Add new ScriptFlag ScriptStrictMultiSig.

ScriptStrictMultiSig verifies that the stack item used by CHECKMULTISIG
is zero length.

opcode.go

@@ -1891,11 +1891,16 @@ func opcodeCheckMultiSig(op *parsedOpcode, s *Script) error {
 	}
 
 	// bug in bitcoind mean we pop one more stack value than should be used.
-	_, err = s.dstack.PopByteArray()
+	dummy, err := s.dstack.PopByteArray()
 	if err != nil {
 		return err
 	}
 
+	if s.strictMultiSig && len(dummy) != 0 {
+		return fmt.Errorf("multisig dummy argument is not zero length: %d",
+			len(dummy))
+	}
+
 	if len(signatures) == 0 {
 		s.dstack.PushBool(nsig == 0)
 		return nil

script.go

@@ -207,6 +207,7 @@ type Script struct {
 	numOps          int
 	bip16           bool     // treat execution as pay-to-script-hash
 	der             bool     // enforce DER encoding
+	strictMultiSig  bool     // verify multisig stack item is zero length
 	savedFirstStack [][]byte // stack from first script for bip16 scripts
 }
 
@@ -508,6 +509,10 @@ const (
 	// recognized by creator of the transaction.  Performing a canonical
 	// check enforces script signatures use a unique DER format.
 	ScriptCanonicalSignatures
+
+	// ScriptStrictMultiSig defines whether to verify the stack item
+	// used by CHECKMULTISIG is zero length.
+	ScriptStrictMultiSig
 )
 
 // NewScript returns a new script engine for the provided tx and input idx with
@@ -550,6 +555,9 @@ func NewScript(scriptSig []byte, scriptPubKey []byte, txidx int, tx *btcwire.Msg
 	if flags&ScriptCanonicalSignatures == ScriptCanonicalSignatures {
 		m.der = true
 	}
+	if flags&ScriptStrictMultiSig == ScriptStrictMultiSig {
+		m.strictMultiSig = true
+	}
 
 	m.tx = *tx
 	m.txidx = txidx