search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge #9578: Add missing mempool lock for CalculateMemPoolAncestors
[bitcoinplatinum.git] / src / policy / policy.cpp
blobec398f6627f192c6db8835b289f078329f9042eb
1 // Copyright (c) 2009-2010 Satoshi Nakamoto
2 // Copyright (c) 2009-2016 The Bitcoin Core developers
3 // Distributed under the MIT software license, see the accompanying
4 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
5
6 // NOTE: This file is intended to be customised by the end user, and includes only local node policy logic
7
8 #include "policy/policy.h"
9
10 #include "validation.h"
11 #include "tinyformat.h"
12 #include "util.h"
13 #include "utilstrencodings.h"
14
15 #include <boost/foreach.hpp>
16
17 /**
18 * Check transaction inputs to mitigate two
19 * potential denial-of-service attacks:
20 *
21 * 1. scriptSigs with extra data stuffed into them,
22 * not consumed by scriptPubKey (or P2SH script)
23 * 2. P2SH scripts with a crazy number of expensive
24 * CHECKSIG/CHECKMULTISIG operations
25 *
26 * Why bother? To avoid denial-of-service attacks; an attacker
27 * can submit a standard HASH... OP_EQUAL transaction,
28 * which will get accepted into blocks. The redemption
29 * script can be anything; an attacker could use a very
30 * expensive-to-check-upon-redemption script like:
31 * DUP CHECKSIG DROP ... repeated 100 times... OP_1
32 */
33
34 bool IsStandard(const CScript& scriptPubKey, txnouttype& whichType, const bool witnessEnabled)
35 {
36 std::vector<std::vector<unsigned char> > vSolutions;
37 if (!Solver(scriptPubKey, whichType, vSolutions))
38 return false;
39
40 if (whichType == TX_MULTISIG)
41 {
42 unsigned char m = vSolutions.front()[0];
43 unsigned char n = vSolutions.back()[0];
44 // Support up to x-of-3 multisig txns as standard
45 if (n < 1 || n > 3)
46 return false;
47 if (m < 1 || m > n)
48 return false;
49 } else if (whichType == TX_NULL_DATA &&
50 (!fAcceptDatacarrier || scriptPubKey.size() > nMaxDatacarrierBytes))
51 return false;
52
53 else if (!witnessEnabled && (whichType == TX_WITNESS_V0_KEYHASH || whichType == TX_WITNESS_V0_SCRIPTHASH))
54 return false;
55
56 return whichType != TX_NONSTANDARD;
57 }
58
59 bool IsStandardTx(const CTransaction& tx, std::string& reason, const bool witnessEnabled)
60 {
61 if (tx.nVersion > CTransaction::MAX_STANDARD_VERSION || tx.nVersion < 1) {
62 reason = "version";
63 return false;
64 }
65
66 // Extremely large transactions with lots of inputs can cost the network
67 // almost as much to process as they cost the sender in fees, because
68 // computing signature hashes is O(ninputs*txsize). Limiting transactions
69 // to MAX_STANDARD_TX_WEIGHT mitigates CPU exhaustion attacks.
70 unsigned int sz = GetTransactionWeight(tx);
71 if (sz >= MAX_STANDARD_TX_WEIGHT) {
72 reason = "tx-size";
73 return false;
74 }
75
76 BOOST_FOREACH(const CTxIn& txin, tx.vin)
77 {
78 // Biggest 'standard' txin is a 15-of-15 P2SH multisig with compressed
79 // keys (remember the 520 byte limit on redeemScript size). That works
80 // out to a (15*(33+1))+3=513 byte redeemScript, 513+1+15*(73+1)+3=1627
81 // bytes of scriptSig, which we round off to 1650 bytes for some minor
82 // future-proofing. That's also enough to spend a 20-of-20
83 // CHECKMULTISIG scriptPubKey, though such a scriptPubKey is not
84 // considered standard.
85 if (txin.scriptSig.size() > 1650) {
86 reason = "scriptsig-size";
87 return false;
88 }
89 if (!txin.scriptSig.IsPushOnly()) {
90 reason = "scriptsig-not-pushonly";
91 return false;
92 }
93 }
94
95 unsigned int nDataOut = 0;
96 txnouttype whichType;
97 BOOST_FOREACH(const CTxOut& txout, tx.vout) {
98 if (!::IsStandard(txout.scriptPubKey, whichType, witnessEnabled)) {
99 reason = "scriptpubkey";
100 return false;
101 }
102
103 if (whichType == TX_NULL_DATA)
104 nDataOut++;
105 else if ((whichType == TX_MULTISIG) && (!fIsBareMultisigStd)) {
106 reason = "bare-multisig";
107 return false;
108 } else if (txout.IsDust(dustRelayFee)) {
109 reason = "dust";
110 return false;
111 }
112 }
113
114 // only one OP_RETURN txout is permitted
115 if (nDataOut > 1) {
116 reason = "multi-op-return";
117 return false;
118 }
119
120 return true;
121 }
122
123 bool AreInputsStandard(const CTransaction& tx, const CCoinsViewCache& mapInputs)
124 {
125 if (tx.IsCoinBase())
126 return true; // Coinbases don't use vin normally
127
128 for (unsigned int i = 0; i < tx.vin.size(); i++)
129 {
130 const CTxOut& prev = mapInputs.GetOutputFor(tx.vin[i]);
131
132 std::vector<std::vector<unsigned char> > vSolutions;
133 txnouttype whichType;
134 // get the scriptPubKey corresponding to this input:
135 const CScript& prevScript = prev.scriptPubKey;
136 if (!Solver(prevScript, whichType, vSolutions))
137 return false;
138
139 if (whichType == TX_SCRIPTHASH)
140 {
141 std::vector<std::vector<unsigned char> > stack;
142 // convert the scriptSig into a stack, so we can inspect the redeemScript
143 if (!EvalScript(stack, tx.vin[i].scriptSig, SCRIPT_VERIFY_NONE, BaseSignatureChecker(), SIGVERSION_BASE))
144 return false;
145 if (stack.empty())
146 return false;
147 CScript subscript(stack.back().begin(), stack.back().end());
148 if (subscript.GetSigOpCount(true) > MAX_P2SH_SIGOPS) {
149 return false;
150 }
151 }
152 }
153
154 return true;
155 }
156
157 bool IsWitnessStandard(const CTransaction& tx, const CCoinsViewCache& mapInputs)
158 {
159 if (tx.IsCoinBase())
160 return true; // Coinbases are skipped
161
162 for (unsigned int i = 0; i < tx.vin.size(); i++)
163 {
164 // We don't care if witness for this input is empty, since it must not be bloated.
165 // If the script is invalid without witness, it would be caught sooner or later during validation.
166 if (tx.vin[i].scriptWitness.IsNull())
167 continue;
168
169 const CTxOut &prev = mapInputs.GetOutputFor(tx.vin[i]);
170
171 // get the scriptPubKey corresponding to this input:
172 CScript prevScript = prev.scriptPubKey;
173
174 if (prevScript.IsPayToScriptHash()) {
175 std::vector <std::vector<unsigned char> > stack;
176 // If the scriptPubKey is P2SH, we try to extract the redeemScript casually by converting the scriptSig
177 // into a stack. We do not check IsPushOnly nor compare the hash as these will be done later anyway.
178 // If the check fails at this stage, we know that this txid must be a bad one.
179 if (!EvalScript(stack, tx.vin[i].scriptSig, SCRIPT_VERIFY_NONE, BaseSignatureChecker(), SIGVERSION_BASE))
180 return false;
181 if (stack.empty())
182 return false;
183 prevScript = CScript(stack.back().begin(), stack.back().end());
184 }
185
186 int witnessversion = 0;
187 std::vector<unsigned char> witnessprogram;
188
189 // Non-witness program must not be associated with any witness
190 if (!prevScript.IsWitnessProgram(witnessversion, witnessprogram))
191 return false;
192
193 // Check P2WSH standard limits
194 if (witnessversion == 0 && witnessprogram.size() == 32) {
195 if (tx.vin[i].scriptWitness.stack.back().size() > MAX_STANDARD_P2WSH_SCRIPT_SIZE)
196 return false;
197 size_t sizeWitnessStack = tx.vin[i].scriptWitness.stack.size() - 1;
198 if (sizeWitnessStack > MAX_STANDARD_P2WSH_STACK_ITEMS)
199 return false;
200 for (unsigned int j = 0; j < sizeWitnessStack; j++) {
201 if (tx.vin[i].scriptWitness.stack[j].size() > MAX_STANDARD_P2WSH_STACK_ITEM_SIZE)
202 return false;
203 }
204 }
205 }
206 return true;
207 }
208
209 CFeeRate incrementalRelayFee = CFeeRate(DEFAULT_INCREMENTAL_RELAY_FEE);
210 CFeeRate dustRelayFee = CFeeRate(DUST_RELAY_TX_FEE);
211 unsigned int nBytesPerSigOp = DEFAULT_BYTES_PER_SIGOP;
212
213 int64_t GetVirtualTransactionSize(int64_t nWeight, int64_t nSigOpCost)
214 {
215 return (std::max(nWeight, nSigOpCost * nBytesPerSigOp) + WITNESS_SCALE_FACTOR - 1) / WITNESS_SCALE_FACTOR;
216 }
217
218 int64_t GetVirtualTransactionSize(const CTransaction& tx, int64_t nSigOpCost)
219 {
220 return GetVirtualTransactionSize(GetTransactionWeight(tx), nSigOpCost);
221 }