Validate full wallet balances like a block or UTXO set

[ignopeverell]

There are multiple places in Grin where we validate that a set of commitments sum properly against a known value and a pubkey with a signature. A block has to sum against its coin inflation. A transaction against its fee. The full UTXO set against, the whole supply.

This concept can be extended to a wallet, to ensure all its unique unspent output commitments sum against the final balance. The wallet can produce the sum of all private keys as well, so the resulting pubkey can be validated either directly, or through a signature like everything else.

The objective is to have a full wallet validation that's hard to game or exploit, detecting or preventing bugs resulting in duplicate outputs, mutated outputs, etc. To be clear, this is a secondary measure (belt and suspenders again). I expect this would be very valuable to a exchanges or merchant services for example, that have to accept large amounts of externally-created transactions.

[antiochp]

Yeah I like this - I was going to ask what any given wallet should sum to before realizing we're basically doing two sets of accounting in there. We're handling amounts in the clear as we build txs and then mirroring this we're handling the blinded commitments. So of course the sums of these should match.

Even with thousands of outputs in a wallet a full validation (just the sums) is going to be pretty fast.

:+1:

[svechinsky]

I'm gonna have a go at trying to add this validation to the check_repair command

Just to confirm I understood correctly, we want to validate all outputs + reconstructed commitments stored in the wallet against all the wallet outputs and commitments retreived from the node.