Bitcoin ABC 0.31.1
P2P Digital Currency
All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Properties Friends Macros Modules Pages
proof.cpp
Go to the documentation of this file.
1// Copyright (c) 2020 The Bitcoin developers
2// Distributed under the MIT software license, see the accompanying
3// file COPYING or http://www.opensource.org/licenses/mit-license.php.
4
5#include <avalanche/proof.h>
6
7#include <avalanche/validation.h>
8#include <coins.h>
9#include <common/args.h>
10#include <hash.h>
11#include <policy/policy.h>
12#include <script/standard.h>
13#include <streams.h>
14#include <util/strencodings.h>
15#include <util/translation.h>
16#include <validation.h>
17
18#include <tinyformat.h>
19
20#include <numeric>
21#include <unordered_set>
22#include <variant>
23
24namespace avalanche {
25
26StakeCommitment::StakeCommitment(int64_t expirationTime,
27 const CPubKey &master) {
28 HashWriter ss{};
29 ss << expirationTime;
30 ss << master;
31 const uint256 &hash = ss.GetHash();
32 memcpy(m_data, hash.data(), sizeof(m_data));
33}
34
35void Stake::computeStakeId() {
36 HashWriter ss{};
37 ss << *this;
38 stakeid = StakeId(ss.GetHash());
39}
40
41uint256 Stake::getHash(const StakeCommitment &commitment) const {
42 HashWriter ss{};
43 ss << commitment;
44 ss << *this;
45 return ss.GetHash();
46}
47
48bool SignedStake::verify(const StakeCommitment &commitment) const {
49 return stake.getPubkey().VerifySchnorr(stake.getHash(commitment), sig);
50}
51
52bool Proof::FromHex(Proof &proof, const std::string &hexProof,
53 bilingual_str &errorOut) {
54 if (!IsHex(hexProof)) {
55 errorOut = _("Proof must be an hexadecimal string.");
56 return false;
57 }
58
59 CDataStream ss(ParseHex(hexProof), SER_NETWORK, PROTOCOL_VERSION);
60
61 try {
62 ss >> proof;
63 } catch (std::exception &e) {
64 errorOut = strprintf(_("Proof has invalid format: %s"), e.what());
65 return false;
66 }
67
68 return true;
69}
70
71std::string Proof::ToHex() const {
72 CDataStream ss(SER_NETWORK, PROTOCOL_VERSION);
73 ss << *this;
74 return HexStr(ss);
75}
76
77void Proof::computeProofId() {
78 HashWriter ss{};
79 ss << sequence;
80 ss << expirationTime;
81 ss << payoutScriptPubKey;
82
83 WriteCompactSize(ss, stakes.size());
84 for (const SignedStake &s : stakes) {
85 ss << s.getStake();
86 }
87
88 limitedProofId = LimitedProofId(ss.GetHash());
89 proofid = limitedProofId.computeProofId(master);
90}
91
92void Proof::computeScore() {
93 Amount total = Amount::zero();
94 for (const SignedStake &s : stakes) {
95 total += s.getStake().getAmount();
96 }
97
98 score = amountToScore(total);
99}
100
101uint32_t Proof::amountToScore(Amount amount) {
102 return (100 * amount) / COIN;
103}
104
105Amount Proof::getStakedAmount() const {
106 return std::accumulate(stakes.begin(), stakes.end(), Amount::zero(),
107 [](const Amount current, const SignedStake &ss) {
108 return current + ss.getStake().getAmount();
109 });
110}
111
112static bool IsStandardPayoutScript(const CScript &scriptPubKey) {
113 // Check the script's standardness against the default max OP_RETURN size,
114 // so that a proof's validity is not affected by a local relay policy
115 // parameter (see -datacarriersize config option)
116 TxoutType scriptType;
117 return IsStandard(scriptPubKey, MAX_OP_RETURN_RELAY, scriptType);
118}
119
120bool Proof::verify(const Amount &stakeUtxoDustThreshold,
121 ProofValidationState &state) const {
122 if (stakes.empty()) {
123 return state.Invalid(ProofValidationResult::NO_STAKE, "no-stake");
124 }
125
126 if (stakes.size() > AVALANCHE_MAX_PROOF_STAKES) {
127 return state.Invalid(
128 ProofValidationResult::TOO_MANY_UTXOS, "too-many-utxos",
129 strprintf("%u > %u", stakes.size(), AVALANCHE_MAX_PROOF_STAKES));
130 }
131
132 if (!IsStandardPayoutScript(payoutScriptPubKey)) {
133 return state.Invalid(ProofValidationResult::INVALID_PAYOUT_SCRIPT,
134 "payout-script-non-standard");
135 }
136
137 if (!master.VerifySchnorr(limitedProofId, signature)) {
138 return state.Invalid(ProofValidationResult::INVALID_PROOF_SIGNATURE,
139 "invalid-proof-signature");
140 }
141
142 StakeId prevId = uint256::ZERO;
143 std::unordered_set<COutPoint, SaltedOutpointHasher> utxos;
144 for (const SignedStake &ss : stakes) {
145 const Stake &s = ss.getStake();
146 if (s.getAmount() < stakeUtxoDustThreshold) {
147 return state.Invalid(ProofValidationResult::DUST_THRESHOLD,
148 "amount-below-dust-threshold",
149 strprintf("%s < %s", s.getAmount().ToString(),
150 stakeUtxoDustThreshold.ToString()));
151 }
152
153 if (s.getId() < prevId) {
154 return state.Invalid(ProofValidationResult::WRONG_STAKE_ORDERING,
155 "wrong-stake-ordering");
156 }
157 prevId = s.getId();
158
159 if (!utxos.insert(s.getUTXO()).second) {
160 return state.Invalid(ProofValidationResult::DUPLICATE_STAKE,
161 "duplicated-stake");
162 }
163
164 if (!ss.verify(getStakeCommitment())) {
165 return state.Invalid(
166 ProofValidationResult::INVALID_STAKE_SIGNATURE,
167 "invalid-stake-signature",
168 strprintf("TxId: %s", s.getUTXO().GetTxId().ToString()));
169 }
170 }
171
172 return true;
173}
174
175bool Proof::verify(const Amount &stakeUtxoDustThreshold,
176 const ChainstateManager &chainman,
177 ProofValidationState &state) const {
178 AssertLockHeld(cs_main);
179 if (!verify(stakeUtxoDustThreshold, state)) {
180 // state is set by verify.
181 return false;
182 }
183
184 const CBlockIndex *activeTip = chainman.ActiveTip();
185 const int64_t tipMedianTimePast =
186 activeTip ? activeTip->GetMedianTimePast() : 0;
187 if (expirationTime > 0 && tipMedianTimePast >= expirationTime) {
188 return state.Invalid(ProofValidationResult::EXPIRED, "expired-proof");
189 }
190
191 const int64_t activeHeight = chainman.ActiveHeight();
192 const int64_t stakeUtxoMinConfirmations =
193 gArgs.GetIntArg("-avaproofstakeutxoconfirmations",
194 AVALANCHE_DEFAULT_STAKE_UTXO_CONFIRMATIONS);
195
196 for (const SignedStake &ss : stakes) {
197 const Stake &s = ss.getStake();
198 const COutPoint &utxo = s.getUTXO();
199
200 Coin coin;
201 if (!chainman.ActiveChainstate().CoinsTip().GetCoin(utxo, coin)) {
202 // The coins are not in the UTXO set.
203 return state.Invalid(ProofValidationResult::MISSING_UTXO,
204 "utxo-missing-or-spent");
205 }
206
207 if ((s.getHeight() + stakeUtxoMinConfirmations - 1) > activeHeight) {
208 return state.Invalid(
209 ProofValidationResult::IMMATURE_UTXO, "immature-utxo",
210 strprintf("TxId: %s, block height: %d, chaintip height: %d",
211 s.getUTXO().GetTxId().ToString(), s.getHeight(),
212 activeHeight));
213 }
214
215 if (s.isCoinbase() != coin.IsCoinBase()) {
216 return state.Invalid(
217 ProofValidationResult::COINBASE_MISMATCH, "coinbase-mismatch",
218 strprintf("expected %s, found %s",
219 s.isCoinbase() ? "true" : "false",
220 coin.IsCoinBase() ? "true" : "false"));
221 }
222
223 if (s.getHeight() != coin.GetHeight()) {
224 return state.Invalid(ProofValidationResult::HEIGHT_MISMATCH,
225 "height-mismatch",
226 strprintf("expected %u, found %u",
227 s.getHeight(), coin.GetHeight()));
228 }
229
230 const CTxOut &out = coin.GetTxOut();
231 if (s.getAmount() != out.nValue) {
232 // Wrong amount.
233 return state.Invalid(
234 ProofValidationResult::AMOUNT_MISMATCH, "amount-mismatch",
235 strprintf("expected %s, found %s", s.getAmount().ToString(),
236 out.nValue.ToString()));
237 }
238
239 CTxDestination dest;
240 if (!ExtractDestination(out.scriptPubKey, dest)) {
241 // Can't extract destination.
242 return state.Invalid(
243 ProofValidationResult::NON_STANDARD_DESTINATION,
244 "non-standard-destination");
245 }
246
247 PKHash *pkhash = std::get_if<PKHash>(&dest);
248 if (!pkhash) {
249 // Only PKHash are supported.
250 return state.Invalid(
251 ProofValidationResult::DESTINATION_NOT_SUPPORTED,
252 "destination-type-not-supported");
253 }
254
255 const CPubKey &pubkey = s.getPubkey();
256 if (*pkhash != PKHash(pubkey)) {
257 // Wrong pubkey.
258 return state.Invalid(ProofValidationResult::DESTINATION_MISMATCH,
259 "destination-mismatch");
260 }
261 }
262
263 return true;
264}
265
266} // namespace avalanche
COIN
static constexpr Amount COIN
Definition: amount.h:144
gArgs
ArgsManager gArgs
Definition: args.cpp:38
ArgsManager::GetIntArg
int64_t GetIntArg(const std::string &strArg, int64_t nDefault) const
Return integer argument or default value.
Definition: args.cpp:526
CBlockIndex
The block chain is a tree shaped structure starting with the genesis block at the root,...
Definition: blockindex.h:25
CBlockIndex::GetMedianTimePast
int64_t GetMedianTimePast() const
Definition: blockindex.h:191
CDataStream
Double ended buffer combining vector and stream-like interfaces.
Definition: streams.h:177
CPubKey
An encapsulated public key.
Definition: pubkey.h:31
CPubKey::VerifySchnorr
bool VerifySchnorr(const uint256 &hash, const std::array< uint8_t, SCHNORR_SIZE > &sig) const
Verify a Schnorr signature (=64 bytes).
Definition: pubkey.cpp:199
CTxOut
An output of a transaction.
Definition: transaction.h:128
CTxOut::scriptPubKey
CScript scriptPubKey
Definition: transaction.h:131
CTxOut::nValue
Amount nValue
Definition: transaction.h:130
ChainstateManager
Provides an interface for creating and interacting with one or two chainstates: an IBD chainstate gen...
Definition: validation.h:1149
ChainstateManager::ActiveChainstate
SnapshotCompletionResult MaybeCompleteSnapshotValidation(std::function< void(bilingual_str)> shutdown_fnc=[](bilingual_str msg) { AbortNode(msg.original, msg);}) EXCLUSIVE_LOCKS_REQUIRED(const CBlockIndex *GetSnapshotBaseBlock() const EXCLUSIVE_LOCKS_REQUIRED(Chainstate ActiveChainstate)() const
Once the background validation chainstate has reached the height which is the base of the UTXO snapsh...
Definition: validation.h:1391
ChainstateManager::ActiveTip
CBlockIndex * ActiveTip() const EXCLUSIVE_LOCKS_REQUIRED(GetMutex())
Definition: validation.h:1398
ChainstateManager::ActiveHeight
int ActiveHeight() const EXCLUSIVE_LOCKS_REQUIRED(GetMutex())
Definition: validation.h:1395
Coin
A UTXO entry.
Definition: coins.h:28
Coin::GetHeight
uint32_t GetHeight() const
Definition: coins.h:45
Coin::IsCoinBase
bool IsCoinBase() const
Definition: coins.h:46
Coin::GetTxOut
CTxOut & GetTxOut()
Definition: coins.h:49
HashWriter
A writer stream (for serialization) that computes a 256-bit hash.
Definition: hash.h:100
ValidationState::Invalid
bool Invalid(Result result, const std::string &reject_reason="", const std::string &debug_message="")
Definition: validation.h:101
avalanche::Proof::FromHex
static bool FromHex(Proof &proof, const std::string &hexProof, bilingual_str &errorOut)
Definition: proof.cpp:52
avalanche::Proof::verify
bool verify(const Amount &stakeUtxoDustThreshold, ProofValidationState &state) const
Definition: proof.cpp:120
avalanche::Proof::expirationTime
int64_t expirationTime
Definition: proof.h:105
avalanche::Proof::computeProofId
void computeProofId()
Definition: proof.cpp:77
avalanche::Proof::getStakedAmount
Amount getStakedAmount() const
Definition: proof.cpp:105
avalanche::Proof::payoutScriptPubKey
CScript payoutScriptPubKey
Definition: proof.h:108
avalanche::Proof::ToHex
std::string ToHex() const
Definition: proof.cpp:71
avalanche::Proof::getStakeCommitment
const StakeCommitment getStakeCommitment() const
Definition: proof.h:172
avalanche::Proof::computeScore
void computeScore()
Definition: proof.cpp:92
avalanche::Proof::limitedProofId
LimitedProofId limitedProofId
Definition: proof.h:111
avalanche::Proof::sequence
uint64_t sequence
Definition: proof.h:104
avalanche::Proof::score
uint32_t score
Definition: proof.h:115
avalanche::Proof::stakes
std::vector< SignedStake > stakes
Definition: proof.h:107
avalanche::Proof::master
CPubKey master
Definition: proof.h:106
avalanche::Proof::proofid
ProofId proofid
Definition: proof.h:112
avalanche::Proof::signature
SchnorrSig signature
Definition: proof.h:109
avalanche::Proof::amountToScore
static uint32_t amountToScore(Amount amount)
Definition: proof.cpp:101
avalanche::SignedStake::sig
SchnorrSig sig
Definition: proof.h:88
avalanche::SignedStake::verify
bool verify(const StakeCommitment &commitment) const
Definition: proof.cpp:48
avalanche::Stake::getHash
uint256 getHash(const StakeCommitment &commitment) const
Definition: proof.cpp:41
avalanche::Stake::getAmount
Amount getAmount() const
Definition: proof.h:76
avalanche::Stake::isCoinbase
bool isCoinbase() const
Definition: proof.h:78
avalanche::Stake::getHeight
uint32_t getHeight() const
Definition: proof.h:77
avalanche::Stake::stakeid
StakeId stakeid
Definition: proof.h:58
avalanche::Stake::computeStakeId
void computeStakeId()
Definition: proof.cpp:35
avalanche::Stake::getPubkey
const CPubKey & getPubkey() const
Definition: proof.h:79
avalanche::Stake::getUTXO
const COutPoint & getUTXO() const
Definition: proof.h:75
avalanche::Stake::getId
const StakeId & getId() const
Definition: proof.h:83
base_blob< 256 >::m_data
uint8_t m_data[WIDTH]
Definition: uint256.h:21
base_blob::data
const uint8_t * data() const
Definition: uint256.h:82
uint256
256-bit opaque blob.
Definition: uint256.h:129
uint256::ZERO
static const uint256 ZERO
Definition: uint256.h:134
cs_main
RecursiveMutex cs_main
Mutex to guard access to validation specific variables, such as reading or changing the chainstate.
Definition: cs_main.cpp:7
avalanche::StakeId
uint256 StakeId
Definition: proof.h:45
avalanche::IsStandardPayoutScript
static bool IsStandardPayoutScript(const CScript &scriptPubKey)
Definition: proof.cpp:112
IsStandard
bool IsStandard(const CScript &scriptPubKey, const std::optional< unsigned > &max_datacarrier_bytes, TxoutType &whichType)
Definition: policy.cpp:38
AVALANCHE_DEFAULT_STAKE_UTXO_CONFIRMATIONS
static constexpr int AVALANCHE_DEFAULT_STAKE_UTXO_CONFIRMATIONS
Minimum number of confirmations before a stake utxo is mature enough to be included into a proof.
Definition: proof.h:36
AVALANCHE_MAX_PROOF_STAKES
static constexpr int AVALANCHE_MAX_PROOF_STAKES
How many UTXOs can be used for a single proof.
Definition: proof.h:30
SER_NETWORK
@ SER_NETWORK
Definition: serialize.h:152
WriteCompactSize
void WriteCompactSize(CSizeComputer &os, uint64_t nSize)
Definition: serialize.h:1254
ExtractDestination
bool ExtractDestination(const CScript &scriptPubKey, CTxDestination &addressRet)
Parse a standard scriptPubKey for the destination address.
Definition: standard.cpp:158
MAX_OP_RETURN_RELAY
static const unsigned int MAX_OP_RETURN_RELAY
Default setting for nMaxDatacarrierBytes.
Definition: standard.h:36
TxoutType
TxoutType
Definition: standard.h:38
CTxDestination
std::variant< CNoDestination, PKHash, ScriptHash > CTxDestination
A txout script template with a specific destination.
Definition: standard.h:85
Amount
Definition: amount.h:19
Amount::zero
static constexpr Amount zero() noexcept
Definition: amount.h:32
Amount::ToString
std::string ToString() const
Definition: amount.cpp:22
avalanche::LimitedProofId::computeProofId
ProofId computeProofId(const CPubKey &proofMaster) const
Definition: proofid.cpp:12
avalanche::StakeCommitment::StakeCommitment
StakeCommitment(int64_t expirationTime, const CPubKey &master)
Definition: proof.cpp:26
bilingual_str
Bilingual messages:
Definition: translation.h:17
strprintf
#define strprintf
Format arguments and return the string or write to given std::ostream (see tinyformat::format doc for...
Definition: tinyformat.h:1202
_
bilingual_str _(const char *psz)
Translation function.
Definition: translation.h:68
HexStr
std::string HexStr(const Span< const uint8_t > s)
Convert a span of bytes to a lower-case hexadecimal string.
Definition: strencodings.cpp:543
ParseHex
template std::vector< std::byte > ParseHex(std::string_view)
IsHex
bool IsHex(std::string_view str)
Returns true if each character in str is a hex character, and has an even number of hex digits.
Definition: strencodings.cpp:63
AssertLockHeld
AssertLockHeld(pool.cs)
PROTOCOL_VERSION
static const int PROTOCOL_VERSION
network protocol versioning
Definition: version.h:11
Generated on Thu Apr 10 2025 22:04:30 for Bitcoin ABC by doxygen 1.9.4