- Fixed bug when
walletdwill not sync after being unable to contactbytecoindfor a long time. - Fixed rare bug when exported view wallet contained wrong view secrets signature.
- Fixed bug when instead of error message, empty send proof was generated for address not used in particular transaction. Such proofs are invalid so this did not lead to any security issues.
- Fixed bug when
walletdsometimes included no block information for unlocked outputs inget_transfersJSON RPC call. This affected only clients who inspected per-blockunlocked_transfers, but notunlocked_transfersarray returned for the request as a whole. - Fixed problem when during
sync_blocksexcess block was returned at the start of the response. This could lead to endless sync loop if this block size was larger thatmax_sizelimit set by caller, because only that block would be returned again and again. - Removed addresses from wallet cache for amethyst wallets
walletdcan now export view-only wallet without ability to view outgoing addresses from a view-wallet with such capability.tx_pool_versionis no more reset to0on block change, but steadily increases on each pool modification. Ir prevents some very rare race conditions between APi users and daemons.
Security-related changes
- Lots of code reorganisation to remove false positives from clang static analyser.
- Several potential undefined behaviours fixed, related to forgetting to initialise values of primitive types in templates.
- Potential floating-point undefined behaviour fixed.
- Several additional checks added to P2P commands parsing.
- Potential crash in groestl hash implementation fixed.
- Connections using legacy P2P version (and legacy commands) prohibited, effectively enabling much stricter consensus rules for P2P (such as hard limits on size of all commands), hardening against potential attacks.
- Security options (non-executable stack, position-independent-binary, non-writable relocation table) for binaries enabled by default on Linux.
- Tiny memory leak fixed.
Incompatible API changes
get_transfersandget_transactionwalletdmethods do not return outputs in transfers by default (they are large and very rarely needed). If you need outputs, you should setneed_outputsparameter to true.outputsfield is now optional in transfer in all contexts.public_keyfield is now optional in transaction in all contexts (motivation - amethyst transactions contain no public key)extrafield is now optional in transaction in all contexts (motivation - after removing public key from extra, it is empty for most transactions)
API tweaks
- All numbers in JSON RPC requests can be sent as strings, "123" instead of 123. This helps integration with JavaScript.
- All JSON RPC requests get optional boolean "numbers_as_strings" parameter (default false). If set to true, all numbers will be returned as strings. This helps integration with JavaScript.
- Tiny fixes in mining-related code. All miners are advised to update.
API tweaks
- In
get_transfersresponse, when filtering by address, filtering does not remove transfers from transactions, only returns less transactions - In
check_sendprooferror response, hash of referenced transaction is returned if proof is successfully parsed - In
check_sendprooferrorsADDRESS_NOT_IN_TRANSACTION (-204)andADDRESS_FAILED_TO_PARSE (-4)removed,PROOF_WRONG_SIGNATURE (-203)will be reported instead. walletdmethods which do request tobytecoind-create_transaction,send_transaction,create_sendproofwill now return special errorBYTECOIND_REQUEST_ERROR (-1003)instead ofINTERNAL_ERROR (-32603)when json RPC call tobytecoindfails.
API deprecations (will be removed in future)
- In
get_transfersresponse,unlocked_transfersfor range of blocks deprecated, unlocked transfers are returned in corresponding blocks. - In
create_sendproofrequest/response,addresses/sendproofsfields are deprecated, useaddress/sendproofinstead. If usingaddressfield and proof canno be created, json RPC errorADDRESS_NOT_IN_TRANSACTION (-204)will be returned, instead of empty proof, as it was before.
walletdcan now sync most of the blockchain from static files (tremendously increasing efficiency for public nodes), reverting to RPC only for the (small) part of blockchain after last hard checkpoint.- Fixed bug when during wallet sync some transactions from memory pool were requested and processed more than once
- In
get_transferswalletd's method error is returned iffrom_heightis larger thanto_heightor top block height. WALLET_FILE_EXISTS (209)is correctly returned whenwalletdis instructed to overwrite an existing wallet.- Fixed a bug when wrong error message was displayed when passing some invalid addresses to
walletd'screate_transactionRPC method. - LMDB virtual memory usage by
bytecoindandwalletdreduced from fixed 512Gb to approx. actual blockchain database/wallet cache size. walletdwill not undo sync progress, if connected node is behind wallet state and behind latest hard checkpoint. It will wait for a node to advance to a checkpoint.- Wallet cache now takes much less space, especially for wallets with small number of transactions.
- For all TCP sockets
keep_aliveoption is now set after they are created (with default timeouts for each system, common value is 2 hours), solving very rare bug when there would be no reply to long poll ever for external services (like block explorers) calling from remote machines. - All paths now subject to substitution of
~(Mac & Linux) and%appdata%(Windows). Also, on Linux and Max backslash is no more considered path separator.
API tweaks
- JSON numbers are interpreted according to spec throughout API, for example 10.01E2 is now good value for height (1001). This helps integration with some weird languages.
- Better error messages throughout API when required parameters are not specified.
- More strict JSON RPC - excess fields on top level are no more allowed in requests.
bytecoind's binary version ofsync_blocksnow uses separate zero overhead response to save traffic during sync.
Incompatible API changes
bytecoind'sgetblocktemplate,submitblockand JSON versions ofsync_blocksandsync_mempoolnow require private authorization. This helps with preventing excess load on public nodes.- deprecated field
outs_countinbytecoind.get_random_outputsremoved.
- Fixed merge mining related bug affecting blocks version 4 (amethyst). All miners not upgraded to 3.4.2 at the moment of consensus update will produce broken blocks.
- Fixed crash when disconnecting Ledger while scanning blockchain.
- Fixed behavior of the
get_transferswalletd's method when transactions from a memory pool are wrongly returned for somefrom_heightandto_heightvalues.
Incompatible API changes
- In response to the
get_wallet_infowalletd's method, boolean fieldamethystchanged to stringwallet_type
- Fixed a stagenet voting bug.
- Fixed problem when
bytecoindstops responding via JSON RPC API. - Tweaked random output distribution for mixins.
- The
walletddaemon now better utilizes CPU during sync (cores use 100%, if available). - During mining, the
bytecoinddaemon now prefers blocks received viasubmit_blockAPI to other blocks, if difficulty are equal. This will slightly increase mining profitability for lucky miners. - Added back
create_transactionoptimization for large wallets which was accidentally removed in version 3.4.1. - Fixed bug when transaction size is
0in allwalletdAPI calls. - Fixed bug when transaction timestamp is
0inget_transactionofbytecoindAPI call for transaction, if it has been already included in the blockchain. - Transaction fields
prefix_hashandinputs_hashare now correctly set in variousbytecoindAPI calls, ifneed_redundant_datais set. - Improved command line processing in
walletd, especially if wrong combination of options specified. - Trezor and Ledger early support in
walletd.
Incompatible API changes
- Deprecated
binary_sizefield removed from transaction in all contexts. Please use thesizefield.
- New cryptography reviewed, some important tweaks added - thanks for all feedback to those who contributed.
- Derivation paths of wallet secrets modified. Now dishonest modification of any secret in view-only wallet is immediately clear to auditor.
- Output seed generation simplified.
- Proof of sH ~ H contained in view-only wallet is simplified.
API additions
- Added
has_view_secret_keyfield in theget_wallet_infomethod ofwalletd.
- Added an early support for hardware wallets.
- Fully working Trezor Model T prototype.
- Partial support for Ledger Nano.
Current Limitations
- If you disconnect a hardware wallet while
walletdis running, it will immediately crash. - Works in the stagenet only.
- Sendproofs are now in base58 format, which eases copying and sharing.
- New addresses now start from
bcnZprefix.
Command line changes/additions
- New walletd command-line parameter
--wallet-typeto create legacy wallets (--create-walletby default creates new HD wallet).
API removal
- Removed
amethyst_onlyflag in theget_random_outputsbytecoind method.
Strong support for audit-compatible wallets
- All new unlinkable addresses are now auditable, so separate auditable address type removed from system.
- View-only HD wallet is now guaranteed to have the same balance as original wallet. So owner of HD wallet cannot spend any funds in a way that view-only version of the same wallet does not see the fact.
- If view-only HD wallet was exported with --view-outgoing-addresses, it can also see all destination addresses in transactions that spend funds. If spender is sending to some address, he cannot make auditor see different destination address for this transaction. If spender is using sophisticated "out-of-blockchain shared secret" fraud, auditor will see random address, and spender will not be able to provide valid sendproof for this transaction.
Consensus update (hard fork)
- New crypto for legacy addresses (unlinkable-inspired), which prevents "burning bug" attacks on crypto level. This is important because such attacks cannot be reliably fixed on operational level.
API additions
amethyst_onlyflag inget_random_outputsbytecoind method.
Incompatible API changes (likely to affect only developers of block explorers)
- In all raw block objects
output_indexesrenamed tostack_indexes.
- Signatures are now fully prunable (but not yet pruned) via modification to transaction hash calculations.
- A view-only wallet now shows address balance even for non-auditable unlinkable addresses, but only if sender follows the protocol. If in doubt about sender's fair play, auditable addresses should be used instead.
- A view-only wallet can now be exported with or without ability to view transaction destination addresses.
bytecoindwill not automatically look forblocks.binanywhere. If you need to import blocks from file, use--import-blocks=<folder>command line parameter.bytecoindcommand line parameters--ssl-certificate-pem-file,--ssl-certificate-passwordremoved, use ngnx in https proxy mode!
Consensus update (hard fork)
- The release starts immediate voting in the stagenet. Voting in the mainnet will start when v3.4.0 is released.
- Introduce new unlinkable addresses, stored in new HD wallet. Single mnemonic is enough to restore all wallet addresses.
- Destination addresses can now be derived from blockchain with wallet secrets, so saving history is now unnecessary.
- Greatly simplified maximum block size calculations. Miners will now explicitly vote for maximum block size (up to hard limit of 2 MB), depending on how many expensive transactions are in memory pool. Reward penalties are removed and most other unnecessary checks on block/transactions sizes are also removed from consensus.
- New HD wallet is encrypted with chacha20 with salt (major improvement to previous wallet format)
- New auditable addresses, guaranteed to always have balance exactly equal to what view-only version of the same wallet shows (useful for public deposits).
- Signatures are now half size.
- The requirement that coinbase transactions are locked for 10 blocks is removed from consensus.
- Creating 6-digit dust (or other not round output amounts) are now prohibited by consensus rules.
- Minimum anonymity is now 3 (4 output references per input). This does not apply to dust or not round outputs.
bytecoindnow calculates output obfuscation value, and does not use less-than-ideal outputs for mix-in
Command line changes/additions
- New walletd command-line parameter to set creation time when importing keys or mnemonic (which have no inherent timestamp)
- New walletd command-line parameter to generate mnemonics
- New walletd command-line parameter to create unlinkable wallet from mnemonics
- New walletd command-line parameter to enable getting secrets bia JSON RPC API
Specific API improvements
- By default, getting secrets via JSON RPC API is disabled.
- New walletd method 'get_wallet_records' with optional 'create' parameter can be used to get (creating if needed) wallet records from linkable wallet
- New walletd method
set_address_labelto set labels for addresses (labels are returned byget_wallet_records) - New error code
TOO_MUCH_ANONYMITY(-305) can be returned fromcreate_transaction.
API deprecations (will be removed in version 3.5.0)
walletdmethodget_addressesis marked as deprecated, useget_wallet_recordsinstead.walletdmethodget_view_key_pairis marked as deprecated, useget_wallet_infowithneed_secretsset to true instead.walletdmethod 'create_transaction' has 'save_history' and 'save_history_error' deprecated, because history is now always implicitly saved to blockchain.next_block_effective_median_sizerenamed torecommended_max_transaction_sizewithnext_block_effective_median_sizedeprecated.
Incompatible API changes
parent_blockis renamed toroot_blockin all contexts without deprecation, due to widespread confusion.
Improvements to P2P protocol to handle large network load
- Header relay instead of block body relay. In most cases receiver will reasemble block from memory pool. In rare case when this is not possible, the block body will be requested.
- Transaction description relay instead of transactions body relay. Only new transactions will be requested. Transaction descriptions contain most recent referenced block hash, so that receiver can easily distinguish between "wrong signatures due to malicious intent" and "wrong signatures due to chain reorganisations"
- Incremental memory pool sync with cut-off limit by fee/byte. Allows pools with huge assymetry in size to quickly get into stable state.
Other changes
- Memory pool size increased to 4 MB.
walletdwill automatically rebuild wallet cache after upgrade to this version. This can take long time for large wallets.
- Fixed bug when
walletdfails to create transactions for certain coins.
- Now all folders we get from user/system are normalized by removing excess slashes from the tail
- The
create_transactionmethod can now create transactions with fee < 0.01 BCN iff bothfee_per_byteand transaction size are small enough. - In the
create_transactionmethod, ifany_spend_addressis set to true, leavingchange_addressempty now sets it to first wallet address. - Added amounts to the message of the
TRANSACTION_TOO_BIGerror so that you see how much you can actually send (with desired or zero anonymity). - Added a new new flag
subtract_fee_from_amountto thecreate_transactionmethod to indicate subtracting fee from receivers. - Tweaked the distribution of mix-in outputs returned by the
get_random_outputsmethod to make it . - Fixed error in the
getblocktemplateandget_block_templatemethods which returned wrong reserved_offset.
Consensus update (hard fork)
- Voting starts immediately, once 90% of mined blocks contain votes for update, the update height will be automatically selected so that consensus update will happen approximately 2 weeks after that.
- Market fees - any transaction fee including
0is now legal for all transactions. Miners will increase block size only if it is profitable for them in a short run.
General improvements
- Better priority and exclusive nodes logic.
- Seed nodes are now contacted approximately once per day (greatly helps to catch up after
bytecoindis started for users who run it after delay of several weeks or more). - Binary methods now share single access point
/binary_rpc. - Code for consensus upgrade voting correctly counts votes on both main chain and each side chain.
- Limited on incoming connections (default is 100).
- Fixed ignored external port on peer handshake (made connects through exposed non-standard ports to nodes behind NAT impossible).
- Groestl hash function is updated from the official source.
- Keccak permutation function is updated from the official source.
bytecoindnever searches forblocks.binandblockindex.binoutside the data folder.- now when you specify
--p2p-bind-address, but not--p2p-external-port, p2p external port will be set to p2p bind port. When you wish NAT tunneling, good practice is to specify both.
Command line changes/additions
- Paranoid mode to check every byte of blockchain when downloading (usually checks only blocks beyond the last checkpoint).
- Warning: Now
walletdexits by default after--create-walletand--set-passwordoperations. This change can break your scripts. If you need the wallet running after those commands, you can add--launch-after-commandparameter - Now you can use
--set-passwordwith--export-view-onlyand--backup-wallet-data, to encrypt result wallet with a different password. - Fixed bug with
walletdnot returningapi::WALLETD_BIND_PORT_IN_USEerror code when the JSON API port is in use and using inprocbytecoind. - Fixed bug with
bytecoindnot returningapi::BYTECOIND_BIND_PORT_IN_USEerror code when the JSON API port is in use. walletdnow prints address after creation of wallet.walletdnow prints deprecation warning when using inprocbytecoind.walletdnow binds to port9070on testnet and10070on stagenet resp. by default.
General API improvements
- Optimisation of JSON RPC calls (2x speed up on very large responses).
- Made the
jsonrpcargument mandatory with value "2.0" in all JSON RPC calls according to the spec. - JSON RPC
idis required now according to spec. - JSON RPC error's additional data moved into
dataobject inside theerrorobject according to spec. - Now any field in requests that daemons do not understand will be reported as a error.
- Much better error handling, more specific error codes.
Specific API improvements
- New
get_block_headermethod for blockchain structure inspection (to replacegetblockheaderbyhash,getblockheaderbyheight, andgetlastblockheaderlegacy methods). - New
get_wallet_infomethod. - New
VIEW_ONLY_WALLET(-304) error code, returned fromcreate_transaction. - In methods supporting longpoll (
get_status andget_block_template) all longpoll arguments are now optional. So, for example, if you are interested inoutgoing_peer_countonly, you can specify onlyoutgoing_peer_countin request and get response whenoutgoing_peer_countchanges. Changes to other fields will not trigger response to longpoll. - New
ADDRESS_FAILED_TO_PARSE(-4) andADDRESS_NOT_IN_WALLET(-1002) error codes, returned from lots of methods - New fields in get_addresses request/response to iterate through list of addresses
- Now
top_block_timestamp_medianreturned correctly from get_status JSON RPC methods. - New
need_signaturesfields in APIs returning raw transactions. check_sendproofnow returns values from sendproof in response if proof is valid.- All methods return new correct values for
block_sizeandtransactions_cumulative_size. get_raw_blockandget_block_headernow returnorphan_statusanddepth(consistent withheight_or_depthfields where top block is-1).get_random_amountshas no more depth limit of 128 block (distribution would be skewed a bit for very large depths).get_statisticsresponse now includes much more information.submit_blocknow returnsblock_headerin result.- All
transferobjects now havetransaction_hashfield - especially useful when processingunlocked_transfersin result ofget_transfersmethod.
API deprecations (will be removed in version 3.4.0)
- In all
outputandtransactionobjectsunlock_timeis deprecated (renamed tounlock_block_or_timestamp). - In all
outputobjectsglobal_indexdeprecated (renamed toindex). - In
get_random_outputsrequestouts_countis deprecated (renamed tooutput_count). - In
get_transfersrequestdesired_transactions_countis deprecated (renamed todesired_transaction_count). - In all
transactionobjects 'binary_size' is deprecated (renamed tosize).
Incompatible API changes
get_raw_transactionmethod now returns json error-5if transaction not found.- Deprecated
prev_hashfield remains only in result of legacy methods (getblockheaderbyhash,getblockheaderbyheight, andgetlastblockheaderlegacy methods), use 'previous_block_hash' instead. - Deprecated
total_fee_amountfield remains only in result of legacy methods (getblockheaderbyhash,getblockheaderbyheight, andgetlastblockheader), usetransactions_feeinstead. - Deprecated
transactions_cumulative_sizefield remains only in result of legacy methods (getblockheaderbyhash,getblockheaderbyheight, andgetlastblockheader), usetransactions_sizeinstead.
Incompatible API changes (likely to affect only developers of block explorers)
- In all raw block objects
global_indicesrenamed tooutput_indexes. - In all raw transaction objects
vin,voutrenamed toinputs,outputsresp. - In all raw output objects
keyrenamed topublic_key. - In all raw output objects
targetobject removed and all its fields moved into raw output object. - In all raw coinbase input objects
block_indexrenamed toheight. - In all raw header objects (including
parent_block)miner_tx,base_transaction_branchrenamed tocoinbase_transaction,coinbase_transaction_branchresp. - In all raw input and raw output objects,
tag:ffrenamed totype:coinbaseandtag:02renamed totype:key.
Testnet/Stagenet related
- New command line parameter
--net=test|stage|mainconfigures daemons for testnet, stagenet, or mainnet resp. - For testnet time multiplier can now be set to speed up all processes 10x, 100x or even more.
- When participating in testnet or stagenet,
bytecoindnow uses UDP Multicast to announce/discover other bytecoind nodes in local network. Thus in most local networks testnet will self-assemble without seed nodes. In mainnet multicasts are disabled due to anonymity concerns. - Testnet/Stagenet now have fixed 1MB max block size limit.
- Added the testnet functionality.
- Fixed
WRONG_BLOCKCHAINproblem when walletd ends up in a state where it could not sync withbytecoind. - Put a stop to infinite attempts to download blockchain from nodes lagging behind.
- Fixed issues in SQLite logic in x86-32 daemons.
- Fixed a bug in the downloader, which hinders normal downloading blocks.
- Fixed an output bufferization issue in the
bytecoinddaemon. - Fixed a rare downloader's crash on Windows.
- Fixed a severe bug in the downloader.
- Warning: This version uses different format of
bytecoinddatabase andwalletdcaches, they will be upgraded to the new format on a first start of daemons. Prepare for downtime of up to 2 hours depending on your wallet size and computer performance. - API change: Renamed methods
create_send_proofandcheck_send_prooftocreate_sendproofandcheck_sendproofrespectively (along with input parametersend_proofthat becamesendproof). - Fixed minor bugs found in the beta release.
- Warning: This version uses different format of
bytecoinddatabase andwalletdcaches, they will be upgraded to the new format on a first start of daemons. Prepare for downtime of up to 2 hours depending on your wallet size and computer performance. - Reworked the wallet cache storage to use 3x less space and run 2x faster.
- Intoduced the 'payment queue' which stores and resends all sent transactions until they are successfully confirmed. This fixes issues with sent transactions lost due to chain reorganizations under high loads.
- Changed the logic of the
send_transactionmethod: It never returns an error, its result is alwaysbroadcastbecause all transactions are first stored in the payment queue and later sent for sure. - Improved the downloader to reduce sync times.
- Made the
paramsargument optional in all JSON RPC calls according to the spec. - Improved error handling in the
create_transactionandsend_transactionmethods (distinct error codes for common errors). - Fixed issue when requests to
walletdwith address is not in the wallet (it now fails with an appopriate error). - Changed the mechanism of the memory pool size adjustment to give miners more freedom in selecting transactions for including in blocks.
- The
walletdcommand line parameter--backup-walletis renamed to--backup-wallet-dataand now it makes a hot backup of the wallet cache, wallet history, and payment queue in bulk (backward compatibility is maintained). - Extended the number of bits of the cumulative difficulty parameter (it is now 128 bits).
- Made entering passwords in terminals/consoles invisible on all major platforms.
- Allowed entered passwords to contain Unicode characters on Windows (not recommended though).
- Changed the logic of the
create_addressesmethod when called with at least one existing spend key and without settingcreation_timestamp(or setting it to0).walletdwill perform rescan of the whole blockchain in this case. - Added a better error message when
walletdfails to be authenticated atbytecoind. - Started versioning binary API methods for better detection of changes.
- Added
--backup-blockchain--backup-walletcommand-line flags tobytecoindandwalletdresp. to hot-copy blockchain and wallet data (wallet file and wallet cache). - Fixed behavior of the
walletd's methods such asget_balance, which until now returned zero balance for addresses not belonging to the opened wallet file.
- Updated
READMEin the part of linking withboostlibraries to prevent using inappropriate versions. - API change: Renamed field
added_bc_transactionstoadded_raw_transactionsin response of thesync_mem_poolmethod. - API change: Renamed fields
bc_headertoraw_header,bc_transactionstoraw_transactionsin response of thesync_blocksmethod. - API addition: Added the
get_raw_transactionmethod to thebytecoindAPI to get a transaction by its hash. - API addition: Added the
prevent_conflict_with_transactionsfield to thecreate_transactionwalletd's method to be used by resilient payout queues. - Speeded up memory pool to handle large transaction load.
- Fixed rare bug in
bytecoindwhen less than possible transactions were included in block for mining during large transaction load. - Fixed rare bug in
bytecoindwhen cumulative difficulty of the block was calculated incorrectly, leading to increased orphan block percentage. (bytecoindwill now perform quickcheck on start once for all exisitng blockchain database, fixing all differences.) - Fixed rare bug in
bytecoindwhen it stopped accepting new P2P connections or stopped answering API calls under high transaction load.
- Made early fixes to downloader to prevent long lagging behind.
- Fixed consensus bug.
- API change: In
create_transaction,spend_addressparameter of typestringis changed tospend_addressesof type[]string. This change is likely to affect only Web wallets developers. - API change: In
sync_mem_pool,added_binary_transactionsof typestringis changed toadded_bc_transactionsof typebytecoin::TransactionPrefix. This change breaks compatilibilty between new and oldwalletdandbytecoind, so make sure they are both the same version.
- Added
walletdoption--export-keysto export keys in legacy format (for example, to print on paper and put in a vault). - Changed logic of how
walletdtruncates cache in old wallet files: On writable media, it now tries to do that right after opening. - Fixed wallet state undo logic, which rarely lead to sync crashes/stucks in version 3.0.0.
- Added test wallets for import/export testing.
- Added HTTPS support between walletd and bytecoind.
- Added generating and checking send proofs.
- Added SQLite database support as an alternative to LMDB.
- Added several legacy bytecoind RPC API methods for miners.
- Reworked creating transactions with 100,000+ unspent outputs to make it much faster.
- Fixed rare crashes of
bytecoindwhile downloading blockchain. - Fixed stuck dowloading from misbehaving nodes.
- Added early support of JSON-RPC API basic authentification that prevents CSRF attacks.
- Added (experimental) support of 32-bit platforms.
- Project is moved to the new public GitHub repository.
- Added
walletdoption--export-keysto export keys in legacy format (for example, to print on paper and put in a vault). - Changed logic of how
walletdtruncates cache in old wallet files: On writable media, it now tries to do that right after opening. - Fixed wallet state undo logic, which rarely lead to sync crashes/stucks in version 3.0.0.
- Added test wallets for import/export testing.