Push TX: Include validation to prevent DoS

2023-04-19 18:10:10 -07:00 · 2023-04-19 18:10:10 -07:00 · 21a47a7b4b
commit 21a47a7b4b
parent 31336d47e2
3 changed files with 91 additions and 11 deletions
--- a/backend/src/api/bitcoin/bitcoin.routes.ts
+++ b/backend/src/api/bitcoin/bitcoin.routes.ts
@ -723,12 +723,7 @@ class BitcoinRoutes {
  private async $postTransaction(req: Request, res: Response) {
    res.setHeader('content-type', 'text/plain');
    try {
-      let rawTx;
+      const rawTx = Common.getTransactionFromRequest(req, false);
      if (typeof req.body === 'object') {
        rawTx = Object.keys(req.body)[0];
      } else {
        rawTx = req.body;
      }
      const txIdResult = await bitcoinApi.$sendRawTransaction(rawTx);
      res.send(txIdResult);
    } catch (e: any) {
@ -739,12 +734,8 @@ class BitcoinRoutes {
  private async $postTransactionForm(req: Request, res: Response) {
    res.setHeader('content-type', 'text/plain');
    const matches = /tx=([a-z0-9]+)/.exec(req.body);
    let txHex = '';
    if (matches && matches[1]) {
      txHex = matches[1];
    }
    try {
      const txHex = Common.getTransactionFromRequest(req, true);
      const txIdResult = await bitcoinClient.sendRawTransaction(txHex);
      res.send(txIdResult);
    } catch (e: any) {
--- a/backend/src/api/common.ts
+++ b/backend/src/api/common.ts
@ -1,3 +1,5 @@
 import * as bitcoinjs from 'bitcoinjs-lib';
 import { Request } from 'express';
 import { Ancestor, CpfpInfo, CpfpSummary, CpfpCluster, EffectiveFeeStats, MempoolBlockWithTransactions, TransactionExtended, MempoolTransactionExtended, TransactionStripped, WorkingEffectiveFeeStats } from '../mempool.interfaces';
 import config from '../config';
 import { NodeSocket } from '../repositories/NodesSocketsRepository';
@ -511,6 +513,89 @@ export class Common {
  static getNthPercentile(n: number, sortedDistribution: any[]): any {
    return sortedDistribution[Math.floor((sortedDistribution.length - 1) * (n / 100))];
  }
  static getTransactionFromRequest(req: Request, form: boolean): string {
    let rawTx: any = typeof req.body === 'object' && form
      ? Object.values(req.body)[0] as any
      : req.body;
    if (typeof rawTx !== 'string') {
      throw Object.assign(new Error('Non-string request body'), { code: -1 });
    }
    // Support both upper and lower case hex
    // Support both txHash= Form and direct API POST
    const reg = form ? /^txHash=((?:[a-fA-F0-9]{2})+)$/ : /^((?:[a-fA-F0-9]{2})+)$/;
    const matches = reg.exec(rawTx);
    if (!matches || !matches[1]) {
      throw Object.assign(new Error('Non-hex request body'), { code: -2 });
    }
    // Guaranteed to be a hex string of multiple of 2
    // Guaranteed to be lower case
    // Guaranteed to pass validation (see function below)
    return this.validateTransactionHex(matches[1].toLowerCase());
  }
  private static validateTransactionHex(txhex: string): string {
    // Do not mutate txhex
    // We assume txhex to be valid hex (output of getTransactionFromRequest above)
    // Check 1: Valid transaction parse
    let tx: bitcoinjs.Transaction;
    try {
      tx = bitcoinjs.Transaction.fromHex(txhex);
    } catch(e) {
      throw Object.assign(new Error('Invalid transaction (could not parse)'), { code: -4 });
    }
    // Check 2: Simple size check
    if (tx.weight() > config.MEMPOOL.MAX_PUSH_TX_SIZE_WEIGHT) {
      throw Object.assign(new Error(`Transaction too large (max ${config.MEMPOOL.MAX_PUSH_TX_SIZE_WEIGHT} weight units)`), { code: -3 });
    }
    // Check 3: Check unreachable script in taproot (if not allowed)
    if (!config.MEMPOOL.ALLOW_UNREACHABLE) {
      tx.ins.forEach(input => {
        const witness = input.witness;
        // See BIP 341: Script validation rules
        const hasAnnex = witness.length >= 2 &&
          witness[witness.length - 1].length > 1 &&
          witness[witness.length - 1][0] === 0x50;
        const scriptSpendMinLength = hasAnnex ? 3 : 2;
        const maybeScriptSpend = witness.length >= scriptSpendMinLength;
        if (maybeScriptSpend) {
          const controlBlock = witness[witness.length - scriptSpendMinLength + 1];
          if (controlBlock.length === 0 || (controlBlock[0] & 0xfe) < 0xc0) {
            // Skip this input, it's not taproot
            return;
          }
          // Definitely taproot. Get script
          const script = witness[witness.length - scriptSpendMinLength];
          const decompiled = bitcoinjs.script.decompile(script);
          if (!decompiled || decompiled.length < 2) {
            // Skip this input
            return;
          }
          // Iterate up to second last (will look ahead 1 item)
          for (let i = 0; i < decompiled.length - 1; i++) {
            const first = decompiled[i];
            const second = decompiled[i + 1];
            if (
              first === bitcoinjs.opcodes.OP_FALSE &&
              second === bitcoinjs.opcodes.OP_IF
            ) {
              throw Object.assign(new Error('Unreachable taproot scripts not allowed'), { code: -5 });
            }
          }
        }
      })
    }
    // Pass through the input string untouched
    return txhex;
  }
 }
 /**
--- a/backend/src/config.ts
+++ b/backend/src/config.ts
@ -35,6 +35,8 @@ interface IConfig {
    CPFP_INDEXING: boolean;
    MAX_BLOCKS_BULK_QUERY: number;
    DISK_CACHE_BLOCK_INTERVAL: number;
    MAX_PUSH_TX_SIZE_WEIGHT: number;
    ALLOW_UNREACHABLE: boolean;
  };
  ESPLORA: {
    REST_API_URL: string;
@ -165,6 +167,8 @@ const defaults: IConfig = {
    'CPFP_INDEXING': false,
    'MAX_BLOCKS_BULK_QUERY': 0,
    'DISK_CACHE_BLOCK_INTERVAL': 6,
    'MAX_PUSH_TX_SIZE_WEIGHT': 400000,
    'ALLOW_UNREACHABLE': true,
  },
  'ESPLORA': {
    'REST_API_URL': 'http://127.0.0.1:3000',