Concurrent transaction creation may result in double spends #120
Labels
Comments
jrick
changed the title
jrick
pushed a commit
to jrick/btcwallet
that referenced
this issue
Nov 15, 2016
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If btcwallet is hit with many RPC requests to create a transaction (such as sendfrom/sendmany/sendtoaddress) at the same time, the requests will be handled concurrently. Even though there is no data race (as access to transaction store is protected by a mutex), this is a logical race as each request handler will end up choosing some of the same inputs for both transactions, resulting in double spends.
To fix this, a new goroutine which is solely responsible for transaction creation, or even just input selection (if "returning" previously chosen inputs is allowed), should be run, and all sendfrom/many/toaddress requests must communicate with this goroutine to create and sign the transaction.
This did not use to be an issue as all client RPC requests were previously handled serialized.
The text was updated successfully, but these errors were encountered: