2014-03-18 02:11:00 -07:00
|
|
|
// Copyright (c) 2011-2014 The Bitcoin Core developers
|
2022-05-11 16:23:09 -07:00
|
|
|
// Copyright (c) 2016-2022 The Zcash developers
|
2014-12-12 20:09:33 -08:00
|
|
|
// Distributed under the MIT software license, see the accompanying
|
2019-07-18 07:16:09 -07:00
|
|
|
// file COPYING or https://www.opensource.org/licenses/mit-license.php .
|
2013-04-12 22:13:08 -07:00
|
|
|
|
2018-01-21 23:21:04 -08:00
|
|
|
#include "test/data/tx_invalid.json.h"
|
|
|
|
|
#include "test/data/tx_valid.json.h"
|
2021-06-04 07:06:26 -07:00
|
|
|
#include "test/data/zip0244.json.h"
|
2015-03-12 01:34:42 -07:00
|
|
|
#include "test/test_bitcoin.h"
|
2013-04-12 22:13:08 -07:00
|
|
|
|
2017-04-07 09:24:53 -07:00
|
|
|
#include "init.h"
|
2014-10-28 18:33:23 -07:00
|
|
|
#include "clientversion.h"
|
2016-08-16 06:37:56 -07:00
|
|
|
#include "checkqueue.h"
|
2018-02-01 17:49:42 -08:00
|
|
|
#include "consensus/upgrades.h"
|
2015-01-24 06:57:12 -08:00
|
|
|
#include "consensus/validation.h"
|
|
|
|
|
#include "core_io.h"
|
2013-04-12 22:13:08 -07:00
|
|
|
#include "key.h"
|
|
|
|
|
#include "keystore.h"
|
|
|
|
|
#include "main.h"
|
2014-10-11 15:41:05 -07:00
|
|
|
#include "policy/policy.h"
|
2020-07-07 18:23:03 -07:00
|
|
|
#include "proof_verifier.h"
|
2014-08-20 08:37:40 -07:00
|
|
|
#include "script/script.h"
|
2014-11-13 11:27:38 -08:00
|
|
|
#include "script/script_error.h"
|
2016-08-16 06:37:56 -07:00
|
|
|
#include "script/sign.h"
|
2018-01-06 00:49:57 -08:00
|
|
|
#include "test/test_util.h"
|
2016-01-19 10:09:58 -08:00
|
|
|
#include "primitives/transaction.h"
|
2020-07-09 00:40:06 -07:00
|
|
|
#include "transaction_builder.h"
|
Apply `HaveShieldedRequirements` to coinbase transactions
Both transparent and shielded inputs have contextual checks that need to
be enforced in the consensus rules. For shielded inputs, these are that
the anchors in transactions correspond to real commitment tree states
(to ensure that the spent notes existed), and that their nullifiers are
not being double-spent.
When Sprout was first added to the codebase, we added input checks in
the same places that transparent inputs were checked; namely anywhere
`CCoinsViewCache::HaveInputs` is called. These all happened to be gated
on `!tx.IsCoinBase()`, which was fine because we did not allow Sprout
JoinSplits in coinbase transactions (enforced with a non-contextual
check).
When we added Sapling we also allowed coinbase outputs to Sapling
addresses (shielded coinbase). We updated `HaveShieldedRequirements` to
check Sapling anchors and nullifiers, but didn't change the consensus
code to call it on coinbase. This was fine because Sapling Spends and
Outputs are separate, and we did not allow Sapling Spends in coinbase
transactions (meaning that there were no anchors or nullifiers to
enforce the input rules on).
Orchard falls into an interesting middle-ground:
- We allowed coinbase outputs to Orchard addresses, to enable Sapling
shielded coinbase users to migrate to Orchard.
- Orchard uses Actions, which are a hybrid of Sprout JoinSplits and
Sapling Spends/Outputs. That is, an Orchard Action comprises a single
spend and a single output.
To maintain the "no shielded spends in coinbase" rule, we added an
`enableSpends` flag to the Orchard circuit. We force it to be set to
`false` for coinbase, ensuring that all Orchard spends in a coinbase use
dummy (zero-valued) notes. However, this is insufficient: the coinbase
transaction will still contain an Orchard anchor and nullifiers, and
these need to be correctly constrained.
In particular, not constraining the Orchard nullifiers in a coinbase
transaction enables a Faerie Gold attack. We explicitly require that
Orchard nullifiers are unique, so that there is a unique input to the
nullifier derivation. Without the coinbase check, the following attack
is possible:
- An adversary creates an Orchard Action sending some amount of ZEC to a
victim address, with a dummy spent note. The entire transaction can be
fully-shielded by placing the real spent note in a separate Action.
- The adversary uses the exact same dummy note in a coinbase
transaction, creating the exact same output note (same victim address
and amount).
- The victim now has two notes with the same ZEC amount, but can only
spend one of them because they have the same nullifier.
This commit fixes the consensus bug by calling `HaveShieldedRequirements`
outside of `!tx.IsCoinBase()` gates. To simplify its usage, there is now
a `Consensus::CheckTxShieldedInputs` function that handles the logging
and validation state updates. We also move shielded input checks from
`ContextualCheckInputs` to `ContextualCheckShieldedInputs`; these now
mirror each other in that they check contextual rules on transparent and
shielded inputs respectively, followed by checking signatures.
2022-04-01 12:11:18 -07:00
|
|
|
#include "utiltest.h"
|
2013-04-12 22:13:08 -07:00
|
|
|
|
2018-05-03 03:53:51 -07:00
|
|
|
#include <array>
|
2012-08-04 09:28:49 -07:00
|
|
|
#include <map>
|
|
|
|
|
#include <string>
|
2013-04-12 22:13:08 -07:00
|
|
|
|
2015-05-10 04:35:44 -07:00
|
|
|
#include <boost/assign/list_of.hpp>
|
2011-07-31 11:07:53 -07:00
|
|
|
#include <boost/test/unit_test.hpp>
|
2018-03-26 16:22:37 -07:00
|
|
|
#include <boost/test/data/test_case.hpp>
|
2014-08-20 12:15:16 -07:00
|
|
|
|
2020-07-31 07:15:04 -07:00
|
|
|
#include <rust/ed25519.h>
|
2021-06-14 03:45:54 -07:00
|
|
|
#include <rust/orchard.h>
|
2020-07-31 07:15:04 -07:00
|
|
|
|
2015-09-04 07:11:34 -07:00
|
|
|
#include <univalue.h>
|
2011-07-31 11:07:53 -07:00
|
|
|
|
2016-05-04 17:26:21 -07:00
|
|
|
#include "zcash/Note.hpp"
|
|
|
|
|
#include "zcash/Address.hpp"
|
2016-11-22 20:04:20 -08:00
|
|
|
#include "zcash/Proof.hpp"
|
2015-12-30 07:22:02 -08:00
|
|
|
|
2011-07-31 11:07:53 -07:00
|
|
|
using namespace std;
|
2012-08-04 09:28:49 -07:00
|
|
|
|
2021-06-12 16:28:25 -07:00
|
|
|
// Subclass of CTransaction which doesn't call UpdateHash when constructing
|
|
|
|
|
// from a CMutableTransaction. This enables us to create a CTransaction
|
|
|
|
|
// with bad values which normally trigger an exception during construction.
|
|
|
|
|
class UNSAFE_CTransaction : public CTransaction {
|
|
|
|
|
public:
|
|
|
|
|
UNSAFE_CTransaction(const CMutableTransaction &tx) : CTransaction(tx, true) {}
|
|
|
|
|
};
|
|
|
|
|
|
2022-04-20 20:47:13 -07:00
|
|
|
BOOST_FIXTURE_TEST_SUITE(transaction_tests, BasicTestingSetup)
|
2011-07-31 11:07:53 -07:00
|
|
|
|
2012-08-04 09:28:49 -07:00
|
|
|
BOOST_AUTO_TEST_CASE(tx_valid)
|
|
|
|
|
{
|
2018-02-01 17:49:42 -08:00
|
|
|
uint32_t consensusBranchId = SPROUT_BRANCH_ID;
|
|
|
|
|
|
2012-08-04 09:28:49 -07:00
|
|
|
// Read tests from test/data/tx_valid.json
|
|
|
|
|
// Format is an array of arrays
|
|
|
|
|
// Inner arrays are either [ "comment" ]
|
2014-03-10 15:17:56 -07:00
|
|
|
// or [[[prevout hash, prevout index, prevout scriptPubKey], [input 2], ...],"], serializedTransaction, verifyFlags
|
2012-08-04 09:28:49 -07:00
|
|
|
// ... where all scripts are stringified scripts.
|
2014-03-10 15:17:56 -07:00
|
|
|
//
|
|
|
|
|
// verifyFlags is a comma separated list of script verification flags to apply, or "NONE"
|
2015-05-13 12:29:19 -07:00
|
|
|
UniValue tests = read_json(std::string(json_tests::tx_valid, json_tests::tx_valid + sizeof(json_tests::tx_valid)));
|
2017-06-07 05:09:56 -07:00
|
|
|
std::string comment("");
|
2012-08-04 09:28:49 -07:00
|
|
|
|
2020-07-07 18:23:03 -07:00
|
|
|
auto verifier = ProofVerifier::Strict();
|
2014-11-13 11:27:38 -08:00
|
|
|
ScriptError err;
|
2017-02-06 16:43:10 -08:00
|
|
|
for (size_t idx = 0; idx < tests.size(); idx++) {
|
2015-05-13 12:29:19 -07:00
|
|
|
UniValue test = tests[idx];
|
2014-08-20 12:15:16 -07:00
|
|
|
string strTest = test.write();
|
|
|
|
|
if (test[0].isArray())
|
2012-08-04 09:28:49 -07:00
|
|
|
{
|
2014-08-20 12:15:16 -07:00
|
|
|
if (test.size() != 3 || !test[1].isStr() || !test[2].isStr())
|
2012-08-04 09:28:49 -07:00
|
|
|
{
|
2017-06-07 05:09:56 -07:00
|
|
|
BOOST_ERROR("Bad test: " << strTest << comment);
|
2012-08-04 09:28:49 -07:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
map<COutPoint, CScript> mapprevOutScriptPubKeys;
|
2015-05-13 12:29:19 -07:00
|
|
|
UniValue inputs = test[0].get_array();
|
2012-08-04 09:28:49 -07:00
|
|
|
bool fValid = true;
|
2017-02-06 16:43:10 -08:00
|
|
|
for (size_t inpIdx = 0; inpIdx < inputs.size(); inpIdx++) {
|
2015-05-18 05:02:18 -07:00
|
|
|
const UniValue& input = inputs[inpIdx];
|
2014-08-20 12:15:16 -07:00
|
|
|
if (!input.isArray())
|
2012-08-04 09:28:49 -07:00
|
|
|
{
|
|
|
|
|
fValid = false;
|
|
|
|
|
break;
|
|
|
|
|
}
|
2015-05-13 12:29:19 -07:00
|
|
|
UniValue vinput = input.get_array();
|
2012-08-04 09:28:49 -07:00
|
|
|
if (vinput.size() != 3)
|
|
|
|
|
{
|
|
|
|
|
fValid = false;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2014-12-16 05:50:05 -08:00
|
|
|
mapprevOutScriptPubKeys[COutPoint(uint256S(vinput[0].get_str()), vinput[1].get_int())] = ParseScript(vinput[2].get_str());
|
2012-08-04 09:28:49 -07:00
|
|
|
}
|
|
|
|
|
if (!fValid)
|
|
|
|
|
{
|
2017-06-07 05:09:56 -07:00
|
|
|
BOOST_ERROR("Bad test: " << strTest << comment);
|
2012-08-04 09:28:49 -07:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
string transaction = test[1].get_str();
|
|
|
|
|
CDataStream stream(ParseHex(transaction), SER_NETWORK, PROTOCOL_VERSION);
|
|
|
|
|
CTransaction tx;
|
|
|
|
|
stream >> tx;
|
|
|
|
|
|
2013-01-26 15:14:11 -08:00
|
|
|
CValidationState state;
|
2022-01-22 12:54:37 -08:00
|
|
|
BOOST_CHECK_MESSAGE(CheckTransaction(tx, state, verifier), strTest + comment);
|
2017-06-07 05:09:56 -07:00
|
|
|
BOOST_CHECK_MESSAGE(state.IsValid(), comment);
|
2012-09-05 18:46:48 -07:00
|
|
|
|
2022-01-22 18:37:10 -08:00
|
|
|
// None of these test vectors use ZIP 244.
|
|
|
|
|
assert(tx.nVersion < ZIP225_TX_VERSION);
|
|
|
|
|
PrecomputedTransactionData txdata(tx, {});
|
2012-08-04 09:28:49 -07:00
|
|
|
for (unsigned int i = 0; i < tx.vin.size(); i++)
|
|
|
|
|
{
|
|
|
|
|
if (!mapprevOutScriptPubKeys.count(tx.vin[i].prevout))
|
|
|
|
|
{
|
2017-06-07 05:09:56 -07:00
|
|
|
BOOST_ERROR("Bad test: " << strTest << comment);
|
2012-08-04 09:28:49 -07:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2016-03-31 05:51:29 -07:00
|
|
|
CAmount amount = 0;
|
2014-09-08 12:15:31 -07:00
|
|
|
unsigned int verify_flags = ParseScriptFlags(test[2].get_str());
|
2014-03-10 15:17:56 -07:00
|
|
|
BOOST_CHECK_MESSAGE(VerifyScript(tx.vin[i].scriptSig, mapprevOutScriptPubKeys[tx.vin[i].prevout],
|
2022-01-22 14:59:28 -08:00
|
|
|
verify_flags, TransactionSignatureChecker(&tx, txdata, i, amount), consensusBranchId, &err),
|
2017-06-07 05:09:56 -07:00
|
|
|
strTest + comment);
|
|
|
|
|
BOOST_CHECK_MESSAGE(err == SCRIPT_ERR_OK, ScriptErrorString(err) + comment);
|
2012-08-04 09:28:49 -07:00
|
|
|
}
|
2017-06-07 05:09:56 -07:00
|
|
|
|
|
|
|
|
comment = "";
|
|
|
|
|
}
|
|
|
|
|
else if (test.size() == 1)
|
|
|
|
|
{
|
|
|
|
|
comment += "\n# ";
|
|
|
|
|
comment += test[0].write();
|
2012-08-04 09:28:49 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
BOOST_AUTO_TEST_CASE(tx_invalid)
|
|
|
|
|
{
|
2018-02-01 17:49:42 -08:00
|
|
|
uint32_t consensusBranchId = SPROUT_BRANCH_ID;
|
|
|
|
|
|
2012-08-04 09:28:49 -07:00
|
|
|
// Read tests from test/data/tx_invalid.json
|
|
|
|
|
// Format is an array of arrays
|
|
|
|
|
// Inner arrays are either [ "comment" ]
|
2014-03-10 15:17:56 -07:00
|
|
|
// or [[[prevout hash, prevout index, prevout scriptPubKey], [input 2], ...],"], serializedTransaction, verifyFlags
|
2012-08-04 09:28:49 -07:00
|
|
|
// ... where all scripts are stringified scripts.
|
2014-03-10 15:17:56 -07:00
|
|
|
//
|
|
|
|
|
// verifyFlags is a comma separated list of script verification flags to apply, or "NONE"
|
2015-05-13 12:29:19 -07:00
|
|
|
UniValue tests = read_json(std::string(json_tests::tx_invalid, json_tests::tx_invalid + sizeof(json_tests::tx_invalid)));
|
2017-06-07 05:09:56 -07:00
|
|
|
std::string comment("");
|
2012-08-04 09:28:49 -07:00
|
|
|
|
2020-07-07 18:23:03 -07:00
|
|
|
auto verifier = ProofVerifier::Strict();
|
2014-11-13 11:27:38 -08:00
|
|
|
ScriptError err;
|
2017-02-06 16:43:10 -08:00
|
|
|
for (size_t idx = 0; idx < tests.size(); idx++) {
|
2015-05-13 12:29:19 -07:00
|
|
|
UniValue test = tests[idx];
|
2014-08-20 12:15:16 -07:00
|
|
|
string strTest = test.write();
|
|
|
|
|
if (test[0].isArray())
|
2012-08-04 09:28:49 -07:00
|
|
|
{
|
2014-08-20 12:15:16 -07:00
|
|
|
if (test.size() != 3 || !test[1].isStr() || !test[2].isStr())
|
2012-08-04 09:28:49 -07:00
|
|
|
{
|
2017-06-07 05:09:56 -07:00
|
|
|
BOOST_ERROR("Bad test: " << strTest << comment);
|
2012-08-04 09:28:49 -07:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
map<COutPoint, CScript> mapprevOutScriptPubKeys;
|
2015-05-13 12:29:19 -07:00
|
|
|
UniValue inputs = test[0].get_array();
|
2012-08-04 09:28:49 -07:00
|
|
|
bool fValid = true;
|
2017-02-06 16:43:10 -08:00
|
|
|
for (size_t inpIdx = 0; inpIdx < inputs.size(); inpIdx++) {
|
2015-05-18 05:02:18 -07:00
|
|
|
const UniValue& input = inputs[inpIdx];
|
2014-08-20 12:15:16 -07:00
|
|
|
if (!input.isArray())
|
2012-08-04 09:28:49 -07:00
|
|
|
{
|
|
|
|
|
fValid = false;
|
|
|
|
|
break;
|
|
|
|
|
}
|
2015-05-13 12:29:19 -07:00
|
|
|
UniValue vinput = input.get_array();
|
2012-08-04 09:28:49 -07:00
|
|
|
if (vinput.size() != 3)
|
|
|
|
|
{
|
|
|
|
|
fValid = false;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2014-12-16 05:50:05 -08:00
|
|
|
mapprevOutScriptPubKeys[COutPoint(uint256S(vinput[0].get_str()), vinput[1].get_int())] = ParseScript(vinput[2].get_str());
|
2012-08-04 09:28:49 -07:00
|
|
|
}
|
|
|
|
|
if (!fValid)
|
|
|
|
|
{
|
2017-06-07 05:09:56 -07:00
|
|
|
BOOST_ERROR("Bad test: " << strTest << comment);
|
2012-08-04 09:28:49 -07:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
string transaction = test[1].get_str();
|
|
|
|
|
CDataStream stream(ParseHex(transaction), SER_NETWORK, PROTOCOL_VERSION);
|
|
|
|
|
CTransaction tx;
|
2021-06-12 16:28:25 -07:00
|
|
|
try {
|
|
|
|
|
stream >> tx;
|
|
|
|
|
} catch (std::ios_base::failure) {
|
|
|
|
|
// Invalid transaction was caught at parse time by the Rust logic.
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2012-08-04 09:28:49 -07:00
|
|
|
|
2013-01-26 15:14:11 -08:00
|
|
|
CValidationState state;
|
2022-01-22 12:54:37 -08:00
|
|
|
fValid = CheckTransaction(tx, state, verifier) && state.IsValid();
|
2012-09-05 18:46:48 -07:00
|
|
|
|
2022-01-22 18:37:10 -08:00
|
|
|
// None of these test vectors use ZIP 244.
|
|
|
|
|
assert(tx.nVersion < ZIP225_TX_VERSION);
|
|
|
|
|
PrecomputedTransactionData txdata(tx, {});
|
2012-09-05 18:46:48 -07:00
|
|
|
for (unsigned int i = 0; i < tx.vin.size() && fValid; i++)
|
2012-08-04 09:28:49 -07:00
|
|
|
{
|
|
|
|
|
if (!mapprevOutScriptPubKeys.count(tx.vin[i].prevout))
|
|
|
|
|
{
|
2017-06-07 05:09:56 -07:00
|
|
|
BOOST_ERROR("Bad test: " << strTest << comment);
|
2012-08-04 09:28:49 -07:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2014-09-08 12:15:31 -07:00
|
|
|
unsigned int verify_flags = ParseScriptFlags(test[2].get_str());
|
2016-03-31 05:51:29 -07:00
|
|
|
CAmount amount = 0;
|
2014-03-10 15:17:56 -07:00
|
|
|
fValid = VerifyScript(tx.vin[i].scriptSig, mapprevOutScriptPubKeys[tx.vin[i].prevout],
|
2022-01-22 14:59:28 -08:00
|
|
|
verify_flags, TransactionSignatureChecker(&tx, txdata, i, amount), consensusBranchId, &err);
|
2012-08-04 09:28:49 -07:00
|
|
|
}
|
2017-06-07 05:09:56 -07:00
|
|
|
BOOST_CHECK_MESSAGE(!fValid, strTest + comment);
|
|
|
|
|
BOOST_CHECK_MESSAGE(err != SCRIPT_ERR_OK, ScriptErrorString(err) + comment);
|
|
|
|
|
|
|
|
|
|
comment = "";
|
|
|
|
|
}
|
|
|
|
|
else if (test.size() == 1)
|
|
|
|
|
{
|
|
|
|
|
comment += "\n# ";
|
|
|
|
|
comment += test[0].write();
|
2012-08-04 09:28:49 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2011-07-31 11:07:53 -07:00
|
|
|
BOOST_AUTO_TEST_CASE(basic_transaction_tests)
|
|
|
|
|
{
|
|
|
|
|
// Random real transaction (e2769b09e784f32f62ef849763d4f45b98e07ba658647343b915ff832b110436)
|
|
|
|
|
unsigned char ch[] = {0x01, 0x00, 0x00, 0x00, 0x01, 0x6b, 0xff, 0x7f, 0xcd, 0x4f, 0x85, 0x65, 0xef, 0x40, 0x6d, 0xd5, 0xd6, 0x3d, 0x4f, 0xf9, 0x4f, 0x31, 0x8f, 0xe8, 0x20, 0x27, 0xfd, 0x4d, 0xc4, 0x51, 0xb0, 0x44, 0x74, 0x01, 0x9f, 0x74, 0xb4, 0x00, 0x00, 0x00, 0x00, 0x8c, 0x49, 0x30, 0x46, 0x02, 0x21, 0x00, 0xda, 0x0d, 0xc6, 0xae, 0xce, 0xfe, 0x1e, 0x06, 0xef, 0xdf, 0x05, 0x77, 0x37, 0x57, 0xde, 0xb1, 0x68, 0x82, 0x09, 0x30, 0xe3, 0xb0, 0xd0, 0x3f, 0x46, 0xf5, 0xfc, 0xf1, 0x50, 0xbf, 0x99, 0x0c, 0x02, 0x21, 0x00, 0xd2, 0x5b, 0x5c, 0x87, 0x04, 0x00, 0x76, 0xe4, 0xf2, 0x53, 0xf8, 0x26, 0x2e, 0x76, 0x3e, 0x2d, 0xd5, 0x1e, 0x7f, 0xf0, 0xbe, 0x15, 0x77, 0x27, 0xc4, 0xbc, 0x42, 0x80, 0x7f, 0x17, 0xbd, 0x39, 0x01, 0x41, 0x04, 0xe6, 0xc2, 0x6e, 0xf6, 0x7d, 0xc6, 0x10, 0xd2, 0xcd, 0x19, 0x24, 0x84, 0x78, 0x9a, 0x6c, 0xf9, 0xae, 0xa9, 0x93, 0x0b, 0x94, 0x4b, 0x7e, 0x2d, 0xb5, 0x34, 0x2b, 0x9d, 0x9e, 0x5b, 0x9f, 0xf7, 0x9a, 0xff, 0x9a, 0x2e, 0xe1, 0x97, 0x8d, 0xd7, 0xfd, 0x01, 0xdf, 0xc5, 0x22, 0xee, 0x02, 0x28, 0x3d, 0x3b, 0x06, 0xa9, 0xd0, 0x3a, 0xcf, 0x80, 0x96, 0x96, 0x8d, 0x7d, 0xbb, 0x0f, 0x91, 0x78, 0xff, 0xff, 0xff, 0xff, 0x02, 0x8b, 0xa7, 0x94, 0x0e, 0x00, 0x00, 0x00, 0x00, 0x19, 0x76, 0xa9, 0x14, 0xba, 0xde, 0xec, 0xfd, 0xef, 0x05, 0x07, 0x24, 0x7f, 0xc8, 0xf7, 0x42, 0x41, 0xd7, 0x3b, 0xc0, 0x39, 0x97, 0x2d, 0x7b, 0x88, 0xac, 0x40, 0x94, 0xa8, 0x02, 0x00, 0x00, 0x00, 0x00, 0x19, 0x76, 0xa9, 0x14, 0xc1, 0x09, 0x32, 0x48, 0x3f, 0xec, 0x93, 0xed, 0x51, 0xf5, 0xfe, 0x95, 0xe7, 0x25, 0x59, 0xf2, 0xcc, 0x70, 0x43, 0xf9, 0x88, 0xac, 0x00, 0x00, 0x00, 0x00, 0x00};
|
|
|
|
|
vector<unsigned char> vch(ch, ch + sizeof(ch) -1);
|
2012-04-17 11:37:47 -07:00
|
|
|
CDataStream stream(vch, SER_DISK, CLIENT_VERSION);
|
2014-06-07 04:53:27 -07:00
|
|
|
CMutableTransaction tx;
|
2011-07-31 11:07:53 -07:00
|
|
|
stream >> tx;
|
2013-01-26 15:14:11 -08:00
|
|
|
CValidationState state;
|
2020-07-07 18:23:03 -07:00
|
|
|
auto verifier = ProofVerifier::Strict();
|
2022-01-22 12:54:37 -08:00
|
|
|
BOOST_CHECK_MESSAGE(CheckTransaction(tx, state, verifier) && state.IsValid(), "Simple deserialized transaction should be valid.");
|
2011-07-31 11:07:53 -07:00
|
|
|
|
|
|
|
|
// Check that duplicate txins fail
|
|
|
|
|
tx.vin.push_back(tx.vin[0]);
|
2022-01-22 12:54:37 -08:00
|
|
|
BOOST_CHECK_MESSAGE(!CheckTransaction(tx, state, verifier) || !state.IsValid(), "Transaction with duplicate txins should be invalid.");
|
2011-07-31 11:07:53 -07:00
|
|
|
}
|
|
|
|
|
|
2012-01-10 17:18:00 -08:00
|
|
|
//
|
|
|
|
|
// Helper: create two dummy transactions, each with
|
2012-01-19 10:30:54 -08:00
|
|
|
// two outputs. The first has 11 and 50 CENT outputs
|
|
|
|
|
// paid to a TX_PUBKEY, the second 21 and 22 CENT outputs
|
|
|
|
|
// paid to a TX_PUBKEYHASH.
|
2012-01-10 17:18:00 -08:00
|
|
|
//
|
2014-06-07 04:53:27 -07:00
|
|
|
static std::vector<CMutableTransaction>
|
2014-09-03 00:25:32 -07:00
|
|
|
SetupDummyInputs(CBasicKeyStore& keystoreRet, CCoinsViewCache& coinsRet)
|
2012-01-10 17:18:00 -08:00
|
|
|
{
|
2014-06-07 04:53:27 -07:00
|
|
|
std::vector<CMutableTransaction> dummyTransactions;
|
2012-01-10 17:18:00 -08:00
|
|
|
dummyTransactions.resize(2);
|
|
|
|
|
|
|
|
|
|
// Add some keys to the keystore:
|
|
|
|
|
CKey key[4];
|
|
|
|
|
for (int i = 0; i < 4; i++)
|
|
|
|
|
{
|
2021-10-18 18:47:28 -07:00
|
|
|
key[i] = CKey::TestOnlyRandomKey(i % 2);
|
2012-01-10 17:18:00 -08:00
|
|
|
keystoreRet.AddKey(key[i]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Create some dummy input transactions
|
|
|
|
|
dummyTransactions[0].vout.resize(2);
|
|
|
|
|
dummyTransactions[0].vout[0].nValue = 11*CENT;
|
2014-09-24 19:54:08 -07:00
|
|
|
dummyTransactions[0].vout[0].scriptPubKey << ToByteVector(key[0].GetPubKey()) << OP_CHECKSIG;
|
2012-01-10 17:18:00 -08:00
|
|
|
dummyTransactions[0].vout[1].nValue = 50*CENT;
|
2014-09-24 19:54:08 -07:00
|
|
|
dummyTransactions[0].vout[1].scriptPubKey << ToByteVector(key[1].GetPubKey()) << OP_CHECKSIG;
|
2016-08-30 12:49:38 -07:00
|
|
|
coinsRet.ModifyCoins(dummyTransactions[0].GetHash())->FromTx(dummyTransactions[0], 0);
|
2012-01-10 17:18:00 -08:00
|
|
|
|
|
|
|
|
dummyTransactions[1].vout.resize(2);
|
|
|
|
|
dummyTransactions[1].vout[0].nValue = 21*CENT;
|
2014-09-11 10:15:29 -07:00
|
|
|
dummyTransactions[1].vout[0].scriptPubKey = GetScriptForDestination(key[2].GetPubKey().GetID());
|
2012-01-10 17:18:00 -08:00
|
|
|
dummyTransactions[1].vout[1].nValue = 22*CENT;
|
2014-09-11 10:15:29 -07:00
|
|
|
dummyTransactions[1].vout[1].scriptPubKey = GetScriptForDestination(key[3].GetPubKey().GetID());
|
2016-08-30 12:49:38 -07:00
|
|
|
coinsRet.ModifyCoins(dummyTransactions[1].GetHash())->FromTx(dummyTransactions[1], 0);
|
2012-01-10 17:18:00 -08:00
|
|
|
|
|
|
|
|
return dummyTransactions;
|
|
|
|
|
}
|
|
|
|
|
|
2018-04-25 16:10:34 -07:00
|
|
|
void test_simple_sapling_invalidity(uint32_t consensusBranchId, CMutableTransaction tx)
|
|
|
|
|
{
|
|
|
|
|
{
|
|
|
|
|
CMutableTransaction newTx(tx);
|
|
|
|
|
CValidationState state;
|
|
|
|
|
|
|
|
|
|
BOOST_CHECK(!CheckTransactionWithoutProofVerification(newTx, state));
|
2021-07-01 05:03:02 -07:00
|
|
|
BOOST_CHECK(state.GetRejectReason() == "bad-txns-no-source-of-funds");
|
2018-04-25 16:10:34 -07:00
|
|
|
}
|
2018-04-26 14:24:59 -07:00
|
|
|
{
|
|
|
|
|
CMutableTransaction newTx(tx);
|
|
|
|
|
CValidationState state;
|
|
|
|
|
|
|
|
|
|
newTx.vShieldedSpend.push_back(SpendDescription());
|
|
|
|
|
newTx.vShieldedSpend[0].nullifier = GetRandHash();
|
|
|
|
|
|
|
|
|
|
BOOST_CHECK(!CheckTransactionWithoutProofVerification(newTx, state));
|
2021-07-01 05:03:02 -07:00
|
|
|
BOOST_CHECK(state.GetRejectReason() == "bad-txns-no-sink-of-funds");
|
2018-04-26 14:24:59 -07:00
|
|
|
}
|
2018-04-25 16:10:34 -07:00
|
|
|
{
|
|
|
|
|
// Ensure that nullifiers are never duplicated within a transaction.
|
|
|
|
|
CMutableTransaction newTx(tx);
|
|
|
|
|
CValidationState state;
|
|
|
|
|
|
|
|
|
|
newTx.vShieldedSpend.push_back(SpendDescription());
|
|
|
|
|
newTx.vShieldedSpend[0].nullifier = GetRandHash();
|
2018-04-26 14:24:59 -07:00
|
|
|
|
|
|
|
|
newTx.vShieldedOutput.push_back(OutputDescription());
|
|
|
|
|
|
2018-04-25 16:10:34 -07:00
|
|
|
newTx.vShieldedSpend.push_back(SpendDescription());
|
|
|
|
|
newTx.vShieldedSpend[1].nullifier = newTx.vShieldedSpend[0].nullifier;
|
|
|
|
|
|
|
|
|
|
BOOST_CHECK(!CheckTransactionWithoutProofVerification(newTx, state));
|
|
|
|
|
BOOST_CHECK(state.GetRejectReason() == "bad-spend-description-nullifiers-duplicate");
|
|
|
|
|
|
|
|
|
|
newTx.vShieldedSpend[1].nullifier = GetRandHash();
|
|
|
|
|
|
|
|
|
|
BOOST_CHECK(CheckTransactionWithoutProofVerification(newTx, state));
|
|
|
|
|
}
|
2018-04-26 14:53:26 -07:00
|
|
|
{
|
|
|
|
|
CMutableTransaction newTx(tx);
|
|
|
|
|
CValidationState state;
|
|
|
|
|
|
|
|
|
|
// Create a coinbase transaction
|
|
|
|
|
CTxIn vin;
|
|
|
|
|
vin.prevout = COutPoint();
|
|
|
|
|
newTx.vin.push_back(vin);
|
|
|
|
|
CTxOut vout;
|
|
|
|
|
vout.nValue = 1;
|
|
|
|
|
newTx.vout.push_back(vout);
|
|
|
|
|
|
|
|
|
|
newTx.vShieldedSpend.push_back(SpendDescription());
|
|
|
|
|
|
|
|
|
|
BOOST_CHECK(!CheckTransactionWithoutProofVerification(newTx, state));
|
|
|
|
|
BOOST_CHECK(state.GetRejectReason() == "bad-cb-has-spend-description");
|
|
|
|
|
}
|
2018-04-25 16:10:34 -07:00
|
|
|
}
|
|
|
|
|
|
2018-03-26 16:22:37 -07:00
|
|
|
void test_simple_joinsplit_invalidity(uint32_t consensusBranchId, CMutableTransaction tx)
|
2015-12-29 19:20:30 -08:00
|
|
|
{
|
2020-07-07 18:23:03 -07:00
|
|
|
auto verifier = ProofVerifier::Strict();
|
2022-01-22 12:54:37 -08:00
|
|
|
auto orchardAuth = orchard::AuthValidator::Disabled();
|
2015-12-29 19:20:30 -08:00
|
|
|
{
|
|
|
|
|
// Ensure that empty vin/vout remain invalid without
|
2016-07-14 15:10:41 -07:00
|
|
|
// joinsplits.
|
2015-12-29 19:20:30 -08:00
|
|
|
CMutableTransaction newTx(tx);
|
|
|
|
|
CValidationState state;
|
Apply `HaveShieldedRequirements` to coinbase transactions
Both transparent and shielded inputs have contextual checks that need to
be enforced in the consensus rules. For shielded inputs, these are that
the anchors in transactions correspond to real commitment tree states
(to ensure that the spent notes existed), and that their nullifiers are
not being double-spent.
When Sprout was first added to the codebase, we added input checks in
the same places that transparent inputs were checked; namely anywhere
`CCoinsViewCache::HaveInputs` is called. These all happened to be gated
on `!tx.IsCoinBase()`, which was fine because we did not allow Sprout
JoinSplits in coinbase transactions (enforced with a non-contextual
check).
When we added Sapling we also allowed coinbase outputs to Sapling
addresses (shielded coinbase). We updated `HaveShieldedRequirements` to
check Sapling anchors and nullifiers, but didn't change the consensus
code to call it on coinbase. This was fine because Sapling Spends and
Outputs are separate, and we did not allow Sapling Spends in coinbase
transactions (meaning that there were no anchors or nullifiers to
enforce the input rules on).
Orchard falls into an interesting middle-ground:
- We allowed coinbase outputs to Orchard addresses, to enable Sapling
shielded coinbase users to migrate to Orchard.
- Orchard uses Actions, which are a hybrid of Sprout JoinSplits and
Sapling Spends/Outputs. That is, an Orchard Action comprises a single
spend and a single output.
To maintain the "no shielded spends in coinbase" rule, we added an
`enableSpends` flag to the Orchard circuit. We force it to be set to
`false` for coinbase, ensuring that all Orchard spends in a coinbase use
dummy (zero-valued) notes. However, this is insufficient: the coinbase
transaction will still contain an Orchard anchor and nullifiers, and
these need to be correctly constrained.
In particular, not constraining the Orchard nullifiers in a coinbase
transaction enables a Faerie Gold attack. We explicitly require that
Orchard nullifiers are unique, so that there is a unique input to the
nullifier derivation. Without the coinbase check, the following attack
is possible:
- An adversary creates an Orchard Action sending some amount of ZEC to a
victim address, with a dummy spent note. The entire transaction can be
fully-shielded by placing the real spent note in a separate Action.
- The adversary uses the exact same dummy note in a coinbase
transaction, creating the exact same output note (same victim address
and amount).
- The victim now has two notes with the same ZEC amount, but can only
spend one of them because they have the same nullifier.
This commit fixes the consensus bug by calling `HaveShieldedRequirements`
outside of `!tx.IsCoinBase()` gates. To simplify its usage, there is now
a `Consensus::CheckTxShieldedInputs` function that handles the logging
and validation state updates. We also move shielded input checks from
`ContextualCheckInputs` to `ContextualCheckShieldedInputs`; these now
mirror each other in that they check contextual rules on transparent and
shielded inputs respectively, followed by checking signatures.
2022-04-01 12:11:18 -07:00
|
|
|
AssumeShieldedInputsExistAndAreSpendable baseView;
|
|
|
|
|
CCoinsViewCache view(&baseView);
|
2016-01-08 01:00:54 -08:00
|
|
|
|
2020-07-31 07:15:04 -07:00
|
|
|
Ed25519SigningKey joinSplitPrivKey;
|
|
|
|
|
ed25519_generate_keypair(&joinSplitPrivKey, &newTx.joinSplitPubKey);
|
2016-05-30 09:59:20 -07:00
|
|
|
|
2016-07-14 15:10:41 -07:00
|
|
|
// No joinsplits, vin and vout, means it should be invalid.
|
2016-06-23 15:35:31 -07:00
|
|
|
BOOST_CHECK(!CheckTransactionWithoutProofVerification(newTx, state));
|
2021-07-01 05:03:02 -07:00
|
|
|
BOOST_CHECK(state.GetRejectReason() == "bad-txns-no-source-of-funds");
|
2015-12-29 19:20:30 -08:00
|
|
|
|
|
|
|
|
newTx.vin.push_back(CTxIn(uint256S("0000000000000000000000000000000000000000000000000000000000000001"), 0));
|
|
|
|
|
|
2016-06-23 15:35:31 -07:00
|
|
|
BOOST_CHECK(!CheckTransactionWithoutProofVerification(newTx, state));
|
2021-07-01 05:03:02 -07:00
|
|
|
BOOST_CHECK(state.GetRejectReason() == "bad-txns-no-sink-of-funds");
|
2015-12-29 19:20:30 -08:00
|
|
|
|
2019-06-16 04:39:05 -07:00
|
|
|
newTx.vJoinSplit.push_back(JSDescription());
|
|
|
|
|
JSDescription *jsdesc = &newTx.vJoinSplit[0];
|
2015-12-29 19:20:30 -08:00
|
|
|
|
2016-07-14 15:10:41 -07:00
|
|
|
jsdesc->nullifiers[0] = GetRandHash();
|
|
|
|
|
jsdesc->nullifiers[1] = GetRandHash();
|
2015-12-29 19:20:30 -08:00
|
|
|
|
2022-01-22 18:37:10 -08:00
|
|
|
// Fake coins being spent.
|
|
|
|
|
std::vector<CTxOut> allPrevOutputs;
|
|
|
|
|
allPrevOutputs.resize(newTx.vin.size());
|
|
|
|
|
const PrecomputedTransactionData txdata(newTx, allPrevOutputs);
|
2022-01-22 14:59:28 -08:00
|
|
|
|
2018-02-01 17:49:42 -08:00
|
|
|
BOOST_CHECK(CheckTransactionWithoutProofVerification(newTx, state));
|
2022-01-22 12:54:37 -08:00
|
|
|
BOOST_CHECK(ContextualCheckTransaction(newTx, state, Params(), 0, true));
|
Apply `HaveShieldedRequirements` to coinbase transactions
Both transparent and shielded inputs have contextual checks that need to
be enforced in the consensus rules. For shielded inputs, these are that
the anchors in transactions correspond to real commitment tree states
(to ensure that the spent notes existed), and that their nullifiers are
not being double-spent.
When Sprout was first added to the codebase, we added input checks in
the same places that transparent inputs were checked; namely anywhere
`CCoinsViewCache::HaveInputs` is called. These all happened to be gated
on `!tx.IsCoinBase()`, which was fine because we did not allow Sprout
JoinSplits in coinbase transactions (enforced with a non-contextual
check).
When we added Sapling we also allowed coinbase outputs to Sapling
addresses (shielded coinbase). We updated `HaveShieldedRequirements` to
check Sapling anchors and nullifiers, but didn't change the consensus
code to call it on coinbase. This was fine because Sapling Spends and
Outputs are separate, and we did not allow Sapling Spends in coinbase
transactions (meaning that there were no anchors or nullifiers to
enforce the input rules on).
Orchard falls into an interesting middle-ground:
- We allowed coinbase outputs to Orchard addresses, to enable Sapling
shielded coinbase users to migrate to Orchard.
- Orchard uses Actions, which are a hybrid of Sprout JoinSplits and
Sapling Spends/Outputs. That is, an Orchard Action comprises a single
spend and a single output.
To maintain the "no shielded spends in coinbase" rule, we added an
`enableSpends` flag to the Orchard circuit. We force it to be set to
`false` for coinbase, ensuring that all Orchard spends in a coinbase use
dummy (zero-valued) notes. However, this is insufficient: the coinbase
transaction will still contain an Orchard anchor and nullifiers, and
these need to be correctly constrained.
In particular, not constraining the Orchard nullifiers in a coinbase
transaction enables a Faerie Gold attack. We explicitly require that
Orchard nullifiers are unique, so that there is a unique input to the
nullifier derivation. Without the coinbase check, the following attack
is possible:
- An adversary creates an Orchard Action sending some amount of ZEC to a
victim address, with a dummy spent note. The entire transaction can be
fully-shielded by placing the real spent note in a separate Action.
- The adversary uses the exact same dummy note in a coinbase
transaction, creating the exact same output note (same victim address
and amount).
- The victim now has two notes with the same ZEC amount, but can only
spend one of them because they have the same nullifier.
This commit fixes the consensus bug by calling `HaveShieldedRequirements`
outside of `!tx.IsCoinBase()` gates. To simplify its usage, there is now
a `Consensus::CheckTxShieldedInputs` function that handles the logging
and validation state updates. We also move shielded input checks from
`ContextualCheckInputs` to `ContextualCheckShieldedInputs`; these now
mirror each other in that they check contextual rules on transparent and
shielded inputs respectively, followed by checking signatures.
2022-04-01 12:11:18 -07:00
|
|
|
BOOST_CHECK(!ContextualCheckShieldedInputs(newTx, txdata, state, view, orchardAuth, Params().GetConsensus(), consensusBranchId, false, true));
|
2016-05-30 18:38:01 -07:00
|
|
|
BOOST_CHECK(state.GetRejectReason() == "bad-txns-invalid-joinsplit-signature");
|
2016-05-30 09:53:04 -07:00
|
|
|
|
2016-05-30 09:59:20 -07:00
|
|
|
// Empty output script.
|
2016-05-30 09:53:04 -07:00
|
|
|
CScript scriptCode;
|
2016-05-30 09:59:20 -07:00
|
|
|
CTransaction signTx(newTx);
|
2022-01-22 14:59:28 -08:00
|
|
|
uint256 dataToBeSigned = SignatureHash(scriptCode, signTx, NOT_AN_INPUT, SIGHASH_ALL, 0, consensusBranchId, txdata);
|
2016-05-30 09:53:04 -07:00
|
|
|
|
2020-07-31 07:15:04 -07:00
|
|
|
assert(ed25519_sign(
|
|
|
|
|
&joinSplitPrivKey,
|
|
|
|
|
dataToBeSigned.begin(), 32,
|
|
|
|
|
&newTx.joinSplitSig));
|
2016-05-30 09:53:04 -07:00
|
|
|
|
2022-01-22 12:54:37 -08:00
|
|
|
state = CValidationState();
|
2016-06-23 15:35:31 -07:00
|
|
|
BOOST_CHECK(CheckTransactionWithoutProofVerification(newTx, state));
|
2020-02-06 06:30:37 -08:00
|
|
|
BOOST_CHECK(ContextualCheckTransaction(newTx, state, Params(), 0, true));
|
Apply `HaveShieldedRequirements` to coinbase transactions
Both transparent and shielded inputs have contextual checks that need to
be enforced in the consensus rules. For shielded inputs, these are that
the anchors in transactions correspond to real commitment tree states
(to ensure that the spent notes existed), and that their nullifiers are
not being double-spent.
When Sprout was first added to the codebase, we added input checks in
the same places that transparent inputs were checked; namely anywhere
`CCoinsViewCache::HaveInputs` is called. These all happened to be gated
on `!tx.IsCoinBase()`, which was fine because we did not allow Sprout
JoinSplits in coinbase transactions (enforced with a non-contextual
check).
When we added Sapling we also allowed coinbase outputs to Sapling
addresses (shielded coinbase). We updated `HaveShieldedRequirements` to
check Sapling anchors and nullifiers, but didn't change the consensus
code to call it on coinbase. This was fine because Sapling Spends and
Outputs are separate, and we did not allow Sapling Spends in coinbase
transactions (meaning that there were no anchors or nullifiers to
enforce the input rules on).
Orchard falls into an interesting middle-ground:
- We allowed coinbase outputs to Orchard addresses, to enable Sapling
shielded coinbase users to migrate to Orchard.
- Orchard uses Actions, which are a hybrid of Sprout JoinSplits and
Sapling Spends/Outputs. That is, an Orchard Action comprises a single
spend and a single output.
To maintain the "no shielded spends in coinbase" rule, we added an
`enableSpends` flag to the Orchard circuit. We force it to be set to
`false` for coinbase, ensuring that all Orchard spends in a coinbase use
dummy (zero-valued) notes. However, this is insufficient: the coinbase
transaction will still contain an Orchard anchor and nullifiers, and
these need to be correctly constrained.
In particular, not constraining the Orchard nullifiers in a coinbase
transaction enables a Faerie Gold attack. We explicitly require that
Orchard nullifiers are unique, so that there is a unique input to the
nullifier derivation. Without the coinbase check, the following attack
is possible:
- An adversary creates an Orchard Action sending some amount of ZEC to a
victim address, with a dummy spent note. The entire transaction can be
fully-shielded by placing the real spent note in a separate Action.
- The adversary uses the exact same dummy note in a coinbase
transaction, creating the exact same output note (same victim address
and amount).
- The victim now has two notes with the same ZEC amount, but can only
spend one of them because they have the same nullifier.
This commit fixes the consensus bug by calling `HaveShieldedRequirements`
outside of `!tx.IsCoinBase()` gates. To simplify its usage, there is now
a `Consensus::CheckTxShieldedInputs` function that handles the logging
and validation state updates. We also move shielded input checks from
`ContextualCheckInputs` to `ContextualCheckShieldedInputs`; these now
mirror each other in that they check contextual rules on transparent and
shielded inputs respectively, followed by checking signatures.
2022-04-01 12:11:18 -07:00
|
|
|
BOOST_CHECK(ContextualCheckShieldedInputs(newTx, txdata, state, view, orchardAuth, Params().GetConsensus(), consensusBranchId, false, true));
|
2022-01-22 12:54:37 -08:00
|
|
|
BOOST_CHECK_EQUAL(state.GetRejectReason(), "");
|
2015-12-29 19:20:30 -08:00
|
|
|
}
|
|
|
|
|
{
|
2016-07-14 15:10:41 -07:00
|
|
|
// Ensure that values within the joinsplit are well-formed.
|
2015-12-29 19:20:30 -08:00
|
|
|
CMutableTransaction newTx(tx);
|
|
|
|
|
CValidationState state;
|
|
|
|
|
|
2019-06-16 04:39:05 -07:00
|
|
|
newTx.vJoinSplit.push_back(JSDescription());
|
2021-06-29 07:58:38 -07:00
|
|
|
|
2019-06-16 04:39:05 -07:00
|
|
|
JSDescription *jsdesc = &newTx.vJoinSplit[0];
|
2016-07-14 15:10:41 -07:00
|
|
|
jsdesc->vpub_old = -1;
|
2015-12-29 19:20:30 -08:00
|
|
|
|
2021-06-12 16:28:25 -07:00
|
|
|
BOOST_CHECK_THROW((CTransaction(newTx)), std::ios_base::failure);
|
2022-01-22 12:54:37 -08:00
|
|
|
BOOST_CHECK(!CheckTransaction(UNSAFE_CTransaction(newTx), state, verifier));
|
2015-12-29 19:20:30 -08:00
|
|
|
BOOST_CHECK(state.GetRejectReason() == "bad-txns-vpub_old-negative");
|
|
|
|
|
|
2016-07-14 15:10:41 -07:00
|
|
|
jsdesc->vpub_old = MAX_MONEY + 1;
|
2015-12-29 19:20:30 -08:00
|
|
|
|
2021-06-12 16:28:25 -07:00
|
|
|
BOOST_CHECK_THROW((CTransaction(newTx)), std::ios_base::failure);
|
2022-01-22 12:54:37 -08:00
|
|
|
BOOST_CHECK(!CheckTransaction(UNSAFE_CTransaction(newTx), state, verifier));
|
2015-12-29 19:20:30 -08:00
|
|
|
BOOST_CHECK(state.GetRejectReason() == "bad-txns-vpub_old-toolarge");
|
|
|
|
|
|
2016-07-14 15:10:41 -07:00
|
|
|
jsdesc->vpub_old = 0;
|
|
|
|
|
jsdesc->vpub_new = -1;
|
2015-12-29 19:20:30 -08:00
|
|
|
|
2021-06-12 16:28:25 -07:00
|
|
|
BOOST_CHECK_THROW((CTransaction(newTx)), std::ios_base::failure);
|
2022-01-22 12:54:37 -08:00
|
|
|
BOOST_CHECK(!CheckTransaction(UNSAFE_CTransaction(newTx), state, verifier));
|
2015-12-29 19:20:30 -08:00
|
|
|
BOOST_CHECK(state.GetRejectReason() == "bad-txns-vpub_new-negative");
|
|
|
|
|
|
2016-07-14 15:10:41 -07:00
|
|
|
jsdesc->vpub_new = MAX_MONEY + 1;
|
2015-12-29 19:20:30 -08:00
|
|
|
|
2021-06-12 16:28:25 -07:00
|
|
|
BOOST_CHECK_THROW((CTransaction(newTx)), std::ios_base::failure);
|
2022-01-22 12:54:37 -08:00
|
|
|
BOOST_CHECK(!CheckTransaction(UNSAFE_CTransaction(newTx), state, verifier));
|
2015-12-29 19:20:30 -08:00
|
|
|
BOOST_CHECK(state.GetRejectReason() == "bad-txns-vpub_new-toolarge");
|
|
|
|
|
|
2016-07-14 15:10:41 -07:00
|
|
|
jsdesc->vpub_new = (MAX_MONEY / 2) + 10;
|
2015-12-29 19:20:30 -08:00
|
|
|
|
2019-06-16 04:39:05 -07:00
|
|
|
newTx.vJoinSplit.push_back(JSDescription());
|
2015-12-29 19:20:30 -08:00
|
|
|
|
2019-06-16 04:39:05 -07:00
|
|
|
JSDescription *jsdesc2 = &newTx.vJoinSplit[1];
|
2016-07-14 15:10:41 -07:00
|
|
|
jsdesc2->vpub_new = (MAX_MONEY / 2) + 10;
|
2015-12-29 19:20:30 -08:00
|
|
|
|
2022-01-22 12:54:37 -08:00
|
|
|
BOOST_CHECK(!CheckTransaction(newTx, state, verifier));
|
2016-09-07 12:55:31 -07:00
|
|
|
BOOST_CHECK(state.GetRejectReason() == "bad-txns-txintotal-toolarge");
|
2015-12-29 19:20:30 -08:00
|
|
|
}
|
|
|
|
|
{
|
2016-07-10 22:18:53 -07:00
|
|
|
// Ensure that nullifiers are never duplicated within a transaction.
|
2015-12-29 19:20:30 -08:00
|
|
|
CMutableTransaction newTx(tx);
|
|
|
|
|
CValidationState state;
|
|
|
|
|
|
2019-06-16 04:39:05 -07:00
|
|
|
newTx.vJoinSplit.push_back(JSDescription());
|
|
|
|
|
JSDescription *jsdesc = &newTx.vJoinSplit[0];
|
2015-12-29 19:20:30 -08:00
|
|
|
|
2016-07-14 15:10:41 -07:00
|
|
|
jsdesc->nullifiers[0] = GetRandHash();
|
|
|
|
|
jsdesc->nullifiers[1] = jsdesc->nullifiers[0];
|
2015-12-29 19:20:30 -08:00
|
|
|
|
2022-01-22 12:54:37 -08:00
|
|
|
BOOST_CHECK(!CheckTransaction(newTx, state, verifier));
|
2016-07-14 15:10:41 -07:00
|
|
|
BOOST_CHECK(state.GetRejectReason() == "bad-joinsplits-nullifiers-duplicate");
|
2015-12-29 19:20:30 -08:00
|
|
|
|
2016-07-14 15:10:41 -07:00
|
|
|
jsdesc->nullifiers[1] = GetRandHash();
|
2015-12-29 19:20:30 -08:00
|
|
|
|
2019-06-16 04:39:05 -07:00
|
|
|
newTx.vJoinSplit.push_back(JSDescription());
|
|
|
|
|
jsdesc = &newTx.vJoinSplit[0]; // Fixes #2026. Related PR #2078.
|
|
|
|
|
JSDescription *jsdesc2 = &newTx.vJoinSplit[1];
|
2015-12-29 19:20:30 -08:00
|
|
|
|
2016-07-14 15:10:41 -07:00
|
|
|
jsdesc2->nullifiers[0] = GetRandHash();
|
|
|
|
|
jsdesc2->nullifiers[1] = jsdesc->nullifiers[0];
|
2015-12-29 19:20:30 -08:00
|
|
|
|
2022-01-22 12:54:37 -08:00
|
|
|
BOOST_CHECK(!CheckTransaction(newTx, state, verifier));
|
2016-07-14 15:10:41 -07:00
|
|
|
BOOST_CHECK(state.GetRejectReason() == "bad-joinsplits-nullifiers-duplicate");
|
2015-12-29 19:20:30 -08:00
|
|
|
}
|
|
|
|
|
{
|
2016-07-14 15:10:41 -07:00
|
|
|
// Ensure that coinbase transactions do not have joinsplits.
|
2015-12-29 19:20:30 -08:00
|
|
|
CMutableTransaction newTx(tx);
|
|
|
|
|
CValidationState state;
|
|
|
|
|
|
2019-06-16 04:39:05 -07:00
|
|
|
newTx.vJoinSplit.push_back(JSDescription());
|
|
|
|
|
JSDescription *jsdesc = &newTx.vJoinSplit[0];
|
2016-07-14 15:10:41 -07:00
|
|
|
jsdesc->nullifiers[0] = GetRandHash();
|
|
|
|
|
jsdesc->nullifiers[1] = GetRandHash();
|
2015-12-29 19:20:30 -08:00
|
|
|
|
|
|
|
|
newTx.vin.push_back(CTxIn(uint256(), -1));
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
CTransaction finalNewTx(newTx);
|
|
|
|
|
BOOST_CHECK(finalNewTx.IsCoinBase());
|
|
|
|
|
}
|
2022-01-22 12:54:37 -08:00
|
|
|
BOOST_CHECK(!CheckTransaction(newTx, state, verifier));
|
2016-07-14 15:10:41 -07:00
|
|
|
BOOST_CHECK(state.GetRejectReason() == "bad-cb-has-joinsplits");
|
2015-12-29 19:20:30 -08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-03-26 16:22:37 -07:00
|
|
|
BOOST_AUTO_TEST_CASE(test_simple_joinsplit_invalidity_driver) {
|
|
|
|
|
{
|
|
|
|
|
CMutableTransaction mtx;
|
|
|
|
|
mtx.nVersion = 2;
|
|
|
|
|
test_simple_joinsplit_invalidity(SPROUT_BRANCH_ID, mtx);
|
|
|
|
|
}
|
|
|
|
|
{
|
|
|
|
|
// Switch to regtest parameters so we can activate Overwinter
|
|
|
|
|
SelectParams(CBaseChainParams::REGTEST);
|
|
|
|
|
|
|
|
|
|
CMutableTransaction mtx;
|
|
|
|
|
mtx.fOverwintered = true;
|
|
|
|
|
mtx.nVersionGroupId = OVERWINTER_VERSION_GROUP_ID;
|
2018-04-23 08:54:18 -07:00
|
|
|
mtx.nVersion = OVERWINTER_TX_VERSION;
|
2018-03-26 16:22:37 -07:00
|
|
|
|
|
|
|
|
UpdateNetworkUpgradeParameters(Consensus::UPGRADE_OVERWINTER, Consensus::NetworkUpgrade::ALWAYS_ACTIVE);
|
|
|
|
|
test_simple_joinsplit_invalidity(NetworkUpgradeInfo[Consensus::UPGRADE_OVERWINTER].nBranchId, mtx);
|
|
|
|
|
UpdateNetworkUpgradeParameters(Consensus::UPGRADE_OVERWINTER, Consensus::NetworkUpgrade::NO_ACTIVATION_HEIGHT);
|
|
|
|
|
|
2018-04-25 16:10:34 -07:00
|
|
|
// Test Sapling things
|
|
|
|
|
mtx.nVersionGroupId = SAPLING_VERSION_GROUP_ID;
|
|
|
|
|
mtx.nVersion = SAPLING_TX_VERSION;
|
|
|
|
|
|
|
|
|
|
UpdateNetworkUpgradeParameters(Consensus::UPGRADE_SAPLING, Consensus::NetworkUpgrade::ALWAYS_ACTIVE);
|
|
|
|
|
test_simple_sapling_invalidity(NetworkUpgradeInfo[Consensus::UPGRADE_SAPLING].nBranchId, mtx);
|
|
|
|
|
UpdateNetworkUpgradeParameters(Consensus::UPGRADE_SAPLING, Consensus::NetworkUpgrade::NO_ACTIVATION_HEIGHT);
|
|
|
|
|
|
2018-03-26 16:22:37 -07:00
|
|
|
// Switch back to mainnet parameters as originally selected in test fixture
|
|
|
|
|
SelectParams(CBaseChainParams::MAIN);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Parameterized testing over consensus branch ids
|
|
|
|
|
BOOST_DATA_TEST_CASE(test_Get, boost::unit_test::data::xrange(static_cast<int>(Consensus::MAX_NETWORK_UPGRADES)))
|
2012-01-10 17:18:00 -08:00
|
|
|
{
|
2018-03-26 16:22:37 -07:00
|
|
|
uint32_t consensusBranchId = NetworkUpgradeInfo[sample].nBranchId;
|
2018-02-01 17:49:42 -08:00
|
|
|
|
2012-01-10 17:18:00 -08:00
|
|
|
CBasicKeyStore keystore;
|
Ultraprune
This switches bitcoin's transaction/block verification logic to use a
"coin database", which contains all unredeemed transaction output scripts,
amounts and heights.
The name ultraprune comes from the fact that instead of a full transaction
index, we only (need to) keep an index with unspent outputs. For now, the
blocks themselves are kept as usual, although they are only necessary for
serving, rescanning and reorganizing.
The basic datastructures are CCoins (representing the coins of a single
transaction), and CCoinsView (representing a state of the coins database).
There are several implementations for CCoinsView. A dummy, one backed by
the coins database (coins.dat), one backed by the memory pool, and one
that adds a cache on top of it. FetchInputs, ConnectInputs, ConnectBlock,
DisconnectBlock, ... now operate on a generic CCoinsView.
The block switching logic now builds a single cached CCoinsView with
changes to be committed to the database before any changes are made.
This means no uncommitted changes are ever read from the database, and
should ease the transition to another database layer which does not
support transactions (but does support atomic writes), like LevelDB.
For the getrawtransaction() RPC call, access to a txid-to-disk index
would be preferable. As this index is not necessary or even useful
for any other part of the implementation, it is not provided. Instead,
getrawtransaction() uses the coin database to find the block height,
and then scans that block to find the requested transaction. This is
slow, but should suffice for debug purposes.
2012-07-01 09:54:00 -07:00
|
|
|
CCoinsView coinsDummy;
|
2014-09-23 18:19:04 -07:00
|
|
|
CCoinsViewCache coins(&coinsDummy);
|
2014-06-07 04:53:27 -07:00
|
|
|
std::vector<CMutableTransaction> dummyTransactions = SetupDummyInputs(keystore, coins);
|
2012-01-10 17:18:00 -08:00
|
|
|
|
2014-06-07 04:53:27 -07:00
|
|
|
CMutableTransaction t1;
|
2012-01-10 17:18:00 -08:00
|
|
|
t1.vin.resize(3);
|
2016-08-30 12:49:38 -07:00
|
|
|
t1.vin[0].prevout.hash = dummyTransactions[0].GetHash();
|
2012-01-10 17:18:00 -08:00
|
|
|
t1.vin[0].prevout.n = 1;
|
2012-01-19 10:30:54 -08:00
|
|
|
t1.vin[0].scriptSig << std::vector<unsigned char>(65, 0);
|
2016-08-30 12:49:38 -07:00
|
|
|
t1.vin[1].prevout.hash = dummyTransactions[1].GetHash();
|
2012-01-10 17:18:00 -08:00
|
|
|
t1.vin[1].prevout.n = 0;
|
2012-01-19 10:30:54 -08:00
|
|
|
t1.vin[1].scriptSig << std::vector<unsigned char>(65, 0) << std::vector<unsigned char>(33, 4);
|
2016-08-30 12:49:38 -07:00
|
|
|
t1.vin[2].prevout.hash = dummyTransactions[1].GetHash();
|
2012-01-10 17:18:00 -08:00
|
|
|
t1.vin[2].prevout.n = 1;
|
2012-01-19 10:30:54 -08:00
|
|
|
t1.vin[2].scriptSig << std::vector<unsigned char>(65, 0) << std::vector<unsigned char>(33, 4);
|
2012-01-10 17:18:00 -08:00
|
|
|
t1.vout.resize(2);
|
|
|
|
|
t1.vout[0].nValue = 90*CENT;
|
|
|
|
|
t1.vout[0].scriptPubKey << OP_1;
|
2021-06-12 15:01:50 -07:00
|
|
|
// Meaningless value, but we need it for the Rust code to parse this.
|
|
|
|
|
t1.vout[1].nValue = CENT;
|
2012-01-10 17:18:00 -08:00
|
|
|
|
2018-02-01 17:49:42 -08:00
|
|
|
BOOST_CHECK(AreInputsStandard(t1, coins, consensusBranchId));
|
2013-01-08 04:17:15 -08:00
|
|
|
BOOST_CHECK_EQUAL(coins.GetValueIn(t1), (50+21+22)*CENT);
|
2012-01-19 10:30:54 -08:00
|
|
|
|
|
|
|
|
// Adding extra junk to the scriptSig should make it non-standard:
|
|
|
|
|
t1.vin[0].scriptSig << OP_11;
|
2018-02-01 17:49:42 -08:00
|
|
|
BOOST_CHECK(!AreInputsStandard(t1, coins, consensusBranchId));
|
2012-01-19 10:30:54 -08:00
|
|
|
|
|
|
|
|
// ... as should not having enough:
|
|
|
|
|
t1.vin[0].scriptSig = CScript();
|
2018-02-01 17:49:42 -08:00
|
|
|
BOOST_CHECK(!AreInputsStandard(t1, coins, consensusBranchId));
|
2012-01-10 17:18:00 -08:00
|
|
|
}
|
|
|
|
|
|
2016-08-16 06:37:56 -07:00
|
|
|
BOOST_AUTO_TEST_CASE(test_big_overwinter_transaction) {
|
2018-02-01 17:49:42 -08:00
|
|
|
uint32_t consensusBranchId = NetworkUpgradeInfo[Consensus::UPGRADE_OVERWINTER].nBranchId;
|
2016-08-16 06:37:56 -07:00
|
|
|
CMutableTransaction mtx;
|
|
|
|
|
mtx.fOverwintered = true;
|
2018-04-23 08:54:18 -07:00
|
|
|
mtx.nVersion = OVERWINTER_TX_VERSION;
|
2016-08-16 06:37:56 -07:00
|
|
|
mtx.nVersionGroupId = OVERWINTER_VERSION_GROUP_ID;
|
|
|
|
|
|
2021-10-18 18:47:28 -07:00
|
|
|
CKey key = CKey::TestOnlyRandomKey(false);
|
2016-08-16 06:37:56 -07:00
|
|
|
CBasicKeyStore keystore;
|
|
|
|
|
keystore.AddKeyPubKey(key, key.GetPubKey());
|
|
|
|
|
CKeyID hash = key.GetPubKey().GetID();
|
|
|
|
|
CScript scriptPubKey = GetScriptForDestination(hash);
|
|
|
|
|
|
|
|
|
|
vector<int> sigHashes;
|
|
|
|
|
sigHashes.push_back(SIGHASH_NONE | SIGHASH_ANYONECANPAY);
|
|
|
|
|
sigHashes.push_back(SIGHASH_SINGLE | SIGHASH_ANYONECANPAY);
|
|
|
|
|
sigHashes.push_back(SIGHASH_ALL | SIGHASH_ANYONECANPAY);
|
|
|
|
|
sigHashes.push_back(SIGHASH_NONE);
|
|
|
|
|
sigHashes.push_back(SIGHASH_SINGLE);
|
|
|
|
|
sigHashes.push_back(SIGHASH_ALL);
|
|
|
|
|
|
|
|
|
|
// create a big transaction of 4500 inputs signed by the same key
|
|
|
|
|
for(uint32_t ij = 0; ij < 4500; ij++) {
|
|
|
|
|
uint32_t i = mtx.vin.size();
|
|
|
|
|
uint256 prevId;
|
|
|
|
|
prevId.SetHex("0000000000000000000000000000000000000000000000000000000000000100");
|
|
|
|
|
COutPoint outpoint(prevId, i);
|
|
|
|
|
|
|
|
|
|
mtx.vin.resize(mtx.vin.size() + 1);
|
|
|
|
|
mtx.vin[i].prevout = outpoint;
|
|
|
|
|
mtx.vin[i].scriptSig = CScript();
|
|
|
|
|
|
|
|
|
|
mtx.vout.resize(mtx.vout.size() + 1);
|
|
|
|
|
mtx.vout[i].nValue = 1000;
|
|
|
|
|
mtx.vout[i].scriptPubKey = CScript() << OP_1;
|
|
|
|
|
}
|
|
|
|
|
|
2022-01-22 18:37:10 -08:00
|
|
|
// Fake coins being spent.
|
|
|
|
|
std::vector<CTxOut> allPrevOutputs;
|
|
|
|
|
allPrevOutputs.resize(mtx.vin.size());
|
|
|
|
|
PrecomputedTransactionData txdata(mtx, allPrevOutputs);
|
2022-01-22 14:59:28 -08:00
|
|
|
|
2016-08-16 06:37:56 -07:00
|
|
|
// sign all inputs
|
|
|
|
|
for(uint32_t i = 0; i < mtx.vin.size(); i++) {
|
2022-01-22 14:59:28 -08:00
|
|
|
bool hashSigned = SignSignature(keystore, scriptPubKey, mtx, txdata, i, 1000, sigHashes.at(i % sigHashes.size()), consensusBranchId);
|
2016-08-16 06:37:56 -07:00
|
|
|
assert(hashSigned);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
CTransaction tx;
|
|
|
|
|
CDataStream ssout(SER_NETWORK, PROTOCOL_VERSION);
|
|
|
|
|
ssout << mtx;
|
|
|
|
|
ssout >> tx;
|
|
|
|
|
|
|
|
|
|
// check all inputs concurrently, with the cache
|
|
|
|
|
boost::thread_group threadGroup;
|
|
|
|
|
CCheckQueue<CScriptCheck> scriptcheckqueue(128);
|
|
|
|
|
CCheckQueueControl<CScriptCheck> control(&scriptcheckqueue);
|
|
|
|
|
|
|
|
|
|
for (int i=0; i<20; i++)
|
|
|
|
|
threadGroup.create_thread(boost::bind(&CCheckQueue<CScriptCheck>::Thread, boost::ref(scriptcheckqueue)));
|
|
|
|
|
|
|
|
|
|
CCoins coins;
|
|
|
|
|
coins.nVersion = 1;
|
|
|
|
|
coins.fCoinBase = false;
|
|
|
|
|
for(uint32_t i = 0; i < mtx.vin.size(); i++) {
|
|
|
|
|
CTxOut txout;
|
|
|
|
|
txout.nValue = 1000;
|
|
|
|
|
txout.scriptPubKey = scriptPubKey;
|
|
|
|
|
coins.vout.push_back(txout);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for(uint32_t i = 0; i < mtx.vin.size(); i++) {
|
|
|
|
|
std::vector<CScriptCheck> vChecks;
|
2018-02-01 17:49:42 -08:00
|
|
|
CScriptCheck check(coins, tx, i, SCRIPT_VERIFY_P2SH, false, consensusBranchId, &txdata);
|
2016-08-16 06:37:56 -07:00
|
|
|
vChecks.push_back(CScriptCheck());
|
|
|
|
|
check.swap(vChecks.back());
|
|
|
|
|
control.Add(vChecks);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool controlCheck = control.Wait();
|
|
|
|
|
assert(controlCheck);
|
|
|
|
|
|
|
|
|
|
threadGroup.interrupt_all();
|
|
|
|
|
threadGroup.join_all();
|
2012-01-10 17:18:00 -08:00
|
|
|
}
|
|
|
|
|
|
2013-04-24 15:27:00 -07:00
|
|
|
BOOST_AUTO_TEST_CASE(test_IsStandard)
|
2012-01-10 17:18:00 -08:00
|
|
|
{
|
2014-04-22 23:05:05 -07:00
|
|
|
LOCK(cs_main);
|
2019-03-14 03:57:14 -07:00
|
|
|
auto chainparams = Params();
|
2012-01-10 17:18:00 -08:00
|
|
|
CBasicKeyStore keystore;
|
Ultraprune
This switches bitcoin's transaction/block verification logic to use a
"coin database", which contains all unredeemed transaction output scripts,
amounts and heights.
The name ultraprune comes from the fact that instead of a full transaction
index, we only (need to) keep an index with unspent outputs. For now, the
blocks themselves are kept as usual, although they are only necessary for
serving, rescanning and reorganizing.
The basic datastructures are CCoins (representing the coins of a single
transaction), and CCoinsView (representing a state of the coins database).
There are several implementations for CCoinsView. A dummy, one backed by
the coins database (coins.dat), one backed by the memory pool, and one
that adds a cache on top of it. FetchInputs, ConnectInputs, ConnectBlock,
DisconnectBlock, ... now operate on a generic CCoinsView.
The block switching logic now builds a single cached CCoinsView with
changes to be committed to the database before any changes are made.
This means no uncommitted changes are ever read from the database, and
should ease the transition to another database layer which does not
support transactions (but does support atomic writes), like LevelDB.
For the getrawtransaction() RPC call, access to a txid-to-disk index
would be preferable. As this index is not necessary or even useful
for any other part of the implementation, it is not provided. Instead,
getrawtransaction() uses the coin database to find the block height,
and then scans that block to find the requested transaction. This is
slow, but should suffice for debug purposes.
2012-07-01 09:54:00 -07:00
|
|
|
CCoinsView coinsDummy;
|
2014-09-23 18:19:04 -07:00
|
|
|
CCoinsViewCache coins(&coinsDummy);
|
2014-06-07 04:53:27 -07:00
|
|
|
std::vector<CMutableTransaction> dummyTransactions = SetupDummyInputs(keystore, coins);
|
2012-01-10 17:18:00 -08:00
|
|
|
|
2014-06-07 04:53:27 -07:00
|
|
|
CMutableTransaction t;
|
2013-04-24 15:27:00 -07:00
|
|
|
t.vin.resize(1);
|
2016-08-30 12:49:38 -07:00
|
|
|
t.vin[0].prevout.hash = dummyTransactions[0].GetHash();
|
2013-04-24 15:27:00 -07:00
|
|
|
t.vin[0].prevout.n = 1;
|
|
|
|
|
t.vin[0].scriptSig << std::vector<unsigned char>(65, 0);
|
|
|
|
|
t.vout.resize(1);
|
|
|
|
|
t.vout[0].nValue = 90*CENT;
|
2021-10-18 18:47:28 -07:00
|
|
|
CKey key = CKey::TestOnlyRandomKey(true);
|
2014-09-11 10:15:29 -07:00
|
|
|
t.vout[0].scriptPubKey = GetScriptForDestination(key.GetPubKey().GetID());
|
2013-04-24 15:27:00 -07:00
|
|
|
|
2013-06-22 23:05:25 -07:00
|
|
|
string reason;
|
2019-03-14 03:57:14 -07:00
|
|
|
BOOST_CHECK(IsStandardTx(t, reason, chainparams));
|
2013-04-24 15:27:00 -07:00
|
|
|
|
2015-10-13 10:23:11 -07:00
|
|
|
// Check dust with default relay fee:
|
|
|
|
|
CAmount nDustThreshold = 182 * minRelayTxFee.GetFeePerK()/1000 * 3;
|
|
|
|
|
BOOST_CHECK_EQUAL(nDustThreshold, 54);
|
|
|
|
|
// dust:
|
|
|
|
|
t.vout[0].nValue = nDustThreshold - 1;
|
2019-03-14 03:57:14 -07:00
|
|
|
BOOST_CHECK(!IsStandardTx(t, reason, chainparams));
|
2015-10-13 10:23:11 -07:00
|
|
|
// not dust:
|
|
|
|
|
t.vout[0].nValue = nDustThreshold;
|
|
|
|
|
BOOST_CHECK(IsStandardTx(t, reason, chainparams));
|
2013-04-24 15:27:00 -07:00
|
|
|
|
2015-10-13 10:23:11 -07:00
|
|
|
// Check dust with odd relay fee to verify rounding:
|
|
|
|
|
// nDustThreshold = 182 * 1234 / 1000 * 3
|
|
|
|
|
minRelayTxFee = CFeeRate(1234);
|
|
|
|
|
// dust:
|
|
|
|
|
t.vout[0].nValue = 672 - 1;
|
|
|
|
|
BOOST_CHECK(!IsStandardTx(t, reason, chainparams));
|
|
|
|
|
// not dust:
|
|
|
|
|
t.vout[0].nValue = 672;
|
2019-03-14 03:57:14 -07:00
|
|
|
BOOST_CHECK(IsStandardTx(t, reason, chainparams));
|
2015-10-13 10:23:11 -07:00
|
|
|
minRelayTxFee = CFeeRate(DEFAULT_MIN_RELAY_TX_FEE);
|
2013-04-24 15:27:00 -07:00
|
|
|
|
|
|
|
|
t.vout[0].scriptPubKey = CScript() << OP_1;
|
2019-03-14 03:57:14 -07:00
|
|
|
BOOST_CHECK(!IsStandardTx(t, reason, chainparams));
|
2013-06-24 12:09:50 -07:00
|
|
|
|
2014-10-13 07:18:05 -07:00
|
|
|
// MAX_OP_RETURN_RELAY-byte TX_NULL_DATA (standard)
|
2014-11-16 07:43:12 -08:00
|
|
|
t.vout[0].scriptPubKey = CScript() << OP_RETURN << ParseHex("04678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb649f6bc3f4cef3804678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb649f6bc3f4cef38");
|
2014-10-13 07:18:05 -07:00
|
|
|
BOOST_CHECK_EQUAL(MAX_OP_RETURN_RELAY, t.vout[0].scriptPubKey.size());
|
2019-03-14 03:57:14 -07:00
|
|
|
BOOST_CHECK(IsStandardTx(t, reason, chainparams));
|
2013-06-24 12:09:50 -07:00
|
|
|
|
2014-10-13 07:18:05 -07:00
|
|
|
// MAX_OP_RETURN_RELAY+1-byte TX_NULL_DATA (non-standard)
|
2014-11-16 07:43:12 -08:00
|
|
|
t.vout[0].scriptPubKey = CScript() << OP_RETURN << ParseHex("04678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb649f6bc3f4cef3804678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb649f6bc3f4cef3800");
|
2014-10-13 07:18:05 -07:00
|
|
|
BOOST_CHECK_EQUAL(MAX_OP_RETURN_RELAY + 1, t.vout[0].scriptPubKey.size());
|
|
|
|
|
BOOST_CHECK(!IsStandardTx(t, reason, chainparams));
|
|
|
|
|
|
|
|
|
|
// Data payload can be encoded in any way...
|
|
|
|
|
t.vout[0].scriptPubKey = CScript() << OP_RETURN << ParseHex("");
|
|
|
|
|
BOOST_CHECK(IsStandardTx(t, reason, chainparams));
|
|
|
|
|
t.vout[0].scriptPubKey = CScript() << OP_RETURN << ParseHex("00") << ParseHex("01");
|
|
|
|
|
BOOST_CHECK(IsStandardTx(t, reason, chainparams));
|
|
|
|
|
// OP_RESERVED *is* considered to be a PUSHDATA type opcode by IsPushOnly()!
|
|
|
|
|
t.vout[0].scriptPubKey = CScript() << OP_RETURN << OP_RESERVED << -1 << 0 << ParseHex("01") << 2 << 3 << 4 << 5 << 6 << 7 << 8 << 9 << 10 << 11 << 12 << 13 << 14 << 15 << 16;
|
|
|
|
|
BOOST_CHECK(IsStandardTx(t, reason, chainparams));
|
|
|
|
|
t.vout[0].scriptPubKey = CScript() << OP_RETURN << 0 << ParseHex("01") << 2 << ParseHex("ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff");
|
|
|
|
|
BOOST_CHECK(IsStandardTx(t, reason, chainparams));
|
|
|
|
|
|
|
|
|
|
// ...so long as it only contains PUSHDATA's
|
|
|
|
|
t.vout[0].scriptPubKey = CScript() << OP_RETURN << OP_RETURN;
|
2019-03-14 03:57:14 -07:00
|
|
|
BOOST_CHECK(!IsStandardTx(t, reason, chainparams));
|
2013-06-24 12:09:50 -07:00
|
|
|
|
2013-10-24 01:32:35 -07:00
|
|
|
// TX_NULL_DATA w/o PUSHDATA
|
|
|
|
|
t.vout.resize(1);
|
2021-06-12 15:01:50 -07:00
|
|
|
t.vout[0].nValue = 0; // Needed for Rust parser
|
2013-10-24 01:32:35 -07:00
|
|
|
t.vout[0].scriptPubKey = CScript() << OP_RETURN;
|
2019-03-14 03:57:14 -07:00
|
|
|
BOOST_CHECK(IsStandardTx(t, reason, chainparams));
|
2013-10-24 01:32:35 -07:00
|
|
|
|
|
|
|
|
// Only one TX_NULL_DATA permitted in all cases
|
2013-06-24 12:09:50 -07:00
|
|
|
t.vout.resize(2);
|
2021-06-12 15:01:50 -07:00
|
|
|
t.vout[0].nValue = 0; // Needed for Rust parser
|
|
|
|
|
t.vout[1].nValue = 0; // Needed for Rust parser
|
2014-02-26 09:58:08 -08:00
|
|
|
t.vout[0].scriptPubKey = CScript() << OP_RETURN << ParseHex("04678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb649f6bc3f4cef38");
|
|
|
|
|
t.vout[1].scriptPubKey = CScript() << OP_RETURN << ParseHex("04678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb649f6bc3f4cef38");
|
2019-03-14 03:57:14 -07:00
|
|
|
BOOST_CHECK(!IsStandardTx(t, reason, chainparams));
|
2013-10-24 01:32:35 -07:00
|
|
|
|
2014-02-26 09:58:08 -08:00
|
|
|
t.vout[0].scriptPubKey = CScript() << OP_RETURN << ParseHex("04678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb649f6bc3f4cef38");
|
2013-10-24 01:32:35 -07:00
|
|
|
t.vout[1].scriptPubKey = CScript() << OP_RETURN;
|
2019-03-14 03:57:14 -07:00
|
|
|
BOOST_CHECK(!IsStandardTx(t, reason, chainparams));
|
2013-10-24 01:32:35 -07:00
|
|
|
|
|
|
|
|
t.vout[0].scriptPubKey = CScript() << OP_RETURN;
|
|
|
|
|
t.vout[1].scriptPubKey = CScript() << OP_RETURN;
|
2019-03-14 03:57:14 -07:00
|
|
|
BOOST_CHECK(!IsStandardTx(t, reason, chainparams));
|
2012-01-10 17:18:00 -08:00
|
|
|
}
|
|
|
|
|
|
2016-10-18 10:10:42 -07:00
|
|
|
BOOST_AUTO_TEST_CASE(test_IsStandardV2)
|
|
|
|
|
{
|
|
|
|
|
LOCK(cs_main);
|
2019-03-14 03:57:14 -07:00
|
|
|
auto chainparams = Params();
|
2016-10-18 10:10:42 -07:00
|
|
|
CBasicKeyStore keystore;
|
|
|
|
|
CCoinsView coinsDummy;
|
|
|
|
|
CCoinsViewCache coins(&coinsDummy);
|
|
|
|
|
std::vector<CMutableTransaction> dummyTransactions = SetupDummyInputs(keystore, coins);
|
|
|
|
|
|
|
|
|
|
CMutableTransaction t;
|
|
|
|
|
t.vin.resize(1);
|
|
|
|
|
t.vin[0].prevout.hash = dummyTransactions[0].GetHash();
|
|
|
|
|
t.vin[0].prevout.n = 1;
|
|
|
|
|
t.vin[0].scriptSig << std::vector<unsigned char>(65, 0);
|
|
|
|
|
t.vout.resize(1);
|
|
|
|
|
t.vout[0].nValue = 90*CENT;
|
2021-10-18 18:47:28 -07:00
|
|
|
CKey key = CKey::TestOnlyRandomKey(true);
|
2016-10-18 10:10:42 -07:00
|
|
|
t.vout[0].scriptPubKey = GetScriptForDestination(key.GetPubKey().GetID());
|
|
|
|
|
|
|
|
|
|
string reason;
|
|
|
|
|
// A v2 transaction with no JoinSplits is still standard.
|
|
|
|
|
t.nVersion = 2;
|
2019-03-14 03:57:14 -07:00
|
|
|
BOOST_CHECK(IsStandardTx(t, reason, chainparams));
|
2016-10-18 10:10:42 -07:00
|
|
|
|
|
|
|
|
// ... and with one JoinSplit.
|
2019-06-16 04:39:05 -07:00
|
|
|
t.vJoinSplit.push_back(JSDescription());
|
2019-03-14 03:57:14 -07:00
|
|
|
BOOST_CHECK(IsStandardTx(t, reason, chainparams));
|
2016-10-18 10:10:42 -07:00
|
|
|
|
|
|
|
|
// ... and when that JoinSplit takes from a transparent input.
|
2019-06-16 04:39:05 -07:00
|
|
|
JSDescription *jsdesc = &t.vJoinSplit[0];
|
2016-10-18 10:10:42 -07:00
|
|
|
jsdesc->vpub_old = 10*CENT;
|
|
|
|
|
t.vout[0].nValue -= 10*CENT;
|
2019-03-14 03:57:14 -07:00
|
|
|
BOOST_CHECK(IsStandardTx(t, reason, chainparams));
|
2016-10-18 10:10:42 -07:00
|
|
|
|
|
|
|
|
// A v2 transaction with JoinSplits but no transparent inputs is standard.
|
|
|
|
|
jsdesc->vpub_old = 0;
|
|
|
|
|
jsdesc->vpub_new = 100*CENT;
|
|
|
|
|
t.vout[0].nValue = 90*CENT;
|
|
|
|
|
t.vin.resize(0);
|
2019-03-14 03:57:14 -07:00
|
|
|
BOOST_CHECK(IsStandardTx(t, reason, chainparams));
|
2016-10-18 10:10:42 -07:00
|
|
|
|
|
|
|
|
// v2 transactions can still be non-standard for the same reasons as v1.
|
2017-02-28 11:44:07 -08:00
|
|
|
t.vout[0].nValue = 53; // dust
|
2019-03-14 03:57:14 -07:00
|
|
|
BOOST_CHECK(!IsStandardTx(t, reason, chainparams));
|
2016-10-18 10:10:42 -07:00
|
|
|
|
|
|
|
|
// v3 is not standard.
|
|
|
|
|
t.nVersion = 3;
|
|
|
|
|
t.vout[0].nValue = 90*CENT;
|
2019-03-14 03:57:14 -07:00
|
|
|
BOOST_CHECK(!IsStandardTx(t, reason, chainparams));
|
2016-10-18 10:10:42 -07:00
|
|
|
}
|
|
|
|
|
|
2021-06-04 07:06:26 -07:00
|
|
|
BOOST_AUTO_TEST_CASE(TxV5)
|
|
|
|
|
{
|
|
|
|
|
// [
|
|
|
|
|
// tx,
|
|
|
|
|
// txid,
|
|
|
|
|
// auth_digest,
|
2022-01-22 15:52:51 -08:00
|
|
|
// amounts,
|
|
|
|
|
// script_pubkeys,
|
2021-06-04 07:06:26 -07:00
|
|
|
// Option<transparent_input>,
|
2022-01-22 15:52:51 -08:00
|
|
|
// sighash_shielded,
|
|
|
|
|
// Option<sighash_all>,
|
2021-06-04 07:06:26 -07:00
|
|
|
// Option<sighash_none>,
|
|
|
|
|
// Option<sighash_single>,
|
|
|
|
|
// Option<sighash_all_anyone>,
|
|
|
|
|
// Option<sighash_none_anyone>,
|
|
|
|
|
// Option<sighash_single_anyone>,
|
|
|
|
|
// ]
|
|
|
|
|
//
|
|
|
|
|
// The optional values are all set together.
|
|
|
|
|
UniValue tests = read_json(std::string(json_tests::zip0244, json_tests::zip0244 + sizeof(json_tests::zip0244)));
|
|
|
|
|
|
|
|
|
|
// Skipping over comments in zip0244.json file
|
|
|
|
|
for (size_t idx = 2; idx < tests.size(); idx++) {
|
|
|
|
|
UniValue test = tests[idx];
|
|
|
|
|
|
|
|
|
|
std::string transaction = test[0].get_str();
|
|
|
|
|
CDataStream stream(ParseHex(transaction), SER_NETWORK, PROTOCOL_VERSION);
|
|
|
|
|
CTransaction tx;
|
|
|
|
|
stream >> tx;
|
|
|
|
|
|
|
|
|
|
// Check that re-serializing the transaction gives the same encoding.
|
|
|
|
|
CDataStream ss(SER_NETWORK, PROTOCOL_VERSION);
|
|
|
|
|
ss << tx;
|
|
|
|
|
BOOST_CHECK_EQUAL(HexStr(ss.begin(), ss.end()), transaction);
|
2021-06-11 13:34:15 -07:00
|
|
|
|
|
|
|
|
// ZIP 244: Check the transaction digests.
|
|
|
|
|
BOOST_CHECK_EQUAL(tx.GetHash().GetHex(), test[1].getValStr());
|
|
|
|
|
BOOST_CHECK_EQUAL(tx.GetAuthDigest().GetHex(), test[2].getValStr());
|
2021-06-12 08:40:16 -07:00
|
|
|
|
2022-01-22 15:52:51 -08:00
|
|
|
UniValue amountsArr = test[3].get_array();
|
|
|
|
|
UniValue scriptCodesArr = test[4].get_array();
|
|
|
|
|
std::vector<CAmount> amounts;
|
|
|
|
|
std::vector<CScript> scriptCodes;
|
2022-01-22 18:37:10 -08:00
|
|
|
std::vector<CTxOut> allPrevOutputs;
|
2022-01-22 15:52:51 -08:00
|
|
|
if (tx.IsCoinBase()) {
|
|
|
|
|
BOOST_CHECK(amountsArr.empty());
|
|
|
|
|
BOOST_CHECK(scriptCodesArr.empty());
|
|
|
|
|
} else {
|
|
|
|
|
BOOST_CHECK_EQUAL(amountsArr.size(), tx.vin.size());
|
|
|
|
|
BOOST_CHECK_EQUAL(scriptCodesArr.size(), tx.vin.size());
|
|
|
|
|
|
|
|
|
|
for (size_t inpIdx = 0; inpIdx < tx.vin.size(); inpIdx++) {
|
|
|
|
|
amounts.push_back(amountsArr[inpIdx].get_int64());
|
|
|
|
|
auto scriptCodeBytes = ParseHex(scriptCodesArr[inpIdx].get_str());
|
|
|
|
|
scriptCodes.push_back(CScript(scriptCodeBytes.begin(), scriptCodeBytes.end()));
|
2022-01-22 18:37:10 -08:00
|
|
|
allPrevOutputs.emplace_back(amounts[inpIdx], scriptCodes[inpIdx]);
|
2022-01-22 15:52:51 -08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-12 08:40:16 -07:00
|
|
|
// ZIP 244: Check the signature digests.
|
|
|
|
|
unsigned int nIn = NOT_AN_INPUT;
|
2022-01-22 15:52:51 -08:00
|
|
|
if (!test[5].isNull()) {
|
|
|
|
|
nIn = test[5].get_int();
|
2021-06-12 08:40:16 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
CScript scriptCode;
|
|
|
|
|
CAmount amount;
|
2022-01-22 15:52:51 -08:00
|
|
|
if (nIn != NOT_AN_INPUT) {
|
|
|
|
|
scriptCode = scriptCodes[nIn];
|
|
|
|
|
amount = amounts[nIn];
|
2021-06-12 08:40:16 -07:00
|
|
|
}
|
|
|
|
|
|
2022-01-22 18:37:10 -08:00
|
|
|
const PrecomputedTransactionData txdata(tx, allPrevOutputs);
|
2022-01-22 14:59:28 -08:00
|
|
|
|
2021-06-12 08:40:16 -07:00
|
|
|
BOOST_CHECK_EQUAL(
|
|
|
|
|
SignatureHash(
|
2022-01-22 15:52:51 -08:00
|
|
|
scriptCode, tx, NOT_AN_INPUT,
|
2021-06-12 08:40:16 -07:00
|
|
|
SIGHASH_ALL,
|
2022-01-22 14:59:28 -08:00
|
|
|
amount, *tx.GetConsensusBranchId(), txdata
|
2021-06-12 08:40:16 -07:00
|
|
|
).GetHex(),
|
|
|
|
|
test[6].getValStr());
|
|
|
|
|
|
|
|
|
|
if (!test[7].isNull()) {
|
|
|
|
|
BOOST_CHECK_EQUAL(
|
|
|
|
|
SignatureHash(
|
|
|
|
|
scriptCode, tx, nIn,
|
2022-01-22 15:52:51 -08:00
|
|
|
SIGHASH_ALL,
|
2022-01-22 14:59:28 -08:00
|
|
|
amount, *tx.GetConsensusBranchId(), txdata
|
2021-06-12 08:40:16 -07:00
|
|
|
).GetHex(),
|
|
|
|
|
test[7].getValStr());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!test[8].isNull()) {
|
|
|
|
|
BOOST_CHECK_EQUAL(
|
|
|
|
|
SignatureHash(
|
|
|
|
|
scriptCode, tx, nIn,
|
2022-01-22 15:52:51 -08:00
|
|
|
SIGHASH_NONE,
|
2022-01-22 14:59:28 -08:00
|
|
|
amount, *tx.GetConsensusBranchId(), txdata
|
2021-06-12 08:40:16 -07:00
|
|
|
).GetHex(),
|
|
|
|
|
test[8].getValStr());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!test[9].isNull()) {
|
|
|
|
|
BOOST_CHECK_EQUAL(
|
|
|
|
|
SignatureHash(
|
|
|
|
|
scriptCode, tx, nIn,
|
2022-01-22 15:52:51 -08:00
|
|
|
SIGHASH_SINGLE,
|
2022-01-22 14:59:28 -08:00
|
|
|
amount, *tx.GetConsensusBranchId(), txdata
|
2021-06-12 08:40:16 -07:00
|
|
|
).GetHex(),
|
|
|
|
|
test[9].getValStr());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!test[10].isNull()) {
|
|
|
|
|
BOOST_CHECK_EQUAL(
|
|
|
|
|
SignatureHash(
|
|
|
|
|
scriptCode, tx, nIn,
|
2022-01-22 15:52:51 -08:00
|
|
|
SIGHASH_ALL | SIGHASH_ANYONECANPAY,
|
2022-01-22 14:59:28 -08:00
|
|
|
amount, *tx.GetConsensusBranchId(), txdata
|
2021-06-12 08:40:16 -07:00
|
|
|
).GetHex(),
|
|
|
|
|
test[10].getValStr());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!test[11].isNull()) {
|
|
|
|
|
BOOST_CHECK_EQUAL(
|
|
|
|
|
SignatureHash(
|
|
|
|
|
scriptCode, tx, nIn,
|
2022-01-22 15:52:51 -08:00
|
|
|
SIGHASH_NONE | SIGHASH_ANYONECANPAY,
|
2022-01-22 14:59:28 -08:00
|
|
|
amount, *tx.GetConsensusBranchId(), txdata
|
2021-06-12 08:40:16 -07:00
|
|
|
).GetHex(),
|
|
|
|
|
test[11].getValStr());
|
|
|
|
|
}
|
2022-01-22 15:52:51 -08:00
|
|
|
|
|
|
|
|
if (!test[12].isNull()) {
|
|
|
|
|
BOOST_CHECK_EQUAL(
|
|
|
|
|
SignatureHash(
|
|
|
|
|
scriptCode, tx, nIn,
|
|
|
|
|
SIGHASH_SINGLE | SIGHASH_ANYONECANPAY,
|
|
|
|
|
amount, *tx.GetConsensusBranchId(), txdata
|
|
|
|
|
).GetHex(),
|
|
|
|
|
test[12].getValStr());
|
|
|
|
|
}
|
2021-06-04 07:06:26 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2011-07-31 11:07:53 -07:00
|
|
|
BOOST_AUTO_TEST_SUITE_END()
|
