🤔 dergoegge reviewed a pull request: "Relay own transactions only via short-lived Tor or I2P connections"
(https://github.com/bitcoin/bitcoin/pull/27509#pullrequestreview-1554560960)
I think this approach is better suited for a separate tool. Otherwise fingerprinting becomes a direct vector for tx origin analysis (see my inline comments), which seems like a regression from what we have now.
(https://github.com/bitcoin/bitcoin/pull/27509#pullrequestreview-1554560960)
I think this approach is better suited for a separate tool. Otherwise fingerprinting becomes a direct vector for tx origin analysis (see my inline comments), which seems like a regression from what we have now.
💬 dergoegge commented on pull request "Relay own transactions only via short-lived Tor or I2P connections":
(https://github.com/bitcoin/bitcoin/pull/27509#discussion_r1279166534)
this should go into `net_processing.h` where it is used
(https://github.com/bitcoin/bitcoin/pull/27509#discussion_r1279166534)
this should go into `net_processing.h` where it is used
💬 dergoegge commented on pull request "Relay own transactions only via short-lived Tor or I2P connections":
(https://github.com/bitcoin/bitcoin/pull/27509#discussion_r1279194945)
Using the txid here can leak the tx origin.
e.g. an attacker changes the witness of your tx (such that the tx is invalid) and sends it to you, if you then announce the original tx to your peers it is obvious that the tx originated from you.
(https://github.com/bitcoin/bitcoin/pull/27509#discussion_r1279194945)
Using the txid here can leak the tx origin.
e.g. an attacker changes the witness of your tx (such that the tx is invalid) and sends it to you, if you then announce the original tx to your peers it is obvious that the tx originated from you.
💬 dergoegge commented on pull request "Relay own transactions only via short-lived Tor or I2P connections":
(https://github.com/bitcoin/bitcoin/pull/27509#discussion_r1279343481)
What about children of local txs? They currently leak tx origin as well.
They should be treated as orphans until the parent tx is scheduled for relay to all.
(https://github.com/bitcoin/bitcoin/pull/27509#discussion_r1279343481)
What about children of local txs? They currently leak tx origin as well.
They should be treated as orphans until the parent tx is scheduled for relay to all.
💬 dergoegge commented on pull request "Relay own transactions only via short-lived Tor or I2P connections":
(https://github.com/bitcoin/bitcoin/pull/27509#discussion_r1279206967)
Unless I'm missing something, the pings on sensitive connections never timeout. So if the peer doesn't respond to the ping the connection only closes after 20min (`TIMEOUT_INTERVAL`).
(https://github.com/bitcoin/bitcoin/pull/27509#discussion_r1279206967)
Unless I'm missing something, the pings on sensitive connections never timeout. So if the peer doesn't respond to the ping the connection only closes after 20min (`TIMEOUT_INTERVAL`).
💬 dergoegge commented on pull request "Relay own transactions only via short-lived Tor or I2P connections":
(https://github.com/bitcoin/bitcoin/pull/27509#discussion_r1279227800)
Not processing messages that are irrelevant to this type of tx relay is the right move but it still leaves room for tx origin leakage through fingerprinting in the version handshake.
In other words, if it is possible to fingerprint a node solely based on version handshake messages then it is possible for the receiver of a "sensitive-relay" tx to figure out which public addresses belong to the node that broadcast the tx.
(https://github.com/bitcoin/bitcoin/pull/27509#discussion_r1279227800)
Not processing messages that are irrelevant to this type of tx relay is the right move but it still leaves room for tx origin leakage through fingerprinting in the version handshake.
In other words, if it is possible to fingerprint a node solely based on version handshake messages then it is possible for the receiver of a "sensitive-relay" tx to figure out which public addresses belong to the node that broadcast the tx.
💬 fanquake commented on pull request "wallet: bugfix, disallow migration of invalid scripts":
(https://github.com/bitcoin/bitcoin/pull/28125#issuecomment-1660241633)
@MarcoFalke does this fix #28057 in it's current state?
(https://github.com/bitcoin/bitcoin/pull/28125#issuecomment-1660241633)
@MarcoFalke does this fix #28057 in it's current state?
💬 furszy commented on pull request "wallet: Have the wallet store the key for automatically generated descriptors":
(https://github.com/bitcoin/bitcoin/pull/26728#discussion_r1280577467)
In 87abceea:
Maybe better `WALLET_FLAG_GLOBAL_HD_KEY`?
(https://github.com/bitcoin/bitcoin/pull/26728#discussion_r1280577467)
In 87abceea:
Maybe better `WALLET_FLAG_GLOBAL_HD_KEY`?
💬 furszy commented on pull request "wallet: Have the wallet store the key for automatically generated descriptors":
(https://github.com/bitcoin/bitcoin/pull/26728#discussion_r1280568616)
Or.. another possible patch to not mix the keys reading code with the upgrade code could be to read the xpub root key alone at the end of the spkm loading process:
```diff
diff --git a/src/wallet/walletdb.cpp b/src/wallet/walletdb.cpp
--- a/src/wallet/walletdb.cpp (revision 7f44e83bb544f1e5c398b87c8eb7870eed3ed1ba)
+++ b/src/wallet/walletdb.cpp (date 1690893250659)
@@ -966,6 +966,31 @@
result = std::max(result, ckey_res.m_result);
num_ckeys = ckey_res.m_records;
+
...
(https://github.com/bitcoin/bitcoin/pull/26728#discussion_r1280568616)
Or.. another possible patch to not mix the keys reading code with the upgrade code could be to read the xpub root key alone at the end of the spkm loading process:
```diff
diff --git a/src/wallet/walletdb.cpp b/src/wallet/walletdb.cpp
--- a/src/wallet/walletdb.cpp (revision 7f44e83bb544f1e5c398b87c8eb7870eed3ed1ba)
+++ b/src/wallet/walletdb.cpp (date 1690893250659)
@@ -966,6 +966,31 @@
result = std::max(result, ckey_res.m_result);
num_ckeys = ckey_res.m_records;
+
...
💬 sipa commented on pull request "Relay own transactions only via short-lived Tor or I2P connections":
(https://github.com/bitcoin/bitcoin/pull/27509#issuecomment-1660269660)
I think the only correct approach to implement something like this, is to keep the unbroadcast transaction within the wallet (in a special unbroadcast state until it's echoed back). In this unbroadcast state, rebroadcasts can happen (directly to sensitive relay peers only, bypassing the mempool), but outputs are not available for creating descendant transactions.
(https://github.com/bitcoin/bitcoin/pull/27509#issuecomment-1660269660)
I think the only correct approach to implement something like this, is to keep the unbroadcast transaction within the wallet (in a special unbroadcast state until it's echoed back). In this unbroadcast state, rebroadcasts can happen (directly to sensitive relay peers only, bypassing the mempool), but outputs are not available for creating descendant transactions.
💬 ryanofsky commented on pull request "CONTRIBUTING: Caution against using AI/LLMs (ChatGPT, Copilot, etc)":
(https://github.com/bitcoin/bitcoin/pull/28175#issuecomment-1660271019)
> If we end up with an opinion from the BLDF then maybe we can consider making an addition to our license, if necessary.
+1. If we have professional advise to change the license or add a separate policy document or agreement like a CLA, we should consider doing that. But we shouldn't freelance and add legal speculation to developer documentation.
In this case and in general I think a good strategy is to:
- First, focus on doing the right thing morally. If contribution includes content t
...
(https://github.com/bitcoin/bitcoin/pull/28175#issuecomment-1660271019)
> If we end up with an opinion from the BLDF then maybe we can consider making an addition to our license, if necessary.
+1. If we have professional advise to change the license or add a separate policy document or agreement like a CLA, we should consider doing that. But we shouldn't freelance and add legal speculation to developer documentation.
In this case and in general I think a good strategy is to:
- First, focus on doing the right thing morally. If contribution includes content t
...
💬 MarcoFalke commented on pull request "wallet: bugfix, disallow migration of invalid scripts":
(https://github.com/bitcoin/bitcoin/pull/28125#issuecomment-1660271611)
It did fix the crash when I left the Concept ACK https://github.com/bitcoin/bitcoin/pull/28125#pullrequestreview-1545962463
Happy to re-test after the next ACK or after merge.
(https://github.com/bitcoin/bitcoin/pull/28125#issuecomment-1660271611)
It did fix the crash when I left the Concept ACK https://github.com/bitcoin/bitcoin/pull/28125#pullrequestreview-1545962463
Happy to re-test after the next ACK or after merge.
💬 glozow commented on pull request "Detect and ignore transactions that were CPFP'd in the fee estimator":
(https://github.com/bitcoin/bitcoin/pull/25380#issuecomment-1660272298)
@darosior thanks for the data! The proportion of transactions with descendants seems pretty high, so my comment about ignoring stuff with descendants is probably not a good idea.
(https://github.com/bitcoin/bitcoin/pull/25380#issuecomment-1660272298)
@darosior thanks for the data! The proportion of transactions with descendants seems pretty high, so my comment about ignoring stuff with descendants is probably not a good idea.
💬 MarcoFalke commented on pull request "Relay own transactions only via short-lived Tor or I2P connections":
(https://github.com/bitcoin/bitcoin/pull/27509#issuecomment-1660280410)
> but outputs are not available for creating descendant transactions.
In theory they could be used to create transactions, under the assumption that created transactions generally and eventually relay, but that can be fixed independent of the relay issue here. Pretty sure there is a tracking issue about this already, which likely affects `-nowalletbroadcast` and `-spendzeroconfchange` users.
(https://github.com/bitcoin/bitcoin/pull/27509#issuecomment-1660280410)
> but outputs are not available for creating descendant transactions.
In theory they could be used to create transactions, under the assumption that created transactions generally and eventually relay, but that can be fixed independent of the relay issue here. Pretty sure there is a tracking issue about this already, which likely affects `-nowalletbroadcast` and `-spendzeroconfchange` users.
🤔 theStack reviewed a pull request: "blockstorage: Drop legacy -txindex check"
(https://github.com/bitcoin/bitcoin/pull/28195#pullrequestreview-1556965654)
Concept ACK
There are still two instances where blocks_path can be used (sometimes it's quite annoying that python also allows single quote strings):
```
test/functional/feature_pruning.py: self.prunedir = os.path.join(self.nodes[2].chain_path, 'blocks', '')
test/functional/wallet_backup.py: shutil.rmtree(os.path.join(self.nodes[2].chain_path, 'blocks'))
```
With my very limited sed skills, I'd just add another line
`sed -i 's|].chain_path, 'blocks'|].blocks_path|g' $(
...
(https://github.com/bitcoin/bitcoin/pull/28195#pullrequestreview-1556965654)
Concept ACK
There are still two instances where blocks_path can be used (sometimes it's quite annoying that python also allows single quote strings):
```
test/functional/feature_pruning.py: self.prunedir = os.path.join(self.nodes[2].chain_path, 'blocks', '')
test/functional/wallet_backup.py: shutil.rmtree(os.path.join(self.nodes[2].chain_path, 'blocks'))
```
With my very limited sed skills, I'd just add another line
`sed -i 's|].chain_path, 'blocks'|].blocks_path|g' $(
...
💬 MarcoFalke commented on pull request "p2p: Drop m_recently_announced_invs bloom filter":
(https://github.com/bitcoin/bitcoin/pull/27675#discussion_r1280656421)
> The sequence number isn't incremented until TransactionAddedToMempool() fires later.
Doesn't that mean there are races? (There is no guarantee that `TransactionAddedToMempool()` will always run in the near future)?
Basically, I am wondering what happens if you reorder `t=2` and `t=3` in your example.
(https://github.com/bitcoin/bitcoin/pull/27675#discussion_r1280656421)
> The sequence number isn't incremented until TransactionAddedToMempool() fires later.
Doesn't that mean there are races? (There is no guarantee that `TransactionAddedToMempool()` will always run in the near future)?
Basically, I am wondering what happens if you reorder `t=2` and `t=3` in your example.
💬 Sjors commented on pull request "validation: log which peer sent us a header":
(https://github.com/bitcoin/bitcoin/pull/27826#issuecomment-1660344850)
Rebased!
(https://github.com/bitcoin/bitcoin/pull/27826#issuecomment-1660344850)
Rebased!
💬 dergoegge commented on pull request "fuzz: Generate with random libFuzzer settings":
(https://github.com/bitcoin/bitcoin/pull/28178#issuecomment-1660350895)
I think I'd prefer continuing to use the defaults but I also don't use the runner much for generating, so no super strong opinion. I would assume that the defaults are based on data/heuristics and probably work well most of the time, so maybe make this optional?
> Sometimes a libFuzzer setting like -use_value_profile=1 helps [0], sometimes it hurts [1].
> By picking a random value, it is ensured that at least some of the runs will have the beneficial configuration set.
Wouldn't this only
...
(https://github.com/bitcoin/bitcoin/pull/28178#issuecomment-1660350895)
I think I'd prefer continuing to use the defaults but I also don't use the runner much for generating, so no super strong opinion. I would assume that the defaults are based on data/heuristics and probably work well most of the time, so maybe make this optional?
> Sometimes a libFuzzer setting like -use_value_profile=1 helps [0], sometimes it hurts [1].
> By picking a random value, it is ensured that at least some of the runs will have the beneficial configuration set.
Wouldn't this only
...
💬 MarcoFalke commented on pull request "fuzz: Generate with random libFuzzer settings":
(https://github.com/bitcoin/bitcoin/pull/28178#issuecomment-1660386703)
Except for `mutate_depth`, 70% of the time the default value is used for each setting. Happy to change `mutate_depth` as well, which would mean in `.7**3` runs you get a "vanilla" libfuzzer.
I'd say the main goal here is to prevent a case where a bug isn't found at all (or only after a "outlier" long time) due to the default settings. I don't think we've seen such a bug in reality, so I am happy to close this pull.
Regardless, `max_len` should probably be considered separate, where the goa
...
(https://github.com/bitcoin/bitcoin/pull/28178#issuecomment-1660386703)
Except for `mutate_depth`, 70% of the time the default value is used for each setting. Happy to change `mutate_depth` as well, which would mean in `.7**3` runs you get a "vanilla" libfuzzer.
I'd say the main goal here is to prevent a case where a bug isn't found at all (or only after a "outlier" long time) due to the default settings. I don't think we've seen such a bug in reality, so I am happy to close this pull.
Regardless, `max_len` should probably be considered separate, where the goa
...
💬 MarcoFalke commented on pull request "util: Teach AutoFile how to XOR":
(https://github.com/bitcoin/bitcoin/pull/28060#issuecomment-1660402481)
@jamesob Mind doing a re-ACK (trivial). Otherwise I wonder if anything is left to be done here? Is this waiting on someone's NACK or ACK?
(https://github.com/bitcoin/bitcoin/pull/28060#issuecomment-1660402481)
@jamesob Mind doing a re-ACK (trivial). Otherwise I wonder if anything is left to be done here? Is this waiting on someone's NACK or ACK?