// Rust Bitcoin Library // Written in 2014 by // Andrew Poelstra <apoelstra@wpsoftware.net> // // To the extent possible under law, the author(s) have dedicated all // copyright and related and neighboring rights to this software to // the public domain worldwide. This software is distributed without // any warranty. // // You should have received a copy of the CC0 Public Domain Dedication // along with this software. // If not, see <http://creativecommons.org/publicdomain/zero/1.0/>. // //! # Script //! //! Scripts define Bitcoin's digital signature scheme: a signature is formed //! from a script (the second half of which is defined by a coin to be spent, //! and the first half provided by the spending transaction), and is valid //! iff the script leaves `TRUE` on the stack after being evaluated. //! Bitcoin's script is a stack-based assembly language similar in spirit to //! Forth. //! //! This module provides the structures and functions needed to support scripts. //! use std::hash; use std::char::from_digit; use std::default::Default; use std::ops; use serialize::hex::ToHex; use crypto::digest::Digest; use crypto::ripemd160::Ripemd160; use crypto::sha1::Sha1; use crypto::sha2::Sha256; use secp256k1::{self, Secp256k1}; use secp256k1::key::PublicKey; use serde; use blockdata::opcodes; use blockdata::transaction::{Transaction, TxIn}; use network::encodable::{ConsensusDecodable, ConsensusEncodable}; use network::serialize::{SimpleDecoder, SimpleEncoder, serialize}; use util::hash::Sha256dHash; use util::misc::script_find_and_remove; #[derive(PartialEq, Eq, Debug)] /// A Bitcoin script pub struct Script(Box<[u8]>); impl Clone for Script { fn clone(&self) -> Script { Script(self.0.to_vec().into_boxed_slice()) } } #[derive(PartialEq, Eq, Debug, Clone)] /// An object which can be used to construct a script piece by piece pub struct Builder(Vec<u8>); display_from_debug!(Builder); impl hash::Hash for Script { #[inline] fn hash<H>(&self, state: &mut H) where H: hash::Hasher { (&self.0[..]).hash(state); } #[inline] fn hash_slice<H>(data: &[Script], state: &mut H) where H: hash::Hasher { for s in data.iter() { (&s.0[..]).hash(state); } } } /// Ways that a script might fail. Not everything is split up as /// much as it could be; patches welcome if more detailed errors /// would help you. #[derive(PartialEq, Eq, Debug, Clone)] pub enum Error { /// The script returns false no matter the input AnalyzeAlwaysReturnsFalse, /// Tried to set a boolean to both values, but neither worked AnalyzeNeitherBoolWorks, /// Tried to set a boolean to the given value, but it already /// had the other value AnalyzeSetBoolMismatch(bool), /// Validation of an element failed AnalyzeValidateFailed, /// OP_CHECKSIG was called with a bad public key BadPublicKey, /// OP_CHECKSIG was called with a bad signature BadSignature, /// An ECDSA error Ecdsa(secp256k1::Error), /// An OP_ELSE happened while not in an OP_IF tree ElseWithoutIf, /// An OP_ENDIF happened while not in an OP_IF tree EndifWithoutIf, /// An OP_EQUALVERIFY failed (expected, gotten) EqualVerifyFailed(String, String), /// An OP_IF happened with an empty stack IfEmptyStack, /// An illegal opcode appeared in the script (does not need to be executed) IllegalOpcode, /// The interpreter overflowed its stack. This never happens for /// script evaluation, only non-consensus analysis passes. InterpreterStackOverflow, /// Some opcode expected a parameter, but it was missing or truncated EarlyEndOfScript, /// An OP_RETURN or synonym was executed ExecutedReturn, /// A multisig tx with negative or too many keys MultisigBadKeyCount(isize), /// A multisig tx with negative or too many signatures MultisigBadSigCount(isize), /// Used OP_PICK with a negative index NegativePick, /// Used OP_ROLL with a negative index NegativeRoll, /// Tried to execute a signature operation but no transaction context was provided NoTransaction, /// An OP_NUMEQUALVERIFY failed (expected, gotten) NumEqualVerifyFailed(i64, i64), /// Tried to read an array off the stack as a number when it was more than 4 bytes NumericOverflow, /// Some stack operation was done with an empty stack PopEmptyStack, /// Analysis was unable to determine script input Unanalyzable, /// Analysis showed script cannot be satisfied Unsatisfiable, /// An OP_VERIFY happened with an empty stack VerifyEmptyStack, /// An OP_VERIFY happened with zero on the stack VerifyFailed, } display_from_debug!(Error); /// A rule for validating an abstract stack element pub struct Validator { /// List of other elements to pass to both `check` and `update` args: Vec<usize>, /// Function which confirms that the current value is consistent with /// the stack state, returning `false` if not. check: fn(&AbstractStackElem, &[usize]) -> bool, /// Function which updates the current stack based on the element's /// value, if it has a value, otherwise updates the element's value /// based on the current stack, if possible. Returns `false` if it /// is forced to do something inconsistent. update: fn(&mut AbstractStackElem, &[usize]) -> Result<(), Error> } impl Clone for Validator { fn clone(&self) -> Validator { Validator { args: self.args.clone(), check: self.check, update: self.update } } } // Validators mod check { use super::AbstractStackElem; pub fn op_size(elem: &AbstractStackElem, others: &[usize]) -> bool { let other = unsafe { elem.lookup(others[0]) }; elem.num_hi() >= other.len_lo() as i64 && elem.num_lo() <= other.len_hi() as i64 } pub fn op_equal(elem: &AbstractStackElem, others: &[usize]) -> bool { let one = unsafe { elem.lookup(others[0]) }; let two = unsafe { elem.lookup(others[1]) }; match elem.bool_value() { None => true, Some(false) => { (one.num_value().is_none() || two.num_value().is_none() || one.num_value().unwrap() != two.num_value().unwrap()) && (one.bool_value() != Some(false) || two.bool_value() != Some(false)) && (one.raw_value().is_none() || two.raw_value().is_none() || one.raw_value().unwrap() != two.raw_value().unwrap()) } Some(true) => { one.len_lo() <= two.len_hi() && one.len_hi() >= two.len_lo() && one.num_lo() <= two.num_hi() && one.num_hi() >= two.num_lo() && (one.bool_value().is_none() || two.bool_value().is_none() || one.bool_value().unwrap() == two.bool_value().unwrap()) && (one.raw_value().is_none() || two.raw_value().is_none() || one.raw_value().unwrap() == two.raw_value().unwrap()) } } } pub fn op_not(elem: &AbstractStackElem, others: &[usize]) -> bool { let one = unsafe { elem.lookup(others[0]) }; if !one.may_be_numeric() { return false; } match elem.bool_value() { None => true, Some(false) => one.num_hi() != 0 || one.num_lo() != 0, Some(true) => one.num_hi() >= 0 && one.num_lo() <= 0 } } pub fn op_0notequal(elem: &AbstractStackElem, others: &[usize]) -> bool { let one = unsafe { elem.lookup(others[0]) }; if !one.may_be_numeric() { return false; } match elem.bool_value() { None => true, Some(false) => one.num_hi() >= 0 && one.num_lo() <= 0, Some(true) => one.num_hi() != 0 || one.num_lo() != 0 } } pub fn op_numequal(elem: &AbstractStackElem, others: &[usize]) -> bool { let one = unsafe { elem.lookup(others[0]) }; let two = unsafe { elem.lookup(others[1]) }; if !one.may_be_numeric() { return false; } if !two.may_be_numeric() { return false; } match elem.bool_value() { None => true, Some(false) => { (one.num_value().is_none() || two.num_value().is_none() || one.num_value().unwrap() != two.num_value().unwrap()) && (one.bool_value().is_none() || two.bool_value().is_none() || one.bool_value().unwrap() != two.bool_value().unwrap()) } Some(true) => { one.num_lo() <= two.num_hi() && one.num_hi() >= two.num_lo() && (one.num_value().is_none() || two.num_value().is_none() || one.num_value().unwrap() == two.num_value().unwrap()) && (one.bool_value().is_none() || two.bool_value().is_none() || one.bool_value().unwrap() == two.bool_value().unwrap()) } } } pub fn op_numnotequal(elem: &AbstractStackElem, others: &[usize]) -> bool { let one = unsafe { elem.lookup(others[0]) }; let two = unsafe { elem.lookup(others[1]) }; if !one.may_be_numeric() { return false; } if !two.may_be_numeric() { return false; } match elem.bool_value() { None => true, Some(false) => one.may_be_lt(two) || one.may_be_gt(two), Some(true) => one.may_be_lteq(two) && one.may_be_gteq(two) } } pub fn op_numlt(elem: &AbstractStackElem, others: &[usize]) -> bool { let one = unsafe { elem.lookup(others[0]) }; let two = unsafe { elem.lookup(others[1]) }; if !one.may_be_numeric() { return false; } if !two.may_be_numeric() { return false; } match elem.bool_value() { None => true, Some(true) => one.may_be_lt(two), Some(false) => one.may_be_gteq(two), } } pub fn op_numgt(elem: &AbstractStackElem, others: &[usize]) -> bool { let one = unsafe { elem.lookup(others[0]) }; let two = unsafe { elem.lookup(others[1]) }; if !one.may_be_numeric() { return false; } if !two.may_be_numeric() { return false; } match elem.bool_value() { None => true, Some(true) => one.may_be_gt(two), Some(false) => one.may_be_lteq(two) } } pub fn op_numlteq(elem: &AbstractStackElem, others: &[usize]) -> bool { let one = unsafe { elem.lookup(others[0]) }; let two = unsafe { elem.lookup(others[1]) }; if !one.may_be_numeric() { return false; } if !two.may_be_numeric() { return false; } match elem.bool_value() { None => true, Some(false) => one.may_be_gt(two), Some(true) => one.may_be_lteq(two) } } pub fn op_numgteq(elem: &AbstractStackElem, others: &[usize]) -> bool { let one = unsafe { elem.lookup(others[0]) }; let two = unsafe { elem.lookup(others[1]) }; if !one.may_be_numeric() { return false; } if !two.may_be_numeric() { return false; } match elem.bool_value() { None => true, Some(true) => one.may_be_gteq(two), Some(false) => one.may_be_lt(two) } } pub fn op_ripemd160(elem: &AbstractStackElem, _: &[usize]) -> bool { elem.may_be_hash160() } pub fn op_sha1(elem: &AbstractStackElem, _: &[usize]) -> bool { elem.may_be_hash160() } pub fn op_hash160(elem: &AbstractStackElem, _: &[usize]) -> bool { elem.may_be_hash160() } pub fn op_sha256(elem: &AbstractStackElem, _: &[usize]) -> bool { elem.may_be_hash256() } pub fn op_hash256(elem: &AbstractStackElem, _: &[usize]) -> bool { elem.may_be_hash256() } pub fn op_checksig(elem: &AbstractStackElem, others: &[usize]) -> bool { let one = unsafe { elem.lookup(others[0]) }; let two = unsafe { elem.lookup(others[1]) }; match elem.bool_value() { None => true, Some(false) => true, Some(true) => one.may_be_signature() && two.may_be_pubkey() } } } mod update { use super::{AbstractStackElem, Error}; use crypto::digest::Digest; use crypto::ripemd160::Ripemd160; use crypto::sha1::Sha1; use crypto::sha2::Sha256; pub fn op_size(elem: &mut AbstractStackElem, others: &[usize]) -> Result<(), Error> { let (lo, hi) = { let one = unsafe { elem.lookup(others[0]) }; (one.len_lo() as i64, one.len_hi() as i64) }; try!(elem.set_numeric()); try!(elem.set_num_lo(lo)); elem.set_num_hi(hi) } fn boolean(elem: &mut AbstractStackElem) -> Result<(), Error> { // Test boolean values elem.bool_val = Some(true); let true_works = elem.validate(); elem.bool_val = Some(false); let false_works = elem.validate(); elem.bool_val = None; // Update according to what worked match (true_works, false_works) { (true, true) => Ok(()), (false, false) => Err(Error::AnalyzeNeitherBoolWorks), (true, false) => elem.set_bool_value(true), (false, true) => elem.set_bool_value(false) } } pub fn op_equal(elem: &mut AbstractStackElem, others: &[usize]) -> Result<(), Error> { match elem.bool_value() { None => boolean(elem), Some(false) => { let one = unsafe { elem.lookup_mut(others[0]) }; let two = unsafe { elem.lookup_mut(others[1]) }; // Booleans are the only thing we can do something useful with re "not equal" match (one.bool_value(), two.bool_value()) { (None, None) => Ok(()), (None, Some(x)) => one.set_bool_value(!x), (Some(x), None) => two.set_bool_value(!x), (Some(x), Some(y)) if x == y => Err(Error::Unsatisfiable), (Some(_), Some(_)) => Ok(()) } } Some(true) => { let one = unsafe { elem.lookup_mut(others[0]) }; let two = unsafe { elem.lookup_mut(others[1]) }; // Equalize numeric bounds try!(one.set_num_lo(two.num_lo())); try!(one.set_num_hi(two.num_hi())); try!(two.set_num_lo(one.num_lo())); try!(two.set_num_hi(one.num_hi())); // Equalize boolean values match (one.bool_value(), two.bool_value()) { (None, None) => {}, (None, Some(x)) => try!(one.set_bool_value(x)), (Some(x), None) => try!(two.set_bool_value(x)), (Some(x), Some(y)) if x == y => {}, (Some(_), Some(_)) => { return Err(Error::Unsatisfiable); } } // Equalize full values match (one.raw_value().map(|r| r.to_vec()), two.raw_value().map(|r| r.to_vec())) { (None, None) => {}, (None, Some(x)) => try!(one.set_value(&x)), (Some(x), None) => try!(two.set_value(&x)), (Some(x), Some(y)) => { if x != y { return Err(Error::Unsatisfiable); } } } Ok(()) } } } pub fn op_not(elem: &mut AbstractStackElem, others: &[usize]) -> Result<(), Error> { match elem.bool_value() { None => boolean(elem), Some(false) => { let one = unsafe { elem.lookup_mut(others[0]) }; try!(one.set_numeric()); match one.bool_value() { None => one.set_bool_value(true), Some(true) => Ok(()), Some(false) => Err(Error::Unsatisfiable) } } Some(true) => { let one = unsafe { elem.lookup_mut(others[0]) }; try!(one.set_numeric()); match one.bool_value() { None => one.set_num_value(0), Some(true) => Err(Error::Unsatisfiable), Some(false) => Ok(()) } } } } pub fn op_0notequal(elem: &mut AbstractStackElem, others: &[usize]) -> Result<(), Error> { match elem.bool_value() { None => boolean(elem), Some(false) => { let one = unsafe { elem.lookup_mut(others[0]) }; try!(one.set_numeric()); match one.bool_value() { None => one.set_num_value(0), Some(true) => Err(Error::Unsatisfiable), Some(false) => Ok(()) } } Some(true) => { let one = unsafe { elem.lookup_mut(others[0]) }; try!(one.set_numeric()); match one.bool_value() { None => one.set_bool_value(true), Some(true) => Ok(()), Some(false) => Err(Error::Unsatisfiable) } } } } pub fn op_numequal(elem: &mut AbstractStackElem, others: &[usize]) -> Result<(), Error> { match elem.bool_value() { None => boolean(elem), Some(false) => { // todo: find a way to force the numbers to be nonequal Ok(()) } Some(true) => { let one = unsafe { elem.lookup_mut(others[0]) }; let two = unsafe { elem.lookup_mut(others[1]) }; try!(one.set_numeric()); try!(two.set_numeric()); try!(one.set_num_lo(two.num_lo())); try!(one.set_num_hi(two.num_hi())); try!(two.set_num_lo(one.num_lo())); two.set_num_hi(one.num_hi()) } } } pub fn op_numnotequal(elem: &mut AbstractStackElem, others: &[usize]) -> Result<(), Error> { match elem.bool_value() { None => boolean(elem), Some(false) => { let one = unsafe { elem.lookup_mut(others[0]) }; let two = unsafe { elem.lookup_mut(others[1]) }; try!(one.set_numeric()); try!(two.set_numeric()); try!(one.set_num_lo(two.num_lo())); try!(one.set_num_hi(two.num_hi())); try!(two.set_num_lo(one.num_lo())); two.set_num_hi(one.num_hi()) } Some(true) => { // todo: find a way to force the numbers to be nonequal Ok(()) } } } pub fn op_numlt(elem: &mut AbstractStackElem, others: &[usize]) -> Result<(), Error> { match elem.bool_value() { None => boolean(elem), Some(true) => { let one = unsafe { elem.lookup_mut(others[0]) }; let two = unsafe { elem.lookup_mut(others[1]) }; try!(one.set_numeric()); try!(two.set_numeric()); try!(one.set_num_hi(two.num_hi() - 1)); two.set_num_lo(one.num_lo() + 1) } Some(false) => { let one = unsafe { elem.lookup_mut(others[0]) }; let two = unsafe { elem.lookup_mut(others[1]) }; try!(one.set_numeric()); try!(two.set_numeric()); try!(one.set_num_lo(two.num_lo())); two.set_num_hi(one.num_hi()) } } } pub fn op_numgt(elem: &mut AbstractStackElem, others: &[usize]) -> Result<(), Error> { match elem.bool_value() { None => try!(boolean(elem)), Some(true) => { let one = unsafe { elem.lookup_mut(others[0]) }; let two = unsafe { elem.lookup_mut(others[1]) }; try!(one.set_numeric()); try!(two.set_numeric()); try!(one.set_num_lo(two.num_lo() + 1)); try!(two.set_num_hi(one.num_hi() - 1)); } Some(false) => { let one = unsafe { elem.lookup_mut(others[0]) }; let two = unsafe { elem.lookup_mut(others[1]) }; try!(one.set_numeric()); try!(two.set_numeric()); try!(one.set_num_hi(two.num_hi())); try!(two.set_num_lo(one.num_lo())); } } Ok(()) } pub fn op_numlteq(elem: &mut AbstractStackElem, others: &[usize]) -> Result<(), Error> { match elem.bool_value() { None => try!(boolean(elem)), Some(true) => { let one = unsafe { elem.lookup_mut(others[0]) }; let two = unsafe { elem.lookup_mut(others[1]) }; try!(one.set_numeric()); try!(two.set_numeric()); try!(one.set_num_hi(two.num_hi())); try!(two.set_num_lo(one.num_lo())); } Some(false) => { let one = unsafe { elem.lookup_mut(others[0]) }; let two = unsafe { elem.lookup_mut(others[1]) }; try!(one.set_numeric()); try!(two.set_numeric()); try!(one.set_num_lo(two.num_lo() + 1)); try!(two.set_num_hi(one.num_hi() - 1)); } } Ok(()) } pub fn op_numgteq(elem: &mut AbstractStackElem, others: &[usize]) -> Result<(), Error> { match elem.bool_value() { None => try!(boolean(elem)), Some(true) => { let one = unsafe { elem.lookup_mut(others[0]) }; let two = unsafe { elem.lookup_mut(others[1]) }; try!(one.set_numeric()); try!(two.set_numeric()); try!(one.set_num_lo(two.num_lo())); try!(two.set_num_hi(one.num_hi())); } Some(false) => { let one = unsafe { elem.lookup_mut(others[0]) }; let two = unsafe { elem.lookup_mut(others[1]) }; try!(one.set_numeric()); try!(two.set_numeric()); try!(one.set_num_hi(two.num_hi() - 1)); try!(two.set_num_lo(one.num_lo() + 1)); } } Ok(()) } pub fn op_ripemd160(elem: &mut AbstractStackElem, others: &[usize]) -> Result<(), Error> { try!(elem.set_len_lo(20)); try!(elem.set_len_hi(20)); let hash = match unsafe { elem.lookup(others[0]) }.raw_value() { None => None, Some(x) => { let mut out = [0; 20]; let mut engine = Ripemd160::new(); engine.input(x); engine.result(&mut out); Some(out) } }; match hash { None => Ok(()), Some(x) => elem.set_value(&x) } } pub fn op_sha1(elem: &mut AbstractStackElem, others: &[usize]) -> Result<(), Error> { try!(elem.set_len_lo(20)); try!(elem.set_len_hi(20)); let hash = match unsafe { elem.lookup(others[0]) }.raw_value() { None => None, Some(x) => { let mut out = [0; 20]; let mut engine = Sha1::new(); engine.input(x); engine.result(&mut out); Some(out) } }; match hash { None => Ok(()), Some(x) => elem.set_value(&x) } } pub fn op_hash160(elem: &mut AbstractStackElem, others: &[usize]) -> Result<(), Error> { try!(elem.set_len_lo(20)); try!(elem.set_len_hi(20)); let hash = match unsafe { elem.lookup(others[0]) }.raw_value() { None => None, Some(x) => { let mut out1 = [0; 32]; let mut out2 = [0; 20]; let mut engine = Sha256::new(); engine.input(x); engine.result(&mut out1); let mut engine = Ripemd160::new(); engine.input(&out1); engine.result(&mut out2); Some(out2) } }; match hash { None => Ok(()), Some(x) => elem.set_value(&x) } } pub fn op_sha256(elem: &mut AbstractStackElem, others: &[usize]) -> Result<(), Error> { try!(elem.set_len_lo(32)); try!(elem.set_len_hi(32)); let hash = match unsafe { elem.lookup(others[0]) }.raw_value() { None => None, Some(x) => { let mut out = [0; 32]; let mut engine = Sha256::new(); engine.input(x); engine.result(&mut out); Some(out) } }; match hash { None => Ok(()), Some(x) => elem.set_value(&x) } } pub fn op_hash256(elem: &mut AbstractStackElem, others: &[usize]) -> Result<(), Error> { try!(elem.set_len_lo(32)); try!(elem.set_len_hi(32)); let hash = match unsafe { elem.lookup(others[0]) }.raw_value() { None => None, Some(x) => { let mut out = [0; 32]; let mut engine = Sha256::new(); engine.input(x); engine.result(&mut out); let mut engine = Sha256::new(); engine.input(&out); engine.result(&mut out); Some(out) } }; match hash { None => Ok(()), Some(x) => elem.set_value(&x) } } pub fn op_checksig(elem: &mut AbstractStackElem, others: &[usize]) -> Result<(), Error> { match elem.bool_value() { None => boolean(elem), Some(false) => Ok(()), // nothing we can do to enforce an invalid sig Some(true) => { let sig = unsafe { elem.lookup_mut(others[0]) }; let pk = unsafe { elem.lookup_mut(others[1]) }; // todo add DER encoding enforcement try!(pk.set_len_lo(33)); try!(pk.set_len_hi(65)); try!(sig.set_len_lo(75)); sig.set_len_hi(80) } } } } /// An abstract element on the stack, used to describe a satisfying /// script input #[derive(Clone)] pub struct AbstractStackElem { /// The raw data, if known raw: Option<Vec<u8>>, /// Boolean value, if forced bool_val: Option<bool>, /// Lower bound when read as number num_lo: i64, /// Upper bound when read as number num_hi: i64, /// Length lower bound len_lo: usize, /// Length upper bound len_hi: usize, /// Relations this must satisfy validators: Vec<Validator>, /// Index of the element in its stack allocator alloc_index: Option<usize> } impl AbstractStackElem { /// Create a new exact integer pub fn new_num(n: i64) -> AbstractStackElem { let raw = build_scriptint(n); AbstractStackElem { num_lo: n, num_hi: n, len_lo: raw.len(), len_hi: raw.len(), raw: Some(raw), bool_val: Some(n != 0), validators: vec![], alloc_index: None } } /// Create a new exact boolean pub fn new_bool(b: bool) -> AbstractStackElem { AbstractStackElem::new_num(if b { 1 } else { 0 }) } /// Create a new exact data pub fn new_raw(data: &[u8]) -> AbstractStackElem { let n = read_scriptint(data); AbstractStackElem { num_lo: match n { Ok(n) => n, Err(_) => -(1 << 31) }, num_hi: match n { Ok(n) => n, Err(_) => 1 << 31 }, len_lo: data.len(), len_hi: data.len(), bool_val: Some(read_scriptbool(data)), raw: Some(data.to_vec()), validators: vec![], alloc_index: None } } /// Create a new unknown element pub fn new_unknown() -> AbstractStackElem { AbstractStackElem { num_lo: -(1 << 31), num_hi: 1 << 31, len_lo: 0, len_hi: 1 << 20, // blocksize limit bool_val: None, raw: None, validators: vec![], alloc_index: None } } /// Looks up another stack item by index unsafe fn lookup<'a>(&'a self, idx: usize) -> &'a AbstractStackElem { let mypos = self as *const _; let myidx = self.alloc_index.unwrap() as isize; &*mypos.offset(idx as isize - myidx) } /// Looks up another stack item by index unsafe fn lookup_mut<'a>(&'a self, idx: usize) -> &'a mut AbstractStackElem { let mypos = self as *const _ as *mut _; let myidx = self.alloc_index.unwrap() as isize; &mut *mypos.offset(idx as isize - myidx) } /// Retrieve the boolean value of the stack element, if it can be determined pub fn bool_value(&self) -> Option<bool> { self.bool_val } /// Retrieves the raw value of the stack element, if it can be determined pub fn raw_value<'a>(&'a self) -> Option<&'a [u8]> { self.raw.as_ref().map(|x| &x[..]) } /// Retrieve the upper bound for this element's numeric value. /// This can always be determined since there is a fixed upper /// bound for all numbers. pub fn num_hi(&self) -> i64 { self.num_hi } /// Retrieve the lower bound for this element's numeric value. /// This can always be determined since there is a fixed lower /// bound for all numbers. pub fn num_lo(&self) -> i64 { self.num_lo } /// Retrieve the upper bound for this element's length. This always /// exists as a finite value, though the default upper limit is some /// impractically large number pub fn len_hi(&self) -> usize { self.len_hi } /// Retrieve the lower bound for this element's length. This always /// exists since it is at least zero :) pub fn len_lo(&self) -> usize { self.len_lo } /// Retries the element's numeric value, if it can be determined pub fn num_value(&self) -> Option<i64> { let lo = self.num_lo(); let hi = self.num_hi(); if lo == hi { Some(lo) } else { None } } /// Propagate any changes to all nodes which are referenced fn update(&mut self) -> Result<(), Error> { // Check that this node is consistent before doing any propagation if !self.validate() { return Err(Error::AnalyzeValidateFailed); } let validators = self.validators.clone(); for v in validators.iter().cloned() { try!((v.update)(self, &v.args)); } Ok(()) } /// Check that all rules are satisfied fn validate(&mut self) -> bool { if self.num_hi < self.num_lo { return false; } if self.len_hi < self.len_lo { return false; } self.validators.iter().all(|rule| (rule.check)(self, &rule.args)) } /// Sets the boolean value pub fn set_bool_value(&mut self, val: bool) -> Result<(), Error> { match self.bool_val { Some(x) => { if x != val { return Err(Error::AnalyzeSetBoolMismatch(val)); } } None => { self.bool_val = Some(val); if !val { try!(self.set_num_value(0)); } else if self.num_lo() == 0 && self.num_hi == 1 { // This seems like a special case but actually everything that // is `set_boolean` satisfies it try!(self.set_num_value(1)); } try!(self.update()); } } Ok(()) } /// Sets the numeric value pub fn set_num_value(&mut self, val: i64) -> Result<(), Error> { try!(self.set_num_lo(val)); self.set_num_hi(val) } /// Sets the entire value of the pub fn set_value(&mut self, val: &[u8]) -> Result<(), Error> { match self.raw_value().map(|x| x.to_vec()) { Some(x) => { if &x[..] == val { Ok(()) } else { Err(Error::Unsatisfiable) } } None => { try!(self.set_len_lo(val.len())); try!(self.set_len_hi(val.len())); try!(self.set_bool_value(read_scriptbool(val))); match read_scriptint(val) { Ok(n) => { try!(self.set_num_lo(n)); try!(self.set_num_hi(n)); } Err(_) => {} } try!(self.set_bool_value(read_scriptbool(val))); self.raw = Some(val.to_vec()); Ok(()) } } } /// Sets a number to be numerically parseable pub fn set_numeric(&mut self) -> Result<(), Error> { self.set_len_hi(4) } /// Whether an element could possibly be a number pub fn may_be_numeric(&self) -> bool { self.len_lo() <= 4 } /// Whether an element could possibly be a signature pub fn may_be_signature(&self) -> bool { self.len_lo() <= 78 && self.len_hi() >= 77 // todo check DER encoding } /// Whether an element could possibly be a pubkey pub fn may_be_pubkey(&self) -> bool { let s = Secp256k1::with_caps(secp256k1::ContextFlag::None); ((self.len_lo() <= 33 && self.len_hi() >= 33) || (self.len_lo() <= 65 && self.len_hi() >= 65)) && (self.raw_value().is_none() || PublicKey::from_slice(&s, self.raw_value().unwrap()).is_ok()) } /// Whether an element could possibly be less than another pub fn may_be_lt(&self, other: &AbstractStackElem) -> bool { self.num_lo() < other.num_hi() && self.num_value().is_none() || other.num_value().is_none() || self.num_value().unwrap() < other.num_value().unwrap() } /// Whether an element could possibly be greater than another pub fn may_be_gt(&self, other: &AbstractStackElem) -> bool { self.num_hi() > other.num_lo() && (self.num_value().is_none() || other.num_value().is_none() || self.num_value().unwrap() > other.num_value().unwrap()) } /// Whether an element could possibly be less than or equal to another pub fn may_be_lteq(&self, other: &AbstractStackElem) -> bool { self.num_lo() <= other.num_hi() && self.num_value().is_none() || other.num_value().is_none() || self.num_value().unwrap() <= other.num_value().unwrap() } /// Whether an element could possibly be greater than or equal to another pub fn may_be_gteq(&self, other: &AbstractStackElem) -> bool { self.num_hi() >= other.num_lo() && (self.num_value().is_none() || other.num_value().is_none() || self.num_value().unwrap() >= other.num_value().unwrap()) } /// Whether an element could possibly be a 20-byte hash pub fn may_be_hash160(&self) -> bool { self.len_lo() <= 20 && self.len_hi() >= 20 } /// Whether an element could possibly be a 32-byte hash pub fn may_be_hash256(&self) -> bool { self.len_lo() <= 32 && self.len_hi() >= 32 } /// Sets a number to be an opcode-pushed boolean pub fn set_boolean(&mut self) -> Result<(), Error> { try!(self.set_len_hi(1)); try!(self.set_num_lo(0)); self.set_num_hi(1) } /// Sets a numeric lower bound on a value pub fn set_num_lo(&mut self, value: i64) -> Result<(), Error> { if self.num_lo < value { self.num_lo = value; if value > 0 { try!(self.set_bool_value(true)); } if value == 0 && self.num_hi == 0 { try!(self.set_bool_value(false)); } try!(self.update()); } Ok(()) } /// Sets a numeric upper bound on a value pub fn set_num_hi(&mut self, value: i64) -> Result<(), Error> { if self.num_hi > value { self.num_hi = value; if value < 0 { try!(self.set_bool_value(true)); } if value == 0 && self.num_lo == 0 { try!(self.set_bool_value(false)); } try!(self.update()); } Ok(()) } /// Sets a lower length bound on a value pub fn set_len_lo(&mut self, value: usize) -> Result<(), Error> { if self.len_lo < value { self.len_lo = value; if value > 0 { try!(self.set_bool_value(true)); } if value == 0 && self.num_hi == 0 { try!(self.set_bool_value(false)); } try!(self.update()); } Ok(()) } /// Sets a upper length bound on a value pub fn set_len_hi(&mut self, value: usize) -> Result<(), Error> { if self.len_hi > value { self.len_hi = value; try!(self.update()); } Ok(()) } /// Adds some condition on the element pub fn add_validator(&mut self, cond: Validator) -> Result<(), Error> { self.validators.push(cond); self.update() } } /// The stack used by the script satisfier #[derive(Clone)] pub struct AbstractStack { /// Actual elements on the stack stack: Vec<usize>, /// Actual elements on the altstack alt_stack: Vec<usize>, /// Stack needed to satisfy the script before execution initial_stack: Vec<usize>, /// Local allocator to allow cloning; refs are indices into here alloc: Vec<AbstractStackElem> } impl AbstractStack { /// Construct a new empty abstract stack pub fn new() -> AbstractStack { AbstractStack { stack: vec![], alt_stack: vec![], initial_stack: vec![], alloc: vec![] } } fn allocate(&mut self, mut elem: AbstractStackElem) -> usize { elem.alloc_index = Some(self.alloc.len()); self.alloc.push(elem); self.alloc.len() - 1 } fn push_initial(&mut self, elem: AbstractStackElem) { let idx = self.allocate(elem); self.initial_stack.insert(0, idx); self.stack.insert(0, idx); } /// Construct the initial stack in the end pub fn build_initial_stack(&self) -> Vec<AbstractStackElem> { let res: Vec<AbstractStackElem> = self.initial_stack.iter().map(|&i| self.alloc[i].clone()).collect(); res } /// Increase the stack size to `n`, adding elements to the initial /// stack as necessary pub fn require_n_elems(&mut self, n: usize) { while self.stack.len() < n { self.push_initial(AbstractStackElem::new_unknown()); } } /// Push a copy of an existing element by index pub fn push(&mut self, elem: usize) { self.stack.push(elem); } /// Push a new element pub fn push_alloc<'a>(&'a mut self, elem: AbstractStackElem) -> &'a mut AbstractStackElem { let idx = self.allocate(elem); self.stack.push(idx); &mut self.alloc[idx] } /// Obtain a mutable element to the top stack element pub fn peek_mut<'a>(&'a mut self) -> &'a mut AbstractStackElem { if self.stack.len() == 0 { self.push_initial(AbstractStackElem::new_unknown()); } &mut self.alloc[*self.stack.last().unwrap()] } /// Obtain a stackref to the current top element pub fn peek_index(&mut self) -> usize { if self.stack.len() == 0 { self.push_initial(AbstractStackElem::new_unknown()); } *self.stack.last().unwrap() } /// Drop the top stack item fn pop(&mut self) -> usize { if self.stack.len() == 0 { self.push_initial(AbstractStackElem::new_unknown()); } self.stack.pop().unwrap() } /// Obtain a mutable reference to the top stack item, but remove it from the stack fn pop_mut<'a>(&'a mut self) -> &'a mut AbstractStackElem { if self.stack.len() == 0 { self.push_initial(AbstractStackElem::new_unknown()); } &mut self.alloc[self.stack.pop().unwrap()] } /// Move the top stack item to the altstack pub fn to_altstack(&mut self) { if self.stack.len() == 0 { self.push_initial(AbstractStackElem::new_unknown()); } let pop = self.stack.pop().unwrap(); self.alt_stack.push(pop); } /// Move the top altstack item to the stack, failing if the /// altstack is empty. (Note that input scripts pass their /// stack to the output script but /not/ the altstack, so /// there is no input that can make an empty altstack nonempty.) pub fn from_altstack(&mut self) -> Result<(), Error> { match self.alt_stack.pop() { Some(x) => { self.stack.push(x); Ok(()) } None => Err(Error::PopEmptyStack) } } /// Length of the current stack fn len(&self) -> usize { self.stack.len() } /// Delete an element from the middle of the current stack fn remove(&mut self, idx: usize) { self.stack.remove(idx); } } impl ops::Index<usize> for AbstractStack { type Output = usize; #[inline] fn index(&self, index: usize) -> &usize { &self.stack[index] } } impl ops::Index<ops::Range<usize>> for AbstractStack { type Output = [usize]; #[inline] fn index(&self, index: ops::Range<usize>) -> &[usize] { &self.stack[index] } } impl ops::Index<ops::RangeTo<usize>> for AbstractStack { type Output = [usize]; #[inline] fn index(&self, index: ops::RangeTo<usize>) -> &[usize] { &self.stack[index] } } impl ops::Index<ops::RangeFrom<usize>> for AbstractStack { type Output = [usize]; #[inline] fn index(&self, index: ops::RangeFrom<usize>) -> &[usize] { &self.stack[index] } } impl ops::Index<ops::RangeFull> for AbstractStack { type Output = [usize]; #[inline] fn index(&self, _: ops::RangeFull) -> &[usize] { &self.stack[..] } } impl ops::IndexMut<usize> for AbstractStack { #[inline] fn index_mut(&mut self, index: usize) -> &mut usize { &mut self.stack[index] } } impl ops::IndexMut<ops::Range<usize>> for AbstractStack { #[inline] fn index_mut(&mut self, index: ops::Range<usize>) -> &mut [usize] { &mut self.stack[index] } } impl ops::IndexMut<ops::RangeTo<usize>> for AbstractStack { #[inline] fn index_mut(&mut self, index: ops::RangeTo<usize>) -> &mut [usize] { &mut self.stack[index] } } impl ops::IndexMut<ops::RangeFrom<usize>> for AbstractStack { #[inline] fn index_mut(&mut self, index: ops::RangeFrom<usize>) -> &mut [usize] { &mut self.stack[index] } } impl ops::IndexMut<ops::RangeFull> for AbstractStack { #[inline] fn index_mut(&mut self, _: ops::RangeFull) -> &mut [usize] { &mut self.stack[..] } } impl serde::Serialize for Error { fn serialize<S>(&self, serializer: &mut S) -> Result<(), S::Error> where S: serde::Serializer { serializer.visit_str(&self.to_string()) } } /// A single iteration of a script execution #[derive(PartialEq, Eq, Debug, Clone)] pub struct TraceIteration { index: usize, op_count: usize, opcode: opcodes::All, executed: bool, errored: bool, effect: opcodes::Class, stack: Vec<String> } /// A full trace of a script execution #[derive(PartialEq, Eq, Debug, Clone)] pub struct ScriptTrace { /// A copy of the script pub script: Script, /// A copy of the script's initial stack, hex-encoded pub initial_stack: Vec<String>, /// A list of iterations pub iterations: Vec<TraceIteration>, /// An error if one was returned, or None pub error: Option<Error> } /// Hashtype of a transaction, encoded in the last byte of a signature, /// specifically in the last 5 bits `byte & 31` #[derive(PartialEq, Eq, Debug, Clone)] pub enum SigHashType { /// 0x1: Sign all outputs All, /// 0x2: Sign no outputs --- anyone can choose the destination None, /// 0x3: Sign the output whose index matches this input's index. If none exists, /// sign the hash `0000000000000000000000000000000000000000000000000000000000000001`. /// (This rule is probably an unintentional C++ism, but it's consensus so we have /// to follow it.) Single, /// ???: Anything else is a non-canonical synonym for SigHashAll, for example /// zero appears a few times in the chain Unknown } impl SigHashType { /// Returns a SigHashType along with a boolean indicating whether /// the `ANYONECANPAY` flag is set, read from the last byte of a signature. fn from_signature(signature: &[u8]) -> (SigHashType, bool) { let byte = signature[signature.len() - 1]; let sighash = match byte & 0x1f { 1 => SigHashType::All, 2 => SigHashType::None, 3 => SigHashType::Single, _ => SigHashType::Unknown }; (sighash, (byte & 0x80) != 0) } } /// A structure that can hold either a slice or vector, as necessary #[derive(Clone, Debug)] pub enum MaybeOwned<'a> { /// Freshly llocated memory Owned(Vec<u8>), /// Pointer into the original script Borrowed(&'a [u8]) } impl<'a> PartialEq for MaybeOwned<'a> { #[inline] fn eq(&self, other: &MaybeOwned) -> bool { &self[..] == &other[..] } } impl<'a> Eq for MaybeOwned<'a> {} impl<'a> ops::Index<usize> for MaybeOwned<'a> { type Output = u8; #[inline] fn index(&self, index: usize) -> &u8 { match *self { MaybeOwned::Owned(ref v) => &v[index], MaybeOwned::Borrowed(ref s) => &s[index] } } } impl<'a> ops::Index<ops::Range<usize>> for MaybeOwned<'a> { type Output = [u8]; #[inline] fn index(&self, index: ops::Range<usize>) -> &[u8] { match *self { MaybeOwned::Owned(ref v) => &v[index], MaybeOwned::Borrowed(ref s) => &s[index] } } } impl<'a> ops::Index<ops::RangeTo<usize>> for MaybeOwned<'a> { type Output = [u8]; #[inline] fn index(&self, index: ops::RangeTo<usize>) -> &[u8] { match *self { MaybeOwned::Owned(ref v) => &v[index], MaybeOwned::Borrowed(ref s) => &s[index] } } } impl<'a> ops::Index<ops::RangeFrom<usize>> for MaybeOwned<'a> { type Output = [u8]; #[inline] fn index(&self, index: ops::RangeFrom<usize>) -> &[u8] { match *self { MaybeOwned::Owned(ref v) => &v[index], MaybeOwned::Borrowed(ref s) => &s[index] } } } impl<'a> ops::Index<ops::RangeFull> for MaybeOwned<'a> { type Output = [u8]; #[inline] fn index(&self, _: ops::RangeFull) -> &[u8] { match *self { MaybeOwned::Owned(ref v) => &v[..], MaybeOwned::Borrowed(ref s) => &s[..] } } } impl<'a> MaybeOwned<'a> { /// The number of bytes stored in the vector #[inline] fn len(&self) -> usize { match *self { MaybeOwned::Owned(ref v) => v.len(), MaybeOwned::Borrowed(ref s) => s.len() } } } static SCRIPT_TRUE: &'static [u8] = &[0x01]; static SCRIPT_FALSE: &'static [u8] = &[0x00]; /// Helper to encode an integer in script format fn build_scriptint(n: i64) -> Vec<u8> { if n == 0 { return vec![] } let neg = n < 0; let mut abs = if neg { -n } else { n } as usize; let mut v = vec![]; while abs > 0xFF { v.push((abs & 0xFF) as u8); abs >>= 8; } // If the number's value causes the sign bit to be set, we need an extra // byte to get the correct value and correct sign bit if abs & 0x80 != 0 { v.push(abs as u8); v.push(if neg { 0x80u8 } else { 0u8 }); } // Otherwise we just set the sign bit ourselves else { abs |= if neg { 0x80 } else { 0 }; v.push(abs as u8); } v } /// Helper to decode an integer in script format /// Notice that this fails on overflow: the result is the same as in /// bitcoind, that only 4-byte signed-magnitude values may be read as /// numbers. They can be added or subtracted (and a long time ago, /// multiplied and divided), and this may result in numbers which /// can't be written out in 4 bytes or less. This is ok! The number /// just can't be read as a number again. /// This is a bit crazy and subtle, but it makes sense: you can load /// 32-bit numbers and do anything with them, which back when mult/div /// was allowed, could result in up to a 64-bit number. We don't want /// overflow since that's suprising --- and we don't want numbers that /// don't fit in 64 bits (for efficiency on modern processors) so we /// simply say, anything in excess of 32 bits is no longer a number. /// This is basically a ranged type implementation. pub fn read_scriptint(v: &[u8]) -> Result<i64, Error> { let len = v.len(); if len == 0 { return Ok(0); } if len > 4 { return Err(Error::NumericOverflow); } let (mut ret, sh) = v.iter() .fold((0, 0), |(acc, sh), n| (acc + ((*n as i64) << sh), sh + 8)); if v[len - 1] & 0x80 != 0 { ret &= (1 << sh - 1) - 1; ret = -ret; } Ok(ret) } /// This is like "read_scriptint then map 0 to false and everything /// else as true", except that the overflow rules don't apply. #[inline] pub fn read_scriptbool(v: &[u8]) -> bool { !(v.len() == 0 || ((v[v.len() - 1] == 0 || v[v.len() - 1] == 0x80) && v.iter().rev().skip(1).all(|&w| w == 0))) } /// Read a script-encoded unsigned integer pub fn read_uint(data: &[u8], size: usize) -> Result<usize, Error> { if data.len() < size { Err(Error::EarlyEndOfScript) } else { let mut ret = 0; for i in 0..size { ret += (data[i] as usize) << (i * 8); } Ok(ret) } } /// Check a signature -- returns an error that is currently just translated /// into a 0/1 to push onto the script stack fn check_signature(secp: &Secp256k1, sig_slice: &[u8], pk_slice: &[u8], script: Vec<u8>, tx: &Transaction, input_index: usize) -> Result<(), Error> { // Check public key let pubkey = PublicKey::from_slice(secp, pk_slice); if pubkey.is_err() { return Err(Error::BadPublicKey); } let pubkey = pubkey.unwrap(); // Check signature and hashtype if sig_slice.len() == 0 { return Err(Error::BadSignature); } let (hashtype, anyone_can_pay) = SigHashType::from_signature(sig_slice); // Compute the transaction data to be hashed let mut tx_copy = Transaction { version: tx.version, lock_time: tx.lock_time, input: Vec::with_capacity(tx.input.len()), output: tx.output.clone() }; // Put the script into an Option so that we can move it (via take_unwrap()) // in the following branch/loop without the move-checker complaining about // multiple moves. let mut script = Some(script); if anyone_can_pay { // For anyone-can-pay transactions we replace the whole input array // with just the current input, to ensure the others have no effect. let mut old_input = tx.input[input_index].clone(); old_input.script_sig = Script(script.take().unwrap().into_boxed_slice()); tx_copy.input = vec![old_input]; } else { // Otherwise we keep all the inputs, blanking out the others and even // resetting their sequence no. if appropriate for (n, input) in tx.input.iter().enumerate() { // Zero out the scripts of other inputs let mut new_input = TxIn { prev_hash: input.prev_hash, prev_index: input.prev_index, sequence: input.sequence, script_sig: Script::new() }; if n == input_index { new_input.script_sig = Script(script.take().unwrap().into_boxed_slice()); } else { new_input.script_sig = Script::new(); // If we aren't signing them, also zero out the sequence number if hashtype == SigHashType::Single || hashtype == SigHashType::None { new_input.sequence = 0; } } tx_copy.input.push(new_input); } } // Erase outputs as appropriate let mut sighash_single_bug = false; match hashtype { SigHashType::None => { tx_copy.output = vec![]; } SigHashType::Single => { if input_index < tx_copy.output.len() { let mut new_outs = Vec::with_capacity(input_index + 1); for _ in 0..input_index { new_outs.push(Default::default()) } new_outs.push(tx_copy.output.swap_remove(input_index)); tx_copy.output = new_outs; } else { sighash_single_bug = true; } } SigHashType::All | SigHashType::Unknown => {} } let signature_hash = if sighash_single_bug { vec![1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0] } else { let mut data_to_sign = serialize(&tx_copy).unwrap(); data_to_sign.push(*sig_slice.last().unwrap()); data_to_sign.push(0); data_to_sign.push(0); data_to_sign.push(0); serialize(&Sha256dHash::from_data(&data_to_sign[..])).unwrap() }; // We can unwrap -- only failure mode is on length, which is fixed to 32 let msg = secp256k1::Message::from_slice(&signature_hash[..]).unwrap(); let sig = try!(secp256k1::Signature::from_der(secp, sig_slice).map_err(Error::Ecdsa)); Secp256k1::verify(secp, &msg, &sig, &pubkey).map_err(Error::Ecdsa) } // Macro to translate English stack instructions into Rust code. // All number are references to stack positions: 1 is the top, // 2 is the second-to-top, etc. The numbers do not change within // an opcode; to delete the top two items do `drop 1 drop 2` // rather than `drop 1 drop 1`, which will fail. // This is useful for only about a dozen opcodes, but those ones // were really hard to read and verify -- see OP_PICK and OP_ROLL // for an example of what Rust vector-stack manipulation looks // like. macro_rules! stack_opcode { ($stack:ident($min:expr): $(require $r:expr);* $(copy $c:expr);* $(swap ($a:expr, $b:expr));* $(perm ($first:expr, $($i:expr),*) );* $(drop $d:expr);* ) => ({ $( $stack.require_n_elems($r); )* // Record top let top = $stack.len(); // Check stack size if top < $min { return Err(Error::PopEmptyStack); } // Do copies $( let elem = $stack[top - $c].clone(); $stack.push(elem); )* // Do swaps $( (&mut $stack[..]).swap(top - $a, top - $b); )* // Do permutations $( let first = $first; $( (&mut $stack[..]).swap(top - first, top - $i); )* )* // Do drops last so that dropped values will be available above $( $stack.remove(top - $d); )* }); } /// Macro to translate numerical operations into stack ones macro_rules! num_opcode { ($stack:ident($($var:ident),*): $op:expr) => ({ $( let $var = try!(read_scriptint(&match $stack.pop() { Some(elem) => elem, None => { return Err(Error::PopEmptyStack); } }[..])); )* $stack.push(MaybeOwned::Owned(build_scriptint($op))); // Return a tuple of all the variables ($( $var ),*) }); } macro_rules! unary_opcode_satisfy { ($stack:ident, $op:ident) => ({ let one = $stack.pop(); let cond = $stack.push_alloc(AbstractStackElem::new_unknown()); try!(cond.add_validator(Validator { args: vec![one], check: check::$op, update: update::$op })); }) } macro_rules! boolean_opcode_satisfy { ($stack:ident, unary $op:ident) => ({ let one = $stack.pop(); let cond = $stack.push_alloc(AbstractStackElem::new_unknown()); try!(cond.set_boolean()); try!(cond.add_validator(Validator { args: vec![one], check: check::$op, update: update::$op })); }); ($stack:ident, binary $op:ident) => ({ let one = $stack.pop(); let two = $stack.pop(); let cond = $stack.push_alloc(AbstractStackElem::new_unknown()); try!(cond.set_boolean()); try!(cond.add_validator(Validator { args: vec![two, one], check: check::$op, update: update::$op })); }); ($stack:ident, ternary $op:ident) => ({ let one = $stack.pop(); let two = $stack.pop(); let three = $stack.pop(); let mut cond = $stack.push_alloc(AbstractStackElem::new_unknown()); try!(cond.set_boolean()); try!(cond.add_validator(Validator { args: vec![three, two, one], check: check::$op, update: update::$op })); }); } /// Macro to translate hashing operations into stack ones macro_rules! hash_opcode { ($stack:ident, $hash:ident) => ({ match $stack.pop() { None => { return Err(Error::PopEmptyStack); } Some(v) => { let mut engine = $hash::new(); engine.input(&v[..]); let mut ret = Vec::with_capacity(engine.output_bits() / 8); // Force-set the length even though the vector is uninitialized // This is OK only because u8 has no destructor unsafe { ret.set_len(engine.output_bits() / 8); } engine.result(&mut ret); $stack.push(MaybeOwned::Owned(ret)); } } }); } // OP_VERIFY macro macro_rules! op_verify { ($stack:expr, $err:expr) => ( match $stack.last().map(|v| read_scriptbool(&v[..])) { None => { return Err(Error::VerifyEmptyStack); } Some(false) => { return Err($err); } Some(true) => { $stack.pop(); } } ) } macro_rules! op_verify_satisfy { ($stack:expr) => ({ try!($stack.peek_mut().set_bool_value(true)); $stack.pop(); }) } impl Script { /// Creates a new empty script pub fn new() -> Script { Script(vec![].into_boxed_slice()) } /// Creates a new script from an existing vector pub fn from_vec(v: Vec<u8>) -> Script { Script(v.into_boxed_slice()) } /// The length in bytes of the script pub fn len(&self) -> usize { self.0.len() } /// Trace a script pub fn trace<'a>(&'a self, secp: &Secp256k1, stack: &mut Vec<MaybeOwned<'a>>, input_context: Option<(&Transaction, usize)>) -> ScriptTrace { let mut trace = ScriptTrace { script: self.clone(), initial_stack: stack.iter().map(|elem| (&elem[..]).to_hex()).collect(), iterations: vec![], error: None }; match self.evaluate(secp, stack, input_context, Some(&mut trace.iterations)) { Ok(_) => {}, Err(e) => { trace.error = Some(e.clone()); } } trace } /// Evaluate the script, modifying the stack in place pub fn evaluate<'a>(&'a self, secp: &Secp256k1, stack: &mut Vec<MaybeOwned<'a>>, input_context: Option<(&Transaction, usize)>, mut trace: Option<&mut Vec<TraceIteration>>) -> Result<(), Error> { let mut codeseparator_index = 0; let mut exec_stack = vec![]; let mut alt_stack = vec![]; let mut index = 0; let mut op_count = 0; while index < self.0.len() { let executing = exec_stack.iter().all(|e| *e); let byte = self.0[index]; // Write out the trace, except the stack which we don't know yet match trace { Some(ref mut t) => { let opcode = opcodes::All::from_u8(byte); t.push(TraceIteration { index: index, opcode: opcode, executed: executing, errored: true, op_count: op_count, effect: opcode.classify(), stack: vec!["<failed to execute opcode>".to_string()] }); } None => {} } op_count += 1; index += 1; // The definitions of all these categories are in opcodes.rs match (executing, opcodes::All::from_u8(byte).classify()) { // Illegal operations mean failure regardless of execution state (_, opcodes::Class::IllegalOp) => return Err(Error::IllegalOpcode), // Push number (true, opcodes::Class::PushNum(n)) => stack.push(MaybeOwned::Owned(build_scriptint(n as i64))), // Return operations mean failure, but only if executed (true, opcodes::Class::ReturnOp) => return Err(Error::ExecutedReturn), // Data-reading statements still need to read, even when not executing (_, opcodes::Class::PushBytes(n)) => { let n = n as usize; if self.0.len() < index + n { return Err(Error::EarlyEndOfScript); } if executing { stack.push(MaybeOwned::Borrowed(&self.0[index..index + n])); } index += n; } (_, opcodes::Class::Ordinary(opcodes::Ordinary::OP_PUSHDATA1)) => { if self.0.len() < index + 1 { return Err(Error::EarlyEndOfScript); } let n = try!(read_uint(&self.0[index..], 1)); if self.0.len() < index + 1 + n { return Err(Error::EarlyEndOfScript); } if executing { stack.push(MaybeOwned::Borrowed(&self.0[index + 1..index + n + 1])); } index += 1 + n; } (_, opcodes::Class::Ordinary(opcodes::Ordinary::OP_PUSHDATA2)) => { if self.0.len() < index + 2 { return Err(Error::EarlyEndOfScript); } let n = try!(read_uint(&self.0[index..], 2)); if self.0.len() < index + 2 + n { return Err(Error::EarlyEndOfScript); } if executing { stack.push(MaybeOwned::Borrowed(&self.0[index + 2..index + n + 2])); } index += 2 + n; } (_, opcodes::Class::Ordinary(opcodes::Ordinary::OP_PUSHDATA4)) => { if self.0.len() < index + 4 { return Err(Error::EarlyEndOfScript); } let n = try!(read_uint(&self.0[index..], 4)); if self.0.len() < index + 4 + n { return Err(Error::EarlyEndOfScript); } if executing { stack.push(MaybeOwned::Borrowed(&self.0[index + 4..index + n + 4])); } index += 4 + n; } // If-statements take effect when not executing (false, opcodes::Class::Ordinary(opcodes::Ordinary::OP_IF)) => exec_stack.push(false), (false, opcodes::Class::Ordinary(opcodes::Ordinary::OP_NOTIF)) => exec_stack.push(false), (false, opcodes::Class::Ordinary(opcodes::Ordinary::OP_ELSE)) => { match exec_stack.last_mut() { Some(ref_e) => { *ref_e = !*ref_e } None => { return Err(Error::ElseWithoutIf); } } } (false, opcodes::Class::Ordinary(opcodes::Ordinary::OP_ENDIF)) => { if exec_stack.pop().is_none() { return Err(Error::EndifWithoutIf); } } // No-ops and non-executed operations do nothing (true, opcodes::Class::NoOp) | (false, _) => {} // Actual opcodes (true, opcodes::Class::Ordinary(op)) => { match op { opcodes::Ordinary::OP_PUSHDATA1 | opcodes::Ordinary::OP_PUSHDATA2 | opcodes::Ordinary::OP_PUSHDATA4 => { // handled above } opcodes::Ordinary::OP_IF => { match stack.pop().map(|v| read_scriptbool(&v[..])) { None => { return Err(Error::IfEmptyStack); } Some(b) => exec_stack.push(b) } } opcodes::Ordinary::OP_NOTIF => { match stack.pop().map(|v| read_scriptbool(&v[..])) { None => { return Err(Error::IfEmptyStack); } Some(b) => exec_stack.push(!b), } } opcodes::Ordinary::OP_ELSE => { match exec_stack.last_mut() { Some(ref_e) => { *ref_e = !*ref_e } None => { return Err(Error::ElseWithoutIf); } } } opcodes::Ordinary::OP_ENDIF => { if exec_stack.pop().is_none() { return Err(Error::EndifWithoutIf); } } opcodes::Ordinary::OP_VERIFY => op_verify!(stack, Error::VerifyFailed), opcodes::Ordinary::OP_TOALTSTACK => { match stack.pop() { None => { return Err(Error::PopEmptyStack); } Some(elem) => { alt_stack.push(elem); } } } opcodes::Ordinary::OP_FROMALTSTACK => { match alt_stack.pop() { None => { return Err(Error::PopEmptyStack); } Some(elem) => { stack.push(elem); } } } opcodes::Ordinary::OP_2DROP => stack_opcode!(stack(2): drop 1; drop 2), opcodes::Ordinary::OP_2DUP => stack_opcode!(stack(2): copy 2; copy 1), opcodes::Ordinary::OP_3DUP => stack_opcode!(stack(3): copy 3; copy 2; copy 1), opcodes::Ordinary::OP_2OVER => stack_opcode!(stack(4): copy 4; copy 3), opcodes::Ordinary::OP_2ROT => stack_opcode!(stack(6): perm (1, 3, 5); perm (2, 4, 6)), opcodes::Ordinary::OP_2SWAP => stack_opcode!(stack(4): swap (2, 4); swap (1, 3)), opcodes::Ordinary::OP_DROP => stack_opcode!(stack(1): drop 1), opcodes::Ordinary::OP_DUP => stack_opcode!(stack(1): copy 1), opcodes::Ordinary::OP_NIP => stack_opcode!(stack(2): drop 2), opcodes::Ordinary::OP_OVER => stack_opcode!(stack(2): copy 2), opcodes::Ordinary::OP_PICK => { let n = match stack.pop() { Some(data) => try!(read_scriptint(&data[..])), None => { return Err(Error::PopEmptyStack); } }; if n < 0 { return Err(Error::NegativePick); } let n = n as usize; stack_opcode!(stack(n + 1): copy n + 1) } opcodes::Ordinary::OP_ROLL => { let n = match stack.pop() { Some(data) => try!(read_scriptint(&data[..])), None => { return Err(Error::PopEmptyStack); } }; if n < 0 { return Err(Error::NegativeRoll); } let n = n as usize; stack_opcode!(stack(n + 1): copy n + 1 drop n + 1) } opcodes::Ordinary::OP_ROT => stack_opcode!(stack(3): perm (1, 2, 3)), opcodes::Ordinary::OP_SWAP => stack_opcode!(stack(2): swap (1, 2)), opcodes::Ordinary::OP_TUCK => stack_opcode!(stack(2): copy 2; copy 1 drop 2), opcodes::Ordinary::OP_IFDUP => { match stack.last().map(|v| read_scriptbool(&v[..])) { None => { return Err(Error::IfEmptyStack); } Some(false) => {} Some(true) => { stack_opcode!(stack(1): copy 1); } } } opcodes::Ordinary::OP_DEPTH => { let len = stack.len() as i64; stack.push(MaybeOwned::Owned(build_scriptint(len))); } opcodes::Ordinary::OP_SIZE => { match stack.last().map(|v| v.len() as i64) { None => { return Err(Error::IfEmptyStack); } Some(n) => { stack.push(MaybeOwned::Owned(build_scriptint(n))); } } } opcodes::Ordinary::OP_EQUAL | opcodes::Ordinary::OP_EQUALVERIFY => { if stack.len() < 2 { return Err(Error::PopEmptyStack); } let a = stack.pop().unwrap(); let b = stack.pop().unwrap(); stack.push(MaybeOwned::Borrowed(if a == b { SCRIPT_TRUE } else { SCRIPT_FALSE })); if op == opcodes::Ordinary::OP_EQUALVERIFY { op_verify!(stack, Error::EqualVerifyFailed((&a[..]).to_hex(), (&b[..]).to_hex())); } } opcodes::Ordinary::OP_1ADD => { num_opcode!(stack(a): a + 1); } opcodes::Ordinary::OP_1SUB => { num_opcode!(stack(a): a - 1); } opcodes::Ordinary::OP_NEGATE => { num_opcode!(stack(a): -a); } opcodes::Ordinary::OP_ABS => { num_opcode!(stack(a): a.abs()); } opcodes::Ordinary::OP_NOT => { num_opcode!(stack(a): if a == 0 {1} else {0}); } opcodes::Ordinary::OP_0NOTEQUAL => { num_opcode!(stack(a): if a != 0 {1} else {0}); } opcodes::Ordinary::OP_ADD => { num_opcode!(stack(b, a): a + b); } opcodes::Ordinary::OP_SUB => { num_opcode!(stack(b, a): a - b); } opcodes::Ordinary::OP_BOOLAND => { num_opcode!(stack(b, a): if a != 0 && b != 0 {1} else {0}); } opcodes::Ordinary::OP_BOOLOR => { num_opcode!(stack(b, a): if a != 0 || b != 0 {1} else {0}); } opcodes::Ordinary::OP_NUMEQUAL => { num_opcode!(stack(b, a): if a == b {1} else {0}); } opcodes::Ordinary::OP_NUMNOTEQUAL => { num_opcode!(stack(b, a): if a != b {1} else {0}); } opcodes::Ordinary::OP_NUMEQUALVERIFY => { let (b, a) = num_opcode!(stack(b, a): if a == b {1} else {0}); op_verify!(stack, Error::NumEqualVerifyFailed(a, b)); } opcodes::Ordinary::OP_LESSTHAN => { num_opcode!(stack(b, a): if a < b {1} else {0}); } opcodes::Ordinary::OP_GREATERTHAN => { num_opcode!(stack(b, a): if a > b {1} else {0}); } opcodes::Ordinary::OP_LESSTHANOREQUAL => { num_opcode!(stack(b, a): if a <= b {1} else {0}); } opcodes::Ordinary::OP_GREATERTHANOREQUAL => { num_opcode!(stack(b, a): if a >= b {1} else {0}); } opcodes::Ordinary::OP_MIN => { num_opcode!(stack(b, a): if a < b {a} else {b}); } opcodes::Ordinary::OP_MAX => { num_opcode!(stack(b, a): if a > b {a} else {b}); } opcodes::Ordinary::OP_WITHIN => { num_opcode!(stack(c, b, a): if b <= a && a < c {1} else {0}); } opcodes::Ordinary::OP_RIPEMD160 => hash_opcode!(stack, Ripemd160), opcodes::Ordinary::OP_SHA1 => hash_opcode!(stack, Sha1), opcodes::Ordinary::OP_SHA256 => hash_opcode!(stack, Sha256), opcodes::Ordinary::OP_HASH160 => { hash_opcode!(stack, Sha256); hash_opcode!(stack, Ripemd160); } opcodes::Ordinary::OP_HASH256 => { hash_opcode!(stack, Sha256); hash_opcode!(stack, Sha256); } opcodes::Ordinary::OP_CODESEPARATOR => { codeseparator_index = index; } opcodes::Ordinary::OP_CHECKSIG | opcodes::Ordinary::OP_CHECKSIGVERIFY => { if stack.len() < 2 { return Err(Error::PopEmptyStack); } let pk = stack.pop().unwrap(); let pk_slice = &pk[..]; let sig = stack.pop().unwrap(); let sig_slice = &sig[..]; // Compute the section of script that needs to be hashed: everything // from the last CODESEPARATOR, except the signature itself. let mut script = (&self.0[codeseparator_index..]).to_vec(); let mut remove = Builder::new(); remove.push_slice(sig_slice); script_find_and_remove(&mut script, &remove[..]); // Also all of the OP_CODESEPARATORS, even the unevaluated ones script_find_and_remove(&mut script, &[opcodes::Ordinary::OP_CODESEPARATOR as u8]); // This is as far as we can go without a transaction, so fail here if input_context.is_none() { return Err(Error::NoTransaction); } // Otherwise unwrap it let (tx, input_index) = input_context.unwrap(); match check_signature(secp, sig_slice, pk_slice, script, tx, input_index) { Ok(()) => stack.push(MaybeOwned::Borrowed(SCRIPT_TRUE)), _ => stack.push(MaybeOwned::Borrowed(SCRIPT_FALSE)), } if op == opcodes::Ordinary::OP_CHECKSIGVERIFY { op_verify!(stack, Error::VerifyFailed); } } opcodes::Ordinary::OP_CHECKMULTISIG | opcodes::Ordinary::OP_CHECKMULTISIGVERIFY => { // Read all the keys if stack.len() < 1 { return Err(Error::PopEmptyStack); } let n_keys = try!(read_scriptint(&stack.pop().unwrap()[..])); if n_keys < 0 || n_keys > 20 { return Err(Error::MultisigBadKeyCount(n_keys as isize)); } if (stack.len() as i64) < n_keys { return Err(Error::PopEmptyStack); } let mut keys = Vec::with_capacity(n_keys as usize); for _ in 0..n_keys { keys.push(stack.pop().unwrap()); } // Read all the signatures if stack.len() < 1 { return Err(Error::PopEmptyStack); } let n_sigs = try!(read_scriptint(&stack.pop().unwrap()[..])); if n_sigs < 0 || n_sigs > n_keys { return Err(Error::MultisigBadSigCount(n_sigs as isize)); } if (stack.len() as i64) < n_sigs { return Err(Error::PopEmptyStack); } let mut sigs = Vec::with_capacity(n_sigs as usize); for _ in 0..n_sigs { sigs.push(stack.pop().unwrap()); } // Pop one more element off the stack to be replicate a consensus bug if stack.pop().is_none() { return Err(Error::PopEmptyStack); } // Compute the section of script that needs to be hashed: everything // from the last CODESEPARATOR, except the signatures themselves. let mut script = (&self.0[codeseparator_index..]).to_vec(); for sig in sigs.iter() { let mut remove = Builder::new(); remove.push_slice(&sig[..]); script_find_and_remove(&mut script, &remove[..]); script_find_and_remove(&mut script, &[opcodes::Ordinary::OP_CODESEPARATOR as u8]); } // This is as far as we can go without a transaction, so fail here if input_context.is_none() { return Err(Error::NoTransaction); } // Otherwise unwrap it let (tx, input_index) = input_context.unwrap(); // Check signatures let mut key_iter = keys.iter(); let mut sig_iter = sigs.iter(); let mut key = key_iter.next(); let mut sig = sig_iter.next(); loop { match (key, sig) { // Try to validate the signature with the given key (Some(k), Some(s)) => { // Move to the next signature if it is valid for the current key if check_signature(secp, &s[..], &k[..], script.clone(), tx, input_index).is_ok() { sig = sig_iter.next(); } // Move to the next key in any case key = key_iter.next(); } // Run out of signatures, success (_, None) => { stack.push(MaybeOwned::Borrowed(SCRIPT_TRUE)); break; } // Run out of keys to match to signatures, fail (None, Some(_)) => { stack.push(MaybeOwned::Borrowed(SCRIPT_FALSE)); break; } } } if op == opcodes::Ordinary::OP_CHECKMULTISIGVERIFY { op_verify!(stack, Error::VerifyFailed); } } } // end opcode match } // end classification match } // end loop // Store the stack in the trace trace.as_mut().map(|t| t.last_mut().map(|t| { t.errored = false; t.stack = stack.iter().map(|elem| (&elem[..]).to_hex()).collect(); }) ); } Ok(()) } /// Checks whether a script pubkey is a p2sh output #[inline] pub fn is_p2sh(&self) -> bool { self.0.len() == 23 && self.0[0] == opcodes::All::OP_HASH160 as u8 && self.0[1] == opcodes::All::OP_PUSHBYTES_20 as u8 && self.0[22] == opcodes::All::OP_EQUAL as u8 } /// Whether a script can be proven to have no satisfying input pub fn is_provably_unspendable(&self) -> bool { match self.satisfy() { Ok(_) => false, Err(Error::Unanalyzable) => false, Err(_) => true } } /// Evaluate the script to determine whether any possible input will cause it /// to accept. Returns true if it is guaranteed to fail; false otherwise. pub fn satisfy(&self) -> Result<Vec<AbstractStackElem>, Error> { fn recurse<'a>(script: &'a [u8], mut stack: AbstractStack, mut exec_stack: Vec<bool>, depth: usize) -> Result<Vec<AbstractStackElem>, Error> { // Avoid doing more than 64k forks if depth > 16 { return Err(Error::InterpreterStackOverflow); } let mut index = 0; while index < script.len() { let executing = exec_stack.iter().all(|e| *e); let byte = script[index]; index += 1; // The definitions of all these categories are in opcodes.rs match (executing, opcodes::All::from_u8(byte).classify()) { // Illegal operations mean failure regardless of execution state (_, opcodes::Class::IllegalOp) => return Err(Error::IllegalOpcode), // Push number (true, opcodes::Class::PushNum(n)) => { stack.push_alloc(AbstractStackElem::new_num(n as i64)); }, // Return operations mean failure, but only if executed (true, opcodes::Class::ReturnOp) => return Err(Error::ExecutedReturn), // Data-reading statements still need to read, even when not executing (_, opcodes::Class::PushBytes(n)) => { let n = n as usize; if script.len() < index + n { return Err(Error::EarlyEndOfScript); } if executing { stack.push_alloc(AbstractStackElem::new_raw(&script[index..index + n])); } index += n; } (_, opcodes::Class::Ordinary(opcodes::Ordinary::OP_PUSHDATA1)) => { if script.len() < index + 1 { return Err(Error::EarlyEndOfScript); } let n = match read_uint(&script[index..], 1) { Ok(n) => n, Err(_) => { return Err(Error::EarlyEndOfScript); } }; if script.len() < index + 1 + n { return Err(Error::EarlyEndOfScript); } if executing { stack.push_alloc(AbstractStackElem::new_raw(&script[index + 1..index + n + 1])); } index += 1 + n; } (_, opcodes::Class::Ordinary(opcodes::Ordinary::OP_PUSHDATA2)) => { if script.len() < index + 2 { return Err(Error::EarlyEndOfScript); } let n = match read_uint(&script[index..], 2) { Ok(n) => n, Err(_) => { return Err(Error::EarlyEndOfScript); } }; if script.len() < index + 2 + n { return Err(Error::EarlyEndOfScript); } if executing { stack.push_alloc(AbstractStackElem::new_raw(&script[index + 2..index + n + 2])); } index += 2 + n; } (_, opcodes::Class::Ordinary(opcodes::Ordinary::OP_PUSHDATA4)) => { let n = match read_uint(&script[index..], 4) { Ok(n) => n, Err(_) => { return Err(Error::EarlyEndOfScript); } }; if script.len() < index + 4 + n { return Err(Error::EarlyEndOfScript); } if executing { stack.push_alloc(AbstractStackElem::new_raw(&script[index + 4..index + n + 4])); } index += 4 + n; } // If-statements take effect when not executing (false, opcodes::Class::Ordinary(opcodes::Ordinary::OP_IF)) => exec_stack.push(false), (false, opcodes::Class::Ordinary(opcodes::Ordinary::OP_NOTIF)) => exec_stack.push(false), (false, opcodes::Class::Ordinary(opcodes::Ordinary::OP_ELSE)) => { match exec_stack.last_mut() { Some(ref_e) => { *ref_e = !*ref_e } None => { return Err(Error::ElseWithoutIf); } } } (false, opcodes::Class::Ordinary(opcodes::Ordinary::OP_ENDIF)) => { if exec_stack.pop().is_none() { return Err(Error::EndifWithoutIf); } } // No-ops and non-executed operations do nothing (true, opcodes::Class::NoOp) | (false, _) => {} // Actual opcodes (true, opcodes::Class::Ordinary(op)) => { match op { opcodes::Ordinary::OP_PUSHDATA1 | opcodes::Ordinary::OP_PUSHDATA2 | opcodes::Ordinary::OP_PUSHDATA4 => { // handled above } opcodes::Ordinary::OP_IF => { let top_bool = { let top = stack.peek_mut(); top.bool_value() }; match top_bool { None => { let mut stack_true = stack.clone(); // Try pushing false and see what happens if stack.peek_mut().set_bool_value(false).is_ok() { match recurse(&script[index - 1..], stack, exec_stack.clone(), depth + 1) { Ok(res) => { return Ok(res); } Err(_) => {} } } // Failing that, push true try!(stack_true.peek_mut().set_bool_value(true)); return recurse(&script[index - 1..], stack_true, exec_stack, depth + 1); } Some(val) => { stack.pop(); exec_stack.push(val) } } } opcodes::Ordinary::OP_NOTIF => { let top_bool = { let top = stack.peek_mut(); top.bool_value() }; match top_bool { None => { let mut stack_true = stack.clone(); // Try pushing false and see what happens if stack.peek_mut().set_bool_value(false).is_ok() { match recurse(&script[index - 1..], stack, exec_stack.clone(), depth + 1) { Ok(res) => { return Ok(res); } Err(_) => {} } } // Failing that, push true try!(stack_true.peek_mut().set_bool_value(true)); return recurse(&script[index - 1..], stack_true, exec_stack, depth + 1); } Some(val) => { stack.pop(); exec_stack.push(!val) } } } opcodes::Ordinary::OP_ELSE => { match exec_stack.last_mut() { Some(ref_e) => { *ref_e = !*ref_e } None => { return Err(Error::ElseWithoutIf); } } } opcodes::Ordinary::OP_ENDIF => { if exec_stack.pop().is_none() { return Err(Error::EndifWithoutIf); } } opcodes::Ordinary::OP_VERIFY => op_verify_satisfy!(stack), opcodes::Ordinary::OP_TOALTSTACK => { stack.to_altstack(); } opcodes::Ordinary::OP_FROMALTSTACK => { try!(stack.from_altstack()); } opcodes::Ordinary::OP_2DROP => stack_opcode!(stack(2): require 2 drop 1; drop 2), opcodes::Ordinary::OP_2DUP => stack_opcode!(stack(2): require 2 copy 2; copy 1), opcodes::Ordinary::OP_3DUP => stack_opcode!(stack(3): require 3 copy 3; copy 2; copy 1), opcodes::Ordinary::OP_2OVER => stack_opcode!(stack(4): require 4 copy 4; copy 3), opcodes::Ordinary::OP_2ROT => stack_opcode!(stack(6): require 6 perm (1, 3, 5); perm (2, 4, 6)), opcodes::Ordinary::OP_2SWAP => stack_opcode!(stack(4): require 4 swap (2, 4); swap (1, 3)), opcodes::Ordinary::OP_DROP => stack_opcode!(stack(1): require 1 drop 1), opcodes::Ordinary::OP_DUP => stack_opcode!(stack(1): require 1 copy 1), opcodes::Ordinary::OP_NIP => stack_opcode!(stack(2): require 2 drop 2), opcodes::Ordinary::OP_OVER => stack_opcode!(stack(2): require 2 copy 2), opcodes::Ordinary::OP_PICK => { let top_n = { let top = stack.peek_mut(); try!(top.set_numeric()); try!(top.set_num_lo(0)); top.num_value().map(|n| n as usize) }; stack.pop(); match top_n { Some(n) => stack_opcode!(stack(n + 1): require n + 1 copy n + 1), // The stack will wind up with the 1 and nth inputs being identical // with n input-dependent. I can imagine scripts which check this // condition or its negation for various n to get arbitrary finite // sets of allowable values. It's not clear to me that this is // feasible to analyze. None => { return Err(Error::Unanalyzable); } } } opcodes::Ordinary::OP_ROLL => { let top_n = { let top = stack.peek_mut(); try!(top.set_numeric()); try!(top.set_num_lo(0)); top.num_value().map(|n| n as usize) }; stack.pop(); match top_n { Some(n) => stack_opcode!(stack(n + 1): require n + 1 copy n + 1 drop n + 1), // The stack will wind up reordered, so in principle I could just force // the input to be zero (other n values can be converted to zero by just // manually rearranging the input). The problem is if numeric bounds are // later set on n. I can't analyze that. None => { return Err(Error::Unanalyzable); } } } opcodes::Ordinary::OP_ROT => stack_opcode!(stack(3): require 3 perm (1, 2, 3)), opcodes::Ordinary::OP_SWAP => stack_opcode!(stack(2): require 3 swap (1, 2)), opcodes::Ordinary::OP_TUCK => stack_opcode!(stack(2): require 2 copy 2; copy 1 drop 2), opcodes::Ordinary::OP_IFDUP => { let top_bool = { let top = stack.peek_mut(); top.bool_value() }; match top_bool { Some(false) => { } Some(true) => { stack_opcode!(stack(1): require 1 copy 1); } None => { let mut stack_true = stack.clone(); // Try pushing false and see what happens if stack.peek_mut().set_bool_value(false).is_ok() { match recurse(&script[index - 1..], stack, exec_stack.clone(), depth + 1) { Ok(res) => { return Ok(res); } Err(_) => {} } } // Failing that, push true try!(stack_true.peek_mut().set_bool_value(true)); return recurse(&script[index - 1..], stack_true, exec_stack, depth + 1); } } } opcodes::Ordinary::OP_DEPTH => { let len = stack.len() as i64; let new_elem = stack.push_alloc(AbstractStackElem::new_unknown()); try!(new_elem.set_numeric()); try!(new_elem.set_num_lo(len)); } opcodes::Ordinary::OP_SIZE => { let top = stack.peek_index(); let new_elem = stack.push_alloc(AbstractStackElem::new_unknown()); try!(new_elem.set_numeric()); try!(new_elem.add_validator(Validator { args: vec![top], check: check::op_size, update: update::op_size })); } opcodes::Ordinary::OP_EQUAL => boolean_opcode_satisfy!(stack, binary op_equal), opcodes::Ordinary::OP_EQUALVERIFY => { boolean_opcode_satisfy!(stack, binary op_equal); op_verify_satisfy!(stack); } opcodes::Ordinary::OP_NOT => boolean_opcode_satisfy!(stack, unary op_not), opcodes::Ordinary::OP_0NOTEQUAL => boolean_opcode_satisfy!(stack, unary op_0notequal), opcodes::Ordinary::OP_NUMEQUAL => boolean_opcode_satisfy!(stack, binary op_numequal), opcodes::Ordinary::OP_NUMEQUALVERIFY => { boolean_opcode_satisfy!(stack, binary op_numequal); op_verify_satisfy!(stack); } opcodes::Ordinary::OP_NUMNOTEQUAL => boolean_opcode_satisfy!(stack, binary op_numnotequal), opcodes::Ordinary::OP_LESSTHAN => boolean_opcode_satisfy!(stack, binary op_numlt), opcodes::Ordinary::OP_GREATERTHAN => boolean_opcode_satisfy!(stack, binary op_numgt), opcodes::Ordinary::OP_LESSTHANOREQUAL => boolean_opcode_satisfy!(stack, binary op_numlteq), opcodes::Ordinary::OP_GREATERTHANOREQUAL => boolean_opcode_satisfy!(stack, binary op_numgteq), opcodes::Ordinary::OP_1ADD | opcodes::Ordinary::OP_1SUB | opcodes::Ordinary::OP_NEGATE | opcodes::Ordinary::OP_ABS | opcodes::Ordinary::OP_ADD | opcodes::Ordinary::OP_SUB | opcodes::Ordinary::OP_BOOLAND | opcodes::Ordinary::OP_BOOLOR | opcodes::Ordinary::OP_MIN | opcodes::Ordinary::OP_MAX | opcodes::Ordinary::OP_WITHIN => { return Err(Error::Unanalyzable); } opcodes::Ordinary::OP_RIPEMD160 => unary_opcode_satisfy!(stack, op_ripemd160), opcodes::Ordinary::OP_SHA1 => unary_opcode_satisfy!(stack, op_sha1), opcodes::Ordinary::OP_SHA256 => unary_opcode_satisfy!(stack, op_sha256), opcodes::Ordinary::OP_HASH160 => unary_opcode_satisfy!(stack, op_hash160), opcodes::Ordinary::OP_HASH256 => unary_opcode_satisfy!(stack, op_hash256), // Ignore code separators since we don't check signatures opcodes::Ordinary::OP_CODESEPARATOR => {} opcodes::Ordinary::OP_CHECKSIG => boolean_opcode_satisfy!(stack, binary op_checksig), opcodes::Ordinary::OP_CHECKSIGVERIFY => { boolean_opcode_satisfy!(stack, binary op_checksig); op_verify_satisfy!(stack); } opcodes::Ordinary::OP_CHECKMULTISIG | opcodes::Ordinary::OP_CHECKMULTISIGVERIFY => { let (n_keys, n_keys_hi) = { let elem = stack.pop_mut(); try!(elem.set_numeric()); try!(elem.set_num_lo(0)); try!(elem.set_num_hi(20)); (elem.num_lo(), elem.num_hi()) }; let mut allowable_failures: i64 = 0; for _ in 0..n_keys { let key = stack.pop_mut(); if key.may_be_pubkey() { allowable_failures += 1; } } if n_keys == n_keys_hi { let (n_sigs, n_sigs_hi) = { let elem = stack.pop_mut(); try!(elem.set_numeric()); try!(elem.set_num_lo(0)); try!(elem.set_num_hi(n_keys)); (elem.num_lo(), elem.num_hi()) }; allowable_failures -= n_sigs; for _ in 0..n_sigs { let sig = stack.pop_mut(); if !sig.may_be_signature() { allowable_failures -= 1; } if allowable_failures < 0 { return Err(Error::Unsatisfiable); } if n_sigs != n_sigs_hi { return Err(Error::Unanalyzable); } } } else { return Err(Error::Unanalyzable); } // Successful multisig, push an unknown boolean { let result = stack.push_alloc(AbstractStackElem::new_unknown()); try!(result.set_boolean()) } // If it's a VERIFY op, assume it passed and carry on if op == opcodes::Ordinary::OP_CHECKMULTISIGVERIFY { op_verify_satisfy!(stack); } } } } } } // If we finished, we are only unspendable if we have false on the stack match stack.peek_mut().bool_value() { None => stack.peek_mut().set_bool_value(true).map(|_| stack.build_initial_stack()), Some(true) => Ok(stack.build_initial_stack()), Some(false) => Err(Error::AnalyzeAlwaysReturnsFalse) } } recurse(&self.0, AbstractStack::new(), vec![], 1) } } impl Default for Script { fn default() -> Script { Script(vec![].into_boxed_slice()) } } impl_index_newtype!(Script, u8); impl Builder { /// Creates a new empty script pub fn new() -> Builder { Builder(vec![]) } /// Creates a new script from an existing vector pub fn from_vec(v: Vec<u8>) -> Builder { Builder(v) } /// The length in bytes of the script pub fn len(&self) -> usize { self.0.len() } /// Adds instructions to push an integer onto the stack. Integers are /// encoded as little-endian signed-magnitude numbers, but there are /// dedicated opcodes to push some small integers. pub fn push_int(&mut self, data: i64) { // We can special-case -1, 1-16 if data == -1 || (data >= 1 && data <= 16) { self.0.push((data + opcodes::OP_TRUE as i64) as u8); } // We can also special-case zero else if data == 0 { self.0.push(opcodes::OP_FALSE as u8); } // Otherwise encode it as data else { self.push_scriptint(data); } } /// Adds instructions to push an integer onto the stack, using the explicit /// encoding regardless of the availability of dedicated opcodes. pub fn push_scriptint(&mut self, data: i64) { self.push_slice(&build_scriptint(data)); } /// Adds instructions to push some arbitrary data onto the stack pub fn push_slice(&mut self, data: &[u8]) { // Start with a PUSH opcode match data.len() { n if n < opcodes::Ordinary::OP_PUSHDATA1 as usize => { self.0.push(n as u8); }, n if n < 0x100 => { self.0.push(opcodes::Ordinary::OP_PUSHDATA1 as u8); self.0.push(n as u8); }, n if n < 0x10000 => { self.0.push(opcodes::Ordinary::OP_PUSHDATA2 as u8); self.0.push((n % 0x100) as u8); self.0.push((n / 0x100) as u8); }, n if n < 0x100000000 => { self.0.push(opcodes::Ordinary::OP_PUSHDATA4 as u8); self.0.push((n % 0x100) as u8); self.0.push(((n / 0x100) % 0x100) as u8); self.0.push(((n / 0x10000) % 0x100) as u8); self.0.push((n / 0x1000000) as u8); } _ => panic!("tried to put a 4bn+ sized object into a script!") } // Then push the acraw self.0.extend(data.iter().cloned()); } /// Adds a single opcode to the script pub fn push_opcode(&mut self, data: opcodes::All) { self.0.push(data as u8); } /// Converts the `Builder` into an unmodifiable `Script` pub fn into_script(self) -> Script { Script(self.0.into_boxed_slice()) } } /// Adds an individual opcode to the script impl Default for Builder { fn default() -> Builder { Builder(vec![]) } } impl_index_newtype!(Builder, u8); // User-facing serialization impl serde::Serialize for Script { fn serialize<S>(&self, serializer: &mut S) -> Result<(), S::Error> where S: serde::Serializer, { for dat in self.0.iter() { try!(serializer.visit_char(from_digit((dat / 0x10) as u32, 16).unwrap())); try!(serializer.visit_char(from_digit((dat & 0x0f) as u32, 16).unwrap())); } Ok(()) } } // Network serialization impl<S: SimpleEncoder> ConsensusEncodable<S> for Script { #[inline] fn consensus_encode(&self, s: &mut S) -> Result<(), S::Error> { self.0.consensus_encode(s) } } impl<D: SimpleDecoder> ConsensusDecodable<D> for Script { #[inline] fn consensus_decode(d: &mut D) -> Result<Script, D::Error> { Ok(Script(try!(ConsensusDecodable::consensus_decode(d)))) } } #[cfg(test)] mod test { use secp256k1::Secp256k1; use serialize::hex::FromHex; use super::{Error, Script, Builder, build_scriptint, read_scriptint, read_scriptbool}; use super::MaybeOwned::Owned; use network::serialize::{deserialize, serialize}; use blockdata::opcodes; use blockdata::transaction::Transaction; fn test_tx(tx_hex: &'static str, output_hex: Vec<&'static str>) { let s = Secp256k1::new(); let tx_hex = tx_hex.from_hex().unwrap(); let tx: Transaction = deserialize(&tx_hex).ok().expect("transaction"); let script_pk: Vec<Script> = output_hex.iter() .map(|hex| format!("{:02x}{}", hex.len() / 2, hex)) .map(|hex| (&hex[..]).from_hex().unwrap()) .map(|hex| deserialize(&hex) .ok() .expect("scriptpk")) .collect(); for (n, script) in script_pk.iter().enumerate() { let mut stack = vec![]; assert_eq!(tx.input[n].script_sig.evaluate(&s, &mut stack, Some((&tx, n)), None), Ok(())); assert_eq!(script.evaluate(&s, &mut stack, Some((&tx, n)), None), Ok(())); assert!(stack.len() >= 1); assert_eq!(read_scriptbool(&stack.pop().unwrap()[..]), true); } } #[test] fn script() { let mut comp = vec![]; let mut script = Builder::new(); assert_eq!(&script[..], &comp[..]); // small ints script.push_int(1); comp.push(82u8); assert_eq!(&script[..], &comp[..]); script.push_int(0); comp.push(0u8); assert_eq!(&script[..], &comp[..]); script.push_int(4); comp.push(85u8); assert_eq!(&script[..], &comp[..]); script.push_int(-1); comp.push(80u8); assert_eq!(&script[..], &comp[..]); // forced scriptint script.push_scriptint(4); comp.extend([1u8, 4].iter().cloned()); assert_eq!(&script[..], &comp[..]); // big ints script.push_int(17); comp.extend([1u8, 17].iter().cloned()); assert_eq!(&script[..], &comp[..]); script.push_int(10000); comp.extend([2u8, 16, 39].iter().cloned()); assert_eq!(&script[..], &comp[..]); // notice the sign bit set here, hence the extra zero/128 at the end script.push_int(10000000); comp.extend([4u8, 128, 150, 152, 0].iter().cloned()); assert_eq!(&script[..], &comp[..]); script.push_int(-10000000); comp.extend([4u8, 128, 150, 152, 128].iter().cloned()); assert_eq!(&script[..], &comp[..]); // data script.push_slice("NRA4VR".as_bytes()); comp.extend([6u8, 78, 82, 65, 52, 86, 82].iter().cloned()); assert_eq!(&script[..], &comp[..]); // opcodes script.push_opcode(opcodes::All::OP_CHECKSIG); comp.push(0xACu8); assert_eq!(&script[..], &comp[..]); script.push_opcode(opcodes::All::OP_CHECKSIG); comp.push(0xACu8); assert_eq!(&script[..], &comp[..]); } #[test] fn script_serialize() { let hex_script = "6c493046022100f93bb0e7d8db7bd46e40132d1f8242026e045f03a0efe71bbb8e3f475e970d790221009337cd7f1f929f00cc6ff01f03729b069a7c21b59b1736ddfee5db5946c5da8c0121033b9b137ee87d5a812d6f506efdd37f0affa7ffc310711c06c7f3e097c9447c52".from_hex().unwrap(); let script: Result<Script, _> = deserialize(&hex_script); assert!(script.is_ok()); assert_eq!(serialize(&script.unwrap()).ok(), Some(hex_script)); } #[test] fn scriptint_round_trip() { assert_eq!(build_scriptint(-1), vec![0x81]); assert_eq!(build_scriptint(255), vec![255, 0]); assert_eq!(build_scriptint(256), vec![0, 1]); assert_eq!(build_scriptint(257), vec![1, 1]); assert_eq!(build_scriptint(511), vec![255, 1]); for &i in [10, 100, 255, 256, 1000, 10000, 25000, 200000, 5000000, 1000000000, (1 << 31) - 1, -((1 << 31) - 1)].iter() { assert_eq!(Ok(i), read_scriptint(&build_scriptint(i))); assert_eq!(Ok(-i), read_scriptint(&build_scriptint(-i))); } assert!(read_scriptint(&build_scriptint(1 << 31)).is_err()); assert!(read_scriptint(&build_scriptint(-(1 << 31))).is_err()); } #[test] fn script_eval_simple() { let s = Secp256k1::new(); let mut script = Builder::new(); assert!(script.clone().into_script().evaluate(&s, &mut vec![], None, None).is_ok()); script.push_opcode(opcodes::All::OP_RETURN); assert!(script.clone().into_script().evaluate(&s, &mut vec![], None, None).is_err()); } #[test] fn script_eval_checksig_without_tx() { let s = Secp256k1::new(); let hex_pk = "1976a914e729dea4a3a81108e16376d1cc329c91db58999488ac".from_hex().unwrap(); let script_pk: Script = deserialize(&hex_pk).ok().expect("scriptpk"); // Should be able to check that the sig is there and pk correct // before needing a transaction assert_eq!(script_pk.evaluate(&s, &mut vec![], None, None), Err(Error::PopEmptyStack)); assert_eq!(script_pk.evaluate(&s, &mut vec![Owned(vec![]), Owned(vec![])], None, None), Err(Error::EqualVerifyFailed("e729dea4a3a81108e16376d1cc329c91db589994".to_string(), "b472a266d0bd89c13706a4132ccfb16f7c3b9fcb".to_string()))); // But if the signature is there, we need a tx to check it assert_eq!(script_pk.evaluate(&s, &mut vec![Owned(vec![]), Owned("026d5d4cfef5f3d97d2263941b4d8e7aaa82910bf8e6f7c6cf1d8f0d755b9d2d1a".from_hex().unwrap())], None, None), Err(Error::NoTransaction)); assert_eq!(script_pk.evaluate(&s, &mut vec![Owned(vec![0]), Owned("026d5d4cfef5f3d97d2263941b4d8e7aaa82910bf8e6f7c6cf1d8f0d755b9d2d1a".from_hex().unwrap())], None, None), Err(Error::NoTransaction)); } #[test] fn script_eval_pubkeyhash() { let s = Secp256k1::new(); // nb these are both prefixed with their length in 1 byte let tx_hex = "010000000125d6681b797691aebba34b9d8e50f769ab1e8807e78405ae505c218cf8e1e9e1a20100006a47304402204c2dd8a9b6f8d425fcd8ee9a20ac73b619906a6367eac6cb93e70375225ec0160220356878eff111ff3663d7e6bf08947f94443845e0dcc54961664d922f7660b80c0121029fa8e8d8e3fd61183ab52f98d65500fd028a5d0a899c6bcd4ecaf1eda9eac284ffffffff0110270000000000001976a914299567077f41bc20059dc21a1eb1ef5a6a43b9c088ac00000000".from_hex().unwrap(); let output_hex = "1976a914299567077f41bc20059dc21a1eb1ef5a6a43b9c088ac".from_hex().unwrap(); let tx: Transaction = deserialize(&tx_hex).ok().expect("transaction"); let script_pk: Script = deserialize(&output_hex).ok().expect("scriptpk"); let mut stack = vec![]; assert_eq!(tx.input[0].script_sig.evaluate(&s, &mut stack, None, None), Ok(())); assert_eq!(script_pk.evaluate(&s, &mut stack, Some((&tx, 0)), None), Ok(())); assert_eq!(stack.len(), 1); assert_eq!(read_scriptbool(&stack.pop().unwrap()[..]), true); } #[test] fn script_eval_testnet_failure_1() { // OP_PUSHNUM ops weren't correct, also computed zero must be [], not [0] // txid dc3aad51b4b9ea1ef40755a38b0b4d6e08c72d2ac5e95b8bebe9bd319b6aed7e test_tx( "010000000560e0b5061b08a60911c9b2702cc0eba80adbe42f3ec9885c76930837db5380c001000000054f01e40164ffffffff0d2fe5749c96f15e37ceed29002c7f338df4f2781dd79f4d4eea7a08aa69b959000000000351519bffffffff0d2fe5749c96f15e37ceed29002c7f338df4f2781dd79f4d4eea7a08aa69b959020000000452018293ffffffff0d2fe5749c96f15e37ceed29002c7f338df4f2781dd79f4d4eea7a08aa69b95903000000045b5a5193ffffffff0d2fe5749c96f15e37ceed29002c7f338df4f2781dd79f4d4eea7a08aa69b95904000000045b5a5193ffffffff06002d310100000000029f91002d3101000000000401908f87002d31010000000001a0002d3101000000000705feffffff808730d39700000000001976a9140467f85e06a2ef0a479333b47258f4196fb94b2c88ac002d3101000000000604ffffff7f9c00000000", vec!["a5", "61", "0087", "9c", "9d51"] ); } #[test] fn script_eval_testnet_failure_2() { // OP_PUSHDATA2 must read its length little-endian // txid c5d4b73af6eed28798473b05d2b227edd4f285069629843e899b52c2d1c165b7) test_tx( "010000003422300a976c1f0f6bd6172ded8cb76c23f6e57d3b19e9ff1f403990e70acf19560300000006011601150114ffffffff22300a976c1f0f6bd6172ded8cb76c23f6e57d3b19e9ff1f403990e70acf19560400000006011601150114ffffffff22300a976c1f0f6bd6172ded8cb76c23f6e57d3b19e9ff1f403990e70acf19560900000006050000008000ffffffff42e9e966f8c293ad44c0b726ec85c5338d1f30cee63aedfb6ead49571477f22909000000020051ffffffff42e9e966f8c293ad44c0b726ec85c5338d1f30cee63aedfb6ead49571477f2290a000000034f00a3ffffffff4f0ccb5158e5497900b7563c5e0ab7fad5e169b9f46e8ca24c84b1f2dc91911f030000000151ffffffff4f0ccb5158e5497900b7563c5e0ab7fad5e169b9f46e8ca24c84b1f2dc91911f040000000451525355ffffffff4f0ccb5158e5497900b7563c5e0ab7fad5e169b9f46e8ca24c84b1f2dc91911f0500000003016f8cffffffff4f0ccb5158e5497900b7563c5e0ab7fad5e169b9f46e8ca24c84b1f2dc91911f09000000025d5effffffff5649f4d40acc1720997749ede3abb24105e637dd309fb3deee4a49c49d3b4f1a0400000005016f5a5193ffffffff5649f4d40acc1720997749ede3abb24105e637dd309fb3deee4a49c49d3b4f1a06000000065a005b6b756cffffffff5649f4d40acc1720997749ede3abb24105e637dd309fb3deee4a49c49d3b4f1a080000000100ffffffff67e36cd8a0a57458261704363fc21ce927b8214b381bcf86c0b6bd8f23e5e70c0100000006011601150114ffffffff6ded57e5e632ec542b8ab851df40400c32052ce2b999cf2c6c1352872c5d6537040000000704ffffff7f7693ffffffff6ded57e5e632ec542b8ab851df40400c32052ce2b999cf2c6c1352872c5d6537050000001b1a6162636465666768696a6b6c6d6e6f707172737475767778797affffffff6ded57e5e632ec542b8ab851df40400c32052ce2b999cf2c6c1352872c5d653708000000044d010008ffffffff6ded57e5e632ec542b8ab851df40400c32052ce2b999cf2c6c1352872c5d65370a000000025191ffffffff6f3c0204703766775324115c32fd121a16f0df64f0336490157ebd94b62e059e02000000020075ffffffff8f339185bdf4c571055114df3cbbb9ebfa31b605b99c4088a1b226f88e0295020100000006016f51935c94ffffffff8f339185bdf4c571055114df3cbbb9ebfa31b605b99c4088a1b226f88e029502020000000403008000ffffffff8f339185bdf4c571055114df3cbbb9ebfa31b605b99c4088a1b226f88e029502060000001b1a6162636465666768696a6b6c6d6e6f707172737475767778797affffffff8f339185bdf4c571055114df3cbbb9ebfa31b605b99c4088a1b226f88e02950207000000044f005152ffffffff8f339185bdf4c571055114df3cbbb9ebfa31b605b99c4088a1b226f88e0295020a00000003515193ffffffff925f27a4db9032976b0ed323094dcfd12d521f36f5b64f4879a20750729a330300000000025100ffffffff925f27a4db9032976b0ed323094dcfd12d521f36f5b64f4879a20750729a33030500000006011601150114ffffffff925f27a4db9032976b0ed323094dcfd12d521f36f5b64f4879a20750729a3303080000000100ffffffff925f27a4db9032976b0ed323094dcfd12d521f36f5b64f4879a20750729a33030a00000002010bffffffffadb5b4d9c20de237a2bfa5543d8d53546fdeffed9b114e307b4d6823ef5fcd2203000000014fffffffffb1ecb9e79ce8f54e8529feeeb668a72a7f0c49831f83d76cfbc83155b8b9e1fe010000000100ffffffffb1ecb9e79ce8f54e8529feeeb668a72a7f0c49831f83d76cfbc83155b8b9e1fe0300000006011601150114ffffffffb1ecb9e79ce8f54e8529feeeb668a72a7f0c49831f83d76cfbc83155b8b9e1fe050000000351009affffffffb1ecb9e79ce8f54e8529feeeb668a72a7f0c49831f83d76cfbc83155b8b9e1fe060000000403ffff7fffffffffb1ecb9e79ce8f54e8529feeeb668a72a7f0c49831f83d76cfbc83155b8b9e1fe090000000351009bffffffffb8870d0eb7a246fe332401c2f44c59417d56b30de2640514add2e54132cf4bad0200000006011601150114ffffffffb8870d0eb7a246fe332401c2f44c59417d56b30de2640514add2e54132cf4bad04000000045b5a5193ffffffffc162c5adb8f1675ad3a17b417076efc8495541bcb1cd0f11755f062fb49d1a7a010000000151ffffffffc162c5adb8f1675ad3a17b417076efc8495541bcb1cd0f11755f062fb49d1a7a08000000025d5effffffffc162c5adb8f1675ad3a17b417076efc8495541bcb1cd0f11755f062fb49d1a7a0a000000045b5a5193ffffffffcc68b898c71166468049c9a4130809555908c30f3c88c07e6d28d2f6a6bb486b06000000020051ffffffffcc68b898c71166468049c9a4130809555908c30f3c88c07e6d28d2f6a6bb486b0800000003028000ffffffffce1cba7787ec167235879ca17f46bd4bfa405f9e3e2e35c544537bbd65a5d9620100000006011601150114ffffffffce1cba7787ec167235879ca17f46bd4bfa405f9e3e2e35c544537bbd65a5d962030000000704ffffff7f7693ffffffffd6bb18a96b21035e2d04fcd54f2f503d199aeb86b8033535e06ffdb400fb5829010000000100ffffffffd6bb18a96b21035e2d04fcd54f2f503d199aeb86b8033535e06ffdb400fb582907000000025d5effffffffd6bb18a96b21035e2d04fcd54f2f503d199aeb86b8033535e06ffdb400fb582909000000025b5affffffffd878941d1968d5027129e4b462aead4680bcce392c099d50f294063a528dad9c030000000161ffffffffd878941d1968d5027129e4b462aead4680bcce392c099d50f294063a528dad9c06000000034f4f93ffffffffe7ea17c77cbad48a8caa6ca87749ef887858eb3becc55c65f16733837ad5043a0200000006011601150114ffffffffe7ea17c77cbad48a8caa6ca87749ef887858eb3becc55c65f16733837ad5043a0300000003016f92ffffffffe7ea17c77cbad48a8caa6ca87749ef887858eb3becc55c65f16733837ad5043a050000000704ffffff7f7693ffffffffe7ea17c77cbad48a8caa6ca87749ef887858eb3becc55c65f16733837ad5043a08000000025173fffffffff24629f6d9f2b7753e1b6fe1104f8554de1ce6be0dfb4f262a28c38587ed5b34060000000151ffffffff0290051000000000001976a914954659bcb93fdad012a00d825a9bce69dc7c6a2688ac800c49110000000008517a01158874528700000000", vec![ "5279011688745387", "007a011488745287", "825587", "77", "4f9c", "76636768", "709393588893935687", "016e87", "6e7b8887", "9e", "93011587", "6362675168", "517a011588745287", "05feffffff0087", "82011a87", "6301ba675168", "0087", // There are 35 more .. ] ); } #[test] fn script_eval_testnet_failure_3() { // For SIGHASH_SINGLE signatures, the unsigned txouts are null, that is, // have blank script and value **** (u64)-1 ***** // txid 8ccc87b72d766ab3128f03176bb1c98293f2d1f85ebfaf07b82cc81ea6891fa9 test_tx( "01000000062c4fb29a89bfe568586dd52c4db39c3daed014bce2d94f66d79dadb82bd83000000000004847304402202ea9d51c7173b1d96d331bd41b3d1b4e78e66148e64ed5992abd6ca66290321c0220628c47517e049b3e41509e9d71e480a0cdc766f8cdec265ef0017711c1b5336f01ffffffff5b1015187325285e42c022e0c8388c0bd00a7efb0b28cd0828a5e9575bc040010000000049483045022100bf8e050c85ffa1c313108ad8c482c4849027937916374617af3f2e9a881861c9022023f65814222cab09d5ec41032ce9c72ca96a5676020736614de7b78a4e55325a81ffffffffc0e15d72865802279f4f5cd13fc86749ce27aac9fd4ba5a8b57c973a82d04a01000000004a493046022100839c1fbc5304de944f697c9f4b1d01d1faeba32d751c0f7acb21ac8a0f436a72022100e89bd46bb3a5a62adc679f659b7ce876d83ee297c7a5587b2011c4fcc72eab4502ffffffff4a1b2b51da86ee82eadce5d3b852aa8f9b3e63106d877e129c5cf450b47f5c02000000004a493046022100eaa5f90483eb20224616775891397d47efa64c68b969db1dacb1c30acdfc50aa022100cf9903bbefb1c8000cf482b0aeeb5af19287af20bd794de11d82716f9bae3db182ffffffff61a3e0d8305112ea97d9a2c29b258bd047cf7169c70b4136ba66feffee680f030000000049483045022047d512bc85842ac463ca3b669b62666ab8672ee60725b6c06759e476cebdc6c102210083805e93bd941770109bcc797784a71db9e48913f702c56e60b1c3e2ff379a6003ffffffffc7d6933e5149568d8b77fbd3f88c63e4e2449635c22defe02679492e7cb926030000000048473044022023ee4e95151b2fbbb08a72f35babe02830d14d54bd7ed1320e4751751d1baa4802206235245254f58fd1be6ff19ca291817da76da65c2f6d81d654b5185dd86b8acf83ffffffff0700e1f505000000001976a914c311d13cfbaa1fc8d364a8e89feb1985de58ae3988ac80d1f008000000001976a914eb907923b86af59d3fd918478546c7a234586caf88ac00c2eb0b000000001976a9141c88b9d44e5fc327025157c75af73774758ba68088ac80b2e60e000000001976a914142c0947df1df159b2367a0e1328efb5b76b62bd88ac00a3e111000000001976a914616bffc03acbb416ccf76a048a9bbb974c0504c488ac8093dc14000000001976a9141d5e6e993d168384864c3a92216b9b77560d436488ac804eacab060000001976a914aa9da4a3a4ddc7398ae467eddaf80d743349d6e988ac00000000", vec![ "2102715e91d37d239dea832f1460e91e368115d8ca6cc23a7da966795abad9e3b699ac", "2102f71546fc597e63e2a72dadeeeb50c0ca64079a5a530cb01dd939716d41e9d480ac", "21031ee99d2b786ab3b0991325f2de8489246a6a3fdb700f6d0511b1d80cf5f4cd43ac", "210249c6a76e37c2fcd56687dde6b75bbdf72fcdeeab6fe81561a9c41ac90d9d1f48ac", "21035c100972ff8c572dc80eaa15a958ab99064d7c6b9e55f0e6408dec11edd4debbac", "2103837725cf7377d40a965f082fa6a942d39d9c2433c6d3c7bb4fa262e7d0d19defac", ] ); } #[test] fn script_eval_testnet_failure_4() { // Multisig // txid 067cb44dcbd1e3b16eed2482cbe462a461896d4eec891935020a97158f1c100b test_tx( "01000000018feacff32dfee2218f7873c11087c65b5e7890ad2395da7d4a3e9a7b77bd23f8000000009300483045022100f76f485db0632f4a7fb3c95a5c0eae7b5d0e885f87ac4991e429b3c0f3c444ad0220155a281d7d9bb13ad013df8057a3d43f45de2702ba10b976164fbfcd4be452db014830450221008aa307b332eb0c96bf7c25c7d3c04ae75f071ed652f18dac55dedec7262aef6702203f0a46856b8b9acfac475f1056f04bf50e41aa967c401b85bea3ef20e470d27501ffffffff0100f2052a010000001976a9140550f9aedabdd2ee0424f53f26faeff1b899cc1688ac00000000", vec!["52210266816de738c62ad789119fdb13131faa13f588359484ca61d0515cdcc7648ecd21025fe4a325d96f109529734af5de80b961274de5720c30646c398202e5d555adca52ae"] ); } #[test] fn script_eval_testnet_failure_5() { // Pushes in the dead half of OP_IF's should still skip over all the data (OP_PUSH[0..75] // txid 4d0bbf6348726a49600171033e456548a09b246829d649e77b929caf242ae6e7 test_tx( "01000000017c19a5b0b84188bca5decac0dc8582f5f5ff003b1a4d705181ec5d9620c1f64600000000940048304502207d02ce76875b1b3f2b7af9e45954af1ab531da6ab3edd471aa9148f139c8bad1022100f0f85fd987e90a131f2e311acdfe212925e218ffa5cf79e84e9890c2ddbdbd450148304502207d02ce76875b1b3f2b7af9e45954af1ab531da6ab3edd471aa9148f139c8bad1022100f0f85fd987e90a131f2e311acdfe212925e218ffa5cf79e84e9890c2ddbdbd450151ffffffff0100e1f505000000001976a91403efb01790d098aef3752449a94a1dc593e527cd88ac00000000", vec!["6352210261411d0de63460bfed73cb871f868bc3064d1db2a09f27b2477852b1811a02ef210261411d0de63460bfed73cb871f868bc3064d1db2a09f27b2477852b1811a02ef52ae67a820080af0b0156c5dd12c820b2b1b4fbfa315d05ac5a0ea2f9a657d4c8881d0869f88a820080af0b0156c5dd12c820b2b1b4fbfa315d05ac5a0ea2f9a657d4c8881d0869f88210261411d0de63460bfed73cb871f868bc3064d1db2a09f27b2477852b1811a02efac68"] ); } #[test] fn script_eval_testnet_failure_6() { // Pushes in the dead half of OP_IF's should still skip over all the data (OP_PUSHDATA1 2 4) // txid a2119ab5f90270836643665183b21e114daaa6dfdc1bdd7525e1187aa153a229 test_tx( "01000000015e0767f6b58b766d922c6ddd6afc46af9d21c613754bd7cb8010adf0c9c090d2010000000401010100ffffffff0180f0fa02000000001976a914993bcb95575ecda9e7106a30f42232b8e89917c388ac00000000", vec!["63ff4c0778657274726f7668"] ); } #[test] fn script_eval_testnet_failure_7() { // script_find_and_delete needs to drop the entire push operation, not just the signature data // txid 2c63aa814701cef5dbd4bbaddab3fea9117028f2434dddcdab8339141e9b14d1 test_tx( "01000000022f196cf1e5bd426a04f07b882c893b5b5edebad67da6eb50f066c372ed736d5f000000006a47304402201f81ac31b52cb4b1ceb83f97d18476f7339b74f4eecd1a32c251d4c3cccfffa402203c9143c18810ce072969e4132fdab91408816c96b423b2be38eec8a3582ade36012102aa5a2b334bd8f135f11bc5c477bf6307ff98ed52d3ed10f857d5c89adf5b02beffffffffff8755f073f1170c0d519457ffc4acaa7cb2988148163b5dc457fae0fe42aa19000000009200483045022015bd0139bcccf990a6af6ec5c1c52ed8222e03a0d51c334df139968525d2fcd20221009f9efe325476eb64c3958e4713e9eefe49bf1d820ed58d2112721b134e2a1a530347304402206da827fb26e569eb740641f9c1a7121ee59141703cbe0f903a22cc7d9a7ec7ac02204729f989b5348b3669ab020b8c4af01acc4deaba7c0d9f8fa9e06b2106cbbfeb01ffffffff010000000000000000016a00000000", vec![ "76a91419660c27383b347112e92caba64fb1d07e9f63bf88ac", "483045022015bd0139bcccf990a6af6ec5c1c52ed8222e03a0d51c334df139968525d2fcd20221009f9efe325476eb64c3958e4713e9eefe49bf1d820ed58d2112721b134e2a1a53037552210378d430274f8c5ec1321338151e9f27f4c676a008bdf8638d07c0b6be9ab35c71210378d430274f8c5ec1321338151e9f27f4c676a008bdf8638d07c0b6be9ab35c7152ae" ] ); } #[test] fn script_eval_testnet_failure_8() { // Fencepost error in OP_CODESEPARATOR // txid 46224764c7870f95b58f155bce1e38d4da8e99d42dbb632d0dd7c07e092ee5aa test_tx( "01000000012432b60dc72cebc1a27ce0969c0989c895bdd9e62e8234839117f8fc32d17fbc000000004a493046022100a576b52051962c25e642c0fd3d77ee6c92487048e5d90818bcf5b51abaccd7900221008204f8fb121be4ec3b24483b1f92d89b1b0548513a134e345c5442e86e8617a501ffffffff010000000000000000016a00000000", vec!["24ab21038479a0fa998cd35259a2ef0a7a5c68662c1474f88ccb6d08a7677bbec7f22041ac"] ); } #[test] fn script_eval_testnet_failure_9() { // All OP_CODESEPARATORS must be removed, not just the first one // txid 6327783a064d4e350c454ad5cd90201aedf65b1fc524e73709c52f0163739190 test_tx( "010000000144490eda355be7480f2ec828dcc1b9903793a8008fad8cfe9b0c6b4d2f0355a900000000924830450221009c0a27f886a1d8cb87f6f595fbc3163d28f7a81ec3c4b252ee7f3ac77fd13ffa02203caa8dfa09713c8c4d7ef575c75ed97812072405d932bd11e6a1593a98b679370148304502201e3861ef39a526406bad1e20ecad06be7375ad40ddb582c9be42d26c3a0d7b240221009d0a3985e96522e59635d19cc4448547477396ce0ef17a58e7d74c3ef464292301ffffffff010000000000000000016a00000000", vec!["21038479a0fa998cd35259a2ef0a7a5c68662c1474f88ccb6d08a7677bbec7f22041adab21038479a0fa998cd35259a2ef0a7a5c68662c1474f88ccb6d08a7677bbec7f22041adab51"] ); } #[test] fn script_eval_testnet_failure_10() { // In first 500 blocks, started failing after mem changes // txid a44d40b3a14aca3f19ccf47244ef4a70ed02d00f5d840c38756368e9a7cc24b1 test_tx( "010000000328ce10c7189026866bcfc1d06b278981ddf21ec0e364e28e294365b5c328cd4301000000fd460100493046022100a78f180f5851ebe9de7e6ae6f88ecf36ed9f165e5df1e17eec16b22e6397dc0b022100c3ae88400294ae464665d63b8035f1de4bb19ddd7cc0cc5c1d5a3fe28f4fcae70147304402206f035ce436fa307038bf4bac15a8b97fadb3c809b6d9289eae7de0d0f9d527b1022026534d695be2d7adbebda5d2c4cdee83e27015eed32a5ff950ecf136a1db85760147304402201a0a6ac0f488e7dc8fc7c9aca5d79b541d60d7ad1aaf61f55ee57e61ff2dab4a02200267bfcce527810d7af54a30ebfb0ced371aa24bf7791ee72474c5ff5703d352014c69532102ca2a810ab17249b6033a038de563983881b4069270183f3c0aba945653e442162103f480f1b648d0d5167804ad4d586e0e757cc33fde0e133fd036e45d60d2db59e12103c18131d8de99d45fb72a774cab0ccc258cd2abd9605610da20b9a232c88a3cb653aeffffffff7ae001aef566f8273a7cd14dcbc1d2bcd7927de792c5042375033991ef5523c301000000fdfe0000483045022100b48f165ae0931a540a5d2151ea9408a551122dbae07ba4fe26b2d840d8812ae002207cc87346c2dea3ad287395176d15a96396141fb1b1bdaabba9dbf346506f601501483045022026f2db95286e9831c2efc60c2a65c3e4928a5fa9f045561540f689d8de856221022100aecd777e17b07eef046d40046da0b90fcea86938b21479ab0ef0d158ab8639dc014c69522102ca2a810ab17249b6033a038de563983881b4069270183f3c0aba945653e442162103f480f1b648d0d5167804ad4d586e0e757cc33fde0e133fd036e45d60d2db59e12103c18131d8de99d45fb72a774cab0ccc258cd2abd9605610da20b9a232c88a3cb653aeffffffffa51be37aee4c76f23461168ee6d82dba07181b318390625b9acb2ec2be1004ba01000000dc00483045022100e4a2e8db8d020fc15ec83961820f021bcedc748075e5b4985eebfa006dec14ec022016ea51461beac82c7aef059a8359015286672963fa571fc3f98497ee3303b374014930460221008e6d8d560e3bd8eae2af62e90cd3439d80f68e4c45327c16d98a445c8ff941aa022100d39bee0fff226c264047264dbb421bf378362c8930bf4463bb09ef1b4fdf8a720147522102ca2a810ab17249b6033a038de563983881b4069270183f3c0aba945653e442162103f480f1b648d0d5167804ad4d586e0e757cc33fde0e133fd036e45d60d2db59e152aeffffffff05c0caad2a0100000017a9141d9ca71efa36d814424ea6ca1437e67287aebe3487c09448660100000017a91424fbc77cdc62702ade74dcf989c15e5d3f9240bc87c05ee3a10100000017a914afbfb74ee994c7d45f6698738bc4226d065266f7876043993b000000001976a914d2a37ce20ac9ec4f15dd05a7c6e8e9fbdb99850e88ac00f2052a010000001976a9146b2044146a4438e6e5bfbc65f147afeb64d14fbb88ac00000000", vec![ "a9149eb21980dc9d413d8eac27314938b9da920ee53e87", "a91409f70b896169c37981d2b54b371df0d81a136a2c87", "a914e371782582a4addb541362c55565d2cdf56f649887", ] ); } #[test] fn provably_unspendable_test() { // p2pk assert_eq!(Script::from_vec("410446ef0102d1ec5240f0d061a4246c1bdef63fc3dbab7733052fbbf0ecd8f41fc26bf049ebb4f9527f374280259e7cfa99c48b0e3f39c51347a19a5819651503a5ac".from_hex().unwrap()).is_provably_unspendable(), false); assert_eq!(Script::from_vec("4104ea1feff861b51fe3f5f8a3b12d0f4712db80e919548a80839fc47c6a21e66d957e9c5d8cd108c7a2d2324bad71f9904ac0ae7336507d785b17a2c115e427a32fac".from_hex().unwrap()).is_provably_unspendable(), false); // p2pkhash assert_eq!(Script::from_vec("76a914ee61d57ab51b9d212335b1dba62794ac20d2bcf988ac".from_hex().unwrap()).is_provably_unspendable(), false); assert_eq!(Script::from_vec("6aa9149eb21980dc9d413d8eac27314938b9da920ee53e87".from_hex().unwrap()).is_provably_unspendable(), true); // if return; else return assert_eq!(Script::from_vec("636a676a68".from_hex().unwrap()).is_provably_unspendable(), true); // if return; else don't assert_eq!(Script::from_vec("636a6768".from_hex().unwrap()).is_provably_unspendable(), false); // op_equal assert_eq!(Script::from_vec("87".from_hex().unwrap()).is_provably_unspendable(), false); assert_eq!(Script::from_vec("000087".from_hex().unwrap()).is_provably_unspendable(), false); assert_eq!(Script::from_vec("510087".from_hex().unwrap()).is_provably_unspendable(), true); assert_eq!(Script::from_vec("510088".from_hex().unwrap()).is_provably_unspendable(), true); // nested ifs assert_eq!(Script::from_vec("6363636363686868686800".from_hex().unwrap()).is_provably_unspendable(), true); // repeated op_equals assert_eq!(Script::from_vec("8787878787878787".from_hex().unwrap()).is_provably_unspendable(), false); // op_ifdup assert_eq!(Script::from_vec("73".from_hex().unwrap()).is_provably_unspendable(), false); assert_eq!(Script::from_vec("5173".from_hex().unwrap()).is_provably_unspendable(), false); assert_eq!(Script::from_vec("0073".from_hex().unwrap()).is_provably_unspendable(), true); // this is honest to god tx e411dbebd2f7d64dafeef9b14b5c59ec60c36779d43f850e5e347abee1e1a455 on mainnet assert_eq!(Script::from_vec("76a9144838a081d73cf134e8ff9cfd4015406c73beceb388acacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacacac".from_hex().unwrap()).is_provably_unspendable(), true); // Real, testnet spent ones that caused me trouble assert_eq!(Script::from_vec("7c51880087".from_hex().unwrap()).is_provably_unspendable(), false); assert_eq!(Script::from_vec("9e91".from_hex().unwrap()).is_provably_unspendable(), false); assert_eq!(Script::from_vec("76a97ca8a687".from_hex().unwrap()).is_provably_unspendable(), false); assert_eq!(Script::from_vec("04010203047576a914bfbd43270c1e824c01e27386844d062d2f7518a688ad76a97614d2f7b8a37fb9b46782534078f9748f41d61a22f3877c148d4c6a901a3d87ed680478931dc9b6f0871af0ab879b69ac".from_hex().unwrap()).is_provably_unspendable(), false); assert_eq!(Script::from_vec("03800000".from_hex().unwrap()).is_provably_unspendable(), false); // This one is cool -- a 2-of-4 multisig with four pks given, only two of which are legit assert_eq!(Script::from_vec("522103bb52138972c48a132fc1f637858c5189607dd0f7fe40c4f20f6ad65f2d389ba42103bb52138972c48a132fc1f637858c5189607dd0f7fe40c4f20f6ad65f2d389ba45f6054ae".from_hex().unwrap()).is_provably_unspendable(), false); assert_eq!(Script::from_vec("64635167006867630067516868".from_hex().unwrap()).is_provably_unspendable(), false); // This one is on mainnet oeO assert_eq!(Script::from_vec("827651a0698faaa9a8a7a687".from_hex().unwrap()).is_provably_unspendable(), false); // gmaxwell found this one assert_eq!(Script::from_vec("76009f69905160a56b210378d430274f8c5ec1321338151e9f27f4c676a008bdf8638d07c0b6be9ab35c71ad6c".from_hex().unwrap()).is_provably_unspendable(), false); } }