LCOV - code coverage report
Current view: top level - src/policy - policy.cpp (source / functions) Coverage Total Hit
Test: test_bitcoin_coverage.info Lines: 84.6 % 117 99
Test Date: 2024-11-04 04:45:35 Functions: 100.0 % 9 9
Branches: 60.0 % 140 84

             Branch data     Line data    Source code
       1                 :             : // Copyright (c) 2009-2010 Satoshi Nakamoto
       2                 :             : // Copyright (c) 2009-2022 The Bitcoin Core developers
       3                 :             : // Distributed under the MIT software license, see the accompanying
       4                 :             : // file COPYING or http://www.opensource.org/licenses/mit-license.php.
       5                 :             : 
       6                 :             : // NOTE: This file is intended to be customised by the end user, and includes only local node policy logic
       7                 :             : 
       8                 :             : #include <policy/policy.h>
       9                 :             : 
      10                 :             : #include <coins.h>
      11                 :             : #include <consensus/amount.h>
      12                 :             : #include <consensus/consensus.h>
      13                 :             : #include <consensus/validation.h>
      14                 :             : #include <policy/feerate.h>
      15                 :             : #include <primitives/transaction.h>
      16                 :             : #include <script/interpreter.h>
      17                 :             : #include <script/script.h>
      18                 :             : #include <script/solver.h>
      19                 :             : #include <serialize.h>
      20                 :             : #include <span.h>
      21                 :             : 
      22                 :             : #include <algorithm>
      23                 :             : #include <cstddef>
      24                 :             : #include <vector>
      25                 :             : 
      26                 :         258 : CAmount GetDustThreshold(const CTxOut& txout, const CFeeRate& dustRelayFeeIn)
      27                 :             : {
      28                 :             :     // "Dust" is defined in terms of dustRelayFee,
      29                 :             :     // which has units satoshis-per-kilobyte.
      30                 :             :     // If you'd pay more in fees than the value of the output
      31                 :             :     // to spend something, then we consider it dust.
      32                 :             :     // A typical spendable non-segwit txout is 34 bytes big, and will
      33                 :             :     // need a CTxIn of at least 148 bytes to spend:
      34                 :             :     // so dust is a spendable txout less than
      35                 :             :     // 182*dustRelayFee/1000 (in satoshis).
      36                 :             :     // 546 satoshis at the default rate of 3000 sat/kvB.
      37                 :             :     // A typical spendable segwit P2WPKH txout is 31 bytes big, and will
      38                 :             :     // need a CTxIn of at least 67 bytes to spend:
      39                 :             :     // so dust is a spendable txout less than
      40                 :             :     // 98*dustRelayFee/1000 (in satoshis).
      41                 :             :     // 294 satoshis at the default rate of 3000 sat/kvB.
      42         [ +  - ]:         258 :     if (txout.scriptPubKey.IsUnspendable())
      43                 :             :         return 0;
      44                 :             : 
      45                 :         258 :     size_t nSize = GetSerializeSize(txout);
      46                 :         258 :     int witnessversion = 0;
      47                 :         258 :     std::vector<unsigned char> witnessprogram;
      48                 :             : 
      49                 :             :     // Note this computation is for spending a Segwit v0 P2WPKH output (a 33 bytes
      50                 :             :     // public key + an ECDSA signature). For Segwit v1 Taproot outputs the minimum
      51                 :             :     // satisfaction is lower (a single BIP340 signature) but this computation was
      52                 :             :     // kept to not further reduce the dust level.
      53                 :             :     // See discussion in https://github.com/bitcoin/bitcoin/pull/22779 for details.
      54   [ +  -  +  + ]:         258 :     if (txout.scriptPubKey.IsWitnessProgram(witnessversion, witnessprogram)) {
      55                 :             :         // sum the sizes of the parts of a transaction input
      56                 :             :         // with 75% segwit discount applied to the script size.
      57                 :         154 :         nSize += (32 + 4 + 1 + (107 / WITNESS_SCALE_FACTOR) + 4);
      58                 :             :     } else {
      59                 :         104 :         nSize += (32 + 4 + 1 + 107 + 4); // the 148 mentioned above
      60                 :             :     }
      61                 :             : 
      62         [ +  - ]:         258 :     return dustRelayFeeIn.GetFee(nSize);
      63                 :         258 : }
      64                 :             : 
      65                 :         243 : bool IsDust(const CTxOut& txout, const CFeeRate& dustRelayFeeIn)
      66                 :             : {
      67                 :         243 :     return (txout.nValue < GetDustThreshold(txout, dustRelayFeeIn));
      68                 :             : }
      69                 :             : 
      70                 :         246 : bool IsStandard(const CScript& scriptPubKey, const std::optional<unsigned>& max_datacarrier_bytes, TxoutType& whichType)
      71                 :             : {
      72                 :         246 :     std::vector<std::vector<unsigned char> > vSolutions;
      73         [ +  - ]:         246 :     whichType = Solver(scriptPubKey, vSolutions);
      74                 :             : 
      75         [ +  + ]:         246 :     if (whichType == TxoutType::NONSTANDARD) {
      76                 :             :         return false;
      77         [ +  + ]:         238 :     } else if (whichType == TxoutType::MULTISIG) {
      78         [ +  + ]:          12 :         unsigned char m = vSolutions.front()[0];
      79                 :          12 :         unsigned char n = vSolutions.back()[0];
      80                 :             :         // Support up to x-of-3 multisig txns as standard
      81         [ +  + ]:          12 :         if (n < 1 || n > 3)
      82                 :             :             return false;
      83         [ -  + ]:          11 :         if (m < 1 || m > n)
      84                 :           0 :             return false;
      85         [ +  + ]:         226 :     } else if (whichType == TxoutType::NULL_DATA) {
      86   [ +  -  +  +  :          20 :         if (!max_datacarrier_bytes || scriptPubKey.size() > *max_datacarrier_bytes) {
                   +  + ]
      87                 :           1 :             return false;
      88                 :             :         }
      89                 :             :     }
      90                 :             : 
      91                 :             :     return true;
      92                 :         246 : }
      93                 :             : 
      94                 :         284 : bool IsStandardTx(const CTransaction& tx, const std::optional<unsigned>& max_datacarrier_bytes, bool permit_bare_multisig, const CFeeRate& dust_relay_fee, std::string& reason)
      95                 :             : {
      96         [ +  + ]:         284 :     if (tx.version > TX_MAX_STANDARD_VERSION || tx.version < 1) {
      97                 :           3 :         reason = "version";
      98                 :           3 :         return false;
      99                 :             :     }
     100                 :             : 
     101                 :             :     // Extremely large transactions with lots of inputs can cost the network
     102                 :             :     // almost as much to process as they cost the sender in fees, because
     103                 :             :     // computing signature hashes is O(ninputs*txsize). Limiting transactions
     104                 :             :     // to MAX_STANDARD_TX_WEIGHT mitigates CPU exhaustion attacks.
     105                 :         281 :     unsigned int sz = GetTransactionWeight(tx);
     106         [ +  + ]:         281 :     if (sz > MAX_STANDARD_TX_WEIGHT) {
     107                 :           2 :         reason = "tx-size";
     108                 :           2 :         return false;
     109                 :             :     }
     110                 :             : 
     111         [ +  + ]:        2929 :     for (const CTxIn& txin : tx.vin)
     112                 :             :     {
     113                 :             :         // Biggest 'standard' txin involving only keys is a 15-of-15 P2SH
     114                 :             :         // multisig with compressed keys (remember the MAX_SCRIPT_ELEMENT_SIZE byte limit on
     115                 :             :         // redeemScript size). That works out to a (15*(33+1))+3=513 byte
     116                 :             :         // redeemScript, 513+1+15*(73+1)+3=1627 bytes of scriptSig, which
     117                 :             :         // we round off to 1650(MAX_STANDARD_SCRIPTSIG_SIZE) bytes for
     118                 :             :         // some minor future-proofing. That's also enough to spend a
     119                 :             :         // 20-of-20 CHECKMULTISIG scriptPubKey, though such a scriptPubKey
     120                 :             :         // is not considered standard.
     121   [ +  +  +  + ]:        2716 :         if (txin.scriptSig.size() > MAX_STANDARD_SCRIPTSIG_SIZE) {
     122                 :           1 :             reason = "scriptsig-size";
     123                 :           1 :             return false;
     124                 :             :         }
     125         [ +  + ]:        2715 :         if (!txin.scriptSig.IsPushOnly()) {
     126                 :          65 :             reason = "scriptsig-not-pushonly";
     127                 :          65 :             return false;
     128                 :             :         }
     129                 :             :     }
     130                 :             : 
     131                 :         213 :     unsigned int nDataOut = 0;
     132                 :         213 :     TxoutType whichType;
     133         [ +  + ]:         416 :     for (const CTxOut& txout : tx.vout) {
     134         [ +  + ]:         236 :         if (!::IsStandard(txout.scriptPubKey, max_datacarrier_bytes, whichType)) {
     135                 :           3 :             reason = "scriptpubkey";
     136                 :           3 :             return false;
     137                 :             :         }
     138                 :             : 
     139         [ +  + ]:         233 :         if (whichType == TxoutType::NULL_DATA)
     140                 :          13 :             nDataOut++;
     141   [ +  +  +  + ]:         220 :         else if ((whichType == TxoutType::MULTISIG) && (!permit_bare_multisig)) {
     142                 :           4 :             reason = "bare-multisig";
     143                 :           4 :             return false;
     144         [ +  + ]:         216 :         } else if (IsDust(txout, dust_relay_fee)) {
     145                 :          26 :             reason = "dust";
     146                 :          26 :             return false;
     147                 :             :         }
     148                 :             :     }
     149                 :             : 
     150                 :             :     // only one OP_RETURN txout is permitted
     151         [ +  + ]:         180 :     if (nDataOut > 1) {
     152                 :           3 :         reason = "multi-op-return";
     153                 :           3 :         return false;
     154                 :             :     }
     155                 :             : 
     156                 :             :     return true;
     157                 :             : }
     158                 :             : 
     159                 :             : /**
     160                 :             :  * Check transaction inputs to mitigate two
     161                 :             :  * potential denial-of-service attacks:
     162                 :             :  *
     163                 :             :  * 1. scriptSigs with extra data stuffed into them,
     164                 :             :  *    not consumed by scriptPubKey (or P2SH script)
     165                 :             :  * 2. P2SH scripts with a crazy number of expensive
     166                 :             :  *    CHECKSIG/CHECKMULTISIG operations
     167                 :             :  *
     168                 :             :  * Why bother? To avoid denial-of-service attacks; an attacker
     169                 :             :  * can submit a standard HASH... OP_EQUAL transaction,
     170                 :             :  * which will get accepted into blocks. The redemption
     171                 :             :  * script can be anything; an attacker could use a very
     172                 :             :  * expensive-to-check-upon-redemption script like:
     173                 :             :  *   DUP CHECKSIG DROP ... repeated 100 times... OP_1
     174                 :             :  *
     175                 :             :  * Note that only the non-witness portion of the transaction is checked here.
     176                 :             :  */
     177                 :         121 : bool AreInputsStandard(const CTransaction& tx, const CCoinsViewCache& mapInputs)
     178                 :             : {
     179         [ +  - ]:         121 :     if (tx.IsCoinBase()) {
     180                 :             :         return true; // Coinbases don't use vin normally
     181                 :             :     }
     182                 :             : 
     183         [ +  + ]:         248 :     for (unsigned int i = 0; i < tx.vin.size(); i++) {
     184                 :         129 :         const CTxOut& prev = mapInputs.AccessCoin(tx.vin[i].prevout).out;
     185                 :             : 
     186                 :         129 :         std::vector<std::vector<unsigned char> > vSolutions;
     187         [ +  - ]:         129 :         TxoutType whichType = Solver(prev.scriptPubKey, vSolutions);
     188         [ +  - ]:         129 :         if (whichType == TxoutType::NONSTANDARD || whichType == TxoutType::WITNESS_UNKNOWN) {
     189                 :             :             // WITNESS_UNKNOWN failures are typically also caught with a policy
     190                 :             :             // flag in the script interpreter, but it can be helpful to catch
     191                 :             :             // this type of NONSTANDARD transaction earlier in transaction
     192                 :             :             // validation.
     193                 :             :             return false;
     194         [ +  + ]:         129 :         } else if (whichType == TxoutType::SCRIPTHASH) {
     195                 :           5 :             std::vector<std::vector<unsigned char> > stack;
     196                 :             :             // convert the scriptSig into a stack, so we can inspect the redeemScript
     197   [ +  -  +  - ]:           5 :             if (!EvalScript(stack, tx.vin[i].scriptSig, SCRIPT_VERIFY_NONE, BaseSignatureChecker(), SigVersion::BASE))
     198                 :             :                 return false;
     199         [ +  - ]:           5 :             if (stack.empty())
     200                 :             :                 return false;
     201                 :           5 :             CScript subscript(stack.back().begin(), stack.back().end());
     202   [ +  -  +  + ]:           5 :             if (subscript.GetSigOpCount(true) > MAX_P2SH_SIGOPS) {
     203                 :           2 :                 return false;
     204                 :             :             }
     205                 :           5 :         }
     206                 :         129 :     }
     207                 :             : 
     208                 :             :     return true;
     209                 :             : }
     210                 :             : 
     211                 :          80 : bool IsWitnessStandard(const CTransaction& tx, const CCoinsViewCache& mapInputs)
     212                 :             : {
     213         [ +  - ]:          80 :     if (tx.IsCoinBase())
     214                 :             :         return true; // Coinbases are skipped
     215                 :             : 
     216         [ +  + ]:         161 :     for (unsigned int i = 0; i < tx.vin.size(); i++)
     217                 :             :     {
     218                 :             :         // We don't care if witness for this input is empty, since it must not be bloated.
     219                 :             :         // If the script is invalid without witness, it would be caught sooner or later during validation.
     220         [ -  + ]:          82 :         if (tx.vin[i].scriptWitness.IsNull())
     221                 :           0 :             continue;
     222                 :             : 
     223                 :          82 :         const CTxOut &prev = mapInputs.AccessCoin(tx.vin[i].prevout).out;
     224                 :             : 
     225                 :             :         // get the scriptPubKey corresponding to this input:
     226                 :          82 :         CScript prevScript = prev.scriptPubKey;
     227                 :             : 
     228                 :             :         // witness stuffing detected
     229   [ +  -  +  - ]:          82 :         if (prevScript.IsPayToAnchor()) {
     230                 :             :             return false;
     231                 :             :         }
     232                 :             : 
     233                 :          82 :         bool p2sh = false;
     234   [ +  -  -  + ]:          82 :         if (prevScript.IsPayToScriptHash()) {
     235                 :           0 :             std::vector <std::vector<unsigned char> > stack;
     236                 :             :             // If the scriptPubKey is P2SH, we try to extract the redeemScript casually by converting the scriptSig
     237                 :             :             // into a stack. We do not check IsPushOnly nor compare the hash as these will be done later anyway.
     238                 :             :             // If the check fails at this stage, we know that this txid must be a bad one.
     239   [ #  #  #  # ]:           0 :             if (!EvalScript(stack, tx.vin[i].scriptSig, SCRIPT_VERIFY_NONE, BaseSignatureChecker(), SigVersion::BASE))
     240                 :             :                 return false;
     241         [ #  # ]:           0 :             if (stack.empty())
     242                 :             :                 return false;
     243                 :           0 :             prevScript = CScript(stack.back().begin(), stack.back().end());
     244                 :           0 :             p2sh = true;
     245                 :           0 :         }
     246                 :             : 
     247                 :          82 :         int witnessversion = 0;
     248                 :          82 :         std::vector<unsigned char> witnessprogram;
     249                 :             : 
     250                 :             :         // Non-witness program must not be associated with any witness
     251   [ +  -  +  + ]:          82 :         if (!prevScript.IsWitnessProgram(witnessversion, witnessprogram))
     252                 :             :             return false;
     253                 :             : 
     254                 :             :         // Check P2WSH standard limits
     255   [ +  -  +  + ]:          81 :         if (witnessversion == 0 && witnessprogram.size() == WITNESS_V0_SCRIPTHASH_SIZE) {
     256         [ +  - ]:          71 :             if (tx.vin[i].scriptWitness.stack.back().size() > MAX_STANDARD_P2WSH_SCRIPT_SIZE)
     257                 :             :                 return false;
     258         [ +  - ]:          71 :             size_t sizeWitnessStack = tx.vin[i].scriptWitness.stack.size() - 1;
     259         [ +  - ]:          71 :             if (sizeWitnessStack > MAX_STANDARD_P2WSH_STACK_ITEMS)
     260                 :             :                 return false;
     261         [ +  + ]:          73 :             for (unsigned int j = 0; j < sizeWitnessStack; j++) {
     262         [ +  - ]:           2 :                 if (tx.vin[i].scriptWitness.stack[j].size() > MAX_STANDARD_P2WSH_STACK_ITEM_SIZE)
     263                 :             :                     return false;
     264                 :             :             }
     265                 :             :         }
     266                 :             : 
     267                 :             :         // Check policy limits for Taproot spends:
     268                 :             :         // - MAX_STANDARD_TAPSCRIPT_STACK_ITEM_SIZE limit for stack item size
     269                 :             :         // - No annexes
     270   [ -  +  -  -  :          81 :         if (witnessversion == 1 && witnessprogram.size() == WITNESS_V1_TAPROOT_SIZE && !p2sh) {
                   -  - ]
     271                 :             :             // Taproot spend (non-P2SH-wrapped, version 1, witness program size 32; see BIP 341)
     272         [ #  # ]:           0 :             Span stack{tx.vin[i].scriptWitness.stack};
     273   [ #  #  #  #  :           0 :             if (stack.size() >= 2 && !stack.back().empty() && stack.back()[0] == ANNEX_TAG) {
                   #  # ]
     274                 :             :                 // Annexes are nonstandard as long as no semantics are defined for them.
     275                 :             :                 return false;
     276                 :             :             }
     277         [ #  # ]:           0 :             if (stack.size() >= 2) {
     278                 :             :                 // Script path spend (2 or more stack elements after removing optional annex)
     279                 :           0 :                 const auto& control_block = SpanPopBack(stack);
     280                 :           0 :                 SpanPopBack(stack); // Ignore script
     281         [ #  # ]:           0 :                 if (control_block.empty()) return false; // Empty control block is invalid
     282         [ #  # ]:           0 :                 if ((control_block[0] & TAPROOT_LEAF_MASK) == TAPROOT_LEAF_TAPSCRIPT) {
     283                 :             :                     // Leaf version 0xc0 (aka Tapscript, see BIP 342)
     284         [ #  # ]:           0 :                     for (const auto& item : stack) {
     285         [ #  # ]:           0 :                         if (item.size() > MAX_STANDARD_TAPSCRIPT_STACK_ITEM_SIZE) return false;
     286                 :             :                     }
     287                 :             :                 }
     288         [ #  # ]:           0 :             } else if (stack.size() == 1) {
     289                 :             :                 // Key path spend (1 stack element after removing optional annex)
     290                 :             :                 // (no policy rules apply)
     291                 :             :             } else {
     292                 :             :                 // 0 stack elements; this is already invalid by consensus rules
     293                 :             :                 return false;
     294                 :             :             }
     295                 :             :         }
     296                 :          83 :     }
     297                 :             :     return true;
     298                 :             : }
     299                 :             : 
     300                 :    80142372 : int64_t GetVirtualTransactionSize(int64_t nWeight, int64_t nSigOpCost, unsigned int bytes_per_sigop)
     301                 :             : {
     302         [ +  + ]:    80142372 :     return (std::max(nWeight, nSigOpCost * bytes_per_sigop) + WITNESS_SCALE_FACTOR - 1) / WITNESS_SCALE_FACTOR;
     303                 :             : }
     304                 :             : 
     305                 :       24674 : int64_t GetVirtualTransactionSize(const CTransaction& tx, int64_t nSigOpCost, unsigned int bytes_per_sigop)
     306                 :             : {
     307                 :       24674 :     return GetVirtualTransactionSize(GetTransactionWeight(tx), nSigOpCost, bytes_per_sigop);
     308                 :             : }
     309                 :             : 
     310                 :           2 : int64_t GetVirtualTransactionInputSize(const CTxIn& txin, int64_t nSigOpCost, unsigned int bytes_per_sigop)
     311                 :             : {
     312                 :           2 :     return GetVirtualTransactionSize(GetTransactionInputWeight(txin), nSigOpCost, bytes_per_sigop);
     313                 :             : }
        

Generated by: LCOV version 2.0-1