Merge #8526: Make non-minimal OP_IF/NOTIF argument non-standard for P2WSH

c72c5b1 Make non-minimal OP_IF/NOTIF argument non-standard for P2WSH (Johnson Lau)

4 files changed, 14 insertions, 1 deletions

diff --git a/src/script/interpreter.cpp b/src/script/interpreter.cpp
index 47ea261e31..fd356fed0a 100644
--- a/src/script/interpreter.cpp
+++ b/src/script/interpreter.cpp
@@ -428,6 +428,12 @@ bool EvalScript(vector<vector<unsigned char> >& stack, const CScript& script, un
                         if (stack.size() < 1)
                             return set_error(serror, SCRIPT_ERR_UNBALANCED_CONDITIONAL);
                         valtype& vch = stacktop(-1);
+                        if (sigversion == SIGVERSION_WITNESS_V0 && (flags & SCRIPT_VERIFY_MINIMALIF)) {
+                            if (vch.size() > 1)
+                                return set_error(serror, SCRIPT_ERR_MINIMALIF);
+                            if (vch.size() == 1 && vch[0] != 1)
+                                return set_error(serror, SCRIPT_ERR_MINIMALIF);
+                        }
                         fValue = CastToBool(vch);
                         if (opcode == OP_NOTIF)
                             fValue = !fValue;
diff --git a/src/script/interpreter.h b/src/script/interpreter.h
index e5d7865cd3..2ce4b23e54 100644
--- a/src/script/interpreter.h
+++ b/src/script/interpreter.h
@@ -94,6 +94,10 @@ enum
     // Making v1-v16 witness program non-standard
     //
     SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM = (1U << 12),
+
+    // Segwit script only: Require the argument of OP_IF/NOTIF to be exactly 0x01 or empty vector
+    //
+    SCRIPT_VERIFY_MINIMALIF = (1U << 13),
 };
 
 bool CheckSignatureEncoding(const std::vector<unsigned char> &vchSig, unsigned int flags, ScriptError* serror);
diff --git a/src/script/script_error.cpp b/src/script/script_error.cpp
index cef807edcf..9969c232fc 100644
--- a/src/script/script_error.cpp
+++ b/src/script/script_error.cpp
@@ -63,6 +63,8 @@ const char* ScriptErrorString(const ScriptError serror)
             return "Non-canonical signature: S value is unnecessarily high";
         case SCRIPT_ERR_SIG_NULLDUMMY:
             return "Dummy CHECKMULTISIG argument must be zero";
+        case SCRIPT_ERR_MINIMALIF:
+            return "OP_IF/NOTIF argument must be minimal";
         case SCRIPT_ERR_DISCOURAGE_UPGRADABLE_NOPS:
             return "NOPx reserved for soft-fork upgrades";
         case SCRIPT_ERR_DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM:
diff --git a/src/script/script_error.h b/src/script/script_error.h
index 09dc6945ad..6d34d37925 100644
--- a/src/script/script_error.h
+++ b/src/script/script_error.h
@@ -39,7 +39,7 @@ typedef enum ScriptError_t
     SCRIPT_ERR_NEGATIVE_LOCKTIME,
     SCRIPT_ERR_UNSATISFIED_LOCKTIME,
 
-    /* BIP62 */
+    /* Malleability */
     SCRIPT_ERR_SIG_HASHTYPE,
     SCRIPT_ERR_SIG_DER,
     SCRIPT_ERR_MINIMALDATA,
@@ -48,6 +48,7 @@ typedef enum ScriptError_t
     SCRIPT_ERR_SIG_NULLDUMMY,
     SCRIPT_ERR_PUBKEYTYPE,
     SCRIPT_ERR_CLEANSTACK,
+    SCRIPT_ERR_MINIMALIF,
 
     /* softfork safeness */
     SCRIPT_ERR_DISCOURAGE_UPGRADABLE_NOPS,