Tighten rules for DSVIN/DSTX (#2897)

UdjinM6 · web-flow · commit c08e76101595 · 2019-05-23T12:13:34.000+03:00
* Tighten rules for dstx

* Tighten rules for dsvin

* NULL -&gt; nullptr

* Make `ConsumeCollateral()` a private function instead of a lamda and reuse it in `Charge*Fees()`

* Make sure inputs and outputs are of the same size

Introduces new response ERR_SIZE_MISMATCH, old clients will simply bail out.

* Drop now redundant vecTxOut.size() check

* Check max inputs size

* Fix log category
diff --git a/src/net_processing.cpp b/src/net_processing.cpp
@@ -2156,6 +2156,10 @@ bool static ProcessMessage(CNode* pfrom, const std::string& strCommand, CDataStr
             }
         } else if (nInvType == MSG_DSTX) {
             uint256 hashTx = tx.GetHash();
+            if (!dstx.IsValidStructure()) {
+                LogPrint(BCLog::PRIVATESEND, "DSTX -- Invalid DSTX structure: %s\n", hashTx.ToString());
+                return false;
+            }
             if(CPrivateSend::GetDSTX(hashTx)) {
                 LogPrint(BCLog::PRIVATESEND, "DSTX -- Already have %s, skipping...\n", hashTx.ToString());
                 return true; // not an error
diff --git a/src/privatesend/privatesend-server.cpp b/src/privatesend/privatesend-server.cpp
@@ -171,15 +171,17 @@ void CPrivateSendServer::ProcessMessage(CNode* pfrom, const std::string& strComm
 
         LogPrint(BCLog::PRIVATESEND, "DSVIN -- txCollateral %s", entry.txCollateral->ToString());
 
-        if (entry.vecTxDSIn.size() > PRIVATESEND_ENTRY_MAX_SIZE) {
-            LogPrintf("DSVIN -- ERROR: too many inputs! %d/%d\n", entry.vecTxDSIn.size(), PRIVATESEND_ENTRY_MAX_SIZE);
-            PushStatus(pfrom, STATUS_REJECTED, ERR_MAXIMUM, connman);
+        if (entry.vecTxDSIn.size() != entry.vecTxOut.size()) {
+            LogPrintf("DSVIN -- ERROR: inputs vs outputs size mismatch! %d vs %d\n", entry.vecTxDSIn.size(), entry.vecTxOut.size());
+            PushStatus(pfrom, STATUS_REJECTED, ERR_SIZE_MISMATCH, connman);
+            ConsumeCollateral(connman, entry.txCollateral);
             return;
         }
 
-        if (entry.vecTxOut.size() > PRIVATESEND_ENTRY_MAX_SIZE) {
-            LogPrintf("DSVIN -- ERROR: too many outputs! %d/%d\n", entry.vecTxOut.size(), PRIVATESEND_ENTRY_MAX_SIZE);
+        if (entry.vecTxDSIn.size() > PRIVATESEND_ENTRY_MAX_SIZE) {
+            LogPrintf("DSVIN -- ERROR: too many inputs! %d/%d\n", entry.vecTxDSIn.size(), PRIVATESEND_ENTRY_MAX_SIZE);
             PushStatus(pfrom, STATUS_REJECTED, ERR_MAXIMUM, connman);
+            ConsumeCollateral(connman, entry.txCollateral);
             return;
         }
 
@@ -204,11 +206,13 @@ void CPrivateSendServer::ProcessMessage(CNode* pfrom, const std::string& strComm
                 if (txout.scriptPubKey.size() != 25) {
                     LogPrintf("DSVIN -- non-standard pubkey detected! scriptPubKey=%s\n", ScriptToAsmStr(txout.scriptPubKey));
                     PushStatus(pfrom, STATUS_REJECTED, ERR_NON_STANDARD_PUBKEY, connman);
+                    ConsumeCollateral(connman, entry.txCollateral);
                     return;
                 }
                 if (!txout.scriptPubKey.IsPayToPublicKeyHash()) {
                     LogPrintf("DSVIN -- invalid script! scriptPubKey=%s\n", ScriptToAsmStr(txout.scriptPubKey));
                     PushStatus(pfrom, STATUS_REJECTED, ERR_INVALID_SCRIPT, connman);
+                    ConsumeCollateral(connman, entry.txCollateral);
                     return;
                 }
             }
@@ -226,8 +230,20 @@ void CPrivateSendServer::ProcessMessage(CNode* pfrom, const std::string& strComm
                         PushStatus(pfrom, STATUS_REJECTED, ERR_MISSING_TX, connman);
                         return;
                     }
+                    if (!CPrivateSend::IsDenominatedAmount(mempoolTx->vout[txin.prevout.n].nValue)) {
+                        LogPrintf("DSVIN -- non-denominated mempool input! txin=%s\n", txin.ToString());
+                        PushStatus(pfrom, STATUS_REJECTED, ERR_DENOM, connman);
+                        ConsumeCollateral(connman, entry.txCollateral);
+                        return;
+                    }
                     nValueIn += mempoolTx->vout[txin.prevout.n].nValue;
                 } else if (GetUTXOCoin(txin.prevout, coin)) {
+                    if (!CPrivateSend::IsDenominatedAmount(coin.out.nValue)) {
+                        LogPrintf("DSVIN -- non-denominated input! txin=%s\n", txin.ToString());
+                        PushStatus(pfrom, STATUS_REJECTED, ERR_DENOM, connman);
+                        ConsumeCollateral(connman, entry.txCollateral);
+                        return;
+                    }
                     nValueIn += coin.out.nValue;
                 } else {
                     LogPrintf("DSVIN -- missing input! txin=%s\n", txin.ToString());
@@ -456,16 +472,7 @@ void CPrivateSendServer::ChargeFees(CConnman& connman)
     if (nState == POOL_STATE_ACCEPTING_ENTRIES || nState == POOL_STATE_SIGNING) {
         LogPrintf("CPrivateSendServer::ChargeFees -- found uncooperative node (didn't %s transaction), charging fees: %s",
             (nState == POOL_STATE_SIGNING) ? "sign" : "send", vecOffendersCollaterals[0]->ToString());
-
-        LOCK(cs_main);
-
-        CValidationState state;
-        if (!AcceptToMemoryPool(mempool, state, vecOffendersCollaterals[0], false, NULL, false, maxTxFee)) {
-            // should never really happen
-            LogPrintf("CPrivateSendServer::ChargeFees -- ERROR: AcceptToMemoryPool failed!\n");
-        } else {
-            connman.RelayTransaction(*vecOffendersCollaterals[0]);
-        }
+        ConsumeCollateral(connman, vecOffendersCollaterals[0]);
     }
 }
 
@@ -485,19 +492,22 @@ void CPrivateSendServer::ChargeRandomFees(CConnman& connman)
 {
     if (!fMasternodeMode) return;
 
-    LOCK(cs_main);
-
     for (const auto& txCollateral : vecSessionCollaterals) {
         if (GetRandInt(100) > 10) return;
         LogPrintf("CPrivateSendServer::ChargeRandomFees -- charging random fees, txCollateral=%s", txCollateral->ToString());
+        ConsumeCollateral(connman, txCollateral);
+    }
+}
 
-        CValidationState state;
-        if (!AcceptToMemoryPool(mempool, state, txCollateral, false, NULL, false, maxTxFee)) {
-            // Can happen if this collateral belongs to some misbehaving participant we punished earlier
-            LogPrintf("CPrivateSendServer::ChargeRandomFees -- ERROR: AcceptToMemoryPool failed!\n");
-        } else {
-            connman.RelayTransaction(*txCollateral);
-        }
+void CPrivateSendServer::ConsumeCollateral(CConnman& connman, const CTransactionRef& txref)
+{
+    LOCK(cs_main);
+    CValidationState validationState;
+    if (!AcceptToMemoryPool(mempool, validationState, txref, false, nullptr)) {
+        LogPrint(BCLog::PRIVATESEND, "%s -- AcceptToMemoryPool failed\n", __func__);
+    } else {
+        connman.RelayTransaction(*txref);
+        LogPrint(BCLog::PRIVATESEND, "%s -- Collateral was consumed\n", __func__);
     }
 }
 
diff --git a/src/privatesend/privatesend-server.h b/src/privatesend/privatesend-server.h
@@ -36,6 +36,8 @@ class CPrivateSendServer : public CPrivateSendBaseSession, public CPrivateSendBa
     void ChargeFees(CConnman& connman);
     /// Rarely charge fees to pay miners
     void ChargeRandomFees(CConnman& connman);
+    /// Consume collateral in cases when peer misbehaved
+    void ConsumeCollateral(CConnman& connman, const CTransactionRef& txref);
 
     /// Check for process
     void CheckPool(CConnman& connman);
diff --git a/src/privatesend/privatesend.cpp b/src/privatesend/privatesend.cpp
@@ -122,6 +122,29 @@ bool CPrivateSendBroadcastTx::IsExpired(int nHeight)
     return (nConfirmedHeight != -1) && (nHeight - nConfirmedHeight > 24);
 }
 
+bool CPrivateSendBroadcastTx::IsValidStructure()
+{
+    // some trivial checks only
+    if (tx->vin.size() != tx->vout.size()) {
+        return false;
+    }
+    if (tx->vin.size() < CPrivateSend::GetMinPoolParticipants()) {
+        return false;
+    }
+    if (tx->vin.size() > CPrivateSend::GetMaxPoolParticipants() * PRIVATESEND_ENTRY_MAX_SIZE) {
+        return false;
+    }
+    for (const auto& out : tx->vout) {
+        if (!CPrivateSend::IsDenominatedAmount(out.nValue)) {
+            return false;
+        }
+        if (!out.scriptPubKey.IsPayToPublicKeyHash()) {
+            return false;
+        }
+    }
+    return true;
+}
+
 void CPrivateSendBaseSession::SetNull()
 {
     // Both sides
@@ -445,6 +468,8 @@ std::string CPrivateSend::GetMessageByID(PoolMessage nMessageID)
         return _("Transaction created successfully.");
     case MSG_ENTRIES_ADDED:
         return _("Your entries added successfully.");
+    case ERR_SIZE_MISMATCH:
+        return _("Inputs vs outputs size mismatch.");
     default:
         return _("Unknown response.");
     }
diff --git a/src/privatesend/privatesend.h b/src/privatesend/privatesend.h
@@ -52,8 +52,9 @@ enum PoolMessage {
     MSG_NOERR,
     MSG_SUCCESS,
     MSG_ENTRIES_ADDED,
+    ERR_SIZE_MISMATCH,
     MSG_POOL_MIN = ERR_ALREADY_HAVE,
-    MSG_POOL_MAX = MSG_ENTRIES_ADDED
+    MSG_POOL_MAX = ERR_SIZE_MISMATCH
 };
 
 // pool states
@@ -310,6 +311,7 @@ class CPrivateSendBroadcastTx
 
     void SetConfirmedHeight(int nConfirmedHeightIn) { nConfirmedHeight = nConfirmedHeightIn; }
     bool IsExpired(int nHeight);
+    bool IsValidStructure();
 };
 
 // base class
