standalone: Reject bad input values in tx sanity.#3677
Open
davecgh wants to merge 2 commits intodecred:masterfrom
Open
standalone: Reject bad input values in tx sanity.#3677davecgh wants to merge 2 commits intodecred:masterfrom
davecgh wants to merge 2 commits intodecred:masterfrom
Conversation
Transactions with input values that are negative or greater than the max supply ultimately will always eventually end up invalid by checks performed much later in the validation process. Moreover, the aforementioned conditions are entirely context free. Given that, it is much more efficient and robust to simply reject any transactions that violate them as early as possible in the validation process. The context-free transaction sanity checks are the ideal location since they are among the earliest validation checks that are performed. However, unconfirmed transactions are allowed to leave the input value set to the special sentinel value of -1 (wire.NullValueIn) that signals the actual value will be filled in later. The sanity checks take place before that information is available to populate, so that case needs to be exempted and left for the later checks to reject as they already do now. With that in mind, this modifies CheckTransactionSanity to reject transactions that violate those conditions accordingly. It also adds ErrFraudAmountIn to uniquely identify when checks fail validation for that reason. Finally, it modifies the rule error conversion in the internal blockchain code to recognize and convert the new error.
This adds a few additional tests for transaction sanity checking to ensure negative values, except the special sentinel value, and values greater than the max supply are rejected as expected.
matthawkins90
approved these changes
Apr 17, 2026
jholdstock
approved these changes
Apr 18, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Transactions with input values that are negative or greater than the max supply ultimately will always eventually end up invalid by checks performed much later in the validation process. Moreover, the aforementioned conditions are entirely context free.
Given that, it is much more efficient and robust to simply reject any transactions that violate them as early as possible in the validation process.
The context-free transaction sanity checks are the ideal location since they are among the earliest validation checks that are performed.
However, unconfirmed transactions are allowed to leave the input value set to the special sentinel value of -1 (
wire.NullValueIn) that signals the actual value will be filled in later. The sanity checks take place before that information is available to populate, so that case needs to be exempted and left for the later checks to reject as they already do now.With that in mind, this modifies
CheckTransactionSanityto reject transactions that violate those conditions accordingly.It also adds
ErrFraudAmountInto uniquely identify when checks fail validation for that reason.Finally, it modifies the rule error conversion in the internal
blockchaincode to recognize and convert the new error.Additional tests are included in a second commit to test the new checks work as expected.