Fix RandomX validation exploit: verify nSolution contains valid RandomX hash

- Add CheckRandomXSolution() to validate RandomX PoW in nSolution field
- Add ASSETCHAINS_RANDOMX_VALIDATION activation height per chain
  (DRAGONX: 2838976, TUMIN: 1200, others: height 1)
- Add CRandomXInput serializer for deterministic RandomX hash input
- Fix CheckProofOfWork() to properly reject invalid PoW (was missing
  SMART_CHAIN_SYMBOL check, allowing bypass)
- Call CheckRandomXSolution() in hush_checkPOW and CheckBlockHeader

Without this fix, attackers could submit blocks with invalid RandomX
hashes that passed validation, as CheckProofOfWork returned early
during block loading and the nSolution field was never verified.

src/pow.cpp

@@ -28,6 +28,8 @@
 #include "uint256.h"
 #include "util.h"
 #include "sodium.h"
+#include "RandomX/src/randomx.h"
+#include <mutex>
 
 #ifdef ENABLE_RUST
 #include "librustzcash.h"
@@ -683,6 +685,137 @@ bool CheckEquihashSolution(const CBlockHeader *pblock, const CChainParams& param
     return true;
 }
 
+// Static objects for CheckRandomXSolution
+static std::mutex cs_randomx_validator;
+static randomx_cache *s_rxCache = nullptr;
+static randomx_vm *s_rxVM = nullptr;
+static std::string s_rxCurrentKey; // tracks current key to avoid re-init
+
+// Thread-local flag: skip CheckRandomXSolution when the miner is validating its own block
+// The miner already computed the correct RandomX hash — re-verifying with a separate
+// cache+VM would allocate ~256MB extra memory and can trigger the OOM killer.
+thread_local bool fSkipRandomXValidation = false;
+
+void SetSkipRandomXValidation(bool skip) { fSkipRandomXValidation = skip; }
+
+CBlockIndex *hush_chainactive(int32_t height);
+
+bool CheckRandomXSolution(const CBlockHeader *pblock, int32_t height)
+{
+    // Only applies to RandomX chains
+    if (ASSETCHAINS_ALGO != ASSETCHAINS_RANDOMX)
+        return true;
+
+    // Disabled if activation height is negative
+    if (ASSETCHAINS_RANDOMX_VALIDATION < 0)
+        return true;
+
+    // Not yet at activation height
+    if (height < ASSETCHAINS_RANDOMX_VALIDATION)
+        return true;
+
+    // Do not affect initial block loading
+    extern int32_t HUSH_LOADINGBLOCKS;
+    if (HUSH_LOADINGBLOCKS != 0)
+        return true;
+
+    // Skip when miner is validating its own block via TestBlockValidity
+    if (fSkipRandomXValidation)
+        return true;
+
+    // nSolution must be exactly RANDOMX_HASH_SIZE (32) bytes
+    if (pblock->nSolution.size() != RANDOMX_HASH_SIZE) {
+        return error("CheckRandomXSolution(): nSolution size %u != expected %d at height %d",
+                     pblock->nSolution.size(), RANDOMX_HASH_SIZE, height);
+    }
+
+    static int randomxInterval = GetRandomXInterval();
+    static int randomxBlockLag = GetRandomXBlockLag();
+
+    // Determine the correct RandomX key for this height
+    char initialKey[82];
+    snprintf(initialKey, 81, "%08x%s%08x", ASSETCHAINS_MAGIC, SMART_CHAIN_SYMBOL, ASSETCHAINS_RPCPORT);
+
+    std::string rxKey;
+    if (height < randomxInterval + randomxBlockLag) {
+        // Use initial key derived from chain params
+        rxKey = std::string(initialKey, strlen(initialKey));
+    } else {
+        // Use block hash at the key height
+        int keyHeight = ((height - randomxBlockLag) / randomxInterval) * randomxInterval;
+        CBlockIndex *pKeyIndex = hush_chainactive(keyHeight);
+        if (pKeyIndex == nullptr) {
+            return error("CheckRandomXSolution(): cannot get block index at key height %d for block %d", keyHeight, height);
+        }
+        uint256 blockKey = pKeyIndex->GetBlockHash();
+        rxKey = std::string((const char*)&blockKey, sizeof(blockKey));
+    }
+
+    // Serialize the block header without nSolution (but with nNonce) as RandomX input
+    CRandomXInput rxInput(*pblock);
+    CDataStream ss(SER_NETWORK, PROTOCOL_VERSION);
+    ss << rxInput;
+
+    char computedHash[RANDOMX_HASH_SIZE];
+
+    {
+        std::lock_guard<std::mutex> lock(cs_randomx_validator);
+
+        // Initialize cache + VM if needed, or re-init if key changed
+        if (s_rxCache == nullptr) {
+            randomx_flags flags = randomx_get_flags();
+            s_rxCache = randomx_alloc_cache(flags);
+            if (s_rxCache == nullptr) {
+                return error("CheckRandomXSolution(): failed to allocate RandomX cache");
+            }
+            randomx_init_cache(s_rxCache, rxKey.data(), rxKey.size());
+            s_rxCurrentKey = rxKey;
+            s_rxVM = randomx_create_vm(flags, s_rxCache, nullptr);
+            if (s_rxVM == nullptr) {
+                randomx_release_cache(s_rxCache);
+                s_rxCache = nullptr;
+                return error("CheckRandomXSolution(): failed to create RandomX VM");
+            }
+        } else if (s_rxCurrentKey != rxKey) {
+            randomx_init_cache(s_rxCache, rxKey.data(), rxKey.size());
+            s_rxCurrentKey = rxKey;
+            randomx_vm_set_cache(s_rxVM, s_rxCache);
+        }
+
+        randomx_calculate_hash(s_rxVM, &ss[0], ss.size(), computedHash);
+    }
+
+    // Compare computed hash against nSolution
+    if (memcmp(computedHash, pblock->nSolution.data(), RANDOMX_HASH_SIZE) != 0) {
+        // Debug: dump both hashes for diagnosis
+        std::string computedHex, solutionHex;
+        for (int i = 0; i < RANDOMX_HASH_SIZE; i++) {
+            char buf[4];
+            snprintf(buf, sizeof(buf), "%02x", (uint8_t)computedHash[i]);
+            computedHex += buf;
+            snprintf(buf, sizeof(buf), "%02x", pblock->nSolution[i]);
+            solutionHex += buf;
+        }
+        fprintf(stderr, "CheckRandomXSolution(): HASH MISMATCH at height %d\n", height);
+        fprintf(stderr, "  computed : %s\n", computedHex.c_str());
+        fprintf(stderr, "  nSolution: %s\n", solutionHex.c_str());
+        fprintf(stderr, "  rxKey size=%lu, input size=%lu, nNonce=%s\n",
+                rxKey.size(), ss.size(), pblock->nNonce.ToString().c_str());
+        fprintf(stderr, "  nSolution.size()=%lu, RANDOMX_HASH_SIZE=%d\n",
+                pblock->nSolution.size(), RANDOMX_HASH_SIZE);
+        // Also log to debug.log
+        LogPrintf("CheckRandomXSolution(): HASH MISMATCH at height %d\n", height);
+        LogPrintf("  computed : %s\n", computedHex);
+        LogPrintf("  nSolution: %s\n", solutionHex);
+        LogPrintf("  rxKey size=%lu, input size=%lu, nNonce=%s\n",
+                  rxKey.size(), ss.size(), pblock->nNonce.ToString());
+        return false;
+    }
+
+    LogPrint("randomx", "CheckRandomXSolution(): valid at height %d\n", height);
+    return true;
+}
+
 int32_t hush_chosennotary(int32_t *notaryidp,int32_t height,uint8_t *pubkey33,uint32_t timestamp);
 int32_t hush_currentheight();
 void hush_index2pubkey33(uint8_t *pubkey33,CBlockIndex *pindex,int32_t height);
@@ -729,6 +862,8 @@ bool CheckProofOfWork(const CBlockHeader &blkHeader, uint8_t *pubkey33, int32_t
         if ( HUSH_LOADINGBLOCKS != 0 )
             return true;
 
+        if ( SMART_CHAIN_SYMBOL[0] != 0 || height > 792000 )
+        {
             if ( Params().NetworkIDString() != "regtest" )
             {
                 for (i=31; i>=0; i--)
@@ -745,6 +880,7 @@ bool CheckProofOfWork(const CBlockHeader &blkHeader, uint8_t *pubkey33, int32_t
                 fprintf(stderr," <- origpubkey\n");
             }
             return false;
+        }
     }
     /*for (i=31; i>=0; i--)
      fprintf(stderr,"%02x",((uint8_t *)&hash)[i]);