diff options
| author | Peter Todd <pete@petertodd.org> | 2014-09-28 21:17:36 -0400 |
|---|---|---|
| committer | Peter Todd <pete@petertodd.org> | 2014-11-17 22:22:33 -0500 |
| commit | 03914234b3c9c35d66b51d580fe727a0707394ca (patch) | |
| tree | 7b8bb1ddba7c75adefa5241bc97d3b5f0a5d2608 /src/script/interpreter.h | |
| parent | 8adf457047677df1d58da070bae5629526bb5b74 (diff) | |
| download | bitcoin-03914234b3c9c35d66b51d580fe727a0707394ca.tar.xz | |
Discourage NOPs reserved for soft-fork upgrades
NOP1 to NOP10 are reserved for future soft-fork upgrades. In the event
of an upgrade such NOPs have *VERIFY behavior, meaning that if their
arguments are not correct the script fails. Discouraging these NOPs by
rejecting transactions containing them from the mempool ensures that
we'll never accept transactions, nor mine blocks, with scripts that are
now invalid according to the majority of hashing power even if we're not
yet upgraded. Previously this wasn't an issue as the IsStandard() rules
didn't allow upgradable NOPs anyway, but 7f3b4e95 relaxed the
IsStandard() rules for P2SH redemptions allowing any redeemScript to be
spent.
We *do* allow upgradable NOPs in scripts so long as they are not
executed. This is harmless as there is no opportunity for the script to
be invalid post-upgrade.
Diffstat (limited to 'src/script/interpreter.h')
| -rw-r--r-- | src/script/interpreter.h | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/src/script/interpreter.h b/src/script/interpreter.h index 14cccc558f..12b2719414 100644 --- a/src/script/interpreter.h +++ b/src/script/interpreter.h @@ -57,7 +57,18 @@ enum // any other push causes the script to fail (BIP62 rule 3). // In addition, whenever a stack element is interpreted as a number, it must be of minimal length (BIP62 rule 4). // (softfork safe) - SCRIPT_VERIFY_MINIMALDATA = (1U << 6) + SCRIPT_VERIFY_MINIMALDATA = (1U << 6), + + // Discourage use of NOPs reserved for upgrades (NOP1-10) + // + // Provided so that nodes can avoid accepting or mining transactions + // containing executed NOP's whose meaning may change after a soft-fork, + // thus rendering the script invalid; with this flag set executing + // discouraged NOPs fails the script. This verification flag will never be + // a mandatory flag applied to scripts in a block. NOPs that are not + // executed, e.g. within an unexecuted IF ENDIF block, are *not* rejected. + SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_NOPS = (1U << 7) + }; uint256 SignatureHash(const CScript &scriptCode, const CTransaction& txTo, unsigned int nIn, int nHashType); |