Line data Source code
1 : // Copyright (c) 2009-2010 Satoshi Nakamoto
2 : // Copyright (c) 2009-2014 The Bitcoin developers
3 : // Distributed under the MIT software license, see the accompanying
4 : // file COPYING or http://www.opensource.org/licenses/mit-license.php.
5 :
6 : // NOTE: This file is intended to be customised by the end user, and includes only local node policy logic
7 :
8 : #include "policy/policy.h"
9 :
10 : #include "main.h"
11 : #include "tinyformat.h"
12 : #include "util.h"
13 : #include "utilstrencodings.h"
14 :
15 : #include <boost/foreach.hpp>
16 :
17 : /**
18 : * Check transaction inputs to mitigate two
19 : * potential denial-of-service attacks:
20 : *
21 : * 1. scriptSigs with extra data stuffed into them,
22 : * not consumed by scriptPubKey (or P2SH script)
23 : * 2. P2SH scripts with a crazy number of expensive
24 : * CHECKSIG/CHECKMULTISIG operations
25 : *
26 : * Check transaction inputs, and make sure any
27 : * pay-to-script-hash transactions are evaluating IsStandard scripts
28 : *
29 : * Why bother? To avoid denial-of-service attacks; an attacker
30 : * can submit a standard HASH... OP_EQUAL transaction,
31 : * which will get accepted into blocks. The redemption
32 : * script can be anything; an attacker could use a very
33 : * expensive-to-check-upon-redemption script like:
34 : * DUP CHECKSIG DROP ... repeated 100 times... OP_1
35 : */
36 :
37 47 : bool IsStandard(const CScript& scriptPubKey, txnouttype& whichType)
38 : {
39 : std::vector<std::vector<unsigned char> > vSolutions;
40 47 : if (!Solver(scriptPubKey, whichType, vSolutions))
41 : return false;
42 :
43 39 : if (whichType == TX_MULTISIG)
44 : {
45 7 : unsigned char m = vSolutions.front()[0];
46 7 : unsigned char n = vSolutions.back()[0];
47 : // Support up to x-of-3 multisig txns as standard
48 7 : if (n < 1 || n > 3)
49 : return false;
50 6 : if (m < 1 || m > n)
51 : return false;
52 96 : } else if (whichType == TX_NULL_DATA &&
53 65 : (!GetBoolArg("-datacarrier", true) || scriptPubKey.size() > nMaxDatacarrierBytes))
54 : return false;
55 :
56 37 : return whichType != TX_NONSTANDARD;
57 : }
58 :
59 24 : bool IsStandardTx(const CTransaction& tx, std::string& reason)
60 : {
61 24 : if (tx.nVersion > CTransaction::CURRENT_VERSION || tx.nVersion < 1) {
62 : reason = "version";
63 : return false;
64 : }
65 :
66 : // Extremely large transactions with lots of inputs can cost the network
67 : // almost as much to process as they cost the sender in fees, because
68 : // computing signature hashes is O(ninputs*txsize). Limiting transactions
69 : // to MAX_STANDARD_TX_SIZE mitigates CPU exhaustion attacks.
70 24 : unsigned int sz = tx.GetSerializeSize(SER_NETWORK, CTransaction::CURRENT_VERSION);
71 24 : if (sz >= MAX_STANDARD_TX_SIZE) {
72 : reason = "tx-size";
73 : return false;
74 : }
75 :
76 252 : BOOST_FOREACH(const CTxIn& txin, tx.vin)
77 : {
78 : // Biggest 'standard' txin is a 15-of-15 P2SH multisig with compressed
79 : // keys. (remember the 520 byte limit on redeemScript size) That works
80 : // out to a (15*(33+1))+3=513 byte redeemScript, 513+1+15*(73+1)+3=1627
81 : // bytes of scriptSig, which we round off to 1650 bytes for some minor
82 : // future-proofing. That's also enough to spend a 20-of-20
83 : // CHECKMULTISIG scriptPubKey, though such a scriptPubKey is not
84 : // considered standard)
85 44 : if (txin.scriptSig.size() > 1650) {
86 : reason = "scriptsig-size";
87 0 : return false;
88 : }
89 22 : if (!txin.scriptSig.IsPushOnly()) {
90 : reason = "scriptsig-not-pushonly";
91 : return false;
92 : }
93 : }
94 :
95 24 : unsigned int nDataOut = 0;
96 : txnouttype whichType;
97 330 : BOOST_FOREACH(const CTxOut& txout, tx.vout) {
98 37 : if (!::IsStandard(txout.scriptPubKey, whichType)) {
99 : reason = "scriptpubkey";
100 4 : return false;
101 : }
102 :
103 34 : if (whichType == TX_NULL_DATA)
104 12 : nDataOut++;
105 22 : else if ((whichType == TX_MULTISIG) && (!fIsBareMultisigStd)) {
106 : reason = "bare-multisig";
107 : return false;
108 22 : } else if (txout.IsDust(::minRelayTxFee)) {
109 : reason = "dust";
110 : return false;
111 : }
112 : }
113 :
114 : // only one OP_RETURN txout is permitted
115 20 : if (nDataOut > 1) {
116 : reason = "multi-op-return";
117 : return false;
118 : }
119 :
120 : return true;
121 : }
122 :
123 12 : bool AreInputsStandard(const CTransaction& tx, const CCoinsViewCache& mapInputs)
124 : {
125 12 : if (tx.IsCoinBase())
126 : return true; // Coinbases don't use vin normally
127 :
128 36 : for (unsigned int i = 0; i < tx.vin.size(); i++)
129 : {
130 40 : const CTxOut& prev = mapInputs.GetOutputFor(tx.vin[i]);
131 :
132 : std::vector<std::vector<unsigned char> > vSolutions;
133 : txnouttype whichType;
134 : // get the scriptPubKey corresponding to this input:
135 20 : const CScript& prevScript = prev.scriptPubKey;
136 20 : if (!Solver(prevScript, whichType, vSolutions))
137 8 : return false;
138 20 : int nArgsExpected = ScriptSigArgsExpected(whichType, vSolutions);
139 20 : if (nArgsExpected < 0)
140 : return false;
141 :
142 : // Transactions with extra stuff in their scriptSigs are
143 : // non-standard. Note that this EvalScript() call will
144 : // be quick, because if there are any operations
145 : // beside "push data" in the scriptSig
146 : // IsStandardTx() will have already returned false
147 : // and this method isn't called.
148 12 : std::vector<std::vector<unsigned char> > stack;
149 80 : if (!EvalScript(stack, tx.vin[i].scriptSig, SCRIPT_VERIFY_NONE, BaseSignatureChecker()))
150 8 : return false;
151 :
152 20 : if (whichType == TX_SCRIPTHASH)
153 : {
154 7 : if (stack.empty())
155 3 : return false;
156 35 : CScript subscript(stack.back().begin(), stack.back().end());
157 4 : std::vector<std::vector<unsigned char> > vSolutions2;
158 : txnouttype whichType2;
159 7 : if (Solver(subscript, whichType2, vSolutions2))
160 : {
161 4 : int tmpExpected = ScriptSigArgsExpected(whichType2, vSolutions2);
162 4 : if (tmpExpected < 0)
163 3 : return false;
164 4 : nArgsExpected += tmpExpected;
165 : }
166 : else
167 : {
168 : // Any other Script with less than 15 sigops OK:
169 3 : unsigned int sigops = subscript.GetSigOpCount(true);
170 : // ... extra data left on the stack after execution is OK, too:
171 3 : return (sigops <= MAX_P2SH_SIGOPS);
172 : }
173 : }
174 :
175 34 : if (stack.size() != (unsigned int)nArgsExpected)
176 : return false;
177 12 : }
178 :
179 : return true;
180 288 : }
|
