def test_bip68_not_consensus(self):
assert(get_bip9_status(self.nodes[0], 'csv')['status'] != 'active')
txid = self.nodes[0].sendtoaddress(self.nodes[0].getnewaddress(), 2)
tx1 = FromHex(CTransaction(), self.nodes[0].getrawtransaction(txid))
tx1.rehash()
# Make an anyone-can-spend transaction
tx2 = CTransaction()
tx2.nVersion = 1
tx2.vin = [CTxIn(COutPoint(tx1.sha256, 0), nSequence=0)]
tx2.vout = [CTxOut(int(tx1.vout[0].nValue - self.relayfee*COIN), CScript([b'a']))]
# sign tx2
tx2_raw = self.nodes[0].signrawtransactionwithwallet(ToHex(tx2))["hex"]
tx2 = FromHex(tx2, tx2_raw)
tx2.rehash()
self.nodes[0].sendrawtransaction(ToHex(tx2))
# Now make an invalid spend of tx2 according to BIP68
sequence_value = 100 # 100 block relative locktime
tx3 = CTransaction()
tx3.nVersion = 2
tx3.vin = [CTxIn(COutPoint(tx2.sha256, 0), nSequence=sequence_value)]
tx3.vout = [CTxOut(int(tx2.vout[0].nValue - self.relayfee * COIN), CScript([b'a' * 35]))]
tx3.rehash()
assert_raises_rpc_error(-26, NOT_FINAL_ERROR, self.nodes[0].sendrawtransaction, ToHex(tx3))
# make a block that violates bip68; ensure that the tip updates
tip = int(self.nodes[0].getbestblockhash(), 16)
block = create_block(tip, create_coinbase(self.nodes[0].getblockcount()+1))
block.nVersion = 3
block.vtx.extend([tx1, tx2, tx3])
block.hashMerkleRoot = block.calc_merkle_root()
block.rehash()
add_witness_commitment(block)
block.solve()
self.nodes[0].submitblock(bytes_to_hex_str(block.serialize(True)))
assert_equal(self.nodes[0].getbestblockhash(), block.hash)
def test_compactblock_construction(self,
test_node,
use_witness_address=True):
version = test_node.cmpct_version
node = self.nodes[0]
# Generate a bunch of transactions.
node.generate(101)
num_transactions = 25
address = node.getnewaddress()
segwit_tx_generated = False
for i in range(num_transactions):
txid = node.sendtoaddress(address, 0.1)
hex_tx = node.gettransaction(txid)["hex"]
tx = FromHex(CTransaction(), hex_tx)
if not tx.wit.is_null():
segwit_tx_generated = True
if use_witness_address:
assert segwit_tx_generated # check that our test is not broken
# Wait until we've seen the block announcement for the resulting tip
tip = int(node.getbestblockhash(), 16)
test_node.wait_for_block_announcement(tip)
# Make sure we will receive a fast-announce compact block
self.request_cb_announcements(test_node)
# Now mine a block, and look at the resulting compact block.
test_node.clear_block_announcement()
block_hash = int(node.generate(1)[0], 16)
# Store the raw block in our internal format.
block = FromHex(CBlock(), node.getblock("%064x" % block_hash, False))
for tx in block.vtx:
tx.calc_sha256()
block.rehash()
# Wait until the block was announced (via compact blocks)
wait_until(test_node.received_block_announcement,
timeout=30,
lock=mininode_lock)
# Now fetch and check the compact block
header_and_shortids = None
with mininode_lock:
assert "cmpctblock" in test_node.last_message
# Convert the on-the-wire representation to absolute indexes
header_and_shortids = HeaderAndShortIDs(
test_node.last_message["cmpctblock"].header_and_shortids)
self.check_compactblock_construction_from_block(
version, header_and_shortids, block_hash, block)
# Now fetch the compact block using a normal non-announce getdata
with mininode_lock:
test_node.clear_block_announcement()
inv = CInv(4, block_hash) # 4 == "CompactBlock"
test_node.send_message(msg_getdata([inv]))
wait_until(test_node.received_block_announcement,
timeout=30,
lock=mininode_lock)
# Now fetch and check the compact block
header_and_shortids = None
with mininode_lock:
assert "cmpctblock" in test_node.last_message
# Convert the on-the-wire representation to absolute indexes
header_and_shortids = HeaderAndShortIDs(
test_node.last_message["cmpctblock"].header_and_shortids)
self.check_compactblock_construction_from_block(
version, header_and_shortids, block_hash, block)
def run_test(self):
self.nodes[0].add_p2p_connection(P2PDataStore())
self.nodeaddress = self.nodes[0].getnewaddress()
self.pubkey = self.nodes[0].getaddressinfo(self.nodeaddress)["pubkey"]
self.log.info("Mining %d blocks", CHAIN_HEIGHT)
self.coinbase_txids = [
self.nodes[0].getblock(b)['tx'][0] for b in self.nodes[0].generate(
CHAIN_HEIGHT, self.signblockprivkey_wif)
]
## P2PKH transaction
########################
self.log.info("Test using a P2PKH transaction")
spendtx = create_transaction(self.nodes[0],
self.coinbase_txids[0],
self.nodeaddress,
amount=10)
spendtx.rehash()
copy_spendTx = CTransaction(spendtx)
#cache hashes
hash = spendtx.hash
hashMalFix = spendtx.hashMalFix
#malleate
unDERify(spendtx)
spendtx.rehash()
# verify that hashMalFix remains the same even when signature is malleated and hash changes
assert_not_equal(hash, spendtx.hash)
assert_equal(hashMalFix, spendtx.hashMalFix)
# verify that hash is spendtx.serialize()
hash = encode(hash256(spendtx.serialize())[::-1],
'hex_codec').decode('ascii')
assert_equal(hash, spendtx.hash)
# verify that hashMalFix is spendtx.serialize(with_scriptsig=False)
hashMalFix = encode(
hash256(spendtx.serialize(with_scriptsig=False))[::-1],
'hex_codec').decode('ascii')
assert_equal(hashMalFix, spendtx.hashMalFix)
assert_not_equal(hash, hashMalFix)
#as this transaction does not have witness data the following is true
assert_equal(spendtx.serialize(),
spendtx.serialize(with_witness=True, with_scriptsig=True))
assert_equal(spendtx.serialize(with_witness=False),
spendtx.serialize(with_witness=True, with_scriptsig=True))
assert_not_equal(
spendtx.serialize(with_witness=False),
spendtx.serialize(with_witness=True, with_scriptsig=False))
assert_equal(spendtx.serialize(with_witness=False),
spendtx.serialize_without_witness(with_scriptsig=True))
assert_equal(spendtx.serialize_with_witness(with_scriptsig=True),
spendtx.serialize_without_witness(with_scriptsig=True))
assert_equal(spendtx.serialize_with_witness(with_scriptsig=False),
spendtx.serialize_without_witness(with_scriptsig=False))
#Create block with only non-DER signature P2PKH transaction
tip = self.nodes[0].getbestblockhash()
block_time = self.nodes[0].getblockheader(tip)['mediantime'] + 1
block = create_block(int(tip, 16), create_coinbase(CHAIN_HEIGHT + 1),
block_time)
block.vtx.append(spendtx)
block.hashMerkleRoot = block.calc_merkle_root()
block.hashImMerkleRoot = block.calc_immutable_merkle_root()
block.rehash()
block.solve(self.signblockprivkey)
# serialize with and without witness block remains the same
assert_equal(block.serialize(with_witness=True), block.serialize())
assert_equal(block.serialize(with_witness=True),
block.serialize(with_witness=False))
assert_equal(block.serialize(with_witness=True),
block.serialize(with_witness=False, with_scriptsig=True))
self.log.info("Reject block with non-DER signature")
self.nodes[0].p2p.send_and_ping(msg_block(block))
assert_equal(self.nodes[0].getbestblockhash(), tip)
wait_until(lambda: "reject" in self.nodes[0].p2p.last_message.keys(),
lock=mininode_lock)
with mininode_lock:
assert_equal(self.nodes[0].p2p.last_message["reject"].code,
REJECT_INVALID)
assert_equal(self.nodes[0].p2p.last_message["reject"].data,
block.sha256)
assert_equal(self.nodes[0].p2p.last_message["reject"].reason,
b'block-validation-failed')
self.log.info("Accept block with DER signature")
#recreate block with DER sig transaction
block = create_block(int(tip, 16), create_coinbase(CHAIN_HEIGHT + 1),
block_time)
block.vtx.append(copy_spendTx)
block.hashMerkleRoot = block.calc_merkle_root()
block.hashImMerkleRoot = block.calc_immutable_merkle_root()
block.rehash()
block.solve(self.signblockprivkey)
self.nodes[0].p2p.send_and_ping(msg_block(block))
assert_equal(self.nodes[0].getbestblockhash(), block.hash)
## P2SH transaction
########################
self.log.info("Test using P2SH transaction ")
REDEEM_SCRIPT_1 = CScript([OP_1, OP_DROP])
P2SH_1 = CScript([OP_HASH160, hash160(REDEEM_SCRIPT_1), OP_EQUAL])
tx = CTransaction()
tx.vin.append(
CTxIn(COutPoint(int(self.coinbase_txids[1], 16), 0), b"",
0xffffffff))
tx.vout.append(CTxOut(10, P2SH_1))
tx.rehash()
spendtx_raw = self.nodes[0].signrawtransactionwithwallet(
ToHex(tx), [], "ALL", self.options.scheme)["hex"]
spendtx = FromHex(spendtx, spendtx_raw)
spendtx.rehash()
copy_spendTx = CTransaction(spendtx)
#cache hashes
hash = spendtx.hash
hashMalFix = spendtx.hashMalFix
#malleate
spendtxcopy = spendtx
unDERify(spendtxcopy)
spendtxcopy.rehash()
# verify that hashMalFix remains the same even when signature is malleated and hash changes
assert_not_equal(hash, spendtxcopy.hash)
assert_equal(hashMalFix, spendtxcopy.hashMalFix)
# verify that hash is spendtx.serialize()
hash = encode(
hash256(spendtx.serialize(with_witness=False))[::-1],
'hex_codec').decode('ascii')
assert_equal(hash, spendtx.hash)
# verify that hashMalFix is spendtx.serialize(with_scriptsig=False)
hashMalFix = encode(
hash256(spendtx.serialize(with_witness=False,
with_scriptsig=False))[::-1],
'hex_codec').decode('ascii')
assert_equal(hashMalFix, spendtx.hashMalFix)
assert_not_equal(hash, hashMalFix)
#as this transaction does not have witness data the following is true
assert_equal(spendtx.serialize(),
spendtx.serialize(with_witness=True, with_scriptsig=True))
assert_equal(spendtx.serialize(with_witness=False),
spendtx.serialize(with_witness=True, with_scriptsig=True))
assert_not_equal(
spendtx.serialize(with_witness=False),
spendtx.serialize(with_witness=True, with_scriptsig=False))
assert_equal(spendtx.serialize(with_witness=False),
spendtx.serialize_without_witness(with_scriptsig=True))
assert_equal(spendtx.serialize_with_witness(with_scriptsig=True),
spendtx.serialize_without_witness(with_scriptsig=True))
assert_equal(spendtx.serialize_with_witness(with_scriptsig=False),
spendtx.serialize_without_witness(with_scriptsig=False))
#Create block with only non-DER signature P2SH transaction
tip = self.nodes[0].getbestblockhash()
block_time = self.nodes[0].getblockheader(tip)['mediantime'] + 1
block = create_block(int(tip, 16), create_coinbase(CHAIN_HEIGHT + 2),
block_time)
block.vtx.append(spendtx)
block.hashMerkleRoot = block.calc_merkle_root()
block.hashImMerkleRoot = block.calc_immutable_merkle_root()
block.rehash()
block.solve(self.signblockprivkey)
# serialize with and without witness block remains the same
assert_equal(block.serialize(with_witness=True), block.serialize())
assert_equal(block.serialize(with_witness=True),
block.serialize(with_witness=False))
assert_equal(block.serialize(with_witness=True),
block.serialize(with_witness=True, with_scriptsig=True))
self.log.info("Reject block with non-DER signature")
self.nodes[0].p2p.send_and_ping(msg_block(block))
assert_equal(self.nodes[0].getbestblockhash(), tip)
wait_until(lambda: "reject" in self.nodes[0].p2p.last_message.keys(),
lock=mininode_lock)
with mininode_lock:
assert_equal(self.nodes[0].p2p.last_message["reject"].code,
REJECT_INVALID)
assert_equal(self.nodes[0].p2p.last_message["reject"].data,
block.sha256)
assert_equal(self.nodes[0].p2p.last_message["reject"].reason,
b'block-validation-failed')
self.log.info("Accept block with DER signature")
#recreate block with DER sig transaction
block = create_block(int(tip, 16), create_coinbase(CHAIN_HEIGHT + 2),
block_time)
block.vtx.append(copy_spendTx)
block.hashMerkleRoot = block.calc_merkle_root()
block.hashImMerkleRoot = block.calc_immutable_merkle_root()
block.rehash()
block.solve(self.signblockprivkey)
self.nodes[0].p2p.send_and_ping(msg_block(block))
assert_equal(self.nodes[0].getbestblockhash(), block.hash)
## redeem previous P2SH
#########################
self.log.info("Test using P2SH redeem transaction ")
tx = CTransaction()
tx.vout.append(CTxOut(1, CScript([OP_TRUE])))
tx.vin.append(CTxIn(COutPoint(block.vtx[1].malfixsha256, 0), b''))
(sighash, err) = SignatureHash(REDEEM_SCRIPT_1, tx, 1, SIGHASH_ALL)
signKey = CECKey()
signKey.set_secretbytes(b"horsebattery")
sig = signKey.sign(sighash) + bytes(bytearray([SIGHASH_ALL]))
scriptSig = CScript([sig, REDEEM_SCRIPT_1])
tx.vin[0].scriptSig = scriptSig
tx.rehash()
spendtx_raw = self.nodes[0].signrawtransactionwithwallet(
ToHex(tx), [], "ALL", self.options.scheme)["hex"]
spendtx = FromHex(spendtx, spendtx_raw)
spendtx.rehash()
#cache hashes
hash = spendtx.hash
hashMalFix = spendtx.hashMalFix
#malleate
spendtxcopy = spendtx
unDERify(spendtxcopy)
spendtxcopy.rehash()
# verify that hashMalFix remains the same even when signature is malleated and hash changes
assert_not_equal(hash, spendtxcopy.hash)
assert_equal(hashMalFix, spendtxcopy.hashMalFix)
# verify that hash is spendtx.serialize()
hash = encode(
hash256(spendtx.serialize(with_witness=False))[::-1],
'hex_codec').decode('ascii')
assert_equal(hash, spendtx.hash)
# verify that hashMalFix is spendtx.serialize(with_scriptsig=False)
hashMalFix = encode(
hash256(spendtx.serialize(with_witness=False,
with_scriptsig=False))[::-1],
'hex_codec').decode('ascii')
assert_equal(hashMalFix, spendtx.hashMalFix)
assert_not_equal(hash, hashMalFix)
#as this transaction does not have witness data the following is true
assert_equal(spendtx.serialize(),
spendtx.serialize(with_witness=True, with_scriptsig=True))
assert_equal(spendtx.serialize(with_witness=False),
spendtx.serialize(with_witness=True, with_scriptsig=True))
assert_not_equal(
spendtx.serialize(with_witness=False),
spendtx.serialize(with_witness=True, with_scriptsig=False))
assert_equal(spendtx.serialize(with_witness=False),
spendtx.serialize_without_witness(with_scriptsig=True))
assert_equal(spendtx.serialize_with_witness(with_scriptsig=True),
spendtx.serialize_without_witness(with_scriptsig=True))
assert_equal(spendtx.serialize_with_witness(with_scriptsig=False),
spendtx.serialize_without_witness(with_scriptsig=False))
#Create block with only non-DER signature P2SH redeem transaction
tip = self.nodes[0].getbestblockhash()
block_time = self.nodes[0].getblockheader(tip)['mediantime'] + 1
block = create_block(int(tip, 16), create_coinbase(CHAIN_HEIGHT + 3),
block_time)
block.vtx.append(spendtx)
block.hashMerkleRoot = block.calc_merkle_root()
block.hashImMerkleRoot = block.calc_immutable_merkle_root()
block.rehash()
block.solve(self.signblockprivkey)
# serialize with and without witness block remains the same
assert_equal(block.serialize(with_witness=True), block.serialize())
assert_equal(block.serialize(with_witness=True),
block.serialize(with_witness=False))
assert_equal(block.serialize(with_witness=True),
block.serialize(with_witness=True, with_scriptsig=True))
self.log.info("Accept block with P2SH redeem transaction")
self.nodes[0].p2p.send_and_ping(msg_block(block))
assert_equal(self.nodes[0].getbestblockhash(), block.hash)
## p2sh_p2wpkh transaction
##############################
self.log.info("Test using p2sh_p2wpkh transaction ")
spendtxStr = create_witness_tx(self.nodes[0],
True,
getInput(self.coinbase_txids[4]),
self.pubkey,
amount=1.0)
#get CTRansaction object from above hex
spendtx = CTransaction()
spendtx.deserialize(BytesIO(hex_str_to_bytes(spendtxStr)))
spendtx.rehash()
#cache hashes
spendtx.rehash()
hash = spendtx.hash
hashMalFix = spendtx.hashMalFix
withash = spendtx.calc_sha256(True)
# malleate
unDERify(spendtx)
spendtx.rehash()
withash2 = spendtx.calc_sha256(True)
# verify that hashMalFix remains the same even when signature is malleated and hash changes
assert_equal(withash, withash2)
assert_equal(hash, spendtx.hash)
assert_equal(hashMalFix, spendtx.hashMalFix)
# verify that hash is spendtx.serialize()
hash = encode(hash256(spendtx.serialize())[::-1],
'hex_codec').decode('ascii')
assert_equal(hash, spendtx.hash)
# verify that hashMalFix is spendtx.serialize(with_scriptsig=False)
hashMalFix = encode(
hash256(spendtx.serialize(with_scriptsig=False))[::-1],
'hex_codec').decode('ascii')
assert_equal(hashMalFix, spendtx.hashMalFix)
assert_not_equal(hash, hashMalFix)
#as this transaction does not have witness data the following is true
assert_equal(spendtx.serialize(),
spendtx.serialize(with_witness=True, with_scriptsig=True))
assert_equal(spendtx.serialize(with_witness=False),
spendtx.serialize(with_witness=True, with_scriptsig=True))
assert_not_equal(
spendtx.serialize(with_witness=False),
spendtx.serialize(with_witness=True, with_scriptsig=False))
assert_equal(spendtx.serialize(with_witness=False),
spendtx.serialize_without_witness(with_scriptsig=True))
assert_equal(spendtx.serialize_with_witness(with_scriptsig=True),
spendtx.serialize_without_witness(with_scriptsig=True))
assert_equal(spendtx.serialize_with_witness(with_scriptsig=False),
spendtx.serialize_without_witness(with_scriptsig=False))
#Create block with only non-DER signature p2sh_p2wpkh transaction
spendtxStr = self.nodes[0].signrawtransactionwithwallet(
spendtxStr, [], "ALL", self.options.scheme)
assert ("errors" not in spendtxStr or len(["errors"]) == 0)
spendtxStr = spendtxStr["hex"]
spendtx = CTransaction()
spendtx.deserialize(BytesIO(hex_str_to_bytes(spendtxStr)))
spendtx.rehash()
tip = self.nodes[0].getbestblockhash()
block_time = self.nodes[0].getblockheader(tip)['mediantime'] + 1
block = create_block(int(tip, 16), create_coinbase(CHAIN_HEIGHT + 4),
block_time)
block.vtx.append(spendtx)
add_witness_commitment(block)
block.hashMerkleRoot = block.calc_merkle_root()
block.hashImMerkleRoot = block.calc_immutable_merkle_root()
block.rehash()
block.solve(self.signblockprivkey)
# serialize with and without witness
assert_equal(block.serialize(with_witness=False), block.serialize())
assert_not_equal(block.serialize(with_witness=True),
block.serialize(with_witness=False))
assert_not_equal(
block.serialize(with_witness=True),
block.serialize(with_witness=False, with_scriptsig=True))
self.log.info(
"Reject block with p2sh_p2wpkh transaction and witness commitment")
assert_raises_rpc_error(
-22, "Block does not start with a coinbase",
self.nodes[0].submitblock,
bytes_to_hex_str(block.serialize(with_witness=True)))
assert_equal(self.nodes[0].getbestblockhash(), tip)
block = create_block(int(tip, 16), create_coinbase(CHAIN_HEIGHT + 4),
block_time)
block.vtx.append(spendtx)
block.hashMerkleRoot = block.calc_merkle_root()
block.hashImMerkleRoot = block.calc_immutable_merkle_root()
block.rehash()
block.solve(self.signblockprivkey)
self.log.info("Accept block with p2sh_p2wpkh transaction")
self.nodes[0].submitblock(
bytes_to_hex_str(block.serialize(with_witness=True)))
assert_equal(self.nodes[0].getbestblockhash(), block.hash)
## p2sh_p2wsh transaction
##############################
self.log.info("Test using p2sh_p2wsh transaction")
spendtxStr = create_witness_tx(self.nodes[0],
True,
getInput(self.coinbase_txids[5]),
self.pubkey,
amount=1.0)
#get CTRansaction object from above hex
spendtx = CTransaction()
spendtx.deserialize(BytesIO(hex_str_to_bytes(spendtxStr)))
spendtx.rehash()
#cache hashes
spendtx.rehash()
hash = spendtx.hash
hashMalFix = spendtx.hashMalFix
withash = spendtx.calc_sha256(True)
# malleate
unDERify(spendtx)
spendtx.rehash()
withash2 = spendtx.calc_sha256(True)
# verify that hashMalFix remains the same even when signature is malleated and hash changes
assert_equal(withash, withash2)
assert_equal(hash, spendtx.hash)
assert_equal(hashMalFix, spendtx.hashMalFix)
# verify that hash is spendtx.serialize()
hash = encode(hash256(spendtx.serialize())[::-1],
'hex_codec').decode('ascii')
assert_equal(hash, spendtx.hash)
# verify that hashMalFix is spendtx.serialize(with_scriptsig=False)
hashMalFix = encode(
hash256(spendtx.serialize(with_scriptsig=False))[::-1],
'hex_codec').decode('ascii')
assert_equal(hashMalFix, spendtx.hashMalFix)
assert_not_equal(hash, hashMalFix)
#as this transaction does not have witness data the following is true
assert_equal(spendtx.serialize(),
spendtx.serialize(with_witness=True, with_scriptsig=True))
assert_equal(spendtx.serialize(with_witness=False),
spendtx.serialize(with_witness=True, with_scriptsig=True))
assert_not_equal(
spendtx.serialize(with_witness=False),
spendtx.serialize(with_witness=True, with_scriptsig=False))
assert_equal(spendtx.serialize(with_witness=False),
spendtx.serialize_without_witness(with_scriptsig=True))
assert_equal(spendtx.serialize_with_witness(with_scriptsig=True),
spendtx.serialize_without_witness(with_scriptsig=True))
assert_equal(spendtx.serialize_with_witness(with_scriptsig=False),
spendtx.serialize_without_witness(with_scriptsig=False))
#Create block with only non-DER signature p2sh_p2wsh transaction
spendtxStr = self.nodes[0].signrawtransactionwithwallet(
spendtxStr, [], "ALL", self.options.scheme)
assert ("errors" not in spendtxStr or len(["errors"]) == 0)
spendtxStr = spendtxStr["hex"]
spendtx = CTransaction()
spendtx.deserialize(BytesIO(hex_str_to_bytes(spendtxStr)))
spendtx.rehash()
tip = self.nodes[0].getbestblockhash()
block_time = self.nodes[0].getblockheader(tip)['mediantime'] + 1
block = create_block(int(tip, 16), create_coinbase(CHAIN_HEIGHT + 5),
block_time)
block.vtx.append(spendtx)
add_witness_commitment(block)
block.hashMerkleRoot = block.calc_merkle_root()
block.hashImMerkleRoot = block.calc_immutable_merkle_root()
block.rehash()
block.solve(self.signblockprivkey)
# serialize with and without witness
assert_equal(block.serialize(with_witness=False), block.serialize())
assert_not_equal(block.serialize(with_witness=True),
block.serialize(with_witness=False))
assert_not_equal(
block.serialize(with_witness=True),
block.serialize(with_witness=False, with_scriptsig=True))
self.log.info(
"Reject block with p2sh_p2wsh transaction and witness commitment")
assert_raises_rpc_error(
-22, "Block does not start with a coinbase",
self.nodes[0].submitblock,
bytes_to_hex_str(block.serialize(with_witness=True)))
assert_equal(self.nodes[0].getbestblockhash(), tip)
block = create_block(int(tip, 16), create_coinbase(CHAIN_HEIGHT + 5),
block_time)
block.vtx.append(spendtx)
block.hashMerkleRoot = block.calc_merkle_root()
block.hashImMerkleRoot = block.calc_immutable_merkle_root()
block.rehash()
block.solve(self.signblockprivkey)
self.log.info("Accept block with p2sh_p2wsh transaction")
self.nodes[0].submitblock(
bytes_to_hex_str(block.serialize(with_witness=True)))
assert_equal(self.nodes[0].getbestblockhash(), block.hash)
def check_tx_relay(self):
block_op_true = self.nodes[0].getblock(self.nodes[0].generatetoaddress(
100, ADDRESS_BCRT1_P2WSH_OP_TRUE)[0])
self.sync_all()
self.log.debug(
"Create a connection from a forcerelay peer that rebroadcasts raw txs"
)
# A test framework p2p connection is needed to send the raw transaction directly. If a full node was used, it could only
# rebroadcast via the inv-getdata mechanism. However, even for forcerelay connections, a full node would
# currently not request a txid that is already in the mempool.
self.restart_node(1, extra_args=["[email protected]"])
p2p_rebroadcast_wallet = self.nodes[1].add_p2p_connection(
P2PDataStore())
self.log.debug("Send a tx from the wallet initially")
tx = FromHex(
CTransaction(),
self.nodes[0].createrawtransaction(inputs=[{
'txid':
block_op_true['tx'][0],
'vout':
0,
}],
outputs=[{
ADDRESS_BCRT1_P2WSH_OP_TRUE:
5,
}]),
)
tx.wit.vtxinwit = [CTxInWitness()]
tx.wit.vtxinwit[0].scriptWitness.stack = [CScript([OP_TRUE])]
txid = tx.rehash()
self.log.debug("Wait until tx is in node[1]'s mempool")
p2p_rebroadcast_wallet.send_txs_and_test([tx], self.nodes[1])
self.log.debug(
"Check that node[1] will send the tx to node[0] even though it is already in the mempool"
)
self.connect_nodes(1, 0)
with self.nodes[1].assert_debug_log(
["Force relaying tx {} from peer=0".format(txid)]):
p2p_rebroadcast_wallet.send_txs_and_test([tx], self.nodes[1])
self.wait_until(lambda: txid in self.nodes[0].getrawmempool())
self.log.debug(
"Check that node[1] will not send an invalid tx to node[0]")
tx.vout[0].nValue += 1
txid = tx.rehash()
# Send the transaction twice. The first time, it'll be rejected by ATMP because it conflicts
# with a mempool transaction. The second time, it'll be in the recentRejects filter.
p2p_rebroadcast_wallet.send_txs_and_test(
[tx],
self.nodes[1],
success=False,
reject_reason='{} from peer=0 was not accepted: txn-mempool-conflict'
.format(txid))
p2p_rebroadcast_wallet.send_txs_and_test(
[tx],
self.nodes[1],
success=False,
reject_reason=
'Not relaying non-mempool transaction {} from forcerelay peer=0'.
format(txid))
def run_test(self):
node = self.nodes[0]
self.log.info('Start with empty mempool, and 200 blocks')
self.mempool_size = 0
assert_equal(node.getblockcount(), 200)
assert_equal(node.getmempoolinfo()['size'], self.mempool_size)
coins = node.listunspent()
self.log.info('Should not accept garbage to testmempoolaccept')
assert_raises_rpc_error(-3, 'Expected type array, got string',
lambda: node.testmempoolaccept(rawtxs='ff00baar'))
assert_raises_rpc_error(-8, 'Array must contain exactly one raw transaction for now',
lambda: node.testmempoolaccept(rawtxs=['ff00baar', 'ff22']))
assert_raises_rpc_error(-22, 'TX decode failed',
lambda: node.testmempoolaccept(rawtxs=['ff00baar']))
self.log.info('A transaction already in the blockchain')
# Pick a random coin(base) to spend
coin = coins.pop()
raw_tx_in_block = node.signrawtransactionwithwallet(node.createrawtransaction(
inputs=[{'txid': coin['txid'], 'vout': coin['vout']}],
outputs=[{node.getnewaddress(): 0.3}, {node.getnewaddress(): 49}],
))['hex']
txid_in_block = node.sendrawtransaction(
hexstring=raw_tx_in_block, maxfeerate=0)
node.generate(1)
self.mempool_size = 0
self.check_mempool_result(
result_expected=[{'txid': txid_in_block, 'allowed': False,
'reject-reason': 'txn-already-known'}],
rawtxs=[raw_tx_in_block],
)
self.log.info('A transaction not in the mempool')
fee = 0.00000700
raw_tx_0 = node.signrawtransactionwithwallet(node.createrawtransaction(
inputs=[{"txid": txid_in_block, "vout": 0,
"sequence": 0xfffffffd}],
outputs=[{node.getnewaddress(): 0.3 - fee}],
))['hex']
tx = FromHex(CTransaction(), raw_tx_0)
txid_0 = tx.rehash()
self.check_mempool_result(
result_expected=[{'txid': txid_0, 'allowed': True}],
rawtxs=[raw_tx_0],
)
self.log.info('A final transaction not in the mempool')
# Pick a random coin(base) to spend
coin = coins.pop()
raw_tx_final = node.signrawtransactionwithwallet(node.createrawtransaction(
inputs=[{'txid': coin['txid'], 'vout': coin['vout'],
"sequence": 0xffffffff}], # SEQUENCE_FINAL
outputs=[{node.getnewaddress(): 0.025}],
locktime=node.getblockcount() + 2000, # Can be anything
))['hex']
tx = FromHex(CTransaction(), raw_tx_final)
self.check_mempool_result(
result_expected=[{'txid': tx.rehash(), 'allowed': True}],
rawtxs=[tx.serialize().hex()],
maxfeerate=0,
)
node.sendrawtransaction(hexstring=raw_tx_final, maxfeerate=0)
self.mempool_size += 1
self.log.info('A transaction in the mempool')
node.sendrawtransaction(hexstring=raw_tx_0)
self.mempool_size += 1
self.check_mempool_result(
result_expected=[{'txid': txid_0, 'allowed': False,
'reject-reason': 'txn-already-in-mempool'}],
rawtxs=[raw_tx_0],
)
# Removed RBF test
# self.log.info('A transaction that replaces a mempool transaction')
# ...
self.log.info('A transaction that conflicts with an unconfirmed tx')
# Send the transaction that conflicts with the mempool transaction
node.sendrawtransaction(hexstring=tx.serialize().hex(), maxfeerate=0)
# take original raw_tx_0
tx = FromHex(CTransaction(), raw_tx_0)
tx.vout[0].nValue -= int(4 * fee * COIN) # Set more fee
# skip re-signing the tx
self.check_mempool_result(
result_expected=[{'txid': tx.rehash(),
'allowed': False,
'reject-reason': 'txn-mempool-conflict'}],
rawtxs=[tx.serialize().hex()],
maxfeerate=0,
)
self.log.info('A transaction with missing inputs, that never existed')
tx = FromHex(CTransaction(), raw_tx_0)
tx.vin[0].prevout = COutPoint(hash=int('ff' * 32, 16), n=14)
# skip re-signing the tx
self.check_mempool_result(
result_expected=[
{'txid': tx.rehash(), 'allowed': False, 'reject-reason': 'missing-inputs'}],
rawtxs=[ToHex(tx)],
)
self.log.info(
'A transaction with missing inputs, that existed once in the past')
tx = FromHex(CTransaction(), raw_tx_0)
# Set vout to 1, to spend the other outpoint (49 coins) of the
# in-chain-tx we want to double spend
tx.vin[0].prevout.n = 1
raw_tx_1 = node.signrawtransactionwithwallet(
ToHex(tx))['hex']
txid_1 = node.sendrawtransaction(hexstring=raw_tx_1, maxfeerate=0)
# Now spend both to "clearly hide" the outputs, ie. remove the coins
# from the utxo set by spending them
raw_tx_spend_both = node.signrawtransactionwithwallet(node.createrawtransaction(
inputs=[
{'txid': txid_0, 'vout': 0},
{'txid': txid_1, 'vout': 0},
],
outputs=[{node.getnewaddress(): 0.1}]
))['hex']
txid_spend_both = node.sendrawtransaction(
hexstring=raw_tx_spend_both, maxfeerate=0)
node.generate(1)
self.mempool_size = 0
# Now see if we can add the coins back to the utxo set by sending the
# exact txs again
self.check_mempool_result(
result_expected=[
{'txid': txid_0, 'allowed': False, 'reject-reason': 'missing-inputs'}],
rawtxs=[raw_tx_0],
)
self.check_mempool_result(
result_expected=[
{'txid': txid_1, 'allowed': False, 'reject-reason': 'missing-inputs'}],
rawtxs=[raw_tx_1],
)
self.log.info('Create a signed "reference" tx for later use')
raw_tx_reference = node.signrawtransactionwithwallet(node.createrawtransaction(
inputs=[{'txid': txid_spend_both, 'vout': 0}],
outputs=[{node.getnewaddress(): 0.05}],
))['hex']
tx = FromHex(CTransaction(), raw_tx_reference)
# Reference tx should be valid on itself
self.check_mempool_result(
result_expected=[{'txid': tx.rehash(), 'allowed': True}],
rawtxs=[ToHex(tx)],
maxfeerate=0,
)
self.log.info('A transaction with no outputs')
tx = FromHex(CTransaction(), raw_tx_reference)
tx.vout = []
# Skip re-signing the transaction for context independent checks from now on
# FromHex(tx, node.signrawtransactionwithwallet(ToHex(tx))['hex'])
self.check_mempool_result(
result_expected=[{'txid': tx.rehash(
), 'allowed': False, 'reject-reason': 'bad-txns-vout-empty'}],
rawtxs=[ToHex(tx)],
)
self.log.info('A really large transaction')
tx = FromHex(CTransaction(), raw_tx_reference)
tx.vin = [tx.vin[0]] * (1 + MAX_BLOCK_BASE_SIZE
// len(tx.vin[0].serialize()))
self.check_mempool_result(
result_expected=[
{'txid': tx.rehash(), 'allowed': False, 'reject-reason': 'bad-txns-oversize'}],
rawtxs=[ToHex(tx)],
)
self.log.info('A transaction with negative output value')
tx = FromHex(CTransaction(), raw_tx_reference)
tx.vout[0].nValue *= -1
self.check_mempool_result(
result_expected=[{'txid': tx.rehash(
), 'allowed': False, 'reject-reason': 'bad-txns-vout-negative'}],
rawtxs=[ToHex(tx)],
)
# The following two validations prevent overflow of the output amounts
# (see CVE-2010-5139).
self.log.info('A transaction with too large output value')
tx = FromHex(CTransaction(), raw_tx_reference)
tx.vout[0].nValue = MAX_MONEY + 1
self.check_mempool_result(
result_expected=[{'txid': tx.rehash(
), 'allowed': False, 'reject-reason': 'bad-txns-vout-toolarge'}],
rawtxs=[ToHex(tx)],
)
self.log.info('A transaction with too large sum of output values')
tx = FromHex(CTransaction(), raw_tx_reference)
tx.vout = [tx.vout[0]] * 2
tx.vout[0].nValue = MAX_MONEY
self.check_mempool_result(
result_expected=[{'txid': tx.rehash(
), 'allowed': False, 'reject-reason': 'bad-txns-txouttotal-toolarge'}],
rawtxs=[ToHex(tx)],
)
self.log.info('A transaction with duplicate inputs')
tx = FromHex(CTransaction(), raw_tx_reference)
tx.vin = [tx.vin[0]] * 2
self.check_mempool_result(
result_expected=[{'txid': tx.rehash(
), 'allowed': False, 'reject-reason': 'bad-txns-inputs-duplicate'}],
rawtxs=[ToHex(tx)],
)
self.log.info('A coinbase transaction')
# Pick the input of the first tx we signed, so it has to be a coinbase
# tx
raw_tx_coinbase_spent = node.getrawtransaction(
txid=node.decoderawtransaction(hexstring=raw_tx_in_block)['vin'][0]['txid'])
tx = FromHex(CTransaction(), raw_tx_coinbase_spent)
self.check_mempool_result(
result_expected=[
{'txid': tx.rehash(), 'allowed': False, 'reject-reason': 'bad-tx-coinbase'}],
rawtxs=[ToHex(tx)],
)
self.log.info('Some nonstandard transactions')
tx = FromHex(CTransaction(), raw_tx_reference)
tx.nVersion = 3 # A version currently non-standard
self.check_mempool_result(
result_expected=[
{'txid': tx.rehash(), 'allowed': False, 'reject-reason': 'version'}],
rawtxs=[ToHex(tx)],
)
tx = FromHex(CTransaction(), raw_tx_reference)
tx.vout[0].scriptPubKey = CScript([OP_0]) # Some non-standard script
self.check_mempool_result(
result_expected=[
{'txid': tx.rehash(), 'allowed': False, 'reject-reason': 'scriptpubkey'}],
rawtxs=[ToHex(tx)],
)
tx = FromHex(CTransaction(), raw_tx_reference)
key = ECKey()
key.generate()
pubkey = key.get_pubkey().get_bytes()
# Some bare multisig script (2-of-3)
tx.vout[0].scriptPubKey = CScript(
[OP_2, pubkey, pubkey, pubkey, OP_3, OP_CHECKMULTISIG])
self.check_mempool_result(
result_expected=[{'txid': tx.rehash(), 'allowed': False,
'reject-reason': 'bare-multisig'}],
rawtxs=[tx.serialize().hex()],
)
tx = FromHex(CTransaction(), raw_tx_reference)
# Some not-pushonly scriptSig
tx.vin[0].scriptSig = CScript([OP_HASH160])
self.check_mempool_result(
result_expected=[{'txid': tx.rehash(
), 'allowed': False, 'reject-reason': 'scriptsig-not-pushonly'}],
rawtxs=[ToHex(tx)],
)
tx = FromHex(CTransaction(), raw_tx_reference)
# Some too large scriptSig (>1650 bytes)
tx.vin[0].scriptSig = CScript([b'a' * 1648])
self.check_mempool_result(
result_expected=[{'txid': tx.rehash(), 'allowed': False,
'reject-reason': 'scriptsig-size'}],
rawtxs=[tx.serialize().hex()],
)
tx = FromHex(CTransaction(), raw_tx_reference)
output_p2sh_burn = CTxOut(nValue=540, scriptPubKey=CScript(
[OP_HASH160, hash160(b'burn'), OP_EQUAL]))
# Use enough outputs to make the tx too large for our policy
num_scripts = 100000 // len(output_p2sh_burn.serialize())
tx.vout = [output_p2sh_burn] * num_scripts
self.check_mempool_result(
result_expected=[
{'txid': tx.rehash(), 'allowed': False, 'reject-reason': 'tx-size'}],
rawtxs=[ToHex(tx)],
)
tx = FromHex(CTransaction(), raw_tx_reference)
tx.vout[0] = output_p2sh_burn
# Make output smaller, such that it is dust for our policy
tx.vout[0].nValue -= 1
self.check_mempool_result(
result_expected=[
{'txid': tx.rehash(), 'allowed': False, 'reject-reason': 'dust'}],
rawtxs=[ToHex(tx)],
)
tx = FromHex(CTransaction(), raw_tx_reference)
tx.vout[0].scriptPubKey = CScript([OP_RETURN, b'\xff'])
tx.vout = [tx.vout[0]] * 2
self.check_mempool_result(
result_expected=[
{'txid': tx.rehash(), 'allowed': False, 'reject-reason': 'multi-op-return'}],
rawtxs=[ToHex(tx)],
)
self.log.info('A timelocked transaction')
tx = FromHex(CTransaction(), raw_tx_reference)
# Should be non-max, so locktime is not ignored
tx.vin[0].nSequence -= 1
tx.nLockTime = node.getblockcount() + 1
self.check_mempool_result(
result_expected=[
{'txid': tx.rehash(), 'allowed': False, 'reject-reason': 'bad-txns-nonfinal'}],
rawtxs=[ToHex(tx)],
)
self.log.info('A transaction that is locked by BIP68 sequence logic')
tx = FromHex(CTransaction(), raw_tx_reference)
# We could include it in the second block mined from now, but not the
# very next one
tx.vin[0].nSequence = 2
# Can skip re-signing the tx because of early rejection
self.check_mempool_result(
result_expected=[{'txid': tx.rehash(),
'allowed': False,
'reject-reason': 'non-BIP68-final'}],
rawtxs=[tx.serialize().hex()],
maxfeerate=0,
)
def run_test(self):
self.nodes[0].add_p2p_connection(P2PInterface())
network_thread_start()
# wait_for_verack ensures that the P2P connection is fully up.
self.nodes[0].p2p.wait_for_verack()
self.log.info("Mining {} blocks".format(CLTV_HEIGHT - 2))
self.coinbase_blocks = self.nodes[0].generate(CLTV_HEIGHT - 2)
self.nodeaddress = self.nodes[0].getnewaddress()
self.log.info(
"Test that an invalid-according-to-CLTV transaction can still appear in a block"
)
spendtx = spend_from_coinbase(self.nodes[0], self.coinbase_blocks[0],
self.nodeaddress, 50.0)
spendtx = cltv_lock_to_height(self.nodes[0], spendtx)
# Make sure the tx is valid
self.nodes[0].sendrawtransaction(ToHex(spendtx))
tip = self.nodes[0].getbestblockhash()
block_time = self.nodes[0].getblockheader(tip)['mediantime'] + 1
block = create_block(int(tip, 16), create_coinbase(CLTV_HEIGHT - 1),
block_time)
block.nVersion = 3
block.vtx.append(spendtx)
block.hashMerkleRoot = block.calc_merkle_root()
block.solve()
self.nodes[0].p2p.send_and_ping(msg_block(block))
assert_equal(self.nodes[0].getbestblockhash(), block.hash)
self.log.info("Test that blocks must now be at least version 4")
tip = block.sha256
block_time += 1
block = create_block(tip, create_coinbase(CLTV_HEIGHT), block_time)
block.nVersion = 3
block.solve()
self.nodes[0].p2p.send_and_ping(msg_block(block))
assert_equal(int(self.nodes[0].getbestblockhash(), 16), tip)
wait_until(lambda: "reject" in self.nodes[0].p2p.last_message.keys(),
lock=mininode_lock)
with mininode_lock:
assert_equal(self.nodes[0].p2p.last_message["reject"].code,
REJECT_OBSOLETE)
assert_equal(self.nodes[0].p2p.last_message["reject"].reason,
b'bad-version(0x00000003)')
assert_equal(self.nodes[0].p2p.last_message["reject"].data,
block.sha256)
del self.nodes[0].p2p.last_message["reject"]
self.log.info(
"Test that invalid-according-to-cltv transactions cannot appear in a block"
)
block.nVersion = 4
spendtx = spend_from_coinbase(self.nodes[0], self.coinbase_blocks[1],
self.nodeaddress, 49.99)
spendtx = cltv_lock_to_height(self.nodes[0], spendtx)
# First we show that this tx is valid except for CLTV by getting it
# accepted to the mempool (which we can achieve with
# -promiscuousmempoolflags).
self.nodes[0].p2p.send_and_ping(msg_tx(spendtx))
assert spendtx.hash in self.nodes[0].getrawmempool()
# Mine a block containing the funding transaction
block.vtx.append(spendtx)
block.hashMerkleRoot = block.calc_merkle_root()
block.solve()
self.nodes[0].p2p.send_and_ping(msg_block(block))
# This block is valid
assert_equal(self.nodes[0].getbestblockhash(), block.hash)
# But a block containing a transaction spending this utxo is not
rawspendtx = self.nodes[0].decoderawtransaction(ToHex(spendtx))
inputs = [{
"txid": rawspendtx['txid'],
"vout": rawspendtx['vout'][0]['n']
}]
output = {self.nodeaddress: 49.98}
rejectedtx_raw = self.nodes[0].createrawtransaction(inputs, output)
rejectedtx_signed = self.nodes[0].signrawtransaction(rejectedtx_raw)
# Couldn't complete signature due to CLTV
assert (rejectedtx_signed['errors'][0]['error'] == 'Negative locktime')
rejectedtx = FromHex(CTransaction(), rejectedtx_signed['hex'])
pad_tx(rejectedtx)
rejectedtx.rehash()
tip = block.hash
block_time += 1
block = create_block(block.sha256, create_coinbase(CLTV_HEIGHT + 1),
block_time)
block.nVersion = 4
block.vtx.append(rejectedtx)
block.hashMerkleRoot = block.calc_merkle_root()
block.solve()
self.nodes[0].p2p.send_and_ping(msg_block(block))
# This block is invalid
assert_equal(self.nodes[0].getbestblockhash(), tip)
wait_until(lambda: "reject" in self.nodes[0].p2p.last_message.keys(),
lock=mininode_lock)
with mininode_lock:
assert self.nodes[0].p2p.last_message["reject"].code in [
REJECT_INVALID, REJECT_NONSTANDARD
]
assert_equal(self.nodes[0].p2p.last_message["reject"].data,
block.sha256)
if self.nodes[0].p2p.last_message["reject"].code == REJECT_INVALID:
# Generic rejection when a block is invalid
assert_equal(self.nodes[0].p2p.last_message["reject"].reason,
b'blk-bad-inputs')
else:
assert b'Negative locktime' in self.nodes[0].p2p.last_message[
"reject"].reason
self.log.info(
"Test that a version 4 block with a valid-according-to-CLTV transaction is accepted"
)
spendtx = spend_from_coinbase(self.nodes[0], self.coinbase_blocks[2],
self.nodeaddress, 49.99)
spendtx = cltv_lock_to_height(self.nodes[0], spendtx, CLTV_HEIGHT - 1)
# Modify the transaction in the block to be valid against CLTV
block.vtx.pop(1)
block.vtx.append(spendtx)
block.hashMerkleRoot = block.calc_merkle_root()
block.solve()
self.nodes[0].p2p.send_and_ping(msg_block(block))
# This block is now valid
assert_equal(self.nodes[0].getbestblockhash(), block.hash)
# A block containing a transaction spending this utxo is also valid
# Build this transaction
rawspendtx = self.nodes[0].decoderawtransaction(ToHex(spendtx))
inputs = [{
"txid": rawspendtx['txid'],
"vout": rawspendtx['vout'][0]['n'],
"sequence": 0
}]
output = {self.nodeaddress: 49.98}
validtx_raw = self.nodes[0].createrawtransaction(
inputs, output, CLTV_HEIGHT)
validtx = FromHex(CTransaction(), validtx_raw)
# Signrawtransaction won't sign a non standard tx.
# But the prevout being anyone can spend, scriptsig can be left empty
validtx.vin[0].scriptSig = CScript()
pad_tx(validtx)
validtx.rehash()
tip = block.sha256
block_time += 1
block = create_block(tip, create_coinbase(CLTV_HEIGHT + 3), block_time)
block.nVersion = 4
block.vtx.append(validtx)
block.hashMerkleRoot = block.calc_merkle_root()
block.solve()
self.nodes[0].p2p.send_and_ping(msg_block(block))
# This block is valid
assert_equal(self.nodes[0].getbestblockhash(), block.hash)
def tapscript_satisfy_test(self,
script,
inputs=[],
add_issuance=False,
add_pegin=False,
fail=None,
add_prevout=False,
add_asset=False,
add_value=False,
add_spk=False,
seq=0,
add_out_spk=None,
add_out_asset=None,
add_out_value=None,
add_out_nonce=None,
ver=2,
locktime=0,
add_num_outputs=False,
add_weight=False,
blind=False):
# Create a taproot utxo
scripts = [("s0", script)]
prev_tx, prev_vout, spk, sec, pub, tap = self.create_taproot_utxo(
scripts)
if add_pegin:
fund_info = self.nodes[0].getpeginaddress()
peg_id = self.nodes[0].sendtoaddress(
fund_info["mainchain_address"], 1)
raw_peg_tx = self.nodes[0].gettransaction(peg_id)["hex"]
peg_txid = self.nodes[0].sendrawtransaction(raw_peg_tx)
self.nodes[0].generate(101)
peg_prf = self.nodes[0].gettxoutproof([peg_txid])
claim_script = fund_info["claim_script"]
raw_claim = self.nodes[0].createrawpegin(raw_peg_tx, peg_prf,
claim_script)
tx = FromHex(CTransaction(), raw_claim['hex'])
else:
tx = CTransaction()
tx.nVersion = ver
tx.nLockTime = locktime
# Spend the pegin and taproot tx together
in_total = prev_tx.vout[prev_vout].nValue.getAmount()
fees = 1000
tap_in_pos = 0
if blind:
# Add an unrelated output
key = ECKey()
key.generate()
tx.vout.append(
CTxOut(nValue=CTxOutValue(10000),
scriptPubKey=spk,
nNonce=CTxOutNonce(key.get_pubkey().get_bytes())))
tx_hex = self.nodes[0].fundrawtransaction(tx.serialize().hex())
tx = FromHex(CTransaction(), tx_hex['hex'])
tx.vin.append(
CTxIn(COutPoint(prev_tx.sha256, prev_vout), nSequence=seq))
tx.vout.append(
CTxOut(nValue=CTxOutValue(in_total - fees),
scriptPubKey=spk)) # send back to self
tx.vout.append(CTxOut(CTxOutValue(fees)))
if add_issuance:
blind_addr = self.nodes[0].getnewaddress()
issue_addr = self.nodes[0].validateaddress(
blind_addr)['unconfidential']
# Issuances only require one fee output and that output must the last
# one. However the way, the current code is structured, it is not possible
# to this in a super clean without special casing.
if add_pegin:
tx.vout.pop()
tx.vout.pop()
tx.vout.insert(0,
CTxOut(nValue=CTxOutValue(in_total),
scriptPubKey=spk)) # send back to self)
issued_tx = self.nodes[0].rawissueasset(
tx.serialize().hex(), [{
"asset_amount": 2,
"asset_address": issue_addr,
"blind": False
}])[0]["hex"]
tx = FromHex(CTransaction(), issued_tx)
# Sign inputs
if add_pegin:
signed = self.nodes[0].signrawtransactionwithwallet(
tx.serialize().hex())
tx = FromHex(CTransaction(), signed['hex'])
tap_in_pos += 1
else:
# Need to create empty witness when not deserializing from rpc
tx.wit.vtxinwit.append(CTxInWitness())
if blind:
tx.vin[0], tx.vin[1] = tx.vin[1], tx.vin[0]
utxo = self.get_utxo(tx, 1)
zero_str = "0" * 64
blinded_raw = self.nodes[0].rawblindrawtransaction(
tx.serialize().hex(), [zero_str, utxo["amountblinder"]],
[1.2, utxo['amount']], [utxo['asset'], utxo['asset']],
[zero_str, utxo['assetblinder']])
tx = FromHex(CTransaction(), blinded_raw)
signed_raw_tx = self.nodes[0].signrawtransactionwithwallet(
tx.serialize().hex())
tx = FromHex(CTransaction(), signed_raw_tx['hex'])
suffix_annex = []
control_block = bytes([
tap.leaves["s0"].version + tap.negflag
]) + tap.inner_pubkey + tap.leaves["s0"].merklebranch
# Add the prevout to the top of inputs. The witness script will check for equality.
if add_prevout:
inputs = [
prev_vout.to_bytes(4, 'little'),
ser_uint256(prev_tx.sha256)
]
if add_asset:
assert blind # only used with blinding in testing
utxo = self.nodes[0].gettxout(
ser_uint256(tx.vin[1].prevout.hash)[::-1].hex(),
tx.vin[1].prevout.n)
if "assetcommitment" in utxo:
asset = bytes.fromhex(utxo["assetcommitment"])
else:
asset = b"\x01" + bytes.fromhex(utxo["asset"])[::-1]
inputs = [asset[0:1], asset[1:33]]
if add_value:
utxo = self.nodes[0].gettxout(
ser_uint256(tx.vin[1].prevout.hash)[::-1].hex(),
tx.vin[1].prevout.n)
if "valuecommitment" in utxo:
value = bytes.fromhex(utxo["valuecommitment"])
inputs = [value[0:1], value[1:33]]
else:
value = b"\x01" + int(
satoshi_round(utxo["value"]) * COIN).to_bytes(8, 'little')
inputs = [value[0:1], value[1:9]]
if add_spk:
ver = CScriptOp.decode_op_n(int.from_bytes(spk[0:1], 'little'))
inputs = [CScriptNum.encode(CScriptNum(ver))[1:],
spk[2:len(spk)]] # always segwit
# Add witness for outputs
if add_out_asset is not None:
asset = tx.vout[add_out_asset].nAsset.vchCommitment
inputs = [asset[0:1], asset[1:33]]
if add_out_value is not None:
value = tx.vout[add_out_value].nValue.vchCommitment
if len(value) == 9:
inputs = [value[0:1], value[1:9][::-1]]
else:
inputs = [value[0:1], value[1:33]]
if add_out_nonce is not None:
nonce = tx.vout[add_out_nonce].nNonce.vchCommitment
if len(nonce) == 1:
inputs = [b'']
else:
inputs = [nonce]
if add_out_spk is not None:
out_spk = tx.vout[add_out_spk].scriptPubKey
if len(out_spk) == 0:
# Python upstream encoding CScriptNum interesting behaviour where it also encodes the length
# This assumes the implicit wallet behaviour of using segwit outputs.
# This is useful while sending scripts, but not while using CScriptNums in constructing scripts
inputs = [
CScriptNum.encode(CScriptNum(-1))[1:],
sha256(out_spk)
]
else:
ver = CScriptOp.decode_op_n(
int.from_bytes(out_spk[0:1], 'little'))
inputs = [
CScriptNum.encode(CScriptNum(ver))[1:],
out_spk[2:len(out_spk)]
] # always segwit
if add_num_outputs:
num_outs = len(tx.vout)
inputs = [CScriptNum.encode(CScriptNum(num_outs))[1:]]
if add_weight:
# Add a dummy input and check the overall weight
inputs = [int(5).to_bytes(8, 'little')]
wit = inputs + [bytes(tap.leaves["s0"].script), control_block
] + suffix_annex
tx.wit.vtxinwit[tap_in_pos].scriptWitness.stack = wit
exp_weight = self.nodes[0].decoderawtransaction(
tx.serialize().hex())["weight"]
inputs = [exp_weight.to_bytes(8, 'little')]
wit = inputs + [bytes(tap.leaves["s0"].script), control_block
] + suffix_annex
tx.wit.vtxinwit[tap_in_pos].scriptWitness.stack = wit
if fail:
assert_raises_rpc_error(-26, fail,
self.nodes[0].sendrawtransaction,
tx.serialize().hex())
return
self.nodes[0].sendrawtransaction(hexstring=tx.serialize().hex())
self.nodes[0].generate(1)
last_blk = self.nodes[0].getblock(self.nodes[0].getbestblockhash())
tx.rehash()
assert (tx.hash in last_blk['tx'])
def test_sequence_lock_unconfirmed_inputs(self):
# Store height so we can easily reset the chain at the end of the test
cur_height = self.nodes[0].getblockcount()
# Create a mempool tx.
txid = self.nodes[0].sendtoaddress(self.nodes[0].getnewaddress(), 2)
tx1 = FromHex(CTransaction(), self.nodes[0].getrawtransaction(txid))
tx1.rehash()
# Anyone-can-spend mempool tx.
# Sequence lock of 0 should pass.
tx2 = CTransaction()
tx2.nVersion = 2
tx2.vin = [CTxIn(COutPoint(tx1.sha256, 0), nSequence=0)]
tx2.vout = [CTxOut(int(tx1.vout[0].nValue - self.relayfee*COIN), CScript([b'a']))]
tx2_raw = self.nodes[0].signrawtransactionwithwallet(ToHex(tx2))["hex"]
tx2 = FromHex(tx2, tx2_raw)
tx2.rehash()
self.nodes[0].sendrawtransaction(tx2_raw)
# Create a spend of the 0th output of orig_tx with a sequence lock
# of 1, and test what happens when submitting.
# orig_tx.vout[0] must be an anyone-can-spend output
def test_nonzero_locks(orig_tx, node, relayfee, use_height_lock):
sequence_value = 1
if not use_height_lock:
sequence_value |= SEQUENCE_LOCKTIME_TYPE_FLAG
tx = CTransaction()
tx.nVersion = 2
tx.vin = [CTxIn(COutPoint(orig_tx.sha256, 0), nSequence=sequence_value)]
tx.vout = [CTxOut(int(orig_tx.vout[0].nValue - relayfee * COIN), CScript([b'a' * 35]))]
tx.rehash()
if (orig_tx.hash in node.getrawmempool()):
# sendrawtransaction should fail if the tx is in the mempool
assert_raises_rpc_error(-26, NOT_FINAL_ERROR, node.sendrawtransaction, ToHex(tx))
else:
# sendrawtransaction should succeed if the tx is not in the mempool
node.sendrawtransaction(ToHex(tx))
return tx
test_nonzero_locks(tx2, self.nodes[0], self.relayfee, use_height_lock=True)
test_nonzero_locks(tx2, self.nodes[0], self.relayfee, use_height_lock=False)
# Now mine some blocks, but make sure tx2 doesn't get mined.
# Use prioritisetransaction to lower the effective feerate to 0
self.nodes[0].prioritisetransaction(txid=tx2.hash, fee_delta=int(-self.relayfee*COIN))
cur_time = int(time.time())
for i in range(10):
self.nodes[0].setmocktime(cur_time + 600)
self.nodes[0].generate(1)
cur_time += 600
assert tx2.hash in self.nodes[0].getrawmempool()
test_nonzero_locks(tx2, self.nodes[0], self.relayfee, use_height_lock=True)
test_nonzero_locks(tx2, self.nodes[0], self.relayfee, use_height_lock=False)
# Mine tx2, and then try again
self.nodes[0].prioritisetransaction(txid=tx2.hash, fee_delta=int(self.relayfee*COIN))
# Advance the time on the node so that we can test timelocks
self.nodes[0].setmocktime(cur_time+600)
self.nodes[0].generate(1)
assert tx2.hash not in self.nodes[0].getrawmempool()
# Now that tx2 is not in the mempool, a sequence locked spend should
# succeed
tx3 = test_nonzero_locks(tx2, self.nodes[0], self.relayfee, use_height_lock=False)
assert tx3.hash in self.nodes[0].getrawmempool()
self.nodes[0].generate(1)
assert tx3.hash not in self.nodes[0].getrawmempool()
# One more test, this time using height locks
tx4 = test_nonzero_locks(tx3, self.nodes[0], self.relayfee, use_height_lock=True)
assert tx4.hash in self.nodes[0].getrawmempool()
# Now try combining confirmed and unconfirmed inputs
tx5 = test_nonzero_locks(tx4, self.nodes[0], self.relayfee, use_height_lock=True)
assert tx5.hash not in self.nodes[0].getrawmempool()
utxos = self.nodes[0].listunspent()
tx5.vin.append(CTxIn(COutPoint(int(utxos[0]["txid"], 16), utxos[0]["vout"]), nSequence=1))
tx5.vout[0].nValue += int(utxos[0]["amount"]*COIN)
raw_tx5 = self.nodes[0].signrawtransactionwithwallet(ToHex(tx5))["hex"]
assert_raises_rpc_error(-26, NOT_FINAL_ERROR, self.nodes[0].sendrawtransaction, raw_tx5)
# Test mempool-BIP68 consistency after reorg
#
# State of the transactions in the last blocks:
# ... -> [ tx2 ] -> [ tx3 ]
# tip-1 tip
# And currently tx4 is in the mempool.
#
# If we invalidate the tip, tx3 should get added to the mempool, causing
# tx4 to be removed (fails sequence-lock).
self.nodes[0].invalidateblock(self.nodes[0].getbestblockhash())
assert tx4.hash not in self.nodes[0].getrawmempool()
assert tx3.hash in self.nodes[0].getrawmempool()
# Now mine 2 empty blocks to reorg out the current tip (labeled tip-1 in
# diagram above).
# This would cause tx2 to be added back to the mempool, which in turn causes
# tx3 to be removed.
tip = int(self.nodes[0].getblockhash(self.nodes[0].getblockcount()-1), 16)
height = self.nodes[0].getblockcount()
for i in range(2):
block = create_block(tip, create_coinbase(height), cur_time)
block.set_base_version(3)
block.rehash()
block.solve()
tip = block.sha256
height += 1
self.nodes[0].submitblock(ToHex(block))
cur_time += 1
mempool = self.nodes[0].getrawmempool()
assert tx3.hash not in mempool
assert tx2.hash in mempool
# Reset the chain and get rid of the mocktimed-blocks
self.nodes[0].setmocktime(0)
self.nodes[0].invalidateblock(self.nodes[0].getblockhash(cur_height+1))
self.nodes[0].generate(10)
def prepare_tx_signed_with_sighash(self, address_type,
sighash_rangeproof_aware,
attach_issuance):
# Create a tx that is signed with a specific version of the sighash
# method.
# If `sighash_rangeproof_aware` is
# true, the sighash will contain the rangeproofs if SIGHASH_RANGEPROOF is set
# false, the sighash will NOT contain the rangeproofs if SIGHASH_RANGEPROOF is set
addr = self.nodes[1].getnewaddress("", address_type)
assert len(self.nodes[1].getaddressinfo(addr)["confidential_key"]) > 0
self.nodes[0].sendtoaddress(addr, 1.0)
self.nodes[0].generate(1)
self.sync_all()
utxo = self.nodes[1].listunspent(1, 1, [addr])[0]
utxo_tx = FromHex(CTransaction(),
self.nodes[1].getrawtransaction(utxo["txid"]))
utxo_spk = CScript(hex_str_to_bytes(utxo["scriptPubKey"]))
utxo_value = utxo_tx.vout[utxo["vout"]].nValue
assert len(utxo["amountblinder"]) > 0
sink_addr = self.nodes[2].getnewaddress()
unsigned_hex = self.nodes[1].createrawtransaction([{
"txid": utxo["txid"],
"vout": utxo["vout"]
}], [{
sink_addr: 0.9
}, {
"fee": 0.1
}])
if attach_issuance:
# Attach a blinded issuance
unsigned_hex = self.nodes[1].rawissueasset(
unsigned_hex,
[{
"asset_amount": 100,
"asset_address": self.nodes[1].getnewaddress(),
"token_amount": 100,
"token_address": self.nodes[1].getnewaddress(),
"blind":
True, # FIXME: if blind=False, `blindrawtranaction` fails. Should fix this in a future PR
}])[0]["hex"]
blinded_hex = self.nodes[1].blindrawtransaction(unsigned_hex)
blinded_tx = FromHex(CTransaction(), blinded_hex)
signed_hex = self.nodes[1].signrawtransactionwithwallet(
blinded_hex)["hex"]
signed_tx = FromHex(CTransaction(), signed_hex)
# Make sure that the tx the node produced is always valid.
test_accept = self.nodes[0].testmempoolaccept([signed_hex])[0]
assert test_accept["allowed"], "not accepted: {}".format(
test_accept["reject-reason"])
# Prepare the keypair we need to re-sign the tx.
wif = self.nodes[1].dumpprivkey(addr)
(b, v) = base58_to_byte(wif)
privkey = ECKey()
privkey.set(b[0:32], len(b) == 33)
pubkey = privkey.get_pubkey()
# Now we need to replace the signature with an equivalent one with the new sighash set,
# which we do using the Python logic to detect any forking changes in the sighash format.
hashtype = SIGHASH_ALL | SIGHASH_RANGEPROOF
if address_type == "legacy":
if sighash_rangeproof_aware:
(sighash, _) = LegacySignatureHash(utxo_spk, blinded_tx, 0,
hashtype)
else:
(sighash,
_) = LegacySignatureHash(utxo_spk,
blinded_tx,
0,
hashtype,
enable_sighash_rangeproof=False)
signature = privkey.sign_ecdsa(sighash) + chr(hashtype).encode(
'latin-1')
assert len(signature) <= 0xfc
assert len(pubkey.get_bytes()) <= 0xfc
signed_tx.vin[0].scriptSig = CScript(
struct.pack("<B", len(signature)) + signature +
struct.pack("<B", len(pubkey.get_bytes())) +
pubkey.get_bytes())
elif address_type == "bech32" or address_type == "p2sh-segwit":
assert signed_tx.wit.vtxinwit[0].scriptWitness.stack[
1] == pubkey.get_bytes()
pubkeyhash = hash160(pubkey.get_bytes())
script = get_p2pkh_script(pubkeyhash)
if sighash_rangeproof_aware:
sighash = SegwitV0SignatureHash(script, blinded_tx, 0,
hashtype, utxo_value)
else:
sighash = SegwitV0SignatureHash(
script,
blinded_tx,
0,
hashtype,
utxo_value,
enable_sighash_rangeproof=False)
signature = privkey.sign_ecdsa(sighash) + chr(hashtype).encode(
'latin-1')
signed_tx.wit.vtxinwit[0].scriptWitness.stack[0] = signature
else:
assert False
# Make sure that the tx we manually signed is valid
signed_hex = signed_tx.serialize_with_witness().hex()
test_accept = self.nodes[0].testmempoolaccept([signed_hex])[0]
if sighash_rangeproof_aware:
assert test_accept["allowed"], "not accepted: {}".format(
test_accept["reject-reason"])
else:
assert not test_accept["allowed"], "tx was accepted"
if sighash_rangeproof_aware:
signed_hex = self.nodes[1].signrawtransactionwithwallet(
blinded_hex, [], "ALL|RANGEPROOF")["hex"]
signed_tx = FromHex(CTransaction(), signed_hex)
# Make sure that the tx that the node signed is valid
test_accept = self.nodes[0].testmempoolaccept([signed_hex])[0]
assert test_accept["allowed"], "not accepted: {}".format(
test_accept["reject-reason"])
# Try re-signing with node 0, which should have no effect since the transaction was already complete
signed_hex = self.nodes[0].signrawtransactionwithwallet(
signed_hex)["hex"]
test_accept = self.nodes[0].testmempoolaccept([signed_hex])[0]
assert test_accept["allowed"], "not accepted: {}".format(
test_accept["reject-reason"])
# Try signing using the PSBT interface
psbt_hex = self.nodes[0].converttopsbt(unsigned_hex)
signed_psbt = self.nodes[1].walletprocesspsbt(
psbt_hex, True, "ALL|RANGEPROOF")
extracted_tx = self.nodes[0].finalizepsbt(signed_psbt["psbt"])
assert extracted_tx["complete"]
test_accept = self.nodes[0].testmempoolaccept(
[extracted_tx["hex"]])[0]
assert test_accept["allowed"], "not accepted: {}".format(
test_accept["reject-reason"])
else:
signed_tx.rehash()
return signed_tx
def fund_and_test_wallet(scriptPubKey,
is_standard,
expected_in_std_wallet,
amount=10000,
spendfee=500,
nonstd_error="scriptpubkey",
sign_error=None):
"""
Get the nonstandard node to fund a transaction, test its
standardness by trying to broadcast on the standard node,
then mine it and see if it ended up in the standard node's wallet.
Finally, it attempts to spend the coin.
"""
self.log.info("Trying script {}".format(scriptPubKey.hex(), ))
# get nonstandard node to fund the script
tx = CTransaction()
tx.vout.append(CTxOut(max(amount, 10000), scriptPubKey))
rawtx = nonstd_node.fundrawtransaction(ToHex(tx), {
'lockUnspents': True,
'changePosition': 1
})['hex']
# fundrawtransaction doesn't like to fund dust outputs, so we
# have to manually override the amount.
FromHex(tx, rawtx)
tx.vout[0].nValue = min(amount, 10000)
rawtx = nonstd_node.signrawtransactionwithwallet(ToHex(tx))['hex']
# ensure signing process did not disturb scriptPubKey
signedtx = FromHex(CTransaction(), rawtx)
assert_equal(scriptPubKey, signedtx.vout[0].scriptPubKey)
txid = signedtx.rehash()
balance_initial = std_node.getbalance()
# try broadcasting it on the standard node
if is_standard:
std_node.sendrawtransaction(rawtx)
assert txid in std_node.getrawmempool()
else:
assert_raises_rpc_error(-26, nonstd_error,
std_node.sendrawtransaction, rawtx)
assert txid not in std_node.getrawmempool()
# make sure it's in nonstandard node's mempool, then mine it
nonstd_node.sendrawtransaction(rawtx)
assert txid in nonstd_node.getrawmempool()
[blockhash] = nonstd_node.generate(1)
# make sure it was mined
assert txid in nonstd_node.getblock(blockhash)["tx"]
self.sync_blocks()
wallet_outpoints = {(entry['txid'], entry['vout'])
for entry in std_node.listunspent()}
# calculate wallet balance change just as a double check
balance_change = std_node.getbalance() - balance_initial
if expected_in_std_wallet:
assert (txid, 0) in wallet_outpoints
assert balance_change == amount * SATOSHI
else:
assert (txid, 0) not in wallet_outpoints
assert balance_change == 0
# try spending the funds using the wallet.
outamount = (amount - spendfee) * SATOSHI
if outamount < 546 * SATOSHI:
# If the final amount would be too small, then just donate
# to miner fees.
outputs = [{"data": b"to miner, with love".hex()}]
else:
outputs = [{address_nonstd: outamount}]
spendtx = std_node.createrawtransaction([{
'txid': txid,
'vout': 0
}], outputs)
signresult = std_node.signrawtransactionwithwallet(spendtx)
if sign_error is None:
assert_equal(signresult['complete'], True)
txid = std_node.sendrawtransaction(signresult['hex'])
[blockhash] = std_node.generate(1)
# make sure it was mined
assert txid in std_node.getblock(blockhash)["tx"]
self.sync_blocks()
else:
assert_equal(signresult['complete'], False)
assert_equal(signresult['errors'][0]['error'], sign_error)
def run_test(self):
# create a p2p receiver
dspReceiver = P2PInterface()
self.nodes[0].add_p2p_connection(dspReceiver)
# workaround - nodes think they're in IBD unless one block is mined
self.nodes[0].generate(1)
self.sync_all()
# Disconnect the third node, will be used later for triple-spend
disconnect_nodes(self.nodes[1], self.nodes[2])
# Put fourth node (the non-dsproof-enabled node) with the connected group
# (we will check its log at the end to ensure it ignored dsproof inv's)
non_dsproof_node = self.nodes[3]
disconnect_nodes(self.nodes[2], non_dsproof_node)
connect_nodes(self.nodes[1], non_dsproof_node)
# Create and mine a regular non-coinbase transaction for spending
fundingtxid = self.nodes[0].getblock(self.nodes[0].getblockhash(1))['tx'][0]
fundingtx = FromHex(CTransaction(), self.nodes[0].getrawtransaction(fundingtxid))
# Create three conflicting transactions. They are only signed, but not yet submitted to the mempool
firstDSTx = create_raw_transaction(self.nodes[0], fundingtxid, self.nodes[0].getnewaddress(), 49.95)
secondDSTx = create_raw_transaction(self.nodes[0], fundingtxid, self.nodes[0].getnewaddress(), 49.95)
thirdDSTx = create_raw_transaction(self.nodes[0], fundingtxid, self.nodes[0].getnewaddress(), 49.95)
# Send the two conflicting transactions to the network
# Submit to two different nodes, because a node would simply reject
# a double spend submitted through RPC
firstDSTxId = self.nodes[0].sendrawtransaction(firstDSTx)
self.nodes[1].call_rpc('sendrawtransaction', secondDSTx, ignore_error='txn-mempool-conflict')
wait_until(
lambda: dspReceiver.message_count["dsproof-beta"] == 1,
lock=mininode_lock,
timeout=25
)
# 1. The DSP message is well-formed and contains all fields
# If the message arrived and was deserialized successfully, then 1. is satisfied
dsp = dspReceiver.last_message["dsproof-beta"].dsproof
dsps = set()
dsps.add(dsp.serialize())
# Check that it is valid, both spends are signed with the same key
# NB: pushData is made of the sig + one last byte for hashtype
pubkey = self.getpubkey()
sighash1 = getSighashes(dsp.getPrevOutput(), dsp.spender1, fundingtx)
sighash2 = getSighashes(dsp.getPrevOutput(), dsp.spender2, fundingtx)
assert(pubkey.verify_ecdsa(dsp.spender1.pushData[0][:-1], sighash1))
assert(pubkey.verify_ecdsa(dsp.spender2.pushData[0][:-1], sighash2))
# 2. For p2pkh these is exactly one pushdata per spender
assert_equal(1, len(dsp.spender1.pushData))
assert_equal(1, len(dsp.spender2.pushData))
# 3. The two spenders are different, specifically the signature (push data) has to be different.
assert(dsp.spender1.pushData != dsp.spender2.pushData)
# 4. The first & double spenders are sorted with two hashes as keys.
assert(dsp.spender1.hashOutputs < dsp.spender2.hashOutputs)
# 5. The double spent output is still available in the UTXO database,
# implying no spending transaction has been mined.
assert_equal(self.nodes[0].gettransaction(firstDSTxId)["confirmations"], 0)
# The original fundingtx is the same as the transaction being spent reported by the DSP
assert_equal(hex(dsp.prevTxId)[2:], fundingtxid)
assert_equal(dsp.prevOutIndex, 0)
# 6. No other valid proof is known.
# IE if a valid proof is known, no new proofs will be constructed
# We submit a _triple_ spend transaction to the third node
connect_nodes(self.nodes[0], self.nodes[2])
self.nodes[2].call_rpc('sendrawtransaction', thirdDSTx, ignore_error='txn-mempool-conflict')
# Await for a new dsp to be relayed to the node
# if such a dsp (or the double or triple spending tx) arrives, the test fails
assert_raises(
AssertionError,
wait_until,
lambda: dspReceiver.message_count["dsproof-beta"] == 2 or dspReceiver.message_count["tx"] == 2,
lock=mininode_lock,
timeout=5
)
# Only P2PKH inputs are protected
# Check that a non-P2PKH output is not protected
self.nodes[0].generate(1)
fundingtxid = self.nodes[0].getblock(self.nodes[0].getblockhash(2))['tx'][0]
fundingtx = FromHex(CTransaction(), self.nodes[0].getrawtransaction(fundingtxid))
fundingtx.rehash()
nonP2PKHTx = create_tx_with_script(fundingtx, 0, b'', int(49.95 * COIN), CScript([OP_TRUE]))
signedNonP2PKHTx = self.nodes[0].signrawtransactionwithwallet(ToHex(nonP2PKHTx))
self.nodes[0].sendrawtransaction(signedNonP2PKHTx['hex'])
self.sync_all()
tx = FromHex(CTransaction(), signedNonP2PKHTx['hex'])
tx.rehash()
firstDSTx = create_tx_with_script(tx, 0, b'', int(49.90 * COIN), CScript([OP_TRUE]))
secondDSTx = create_tx_with_script(tx, 0, b'', int(49.90 * COIN), CScript([OP_FALSE]))
self.nodes[0].sendrawtransaction(ToHex(firstDSTx))
self.nodes[1].call_rpc('sendrawtransaction', ToHex(secondDSTx), ignore_error='txn-mempool-conflict')
assert_raises(
AssertionError,
wait_until,
lambda: dspReceiver.message_count["dsproof-beta"] == 2,
lock=mininode_lock,
timeout=5
)
# Check that unconfirmed outputs are also protected
self.nodes[0].generate(1)
unconfirmedtx = self.nodes[0].sendtoaddress(self.nodes[0].getnewaddress(), 25)
self.sync_all()
firstDSTx = create_raw_transaction(self.nodes[0], unconfirmedtx, self.nodes[0].getnewaddress(), 24.9)
secondDSTx = create_raw_transaction(self.nodes[0], unconfirmedtx, self.nodes[0].getnewaddress(), 24.9)
self.nodes[0].sendrawtransaction(firstDSTx)
self.nodes[1].call_rpc('sendrawtransaction', secondDSTx, ignore_error='txn-mempool-conflict')
wait_until(
lambda: dspReceiver.message_count["dsproof-beta"] == 2,
lock=mininode_lock,
timeout=5
)
dsp2 = dspReceiver.last_message["dsproof-beta"].dsproof
dsps.add(dsp2.serialize())
assert(len(dsps) == 2)
# Check that a double spent tx, which has some non-P2PKH inputs
# in its ancestor, still results in a dsproof being emitted.
self.nodes[0].generate(1)
# Create a 1-of-2 multisig address which will be an in-mempool
# ancestor to a double-spent tx
pubkey0 = self.nodes[0].getaddressinfo(
self.nodes[0].getnewaddress())['pubkey']
pubkey1 = self.nodes[1].getaddressinfo(
self.nodes[1].getnewaddress())['pubkey']
p2sh = self.nodes[0].addmultisigaddress(1, [pubkey0, pubkey1], "")['address']
# Fund the p2sh address
fundingtxid = self.nodes[0].sendtoaddress(p2sh, 49)
vout = find_output(self.nodes[0], fundingtxid, Decimal('49'))
self.sync_all()
# Spend from the P2SH to a P2PKH, which we will double spend from
# in the next step.
p2pkh1 = self.nodes[0].getnewaddress()
rawtx1 = create_raw_transaction(self.nodes[0], fundingtxid, p2pkh1, 48.999, vout)
signed_tx1 = self.nodes[0].signrawtransactionwithwallet(rawtx1)
txid1 = self.nodes[0].sendrawtransaction(signed_tx1['hex'])
vout1 = find_output(self.nodes[0], txid1, Decimal('48.999'))
self.sync_all()
# Now double spend the P2PKH which has a P2SH ancestor.
firstDSTx = create_raw_transaction(self.nodes[0], txid1, self.nodes[0].getnewaddress(), 48.9, vout1)
secondDSTx = create_raw_transaction(self.nodes[0], txid1, self.nodes[1].getnewaddress(), 48.9, vout1)
self.nodes[0].sendrawtransaction(firstDSTx)
self.nodes[1].call_rpc('sendrawtransaction', secondDSTx, ignore_error='txn-mempool-conflict')
# We still get a dsproof, showing that not all ancestors have
# to be P2PKH.
wait_until(
lambda: dspReceiver.message_count["dsproof-beta"] == 3,
lock=mininode_lock,
timeout=5
)
dsp3 = dspReceiver.last_message["dsproof-beta"].dsproof
dsps.add(dsp3.serialize())
assert(len(dsps) == 3)
# Check that a double spent tx, which has some unconfirmed ANYONECANPAY
# transactions in its ancestry, still results in a dsproof being emitted.
self.nodes[0].generate(1)
fundingtxid = self.nodes[0].getblock(self.nodes[0].getblockhash(5))['tx'][0]
vout1 = find_output(self.nodes[0], fundingtxid, Decimal('50'))
addr = self.nodes[1].getnewaddress()
pubkey = self.nodes[1].getaddressinfo(addr)['pubkey']
inputs = [
{'txid': fundingtxid,
'vout': vout1, 'amount': 49.99,
'scriptPubKey': pubkey}
]
outputs = {addr: 49.99}
rawtx = self.nodes[0].createrawtransaction(inputs, outputs)
signed = self.nodes[0].signrawtransactionwithwallet(rawtx,
None,
"NONE|FORKID|ANYONECANPAY")
assert 'complete' in signed
assert_equal(signed['complete'], True)
assert 'errors' not in signed
txid = self.nodes[0].sendrawtransaction(signed['hex'])
self.sync_all()
# The ANYONECANPAY is still unconfirmed, but let's create some
# double spends from it.
vout2 = find_output(self.nodes[0], txid, Decimal('49.99'))
firstDSTx = create_raw_transaction(self.nodes[1], txid, self.nodes[0].getnewaddress(), 49.98, vout2)
secondDSTx = create_raw_transaction(self.nodes[1], txid, self.nodes[1].getnewaddress(), 49.98, vout2)
self.nodes[0].sendrawtransaction(firstDSTx)
self.nodes[1].call_rpc('sendrawtransaction', secondDSTx, ignore_error='txn-mempool-conflict')
# We get a dsproof.
wait_until(
lambda: dspReceiver.message_count["dsproof-beta"] == 4,
lock=mininode_lock,
timeout=5
)
dsp4 = dspReceiver.last_message["dsproof-beta"].dsproof
dsps.add(dsp4.serialize())
assert(len(dsps) == 4)
# Create a P2SH to double-spend directly (1-of-1 multisig)
self.nodes[0].generate(1)
self.sync_all()
pubkey2 = self.nodes[0].getaddressinfo(
self.nodes[0].getnewaddress())['pubkey']
p2sh = self.nodes[0].addmultisigaddress(1, [pubkey2,], "")['address']
fundingtxid = self.nodes[0].sendtoaddress(p2sh, 49)
vout = find_output(self.nodes[0], fundingtxid, Decimal('49'))
self.sync_all()
# Now double spend it
firstDSTx = create_raw_transaction(self.nodes[0], fundingtxid, self.nodes[0].getnewaddress(), 48.9, vout)
secondDSTx = create_raw_transaction(self.nodes[0], fundingtxid, self.nodes[1].getnewaddress(), 48.9, vout)
self.nodes[0].sendrawtransaction(firstDSTx)
self.nodes[1].call_rpc('sendrawtransaction', secondDSTx, ignore_error='txn-mempool-conflict')
# No dsproof is generated.
assert_raises(
AssertionError,
wait_until,
lambda: dspReceiver.message_count["dsproof-beta"] == 5,
lock=mininode_lock,
timeout=5
)
# Check end conditions - still only 4 DSPs
last_dsp = dspReceiver.last_message["dsproof-beta"].dsproof
dsps.add(last_dsp.serialize())
assert(len(dsps) == 4)
# Next, test that submitting a double-spend via the RPC interface also results in a broadcasted
# dsproof
self.nodes[0].generate(1)
self.sync_all()
fundingtxid = self.nodes[0].getblock(self.nodes[0].getblockhash(6))['tx'][0]
# Create 2 new double-spends
firstDSTx = create_raw_transaction(self.nodes[0], fundingtxid, self.nodes[0].getnewaddress(), 49.95)
secondDSTx = create_raw_transaction(self.nodes[0], fundingtxid, self.nodes[0].getnewaddress(), 49.95)
# Send the two conflicting transactions to the same node via RPC
assert_equal(dspReceiver.message_count["dsproof-beta"], 4)
self.nodes[0].sendrawtransaction(firstDSTx)
# send second tx to same node via RPC
# -- it's normal for it to reject the tx, but it should still generate a dsproof broadcast
assert_raises_rpc_error(
-26,
"txn-mempool-conflict (code 18)",
self.nodes[0].sendrawtransaction,
secondDSTx
)
wait_until(
lambda: dspReceiver.message_count["dsproof-beta"] == 5,
lock=mininode_lock,
timeout=5
)
# Finally, ensure that the non-dsproof node has the messages we expect in its log
# (this checks that dsproof was disabled for this node)
debug_log = os.path.join(non_dsproof_node.datadir, 'regtest', 'debug.log')
dsp_inv_ctr = 0
with open(debug_log, encoding='utf-8') as dl:
for line in dl.readlines():
if "Got DSProof INV" in line:
# Ensure that if this node did see a dsproof inv, it explicitly ignored it
assert "(ignored, -doublespendproof=0)" in line
dsp_inv_ctr += 1
else:
# Ensure this node is not processing dsproof messages and not requesting them via getdata
assert ("received: dsproof-beta" not in line and "Good DSP" not in line
and "DSP broadcasting" not in line and "bad-dsproof" not in line)
# We expect it to have received at least some DSP inv broadcasts
assert_greater_than(dsp_inv_ctr, 0)
def test_compactblock_construction(self, node, test_node):
# Generate a bunch of transactions.
node.generate(101)
num_transactions = 25
address = node.getnewaddress()
for i in range(num_transactions):
txid = node.sendtoaddress(address, 0.1)
hex_tx = node.gettransaction(txid)["hex"]
tx = FromHex(CTransaction(), hex_tx)
# Wait until we've seen the block announcement for the resulting tip
tip = int(node.getbestblockhash(), 16)
test_node.wait_for_block_announcement(tip)
# Make sure we will receive a fast-announce compact block
self.request_cb_announcements(test_node, node)
# Now mine a block, and look at the resulting compact block.
test_node.clear_block_announcement()
block_hash = int(node.generate(1)[0], 16)
# Store the raw block in our internal format.
block = FromHex(CBlock(),
node.getblock("{:064x}".format(block_hash), False))
for tx in block.vtx:
tx.calc_sha256()
block.rehash()
# Wait until the block was announced (via compact blocks)
wait_until(test_node.received_block_announcement,
timeout=30,
lock=mininode_lock)
# Now fetch and check the compact block
header_and_shortids = None
with mininode_lock:
assert "cmpctblock" in test_node.last_message
# Convert the on-the-wire representation to absolute indexes
header_and_shortids = HeaderAndShortIDs(
test_node.last_message["cmpctblock"].header_and_shortids)
self.check_compactblock_construction_from_block(
header_and_shortids, block_hash, block)
# Now fetch the compact block using a normal non-announce getdata
test_node.clear_block_announcement()
inv = CInv(MSG_CMPCT_BLOCK, block_hash)
test_node.send_message(msg_getdata([inv]))
wait_until(test_node.received_block_announcement,
timeout=30,
lock=mininode_lock)
# Now fetch and check the compact block
header_and_shortids = None
with mininode_lock:
assert "cmpctblock" in test_node.last_message
# Convert the on-the-wire representation to absolute indexes
header_and_shortids = HeaderAndShortIDs(
test_node.last_message["cmpctblock"].header_and_shortids)
self.check_compactblock_construction_from_block(
header_and_shortids, block_hash, block)
def prepare_tx_signed_with_sighash(self, address_type,
sighash_rangeproof_aware):
# Create a tx that is signed with a specific version of the sighash
# method.
# If `sighash_rangeproof_aware` is
# true, the sighash will contain the rangeproofs if SIGHASH_RANGEPROOF is set
# false, the sighash will NOT contain the rangeproofs if SIGHASH_RANGEPROOF is set
addr = self.nodes[1].getnewaddress("", address_type)
assert len(self.nodes[1].getaddressinfo(addr)["confidential_key"]) > 0
self.nodes[0].sendtoaddress(addr, 1.0)
self.nodes[0].generate(1)
self.sync_all()
utxo = self.nodes[1].listunspent(1, 1, [addr])[0]
utxo_tx = FromHex(CTransaction(),
self.nodes[1].getrawtransaction(utxo["txid"]))
utxo_spk = CScript(hex_str_to_bytes(utxo["scriptPubKey"]))
utxo_value = utxo_tx.vout[utxo["vout"]].nValue
assert len(utxo["amountblinder"]) > 0
sink_addr = self.nodes[2].getnewaddress()
unsigned_hex = self.nodes[1].createrawtransaction([{
"txid": utxo["txid"],
"vout": utxo["vout"]
}], {
sink_addr: 0.9,
"fee": 0.1
})
blinded_hex = self.nodes[1].blindrawtransaction(unsigned_hex)
blinded_tx = FromHex(CTransaction(), blinded_hex)
signed_hex = self.nodes[1].signrawtransactionwithwallet(
blinded_hex)["hex"]
signed_tx = FromHex(CTransaction(), signed_hex)
# Make sure that the tx the node produced is always valid.
test_accept = self.nodes[0].testmempoolaccept([signed_hex])[0]
assert test_accept["allowed"], "not accepted: {}".format(
test_accept["reject-reason"])
# Prepare the keypair we need to re-sign the tx.
wif = self.nodes[1].dumpprivkey(addr)
(b, v) = base58_to_byte(wif)
privkey = ECKey()
privkey.set(b[0:32], len(b) == 33)
pubkey = privkey.get_pubkey()
# Now we need to replace the signature with an equivalent one with the new sighash set.
hashtype = SIGHASH_ALL | SIGHASH_RANGEPROOF
if address_type == "legacy":
if sighash_rangeproof_aware:
(sighash, _) = LegacySignatureHash(utxo_spk, blinded_tx, 0,
hashtype)
else:
(sighash,
_) = LegacySignatureHash(utxo_spk,
blinded_tx,
0,
hashtype,
enable_sighash_rangeproof=False)
signature = privkey.sign_ecdsa(sighash) + chr(hashtype).encode(
'latin-1')
assert len(signature) <= 0xfc
assert len(pubkey.get_bytes()) <= 0xfc
signed_tx.vin[0].scriptSig = CScript(
struct.pack("<B", len(signature)) + signature +
struct.pack("<B", len(pubkey.get_bytes())) +
pubkey.get_bytes())
elif address_type == "bech32" or address_type == "p2sh-segwit":
assert signed_tx.wit.vtxinwit[0].scriptWitness.stack[
1] == pubkey.get_bytes()
pubkeyhash = hash160(pubkey.get_bytes())
script = get_p2pkh_script(pubkeyhash)
if sighash_rangeproof_aware:
sighash = SegwitV0SignatureHash(script, blinded_tx, 0,
hashtype, utxo_value)
else:
sighash = SegwitV0SignatureHash(
script,
blinded_tx,
0,
hashtype,
utxo_value,
enable_sighash_rangeproof=False)
signature = privkey.sign_ecdsa(sighash) + chr(hashtype).encode(
'latin-1')
signed_tx.wit.vtxinwit[0].scriptWitness.stack[0] = signature
else:
assert False
signed_tx.rehash()
return signed_tx
def fund_and_test_wallet(scriptPubKey, shouldBeStandard, shouldBeInWallet, amount=10000, spendfee=500, nonstd_error="scriptpubkey (code 64)"):
""" Get the nonstandard node to fund a transaction, test its
standardness by trying to broadcast on the standard node, then
mine it and see if it ended up in the standard node's wallet.
Finally, it attempts to spend the coin.
"""
self.log.info("Trying script {}".format(scriptPubKey.hex(),))
# get nonstandard node to fund the script
tx = CTransaction()
tx.vout.append(CTxOut(max(amount, 10000), scriptPubKey))
rawtx = nonstd_node.fundrawtransaction(
ToHex(tx), {'lockUnspents': True, 'changePosition': 1})['hex']
# fundrawtransaction doesn't like to fund dust outputs, so we
# have to manually override the amount.
FromHex(tx, rawtx)
tx.vout[0].nValue = min(amount, 10000)
rawtx = nonstd_node.signrawtransactionwithwallet(ToHex(tx))['hex']
# ensure signing process did not disturb scriptPubKey
signedtx = FromHex(CTransaction(), rawtx)
assert_equal(scriptPubKey, signedtx.vout[0].scriptPubKey)
txid = signedtx.rehash()
balance_initial = std_node.getbalance()
# try broadcasting it on the standard node
if shouldBeStandard:
std_node.sendrawtransaction(rawtx)
assert txid in std_node.getrawmempool()
else:
assert_raises_rpc_error(-26, nonstd_error,
std_node.sendrawtransaction, rawtx)
assert txid not in std_node.getrawmempool()
# make sure it's in nonstandard node's mempool, then mine it
nonstd_node.sendrawtransaction(rawtx)
assert txid in nonstd_node.getrawmempool()
[blockhash] = nonstd_node.generate(1)
# make sure it was mined
assert txid in nonstd_node.getblock(blockhash)["tx"]
sync_blocks(self.nodes)
wallet_outpoints = {(entry['txid'], entry['vout'])
for entry in std_node.listunspent()}
# calculate wallet balance change just as a double check
balance_change = std_node.getbalance() - balance_initial
# try spending the funds using the wallet.
outamount = (amount - spendfee) * SATOSHI
if outamount < 546 * SATOSHI:
# If the final amount would be too small, then just donate
# to miner fees.
outputs = [{"data": b"to miner, with love".hex()}]
else:
outputs = [{address_nonstd: outamount}]
spendtx = std_node.createrawtransaction(
[{'txid': txid, 'vout': 0}], outputs)
signresult = std_node.signrawtransactionwithwallet(spendtx)
if shouldBeInWallet:
assert (txid, 0) in wallet_outpoints
assert balance_change == amount * SATOSHI
assert_equal(signresult['complete'], True)
txid = std_node.sendrawtransaction(signresult['hex'])
[blockhash] = std_node.generate(1)
# make sure it was mined
assert txid in std_node.getblock(blockhash)["tx"]
sync_blocks(self.nodes)
else:
assert (txid, 0) not in wallet_outpoints
assert balance_change == 0
# signresult['errors'] will vary depending on input script. What
# occurs is that in sign.cpp, ProduceSignature gets back
# solved=false since SignStep sees a nonstandard input. Then,
# an empty SignatureData results. Back in rawtransaction.cpp's
# SignTransaction, it will then attempt to execute the
# scriptPubKey with an empty scriptSig. A P2PKH script will thus
# fail at OP_DUP with stack error, and P2PK/Multisig will fail
# once they hit a nonminimal push. The error message is just an
# artifact of the script type, basically.
assert_equal(signresult['complete'], False)
def test_compactblock_construction(self, node, test_node,
use_witness_address):
# Generate a bunch of transactions.
node.generate(101)
num_transactions = 25
address = node.getnewaddress()
segwit_tx_generated = False
if use_witness_address:
# Want at least one segwit spend, so move some funds to
# a witness address.
address = node.addwitnessaddress(address)
value_to_send = 1000
segwit_txid = node.sendtoaddress(address,
satoshi_round(value_to_send))
segwit_tx = node.getrawtransaction(segwit_txid, 1)
vout = next(
filter(lambda vout: int(vout['value']) == 1000,
segwit_tx['vout']))
node.generate(1)
segwit_spend_txid = node.sendtypeto(
'', '', [{
'address': address,
'amount': 0.1
}], '', '', False,
{'inputs': [{
'tx': segwit_txid,
'n': vout['n']
}]})
segwit_spend_tx = node.gettransaction(segwit_spend_txid)
segwit_spend = FromHex(CTransaction(), segwit_spend_tx["hex"])
if not segwit_spend.wit.is_null():
segwit_tx_generated = True
num_transactions -= 1
for i in range(num_transactions):
node.sendtoaddress(address, 0.1)
if use_witness_address:
assert segwit_tx_generated # check that our test is not broken
# Wait until we've seen the block announcement for the resulting tip
tip = int(node.getbestblockhash(), 16)
test_node.wait_for_block_announcement(tip)
# Make sure we will receive a fast-announce compact block
self.request_cb_announcements(test_node, node)
# Now mine a block, and look at the resulting compact block.
test_node.clear_block_announcement()
block_hash = int(node.generate(1)[0], 16)
# Store the raw block in our internal format.
block = FromHex(CBlock(), node.getblock("%02x" % block_hash, False))
for tx in block.vtx:
tx.calc_sha256()
block.rehash()
# Wait until the block was announced (via compact blocks)
wait_until(test_node.received_block_announcement,
timeout=30,
lock=mininode_lock)
# Now fetch and check the compact block
header_and_shortids = None
with mininode_lock:
assert_in("cmpctblock", test_node.last_message)
# Convert the on-the-wire representation to absolute indexes
header_and_shortids = HeaderAndShortIDs(
test_node.last_message["cmpctblock"].header_and_shortids)
self.check_compactblock_construction_from_block(
header_and_shortids, block_hash, block)
# Now fetch the compact block using a normal non-announce getdata
with mininode_lock:
test_node.clear_block_announcement()
inv = CInv(4, block_hash) # 4 == "CompactBlock"
test_node.send_message(msg_getdata([inv]))
wait_until(test_node.received_block_announcement,
timeout=30,
lock=mininode_lock)
# Now fetch and check the compact block
header_and_shortids = None
with mininode_lock:
assert "cmpctblock" in test_node.last_message
# Convert the on-the-wire representation to absolute indexes
header_and_shortids = HeaderAndShortIDs(
test_node.last_message["cmpctblock"].header_and_shortids)
self.check_compactblock_construction_from_block(
header_and_shortids, block_hash, block)
def test_sequence_lock_unconfirmed_inputs(self):
# Store height so we can easily reset the chain at the end of the test
cur_height = self.nodes[0].getblockcount()
# Create a mempool tx.
txid = self.nodes[0].sendtoaddress(self.nodes[0].getnewaddress(), 2)
tx1 = FromHex(CTransaction(), self.nodes[0].getrawtransaction(txid))
tx1.rehash()
# Anyone-can-spend mempool tx.
# Sequence lock of 0 should pass.
tx2 = CTransaction()
tx2.nVersion = 2
tx2.vin = [CTxIn(COutPoint(tx1.sha256, 0), nSequence=0)]
tx2.vout = [
CTxOut(int(tx1.vout[0].nValue - self.relayfee * COIN),
CScript([b'a']))
]
tx2_raw = self.nodes[0].signrawtransactionwithwallet(ToHex(tx2))["hex"]
tx2 = FromHex(tx2, tx2_raw)
tx2.rehash()
self.nodes[0].sendrawtransaction(tx2_raw)
# Create a spend of the 0th output of orig_tx with a sequence lock
# of 1, and test what happens when submitting.
# orig_tx.vout[0] must be an anyone-can-spend output
def test_nonzero_locks(orig_tx, node, relayfee, use_height_lock):
sequence_value = 1
if not use_height_lock:
sequence_value |= SEQUENCE_LOCKTIME_TYPE_FLAG
tx = CTransaction()
tx.nVersion = 2
tx.vin = [
CTxIn(COutPoint(orig_tx.sha256, 0), nSequence=sequence_value)
]
tx.vout = [
CTxOut(int(orig_tx.vout[0].nValue - relayfee * COIN),
CScript([b'a' * 35]))
]
tx.rehash()
if (orig_tx.hash in node.getrawmempool()):
# sendrawtransaction should fail if the tx is in the mempool
assert_raises_rpc_error(-26, NOT_FINAL_ERROR,
node.sendrawtransaction, ToHex(tx))
else:
# sendrawtransaction should succeed if the tx is not in the mempool
node.sendrawtransaction(ToHex(tx))
return tx
test_nonzero_locks(tx2,
self.nodes[0],
self.relayfee,
use_height_lock=True)
test_nonzero_locks(tx2,
self.nodes[0],
self.relayfee,
use_height_lock=False)
# Now mine some blocks, but make sure tx2 doesn't get mined.
# Use prioritisetransaction to lower the effective feerate to 0
self.nodes[0].prioritisetransaction(txid=tx2.hash,
fee_delta=int(-self.relayfee *
COIN))
cur_time = int(time.time())
for i in range(10):
self.nodes[0].setmocktime(cur_time + 600)
self.nodes[0].generate(1)
cur_time += 600
assert tx2.hash in self.nodes[0].getrawmempool()
test_nonzero_locks(tx2,
self.nodes[0],
self.relayfee,
use_height_lock=True)
test_nonzero_locks(tx2,
self.nodes[0],
self.relayfee,
use_height_lock=False)
# Mine tx2, and then try again
self.nodes[0].prioritisetransaction(txid=tx2.hash,
fee_delta=int(self.relayfee *
COIN))
# Advance the time on the node so that we can test timelocks
self.nodes[0].setmocktime(cur_time + 600)
self.nodes[0].generate(1)
assert tx2.hash not in self.nodes[0].getrawmempool()
# Now that tx2 is not in the mempool, a sequence locked spend should
# succeed
tx3 = test_nonzero_locks(tx2,
self.nodes[0],
self.relayfee,
use_height_lock=False)
assert tx3.hash in self.nodes[0].getrawmempool()
self.nodes[0].generate(1)
assert tx3.hash not in self.nodes[0].getrawmempool()
# One more test, this time using height locks
tx4 = test_nonzero_locks(tx3,
self.nodes[0],
self.relayfee,
use_height_lock=True)
assert tx4.hash in self.nodes[0].getrawmempool()
# Now try combining confirmed and unconfirmed inputs
tx5 = test_nonzero_locks(tx4,
self.nodes[0],
self.relayfee,
use_height_lock=True)
assert tx5.hash not in self.nodes[0].getrawmempool()
utxos = self.nodes[0].listunspent()
tx5.vin.append(
CTxIn(COutPoint(int(utxos[0]["txid"], 16), utxos[0]["vout"]),
nSequence=1))
tx5.vout[0].nValue += int(utxos[0]["amount"] * COIN)
raw_tx5 = self.nodes[0].signrawtransactionwithwallet(ToHex(tx5))["hex"]
assert_raises_rpc_error(-26, NOT_FINAL_ERROR,
self.nodes[0].sendrawtransaction, raw_tx5)
# Test mempool-BIP68 consistency after reorg
#
# State of the transactions in the last blocks:
# ... -> [ tx2 ] -> [ tx3 ]
# tip-1 tip
# And currently tx4 is in the mempool.
#
# If we invalidate the tip, tx3 should get added to the mempool, causing
# tx4 to be removed (fails sequence-lock).
self.nodes[0].invalidateblock(self.nodes[0].getbestblockhash())
assert tx4.hash not in self.nodes[0].getrawmempool()
assert tx3.hash in self.nodes[0].getrawmempool()
# Now mine 2 empty blocks to reorg out the current tip (labeled tip-1 in
# diagram above).
# This would cause tx2 to be added back to the mempool, which in turn causes
# tx3 to be removed.
tip = int(
self.nodes[0].getblockhash(self.nodes[0].getblockcount() - 1), 16)
height = self.nodes[0].getblockcount()
for i in range(2):
block = create_block(tip, create_coinbase(height), cur_time)
block.nVersion = 3
block.rehash()
block.solve()
tip = block.sha256
height += 1
self.nodes[0].submitblock(ToHex(block))
cur_time += 1
mempool = self.nodes[0].getrawmempool()
assert tx3.hash not in mempool
assert tx2.hash in mempool
# Reset the chain and get rid of the mocktimed-blocks
self.nodes[0].setmocktime(0)
self.nodes[0].invalidateblock(self.nodes[0].getblockhash(cur_height +
1))
self.nodes[0].generate(10)
# Wait until we've seen the block announcement for the resulting tip
tip = int(node.getbestblockhash(), 16)
test_node.wait_for_block_announcement(tip)
# Make sure we will receive a fast-announce compact block
self.request_cb_announcements(test_node)
# Now mine a block, and look at the resulting compact block.
test_node.clear_block_announcement()
block_hash = int(node.generate(1)[0], 16)
# Store the raw block in our internal format.
block = FromHex(CBlock(), node.getblock("%02x" % block_hash, False))
for tx in block.vtx:
tx.calc_sha256()
block.rehash()
# Wait until the block was announced (via compact blocks)
wait_until(test_node.received_block_announcement, timeout=30, lock=mininode_lock)
# Now fetch and check the compact block
header_and_shortids = None
with mininode_lock:
assert "cmpctblock" in test_node.last_message
# Convert the on-the-wire representation to absolute indexes
header_and_shortids = HeaderAndShortIDs(test_node.last_message["cmpctblock"].header_and_shortids)
self.check_compactblock_construction_from_block(version, header_and_shortids, block_hash, block)
# Now fetch the compact block using a normal non-announce getdata
with mininode_lock:
test_node.clear_block_announcement()
def test_compactblock_construction(self, node, test_node, version, use_witness_address):
# Generate a bunch of transactions.
node.generate(101)
num_transactions = 25
address = node.getnewaddress()
if use_witness_address:
# Want at least one segwit spend, so move all funds to
# a witness address.
address = node.addwitnessaddress(address)
value_to_send = node.getbalance()
node.sendtoaddress(address, satoshi_round(value_to_send-Decimal(0.1)))
node.generate(1)
segwit_tx_generated = False
for i in range(num_transactions):
txid = node.sendtoaddress(address, 0.1)
hex_tx = node.gettransaction(txid)["hex"]
tx = FromHex(CTransaction(), hex_tx)
if not tx.wit.is_null():
segwit_tx_generated = True
if use_witness_address:
assert(segwit_tx_generated) # check that our test is not broken
# Wait until we've seen the block announcement for the resulting tip
tip = int(node.getbestblockhash(), 16)
test_node.wait_for_block_announcement(tip)
# Make sure we will receive a fast-announce compact block
self.request_cb_announcements(test_node, node, version)
# Now mine a block, and look at the resulting compact block.
test_node.clear_block_announcement()
block_hash = int(node.generate(1)[0], 16)
# Store the raw block in our internal format.
block = FromHex(CBlock(), node.getblock("%02x" % block_hash, False))
for tx in block.vtx:
tx.calc_sha256()
block.rehash()
# Wait until the block was announced (via compact blocks)
wait_until(test_node.received_block_announcement, timeout=30, lock=mininode_lock)
# Now fetch and check the compact block
header_and_shortids = None
with mininode_lock:
assert("cmpctblock" in test_node.last_message)
# Convert the on-the-wire representation to absolute indexes
header_and_shortids = HeaderAndShortIDs(test_node.last_message["cmpctblock"].header_and_shortids)
self.check_compactblock_construction_from_block(version, header_and_shortids, block_hash, block)
# Now fetch the compact block using a normal non-announce getdata
with mininode_lock:
test_node.clear_block_announcement()
inv = CInv(4, block_hash) # 4 == "CompactBlock"
test_node.send_message(msg_getdata([inv]))
wait_until(test_node.received_block_announcement, timeout=30, lock=mininode_lock)
# Now fetch and check the compact block
header_and_shortids = None
with mininode_lock:
assert("cmpctblock" in test_node.last_message)
# Convert the on-the-wire representation to absolute indexes
header_and_shortids = HeaderAndShortIDs(test_node.last_message["cmpctblock"].header_and_shortids)
self.check_compactblock_construction_from_block(version, header_and_shortids, block_hash, block)
def test_sequence_lock_unconfirmed_inputs(self):
# Store height so we can easily reset the chain at the end of the test
cur_height = self.nodes[0].getblockcount()
# Create a mempool tx.
txid = self.nodes[0].sendtoaddress(self.nodes[0].getnewaddress(),
2000000)
tx1 = FromHex(CTransaction(), self.nodes[0].getrawtransaction(txid))
tx1.rehash()
# As the fees are calculated prior to the transaction being signed,
# there is some uncertainty that calculate fee provides the correct
# minimal fee. Since regtest coins are free, let's go ahead and
# increase the fee by an order of magnitude to ensure this test
# passes.
fee_multiplier = 10
# Anyone-can-spend mempool tx.
# Sequence lock of 0 should pass.
tx2 = CTransaction()
tx2.nVersion = 2
tx2.vin = [CTxIn(COutPoint(tx1.sha256, 0), nSequence=0)]
tx2.vout = [CTxOut(int(0), CScript([b'a']))]
tx2.vout[0].nValue = tx1.vout[0].nValue - \
fee_multiplier * self.nodes[0].calculate_fee(tx2)
tx2_raw = self.nodes[0].signrawtransactionwithwallet(ToHex(tx2))["hex"]
tx2 = FromHex(tx2, tx2_raw)
tx2.rehash()
self.nodes[0].sendrawtransaction(tx2_raw)
# Create a spend of the 0th output of orig_tx with a sequence lock
# of 1, and test what happens when submitting.
# orig_tx.vout[0] must be an anyone-can-spend output
def test_nonzero_locks(orig_tx, node, use_height_lock):
sequence_value = 1
if not use_height_lock:
sequence_value |= SEQUENCE_LOCKTIME_TYPE_FLAG
tx = CTransaction()
tx.nVersion = 2
tx.vin = [
CTxIn(COutPoint(orig_tx.sha256, 0), nSequence=sequence_value)
]
tx.vout = [
CTxOut(
int(orig_tx.vout[0].nValue -
fee_multiplier * node.calculate_fee(tx)),
CScript([b'a']))
]
pad_tx(tx)
tx.rehash()
if (orig_tx.hash in node.getrawmempool()):
# sendrawtransaction should fail if the tx is in the mempool
assert_raises_rpc_error(-26, NOT_FINAL_ERROR,
node.sendrawtransaction, ToHex(tx))
else:
# sendrawtransaction should succeed if the tx is not in the
# mempool
node.sendrawtransaction(ToHex(tx))
return tx
test_nonzero_locks(tx2, self.nodes[0], use_height_lock=True)
test_nonzero_locks(tx2, self.nodes[0], use_height_lock=False)
# Now mine some blocks, but make sure tx2 doesn't get mined.
# Use prioritisetransaction to lower the effective feerate to 0
self.nodes[0].prioritisetransaction(txid=tx2.hash,
fee_delta=-fee_multiplier *
self.nodes[0].calculate_fee(tx2))
cur_time = int(time.time())
for _ in range(10):
self.nodes[0].setmocktime(cur_time + 600)
self.nodes[0].generate(1)
cur_time += 600
assert tx2.hash in self.nodes[0].getrawmempool()
test_nonzero_locks(tx2, self.nodes[0], use_height_lock=True)
test_nonzero_locks(tx2, self.nodes[0], use_height_lock=False)
# Mine tx2, and then try again
self.nodes[0].prioritisetransaction(txid=tx2.hash,
fee_delta=fee_multiplier *
self.nodes[0].calculate_fee(tx2))
# Advance the time on the node so that we can test timelocks
self.nodes[0].setmocktime(cur_time + 600)
# Save block template now to use for the reorg later
tmpl = self.nodes[0].getblocktemplate()
self.nodes[0].generate(1)
assert tx2.hash not in self.nodes[0].getrawmempool()
# Now that tx2 is not in the mempool, a sequence locked spend should
# succeed
tx3 = test_nonzero_locks(tx2, self.nodes[0], use_height_lock=False)
assert tx3.hash in self.nodes[0].getrawmempool()
self.nodes[0].generate(1)
assert tx3.hash not in self.nodes[0].getrawmempool()
# One more test, this time using height locks
tx4 = test_nonzero_locks(tx3, self.nodes[0], use_height_lock=True)
assert tx4.hash in self.nodes[0].getrawmempool()
# Now try combining confirmed and unconfirmed inputs
tx5 = test_nonzero_locks(tx4, self.nodes[0], use_height_lock=True)
assert tx5.hash not in self.nodes[0].getrawmempool()
utxos = self.nodes[0].listunspent()
tx5.vin.append(
CTxIn(COutPoint(int(utxos[0]["txid"], 16), utxos[0]["vout"]),
nSequence=1))
tx5.vout[0].nValue += int(utxos[0]["amount"] * XEC)
raw_tx5 = self.nodes[0].signrawtransactionwithwallet(ToHex(tx5))["hex"]
assert_raises_rpc_error(-26, NOT_FINAL_ERROR,
self.nodes[0].sendrawtransaction, raw_tx5)
# Test mempool-BIP68 consistency after reorg
#
# State of the transactions in the last blocks:
# ... -> [ tx2 ] -> [ tx3 ]
# tip-1 tip
# And currently tx4 is in the mempool.
#
# If we invalidate the tip, tx3 should get added to the mempool, causing
# tx4 to be removed (fails sequence-lock).
self.nodes[0].invalidateblock(self.nodes[0].getbestblockhash())
assert tx4.hash not in self.nodes[0].getrawmempool()
assert tx3.hash in self.nodes[0].getrawmempool()
# Now mine 2 empty blocks to reorg out the current tip (labeled tip-1 in
# diagram above).
# This would cause tx2 to be added back to the mempool, which in turn causes
# tx3 to be removed.
for i in range(2):
block = create_block(tmpl=tmpl, ntime=cur_time)
block.rehash()
block.solve()
tip = block.sha256
assert_equal(None if i == 1 else 'inconclusive',
self.nodes[0].submitblock(ToHex(block)))
tmpl = self.nodes[0].getblocktemplate()
tmpl['previousblockhash'] = f"{tip:x}"
tmpl['transactions'] = []
cur_time += 1
mempool = self.nodes[0].getrawmempool()
assert tx3.hash not in mempool
assert tx2.hash in mempool
# Reset the chain and get rid of the mocktimed-blocks
self.nodes[0].setmocktime(0)
self.nodes[0].invalidateblock(self.nodes[0].getblockhash(cur_height +
1))
self.nodes[0].generate(10)
