From 0de1571abd2a8b169e0a3c67cc5769e804b08957 Mon Sep 17 00:00:00 2001
From: moneromooo-monero <moneromooo-monero@users.noreply.github.com>
Date: Sun, 7 Aug 2022 14:56:59 +0000
Subject: [PATCH 1/7] wallet2: fix missing subaddress indices in "light"
 exported outputs

---
 src/wallet/wallet2.cpp | 4 +++-
 src/wallet/wallet2.h   | 6 +++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/wallet/wallet2.cpp b/src/wallet/wallet2.cpp
index 195763949..d87aa0e33 100644
--- a/src/wallet/wallet2.cpp
+++ b/src/wallet/wallet2.cpp
@@ -13241,7 +13241,7 @@ size_t wallet2::import_outputs(const std::pair<uint64_t, std::vector<tools::wall
     exported_transfer_details etd = outputs.second[i];
     transfer_details &td = m_transfers[i + offset];
 
-    // setup td with "cheao" loaded data
+    // setup td with "cheap" loaded data
     td.m_block_height = 0;
     td.m_txid = crypto::null_hash;
     td.m_global_output_index = etd.m_global_output_index;
@@ -13254,6 +13254,8 @@ size_t wallet2::import_outputs(const std::pair<uint64_t, std::vector<tools::wall
     td.m_key_image_known = etd.m_flags.m_key_image_known;
     td.m_key_image_request = etd.m_flags.m_key_image_request;
     td.m_key_image_partial = false;
+    td.m_subaddr_index.major = etd.m_subaddr_index_major;
+    td.m_subaddr_index.minor = etd.m_subaddr_index_minor;
 
     // skip those we've already imported, or which have different data
     if (i + offset < original_size)
diff --git a/src/wallet/wallet2.h b/src/wallet/wallet2.h
index 16e898ad8..6598dea10 100644
--- a/src/wallet/wallet2.h
+++ b/src/wallet/wallet2.h
@@ -401,9 +401,11 @@ private:
       } m_flags;
       uint64_t m_amount;
       std::vector<crypto::public_key> m_additional_tx_keys;
+      uint32_t m_subaddr_index_major;
+      uint32_t m_subaddr_index_minor;
 
       BEGIN_SERIALIZE_OBJECT()
-        VERSION_FIELD(0)
+        VERSION_FIELD(1)
         FIELD(m_pubkey)
         VARINT_FIELD(m_internal_output_index)
         VARINT_FIELD(m_global_output_index)
@@ -411,6 +413,8 @@ private:
         FIELD(m_flags.flags)
         VARINT_FIELD(m_amount)
         FIELD(m_additional_tx_keys)
+        VARINT_FIELD(m_subaddr_index_major)
+        VARINT_FIELD(m_subaddr_index_minor)
       END_SERIALIZE()
     };
 

From 5b98bebad146854cabf11b51bbd6ff5fafccbdcc Mon Sep 17 00:00:00 2001
From: moneromooo-monero <moneromooo-monero@users.noreply.github.com>
Date: Sun, 7 Aug 2022 15:00:16 +0000
Subject: [PATCH 2/7] wallet2: prevent importing outputs in a hot wallet

---
 src/wallet/wallet2.cpp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/wallet/wallet2.cpp b/src/wallet/wallet2.cpp
index d87aa0e33..aba929855 100644
--- a/src/wallet/wallet2.cpp
+++ b/src/wallet/wallet2.cpp
@@ -13162,6 +13162,8 @@ size_t wallet2::import_outputs(const std::pair<uint64_t, std::vector<tools::wall
 {
   PERF_TIMER(import_outputs);
 
+  THROW_WALLET_EXCEPTION_IF(watch_only(), error::wallet_internal_error, "Hot wallets cannot import outputs");
+
   THROW_WALLET_EXCEPTION_IF(outputs.first > m_transfers.size(), error::wallet_internal_error,
       "Imported outputs omit more outputs that we know of");
 

From 4b7eb573b2925306fe84a6fff8e25bd0062b1082 Mon Sep 17 00:00:00 2001
From: moneromooo-monero <moneromooo-monero@users.noreply.github.com>
Date: Sun, 7 Aug 2022 15:19:32 +0000
Subject: [PATCH 3/7] wallet2: do not assume imported outputs must be non empty

---
 src/wallet/wallet2.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/wallet/wallet2.cpp b/src/wallet/wallet2.cpp
index aba929855..9caf43cbb 100644
--- a/src/wallet/wallet2.cpp
+++ b/src/wallet/wallet2.cpp
@@ -6606,7 +6606,7 @@ bool wallet2::sign_tx(unsigned_tx_set &exported_txs, std::vector<wallet2::pendin
 {
   if (!exported_txs.new_transfers.second.empty())
     import_outputs(exported_txs.new_transfers);
-  else
+  else if (exported_txs.transfers.second.empty())
     import_outputs(exported_txs.transfers);
 
   // sign the transactions
@@ -13395,7 +13395,7 @@ size_t wallet2::import_outputs_from_str(const std::string &outputs_st)
       outputs.second = {};
     }
 
-    imported_outputs = new_outputs.second.empty() ? import_outputs(outputs) : import_outputs(new_outputs);
+    imported_outputs = !new_outputs.second.empty() ? import_outputs(new_outputs) : !outputs.second.empty() ? import_outputs(outputs) : 0;
   }
   catch (const std::exception &e)
   {

From b03d7091f7a0c2bd78f28ccb27a6481bb409d4dd Mon Sep 17 00:00:00 2001
From: j-berman <justinberman@protonmail.com>
Date: Mon, 15 Aug 2022 19:50:34 -0700
Subject: [PATCH 4/7] wallet2: fixes for export/import output flow

- only allow offline wallets to import outputs
- don't import empty outputs
- export subaddress indexes when exporting outputs
---
 src/wallet/wallet2.cpp                        |  8 +-
 src/wallet/wallet2.h                          |  2 +
 tests/functional_tests/cold_signing.py        | 79 +++++++++++++++----
 .../functional_tests/functional_tests_rpc.py  |  6 +-
 4 files changed, 75 insertions(+), 20 deletions(-)

diff --git a/src/wallet/wallet2.cpp b/src/wallet/wallet2.cpp
index 9caf43cbb..536460396 100644
--- a/src/wallet/wallet2.cpp
+++ b/src/wallet/wallet2.cpp
@@ -6606,7 +6606,7 @@ bool wallet2::sign_tx(unsigned_tx_set &exported_txs, std::vector<wallet2::pendin
 {
   if (!exported_txs.new_transfers.second.empty())
     import_outputs(exported_txs.new_transfers);
-  else if (exported_txs.transfers.second.empty())
+  else if (!exported_txs.transfers.second.empty())
     import_outputs(exported_txs.transfers);
 
   // sign the transactions
@@ -13132,6 +13132,8 @@ std::pair<uint64_t, std::vector<tools::wallet2::exported_transfer_details>> wall
     etd.m_flags.m_key_image_partial = td.m_key_image_partial;
     etd.m_amount = td.m_amount;
     etd.m_additional_tx_keys = get_additional_tx_pub_keys_from_extra(td.m_tx);
+    etd.m_subaddr_index_major = td.m_subaddr_index.major;
+    etd.m_subaddr_index_minor = td.m_subaddr_index.minor;
 
     outs.push_back(etd);
   }
@@ -13162,7 +13164,7 @@ size_t wallet2::import_outputs(const std::pair<uint64_t, std::vector<tools::wall
 {
   PERF_TIMER(import_outputs);
 
-  THROW_WALLET_EXCEPTION_IF(watch_only(), error::wallet_internal_error, "Hot wallets cannot import outputs");
+  THROW_WALLET_EXCEPTION_IF(!m_offline, error::wallet_internal_error, "Hot wallets cannot import outputs");
 
   THROW_WALLET_EXCEPTION_IF(outputs.first > m_transfers.size(), error::wallet_internal_error,
       "Imported outputs omit more outputs that we know of");
@@ -13230,6 +13232,8 @@ size_t wallet2::import_outputs(const std::pair<uint64_t, std::vector<tools::wall
 {
   PERF_TIMER(import_outputs);
 
+  THROW_WALLET_EXCEPTION_IF(!m_offline, error::wallet_internal_error, "Hot wallets cannot import outputs");
+
   THROW_WALLET_EXCEPTION_IF(outputs.first > m_transfers.size(), error::wallet_internal_error,
       "Imported outputs omit more outputs that we know of. Try using export_outputs all.");
 
diff --git a/src/wallet/wallet2.h b/src/wallet/wallet2.h
index 6598dea10..06d4e636e 100644
--- a/src/wallet/wallet2.h
+++ b/src/wallet/wallet2.h
@@ -406,6 +406,8 @@ private:
 
       BEGIN_SERIALIZE_OBJECT()
         VERSION_FIELD(1)
+        if (version < 1)
+          return false;
         FIELD(m_pubkey)
         VARINT_FIELD(m_internal_output_index)
         VARINT_FIELD(m_global_output_index)
diff --git a/tests/functional_tests/cold_signing.py b/tests/functional_tests/cold_signing.py
index 31d5780bb..9f8143a8c 100755
--- a/tests/functional_tests/cold_signing.py
+++ b/tests/functional_tests/cold_signing.py
@@ -35,12 +35,18 @@ from __future__ import print_function
 from framework.daemon import Daemon
 from framework.wallet import Wallet
 
+SEED = 'velvet lymph giddy number token physics poetry unquoted nibs useful sabotage limits benches lifestyle eden nitrogen anvil fewest avoid batch vials washing fences goat unquoted'
+STANDARD_ADDRESS = '42ey1afDFnn4886T7196doS9GPMzexD9gXpsZJDwVjeRVdFCSoHnv7KPbBeGpzJBzHRCAs9UxqeoyFQMYbqSWYTfJJQAWDm'
+SUBADDRESS = '84QRUYawRNrU3NN1VpFRndSukeyEb3Xpv8qZjjsoJZnTYpDYceuUTpog13D7qPxpviS7J29bSgSkR11hFFoXWk2yNdsR9WF'
+
 class ColdSigningTest():
     def run_test(self):
         self.reset()
         self.create(0)
         self.mine()
         self.transfer()
+        self.self_transfer_to_subaddress()
+        self.transfer_after_empty_export_import()
 
     def reset(self):
         print('Resetting blockchain')
@@ -57,17 +63,15 @@ class ColdSigningTest():
         try: self.hot_wallet.close_wallet()
         except: pass
 
-        self.cold_wallet = Wallet(idx = 1)
+        self.cold_wallet = Wallet(idx = 5)
         # close the wallet if any, will throw if none is loaded
         try: self.cold_wallet.close_wallet()
         except: pass
 
-        seed = 'velvet lymph giddy number token physics poetry unquoted nibs useful sabotage limits benches lifestyle eden nitrogen anvil fewest avoid batch vials washing fences goat unquoted'
-        res = self.cold_wallet.restore_deterministic_wallet(seed = seed)
-        self.cold_wallet.set_daemon('127.0.0.1:11111', ssl_support = "disabled")
+        res = self.cold_wallet.restore_deterministic_wallet(seed = SEED)
         spend_key = self.cold_wallet.query_key("spend_key").key
         view_key = self.cold_wallet.query_key("view_key").key
-        res = self.hot_wallet.generate_from_keys(viewkey = view_key, address = '42ey1afDFnn4886T7196doS9GPMzexD9gXpsZJDwVjeRVdFCSoHnv7KPbBeGpzJBzHRCAs9UxqeoyFQMYbqSWYTfJJQAWDm')
+        res = self.hot_wallet.generate_from_keys(viewkey = view_key, address = STANDARD_ADDRESS)
 
         ok = False
         try: res = self.hot_wallet.query_key("spend_key")
@@ -79,28 +83,30 @@ class ColdSigningTest():
         assert ok
         assert self.cold_wallet.query_key("view_key").key == view_key
         assert self.cold_wallet.get_address().address == self.hot_wallet.get_address().address
+        assert self.cold_wallet.get_address().address == STANDARD_ADDRESS
 
     def mine(self):
         print("Mining some blocks")
         daemon = Daemon()
         wallet = Wallet()
 
-        daemon.generateblocks('42ey1afDFnn4886T7196doS9GPMzexD9gXpsZJDwVjeRVdFCSoHnv7KPbBeGpzJBzHRCAs9UxqeoyFQMYbqSWYTfJJQAWDm', 80)
+        daemon.generateblocks(STANDARD_ADDRESS, 80)
         wallet.refresh()
 
-    def transfer(self):
-        daemon = Daemon()
-
-        print("Creating transaction in hot wallet")
-
-        dst = {'address': '42ey1afDFnn4886T7196doS9GPMzexD9gXpsZJDwVjeRVdFCSoHnv7KPbBeGpzJBzHRCAs9UxqeoyFQMYbqSWYTfJJQAWDm', 'amount': 1000000000000}
-
+    def export_import(self):
         self.hot_wallet.refresh()
         res = self.hot_wallet.export_outputs()
         self.cold_wallet.import_outputs(res.outputs_data_hex)
         res = self.cold_wallet.export_key_images(True)
         self.hot_wallet.import_key_images(res.signed_key_images, offset = res.offset)
 
+    def create_tx(self, destination_addr):
+        daemon = Daemon()
+
+        dst = {'address': destination_addr, 'amount': 1000000000000}
+
+        self.export_import()
+
         res = self.hot_wallet.transfer([dst], ring_size = 16, get_tx_key = False)
         assert len(res.tx_hash) == 32*2
         txid = res.tx_hash
@@ -125,11 +131,11 @@ class ColdSigningTest():
         assert desc.unlock_time == 0
         assert desc.payment_id in ['', '0000000000000000']
         assert desc.change_amount == desc.amount_in - 1000000000000 - fee
-        assert desc.change_address == '42ey1afDFnn4886T7196doS9GPMzexD9gXpsZJDwVjeRVdFCSoHnv7KPbBeGpzJBzHRCAs9UxqeoyFQMYbqSWYTfJJQAWDm'
+        assert desc.change_address == STANDARD_ADDRESS
         assert desc.fee == fee
         assert len(desc.recipients) == 1
         rec = desc.recipients[0]
-        assert rec.address == '42ey1afDFnn4886T7196doS9GPMzexD9gXpsZJDwVjeRVdFCSoHnv7KPbBeGpzJBzHRCAs9UxqeoyFQMYbqSWYTfJJQAWDm'
+        assert rec.address == destination_addr
         assert rec.amount == 1000000000000
 
         res = self.cold_wallet.sign_transfer(unsigned_txset)
@@ -148,7 +154,7 @@ class ColdSigningTest():
         assert len([x for x in (res['pending'] if 'pending' in res else []) if x.txid == txid]) == 1
         assert len([x for x in (res['out'] if 'out' in res else []) if x.txid == txid]) == 0
 
-        daemon.generateblocks('42ey1afDFnn4886T7196doS9GPMzexD9gXpsZJDwVjeRVdFCSoHnv7KPbBeGpzJBzHRCAs9UxqeoyFQMYbqSWYTfJJQAWDm', 1)
+        daemon.generateblocks(STANDARD_ADDRESS, 1)
         self.hot_wallet.refresh()
 
         res = self.hot_wallet.get_transfers()
@@ -160,6 +166,47 @@ class ColdSigningTest():
         res = self.cold_wallet.get_tx_key(txid)
         assert len(res.tx_key) == 64
 
+        self.export_import()
+
+    def transfer(self):
+        print("Creating transaction in hot wallet")
+        self.create_tx(STANDARD_ADDRESS)
+
+        res = self.cold_wallet.get_address()
+        assert len(res['addresses']) == 1
+        assert res['addresses'][0].address == STANDARD_ADDRESS
+        assert res['addresses'][0].used
+
+        res = self.hot_wallet.get_address()
+        assert len(res['addresses']) == 1
+        assert res['addresses'][0].address == STANDARD_ADDRESS
+        assert res['addresses'][0].used
+
+    def self_transfer_to_subaddress(self):
+        print("Self-spending to subaddress in hot wallet")
+        self.create_tx(SUBADDRESS)
+
+        res = self.cold_wallet.get_address()
+        assert len(res['addresses']) == 2
+        assert res['addresses'][0].address == STANDARD_ADDRESS
+        assert res['addresses'][0].used
+        assert res['addresses'][1].address == SUBADDRESS
+        assert res['addresses'][1].used
+
+        res = self.hot_wallet.get_address()
+        assert len(res['addresses']) == 2
+        assert res['addresses'][0].address == STANDARD_ADDRESS
+        assert res['addresses'][0].used
+        assert res['addresses'][1].address == SUBADDRESS
+        assert res['addresses'][1].used
+
+    def transfer_after_empty_export_import(self):
+        print("Creating transaction in hot wallet after empty export & import")
+        start_len = len(self.hot_wallet.get_transfers()['in'])
+        self.export_import()
+        assert start_len == len(self.hot_wallet.get_transfers()['in'])
+        self.create_tx(STANDARD_ADDRESS)
+        assert start_len == len(self.hot_wallet.get_transfers()['in']) - 1
 
 class Guard:
     def __enter__(self):
diff --git a/tests/functional_tests/functional_tests_rpc.py b/tests/functional_tests/functional_tests_rpc.py
index eb8d51f08..d020bf2f6 100755
--- a/tests/functional_tests/functional_tests_rpc.py
+++ b/tests/functional_tests/functional_tests_rpc.py
@@ -40,8 +40,9 @@ except:
 N_MONERODS = 4
 
 # 4 wallets connected to the main offline monerod
-# a wallet connected to the first local online monerod
-N_WALLETS = 5
+# 1 wallet connected to the first local online monerod
+# 1 offline wallet
+N_WALLETS = 6
 
 WALLET_DIRECTORY = builddir + "/functional-tests-directory"
 FUNCTIONAL_TESTS_DIRECTORY = builddir + "/tests/functional_tests"
@@ -61,6 +62,7 @@ wallet_extra = [
   ["--daemon-port", "18180"],
   ["--daemon-port", "18180"],
   ["--daemon-port", "18182"],
+  ["--offline"],
 ]
 
 command_lines = []

From 0cbf5571d3ccd07c81d33b05dd23b2ac9c777c3b Mon Sep 17 00:00:00 2001
From: moneromooo-monero <moneromooo-monero@users.noreply.github.com>
Date: Tue, 16 Aug 2022 20:20:38 +0000
Subject: [PATCH 5/7] allow exporting outputs in chunks

this will make it easier huge wallets to do so without hitting
random limits (eg, max string size in node).
---
 src/device_trezor/device_trezor.cpp          |  12 +-
 src/device_trezor/trezor/protocol.hpp        |   4 +-
 src/serialization/tuple.h                    | 169 +++++++++++++++++++
 src/simplewallet/simplewallet.cpp            |   6 +-
 src/wallet/api/wallet.cpp                    |   4 +-
 src/wallet/wallet2.cpp                       |  94 +++++++----
 src/wallet/wallet2.h                         |  64 +++++--
 src/wallet/wallet_rpc_server.cpp             |   2 +-
 src/wallet/wallet_rpc_server_commands_defs.h |   4 +
 tests/data/fuzz/cold-outputs/out-all-6       | Bin 2607 -> 394 bytes
 tests/functional_tests/cold_signing.py       |  54 ++++--
 tests/fuzz/cold-outputs.cpp                  |   2 +-
 utils/python-rpc/framework/wallet.py         |   5 +-
 13 files changed, 348 insertions(+), 72 deletions(-)
 create mode 100644 src/serialization/tuple.h

diff --git a/src/device_trezor/device_trezor.cpp b/src/device_trezor/device_trezor.cpp
index 58c36f2c9..3f7b10be4 100644
--- a/src/device_trezor/device_trezor.cpp
+++ b/src/device_trezor/device_trezor.cpp
@@ -511,7 +511,7 @@ namespace trezor {
                                 tools::wallet2::signed_tx_set & signed_tx,
                                 hw::tx_aux_data & aux_data)
     {
-      CHECK_AND_ASSERT_THROW_MES(unsigned_tx.transfers.first == 0, "Unsuported non zero offset");
+      CHECK_AND_ASSERT_THROW_MES(std::get<0>(unsigned_tx.transfers) == 0, "Unsuported non zero offset");
 
       TREZOR_AUTO_LOCK_CMD();
       require_connected();
@@ -522,7 +522,7 @@ namespace trezor {
       const size_t num_tx = unsigned_tx.txes.size();
       m_num_transations_to_sign = num_tx;
       signed_tx.key_images.clear();
-      signed_tx.key_images.resize(unsigned_tx.transfers.second.size());
+      signed_tx.key_images.resize(std::get<2>(unsigned_tx.transfers).size());
 
       for(size_t tx_idx = 0; tx_idx < num_tx; ++tx_idx) {
         std::shared_ptr<protocol::tx::Signer> signer;
@@ -566,8 +566,8 @@ namespace trezor {
         cpend.key_images = key_images;
 
         // KI sync
-        for(size_t cidx=0, trans_max=unsigned_tx.transfers.second.size(); cidx < trans_max; ++cidx){
-          signed_tx.key_images[cidx] = unsigned_tx.transfers.second[cidx].m_key_image;
+        for(size_t cidx=0, trans_max=std::get<2>(unsigned_tx.transfers).size(); cidx < trans_max; ++cidx){
+          signed_tx.key_images[cidx] = std::get<2>(unsigned_tx.transfers)[cidx].m_key_image;
         }
 
         size_t num_sources = cdata.tx_data.sources.size();
@@ -579,9 +579,9 @@ namespace trezor {
           CHECK_AND_ASSERT_THROW_MES(src_idx < cdata.tx.vin.size(), "Invalid idx_mapped");
 
           size_t idx_map_src = cdata.tx_data.selected_transfers[idx_mapped];
-          CHECK_AND_ASSERT_THROW_MES(idx_map_src >= unsigned_tx.transfers.first, "Invalid offset");
+          CHECK_AND_ASSERT_THROW_MES(idx_map_src >= std::get<0>(unsigned_tx.transfers), "Invalid offset");
 
-          idx_map_src -= unsigned_tx.transfers.first;
+          idx_map_src -= std::get<0>(unsigned_tx.transfers);
           CHECK_AND_ASSERT_THROW_MES(idx_map_src < signed_tx.key_images.size(), "Invalid key image index");
 
           const auto vini = boost::get<cryptonote::txin_to_key>(cdata.tx.vin[src_idx]);
diff --git a/src/device_trezor/trezor/protocol.hpp b/src/device_trezor/trezor/protocol.hpp
index fa8355200..7ffadd9aa 100644
--- a/src/device_trezor/trezor/protocol.hpp
+++ b/src/device_trezor/trezor/protocol.hpp
@@ -230,8 +230,8 @@ namespace tx {
     }
 
     const tools::wallet2::transfer_details & get_transfer(size_t idx) const {
-      CHECK_AND_ASSERT_THROW_MES(idx < m_unsigned_tx->transfers.second.size() + m_unsigned_tx->transfers.first && idx >= m_unsigned_tx->transfers.first, "Invalid transfer index");
-      return m_unsigned_tx->transfers.second[idx - m_unsigned_tx->transfers.first];
+      CHECK_AND_ASSERT_THROW_MES(idx < std::get<2>(m_unsigned_tx->transfers).size() + std::get<0>(m_unsigned_tx->transfers) && idx >= std::get<0>(m_unsigned_tx->transfers), "Invalid transfer index");
+      return std::get<2>(m_unsigned_tx->transfers)[idx - std::get<0>(m_unsigned_tx->transfers)];
     }
 
     const tools::wallet2::transfer_details & get_source_transfer(size_t idx) const {
diff --git a/src/serialization/tuple.h b/src/serialization/tuple.h
new file mode 100644
index 000000000..6d98e05b0
--- /dev/null
+++ b/src/serialization/tuple.h
@@ -0,0 +1,169 @@
+// Copyright (c) 2014-2020, The Monero Project
+// 
+// All rights reserved.
+// 
+// Redistribution and use in source and binary forms, with or without modification, are
+// permitted provided that the following conditions are met:
+// 
+// 1. Redistributions of source code must retain the above copyright notice, this list of
+//    conditions and the following disclaimer.
+// 
+// 2. Redistributions in binary form must reproduce the above copyright notice, this list
+//    of conditions and the following disclaimer in the documentation and/or other
+//    materials provided with the distribution.
+// 
+// 3. Neither the name of the copyright holder nor the names of its contributors may be
+//    used to endorse or promote products derived from this software without specific
+//    prior written permission.
+// 
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
+// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
+// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+// 
+// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers
+
+#pragma once
+#include <memory>
+#include "serialization.h"
+
+namespace serialization
+{
+  namespace detail
+  {
+    template <typename Archive, class T>
+    bool serialize_tuple_element(Archive& ar, T& e)
+    {
+      return ::do_serialize(ar, e);
+    }
+
+    template <typename Archive>
+    bool serialize_tuple_element(Archive& ar, uint64_t& e)
+    {
+      ar.serialize_varint(e);
+      return true;
+    }
+  }
+}
+
+template <template <bool> class Archive, class E0, class E1, class E2>
+inline bool do_serialize(Archive<false>& ar, std::tuple<E0,E1,E2>& p)
+{
+  size_t cnt;
+  ar.begin_array(cnt);
+  if (!ar.good())
+    return false;
+  if (cnt != 3)
+    return false;
+
+  if (!::serialization::detail::serialize_tuple_element(ar, std::get<0>(p)))
+    return false;
+  if (!ar.good())
+    return false;
+  ar.delimit_array();
+  if (!::serialization::detail::serialize_tuple_element(ar, std::get<1>(p)))
+    return false;
+  if (!ar.good())
+    return false;
+  ar.delimit_array();
+  if (!::serialization::detail::serialize_tuple_element(ar, std::get<2>(p)))
+    return false;
+  if (!ar.good())
+    return false;
+
+  ar.end_array();
+  return true;
+}
+
+template <template <bool> class Archive, class E0, class E1, class E2>
+inline bool do_serialize(Archive<true>& ar, std::tuple<E0,E1,E2>& p)
+{
+  ar.begin_array(3);
+  if (!ar.good())
+    return false;
+  if(!::serialization::detail::serialize_tuple_element(ar, std::get<0>(p)))
+    return false;
+  if (!ar.good())
+    return false;
+  ar.delimit_array();
+  if(!::serialization::detail::serialize_tuple_element(ar, std::get<1>(p)))
+    return false;
+  if (!ar.good())
+    return false;
+  ar.delimit_array();
+  if(!::serialization::detail::serialize_tuple_element(ar, std::get<2>(p)))
+    return false;
+  if (!ar.good())
+    return false;
+  ar.end_array();
+  return true;
+}
+
+template <template <bool> class Archive, class E0, class E1, class E2, class E3>
+inline bool do_serialize(Archive<false>& ar, std::tuple<E0,E1,E2,E3>& p)
+{
+  size_t cnt;
+  ar.begin_array(cnt);
+  if (!ar.good())
+    return false;
+  if (cnt != 4)
+    return false;
+
+  if (!::serialization::detail::serialize_tuple_element(ar, std::get<0>(p)))
+    return false;
+  if (!ar.good())
+    return false;
+  ar.delimit_array();
+  if (!::serialization::detail::serialize_tuple_element(ar, std::get<1>(p)))
+    return false;
+  if (!ar.good())
+    return false;
+  ar.delimit_array();
+  if (!::serialization::detail::serialize_tuple_element(ar, std::get<2>(p)))
+    return false;
+  if (!ar.good())
+    return false;
+  ar.delimit_array();
+  if (!::serialization::detail::serialize_tuple_element(ar, std::get<3>(p)))
+    return false;
+  if (!ar.good())
+    return false;
+
+  ar.end_array();
+  return true;
+}
+
+template <template <bool> class Archive, class E0, class E1, class E2, class E3>
+inline bool do_serialize(Archive<true>& ar, std::tuple<E0,E1,E2,E3>& p)
+{
+  ar.begin_array(4);
+  if (!ar.good())
+    return false;
+  if(!::serialization::detail::serialize_tuple_element(ar, std::get<0>(p)))
+    return false;
+  if (!ar.good())
+    return false;
+  ar.delimit_array();
+  if(!::serialization::detail::serialize_tuple_element(ar, std::get<1>(p)))
+    return false;
+  if (!ar.good())
+    return false;
+  ar.delimit_array();
+  if(!::serialization::detail::serialize_tuple_element(ar, std::get<2>(p)))
+    return false;
+  if (!ar.good())
+    return false;
+  ar.delimit_array();
+  if(!::serialization::detail::serialize_tuple_element(ar, std::get<3>(p)))
+    return false;
+  if (!ar.good())
+    return false;
+  ar.end_array();
+  return true;
+}
+
diff --git a/src/simplewallet/simplewallet.cpp b/src/simplewallet/simplewallet.cpp
index a8f4e5a07..9b63ceca6 100644
--- a/src/simplewallet/simplewallet.cpp
+++ b/src/simplewallet/simplewallet.cpp
@@ -7912,8 +7912,10 @@ bool simple_wallet::accept_loaded_tx(const std::function<size_t()> get_num_txes,
 bool simple_wallet::accept_loaded_tx(const tools::wallet2::unsigned_tx_set &txs)
 {
   std::string extra_message;
-  if (!txs.transfers.second.empty())
-    extra_message = (boost::format("%u outputs to import. ") % (unsigned)txs.transfers.second.size()).str();
+  if (!std::get<2>(txs.new_transfers).empty())
+    extra_message = (boost::format("%u outputs to import. ") % (unsigned)std::get<2>(txs.new_transfers).size()).str();
+  else if (!std::get<2>(txs.transfers).empty())
+    extra_message = (boost::format("%u outputs to import. ") % (unsigned)std::get<2>(txs.transfers).size()).str();
   return accept_loaded_tx([&txs](){return txs.txes.size();}, [&txs](size_t n)->const tools::wallet2::tx_construction_data&{return txs.txes[n];}, extra_message);
 }
 //----------------------------------------------------------------------------------------------------
diff --git a/src/wallet/api/wallet.cpp b/src/wallet/api/wallet.cpp
index 1ee2e20b6..807dba33b 100644
--- a/src/wallet/api/wallet.cpp
+++ b/src/wallet/api/wallet.cpp
@@ -1146,8 +1146,8 @@ UnsignedTransaction *WalletImpl::loadUnsignedTx(const std::string &unsigned_file
   
   // Check tx data and construct confirmation message
   std::string extra_message;
-  if (!transaction->m_unsigned_tx_set.transfers.second.empty())
-    extra_message = (boost::format("%u outputs to import. ") % (unsigned)transaction->m_unsigned_tx_set.transfers.second.size()).str();
+  if (!std::get<2>(transaction->m_unsigned_tx_set.transfers).empty())
+    extra_message = (boost::format("%u outputs to import. ") % (unsigned)std::get<2>(transaction->m_unsigned_tx_set.transfers).size()).str();
   transaction->checkLoadedTx([&transaction](){return transaction->m_unsigned_tx_set.txes.size();}, [&transaction](size_t n)->const tools::wallet2::tx_construction_data&{return transaction->m_unsigned_tx_set.txes[n];}, extra_message);
   setStatus(transaction->status(), transaction->errorString());
     
diff --git a/src/wallet/wallet2.cpp b/src/wallet/wallet2.cpp
index 536460396..05d86a817 100644
--- a/src/wallet/wallet2.cpp
+++ b/src/wallet/wallet2.cpp
@@ -6604,9 +6604,9 @@ bool wallet2::sign_tx(const std::string &unsigned_filename, const std::string &s
 //----------------------------------------------------------------------------------------------------
 bool wallet2::sign_tx(unsigned_tx_set &exported_txs, std::vector<wallet2::pending_tx> &txs, signed_tx_set &signed_txes)
 {
-  if (!exported_txs.new_transfers.second.empty())
+  if (!std::get<2>(exported_txs.new_transfers).empty())
     import_outputs(exported_txs.new_transfers);
-  else if (!exported_txs.transfers.second.empty())
+  else if (!std::get<2>(exported_txs.transfers).empty())
     import_outputs(exported_txs.transfers);
 
   // sign the transactions
@@ -10800,7 +10800,7 @@ void wallet2::cold_sign_tx(const std::vector<pending_tx>& ptx_vector, signed_tx_
   {
     txs.txes.push_back(get_construction_data_with_decrypted_short_payment_id(tx, m_account.get_device()));
   }
-  txs.transfers = std::make_pair(0, m_transfers);
+  txs.transfers = std::make_tuple(0, m_transfers.size(), m_transfers);
 
   auto dev_cold = dynamic_cast<::hw::device_cold*>(&hwdev);
   CHECK_AND_ASSERT_THROW_MES(dev_cold, "Device does not implement cold signing interface");
@@ -13103,18 +13103,29 @@ void wallet2::import_blockchain(const std::tuple<size_t, crypto::hash, std::vect
   m_last_block_reward = cryptonote::get_outs_money_amount(genesis.miner_tx);
 }
 //----------------------------------------------------------------------------------------------------
-std::pair<uint64_t, std::vector<tools::wallet2::exported_transfer_details>> wallet2::export_outputs(bool all) const
+std::tuple<uint64_t, uint64_t, std::vector<tools::wallet2::exported_transfer_details>> wallet2::export_outputs(bool all, uint32_t start, uint32_t count) const
 {
   PERF_TIMER(export_outputs);
   std::vector<tools::wallet2::exported_transfer_details> outs;
 
+  // invalid cases
+  THROW_WALLET_EXCEPTION_IF(count == 0, error::wallet_internal_error, "Nothing requested");
+  THROW_WALLET_EXCEPTION_IF(!all && start > 0, error::wallet_internal_error, "Incremental mode is incompatible with non-zero start");
+
+  // valid cases:
+  // all: all outputs, subject to start/count
+  // !all: incremental, subject to count
+  // for convenience, start/count are allowed to go past the valid range, then nothing is returned
+
   size_t offset = 0;
   if (!all)
     while (offset < m_transfers.size() && (m_transfers[offset].m_key_image_known && !m_transfers[offset].m_key_image_request))
       ++offset;
+  else
+    offset = start;
 
   outs.reserve(m_transfers.size() - offset);
-  for (size_t n = offset; n < m_transfers.size(); ++n)
+  for (size_t n = offset; n < m_transfers.size() && n - offset < count; ++n)
   {
     const transfer_details &td = m_transfers[n];
 
@@ -13138,16 +13149,16 @@ std::pair<uint64_t, std::vector<tools::wallet2::exported_transfer_details>> wall
     outs.push_back(etd);
   }
 
-  return std::make_pair(offset, outs);
+  return std::make_tuple(offset, m_transfers.size(), outs);
 }
 //----------------------------------------------------------------------------------------------------
-std::string wallet2::export_outputs_to_str(bool all) const
+std::string wallet2::export_outputs_to_str(bool all, uint32_t start, uint32_t count) const
 {
   PERF_TIMER(export_outputs_to_str);
 
   std::stringstream oss;
   binary_archive<true> ar(oss);
-  auto outputs = export_outputs(all);
+  auto outputs = export_outputs(all, start, count);
   THROW_WALLET_EXCEPTION_IF(!::serialization::serialize(ar, outputs), error::wallet_internal_error, "Failed to serialize output data");
 
   std::string magic(OUTPUT_EXPORT_FILE_MAGIC, strlen(OUTPUT_EXPORT_FILE_MAGIC));
@@ -13160,23 +13171,34 @@ std::string wallet2::export_outputs_to_str(bool all) const
   return magic + ciphertext;
 }
 //----------------------------------------------------------------------------------------------------
-size_t wallet2::import_outputs(const std::pair<uint64_t, std::vector<tools::wallet2::transfer_details>> &outputs)
+size_t wallet2::import_outputs(const std::tuple<uint64_t, uint64_t, std::vector<tools::wallet2::transfer_details>> &outputs)
 {
   PERF_TIMER(import_outputs);
 
   THROW_WALLET_EXCEPTION_IF(!m_offline, error::wallet_internal_error, "Hot wallets cannot import outputs");
 
-  THROW_WALLET_EXCEPTION_IF(outputs.first > m_transfers.size(), error::wallet_internal_error,
+  // we can now import piecemeal
+  const size_t offset = std::get<0>(outputs);
+  const size_t num_outputs = std::get<1>(outputs);
+  const std::vector<tools::wallet2::transfer_details> &output_array = std::get<2>(outputs);
+
+  THROW_WALLET_EXCEPTION_IF(offset > m_transfers.size(), error::wallet_internal_error,
       "Imported outputs omit more outputs that we know of");
 
-  const size_t offset = outputs.first;
+  THROW_WALLET_EXCEPTION_IF(offset >= num_outputs, error::wallet_internal_error,
+      "Offset is larger than total outputs");
+  THROW_WALLET_EXCEPTION_IF(output_array.size() > num_outputs - offset, error::wallet_internal_error,
+      "Offset is larger than total outputs");
+
   const size_t original_size = m_transfers.size();
-  m_transfers.resize(offset + outputs.second.size());
-  for (size_t i = 0; i < offset; ++i)
-    m_transfers[i].m_key_image_request = false;
-  for (size_t i = 0; i < outputs.second.size(); ++i)
+  if (offset + output_array.size() > m_transfers.size())
+    m_transfers.resize(offset + output_array.size());
+  else if (num_outputs < m_transfers.size())
+    m_transfers.resize(num_outputs);
+
+  for (size_t i = 0; i < output_array.size(); ++i)
   {
-    transfer_details td = outputs.second[i];
+    transfer_details td = output_array[i];
 
     // skip those we've already imported, or which have different data
     if (i + offset < original_size)
@@ -13228,23 +13250,34 @@ process:
   return m_transfers.size();
 }
 //----------------------------------------------------------------------------------------------------
-size_t wallet2::import_outputs(const std::pair<uint64_t, std::vector<tools::wallet2::exported_transfer_details>> &outputs)
+size_t wallet2::import_outputs(const std::tuple<uint64_t, uint64_t, std::vector<tools::wallet2::exported_transfer_details>> &outputs)
 {
   PERF_TIMER(import_outputs);
 
   THROW_WALLET_EXCEPTION_IF(!m_offline, error::wallet_internal_error, "Hot wallets cannot import outputs");
 
-  THROW_WALLET_EXCEPTION_IF(outputs.first > m_transfers.size(), error::wallet_internal_error,
+  // we can now import piecemeal
+  const size_t offset = std::get<0>(outputs);
+  const size_t num_outputs = std::get<1>(outputs);
+  const std::vector<tools::wallet2::exported_transfer_details> &output_array = std::get<2>(outputs);
+
+  THROW_WALLET_EXCEPTION_IF(offset > m_transfers.size(), error::wallet_internal_error,
       "Imported outputs omit more outputs that we know of. Try using export_outputs all.");
 
-  const size_t offset = outputs.first;
+  THROW_WALLET_EXCEPTION_IF(offset >= num_outputs, error::wallet_internal_error,
+      "Offset is larger than total outputs");
+  THROW_WALLET_EXCEPTION_IF(output_array.size() > num_outputs - offset, error::wallet_internal_error,
+      "Offset is larger than total outputs");
+
   const size_t original_size = m_transfers.size();
-  m_transfers.resize(offset + outputs.second.size());
-  for (size_t i = 0; i < offset; ++i)
-    m_transfers[i].m_key_image_request = false;
-  for (size_t i = 0; i < outputs.second.size(); ++i)
+  if (offset + output_array.size() > m_transfers.size())
+    m_transfers.resize(offset + output_array.size());
+  else if (num_outputs < m_transfers.size())
+    m_transfers.resize(num_outputs);
+
+  for (size_t i = 0; i < output_array.size(); ++i)
   {
-    exported_transfer_details etd = outputs.second[i];
+    exported_transfer_details etd = output_array[i];
     transfer_details &td = m_transfers[i + offset];
 
     // setup td with "cheap" loaded data
@@ -13358,7 +13391,7 @@ size_t wallet2::import_outputs_from_str(const std::string &outputs_st)
   {
     std::string body(data, headerlen);
 
-    std::pair<uint64_t, std::vector<tools::wallet2::exported_transfer_details>> new_outputs;
+    std::tuple<uint64_t, uint64_t, std::vector<tools::wallet2::exported_transfer_details>> new_outputs;
     try
     {
       binary_archive<false> ar{epee::strspan<std::uint8_t>(body)};
@@ -13368,9 +13401,9 @@ size_t wallet2::import_outputs_from_str(const std::string &outputs_st)
     }
     catch (...) {}
     if (!loaded)
-      new_outputs.second.clear();
+      std::get<2>(new_outputs).clear();
 
-    std::pair<uint64_t, std::vector<tools::wallet2::transfer_details>> outputs;
+    std::tuple<uint64_t, uint64_t, std::vector<tools::wallet2::transfer_details>> outputs;
     if (!loaded) try
     {
       binary_archive<false> ar{epee::strspan<std::uint8_t>(body)};
@@ -13395,11 +13428,12 @@ size_t wallet2::import_outputs_from_str(const std::string &outputs_st)
 
     if (!loaded)
     {
-      outputs.first = 0;
-      outputs.second = {};
+      std::get<0>(outputs) = 0;
+      std::get<1>(outputs) = 0;
+      std::get<2>(outputs) = {};
     }
 
-    imported_outputs = !new_outputs.second.empty() ? import_outputs(new_outputs) : !outputs.second.empty() ? import_outputs(outputs) : 0;
+    imported_outputs = !std::get<2>(new_outputs).empty() ? import_outputs(new_outputs) : !std::get<2>(outputs).empty() ? import_outputs(outputs) : 0;
   }
   catch (const std::exception &e)
   {
diff --git a/src/wallet/wallet2.h b/src/wallet/wallet2.h
index 06d4e636e..e684505f6 100644
--- a/src/wallet/wallet2.h
+++ b/src/wallet/wallet2.h
@@ -63,6 +63,7 @@
 #include "serialization/crypto.h"
 #include "serialization/string.h"
 #include "serialization/pair.h"
+#include "serialization/tuple.h"
 #include "serialization/containers.h"
 
 #include "wallet_errors.h"
@@ -673,16 +674,32 @@ private:
     struct unsigned_tx_set
     {
       std::vector<tx_construction_data> txes;
-      std::pair<size_t, wallet2::transfer_container> transfers;
-      std::pair<size_t, std::vector<wallet2::exported_transfer_details>> new_transfers;
+      std::tuple<uint64_t, uint64_t, wallet2::transfer_container> transfers;
+      std::tuple<uint64_t, uint64_t, std::vector<wallet2::exported_transfer_details>> new_transfers;
 
       BEGIN_SERIALIZE_OBJECT()
-        VERSION_FIELD(1)
+        VERSION_FIELD(2)
         FIELD(txes)
-        if (version >= 1)
-          FIELD(new_transfers)
-        else
-          FIELD(transfers)
+        if (version == 0)
+        {
+          std::pair<size_t, wallet2::transfer_container> v0_transfers;
+          FIELD(v0_transfers);
+          std::get<0>(transfers) = std::get<0>(v0_transfers);
+          std::get<1>(transfers) = std::get<0>(v0_transfers) + std::get<1>(v0_transfers).size();
+          std::get<2>(transfers) = std::get<1>(v0_transfers);
+          return true;
+        }
+        if (version == 1)
+        {
+          std::pair<size_t, std::vector<wallet2::exported_transfer_details>> v1_transfers;
+          FIELD(v1_transfers);
+          std::get<0>(new_transfers) = std::get<0>(v1_transfers);
+          std::get<1>(new_transfers) = std::get<0>(v1_transfers) + std::get<1>(v1_transfers).size();
+          std::get<2>(new_transfers) = std::get<1>(v1_transfers);
+          return true;
+        }
+
+        FIELD(new_transfers)
       END_SERIALIZE()
     };
 
@@ -1453,10 +1470,10 @@ private:
     bool verify_with_public_key(const std::string &data, const crypto::public_key &public_key, const std::string &signature) const;
 
     // Import/Export wallet data
-    std::pair<uint64_t, std::vector<tools::wallet2::exported_transfer_details>> export_outputs(bool all = false) const;
-    std::string export_outputs_to_str(bool all = false) const;
-    size_t import_outputs(const std::pair<uint64_t, std::vector<tools::wallet2::exported_transfer_details>> &outputs);
-    size_t import_outputs(const std::pair<uint64_t, std::vector<tools::wallet2::transfer_details>> &outputs);
+    std::tuple<uint64_t, uint64_t, std::vector<tools::wallet2::exported_transfer_details>> export_outputs(bool all = false, uint32_t start = 0, uint32_t count = 0xffffffff) const;
+    std::string export_outputs_to_str(bool all = false, uint32_t start = 0, uint32_t count = 0) const;
+    size_t import_outputs(const std::tuple<uint64_t, uint64_t, std::vector<tools::wallet2::exported_transfer_details>> &outputs);
+    size_t import_outputs(const std::tuple<uint64_t, uint64_t, std::vector<tools::wallet2::transfer_details>> &outputs);
     size_t import_outputs_from_str(const std::string &outputs_st);
     payment_container export_payments() const;
     void import_payments(const payment_container &payments);
@@ -1904,7 +1921,7 @@ BOOST_CLASS_VERSION(tools::wallet2::unconfirmed_transfer_details, 8)
 BOOST_CLASS_VERSION(tools::wallet2::confirmed_transfer_details, 6)
 BOOST_CLASS_VERSION(tools::wallet2::address_book_row, 18)
 BOOST_CLASS_VERSION(tools::wallet2::reserve_proof_entry, 0)
-BOOST_CLASS_VERSION(tools::wallet2::unsigned_tx_set, 0)
+BOOST_CLASS_VERSION(tools::wallet2::unsigned_tx_set, 1)
 BOOST_CLASS_VERSION(tools::wallet2::signed_tx_set, 1)
 BOOST_CLASS_VERSION(tools::wallet2::tx_construction_data, 4)
 BOOST_CLASS_VERSION(tools::wallet2::pending_tx, 3)
@@ -1914,6 +1931,17 @@ namespace boost
 {
   namespace serialization
   {
+    template<class Archive, class F, class S, class T>
+    inline void serialize(
+        Archive & ar,
+        std::tuple<F, S, T> & t,
+        const unsigned int /* file_version */
+    ){
+        ar & boost::serialization::make_nvp("f", std::get<0>(t));
+        ar & boost::serialization::make_nvp("s", std::get<1>(t));
+        ar & boost::serialization::make_nvp("t", std::get<2>(t));
+    }
+
     template <class Archive>
     inline typename std::enable_if<!Archive::is_loading::value, void>::type initialize_transfer_details(Archive &a, tools::wallet2::transfer_details &x, const boost::serialization::version_type ver)
     {
@@ -2274,7 +2302,17 @@ namespace boost
     inline void serialize(Archive &a, tools::wallet2::unsigned_tx_set &x, const boost::serialization::version_type ver)
     {
       a & x.txes;
-      a & x.transfers;
+      if (ver == 0)
+      {
+        // load old version
+        std::pair<size_t, tools::wallet2::transfer_container> old_transfers;
+        a & old_transfers;
+        std::get<0>(x.transfers) = std::get<0>(old_transfers);
+        std::get<1>(x.transfers) = std::get<0>(old_transfers) + std::get<1>(old_transfers).size();
+        std::get<2>(x.transfers) = std::get<1>(old_transfers);
+        return;
+      }
+      throw std::runtime_error("Boost serialization not supported for newest unsigned_tx_set");
     }
 
     template <class Archive>
diff --git a/src/wallet/wallet_rpc_server.cpp b/src/wallet/wallet_rpc_server.cpp
index 7ec5fc7a1..1f0a1371f 100644
--- a/src/wallet/wallet_rpc_server.cpp
+++ b/src/wallet/wallet_rpc_server.cpp
@@ -2792,7 +2792,7 @@ namespace tools
 
     try
     {
-      res.outputs_data_hex = epee::string_tools::buff_to_hex_nodelimer(m_wallet->export_outputs_to_str(req.all));
+      res.outputs_data_hex = epee::string_tools::buff_to_hex_nodelimer(m_wallet->export_outputs_to_str(req.all, req.start, req.count));
     }
     catch (const std::exception &e)
     {
diff --git a/src/wallet/wallet_rpc_server_commands_defs.h b/src/wallet/wallet_rpc_server_commands_defs.h
index ecfc8e673..2cca323ee 100644
--- a/src/wallet/wallet_rpc_server_commands_defs.h
+++ b/src/wallet/wallet_rpc_server_commands_defs.h
@@ -1785,9 +1785,13 @@ namespace wallet_rpc
     struct request_t
     {
       bool all;
+      uint32_t start;
+      uint32_t count;
 
       BEGIN_KV_SERIALIZE_MAP()
         KV_SERIALIZE(all)
+        KV_SERIALIZE_OPT(start, 0u)
+        KV_SERIALIZE_OPT(count, 0xffffffffu)
       END_KV_SERIALIZE_MAP()
     };
     typedef epee::misc_utils::struct_init<request_t> request;
diff --git a/tests/data/fuzz/cold-outputs/out-all-6 b/tests/data/fuzz/cold-outputs/out-all-6
index d24fc604fcd60c165c97f8ada6adf83760531771..8016928e33859de0586aed61dd692a29cc4231b0 100644
GIT binary patch
literal 394
zcmV;50d@XOZ*FCBZy;}VbZ~WaAZ2)PZ*p`5@uS6+`$_n_D2bo7^~j>UKXs>5>r>|c
z{1y5aC+vN~h!UfDKUS%^_9YEF=_<fc9VpUn8;gU%*|tX0WW!h5S79qK<TJ+{Hr+gq
z(IKs11T!~)n`Jbwk&u~E8LZ8#NZZFI13BtvDBt9>Er(2{92B>g5B}5!eEN<_x&aTF
z%AB(9gNn4HY*EYQ`-lI}4uu3O5?v<E<zo;_ybxT&aN(Hg@a8WF3(+G69UfJ?IOkNE
zuJiTUWj=l~-6Th+{}+MdP1l(n1X!Bk#dv`;NzHC6k}Wdr3m91_&{Qw-uGkEsU3HeC
zeXdsU-G5|-8DSter&OtqM_0uyXToQPjgPTbGIzh|=PqyPdm57GgLl=+B{!1r!Tksj
zm`QbHULW%MT?ruzV({a_(?JKy%_$|=db|^e%^re}I?Nap!h@LUS|1gc`x8~a{69?l
ogiS(?14J))$j~zO4{PkxXGai!MGL#Fg=h2G<bM%oJ5kwZ16AO`4gdfE

literal 2607
zcmZQ#U}I!}07hHJ|BP%63vLH6nVY1t)lKHT)^uT~-sd}VQeLXs0Tps@bIh*&zIy0O
zvQ5K^YdhJQsx4&VBpcMEHPgQOy7rov&UN{7WXUnvBX{=o7P-c}(QW8hv-ms{)3$}`
zZ#M4ke{x7d_>bw8hY5XON*6!1`MZK|lPEvi?E~u?CY-u-jE`wem-L%uN=YlE8?7sH
zR@~*~U7GXw(>rfFor^jO4R3bbZFtbza`!YNlb5Q=u47X#$!c1a)U`@`wl#zobVZl=
zn{!3kchtQQQEWJH>T}CtCZ@Gdue-;-Idisb%Dm)!U6*yfj+3%F1l{gb+iBjq#4^)Z
zk#W9?P13#p64pokHuAI`JFd&_dh`;r)L-AnnS~299357-dMbN#eET~~>RM`B=SI^*
zORIB=l>|R5<$BR^NZdBD2O4fzsKi_0vlrCuuQrakwU=|EL2Xy>9LuYb=|5!*Rq`cD
z&(4AcITo!Dp$lSMU<P)DFwxN%BQeHc0f!mx{k!+~tdh&JHkxz6I8vuF>_*P)mv5LB
zxxek`pLu@yDl^<Vp=M1nEgy|B>gO>g%&3Bj{Fa})uX^jPg=wt$H#eLWuF2JuYU#Qg
zYWsQGP45pJdWQ+d7)$mS5s+Ef6~aVE^B9SFj2UN)T}#Ul-emSZKKXRv6BQ%#PtW7;
za;Tq@;0xE@-fv|-^C2wAaT?GOlvOesV^pulSa1gT>2jtTr<Z9tOK*B+)eDC0Uv+gJ
zFMCm}-)xSAtm_L|+6l&3LGy)JHlXp?6~aVE^B9SFj1^~$9XmHK`k3)dDeirybB;<L
jn!BsDHX`oeMm?7t=C&{PFK@$w9H#*biu@!vamE+`>L|p)

diff --git a/tests/functional_tests/cold_signing.py b/tests/functional_tests/cold_signing.py
index 9f8143a8c..983cd9029 100755
--- a/tests/functional_tests/cold_signing.py
+++ b/tests/functional_tests/cold_signing.py
@@ -34,6 +34,7 @@
 from __future__ import print_function
 from framework.daemon import Daemon
 from framework.wallet import Wallet
+import random
 
 SEED = 'velvet lymph giddy number token physics poetry unquoted nibs useful sabotage limits benches lifestyle eden nitrogen anvil fewest avoid batch vials washing fences goat unquoted'
 STANDARD_ADDRESS = '42ey1afDFnn4886T7196doS9GPMzexD9gXpsZJDwVjeRVdFCSoHnv7KPbBeGpzJBzHRCAs9UxqeoyFQMYbqSWYTfJJQAWDm'
@@ -44,8 +45,10 @@ class ColdSigningTest():
         self.reset()
         self.create(0)
         self.mine()
-        self.transfer()
-        self.self_transfer_to_subaddress()
+        for piecemeal_output_export in [False, True]:
+            self.transfer(piecemeal_output_export)
+        for piecemeal_output_export in [False, True]:
+            self.self_transfer_to_subaddress(piecemeal_output_export)
         self.transfer_after_empty_export_import()
 
     def reset(self):
@@ -93,19 +96,42 @@ class ColdSigningTest():
         daemon.generateblocks(STANDARD_ADDRESS, 80)
         wallet.refresh()
 
-    def export_import(self):
+    def export_import(self, piecemeal_output_export):
         self.hot_wallet.refresh()
-        res = self.hot_wallet.export_outputs()
-        self.cold_wallet.import_outputs(res.outputs_data_hex)
+
+        if piecemeal_output_export:
+            res = self.hot_wallet.incoming_transfers()
+            num_outputs = len(res.transfers)
+            done = [False] * num_outputs
+            while len([x for x in done if not done[x]]) > 0:
+                start = int(random.random() * num_outputs)
+                if start == num_outputs:
+                    num_outputs -= 1
+                count = 1 + int(random.random() * 5)
+                res = self.hot_wallet.export_outputs(all = True, start = start, count = count)
+                try:
+                    self.cold_wallet.import_outputs(res.outputs_data_hex)
+                except Exception as e:
+                    # this just means we selected later outputs first, without filling
+                    # new outputs first
+                    if 'Imported outputs omit more outputs that we know of' not in str(e):
+                        raise
+                for i in range(start, start + count):
+                    if i < len(done):
+                        done[i] = True
+        else:
+            res = self.hot_wallet.export_outputs()
+            self.cold_wallet.import_outputs(res.outputs_data_hex)
+
         res = self.cold_wallet.export_key_images(True)
         self.hot_wallet.import_key_images(res.signed_key_images, offset = res.offset)
 
-    def create_tx(self, destination_addr):
+    def create_tx(self, destination_addr, piecemeal_output_export):
         daemon = Daemon()
 
         dst = {'address': destination_addr, 'amount': 1000000000000}
 
-        self.export_import()
+        self.export_import(piecemeal_output_export)
 
         res = self.hot_wallet.transfer([dst], ring_size = 16, get_tx_key = False)
         assert len(res.tx_hash) == 32*2
@@ -166,11 +192,11 @@ class ColdSigningTest():
         res = self.cold_wallet.get_tx_key(txid)
         assert len(res.tx_key) == 64
 
-        self.export_import()
+        self.export_import(piecemeal_output_export)
 
-    def transfer(self):
+    def transfer(self, piecemeal_output_export):
         print("Creating transaction in hot wallet")
-        self.create_tx(STANDARD_ADDRESS)
+        self.create_tx(STANDARD_ADDRESS, piecemeal_output_export)
 
         res = self.cold_wallet.get_address()
         assert len(res['addresses']) == 1
@@ -182,9 +208,9 @@ class ColdSigningTest():
         assert res['addresses'][0].address == STANDARD_ADDRESS
         assert res['addresses'][0].used
 
-    def self_transfer_to_subaddress(self):
+    def self_transfer_to_subaddress(self, piecemeal_output_export):
         print("Self-spending to subaddress in hot wallet")
-        self.create_tx(SUBADDRESS)
+        self.create_tx(SUBADDRESS, piecemeal_output_export)
 
         res = self.cold_wallet.get_address()
         assert len(res['addresses']) == 2
@@ -203,9 +229,9 @@ class ColdSigningTest():
     def transfer_after_empty_export_import(self):
         print("Creating transaction in hot wallet after empty export & import")
         start_len = len(self.hot_wallet.get_transfers()['in'])
-        self.export_import()
+        self.export_import(False)
         assert start_len == len(self.hot_wallet.get_transfers()['in'])
-        self.create_tx(STANDARD_ADDRESS)
+        self.create_tx(STANDARD_ADDRESS, False)
         assert start_len == len(self.hot_wallet.get_transfers()['in']) - 1
 
 class Guard:
diff --git a/tests/fuzz/cold-outputs.cpp b/tests/fuzz/cold-outputs.cpp
index a7e8a6530..fddd5359b 100644
--- a/tests/fuzz/cold-outputs.cpp
+++ b/tests/fuzz/cold-outputs.cpp
@@ -50,7 +50,7 @@ BEGIN_INIT_SIMPLE_FUZZER()
 END_INIT_SIMPLE_FUZZER()
 
 BEGIN_SIMPLE_FUZZER()
-  std::pair<uint64_t, std::vector<tools::wallet2::transfer_details>> outputs;
+  std::tuple<uint64_t, uint64_t, std::vector<tools::wallet2::transfer_details>> outputs;
   binary_archive<false> ar{{buf, len}};
   ::serialization::serialize(ar, outputs);
   size_t n_outputs = wallet->import_outputs(outputs);
diff --git a/utils/python-rpc/framework/wallet.py b/utils/python-rpc/framework/wallet.py
index 01e937627..f2618b0a8 100644
--- a/utils/python-rpc/framework/wallet.py
+++ b/utils/python-rpc/framework/wallet.py
@@ -763,10 +763,13 @@ class Wallet(object):
         }
         return self.rpc.send_json_rpc_request(get_languages)
 
-    def export_outputs(self):
+    def export_outputs(self, all = False, start = 0, count = 0xffffffff):
         export_outputs = {
             'method': 'export_outputs',
             'params': {
+                'all': all,
+                'start': start,
+                'count': count,
             },
             'jsonrpc': '2.0', 
             'id': '0'

From 1d3657afb5f53c7be0f839f8d449310b862b2006 Mon Sep 17 00:00:00 2001
From: moneromooo-monero <moneromooo-monero@users.noreply.github.com>
Date: Thu, 18 Aug 2022 07:14:45 +0000
Subject: [PATCH 6/7] wallet2: better test on whether to allow output import

Being offline is not a good enough heuristic, so we keep track
of whether the wallet ever refreshed from a daemon, which is a
lot better, and probably the best we can do without manual user
designation (which would break existing cold wallet setups till
the user designates those wallets)
---
 src/wallet/wallet2.cpp                 | 11 ++++++++---
 src/wallet/wallet2.h                   | 20 +++++++++++++++++---
 tests/functional_tests/cold_signing.py |  9 +++++++++
 3 files changed, 34 insertions(+), 6 deletions(-)

diff --git a/src/wallet/wallet2.cpp b/src/wallet/wallet2.cpp
index 05d86a817..8be4aabb4 100644
--- a/src/wallet/wallet2.cpp
+++ b/src/wallet/wallet2.cpp
@@ -1218,7 +1218,8 @@ wallet2::wallet2(network_type nettype, uint64_t kdf_rounds, bool unattended, std
   m_export_format(ExportFormat::Binary),
   m_load_deprecated_formats(false),
   m_credits_target(0),
-  m_enable_multisig(false)
+  m_enable_multisig(false),
+  m_has_ever_refreshed_from_node(false)
 {
   set_rpc_client_secret_key(rct::rct2sk(rct::skGen()));
 }
@@ -3535,6 +3536,8 @@ void wallet2::refresh(bool trusted_daemon, uint64_t start_height, uint64_t & blo
           throw std::runtime_error("proxy exception in refresh thread");
       }
 
+      m_has_ever_refreshed_from_node = true;
+
       if(!first && blocks_start_height == next_blocks_start_height)
       {
         m_node_rpc_proxy.set_height(m_blockchain.size());
@@ -13175,7 +13178,8 @@ size_t wallet2::import_outputs(const std::tuple<uint64_t, uint64_t, std::vector<
 {
   PERF_TIMER(import_outputs);
 
-  THROW_WALLET_EXCEPTION_IF(!m_offline, error::wallet_internal_error, "Hot wallets cannot import outputs");
+  THROW_WALLET_EXCEPTION_IF(m_has_ever_refreshed_from_node, error::wallet_internal_error,
+      "Hot wallets cannot import outputs");
 
   // we can now import piecemeal
   const size_t offset = std::get<0>(outputs);
@@ -13254,7 +13258,8 @@ size_t wallet2::import_outputs(const std::tuple<uint64_t, uint64_t, std::vector<
 {
   PERF_TIMER(import_outputs);
 
-  THROW_WALLET_EXCEPTION_IF(!m_offline, error::wallet_internal_error, "Hot wallets cannot import outputs");
+  THROW_WALLET_EXCEPTION_IF(m_has_ever_refreshed_from_node, error::wallet_internal_error,
+      "Hot wallets cannot import outputs");
 
   // we can now import piecemeal
   const size_t offset = std::get<0>(outputs);
diff --git a/src/wallet/wallet2.h b/src/wallet/wallet2.h
index e684505f6..1f84458a6 100644
--- a/src/wallet/wallet2.h
+++ b/src/wallet/wallet2.h
@@ -1229,11 +1229,17 @@ private:
       if(ver < 29)
         return;
       a & m_rpc_client_secret_key;
+      if(ver < 30)
+      {
+        m_has_ever_refreshed_from_node = false;
+        return;
+      }
+      a & m_has_ever_refreshed_from_node;
     }
 
     BEGIN_SERIALIZE_OBJECT()
       MAGIC_FIELD("monero wallet cache")
-      VERSION_FIELD(0)
+      VERSION_FIELD(1)
       FIELD(m_blockchain)
       FIELD(m_transfers)
       FIELD(m_account_public_address)
@@ -1259,6 +1265,12 @@ private:
       FIELD(m_device_last_key_image_sync)
       FIELD(m_cold_key_images)
       FIELD(m_rpc_client_secret_key)
+      if (version < 1)
+      {
+        m_has_ever_refreshed_from_node = false;
+        return true;
+      }
+      FIELD(m_has_ever_refreshed_from_node)
     END_SERIALIZE()
 
     /*!
@@ -1471,7 +1483,7 @@ private:
 
     // Import/Export wallet data
     std::tuple<uint64_t, uint64_t, std::vector<tools::wallet2::exported_transfer_details>> export_outputs(bool all = false, uint32_t start = 0, uint32_t count = 0xffffffff) const;
-    std::string export_outputs_to_str(bool all = false, uint32_t start = 0, uint32_t count = 0) const;
+    std::string export_outputs_to_str(bool all = false, uint32_t start = 0, uint32_t count = 0xffffffff) const;
     size_t import_outputs(const std::tuple<uint64_t, uint64_t, std::vector<tools::wallet2::exported_transfer_details>> &outputs);
     size_t import_outputs(const std::tuple<uint64_t, uint64_t, std::vector<tools::wallet2::transfer_details>> &outputs);
     size_t import_outputs_from_str(const std::string &outputs_st);
@@ -1906,11 +1918,13 @@ private:
     ExportFormat m_export_format;
     bool m_load_deprecated_formats;
 
+    bool m_has_ever_refreshed_from_node;
+
     static boost::mutex default_daemon_address_lock;
     static std::string default_daemon_address;
   };
 }
-BOOST_CLASS_VERSION(tools::wallet2, 29)
+BOOST_CLASS_VERSION(tools::wallet2, 30)
 BOOST_CLASS_VERSION(tools::wallet2::transfer_details, 12)
 BOOST_CLASS_VERSION(tools::wallet2::multisig_info, 1)
 BOOST_CLASS_VERSION(tools::wallet2::multisig_info::LR, 0)
diff --git a/tests/functional_tests/cold_signing.py b/tests/functional_tests/cold_signing.py
index 983cd9029..bd48671a2 100755
--- a/tests/functional_tests/cold_signing.py
+++ b/tests/functional_tests/cold_signing.py
@@ -109,6 +109,15 @@ class ColdSigningTest():
                     num_outputs -= 1
                 count = 1 + int(random.random() * 5)
                 res = self.hot_wallet.export_outputs(all = True, start = start, count = count)
+
+                # the hot wallet cannot import outputs
+                ok = False
+                try:
+                    self.hot_wallet.import_outputs(res.outputs_data_hex)
+                except:
+                    ok = True
+                assert ok
+
                 try:
                     self.cold_wallet.import_outputs(res.outputs_data_hex)
                 except Exception as e:

From e29b2e999737b76bbddd844858168a145916ebe0 Mon Sep 17 00:00:00 2001
From: moneromooo-monero <moneromooo-monero@users.noreply.github.com>
Date: Wed, 24 Aug 2022 13:52:36 +0000
Subject: [PATCH 7/7] wallet2: ensure imported outputs subaddresses are created

reported by j-berman
---
 src/wallet/wallet2.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/wallet/wallet2.cpp b/src/wallet/wallet2.cpp
index 8be4aabb4..5d218a83f 100644
--- a/src/wallet/wallet2.cpp
+++ b/src/wallet/wallet2.cpp
@@ -13236,6 +13236,8 @@ process:
     THROW_WALLET_EXCEPTION_IF(td.m_internal_output_index >= td.m_tx.vout.size(),
         error::wallet_internal_error, "Internal index is out of range");
     crypto::public_key out_key = td.get_public_key();
+    if (should_expand(td.m_subaddr_index))
+      create_one_off_subaddress(td.m_subaddr_index);
     bool r = cryptonote::generate_key_image_helper(m_account.get_keys(), m_subaddresses, out_key, tx_pub_key, additional_tx_pub_keys, td.m_internal_output_index, in_ephemeral, td.m_key_image, m_account.get_device());
     THROW_WALLET_EXCEPTION_IF(!r, error::wallet_internal_error, "Failed to generate key image");
     if (should_expand(td.m_subaddr_index))
@@ -13340,6 +13342,8 @@ size_t wallet2::import_outputs(const std::tuple<uint64_t, uint64_t, std::vector<
     const crypto::public_key &tx_pub_key = etd.m_tx_pubkey;
     const std::vector<crypto::public_key> &additional_tx_pub_keys = etd.m_additional_tx_keys;
     const crypto::public_key& out_key = etd.m_pubkey;
+    if (should_expand(td.m_subaddr_index))
+      create_one_off_subaddress(td.m_subaddr_index);
     bool r = cryptonote::generate_key_image_helper(m_account.get_keys(), m_subaddresses, out_key, tx_pub_key, additional_tx_pub_keys, td.m_internal_output_index, in_ephemeral, td.m_key_image, m_account.get_device());
     THROW_WALLET_EXCEPTION_IF(!r, error::wallet_internal_error, "Failed to generate key image");
     if (should_expand(td.m_subaddr_index))