PIVX Core  5.6.99
P2P Digital Currency
interpreter.cpp
Go to the documentation of this file.
1 // Copyright (c) 2009-2010 Satoshi Nakamoto
2 // Copyright (c) 2009-2014 The Bitcoin developers
3 // Copyright (c) 2017-2021 The PIVX Core developers
4 // Distributed under the MIT software license, see the accompanying
5 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
6 
7 #include "interpreter.h"
8 
9 #include "consensus/upgrades.h"
10 #include "crypto/ripemd160.h"
11 #include "crypto/sha1.h"
12 #include "crypto/sha256.h"
13 #include "pubkey.h"
14 #include "script/script.h"
15 
16 
17 typedef std::vector<unsigned char> valtype;
18 
19 namespace {
20 
21 inline bool set_success(ScriptError* ret)
22 {
23  if (ret)
24  *ret = SCRIPT_ERR_OK;
25  return true;
26 }
27 
28 inline bool set_error(ScriptError* ret, const ScriptError serror)
29 {
30  if (ret)
31  *ret = serror;
32  return false;
33 }
34 
35 } // anon namespace
36 
37 bool CastToBool(const valtype& vch)
38 {
39  for (unsigned int i = 0; i < vch.size(); i++)
40  {
41  if (vch[i] != 0)
42  {
43  // Can be negative zero
44  if (i == vch.size()-1 && vch[i] == 0x80)
45  return false;
46  return true;
47  }
48  }
49  return false;
50 }
51 
56 #define stacktop(i) (stack.at(stack.size()+(i)))
57 #define altstacktop(i) (altstack.at(altstack.size()+(i)))
58 static inline void popstack(std::vector<valtype>& stack)
59 {
60  if (stack.empty())
61  throw std::runtime_error("popstack() : stack empty");
62  stack.pop_back();
63 }
64 
65 bool static IsCompressedOrUncompressedPubKey(const valtype &vchPubKey) {
66  if (vchPubKey.size() < CPubKey::COMPRESSED_PUBLIC_KEY_SIZE) {
67  // Non-canonical public key: too short
68  return false;
69  }
70  if (vchPubKey[0] == 0x04) {
71  if (vchPubKey.size() != CPubKey::PUBLIC_KEY_SIZE) {
72  // Non-canonical public key: invalid length for uncompressed key
73  return false;
74  }
75  } else if (vchPubKey[0] == 0x02 || vchPubKey[0] == 0x03) {
76  if (vchPubKey.size() != CPubKey::COMPRESSED_PUBLIC_KEY_SIZE) {
77  // Non-canonical public key: invalid length for compressed key
78  return false;
79  }
80  } else {
81  // Non-canonical public key: neither compressed nor uncompressed
82  return false;
83  }
84  return true;
85 }
86 
97 bool static IsValidSignatureEncoding(const std::vector<unsigned char> &sig) {
98  // Format: 0x30 [total-length] 0x02 [R-length] [R] 0x02 [S-length] [S] [sighash]
99  // * total-length: 1-byte length descriptor of everything that follows,
100  // excluding the sighash byte.
101  // * R-length: 1-byte length descriptor of the R value that follows.
102  // * R: arbitrary-length big-endian encoded R value. It must use the shortest
103  // possible encoding for a positive integers (which means no null bytes at
104  // the start, except a single one when the next byte has its highest bit set).
105  // * S-length: 1-byte length descriptor of the S value that follows.
106  // * S: arbitrary-length big-endian encoded S value. The same rules apply.
107  // * sighash: 1-byte value indicating what data is hashed (not part of the DER
108  // signature)
109 
110  // Minimum and maximum size constraints.
111  if (sig.size() < 9) return false;
112  if (sig.size() > 73) return false;
113 
114  // A signature is of type 0x30 (compound).
115  if (sig[0] != 0x30) return false;
116 
117  // Make sure the length covers the entire signature.
118  if (sig[1] != sig.size() - 3) return false;
119 
120  // Extract the length of the R element.
121  unsigned int lenR = sig[3];
122 
123  // Make sure the length of the S element is still inside the signature.
124  if (5 + lenR >= sig.size()) return false;
125 
126  // Extract the length of the S element.
127  unsigned int lenS = sig[5 + lenR];
128 
129  // Verify that the length of the signature matches the sum of the length
130  // of the elements.
131  if ((size_t)(lenR + lenS + 7) != sig.size()) return false;
132 
133  // Check whether the R element is an integer.
134  if (sig[2] != 0x02) return false;
135 
136  // Zero-length integers are not allowed for R.
137  if (lenR == 0) return false;
138 
139  // Negative numbers are not allowed for R.
140  if (sig[4] & 0x80) return false;
141 
142  // Null bytes at the start of R are not allowed, unless R would
143  // otherwise be interpreted as a negative number.
144  if (lenR > 1 && (sig[4] == 0x00) && !(sig[5] & 0x80)) return false;
145 
146  // Check whether the S element is an integer.
147  if (sig[lenR + 4] != 0x02) return false;
148 
149  // Zero-length integers are not allowed for S.
150  if (lenS == 0) return false;
151 
152  // Negative numbers are not allowed for S.
153  if (sig[lenR + 6] & 0x80) return false;
154 
155  // Null bytes at the start of S are not allowed, unless S would otherwise be
156  // interpreted as a negative number.
157  if (lenS > 1 && (sig[lenR + 6] == 0x00) && !(sig[lenR + 7] & 0x80)) return false;
158 
159  return true;
160 }
161 
162 bool static IsLowDERSignature(const valtype &vchSig, ScriptError* serror) {
163  if (!IsValidSignatureEncoding(vchSig)) {
164  return set_error(serror, SCRIPT_ERR_SIG_DER);
165  }
166  // https://bitcoin.stackexchange.com/a/12556:
167  // Also note that inside transaction signatures, an extra hashtype byte
168  // follows the actual signature data.
169  std::vector<unsigned char> vchSigCopy(vchSig.begin(), vchSig.begin() + vchSig.size() - 1);
170  // If the S value is above the order of the curve divided by two, its
171  // complement modulo the order could have been used instead, which is
172  // one byte shorter when encoded correctly.
173  if (!CPubKey::CheckLowS(vchSigCopy))
174  return set_error(serror, SCRIPT_ERR_SIG_HIGH_S);
175 
176  return true;
177 }
178 
179 bool static IsDefinedHashtypeSignature(const valtype &vchSig) {
180  if (vchSig.size() == 0) {
181  return false;
182  }
183  unsigned char nHashType = vchSig[vchSig.size() - 1] & (~(SIGHASH_ANYONECANPAY));
184  if (nHashType < SIGHASH_ALL || nHashType > SIGHASH_SINGLE)
185  return false;
186 
187  return true;
188 }
189 
190 bool CheckSignatureEncoding(const std::vector<unsigned char> &vchSig, unsigned int flags, ScriptError* serror) {
191  // Empty signature. Not strictly DER encoded, but allowed to provide a
192  // compact way to provide an invalid signature for use with CHECK(MULTI)SIG
193  if (vchSig.size() == 0) {
194  return true;
195  }
196  if ((flags & (SCRIPT_VERIFY_DERSIG | SCRIPT_VERIFY_LOW_S | SCRIPT_VERIFY_STRICTENC)) != 0 && !IsValidSignatureEncoding(vchSig)) {
197  return set_error(serror, SCRIPT_ERR_SIG_DER);
198  } else if ((flags & SCRIPT_VERIFY_LOW_S) != 0 && !IsLowDERSignature(vchSig, serror)) {
199  // serror is set
200  return false;
201  } else if ((flags & SCRIPT_VERIFY_STRICTENC) != 0 && !IsDefinedHashtypeSignature(vchSig)) {
202  return set_error(serror, SCRIPT_ERR_SIG_HASHTYPE);
203  }
204  return true;
205 }
206 
207 bool static CheckPubKeyEncoding(const valtype &vchSig, unsigned int flags, ScriptError* serror) {
208  if ((flags & SCRIPT_VERIFY_STRICTENC) != 0 && !IsCompressedOrUncompressedPubKey(vchSig)) {
209  return set_error(serror, SCRIPT_ERR_PUBKEYTYPE);
210  }
211  return true;
212 }
213 
214 bool static CheckMinimalPush(const valtype& data, opcodetype opcode) {
215  if (data.size() == 0) {
216  // Could have used OP_0.
217  return opcode == OP_0;
218  } else if (data.size() == 1 && data[0] >= 1 && data[0] <= 16) {
219  // Could have used OP_1 .. OP_16.
220  return opcode == OP_1 + (data[0] - 1);
221  } else if (data.size() == 1 && data[0] == 0x81) {
222  // Could have used OP_1NEGATE.
223  return opcode == OP_1NEGATE;
224  } else if (data.size() <= 75) {
225  // Could have used a direct push (opcode indicating number of bytes pushed + those bytes).
226  return opcode == data.size();
227  } else if (data.size() <= 255) {
228  // Could have used OP_PUSHDATA.
229  return opcode == OP_PUSHDATA1;
230  } else if (data.size() <= 65535) {
231  // Could have used OP_PUSHDATA2.
232  return opcode == OP_PUSHDATA2;
233  }
234  return true;
235 }
236 
237 bool EvalScript(std::vector<std::vector<unsigned char> >& stack, const CScript& script, unsigned int flags, const BaseSignatureChecker& checker, SigVersion sigversion, ScriptError* serror)
238 {
239  static const CScriptNum bnZero(0);
240  static const CScriptNum bnOne(1);
241  static const valtype vchFalse(0);
242  static const valtype vchTrue(1, 1);
243 
244  CScript::const_iterator pc = script.begin();
245  CScript::const_iterator pend = script.end();
246  CScript::const_iterator pbegincodehash = script.begin();
247  opcodetype opcode;
248  valtype vchPushValue;
249  std::vector<bool> vfExec;
250  std::vector<valtype> altstack;
251  set_error(serror, SCRIPT_ERR_UNKNOWN_ERROR);
252  if (script.size() > MAX_SCRIPT_SIZE)
253  return set_error(serror, SCRIPT_ERR_SCRIPT_SIZE);
254  int nOpCount = 0;
255  bool fRequireMinimal = (flags & SCRIPT_VERIFY_MINIMALDATA) != 0;
256 
257  try
258  {
259  while (pc < pend)
260  {
261  bool fExec = !count(vfExec.begin(), vfExec.end(), false);
262 
263  //
264  // Read instruction
265  //
266  if (!script.GetOp(pc, opcode, vchPushValue))
267  return set_error(serror, SCRIPT_ERR_BAD_OPCODE);
268  if (vchPushValue.size() > MAX_SCRIPT_ELEMENT_SIZE)
269  return set_error(serror, SCRIPT_ERR_PUSH_SIZE);
270 
271  // Note how OP_RESERVED does not count towards the opcode limit.
272  if (opcode > OP_16 && ++nOpCount > 201)
273  return set_error(serror, SCRIPT_ERR_OP_COUNT);
274 
275  if (opcode == OP_CAT ||
276  opcode == OP_SUBSTR ||
277  opcode == OP_LEFT ||
278  opcode == OP_RIGHT ||
279  opcode == OP_INVERT ||
280  opcode == OP_AND ||
281  opcode == OP_OR ||
282  opcode == OP_XOR ||
283  opcode == OP_2MUL ||
284  opcode == OP_2DIV ||
285  opcode == OP_MUL ||
286  opcode == OP_DIV ||
287  opcode == OP_MOD ||
288  opcode == OP_LSHIFT ||
289  opcode == OP_RSHIFT)
290  return set_error(serror, SCRIPT_ERR_DISABLED_OPCODE); // Disabled opcodes.
291 
292  if (fExec && 0 <= opcode && opcode <= OP_PUSHDATA4) {
293  if (fRequireMinimal && !CheckMinimalPush(vchPushValue, opcode)) {
294  return set_error(serror, SCRIPT_ERR_MINIMALDATA);
295  }
296  stack.push_back(vchPushValue);
297  } else if (fExec || (OP_IF <= opcode && opcode <= OP_ENDIF))
298  switch (opcode)
299  {
300  //
301  // Push value
302  //
303  case OP_1NEGATE:
304  case OP_1:
305  case OP_2:
306  case OP_3:
307  case OP_4:
308  case OP_5:
309  case OP_6:
310  case OP_7:
311  case OP_8:
312  case OP_9:
313  case OP_10:
314  case OP_11:
315  case OP_12:
316  case OP_13:
317  case OP_14:
318  case OP_15:
319  case OP_16:
320  {
321  // ( -- value)
322  CScriptNum bn((int)opcode - (int)(OP_1 - 1));
323  stack.push_back(bn.getvch());
324  // The result of these opcodes should always be the minimal way to push the data
325  // they push, so no need for a CheckMinimalPush here.
326  }
327  break;
328 
329 
330  //
331  // Control
332  //
333  case OP_NOP:
334  break;
335 
336  case OP_EXCHANGEADDR:
337  // Not enabled, treat as OP_UNKNOWN
338  if (!(flags & SCRIPT_VERIFY_EXCHANGEADDR)) {
339  return set_error(serror, SCRIPT_ERR_BAD_OPCODE);
340  }
341  if (!script.IsPayToExchangeAddress())
342  return set_error(serror, SCRIPT_ERR_EXCHANGEADDRVERIFY);
343  break;
344 
345  case OP_CHECKLOCKTIMEVERIFY:
346  {
347  if (!(flags & SCRIPT_VERIFY_CHECKLOCKTIMEVERIFY)) {
348  // not enabled; treat as a NOP2
349  if (flags & SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_NOPS) {
350  return set_error(serror, SCRIPT_ERR_DISCOURAGE_UPGRADABLE_NOPS);
351  }
352  break;
353  }
354 
355  if (stack.size() < 1)
356  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
357 
358  // CLTV will only be verified if it is a supermajority.
359  // Otherwise it will be ignored and transaction will be treated as normal.
360 
361  // Note that elsewhere numeric opcodes are limited to
362  // operands in the range -2**31+1 to 2**31-1, however it is
363  // legal for opcodes to produce results exceeding that
364  // range. This limitation is implemented by CScriptNum's
365  // default 4-byte limit.
366  //
367  // If we kept to that limit we'd have a year 2038 problem,
368  // even though the nLockTime field in transactions
369  // themselves is uint32 which only becomes meaningless
370  // after the year 2106.
371  //
372  // Thus as a special case we tell CScriptNum to accept up
373  // to 5-byte bignums, which are good until 2**39-1, well
374  // beyond the 2**32-1 limit of the nLockTime field itself.
375  const CScriptNum nLockTime(stacktop(-1), fRequireMinimal, 5);
376 
377  // In the rare event that the argument may be < 0 due to
378  // some arithmetic being done first, you can always use
379  // 0 MAX CHECKLOCKTIMEVERIFY.
380  if (nLockTime < 0)
381  return set_error(serror, SCRIPT_ERR_NEGATIVE_LOCKTIME);
382 
383  // Actually compare the specified lock time with the transaction.
384  if (!checker.CheckLockTime(nLockTime))
385  return set_error(serror, SCRIPT_ERR_UNSATISFIED_LOCKTIME);
386 
387  break;
388  }
389 
390  case OP_NOP1: case OP_NOP3: case OP_NOP4: case OP_NOP5:
391  case OP_NOP6: case OP_NOP7: case OP_NOP8: case OP_NOP9: case OP_NOP10:
392  {
393  if (flags & SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_NOPS)
394  return set_error(serror, SCRIPT_ERR_DISCOURAGE_UPGRADABLE_NOPS);
395  }
396  break;
397 
398  case OP_IF:
399  case OP_NOTIF:
400  {
401  // <expression> if [statements] [else [statements]] endif
402  bool fValue = false;
403  if (fExec)
404  {
405  if (stack.size() < 1)
406  return set_error(serror, SCRIPT_ERR_UNBALANCED_CONDITIONAL);
407  valtype& vch = stacktop(-1);
408  fValue = CastToBool(vch);
409  if (opcode == OP_NOTIF)
410  fValue = !fValue;
411  popstack(stack);
412  }
413  vfExec.push_back(fValue);
414  }
415  break;
416 
417  case OP_ELSE:
418  {
419  if (vfExec.empty())
420  return set_error(serror, SCRIPT_ERR_UNBALANCED_CONDITIONAL);
421  vfExec.back() = !vfExec.back();
422  }
423  break;
424 
425  case OP_ENDIF:
426  {
427  if (vfExec.empty())
428  return set_error(serror, SCRIPT_ERR_UNBALANCED_CONDITIONAL);
429  vfExec.pop_back();
430  }
431  break;
432 
433  case OP_VERIFY:
434  {
435  // (true -- ) or
436  // (false -- false) and return
437  if (stack.size() < 1)
438  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
439  bool fValue = CastToBool(stacktop(-1));
440  if (fValue)
441  popstack(stack);
442  else
443  return set_error(serror, SCRIPT_ERR_VERIFY);
444  }
445  break;
446 
447  case OP_RETURN:
448  {
449  return set_error(serror, SCRIPT_ERR_OP_RETURN);
450  }
451  break;
452 
453 
454  //
455  // Stack ops
456  //
457  case OP_TOALTSTACK:
458  {
459  if (stack.size() < 1)
460  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
461  altstack.push_back(stacktop(-1));
462  popstack(stack);
463  }
464  break;
465 
466  case OP_FROMALTSTACK:
467  {
468  if (altstack.size() < 1)
469  return set_error(serror, SCRIPT_ERR_INVALID_ALTSTACK_OPERATION);
470  stack.push_back(altstacktop(-1));
471  popstack(altstack);
472  }
473  break;
474 
475  case OP_2DROP:
476  {
477  // (x1 x2 -- )
478  if (stack.size() < 2)
479  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
480  popstack(stack);
481  popstack(stack);
482  }
483  break;
484 
485  case OP_2DUP:
486  {
487  // (x1 x2 -- x1 x2 x1 x2)
488  if (stack.size() < 2)
489  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
490  valtype vch1 = stacktop(-2);
491  valtype vch2 = stacktop(-1);
492  stack.push_back(vch1);
493  stack.push_back(vch2);
494  }
495  break;
496 
497  case OP_3DUP:
498  {
499  // (x1 x2 x3 -- x1 x2 x3 x1 x2 x3)
500  if (stack.size() < 3)
501  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
502  valtype vch1 = stacktop(-3);
503  valtype vch2 = stacktop(-2);
504  valtype vch3 = stacktop(-1);
505  stack.push_back(vch1);
506  stack.push_back(vch2);
507  stack.push_back(vch3);
508  }
509  break;
510 
511  case OP_2OVER:
512  {
513  // (x1 x2 x3 x4 -- x1 x2 x3 x4 x1 x2)
514  if (stack.size() < 4)
515  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
516  valtype vch1 = stacktop(-4);
517  valtype vch2 = stacktop(-3);
518  stack.push_back(vch1);
519  stack.push_back(vch2);
520  }
521  break;
522 
523  case OP_2ROT:
524  {
525  // (x1 x2 x3 x4 x5 x6 -- x3 x4 x5 x6 x1 x2)
526  if (stack.size() < 6)
527  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
528  valtype vch1 = stacktop(-6);
529  valtype vch2 = stacktop(-5);
530  stack.erase(stack.end()-6, stack.end()-4);
531  stack.push_back(vch1);
532  stack.push_back(vch2);
533  }
534  break;
535 
536  case OP_2SWAP:
537  {
538  // (x1 x2 x3 x4 -- x3 x4 x1 x2)
539  if (stack.size() < 4)
540  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
541  swap(stacktop(-4), stacktop(-2));
542  swap(stacktop(-3), stacktop(-1));
543  }
544  break;
545 
546  case OP_IFDUP:
547  {
548  // (x - 0 | x x)
549  if (stack.size() < 1)
550  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
551  valtype vch = stacktop(-1);
552  if (CastToBool(vch))
553  stack.push_back(vch);
554  }
555  break;
556 
557  case OP_DEPTH:
558  {
559  // -- stacksize
560  CScriptNum bn(stack.size());
561  stack.push_back(bn.getvch());
562  }
563  break;
564 
565  case OP_DROP:
566  {
567  // (x -- )
568  if (stack.size() < 1)
569  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
570  popstack(stack);
571  }
572  break;
573 
574  case OP_DUP:
575  {
576  // (x -- x x)
577  if (stack.size() < 1)
578  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
579  valtype vch = stacktop(-1);
580  stack.push_back(vch);
581  }
582  break;
583 
584  case OP_NIP:
585  {
586  // (x1 x2 -- x2)
587  if (stack.size() < 2)
588  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
589  stack.erase(stack.end() - 2);
590  }
591  break;
592 
593  case OP_OVER:
594  {
595  // (x1 x2 -- x1 x2 x1)
596  if (stack.size() < 2)
597  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
598  valtype vch = stacktop(-2);
599  stack.push_back(vch);
600  }
601  break;
602 
603  case OP_PICK:
604  case OP_ROLL:
605  {
606  // (xn ... x2 x1 x0 n - xn ... x2 x1 x0 xn)
607  // (xn ... x2 x1 x0 n - ... x2 x1 x0 xn)
608  if (stack.size() < 2)
609  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
610  int n = CScriptNum(stacktop(-1), fRequireMinimal).getint();
611  popstack(stack);
612  if (n < 0 || n >= (int)stack.size())
613  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
614  valtype vch = stacktop(-n-1);
615  if (opcode == OP_ROLL)
616  stack.erase(stack.end()-n-1);
617  stack.push_back(vch);
618  }
619  break;
620 
621  case OP_ROT:
622  {
623  // (x1 x2 x3 -- x2 x3 x1)
624  // x2 x1 x3 after first swap
625  // x2 x3 x1 after second swap
626  if (stack.size() < 3)
627  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
628  swap(stacktop(-3), stacktop(-2));
629  swap(stacktop(-2), stacktop(-1));
630  }
631  break;
632 
633  case OP_SWAP:
634  {
635  // (x1 x2 -- x2 x1)
636  if (stack.size() < 2)
637  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
638  swap(stacktop(-2), stacktop(-1));
639  }
640  break;
641 
642  case OP_TUCK:
643  {
644  // (x1 x2 -- x2 x1 x2)
645  if (stack.size() < 2)
646  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
647  valtype vch = stacktop(-1);
648  stack.insert(stack.end()-2, vch);
649  }
650  break;
651 
652 
653  case OP_SIZE:
654  {
655  // (in -- in size)
656  if (stack.size() < 1)
657  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
658  CScriptNum bn(stacktop(-1).size());
659  stack.push_back(bn.getvch());
660  }
661  break;
662 
663 
664  //
665  // Bitwise logic
666  //
667  case OP_EQUAL:
668  case OP_EQUALVERIFY:
669  //case OP_NOTEQUAL: // use OP_NUMNOTEQUAL
670  {
671  // (x1 x2 - bool)
672  if (stack.size() < 2)
673  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
674  valtype& vch1 = stacktop(-2);
675  valtype& vch2 = stacktop(-1);
676  bool fEqual = (vch1 == vch2);
677  // OP_NOTEQUAL is disabled because it would be too easy to say
678  // something like n != 1 and have some wiseguy pass in 1 with extra
679  // zero bytes after it (numerically, 0x01 == 0x0001 == 0x000001)
680  //if (opcode == OP_NOTEQUAL)
681  // fEqual = !fEqual;
682  popstack(stack);
683  popstack(stack);
684  stack.push_back(fEqual ? vchTrue : vchFalse);
685  if (opcode == OP_EQUALVERIFY)
686  {
687  if (fEqual)
688  popstack(stack);
689  else
690  return set_error(serror, SCRIPT_ERR_EQUALVERIFY);
691  }
692  }
693  break;
694 
695 
696  //
697  // Numeric
698  //
699  case OP_1ADD:
700  case OP_1SUB:
701  case OP_NEGATE:
702  case OP_ABS:
703  case OP_NOT:
704  case OP_0NOTEQUAL:
705  {
706  // (in -- out)
707  if (stack.size() < 1)
708  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
709  CScriptNum bn(stacktop(-1), fRequireMinimal);
710  switch (opcode)
711  {
712  case OP_1ADD: bn += bnOne; break;
713  case OP_1SUB: bn -= bnOne; break;
714  case OP_NEGATE: bn = -bn; break;
715  case OP_ABS: if (bn < bnZero) bn = -bn; break;
716  case OP_NOT: bn = (bn == bnZero); break;
717  case OP_0NOTEQUAL: bn = (bn != bnZero); break;
718  default: assert(!"invalid opcode"); break;
719  }
720  popstack(stack);
721  stack.push_back(bn.getvch());
722  }
723  break;
724 
725  case OP_ADD:
726  case OP_SUB:
727  case OP_BOOLAND:
728  case OP_BOOLOR:
729  case OP_NUMEQUAL:
730  case OP_NUMEQUALVERIFY:
731  case OP_NUMNOTEQUAL:
732  case OP_LESSTHAN:
733  case OP_GREATERTHAN:
734  case OP_LESSTHANOREQUAL:
735  case OP_GREATERTHANOREQUAL:
736  case OP_MIN:
737  case OP_MAX:
738  {
739  // (x1 x2 -- out)
740  if (stack.size() < 2)
741  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
742  CScriptNum bn1(stacktop(-2), fRequireMinimal);
743  CScriptNum bn2(stacktop(-1), fRequireMinimal);
744  CScriptNum bn(0);
745  switch (opcode)
746  {
747  case OP_ADD:
748  bn = bn1 + bn2;
749  break;
750 
751  case OP_SUB:
752  bn = bn1 - bn2;
753  break;
754 
755  case OP_BOOLAND: bn = (bn1 != bnZero && bn2 != bnZero); break;
756  case OP_BOOLOR: bn = (bn1 != bnZero || bn2 != bnZero); break;
757  case OP_NUMEQUAL: bn = (bn1 == bn2); break;
758  case OP_NUMEQUALVERIFY: bn = (bn1 == bn2); break;
759  case OP_NUMNOTEQUAL: bn = (bn1 != bn2); break;
760  case OP_LESSTHAN: bn = (bn1 < bn2); break;
761  case OP_GREATERTHAN: bn = (bn1 > bn2); break;
762  case OP_LESSTHANOREQUAL: bn = (bn1 <= bn2); break;
763  case OP_GREATERTHANOREQUAL: bn = (bn1 >= bn2); break;
764  case OP_MIN: bn = (bn1 < bn2 ? bn1 : bn2); break;
765  case OP_MAX: bn = (bn1 > bn2 ? bn1 : bn2); break;
766  default: assert(!"invalid opcode"); break;
767  }
768  popstack(stack);
769  popstack(stack);
770  stack.push_back(bn.getvch());
771 
772  if (opcode == OP_NUMEQUALVERIFY)
773  {
774  if (CastToBool(stacktop(-1)))
775  popstack(stack);
776  else
777  return set_error(serror, SCRIPT_ERR_NUMEQUALVERIFY);
778  }
779  }
780  break;
781 
782  case OP_WITHIN:
783  {
784  // (x min max -- out)
785  if (stack.size() < 3)
786  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
787  CScriptNum bn1(stacktop(-3), fRequireMinimal);
788  CScriptNum bn2(stacktop(-2), fRequireMinimal);
789  CScriptNum bn3(stacktop(-1), fRequireMinimal);
790  bool fValue = (bn2 <= bn1 && bn1 < bn3);
791  popstack(stack);
792  popstack(stack);
793  popstack(stack);
794  stack.push_back(fValue ? vchTrue : vchFalse);
795  }
796  break;
797 
798 
799  //
800  // Crypto
801  //
802  case OP_RIPEMD160:
803  case OP_SHA1:
804  case OP_SHA256:
805  case OP_HASH160:
806  case OP_HASH256:
807  {
808  // (in -- hash)
809  if (stack.size() < 1)
810  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
811  valtype& vch = stacktop(-1);
812  valtype vchHash((opcode == OP_RIPEMD160 || opcode == OP_SHA1 || opcode == OP_HASH160) ? 20 : 32);
813  if (opcode == OP_RIPEMD160)
814  CRIPEMD160().Write(vch.data(), vch.size()).Finalize(vchHash.data());
815  else if (opcode == OP_SHA1)
816  CSHA1().Write(vch.data(), vch.size()).Finalize(vchHash.data());
817  else if (opcode == OP_SHA256)
818  CSHA256().Write(vch.data(), vch.size()).Finalize(vchHash.data());
819  else if (opcode == OP_HASH160)
820  CHash160().Write(vch.data(), vch.size()).Finalize(vchHash.data());
821  else if (opcode == OP_HASH256)
822  CHash256().Write(vch.data(), vch.size()).Finalize(vchHash.data());
823  popstack(stack);
824  stack.push_back(vchHash);
825  }
826  break;
827 
828  case OP_CODESEPARATOR:
829  {
830  // Hash starts after the code separator
831  pbegincodehash = pc;
832  }
833  break;
834 
835  case OP_CHECKSIG:
836  case OP_CHECKSIGVERIFY:
837  {
838  // (sig pubkey -- bool)
839  if (stack.size() < 2)
840  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
841 
842  valtype& vchSig = stacktop(-2);
843  valtype& vchPubKey = stacktop(-1);
844 
845  // Subset of script starting at the most recent codeseparator
846  CScript scriptCode(pbegincodehash, pend);
847 
848  // Drop the signature, since there's no way for a signature to sign itself
849  scriptCode.FindAndDelete(CScript(vchSig));
850 
851  if (!CheckSignatureEncoding(vchSig, flags, serror) || !CheckPubKeyEncoding(vchPubKey, flags, serror)) {
852  //serror is set
853  return false;
854  }
855  bool fSuccess = checker.CheckSig(vchSig, vchPubKey, scriptCode, sigversion);
856 
857  popstack(stack);
858  popstack(stack);
859  stack.push_back(fSuccess ? vchTrue : vchFalse);
860  if (opcode == OP_CHECKSIGVERIFY)
861  {
862  if (fSuccess)
863  popstack(stack);
864  else
865  return set_error(serror, SCRIPT_ERR_CHECKSIGVERIFY);
866  }
867  }
868  break;
869 
870  case OP_CHECKMULTISIG:
871  case OP_CHECKMULTISIGVERIFY:
872  {
873  // ([sig ...] num_of_signatures [pubkey ...] num_of_pubkeys -- bool)
874 
875  int i = 1;
876  if ((int)stack.size() < i)
877  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
878 
879  int nKeysCount = CScriptNum(stacktop(-i), fRequireMinimal).getint();
880  if (nKeysCount < 0 || nKeysCount > MAX_PUBKEYS_PER_MULTISIG)
881  return set_error(serror, SCRIPT_ERR_PUBKEY_COUNT);
882  nOpCount += nKeysCount;
883  if (nOpCount > 201)
884  return set_error(serror, SCRIPT_ERR_OP_COUNT);
885  int ikey = ++i;
886  i += nKeysCount;
887  if ((int)stack.size() < i)
888  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
889 
890  int nSigsCount = CScriptNum(stacktop(-i), fRequireMinimal).getint();
891  if (nSigsCount < 0 || nSigsCount > nKeysCount)
892  return set_error(serror, SCRIPT_ERR_SIG_COUNT);
893  int isig = ++i;
894  i += nSigsCount;
895  if ((int)stack.size() < i)
896  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
897 
898  // Subset of script starting at the most recent codeseparator
899  CScript scriptCode(pbegincodehash, pend);
900 
901  // Drop the signatures, since there's no way for a signature to sign itself
902  for (int k = 0; k < nSigsCount; k++)
903  {
904  valtype& vchSig = stacktop(-isig-k);
905  scriptCode.FindAndDelete(CScript(vchSig));
906  }
907 
908  bool fSuccess = true;
909  while (fSuccess && nSigsCount > 0)
910  {
911  valtype& vchSig = stacktop(-isig);
912  valtype& vchPubKey = stacktop(-ikey);
913 
914  // Note how this makes the exact order of pubkey/signature evaluation
915  // distinguishable by CHECKMULTISIG NOT if the STRICTENC flag is set.
916  // See the script_(in)valid tests for details.
917  if (!CheckSignatureEncoding(vchSig, flags, serror) || !CheckPubKeyEncoding(vchPubKey, flags, serror)) {
918  // serror is set
919  return false;
920  }
921 
922  // Check signature
923  bool fOk = checker.CheckSig(vchSig, vchPubKey, scriptCode, sigversion);
924 
925  if (fOk) {
926  isig++;
927  nSigsCount--;
928  }
929  ikey++;
930  nKeysCount--;
931 
932  // If there are more signatures left than keys left,
933  // then too many signatures have failed. Exit early,
934  // without checking any further signatures.
935  if (nSigsCount > nKeysCount)
936  fSuccess = false;
937  }
938 
939  // Clean up stack of actual arguments
940  while (i-- > 1)
941  popstack(stack);
942 
943  // A bug causes CHECKMULTISIG to consume one extra argument
944  // whose contents were not checked in any way.
945  //
946  // Unfortunately this is a potential source of mutability,
947  // so optionally verify it is exactly equal to zero prior
948  // to removing it from the stack.
949  if (stack.size() < 1)
950  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
951  if ((flags & SCRIPT_VERIFY_NULLDUMMY) && stacktop(-1).size())
952  return set_error(serror, SCRIPT_ERR_SIG_NULLDUMMY);
953  popstack(stack);
954 
955  stack.push_back(fSuccess ? vchTrue : vchFalse);
956 
957  if (opcode == OP_CHECKMULTISIGVERIFY)
958  {
959  if (fSuccess)
960  popstack(stack);
961  else
962  return set_error(serror, SCRIPT_ERR_CHECKMULTISIGVERIFY);
963  }
964  }
965  break;
966 
967  case OP_CHECKCOLDSTAKEVERIFY:
968  {
969  if (!checker.CheckColdStake(false, script, stack, flags, serror)) {
970  // serror set
971  return false;
972  }
973  }
974  break;
975 
976  case OP_CHECKCOLDSTAKEVERIFY_LOF:
977  {
978  // Allow last output script "free"
979  if (!checker.CheckColdStake(true, script, stack, flags, serror)) {
980  // serror set
981  return false;
982  }
983  }
984  break;
985 
986  default:
987  return set_error(serror, SCRIPT_ERR_BAD_OPCODE);
988  }
989 
990  // Size limits
991  if (stack.size() + altstack.size() > MAX_STACK_SIZE)
992  return set_error(serror, SCRIPT_ERR_STACK_SIZE);
993  }
994  }
995  catch (...)
996  {
997  return set_error(serror, SCRIPT_ERR_UNKNOWN_ERROR);
998  }
999 
1000  if (!vfExec.empty())
1001  return set_error(serror, SCRIPT_ERR_UNBALANCED_CONDITIONAL);
1002 
1003  return set_success(serror);
1004 }
1005 
1006 namespace {
1007 
1012 class CTransactionSignatureSerializer {
1013 private:
1014  const CTransaction &txTo;
1015  const CScript &scriptCode;
1016  const unsigned int nIn;
1017  const bool fAnyoneCanPay;
1018  const bool fHashSingle;
1019  const bool fHashNone;
1020 
1021 public:
1022  CTransactionSignatureSerializer(const CTransaction &txToIn, const CScript &scriptCodeIn, unsigned int nInIn, int nHashTypeIn) :
1023  txTo(txToIn), scriptCode(scriptCodeIn), nIn(nInIn),
1024  fAnyoneCanPay(!!(nHashTypeIn & SIGHASH_ANYONECANPAY)),
1025  fHashSingle((nHashTypeIn & 0x1f) == SIGHASH_SINGLE),
1026  fHashNone((nHashTypeIn & 0x1f) == SIGHASH_NONE) {}
1027 
1029  template<typename S>
1030  void SerializeScriptCode(S &s) const {
1031  CScript::const_iterator it = scriptCode.begin();
1032  CScript::const_iterator itBegin = it;
1033  opcodetype opcode;
1034  unsigned int nCodeSeparators = 0;
1035  while (scriptCode.GetOp(it, opcode)) {
1036  if (opcode == OP_CODESEPARATOR)
1037  nCodeSeparators++;
1038  }
1039  ::WriteCompactSize(s, scriptCode.size() - nCodeSeparators);
1040  it = itBegin;
1041  while (scriptCode.GetOp(it, opcode)) {
1042  if (opcode == OP_CODESEPARATOR) {
1043  s.write((char*)&itBegin[0], it-itBegin-1);
1044  itBegin = it;
1045  }
1046  }
1047  if (itBegin != scriptCode.end())
1048  s.write((char*)&itBegin[0], it-itBegin);
1049  }
1050 
1052  template<typename S>
1053  void SerializeInput(S &s, unsigned int nInput) const {
1054  // In case of SIGHASH_ANYONECANPAY, only the input being signed is serialized
1055  if (fAnyoneCanPay)
1056  nInput = nIn;
1057  // Serialize the prevout
1058  ::Serialize(s, txTo.vin[nInput].prevout);
1059  assert(nInput != NOT_AN_INPUT);
1060  // Serialize the script
1061  if (nInput != nIn)
1062  // Blank out other inputs' signatures
1063  ::Serialize(s, CScript());
1064  else
1065  SerializeScriptCode(s);
1066  // Serialize the nSequence
1067  if (nInput != nIn && (fHashSingle || fHashNone))
1068  // let the others update at will
1069  ::Serialize(s, (int)0);
1070  else
1071  ::Serialize(s, txTo.vin[nInput].nSequence);
1072  }
1073 
1075  template<typename S>
1076  void SerializeOutput(S &s, unsigned int nOutput) const {
1077  if (fHashSingle && nOutput != nIn)
1078  // Do not lock-in the txout payee at other indices as txin
1079  ::Serialize(s, CTxOut());
1080  else
1081  ::Serialize(s, txTo.vout[nOutput]);
1082  }
1083 
1085  template<typename S>
1086  void Serialize(S &s) const {
1087  // Serialize nVersion
1088  ::Serialize(s, txTo.nVersion);
1089  // Serialize nType
1090  ::Serialize(s, txTo.nType);
1091  // Serialize vin
1092  unsigned int nInputs = fAnyoneCanPay ? 1 : txTo.vin.size();
1093  ::WriteCompactSize(s, nInputs);
1094  for (unsigned int nInput = 0; nInput < nInputs; nInput++)
1095  SerializeInput(s, nInput);
1096  // Serialize vout
1097  unsigned int nOutputs = fHashNone ? 0 : (fHashSingle ? nIn+1 : txTo.vout.size());
1098  ::WriteCompactSize(s, nOutputs);
1099  for (unsigned int nOutput = 0; nOutput < nOutputs; nOutput++)
1100  SerializeOutput(s, nOutput);
1101  // Serialize nLockTime
1102  ::Serialize(s, txTo.nLockTime);
1103  }
1104 };
1105 
1106 const unsigned char PIVX_PREVOUTS_HASH_PERSONALIZATION[crypto_generichash_blake2b_PERSONALBYTES] =
1107  {'P','I','V','X','P','r','e','v','o','u','t','H','a','s','h'};
1108 const unsigned char PIVX_SEQUENCE_HASH_PERSONALIZATION[crypto_generichash_blake2b_PERSONALBYTES] =
1109  {'P','I','V','X','S','e','q','u','e','n','c','H','a','s','h'};
1110 const unsigned char PIVX_OUTPUTS_HASH_PERSONALIZATION[crypto_generichash_blake2b_PERSONALBYTES] =
1111  {'P','I','V','X','O','u','t','p','u','t','s','H','a','s','h'};
1112 const unsigned char PIVX_SHIELDED_SPENDS_HASH_PERSONALIZATION[crypto_generichash_blake2b_PERSONALBYTES] =
1113  {'P','I','V','X','S','S','p','e','n','d','s','H','a','s','h'};
1114 const unsigned char PIVX_SHIELDED_OUTPUTS_HASH_PERSONALIZATION[crypto_generichash_blake2b_PERSONALBYTES] =
1115  {'P','I','V','X','S','O','u','t','p','u','t','H','a','s','h'};
1116 
1117 
1118 
1119 uint256 GetPrevoutHash(const CTransaction& txTo) {
1120  CBLAKE2bWriter ss(SER_GETHASH, 0, PIVX_PREVOUTS_HASH_PERSONALIZATION);
1121  for (unsigned int n = 0; n < txTo.vin.size(); n++) {
1122  ss << txTo.vin[n].prevout;
1123  }
1124  return ss.GetHash();
1125 }
1126 
1127 uint256 GetSequenceHash(const CTransaction& txTo) {
1128  CBLAKE2bWriter ss(SER_GETHASH, 0, PIVX_SEQUENCE_HASH_PERSONALIZATION);
1129  for (unsigned int n = 0; n < txTo.vin.size(); n++) {
1130  ss << txTo.vin[n].nSequence;
1131  }
1132  return ss.GetHash();
1133 }
1134 
1135 uint256 GetOutputsHash(const CTransaction& txTo) {
1136  CBLAKE2bWriter ss(SER_GETHASH, 0, PIVX_OUTPUTS_HASH_PERSONALIZATION);
1137  for (unsigned int n = 0; n < txTo.vout.size(); n++) {
1138  ss << txTo.vout[n];
1139  }
1140  return ss.GetHash();
1141 }
1142 
1143 uint256 GetShieldedSpendsHash(const CTransaction& txTo) {
1144  assert(txTo.sapData);
1145  CBLAKE2bWriter ss(SER_GETHASH, 0, PIVX_SHIELDED_SPENDS_HASH_PERSONALIZATION);
1146  auto sapData = txTo.sapData;
1147  for (const auto& n : sapData->vShieldedSpend) {
1148  ss << n.cv;
1149  ss << n.anchor;
1150  ss << n.nullifier;
1151  ss << n.rk;
1152  ss << n.zkproof;
1153  }
1154  return ss.GetHash();
1155 }
1156 
1157 uint256 GetShieldedOutputsHash(const CTransaction& txTo) {
1158  assert(txTo.sapData);
1159  CBLAKE2bWriter ss(SER_GETHASH, 0, PIVX_SHIELDED_OUTPUTS_HASH_PERSONALIZATION);
1160  auto sapData = txTo.sapData;
1161  for (const auto& n : sapData->vShieldedOutput) {
1162  ss << n;
1163  }
1164  return ss.GetHash();
1165 }
1166 
1167 } // anon namespace
1168 
1169 PrecomputedTransactionData::PrecomputedTransactionData(const CTransaction& txTo)
1170 {
1171  hashPrevouts = GetPrevoutHash(txTo);
1172  hashSequence = GetSequenceHash(txTo);
1173  hashOutputs = GetOutputsHash(txTo);
1174  if (txTo.sapData) {
1175  hashShieldedSpends = GetShieldedSpendsHash(txTo);
1176  hashShieldedOutputs = GetShieldedOutputsHash(txTo);
1177  }
1178 }
1179 
1180 uint256 SignatureHash(const CScript& scriptCode, const CTransaction& txTo, unsigned int nIn, int nHashType, const CAmount& amount, SigVersion sigversion, const PrecomputedTransactionData* cache)
1181 {
1182  if (nIn >= txTo.vin.size() && nIn != NOT_AN_INPUT) {
1183  // nIn out of range
1184  return UINT256_ONE;
1185  }
1186 
1187  if (txTo.isSaplingVersion() && sigversion != SIGVERSION_SAPLING) {
1188  throw std::runtime_error("SignatureHash in Sapling tx with wrong sigversion " + std::to_string(sigversion));
1189  }
1190 
1191  if (sigversion == SIGVERSION_SAPLING) {
1192 
1193  uint256 hashPrevouts;
1194  uint256 hashSequence;
1195  uint256 hashOutputs;
1196  uint256 hashShieldedSpends;
1197  uint256 hashShieldedOutputs;
1198  bool hasSapData = false;
1199 
1200  if (!(nHashType & SIGHASH_ANYONECANPAY)) {
1201  hashPrevouts = cache ? cache->hashPrevouts : GetPrevoutHash(txTo);
1202  }
1203 
1204  if (!(nHashType & SIGHASH_ANYONECANPAY) && (nHashType & 0x1f) != SIGHASH_SINGLE && (nHashType & 0x1f) != SIGHASH_NONE) {
1205  hashSequence = cache ? cache->hashSequence : GetSequenceHash(txTo);
1206  }
1207 
1208  if ((nHashType & 0x1f) != SIGHASH_SINGLE && (nHashType & 0x1f) != SIGHASH_NONE) {
1209  hashOutputs = cache ? cache->hashOutputs : GetOutputsHash(txTo);
1210  } else if ((nHashType & 0x1f) == SIGHASH_SINGLE && nIn < txTo.vout.size()) {
1211  CBLAKE2bWriter ss(SER_GETHASH, 0, PIVX_OUTPUTS_HASH_PERSONALIZATION);
1212  ss << txTo.vout[nIn];
1213  hashOutputs = ss.GetHash();
1214  }
1215 
1216  if (txTo.sapData) {
1217  if (!txTo.sapData->vShieldedSpend.empty()) {
1218  hashShieldedSpends = cache ? cache->hashShieldedSpends : GetShieldedSpendsHash(txTo);
1219  hasSapData = true;
1220  }
1221 
1222  if (!txTo.sapData->vShieldedOutput.empty()) {
1223  hashShieldedOutputs = cache ? cache->hashShieldedOutputs : GetShieldedOutputsHash(txTo);
1224  hasSapData = true;
1225  }
1226  }
1227 
1228  // todo: complete branch id with the active network upgrade
1229  uint32_t leConsensusBranchId = htole32(0);
1230  unsigned char personalization[16] = {};
1231  memcpy(personalization, "PIVXSigHash", 12);
1232  memcpy(personalization+12, &leConsensusBranchId, 4);
1233 
1234  CBLAKE2bWriter ss(SER_GETHASH, 0, personalization);
1235  // Version
1236  ss << txTo.nVersion;
1237  // Type
1238  ss << txTo.nType;
1239  // Input prevouts/nSequence (none/all, depending on flags)
1240  ss << hashPrevouts;
1241  ss << hashSequence;
1242  // Outputs (none/one/all, depending on flags)
1243  ss << hashOutputs;
1244 
1245  if (hasSapData) {
1246  // Spend descriptions
1247  ss << hashShieldedSpends;
1248  // Output descriptions
1249  ss << hashShieldedOutputs;
1250  // Sapling value balance
1251  ss << txTo.sapData->valueBalance;
1252  }
1253 
1254  if (nIn != NOT_AN_INPUT) {
1255  // The input being signed (replacing the scriptSig with scriptCode + amount)
1256  // The prevout may already be contained in hashPrevout, and the nSequence
1257  // may already be contained in hashSequence.
1258  ss << txTo.vin[nIn].prevout;
1259  ss << scriptCode;
1260  ss << amount;
1261  ss << txTo.vin[nIn].nSequence;
1262  }
1263 
1264  // Extra payload for special transactions
1265  if (txTo.IsSpecialTx()) {
1266  ss << *(txTo.extraPayload);
1267  }
1268 
1269  // Locktime
1270  ss << txTo.nLockTime;
1271  // Sighash type
1272  ss << nHashType;
1273 
1274  return ss.GetHash();
1275  }
1276 
1277  // Check for invalid use of SIGHASH_SINGLE
1278  if ((nHashType & 0x1f) == SIGHASH_SINGLE) {
1279  if (nIn >= txTo.vout.size()) {
1280  // nOut out of range
1281  return UINT256_ONE;
1282  }
1283  }
1284 
1285  // Wrapper to serialize only the necessary parts of the transaction being signed
1286  CTransactionSignatureSerializer txTmp(txTo, scriptCode, nIn, nHashType);
1287 
1288  // Serialize and hash
1289  CHashWriter ss(SER_GETHASH, 0);
1290  ss << txTmp << nHashType;
1291  return ss.GetHash();
1292 }
1293 
1294 bool TransactionSignatureChecker::VerifySignature(const std::vector<unsigned char>& vchSig, const CPubKey& pubkey, const uint256& sighash) const
1295 {
1296  return pubkey.Verify(sighash, vchSig);
1297 }
1298 
1299 bool TransactionSignatureChecker::CheckSig(const std::vector<unsigned char>& vchSigIn, const std::vector<unsigned char>& vchPubKey, const CScript& scriptCode, SigVersion sigversion) const
1300 {
1301  CPubKey pubkey(vchPubKey);
1302  if (!pubkey.IsValid())
1303  return false;
1304 
1305  // Hash type is one byte tacked on to the end of the signature
1306  std::vector<unsigned char> vchSig(vchSigIn);
1307  if (vchSig.empty())
1308  return false;
1309  int nHashType = vchSig.back();
1310  vchSig.pop_back();
1311 
1312  const uint256& sighash = SignatureHash(scriptCode, *txTo, nIn, nHashType, amount, sigversion, this->precomTxData);
1313 
1314  if (!VerifySignature(vchSig, pubkey, sighash))
1315  return false;
1316 
1317  return true;
1318 }
1319 
1320 bool TransactionSignatureChecker::CheckLockTime(const CScriptNum& nLockTime) const
1321 {
1322  // There are two times of nLockTime: lock-by-blockheight
1323  // and lock-by-blocktime, distinguished by whether
1324  // nLockTime < LOCKTIME_THRESHOLD.
1325  //
1326  // We want to compare apples to apples, so fail the script
1327  // unless the type of nLockTime being tested is the same as
1328  // the nLockTime in the transaction.
1329  if (!(
1330  (txTo->nLockTime < LOCKTIME_THRESHOLD && nLockTime < LOCKTIME_THRESHOLD) ||
1331  (txTo->nLockTime >= LOCKTIME_THRESHOLD && nLockTime >= LOCKTIME_THRESHOLD)
1332  ))
1333  return false;
1334 
1335  // Now that we know we're comparing apples-to-apples, the
1336  // comparison is a simple numeric one.
1337  if (nLockTime > (int64_t)txTo->nLockTime)
1338  return false;
1339 
1340  // Finally the nLockTime feature can be disabled and thus
1341  // CHECKLOCKTIMEVERIFY bypassed if every txin has been
1342  // finalized by setting nSequence to maxint. The
1343  // transaction would be allowed into the blockchain, making
1344  // the opcode ineffective.
1345  //
1346  // Testing if this vin is not final is sufficient to
1347  // prevent this condition. Alternatively we could test all
1348  // inputs, but testing just this input minimizes the data
1349  // required to prove correct CHECKLOCKTIMEVERIFY execution.
1350  if (txTo->vin[nIn].IsFinal())
1351  return false;
1352 
1353  return true;
1354 }
1355 
1356 bool TransactionSignatureChecker::CheckColdStake(bool fAllowLastOutputFree, const CScript& prevoutScript, std::vector<valtype>& stack, unsigned int flags, ScriptError* serror) const
1357 {
1358  // the stack can contain only <sig> <pk> <pkh> at this point
1359  if ((int)stack.size() != 3) {
1360  return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
1361  }
1362  // check pubkey/signature encoding
1363  valtype& vchSig = stacktop(-3);
1364  valtype& vchPubKey = stacktop(-2);
1365  if (!CheckSignatureEncoding(vchSig, flags, serror) ||
1366  !CheckPubKeyEncoding(vchPubKey, flags, serror)) {
1367  // serror is set
1368  return false;
1369  }
1370  // check hash size
1371  valtype& vchPubKeyHash = stacktop(-1);
1372  if ((int)vchPubKeyHash.size() != 20) {
1373  return set_error(serror, SCRIPT_ERR_SCRIPT_SIZE);
1374  }
1375 
1376  // check it is used in a valid cold stake transaction.
1377  // Transaction must be a coinstake tx
1378  if (!txTo->IsCoinStake()) {
1379  return set_error(serror, SCRIPT_ERR_CHECKCOLDSTAKEVERIFY);
1380  }
1381  // There must be one single input
1382  if (txTo->vin.size() != 1) {
1383  return set_error(serror, SCRIPT_ERR_CHECKCOLDSTAKEVERIFY);
1384  }
1385  // Since this is a coinstake, it has at least 2 outputs
1386  const unsigned int outs = txTo->vout.size();
1387  assert(outs >= 2);
1388  // All outputs must have the same pubKeyScript, and it must match the script we are spending.
1389  // If the coinstake has at least 3 outputs, the last one can be left free, to be used for
1390  // budget/masternode payments (before v6.0 enforcement), and is checked in CheckColdstakeFreeOutput().
1391  // Here we verify only that input amount goes to the non-free outputs.
1392  CAmount outValue{0};
1393  for (unsigned int i = 1; i < outs; i++) {
1394  if (txTo->vout[i].scriptPubKey != prevoutScript) {
1395  // Only the last one can be different (and only when outs >=3 and fAllowLastOutputFree=true)
1396  if (!fAllowLastOutputFree || i != outs-1 || outs < 3) {
1397  return set_error(serror, SCRIPT_ERR_CHECKCOLDSTAKEVERIFY);
1398  }
1399  } else {
1400  outValue += txTo->vout[i].nValue;
1401  }
1402  }
1403  if (outValue < amount) {
1404  return set_error(serror, SCRIPT_ERR_CHECKCOLDSTAKEVERIFY);
1405  }
1406  return true;
1407 }
1408 
1409 
1410 bool VerifyScript(const CScript& scriptSig, const CScript& scriptPubKey, unsigned int flags, const BaseSignatureChecker& checker, SigVersion sigversion, ScriptError* serror)
1411 {
1412  set_error(serror, SCRIPT_ERR_UNKNOWN_ERROR);
1413 
1414  if ((flags & SCRIPT_VERIFY_SIGPUSHONLY) != 0 && !scriptSig.IsPushOnly()) {
1415  return set_error(serror, SCRIPT_ERR_SIG_PUSHONLY);
1416  }
1417 
1418  std::vector<std::vector<unsigned char> > stack, stackCopy;
1419  if (!EvalScript(stack, scriptSig, flags, checker, sigversion, serror))
1420  // serror is set
1421  return false;
1422  if (flags & SCRIPT_VERIFY_P2SH)
1423  stackCopy = stack;
1424  if (!EvalScript(stack, scriptPubKey, flags, checker, sigversion, serror))
1425  // serror is set
1426  return false;
1427  if (stack.empty())
1428  return set_error(serror, SCRIPT_ERR_EVAL_FALSE);
1429  if (CastToBool(stack.back()) == false)
1430  return set_error(serror, SCRIPT_ERR_EVAL_FALSE);
1431 
1432  // Additional validation for spend-to-script-hash transactions:
1433  if ((flags & SCRIPT_VERIFY_P2SH) && scriptPubKey.IsPayToScriptHash())
1434  {
1435  // scriptSig must be literals-only or validation fails
1436  if (!scriptSig.IsPushOnly())
1437  return set_error(serror, SCRIPT_ERR_SIG_PUSHONLY);
1438 
1439  // Restore stack.
1440  swap(stack, stackCopy);
1441 
1442  // stack cannot be empty here, because if it was the
1443  // P2SH HASH <> EQUAL scriptPubKey would be evaluated with
1444  // an empty stack and the EvalScript above would return false.
1445  assert(!stack.empty());
1446 
1447  const valtype& pubKeySerialized = stack.back();
1448  CScript pubKey2(pubKeySerialized.begin(), pubKeySerialized.end());
1449  popstack(stack);
1450 
1451  if (!EvalScript(stack, pubKey2, flags, checker, sigversion, serror))
1452  // serror is set
1453  return false;
1454  if (stack.empty())
1455  return set_error(serror, SCRIPT_ERR_EVAL_FALSE);
1456  if (!CastToBool(stack.back()))
1457  return set_error(serror, SCRIPT_ERR_EVAL_FALSE);
1458  }
1459 
1460  // The CLEANSTACK check is only performed after potential P2SH evaluation,
1461  // as the non-P2SH evaluation of a P2SH script will obviously not result in
1462  // a clean stack (the P2SH inputs remain).
1463  if ((flags & SCRIPT_VERIFY_CLEANSTACK) != 0) {
1464  // Disallow CLEANSTACK without P2SH, as otherwise a switch CLEANSTACK->P2SH+CLEANSTACK
1465  // would be possible, which is not a softfork (and P2SH should be one).
1466  assert((flags & SCRIPT_VERIFY_P2SH) != 0);
1467  if (stack.size() != 1) {
1468  return set_error(serror, SCRIPT_ERR_CLEANSTACK);
1469  }
1470  }
1471 
1472  return set_success(serror);
1473 }
CAmount
int64_t CAmount
Amount in PIV (Can be negative)
Definition: amount.h:13
BaseSignatureChecker::CheckColdStake
virtual bool CheckColdStake(bool fAllowLastOutputFree, const CScript &prevoutScript, std::vector< valtype > &stack, unsigned int flags, ScriptError *error) const
Definition: interpreter.h:114
BaseSignatureChecker::CheckLockTime
virtual bool CheckLockTime(const CScriptNum &nLockTime) const
Definition: interpreter.h:109
BaseSignatureChecker::CheckSig
virtual bool CheckSig(const std::vector< unsigned char > &scriptSig, const std::vector< unsigned char > &vchPubKey, const CScript &scriptCode, SigVersion sigversion) const
Definition: interpreter.h:104
CBLAKE2bWriter
A writer stream (for serialization) that computes a 256-bit BLAKE2b hash.
Definition: hash.h:298
CBLAKE2bWriter::GetHash
uint256 GetHash()
Definition: hash.h:321
CHash160
A hasher class for Bitcoin's 160-bit hash (SHA-256 + RIPEMD-160).
Definition: hash.h:126
CHash160::Finalize
void Finalize(unsigned char hash[OUTPUT_SIZE])
Definition: hash.h:133
CHash160::Write
CHash160 & Write(const unsigned char *data, size_t len)
Definition: hash.h:140
CHash256
A hasher class for Bitcoin's 256-bit hash (double SHA-256).
Definition: hash.h:38
CHash256::Write
CHash256 & Write(const unsigned char *data, size_t len)
Definition: hash.h:52
CHash256::Finalize
void Finalize(unsigned char hash[OUTPUT_SIZE])
Definition: hash.h:45
CHashWriter
A writer stream (for serialization) that computes a 256-bit hash.
Definition: hash.h:216
CHashWriter::GetHash
uint256 GetHash()
Definition: hash.h:236
CPubKey
An encapsulated public key.
Definition: pubkey.h:44
CPubKey::CheckLowS
static bool CheckLowS(const std::vector< unsigned char > &vchSig)
Check whether a signature is normalized (lower-S).
Definition: pubkey.cpp:287
CPubKey::IsValid
bool IsValid() const
Definition: pubkey.h:183
CPubKey::Verify
bool Verify(const uint256 &hash, const std::vector< unsigned char > &vchSig) const
Verify a DER signature (~72 bytes).
Definition: pubkey.cpp:169
CPubKey::PUBLIC_KEY_SIZE
static constexpr unsigned int PUBLIC_KEY_SIZE
secp256k1:
Definition: pubkey.h:49
CPubKey::COMPRESSED_PUBLIC_KEY_SIZE
static constexpr unsigned int COMPRESSED_PUBLIC_KEY_SIZE
Definition: pubkey.h:50
CRIPEMD160
A hasher class for RIPEMD-160.
Definition: ripemd160.h:13
CRIPEMD160::Write
CRIPEMD160 & Write(const unsigned char *data, size_t len)
Definition: ripemd160.cpp:247
CRIPEMD160::Finalize
void Finalize(unsigned char hash[OUTPUT_SIZE])
Definition: ripemd160.cpp:273
CSHA1
A hasher class for SHA1.
Definition: sha1.h:13
CSHA1::Write
CSHA1 & Write(const unsigned char *data, size_t len)
Definition: sha1.cpp:154
CSHA1::Finalize
void Finalize(unsigned char hash[OUTPUT_SIZE])
Definition: sha1.cpp:180
CSHA256
A hasher class for SHA-256.
Definition: sha256.h:13
CSHA256::Finalize
void Finalize(unsigned char hash[OUTPUT_SIZE])
Definition: sha256.cpp:168
CSHA256::Write
CSHA256 & Write(const unsigned char *data, size_t len)
Definition: sha256.cpp:142
CScript
Serialized script, used inside transaction inputs and outputs.
Definition: script.h:381
CScript::IsPushOnly
bool IsPushOnly(const_iterator pc) const
Called by IsStandardTx and P2SH/BIP62 VerifyScript (which makes it consensus-critical).
Definition: script.cpp:285
CScript::IsPayToScriptHash
bool IsPayToScriptHash() const
Definition: script.cpp:223
CScript::GetOp
bool GetOp(iterator &pc, opcodetype &opcodeRet, std::vector< unsigned char > &vchRet)
Definition: script.h:488
CScript::FindAndDelete
int FindAndDelete(const CScript &b)
Definition: script.h:583
CScript::IsPayToExchangeAddress
bool IsPayToExchangeAddress() const
Definition: script.cpp:254
CScriptNum::getint
int getint() const
Definition: script.h:303
CScriptNum::getvch
std::vector< unsigned char > getvch() const
Definition: script.h:312
CTransaction
The basic transaction that is broadcasted on the network and contained in blocks.
Definition: transaction.h:244
CTransaction::nType
const int16_t nType
Definition: transaction.h:273
CTransaction::vin
std::vector< CTxIn > vin
Definition: transaction.h:270
CTransaction::nLockTime
const uint32_t nLockTime
Definition: transaction.h:274
CTransaction::nVersion
const int16_t nVersion
Definition: transaction.h:272
CTransaction::extraPayload
Optional< std::vector< uint8_t > > extraPayload
Definition: transaction.h:276
CTransaction::IsSpecialTx
bool IsSpecialTx() const
Definition: transaction.h:329
CTransaction::sapData
Optional< SaplingTxData > sapData
Definition: transaction.h:275
CTransaction::isSaplingVersion
bool isSaplingVersion() const
Definition: transaction.h:314
CTransaction::IsCoinStake
bool IsCoinStake() const
Definition: transaction.cpp:134
CTransaction::vout
std::vector< CTxOut > vout
Definition: transaction.h:271
CTxOut
An output of a transaction.
Definition: transaction.h:137
TransactionSignatureChecker::precomTxData
const PrecomputedTransactionData * precomTxData
Definition: interpreter.h:128
TransactionSignatureChecker::CheckColdStake
bool CheckColdStake(bool fAllowLastOutputFree, const CScript &prevoutScript, std::vector< valtype > &stack, unsigned int flags, ScriptError *serror) const override
Definition: interpreter.cpp:1356
TransactionSignatureChecker::CheckSig
bool CheckSig(const std::vector< unsigned char > &scriptSig, const std::vector< unsigned char > &vchPubKey, const CScript &scriptCode, SigVersion sigversion) const override
Definition: interpreter.cpp:1299
TransactionSignatureChecker::VerifySignature
virtual bool VerifySignature(const std::vector< unsigned char > &vchSig, const CPubKey &vchPubKey, const uint256 &sighash) const
Definition: interpreter.cpp:1294
TransactionSignatureChecker::CheckLockTime
bool CheckLockTime(const CScriptNum &nLockTime) const override
Definition: interpreter.cpp:1320
TransactionSignatureChecker::txTo
const CTransaction * txTo
Definition: interpreter.h:125
prevector::const_iterator
Definition: prevector.h:99
prevector::size
size_type size() const
Definition: prevector.h:277
prevector::begin
iterator begin()
Definition: prevector.h:285
prevector::end
iterator end()
Definition: prevector.h:287
uint256
256-bit opaque blob.
Definition: uint256.h:138
htole32
uint32_t htole32(uint32_t host_32bits)
Definition: endian.h:191
memcpy
void * memcpy(void *a, const void *b, size_t c)
Definition: glibc_compat.cpp:18
VerifyScript
bool VerifyScript(const CScript &scriptSig, const CScript &scriptPubKey, unsigned int flags, const BaseSignatureChecker &checker, SigVersion sigversion, ScriptError *serror)
Definition: interpreter.cpp:1410
EvalScript
bool EvalScript(std::vector< std::vector< unsigned char > > &stack, const CScript &script, unsigned int flags, const BaseSignatureChecker &checker, SigVersion sigversion, ScriptError *serror)
Definition: interpreter.cpp:237
CastToBool
bool CastToBool(const valtype &vch)
Definition: interpreter.cpp:37
CheckSignatureEncoding
bool CheckSignatureEncoding(const std::vector< unsigned char > &vchSig, unsigned int flags, ScriptError *serror)
Definition: interpreter.cpp:190
SignatureHash
uint256 SignatureHash(const CScript &scriptCode, const CTransaction &txTo, unsigned int nIn, int nHashType, const CAmount &amount, SigVersion sigversion, const PrecomputedTransactionData *cache)
Definition: interpreter.cpp:1180
valtype
std::vector< unsigned char > valtype
Definition: interpreter.cpp:17
stacktop
#define stacktop(i)
Script is a stack machine (like Forth) that evaluates a predicate returning a bool indicating valid o...
Definition: interpreter.cpp:56
altstacktop
#define altstacktop(i)
Definition: interpreter.cpp:57
SCRIPT_VERIFY_NULLDUMMY
@ SCRIPT_VERIFY_NULLDUMMY
Definition: interpreter.h:51
SCRIPT_VERIFY_P2SH
@ SCRIPT_VERIFY_P2SH
Definition: interpreter.h:36
SCRIPT_VERIFY_SIGPUSHONLY
@ SCRIPT_VERIFY_SIGPUSHONLY
Definition: interpreter.h:54
SCRIPT_VERIFY_LOW_S
@ SCRIPT_VERIFY_LOW_S
Definition: interpreter.h:48
SCRIPT_VERIFY_CHECKLOCKTIMEVERIFY
@ SCRIPT_VERIFY_CHECKLOCKTIMEVERIFY
Definition: interpreter.h:83
SCRIPT_VERIFY_STRICTENC
@ SCRIPT_VERIFY_STRICTENC
Definition: interpreter.h:41
SCRIPT_VERIFY_DERSIG
@ SCRIPT_VERIFY_DERSIG
Definition: interpreter.h:44
SCRIPT_VERIFY_CLEANSTACK
@ SCRIPT_VERIFY_CLEANSTACK
Definition: interpreter.h:78
SCRIPT_VERIFY_MINIMALDATA
@ SCRIPT_VERIFY_MINIMALDATA
Definition: interpreter.h:61
SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_NOPS
@ SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_NOPS
Definition: interpreter.h:71
SCRIPT_VERIFY_EXCHANGEADDR
@ SCRIPT_VERIFY_EXCHANGEADDR
Definition: interpreter.h:87
NOT_AN_INPUT
const unsigned int NOT_AN_INPUT
Special case nIn for signing Sapling txs.
Definition: interpreter.h:19
SIGHASH_ANYONECANPAY
@ SIGHASH_ANYONECANPAY
Definition: interpreter.h:27
SIGHASH_NONE
@ SIGHASH_NONE
Definition: interpreter.h:25
SIGHASH_SINGLE
@ SIGHASH_SINGLE
Definition: interpreter.h:26
S
#define S(x0, x1, x2, x3, cb, r)
Definition: jh.c:494
flags
int flags
Definition: pivx-tx.cpp:400
opcodetype
opcodetype
Script opcodes.
Definition: script.h:50
OP_NUMNOTEQUAL
@ OP_NUMNOTEQUAL
Definition: script.h:149
OP_2
@ OP_2
Definition: script.h:61
OP_SHA256
@ OP_SHA256
Definition: script.h:162
OP_PUSHDATA4
@ OP_PUSHDATA4
Definition: script.h:56
OP_NOP5
@ OP_NOP5
Definition: script.h:177
OP_RIGHT
@ OP_RIGHT
Definition: script.h:114
OP_BOOLAND
@ OP_BOOLAND
Definition: script.h:145
OP_CHECKMULTISIG
@ OP_CHECKMULTISIG
Definition: script.h:168
OP_NEGATE
@ OP_NEGATE
Definition: script.h:132
OP_IF
@ OP_IF
Definition: script.h:80
OP_13
@ OP_13
Definition: script.h:72
OP_ROT
@ OP_ROT
Definition: script.h:106
OP_SWAP
@ OP_SWAP
Definition: script.h:107
OP_1NEGATE
@ OP_1NEGATE
Definition: script.h:57
OP_CHECKSIG
@ OP_CHECKSIG
Definition: script.h:166
OP_CHECKLOCKTIMEVERIFY
@ OP_CHECKLOCKTIMEVERIFY
Definition: script.h:174
OP_LESSTHAN
@ OP_LESSTHAN
Definition: script.h:150
OP_16
@ OP_16
Definition: script.h:75
OP_LEFT
@ OP_LEFT
Definition: script.h:113
OP_14
@ OP_14
Definition: script.h:73
OP_NOP10
@ OP_NOP10
Definition: script.h:182
OP_2DIV
@ OP_2DIV
Definition: script.h:131
OP_NOT
@ OP_NOT
Definition: script.h:134
OP_EQUAL
@ OP_EQUAL
Definition: script.h:122
OP_NUMEQUAL
@ OP_NUMEQUAL
Definition: script.h:147
OP_MOD
@ OP_MOD
Definition: script.h:141
OP_NOTIF
@ OP_NOTIF
Definition: script.h:81
OP_4
@ OP_4
Definition: script.h:63
OP_10
@ OP_10
Definition: script.h:69
OP_SIZE
@ OP_SIZE
Definition: script.h:115
OP_3DUP
@ OP_3DUP
Definition: script.h:94
OP_ENDIF
@ OP_ENDIF
Definition: script.h:85
OP_NOP1
@ OP_NOP1
Definition: script.h:172
OP_DUP
@ OP_DUP
Definition: script.h:101
OP_GREATERTHAN
@ OP_GREATERTHAN
Definition: script.h:151
OP_NOP
@ OP_NOP
Definition: script.h:78
OP_CHECKCOLDSTAKEVERIFY
@ OP_CHECKCOLDSTAKEVERIFY
Definition: script.h:191
OP_TOALTSTACK
@ OP_TOALTSTACK
Definition: script.h:90
OP_CODESEPARATOR
@ OP_CODESEPARATOR
Definition: script.h:165
OP_RIPEMD160
@ OP_RIPEMD160
Definition: script.h:160
OP_MIN
@ OP_MIN
Definition: script.h:154
OP_HASH256
@ OP_HASH256
Definition: script.h:164
OP_MAX
@ OP_MAX
Definition: script.h:155
OP_1SUB
@ OP_1SUB
Definition: script.h:129
OP_FROMALTSTACK
@ OP_FROMALTSTACK
Definition: script.h:91
OP_SUB
@ OP_SUB
Definition: script.h:138
OP_NUMEQUALVERIFY
@ OP_NUMEQUALVERIFY
Definition: script.h:148
OP_OVER
@ OP_OVER
Definition: script.h:103
OP_NOP8
@ OP_NOP8
Definition: script.h:180
OP_DIV
@ OP_DIV
Definition: script.h:140
OP_HASH160
@ OP_HASH160
Definition: script.h:163
OP_2DUP
@ OP_2DUP
Definition: script.h:93
OP_NIP
@ OP_NIP
Definition: script.h:102
OP_2MUL
@ OP_2MUL
Definition: script.h:130
OP_NOP4
@ OP_NOP4
Definition: script.h:176
OP_NOP3
@ OP_NOP3
Definition: script.h:175
OP_1
@ OP_1
Definition: script.h:59
OP_LESSTHANOREQUAL
@ OP_LESSTHANOREQUAL
Definition: script.h:152
OP_2DROP
@ OP_2DROP
Definition: script.h:92
OP_DEPTH
@ OP_DEPTH
Definition: script.h:99
OP_NOP9
@ OP_NOP9
Definition: script.h:181
OP_VERIFY
@ OP_VERIFY
Definition: script.h:86
OP_12
@ OP_12
Definition: script.h:71
OP_ADD
@ OP_ADD
Definition: script.h:137
OP_CHECKCOLDSTAKEVERIFY_LOF
@ OP_CHECKCOLDSTAKEVERIFY_LOF
Definition: script.h:190
OP_CHECKMULTISIGVERIFY
@ OP_CHECKMULTISIGVERIFY
Definition: script.h:169
OP_NOP7
@ OP_NOP7
Definition: script.h:179
OP_8
@ OP_8
Definition: script.h:67
OP_BOOLOR
@ OP_BOOLOR
Definition: script.h:146
OP_XOR
@ OP_XOR
Definition: script.h:121
OP_DROP
@ OP_DROP
Definition: script.h:100
OP_MUL
@ OP_MUL
Definition: script.h:139
OP_WITHIN
@ OP_WITHIN
Definition: script.h:157
OP_ELSE
@ OP_ELSE
Definition: script.h:84
OP_15
@ OP_15
Definition: script.h:74
OP_CHECKSIGVERIFY
@ OP_CHECKSIGVERIFY
Definition: script.h:167
OP_PUSHDATA1
@ OP_PUSHDATA1
Definition: script.h:54
OP_TUCK
@ OP_TUCK
Definition: script.h:108
OP_2OVER
@ OP_2OVER
Definition: script.h:95
OP_0NOTEQUAL
@ OP_0NOTEQUAL
Definition: script.h:135
OP_9
@ OP_9
Definition: script.h:68
OP_3
@ OP_3
Definition: script.h:62
OP_11
@ OP_11
Definition: script.h:70
OP_SHA1
@ OP_SHA1
Definition: script.h:161
OP_SUBSTR
@ OP_SUBSTR
Definition: script.h:112
OP_GREATERTHANOREQUAL
@ OP_GREATERTHANOREQUAL
Definition: script.h:153
OP_RSHIFT
@ OP_RSHIFT
Definition: script.h:143
OP_2SWAP
@ OP_2SWAP
Definition: script.h:97
OP_PUSHDATA2
@ OP_PUSHDATA2
Definition: script.h:55
OP_2ROT
@ OP_2ROT
Definition: script.h:96
OP_6
@ OP_6
Definition: script.h:65
OP_INVERT
@ OP_INVERT
Definition: script.h:118
OP_0
@ OP_0
Definition: script.h:52
OP_ABS
@ OP_ABS
Definition: script.h:133
OP_LSHIFT
@ OP_LSHIFT
Definition: script.h:142
OP_RETURN
@ OP_RETURN
Definition: script.h:87
OP_EXCHANGEADDR
@ OP_EXCHANGEADDR
Definition: script.h:194
OP_IFDUP
@ OP_IFDUP
Definition: script.h:98
OP_PICK
@ OP_PICK
Definition: script.h:104
OP_AND
@ OP_AND
Definition: script.h:119
OP_EQUALVERIFY
@ OP_EQUALVERIFY
Definition: script.h:123
OP_CAT
@ OP_CAT
Definition: script.h:111
OP_1ADD
@ OP_1ADD
Definition: script.h:128
OP_7
@ OP_7
Definition: script.h:66
OP_OR
@ OP_OR
Definition: script.h:120
OP_ROLL
@ OP_ROLL
Definition: script.h:105
OP_NOP6
@ OP_NOP6
Definition: script.h:178
OP_5
@ OP_5
Definition: script.h:64
ScriptError
enum ScriptError_t ScriptError
SCRIPT_ERR_SIG_PUSHONLY
@ SCRIPT_ERR_SIG_PUSHONLY
Definition: script_error.h:49
SCRIPT_ERR_OP_COUNT
@ SCRIPT_ERR_OP_COUNT
Definition: script_error.h:20
SCRIPT_ERR_EVAL_FALSE
@ SCRIPT_ERR_EVAL_FALSE
Definition: script_error.h:14
SCRIPT_ERR_NUMEQUALVERIFY
@ SCRIPT_ERR_NUMEQUALVERIFY
Definition: script_error.h:32
SCRIPT_ERR_VERIFY
@ SCRIPT_ERR_VERIFY
Definition: script_error.h:26
SCRIPT_ERR_DISABLED_OPCODE
@ SCRIPT_ERR_DISABLED_OPCODE
Definition: script_error.h:36
SCRIPT_ERR_INVALID_ALTSTACK_OPERATION
@ SCRIPT_ERR_INVALID_ALTSTACK_OPERATION
Definition: script_error.h:38
SCRIPT_ERR_SCRIPT_SIZE
@ SCRIPT_ERR_SCRIPT_SIZE
Definition: script_error.h:18
SCRIPT_ERR_EXCHANGEADDRVERIFY
@ SCRIPT_ERR_EXCHANGEADDRVERIFY
Definition: script_error.h:28
SCRIPT_ERR_UNKNOWN_ERROR
@ SCRIPT_ERR_UNKNOWN_ERROR
Definition: script_error.h:13
SCRIPT_ERR_SIG_HASHTYPE
@ SCRIPT_ERR_SIG_HASHTYPE
Definition: script_error.h:46
SCRIPT_ERR_MINIMALDATA
@ SCRIPT_ERR_MINIMALDATA
Definition: script_error.h:48
SCRIPT_ERR_CHECKCOLDSTAKEVERIFY
@ SCRIPT_ERR_CHECKCOLDSTAKEVERIFY
Definition: script_error.h:29
SCRIPT_ERR_CHECKSIGVERIFY
@ SCRIPT_ERR_CHECKSIGVERIFY
Definition: script_error.h:31
SCRIPT_ERR_STACK_SIZE
@ SCRIPT_ERR_STACK_SIZE
Definition: script_error.h:21
SCRIPT_ERR_DISCOURAGE_UPGRADABLE_NOPS
@ SCRIPT_ERR_DISCOURAGE_UPGRADABLE_NOPS
Definition: script_error.h:56
SCRIPT_ERR_EQUALVERIFY
@ SCRIPT_ERR_EQUALVERIFY
Definition: script_error.h:27
SCRIPT_ERR_INVALID_STACK_OPERATION
@ SCRIPT_ERR_INVALID_STACK_OPERATION
Definition: script_error.h:37
SCRIPT_ERR_SIG_COUNT
@ SCRIPT_ERR_SIG_COUNT
Definition: script_error.h:22
SCRIPT_ERR_SIG_HIGH_S
@ SCRIPT_ERR_SIG_HIGH_S
Definition: script_error.h:50
SCRIPT_ERR_SIG_DER
@ SCRIPT_ERR_SIG_DER
Definition: script_error.h:47
SCRIPT_ERR_NEGATIVE_LOCKTIME
@ SCRIPT_ERR_NEGATIVE_LOCKTIME
Definition: script_error.h:42
SCRIPT_ERR_OP_RETURN
@ SCRIPT_ERR_OP_RETURN
Definition: script_error.h:15
SCRIPT_ERR_PUSH_SIZE
@ SCRIPT_ERR_PUSH_SIZE
Definition: script_error.h:19
SCRIPT_ERR_OK
@ SCRIPT_ERR_OK
Definition: script_error.h:12
SCRIPT_ERR_SIG_NULLDUMMY
@ SCRIPT_ERR_SIG_NULLDUMMY
Definition: script_error.h:51
SCRIPT_ERR_PUBKEYTYPE
@ SCRIPT_ERR_PUBKEYTYPE
Definition: script_error.h:52
SCRIPT_ERR_CHECKMULTISIGVERIFY
@ SCRIPT_ERR_CHECKMULTISIGVERIFY
Definition: script_error.h:30
SCRIPT_ERR_UNSATISFIED_LOCKTIME
@ SCRIPT_ERR_UNSATISFIED_LOCKTIME
Definition: script_error.h:43
SCRIPT_ERR_BAD_OPCODE
@ SCRIPT_ERR_BAD_OPCODE
Definition: script_error.h:35
SCRIPT_ERR_PUBKEY_COUNT
@ SCRIPT_ERR_PUBKEY_COUNT
Definition: script_error.h:23
SCRIPT_ERR_CLEANSTACK
@ SCRIPT_ERR_CLEANSTACK
Definition: script_error.h:53
SCRIPT_ERR_UNBALANCED_CONDITIONAL
@ SCRIPT_ERR_UNBALANCED_CONDITIONAL
Definition: script_error.h:39
SER_GETHASH
@ SER_GETHASH
Definition: serialize.h:176
Serialize
void Serialize(Stream &s, char a)
Definition: serialize.h:237
WriteCompactSize
void WriteCompactSize(CSizeComputer &os, uint64_t nSize)
Definition: serialize.h:1435
PrecomputedTransactionData::PrecomputedTransactionData
PrecomputedTransactionData(const CTransaction &tx)
Definition: interpreter.cpp:1169
SigVersion
SigVersion
Definition: transaction.h:26
SIGVERSION_SAPLING
@ SIGVERSION_SAPLING
Definition: transaction.h:28
UINT256_ONE
const uint256 UINT256_ONE
Definition: uint256.h:176
Generated on Wed Apr 2 2025 00:40:34 for PIVX Core by doxygen 1.9.1