Bitcoin ABC  0.26.3
P2P Digital Currency
proof.cpp
Go to the documentation of this file.
1 // Copyright (c) 2020 The Bitcoin developers
2 // Distributed under the MIT software license, see the accompanying
3 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4 
5 #include <avalanche/proof.h>
6 
7 #include <avalanche/validation.h>
8 #include <coins.h>
9 #include <hash.h>
10 #include <policy/policy.h>
11 #include <script/standard.h>
12 #include <streams.h>
13 #include <util/strencodings.h>
14 #include <util/system.h>
15 #include <util/translation.h>
16 
17 #include <tinyformat.h>
18 
19 #include <numeric>
20 #include <unordered_set>
21 #include <variant>
22 
23 namespace avalanche {
24 
25 StakeCommitment::StakeCommitment(int64_t expirationTime,
26  const CPubKey &master) {
27  CHashWriter ss(SER_GETHASH, 0);
28  ss << expirationTime;
29  ss << master;
30  const uint256 &hash = ss.GetHash();
31  memcpy(m_data, hash.data(), sizeof(m_data));
32 }
33 
34 void Stake::computeStakeId() {
35  CHashWriter ss(SER_GETHASH, 0);
36  ss << *this;
37  stakeid = StakeId(ss.GetHash());
38 }
39 
40 uint256 Stake::getHash(const StakeCommitment &commitment) const {
41  CHashWriter ss(SER_GETHASH, 0);
42  ss << commitment;
43  ss << *this;
44  return ss.GetHash();
45 }
46 
47 bool SignedStake::verify(const StakeCommitment &commitment) const {
48  return stake.getPubkey().VerifySchnorr(stake.getHash(commitment), sig);
49 }
50 
51 bool Proof::FromHex(Proof &proof, const std::string &hexProof,
52  bilingual_str &errorOut) {
53  if (!IsHex(hexProof)) {
54  errorOut = _("Proof must be an hexadecimal string.");
55  return false;
56  }
57 
58  CDataStream ss(ParseHex(hexProof), SER_NETWORK, PROTOCOL_VERSION);
59 
60  try {
61  ss >> proof;
62  } catch (std::exception &e) {
63  errorOut = strprintf(_("Proof has invalid format: %s"), e.what());
64  return false;
65  }
66 
67  return true;
68 }
69 
70 std::string Proof::ToHex() const {
71  CDataStream ss(SER_NETWORK, PROTOCOL_VERSION);
72  ss << *this;
73  return HexStr(ss);
74 }
75 
76 void Proof::computeProofId() {
77  CHashWriter ss(SER_GETHASH, 0);
78  ss << sequence;
79  ss << expirationTime;
80  ss << payoutScriptPubKey;
81 
82  WriteCompactSize(ss, stakes.size());
83  for (const SignedStake &s : stakes) {
84  ss << s.getStake();
85  }
86 
87  limitedProofId = LimitedProofId(ss.GetHash());
88  proofid = limitedProofId.computeProofId(master);
89 }
90 
91 void Proof::computeScore() {
92  Amount total = Amount::zero();
93  for (const SignedStake &s : stakes) {
94  total += s.getStake().getAmount();
95  }
96 
97  score = amountToScore(total);
98 }
99 
100 uint32_t Proof::amountToScore(Amount amount) {
101  return (100 * amount) / COIN;
102 }
103 
104 Amount Proof::getStakedAmount() const {
105  return std::accumulate(stakes.begin(), stakes.end(), Amount::zero(),
106  [](const Amount current, const SignedStake &ss) {
107  return current + ss.getStake().getAmount();
108  });
109 }
110 
111 static bool IsStandardPayoutScript(const CScript &scriptPubKey) {
112  // Check the script's standardness against the default max OP_RETURN size,
113  // so that a proof's validity is not affected by a local relay policy
114  // parameter (see -datacarriersize config option)
115  TxoutType scriptType;
116  return IsStandard(scriptPubKey, MAX_OP_RETURN_RELAY, scriptType);
117 }
118 
119 bool Proof::verify(const Amount &stakeUtxoDustThreshold,
120  ProofValidationState &state) const {
121  if (stakes.empty()) {
122  return state.Invalid(ProofValidationResult::NO_STAKE, "no-stake");
123  }
124 
125  if (stakes.size() > AVALANCHE_MAX_PROOF_STAKES) {
126  return state.Invalid(
127  ProofValidationResult::TOO_MANY_UTXOS, "too-many-utxos",
128  strprintf("%u > %u", stakes.size(), AVALANCHE_MAX_PROOF_STAKES));
129  }
130 
131  if (!IsStandardPayoutScript(payoutScriptPubKey)) {
132  return state.Invalid(ProofValidationResult::INVALID_PAYOUT_SCRIPT,
133  "payout-script-non-standard");
134  }
135 
136  if (!master.VerifySchnorr(limitedProofId, signature)) {
137  return state.Invalid(ProofValidationResult::INVALID_PROOF_SIGNATURE,
138  "invalid-proof-signature");
139  }
140 
141  StakeId prevId = uint256::ZERO;
142  std::unordered_set<COutPoint, SaltedOutpointHasher> utxos;
143  for (const SignedStake &ss : stakes) {
144  const Stake &s = ss.getStake();
145  if (s.getAmount() < stakeUtxoDustThreshold) {
146  return state.Invalid(ProofValidationResult::DUST_THRESHOLD,
147  "amount-below-dust-threshold",
148  strprintf("%s < %s", s.getAmount().ToString(),
149  stakeUtxoDustThreshold.ToString()));
150  }
151 
152  if (s.getId() < prevId) {
153  return state.Invalid(ProofValidationResult::WRONG_STAKE_ORDERING,
154  "wrong-stake-ordering");
155  }
156  prevId = s.getId();
157 
158  if (!utxos.insert(s.getUTXO()).second) {
159  return state.Invalid(ProofValidationResult::DUPLICATE_STAKE,
160  "duplicated-stake");
161  }
162 
163  if (!ss.verify(getStakeCommitment())) {
164  return state.Invalid(
165  ProofValidationResult::INVALID_STAKE_SIGNATURE,
166  "invalid-stake-signature",
167  strprintf("TxId: %s", s.getUTXO().GetTxId().ToString()));
168  }
169  }
170 
171  return true;
172 }
173 
174 bool Proof::verify(const Amount &stakeUtxoDustThreshold,
175  const ChainstateManager &chainman,
176  ProofValidationState &state) const {
177  AssertLockHeld(cs_main);
178  if (!verify(stakeUtxoDustThreshold, state)) {
179  // state is set by verify.
180  return false;
181  }
182 
183  const CBlockIndex *activeTip = chainman.ActiveTip();
184  const int64_t tipMedianTimePast =
185  activeTip ? activeTip->GetMedianTimePast() : 0;
186  if (expirationTime > 0 && tipMedianTimePast >= expirationTime) {
187  return state.Invalid(ProofValidationResult::EXPIRED, "expired-proof");
188  }
189 
190  const int64_t activeHeight = chainman.ActiveHeight();
191  const int64_t stakeUtxoMinConfirmations =
192  gArgs.GetIntArg("-avaproofstakeutxoconfirmations",
193  AVALANCHE_DEFAULT_STAKE_UTXO_CONFIRMATIONS);
194 
195  for (const SignedStake &ss : stakes) {
196  const Stake &s = ss.getStake();
197  const COutPoint &utxo = s.getUTXO();
198 
199  Coin coin;
200  if (!chainman.ActiveChainstate().CoinsTip().GetCoin(utxo, coin)) {
201  // The coins are not in the UTXO set.
202  return state.Invalid(ProofValidationResult::MISSING_UTXO,
203  "utxo-missing-or-spent");
204  }
205 
206  if ((s.getHeight() + stakeUtxoMinConfirmations - 1) > activeHeight) {
207  return state.Invalid(
208  ProofValidationResult::IMMATURE_UTXO, "immature-utxo",
209  strprintf("TxId: %s, block height: %d, chaintip height: %d",
210  s.getUTXO().GetTxId().ToString(), s.getHeight(),
211  activeHeight));
212  }
213 
214  if (s.isCoinbase() != coin.IsCoinBase()) {
215  return state.Invalid(
216  ProofValidationResult::COINBASE_MISMATCH, "coinbase-mismatch",
217  strprintf("expected %s, found %s",
218  s.isCoinbase() ? "true" : "false",
219  coin.IsCoinBase() ? "true" : "false"));
220  }
221 
222  if (s.getHeight() != coin.GetHeight()) {
223  return state.Invalid(ProofValidationResult::HEIGHT_MISMATCH,
224  "height-mismatch",
225  strprintf("expected %u, found %u",
226  s.getHeight(), coin.GetHeight()));
227  }
228 
229  const CTxOut &out = coin.GetTxOut();
230  if (s.getAmount() != out.nValue) {
231  // Wrong amount.
232  return state.Invalid(
233  ProofValidationResult::AMOUNT_MISMATCH, "amount-mismatch",
234  strprintf("expected %s, found %s", s.getAmount().ToString(),
235  out.nValue.ToString()));
236  }
237 
238  CTxDestination dest;
239  if (!ExtractDestination(out.scriptPubKey, dest)) {
240  // Can't extract destination.
241  return state.Invalid(
242  ProofValidationResult::NON_STANDARD_DESTINATION,
243  "non-standard-destination");
244  }
245 
246  PKHash *pkhash = std::get_if<PKHash>(&dest);
247  if (!pkhash) {
248  // Only PKHash are supported.
249  return state.Invalid(
250  ProofValidationResult::DESTINATION_NOT_SUPPORTED,
251  "destination-type-not-supported");
252  }
253 
254  const CPubKey &pubkey = s.getPubkey();
255  if (*pkhash != PKHash(pubkey)) {
256  // Wrong pubkey.
257  return state.Invalid(ProofValidationResult::DESTINATION_MISMATCH,
258  "destination-mismatch");
259  }
260  }
261 
262  return true;
263 }
264 
265 } // namespace avalanche
COIN
static constexpr Amount COIN
Definition: amount.h:144
ArgsManager::GetIntArg
int64_t GetIntArg(const std::string &strArg, int64_t nDefault) const
Return integer argument or default value.
Definition: system.cpp:635
CBlockIndex
The block chain is a tree shaped structure starting with the genesis block at the root,...
Definition: blockindex.h:26
CBlockIndex::GetMedianTimePast
int64_t GetMedianTimePast() const
Definition: blockindex.h:190
CDataStream
Double ended buffer combining vector and stream-like interfaces.
Definition: streams.h:177
CHashWriter
A writer stream (for serialization) that computes a 256-bit hash.
Definition: hash.h:99
CHashWriter::GetHash
uint256 GetHash()
Compute the double-SHA256 hash of all data written to this object.
Definition: hash.h:122
COutPoint
An outpoint - a combination of a transaction hash and an index n into its vout.
Definition: transaction.h:20
COutPoint::GetTxId
const TxId & GetTxId() const
Definition: transaction.h:35
CPubKey
An encapsulated public key.
Definition: pubkey.h:31
CPubKey::VerifySchnorr
bool VerifySchnorr(const uint256 &hash, const std::array< uint8_t, SCHNORR_SIZE > &sig) const
Verify a Schnorr signature (=64 bytes).
Definition: pubkey.cpp:199
CScript
Serialized script, used inside transaction inputs and outputs.
Definition: script.h:431
CTxOut
An output of a transaction.
Definition: transaction.h:128
CTxOut::scriptPubKey
CScript scriptPubKey
Definition: transaction.h:131
CTxOut::nValue
Amount nValue
Definition: transaction.h:130
ChainstateManager
Provides an interface for creating and interacting with one or two chainstates: an IBD chainstate gen...
Definition: validation.h:1142
ChainstateManager::ActiveHeight
int ActiveHeight() const EXCLUSIVE_LOCKS_REQUIRED(GetMutex())
Definition: validation.h:1351
ChainstateManager::ActiveTip
CBlockIndex * ActiveTip() const EXCLUSIVE_LOCKS_REQUIRED(GetMutex())
Definition: validation.h:1354
Coin
A UTXO entry.
Definition: coins.h:27
Coin::GetHeight
uint32_t GetHeight() const
Definition: coins.h:44
Coin::IsCoinBase
bool IsCoinBase() const
Definition: coins.h:45
Coin::GetTxOut
CTxOut & GetTxOut()
Definition: coins.h:48
ValidationState::Invalid
bool Invalid(Result result, const std::string &reject_reason="", const std::string &debug_message="")
Definition: validation.h:94
avalanche::Proof::FromHex
static bool FromHex(Proof &proof, const std::string &hexProof, bilingual_str &errorOut)
Definition: proof.cpp:51
avalanche::Proof::verify
bool verify(const Amount &stakeUtxoDustThreshold, ProofValidationState &state) const
Definition: proof.cpp:119
avalanche::Proof::expirationTime
int64_t expirationTime
Definition: proof.h:104
avalanche::Proof::computeProofId
void computeProofId()
Definition: proof.cpp:76
avalanche::Proof::getStakedAmount
Amount getStakedAmount() const
Definition: proof.cpp:104
avalanche::Proof::payoutScriptPubKey
CScript payoutScriptPubKey
Definition: proof.h:107
avalanche::Proof::ToHex
std::string ToHex() const
Definition: proof.cpp:70
avalanche::Proof::getStakeCommitment
const StakeCommitment getStakeCommitment() const
Definition: proof.h:171
avalanche::Proof::computeScore
void computeScore()
Definition: proof.cpp:91
avalanche::Proof::limitedProofId
LimitedProofId limitedProofId
Definition: proof.h:110
avalanche::Proof::sequence
uint64_t sequence
Definition: proof.h:103
avalanche::Proof::score
uint32_t score
Definition: proof.h:114
avalanche::Proof::stakes
std::vector< SignedStake > stakes
Definition: proof.h:106
avalanche::Proof::master
CPubKey master
Definition: proof.h:105
avalanche::Proof::proofid
ProofId proofid
Definition: proof.h:111
avalanche::Proof::signature
SchnorrSig signature
Definition: proof.h:108
avalanche::Proof::amountToScore
static uint32_t amountToScore(Amount amount)
Definition: proof.cpp:100
avalanche::SignedStake::sig
SchnorrSig sig
Definition: proof.h:87
avalanche::SignedStake::verify
bool verify(const StakeCommitment &commitment) const
Definition: proof.cpp:47
avalanche::Stake::getHash
uint256 getHash(const StakeCommitment &commitment) const
Definition: proof.cpp:40
avalanche::Stake::getUTXO
const COutPoint & getUTXO() const
Definition: proof.h:74
avalanche::Stake::getPubkey
const CPubKey & getPubkey() const
Definition: proof.h:78
avalanche::Stake::getId
const StakeId & getId() const
Definition: proof.h:82
avalanche::Stake::getAmount
Amount getAmount() const
Definition: proof.h:75
avalanche::Stake::isCoinbase
bool isCoinbase() const
Definition: proof.h:77
avalanche::Stake::getHeight
uint32_t getHeight() const
Definition: proof.h:76
avalanche::Stake::stakeid
StakeId stakeid
Definition: proof.h:57
avalanche::Stake::computeStakeId
void computeStakeId()
Definition: proof.cpp:34
base_blob::data
const uint8_t * data() const
Definition: uint256.h:82
base_blob::ToString
std::string ToString() const
Definition: uint256.h:80
base_blob< 256 >::m_data
uint8_t m_data[WIDTH]
Definition: uint256.h:21
uint256
256-bit opaque blob.
Definition: uint256.h:129
uint256::ZERO
static const uint256 ZERO
Definition: uint256.h:134
cs_main
RecursiveMutex cs_main
Mutex to guard access to validation specific variables, such as reading or changing the chainstate.
Definition: cs_main.cpp:7
avalanche::StakeId
uint256 StakeId
Definition: proof.h:44
avalanche::IsStandardPayoutScript
static bool IsStandardPayoutScript(const CScript &scriptPubKey)
Definition: proof.cpp:111
IsStandard
bool IsStandard(const CScript &scriptPubKey, const std::optional< unsigned > &max_datacarrier_bytes, TxoutType &whichType)
Definition: policy.cpp:38
AVALANCHE_DEFAULT_STAKE_UTXO_CONFIRMATIONS
static constexpr int AVALANCHE_DEFAULT_STAKE_UTXO_CONFIRMATIONS
Minimum number of confirmations before a stake utxo is mature enough to be included into a proof.
Definition: proof.h:35
AVALANCHE_MAX_PROOF_STAKES
static constexpr int AVALANCHE_MAX_PROOF_STAKES
How many UTXOs can be used for a single proof.
Definition: proof.h:29
SER_NETWORK
@ SER_NETWORK
Definition: serialize.h:152
SER_GETHASH
@ SER_GETHASH
Definition: serialize.h:154
WriteCompactSize
void WriteCompactSize(CSizeComputer &os, uint64_t nSize)
Definition: serialize.h:1254
ExtractDestination
bool ExtractDestination(const CScript &scriptPubKey, CTxDestination &addressRet)
Parse a standard scriptPubKey for the destination address.
Definition: standard.cpp:158
MAX_OP_RETURN_RELAY
static const unsigned int MAX_OP_RETURN_RELAY
Default setting for nMaxDatacarrierBytes.
Definition: standard.h:36
TxoutType
TxoutType
Definition: standard.h:38
CTxDestination
std::variant< CNoDestination, PKHash, ScriptHash > CTxDestination
A txout script template with a specific destination.
Definition: standard.h:85
HexStr
std::string HexStr(const Span< const uint8_t > s)
Convert a span of bytes to a lower-case hexadecimal string.
Definition: strencodings.cpp:663
IsHex
bool IsHex(const std::string &str)
Returns true if each character in str is a hex character, and has an even number of hex digits.
Definition: strencodings.cpp:64
ParseHex
std::vector< uint8_t > ParseHex(const char *psz)
Definition: strencodings.cpp:87
Amount
Definition: amount.h:19
Amount::zero
static constexpr Amount zero() noexcept
Definition: amount.h:32
Amount::ToString
std::string ToString() const
Definition: amount.cpp:22
avalanche::LimitedProofId::computeProofId
ProofId computeProofId(const CPubKey &proofMaster) const
Definition: proofid.cpp:12
avalanche::StakeCommitment::StakeCommitment
StakeCommitment(int64_t expirationTime, const CPubKey &master)
Definition: proof.cpp:25
bilingual_str
Bilingual messages:
Definition: translation.h:17
gArgs
ArgsManager gArgs
Definition: system.cpp:80
strprintf
#define strprintf
Format arguments and return the string or write to given std::ostream (see tinyformat::format doc for...
Definition: tinyformat.h:1202
_
bilingual_str _(const char *psz)
Translation function.
Definition: translation.h:68
AssertLockHeld
AssertLockHeld(pool.cs)
PROTOCOL_VERSION
static const int PROTOCOL_VERSION
network protocol versioning
Definition: version.h:11
Generated on Tue Apr 16 2024 02:36:18 for Bitcoin ABC by doxygen 1.9.1