Treat non-final transactions as non-standard

At least one service that accepted zero-confirmation transactions
was vulnerable because an attacker could send a transaction
with a lock time far in the future, and then have plenty of time in
which to get a double-spend mined (perhaps from a miner who wasn't
on the network when the first transaction was broadcast).

That is a variation on the "Finney attack". We still don't
recommend anybody accept 0-confirmation transactions as final
payment for anything. This change keeps non-final transactions
from appearing in the wallet, and, assuming most of the network
accepts this change, will prevent them from being relayed until
they are final.
This commit is contained in:
Gavin Andresen 2013-01-26 14:38:40 -05:00
parent bb5181fcc2
commit 6f8730752c

View file

@ -368,6 +368,9 @@ bool CTransaction::IsStandard() const
if (nVersion > CTransaction::CURRENT_VERSION) if (nVersion > CTransaction::CURRENT_VERSION)
return false; return false;
if (!IsFinal())
return false;
BOOST_FOREACH(const CTxIn& txin, vin) BOOST_FOREACH(const CTxIn& txin, vin)
{ {
// Biggest 'standard' txin is a 3-signature 3-of-3 CHECKMULTISIG // Biggest 'standard' txin is a 3-signature 3-of-3 CHECKMULTISIG