Rust tool to import bip39 mnemonic #32115
Conversation
|
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. Code Coverage & BenchmarksFor details see: https://corecheck.dev/bitcoin/bitcoin/pulls/32115. ReviewsSee the guideline for information on the review process.
If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update. |
Does this mean the Guix build will now have to bootstrap a Rust compiler? |
|
@darosior no, the user has to (unlike e.g. the HWI project which ships a standalone binary that including Python, mainly useful for Windows users I think) |
There was a problem hiding this comment.
Or perhaps Rust Bitcoin could ship it as an example.
Yeah, right now it looks like this is just a few lines of docs and example code with the bulk being several imported rust-bitcoin dependencies. So I wonder what the benefits are to include it here, instead of somewhere closer where the majority of its (implicit) code sits.
| Bitcoin Core does not support bip39. The mnemonic will not be stored in the | ||
| wallet, so be sure to back it up. Only standard derivation paths are supported | ||
| (BIP44, BIP49, BIP84 and BIP86). |
There was a problem hiding this comment.
This is a bit confusing. What does "back it up" mean? The wallet, the mnemonic? Also, I am not sure about the risks that users are exposed to now. I've only read the first section of https://github.com/bitcoin/bips/wiki/Comments:BIP-0039 and it mentions loss of funds. So I think it would be better to educate the users about how wallet incompatibilities can silently lead to loss of funds, instead of implying that a backup of the mnemonic is sufficient for recovery.
There was a problem hiding this comment.
The mnemonic. Some wallets let you see the mnemonic, others don't (e.g. Ledger only shows it on first use, Bitkey doesn't show it all). But we can't show it, because the master hd key is a hash of the mnemonic, so there's no way back.
If the original wallet uses different derivation paths then Bitcoin Core won't find funds, but they're not lost. Using the same key material between two wallets is a bad idea in general, so we could advice against that.
The docs should probably also mention that HWI can be used to create a watch-only wallet.
There was a problem hiding this comment.
The mnemonic.
Unless I am missing something, that'll lead to loss of funds, because importdescriptors does not fail if there are already descriptors in the wallet, and it doesn't guarantee that all prior descriptors are inactive. So a users could (after they ran through the steps here) silently and accidentally use a prior active descriptor and then fail to recover the funds there, because they only backed up the mnemonic.
If the original wallet uses different derivation paths then Bitcoin Core won't find funds, but they're not lost.
I am not sure if it matters much for the user if they lost the funds because Bitcoin Core didn't find them, or if they lost them in another way. It seems plausible that someone does an import, then sees some funds from some matching paths, but fails to see the missing funds from mismatching paths. (Likely the user will only fail to notice this if the missing funds are only a small portion, but it still seems like a silent foot-gun to me)
There was a problem hiding this comment.
I assumed you were talking about losing from from the imported wallet, but I think you're talking about funds in a pre-existing Bitcoin Core wallet.
does not fail if there are already descriptors in the wallet
The instructions say that the wallet should be blank. Perhaps the script should make the RPC calls so that it can actually verify this, but using RPC increases complexity and presumably requires importing network or shell code.
The The script itself seems trivial to maintain, especially if someone who actually knows Rust cleans it up a bit. The problem is in the dependencies.
We only need a small (?) subset of this, but I'm not familiar enough with Rust to constrain the imports. And perhaps a few changes to rust-bitcoin are needed to prevent pulling in the kitchen sink. It would be nice if Rust had a way to vendor only the classes and methods that are actually called, so you can see all the rust code involved and review changes. If it's just a few hundred lines then we can actually review it. But if the sub-sub-depedency rabbit hole is too large, then it's probably too much burden for the project. In that case implementing it in c++ might be better, since we have most (all?) of the dependencies already, see #19151 (comment). I don't think we should tell users to just google for utilities like this. Nor should we link to some project that we're not reviewing. And if we don't tell users where it is, then only people who've heard of rust-bitcoin will use it. I wouldn't consider that a fix of #19151. |
|
Concept NACK Shipping rust code in The amount of users that would compile this themselves is marginal making the upside of this pretty small. Technical users like that would have no trouble finding this in the e.g. |
Since we're probably not going to support bip39 mnemonics in the wallet itself, but it's an often requested feature, this PR provides a simple Rust utility to import one.
This puts the utility in
shareso it's included in releases. Alternatively we could make a separate repo akin to HWI. Or perhaps Rust Bitcoin could ship it as an example.Usage (first bip39 test vector):
Pro tip: use
-blockfilterindexfor an ultra fastrescanblockchainexperience.Dependencies:
Fixes #19151
Could be expanded to import codex32, see #27351.