From 2d922b66b05f6c98710dd66c78af6307635c50dc Mon Sep 17 00:00:00 2001
From: Jack Grigg <jack@z.cash>
Date: Thu, 19 Apr 2018 20:35:33 +0100
Subject: [PATCH] Pass transaction header into correct SignatureHash
 serialization level

We need to indicate whether PHGR or Groth proofs are expected to vjoinsplit,
which is serialized in an inner hash, not the outer hash.
---
 src/script/interpreter.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/script/interpreter.cpp b/src/script/interpreter.cpp
index 790ba1e73..58534d854 100644
--- a/src/script/interpreter.cpp
+++ b/src/script/interpreter.cpp
@@ -1091,7 +1091,7 @@ uint256 GetOutputsHash(const CTransaction& txTo) {
 }
 
 uint256 GetJoinSplitsHash(const CTransaction& txTo) {
-    CBLAKE2bWriter ss(SER_GETHASH, 0, ZCASH_JOINSPLITS_HASH_PERSONALIZATION);
+    CBLAKE2bWriter ss(SER_GETHASH, static_cast<int>(txTo.GetHeader()), ZCASH_JOINSPLITS_HASH_PERSONALIZATION);
     for (unsigned int n = 0; n < txTo.vjoinsplit.size(); n++) {
         ss << txTo.vjoinsplit[n];
     }
@@ -1165,7 +1165,7 @@ uint256 SignatureHash(
         memcpy(personalization, "ZcashSigHash", 12);
         memcpy(personalization+12, &leConsensusBranchId, 4);
 
-        CBLAKE2bWriter ss(SER_GETHASH, static_cast<int>(txTo.GetHeader()), personalization);
+        CBLAKE2bWriter ss(SER_GETHASH, 0, personalization);
         // Header
         ss << txTo.GetHeader();
         // Version group ID