2015-02-04 16:11:44 -08:00
|
|
|
|
// Copyright (c) 2009-2010 Satoshi Nakamoto
|
|
|
|
|
|
// Copyright (c) 2009-2014 The Bitcoin Core developers
|
2022-05-11 16:23:09 -07:00
|
|
|
|
// Copyright (c) 2016-2022 The Zcash developers
|
2015-02-04 16:11:44 -08:00
|
|
|
|
// Distributed under the MIT software license, see the accompanying
|
2019-07-18 07:16:09 -07:00
|
|
|
|
// file COPYING or https://www.opensource.org/licenses/mit-license.php .
|
2015-02-04 16:11:44 -08:00
|
|
|
|
|
|
|
|
|
|
#include "validationinterface.h"
|
|
|
|
|
|
|
2019-11-20 06:16:58 -08:00
|
|
|
|
#include "chainparams.h"
|
2019-11-21 12:09:06 -08:00
|
|
|
|
#include "init.h"
|
|
|
|
|
|
#include "main.h"
|
2019-11-20 04:52:58 -08:00
|
|
|
|
#include "txmempool.h"
|
2019-11-21 12:09:06 -08:00
|
|
|
|
#include "ui_interface.h"
|
2019-11-20 04:52:58 -08:00
|
|
|
|
|
|
|
|
|
|
#include <boost/thread.hpp>
|
|
|
|
|
|
|
|
|
|
|
|
#include <chrono>
|
|
|
|
|
|
#include <thread>
|
|
|
|
|
|
|
2020-10-01 04:09:02 -07:00
|
|
|
|
using namespace boost::placeholders;
|
|
|
|
|
|
|
2015-02-04 16:11:44 -08:00
|
|
|
|
static CMainSignals g_signals;
|
|
|
|
|
|
|
|
|
|
|
|
CMainSignals& GetMainSignals()
|
|
|
|
|
|
{
|
|
|
|
|
|
return g_signals;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
void RegisterValidationInterface(CValidationInterface* pwalletIn) {
|
2015-05-07 07:49:00 -07:00
|
|
|
|
g_signals.UpdatedBlockTip.connect(boost::bind(&CValidationInterface::UpdatedBlockTip, pwalletIn, _1));
|
2022-07-18 08:37:44 -07:00
|
|
|
|
g_signals.GetBatchScanner.connect(boost::bind(&CValidationInterface::GetBatchScanner, pwalletIn));
|
2020-07-04 08:33:23 -07:00
|
|
|
|
g_signals.SyncTransaction.connect(boost::bind(&CValidationInterface::SyncTransaction, pwalletIn, _1, _2, _3));
|
2015-02-04 16:11:44 -08:00
|
|
|
|
g_signals.EraseTransaction.connect(boost::bind(&CValidationInterface::EraseFromWallet, pwalletIn, _1));
|
|
|
|
|
|
g_signals.UpdatedTransaction.connect(boost::bind(&CValidationInterface::UpdatedTransaction, pwalletIn, _1));
|
2019-11-21 09:00:22 -08:00
|
|
|
|
g_signals.ChainTip.connect(boost::bind(&CValidationInterface::ChainTip, pwalletIn, _1, _2, _3));
|
2015-02-04 16:11:44 -08:00
|
|
|
|
g_signals.Inventory.connect(boost::bind(&CValidationInterface::Inventory, pwalletIn, _1));
|
2015-03-23 10:47:18 -07:00
|
|
|
|
g_signals.Broadcast.connect(boost::bind(&CValidationInterface::ResendWalletTransactions, pwalletIn, _1));
|
2015-02-04 16:11:44 -08:00
|
|
|
|
g_signals.BlockChecked.connect(boost::bind(&CValidationInterface::BlockChecked, pwalletIn, _1, _2));
|
2019-05-17 15:36:32 -07:00
|
|
|
|
g_signals.AddressForMining.connect(boost::bind(&CValidationInterface::GetAddressForMining, pwalletIn, _1));
|
2015-07-01 07:06:49 -07:00
|
|
|
|
g_signals.BlockFound.connect(boost::bind(&CValidationInterface::ResetRequestCount, pwalletIn, _1));
|
2015-02-04 16:11:44 -08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
void UnregisterValidationInterface(CValidationInterface* pwalletIn) {
|
2015-07-01 07:06:49 -07:00
|
|
|
|
g_signals.BlockFound.disconnect(boost::bind(&CValidationInterface::ResetRequestCount, pwalletIn, _1));
|
2019-05-17 15:36:32 -07:00
|
|
|
|
g_signals.AddressForMining.disconnect(boost::bind(&CValidationInterface::GetAddressForMining, pwalletIn, _1));
|
2015-02-04 16:11:44 -08:00
|
|
|
|
g_signals.BlockChecked.disconnect(boost::bind(&CValidationInterface::BlockChecked, pwalletIn, _1, _2));
|
2015-03-23 10:47:18 -07:00
|
|
|
|
g_signals.Broadcast.disconnect(boost::bind(&CValidationInterface::ResendWalletTransactions, pwalletIn, _1));
|
2015-02-04 16:11:44 -08:00
|
|
|
|
g_signals.Inventory.disconnect(boost::bind(&CValidationInterface::Inventory, pwalletIn, _1));
|
2019-11-21 09:00:22 -08:00
|
|
|
|
g_signals.ChainTip.disconnect(boost::bind(&CValidationInterface::ChainTip, pwalletIn, _1, _2, _3));
|
2015-02-04 16:11:44 -08:00
|
|
|
|
g_signals.UpdatedTransaction.disconnect(boost::bind(&CValidationInterface::UpdatedTransaction, pwalletIn, _1));
|
|
|
|
|
|
g_signals.EraseTransaction.disconnect(boost::bind(&CValidationInterface::EraseFromWallet, pwalletIn, _1));
|
2020-07-04 08:33:23 -07:00
|
|
|
|
g_signals.SyncTransaction.disconnect(boost::bind(&CValidationInterface::SyncTransaction, pwalletIn, _1, _2, _3));
|
2022-07-18 08:37:44 -07:00
|
|
|
|
g_signals.GetBatchScanner.disconnect(boost::bind(&CValidationInterface::GetBatchScanner, pwalletIn));
|
2015-05-07 07:49:00 -07:00
|
|
|
|
g_signals.UpdatedBlockTip.disconnect(boost::bind(&CValidationInterface::UpdatedBlockTip, pwalletIn, _1));
|
2015-02-04 16:11:44 -08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
void UnregisterAllValidationInterfaces() {
|
2015-04-10 03:49:01 -07:00
|
|
|
|
g_signals.BlockFound.disconnect_all_slots();
|
2019-05-17 15:36:32 -07:00
|
|
|
|
g_signals.AddressForMining.disconnect_all_slots();
|
2015-02-04 16:11:44 -08:00
|
|
|
|
g_signals.BlockChecked.disconnect_all_slots();
|
|
|
|
|
|
g_signals.Broadcast.disconnect_all_slots();
|
|
|
|
|
|
g_signals.Inventory.disconnect_all_slots();
|
2016-08-23 20:52:43 -07:00
|
|
|
|
g_signals.ChainTip.disconnect_all_slots();
|
2015-02-04 16:11:44 -08:00
|
|
|
|
g_signals.UpdatedTransaction.disconnect_all_slots();
|
|
|
|
|
|
g_signals.EraseTransaction.disconnect_all_slots();
|
|
|
|
|
|
g_signals.SyncTransaction.disconnect_all_slots();
|
2022-07-18 08:37:44 -07:00
|
|
|
|
g_signals.GetBatchScanner.disconnect_all_slots();
|
2015-05-07 07:49:00 -07:00
|
|
|
|
g_signals.UpdatedBlockTip.disconnect_all_slots();
|
2015-02-04 16:11:44 -08:00
|
|
|
|
}
|
|
|
|
|
|
|
2022-07-18 08:37:44 -07:00
|
|
|
|
void AddTxToBatches(
|
|
|
|
|
|
std::vector<BatchScanner*> &batchScanners,
|
|
|
|
|
|
const CTransaction &tx,
|
wallet: Domain-separate batched txids with a "block tag"
Previously when a transaction was queried for batch trial decryption, we
identified it by its txid. This is sufficient to uniquely identify the
transaction within the wallet, but was _not_ sufficient to uniquely
identify it within a `ThreadNotifyWallets` loop. In particular, when a
reorg occurs, and the same transaction is present in blocks on both
sides of the reorg (or is reorged into the mempool and then conflicted
out):
- The first occurrence would batch the transaction's outputs and store a
result receiver.
- The second occurrence would overwrite the first occurrence's result
receiver with its own.
- The first occurrence would read the second's result receiver (which
has identical results to the first batch), removing it from the
`pending_results` map.
- The second occurrence would not find any receiver in the map, and
would mark the transaction as having no decrypted results.
We fix this by annotating each batched transaction with the hash of the
block that triggered it being trial-decrypted: either the block being
disconnected, the block being connected, or the null hash to indicate
a new transaction in the mempool. This is sufficient to domain-separate
all possible sources of duplicate txids:
- If a transaction is moved to the mempool via a block disconnection, or
from the mempool (either mined or conflicted) via a block connection,
its txid will appear twice: once with the block in question's hash,
and once with the null hash.
- If a transaction is present in both a disconnected and a connected
block (mined on both sides of the fork), its txid will appear twice:
once each with the two block's txids.
Both of the above rely on the assumption that block hashes are collision
resistant, which in turn relies on SHA-256 being collision resistant.
2022-07-22 07:38:34 -07:00
|
|
|
|
const uint256 &blockTag,
|
2022-07-18 08:37:44 -07:00
|
|
|
|
const int nHeight)
|
|
|
|
|
|
{
|
|
|
|
|
|
CDataStream ssTx(SER_NETWORK, PROTOCOL_VERSION);
|
|
|
|
|
|
ssTx << tx;
|
|
|
|
|
|
std::vector<unsigned char> txBytes(ssTx.begin(), ssTx.end());
|
|
|
|
|
|
for (auto& batchScanner : batchScanners) {
|
wallet: Domain-separate batched txids with a "block tag"
Previously when a transaction was queried for batch trial decryption, we
identified it by its txid. This is sufficient to uniquely identify the
transaction within the wallet, but was _not_ sufficient to uniquely
identify it within a `ThreadNotifyWallets` loop. In particular, when a
reorg occurs, and the same transaction is present in blocks on both
sides of the reorg (or is reorged into the mempool and then conflicted
out):
- The first occurrence would batch the transaction's outputs and store a
result receiver.
- The second occurrence would overwrite the first occurrence's result
receiver with its own.
- The first occurrence would read the second's result receiver (which
has identical results to the first batch), removing it from the
`pending_results` map.
- The second occurrence would not find any receiver in the map, and
would mark the transaction as having no decrypted results.
We fix this by annotating each batched transaction with the hash of the
block that triggered it being trial-decrypted: either the block being
disconnected, the block being connected, or the null hash to indicate
a new transaction in the mempool. This is sufficient to domain-separate
all possible sources of duplicate txids:
- If a transaction is moved to the mempool via a block disconnection, or
from the mempool (either mined or conflicted) via a block connection,
its txid will appear twice: once with the block in question's hash,
and once with the null hash.
- If a transaction is present in both a disconnected and a connected
block (mined on both sides of the fork), its txid will appear twice:
once each with the two block's txids.
Both of the above rely on the assumption that block hashes are collision
resistant, which in turn relies on SHA-256 being collision resistant.
2022-07-22 07:38:34 -07:00
|
|
|
|
batchScanner->AddTransaction(tx, txBytes, blockTag, nHeight);
|
2022-07-18 08:37:44 -07:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
void FlushBatches(std::vector<BatchScanner*> &batchScanners) {
|
|
|
|
|
|
for (auto& batchScanner : batchScanners) {
|
|
|
|
|
|
batchScanner->Flush();
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
void SyncWithWallets(
|
|
|
|
|
|
std::vector<BatchScanner*> &batchScanners,
|
|
|
|
|
|
const CTransaction &tx,
|
|
|
|
|
|
const CBlock *pblock,
|
|
|
|
|
|
const int nHeight)
|
|
|
|
|
|
{
|
|
|
|
|
|
for (auto& batchScanner : batchScanners) {
|
|
|
|
|
|
batchScanner->SyncTransaction(tx, pblock, nHeight);
|
|
|
|
|
|
}
|
2020-07-04 08:33:23 -07:00
|
|
|
|
g_signals.SyncTransaction(tx, pblock, nHeight);
|
2015-02-04 16:11:44 -08:00
|
|
|
|
}
|
2019-11-20 04:52:58 -08:00
|
|
|
|
|
2019-11-21 12:09:06 -08:00
|
|
|
|
struct CachedBlockData {
|
|
|
|
|
|
CBlockIndex *pindex;
|
2022-03-31 14:15:42 -07:00
|
|
|
|
MerkleFrontiers oldTrees;
|
2019-11-21 12:09:06 -08:00
|
|
|
|
std::list<CTransaction> txConflicted;
|
|
|
|
|
|
|
|
|
|
|
|
CachedBlockData(
|
|
|
|
|
|
CBlockIndex *pindex,
|
2022-03-31 14:15:42 -07:00
|
|
|
|
MerkleFrontiers oldTrees,
|
2019-11-21 12:09:06 -08:00
|
|
|
|
std::list<CTransaction> txConflicted):
|
|
|
|
|
|
pindex(pindex), oldTrees(oldTrees), txConflicted(txConflicted) {}
|
|
|
|
|
|
};
|
2019-11-20 04:52:58 -08:00
|
|
|
|
|
2020-02-26 10:19:33 -08:00
|
|
|
|
void ThreadNotifyWallets(CBlockIndex *pindexLastTip)
|
2019-11-20 04:52:58 -08:00
|
|
|
|
{
|
2020-02-26 13:47:22 -08:00
|
|
|
|
// If pindexLastTip == nullptr, the wallet is at genesis.
|
|
|
|
|
|
// However, the genesis block is not loaded synchronously.
|
|
|
|
|
|
// We need to wait for ThreadImport to finish.
|
|
|
|
|
|
while (pindexLastTip == nullptr) {
|
|
|
|
|
|
{
|
|
|
|
|
|
LOCK(cs_main);
|
|
|
|
|
|
pindexLastTip = chainActive.Genesis();
|
|
|
|
|
|
}
|
|
|
|
|
|
MilliSleep(50);
|
|
|
|
|
|
}
|
2019-11-21 12:09:06 -08:00
|
|
|
|
|
2019-11-20 04:52:58 -08:00
|
|
|
|
while (true) {
|
|
|
|
|
|
// Run the notifier on an integer second in the steady clock.
|
|
|
|
|
|
auto now = std::chrono::steady_clock::now().time_since_epoch();
|
|
|
|
|
|
auto nextFire = std::chrono::duration_cast<std::chrono::seconds>(
|
|
|
|
|
|
now + std::chrono::seconds(1));
|
|
|
|
|
|
std::this_thread::sleep_until(
|
|
|
|
|
|
std::chrono::time_point<std::chrono::steady_clock>(nextFire));
|
|
|
|
|
|
|
|
|
|
|
|
boost::this_thread::interruption_point();
|
|
|
|
|
|
|
2019-11-21 12:09:06 -08:00
|
|
|
|
auto chainParams = Params();
|
|
|
|
|
|
|
|
|
|
|
|
//
|
2019-11-20 06:16:58 -08:00
|
|
|
|
// Collect all the state we require
|
2019-11-21 12:09:06 -08:00
|
|
|
|
//
|
|
|
|
|
|
|
|
|
|
|
|
// The common ancestor between the last chain tip we notified and the
|
|
|
|
|
|
// current chain tip.
|
|
|
|
|
|
const CBlockIndex *pindexFork;
|
|
|
|
|
|
// The stack of blocks we will notify as having been connected.
|
|
|
|
|
|
// Pushed in reverse, popped in order.
|
|
|
|
|
|
std::vector<CachedBlockData> blockStack;
|
|
|
|
|
|
// Transactions that have been recently conflicted out of the mempool.
|
2019-11-21 12:46:00 -08:00
|
|
|
|
std::pair<std::map<CBlockIndex*, std::list<CTransaction>>, uint64_t> recentlyConflicted;
|
2019-11-21 12:09:06 -08:00
|
|
|
|
// Transactions that have been recently added to the mempool.
|
|
|
|
|
|
std::pair<std::vector<CTransaction>, uint64_t> recentlyAdded;
|
|
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
LOCK(cs_main);
|
|
|
|
|
|
|
|
|
|
|
|
// Figure out the path from the last block we notified to the
|
|
|
|
|
|
// current chain tip.
|
|
|
|
|
|
CBlockIndex *pindex = chainActive.Tip();
|
|
|
|
|
|
pindexFork = chainActive.FindFork(pindexLastTip);
|
|
|
|
|
|
|
|
|
|
|
|
// Fetch recently-conflicted transactions. These will include any
|
|
|
|
|
|
// block that has been connected since the last cycle, but we only
|
|
|
|
|
|
// notify for the conflicts created by the current active chain.
|
|
|
|
|
|
recentlyConflicted = DrainRecentlyConflicted();
|
|
|
|
|
|
|
|
|
|
|
|
// Iterate backwards over the connected blocks we need to notify.
|
|
|
|
|
|
while (pindex && pindex != pindexFork) {
|
2022-03-31 14:15:42 -07:00
|
|
|
|
MerkleFrontiers oldFrontiers;
|
2019-11-21 12:09:06 -08:00
|
|
|
|
// Get the Sprout commitment tree as of the start of this block.
|
2022-03-31 14:15:42 -07:00
|
|
|
|
assert(pcoinsTip->GetSproutAnchorAt(pindex->hashSproutAnchor, oldFrontiers.sprout));
|
2019-11-21 12:09:06 -08:00
|
|
|
|
|
|
|
|
|
|
// Get the Sapling commitment tree as of the start of this block.
|
|
|
|
|
|
// We can get this from the `hashFinalSaplingRoot` of the last block
|
|
|
|
|
|
// However, this is only reliable if the last block was on or after
|
|
|
|
|
|
// the Sapling activation height. Otherwise, the last anchor was the
|
|
|
|
|
|
// empty root.
|
|
|
|
|
|
if (chainParams.GetConsensus().NetworkUpgradeActive(
|
|
|
|
|
|
pindex->pprev->nHeight, Consensus::UPGRADE_SAPLING)) {
|
|
|
|
|
|
assert(pcoinsTip->GetSaplingAnchorAt(
|
2022-03-31 14:15:42 -07:00
|
|
|
|
pindex->pprev->hashFinalSaplingRoot, oldFrontiers.sapling));
|
2019-11-21 12:09:06 -08:00
|
|
|
|
} else {
|
2022-03-31 14:15:42 -07:00
|
|
|
|
assert(pcoinsTip->GetSaplingAnchorAt(SaplingMerkleTree::empty_root(), oldFrontiers.sapling));
|
2019-11-21 12:09:06 -08:00
|
|
|
|
}
|
|
|
|
|
|
|
2022-03-31 14:15:42 -07:00
|
|
|
|
// Get the Orchard Merkle frontier as of the start of this block.
|
|
|
|
|
|
// We can get this from the `hashFinalOrchardRoot` of the last block
|
|
|
|
|
|
// However, this is only reliable if the last block was on or after
|
|
|
|
|
|
// the Orchard activation height. Otherwise, the last anchor was the
|
|
|
|
|
|
// empty root.
|
|
|
|
|
|
if (chainParams.GetConsensus().NetworkUpgradeActive(
|
|
|
|
|
|
pindex->pprev->nHeight, Consensus::UPGRADE_NU5)) {
|
|
|
|
|
|
assert(pcoinsTip->GetOrchardAnchorAt(
|
|
|
|
|
|
pindex->pprev->hashFinalOrchardRoot, oldFrontiers.orchard));
|
|
|
|
|
|
} else {
|
|
|
|
|
|
assert(pcoinsTip->GetOrchardAnchorAt(
|
|
|
|
|
|
OrchardMerkleFrontier::empty_root(), oldFrontiers.orchard));
|
2019-11-21 12:09:06 -08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
blockStack.emplace_back(
|
|
|
|
|
|
pindex,
|
2022-03-31 14:15:42 -07:00
|
|
|
|
oldFrontiers,
|
2022-05-26 12:59:16 -07:00
|
|
|
|
recentlyConflicted.first[pindex]);
|
2019-11-21 12:09:06 -08:00
|
|
|
|
|
|
|
|
|
|
pindex = pindex->pprev;
|
|
|
|
|
|
}
|
2019-11-20 06:16:58 -08:00
|
|
|
|
|
2019-11-21 12:09:06 -08:00
|
|
|
|
recentlyAdded = mempool.DrainRecentlyAdded();
|
|
|
|
|
|
}
|
2019-11-20 06:16:58 -08:00
|
|
|
|
|
2019-11-21 12:09:06 -08:00
|
|
|
|
//
|
2019-11-20 06:16:58 -08:00
|
|
|
|
// Execute wallet logic based on the collected state. We MUST NOT take
|
2019-12-17 09:11:05 -08:00
|
|
|
|
// the cs_main or mempool.cs locks again until after the next sleep;
|
|
|
|
|
|
// doing so introduces a locking side-channel between this code and the
|
|
|
|
|
|
// network message processing thread.
|
2019-11-21 12:09:06 -08:00
|
|
|
|
//
|
|
|
|
|
|
|
2022-07-18 08:37:44 -07:00
|
|
|
|
// The wallet inherited from Bitcoin Core was built around the following
|
|
|
|
|
|
// general workflow for moving from one chain tip to another:
|
|
|
|
|
|
//
|
|
|
|
|
|
// - For each block in the old chain, from its tip to the fork point:
|
|
|
|
|
|
// - For each transaction in the block:
|
|
|
|
|
|
// - 1️⃣ Trial-decrypt the transaction's shielded outputs.
|
|
|
|
|
|
// - If the transaction belongs to the wallet:
|
|
|
|
|
|
// - 2️⃣ Add or update the transaction, and mark it as dirty.
|
|
|
|
|
|
// - Update the wallet's view of the chain tip.
|
|
|
|
|
|
// - 3️⃣ In `zcashd`, this is when we decrement note witnesses.
|
|
|
|
|
|
// - For each block in the new chain, from the fork point to its tip:
|
|
|
|
|
|
// - For each transaction that became conflicted by this block:
|
|
|
|
|
|
// - 4️⃣ Trial-decrypt the transaction's shielded outputs.
|
|
|
|
|
|
// - If the transaction belongs to the wallet:
|
|
|
|
|
|
// - 5️⃣ Add or update the transaction, and mark it as dirty.
|
|
|
|
|
|
// - For each transaction in the block:
|
|
|
|
|
|
// - 6️⃣ Trial-decrypt the transaction's shielded outputs.
|
|
|
|
|
|
// - If the transaction belongs to the wallet:
|
|
|
|
|
|
// - 7️⃣ Add or update the transaction, and mark it as dirty.
|
|
|
|
|
|
// - Update the wallet's view of the chain tip.
|
|
|
|
|
|
// - 8️⃣ In `zcashd`, this is when we increment note witnesses.
|
|
|
|
|
|
// - For each transaction in the mempool:
|
|
|
|
|
|
// - 9️⃣ Trial-decrypt the transaction's shielded outputs.
|
|
|
|
|
|
// - If the transaction belongs to the wallet:
|
|
|
|
|
|
// - 🅰️ Add or update the transaction, and mark it as dirty.
|
|
|
|
|
|
//
|
|
|
|
|
|
// Steps 2️⃣, 3️⃣, 5️⃣, 7️⃣, 8️⃣, and 🅰️ are where wallet state is updated,
|
|
|
|
|
|
// and the relative order of these updates must be preserved in order to
|
|
|
|
|
|
// avoid breaking any internal assumptions that the wallet makes.
|
|
|
|
|
|
//
|
|
|
|
|
|
// Steps 1️⃣, 4️⃣, 6️⃣, and 9️⃣ can be performed at any time, as long as
|
|
|
|
|
|
// their results are available when their respective conditionals are
|
|
|
|
|
|
// evaluated. We therefore refactor the above workflow to enable the
|
|
|
|
|
|
// trial-decryption work to be batched and parallelised:
|
|
|
|
|
|
//
|
|
|
|
|
|
// - For each block in the old chain, from its tip to the fork point:
|
|
|
|
|
|
// - For each transaction in the block:
|
|
|
|
|
|
// - Accumulate its Sprout, Sapling, and Orchard outputs.
|
|
|
|
|
|
// - For each block in the new chain, from the fork point to its tip:
|
|
|
|
|
|
// - For each transaction that became conflicted by this block:
|
|
|
|
|
|
// - Accumulate its Sprout, Sapling, and Orchard outputs.
|
|
|
|
|
|
// - For each transaction in the block:
|
|
|
|
|
|
// - Accumulate its Sprout, Sapling, and Orchard outputs.
|
|
|
|
|
|
//
|
|
|
|
|
|
// - 1️⃣4️⃣6️⃣9️⃣ Trial-decrypt the Sprout, Sapling, and Orchard outputs.
|
|
|
|
|
|
// - This can split up and batch the work however is most efficient.
|
|
|
|
|
|
//
|
|
|
|
|
|
// - For each block in the old chain, from its tip to the fork point:
|
|
|
|
|
|
// - For each transaction in the block:
|
|
|
|
|
|
// - If the transaction has decrypted outputs, or transparent inputs
|
|
|
|
|
|
// that belong to the wallet:
|
|
|
|
|
|
// - 2️⃣ Add or update the transaction, and mark it as dirty.
|
|
|
|
|
|
// - Update the wallet's view of the chain tip.
|
|
|
|
|
|
// - 3️⃣ In `zcashd`, this is when we decrement note witnesses.
|
|
|
|
|
|
// - For each block in the new chain, from the fork point to its tip:
|
|
|
|
|
|
// - For each transaction that became conflicted by this block:
|
|
|
|
|
|
// - If the transaction has decrypted outputs, or transparent inputs
|
|
|
|
|
|
// that belong to the wallet:
|
|
|
|
|
|
// - 5️⃣ Add or update the transaction, and mark it as dirty.
|
|
|
|
|
|
// - For each transaction in the block:
|
|
|
|
|
|
// - If the transaction has decrypted outputs, or transparent inputs
|
|
|
|
|
|
// that belong to the wallet:
|
|
|
|
|
|
// - 7️⃣ Add or update the transaction, and mark it as dirty.
|
|
|
|
|
|
// - Update the wallet's view of the chain tip.
|
|
|
|
|
|
// - 8️⃣ In `zcashd`, this is when we increment note witnesses.
|
|
|
|
|
|
// - For each transaction in the mempool:
|
|
|
|
|
|
// - If the transaction has decrypted outputs, or transparent inputs
|
|
|
|
|
|
// that belong to the wallet:
|
|
|
|
|
|
// - 🅰️ Add or update the transaction, and mark it as dirty.
|
|
|
|
|
|
|
|
|
|
|
|
// Get a new handle to the BatchScanner for each listener in each loop.
|
|
|
|
|
|
// This allows the listeners to alter their scanning logic over time,
|
|
|
|
|
|
// for example to add new incoming viewing keys.
|
|
|
|
|
|
auto batchScanners = GetMainSignals().GetBatchScanner();
|
|
|
|
|
|
|
|
|
|
|
|
if (!batchScanners.empty()) {
|
|
|
|
|
|
// Batch the shielded outputs across all blocks being processed.
|
|
|
|
|
|
// TODO: We can probably not bother trial-decrypting transactions
|
|
|
|
|
|
// in blocks being disconnected, or that are becoming conflicted,
|
|
|
|
|
|
// instead doing a plain "is this tx in the wallet" check. However,
|
|
|
|
|
|
// the logic in AddToWalletIfInvolvingMe would need to be carefully
|
|
|
|
|
|
// checked to ensure its side-effects are correctly preserved, so
|
|
|
|
|
|
// for now we maintain the previous behaviour of trial-decrypting
|
|
|
|
|
|
// everything.
|
|
|
|
|
|
|
|
|
|
|
|
// Batch block disconnects.
|
|
|
|
|
|
auto pindexScan = pindexLastTip;
|
|
|
|
|
|
while (pindexScan && pindexScan != pindexFork) {
|
|
|
|
|
|
// Read block from disk.
|
|
|
|
|
|
CBlock block;
|
|
|
|
|
|
if (!ReadBlockFromDisk(block, pindexScan, chainParams.GetConsensus())) {
|
|
|
|
|
|
LogPrintf(
|
|
|
|
|
|
"*** %s: Failed to read block %s while collecting shielded outputs",
|
|
|
|
|
|
__func__, pindexScan->GetBlockHash().GetHex());
|
|
|
|
|
|
uiInterface.ThreadSafeMessageBox(
|
2022-08-16 10:27:41 -07:00
|
|
|
|
strprintf(_("Error: A fatal internal error occurred, see %s for details"), GetDebugLogPath()),
|
2022-07-18 08:37:44 -07:00
|
|
|
|
"", CClientUIInterface::MSG_ERROR);
|
|
|
|
|
|
StartShutdown();
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Batch transactions that went from 1-confirmed to 0-confirmed
|
|
|
|
|
|
// or conflicted.
|
|
|
|
|
|
for (const CTransaction &tx : block.vtx) {
|
wallet: Domain-separate batched txids with a "block tag"
Previously when a transaction was queried for batch trial decryption, we
identified it by its txid. This is sufficient to uniquely identify the
transaction within the wallet, but was _not_ sufficient to uniquely
identify it within a `ThreadNotifyWallets` loop. In particular, when a
reorg occurs, and the same transaction is present in blocks on both
sides of the reorg (or is reorged into the mempool and then conflicted
out):
- The first occurrence would batch the transaction's outputs and store a
result receiver.
- The second occurrence would overwrite the first occurrence's result
receiver with its own.
- The first occurrence would read the second's result receiver (which
has identical results to the first batch), removing it from the
`pending_results` map.
- The second occurrence would not find any receiver in the map, and
would mark the transaction as having no decrypted results.
We fix this by annotating each batched transaction with the hash of the
block that triggered it being trial-decrypted: either the block being
disconnected, the block being connected, or the null hash to indicate
a new transaction in the mempool. This is sufficient to domain-separate
all possible sources of duplicate txids:
- If a transaction is moved to the mempool via a block disconnection, or
from the mempool (either mined or conflicted) via a block connection,
its txid will appear twice: once with the block in question's hash,
and once with the null hash.
- If a transaction is present in both a disconnected and a connected
block (mined on both sides of the fork), its txid will appear twice:
once each with the two block's txids.
Both of the above rely on the assumption that block hashes are collision
resistant, which in turn relies on SHA-256 being collision resistant.
2022-07-22 07:38:34 -07:00
|
|
|
|
AddTxToBatches(batchScanners, tx, block.GetHash(), pindexScan->nHeight);
|
2022-07-18 08:37:44 -07:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// On to the next block!
|
|
|
|
|
|
pindexScan = pindexScan->pprev;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Batch block connections. Process blockStack in the same order we
|
|
|
|
|
|
// do below, so batched work can be completed in roughly the order
|
|
|
|
|
|
// we need it.
|
|
|
|
|
|
for (auto it = blockStack.rbegin(); it != blockStack.rend(); ++it) {
|
|
|
|
|
|
const auto& blockData = *it;
|
|
|
|
|
|
|
|
|
|
|
|
// Read block from disk.
|
|
|
|
|
|
CBlock block;
|
|
|
|
|
|
if (!ReadBlockFromDisk(block, blockData.pindex, chainParams.GetConsensus())) {
|
|
|
|
|
|
LogPrintf(
|
|
|
|
|
|
"*** %s: Failed to read block %s while collecting shielded outputs from block connects",
|
|
|
|
|
|
__func__, blockData.pindex->GetBlockHash().GetHex());
|
|
|
|
|
|
uiInterface.ThreadSafeMessageBox(
|
2022-08-16 10:27:41 -07:00
|
|
|
|
strprintf(_("Error: A fatal internal error occurred, see %s for details"), GetDebugLogPath()),
|
2022-07-18 08:37:44 -07:00
|
|
|
|
"", CClientUIInterface::MSG_ERROR);
|
|
|
|
|
|
StartShutdown();
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Batch transactions that went from mempool to conflicted:
|
|
|
|
|
|
for (const CTransaction &tx : blockData.txConflicted) {
|
wallet: Domain-separate batched txids with a "block tag"
Previously when a transaction was queried for batch trial decryption, we
identified it by its txid. This is sufficient to uniquely identify the
transaction within the wallet, but was _not_ sufficient to uniquely
identify it within a `ThreadNotifyWallets` loop. In particular, when a
reorg occurs, and the same transaction is present in blocks on both
sides of the reorg (or is reorged into the mempool and then conflicted
out):
- The first occurrence would batch the transaction's outputs and store a
result receiver.
- The second occurrence would overwrite the first occurrence's result
receiver with its own.
- The first occurrence would read the second's result receiver (which
has identical results to the first batch), removing it from the
`pending_results` map.
- The second occurrence would not find any receiver in the map, and
would mark the transaction as having no decrypted results.
We fix this by annotating each batched transaction with the hash of the
block that triggered it being trial-decrypted: either the block being
disconnected, the block being connected, or the null hash to indicate
a new transaction in the mempool. This is sufficient to domain-separate
all possible sources of duplicate txids:
- If a transaction is moved to the mempool via a block disconnection, or
from the mempool (either mined or conflicted) via a block connection,
its txid will appear twice: once with the block in question's hash,
and once with the null hash.
- If a transaction is present in both a disconnected and a connected
block (mined on both sides of the fork), its txid will appear twice:
once each with the two block's txids.
Both of the above rely on the assumption that block hashes are collision
resistant, which in turn relies on SHA-256 being collision resistant.
2022-07-22 07:38:34 -07:00
|
|
|
|
AddTxToBatches(
|
|
|
|
|
|
batchScanners,
|
|
|
|
|
|
tx,
|
|
|
|
|
|
blockData.pindex->GetBlockHash(),
|
|
|
|
|
|
blockData.pindex->nHeight + 1);
|
2022-07-18 08:37:44 -07:00
|
|
|
|
}
|
|
|
|
|
|
// ... and transactions that got confirmed:
|
|
|
|
|
|
for (const CTransaction &tx : block.vtx) {
|
wallet: Domain-separate batched txids with a "block tag"
Previously when a transaction was queried for batch trial decryption, we
identified it by its txid. This is sufficient to uniquely identify the
transaction within the wallet, but was _not_ sufficient to uniquely
identify it within a `ThreadNotifyWallets` loop. In particular, when a
reorg occurs, and the same transaction is present in blocks on both
sides of the reorg (or is reorged into the mempool and then conflicted
out):
- The first occurrence would batch the transaction's outputs and store a
result receiver.
- The second occurrence would overwrite the first occurrence's result
receiver with its own.
- The first occurrence would read the second's result receiver (which
has identical results to the first batch), removing it from the
`pending_results` map.
- The second occurrence would not find any receiver in the map, and
would mark the transaction as having no decrypted results.
We fix this by annotating each batched transaction with the hash of the
block that triggered it being trial-decrypted: either the block being
disconnected, the block being connected, or the null hash to indicate
a new transaction in the mempool. This is sufficient to domain-separate
all possible sources of duplicate txids:
- If a transaction is moved to the mempool via a block disconnection, or
from the mempool (either mined or conflicted) via a block connection,
its txid will appear twice: once with the block in question's hash,
and once with the null hash.
- If a transaction is present in both a disconnected and a connected
block (mined on both sides of the fork), its txid will appear twice:
once each with the two block's txids.
Both of the above rely on the assumption that block hashes are collision
resistant, which in turn relies on SHA-256 being collision resistant.
2022-07-22 07:38:34 -07:00
|
|
|
|
AddTxToBatches(
|
|
|
|
|
|
batchScanners,
|
|
|
|
|
|
tx,
|
|
|
|
|
|
blockData.pindex->GetBlockHash(),
|
|
|
|
|
|
blockData.pindex->nHeight);
|
2022-07-18 08:37:44 -07:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Batch transactions in the mempool.
|
2022-09-19 14:30:53 -07:00
|
|
|
|
for (auto& tx : recentlyAdded.first) {
|
wallet: Domain-separate batched txids with a "block tag"
Previously when a transaction was queried for batch trial decryption, we
identified it by its txid. This is sufficient to uniquely identify the
transaction within the wallet, but was _not_ sufficient to uniquely
identify it within a `ThreadNotifyWallets` loop. In particular, when a
reorg occurs, and the same transaction is present in blocks on both
sides of the reorg (or is reorged into the mempool and then conflicted
out):
- The first occurrence would batch the transaction's outputs and store a
result receiver.
- The second occurrence would overwrite the first occurrence's result
receiver with its own.
- The first occurrence would read the second's result receiver (which
has identical results to the first batch), removing it from the
`pending_results` map.
- The second occurrence would not find any receiver in the map, and
would mark the transaction as having no decrypted results.
We fix this by annotating each batched transaction with the hash of the
block that triggered it being trial-decrypted: either the block being
disconnected, the block being connected, or the null hash to indicate
a new transaction in the mempool. This is sufficient to domain-separate
all possible sources of duplicate txids:
- If a transaction is moved to the mempool via a block disconnection, or
from the mempool (either mined or conflicted) via a block connection,
its txid will appear twice: once with the block in question's hash,
and once with the null hash.
- If a transaction is present in both a disconnected and a connected
block (mined on both sides of the fork), its txid will appear twice:
once each with the two block's txids.
Both of the above rely on the assumption that block hashes are collision
resistant, which in turn relies on SHA-256 being collision resistant.
2022-07-22 07:38:34 -07:00
|
|
|
|
AddTxToBatches(batchScanners, tx, uint256(), pindexLastTip->nHeight + 1);
|
2022-07-18 08:37:44 -07:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Ensure that all pending work has been started.
|
|
|
|
|
|
FlushBatches(batchScanners);
|
|
|
|
|
|
|
2019-11-21 12:09:06 -08:00
|
|
|
|
// Notify block disconnects
|
|
|
|
|
|
while (pindexLastTip && pindexLastTip != pindexFork) {
|
|
|
|
|
|
// Read block from disk.
|
|
|
|
|
|
CBlock block;
|
|
|
|
|
|
if (!ReadBlockFromDisk(block, pindexLastTip, chainParams.GetConsensus())) {
|
2022-04-07 15:54:15 -07:00
|
|
|
|
LogPrintf(
|
|
|
|
|
|
"*** %s: Failed to read block %s while notifying wallets of block disconnects",
|
|
|
|
|
|
__func__, pindexLastTip->GetBlockHash().GetHex());
|
2019-11-21 12:09:06 -08:00
|
|
|
|
uiInterface.ThreadSafeMessageBox(
|
2022-08-16 10:27:41 -07:00
|
|
|
|
strprintf(_("Error: A fatal internal error occurred, see %s for details"), GetDebugLogPath()),
|
2019-11-21 12:09:06 -08:00
|
|
|
|
"", CClientUIInterface::MSG_ERROR);
|
|
|
|
|
|
StartShutdown();
|
2022-04-07 15:54:15 -07:00
|
|
|
|
return;
|
2019-11-21 12:09:06 -08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Let wallets know transactions went from 1-confirmed to
|
|
|
|
|
|
// 0-confirmed or conflicted:
|
|
|
|
|
|
for (const CTransaction &tx : block.vtx) {
|
2022-07-18 08:37:44 -07:00
|
|
|
|
SyncWithWallets(batchScanners, tx, NULL, pindexLastTip->nHeight);
|
2019-11-21 12:09:06 -08:00
|
|
|
|
}
|
|
|
|
|
|
// Update cached incremental witnesses
|
2021-08-25 10:46:58 -07:00
|
|
|
|
// This will take the cs_main lock in order to obtain the CBlockLocator
|
2021-08-31 11:56:25 -07:00
|
|
|
|
// used by `SetBestChain`, but as that write only occurs once every
|
2021-08-25 10:46:58 -07:00
|
|
|
|
// WRITE_WITNESS_INTERVAL * 1000000 microseconds this should not be
|
|
|
|
|
|
// exploitable as a timing channel.
|
2020-10-20 17:44:15 -07:00
|
|
|
|
GetMainSignals().ChainTip(pindexLastTip, &block, std::nullopt);
|
2019-11-21 12:09:06 -08:00
|
|
|
|
|
|
|
|
|
|
// On to the next block!
|
|
|
|
|
|
pindexLastTip = pindexLastTip->pprev;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Notify block connections
|
|
|
|
|
|
while (!blockStack.empty()) {
|
2022-09-19 14:30:53 -07:00
|
|
|
|
auto& blockData = blockStack.back();
|
2019-11-21 12:09:06 -08:00
|
|
|
|
|
|
|
|
|
|
// Read block from disk.
|
|
|
|
|
|
CBlock block;
|
|
|
|
|
|
if (!ReadBlockFromDisk(block, blockData.pindex, chainParams.GetConsensus())) {
|
2022-04-07 15:54:15 -07:00
|
|
|
|
LogPrintf(
|
|
|
|
|
|
"*** %s: Failed to read block %s while notifying wallets of block connects",
|
|
|
|
|
|
__func__, blockData.pindex->GetBlockHash().GetHex());
|
2019-11-21 12:09:06 -08:00
|
|
|
|
uiInterface.ThreadSafeMessageBox(
|
2022-08-16 10:27:41 -07:00
|
|
|
|
strprintf(_("Error: A fatal internal error occurred, see %s for details"), GetDebugLogPath()),
|
2019-11-21 12:09:06 -08:00
|
|
|
|
"", CClientUIInterface::MSG_ERROR);
|
|
|
|
|
|
StartShutdown();
|
2022-04-07 15:54:15 -07:00
|
|
|
|
return;
|
2019-11-21 12:09:06 -08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Tell wallet about transactions that went from mempool
|
|
|
|
|
|
// to conflicted:
|
|
|
|
|
|
for (const CTransaction &tx : blockData.txConflicted) {
|
2022-07-18 08:37:44 -07:00
|
|
|
|
SyncWithWallets(batchScanners, tx, NULL, blockData.pindex->nHeight + 1);
|
2019-11-21 12:09:06 -08:00
|
|
|
|
}
|
|
|
|
|
|
// ... and about transactions that got confirmed:
|
|
|
|
|
|
for (const CTransaction &tx : block.vtx) {
|
2022-07-18 08:37:44 -07:00
|
|
|
|
SyncWithWallets(batchScanners, tx, &block, blockData.pindex->nHeight);
|
2019-11-21 12:09:06 -08:00
|
|
|
|
}
|
|
|
|
|
|
// Update cached incremental witnesses
|
2021-08-25 10:46:58 -07:00
|
|
|
|
// This will take the cs_main lock in order to obtain the CBlockLocator
|
2021-08-31 11:56:25 -07:00
|
|
|
|
// used by `SetBestChain`, but as that write only occurs once every
|
2021-08-25 10:46:58 -07:00
|
|
|
|
// WRITE_WITNESS_INTERVAL * 1000000 microseconds this should not be
|
|
|
|
|
|
// exploitable as a timing channel.
|
2019-11-21 12:09:06 -08:00
|
|
|
|
GetMainSignals().ChainTip(blockData.pindex, &block, blockData.oldTrees);
|
|
|
|
|
|
|
2022-07-05 17:08:23 -07:00
|
|
|
|
// Notify UI to display prev block's coinbase if it was ours.
|
|
|
|
|
|
static uint256 hashPrevBestCoinBase;
|
|
|
|
|
|
GetMainSignals().UpdatedTransaction(hashPrevBestCoinBase);
|
|
|
|
|
|
hashPrevBestCoinBase = block.vtx[0].GetHash();
|
|
|
|
|
|
|
2019-11-21 12:09:06 -08:00
|
|
|
|
// This block is done!
|
|
|
|
|
|
pindexLastTip = blockData.pindex;
|
2022-09-19 14:30:53 -07:00
|
|
|
|
blockStack.pop_back();
|
2019-11-21 12:09:06 -08:00
|
|
|
|
}
|
2019-11-20 06:16:58 -08:00
|
|
|
|
|
2019-11-21 12:09:06 -08:00
|
|
|
|
// Notify transactions in the mempool
|
2022-09-19 14:30:53 -07:00
|
|
|
|
for (auto& tx : recentlyAdded.first) {
|
2019-11-20 06:16:58 -08:00
|
|
|
|
try {
|
2022-07-18 08:37:44 -07:00
|
|
|
|
SyncWithWallets(batchScanners, tx, NULL, pindexLastTip->nHeight + 1);
|
2019-11-20 06:16:58 -08:00
|
|
|
|
} catch (const boost::thread_interrupted&) {
|
|
|
|
|
|
throw;
|
|
|
|
|
|
} catch (const std::exception& e) {
|
|
|
|
|
|
PrintExceptionContinue(&e, "ThreadNotifyWallets()");
|
|
|
|
|
|
} catch (...) {
|
|
|
|
|
|
PrintExceptionContinue(NULL, "ThreadNotifyWallets()");
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2019-11-21 12:09:06 -08:00
|
|
|
|
// Update the notified sequence numbers. We only need this in regtest mode,
|
|
|
|
|
|
// and should not lock on cs or cs_main here otherwise.
|
|
|
|
|
|
if (chainParams.NetworkIDString() == "regtest") {
|
2020-07-10 10:34:53 -07:00
|
|
|
|
SetChainNotifiedSequence(chainParams, recentlyConflicted.second);
|
2019-11-20 06:16:58 -08:00
|
|
|
|
mempool.SetNotifiedSequence(recentlyAdded.second);
|
|
|
|
|
|
}
|
2019-11-20 04:52:58 -08:00
|
|
|
|
}
|
|
|
|
|
|
}
|
