From b24c1a4c78685618e884762162b2692be5a3c7c7 Mon Sep 17 00:00:00 2001
From: David Hill <dhill@mindcry.org>
Date: Mon, 6 Jul 2020 09:07:59 +0000
Subject: [PATCH] webapi: sanity check the fee transaction (#151)

---
 go.mod           | 1 +
 go.sum           | 1 +
 webapi/payfee.go | 9 +++++++++
 3 files changed, 11 insertions(+)

diff --git a/go.mod b/go.mod
index cc68dcd..b53e923 100644
--- a/go.mod
+++ b/go.mod
@@ -5,6 +5,7 @@ go 1.13
 require (
 	decred.org/dcrwallet v1.2.3-0.20200519180100-f1aa4c354e05
 	github.com/decred/dcrd/blockchain/stake/v3 v3.0.0-20200616182840-3baf1f590cb1
+	github.com/decred/dcrd/blockchain/v3 v3.0.0-20200311044114-143c1884e4c8
 	github.com/decred/dcrd/chaincfg/chainhash v1.0.2
 	github.com/decred/dcrd/chaincfg/v3 v3.0.0-20200616182840-3baf1f590cb1
 	github.com/decred/dcrd/dcrec v1.0.0
diff --git a/go.sum b/go.sum
index 7338acc..f1b5c3f 100644
--- a/go.sum
+++ b/go.sum
@@ -28,6 +28,7 @@ github.com/decred/dcrd/blockchain/stake/v3 v3.0.0-20200616182840-3baf1f590cb1 h1
 github.com/decred/dcrd/blockchain/stake/v3 v3.0.0-20200616182840-3baf1f590cb1/go.mod h1:1e94ovQXEcOjIn7BRzkXpswA7pWQXqB2el5l0w0Srf8=
 github.com/decred/dcrd/blockchain/standalone v1.1.0 h1:yclvVGEY09Gf8A4GSAo+NCtL1dW2TYJ4OKp4+g0ICI0=
 github.com/decred/dcrd/blockchain/standalone v1.1.0/go.mod h1:6K8ZgzlWM1Kz2TwXbrtiAvfvIwfAmlzrtpA7CVPCUPE=
+github.com/decred/dcrd/blockchain/v3 v3.0.0-20200311044114-143c1884e4c8 h1:I3psccIeKb9eld+TNd69SgUOy6940uflH/J3aLM2ctU=
 github.com/decred/dcrd/blockchain/v3 v3.0.0-20200311044114-143c1884e4c8/go.mod h1:R9rIXU8kEJVC9Z4LAlh9bo9hiT3a+ihys3mCrz4PVao=
 github.com/decred/dcrd/certgen v1.1.0/go.mod h1:ivkPLChfjdAgFh7ZQOtl6kJRqVkfrCq67dlq3AbZBQE=
 github.com/decred/dcrd/chaincfg/chainhash v1.0.2 h1:rt5Vlq/jM3ZawwiacWjPa+smINyLRN07EO0cNBV6DGU=
diff --git a/webapi/payfee.go b/webapi/payfee.go
index c5a3325..f43c604 100644
--- a/webapi/payfee.go
+++ b/webapi/payfee.go
@@ -3,6 +3,7 @@ package webapi
 import (
 	"time"
 
+	"github.com/decred/dcrd/blockchain/v3"
 	"github.com/decred/dcrd/dcrec"
 	"github.com/decred/dcrd/dcrutil/v3"
 	"github.com/decred/dcrd/txscript/v3"
@@ -107,6 +108,14 @@ func payFee(c *gin.Context) {
 		return
 	}
 
+	err = blockchain.CheckTransactionSanity(feeTx, cfg.NetParams)
+	if err != nil {
+		log.Warnf("%s: Fee tx failed sanity check (clientIP=%s, ticketHash=%s): %v",
+			funcName, c.ClientIP(), ticket.Hash, err)
+		sendError(errInvalidFeeTx, c)
+		return
+	}
+
 	// Loop through transaction outputs until we find one which pays to the
 	// expected fee address. Record how much is being paid to the fee address.
 	var feePaid dcrutil.Amount