePhabricator

Do not allow users to get keys from keypool without reserving them

Description

Do not allow users to get keys from keypool without reserving them

Summary:
fundrawtransaction allows users to add a change output and then
not have it removed from keypool. While it would be nice to have
users follow the normal CreateTransaction/CommitTransaction process
we use internally, there isnt much benefit in exposing this option,
especially with HD wallets, while there is ample room for users to
misunderstand or misuse this option.

This could be particularly nasty in some use-cases (especially
pre-HD-split) - eg a user might fundrawtransaction, then call
getnewaddress, hand out the address for someone to pay them, then
sendrawtransaction. This may result in the user thinking they have
received payment, even though it was really just their own change!

This could obviously result in needless key-reuse.

Backport of Core PR 10784
https://github.com/bitcoin/bitcoin/pull/10784/

Completes T609

Test Plan:
make check
test_runner.py

Reviewers: deadalnix, Fabien, jasonbcox, O1 Bitcoin ABC, #bitcoin_abc

Reviewed By: Fabien, jasonbcox, O1 Bitcoin ABC, #bitcoin_abc

Differential Revision: https://reviews.bitcoinabc.org/D2846

Details

Provenance
Matt Corallo <git@bluematt.me>Authored on Jul 10 2017, 18:29
nakihitoCommitted on May 2 2019, 00:46
nakihitoPushed on May 2 2019, 00:46
Reviewer
Restricted Owners Package
Differential Revision
D2846: Do not allow users to get keys from keypool without reserving them
Parents
rABCccd24fa57eec: nits in lcg_tests
Branches
Unknown
Tags
Unknown

Event Timeline

Nico Guiton <nico@bitframe.org> committed rABCeaab0222ef8e: Do not allow users to get keys from keypool without reserving them (authored by Matt Corallo <git@bluematt.me>).May 2 2019, 00:46