Payjoin sends #608
Payjoin sends #608
Conversation
There was a problem hiding this comment.
In my testing I got it to work twice!
https://mutinynet.com/tx/3c5436f1edf7d4c32a5ccf2448c1e963f52bb8a0fb6f8688d7e78a14e1cbe80b
https://mutinynet.com/tx/ca2bca759e84730e8bd995b98edbcce0df0bea26965c39d7293cdae2bae65206
After those 2 however, I continued getting a 400 bad request error
XHRPOST https://mutiny.payjoin.org:4433/?v=1&additionalfeeoutputindex=1&maxadditionalfeecontribution=59&minfeerate=1.008 [HTTP/1.1 400 Bad Request 1532ms] { "errorCode": "original-psbt-rejected", "message": "The receiver rejected the original PSBT." }
probably has to do with my hacky fixes to the types in the node where I made ConfirmationTarget::OnChainSweep? not 100% sure
I don't think this failed because of your hack, but because for whatever reason requests after your last success reused the same input 3c5436f1edf7d4c32a5ccf2448c1e963f52bb8a0fb6f8688d7e78a14e1cbe80b:0. That input was banned to prevent probing of the receiver's UTXOs. Does mutiny employ a mechanism to lock UTXOs from being added to subsequent PSBT constructions? If so, perhaps the input in question was unlocked after a wallet restart, then once it tried to spend again and failed it couldn't get past the ban. One way to mitigate this would be to add a switch that defaults to payjoin but allows you to spend in a naive way by switching off after pj failure. The receiver could also include a more detailed "message" to post to the debug log that says "input {txid:vout} seen before, original PSBT rejected to prevent a probing attack."
|
| sentDetails.txid = txid; | ||
| sentDetails.fee_estimate = feeEstimate() ?? 0; | ||
| } else if (payjoinEnabled()) { | ||
| const txid = await state.mutiny_wallet?.send_payjoin( |
There was a problem hiding this comment.
should we add a try-catch block to enable that fallback to normal send?
try {
const txid = await state.mutiny_wallet?.send_payjoin(
destination()!.original,
amountSats(),
tags
);
} catch {
const txid = await state.mutiny_wallet?.send_to_address(
address()!,
amountSats(),
tags
);
}
though this brings up the comment you made in the mutiny-node about where the waila should parse the receive string as some parsing would be needed between destination.original() and address()
There was a problem hiding this comment.
easy enough to just regex away the unimportant stuff, but still worth considering
There was a problem hiding this comment.
I'm not sure we should assume someone wants to spend as naive tx if they can avoid it. some automated payment processors will automatically spend the naive tx if payjoin fails but senders may want to try another utxo or choose something else like ln instead of immediately sending w/o a privacy preserving measure
|
Was it a user error? Did I send too rapidly? what do you think was the flow that caused the ban, if this is a mutiny-wallet bug wonder how we can get around it to make sure any user doesn't get banned as manual UTXO selection by the user is avoided |
|
reproduced the error attempt 5:got a frontend only error attempt 6:got the error i have seen before likely indicating I am banned, perhaps there is some relation to the error in attempt 5? attempt 7:same error as attempt 6 |
|
If a payjoin_psbt response failed to sign and a request was replayed, that utxo would be banned so this would be expected behavior. Do we have any more logs / detailed on why |
|
Couldn't recreate the |
|
Does this issue require a playwright e2e test to proceed? Have you any logs from those failed runs? |
benalleng
force-pushed
the
payjoin-sends
branch
4 times, most recently
from
0d13499 to
b4cc22f
Compare
benalleng
force-pushed
the
payjoin-sends
branch
5 times, most recently
from
e47c2c0 to
b9a089c
Compare
|
I believe this is now ready for review. @benalleng Do we know why OpenSSL failed on iOS here? I don't think it's related to this PR, as it adds no changes to OpenSSL crypto |
|
Yeah I brought it up to everybody on the matrix dev server, the consensus is that it is related to some secret that non-branch PR's / non-contributors don't have access to |
|
As for this PR I think it's ready to go, I know at the moment we are going to hold off on adding the optionality for the sender, i.e. the toggle to switch to naive send so we don't need to add that here |
|
I agree the toggle can come later. The same function can be had for now by pasting in the plain address instead of a &pj= containing uri. |
|
I'm getting "Failed to create payjoin request" running this locally. It doesn't look like the request to |
|
Oops, the public ip of that server was changed. I reset the DNS A record but it may take some hours to propagate. mutiny.payjoin.org should be 110.169.157.242 |
|
Hm still not working for me, same timeout for |
|
Thanks for your patience on this, my server was moved to one with a dynamic ip. It has been changed to a static one at 157.245.59.46 which mutiny.payjoin.org:4433 should point to. The https cert is not right yet, but I don't think mutiny-node's reqwest is configured without tls because default-features = false so it could still work.
|
|
https://mutiny.payjoin.org:4433 is running and secured by TLS now. Please excuse the wait 🙏 |
|
getting an error when trying to test now: Edit: full error looks like it might be happening in payjoin server |
No, haven't in months |
|
Weird. When I run testmempoolaccept on the tx you submitted I get non-final error. bitcoin-cli testmempoolaccept '["01000000000101ed05c0a2016487c310e082b6bfd4c0f4018c14de9b528d501d91a207b398dc980100000000fdffffff0225140d00000000002251207f809c1307a11ed63b852947c499789be8b1cbe3d50dc0614d92056ab0d2171f1027000000000000225120c8df14b2a973139855a61323a6fd9d2889a272fea87e2a274afa6ec84cf822930140fb6be4528387d682adc3e16bf7621b98883ded27af60b228916de6c417ff3f64b941bf88794c2a26a956257dddc8ac23b93fbd62c6a501fb7c36b7c0e0f1abe6ac250a00"]'
[
{
"txid": "875ed948c456d763225354658b12241af6ebf9df45bb11596b270d6d3f143c60",
"wtxid": "b1b5bf107baa8155bda3f54bbdf90cdaefa1ad1616b14f9512890e1bb7a0cc48",
"allowed": false,
"reject-reason": "non-final"
}
] |
|
I just sent a successful payjoin from this branch. The signet server there was not synced before after maintenence. It should be fixed now |
|
Hate to be a continual bearer of bad news but I tried to send to your sample address and got another error: 
|
|
Can you see the network request response to see if it was an error communicating with the payjoin server or something else? |
|
it's a 400 bad request: |
|
The prior request that failed still included an input which was recorded as seen, so this subsequent request was rejected. I've deleted the seen_inputs database and restarted the server. Thanks for the persistence. |
| sentDetails.destination = address(); | ||
| sentDetails.txid = txid; | ||
| sentDetails.fee_estimate = feeEstimate() ?? 0; | ||
| } else if (payjoinEnabled()) { |
There was a problem hiding this comment.
I'm not sure a sweep should necessarily preclude payjoin on the isMax condition. A receiver offered a sweep could still take the opportunity to contribute an input or use transaction cut-through, and otherwise just broadcast the original psbt as a basic sweep. It doesn't break this PR but should be considered for incremental change later.
|
request: |
|
@futurepaul It looks like the original bip21 from the description belonged to an old wallet, so the output did not pay the receiver you were calling. I updated the description to let you fetch a bip21 from the live server which I'll repeat here: https://mutiny.payjoin.org:4433/bip21?amount=0.00066666, which I have just tested on my local machine to success |
|
mutiny.payjoin.org is down for maintenance and should be up tomorrow |
|
mutiny.payjoin.org is up and synced |
DanGould
force-pushed
the
payjoin-sends
branch
from
b9a089c to
b57eb4f
Compare
|
rebased on master w/ new ActivityEditor change |
DanGould
force-pushed
the
payjoin-sends
branch
from
b57eb4f to
216c748
Compare
benalleng
force-pushed
the
payjoin-sends
branch
from
216c748 to
736cf67
Compare
|
|
|
@benthecarman hell yeah brother Happy to follow up with a toggle that fits in the table like bitcoin design recommends
|
|
Yeah that might be cleaner |
|
as of now this is the same element / size as other warning InfoBoxes We could also spruce up the notice in VStack like this but I do believe that's out of the scope of this PR
|
supersede #572
fix ci errors
awaiting mutiny-node merge as a dependency for this
-- @benalleng