diff --git a/src/consensus/consensus.h b/src/consensus/consensus.h index 1efaf99ea..c0a3138aa 100644 --- a/src/consensus/consensus.h +++ b/src/consensus/consensus.h @@ -23,7 +23,8 @@ static const unsigned int MAX_BLOCK_SIZE = 2000000; /** The maximum allowed number of signature check operations in a block (network rule) */ static const unsigned int MAX_BLOCK_SIGOPS = 20000; /** The maximum size of a transaction (network rule) */ -static const unsigned int MAX_TX_SIZE = 100000; +static const unsigned int MAX_TX_SIZE_BEFORE_SAPLING = 100000; +static const unsigned int MAX_TX_SIZE_AFTER_SAPLING = MAX_BLOCK_SIZE; /** Coinbase transaction outputs can only be spent after this number of new blocks (network rule) */ static const int COINBASE_MATURITY = 100; /** The minimum value which is invalid for expiry height, used by CTransaction and CMutableTransaction */ diff --git a/src/gtest/test_checktransaction.cpp b/src/gtest/test_checktransaction.cpp index d7527dbac..a0efee14e 100644 --- a/src/gtest/test_checktransaction.cpp +++ b/src/gtest/test_checktransaction.cpp @@ -43,6 +43,7 @@ public: MOCK_CONST_METHOD0(GetRejectReason, std::string()); }; +void CreateJoinSplitSignature(CMutableTransaction& mtx, uint32_t consensusBranchId); CMutableTransaction GetValidTransaction() { uint32_t consensusBranchId = SPROUT_BRANCH_ID; @@ -63,7 +64,11 @@ CMutableTransaction GetValidTransaction() { mtx.vjoinsplit[1].nullifiers.at(0) = uint256S("0000000000000000000000000000000000000000000000000000000000000002"); mtx.vjoinsplit[1].nullifiers.at(1) = uint256S("0000000000000000000000000000000000000000000000000000000000000003"); + CreateJoinSplitSignature(mtx, consensusBranchId); + return mtx; +} +void CreateJoinSplitSignature(CMutableTransaction& mtx, uint32_t consensusBranchId) { // Generate an ephemeral keypair. uint256 joinSplitPubKey; unsigned char joinSplitPrivKey[crypto_sign_SECRETKEYBYTES]; @@ -86,7 +91,6 @@ CMutableTransaction GetValidTransaction() { dataToBeSigned.begin(), 32, joinSplitPrivKey ) == 0); - return mtx; } TEST(checktransaction_tests, valid_transaction) { @@ -129,7 +133,8 @@ TEST(checktransaction_tests, bad_txns_vout_empty) { CheckTransactionWithoutProofVerification(tx, state); } -TEST(checktransaction_tests, bad_txns_oversize) { +TEST(checktransaction_tests, BadTxnsOversize) { + SelectParams(CBaseChainParams::REGTEST); CMutableTransaction mtx = GetValidTransaction(); mtx.vin[0].scriptSig = CScript(); @@ -153,10 +158,100 @@ TEST(checktransaction_tests, bad_txns_oversize) { CTransaction tx(mtx); ASSERT_EQ(::GetSerializeSize(tx, SER_NETWORK, PROTOCOL_VERSION), 100202); + // Passes non-contextual checks... + MockCValidationState state; + EXPECT_TRUE(CheckTransactionWithoutProofVerification(tx, state)); + + // ... but fails contextual ones! + EXPECT_CALL(state, DoS(100, false, REJECT_INVALID, "bad-txns-oversize", false)).Times(1); + EXPECT_FALSE(ContextualCheckTransaction(tx, state, 1, 100)); + } + + { + // But should be fine again once Sapling activates! + UpdateNetworkUpgradeParameters(Consensus::UPGRADE_OVERWINTER, Consensus::NetworkUpgrade::ALWAYS_ACTIVE); + UpdateNetworkUpgradeParameters(Consensus::UPGRADE_SAPLING, Consensus::NetworkUpgrade::ALWAYS_ACTIVE); + + mtx.fOverwintered = true; + mtx.nVersionGroupId = SAPLING_VERSION_GROUP_ID; + mtx.nVersion = SAPLING_TX_VERSION; + + // Change the proof types (which requires re-signing the JoinSplit data) + mtx.vjoinsplit[0].proof = libzcash::GrothProof(); + mtx.vjoinsplit[1].proof = libzcash::GrothProof(); + CreateJoinSplitSignature(mtx, NetworkUpgradeInfo[Consensus::UPGRADE_SAPLING].nBranchId); + + CTransaction tx(mtx); + EXPECT_EQ(::GetSerializeSize(tx, SER_NETWORK, PROTOCOL_VERSION), 103713); + + MockCValidationState state; + EXPECT_TRUE(CheckTransactionWithoutProofVerification(tx, state)); + EXPECT_TRUE(ContextualCheckTransaction(tx, state, 1, 100)); + + // Revert to default + UpdateNetworkUpgradeParameters(Consensus::UPGRADE_SAPLING, Consensus::NetworkUpgrade::NO_ACTIVATION_HEIGHT); + UpdateNetworkUpgradeParameters(Consensus::UPGRADE_OVERWINTER, Consensus::NetworkUpgrade::NO_ACTIVATION_HEIGHT); + } +} + +TEST(checktransaction_tests, OversizeSaplingTxns) { + SelectParams(CBaseChainParams::REGTEST); + UpdateNetworkUpgradeParameters(Consensus::UPGRADE_OVERWINTER, Consensus::NetworkUpgrade::ALWAYS_ACTIVE); + UpdateNetworkUpgradeParameters(Consensus::UPGRADE_SAPLING, Consensus::NetworkUpgrade::ALWAYS_ACTIVE); + + CMutableTransaction mtx = GetValidTransaction(); + mtx.fOverwintered = true; + mtx.nVersionGroupId = SAPLING_VERSION_GROUP_ID; + mtx.nVersion = SAPLING_TX_VERSION; + + // Change the proof types (which requires re-signing the JoinSplit data) + mtx.vjoinsplit[0].proof = libzcash::GrothProof(); + mtx.vjoinsplit[1].proof = libzcash::GrothProof(); + CreateJoinSplitSignature(mtx, NetworkUpgradeInfo[Consensus::UPGRADE_SAPLING].nBranchId); + + // Transaction just under the limit + mtx.vin[0].scriptSig = CScript(); + std::vector vchData(520); + for (unsigned int i = 0; i < 3809; ++i) + mtx.vin[0].scriptSig << vchData << OP_DROP; + std::vector vchDataRemainder(453); + mtx.vin[0].scriptSig << vchDataRemainder << OP_DROP; + mtx.vin[0].scriptSig << OP_1; + + { + CTransaction tx(mtx); + EXPECT_EQ(::GetSerializeSize(tx, SER_NETWORK, PROTOCOL_VERSION), MAX_TX_SIZE_AFTER_SAPLING - 1); + + CValidationState state; + EXPECT_TRUE(CheckTransactionWithoutProofVerification(tx, state)); + } + + // Transaction equal to the limit + mtx.vin[1].scriptSig << OP_1; + + { + CTransaction tx(mtx); + EXPECT_EQ(::GetSerializeSize(tx, SER_NETWORK, PROTOCOL_VERSION), MAX_TX_SIZE_AFTER_SAPLING); + + CValidationState state; + EXPECT_TRUE(CheckTransactionWithoutProofVerification(tx, state)); + } + + // Transaction just over the limit + mtx.vin[1].scriptSig << OP_1; + + { + CTransaction tx(mtx); + EXPECT_EQ(::GetSerializeSize(tx, SER_NETWORK, PROTOCOL_VERSION), MAX_TX_SIZE_AFTER_SAPLING + 1); + MockCValidationState state; EXPECT_CALL(state, DoS(100, false, REJECT_INVALID, "bad-txns-oversize", false)).Times(1); - CheckTransactionWithoutProofVerification(tx, state); + EXPECT_FALSE(CheckTransactionWithoutProofVerification(tx, state)); } + + // Revert to default + UpdateNetworkUpgradeParameters(Consensus::UPGRADE_SAPLING, Consensus::NetworkUpgrade::NO_ACTIVATION_HEIGHT); + UpdateNetworkUpgradeParameters(Consensus::UPGRADE_OVERWINTER, Consensus::NetworkUpgrade::NO_ACTIVATION_HEIGHT); } TEST(checktransaction_tests, bad_txns_vout_negative) { diff --git a/src/main.cpp b/src/main.cpp index 83a51ee59..bca80c31a 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -943,6 +943,15 @@ bool ContextualCheckTransaction(const CTransaction& tx, CValidationState &state, } } + // Rules that apply before Sapling: + if (!saplingActive) { + // Size limits + BOOST_STATIC_ASSERT(MAX_BLOCK_SIZE > MAX_TX_SIZE_BEFORE_SAPLING); // sanity + if (::GetSerializeSize(tx, SER_NETWORK, PROTOCOL_VERSION) > MAX_TX_SIZE_BEFORE_SAPLING) + return state.DoS(100, error("ContextualCheckTransaction(): size limits failed"), + REJECT_INVALID, "bad-txns-oversize"); + } + if (!(tx.IsCoinBase() || tx.vjoinsplit.empty())) { auto consensusBranchId = CurrentEpochBranchId(nHeight, Params().GetConsensus()); // Empty output script. @@ -1051,8 +1060,9 @@ bool CheckTransactionWithoutProofVerification(const CTransaction& tx, CValidatio REJECT_INVALID, "bad-txns-vout-empty"); // Size limits - BOOST_STATIC_ASSERT(MAX_BLOCK_SIZE > MAX_TX_SIZE); // sanity - if (::GetSerializeSize(tx, SER_NETWORK, PROTOCOL_VERSION) > MAX_TX_SIZE) + BOOST_STATIC_ASSERT(MAX_BLOCK_SIZE >= MAX_TX_SIZE_AFTER_SAPLING); // sanity + BOOST_STATIC_ASSERT(MAX_TX_SIZE_AFTER_SAPLING > MAX_TX_SIZE_BEFORE_SAPLING); // sanity + if (::GetSerializeSize(tx, SER_NETWORK, PROTOCOL_VERSION) > MAX_TX_SIZE_AFTER_SAPLING) return state.DoS(100, error("CheckTransaction(): size limits failed"), REJECT_INVALID, "bad-txns-oversize"); diff --git a/src/wallet/rpcwallet.cpp b/src/wallet/rpcwallet.cpp index 23bfea02c..9023b80f6 100644 --- a/src/wallet/rpcwallet.cpp +++ b/src/wallet/rpcwallet.cpp @@ -2723,7 +2723,7 @@ UniValue zc_benchmark(const UniValue& params, bool fHelp) sample_times.push_back(benchmark_verify_equihash()); } else if (benchmarktype == "validatelargetx") { // Number of inputs in the spending transaction that we will simulate - int nInputs = 555; + int nInputs = 11130; if (params.size() >= 3) { nInputs = params[2].get_int(); } @@ -3485,11 +3485,13 @@ UniValue z_getoperationstatus_IMPL(const UniValue& params, bool fRemoveFinishedO } +// JSDescription size depends on the transaction version +#define V3_JS_DESCRIPTION_SIZE (GetSerializeSize(JSDescription(), SER_NETWORK, (OVERWINTER_TX_VERSION | (1 << 31)))) // Here we define the maximum number of zaddr outputs that can be included in a transaction. // If input notes are small, we might actually require more than one joinsplit per zaddr output. // For now though, we assume we use one joinsplit per zaddr output (and the second output note is change). // We reduce the result by 1 to ensure there is room for non-joinsplit CTransaction data. -#define Z_SENDMANY_MAX_ZADDR_OUTPUTS ((MAX_TX_SIZE / GetSerializeSize(JSDescription(), SER_NETWORK, PROTOCOL_VERSION)) - 1) +#define Z_SENDMANY_MAX_ZADDR_OUTPUTS_BEFORE_SAPLING ((MAX_TX_SIZE_BEFORE_SAPLING / V3_JS_DESCRIPTION_SIZE) - 1) // transaction.h comment: spending taddr output requires CTxIn >= 148 bytes and typical taddr txout is 34 bytes #define CTXIN_SPEND_DUST_SIZE 148 @@ -3506,7 +3508,7 @@ UniValue z_sendmany(const UniValue& params, bool fHelp) "\nSend multiple times. Amounts are double-precision floating point numbers." "\nChange from a taddr flows to a new taddr address, while change from zaddr returns to itself." "\nWhen sending coinbase UTXOs to a zaddr, change is not allowed. The entire value of the UTXO(s) must be consumed." - + strprintf("\nCurrently, the maximum number of zaddr outputs is %d due to transaction size limits.\n", Z_SENDMANY_MAX_ZADDR_OUTPUTS) + + strprintf("\nBefore Sapling activates, the maximum number of zaddr outputs is %d due to transaction size limits.\n", Z_SENDMANY_MAX_ZADDR_OUTPUTS_BEFORE_SAPLING) + HelpRequiringPassphrase() + "\n" "\nArguments:\n" "1. \"fromaddress\" (string, required) The taddr or zaddr to send the funds from.\n" @@ -3620,17 +3622,34 @@ UniValue z_sendmany(const UniValue& params, bool fHelp) nTotalOut += nAmount; } - // Check the number of zaddr outputs does not exceed the limit. - if (zaddrRecipients.size() > Z_SENDMANY_MAX_ZADDR_OUTPUTS) { - throw JSONRPCError(RPC_INVALID_PARAMETER, "Invalid parameter, too many zaddr outputs"); + int nextBlockHeight = chainActive.Height() + 1; + CMutableTransaction mtx; + mtx.fOverwintered = true; + mtx.nVersionGroupId = SAPLING_VERSION_GROUP_ID; + mtx.nVersion = SAPLING_TX_VERSION; + unsigned int max_tx_size = MAX_TX_SIZE_AFTER_SAPLING; + if (!NetworkUpgradeActive(nextBlockHeight, Params().GetConsensus(), Consensus::UPGRADE_SAPLING)) { + if (NetworkUpgradeActive(nextBlockHeight, Params().GetConsensus(), Consensus::UPGRADE_OVERWINTER)) { + mtx.nVersionGroupId = OVERWINTER_VERSION_GROUP_ID; + mtx.nVersion = OVERWINTER_TX_VERSION; + } else { + mtx.fOverwintered = false; + mtx.nVersion = 2; + } + + max_tx_size = MAX_TX_SIZE_BEFORE_SAPLING; + + // Check the number of zaddr outputs does not exceed the limit. + if (zaddrRecipients.size() > Z_SENDMANY_MAX_ZADDR_OUTPUTS_BEFORE_SAPLING) { + throw JSONRPCError(RPC_INVALID_PARAMETER, "Invalid parameter, too many zaddr outputs"); + } } // As a sanity check, estimate and verify that the size of the transaction will be valid. // Depending on the input notes, the actual tx size may turn out to be larger and perhaps invalid. size_t txsize = 0; - CMutableTransaction mtx; - mtx.nVersion = 2; for (int i = 0; i < zaddrRecipients.size(); i++) { + // TODO Check whether the recipient is a Sprout or Sapling address mtx.vjoinsplit.push_back(JSDescription()); } CTransaction tx(mtx); @@ -3640,8 +3659,8 @@ UniValue z_sendmany(const UniValue& params, bool fHelp) txsize += CTXOUT_REGULAR_SIZE; // There will probably be taddr change } txsize += CTXOUT_REGULAR_SIZE * taddrRecipients.size(); - if (txsize > MAX_TX_SIZE) { - throw JSONRPCError(RPC_INVALID_PARAMETER, strprintf("Too many outputs, size of raw transaction would be larger than limit of %d bytes", MAX_TX_SIZE )); + if (txsize > max_tx_size) { + throw JSONRPCError(RPC_INVALID_PARAMETER, strprintf("Too many outputs, size of raw transaction would be larger than limit of %d bytes", max_tx_size )); } // Minimum confirmations @@ -3677,7 +3696,6 @@ UniValue z_sendmany(const UniValue& params, bool fHelp) UniValue contextInfo = o; // Contextual transaction we will build on - int nextBlockHeight = chainActive.Height() + 1; CMutableTransaction contextualTx = CreateNewContextualCMutableTransaction(Params().GetConsensus(), nextBlockHeight); bool isShielded = !fromTaddr || zaddrRecipients.size() > 0; if (contextualTx.nVersion == 1 && isShielded) { @@ -3725,7 +3743,7 @@ UniValue z_shieldcoinbase(const UniValue& params, bool fHelp) "\nby the caller. If the limit parameter is set to zero, and Overwinter is not yet active, the -mempooltxinputlimit" "\noption will determine the number of uxtos. Any limit is constrained by the consensus rule defining a maximum" "\ntransaction size of " - + strprintf("%d bytes.", MAX_TX_SIZE) + + strprintf("%d bytes before Sapling, and %d bytes once Sapling activates.", MAX_TX_SIZE_BEFORE_SAPLING, MAX_TX_SIZE_AFTER_SAPLING) + HelpRequiringPassphrase() + "\n" "\nArguments:\n" "1. \"fromaddress\" (string, required) The address is a taddr or \"*\" for all taddrs belonging to the wallet.\n" @@ -3789,6 +3807,10 @@ UniValue z_shieldcoinbase(const UniValue& params, bool fHelp) int nextBlockHeight = chainActive.Height() + 1; bool overwinterActive = NetworkUpgradeActive(nextBlockHeight, Params().GetConsensus(), Consensus::UPGRADE_OVERWINTER); + unsigned int max_tx_size = MAX_TX_SIZE_AFTER_SAPLING; + if (!NetworkUpgradeActive(nextBlockHeight, Params().GetConsensus(), Consensus::UPGRADE_SAPLING)) { + max_tx_size = MAX_TX_SIZE_BEFORE_SAPLING; + } // Prepare to get coinbase utxos std::vector inputs; @@ -3833,7 +3855,7 @@ UniValue z_shieldcoinbase(const UniValue& params, bool fHelp) if (!maxedOutFlag) { size_t increase = (boost::get(&address) != nullptr) ? CTXIN_SPEND_P2SH_SIZE : CTXIN_SPEND_DUST_SIZE; - if (estimatedTxSize + increase >= MAX_TX_SIZE || + if (estimatedTxSize + increase >= max_tx_size || (mempoolLimit > 0 && utxoCounter > mempoolLimit)) { maxedOutFlag = true; @@ -3928,7 +3950,7 @@ UniValue z_mergetoaddress(const UniValue& params, bool fHelp) "\n\nThe number of UTXOs and notes selected for merging can be limited by the caller. If the transparent limit" "\nparameter is set to zero, and Overwinter is not yet active, the -mempooltxinputlimit option will determine the" "\nnumber of UTXOs. Any limit is constrained by the consensus rule defining a maximum transaction size of " - + strprintf("%d bytes.", MAX_TX_SIZE) + + strprintf("%d bytes before Sapling, and %d bytes once Sapling activates.", MAX_TX_SIZE_BEFORE_SAPLING, MAX_TX_SIZE_AFTER_SAPLING) + HelpRequiringPassphrase() + "\n" "\nArguments:\n" "1. fromaddresses (string, required) A JSON array with addresses.\n" @@ -4081,6 +4103,10 @@ UniValue z_mergetoaddress(const UniValue& params, bool fHelp) int nextBlockHeight = chainActive.Height() + 1; bool overwinterActive = NetworkUpgradeActive(nextBlockHeight, Params().GetConsensus(), Consensus::UPGRADE_OVERWINTER); + unsigned int max_tx_size = MAX_TX_SIZE_AFTER_SAPLING; + if (!NetworkUpgradeActive(nextBlockHeight, Params().GetConsensus(), Consensus::UPGRADE_SAPLING)) { + max_tx_size = MAX_TX_SIZE_BEFORE_SAPLING; + } // Prepare to get UTXOs and notes std::vector utxoInputs; @@ -4125,7 +4151,7 @@ UniValue z_mergetoaddress(const UniValue& params, bool fHelp) if (!maxedOutUTXOsFlag) { size_t increase = (boost::get(&address) != nullptr) ? CTXIN_SPEND_P2SH_SIZE : CTXIN_SPEND_DUST_SIZE; - if (estimatedTxSize + increase >= MAX_TX_SIZE || + if (estimatedTxSize + increase >= max_tx_size || (mempoolLimit > 0 && utxoCounter > mempoolLimit)) { maxedOutUTXOsFlag = true; @@ -4157,7 +4183,7 @@ UniValue z_mergetoaddress(const UniValue& params, bool fHelp) // If we haven't added any notes yet and the merge is to a // z-address, we have already accounted for the first JoinSplit. size_t increase = (noteInputs.empty() && !isToZaddr) || (noteInputs.size() % 2 == 0) ? JOINSPLIT_SIZE : 0; - if (estimatedTxSize + increase >= MAX_TX_SIZE || + if (estimatedTxSize + increase >= max_tx_size || (nNoteLimit > 0 && noteCounter > nNoteLimit)) { maxedOutNotesFlag = true; diff --git a/src/wallet/wallet.cpp b/src/wallet/wallet.cpp index 3db3e26c3..5ab1103ff 100644 --- a/src/wallet/wallet.cpp +++ b/src/wallet/wallet.cpp @@ -2589,6 +2589,11 @@ bool CWallet::CreateTransaction(const vector& vecSend, CWalletTx& wt txNew.nExpiryHeight = nextBlockHeight + expiryDelta; } } + + unsigned int max_tx_size = MAX_TX_SIZE_AFTER_SAPLING; + if (!NetworkUpgradeActive(nextBlockHeight, Params().GetConsensus(), Consensus::UPGRADE_SAPLING)) { + max_tx_size = MAX_TX_SIZE_BEFORE_SAPLING; + } // Discourage fee sniping. // @@ -2828,7 +2833,7 @@ bool CWallet::CreateTransaction(const vector& vecSend, CWalletTx& wt *static_cast(&wtxNew) = CTransaction(txNew); // Limit size - if (nBytes >= MAX_TX_SIZE) + if (nBytes >= max_tx_size) { strFailReason = _("Transaction too large"); return false; diff --git a/src/zcbenchmarks.cpp b/src/zcbenchmarks.cpp index 1d4ad78c8..53d433c86 100644 --- a/src/zcbenchmarks.cpp +++ b/src/zcbenchmarks.cpp @@ -243,8 +243,8 @@ double benchmark_large_tx(size_t nInputs) CMutableTransaction spending_tx; spending_tx.fOverwintered = true; - spending_tx.nVersion = OVERWINTER_TX_VERSION; - spending_tx.nVersionGroupId = OVERWINTER_VERSION_GROUP_ID; + spending_tx.nVersionGroupId = SAPLING_VERSION_GROUP_ID; + spending_tx.nVersion = SAPLING_TX_VERSION; auto input_hash = orig_tx.GetHash(); // Add nInputs inputs @@ -253,7 +253,7 @@ double benchmark_large_tx(size_t nInputs) } // Sign for all the inputs - auto consensusBranchId = NetworkUpgradeInfo[Consensus::UPGRADE_OVERWINTER].nBranchId; + auto consensusBranchId = NetworkUpgradeInfo[Consensus::UPGRADE_SAPLING].nBranchId; for (size_t i = 0; i < nInputs; i++) { SignSignature(tempKeystore, prevPubKey, spending_tx, i, 1000000, SIGHASH_ALL, consensusBranchId); }