Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
Fix mempool DoS vulnerability from malleated transactions #8312
In addition to the problem highlighted in that issue, there's an additional, related problem in the sigops policy check. Because witness sigops are counted without checking that the witness program matches the commitment in the scriptPubKey being spent, it's possible to change a transaction's witness to cause the sigops policy check to fail, without changing the txid.
Similarly, because the bytes-per-sigop check is affected by the size of the transaction including the witness, it's possible to even remove a witness and cause that sigops check to fail, again without changing the txid.
After more investigation, I've concluded that fixing this for segwit is more complicated than the couple of patches here (I will document the issues more fully in #8279). However, to fix this issue for 0.13.0, we can simply move the
We can separately consider the best way to fix these types of issues more generally after branching off for 0.13.
Moves the IsStandard check to happen after the premature-witness check, so that adding a witness to a transaction can't prevent mempool acceptance. Note that this doesn't address the broader category of potential mempool DoS issues that affect transactions after segwit activation.