Add NU5 upper bound check on nSpendsSapling, nOutputsSapling, nActionsOrchard

Co-authored-by: Jack Grigg <jack@electriccoin.co> Co-authored-by: Daira Hopwood <daira@jacaranda.org>
2021-06-29 13:52:45 -06:00 · 2021-06-29 13:52:45 -06:00 · 3aae84cc49
parent 53828a38ba
commit 3aae84cc49
2 changed files with 31 additions and 0 deletions
--- a/src/main.cpp
+++ b/src/main.cpp
@ -1069,6 +1069,33 @@ bool ContextualCheckTransaction(
                    REJECT_INVALID, "bad-tx-zip225-version-too-high");
            }
        }
+
+
+        // nSpendsSapling, nOutputsSapling, and nActionsOrchard MUST all be less than 2^16
+        size_t max_elements = (1 << 16) - 1;
+        if (tx.vShieldedSpend.size() > max_elements) {
+            return state.DoS(
+                dosLevelPotentiallyRelaxing,
+                error("ContextualCheckTransaction(): 2^16 or more Sapling spends"),
+                REJECT_INVALID, "bad-tx-too-many-sapling-spends");
+        }
+        if (tx.vShieldedOutput.size() > max_elements) {
+            return state.DoS(
+                dosLevelPotentiallyRelaxing,
+                error("ContextualCheckTransaction(): 2^16 or more Sapling outputs"),
+                REJECT_INVALID, "bad-tx-too-many-sapling-outputs");
+        }
+        if (orchard_bundle.GetNumActions() > max_elements) {
+            return state.DoS(
+                dosLevelPotentiallyRelaxing,
+                error("ContextualCheckTransaction(): 2^16 or more Orchard actions"),
+                REJECT_INVALID, "bad-tx-too-many-orchard-actions");
+        }
+
+        if (tx.IsCoinBase()) {
+            // TODO: Check that Orchard coinbase outputs can be decrypted with the all-zeros OVK
+        }
+
        if (!futureActive) {
            // Reject transactions with invalid version group id
            if (!(tx.nVersionGroupId == SAPLING_VERSION_GROUP_ID || tx.nVersionGroupId == ZIP225_VERSION_GROUP_ID)) {
--- a/src/primitives/orchard.h
+++ b/src/primitives/orchard.h
@ -93,6 +93,10 @@ public:
        batch.Queue(inner.get(), txid.begin());
    }

+    const size_t GetNumActions() const {
+        return orchard_bundle_actions_len(inner.get());
+    }
+
    const std::vector<uint256> GetNullifiers() const {
        size_t actions_len = orchard_bundle_actions_len(inner.get());
        std::vector<uint256> result(actions_len);