def test_calc_cjfee(): assert calc_cj_fee("swabsoffer", 3000, 200000000) == 3000 assert calc_cj_fee("swreloffer", "0.01", 100000000) == 1000000 assert calc_cj_fee("sw0absoffer", 3000, 200000000) == 3000 assert calc_cj_fee("sw0reloffer", "0.01", 100000000) == 1000000 with pytest.raises(RuntimeError) as e_info: calc_cj_fee("dummyoffer", 2, 3)
def _verify_ioauth_inputs(self, nick, utxo_list, auth_pub): utxo_data = jm_single().bc_interface.query_utxo_set(utxo_list) if None in utxo_data: raise IoauthInputVerificationError([ "ERROR: outputs unconfirmed or already spent. utxo_data=" f"{pprint.pformat(utxo_data)}", "Disregarding this counterparty." ]) # Complete maker authorization: # Extract the address fields from the utxos # Construct the Bitcoin address for the auth_pub field # Ensure that at least one address from utxos corresponds. for inp in utxo_data: try: if self.wallet_service.pubkey_has_script( auth_pub, inp['script']): break except EngineError as e: pass else: raise IoauthInputVerificationError([ f"ERROR maker's ({nick}) authorising pubkey is not included " "in the transaction!" ]) total_input = sum([d['value'] for d in utxo_data]) real_cjfee = calc_cj_fee(self.orderbook[nick]['ordertype'], self.orderbook[nick]['cjfee'], self.cjamount) change_amount = (total_input - self.cjamount - self.orderbook[nick]['txfee'] + real_cjfee) # certain malicious and/or incompetent liquidity providers send # inputs totalling less than the coinjoin amount! this leads to # a change output of zero satoshis; this counterparty must be removed. if change_amount < jm_single().DUST_THRESHOLD: raise IoauthInputVerificationError([ f"ERROR counterparty requires sub-dust change. nick={nick} " f"totalin={total_input:d} cjamount={self.cjamount:d} " f"change={change_amount:d}", f"Invalid change, too small, nick={nick}" ]) return self._MakerTxData(nick, utxo_data, total_input, change_amount, real_cjfee)
def verify_unsigned_tx(self, txd, offerinfo): tx_utxo_set = set(ins['outpoint']['hash'] + ':' + str(ins['outpoint']['index']) for ins in txd['ins']) utxos = offerinfo["utxos"] cjaddr = offerinfo["cjaddr"] cjaddr_script = btc.address_to_script(cjaddr) changeaddr = offerinfo["changeaddr"] changeaddr_script = btc.address_to_script(changeaddr) amount = offerinfo["amount"] cjfee = offerinfo["offer"]["cjfee"] txfee = offerinfo["offer"]["txfee"] ordertype = offerinfo["offer"]["ordertype"] my_utxo_set = set(utxos.keys()) if not tx_utxo_set.issuperset(my_utxo_set): return (False, 'my utxos are not contained') my_total_in = sum([va['value'] for va in utxos.values()]) real_cjfee = calc_cj_fee(ordertype, cjfee, amount) expected_change_value = (my_total_in - amount - txfee + real_cjfee) jlog.info('potentially earned = {}'.format(real_cjfee - txfee)) jlog.info('mycjaddr, mychange = {}, {}'.format(cjaddr, changeaddr)) times_seen_cj_addr = 0 times_seen_change_addr = 0 for outs in txd['outs']: if outs['script'] == cjaddr_script: times_seen_cj_addr += 1 if outs['value'] != amount: return (False, 'Wrong cj_amount. I expect ' + str(amount)) if outs['script'] == changeaddr_script: times_seen_change_addr += 1 if outs['value'] != expected_change_value: return (False, 'wrong change, i expect ' + str(expected_change_value)) if times_seen_cj_addr != 1 or times_seen_change_addr != 1: fmt = ('cj or change addr not in tx ' 'outputs once, #cjaddr={}, #chaddr={}').format return (False, (fmt(times_seen_cj_addr, times_seen_change_addr))) return (True, None)
def receive_utxos(self, ioauth_data): """Triggered when the daemon returns utxo data from makers who responded; this is the completion of phase 1 of the protocol """ if self.aborted: return (False, "User aborted") #Temporary list used to aggregate all ioauth data that must be removed rejected_counterparties = [] #Need to authorize against the btc pubkey first. for nick, nickdata in ioauth_data.items(): utxo_list, auth_pub, cj_addr, change_addr, btc_sig, maker_pk = nickdata if not self.auth_counterparty(btc_sig, auth_pub, maker_pk): jlog.debug( "Counterparty encryption verification failed, aborting: " + nick) #This counterparty must be rejected rejected_counterparties.append(nick) if not validate_address(cj_addr)[0] or not validate_address( change_addr)[0]: jlog.warn("Counterparty provided invalid address: {}".format( (cj_addr, change_addr))) # Interpreted as malicious self.add_ignored_makers([nick]) rejected_counterparties.append(nick) for rc in rejected_counterparties: del ioauth_data[rc] self.maker_utxo_data = {} for nick, nickdata in ioauth_data.items(): utxo_list, auth_pub, cj_addr, change_addr, _, _ = nickdata utxo_data = jm_single().bc_interface.query_utxo_set(utxo_list) self.utxos[nick] = utxo_list if None in utxo_data: jlog.warn(('ERROR outputs unconfirmed or already spent. ' 'utxo_data={}').format(pprint.pformat(utxo_data))) jlog.warn('Disregarding this counterparty.') del self.utxos[nick] continue #Complete maker authorization: #Extract the address fields from the utxos #Construct the Bitcoin address for the auth_pub field #Ensure that at least one address from utxos corresponds. for inp in utxo_data: try: if self.wallet_service.pubkey_has_script( auth_pub, inp['script']): break except EngineError as e: pass else: jlog.warn("ERROR maker's (" + nick + ")" " authorising pubkey is not included " "in the transaction!") #this will not be added to the transaction, so we will have #to recheck if we have enough continue total_input = sum([d['value'] for d in utxo_data]) real_cjfee = calc_cj_fee(self.orderbook[nick]['ordertype'], self.orderbook[nick]['cjfee'], self.cjamount) change_amount = (total_input - self.cjamount - self.orderbook[nick]['txfee'] + real_cjfee) # certain malicious and/or incompetent liquidity providers send # inputs totalling less than the coinjoin amount! this leads to # a change output of zero satoshis; this counterparty must be removed. if change_amount < jm_single().DUST_THRESHOLD: fmt = ('ERROR counterparty requires sub-dust change. nick={}' 'totalin={:d} cjamount={:d} change={:d}').format jlog.warn(fmt(nick, total_input, self.cjamount, change_amount)) jlog.warn("Invalid change, too small, nick= " + nick) continue self.outputs.append({ 'address': change_addr, 'value': change_amount }) fmt = ('fee breakdown for {} totalin={:d} ' 'cjamount={:d} txfee={:d} realcjfee={:d}').format jlog.info( fmt(nick, total_input, self.cjamount, self.orderbook[nick]['txfee'], real_cjfee)) self.outputs.append({'address': cj_addr, 'value': self.cjamount}) self.cjfee_total += real_cjfee self.maker_txfee_contributions += self.orderbook[nick]['txfee'] self.maker_utxo_data[nick] = utxo_data #We have succesfully processed the data from this nick: try: self.nonrespondants.remove(nick) except Exception as e: jlog.warn("Failure to remove counterparty from nonrespondants list: " + str(nick) + \ ", error message: " + repr(e)) #Apply business logic of how many counterparties are enough; note that #this must occur after the above ioauth data processing, since we only now #know for sure that the data meets all business-logic requirements. if len(self.maker_utxo_data) < jm_single().config.getint( "POLICY", "minimum_makers"): self.taker_info_callback("INFO", "Not enough counterparties, aborting.") return (False, "Not enough counterparties responded to fill, giving up") self.taker_info_callback("INFO", "Got all parts, enough to build a tx") #The list self.nonrespondants is now reset and #used to track return of signatures for phase 2 self.nonrespondants = list(self.maker_utxo_data.keys()) my_total_in = sum([va['value'] for u, va in self.input_utxos.items()]) if self.my_change_addr: #Estimate fee per choice of next/3/6 blocks targetting. estimated_fee = estimate_tx_fee( len(sum(self.utxos.values(), [])), len(self.outputs) + 2, txtype=self.wallet_service.get_txtype()) jlog.info("Based on initial guess: " + btc.amount_to_str(self.total_txfee) + ", we estimated a miner fee of: " + btc.amount_to_str(estimated_fee)) #reset total self.total_txfee = estimated_fee my_txfee = max(self.total_txfee - self.maker_txfee_contributions, 0) my_change_value = (my_total_in - self.cjamount - self.cjfee_total - my_txfee) #Since we could not predict the maker's inputs, we may end up needing #too much such that the change value is negative or small. Note that #we have tried to avoid this based on over-estimating the needed amount #in SendPayment.create_tx(), but it is still a possibility if one maker #uses a *lot* of inputs. if self.my_change_addr: if my_change_value < -1: raise ValueError( "Calculated transaction fee of: " + btc.amount_to_str(self.total_txfee) + " is too large for our inputs; Please try again.") if my_change_value <= jm_single().BITCOIN_DUST_THRESHOLD: jlog.info("Dynamically calculated change lower than dust: " + btc.amount_to_str(my_change_value) + "; dropping.") self.my_change_addr = None my_change_value = 0 jlog.info( 'fee breakdown for me totalin=%d my_txfee=%d makers_txfee=%d cjfee_total=%d => changevalue=%d' % (my_total_in, my_txfee, self.maker_txfee_contributions, self.cjfee_total, my_change_value)) if self.my_change_addr is None: if my_change_value != 0 and abs(my_change_value) != 1: # seems you wont always get exactly zero because of integer # rounding so 1 satoshi extra or fewer being spent as miner # fees is acceptable jlog.info( ('WARNING CHANGE NOT BEING USED\nCHANGEVALUE = {}').format( btc.amount_to_str(my_change_value))) # we need to check whether the *achieved* txfee-rate is outside # the range allowed by the user in config; if not, abort the tx. # this is done with using the same estimate fee function and comparing # the totals; this ratio will correspond to the ratio of the feerates. num_ins = len([u for u in sum(self.utxos.values(), [])]) num_outs = len(self.outputs) + 2 new_total_fee = estimate_tx_fee( num_ins, num_outs, txtype=self.wallet_service.get_txtype()) feeratio = self.total_txfee / new_total_fee jlog.debug( "Ratio of actual to estimated sweep fee: {}".format(feeratio)) sweep_delta = float(jm_single().config.get("POLICY", "max_sweep_fee_change")) if feeratio < 1 - sweep_delta or feeratio > 1 + sweep_delta: jlog.warn( "Transaction fee for sweep: {} too far from expected:" " {}; check the setting 'max_sweep_fee_change'" " in joinmarket.cfg. Aborting this attempt.".format( self.total_txfee, new_total_fee)) return (False, "Unacceptable feerate for sweep, giving up.") else: self.outputs.append({ 'address': self.my_change_addr, 'value': my_change_value }) self.utxo_tx = [u for u in sum(self.utxos.values(), [])] self.outputs.append({ 'address': self.coinjoin_address(), 'value': self.cjamount }) # pre-Nov-2020/v0.8.0: transactions used ver 1 and nlocktime 0 # so only the new "pit" (using native segwit) will use the updated # version 2 and nlocktime ~ current block as per normal payments. # TODO makers do not check this; while there is no security risk, # it might be better for them to sanity check. if self.wallet_service.get_txtype() == "p2wpkh": n_version = 2 locktime = compute_tx_locktime() else: n_version = 1 locktime = 0 self.latest_tx = btc.make_shuffled_tx(self.utxo_tx, self.outputs, version=n_version, locktime=locktime) jlog.info('obtained tx\n' + btc.human_readable_transaction(self.latest_tx)) self.taker_info_callback("INFO", "Built tx, sending to counterparties.") return (True, list(self.maker_utxo_data.keys()), bintohex(self.latest_tx.serialize()))
def receive_utxos(self, ioauth_data): """Triggered when the daemon returns utxo data from makers who responded; this is the completion of phase 1 of the protocol """ if self.aborted: return (False, "User aborted") rejected_counterparties = [] #Enough data, but need to authorize against the btc pubkey first. for nick, nickdata in ioauth_data.iteritems(): utxo_list, auth_pub, cj_addr, change_addr, btc_sig, maker_pk = nickdata if not self.auth_counterparty(btc_sig, auth_pub, maker_pk): jlog.debug( "Counterparty encryption verification failed, aborting") #This counterparty must be rejected rejected_counterparties.append(nick) for rc in rejected_counterparties: del ioauth_data[rc] self.maker_utxo_data = {} for nick, nickdata in ioauth_data.iteritems(): utxo_list, auth_pub, cj_addr, change_addr, btc_sig, maker_pk = nickdata self.utxos[nick] = utxo_list utxo_data = jm_single().bc_interface.query_utxo_set( self.utxos[nick]) if None in utxo_data: jlog.debug(('ERROR outputs unconfirmed or already spent. ' 'utxo_data={}').format(pprint.pformat(utxo_data))) # when internal reviewing of makers is created, add it here to # immediately quit; currently, the timeout thread suffices. continue #Complete maker authorization: #Extract the address fields from the utxos #Construct the Bitcoin address for the auth_pub field #Ensure that at least one address from utxos corresponds. input_addresses = [d['address'] for d in utxo_data] auth_address = btc.pubkey_to_address(auth_pub, get_p2pk_vbyte()) if not auth_address in input_addresses: jlog.warn("ERROR maker's (" + nick + ")" " authorising pubkey is not included " "in the transaction: " + str(auth_address)) #this will not be added to the transaction, so we will have #to recheck if we have enough continue total_input = sum([d['value'] for d in utxo_data]) real_cjfee = calc_cj_fee(self.orderbook[nick]['ordertype'], self.orderbook[nick]['cjfee'], self.cjamount) change_amount = (total_input - self.cjamount - self.orderbook[nick]['txfee'] + real_cjfee) # certain malicious and/or incompetent liquidity providers send # inputs totalling less than the coinjoin amount! this leads to # a change output of zero satoshis; this counterparty must be removed. if change_amount < jm_single().DUST_THRESHOLD: fmt = ('ERROR counterparty requires sub-dust change. nick={}' 'totalin={:d} cjamount={:d} change={:d}').format jlog.debug(fmt(nick, total_input, self.cjamount, change_amount)) jlog.warn("Invalid change, too small, nick= " + nick) continue self.outputs.append({ 'address': change_addr, 'value': change_amount }) fmt = ('fee breakdown for {} totalin={:d} ' 'cjamount={:d} txfee={:d} realcjfee={:d}').format jlog.debug( fmt(nick, total_input, self.cjamount, self.orderbook[nick]['txfee'], real_cjfee)) self.outputs.append({'address': cj_addr, 'value': self.cjamount}) self.cjfee_total += real_cjfee self.maker_txfee_contributions += self.orderbook[nick]['txfee'] self.maker_utxo_data[nick] = utxo_data #Apply business logic of how many counterparties are enough: if len(self.maker_utxo_data.keys()) < jm_single().config.getint( "POLICY", "minimum_makers"): self.taker_info_callback("INFO", "Not enough counterparties, aborting.") return (False, "Not enough counterparties responded to fill, giving up") self.taker_info_callback("INFO", "Got all parts, enough to build a tx") self.nonrespondants = list(self.maker_utxo_data.keys()) my_total_in = sum( [va['value'] for u, va in self.input_utxos.iteritems()]) if self.my_change_addr: #Estimate fee per choice of next/3/6 blocks targetting. estimated_fee = estimate_tx_fee(len(sum(self.utxos.values(), [])), len(self.outputs) + 2) jlog.info("Based on initial guess: " + str(self.total_txfee) + ", we estimated a miner fee of: " + str(estimated_fee)) #reset total self.total_txfee = estimated_fee my_txfee = max(self.total_txfee - self.maker_txfee_contributions, 0) my_change_value = (my_total_in - self.cjamount - self.cjfee_total - my_txfee) #Since we could not predict the maker's inputs, we may end up needing #too much such that the change value is negative or small. Note that #we have tried to avoid this based on over-estimating the needed amount #in SendPayment.create_tx(), but it is still a possibility if one maker #uses a *lot* of inputs. if self.my_change_addr and my_change_value <= 0: raise ValueError("Calculated transaction fee of: " + str(self.total_txfee) + " is too large for our inputs;Please try again.") elif self.my_change_addr and my_change_value <= jm_single( ).BITCOIN_DUST_THRESHOLD: jlog.info("Dynamically calculated change lower than dust: " + str(my_change_value) + "; dropping.") self.my_change_addr = None my_change_value = 0 jlog.info( 'fee breakdown for me totalin=%d my_txfee=%d makers_txfee=%d cjfee_total=%d => changevalue=%d' % (my_total_in, my_txfee, self.maker_txfee_contributions, self.cjfee_total, my_change_value)) if self.my_change_addr is None: if my_change_value != 0 and abs(my_change_value) != 1: # seems you wont always get exactly zero because of integer # rounding so 1 satoshi extra or fewer being spent as miner # fees is acceptable jlog.debug(('WARNING CHANGE NOT BEING ' 'USED\nCHANGEVALUE = {}').format(my_change_value)) else: self.outputs.append({ 'address': self.my_change_addr, 'value': my_change_value }) self.utxo_tx = [ dict([('output', u)]) for u in sum(self.utxos.values(), []) ] self.outputs.append({ 'address': self.coinjoin_address(), 'value': self.cjamount }) random.shuffle(self.utxo_tx) random.shuffle(self.outputs) tx = btc.mktx(self.utxo_tx, self.outputs) jlog.debug('obtained tx\n' + pprint.pformat(btc.deserialize(tx))) self.latest_tx = btc.deserialize(tx) for index, ins in enumerate(self.latest_tx['ins']): utxo = ins['outpoint']['hash'] + ':' + str( ins['outpoint']['index']) if utxo not in self.input_utxos.keys(): continue # placeholders required ins['script'] = 'deadbeef' self.taker_info_callback("INFO", "Built tx, sending to counterparties.") return (True, self.maker_utxo_data.keys(), tx)
def verify_unsigned_tx(self, tx, offerinfo): """This code is security-critical. Before signing the transaction the Maker must ensure that all details are as expected, and most importantly that it receives the exact number of coins to expected in total. The data is taken from the offerinfo dict and compared with the serialized txhex. """ tx_utxo_set = set((x.prevout.hash[::-1], x.prevout.n) for x in tx.vin) utxos = offerinfo["utxos"] cjaddr = offerinfo["cjaddr"] cjaddr_script = btc.CCoinAddress(cjaddr).to_scriptPubKey() changeaddr = offerinfo["changeaddr"] changeaddr_script = btc.CCoinAddress(changeaddr).to_scriptPubKey() #Note: this value is under the control of the Taker, #see comment below. amount = offerinfo["amount"] cjfee = offerinfo["offer"]["cjfee"] txfee = offerinfo["offer"]["txfee"] ordertype = offerinfo["offer"]["ordertype"] my_utxo_set = set(utxos.keys()) if not tx_utxo_set.issuperset(my_utxo_set): return (False, 'my utxos are not contained') #The three lines below ensure that the Maker receives #back what he puts in, minus his bitcointxfee contribution, #plus his expected fee. These values are fully under #Maker control so no combination of messages from the Taker #can change them. #(mathematically: amount + expected_change_value is independent #of amount); there is not a (known) way for an attacker to #alter the amount (note: !fill resubmissions *overwrite* #the active_orders[dict] entry in daemon), but this is an #extra layer of safety. my_total_in = sum([va['value'] for va in utxos.values()]) real_cjfee = calc_cj_fee(ordertype, cjfee, amount) expected_change_value = (my_total_in - amount - txfee + real_cjfee) jlog.info('potentially earned = {}'.format(real_cjfee - txfee)) jlog.info('mycjaddr, mychange = {}, {}'.format(cjaddr, changeaddr)) #The remaining checks are needed to ensure #that the coinjoin and change addresses occur #exactly once with the required amts, in the output. times_seen_cj_addr = 0 times_seen_change_addr = 0 for outs in tx.vout: if outs.scriptPubKey == cjaddr_script: times_seen_cj_addr += 1 if outs.nValue != amount: return (False, 'Wrong cj_amount. I expect ' + str(amount)) if outs.scriptPubKey == changeaddr_script: times_seen_change_addr += 1 if outs.nValue != expected_change_value: return (False, 'wrong change, i expect ' + str(expected_change_value)) if times_seen_cj_addr != 1 or times_seen_change_addr != 1: fmt = ('cj or change addr not in tx ' 'outputs once, #cjaddr={}, #chaddr={}').format return (False, (fmt(times_seen_cj_addr, times_seen_change_addr))) return (True, None)