[raw] reject insanely high fees by default in sendrawtransaction

There have been several incidents where mainnet experimentation with raw transactions resulted in insane fees. This is hard to prevent in the raw transaction api because the inputs may not be known. Since sending doesn't work if the inputs aren't known, we can catch it there. This rejects fees > than 10000 * nMinRelayTxFee or 1 BTC with the defaults and can be overridden with a bool at the rpc.
2026-01-18 22:35:39 +01:00 · 2013-08-28 15:41:46 -07:00
parent bb7d0fc12f
commit 9d14e689c8
4 changed files with 15 additions and 5 deletions
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -787,7 +787,7 @@ void CTxMemPool::pruneSpent(const uint256 &hashTx, CCoins &coins)
 }

 bool CTxMemPool::accept(CValidationState &state, const CTransaction &tx, bool fLimitFree,
-                        bool* pfMissingInputs)
+                        bool* pfMissingInputs, bool fRejectInsaneFee)
 {
    if (pfMissingInputs)
        *pfMissingInputs = false;
@@ -921,6 +921,11 @@ bool CTxMemPool::accept(CValidationState &state, const CTransaction &tx, bool fL
            dFreeCount += nSize;
        }

+        if (fRejectInsaneFee && nFees > CTransaction::nMinRelayTxFee * 10000)
+            return error("CTxMemPool::accept() : insane fees %s, %"PRI64d" > %"PRI64d,
+                         hash.ToString().c_str(),
+                         nFees, CTransaction::nMinRelayTxFee * 10000);
+
        // Check against previous transactions
        // This is done last to help prevent CPU exhaustion denial-of-service attacks.
        if (!CheckInputs(tx, state, view, true, SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_STRICTENC))