policy: Make spending non-std-to-create bare multisigs non-std

instagibbs · Jun 3, 2024 · a17359e · a17359e
1 parent f7a6d34
commit a17359e
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 2 deletions.
diff --git a/src/policy/policy.cpp b/src/policy/policy.cpp
@@ -202,6 +202,14 @@ bool AreInputsStandard(const CTransaction& tx, const CCoinsViewCache& mapInputs)
             if (subscript.GetSigOpCount(true) > MAX_P2SH_SIGOPS) {
                 return false;
             }
+        } else if (whichType == TxoutType::MULTISIG) {
+            unsigned char m = vSolutions.front()[0];
+            unsigned char n = vSolutions.back()[0];
+            // Support up to x-of-3 multisig txns as standard
+            if (n < 1 || n > 3)
+                return false;
+            if (m < 1 || m > n)
+                return false;
         }
     }
 

diff --git a/test/functional/mempool_accept.py b/test/functional/mempool_accept.py
@@ -388,9 +388,29 @@ def run_test(self):
             maxfeerate=0,
         )
 
-        self.log.info('Spending a confirmed bare multisig is okay')
+
+        self.log.info('Spending a confirmed bare multisig with more than 3 keys is not allowed')
         address = self.wallet.get_address()
-        tx = tx_from_hex(raw_tx_reference)
+        tx = self.wallet.create_self_transfer(sequence=SEQUENCE_FINAL)['tx']
+        privkey, pubkey = generate_keypair()
+        tx.vout[0].scriptPubKey = keys_to_multisig_script([pubkey] * 4, k=1)  # Some bare multisig script (1-of-4)
+        tx.rehash()
+        self.generateblock(node, address, [tx.serialize().hex()])
+        tx_spend = CTransaction()
+        tx_spend.vin.append(CTxIn(COutPoint(tx.sha256, 0), b""))
+        tx_spend.vout.append(CTxOut(tx.vout[0].nValue - int(fee*COIN), script_to_p2wsh_script(CScript([OP_TRUE]))))
+        tx_spend.rehash()
+        sign_input_legacy(tx_spend, 0, tx.vout[0].scriptPubKey, privkey, sighash_type=SIGHASH_ALL)
+        tx_spend.vin[0].scriptSig = bytes(CScript([OP_0])) + tx_spend.vin[0].scriptSig
+        self.check_mempool_result(
+            result_expected=[{'txid': tx_spend.rehash(), 'allowed': False, 'reject-reason': 'bad-txns-nonstandard-inputs'}],
+            rawtxs=[tx_spend.serialize().hex()],
+            maxfeerate=0,
+        )
+
+        self.log.info('Spending a confirmed bare x-of-3 multisig is okay')
+        address = self.wallet.get_address()
+        tx = self.wallet.create_self_transfer(sequence=SEQUENCE_FINAL)['tx']
         privkey, pubkey = generate_keypair()
         tx.vout[0].scriptPubKey = keys_to_multisig_script([pubkey] * 3, k=1)  # Some bare multisig script (1-of-3)
         tx.rehash()