commit 0b78cb5e6bd4242c6fb773413a2ce62af9a03ae3
parent 5eb1cbef928169d86245ca5402b052f4b9439034
Author: SomberNight <somber.night@protonmail.com>
Date: Tue, 12 Jun 2018 14:33:22 +0200
stricter tx deserialization: forbid output amount values over 21 million btc
Diffstat:
2 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/lib/bitcoin.py b/lib/bitcoin.py
@@ -38,6 +38,7 @@ from .crypto import Hash, sha256, hash_160
COINBASE_MATURITY = 100
COIN = 100000000
+TOTAL_COIN_SUPPLY_LIMIT_IN_BTC = 21000000
# supported types of transaction outputs
TYPE_ADDRESS = 0
diff --git a/lib/transaction.py b/lib/transaction.py
@@ -534,6 +534,8 @@ def parse_witness(vds, txin, full_parse: bool):
def parse_output(vds, i):
d = {}
d['value'] = vds.read_int64()
+ if d['value'] > TOTAL_COIN_SUPPLY_LIMIT_IN_BTC * COIN:
+ raise SerializationError('invalid output amount (too large)')
scriptPubKey = vds.read_bytes(vds.read_compact_size())
d['type'], d['address'] = get_address_from_output_script(scriptPubKey)
d['scriptPubKey'] = bh2u(scriptPubKey)
