zPoS validations of forked chains before store them + inputs check on prev split main chain

furszy · furszy · commit 3f5091986c5f · 2019-01-26T00:48:59.000+01:00
diff --git a/src/main.cpp b/src/main.cpp
@@ -976,6 +976,21 @@ bool ContextualCheckZerocoinMint(const CTransaction& tx, const PublicCoin& coin,
 }
 
 bool ContextualCheckZerocoinSpend(const CTransaction& tx, const CoinSpend& spend, CBlockIndex* pindex, const uint256& hashBlock)
+{
+    if(!ContextualCheckZerocoinSpendNoSerialCheck(tx, spend, pindex, hashBlock)){
+        return false;
+    }
+
+    //Reject serial's that are already in the blockchain
+    int nHeightTx = 0;
+    if (IsSerialInBlockchain(spend.getCoinSerialNumber(), nHeightTx))
+        return error("%s : zPIV spend with serial %s is already in block %d\n", __func__,
+                     spend.getCoinSerialNumber().GetHex(), nHeightTx);
+
+    return true;
+}
+
+bool ContextualCheckZerocoinSpendNoSerialCheck(const CTransaction& tx, const CoinSpend& spend, CBlockIndex* pindex, const uint256& hashBlock)
 {
     //Check to see if the zPIV is properly signed
     if (pindex->nHeight >= Params().Zerocoin_Block_V2_Start()) {
@@ -991,12 +1006,6 @@ bool ContextualCheckZerocoinSpend(const CTransaction& tx, const CoinSpend& spend
         }
     }
 
-    //Reject serial's that are already in the blockchain
-    int nHeightTx = 0;
-    if (IsSerialInBlockchain(spend.getCoinSerialNumber(), nHeightTx))
-        return error("%s : zPIV spend with serial %s is already in block %d\n", __func__,
-                     spend.getCoinSerialNumber().GetHex(), nHeightTx);
-
     //Reject serial's that are not in the acceptable value range
     bool fUseV1Params = spend.getVersion() < libzerocoin::PrivateCoin::PUBKEY_VERSION;
     if (pindex->nHeight > Params().Zerocoin_Block_EnforceSerialRange() &&
@@ -4503,17 +4512,39 @@ bool AcceptBlock(CBlock& block, CValidationState& state, CBlockIndex** ppindex,
     }
 
     int nHeight = pindex->nHeight;
-
+    int splitHeight = -1;
 
     if (isPoS) {
         LOCK(cs_main);
 
+        const bool isBlockFromFork = pindexPrev != nullptr && !chainActive.Contains(pindexPrev);
+        CTransaction &stakeTxIn = block.vtx[1];
+
+        // Check validity of the coinStake.
+        if(!stakeTxIn.IsCoinStake())
+            return error("%s: no coin stake on vtx pos 1", __func__);
+
+
         // Check whether is a fork or not
-        if (pindexPrev != nullptr && !chainActive.Contains(pindexPrev)) {
+        if (isBlockFromFork) {
 
             // Start at the block we're adding on to
             CBlockIndex *prev = pindexPrev;
-            CTransaction &stakeTxIn = block.vtx[1];
+
+            // Inputs
+            std::vector<CTxIn> pivInputs;
+            std::vector<CTxIn> zPIVInputs;
+
+            for (CTxIn stakeIn : stakeTxIn.vin) {
+                if(stakeIn.scriptSig.IsZerocoinSpend()){
+                    zPIVInputs.push_back(stakeIn);
+                }else{
+                    pivInputs.push_back(stakeIn);
+                }
+            }
+            const bool hasPIVInputs = !pivInputs.empty();
+            const bool hasZPIVInputs = !zPIVInputs.empty();
+            vector<CBigNum> vBlockSerials;
             CBlock bl;
             // Go backwards on the forked chain up to the split
             do {
@@ -4526,20 +4557,101 @@ bool AcceptBlock(CBlock& block, CValidationState& state, CBlockIndex** ppindex,
                 for (CTransaction t : bl.vtx) {
                     for (CTxIn in: t.vin) {
                         // Loop through every input of the staking tx
-                        for (CTxIn stakeIn : stakeTxIn.vin) {
+                        for (CTxIn stakeIn : pivInputs) {
                             // if it's already spent
-                            if (stakeIn.prevout == in.prevout) {
-                                // reject the block
-                                return state.DoS(100,
-                                                 error("%s: input already spent on a previous block", __func__));
+                            // First regular staking check
+                            if(hasPIVInputs) {
+                                if (stakeIn.prevout == in.prevout) {
+                                    // reject the block
+                                    return state.DoS(100,
+                                                     error("%s: input already spent on a previous block",
+                                                           __func__));
+                                }
+                            }
+                            // Second, if there is zPoS staking then store the serials for later check
+                            if(hasZPIVInputs) {
+                                if(in.scriptSig.IsZerocoinSpend()){
+                                    CoinSpend spend = TxInToZerocoinSpend(in);
+                                    vBlockSerials.push_back(spend.getCoinSerialNumber());
+                                }
                             }
                         }
                     }
                 }
+
                 prev = prev->pprev;
 
             } while (!chainActive.Contains(prev));
+
+            // Split height
+            splitHeight = prev->nHeight;
+
+            // Now that this loop if completed. Check if we have zPIV inputs.
+            if(hasZPIVInputs){
+
+                for (CTxIn zPivInput : zPIVInputs) {
+                    CoinSpend spend = TxInToZerocoinSpend(zPivInput);
+
+                    // First check if the serials were not already spent on the forked blocks.
+                    CBigNum coinSerial = spend.getCoinSerialNumber();
+                    for(CBigNum serial : vBlockSerials){
+                        if(serial == coinSerial){
+                            return state.DoS(100,
+                                             error("%s: serial double spent on fork",
+                                                   __func__));
+                        }
+                    }
+                    // Now check if the serial exists before the chain split.
+                    int nHeightTx = 0;
+                    if (IsSerialInBlockchain(spend.getCoinSerialNumber(), nHeightTx)){
+                        // if the height is nHeightTx > chainSplit means that the spent occurred after the chain split
+                        if(nHeightTx <= splitHeight){
+                            return state.DoS(100,
+                                             error("%s: serial double spent on main chain",
+                                                   __func__));
+                        }
+                    }
+
+                    if (!ContextualCheckZerocoinSpendNoSerialCheck(stakeTxIn, spend, pindex, 0))
+                        return state.DoS(100,error("%s: ContextualCheckZerocoinSpend failed for tx %s", __func__,
+                                                   stakeTxIn.GetHash().GetHex()), REJECT_INVALID, "bad-txns-invalid-zpiv");
+
+                    // Now only the ZKP left..
+                    // As the spend maturity is 200, the acc value must be accumulated, otherwise it's not ready to be spent
+                    CBigNum bnAccumulatorValue = 0;
+                    if (!zerocoinDB->ReadAccumulatorValue(spend.getAccumulatorChecksum(), bnAccumulatorValue)) {
+                        return state.DoS(100, error("%s: stake zerocoinspend not ready to be spent", __func__));
+                    }
+
+                    Accumulator accumulator(Params().Zerocoin_Params(chainActive.Height() < Params().Zerocoin_Block_V2_Start()),
+                                            spend.getDenomination(), bnAccumulatorValue);
+
+                    //Check that the coinspend is valid
+                    if(!spend.Verify(accumulator))
+                        return state.DoS(100, error("%s: zerocoin spend did not verify", __func__));
+
+                }
+            }
+
         }
+
+
+        // If the stake is not a zPoS then let's check if the inputs were spent on the main chain
+        const CCoinsViewCache coins(pcoinsTip);
+        if(!stakeTxIn.IsZerocoinSpend()) {
+            for (CTxIn in: stakeTxIn.vin) {
+                const CCoins* coin = coins.AccessCoins(in.prevout.hash);
+                if(coin && !coin->IsAvailable(in.prevout.n)){
+                    // If this is not available get the height of the spent and validate it with the forked height
+                    // Check if this occurred before the chain split
+                    if(!(isBlockFromFork && coin->nHeight > splitHeight)){
+                        // Coins not available
+                        return error("%s: coin stake inputs already spent in main chain", __func__);
+                    }
+                }
+            }
+        }
+
     }
 
     // Write block to history file
diff --git a/src/main.h b/src/main.h
@@ -344,7 +344,8 @@ void UpdateCoins(const CTransaction& tx, CValidationState& state, CCoinsViewCach
 bool CheckTransaction(const CTransaction& tx, bool fZerocoinActive, bool fRejectBadUTXO, CValidationState& state);
 bool CheckZerocoinMint(const uint256& txHash, const CTxOut& txout, CValidationState& state, bool fCheckOnly = false);
 bool CheckZerocoinSpend(const CTransaction& tx, bool fVerifySignature, CValidationState& state);
-bool ContextualCheckZerocoinSpend(const CTransaction& tx, const libzerocoin::CoinSpend& spend, CBlockIndex* pindex);
+bool ContextualCheckZerocoinSpend(const CTransaction& tx, const libzerocoin::CoinSpend& spend, CBlockIndex* pindex, const uint256& hashBlock);
+bool ContextualCheckZerocoinSpendNoSerialCheck(const CTransaction& tx, const libzerocoin::CoinSpend& spend, CBlockIndex* pindex, const uint256& hashBlock);
 bool IsTransactionInChain(const uint256& txId, int& nHeightTx, CTransaction& tx);
 bool IsTransactionInChain(const uint256& txId, int& nHeightTx);
 bool IsBlockHashInChain(const uint256& hashBlock);
