From 50c0b61a9d562240d5fe4bd79324b0c0e79caa5c Mon Sep 17 00:00:00 2001 From: dergoegge Date: Tue, 6 Feb 2024 17:07:48 +0000 Subject: [validation] Merkle root malleation should be caught by IsBlockMutated Github-Pull: #29412 Rebased-From: 2d8495e0800f5332748cd50eaad801ff77671bba --- src/test/validation_tests.cpp | 5 +++++ src/validation.cpp | 13 ++++++++++++- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/src/test/validation_tests.cpp b/src/test/validation_tests.cpp index 14440571eb..cb7d1a312f 100644 --- a/src/test/validation_tests.cpp +++ b/src/test/validation_tests.cpp @@ -4,12 +4,17 @@ #include #include +#include +#include +#include #include #include #include #include #include +#include + #include #include diff --git a/src/validation.cpp b/src/validation.cpp index 1ad4ebcdaa..a2128b231e 100644 --- a/src/validation.cpp +++ b/src/validation.cpp @@ -3815,7 +3815,18 @@ bool IsBlockMutated(const CBlock& block, bool check_witness_root) } if (block.vtx.empty() || !block.vtx[0]->IsCoinBase()) { - return false; + // Consider the block mutated if any transaction is 64 bytes in size (see 3.1 + // in "Weaknesses in Bitcoin’s Merkle Root Construction": + // https://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20190225/a27d8837/attachment-0001.pdf). + // + // Note: This is not a consensus change as this only applies to blocks that + // don't have a coinbase transaction and would therefore already be invalid. + return std::any_of(block.vtx.begin(), block.vtx.end(), + [](auto& tx) { return ::GetSerializeSize(tx, PROTOCOL_VERSION | SERIALIZE_TRANSACTION_NO_WITNESS) == 64; }); + } else { + // Theoretically it is still possible for a block with a 64 byte + // coinbase transaction to be mutated but we neglect that possibility + // here as it requires at least 224 bits of work. } if (!CheckWitnessMalleation(block, check_witness_root, state)) { -- cgit v1.2.3