From db74b181766790aca6993ed104b694c7f949504c Mon Sep 17 00:00:00 2001
From: fanquake <fanquake@gmail.com>
Date: Wed, 8 Nov 2023 14:10:18 +0000
Subject: [PATCH 1/3] Merge bitcoin/bitcoin#28815: fuzz: Avoid timeout and
 bloat in fuzz targets

fabb5046a7365af3079e6e45606d63576bc6ad12 fuzz: Avoid timeout and bloat in fuzz targets (MarcoFalke)

Pull request description:

  If the fuzz input contains invalid data *in a loop*, abort early. This will teach the fuzz engine to look for useful data and avoids bloating the fuzz input folder with useless (repeated) data.

ACKs for top commit:
  dergoegge:
    utACK fabb5046a7365af3079e6e45606d63576bc6ad12
  brunoerg:
    crACK fabb5046a7365af3079e6e45606d63576bc6ad12

Tree-SHA512: 26da100d7558ae6fdd5292fb146d8858b2af8f78c546ca2509b9d27b33a33e9462ecb6035de142f9f36dd5de32f8cbad099d6c7a697902d23e1bb621cd27dc88
---
 src/test/fuzz/bloom_filter.cpp     | 10 ++++++---
 src/test/fuzz/coins_view.cpp       | 23 ++++++++++++++-----
 src/test/fuzz/fuzz.h               |  5 +++++
 src/test/fuzz/policy_estimator.cpp | 12 +++++-----
 src/test/fuzz/rpc.cpp              | 36 +++++++++++++++++++-----------
 5 files changed, 59 insertions(+), 27 deletions(-)

diff --git a/src/test/fuzz/bloom_filter.cpp b/src/test/fuzz/bloom_filter.cpp
index 48f471f0a7bb..aba7869df6f3 100644
--- a/src/test/fuzz/bloom_filter.cpp
+++ b/src/test/fuzz/bloom_filter.cpp
@@ -10,21 +10,22 @@
 #include <uint256.h>
 
 #include <cassert>
-#include <cstdint>
+#include <limits>
 #include <optional>
-#include <string>
 #include <vector>
 
 FUZZ_TARGET(bloom_filter)
 {
     FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
+    bool good_data{true};
 
     CBloomFilter bloom_filter{
         fuzzed_data_provider.ConsumeIntegralInRange<unsigned int>(1, 10000000),
         1.0 / fuzzed_data_provider.ConsumeIntegralInRange<unsigned int>(1, std::numeric_limits<unsigned int>::max()),
         fuzzed_data_provider.ConsumeIntegral<unsigned int>(),
         static_cast<unsigned char>(fuzzed_data_provider.PickValueInArray({BLOOM_UPDATE_NONE, BLOOM_UPDATE_ALL, BLOOM_UPDATE_P2PUBKEY_ONLY, BLOOM_UPDATE_MASK}))};
-    LIMITED_WHILE(fuzzed_data_provider.remaining_bytes() > 0, 10000) {
+    LIMITED_WHILE(good_data && fuzzed_data_provider.remaining_bytes() > 0, 10'000)
+    {
         CallOneOf(
             fuzzed_data_provider,
             [&] {
@@ -37,6 +38,7 @@ FUZZ_TARGET(bloom_filter)
             [&] {
                 const std::optional<COutPoint> out_point = ConsumeDeserializable<COutPoint>(fuzzed_data_provider);
                 if (!out_point) {
+                    good_data = false;
                     return;
                 }
                 (void)bloom_filter.contains(*out_point);
@@ -47,6 +49,7 @@ FUZZ_TARGET(bloom_filter)
             [&] {
                 const std::optional<uint256> u256 = ConsumeDeserializable<uint256>(fuzzed_data_provider);
                 if (!u256) {
+                    good_data = false;
                     return;
                 }
                 (void)bloom_filter.contains(*u256);
@@ -57,6 +60,7 @@ FUZZ_TARGET(bloom_filter)
             [&] {
                 const std::optional<CMutableTransaction> mut_tx = ConsumeDeserializable<CMutableTransaction>(fuzzed_data_provider);
                 if (!mut_tx) {
+                    good_data = false;
                     return;
                 }
                 const CTransaction tx{*mut_tx};
diff --git a/src/test/fuzz/coins_view.cpp b/src/test/fuzz/coins_view.cpp
index b8f68fc76e42..5bf0eb521a5d 100644
--- a/src/test/fuzz/coins_view.cpp
+++ b/src/test/fuzz/coins_view.cpp
@@ -2,28 +2,30 @@
 // Distributed under the MIT software license, see the accompanying
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
-#include <chainparams.h>
 #include <chainparamsbase.h>
 #include <coins.h>
 #include <consensus/amount.h>
 #include <consensus/tx_check.h>
 #include <consensus/tx_verify.h>
 #include <consensus/validation.h>
-#include <key.h>
 #include <policy/policy.h>
 #include <primitives/transaction.h>
-#include <pubkey.h>
+#include <script/interpreter.h>
 #include <sync.h>
 #include <test/fuzz/FuzzedDataProvider.h>
 #include <test/fuzz/fuzz.h>
 #include <test/fuzz/util.h>
 #include <test/util/setup_common.h>
-#include <validation.h>
+#include <util/hasher.h>
 
+#include <cassert>
 #include <cstdint>
 #include <limits>
+#include <memory>
 #include <optional>
+#include <stdexcept>
 #include <string>
+#include <utility>
 #include <vector>
 
 namespace {
@@ -46,12 +48,15 @@ void initialize_coins_view()
 FUZZ_TARGET(coins_view, .init = initialize_coins_view)
 {
     FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};
+    bool good_data{true};
+
     CCoinsView backend_coins_view;
     CCoinsViewCache coins_view_cache{&backend_coins_view, /*deterministic=*/true};
     COutPoint random_out_point;
     Coin random_coin;
     CMutableTransaction random_mutable_transaction;
-    LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 10000) {
+    LIMITED_WHILE(good_data && fuzzed_data_provider.ConsumeBool(), 10'000)
+    {
         CallOneOf(
             fuzzed_data_provider,
             [&] {
@@ -97,6 +102,7 @@ FUZZ_TARGET(coins_view, .init = initialize_coins_view)
             [&] {
                 const std::optional<COutPoint> opt_out_point = ConsumeDeserializable<COutPoint>(fuzzed_data_provider);
                 if (!opt_out_point) {
+                    good_data = false;
                     return;
                 }
                 random_out_point = *opt_out_point;
@@ -104,6 +110,7 @@ FUZZ_TARGET(coins_view, .init = initialize_coins_view)
             [&] {
                 const std::optional<Coin> opt_coin = ConsumeDeserializable<Coin>(fuzzed_data_provider);
                 if (!opt_coin) {
+                    good_data = false;
                     return;
                 }
                 random_coin = *opt_coin;
@@ -111,6 +118,7 @@ FUZZ_TARGET(coins_view, .init = initialize_coins_view)
             [&] {
                 const std::optional<CMutableTransaction> opt_mutable_transaction = ConsumeDeserializable<CMutableTransaction>(fuzzed_data_provider);
                 if (!opt_mutable_transaction) {
+                    good_data = false;
                     return;
                 }
                 random_mutable_transaction = *opt_mutable_transaction;
@@ -118,7 +126,9 @@ FUZZ_TARGET(coins_view, .init = initialize_coins_view)
             [&] {
                 CCoinsMapMemoryResource resource;
                 CCoinsMap coins_map{0, SaltedOutpointHasher{/*deterministic=*/true}, CCoinsMap::key_equal{}, &resource};
-                LIMITED_WHILE (fuzzed_data_provider.ConsumeBool(), 10000) {
+
+                LIMITED_WHILE (good_data && fuzzed_data_provider.ConsumeBool(), 10'000)
+                {
                     CCoinsCacheEntry coins_cache_entry;
                     coins_cache_entry.flags = fuzzed_data_provider.ConsumeIntegral<unsigned char>();
                     if (fuzzed_data_provider.ConsumeBool()) {
@@ -126,6 +136,7 @@ FUZZ_TARGET(coins_view, .init = initialize_coins_view)
                     } else {
                         const std::optional<Coin> opt_coin = ConsumeDeserializable<Coin>(fuzzed_data_provider);
                         if (!opt_coin) {
+                            good_data = false;
                             return;
                         }
                         coins_cache_entry.coin = *opt_coin;
diff --git a/src/test/fuzz/fuzz.h b/src/test/fuzz/fuzz.h
index bc1805a05053..6f16177af3a4 100644
--- a/src/test/fuzz/fuzz.h
+++ b/src/test/fuzz/fuzz.h
@@ -14,6 +14,11 @@
 /**
  * Can be used to limit a theoretically unbounded loop. This caps the runtime
  * to avoid timeouts or OOMs.
+ *
+ * This can be used in combination with a check in the condition to confirm
+ * whether the fuzz engine provided "good" data. If the fuzz input contains
+ * invalid data, the loop aborts early. This will teach the fuzz engine to look
+ * for useful data and avoids bloating the fuzz input folder with useless data.
  */
 #define LIMITED_WHILE(condition, limit) \
     for (unsigned _count{limit}; (condition) && _count; --_count)
diff --git a/src/test/fuzz/policy_estimator.cpp b/src/test/fuzz/policy_estimator.cpp
index 3d3d41db0349..80a00b169189 100644
--- a/src/test/fuzz/policy_estimator.cpp
+++ b/src/test/fuzz/policy_estimator.cpp
@@ -4,15 +4,13 @@
 
 #include <policy/fees.h>
 #include <primitives/transaction.h>
+#include <streams.h>
 #include <test/fuzz/FuzzedDataProvider.h>
 #include <test/fuzz/fuzz.h>
 #include <test/fuzz/util.h>
 #include <test/util/setup_common.h>
-#include <txmempool.h>
 
-#include <cstdint>
 #include <optional>
-#include <string>
 #include <vector>
 
 void initialize_policy_estimator()
@@ -23,13 +21,15 @@ void initialize_policy_estimator()
 FUZZ_TARGET(policy_estimator, .init = initialize_policy_estimator)
 {
     FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
+    bool good_data{true};
     CBlockPolicyEstimator block_policy_estimator;
-    LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 10000) {
+    LIMITED_WHILE(good_data && fuzzed_data_provider.ConsumeBool(), 10'000) {
         CallOneOf(
             fuzzed_data_provider,
             [&] {
                 const std::optional<CMutableTransaction> mtx = ConsumeDeserializable<CMutableTransaction>(fuzzed_data_provider);
                 if (!mtx) {
+                    good_data = false;
                     return;
                 }
                 const CTransaction tx{*mtx};
@@ -40,9 +40,11 @@ FUZZ_TARGET(policy_estimator, .init = initialize_policy_estimator)
             },
             [&] {
                 std::vector<CTxMemPoolEntry> mempool_entries;
-                LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 10000) {
+                LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 10000)
+                {
                     const std::optional<CMutableTransaction> mtx = ConsumeDeserializable<CMutableTransaction>(fuzzed_data_provider);
                     if (!mtx) {
+                        good_data = false;
                         break;
                     }
                     const CTransaction tx{*mtx};
diff --git a/src/test/fuzz/rpc.cpp b/src/test/fuzz/rpc.cpp
index b95b93425e8e..9555577dc63d 100644
--- a/src/test/fuzz/rpc.cpp
+++ b/src/test/fuzz/rpc.cpp
@@ -3,18 +3,14 @@
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
 #include <base58.h>
-#include <core_io.h>
 #include <key.h>
 #include <key_io.h>
-#include <node/context.h>
 #include <primitives/block.h>
 #include <primitives/transaction.h>
 #include <psbt.h>
-#include <rpc/blockchain.h>
 #include <rpc/client.h>
 #include <rpc/request.h>
 #include <rpc/server.h>
-#include <rpc/util.h>
 #include <span.h>
 #include <streams.h>
 #include <test/fuzz/FuzzedDataProvider.h>
@@ -22,18 +18,23 @@
 #include <test/fuzz/util.h>
 #include <test/util/setup_common.h>
 #include <tinyformat.h>
+#include <uint256.h>
 #include <univalue.h>
 #include <util/strencodings.h>
 #include <util/string.h>
 #include <util/time.h>
 
+#include <algorithm>
+#include <cassert>
 #include <cstdint>
+#include <cstdlib>
+#include <exception>
 #include <iostream>
 #include <memory>
 #include <optional>
 #include <stdexcept>
-#include <string>
 #include <vector>
+enum class ChainType;
 
 namespace {
 struct RPCFuzzTestingSetup : public TestingSetup {
@@ -173,7 +174,7 @@ const std::vector<std::string> RPC_COMMANDS_SAFE_FOR_FUZZING{
     "waitfornewblock",
 };
 
-std::string ConsumeScalarRPCArgument(FuzzedDataProvider& fuzzed_data_provider)
+std::string ConsumeScalarRPCArgument(FuzzedDataProvider& fuzzed_data_provider, bool& good_data)
 {
     const size_t max_string_length = 4096;
     const size_t max_base58_bytes_length{64};
@@ -240,6 +241,7 @@ std::string ConsumeScalarRPCArgument(FuzzedDataProvider& fuzzed_data_provider)
             // hex encoded block
             std::optional<CBlock> opt_block = ConsumeDeserializable<CBlock>(fuzzed_data_provider);
             if (!opt_block) {
+                good_data = false;
                 return;
             }
             CDataStream data_stream{SER_NETWORK, PROTOCOL_VERSION};
@@ -250,6 +252,7 @@ std::string ConsumeScalarRPCArgument(FuzzedDataProvider& fuzzed_data_provider)
             // hex encoded block header
             std::optional<CBlockHeader> opt_block_header = ConsumeDeserializable<CBlockHeader>(fuzzed_data_provider);
             if (!opt_block_header) {
+                good_data = false;
                 return;
             }
             CDataStream data_stream{SER_NETWORK, PROTOCOL_VERSION};
@@ -260,6 +263,7 @@ std::string ConsumeScalarRPCArgument(FuzzedDataProvider& fuzzed_data_provider)
             // hex encoded tx
             std::optional<CMutableTransaction> opt_tx = ConsumeDeserializable<CMutableTransaction>(fuzzed_data_provider);
             if (!opt_tx) {
+                good_data = false;
                 return;
             }
             CDataStream data_stream{SER_NETWORK, PROTOCOL_VERSION};
@@ -270,6 +274,7 @@ std::string ConsumeScalarRPCArgument(FuzzedDataProvider& fuzzed_data_provider)
             // base64 encoded psbt
             std::optional<PartiallySignedTransaction> opt_psbt = ConsumeDeserializable<PartiallySignedTransaction>(fuzzed_data_provider);
             if (!opt_psbt) {
+                good_data = false;
                 return;
             }
             CDataStream data_stream{SER_NETWORK, PROTOCOL_VERSION};
@@ -280,6 +285,7 @@ std::string ConsumeScalarRPCArgument(FuzzedDataProvider& fuzzed_data_provider)
             // base58 encoded key
             CKey key = ConsumePrivateKey(fuzzed_data_provider);
             if (!key.IsValid()) {
+                good_data = false;
                 return;
             }
             r = EncodeSecret(key);
@@ -288,6 +294,7 @@ std::string ConsumeScalarRPCArgument(FuzzedDataProvider& fuzzed_data_provider)
             // hex encoded pubkey
             CKey key = ConsumePrivateKey(fuzzed_data_provider);
             if (!key.IsValid()) {
+                good_data = false;
                 return;
             }
             r = HexStr(key.GetPubKey());
@@ -295,18 +302,19 @@ std::string ConsumeScalarRPCArgument(FuzzedDataProvider& fuzzed_data_provider)
     return r;
 }
 
-std::string ConsumeArrayRPCArgument(FuzzedDataProvider& fuzzed_data_provider)
+std::string ConsumeArrayRPCArgument(FuzzedDataProvider& fuzzed_data_provider, bool& good_data)
 {
     std::vector<std::string> scalar_arguments;
-    LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 100) {
-        scalar_arguments.push_back(ConsumeScalarRPCArgument(fuzzed_data_provider));
+    LIMITED_WHILE(good_data && fuzzed_data_provider.ConsumeBool(), 100)
+    {
+        scalar_arguments.push_back(ConsumeScalarRPCArgument(fuzzed_data_provider, good_data));
     }
     return "[\"" + Join(scalar_arguments, "\",\"") + "\"]";
 }
 
-std::string ConsumeRPCArgument(FuzzedDataProvider& fuzzed_data_provider)
+std::string ConsumeRPCArgument(FuzzedDataProvider& fuzzed_data_provider, bool& good_data)
 {
-    return fuzzed_data_provider.ConsumeBool() ? ConsumeScalarRPCArgument(fuzzed_data_provider) : ConsumeArrayRPCArgument(fuzzed_data_provider);
+    return fuzzed_data_provider.ConsumeBool() ? ConsumeScalarRPCArgument(fuzzed_data_provider, good_data) : ConsumeArrayRPCArgument(fuzzed_data_provider, good_data);
 }
 
 RPCFuzzTestingSetup* InitializeRPCFuzzTestingSetup()
@@ -342,6 +350,7 @@ void initialize_rpc()
 FUZZ_TARGET(rpc, .init = initialize_rpc)
 {
     FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};
+    bool good_data{true};
     SetMockTime(ConsumeTime(fuzzed_data_provider));
     const std::string rpc_command = fuzzed_data_provider.ConsumeRandomLengthString(64);
     if (!g_limit_to_rpc_command.empty() && rpc_command != g_limit_to_rpc_command) {
@@ -352,8 +361,9 @@ FUZZ_TARGET(rpc, .init = initialize_rpc)
         return;
     }
     std::vector<std::string> arguments;
-    LIMITED_WHILE(fuzzed_data_provider.ConsumeBool(), 100) {
-        arguments.push_back(ConsumeRPCArgument(fuzzed_data_provider));
+    LIMITED_WHILE(good_data && fuzzed_data_provider.ConsumeBool(), 100)
+    {
+        arguments.push_back(ConsumeRPCArgument(fuzzed_data_provider, good_data));
     }
     try {
         rpc_testing_setup->CallRPC(rpc_command, arguments);

From 64ff0b3f4e60ee6ab4589bb4cce74a2ea380ef7a Mon Sep 17 00:00:00 2001
From: fanquake <fanquake@gmail.com>
Date: Sun, 26 Nov 2023 12:17:18 +0000
Subject: [PATCH 2/3] Merge bitcoin/bitcoin#28931: fuzz: Limit fuzz buffer size
 in script_flags target

faf1fb207fb6e9a12c864074f8c40d5922d93ff4 Fix IWYU for the script_flags fuzz target (MarcoFalke)
fa71285b7301b2993bcc68525649716afbd9abf8 fuzz: Limit fuzz buffer size in script_flags target (MarcoFalke)
fa6b87b9ee661d8ef4ec244d230ebdeb7d1841a0 fuzz: CDataStream -> DataStream in script_flags (MarcoFalke)

Pull request description:

  Most fuzz targets have an upper limit on the buffer size to avoid excessive runtime. Do the same for `script_flags` to avoid timeouts such as https://github.com/bitcoin/bitcoin/issues/28812#issuecomment-1824696971

  Also, fix iwyu. Also, remove legacy `CDataStream`.

ACKs for top commit:
  dergoegge:
    ACK faf1fb207fb6e9a12c864074f8c40d5922d93ff4
  brunoerg:
    utACK faf1fb207fb6e9a12c864074f8c40d5922d93ff4

Tree-SHA512: 9301917b353f7409e448b6fd3635de19330856e0742431db5ef04e62873501b5b4cd6cb78ad81ada2747fa2bdae033115b5951d10489dd5d0d320426c8b96bee
---
 src/script/interpreter.h       | 13 +++++++++----
 src/test/fuzz/script_flags.cpp | 21 +++++++++------------
 2 files changed, 18 insertions(+), 16 deletions(-)

diff --git a/src/script/interpreter.h b/src/script/interpreter.h
index 6d95191fa56a..8cbe92cf41fe 100644
--- a/src/script/interpreter.h
+++ b/src/script/interpreter.h
@@ -7,16 +7,21 @@
 #define BITCOIN_SCRIPT_INTERPRETER_H
 
 #include <script/script_error.h>
+#include <consensus/amount.h>
 #include <primitives/transaction.h>
+#include <script/script_error.h> // IWYU pragma: export
+#include <span.h>
+#include <uint256.h>
 
+#include <cstddef>
+#include <cstdint>
 #include <vector>
-#include <stdint.h>
 
 class CPubKey;
 class CScript;
-class CTransaction;
-class CTxOut;
-class uint256;
+class CScriptNum;
+class XOnlyPubKey;
+struct CScriptWitness;
 
 /** Signature hash types/flags */
 enum
diff --git a/src/test/fuzz/script_flags.cpp b/src/test/fuzz/script_flags.cpp
index 4022c7471c18..5e90b35e292e 100644
--- a/src/test/fuzz/script_flags.cpp
+++ b/src/test/fuzz/script_flags.cpp
@@ -3,25 +3,22 @@
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
 #include <consensus/amount.h>
-#include <pubkey.h>
+#include <primitives/transaction.h>
 #include <script/interpreter.h>
+#include <serialize.h>
 #include <streams.h>
+#include <test/fuzz/fuzz.h>
 #include <test/util/script.h>
-#include <version.h>
 
-#include <test/fuzz/fuzz.h>
+#include <cassert>
+#include <ios>
+#include <utility>
+#include <vector>
 
 FUZZ_TARGET(script_flags)
 {
-    CDataStream ds(buffer, SER_NETWORK, INIT_PROTO_VERSION);
-    try {
-        int nVersion;
-        ds >> nVersion;
-        ds.SetVersion(nVersion);
-    } catch (const std::ios_base::failure&) {
-        return;
-    }
-
+    if (buffer.size() > 100'000) return;
+    DataStream ds{buffer};
     try {
         const CTransaction tx(deserialize, ds);
         const PrecomputedTransactionData txdata(tx);

From 1c0e1e6e4a415247c1f595d154bc8f52705ce62b Mon Sep 17 00:00:00 2001
From: Andrew Chow <github@achow101.com>
Date: Tue, 10 Jan 2023 19:02:46 -0500
Subject: [PATCH 3/3] Merge bitcoin/bitcoin#26679: wallet: Skip rescanning if
 wallet is more recent than tip

378400953424598fd78ccec5ba8cc38bc253c550 wallet: Skip rescanning if wallet is more recent than tip (Andrew Chow)

Pull request description:

  If a wallet has key birthdates that are more recent than the currrent chain tip, or a bestblock height higher than the current tip, we should not attempt to rescan as there is nothing to scan for.

  Fixes #26655

ACKs for top commit:
  ishaanam:
    re-utACK 378400953424598fd78ccec5ba8cc38bc253c550
  w0xlt:
    utACK https://github.com/bitcoin/bitcoin/pull/26679/commits/378400953424598fd78ccec5ba8cc38bc253c550
  furszy:
    Code review ACK 37840095

Tree-SHA512: f0d90b62940d97d50f21e1e01fa6dcb54409fad819cea4283612825c4d93d733df323cd92787fed43956b0a8e386a5bf88218f1f5749c913398667a5c8f54470
---
 src/wallet/wallet.cpp | 32 ++++++++++++++++++--------------
 1 file changed, 18 insertions(+), 14 deletions(-)

diff --git a/src/wallet/wallet.cpp b/src/wallet/wallet.cpp
index 3132c36766d6..903f3c9ee26e 100644
--- a/src/wallet/wallet.cpp
+++ b/src/wallet/wallet.cpp
@@ -3281,6 +3281,24 @@ bool CWallet::AttachChain(const std::shared_ptr<CWallet>& walletInstance, interf
 
     if (tip_height && *tip_height != rescan_height)
     {
+        // No need to read and scan block if block was created before
+        // our wallet birthday (as adjusted for block time variability)
+        std::optional<int64_t> time_first_key;
+        for (auto spk_man : walletInstance->GetAllScriptPubKeyMans()) {
+            int64_t time = spk_man->GetTimeFirstKey();
+            if (!time_first_key || time < *time_first_key) time_first_key = time;
+        }
+        if (time_first_key) {
+            FoundBlock found = FoundBlock().height(rescan_height);
+            chain.findFirstBlockWithTimeAndHeight(*time_first_key - TIMESTAMP_WINDOW, rescan_height, found);
+            if (!found.found) {
+                // We were unable to find a block that had a time more recent than our earliest timestamp
+                // or a height higher than the wallet was synced to, indicating that the wallet is newer than the
+                // current chain tip. Skip rescanning in this case.
+                rescan_height = *tip_height;
+            }
+        }
+
         // Technically we could execute the code below in any case, but performing the
         // `while` loop below can make startup very slow, so only check blocks on disk
         // if necessary.
@@ -3315,20 +3333,6 @@ bool CWallet::AttachChain(const std::shared_ptr<CWallet>& walletInstance, interf
         chain.initMessage(_("Rescanning…").translated);
         walletInstance->WalletLogPrintf("Rescanning last %i blocks (from block %i)...\n", *tip_height - rescan_height, rescan_height);
 
-        // No need to read and scan block if block was created before
-        // our wallet birthday (as adjusted for block time variability)
-        // unless a full rescan was requested
-        if (gArgs.GetIntArg("-rescan", 0) != 2) {
-            std::optional<int64_t> time_first_key;
-            for (auto spk_man : walletInstance->GetAllScriptPubKeyMans()) {
-                int64_t time = spk_man->GetTimeFirstKey();
-                if (!time_first_key || time < *time_first_key) time_first_key = time;
-            }
-            if (time_first_key) {
-                chain.findFirstBlockWithTimeAndHeight(*time_first_key - TIMESTAMP_WINDOW, rescan_height, FoundBlock().height(rescan_height));
-            }
-        }
-
         {
             WalletRescanReserver reserver(*walletInstance);
             if (!reserver.reserve() || (ScanResult::SUCCESS != walletInstance->ScanForWalletTransactions(chain.getBlockHash(rescan_height), rescan_height, /*max_height=*/{}, reserver, /*fUpdate=*/true, /*save_progress=*/true).status)) {