Discourage NOPs reserved for soft-fork upgrades

NOP1 to NOP10 are reserved for future soft-fork upgrades. In the event of an upgrade such NOPs have *VERIFY behavior, meaning that if their arguments are not correct the script fails. Discouraging these NOPs by rejecting transactions containing them from the mempool ensures that we'll never accept transactions, nor mine blocks, with scripts that are now invalid according to the majority of hashing power even if we're not yet upgraded. Previously this wasn't an issue as the IsStandard() rules didn't allow upgradable NOPs anyway, but 7f3b4e95 relaxed the IsStandard() rules for P2SH redemptions allowing any redeemScript to be spent. We *do* allow upgradable NOPs in scripts so long as they are not executed. This is harmless as there is no opportunity for the script to be invalid post-upgrade.
2014-09-28 21:17:36 -04:00
parent 8adf457047
commit 03914234b3
8 changed files with 49 additions and 3 deletions
--- a/src/script/interpreter.cpp
+++ b/src/script/interpreter.cpp
@@ -329,8 +329,14 @@ bool EvalScript(vector<vector<unsigned char> >& stack, const CScript& script, un
                // Control
                //
                case OP_NOP:
+                break;
+
                case OP_NOP1: case OP_NOP2: case OP_NOP3: case OP_NOP4: case OP_NOP5:
                case OP_NOP6: case OP_NOP7: case OP_NOP8: case OP_NOP9: case OP_NOP10:
+                {
+                    if (flags & SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_NOPS)
+                        return set_error(serror, SCRIPT_ERR_DISCOURAGE_UPGRADABLE_NOPS);
+                }
                break;

                case OP_IF: