New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make Wallet require a change descriptor #1390
base: master
Are you sure you want to change the base?
Make Wallet require a change descriptor #1390
Conversation
Do we want to keep the change descriptor optional for |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some comments
edd290d
to
238c292
Compare
If two descriptors are the same except that each has a different extended public key that is replaced by the corresponding extended private key, do these qualify as distinct? Also, to clarify, the receive descriptors for any two wallets must also be distinct with this change, too, correct? |
238c292
to
6c6aae8
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm concerned with the way we are checking whether the 2 keychains are "distinct". I have a few questions.
- How can we guarantee that
into_wallet_descriptor
returns the same public-descriptor string for all non-distinct descriptors? - How can we ensure that a non-wildcard descriptor and a wildcard descriptor has no overlaps (the non-wildcard descriptor's spk can be derived from the wildcard descriptor).
For 2. also refer to my comment here: #1383 (comment)
6c6aae8
to
04c8750
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ACK 04c8750
I'm going to be away so not going to get another chance to look at this. It LGTM. Feel free to keep shedding. Thanks for taking on this rather tedious PR.
e3ba751
to
cba43de
Compare
Small changes
|
To point 1) I don't think you're objecting to checking equality for two values of Note that the public descriptor will be common whether the wallet is given a public or private descriptor. So for example this should pass: #[test]
fn same_descriptor_public_private() {
// public + private of same descriptor should fail to create wallet
let desc = "wpkh(tprv8ZgxMBicQKsPdcAqYBpzAFwU5yxBUo88ggoBqu1qPcHUfSbKK1sKMLmC7EAk438btHQrSdu3jGGQa6PA71nvH5nkDexhLteJqkM4dQmWF9g/84'/1'/0'/0/*)";
let change = "wpkh([3c31d632/84'/1'/0']tpubDCYwFkks2cg78N7eoYbBatsFEGje8vW8arSKW4rLwD1AU1s9KJMDRHE32JkvYERuiFjArrsH7qpWSpJATed5ShZbG9KsskA5Rmi6NSYgYN2/0/*)";
let err = Wallet::new_no_persist(desc, change, Network::Testnet);
assert!(matches!(
err,
Err(DescriptorError::ExternalAndInternalAreTheSame),
));
} |
cba43de
to
cd9afd5
Compare
cd9afd5
to
77d2bc9
Compare
Rebased on 358e842 |
77d2bc9
to
cddefbb
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ACK cddefbb
All `Wallet` constructors are modified to require a change descriptor, where previously it was optional. Additionally we enforce uniqueness of the change descriptor to avoid ambiguity when deriving scripts and ensure the wallet will always have two distinct keystores. Notable changes * Add error DescriptorError::ExternalAndInternalAreTheSame * Remove error CreateTxError::ChangePolicyDescriptor * No longer rely on `map_keychain`
and clean up `Wallet::new_or_load`
Since we will have persisted descriptors for both keychains. This also means we're guaranteed to have gotten a descriptor in the case `LoadedDescriptorDoesNotMatch`.
cddefbb
to
aec4dda
Compare
Rebased on 7607b49 and added two commits, but this may need more discussion and testing to decide if it's a reasonable solution |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Totally agree with the infallible.
ACK aec4dda
Note that you might want to update the original PR message details.
All
Wallet
constructors are modified to require a change descriptor, where previously it was optional. Additionally we enforce uniqueness of the change descriptor to avoid ambiguity when deriving scripts and ensure the wallet will always have two distinct keychains.Notable changes
DescriptorError::ExternalAndInternalAreTheSame
CreateTxError::ChangePolicyDescriptor
map_keychain
fixes #1383
Notes to the reviewers
Changelog notice
Changed:
Constructing a Wallet now requires two distinct descriptors.
Checklists
All Submissions:
cargo fmt
andcargo clippy
before committing