From 2db8e978ab533628aa62483e44a8100dea70ca0e Mon Sep 17 00:00:00 2001 From: Jason Rhinelander Date: Wed, 24 May 2023 16:31:50 -0300 Subject: [PATCH] Off-by-one wallet decoy selection bug fix (stable branch) This corrects an off-by-one error in decoy selection that would never select immediately-spendable outputs, and so immediately spending an output would reveal the true output in question. From Monero, PR 8794. The infinite loop quoted here is *also* something that I encountered, though only in regression testing (which uses a fake, sparse chain). --- src/wallet/wallet2.cpp | 6 +++--- src/wallet/wallet2.h | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/src/wallet/wallet2.cpp b/src/wallet/wallet2.cpp index d90c1f36b14..abdc696ece6 100644 --- a/src/wallet/wallet2.cpp +++ b/src/wallet/wallet2.cpp @@ -910,7 +910,7 @@ gamma_picker::gamma_picker(const std::vector &rct_offsets, double shap const size_t blocks_to_consider = std::min(rct_offsets.size(), blocks_in_a_year); const double outputs_to_consider = rct_offsets.back() - (blocks_to_consider < rct_offsets.size() ? rct_offsets[rct_offsets.size() - blocks_to_consider - 1] : 0); begin = rct_offsets.data(); - end = rct_offsets.data() + rct_offsets.size() - DEFAULT_TX_SPENDABLE_AGE; + end = rct_offsets.data() + rct_offsets.size() - (std::max(1, CRYPTONOTE_DEFAULT_TX_SPENDABLE_AGE) - 1); num_rct_outputs = *(end - 1); THROW_WALLET_EXCEPTION_IF(num_rct_outputs == 0, error::wallet_internal_error, "No rct outputs"); average_output_time = tools::to_seconds(TARGET_BLOCK_TIME) * blocks_to_consider / outputs_to_consider; // this assumes constant target over the whole rct range @@ -9314,7 +9314,7 @@ void wallet2::get_outs(std::vector> else { // the base offset of the first rct output in the first unlocked block (or the one to be if there's none) - num_outs = rct_offsets[rct_offsets.size() - DEFAULT_TX_SPENDABLE_AGE]; + num_outs = gamma->get_num_rct_outs(); LOG_PRINT_L1("" << num_outs << " unlocked rct outputs"); THROW_WALLET_EXCEPTION_IF(num_outs == 0, error::wallet_internal_error, "histogram reports no unlocked rct outputs, not even ours"); @@ -9612,7 +9612,7 @@ void wallet2::get_outs(std::vector> } bool use_histogram = amount != 0 || !has_rct_distribution; if (!use_histogram) - num_outs = rct_offsets[rct_offsets.size() - DEFAULT_TX_SPENDABLE_AGE]; + num_outs = gamma->get_num_rct_outs(); // make sure the real outputs we asked for are really included, along // with the correct key and mask: this guards against an active attack diff --git a/src/wallet/wallet2.h b/src/wallet/wallet2.h index 8041e642565..2afe989903b 100644 --- a/src/wallet/wallet2.h +++ b/src/wallet/wallet2.h @@ -112,6 +112,7 @@ namespace tools uint64_t pick(); gamma_picker(const std::vector &rct_offsets); gamma_picker(const std::vector &rct_offsets, double shape, double scale); + uint64_t get_num_rct_outs() const { return num_rct_outputs; } private: struct gamma_engine