From 526beb964f78628945d729bbb74cf6f5305661ea Mon Sep 17 00:00:00 2001
From: jl777 <jameslee777@yahoo.com>
Date: Wed, 13 Mar 2019 01:58:40 -1100
Subject: [PATCH] Stricter player data validation

---
 src/cc/rogue_rpc.cpp | 33 ++++++++++++++++++---------------
 1 file changed, 18 insertions(+), 15 deletions(-)

diff --git a/src/cc/rogue_rpc.cpp b/src/cc/rogue_rpc.cpp
index 3766ba5ee..12ec60f14 100644
--- a/src/cc/rogue_rpc.cpp
+++ b/src/cc/rogue_rpc.cpp
@@ -1572,28 +1572,31 @@ bool rogue_validate(struct CCcontract_info *cp,int32_t height,Eval *eval,const C
                             return eval->Invalid("couldnt decode H/Q opret");
                         }
                         // verify pk belongs to this tx
-                        if ( tokentx == 'c' && playerdata.size() > 0 )
+                        if ( tokentx == 'c' )
                         {
-                            static char laststr[512]; char cashstr[512];
-                            if ( rogue_playerdata_validate(&cashout,ptxid,cp,playerdata,gametxid,pk) < 0 )
+                            if ( playerdata.size() > 0 )
                             {
-                                sprintf(cashstr,"tokentx.(%c) decoded.%d ht.%d gametxid.%s player.%s invalid playerdata[%d]\n",tokentx,decoded,height,gametxid.GetHex().c_str(),ptxid.GetHex().c_str(),(int32_t)playerdata.size());
+                                static char laststr[512]; char cashstr[512];
+                                if ( rogue_playerdata_validate(&cashout,ptxid,cp,playerdata,gametxid,pk) < 0 )
+                                {
+                                    sprintf(cashstr,"tokentx.(%c) decoded.%d ht.%d gametxid.%s player.%s invalid playerdata[%d]\n",tokentx,decoded,height,gametxid.GetHex().c_str(),ptxid.GetHex().c_str(),(int32_t)playerdata.size());
+                                    if ( strcmp(laststr,cashstr) != 0 )
+                                    {
+                                        strcpy(laststr,cashstr);
+                                        fprintf(stderr,"%s\n",cashstr);
+                                    }
+                                    if ( enabled != 0 )
+                                        return eval->Invalid("mismatched playerdata");
+                                }
+                                if ( funcid == 'H' )
+                                    cashout *= 2;
+                                sprintf(cashstr,"tokentx.(%c) decoded.%d ht.%d txid.%s %.8f vs vout2 %.8f",tokentx,decoded,height,txid.GetHex().c_str(),(double)cashout/COIN,(double)tx.vout[2].nValue/COIN);
                                 if ( strcmp(laststr,cashstr) != 0 )
                                 {
                                     strcpy(laststr,cashstr);
                                     fprintf(stderr,"%s\n",cashstr);
                                 }
-                                if ( enabled != 0 )
-                                    return eval->Invalid("mismatched playerdata");
-                            }
-                            if ( funcid == 'H' )
-                                cashout *= 2;
-                            sprintf(cashstr,"tokentx.(%c) decoded.%d ht.%d txid.%s %.8f vs vout2 %.8f",tokentx,decoded,height,txid.GetHex().c_str(),(double)cashout/COIN,(double)tx.vout[2].nValue/COIN);
-                            if ( strcmp(laststr,cashstr) != 0 )
-                            {
-                                strcpy(laststr,cashstr);
-                                fprintf(stderr,"%s\n",cashstr);
-                            }
+                            } else cashout = 10000;
                             if ( enabled != 0 && tx.vout[2].nValue != cashout )
                                 return eval->Invalid("mismatched cashout amount");
                         }