Branch data Line data Source code
# 1 : : // Copyright (c) 2009-2010 Satoshi Nakamoto
# 2 : : // Copyright (c) 2009-2021 The Bitcoin Core developers
# 3 : : // Distributed under the MIT software license, see the accompanying
# 4 : : // file COPYING or http://www.opensource.org/licenses/mit-license.php.
# 5 : :
# 6 : : // NOTE: This file is intended to be customised by the end user, and includes only local node policy logic
# 7 : :
# 8 : : #include <policy/policy.h>
# 9 : :
# 10 : : #include <consensus/validation.h>
# 11 : : #include <coins.h>
# 12 : : #include <span.h>
# 13 : :
# 14 : : CAmount GetDustThreshold(const CTxOut& txout, const CFeeRate& dustRelayFeeIn)
# 15 : 182477 : {
# 16 : : // "Dust" is defined in terms of dustRelayFee,
# 17 : : // which has units satoshis-per-kilobyte.
# 18 : : // If you'd pay more in fees than the value of the output
# 19 : : // to spend something, then we consider it dust.
# 20 : : // A typical spendable non-segwit txout is 34 bytes big, and will
# 21 : : // need a CTxIn of at least 148 bytes to spend:
# 22 : : // so dust is a spendable txout less than
# 23 : : // 182*dustRelayFee/1000 (in satoshis).
# 24 : : // 546 satoshis at the default rate of 3000 sat/kvB.
# 25 : : // A typical spendable segwit P2WPKH txout is 31 bytes big, and will
# 26 : : // need a CTxIn of at least 67 bytes to spend:
# 27 : : // so dust is a spendable txout less than
# 28 : : // 98*dustRelayFee/1000 (in satoshis).
# 29 : : // 294 satoshis at the default rate of 3000 sat/kvB.
# 30 [ + + ]: 182477 : if (txout.scriptPubKey.IsUnspendable())
# 31 : 12 : return 0;
# 32 : :
# 33 : 182465 : size_t nSize = GetSerializeSize(txout);
# 34 : 182465 : int witnessversion = 0;
# 35 : 182465 : std::vector<unsigned char> witnessprogram;
# 36 : :
# 37 : : // Note this computation is for spending a Segwit v0 P2WPKH output (a 33 bytes
# 38 : : // public key + an ECDSA signature). For Segwit v1 Taproot outputs the minimum
# 39 : : // satisfaction is lower (a single BIP340 signature) but this computation was
# 40 : : // kept to not further reduce the dust level.
# 41 : : // See discussion in https://github.com/bitcoin/bitcoin/pull/22779 for details.
# 42 [ + + ]: 182465 : if (txout.scriptPubKey.IsWitnessProgram(witnessversion, witnessprogram)) {
# 43 : : // sum the sizes of the parts of a transaction input
# 44 : : // with 75% segwit discount applied to the script size.
# 45 : 173381 : nSize += (32 + 4 + 1 + (107 / WITNESS_SCALE_FACTOR) + 4);
# 46 : 173381 : } else {
# 47 : 9084 : nSize += (32 + 4 + 1 + 107 + 4); // the 148 mentioned above
# 48 : 9084 : }
# 49 : :
# 50 : 182465 : return dustRelayFeeIn.GetFee(nSize);
# 51 : 182477 : }
# 52 : :
# 53 : : bool IsDust(const CTxOut& txout, const CFeeRate& dustRelayFeeIn)
# 54 : 182477 : {
# 55 : 182477 : return (txout.nValue < GetDustThreshold(txout, dustRelayFeeIn));
# 56 : 182477 : }
# 57 : :
# 58 : : bool IsStandard(const CScript& scriptPubKey, TxoutType& whichType)
# 59 : 118267 : {
# 60 : 118267 : std::vector<std::vector<unsigned char> > vSolutions;
# 61 : 118267 : whichType = Solver(scriptPubKey, vSolutions);
# 62 : :
# 63 [ + + ]: 118267 : if (whichType == TxoutType::NONSTANDARD) {
# 64 : 104 : return false;
# 65 [ + + ]: 118163 : } else if (whichType == TxoutType::MULTISIG) {
# 66 : 19 : unsigned char m = vSolutions.front()[0];
# 67 : 19 : unsigned char n = vSolutions.back()[0];
# 68 : : // Support up to x-of-3 multisig txns as standard
# 69 [ - + ][ + + ]: 19 : if (n < 1 || n > 3)
# 70 : 2 : return false;
# 71 [ - + ][ - + ]: 17 : if (m < 1 || m > n)
# 72 : 0 : return false;
# 73 [ + + ]: 118144 : } else if (whichType == TxoutType::NULL_DATA &&
# 74 [ - + ][ + + ]: 118144 : (!fAcceptDatacarrier || scriptPubKey.size() > nMaxDatacarrierBytes)) {
# 75 : 2 : return false;
# 76 : 2 : }
# 77 : :
# 78 : 118159 : return true;
# 79 : 118267 : }
# 80 : :
# 81 : : bool IsStandardTx(const CTransaction& tx, bool permit_bare_multisig, const CFeeRate& dust_relay_fee, std::string& reason)
# 82 : 31805 : {
# 83 [ + + ][ + + ]: 31805 : if (tx.nVersion > TX_MAX_STANDARD_VERSION || tx.nVersion < 1) {
# 84 : 1269 : reason = "version";
# 85 : 1269 : return false;
# 86 : 1269 : }
# 87 : :
# 88 : : // Extremely large transactions with lots of inputs can cost the network
# 89 : : // almost as much to process as they cost the sender in fees, because
# 90 : : // computing signature hashes is O(ninputs*txsize). Limiting transactions
# 91 : : // to MAX_STANDARD_TX_WEIGHT mitigates CPU exhaustion attacks.
# 92 : 30536 : unsigned int sz = GetTransactionWeight(tx);
# 93 [ + + ]: 30536 : if (sz > MAX_STANDARD_TX_WEIGHT) {
# 94 : 6 : reason = "tx-size";
# 95 : 6 : return false;
# 96 : 6 : }
# 97 : :
# 98 [ + + ]: 30530 : for (const CTxIn& txin : tx.vin)
# 99 : 64316 : {
# 100 : : // Biggest 'standard' txin involving only keys is a 15-of-15 P2SH
# 101 : : // multisig with compressed keys (remember the 520 byte limit on
# 102 : : // redeemScript size). That works out to a (15*(33+1))+3=513 byte
# 103 : : // redeemScript, 513+1+15*(73+1)+3=1627 bytes of scriptSig, which
# 104 : : // we round off to 1650(MAX_STANDARD_SCRIPTSIG_SIZE) bytes for
# 105 : : // some minor future-proofing. That's also enough to spend a
# 106 : : // 20-of-20 CHECKMULTISIG scriptPubKey, though such a scriptPubKey
# 107 : : // is not considered standard.
# 108 [ + + ]: 64316 : if (txin.scriptSig.size() > MAX_STANDARD_SCRIPTSIG_SIZE) {
# 109 : 3 : reason = "scriptsig-size";
# 110 : 3 : return false;
# 111 : 3 : }
# 112 [ + + ]: 64313 : if (!txin.scriptSig.IsPushOnly()) {
# 113 : 303 : reason = "scriptsig-not-pushonly";
# 114 : 303 : return false;
# 115 : 303 : }
# 116 : 64313 : }
# 117 : :
# 118 : 30224 : unsigned int nDataOut = 0;
# 119 : 30224 : TxoutType whichType;
# 120 [ + + ]: 118247 : for (const CTxOut& txout : tx.vout) {
# 121 [ + + ]: 118247 : if (!::IsStandard(txout.scriptPubKey, whichType)) {
# 122 : 94 : reason = "scriptpubkey";
# 123 : 94 : return false;
# 124 : 94 : }
# 125 : :
# 126 [ + + ]: 118153 : if (whichType == TxoutType::NULL_DATA)
# 127 : 37 : nDataOut++;
# 128 [ + + ][ + + ]: 118116 : else if ((whichType == TxoutType::MULTISIG) && (!permit_bare_multisig)) {
# 129 : 3 : reason = "bare-multisig";
# 130 : 3 : return false;
# 131 [ + + ]: 118113 : } else if (IsDust(txout, dust_relay_fee)) {
# 132 : 43 : reason = "dust";
# 133 : 43 : return false;
# 134 : 43 : }
# 135 : 118153 : }
# 136 : :
# 137 : : // only one OP_RETURN txout is permitted
# 138 [ + + ]: 30084 : if (nDataOut > 1) {
# 139 : 7 : reason = "multi-op-return";
# 140 : 7 : return false;
# 141 : 7 : }
# 142 : :
# 143 : 30077 : return true;
# 144 : 30084 : }
# 145 : :
# 146 : : /**
# 147 : : * Check transaction inputs to mitigate two
# 148 : : * potential denial-of-service attacks:
# 149 : : *
# 150 : : * 1. scriptSigs with extra data stuffed into them,
# 151 : : * not consumed by scriptPubKey (or P2SH script)
# 152 : : * 2. P2SH scripts with a crazy number of expensive
# 153 : : * CHECKSIG/CHECKMULTISIG operations
# 154 : : *
# 155 : : * Why bother? To avoid denial-of-service attacks; an attacker
# 156 : : * can submit a standard HASH... OP_EQUAL transaction,
# 157 : : * which will get accepted into blocks. The redemption
# 158 : : * script can be anything; an attacker could use a very
# 159 : : * expensive-to-check-upon-redemption script like:
# 160 : : * DUP CHECKSIG DROP ... repeated 100 times... OP_1
# 161 : : *
# 162 : : * Note that only the non-witness portion of the transaction is checked here.
# 163 : : */
# 164 : : bool AreInputsStandard(const CTransaction& tx, const CCoinsViewCache& mapInputs)
# 165 : 29779 : {
# 166 [ - + ]: 29779 : if (tx.IsCoinBase()) {
# 167 : 0 : return true; // Coinbases don't use vin normally
# 168 : 0 : }
# 169 : :
# 170 [ + + ]: 87767 : for (unsigned int i = 0; i < tx.vin.size(); i++) {
# 171 : 58191 : const CTxOut& prev = mapInputs.AccessCoin(tx.vin[i].prevout).out;
# 172 : :
# 173 : 58191 : std::vector<std::vector<unsigned char> > vSolutions;
# 174 : 58191 : TxoutType whichType = Solver(prev.scriptPubKey, vSolutions);
# 175 [ + + ][ + + ]: 58191 : if (whichType == TxoutType::NONSTANDARD || whichType == TxoutType::WITNESS_UNKNOWN) {
# 176 : : // WITNESS_UNKNOWN failures are typically also caught with a policy
# 177 : : // flag in the script interpreter, but it can be helpful to catch
# 178 : : // this type of NONSTANDARD transaction earlier in transaction
# 179 : : // validation.
# 180 : 199 : return false;
# 181 [ + + ]: 57992 : } else if (whichType == TxoutType::SCRIPTHASH) {
# 182 : 992 : std::vector<std::vector<unsigned char> > stack;
# 183 : : // convert the scriptSig into a stack, so we can inspect the redeemScript
# 184 [ - + ]: 992 : if (!EvalScript(stack, tx.vin[i].scriptSig, SCRIPT_VERIFY_NONE, BaseSignatureChecker(), SigVersion::BASE))
# 185 : 0 : return false;
# 186 [ - + ]: 992 : if (stack.empty())
# 187 : 0 : return false;
# 188 : 992 : CScript subscript(stack.back().begin(), stack.back().end());
# 189 [ + + ]: 992 : if (subscript.GetSigOpCount(true) > MAX_P2SH_SIGOPS) {
# 190 : 4 : return false;
# 191 : 4 : }
# 192 : 992 : }
# 193 : 58191 : }
# 194 : :
# 195 : 29576 : return true;
# 196 : 29779 : }
# 197 : :
# 198 : : bool IsWitnessStandard(const CTransaction& tx, const CCoinsViewCache& mapInputs)
# 199 : 26573 : {
# 200 [ - + ]: 26573 : if (tx.IsCoinBase())
# 201 : 0 : return true; // Coinbases are skipped
# 202 : :
# 203 [ + + ]: 79026 : for (unsigned int i = 0; i < tx.vin.size(); i++)
# 204 : 52595 : {
# 205 : : // We don't care if witness for this input is empty, since it must not be bloated.
# 206 : : // If the script is invalid without witness, it would be caught sooner or later during validation.
# 207 [ + + ]: 52595 : if (tx.vin[i].scriptWitness.IsNull())
# 208 : 1703 : continue;
# 209 : :
# 210 : 50892 : const CTxOut &prev = mapInputs.AccessCoin(tx.vin[i].prevout).out;
# 211 : :
# 212 : : // get the scriptPubKey corresponding to this input:
# 213 : 50892 : CScript prevScript = prev.scriptPubKey;
# 214 : :
# 215 : 50892 : bool p2sh = false;
# 216 [ + + ]: 50892 : if (prevScript.IsPayToScriptHash()) {
# 217 : 815 : std::vector <std::vector<unsigned char> > stack;
# 218 : : // If the scriptPubKey is P2SH, we try to extract the redeemScript casually by converting the scriptSig
# 219 : : // into a stack. We do not check IsPushOnly nor compare the hash as these will be done later anyway.
# 220 : : // If the check fails at this stage, we know that this txid must be a bad one.
# 221 [ - + ]: 815 : if (!EvalScript(stack, tx.vin[i].scriptSig, SCRIPT_VERIFY_NONE, BaseSignatureChecker(), SigVersion::BASE))
# 222 : 0 : return false;
# 223 [ - + ]: 815 : if (stack.empty())
# 224 : 0 : return false;
# 225 : 815 : prevScript = CScript(stack.back().begin(), stack.back().end());
# 226 : 815 : p2sh = true;
# 227 : 815 : }
# 228 : :
# 229 : 50892 : int witnessversion = 0;
# 230 : 50892 : std::vector<unsigned char> witnessprogram;
# 231 : :
# 232 : : // Non-witness program must not be associated with any witness
# 233 [ + + ]: 50892 : if (!prevScript.IsWitnessProgram(witnessversion, witnessprogram))
# 234 : 1 : return false;
# 235 : :
# 236 : : // Check P2WSH standard limits
# 237 [ + + ][ + + ]: 50891 : if (witnessversion == 0 && witnessprogram.size() == WITNESS_V0_SCRIPTHASH_SIZE) {
# 238 [ + + ]: 594 : if (tx.vin[i].scriptWitness.stack.back().size() > MAX_STANDARD_P2WSH_SCRIPT_SIZE)
# 239 : 2 : return false;
# 240 : 592 : size_t sizeWitnessStack = tx.vin[i].scriptWitness.stack.size() - 1;
# 241 [ + + ]: 592 : if (sizeWitnessStack > MAX_STANDARD_P2WSH_STACK_ITEMS)
# 242 : 2 : return false;
# 243 [ + + ]: 1934 : for (unsigned int j = 0; j < sizeWitnessStack; j++) {
# 244 [ + + ]: 1346 : if (tx.vin[i].scriptWitness.stack[j].size() > MAX_STANDARD_P2WSH_STACK_ITEM_SIZE)
# 245 : 2 : return false;
# 246 : 1346 : }
# 247 : 590 : }
# 248 : :
# 249 : : // Check policy limits for Taproot spends:
# 250 : : // - MAX_STANDARD_TAPSCRIPT_STACK_ITEM_SIZE limit for stack item size
# 251 : : // - No annexes
# 252 [ + + ][ + + ]: 50885 : if (witnessversion == 1 && witnessprogram.size() == WITNESS_V1_TAPROOT_SIZE && !p2sh) {
# [ + - ]
# 253 : : // Taproot spend (non-P2SH-wrapped, version 1, witness program size 32; see BIP 341)
# 254 : 26775 : Span stack{tx.vin[i].scriptWitness.stack};
# 255 [ + + ][ + + ]: 26775 : if (stack.size() >= 2 && !stack.back().empty() && stack.back()[0] == ANNEX_TAG) {
# [ + + ]
# 256 : : // Annexes are nonstandard as long as no semantics are defined for them.
# 257 : 100 : return false;
# 258 : 100 : }
# 259 [ + + ]: 26675 : if (stack.size() >= 2) {
# 260 : : // Script path spend (2 or more stack elements after removing optional annex)
# 261 : 26015 : const auto& control_block = SpanPopBack(stack);
# 262 : 26015 : SpanPopBack(stack); // Ignore script
# 263 [ + + ]: 26015 : if (control_block.empty()) return false; // Empty control block is invalid
# 264 [ + + ]: 26014 : if ((control_block[0] & TAPROOT_LEAF_MASK) == TAPROOT_LEAF_TAPSCRIPT) {
# 265 : : // Leaf version 0xc0 (aka Tapscript, see BIP 342)
# 266 [ + + ]: 312315 : for (const auto& item : stack) {
# 267 [ + + ]: 312315 : if (item.size() > MAX_STANDARD_TAPSCRIPT_STACK_ITEM_SIZE) return false;
# 268 : 312315 : }
# 269 : 25017 : }
# 270 [ + - ]: 26014 : } else if (stack.size() == 1) {
# 271 : : // Key path spend (1 stack element after removing optional annex)
# 272 : : // (no policy rules apply)
# 273 : 660 : } else {
# 274 : : // 0 stack elements; this is already invalid by consensus rules
# 275 : 0 : return false;
# 276 : 0 : }
# 277 : 26675 : }
# 278 : 50885 : }
# 279 : 26431 : return true;
# 280 : 26573 : }
# 281 : :
# 282 : : int64_t GetVirtualTransactionSize(int64_t nWeight, int64_t nSigOpCost, unsigned int bytes_per_sigop)
# 283 : 448139655 : {
# 284 : 448139655 : return (std::max(nWeight, nSigOpCost * bytes_per_sigop) + WITNESS_SCALE_FACTOR - 1) / WITNESS_SCALE_FACTOR;
# 285 : 448139655 : }
# 286 : :
# 287 : : int64_t GetVirtualTransactionSize(const CTransaction& tx, int64_t nSigOpCost, unsigned int bytes_per_sigop)
# 288 : 18305 : {
# 289 : 18305 : return GetVirtualTransactionSize(GetTransactionWeight(tx), nSigOpCost, bytes_per_sigop);
# 290 : 18305 : }
# 291 : :
# 292 : : int64_t GetVirtualTransactionInputSize(const CTxIn& txin, int64_t nSigOpCost, unsigned int bytes_per_sigop)
# 293 : 349116 : {
# 294 : 349116 : return GetVirtualTransactionSize(GetTransactionInputWeight(txin), nSigOpCost, bytes_per_sigop);
# 295 : 349116 : }
|