Browse Source

Treat non-final transactions as non-standard

At least one service that accepted zero-confirmation transactions
was vulnerable because an attacker could send a transaction
with a lock time far in the future, and then have plenty of time in
which to get a double-spend mined (perhaps from a miner who wasn't
on the network when the first transaction was broadcast).

That is a variation on the "Finney attack". We still don't
recommend anybody accept 0-confirmation transactions as final
payment for anything. This change keeps non-final transactions
from appearing in the wallet, and, assuming most of the network
accepts this change, will prevent them from being relayed until
they are final.
miguelfreitas
Gavin Andresen 12 years ago
parent
commit
6f8730752c
  1. 3
      src/main.cpp

3
src/main.cpp

@ -368,6 +368,9 @@ bool CTransaction::IsStandard() const
if (nVersion > CTransaction::CURRENT_VERSION) if (nVersion > CTransaction::CURRENT_VERSION)
return false; return false;
if (!IsFinal())
return false;
BOOST_FOREACH(const CTxIn& txin, vin) BOOST_FOREACH(const CTxIn& txin, vin)
{ {
// Biggest 'standard' txin is a 3-signature 3-of-3 CHECKMULTISIG // Biggest 'standard' txin is a 3-signature 3-of-3 CHECKMULTISIG

Loading…
Cancel
Save