-
Notifications
You must be signed in to change notification settings - Fork 716
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Guarding wallet access from init and print error for unknown MN collaterals #2218
Guarding wallet access from init and print error for unknown MN collaterals #2218
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ACK fbe9200
needs rebase now |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The second commit introduces a subtle risk.
With this change, if a controller's wallet is zapped, and then reindexes/resyncs, then the masternode collaterals are not locked during init.
Thus they could be inadvertently spent, when the reindex completes.
A similar (but less likely) situation can happen in this case:
- Create a new controller from scratch. Before it completes the sync, get a receiving address.
- From another client, send the collateral to the receiving address created in (1), and get the txid
- Add the txid to the masternode.conf of the controller (which still hasn't completed the sync, nor added the tx to his wallet) and restart it.
- When the sync completes, the masternode owner could think that the collateral is locked, but it isn't.
good points. |
Agreed. |
fbe9200
to
de6f052
Compare
pushed + rebased on master. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
utACK de6f052
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
re-ACK de6f052
Two changes:
pwalletMain
access from init.cpp, so in the future we could enable pivxd to run without the wallet.Wallet::LockCoin
verifying that the MN collateral utxo is in the wallet's map before add it to the locked set. Printing the correct error if the transaction is unknown for the wallet.