The remaining uses of `assert!(matches!(...))` are all in cases where
for some reason the `assert_matches` macro interferes with correct
type inference.
The change selection algorithm has the most useful information for
determining whether or not a note is dust, so this adds a new error case
to `ChangeError` that allows the change selection to report the presence
of input notes without economic value back to its caller.
This adds a set of abstractions that allow wallets to provide
independent strategies for fee estimation and note selection, and
implementations of these strategies that perform these operations in the
same fashion as the existing `spend` and `shield_transparent_funds`
functions.
This required a somewhat hefty rework of the error handling in
zcash_client_backend. It fixes an issue with the error types whereby
callees needed to have a bit too much information about the error
types produced by their callers.
Reflect the updated note selection and error handling in zcash_client_sqlite.
Previously, `shield_transparent_funds` was only shielding funds
associated with the legacy default transparent address. This meant
that transparent funds sent to unified addresses could not reliably
be shielded, as a unified address will frequently be constructed
using a diversifier index greater than zero.
This modifies the `get_transparent_receivers` method to return address
metadata containing the account ID and diversifier index used to derive
each address along with the receiver.
The legacy transparent address is never added to the `addresses` table,
but we still need to be able to receive UTXOs sent to that address. So,
we add a special case for when a UTXO matches that legacy address, and
set the account ID to 0 manually.
This modifies `decrypt_and_store_transaction` to check for inputs
to a transaction being decrypted that correspond to utxos known
to our wallet. For each such UTXO found, it is marked spent.
These traits introduce a problem, in that constraints on a method cannot
be conditionally required based upon the presence or absence of a
feature flag. Instead, we make the methods previously introduced by
the removed traits present in all cases on the `WalletRead` and
`WalletWrite` traits, but ensure that their implementations return
an error if the caller attempts to use them in a wallet that has not
been configured with support for transparent inputs functionality.
Due to how the wallets retrieved unspent transparent outputs from the
light wallet server, the account associated with a particular UTXO may
not be known by the light wallet. Instead of requiring the caller to
perform a separate lookup and match the address of the received UTXO
with a known account, it's simpler to perform this lookup internally at
the time of insertion or update.
In order to make this operation more efficient, the `addresses_table`
migration is modified to add a column to cache the transparent receiver
so that it may be used in the joins in the UTXO insert and update
operations.
Since our migrations form a DAG, it doesn't make sense to only allow a
single migration to be specified for wallet initialization; instead,
allow multiple migrations so that one can hit all the desired leaves.
This adds sent and received note count information, transaction fees,
account information, and makes the information returned about sent
notes and received notes consistent with one another.
The currently deprecated implementations of `insert_sent_utxo`,
`insert_sent_note`, `put_sent_utxo` and `put_sent_note` all store to the
same `sent_notes` table internally. Since there's no immediate plan to
change this arrangement, it's better to have a single pair of internal
`insert_sent_output` and `put_sent_output` methods instead.
The previous approach to UTXO handling involved UTXO data being
deleted from the wallet after the relevant UTXOs had been spent.
However, this means that we can no longer accurately compute
transaction fees for the transactions spending those UTXOs.
The `net_value` of the resulting rows in v_transactions will be
null.
The `MAX` SQLite function returns `null` when the table is empty. The
code was expecting zero rows to be returned in this case, and was trying
to parse the `null` as an integer.
This updates the data access API to provide diversified address
functionality. In order to support this change, the addresses table
is updated to store diversifier index information in big-endian order
to allow sorting by diversifier index, and account initialization
is updated to store the diversifier index accordingly. The currently
unreleased `addresses_table` migration is updated to reflect this
change.
We don't need to store a bunch of copies of the empty memo, and code
should not be depending upon the presence or absence of a memo to
distinguish between different states of transaction retrieval.
The raw serialized transaction data for a transaction is not always
guaranteed to be present, and we cannot correctly calculate the fee
paid by a transaction if we don't have the raw data. For such rows
that contain only transaction metadata, the fee information will be
added at the same time the raw transaction data is added.
This fixes a bug in the logic ported from the Android SDK: it was
possible to remove a transaction in the middle of a chain, which would
cause a long-spent note to become unspent and cause the wallet balance
to be over-counted. We now restrict transaction removal to unmined
transactions, which is sufficient for the Android SDK use cases.
This is to replace the database mutations in the Android SDK. It is
placed behind an `unstable` feature flag until we are satisfied that it
is suitable as a general-purpose API (or replace it).
This adds tests that verifies that migrations can run successfully
against databases in the following states:
* created by release version 0.3.0
* created by the `autoshielding_poc` branch
* created by current `main` prior to addition of migrations
This replaces the current wallet initialization code with a migration
that brings the database up to the state produced by release 0.3.0.
A subsequent commit will add migrations that correctly produce the
database state as of zcash/librustzcash@602270cb1f.
Fixes#369
Nullifier computation only requires the nullifier deriving key,
not the entire Sapling viewing key. This separation of concerns
will be needed for batch decryption when wallet-internal keys
will need to be considered.
We also add support for parsing Orchard full viewing keys from encoded
UFVKs (rather than treating them as unknown). `UnifiedSpendingKey` still
does not have Orchard support, so `UnifiedFullViewingKey`s will be
generated without Orchard components.
Per ZIP 316, the Sapling FVK Encoding only includes `(ak, nk, ovk, dk)`
which is a subset of the Sapling `ExtendedFullViewingKey`. We therefore
need to use `DiversifiableFullViewingKey` inside `UnifiedFullViewingKey`
in order to make it parseable from the UFVK string encoding.
`zcash_client_sqlite::wallet::get_extended_full_viewing_keys` has been
removed as a consequence of this change: we can no longer reconstruct
the correct `ExtendedFullViewingKey` from the `UnifiedFullViewingKey`.
The account number is not stored in the ZIP 316 UFVK encoding, and in
general won't necessarily be known (e.g. if a UFVK is being imported
into a wallet).
`zcash_client_sqlite::wallet::init::init_accounts_table` reverts to its
previous behaviour of requiring the provided `&[UnifiedFullViewingKey]`
to be indexed by account number.
This is a breaking change to the database format. We don't have support
for migrations yet, so existing wallets won't work after this commit
until zcash/librustzcash#489 is done.
`protobuf 2.26` raised its MSRV to 1.52.1, which we are now above.
`protobuf 2.27.0` raised its MSRV to 1.55.0, but this was reverted in
`protobuf 2.27.1`. In any case, it's clear this dependency bumps MSRV in
minor releases, so we should use tilde requirements for it.
This updates UnifiedFullViewingKey to conform to ZIP 316, and
adds types that facilitate this support. These types should likely
be factored out from `zcash_client_backend` into `zcash_primitives`
along with the remainder of the existing unified address support.
Requires patching three dependencies:
- bellman is pending a new release.
- nom is part of the funty breakage; we are blocking on a new release.
- orchard is in development.
We need to recreate the table each time it is cleared to handle any migrations. This is mostly a stop-gap measure until the migrations and table creations are handled by the same code.
Add retrieval of transparent UTXOs to WalletRead
Co-authored-by: Kris Nuttycombe <kris@electriccoin.co>
Co-authored-by: Kevin Gorham <anothergmale@gmail.com>
This change modifies note encryption and decryption functions
to treat a shielded output as a single value instead of handling
the parts of an output as independent arguments.
Kris Nuttycombe
Jack Grigg
Francisco Gindre
Sean Bowe
Kris Nuttycombe
Daira Hopwood
therealyingtong
Kris Nuttycombe
Kevin Gorham