def main():
parser = get_sendpayment_parser()
(options, args) = parser.parse_args()
load_program_config(config_path=options.datadir)
if options.schedule == '':
if ((len(args) < 2) or (btc.is_bip21_uri(args[1]) and len(args) != 2)
or (not btc.is_bip21_uri(args[1]) and len(args) != 3)):
parser.error(
"Joinmarket sendpayment (coinjoin) needs arguments:"
" wallet, amount, destination address or wallet, bitcoin_uri.")
sys.exit(EXIT_ARGERROR)
#without schedule file option, use the arguments to create a schedule
#of a single transaction
sweeping = False
bip78url = None
if options.schedule == '':
if btc.is_bip21_uri(args[1]):
parsed = btc.decode_bip21_uri(args[1])
try:
amount = parsed['amount']
except KeyError:
parser.error("Given BIP21 URI does not contain amount.")
sys.exit(EXIT_ARGERROR)
destaddr = parsed['address']
if "pj" in parsed:
# note that this is a URL; its validity
# checking is deferred to twisted.web.client.Agent
bip78url = parsed["pj"]
# setting makercount only for fee sanity check.
# note we ignore any user setting and enforce N=0,
# as this is a flag in the code for a non-JM coinjoin;
# for the fee sanity check, note that BIP78 currently
# will only allow small fee changes, so N=0 won't
# be very inaccurate.
jmprint("Attempting to pay via payjoin.", "info")
options.makercount = 0
else:
amount = btc.amount_to_sat(args[1])
if amount == 0:
sweeping = True
destaddr = args[2]
mixdepth = options.mixdepth
addr_valid, errormsg = validate_address(destaddr)
command_to_burn = (is_burn_destination(destaddr) and sweeping
and options.makercount == 0)
if not addr_valid and not command_to_burn:
jmprint('ERROR: Address invalid. ' + errormsg, "error")
if is_burn_destination(destaddr):
jmprint(
"The required options for burning coins are zero makers" +
" (-N 0), sweeping (amount = 0) and not using BIP78 Payjoin",
"info")
sys.exit(EXIT_ARGERROR)
if sweeping == False and amount < DUST_THRESHOLD:
jmprint(
'ERROR: Amount ' + btc.amount_to_str(amount) +
' is below dust threshold ' +
btc.amount_to_str(DUST_THRESHOLD) + '.', "error")
sys.exit(EXIT_ARGERROR)
if (options.makercount != 0
and options.makercount < jm_single().config.getint(
"POLICY", "minimum_makers")):
jmprint(
'ERROR: Maker count ' + str(options.makercount) +
' below minimum_makers (' +
str(jm_single().config.getint("POLICY", "minimum_makers")) +
') in joinmarket.cfg.', "error")
sys.exit(EXIT_ARGERROR)
schedule = [[
options.mixdepth, amount, options.makercount, destaddr, 0.0,
NO_ROUNDING, 0
]]
else:
if len(args) > 1:
parser.error("Schedule files are not compatible with "
"payment destination/amount arguments.")
sys.exit(EXIT_ARGERROR)
result, schedule = get_schedule(options.schedule)
if not result:
log.error(
"Failed to load schedule file, quitting. Check the syntax.")
log.error("Error was: " + str(schedule))
sys.exit(EXIT_FAILURE)
mixdepth = 0
for s in schedule:
if s[1] == 0:
sweeping = True
#only used for checking the maximum mixdepth required
mixdepth = max([mixdepth, s[0]])
wallet_name = args[0]
check_regtest()
if options.pickorders:
chooseOrdersFunc = pick_order
if sweeping:
jmprint('WARNING: You may have to pick offers multiple times',
"warning")
jmprint('WARNING: due to manual offer picking while sweeping',
"warning")
else:
chooseOrdersFunc = options.order_choose_fn
# If tx_fees are set manually by CLI argument, override joinmarket.cfg:
if int(options.txfee) > 0:
jm_single().config.set("POLICY", "tx_fees", str(options.txfee))
maxcjfee = (1, float('inf'))
if not options.pickorders and options.makercount != 0:
maxcjfee = get_max_cj_fee_values(jm_single().config, options)
log.info("Using maximum coinjoin fee limits per maker of {:.4%}, {} "
"".format(maxcjfee[0], btc.amount_to_str(maxcjfee[1])))
log.info('starting sendpayment')
max_mix_depth = max([mixdepth, options.amtmixdepths - 1])
wallet_path = get_wallet_path(wallet_name, None)
wallet = open_test_wallet_maybe(
wallet_path,
wallet_name,
max_mix_depth,
wallet_password_stdin=options.wallet_password_stdin,
gap_limit=options.gaplimit)
wallet_service = WalletService(wallet)
if wallet_service.rpc_error:
sys.exit(EXIT_FAILURE)
# in this script, we need the wallet synced before
# logic processing for some paths, so do it now:
while not wallet_service.synced:
wallet_service.sync_wallet(fast=not options.recoversync)
# the sync call here will now be a no-op:
wallet_service.startService()
# Dynamically estimate a realistic fee, for coinjoins.
# At this point we do not know even the number of our own inputs, so
# we guess conservatively with 2 inputs and 2 outputs each.
if options.makercount != 0:
fee_per_cp_guess = estimate_tx_fee(2,
2,
txtype=wallet_service.get_txtype())
log.debug("Estimated miner/tx fee for each cj participant: " +
btc.amount_to_str(fee_per_cp_guess))
# From the estimated tx fees, check if the expected amount is a
# significant value compared the the cj amount; currently enabled
# only for single join (the predominant, non-advanced case)
if options.schedule == '' and options.makercount != 0:
total_cj_amount = amount
if total_cj_amount == 0:
total_cj_amount = wallet_service.get_balance_by_mixdepth()[
options.mixdepth]
if total_cj_amount == 0:
raise ValueError(
"No confirmed coins in the selected mixdepth. Quitting")
exp_tx_fees_ratio = (
(1 + options.makercount) * fee_per_cp_guess) / total_cj_amount
if exp_tx_fees_ratio > 0.05:
jmprint(
'WARNING: Expected bitcoin network miner fees for this coinjoin'
' amount are roughly {:.1%}'.format(exp_tx_fees_ratio),
"warning")
if input('You might want to modify your tx_fee'
' settings in joinmarket.cfg. Still continue? (y/n):'
)[0] != 'y':
sys.exit('Aborted by user.')
else:
log.info(
"Estimated miner/tx fees for this coinjoin amount: {:.1%}".
format(exp_tx_fees_ratio))
if options.makercount == 0 and not bip78url:
tx = direct_send(wallet_service,
amount,
mixdepth,
destaddr,
options.answeryes,
with_final_psbt=options.with_psbt)
if options.with_psbt:
log.info(
"This PSBT is fully signed and can be sent externally for "
"broadcasting:")
log.info(tx.to_base64())
return
if wallet.get_txtype() == 'p2pkh':
jmprint(
"Only direct sends (use -N 0) are supported for "
"legacy (non-segwit) wallets.", "error")
sys.exit(EXIT_ARGERROR)
def filter_orders_callback(orders_fees, cjamount):
orders, total_cj_fee = orders_fees
log.info("Chose these orders: " + pprint.pformat(orders))
log.info('total cj fee = ' + str(total_cj_fee))
total_fee_pc = 1.0 * total_cj_fee / cjamount
log.info('total coinjoin fee = ' +
str(float('%.3g' % (100.0 * total_fee_pc))) + '%')
WARNING_THRESHOLD = 0.02 # 2%
if total_fee_pc > WARNING_THRESHOLD:
log.info('\n'.join(['=' * 60] * 3))
log.info('WARNING ' * 6)
log.info('\n'.join(['=' * 60] * 1))
log.info(
'OFFERED COINJOIN FEE IS UNUSUALLY HIGH. DOUBLE/TRIPLE CHECK.')
log.info('\n'.join(['=' * 60] * 1))
log.info('WARNING ' * 6)
log.info('\n'.join(['=' * 60] * 3))
if not options.answeryes:
if input('send with these orders? (y/n):')[0] != 'y':
return False
return True
def taker_finished(res, fromtx=False, waittime=0.0, txdetails=None):
if fromtx == "unconfirmed":
#If final entry, stop *here*, don't wait for confirmation
if taker.schedule_index + 1 == len(taker.schedule):
reactor.stop()
return
if fromtx:
if res:
txd, txid = txdetails
reactor.callLater(waittime * 60,
clientfactory.getClient().clientStart)
else:
#a transaction failed; we'll try to repeat without the
#troublemakers.
#If this error condition is reached from Phase 1 processing,
#and there are less than minimum_makers honest responses, we
#just give up (note that in tumbler we tweak and retry, but
#for sendpayment the user is "online" and so can manually
#try again).
#However if the error is in Phase 2 and we have minimum_makers
#or more responses, we do try to restart with the honest set, here.
if taker.latest_tx is None:
#can only happen with < minimum_makers; see above.
log.info("A transaction failed but there are insufficient "
"honest respondants to continue; giving up.")
reactor.stop()
return
#This is Phase 2; do we have enough to try again?
taker.add_honest_makers(
list(
set(taker.maker_utxo_data.keys()).symmetric_difference(
set(taker.nonrespondants))))
if len(taker.honest_makers) < jm_single().config.getint(
"POLICY", "minimum_makers"):
log.info("Too few makers responded honestly; "
"giving up this attempt.")
reactor.stop()
return
jmprint("We failed to complete the transaction. The following "
"makers responded honestly: " + str(taker.honest_makers) +\
", so we will retry with them.", "warning")
#Now we have to set the specific group we want to use, and hopefully
#they will respond again as they showed honesty last time.
#we must reset the number of counterparties, as well as fix who they
#are; this is because the number is used to e.g. calculate fees.
#cleanest way is to reset the number in the schedule before restart.
taker.schedule[taker.schedule_index][2] = len(
taker.honest_makers)
log.info("Retrying with: " +
str(taker.schedule[taker.schedule_index][2]) +
" counterparties.")
#rewind to try again (index is incremented in Taker.initialize())
taker.schedule_index -= 1
taker.set_honest_only(True)
reactor.callLater(5.0, clientfactory.getClient().clientStart)
else:
if not res:
log.info("Did not complete successfully, shutting down")
#Should usually be unreachable, unless conf received out of order;
#because we should stop on 'unconfirmed' for last (see above)
else:
log.info("All transactions completed correctly")
reactor.stop()
if bip78url:
# TODO sanity check wallet type is segwit
manager = parse_payjoin_setup(args[1], wallet_service,
options.mixdepth)
reactor.callWhenRunning(send_payjoin, manager)
reactor.run()
return
else:
taker = Taker(wallet_service,
schedule,
order_chooser=chooseOrdersFunc,
max_cj_fee=maxcjfee,
callbacks=(filter_orders_callback, None, taker_finished))
clientfactory = JMClientProtocolFactory(taker)
nodaemon = jm_single().config.getint("DAEMON", "no_daemon")
daemon = True if nodaemon == 1 else False
if jm_single().config.get("BLOCKCHAIN", "network") == "regtest":
startLogging(sys.stdout)
start_reactor(jm_single().config.get("DAEMON", "daemon_host"),
jm_single().config.getint("DAEMON", "daemon_port"),
clientfactory,
daemon=daemon)
def prepare_my_bitcoin_data(self):
"""Get a coinjoin address and a change address; prepare inputs
appropriate for this transaction"""
if not self.my_cj_addr:
#previously used for donations; TODO reimplement?
raise NotImplementedError
self.my_change_addr = None
if self.cjamount != 0:
try:
self.my_change_addr = self.wallet_service.get_internal_addr(
self.mixdepth)
except:
self.taker_info_callback("ABORT",
"Failed to get a change address")
return False
#adjust the required amount upwards to anticipate an increase in
#transaction fees after re-estimation; this is sufficiently conservative
#to make failures unlikely while keeping the occurence of failure to
#find sufficient utxos extremely rare. Indeed, a doubling of 'normal'
#txfee indicates undesirable behaviour on maker side anyway.
self.total_txfee = estimate_tx_fee(
3, 2, txtype=self.wallet_service.get_txtype(
)) * self.n_counterparties
total_amount = self.cjamount + self.total_cj_fee + self.total_txfee
jlog.info('total estimated amount spent = ' +
btc.amount_to_str(total_amount))
try:
self.input_utxos = self.wallet_service.select_utxos(
self.mixdepth, total_amount, minconfs=1)
except Exception as e:
self.taker_info_callback(
"ABORT", "Unable to select sufficient coins: " + repr(e))
return False
else:
#sweep
self.input_utxos = self.wallet_service.get_utxos_by_mixdepth()[
self.mixdepth]
#do our best to estimate the fee based on the number of
#our own utxos; this estimate may be significantly higher
#than the default set in option.txfee * makercount, where
#we have a large number of utxos to spend. If it is smaller,
#we'll be conservative and retain the original estimate.
est_ins = len(self.input_utxos) + 3 * self.n_counterparties
jlog.debug("Estimated ins: " + str(est_ins))
est_outs = 2 * self.n_counterparties + 1
jlog.debug("Estimated outs: " + str(est_outs))
self.total_txfee = estimate_tx_fee(
est_ins, est_outs, txtype=self.wallet_service.get_txtype())
jlog.debug("We have a fee estimate: " + str(self.total_txfee))
total_value = sum(
[va['value'] for va in self.input_utxos.values()])
if self.wallet_service.get_txtype() == "p2pkh":
allowed_types = ["reloffer", "absoffer"]
elif self.wallet_service.get_txtype() == "p2sh-p2wpkh":
allowed_types = ["swreloffer", "swabsoffer"]
elif self.wallet_service.get_txtype() == "p2wpkh":
allowed_types = ["sw0reloffer", "sw0absoffer"]
else:
jlog.error("Unrecognized wallet type, taker cannot continue.")
return False
self.orderbook, self.cjamount, self.total_cj_fee = choose_sweep_orders(
self.orderbook,
total_value,
self.total_txfee,
self.n_counterparties,
self.order_chooser,
self.ignored_makers,
allowed_types=allowed_types,
max_cj_fee=self.max_cj_fee)
if not self.orderbook:
self.taker_info_callback(
"ABORT", "Could not find orders to complete transaction")
return False
if self.filter_orders_callback:
if not self.filter_orders_callback(
(self.orderbook, self.total_cj_fee), self.cjamount):
return False
self.utxos = {None: list(self.input_utxos.keys())}
return True
def receive_utxos(self, ioauth_data):
"""Triggered when the daemon returns utxo data from
makers who responded; this is the completion of phase 1
of the protocol
"""
if self.aborted:
return (False, "User aborted")
#Temporary list used to aggregate all ioauth data that must be removed
rejected_counterparties = []
#Need to authorize against the btc pubkey first.
for nick, nickdata in ioauth_data.items():
utxo_list, auth_pub, cj_addr, change_addr, btc_sig, maker_pk = nickdata
if not self.auth_counterparty(btc_sig, auth_pub, maker_pk):
jlog.debug(
"Counterparty encryption verification failed, aborting: " +
nick)
#This counterparty must be rejected
rejected_counterparties.append(nick)
if not validate_address(cj_addr)[0] or not validate_address(
change_addr)[0]:
jlog.warn("Counterparty provided invalid address: {}".format(
(cj_addr, change_addr)))
# Interpreted as malicious
self.add_ignored_makers([nick])
rejected_counterparties.append(nick)
for rc in rejected_counterparties:
del ioauth_data[rc]
self.maker_utxo_data = {}
for nick, nickdata in ioauth_data.items():
utxo_list, auth_pub, cj_addr, change_addr, _, _ = nickdata
utxo_data = jm_single().bc_interface.query_utxo_set(utxo_list)
self.utxos[nick] = utxo_list
if None in utxo_data:
jlog.warn(('ERROR outputs unconfirmed or already spent. '
'utxo_data={}').format(pprint.pformat(utxo_data)))
jlog.warn('Disregarding this counterparty.')
del self.utxos[nick]
continue
#Complete maker authorization:
#Extract the address fields from the utxos
#Construct the Bitcoin address for the auth_pub field
#Ensure that at least one address from utxos corresponds.
for inp in utxo_data:
try:
if self.wallet_service.pubkey_has_script(
auth_pub, inp['script']):
break
except EngineError as e:
pass
else:
jlog.warn("ERROR maker's (" + nick + ")"
" authorising pubkey is not included "
"in the transaction!")
#this will not be added to the transaction, so we will have
#to recheck if we have enough
continue
total_input = sum([d['value'] for d in utxo_data])
real_cjfee = calc_cj_fee(self.orderbook[nick]['ordertype'],
self.orderbook[nick]['cjfee'],
self.cjamount)
change_amount = (total_input - self.cjamount -
self.orderbook[nick]['txfee'] + real_cjfee)
# certain malicious and/or incompetent liquidity providers send
# inputs totalling less than the coinjoin amount! this leads to
# a change output of zero satoshis; this counterparty must be removed.
if change_amount < jm_single().DUST_THRESHOLD:
fmt = ('ERROR counterparty requires sub-dust change. nick={}'
'totalin={:d} cjamount={:d} change={:d}').format
jlog.warn(fmt(nick, total_input, self.cjamount, change_amount))
jlog.warn("Invalid change, too small, nick= " + nick)
continue
self.outputs.append({
'address': change_addr,
'value': change_amount
})
fmt = ('fee breakdown for {} totalin={:d} '
'cjamount={:d} txfee={:d} realcjfee={:d}').format
jlog.info(
fmt(nick, total_input, self.cjamount,
self.orderbook[nick]['txfee'], real_cjfee))
self.outputs.append({'address': cj_addr, 'value': self.cjamount})
self.cjfee_total += real_cjfee
self.maker_txfee_contributions += self.orderbook[nick]['txfee']
self.maker_utxo_data[nick] = utxo_data
#We have succesfully processed the data from this nick:
try:
self.nonrespondants.remove(nick)
except Exception as e:
jlog.warn("Failure to remove counterparty from nonrespondants list: " + str(nick) + \
", error message: " + repr(e))
#Apply business logic of how many counterparties are enough; note that
#this must occur after the above ioauth data processing, since we only now
#know for sure that the data meets all business-logic requirements.
if len(self.maker_utxo_data) < jm_single().config.getint(
"POLICY", "minimum_makers"):
self.taker_info_callback("INFO",
"Not enough counterparties, aborting.")
return (False,
"Not enough counterparties responded to fill, giving up")
self.taker_info_callback("INFO", "Got all parts, enough to build a tx")
#The list self.nonrespondants is now reset and
#used to track return of signatures for phase 2
self.nonrespondants = list(self.maker_utxo_data.keys())
my_total_in = sum([va['value'] for u, va in self.input_utxos.items()])
if self.my_change_addr:
#Estimate fee per choice of next/3/6 blocks targetting.
estimated_fee = estimate_tx_fee(
len(sum(self.utxos.values(), [])),
len(self.outputs) + 2,
txtype=self.wallet_service.get_txtype())
jlog.info("Based on initial guess: " +
btc.amount_to_str(self.total_txfee) +
", we estimated a miner fee of: " +
btc.amount_to_str(estimated_fee))
#reset total
self.total_txfee = estimated_fee
my_txfee = max(self.total_txfee - self.maker_txfee_contributions, 0)
my_change_value = (my_total_in - self.cjamount - self.cjfee_total -
my_txfee)
#Since we could not predict the maker's inputs, we may end up needing
#too much such that the change value is negative or small. Note that
#we have tried to avoid this based on over-estimating the needed amount
#in SendPayment.create_tx(), but it is still a possibility if one maker
#uses a *lot* of inputs.
if self.my_change_addr:
if my_change_value < -1:
raise ValueError(
"Calculated transaction fee of: " +
btc.amount_to_str(self.total_txfee) +
" is too large for our inputs; Please try again.")
if my_change_value <= jm_single().BITCOIN_DUST_THRESHOLD:
jlog.info("Dynamically calculated change lower than dust: " +
btc.amount_to_str(my_change_value) + "; dropping.")
self.my_change_addr = None
my_change_value = 0
jlog.info(
'fee breakdown for me totalin=%d my_txfee=%d makers_txfee=%d cjfee_total=%d => changevalue=%d'
% (my_total_in, my_txfee, self.maker_txfee_contributions,
self.cjfee_total, my_change_value))
if self.my_change_addr is None:
if my_change_value != 0 and abs(my_change_value) != 1:
# seems you wont always get exactly zero because of integer
# rounding so 1 satoshi extra or fewer being spent as miner
# fees is acceptable
jlog.info(
('WARNING CHANGE NOT BEING USED\nCHANGEVALUE = {}').format(
btc.amount_to_str(my_change_value)))
# we need to check whether the *achieved* txfee-rate is outside
# the range allowed by the user in config; if not, abort the tx.
# this is done with using the same estimate fee function and comparing
# the totals; this ratio will correspond to the ratio of the feerates.
num_ins = len([u for u in sum(self.utxos.values(), [])])
num_outs = len(self.outputs) + 2
new_total_fee = estimate_tx_fee(
num_ins, num_outs, txtype=self.wallet_service.get_txtype())
feeratio = self.total_txfee / new_total_fee
jlog.debug(
"Ratio of actual to estimated sweep fee: {}".format(feeratio))
sweep_delta = float(jm_single().config.get("POLICY",
"max_sweep_fee_change"))
if feeratio < 1 - sweep_delta or feeratio > 1 + sweep_delta:
jlog.warn(
"Transaction fee for sweep: {} too far from expected:"
" {}; check the setting 'max_sweep_fee_change'"
" in joinmarket.cfg. Aborting this attempt.".format(
self.total_txfee, new_total_fee))
return (False, "Unacceptable feerate for sweep, giving up.")
else:
self.outputs.append({
'address': self.my_change_addr,
'value': my_change_value
})
self.utxo_tx = [u for u in sum(self.utxos.values(), [])]
self.outputs.append({
'address': self.coinjoin_address(),
'value': self.cjamount
})
# pre-Nov-2020/v0.8.0: transactions used ver 1 and nlocktime 0
# so only the new "pit" (using native segwit) will use the updated
# version 2 and nlocktime ~ current block as per normal payments.
# TODO makers do not check this; while there is no security risk,
# it might be better for them to sanity check.
if self.wallet_service.get_txtype() == "p2wpkh":
n_version = 2
locktime = compute_tx_locktime()
else:
n_version = 1
locktime = 0
self.latest_tx = btc.make_shuffled_tx(self.utxo_tx,
self.outputs,
version=n_version,
locktime=locktime)
jlog.info('obtained tx\n' +
btc.human_readable_transaction(self.latest_tx))
self.taker_info_callback("INFO",
"Built tx, sending to counterparties.")
return (True, list(self.maker_utxo_data.keys()),
bintohex(self.latest_tx.serialize()))
def direct_send(wallet_service,
amount,
mixdepth,
destination,
answeryes=False,
accept_callback=None,
info_callback=None,
error_callback=None,
return_transaction=False,
with_final_psbt=False,
optin_rbf=False,
custom_change_addr=None):
"""Send coins directly from one mixdepth to one destination address;
does not need IRC. Sweep as for normal sendpayment (set amount=0).
If answeryes is True, callback/command line query is not performed.
If optin_rbf is True, the nSequence values are changed as appropriate.
If accept_callback is None, command line input for acceptance is assumed,
else this callback is called:
accept_callback:
====
args:
deserialized tx, destination address, amount in satoshis,
fee in satoshis, custom change address
returns:
True if accepted, False if not
====
info_callback and error_callback takes one parameter, the information
message (when tx is pushed or error occured), and returns nothing.
This function returns:
1. False if there is any failure.
2. The txid if transaction is pushed, and return_transaction is False,
and with_final_psbt is False.
3. The full CMutableTransaction if return_transaction is True and
with_final_psbt is False.
4. The PSBT object if with_final_psbt is True, and in
this case the transaction is *NOT* broadcast.
"""
#Sanity checks
assert validate_address(destination)[0] or is_burn_destination(destination)
assert custom_change_addr is None or validate_address(
custom_change_addr)[0]
assert amount > 0 or custom_change_addr is None
assert isinstance(mixdepth, numbers.Integral)
assert mixdepth >= 0
assert isinstance(amount, numbers.Integral)
assert amount >= 0
assert isinstance(wallet_service.wallet, BaseWallet)
if is_burn_destination(destination):
#Additional checks
if not isinstance(wallet_service.wallet, FidelityBondMixin):
log.error("Only fidelity bond wallets can burn coins")
return
if answeryes:
log.error(
"Burning coins not allowed without asking for confirmation")
return
if mixdepth != FidelityBondMixin.FIDELITY_BOND_MIXDEPTH:
log.error("Burning coins only allowed from mixdepth " +
str(FidelityBondMixin.FIDELITY_BOND_MIXDEPTH))
return
if amount != 0:
log.error(
"Only sweeping allowed when burning coins, to keep the tx " +
"small. Tip: use the coin control feature to freeze utxos")
return
txtype = wallet_service.get_txtype()
if amount == 0:
#doing a sweep
utxos = wallet_service.get_utxos_by_mixdepth()[mixdepth]
if utxos == {}:
log.error("There are no available utxos in mixdepth: " +
str(mixdepth) + ", quitting.")
return
total_inputs_val = sum([va['value'] for u, va in utxos.items()])
if is_burn_destination(destination):
if len(utxos) > 1:
log.error(
"Only one input allowed when burning coins, to keep " +
"the tx small. Tip: use the coin control feature to freeze utxos"
)
return
address_type = FidelityBondMixin.BIP32_BURN_ID
index = wallet_service.wallet.get_next_unused_index(
mixdepth, address_type)
path = wallet_service.wallet.get_path(mixdepth, address_type,
index)
privkey, engine = wallet_service.wallet._get_key_from_path(path)
pubkey = engine.privkey_to_pubkey(privkey)
pubkeyhash = Hash160(pubkey)
#size of burn output is slightly different from regular outputs
burn_script = mk_burn_script(pubkeyhash)
fee_est = estimate_tx_fee(len(utxos),
0,
txtype=txtype,
extra_bytes=len(burn_script) / 2)
outs = [{
"script": burn_script,
"value": total_inputs_val - fee_est
}]
destination = "BURNER OUTPUT embedding pubkey at " \
+ wallet_service.wallet.get_path_repr(path) \
+ "\n\nWARNING: This transaction if broadcasted will PERMANENTLY DESTROY your bitcoins\n"
else:
#regular sweep (non-burn)
fee_est = estimate_tx_fee(len(utxos), 1, txtype=txtype)
outs = [{
"address": destination,
"value": total_inputs_val - fee_est
}]
else:
#not doing a sweep; we will have change
#8 inputs to be conservative
initial_fee_est = estimate_tx_fee(8, 2, txtype=txtype)
utxos = wallet_service.select_utxos(mixdepth, amount + initial_fee_est)
if len(utxos) < 8:
fee_est = estimate_tx_fee(len(utxos), 2, txtype=txtype)
else:
fee_est = initial_fee_est
total_inputs_val = sum([va['value'] for u, va in utxos.items()])
changeval = total_inputs_val - fee_est - amount
outs = [{"value": amount, "address": destination}]
change_addr = wallet_service.get_internal_addr(mixdepth) if custom_change_addr is None \
else custom_change_addr
outs.append({"value": changeval, "address": change_addr})
#compute transaction locktime, has special case for spending timelocked coins
tx_locktime = compute_tx_locktime()
if mixdepth == FidelityBondMixin.FIDELITY_BOND_MIXDEPTH and \
isinstance(wallet_service.wallet, FidelityBondMixin):
for outpoint, utxo in utxos.items():
path = wallet_service.script_to_path(utxo["script"])
if not FidelityBondMixin.is_timelocked_path(path):
continue
path_locktime = path[-1]
tx_locktime = max(tx_locktime, path_locktime + 1)
#compute_tx_locktime() gives a locktime in terms of block height
#timelocked addresses use unix time instead
#OP_CHECKLOCKTIMEVERIFY can only compare like with like, so we
#must use unix time as the transaction locktime
#Now ready to construct transaction
log.info("Using a fee of: " + amount_to_str(fee_est) + ".")
if amount != 0:
log.info("Using a change value of: " + amount_to_str(changeval) + ".")
tx = make_shuffled_tx(list(utxos.keys()), outs, 2, tx_locktime)
if optin_rbf:
for inp in tx.vin:
inp.nSequence = 0xffffffff - 2
inscripts = {}
spent_outs = []
for i, txinp in enumerate(tx.vin):
u = (txinp.prevout.hash[::-1], txinp.prevout.n)
inscripts[i] = (utxos[u]["script"], utxos[u]["value"])
spent_outs.append(CMutableTxOut(utxos[u]["value"], utxos[u]["script"]))
if with_final_psbt:
# here we have the PSBTWalletMixin do the signing stage
# for us:
new_psbt = wallet_service.create_psbt_from_tx(tx,
spent_outs=spent_outs)
serialized_psbt, err = wallet_service.sign_psbt(new_psbt.serialize())
if err:
log.error("Failed to sign PSBT, quitting. Error message: " + err)
return False
new_psbt_signed = PartiallySignedTransaction.deserialize(
serialized_psbt)
print("Completed PSBT created: ")
print(wallet_service.human_readable_psbt(new_psbt_signed))
return new_psbt_signed
else:
success, msg = wallet_service.sign_tx(tx, inscripts)
if not success:
log.error("Failed to sign transaction, quitting. Error msg: " +
msg)
return
log.info("Got signed transaction:\n")
log.info(human_readable_transaction(tx))
actual_amount = amount if amount != 0 else total_inputs_val - fee_est
sending_info = "Sends: " + amount_to_str(actual_amount) + \
" to destination: " + destination
if custom_change_addr:
sending_info += ", custom change to: " + custom_change_addr
log.info(sending_info)
if not answeryes:
if not accept_callback:
if input('Would you like to push to the network? (y/n):'
)[0] != 'y':
log.info(
"You chose not to broadcast the transaction, quitting."
)
return False
else:
accepted = accept_callback(human_readable_transaction(tx),
destination, actual_amount, fee_est,
custom_change_addr)
if not accepted:
return False
if jm_single().bc_interface.pushtx(tx.serialize()):
txid = bintohex(tx.GetTxid()[::-1])
successmsg = "Transaction sent: " + txid
cb = log.info if not info_callback else info_callback
cb(successmsg)
txinfo = txid if not return_transaction else tx
return txinfo
else:
errormsg = "Transaction broadcast failed!"
cb = log.error if not error_callback else error_callback
cb(errormsg)
return False
def initialize(self, orderbook):
"""Once the daemon is active and has returned the current orderbook,
select offers, re-initialize variables and prepare a commitment,
then send it to the protocol to fill offers.
"""
if self.aborted:
return (False, )
self.taker_info_callback("INFO", "Received offers from joinmarket pit")
#choose the next item in the schedule
self.schedule_index += 1
if self.schedule_index == len(self.schedule):
self.taker_info_callback("INFO",
"Finished all scheduled transactions")
self.on_finished_callback(True)
return (False, )
else:
#read the settings from the schedule entry
si = self.schedule[self.schedule_index]
self.mixdepth = si[0]
self.cjamount = si[1]
rounding = si[5]
#non-integer coinjoin amounts are treated as fractions
#this is currently used by the tumbler algo
if isinstance(self.cjamount, float):
#the mixdepth balance is fixed at the *start* of each new
#mixdepth in tumble schedules:
if self.schedule_index == 0 or si[0] != self.schedule[
self.schedule_index - 1]:
self.mixdepthbal = self.wallet_service.get_balance_by_mixdepth(
)[self.mixdepth]
#reset to satoshis
self.cjamount = int(self.cjamount * self.mixdepthbal)
if rounding != NO_ROUNDING:
self.cjamount = round_to_significant_figures(
self.cjamount, rounding)
if self.cjamount < jm_single().mincjamount:
jlog.info("Coinjoin amount too low, bringing up to: " +
btc.amount_to_str(jm_single().mincjamount))
self.cjamount = jm_single().mincjamount
self.n_counterparties = si[2]
self.my_cj_addr = si[3]
# for sweeps to external addresses we need an in-wallet import
# for the transaction monitor (this will be a no-op for txs to
# in-wallet addresses).
if self.cjamount == 0 and self.my_cj_addr != "INTERNAL":
self.wallet_service.import_non_wallet_address(self.my_cj_addr)
#if destination is flagged "INTERNAL", choose a destination
#from the next mixdepth modulo the maxmixdepth
if self.my_cj_addr == "INTERNAL":
next_mixdepth = (self.mixdepth +
1) % (self.wallet_service.mixdepth + 1)
jlog.info("Choosing a destination from mixdepth: " +
str(next_mixdepth))
self.my_cj_addr = self.wallet_service.get_internal_addr(
next_mixdepth)
jlog.info("Chose destination address: " + self.my_cj_addr)
self.outputs = []
self.cjfee_total = 0
self.maker_txfee_contributions = 0
self.latest_tx = None
self.txid = None
sweep = True if self.cjamount == 0 else False
if not self.filter_orderbook(orderbook, sweep):
return (False, )
#choose coins to spend
self.taker_info_callback("INFO", "Preparing bitcoin data..")
if not self.prepare_my_bitcoin_data():
return (False, )
#Prepare a commitment
commitment, revelation, errmsg = self.make_commitment()
if not commitment:
utxo_pairs, to, ts = revelation
if len(to) == 0:
#If any utxos are too new, then we can continue retrying
#until they get old enough; otherwise, we have to abort
#(TODO, it's possible for user to dynamically add more coins,
#consider if this option means we should stay alive).
self.taker_info_callback("ABORT", errmsg)
return ("commitment-failure", )
else:
self.taker_info_callback("INFO", errmsg)
return (False, )
else:
self.taker_info_callback("INFO", errmsg)
#Initialization has been successful. We must set the nonrespondants
#now to keep track of what changed when we receive the utxo data
self.nonrespondants = list(self.orderbook.keys())
return (True, self.cjamount, commitment, revelation, self.orderbook)
def main():
parser = get_sendpayment_parser()
(options, args) = parser.parse_args()
load_program_config(config_path=options.datadir)
if options.p2ep and len(args) != 3:
parser.error("PayJoin requires exactly three arguments: "
"wallet, amount and destination address.")
sys.exit(EXIT_ARGERROR)
elif options.schedule == '' and len(args) != 3:
parser.error("Joinmarket sendpayment (coinjoin) needs arguments:"
" wallet, amount and destination address")
sys.exit(EXIT_ARGERROR)
#without schedule file option, use the arguments to create a schedule
#of a single transaction
sweeping = False
if options.schedule == '':
amount = btc.amount_to_sat(args[1])
if amount == 0:
sweeping = True
destaddr = args[2]
mixdepth = options.mixdepth
addr_valid, errormsg = validate_address(destaddr)
if not addr_valid:
jmprint('ERROR: Address invalid. ' + errormsg, "error")
sys.exit(EXIT_ARGERROR)
if sweeping == False and amount < DUST_THRESHOLD:
jmprint(
'ERROR: Amount ' + btc.amount_to_str(amount) +
' is below dust threshold ' +
btc.amount_to_str(DUST_THRESHOLD) + '.', "error")
sys.exit(EXIT_ARGERROR)
if (options.makercount != 0
and options.makercount < jm_single().config.getint(
"POLICY", "minimum_makers")):
jmprint(
'ERROR: Maker count ' + str(options.makercount) +
' below minimum_makers (' +
str(jm_single().config.getint("POLICY", "minimum_makers")) +
') in joinmarket.cfg.', "error")
sys.exit(EXIT_ARGERROR)
schedule = [[
options.mixdepth, amount, options.makercount, destaddr, 0.0,
NO_ROUNDING, 0
]]
else:
if options.p2ep:
parser.error("Schedule files are not compatible with PayJoin")
sys.exit(EXIT_FAILURE)
result, schedule = get_schedule(options.schedule)
if not result:
log.error(
"Failed to load schedule file, quitting. Check the syntax.")
log.error("Error was: " + str(schedule))
sys.exit(EXIT_FAILURE)
mixdepth = 0
for s in schedule:
if s[1] == 0:
sweeping = True
#only used for checking the maximum mixdepth required
mixdepth = max([mixdepth, s[0]])
wallet_name = args[0]
check_regtest()
if options.pickorders:
chooseOrdersFunc = pick_order
if sweeping:
jmprint('WARNING: You may have to pick offers multiple times',
"warning")
jmprint('WARNING: due to manual offer picking while sweeping',
"warning")
else:
chooseOrdersFunc = options.order_choose_fn
# If tx_fees are set manually by CLI argument, override joinmarket.cfg:
if int(options.txfee) > 0:
jm_single().config.set("POLICY", "tx_fees", str(options.txfee))
# Dynamically estimate a realistic fee if it currently is the default value.
# At this point we do not know even the number of our own inputs, so
# we guess conservatively with 2 inputs and 2 outputs each.
if options.txfee == -1:
options.txfee = max(options.txfee,
estimate_tx_fee(2, 2, txtype="p2sh-p2wpkh"))
log.debug("Estimated miner/tx fee for each cj participant: " +
str(options.txfee))
assert (options.txfee >= 0)
maxcjfee = (1, float('inf'))
if not options.p2ep and not options.pickorders and options.makercount != 0:
maxcjfee = get_max_cj_fee_values(jm_single().config, options)
log.info("Using maximum coinjoin fee limits per maker of {:.4%}, {} "
"".format(maxcjfee[0], btc.amount_to_str(maxcjfee[1])))
log.debug('starting sendpayment')
max_mix_depth = max([mixdepth, options.amtmixdepths - 1])
wallet_path = get_wallet_path(wallet_name, None)
wallet = open_test_wallet_maybe(
wallet_path,
wallet_name,
max_mix_depth,
wallet_password_stdin=options.wallet_password_stdin,
gap_limit=options.gaplimit)
wallet_service = WalletService(wallet)
# in this script, we need the wallet synced before
# logic processing for some paths, so do it now:
while not wallet_service.synced:
wallet_service.sync_wallet(fast=not options.recoversync)
# the sync call here will now be a no-op:
wallet_service.startService()
# From the estimated tx fees, check if the expected amount is a
# significant value compared the the cj amount; currently enabled
# only for single join (the predominant, non-advanced case)
if options.schedule == '':
total_cj_amount = amount
if total_cj_amount == 0:
total_cj_amount = wallet_service.get_balance_by_mixdepth()[
options.mixdepth]
if total_cj_amount == 0:
raise ValueError(
"No confirmed coins in the selected mixdepth. Quitting")
exp_tx_fees_ratio = (
(1 + options.makercount) * options.txfee) / total_cj_amount
if exp_tx_fees_ratio > 0.05:
jmprint(
'WARNING: Expected bitcoin network miner fees for this coinjoin'
' amount are roughly {:.1%}'.format(exp_tx_fees_ratio),
"warning")
if input('You might want to modify your tx_fee'
' settings in joinmarket.cfg. Still continue? (y/n):'
)[0] != 'y':
sys.exit('Aborted by user.')
else:
log.info(
"Estimated miner/tx fees for this coinjoin amount: {:.1%}".
format(exp_tx_fees_ratio))
if options.makercount == 0 and not options.p2ep:
direct_send(wallet_service, amount, mixdepth, destaddr,
options.answeryes)
return
if wallet.get_txtype() == 'p2pkh':
jmprint(
"Only direct sends (use -N 0) are supported for "
"legacy (non-segwit) wallets.", "error")
sys.exit(EXIT_ARGERROR)
def filter_orders_callback(orders_fees, cjamount):
orders, total_cj_fee = orders_fees
log.info("Chose these orders: " + pprint.pformat(orders))
log.info('total cj fee = ' + str(total_cj_fee))
total_fee_pc = 1.0 * total_cj_fee / cjamount
log.info('total coinjoin fee = ' +
str(float('%.3g' % (100.0 * total_fee_pc))) + '%')
WARNING_THRESHOLD = 0.02 # 2%
if total_fee_pc > WARNING_THRESHOLD:
log.info('\n'.join(['=' * 60] * 3))
log.info('WARNING ' * 6)
log.info('\n'.join(['=' * 60] * 1))
log.info(
'OFFERED COINJOIN FEE IS UNUSUALLY HIGH. DOUBLE/TRIPLE CHECK.')
log.info('\n'.join(['=' * 60] * 1))
log.info('WARNING ' * 6)
log.info('\n'.join(['=' * 60] * 3))
if not options.answeryes:
if input('send with these orders? (y/n):')[0] != 'y':
return False
return True
def taker_finished(res, fromtx=False, waittime=0.0, txdetails=None):
if fromtx == "unconfirmed":
#If final entry, stop *here*, don't wait for confirmation
if taker.schedule_index + 1 == len(taker.schedule):
reactor.stop()
return
if fromtx:
if res:
txd, txid = txdetails
reactor.callLater(waittime * 60,
clientfactory.getClient().clientStart)
else:
#a transaction failed; we'll try to repeat without the
#troublemakers.
#If this error condition is reached from Phase 1 processing,
#and there are less than minimum_makers honest responses, we
#just give up (note that in tumbler we tweak and retry, but
#for sendpayment the user is "online" and so can manually
#try again).
#However if the error is in Phase 2 and we have minimum_makers
#or more responses, we do try to restart with the honest set, here.
if taker.latest_tx is None:
#can only happen with < minimum_makers; see above.
log.info("A transaction failed but there are insufficient "
"honest respondants to continue; giving up.")
reactor.stop()
return
#This is Phase 2; do we have enough to try again?
taker.add_honest_makers(
list(
set(taker.maker_utxo_data.keys()).symmetric_difference(
set(taker.nonrespondants))))
if len(taker.honest_makers) < jm_single().config.getint(
"POLICY", "minimum_makers"):
log.info("Too few makers responded honestly; "
"giving up this attempt.")
reactor.stop()
return
jmprint("We failed to complete the transaction. The following "
"makers responded honestly: " + str(taker.honest_makers) +\
", so we will retry with them.", "warning")
#Now we have to set the specific group we want to use, and hopefully
#they will respond again as they showed honesty last time.
#we must reset the number of counterparties, as well as fix who they
#are; this is because the number is used to e.g. calculate fees.
#cleanest way is to reset the number in the schedule before restart.
taker.schedule[taker.schedule_index][2] = len(
taker.honest_makers)
log.info("Retrying with: " +
str(taker.schedule[taker.schedule_index][2]) +
" counterparties.")
#rewind to try again (index is incremented in Taker.initialize())
taker.schedule_index -= 1
taker.set_honest_only(True)
reactor.callLater(5.0, clientfactory.getClient().clientStart)
else:
if not res:
log.info("Did not complete successfully, shutting down")
#Should usually be unreachable, unless conf received out of order;
#because we should stop on 'unconfirmed' for last (see above)
else:
log.info("All transactions completed correctly")
reactor.stop()
if options.p2ep:
# This workflow requires command line reading; we force info level logging
# to remove noise, and mostly communicate to the user with the fn
# log.info (directly or via default taker_info_callback).
set_logging_level("INFO")
# in the case where the payment just hangs for a long period, allow
# it to fail gracefully with an information message; this is triggered
# only by the stallMonitor, which gives up after 20*maker_timeout_sec:
def p2ep_on_finished_callback(res,
fromtx=False,
waittime=0.0,
txdetails=None):
log.error("PayJoin payment was NOT made, timed out.")
reactor.stop()
taker = P2EPTaker(options.p2ep,
wallet_service,
schedule,
callbacks=(None, None, p2ep_on_finished_callback))
else:
taker = Taker(wallet_service,
schedule,
order_chooser=chooseOrdersFunc,
max_cj_fee=maxcjfee,
callbacks=(filter_orders_callback, None, taker_finished))
clientfactory = JMClientProtocolFactory(taker)
nodaemon = jm_single().config.getint("DAEMON", "no_daemon")
daemon = True if nodaemon == 1 else False
p2ep = True if options.p2ep != "" else False
if jm_single().config.get("BLOCKCHAIN",
"network") in ["regtest", "testnet"]:
startLogging(sys.stdout)
start_reactor(jm_single().config.get("DAEMON", "daemon_host"),
jm_single().config.getint("DAEMON", "daemon_port"),
clientfactory,
daemon=daemon,
p2ep=p2ep)
def direct_send(wallet_service, amount, mixdepth, destination, answeryes=False,
accept_callback=None, info_callback=None):
"""Send coins directly from one mixdepth to one destination address;
does not need IRC. Sweep as for normal sendpayment (set amount=0).
If answeryes is True, callback/command line query is not performed.
If accept_callback is None, command line input for acceptance is assumed,
else this callback is called:
accept_callback:
====
args:
deserialized tx, destination address, amount in satoshis, fee in satoshis
returns:
True if accepted, False if not
====
The info_callback takes one parameter, the information message (when tx is
pushed), and returns nothing.
This function returns:
The txid if transaction is pushed, False otherwise
"""
#Sanity checks
assert validate_address(destination)[0] or is_burn_destination(destination)
assert isinstance(mixdepth, numbers.Integral)
assert mixdepth >= 0
assert isinstance(amount, numbers.Integral)
assert amount >=0
assert isinstance(wallet_service.wallet, BaseWallet)
if is_burn_destination(destination):
#Additional checks
if not isinstance(wallet_service.wallet, FidelityBondMixin):
log.error("Only fidelity bond wallets can burn coins")
return
if answeryes:
log.error("Burning coins not allowed without asking for confirmation")
return
if mixdepth != FidelityBondMixin.FIDELITY_BOND_MIXDEPTH:
log.error("Burning coins only allowed from mixdepth " + str(
FidelityBondMixin.FIDELITY_BOND_MIXDEPTH))
return
if amount != 0:
log.error("Only sweeping allowed when burning coins, to keep the tx " +
"small. Tip: use the coin control feature to freeze utxos")
return
from pprint import pformat
txtype = wallet_service.get_txtype()
if amount == 0:
utxos = wallet_service.get_utxos_by_mixdepth()[mixdepth]
if utxos == {}:
log.error(
"There are no available utxos in mixdepth: " + str(mixdepth) + ", quitting.")
return
total_inputs_val = sum([va['value'] for u, va in iteritems(utxos)])
if is_burn_destination(destination):
if len(utxos) > 1:
log.error("Only one input allowed when burning coins, to keep "
+ "the tx small. Tip: use the coin control feature to freeze utxos")
return
address_type = FidelityBondMixin.BIP32_BURN_ID
index = wallet_service.wallet.get_next_unused_index(mixdepth, address_type)
path = wallet_service.wallet.get_path(mixdepth, address_type, index)
privkey, engine = wallet_service.wallet._get_key_from_path(path)
pubkey = engine.privkey_to_pubkey(privkey)
pubkeyhash = bin_hash160(pubkey)
#size of burn output is slightly different from regular outputs
burn_script = mk_burn_script(pubkeyhash) #in hex
fee_est = estimate_tx_fee(len(utxos), 0, txtype=txtype, extra_bytes=len(burn_script)/2)
outs = [{"script": burn_script, "value": total_inputs_val - fee_est}]
destination = "BURNER OUTPUT embedding pubkey at " \
+ wallet_service.wallet.get_path_repr(path) \
+ "\n\nWARNING: This transaction if broadcasted will PERMANENTLY DESTROY your bitcoins\n"
else:
#regular send (non-burn)
fee_est = estimate_tx_fee(len(utxos), 1, txtype=txtype)
outs = [{"address": destination, "value": total_inputs_val - fee_est}]
else:
#8 inputs to be conservative
initial_fee_est = estimate_tx_fee(8,2, txtype=txtype)
utxos = wallet_service.select_utxos(mixdepth, amount + initial_fee_est)
if len(utxos) < 8:
fee_est = estimate_tx_fee(len(utxos), 2, txtype=txtype)
else:
fee_est = initial_fee_est
total_inputs_val = sum([va['value'] for u, va in iteritems(utxos)])
changeval = total_inputs_val - fee_est - amount
outs = [{"value": amount, "address": destination}]
change_addr = wallet_service.get_internal_addr(mixdepth)
outs.append({"value": changeval, "address": change_addr})
#compute transaction locktime, has special case for spending timelocked coins
tx_locktime = compute_tx_locktime()
if mixdepth == FidelityBondMixin.FIDELITY_BOND_MIXDEPTH and \
isinstance(wallet_service.wallet, FidelityBondMixin):
for outpoint, utxo in utxos.items():
path = wallet_service.script_to_path(
wallet_service.addr_to_script(utxo["address"]))
if not FidelityBondMixin.is_timelocked_path(path):
continue
path_locktime = path[-1]
tx_locktime = max(tx_locktime, path_locktime+1)
#compute_tx_locktime() gives a locktime in terms of block height
#timelocked addresses use unix time instead
#OP_CHECKLOCKTIMEVERIFY can only compare like with like, so we
#must use unix time as the transaction locktime
#Now ready to construct transaction
log.info("Using a fee of : " + amount_to_str(fee_est) + ".")
if amount != 0:
log.info("Using a change value of: " + amount_to_str(changeval) + ".")
txsigned = sign_tx(wallet_service, make_shuffled_tx(
list(utxos.keys()), outs, False, 2, tx_locktime), utxos)
log.info("Got signed transaction:\n")
log.info(pformat(txsigned))
tx = serialize(txsigned)
log.info("In serialized form (for copy-paste):")
log.info(tx)
actual_amount = amount if amount != 0 else total_inputs_val - fee_est
log.info("Sends: " + amount_to_str(actual_amount) + " to destination: " + destination)
if not answeryes:
if not accept_callback:
if input('Would you like to push to the network? (y/n):')[0] != 'y':
log.info("You chose not to broadcast the transaction, quitting.")
return False
else:
accepted = accept_callback(pformat(txsigned), destination, actual_amount,
fee_est)
if not accepted:
return False
jm_single().bc_interface.pushtx(tx)
txid = txhash(tx)
successmsg = "Transaction sent: " + txid
cb = log.info if not info_callback else info_callback
cb(successmsg)
return txid
def verify_unsigned_tx(self, tx, offerinfo):
"""This code is security-critical.
Before signing the transaction the Maker must ensure
that all details are as expected, and most importantly
that it receives the exact number of coins to expected
in total. The data is taken from the offerinfo dict and
compared with the serialized txhex.
"""
tx_utxo_set = set((x.prevout.hash[::-1], x.prevout.n) for x in tx.vin)
utxos = offerinfo["utxos"]
cjaddr = offerinfo["cjaddr"]
cjaddr_script = btc.CCoinAddress(cjaddr).to_scriptPubKey()
changeaddr = offerinfo["changeaddr"]
changeaddr_script = btc.CCoinAddress(changeaddr).to_scriptPubKey()
#Note: this value is under the control of the Taker,
#see comment below.
amount = offerinfo["amount"]
cjfee = offerinfo["offer"]["cjfee"]
txfee = offerinfo["offer"]["txfee"]
ordertype = offerinfo["offer"]["ordertype"]
my_utxo_set = set(utxos.keys())
if not tx_utxo_set.issuperset(my_utxo_set):
return (False, 'my utxos are not contained')
#The three lines below ensure that the Maker receives
#back what he puts in, minus his bitcointxfee contribution,
#plus his expected fee. These values are fully under
#Maker control so no combination of messages from the Taker
#can change them.
#(mathematically: amount + expected_change_value is independent
#of amount); there is not a (known) way for an attacker to
#alter the amount (note: !fill resubmissions *overwrite*
#the active_orders[dict] entry in daemon), but this is an
#extra layer of safety.
my_total_in = sum([va['value'] for va in utxos.values()])
real_cjfee = calc_cj_fee(ordertype, cjfee, amount)
expected_change_value = (my_total_in - amount - txfee + real_cjfee)
potentially_earned = real_cjfee - txfee
if potentially_earned < 0:
return (False, "A negative earning was calculated: {}.".format(
potentially_earned))
jlog.info('potentially earned = {}'.format(
btc.amount_to_str(potentially_earned)))
jlog.info('mycjaddr, mychange = {}, {}'.format(cjaddr, changeaddr))
#The remaining checks are needed to ensure
#that the coinjoin and change addresses occur
#exactly once with the required amts, in the output.
times_seen_cj_addr = 0
times_seen_change_addr = 0
for outs in tx.vout:
if outs.scriptPubKey == cjaddr_script:
times_seen_cj_addr += 1
if outs.nValue != amount:
return (False, 'Wrong cj_amount. I expect ' + str(amount))
if outs.scriptPubKey == changeaddr_script:
times_seen_change_addr += 1
if outs.nValue != expected_change_value:
return (False, 'wrong change, i expect ' +
str(expected_change_value))
if times_seen_cj_addr != 1 or times_seen_change_addr != 1:
fmt = ('cj or change addr not in tx '
'outputs once, #cjaddr={}, #chaddr={}').format
return (False, (fmt(times_seen_cj_addr, times_seen_change_addr)))
return (True, None)
def test_amount_to_str():
assert (btc.amount_to_str("1") == "0.00000001 BTC (1 sat)")
assert (btc.amount_to_str("1sat") == "0.00000001 BTC (1 sat)")
assert (btc.amount_to_str("1.123sat") == "0.00000001 BTC (1 sat)")
assert (btc.amount_to_str("0.00000001") == "0.00000001 BTC (1 sat)")
assert (btc.amount_to_str("0.00000001btc") == "0.00000001 BTC (1 sat)")
assert (btc.amount_to_str("0.00000001BTC") == "0.00000001 BTC (1 sat)")
assert (
btc.amount_to_str("1.00000000") == "1.00000000 BTC (100000000 sat)")
assert (btc.amount_to_str("1.12300000sat") == "0.00000001 BTC (1 sat)")
assert (btc.amount_to_str("1btc") == "1.00000000 BTC (100000000 sat)")
assert (btc.amount_to_str("1BTC") == "1.00000000 BTC (100000000 sat)")
with pytest.raises(ValueError):
btc.amount_to_str("")
btc.amount_to_str("invalidamount")
btc.amount_to_str("123inv")
def create_my_orders(self):
mix_balance = self.get_available_mixdepths()
# We publish ONLY the maximum amount and use minsize for lower bound;
# leave it to oid_to_order to figure out the right depth to use.
f = '0'
if self.ordertype in ['swreloffer', 'sw0reloffer']:
f = self.cjfee_r
elif self.ordertype in ['swabsoffer', 'sw0absoffer']:
f = str(self.txfee_contribution + self.cjfee_a)
mix_balance = dict([(m, b) for m, b in iteritems(mix_balance)
if b > self.minsize])
if len(mix_balance) == 0:
jlog.error('You do not have the minimum required amount of coins'
' to be a maker: ' + str(self.minsize) + \
'\nTry setting txfee_contribution to zero and/or '
'lowering the minsize.')
return []
max_mix = max(mix_balance, key=mix_balance.get)
# randomizing the different values
randomize_txfee = int(random.uniform(
self.txfee_contribution * (1 - float(self.txfee_contribution_factor)),
self.txfee_contribution * (1 + float(self.txfee_contribution_factor))))
randomize_minsize = int(random.uniform(
self.minsize * (1 - float(self.size_factor)),
self.minsize * (1 + float(self.size_factor))))
if randomize_minsize < jm_single().DUST_THRESHOLD:
jlog.warn("Minsize was randomized to below dust; resetting to dust "
"threshold: " + amount_to_str(jm_single().DUST_THRESHOLD))
randomize_minsize = jm_single().DUST_THRESHOLD
possible_maxsize = mix_balance[max_mix] - max(jm_single().DUST_THRESHOLD, randomize_txfee)
randomize_maxsize = int(random.uniform(possible_maxsize * (1 - float(self.size_factor)),
possible_maxsize))
if self.ordertype in ['swabsoffer', 'sw0absoffer']:
randomize_cjfee = int(random.uniform(float(self.cjfee_a) * (1 - float(self.cjfee_factor)),
float(self.cjfee_a) * (1 + float(self.cjfee_factor))))
randomize_cjfee = randomize_cjfee + randomize_txfee
else:
randomize_cjfee = random.uniform(float(f) * (1 - float(self.cjfee_factor)),
float(f) * (1 + float(self.cjfee_factor)))
randomize_cjfee = "{0:.6f}".format(randomize_cjfee) # round to 6 decimals
order = {'oid': 0,
'ordertype': self.ordertype,
'minsize': randomize_minsize,
'maxsize': randomize_maxsize,
'txfee': randomize_txfee,
'cjfee': str(randomize_cjfee)}
# sanity check
assert order['minsize'] >= jm_single().DUST_THRESHOLD
assert order['minsize'] <= order['maxsize']
if order['ordertype'] in ['swreloffer', 'sw0reloffer']:
for i in range(20):
if order['txfee'] < (float(order['cjfee']) * order['minsize']):
break
order['txfee'] = int(order['txfee'] / 2)
jlog.info('Warning: too high txfee to be profitable, halving it to: ' + str(order['txfee']))
else:
jlog.error("Tx fee reduction algorithm failed. Quitting.")
sys.exit(EXIT_ARGERROR)
return [order]
def receive_utxos(self, ioauth_data):
"""Triggered when the daemon returns utxo data from
makers who responded; this is the completion of phase 1
of the protocol
"""
if self.aborted:
return (False, "User aborted")
self.maker_utxo_data = {}
verified_data = self._verify_ioauth_data(ioauth_data)
for maker_inputs in verified_data:
# We have succesfully processed the data from this nick
self.utxos[maker_inputs.nick] = maker_inputs.utxo_list
self.outputs.append({'address': maker_inputs.change_addr,
'value': maker_inputs.change_amount})
self.outputs.append({'address': maker_inputs.cj_addr,
'value': self.cjamount})
self.cjfee_total += maker_inputs.real_cjfee
self.maker_txfee_contributions +=\
self.orderbook[maker_inputs.nick]['txfee']
self.maker_utxo_data[maker_inputs.nick] = maker_inputs.utxo_data
jlog.info(
f"fee breakdown for {maker_inputs.nick} "
f"totalin={maker_inputs.total_input:d} "
f"cjamount={self.cjamount:d} "
f"txfee={self.orderbook[maker_inputs.nick]['txfee']:d} "
f"realcjfee={maker_inputs.real_cjfee:d}")
try:
self.nonrespondants.remove(maker_inputs.nick)
except Exception as e:
jlog.warn(
"Failure to remove counterparty from nonrespondants list:"
f" {maker_inputs.nick}), error message: {repr(e)})")
#Apply business logic of how many counterparties are enough; note that
#this must occur after the above ioauth data processing, since we only now
#know for sure that the data meets all business-logic requirements.
if len(self.maker_utxo_data) < jm_single().config.getint(
"POLICY", "minimum_makers"):
self.taker_info_callback("INFO", "Not enough counterparties, aborting.")
return (False,
"Not enough counterparties responded to fill, giving up")
self.taker_info_callback("INFO", "Got all parts, enough to build a tx")
#The list self.nonrespondants is now reset and
#used to track return of signatures for phase 2
self.nonrespondants = list(self.maker_utxo_data.keys())
my_total_in = sum([va['value'] for u, va in self.input_utxos.items()])
if self.my_change_addr:
#Estimate fee per choice of next/3/6 blocks targetting.
estimated_fee = estimate_tx_fee(
len(sum(self.utxos.values(), [])), len(self.outputs) + 2,
txtype=self.wallet_service.get_txtype())
jlog.info("Based on initial guess: " +
btc.amount_to_str(self.total_txfee) +
", we estimated a miner fee of: " +
btc.amount_to_str(estimated_fee))
#reset total
self.total_txfee = estimated_fee
my_txfee = max(self.total_txfee - self.maker_txfee_contributions, 0)
my_change_value = (
my_total_in - self.cjamount - self.cjfee_total - my_txfee)
#Since we could not predict the maker's inputs, we may end up needing
#too much such that the change value is negative or small. Note that
#we have tried to avoid this based on over-estimating the needed amount
#in SendPayment.create_tx(), but it is still a possibility if one maker
#uses a *lot* of inputs.
if self.my_change_addr:
if my_change_value < -1:
raise ValueError("Calculated transaction fee of: " +
btc.amount_to_str(self.total_txfee) +
" is too large for our inputs; Please try again.")
if my_change_value <= jm_single().BITCOIN_DUST_THRESHOLD:
jlog.info("Dynamically calculated change lower than dust: " +
btc.amount_to_str(my_change_value) + "; dropping.")
self.my_change_addr = None
my_change_value = 0
jlog.info(
'fee breakdown for me totalin=%d my_txfee=%d makers_txfee=%d cjfee_total=%d => changevalue=%d'
% (my_total_in, my_txfee, self.maker_txfee_contributions,
self.cjfee_total, my_change_value))
if self.my_change_addr is None:
if my_change_value != 0 and abs(my_change_value) != 1:
# seems you wont always get exactly zero because of integer
# rounding so 1 satoshi extra or fewer being spent as miner
# fees is acceptable
jlog.info(
('WARNING CHANGE NOT BEING USED\nCHANGEVALUE = {}').format(
btc.amount_to_str(my_change_value)))
# we need to check whether the *achieved* txfee-rate is outside
# the range allowed by the user in config; if not, abort the tx.
# this is done with using the same estimate fee function and comparing
# the totals; this ratio will correspond to the ratio of the feerates.
num_ins = len([u for u in sum(self.utxos.values(), [])])
num_outs = len(self.outputs) + 1
new_total_fee = estimate_tx_fee(num_ins, num_outs,
txtype=self.wallet_service.get_txtype())
feeratio = new_total_fee/self.total_txfee
jlog.debug("Ratio of actual to estimated sweep fee: {}".format(
feeratio))
sweep_delta = float(jm_single().config.get("POLICY",
"max_sweep_fee_change"))
if feeratio < 1 - sweep_delta or feeratio > 1 + sweep_delta:
jlog.warn("Transaction fee for sweep: {} too far from expected:"
" {}; check the setting 'max_sweep_fee_change'"
" in joinmarket.cfg. Aborting this attempt.".format(
new_total_fee, self.total_txfee))
return (False, "Unacceptable feerate for sweep, giving up.")
else:
self.outputs.append({'address': self.my_change_addr,
'value': my_change_value})
self.utxo_tx = [u for u in sum(self.utxos.values(), [])]
self.outputs.append({'address': self.coinjoin_address(),
'value': self.cjamount})
# pre-Nov-2020/v0.8.0: transactions used ver 1 and nlocktime 0
# so only the new "pit" (using native segwit) will use the updated
# version 2 and nlocktime ~ current block as per normal payments.
# TODO makers do not check this; while there is no security risk,
# it might be better for them to sanity check.
if self.wallet_service.get_txtype() == "p2wpkh":
n_version = 2
locktime = compute_tx_locktime()
else:
n_version = 1
locktime = 0
self.latest_tx = btc.make_shuffled_tx(self.utxo_tx, self.outputs,
version=n_version, locktime=locktime)
jlog.info('obtained tx\n' + btc.human_readable_transaction(
self.latest_tx))
self.taker_info_callback("INFO", "Built tx, sending to counterparties.")
return (True, list(self.maker_utxo_data.keys()),
bintohex(self.latest_tx.serialize()))
def direct_send(wallet_service,
amount,
mixdepth,
destaddr,
answeryes=False,
accept_callback=None,
info_callback=None):
"""Send coins directly from one mixdepth to one destination address;
does not need IRC. Sweep as for normal sendpayment (set amount=0).
If answeryes is True, callback/command line query is not performed.
If accept_callback is None, command line input for acceptance is assumed,
else this callback is called:
accept_callback:
====
args:
deserialized tx, destination address, amount in satoshis, fee in satoshis
returns:
True if accepted, False if not
====
The info_callback takes one parameter, the information message (when tx is
pushed), and returns nothing.
This function returns:
The txid if transaction is pushed, False otherwise
"""
#Sanity checks
assert validate_address(destaddr)[0]
assert isinstance(mixdepth, numbers.Integral)
assert mixdepth >= 0
assert isinstance(amount, numbers.Integral)
assert amount >= 0
assert isinstance(wallet_service.wallet, BaseWallet)
from pprint import pformat
txtype = wallet_service.get_txtype()
if amount == 0:
utxos = wallet_service.get_utxos_by_mixdepth()[mixdepth]
if utxos == {}:
log.error("There are no utxos in mixdepth: " + str(mixdepth) +
", quitting.")
return
total_inputs_val = sum([va['value'] for u, va in iteritems(utxos)])
fee_est = estimate_tx_fee(len(utxos), 1, txtype=txtype)
outs = [{"address": destaddr, "value": total_inputs_val - fee_est}]
else:
#8 inputs to be conservative
initial_fee_est = estimate_tx_fee(8, 2, txtype=txtype)
utxos = wallet_service.select_utxos(mixdepth, amount + initial_fee_est)
if len(utxos) < 8:
fee_est = estimate_tx_fee(len(utxos), 2, txtype=txtype)
else:
fee_est = initial_fee_est
total_inputs_val = sum([va['value'] for u, va in iteritems(utxos)])
changeval = total_inputs_val - fee_est - amount
outs = [{"value": amount, "address": destaddr}]
change_addr = wallet_service.get_internal_addr(mixdepth)
outs.append({"value": changeval, "address": change_addr})
#Now ready to construct transaction
log.info("Using a fee of : " + amount_to_str(fee_est) + ".")
if amount != 0:
log.info("Using a change value of: " + amount_to_str(changeval) + ".")
txsigned = sign_tx(
wallet_service,
make_shuffled_tx(list(utxos.keys()), outs, False, 2,
compute_tx_locktime()), utxos)
log.info("Got signed transaction:\n")
log.info(pformat(txsigned))
tx = serialize(txsigned)
log.info("In serialized form (for copy-paste):")
log.info(tx)
actual_amount = amount if amount != 0 else total_inputs_val - fee_est
log.info("Sends: " + amount_to_str(actual_amount) + " to address: " +
destaddr)
if not answeryes:
if not accept_callback:
if input(
'Would you like to push to the network? (y/n):')[0] != 'y':
log.info(
"You chose not to broadcast the transaction, quitting.")
return False
else:
accepted = accept_callback(pformat(txsigned), destaddr,
actual_amount, fee_est)
if not accepted:
return False
jm_single().bc_interface.pushtx(tx)
txid = txhash(tx)
successmsg = "Transaction sent: " + txid
cb = log.info if not info_callback else info_callback
cb(successmsg)
return txid
