neobytes/src/policy/policy.cpp

// Copyright (c) 2009-2010 Satoshi Nakamoto
// Copyright (c) 2009-2015 The Bitcoin developers
// Distributed under the MIT software license, see the accompanying
// file COPYING or http://www.opensource.org/licenses/mit-license.php.

// NOTE: This file is intended to be customised by the end user, and includes only local node policy logic

#include "policy/policy.h"

#include "validation.h"
#include "tinyformat.h"
#include "util.h"
#include "utilstrencodings.h"

#include <boost/foreach.hpp>

    /**
     * Check transaction inputs to mitigate two
     * potential denial-of-service attacks:
     * 
     * 1. scriptSigs with extra data stuffed into them,
     *    not consumed by scriptPubKey (or P2SH script)
     * 2. P2SH scripts with a crazy number of expensive
     *    CHECKSIG/CHECKMULTISIG operations
     *
     * Why bother? To avoid denial-of-service attacks; an attacker
     * can submit a standard HASH... OP_EQUAL transaction,
     * which will get accepted into blocks. The redemption
     * script can be anything; an attacker could use a very
     * expensive-to-check-upon-redemption script like:
     *   DUP CHECKSIG DROP ... repeated 100 times... OP_1
     */

bool IsStandard(const CScript& scriptPubKey, txnouttype& whichType)
{
    std::vector<std::vector<unsigned char> > vSolutions;
    if (!Solver(scriptPubKey, whichType, vSolutions))
        return false;

    if (whichType == TX_MULTISIG)
    {
        unsigned char m = vSolutions.front()[0];
        unsigned char n = vSolutions.back()[0];
        // Support up to x-of-3 multisig txns as standard
        if (n < 1 || n > 3)
            return false;
        if (m < 1 || m > n)
            return false;
    } else if (whichType == TX_NULL_DATA &&
               (!fAcceptDatacarrier || scriptPubKey.size() > nMaxDatacarrierBytes))
          return false;

    return whichType != TX_NONSTANDARD;
}

bool IsStandardTx(const CTransaction& tx, std::string& reason)
{
    if (tx.nVersion > CTransaction::MAX_STANDARD_VERSION || tx.nVersion < 1) {
        reason = "version";
        return false;
    }

    // Extremely large transactions with lots of inputs can cost the network
    // almost as much to process as they cost the sender in fees, because
    // computing signature hashes is O(ninputs*txsize). Limiting transactions
    // to MAX_STANDARD_TX_SIZE mitigates CPU exhaustion attacks.
    unsigned int sz = tx.GetSerializeSize(SER_NETWORK, CTransaction::CURRENT_VERSION);
    if (sz >= MAX_STANDARD_TX_SIZE) {
        reason = "tx-size";
        return false;
    }

    BOOST_FOREACH(const CTxIn& txin, tx.vin)
    {
        // Biggest 'standard' txin is a 15-of-15 P2SH multisig with compressed
        // keys (remember the 520 byte limit on redeemScript size). That works
        // out to a (15*(33+1))+3=513 byte redeemScript, 513+1+15*(73+1)+3=1627
        // bytes of scriptSig, which we round off to 1650 bytes for some minor
        // future-proofing. That's also enough to spend a 20-of-20
        // CHECKMULTISIG scriptPubKey, though such a scriptPubKey is not
        // considered standard.
        if (txin.scriptSig.size() > 1650) {
            reason = "scriptsig-size";
            return false;
        }
        if (!txin.scriptSig.IsPushOnly()) {
            reason = "scriptsig-not-pushonly";
            return false;
        }
    }

    unsigned int nDataOut = 0;
    txnouttype whichType;
    BOOST_FOREACH(const CTxOut& txout, tx.vout) {
        if (!::IsStandard(txout.scriptPubKey, whichType)) {
            reason = "scriptpubkey";
            return false;
        }

        if (whichType == TX_NULL_DATA)
            nDataOut++;
        else if ((whichType == TX_MULTISIG) && (!fIsBareMultisigStd)) {
            reason = "bare-multisig";
            return false;
        } else if (txout.IsDust(::minRelayTxFee)) {
            reason = "dust";
            return false;
        }
    }

    // only one OP_RETURN txout is permitted
    if (nDataOut > 1) {
        reason = "multi-op-return";
        return false;
    }

    return true;
}

bool AreInputsStandard(const CTransaction& tx, const CCoinsViewCache& mapInputs)
{
    if (tx.IsCoinBase())
        return true; // Coinbases don't use vin normally

    for (unsigned int i = 0; i < tx.vin.size(); i++)
    {
        const CTxOut& prev = mapInputs.AccessCoin(tx.vin[i].prevout).out;

        std::vector<std::vector<unsigned char> > vSolutions;
        txnouttype whichType;
        // get the scriptPubKey corresponding to this input:
        const CScript& prevScript = prev.scriptPubKey;
        if (!Solver(prevScript, whichType, vSolutions))
            return false;

        if (whichType == TX_SCRIPTHASH)
        {
            std::vector<std::vector<unsigned char> > stack;
            // convert the scriptSig into a stack, so we can inspect the redeemScript
            if (!EvalScript(stack, tx.vin[i].scriptSig, SCRIPT_VERIFY_NONE, BaseSignatureChecker(), 0))
                return false;
            if (stack.empty())
                return false;
            CScript subscript(stack.back().begin(), stack.back().end());
            if (subscript.GetSigOpCount(true) > MAX_P2SH_SIGOPS) {
                return false;
            }
        }
    }

    return true;
}
Policy: MOVEONLY: 3 functions to policy.o: - [script/standard.o] IsStandard - [main.o] IsStandardTx - [main.o] AreInputsStandard Also, don't use namespace std in policy.cpp 2014-10-12 00:41:05 +02:00			`// Copyright (c) 2009-2010 Satoshi Nakamoto`
Bump copyright headers to 2015 - Bump copyright headers to 2015 - [devtools] Rewrite fix-copyright-headers.py - [devtools] Use git pretty-format for year parsing Github-Pull: #7205 Rebased-From: fa6ad855e9159b2247da4fa0054f32fa181499ab fa24439ff3d8ab5b9efaf66ef4dae6713b88cb35 fa71669452e57039e4270fd2b33a0e0e1635b813 2015-12-13 14:51:43 +01:00			`// Copyright (c) 2009-2015 The Bitcoin developers`
Policy: MOVEONLY: 3 functions to policy.o: - [script/standard.o] IsStandard - [main.o] IsStandardTx - [main.o] AreInputsStandard Also, don't use namespace std in policy.cpp 2014-10-12 00:41:05 +02:00			`// Distributed under the MIT software license, see the accompanying`
			`// file COPYING or http://www.opensource.org/licenses/mit-license.php.`

			`// NOTE: This file is intended to be customised by the end user, and includes only local node policy logic`

			`#include "policy/policy.h"`

Backport Bitcoin PR#9260: Mrs Peacock in The Library with The Candlestick (killed main.{h,cpp}) (#1566) * Remove orphan state wipe from UnloadBlockIndex. As orphan state is now "network state", like in d6ea737be19a0001e69e4e854eb1cef21523ea7a, UnloadBlockIndex is only used during init if we end up reindexing to clear our block state so that we can start over. However, at that time no connections have been brought up as CConnman hasn't been started yet, so all of the network processing state logic is empty when its called. * Move network-msg-processing code out of main to its own file * Rename the remaining main.{h,cpp} to validation.{h,cpp} 2017-08-09 02:19:06 +02:00			`#include "validation.h"`
Policy: MOVEONLY: 3 functions to policy.o: - [script/standard.o] IsStandard - [main.o] IsStandardTx - [main.o] AreInputsStandard Also, don't use namespace std in policy.cpp 2014-10-12 00:41:05 +02:00			`#include "tinyformat.h"`
			`#include "util.h"`
			`#include "utilstrencodings.h"`

			`#include <boost/foreach.hpp>`

			`/**`
			`* Check transaction inputs to mitigate two`
			`* potential denial-of-service attacks:`
			`*`
			`* 1. scriptSigs with extra data stuffed into them,`
			`* not consumed by scriptPubKey (or P2SH script)`
			`* 2. P2SH scripts with a crazy number of expensive`
			`* CHECKSIG/CHECKMULTISIG operations`
			`*`
			`* Why bother? To avoid denial-of-service attacks; an attacker`
			`* can submit a standard HASH... OP_EQUAL transaction,`
			`* which will get accepted into blocks. The redemption`
			`* script can be anything; an attacker could use a very`
			`* expensive-to-check-upon-redemption script like:`
			`* DUP CHECKSIG DROP ... repeated 100 times... OP_1`
			`*/`

			`bool IsStandard(const CScript& scriptPubKey, txnouttype& whichType)`
			`{`
			`std::vector<std::vector<unsigned char> > vSolutions;`
			`if (!Solver(scriptPubKey, whichType, vSolutions))`
			`return false;`

			`if (whichType == TX_MULTISIG)`
			`{`
			`unsigned char m = vSolutions.front()[0];`
			`unsigned char n = vSolutions.back()[0];`
			`// Support up to x-of-3 multisig txns as standard`
			`if (n < 1 \|\| n > 3)`
			`return false;`
			`if (m < 1 \|\| m > n)`
			`return false;`
Accept any sequence of PUSHDATAs in OP_RETURN outputs Previously only one PUSHDATA was allowed, needlessly limiting applications such as matching OP_RETURN contents with bloom filters that operate on a per-PUSHDATA level. Now any combination that passes IsPushOnly() is allowed, so long as the total size of the scriptPubKey is less than 42 bytes. (unchanged modulo non-minimal PUSHDATA encodings) Also, this fixes the odd bug where previously the PUSHDATA could be replaced by any single opcode, even sigops consuming opcodes such as CHECKMULTISIG. (20 sigops!) 2014-10-13 16:18:05 +02:00			`} else if (whichType == TX_NULL_DATA &&`
Constrain constant values to a single location in code 2015-06-27 21:21:41 +02:00			`(!fAcceptDatacarrier \|\| scriptPubKey.size() > nMaxDatacarrierBytes))`
Accept any sequence of PUSHDATAs in OP_RETURN outputs Previously only one PUSHDATA was allowed, needlessly limiting applications such as matching OP_RETURN contents with bloom filters that operate on a per-PUSHDATA level. Now any combination that passes IsPushOnly() is allowed, so long as the total size of the scriptPubKey is less than 42 bytes. (unchanged modulo non-minimal PUSHDATA encodings) Also, this fixes the odd bug where previously the PUSHDATA could be replaced by any single opcode, even sigops consuming opcodes such as CHECKMULTISIG. (20 sigops!) 2014-10-13 16:18:05 +02:00			`return false;`
Policy: MOVEONLY: 3 functions to policy.o: - [script/standard.o] IsStandard - [main.o] IsStandardTx - [main.o] AreInputsStandard Also, don't use namespace std in policy.cpp 2014-10-12 00:41:05 +02:00
			`return whichType != TX_NONSTANDARD;`
			`}`

			`bool IsStandardTx(const CTransaction& tx, std::string& reason)`
			`{`
Policy: allow transaction version 2 relay policy. This commit introduces a way to gracefully bump the default transaction version in a two step process. 2016-02-19 20:52:31 +01:00			`if (tx.nVersion > CTransaction::MAX_STANDARD_VERSION \|\| tx.nVersion < 1) {`
Policy: MOVEONLY: 3 functions to policy.o: - [script/standard.o] IsStandard - [main.o] IsStandardTx - [main.o] AreInputsStandard Also, don't use namespace std in policy.cpp 2014-10-12 00:41:05 +02:00			`reason = "version";`
			`return false;`
			`}`

			`// Extremely large transactions with lots of inputs can cost the network`
			`// almost as much to process as they cost the sender in fees, because`
			`// computing signature hashes is O(ninputs*txsize). Limiting transactions`
			`// to MAX_STANDARD_TX_SIZE mitigates CPU exhaustion attacks.`
			`unsigned int sz = tx.GetSerializeSize(SER_NETWORK, CTransaction::CURRENT_VERSION);`
			`if (sz >= MAX_STANDARD_TX_SIZE) {`
			`reason = "tx-size";`
			`return false;`
			`}`

			`BOOST_FOREACH(const CTxIn& txin, tx.vin)`
			`{`
			`// Biggest 'standard' txin is a 15-of-15 P2SH multisig with compressed`
Merge #7786: Doc: Update isStandardTx comment 03c77fd Doc: Update isStandardTx comment (Matthew English) 2016-04-09 12:13:08 +02:00			`// keys (remember the 520 byte limit on redeemScript size). That works`
Policy: MOVEONLY: 3 functions to policy.o: - [script/standard.o] IsStandard - [main.o] IsStandardTx - [main.o] AreInputsStandard Also, don't use namespace std in policy.cpp 2014-10-12 00:41:05 +02:00			`// out to a (15(33+1))+3=513 byte redeemScript, 513+1+15(73+1)+3=1627`
			`// bytes of scriptSig, which we round off to 1650 bytes for some minor`
			`// future-proofing. That's also enough to spend a 20-of-20`
			`// CHECKMULTISIG scriptPubKey, though such a scriptPubKey is not`
Merge #7786: Doc: Update isStandardTx comment 03c77fd Doc: Update isStandardTx comment (Matthew English) 2016-04-09 12:13:08 +02:00			`// considered standard.`
Policy: MOVEONLY: 3 functions to policy.o: - [script/standard.o] IsStandard - [main.o] IsStandardTx - [main.o] AreInputsStandard Also, don't use namespace std in policy.cpp 2014-10-12 00:41:05 +02:00			`if (txin.scriptSig.size() > 1650) {`
			`reason = "scriptsig-size";`
			`return false;`
			`}`
			`if (!txin.scriptSig.IsPushOnly()) {`
			`reason = "scriptsig-not-pushonly";`
			`return false;`
			`}`
			`}`

			`unsigned int nDataOut = 0;`
			`txnouttype whichType;`
			`BOOST_FOREACH(const CTxOut& txout, tx.vout) {`
			`if (!::IsStandard(txout.scriptPubKey, whichType)) {`
			`reason = "scriptpubkey";`
			`return false;`
			`}`

			`if (whichType == TX_NULL_DATA)`
			`nDataOut++;`
			`else if ((whichType == TX_MULTISIG) && (!fIsBareMultisigStd)) {`
			`reason = "bare-multisig";`
			`return false;`
			`} else if (txout.IsDust(::minRelayTxFee)) {`
			`reason = "dust";`
			`return false;`
			`}`
			`}`

			`// only one OP_RETURN txout is permitted`
			`if (nDataOut > 1) {`
			`reason = "multi-op-return";`
			`return false;`
			`}`

			`return true;`
			`}`

			`bool AreInputsStandard(const CTransaction& tx, const CCoinsViewCache& mapInputs)`
			`{`
			`if (tx.IsCoinBase())`
			`return true; // Coinbases don't use vin normally`

			`for (unsigned int i = 0; i < tx.vin.size(); i++)`
			`{`
Merge #10195: Switch chainstate db and cache to per-txout model 589827975 scripted-diff: various renames for per-utxo consistency (Pieter Wuille) a5e02bc7f Increase travis unit test timeout (Pieter Wuille) 73de2c1ff Rename CCoinsCacheEntry::coins to coin (Pieter Wuille) 119e552f7 Merge CCoinsViewCache's GetOutputFor and AccessCoin (Pieter Wuille) 580b02309 [MOVEONLY] Move old CCoins class to txdb.cpp (Pieter Wuille) 8b25d2c0c Upgrade from per-tx database to per-txout (Pieter Wuille) b2af357f3 Reduce reserved memory space for flushing (Pieter Wuille) 41aa5b79a Pack Coin more tightly (Pieter Wuille) 97072d668 Remove unused CCoins methods (Pieter Wuille) ce23efaa5 Extend coins_tests (Pieter Wuille) 508307968 Switch CCoinsView and chainstate db from per-txid to per-txout (Pieter Wuille) 4ec0d9e79 Refactor GetUTXOStats in preparation for per-COutPoint iteration (Pieter Wuille) 13870b56f Replace CCoins-based CTxMemPool::pruneSpent with isSpent (Pieter Wuille) 05293f3cb Remove ModifyCoins/ModifyNewCoins (Pieter Wuille) 961e48397 Switch tests from ModifyCoins to AddCoin/SpendCoin (Pieter Wuille) 8b3868c1b Switch CScriptCheck to use Coin instead of CCoins (Pieter Wuille) c87b957a3 Only pass things committed to by tx's witness hash to CScriptCheck (Matt Corallo) f68cdfe92 Switch from per-tx to per-txout CCoinsViewCache methods in some places (Pieter Wuille) 000391132 Introduce new per-txout CCoinsViewCache functions (Pieter Wuille) bd83111a0 Optimization: Coin&& to ApplyTxInUndo (Pieter Wuille) cb2c7fdac Replace CTxInUndo with Coin (Pieter Wuille) 422634e2f Introduce Coin, a single unspent output (Pieter Wuille) 7d991b55d Store/allow tx metadata in all undo records (Pieter Wuille) c3aa0c119 Report on-disk size in gettxoutsetinfo (Pieter Wuille) d34242430 Remove/ignore tx version in utxo and undo (Pieter Wuille) 7e0032290 Add specialization of SipHash for 256 + 32 bit data (Pieter Wuille) e484652fc Introduce CHashVerifier to hash read data (Pieter Wuille) f54580e7e error() in disconnect for disk corruption, not inconsistency (Pieter Wuille) e66dbde6d Add SizeEstimate to CDBBatch (Pieter Wuille) Tree-SHA512: ce1fb1e40c77d38915cd02189fab7a8b125c7f44d425c85579d872c3bede3a437760997907c99d7b3017ced1c2de54b2ac7223d99d83a6658fe5ef61edef1de3 2017-06-02 00:47:58 +02:00			`const CTxOut& prev = mapInputs.AccessCoin(tx.vin[i].prevout).out;`
Policy: MOVEONLY: 3 functions to policy.o: - [script/standard.o] IsStandard - [main.o] IsStandardTx - [main.o] AreInputsStandard Also, don't use namespace std in policy.cpp 2014-10-12 00:41:05 +02:00
			`std::vector<std::vector<unsigned char> > vSolutions;`
			`txnouttype whichType;`
			`// get the scriptPubKey corresponding to this input:`
			`const CScript& prevScript = prev.scriptPubKey;`
			`if (!Solver(prevScript, whichType, vSolutions))`
			`return false;`

			`if (whichType == TX_SCRIPTHASH)`
			`{`
Get rid of inaccurate ScriptSigArgsExpected 2016-01-21 13:15:19 +01:00			`std::vector<std::vector<unsigned char> > stack;`
			`// convert the scriptSig into a stack, so we can inspect the redeemScript`
			`if (!EvalScript(stack, tx.vin[i].scriptSig, SCRIPT_VERIFY_NONE, BaseSignatureChecker(), 0))`
			`return false;`
Policy: MOVEONLY: 3 functions to policy.o: - [script/standard.o] IsStandard - [main.o] IsStandardTx - [main.o] AreInputsStandard Also, don't use namespace std in policy.cpp 2014-10-12 00:41:05 +02:00			`if (stack.empty())`
			`return false;`
			`CScript subscript(stack.back().begin(), stack.back().end());`
Get rid of inaccurate ScriptSigArgsExpected 2016-01-21 13:15:19 +01:00			`if (subscript.GetSigOpCount(true) > MAX_P2SH_SIGOPS) {`
			`return false;`
Policy: MOVEONLY: 3 functions to policy.o: - [script/standard.o] IsStandard - [main.o] IsStandardTx - [main.o] AreInputsStandard Also, don't use namespace std in policy.cpp 2014-10-12 00:41:05 +02:00			`}`
			`}`
			`}`

			`return true;`
			`}`