Fidelity bond wallets are intended to be used when at a later date
using fidelity bonds to greatly increase joinmarket's resistance to
sybil attacks. This commit adds support for timelocked addresses.
It allows users to optionally create wallet which support such
addresses. The synchronization code is modified to also scan for
timelocked addresses. The keypairs of the timelocked addresses go in
the newly created 2nd address type, where before the zeroth index were
receive addresses and first index was change.
The locktime dates are fixed at the first of each month for the next 30
years. This means users dont need to remember any dates, and so just
their seed phrase and wallet type will still be enough to recover all
funds. Each keypair used for timelocking requires an additional 360
addresses to be scanned for, which isn't a problem for Bitcoin Core.
Fidelity bonds are only stored in the zeroth mixdepth, as they are not
used in repeated coinjoins so theres no point having them in multiple
mixdepths.
Timelocked addresses don't use the get_new_script() family of functions
because they all assume that one index equals one address, and that
therefore it's possible to ask for a "next" address. For timelocked
addresses knowing the index is not enough to know the address, the
timestamp must be known too. Also once one address made of
(index, timestamp) is used you mustn't use that index and pubkey again,
even though all the other timelocks for that index/pubkey are unused.
This is for privacy reasons, as its equivalent to address reuse.
Makes BitcoinSatValidator a derived class with a specific
range. Makes all port fields respond correctly to correct
or incorrect entries of port numbers. Changes badly named
'qt' variable to 'sf' in getSettingsFields.
Prior to this fix, the settings which were integers
were all restricted to numbers <= 65535, but this is
not acceptable for the tx_fees setting which can be
sats per kilobyte. Note that several other integer inputs
are left without any specific validation; this change
is considered important because there will be use cases
where a large sat/kB is needed.
Prior to this commit, the function `exit()` was unavailable
due to the removal of the builtins import in 4bf1f50.
This led to NameError exceptions instead of the intended error
messages in Qt startup with wrong configuration (I did not
investigate if it could also happen on command line).
Fix was to make all exit() calls sys.exit().
To facilitate easier management by users and to
follow generally accepted standards, this PR moves
the following all to user home directory, subdir
.joinmarket :
joinmarket.cfg file
wallets/ directory
logs/ directory
cmtdata/ directory
commitmentlist file
User can override location with --datadir option.
An info message is added on startup showing location.
In refactor for #359 it was noted that the wallet
monitoring loop in Qt updated the status bar every
5 seconds, overwriting any existing status updates.
This fixes that UI bug so that the wallet synced
successfully (or unsucessfully) message is only shown
at start up or if there is a change of status (i.e.
the wallet monitoring loop stops working).
Closes#274. Utxos are disabled if they are sent
to a reused address, and are below a threshold
set by the value `max_sats_freeze_reuse` in the
`POLICY` section of the config file. If the value
is -1, such utxos are always frozen irrespective of
the value.
Users are prompted with a warning level logging message
on CLI and a popup on Joinmarket-Qt. Such disabled utxos
can of course be re-enabled by the existing methods.
Also adds test case for address reuse freezing function.
Fixes#438
Prior to this commit, if Load Wallet were selected
from the menu and a wallet loaded did not have imports,
the restart prompt message appeared only on the console
and the application quit via sys.exit().
After this commit, the Qt restart callback is always used,
as intended. The case of recovery sync for old, heavily
used wallets is not covered.
Prior to this commit, the user was prompted to check for
the acceptability of fees in Qt via a dialog, but settings
used in CLI (max_cj_fee_***) were not also being used the
same way in Qt.
After this commit, if the user has not added those settings,
a dialog is presented with new randomised defaults (as for
CLI), and otherwise any settings in the config file are read
and used.
The schedule format gets an extra field added denoting the number of
significant figures to round the coinjoin amounts to, with 16 meaning
no rounding.
This is part of the 2/2019 Plan to improve the privacy of JoinMarket's
tumbler script:
https://gist.github.com/chris-belcher/7e92810f07328fdfdef2ce444aad0968
The tumbler schedule is split into two stages. Stage 2 is the same
as before while stage 1 attempts to fully spend each mixdepth in a
sweep coinjoin with no change address.
The wait time between these stage 1 coinjoins is longer than for
stage 2 coinjoins, the increase is determined by a new parameter
called `stage1_timelambda_increase`.
This is part of the 2/2019 Plan to improve the privacy of JoinMarket's
tumbler script:
https://gist.github.com/chris-belcher/7e92810f07328fdfdef2ce444aad0968
Since ConfigParser does not sufficiently support comments
in config objects, in order to support dynamic update of
the config from within a run, this PR edits the config
file at the same time as updating the config object, so
as to prevent the earlier problem that all comments in the
config file were lost whenever Qt updated the file with
the new config object.
Introduces WalletService object which is in control of
blockchain and wallet access.
The service manages a single transaction monitoring loop,
instead of multiple, and allows updates to the wallet from
external sources to be handled in real time, so that both Qt
and other apps (yg) can respond to deposits or withdrawals
automatically.
The refactoring also controls access to both wallet and
blockchain so that client apps (Taker, Maker) will not need
to be changed for future new versions e.g. client-side filtering.
Also updates and improves Wallet Tab behaviour in Qt (memory
of expansion state).
Additionally, blockchain sync is now --fast by default, with
the former default of detailed sync being renamed --recoversync.
Kristaps Kaupe
chris-belcher
Adam Gibson
James Hilliard
AlexCato