Merge pull request #76 from IamLupo/master

rubber-duckie-au · web-flow · commit a5d95e6d1862 · 2021-09-11T13:26:56.000+10:00
fix: signature checking that caused exploit.
diff --git a/src/ctransaction.cpp b/src/ctransaction.cpp
@@ -19,6 +19,7 @@
 #include "util.h"
 #include "cautofile.h"
 #include "cdatastream.h"
+#include "checkpoints.h"
 
 #include "ctransaction.h"
 
@@ -494,7 +495,7 @@ bool CTransaction::ConnectInputs(CTxDB& txdb, MapPrevTx inputs, std::map<uint256
                 // Skip ECDSA signature verification when connecting blocks (fBlock=true)
                 // before the last blockchain checkpoint. This is safe because block merkle hashes are
                 // still computed and checked, and any change will be caught at the next checkpoint.
-                if (!(fBlock && !IsInitialBlockDownload()))
+                if (!(fBlock && (nBestHeight < Checkpoints::GetTotalBlocksEstimate())))
                 {
                     // Verify signature
                     if (!VerifySignature(txPrev, *this, i, flags, 0))
diff --git a/src/script.cpp b/src/script.cpp
@@ -3843,6 +3843,13 @@ bool SignSignature(const CKeyStore &keystore, const CTransaction& txFrom, CTrans
 
 bool VerifySignature(const CTransaction& txFrom, const CTransaction& txTo, unsigned int nIn, unsigned int flags, int nHashType)
 {
+	std::string _txFrom, _txTo;
+	
+	_txFrom = txFrom.GetHash().ToString();
+	_txTo = txTo.GetHash().ToString();
+	
+	LogPrintf("VerifySignature from %s to %s\n", _txFrom.c_str(), _txTo.c_str());
+	
     assert(nIn < txTo.vin.size());
 	
     const CTxIn& txin = txTo.vin[nIn];
@@ -3859,6 +3866,29 @@ bool VerifySignature(const CTransaction& txFrom, const CTransaction& txTo, unsig
         return false;
 	}
 	
+	/*
+		Exploit happpend on 31st Aug 2021 17:17:26
+		
+		Reference:
+			https://xdn-explorer.com/block/00000000000371f620dba8ef1576407b558686d8b00ca275c3debbfaee6a3db8
+	*/
+	if(
+		(
+			(
+				_txFrom == "81140f106083298143e0e0bd044705b83a891bf2072721dfa43f7237be5931fb" ||
+				_txFrom == "164a0151731efc1536fd75e7d5c4a61e17ef67df1d0f4649b3689d604a41a955"
+			) &&
+			_txTo == "2a639be55df3d7789c73e05aab30edce8fc867d1aae76728e2d59dd2c19b39ab"
+		) ||
+		(
+			_txFrom == "2a639be55df3d7789c73e05aab30edce8fc867d1aae76728e2d59dd2c19b39ab" &&
+			_txTo == "adb24c4a4f50bf848ded522fad8de1546bcc16f1ae838a5b51888bcd753dd25b"
+		)
+	)
+	{
+		return true;
+	}
+	
     return VerifyScript(txin.scriptSig, txout.scriptPubKey, txTo, nIn, flags, nHashType);
 }
 
