txvalidationcache_tests.cpp
1 // Copyright (c) 2011-2022 The Bitcoin Core developers 2 // Distributed under the MIT software license, see the accompanying 3 // file COPYING or http://www.opensource.org/licenses/mit-license.php. 4 5 #include <consensus/validation.h> 6 #include <key.h> 7 #include <random.h> 8 #include <script/sign.h> 9 #include <script/signingprovider.h> 10 #include <test/util/setup_common.h> 11 #include <txmempool.h> 12 #include <util/chaintype.h> 13 #include <validation.h> 14 15 #include <boost/test/unit_test.hpp> 16 17 struct Dersig100Setup : public TestChain100Setup { 18 Dersig100Setup() 19 : TestChain100Setup{ChainType::REGTEST, {"-testactivationheight=dersig@102"}} {} 20 }; 21 22 bool CheckInputScripts(const CTransaction& tx, TxValidationState& state, 23 const CCoinsViewCache& inputs, unsigned int flags, bool cacheSigStore, 24 bool cacheFullScriptStore, PrecomputedTransactionData& txdata, 25 std::vector<CScriptCheck>* pvChecks) EXCLUSIVE_LOCKS_REQUIRED(cs_main); 26 27 BOOST_AUTO_TEST_SUITE(txvalidationcache_tests) 28 29 BOOST_FIXTURE_TEST_CASE(tx_mempool_block_doublespend, Dersig100Setup) 30 { 31 // Make sure skipping validation of transactions that were 32 // validated going into the memory pool does not allow 33 // double-spends in blocks to pass validation when they should not. 34 35 CScript scriptPubKey = CScript() << ToByteVector(coinbaseKey.GetPubKey()) << OP_CHECKSIG; 36 37 const auto ToMemPool = [this](const CMutableTransaction& tx) { 38 LOCK(cs_main); 39 40 const MempoolAcceptResult result = m_node.chainman->ProcessTransaction(MakeTransactionRef(tx)); 41 return result.m_result_type == MempoolAcceptResult::ResultType::VALID; 42 }; 43 44 // Create a double-spend of mature coinbase txn: 45 std::vector<CMutableTransaction> spends; 46 spends.resize(2); 47 for (int i = 0; i < 2; i++) 48 { 49 spends[i].nVersion = 1; 50 spends[i].vin.resize(1); 51 spends[i].vin[0].prevout.hash = m_coinbase_txns[0]->GetHash(); 52 spends[i].vin[0].prevout.n = 0; 53 spends[i].vout.resize(1); 54 spends[i].vout[0].nValue = 11*CENT; 55 spends[i].vout[0].scriptPubKey = scriptPubKey; 56 57 // Sign: 58 std::vector<unsigned char> vchSig; 59 uint256 hash = SignatureHash(scriptPubKey, spends[i], 0, SIGHASH_ALL, 0, SigVersion::BASE); 60 BOOST_CHECK(coinbaseKey.Sign(hash, vchSig)); 61 vchSig.push_back((unsigned char)SIGHASH_ALL); 62 spends[i].vin[0].scriptSig << vchSig; 63 } 64 65 CBlock block; 66 67 // Test 1: block with both of those transactions should be rejected. 68 block = CreateAndProcessBlock(spends, scriptPubKey); 69 { 70 LOCK(cs_main); 71 BOOST_CHECK(m_node.chainman->ActiveChain().Tip()->GetBlockHash() != block.GetHash()); 72 } 73 74 // Test 2: ... and should be rejected if spend1 is in the memory pool 75 BOOST_CHECK(ToMemPool(spends[0])); 76 block = CreateAndProcessBlock(spends, scriptPubKey); 77 { 78 LOCK(cs_main); 79 BOOST_CHECK(m_node.chainman->ActiveChain().Tip()->GetBlockHash() != block.GetHash()); 80 } 81 BOOST_CHECK_EQUAL(m_node.mempool->size(), 1U); 82 WITH_LOCK(m_node.mempool->cs, m_node.mempool->removeRecursive(CTransaction{spends[0]}, MemPoolRemovalReason::CONFLICT)); 83 BOOST_CHECK_EQUAL(m_node.mempool->size(), 0U); 84 85 // Test 3: ... and should be rejected if spend2 is in the memory pool 86 BOOST_CHECK(ToMemPool(spends[1])); 87 block = CreateAndProcessBlock(spends, scriptPubKey); 88 { 89 LOCK(cs_main); 90 BOOST_CHECK(m_node.chainman->ActiveChain().Tip()->GetBlockHash() != block.GetHash()); 91 } 92 BOOST_CHECK_EQUAL(m_node.mempool->size(), 1U); 93 WITH_LOCK(m_node.mempool->cs, m_node.mempool->removeRecursive(CTransaction{spends[1]}, MemPoolRemovalReason::CONFLICT)); 94 BOOST_CHECK_EQUAL(m_node.mempool->size(), 0U); 95 96 // Final sanity test: first spend in *m_node.mempool, second in block, that's OK: 97 std::vector<CMutableTransaction> oneSpend; 98 oneSpend.push_back(spends[0]); 99 BOOST_CHECK(ToMemPool(spends[1])); 100 block = CreateAndProcessBlock(oneSpend, scriptPubKey); 101 { 102 LOCK(cs_main); 103 BOOST_CHECK(m_node.chainman->ActiveChain().Tip()->GetBlockHash() == block.GetHash()); 104 } 105 // spends[1] should have been removed from the mempool when the 106 // block with spends[0] is accepted: 107 BOOST_CHECK_EQUAL(m_node.mempool->size(), 0U); 108 } 109 110 // Run CheckInputScripts (using CoinsTip()) on the given transaction, for all script 111 // flags. Test that CheckInputScripts passes for all flags that don't overlap with 112 // the failing_flags argument, but otherwise fails. 113 // CHECKLOCKTIMEVERIFY and CHECKSEQUENCEVERIFY (and future NOP codes that may 114 // get reassigned) have an interaction with DISCOURAGE_UPGRADABLE_NOPS: if 115 // the script flags used contain DISCOURAGE_UPGRADABLE_NOPS but don't contain 116 // CHECKLOCKTIMEVERIFY (or CHECKSEQUENCEVERIFY), but the script does contain 117 // OP_CHECKLOCKTIMEVERIFY (or OP_CHECKSEQUENCEVERIFY), then script execution 118 // should fail. 119 // Capture this interaction with the upgraded_nop argument: set it when evaluating 120 // any script flag that is implemented as an upgraded NOP code. 121 static void ValidateCheckInputsForAllFlags(const CTransaction &tx, uint32_t failing_flags, bool add_to_cache, CCoinsViewCache& active_coins_tip) EXCLUSIVE_LOCKS_REQUIRED(::cs_main) 122 { 123 PrecomputedTransactionData txdata; 124 125 FastRandomContext insecure_rand(true); 126 127 for (int count = 0; count < 10000; ++count) { 128 TxValidationState state; 129 130 // Randomly selects flag combinations 131 uint32_t test_flags = (uint32_t) insecure_rand.randrange((SCRIPT_VERIFY_END_MARKER - 1) << 1); 132 133 // Filter out incompatible flag choices 134 if ((test_flags & SCRIPT_VERIFY_CLEANSTACK)) { 135 // CLEANSTACK requires P2SH and WITNESS, see VerifyScript() in 136 // script/interpreter.cpp 137 test_flags |= SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS; 138 } 139 if ((test_flags & SCRIPT_VERIFY_WITNESS)) { 140 // WITNESS requires P2SH 141 test_flags |= SCRIPT_VERIFY_P2SH; 142 } 143 bool ret = CheckInputScripts(tx, state, &active_coins_tip, test_flags, true, add_to_cache, txdata, nullptr); 144 // CheckInputScripts should succeed iff test_flags doesn't intersect with 145 // failing_flags 146 bool expected_return_value = !(test_flags & failing_flags); 147 BOOST_CHECK_EQUAL(ret, expected_return_value); 148 149 // Test the caching 150 if (ret && add_to_cache) { 151 // Check that we get a cache hit if the tx was valid 152 std::vector<CScriptCheck> scriptchecks; 153 BOOST_CHECK(CheckInputScripts(tx, state, &active_coins_tip, test_flags, true, add_to_cache, txdata, &scriptchecks)); 154 BOOST_CHECK(scriptchecks.empty()); 155 } else { 156 // Check that we get script executions to check, if the transaction 157 // was invalid, or we didn't add to cache. 158 std::vector<CScriptCheck> scriptchecks; 159 BOOST_CHECK(CheckInputScripts(tx, state, &active_coins_tip, test_flags, true, add_to_cache, txdata, &scriptchecks)); 160 BOOST_CHECK_EQUAL(scriptchecks.size(), tx.vin.size()); 161 } 162 } 163 } 164 165 BOOST_FIXTURE_TEST_CASE(checkinputs_test, Dersig100Setup) 166 { 167 // Test that passing CheckInputScripts with one set of script flags doesn't imply 168 // that we would pass again with a different set of flags. 169 CScript p2pk_scriptPubKey = CScript() << ToByteVector(coinbaseKey.GetPubKey()) << OP_CHECKSIG; 170 CScript p2sh_scriptPubKey = GetScriptForDestination(ScriptHash(p2pk_scriptPubKey)); 171 CScript p2pkh_scriptPubKey = GetScriptForDestination(PKHash(coinbaseKey.GetPubKey())); 172 CScript p2wpkh_scriptPubKey = GetScriptForDestination(WitnessV0KeyHash(coinbaseKey.GetPubKey())); 173 174 FillableSigningProvider keystore; 175 BOOST_CHECK(keystore.AddKey(coinbaseKey)); 176 BOOST_CHECK(keystore.AddCScript(p2pk_scriptPubKey)); 177 178 // flags to test: SCRIPT_VERIFY_CHECKLOCKTIMEVERIFY, SCRIPT_VERIFY_CHECKSEQUENCE_VERIFY, SCRIPT_VERIFY_NULLDUMMY, uncompressed pubkey thing 179 180 // Create 2 outputs that match the three scripts above, spending the first 181 // coinbase tx. 182 CMutableTransaction spend_tx; 183 184 spend_tx.nVersion = 1; 185 spend_tx.vin.resize(1); 186 spend_tx.vin[0].prevout.hash = m_coinbase_txns[0]->GetHash(); 187 spend_tx.vin[0].prevout.n = 0; 188 spend_tx.vout.resize(4); 189 spend_tx.vout[0].nValue = 11*CENT; 190 spend_tx.vout[0].scriptPubKey = p2sh_scriptPubKey; 191 spend_tx.vout[1].nValue = 11*CENT; 192 spend_tx.vout[1].scriptPubKey = p2wpkh_scriptPubKey; 193 spend_tx.vout[2].nValue = 11*CENT; 194 spend_tx.vout[2].scriptPubKey = CScript() << OP_CHECKLOCKTIMEVERIFY << OP_DROP << ToByteVector(coinbaseKey.GetPubKey()) << OP_CHECKSIG; 195 spend_tx.vout[3].nValue = 11*CENT; 196 spend_tx.vout[3].scriptPubKey = CScript() << OP_CHECKSEQUENCEVERIFY << OP_DROP << ToByteVector(coinbaseKey.GetPubKey()) << OP_CHECKSIG; 197 198 // Sign, with a non-DER signature 199 { 200 std::vector<unsigned char> vchSig; 201 uint256 hash = SignatureHash(p2pk_scriptPubKey, spend_tx, 0, SIGHASH_ALL, 0, SigVersion::BASE); 202 BOOST_CHECK(coinbaseKey.Sign(hash, vchSig)); 203 vchSig.push_back((unsigned char) 0); // padding byte makes this non-DER 204 vchSig.push_back((unsigned char)SIGHASH_ALL); 205 spend_tx.vin[0].scriptSig << vchSig; 206 } 207 208 // Test that invalidity under a set of flags doesn't preclude validity 209 // under other (eg consensus) flags. 210 // spend_tx is invalid according to DERSIG 211 { 212 LOCK(cs_main); 213 214 TxValidationState state; 215 PrecomputedTransactionData ptd_spend_tx; 216 217 BOOST_CHECK(!CheckInputScripts(CTransaction(spend_tx), state, &m_node.chainman->ActiveChainstate().CoinsTip(), SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_DERSIG, true, true, ptd_spend_tx, nullptr)); 218 219 // If we call again asking for scriptchecks (as happens in 220 // ConnectBlock), we should add a script check object for this -- we're 221 // not caching invalidity (if that changes, delete this test case). 222 std::vector<CScriptCheck> scriptchecks; 223 BOOST_CHECK(CheckInputScripts(CTransaction(spend_tx), state, &m_node.chainman->ActiveChainstate().CoinsTip(), SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_DERSIG, true, true, ptd_spend_tx, &scriptchecks)); 224 BOOST_CHECK_EQUAL(scriptchecks.size(), 1U); 225 226 // Test that CheckInputScripts returns true iff DERSIG-enforcing flags are 227 // not present. Don't add these checks to the cache, so that we can 228 // test later that block validation works fine in the absence of cached 229 // successes. 230 ValidateCheckInputsForAllFlags(CTransaction(spend_tx), SCRIPT_VERIFY_DERSIG | SCRIPT_VERIFY_LOW_S | SCRIPT_VERIFY_STRICTENC, false, m_node.chainman->ActiveChainstate().CoinsTip()); 231 } 232 233 // And if we produce a block with this tx, it should be valid (DERSIG not 234 // enabled yet), even though there's no cache entry. 235 CBlock block; 236 237 block = CreateAndProcessBlock({spend_tx}, p2pk_scriptPubKey); 238 LOCK(cs_main); 239 BOOST_CHECK(m_node.chainman->ActiveChain().Tip()->GetBlockHash() == block.GetHash()); 240 BOOST_CHECK(m_node.chainman->ActiveChainstate().CoinsTip().GetBestBlock() == block.GetHash()); 241 242 // Test P2SH: construct a transaction that is valid without P2SH, and 243 // then test validity with P2SH. 244 { 245 CMutableTransaction invalid_under_p2sh_tx; 246 invalid_under_p2sh_tx.nVersion = 1; 247 invalid_under_p2sh_tx.vin.resize(1); 248 invalid_under_p2sh_tx.vin[0].prevout.hash = spend_tx.GetHash(); 249 invalid_under_p2sh_tx.vin[0].prevout.n = 0; 250 invalid_under_p2sh_tx.vout.resize(1); 251 invalid_under_p2sh_tx.vout[0].nValue = 11*CENT; 252 invalid_under_p2sh_tx.vout[0].scriptPubKey = p2pk_scriptPubKey; 253 std::vector<unsigned char> vchSig2(p2pk_scriptPubKey.begin(), p2pk_scriptPubKey.end()); 254 invalid_under_p2sh_tx.vin[0].scriptSig << vchSig2; 255 256 ValidateCheckInputsForAllFlags(CTransaction(invalid_under_p2sh_tx), SCRIPT_VERIFY_P2SH, true, m_node.chainman->ActiveChainstate().CoinsTip()); 257 } 258 259 // Test CHECKLOCKTIMEVERIFY 260 { 261 CMutableTransaction invalid_with_cltv_tx; 262 invalid_with_cltv_tx.nVersion = 1; 263 invalid_with_cltv_tx.nLockTime = 100; 264 invalid_with_cltv_tx.vin.resize(1); 265 invalid_with_cltv_tx.vin[0].prevout.hash = spend_tx.GetHash(); 266 invalid_with_cltv_tx.vin[0].prevout.n = 2; 267 invalid_with_cltv_tx.vin[0].nSequence = 0; 268 invalid_with_cltv_tx.vout.resize(1); 269 invalid_with_cltv_tx.vout[0].nValue = 11*CENT; 270 invalid_with_cltv_tx.vout[0].scriptPubKey = p2pk_scriptPubKey; 271 272 // Sign 273 std::vector<unsigned char> vchSig; 274 uint256 hash = SignatureHash(spend_tx.vout[2].scriptPubKey, invalid_with_cltv_tx, 0, SIGHASH_ALL, 0, SigVersion::BASE); 275 BOOST_CHECK(coinbaseKey.Sign(hash, vchSig)); 276 vchSig.push_back((unsigned char)SIGHASH_ALL); 277 invalid_with_cltv_tx.vin[0].scriptSig = CScript() << vchSig << 101; 278 279 ValidateCheckInputsForAllFlags(CTransaction(invalid_with_cltv_tx), SCRIPT_VERIFY_CHECKLOCKTIMEVERIFY, true, m_node.chainman->ActiveChainstate().CoinsTip()); 280 281 // Make it valid, and check again 282 invalid_with_cltv_tx.vin[0].scriptSig = CScript() << vchSig << 100; 283 TxValidationState state; 284 PrecomputedTransactionData txdata; 285 BOOST_CHECK(CheckInputScripts(CTransaction(invalid_with_cltv_tx), state, m_node.chainman->ActiveChainstate().CoinsTip(), SCRIPT_VERIFY_CHECKLOCKTIMEVERIFY, true, true, txdata, nullptr)); 286 } 287 288 // TEST CHECKSEQUENCEVERIFY 289 { 290 CMutableTransaction invalid_with_csv_tx; 291 invalid_with_csv_tx.nVersion = 2; 292 invalid_with_csv_tx.vin.resize(1); 293 invalid_with_csv_tx.vin[0].prevout.hash = spend_tx.GetHash(); 294 invalid_with_csv_tx.vin[0].prevout.n = 3; 295 invalid_with_csv_tx.vin[0].nSequence = 100; 296 invalid_with_csv_tx.vout.resize(1); 297 invalid_with_csv_tx.vout[0].nValue = 11*CENT; 298 invalid_with_csv_tx.vout[0].scriptPubKey = p2pk_scriptPubKey; 299 300 // Sign 301 std::vector<unsigned char> vchSig; 302 uint256 hash = SignatureHash(spend_tx.vout[3].scriptPubKey, invalid_with_csv_tx, 0, SIGHASH_ALL, 0, SigVersion::BASE); 303 BOOST_CHECK(coinbaseKey.Sign(hash, vchSig)); 304 vchSig.push_back((unsigned char)SIGHASH_ALL); 305 invalid_with_csv_tx.vin[0].scriptSig = CScript() << vchSig << 101; 306 307 ValidateCheckInputsForAllFlags(CTransaction(invalid_with_csv_tx), SCRIPT_VERIFY_CHECKSEQUENCEVERIFY, true, m_node.chainman->ActiveChainstate().CoinsTip()); 308 309 // Make it valid, and check again 310 invalid_with_csv_tx.vin[0].scriptSig = CScript() << vchSig << 100; 311 TxValidationState state; 312 PrecomputedTransactionData txdata; 313 BOOST_CHECK(CheckInputScripts(CTransaction(invalid_with_csv_tx), state, &m_node.chainman->ActiveChainstate().CoinsTip(), SCRIPT_VERIFY_CHECKSEQUENCEVERIFY, true, true, txdata, nullptr)); 314 } 315 316 // TODO: add tests for remaining script flags 317 318 // Test that passing CheckInputScripts with a valid witness doesn't imply success 319 // for the same tx with a different witness. 320 { 321 CMutableTransaction valid_with_witness_tx; 322 valid_with_witness_tx.nVersion = 1; 323 valid_with_witness_tx.vin.resize(1); 324 valid_with_witness_tx.vin[0].prevout.hash = spend_tx.GetHash(); 325 valid_with_witness_tx.vin[0].prevout.n = 1; 326 valid_with_witness_tx.vout.resize(1); 327 valid_with_witness_tx.vout[0].nValue = 11*CENT; 328 valid_with_witness_tx.vout[0].scriptPubKey = p2pk_scriptPubKey; 329 330 // Sign 331 SignatureData sigdata; 332 BOOST_CHECK(ProduceSignature(keystore, MutableTransactionSignatureCreator(valid_with_witness_tx, 0, 11 * CENT, SIGHASH_ALL), spend_tx.vout[1].scriptPubKey, sigdata)); 333 UpdateInput(valid_with_witness_tx.vin[0], sigdata); 334 335 // This should be valid under all script flags. 336 ValidateCheckInputsForAllFlags(CTransaction(valid_with_witness_tx), 0, true, m_node.chainman->ActiveChainstate().CoinsTip()); 337 338 // Remove the witness, and check that it is now invalid. 339 valid_with_witness_tx.vin[0].scriptWitness.SetNull(); 340 ValidateCheckInputsForAllFlags(CTransaction(valid_with_witness_tx), SCRIPT_VERIFY_WITNESS, true, m_node.chainman->ActiveChainstate().CoinsTip()); 341 } 342 343 { 344 // Test a transaction with multiple inputs. 345 CMutableTransaction tx; 346 347 tx.nVersion = 1; 348 tx.vin.resize(2); 349 tx.vin[0].prevout.hash = spend_tx.GetHash(); 350 tx.vin[0].prevout.n = 0; 351 tx.vin[1].prevout.hash = spend_tx.GetHash(); 352 tx.vin[1].prevout.n = 1; 353 tx.vout.resize(1); 354 tx.vout[0].nValue = 22*CENT; 355 tx.vout[0].scriptPubKey = p2pk_scriptPubKey; 356 357 // Sign 358 for (int i = 0; i < 2; ++i) { 359 SignatureData sigdata; 360 BOOST_CHECK(ProduceSignature(keystore, MutableTransactionSignatureCreator(tx, i, 11 * CENT, SIGHASH_ALL), spend_tx.vout[i].scriptPubKey, sigdata)); 361 UpdateInput(tx.vin[i], sigdata); 362 } 363 364 // This should be valid under all script flags 365 ValidateCheckInputsForAllFlags(CTransaction(tx), 0, true, m_node.chainman->ActiveChainstate().CoinsTip()); 366 367 // Check that if the second input is invalid, but the first input is 368 // valid, the transaction is not cached. 369 // Invalidate vin[1] 370 tx.vin[1].scriptWitness.SetNull(); 371 372 TxValidationState state; 373 PrecomputedTransactionData txdata; 374 // This transaction is now invalid under segwit, because of the second input. 375 BOOST_CHECK(!CheckInputScripts(CTransaction(tx), state, &m_node.chainman->ActiveChainstate().CoinsTip(), SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS, true, true, txdata, nullptr)); 376 377 std::vector<CScriptCheck> scriptchecks; 378 // Make sure this transaction was not cached (ie because the first 379 // input was valid) 380 BOOST_CHECK(CheckInputScripts(CTransaction(tx), state, &m_node.chainman->ActiveChainstate().CoinsTip(), SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS, true, true, txdata, &scriptchecks)); 381 // Should get 2 script checks back -- caching is on a whole-transaction basis. 382 BOOST_CHECK_EQUAL(scriptchecks.size(), 2U); 383 } 384 } 385 386 BOOST_AUTO_TEST_SUITE_END()