[FEATURE] Add the ability to import address by seed on the node

[username1565]

Аbstract Is your feature request related to a problem? Please describe. This is not a problem, just additional functional.

Motivation and Purposes A clear and concise description of what the problem is. Ex. I'm always frustrated when [I have the wallet, with waves address, this have the alias, and someone open leasing to this address, but this is not a node, just wallet... But I have the node with another address, and cann't import my wallet there, to do mining there. So I cann't do mining and pay for his leasing, and he don't got anything for this leasing.].

Specification A clear and concise description of what you want to happen. Describe alternatives you've considered

Is this possible to import the existing address or the corresponding seed of this - into the node? Node REST API: https://nodes.wavesnodes.com/ Have the method "POST /addresses" to CREATE NEW ADDRESS (generate this), and method "GET /addresses" is return a list of the addresses on the node. But... What about import existing address by specified seed, something like "POST /address/import/{mnemonic_seed/base58encoded_seed}" -> "address on the node"? Can you add this option in future?

Backwards Compatibility Can your proposition affect any existing features? Maybe no, because on the node already is possible to generate the multiple addresses, by using methond "POST /addresses"

Examples and Implementation Examples of implementation in other projects? Bitcoin console command:

importprivkey PRIVATE_KEY

[mtuktarov]

Hi @username1565! Thanks for submitting this issue! Instead of using REST-API, you should use Waves node configuration file. By default, it's located in /etc/waves/waves.conf. This config file includes another one /etc/waves/local.conf. We recommend keep waves.conf with default values and add changes to local.conf. Same options in local.conf will override the ones in waves.conf. Your procedure is:

1. Confirm that waves.conf includes local.conf by checking the last string in waves.conf. It should be:

   include "local.conf"

2. Now add following strings to local.conf specifying your values:

   waves { 
   wallet {
   # Password to protect wallet file
   password = "walletFilePassword"
   
   # Wallet seed as BASE58 string
   seed = "base58EncodedSeed"
   }
   miner {
   enable = yes
   }

3. Restart Waves node:

   sudo systemctl restart waves

   You can find more info about configuration here. Please let me know if any further assistance is required.

[username1565]

Hi, @mtuktarov! I'm using .jar-file on Windows, not Linux. The configuration file name is node_extensions.conf, and this is exists in the same directory, where .jar-file with node exist. I'm starting this, using .bat-file, with strings:

::Mining node + enabled matcher on http://127.0.0.1:6886/
G:
cd "G:\coins\WAVES_FULL_NODE\NEW_NODE"
java -cp "G:\coins\WAVES_FULL_NODE\NEW_NODE\waves-all-1.1.2.jar;G:\coins\WAVES_FULL_NODE\NEW_NODE\dex-1.0.1\lib\*" com.wavesplatform.Application node_extensions.conf
pause

I see the string:

include "local.conf"

inside node_extensions.conf, but I don't know where is this file local.conf.

I did just unpack waves-all-1.1.2.jar, using 7z.exe, into separate folder, and tried to find this files. I see some configurations files, but I didn't found this files waves.conf, and local.conf, there.

---

As I understand, you suggest to just adding one address to wallet.dat, by specify seed from this address. I can do this, using node_extensions.conf, by the code, that you provide:

waves { 
  wallet {
    # Password to protect wallet file
    password = "walletFilePassword"

    # Wallet seed as BASE58 string
    seed = "base58EncodedSeed"
  }
  miner {
  enable = yes
}

---

But question not been about it... As you can see, here, inside the NODE REST API, there is possible to CREATE new address, by generate this address (need to specify the API-key, to do this).

POST /addresses 

After this creation the new address, one node have many addresses:

GET /addresses 

So I did ask about the option to IMPORT this address from specified seed, not generate this randomly.

For example, I have 2 addresses, and two seeds. I have many aliases for my two addresses. One address is the node address. Second address is just client-address, i using this just to trading on WAVES DEX, and login there by seed from this address, and have aliases for this address. But when someone open leasing for this my trading-address, I cann't pay him for leasing, because this address not the node-address, I cann't do mining with waves, which was leased there. So, will be better to import many addresses, by specified seed, and import it to the node, using NODE REST API. Also, maybe, this will allow to do mining, using available balance from many addresses.

And this is the main sense of this opened issue.

Best regards.

[mtuktarov]

@username1565 well, there is no sense to lease tokens to the address which is not specified in the Waves node configuration - in your case in node_extensions.conf. If it's not specified (i.e. it is not a node-address) then such an address can not do mining. You should specify the address you want to use for mining in the Waves node config. Please let me know if you have any questions.

[username1565]

@mtuktarov, I cann't say about it to the leasers. I just sent 1 READ Attachment, with description, but no any result. Leasing still opened.

Yes, I still have the questions. Can the node working with many addresses? Of course, yes, it can, after creating and generate new address. So 1 node have two addresses? Can this be two my own address? So, can you programming import the address to the node by specified seed, using NODE REST API? Maybe, this is so easy...

Or... If you don't want to do this, then can I add this myself, just for my node, and add this by editing the code of unpacked files from .jar-file?

[mtuktarov]

Node uses only one address for mining.

[username1565]

Hm... I don't see where is one address of the node is specified in configuration file. This can be specified only for matcher. And I think, address is contains inside encrypted wallet.dat. In this case, when new address is generated, using NODE REST API: POST /addresses this new address just adding inside wallet.dat. And if, after this address was ben generated, try to get the node address - this return many addresses... From where? From encrypted wallet.dat. Ok... You say node uses only one address for mining? But why? Many altcoins can staking the coins from many addresses and unspent outputs, inside wallet.dat. Is this really true? Can we test this? Yes, we can. You can just open new leasing to the second address of my node: 3PHTiLzJfm1YTw1W9JFsSRyxSihod8BiqsX, and if leased waves can staking and generate new blocks, then this address can get mining rewards, and we can see this here: https://w8io.ru/3PHTiLzJfm1YTw1W9JFsSRyxSihod8BiqsX/

[mtuktarov]

@username1565 I discussed this issue internally. You are correct - generated addresses are kept in the wallet.dat file and there is no way to import an existing one. As such, the feature request is valid but I need to clarify more details to forward the clear scenario to devs. Please clarify:

1. Do both addresses have more than 1000 Waves?
2. Do you use both for mining? Why not using only one address?
3. Do you host DEX on your own or use a hosted one?
4. Again, please provide me with the exact scenario as it feels unusual to use 2 addresses. For the time being as a workaround you can host 2 nodes and specify both addresses in their configs

[username1565]

Hi, @mtuktarov! I already provided the info in the previous posts, but I will repeat this again.

1. Yes. I have two addressed. Address for the mining on the node, and address for the trading.
2. No, but I want it.
3. Yes I do. I have the node, this is configured and the ports are opened. Also, I have configured matcher, just for tests.
4. I cann't host two nodes, because I have no enough size on my disk for two blockchains, and not enough RAM to run this together on one machine. Maybe... Another hosting, but there can be stoled the info from configuration files.

Now, I'll explain how I did generate this my two addresses node-address, and trading-address. At first, I did generate my main address, using old waves-lite-client: https://waveswallet.io/ There I did buy WAVES, and hold it, and trading it. After some time, I just wanted to do mining WAVES. And I think about someone can stole waves, if he will got access to config or to the working node. So I did generate new address for the node, and seed from this address was been generated here: https://cryptostorage.com/generate.html?tickers=waves After this, I did encode this mnemonic seed (words) to base58, here: https://username1565.github.io/brainwallet.github.io/#converter and did put this base58 encoded string into node.conf. After this, I see my address was been imported in wallet.dat, and this is the main address of the node. Then, I just did open the leasing to this address, from my main trading-address. In this case, I see my node can do mining, this got rewards, and anyone cann't stole my waves from there, even if someone can get access for this. The maxumum loss is the mining rewards on the node. Ok... Also, I can got access to the node address, by mnemonic seed, and can exchange, or transfer, using waves-lite-client, and waves-client: https://client.wavesplatform.com/#!/dex-demo Then, I did create alias for the node address, and got 15,000 WAVES leased there. So there is no any sense to change the node address to my trading-address, because there is already exists leased waves, and I can open the additional leasing there, at any time, myself, on the node-address from my trading-address. Ok.. But... I had earlier the some aliases for my trading-address, and your system is allow to do leasing to alias. And... Someone opened leasing for my trading-address (!!!), by alias from this address. This is not my node address, this cann't do mining, and this user cann't get the rewards from his leasing. I did send him 1 READ Attachment, with info about cancel the leasing. But... I think... Will be better to just make importing the address by seed, using NODE REST API, because there is already available the working with multiple addresses, after creaton this address by random generation. So this issue was opened as result. Also, by this reasons, I did open this issue about programming the chain of leasing, if node will be inactive, and if will be inactive the leasers of this node.

Best regards.

[mtuktarov]

@username1565 thanks! I got you and submitted a feature request. May I ask you a question? So, let's imagine Waves node allows you to do mining using several addresses and it is possible to import them via REST API. Some time ago you generated a new address to keep money in safety. Today someone leases tokens to your new address, hm, will you start mining just to return a reward? By the way, do you think REST API can make a trick in case someone's private data ends up in the wrong hands? I just didn't get what can happen with the config. Something Windows-specific? Have a good one!

[username1565]

Hi, @mtuktarov!

May I ask you a question?

Yes, of course.

So, let's imagine Waves node allows you to do mining using several addresses and it is possible to import them via REST API.

This will be a nice, because my unspent coins can staking, even while I do trading.

Some time ago you generated a new address to keep money in safety. Today someone leases tokens to your new address, hm, will you start mining just to return a reward?

Yes! Yes! Firstly, my node is installed on an encrypted hard drive and on my computer. Secondly, I can log in with my address, and I can transfer my money at any time, from anywhere, if I suspect something, or if a certain signal works. Also, I want to pay for each my leasers, just because the reputation of the all wavesplatform depends on it. What if someone open the test leasing? Just to test how this working? And he open the leasing, and this leasing is not working... Will he open another leasing? Will he hold here all his multi-billionaire fund in future, if leasing not working, and no any percentage... Just think about it... I do payments 100% of WAVES-rewards, after each generated block on my node, and I earning only MRT. I do this manually, for each block, after 1000 confirmations, and I have even a defined reflex. I appreciate every leaser. And when I see someone opened the leasing, I want to pay him, even if I'll lost something. But... This is not address of the mining node... I think, will be better to implement autopayments for leasing as hardcoded module inside the node, and also will be very useful the chains of automated reopened leasing only for active nodes.

Also, think about another case... Leaser opened the leasing. And lost his key/seed, or dead. My address not the node address, and I cann't do mining. After some time, I can lost my key/seed too, or dead. We have locked waves, this cann't do mining, and system is lost. But if this addresses will be imported on the node, this can staking even if we both will lost the control from the addresses. Moreover node addres can be recovered from the node wallet.dat + password, while this node is active, and do mining... But that leaser address cann't be recovered, if he lost seed or dead... In this case, it seems appropriate for the entire system to don't make auto payments for leasing. But even here you can find the compromise between autopays and don't pays for inactive addresses. For example, if user is inactive, and didn't send no one signature to the network within some time, his leasing can don't got rewards and autopayments can be disabled. Moreover, his WAVES can be burned, and returned to the system, if this user is inacitve within 2-5 years or more (if he lost his seed and access to the address)... In this case, all lost waves can be returned to the system for miners and traders, like this is already implemented in the source code of PascalCoin.

By the way, do you think REST API can make a trick in case someone's private data ends up in the wrong hands? I see 3 ways to stole personal data from the node:

Firstly, the base58 encoded seed can be stoled from the configuration file, if node can be hosted on VPS, for example, and in this case can be stoled by admins of that VPS.

Secontary: this string can be deleted, because this need only for creation the wallet.dat, and when this is already exists, and string is deleted, then node is working. This working because wallet.dat is encrypted by password, and this password, is specified in config conf. So when node is runned, and wallet.dat is already exists, then password just used for decrypting this wallet.dat. In this case, the password can be stolled, and wallet.dat+password can return personal data for admins of VPS. Then, password can be deleted from config. And in this case need to enter this for every time, for each running the node. This data can be intercepted during forwarding, or from memory, after input.

Thirdly: I see, in the Node REST API, there is the directive:

GET /wallet/seed 

This return the base58 encoded seed from wallet.dat. This seed can be converted from Base58 to text (mnemonic seed words). I see one more directive:

GET /addresses/seed/{address} 

return private key by address. But, to do run this directives, need to specify the API-KEY, hash of which is compared with api-key-hash in config. Ok... But what about hash collisions, and ability of (GPU/ASIC/FPGA/OpticalFPGA/Quantum)-bruteforce collisions of this hash value? What about just intercepting this, or copy from memory?..

Also, this API-key can be just requested by VPS admin, using social-engeneering, and it looks much more harmless than trying to request a seed or privkey.

In addition, I think that it is possible to protect the address from unauthorized expenses with the help of scripts, but I am not familiar with the scripting language and for me it is something cosmic.

Just you are looking at this as on the hypothetical cases, but I am looking at this as quite really cases.

---

I think it would be worth summarizing the whole thing and summing up a resume, and extract some ideas with checkpoints for to-do list. Maybe someone can do it, but I'm already tired and not able to, because I do not have the time and desire...

[mtuktarov]

Hey, I enjoyed this reading! Regarding API-key hashes - yes, it can be brute-forced and hash collisions are possible. We should be fine - those guys are already busy mining bitcoins... ;) However, if one of them suddenly discovers this topic and decides to chase us, let's configure the firewall - close REST API from the public. IP filtering should be enough. Next, regarding VPS hosts - easy-drizzy! One should fix their relations with hosters. They must not know the secrets. Finally, those cases you described - we took care about it. We are ready for people to start dying and the zombie apocalypse begging. I wish this easter egg would be found someday... Thanks for your thoughts, by the way! Nice to talk to people who care!

[pivoo81]

@username1565 You request is valid. And we will do this feature of mining from different addressed in future. Now I can't tell exact release for it.