aboutsummaryrefslogtreecommitdiff
path: root/src/validation.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/validation.cpp')
-rw-r--r--src/validation.cpp35
1 files changed, 26 insertions, 9 deletions
diff --git a/src/validation.cpp b/src/validation.cpp
index 3faa1bf005..69aa018730 100644
--- a/src/validation.cpp
+++ b/src/validation.cpp
@@ -78,6 +78,7 @@ uint64_t nPruneTarget = 0;
int64_t nMaxTipAge = DEFAULT_MAX_TIP_AGE;
bool fEnableReplacement = DEFAULT_ENABLE_REPLACEMENT;
+uint256 hashAssumeValid;
CFeeRate minRelayTxFee = CFeeRate(DEFAULT_MIN_RELAY_TX_FEE);
CAmount maxTxFee = DEFAULT_TRANSACTION_MAXFEE;
@@ -1389,11 +1390,10 @@ bool CheckInputs(const CTransaction& tx, CValidationState &state, const CCoinsVi
// Only if ALL inputs pass do we perform expensive ECDSA signature checks.
// Helps prevent CPU exhaustion attacks.
- // Skip ECDSA signature verification when connecting blocks before the
- // last block chain checkpoint. Assuming the checkpoints are valid this
+ // Skip script verification when connecting blocks under the
+ // assumedvalid block. Assuming the assumedvalid block is valid this
// is safe because block merkle hashes are still computed and checked,
- // and any change will be caught at the next checkpoint. Of course, if
- // the checkpoint is for a chain that's invalid due to false scriptSigs
+ // Of course, if an assumed valid block is invalid due to false scriptSigs
// this optimization would allow an invalid chain to be accepted.
if (fScriptChecks) {
for (unsigned int i = 0; i < tx.vin.size(); i++) {
@@ -1721,11 +1721,28 @@ bool ConnectBlock(const CBlock& block, CValidationState& state, CBlockIndex* pin
}
bool fScriptChecks = true;
- if (fCheckpointsEnabled) {
- CBlockIndex *pindexLastCheckpoint = Checkpoints::GetLastCheckpoint(chainparams.Checkpoints());
- if (pindexLastCheckpoint && pindexLastCheckpoint->GetAncestor(pindex->nHeight) == pindex) {
- // This block is an ancestor of a checkpoint: disable script checks
- fScriptChecks = false;
+ if (!hashAssumeValid.IsNull()) {
+ // We've been configured with the hash of a block which has been externally verified to have a valid history.
+ // A suitable default value is included with the software and updated from time to time. Because validity
+ // relative to a piece of software is an objective fact these defaults can be easily reviewed.
+ // This setting doesn't force the selection of any particular chain but makes validating some faster by
+ // effectively caching the result of part of the verification.
+ BlockMap::const_iterator it = mapBlockIndex.find(hashAssumeValid);
+ if (it != mapBlockIndex.end()) {
+ if (it->second->GetAncestor(pindex->nHeight) == pindex &&
+ pindexBestHeader->GetAncestor(pindex->nHeight) == pindex &&
+ pindexBestHeader->nChainWork >= UintToArith256(chainparams.GetConsensus().nMinimumChainWork)) {
+ // This block is a member of the assumed verified chain and an ancestor of the best header.
+ // The equivalent time check discourages hashpower from extorting the network via DOS attack
+ // into accepting an invalid block through telling users they must manually set assumevalid.
+ // Requiring a software change or burying the invalid block, regardless of the setting, makes
+ // it hard to hide the implication of the demand. This also avoids having release candidates
+ // that are hardly doing any signature verification at all in testing without having to
+ // artificially set the default assumed verified block further back.
+ // The test against nMinimumChainWork prevents the skipping when denied access to any chain at
+ // least as good as the expected chain.
+ fScriptChecks = (GetBlockProofEquivalentTime(*pindexBestHeader, *pindex, *pindexBestHeader, chainparams.GetConsensus()) <= 60 * 60 * 24 * 7 * 2);
+ }
}
}