Page MenuHomePhabricator

add input sigchecks limit to STANDARD_SCRIPT_VERIFY_FLAGS (but not mempool flags)
ClosedPublic

Authored by markblundeberg on Jan 18 2020, 12:15.

Details

Summary

In anticipation of activation of SCRIPT_VERIFY_INPUT_SIGCHECKS as
a standardness rule, this adds it to STANDARD_SCRIPT_VERIFY_FLAGS,
but removes it from mempool admission.

The reason is that STANDARD_SCRIPT_VERIFY_FLAGS gets used in many
places throughout the codebase, not just in mempool admission.
Notably, it is used in transaction signing code in several places,
to check "this script is complete and ready to broadcast".
Basically all those places expected STANDARD_SCRIPT_VERIFY_FLAGS
to mean "the most strict set of flags I may need to satisfy".

Since SCRIPT_VERIFY_INPUT_SIGCHECKS is a restricting flag, adding
it to STANDARD_SCRIPT_VERIFY_FLAGS already now is important to
demonstrate that we won't get signing-related surprises like we
would if we were to add it later.

As can be seen, this modifies wallet behaviour for signing bare
multisigs such as 1-of-4, 1-of-5, 1-of-6, etc. which result in
transaction inputs with very dense SigChecks (when signed with ECDSA).
Note that basically nobody uses these extreme cases since they are
nonstandard to fund; I found only 3 such spends ever in the
blockchain, from a long time ago.

Depends on D5015 and D5017

Test Plan

ninja check-all

Diff Detail

Repository
rABC Bitcoin ABC
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

This revision is now accepted and ready to land.Jan 19 2020, 14:02