From 6f8730752cf92ff8269812c01a6d9d35fff82e75 Mon Sep 17 00:00:00 2001 From: Gavin Andresen Date: Sat, 26 Jan 2013 14:38:40 -0500 Subject: [PATCH] Treat non-final transactions as non-standard At least one service that accepted zero-confirmation transactions was vulnerable because an attacker could send a transaction with a lock time far in the future, and then have plenty of time in which to get a double-spend mined (perhaps from a miner who wasn't on the network when the first transaction was broadcast). That is a variation on the "Finney attack". We still don't recommend anybody accept 0-confirmation transactions as final payment for anything. This change keeps non-final transactions from appearing in the wallet, and, assuming most of the network accepts this change, will prevent them from being relayed until they are final. --- src/main.cpp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/main.cpp b/src/main.cpp index 75e7013918..6c2d76202a 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -368,6 +368,9 @@ bool CTransaction::IsStandard() const if (nVersion > CTransaction::CURRENT_VERSION) return false; + if (!IsFinal()) + return false; + BOOST_FOREACH(const CTxIn& txin, vin) { // Biggest 'standard' txin is a 3-signature 3-of-3 CHECKMULTISIG