fix another PoS spam vulnerability

peercoin · Jun 3, 2019 · 6a2476c · 6a2476c
1 parent 85d0598
commit 6a2476c
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 7 deletions.
diff --git a/src/net_processing.cpp b/src/net_processing.cpp
@@ -2371,7 +2371,7 @@ bool static ProcessMessage(CNode* pfrom, const std::string& strCommand, CDataStr
         const CBlockIndex *pindex = nullptr;
         CValidationState state;
 
-        if (!ProcessNewBlockHeaders(pfrom->nPoSTemperature, pfrom->lastAcceptedHeader, {cmpctblock.header}, false, state, chainparams, &pindex)) {
+        if (!ProcessNewBlockHeaders(pfrom->nPoSTemperature, chainActive.Tip()->GetBlockHash(), {cmpctblock.header}, false, state, chainparams, &pindex)) {
             int nDoS;
             if (state.IsInvalid(nDoS)) {
                 if (nDoS > 0) {
@@ -2385,6 +2385,14 @@ bool static ProcessMessage(CNode* pfrom, const std::string& strCommand, CDataStr
             }
         }
 
+        if (pfrom->nPoSTemperature >= (uint32_t)MAX_CONSECUTIVE_POS_HEADERS) {
+            pfrom->nPoSTemperature = (MAX_CONSECUTIVE_POS_HEADERS*3)/4;
+            if (Params().NetworkIDString() != "test") {
+                g_connman->Ban(pfrom->addr, BanReasonNodeMisbehaving, gArgs.GetArg("-bantime", DEFAULT_MISBEHAVING_BANTIME) * 7);
+                return error("too many consecutive pos headers");
+            }
+        }
+
         // When we succeed in decoding a block's txids from a cmpctblock
         // message we typically jump to the BLOCKTXN handling code, with a
         // dummy (empty) BLOCKTXN message, to re-use the logic there in

diff --git a/src/validation.cpp b/src/validation.cpp
@@ -3220,7 +3220,13 @@ bool ProcessNewBlockHeaders(uint32_t& nPoSTemperature, const uint256& lastAccept
     if (first_invalid != nullptr) first_invalid->SetNull();
     {
         LOCK(cs_main);
-        int n = 0;
+
+        int nCooling = POW_HEADER_COOLING;
+        if (headers[0].hashPrevBlock != lastAcceptedHeader) {
+            nPoSTemperature += nCooling;
+            nCooling = 0;
+        }
+
         for (const CBlockHeader& header : headers) {
             CBlockIndex *pindex = nullptr; // Use a temp pindex instead of ppindex to avoid a const_cast
             if (!g_chainstate.AcceptBlockHeader(header, header.nFlags & CBlockIndex::BLOCK_PROOF_OF_STAKE, state, chainparams, &pindex, fOldClient)) {
@@ -3231,12 +3237,8 @@ bool ProcessNewBlockHeaders(uint32_t& nPoSTemperature, const uint256& lastAccept
                 *ppindex = pindex;
             }
             bool fPoS = header.nFlags & CBlockIndex::BLOCK_PROOF_OF_STAKE;
-            nPoSTemperature += fPoS ? 1 : -POW_HEADER_COOLING;
-            // peer cannot cool himself by PoW headers from other branches
-            if (n == 0 && !fPoS && header.hashPrevBlock != lastAcceptedHeader)
-                nPoSTemperature += POW_HEADER_COOLING;
+            nPoSTemperature += fPoS ? 1 : -nCooling;
             nPoSTemperature = std::max((int)nPoSTemperature, 0);
-            n++;
         }
     }
     NotifyHeaderTip();