Check against MANDATORY flags prior to accepting to mempool

Previously transactions were only tested again the STANDARD_SCRIPT_VERIFY_FLAGS prior to mempool acceptance, so any bugs in those flags that allowed actually-invalid transactions to pass would result in allowing invalid transactions into the mempool. Fortunately there is a second check in CreateNewBlock() that would prevent those transactions from being mined, resulting in an invalid block, however this could still be exploited as a DoS attack. Rebased-From: 7c041b3b91
10 years ago · 0cb8763cbb
1 changed files with 15 additions and 0 deletions
--- a/src/main.cpp
+++ b/src/main.cpp
@ -1053,6 +1053,21 @@ bool AcceptToMemoryPool(CTxMemPool& pool, CValidationState &state, const CTransa
        {
            return error("AcceptToMemoryPool: : ConnectInputs failed %s", hash.ToString());
        }
        // Check again against just the consensus-critical mandatory script
        // verification flags, in case of bugs in the standard flags that cause
        // transactions to pass as valid when they're actually invalid. For
        // instance the STRICTENC flag was incorrectly allowing certain
        // CHECKSIG NOT scripts to pass, even though they were invalid.
        //
        // There is a similar check in CreateNewBlock() to prevent creating
        // invalid blocks, however allowing such transactions into the mempool
        // can be exploited as a DoS attack.
        if (!CheckInputs(tx, state, view, true, MANDATORY_SCRIPT_VERIFY_FLAGS, true))
        {
            return error("AcceptToMemoryPool: : BUG! PLEASE REPORT THIS! ConnectInputs failed against MANDATORY but not STANDARD flags %s", hash.ToString());
        }
        // Store transaction in memory
        pool.addUnchecked(hash, entry);
    }