1 // Copyright (c) 2013-2017 The btcsuite developers
2 // Use of this source code is governed by an ISC
3 // license that can be found in the LICENSE file.
15 "golang.org/x/crypto/ripemd160"
17 "github.com/btcsuite/btcd/btcec"
18 "github.com/btcsuite/btcd/chaincfg/chainhash"
19 "github.com/btcsuite/btcd/wire"
22 // An opcode defines the information related to a txscript opcode. opfunc, if
23 // present, is the function to call to perform the opcode on the script. The
24 // current script is passed in as a slice with the first member being the opcode
30 opfunc func(*parsedOpcode, *Engine) error
33 // These constants are the values of the official opcodes used on the btc wiki,
34 // in bitcoin core and in most if not all other references and software related
35 // to handling BTC scripts.
38 OP_FALSE = 0x00 // 0 - AKA OP_0
48 OP_DATA_10 = 0x0a // 10
49 OP_DATA_11 = 0x0b // 11
50 OP_DATA_12 = 0x0c // 12
51 OP_DATA_13 = 0x0d // 13
52 OP_DATA_14 = 0x0e // 14
53 OP_DATA_15 = 0x0f // 15
54 OP_DATA_16 = 0x10 // 16
55 OP_DATA_17 = 0x11 // 17
56 OP_DATA_18 = 0x12 // 18
57 OP_DATA_19 = 0x13 // 19
58 OP_DATA_20 = 0x14 // 20
59 OP_DATA_21 = 0x15 // 21
60 OP_DATA_22 = 0x16 // 22
61 OP_DATA_23 = 0x17 // 23
62 OP_DATA_24 = 0x18 // 24
63 OP_DATA_25 = 0x19 // 25
64 OP_DATA_26 = 0x1a // 26
65 OP_DATA_27 = 0x1b // 27
66 OP_DATA_28 = 0x1c // 28
67 OP_DATA_29 = 0x1d // 29
68 OP_DATA_30 = 0x1e // 30
69 OP_DATA_31 = 0x1f // 31
70 OP_DATA_32 = 0x20 // 32
71 OP_DATA_33 = 0x21 // 33
72 OP_DATA_34 = 0x22 // 34
73 OP_DATA_35 = 0x23 // 35
74 OP_DATA_36 = 0x24 // 36
75 OP_DATA_37 = 0x25 // 37
76 OP_DATA_38 = 0x26 // 38
77 OP_DATA_39 = 0x27 // 39
78 OP_DATA_40 = 0x28 // 40
79 OP_DATA_41 = 0x29 // 41
80 OP_DATA_42 = 0x2a // 42
81 OP_DATA_43 = 0x2b // 43
82 OP_DATA_44 = 0x2c // 44
83 OP_DATA_45 = 0x2d // 45
84 OP_DATA_46 = 0x2e // 46
85 OP_DATA_47 = 0x2f // 47
86 OP_DATA_48 = 0x30 // 48
87 OP_DATA_49 = 0x31 // 49
88 OP_DATA_50 = 0x32 // 50
89 OP_DATA_51 = 0x33 // 51
90 OP_DATA_52 = 0x34 // 52
91 OP_DATA_53 = 0x35 // 53
92 OP_DATA_54 = 0x36 // 54
93 OP_DATA_55 = 0x37 // 55
94 OP_DATA_56 = 0x38 // 56
95 OP_DATA_57 = 0x39 // 57
96 OP_DATA_58 = 0x3a // 58
97 OP_DATA_59 = 0x3b // 59
98 OP_DATA_60 = 0x3c // 60
99 OP_DATA_61 = 0x3d // 61
100 OP_DATA_62 = 0x3e // 62
101 OP_DATA_63 = 0x3f // 63
102 OP_DATA_64 = 0x40 // 64
103 OP_DATA_65 = 0x41 // 65
104 OP_DATA_66 = 0x42 // 66
105 OP_DATA_67 = 0x43 // 67
106 OP_DATA_68 = 0x44 // 68
107 OP_DATA_69 = 0x45 // 69
108 OP_DATA_70 = 0x46 // 70
109 OP_DATA_71 = 0x47 // 71
110 OP_DATA_72 = 0x48 // 72
111 OP_DATA_73 = 0x49 // 73
112 OP_DATA_74 = 0x4a // 74
113 OP_DATA_75 = 0x4b // 75
114 OP_PUSHDATA1 = 0x4c // 76
115 OP_PUSHDATA2 = 0x4d // 77
116 OP_PUSHDATA4 = 0x4e // 78
117 OP_1NEGATE = 0x4f // 79
118 OP_RESERVED = 0x50 // 80
119 OP_1 = 0x51 // 81 - AKA OP_TRUE
139 OP_NOTIF = 0x64 // 100
140 OP_VERIF = 0x65 // 101
141 OP_VERNOTIF = 0x66 // 102
142 OP_ELSE = 0x67 // 103
143 OP_ENDIF = 0x68 // 104
144 OP_VERIFY = 0x69 // 105
145 OP_RETURN = 0x6a // 106
146 OP_TOALTSTACK = 0x6b // 107
147 OP_FROMALTSTACK = 0x6c // 108
148 OP_2DROP = 0x6d // 109
149 OP_2DUP = 0x6e // 110
150 OP_3DUP = 0x6f // 111
151 OP_2OVER = 0x70 // 112
152 OP_2ROT = 0x71 // 113
153 OP_2SWAP = 0x72 // 114
154 OP_IFDUP = 0x73 // 115
155 OP_DEPTH = 0x74 // 116
156 OP_DROP = 0x75 // 117
159 OP_OVER = 0x78 // 120
160 OP_PICK = 0x79 // 121
161 OP_ROLL = 0x7a // 122
163 OP_SWAP = 0x7c // 124
164 OP_TUCK = 0x7d // 125
166 OP_SUBSTR = 0x7f // 127
167 OP_LEFT = 0x80 // 128
168 OP_RIGHT = 0x81 // 129
169 OP_SIZE = 0x82 // 130
170 OP_INVERT = 0x83 // 131
174 OP_EQUAL = 0x87 // 135
175 OP_EQUALVERIFY = 0x88 // 136
176 OP_RESERVED1 = 0x89 // 137
177 OP_RESERVED2 = 0x8a // 138
178 OP_1ADD = 0x8b // 139
179 OP_1SUB = 0x8c // 140
180 OP_2MUL = 0x8d // 141
181 OP_2DIV = 0x8e // 142
182 OP_NEGATE = 0x8f // 143
185 OP_0NOTEQUAL = 0x92 // 146
191 OP_LSHIFT = 0x98 // 152
192 OP_RSHIFT = 0x99 // 153
193 OP_BOOLAND = 0x9a // 154
194 OP_BOOLOR = 0x9b // 155
195 OP_NUMEQUAL = 0x9c // 156
196 OP_NUMEQUALVERIFY = 0x9d // 157
197 OP_NUMNOTEQUAL = 0x9e // 158
198 OP_LESSTHAN = 0x9f // 159
199 OP_GREATERTHAN = 0xa0 // 160
200 OP_LESSTHANOREQUAL = 0xa1 // 161
201 OP_GREATERTHANOREQUAL = 0xa2 // 162
204 OP_WITHIN = 0xa5 // 165
205 OP_RIPEMD160 = 0xa6 // 166
206 OP_SHA1 = 0xa7 // 167
207 OP_SHA256 = 0xa8 // 168
208 OP_HASH160 = 0xa9 // 169
209 OP_HASH256 = 0xaa // 170
210 OP_CODESEPARATOR = 0xab // 171
211 OP_CHECKSIG = 0xac // 172
212 OP_CHECKSIGVERIFY = 0xad // 173
213 OP_CHECKMULTISIG = 0xae // 174
214 OP_CHECKMULTISIGVERIFY = 0xaf // 175
215 OP_NOP1 = 0xb0 // 176
216 OP_NOP2 = 0xb1 // 177
217 OP_CHECKLOCKTIMEVERIFY = 0xb1 // 177 - AKA OP_NOP2
218 OP_NOP3 = 0xb2 // 178
219 OP_CHECKSEQUENCEVERIFY = 0xb2 // 178 - AKA OP_NOP3
220 OP_NOP4 = 0xb3 // 179
221 OP_NOP5 = 0xb4 // 180
222 OP_NOP6 = 0xb5 // 181
223 OP_NOP7 = 0xb6 // 182
224 OP_NOP8 = 0xb7 // 183
225 OP_NOP9 = 0xb8 // 184
226 OP_NOP10 = 0xb9 // 185
227 OP_UNKNOWN186 = 0xba // 186
228 OP_UNKNOWN187 = 0xbb // 187
229 OP_UNKNOWN188 = 0xbc // 188
230 OP_UNKNOWN189 = 0xbd // 189
231 OP_UNKNOWN190 = 0xbe // 190
232 OP_UNKNOWN191 = 0xbf // 191
233 OP_UNKNOWN192 = 0xc0 // 192
234 OP_UNKNOWN193 = 0xc1 // 193
235 OP_UNKNOWN194 = 0xc2 // 194
236 OP_UNKNOWN195 = 0xc3 // 195
237 OP_UNKNOWN196 = 0xc4 // 196
238 OP_UNKNOWN197 = 0xc5 // 197
239 OP_UNKNOWN198 = 0xc6 // 198
240 OP_UNKNOWN199 = 0xc7 // 199
241 OP_UNKNOWN200 = 0xc8 // 200
242 OP_UNKNOWN201 = 0xc9 // 201
243 OP_UNKNOWN202 = 0xca // 202
244 OP_UNKNOWN203 = 0xcb // 203
245 OP_UNKNOWN204 = 0xcc // 204
246 OP_UNKNOWN205 = 0xcd // 205
247 OP_UNKNOWN206 = 0xce // 206
248 OP_UNKNOWN207 = 0xcf // 207
249 OP_UNKNOWN208 = 0xd0 // 208
250 OP_UNKNOWN209 = 0xd1 // 209
251 OP_UNKNOWN210 = 0xd2 // 210
252 OP_UNKNOWN211 = 0xd3 // 211
253 OP_UNKNOWN212 = 0xd4 // 212
254 OP_UNKNOWN213 = 0xd5 // 213
255 OP_UNKNOWN214 = 0xd6 // 214
256 OP_UNKNOWN215 = 0xd7 // 215
257 OP_UNKNOWN216 = 0xd8 // 216
258 OP_UNKNOWN217 = 0xd9 // 217
259 OP_UNKNOWN218 = 0xda // 218
260 OP_UNKNOWN219 = 0xdb // 219
261 OP_UNKNOWN220 = 0xdc // 220
262 OP_UNKNOWN221 = 0xdd // 221
263 OP_UNKNOWN222 = 0xde // 222
264 OP_UNKNOWN223 = 0xdf // 223
265 OP_UNKNOWN224 = 0xe0 // 224
266 OP_UNKNOWN225 = 0xe1 // 225
267 OP_UNKNOWN226 = 0xe2 // 226
268 OP_UNKNOWN227 = 0xe3 // 227
269 OP_UNKNOWN228 = 0xe4 // 228
270 OP_UNKNOWN229 = 0xe5 // 229
271 OP_UNKNOWN230 = 0xe6 // 230
272 OP_UNKNOWN231 = 0xe7 // 231
273 OP_UNKNOWN232 = 0xe8 // 232
274 OP_UNKNOWN233 = 0xe9 // 233
275 OP_UNKNOWN234 = 0xea // 234
276 OP_UNKNOWN235 = 0xeb // 235
277 OP_UNKNOWN236 = 0xec // 236
278 OP_UNKNOWN237 = 0xed // 237
279 OP_UNKNOWN238 = 0xee // 238
280 OP_UNKNOWN239 = 0xef // 239
281 OP_UNKNOWN240 = 0xf0 // 240
282 OP_UNKNOWN241 = 0xf1 // 241
283 OP_UNKNOWN242 = 0xf2 // 242
284 OP_UNKNOWN243 = 0xf3 // 243
285 OP_UNKNOWN244 = 0xf4 // 244
286 OP_UNKNOWN245 = 0xf5 // 245
287 OP_UNKNOWN246 = 0xf6 // 246
288 OP_UNKNOWN247 = 0xf7 // 247
289 OP_UNKNOWN248 = 0xf8 // 248
290 OP_UNKNOWN249 = 0xf9 // 249
291 OP_SMALLINTEGER = 0xfa // 250 - bitcoin core internal
292 OP_PUBKEYS = 0xfb // 251 - bitcoin core internal
293 OP_UNKNOWN252 = 0xfc // 252
294 OP_PUBKEYHASH = 0xfd // 253 - bitcoin core internal
295 OP_PUBKEY = 0xfe // 254 - bitcoin core internal
296 OP_INVALIDOPCODE = 0xff // 255 - bitcoin core internal
299 // Conditional execution constants.
306 // opcodeArray holds details about all possible opcodes such as how many bytes
307 // the opcode and any associated data should take, its human-readable name, and
308 // the handler function.
309 var opcodeArray = [256]opcode{
310 // Data push opcodes.
311 OP_FALSE: {OP_FALSE, "OP_0", 1, opcodeFalse},
312 OP_DATA_1: {OP_DATA_1, "OP_DATA_1", 2, opcodePushData},
313 OP_DATA_2: {OP_DATA_2, "OP_DATA_2", 3, opcodePushData},
314 OP_DATA_3: {OP_DATA_3, "OP_DATA_3", 4, opcodePushData},
315 OP_DATA_4: {OP_DATA_4, "OP_DATA_4", 5, opcodePushData},
316 OP_DATA_5: {OP_DATA_5, "OP_DATA_5", 6, opcodePushData},
317 OP_DATA_6: {OP_DATA_6, "OP_DATA_6", 7, opcodePushData},
318 OP_DATA_7: {OP_DATA_7, "OP_DATA_7", 8, opcodePushData},
319 OP_DATA_8: {OP_DATA_8, "OP_DATA_8", 9, opcodePushData},
320 OP_DATA_9: {OP_DATA_9, "OP_DATA_9", 10, opcodePushData},
321 OP_DATA_10: {OP_DATA_10, "OP_DATA_10", 11, opcodePushData},
322 OP_DATA_11: {OP_DATA_11, "OP_DATA_11", 12, opcodePushData},
323 OP_DATA_12: {OP_DATA_12, "OP_DATA_12", 13, opcodePushData},
324 OP_DATA_13: {OP_DATA_13, "OP_DATA_13", 14, opcodePushData},
325 OP_DATA_14: {OP_DATA_14, "OP_DATA_14", 15, opcodePushData},
326 OP_DATA_15: {OP_DATA_15, "OP_DATA_15", 16, opcodePushData},
327 OP_DATA_16: {OP_DATA_16, "OP_DATA_16", 17, opcodePushData},
328 OP_DATA_17: {OP_DATA_17, "OP_DATA_17", 18, opcodePushData},
329 OP_DATA_18: {OP_DATA_18, "OP_DATA_18", 19, opcodePushData},
330 OP_DATA_19: {OP_DATA_19, "OP_DATA_19", 20, opcodePushData},
331 OP_DATA_20: {OP_DATA_20, "OP_DATA_20", 21, opcodePushData},
332 OP_DATA_21: {OP_DATA_21, "OP_DATA_21", 22, opcodePushData},
333 OP_DATA_22: {OP_DATA_22, "OP_DATA_22", 23, opcodePushData},
334 OP_DATA_23: {OP_DATA_23, "OP_DATA_23", 24, opcodePushData},
335 OP_DATA_24: {OP_DATA_24, "OP_DATA_24", 25, opcodePushData},
336 OP_DATA_25: {OP_DATA_25, "OP_DATA_25", 26, opcodePushData},
337 OP_DATA_26: {OP_DATA_26, "OP_DATA_26", 27, opcodePushData},
338 OP_DATA_27: {OP_DATA_27, "OP_DATA_27", 28, opcodePushData},
339 OP_DATA_28: {OP_DATA_28, "OP_DATA_28", 29, opcodePushData},
340 OP_DATA_29: {OP_DATA_29, "OP_DATA_29", 30, opcodePushData},
341 OP_DATA_30: {OP_DATA_30, "OP_DATA_30", 31, opcodePushData},
342 OP_DATA_31: {OP_DATA_31, "OP_DATA_31", 32, opcodePushData},
343 OP_DATA_32: {OP_DATA_32, "OP_DATA_32", 33, opcodePushData},
344 OP_DATA_33: {OP_DATA_33, "OP_DATA_33", 34, opcodePushData},
345 OP_DATA_34: {OP_DATA_34, "OP_DATA_34", 35, opcodePushData},
346 OP_DATA_35: {OP_DATA_35, "OP_DATA_35", 36, opcodePushData},
347 OP_DATA_36: {OP_DATA_36, "OP_DATA_36", 37, opcodePushData},
348 OP_DATA_37: {OP_DATA_37, "OP_DATA_37", 38, opcodePushData},
349 OP_DATA_38: {OP_DATA_38, "OP_DATA_38", 39, opcodePushData},
350 OP_DATA_39: {OP_DATA_39, "OP_DATA_39", 40, opcodePushData},
351 OP_DATA_40: {OP_DATA_40, "OP_DATA_40", 41, opcodePushData},
352 OP_DATA_41: {OP_DATA_41, "OP_DATA_41", 42, opcodePushData},
353 OP_DATA_42: {OP_DATA_42, "OP_DATA_42", 43, opcodePushData},
354 OP_DATA_43: {OP_DATA_43, "OP_DATA_43", 44, opcodePushData},
355 OP_DATA_44: {OP_DATA_44, "OP_DATA_44", 45, opcodePushData},
356 OP_DATA_45: {OP_DATA_45, "OP_DATA_45", 46, opcodePushData},
357 OP_DATA_46: {OP_DATA_46, "OP_DATA_46", 47, opcodePushData},
358 OP_DATA_47: {OP_DATA_47, "OP_DATA_47", 48, opcodePushData},
359 OP_DATA_48: {OP_DATA_48, "OP_DATA_48", 49, opcodePushData},
360 OP_DATA_49: {OP_DATA_49, "OP_DATA_49", 50, opcodePushData},
361 OP_DATA_50: {OP_DATA_50, "OP_DATA_50", 51, opcodePushData},
362 OP_DATA_51: {OP_DATA_51, "OP_DATA_51", 52, opcodePushData},
363 OP_DATA_52: {OP_DATA_52, "OP_DATA_52", 53, opcodePushData},
364 OP_DATA_53: {OP_DATA_53, "OP_DATA_53", 54, opcodePushData},
365 OP_DATA_54: {OP_DATA_54, "OP_DATA_54", 55, opcodePushData},
366 OP_DATA_55: {OP_DATA_55, "OP_DATA_55", 56, opcodePushData},
367 OP_DATA_56: {OP_DATA_56, "OP_DATA_56", 57, opcodePushData},
368 OP_DATA_57: {OP_DATA_57, "OP_DATA_57", 58, opcodePushData},
369 OP_DATA_58: {OP_DATA_58, "OP_DATA_58", 59, opcodePushData},
370 OP_DATA_59: {OP_DATA_59, "OP_DATA_59", 60, opcodePushData},
371 OP_DATA_60: {OP_DATA_60, "OP_DATA_60", 61, opcodePushData},
372 OP_DATA_61: {OP_DATA_61, "OP_DATA_61", 62, opcodePushData},
373 OP_DATA_62: {OP_DATA_62, "OP_DATA_62", 63, opcodePushData},
374 OP_DATA_63: {OP_DATA_63, "OP_DATA_63", 64, opcodePushData},
375 OP_DATA_64: {OP_DATA_64, "OP_DATA_64", 65, opcodePushData},
376 OP_DATA_65: {OP_DATA_65, "OP_DATA_65", 66, opcodePushData},
377 OP_DATA_66: {OP_DATA_66, "OP_DATA_66", 67, opcodePushData},
378 OP_DATA_67: {OP_DATA_67, "OP_DATA_67", 68, opcodePushData},
379 OP_DATA_68: {OP_DATA_68, "OP_DATA_68", 69, opcodePushData},
380 OP_DATA_69: {OP_DATA_69, "OP_DATA_69", 70, opcodePushData},
381 OP_DATA_70: {OP_DATA_70, "OP_DATA_70", 71, opcodePushData},
382 OP_DATA_71: {OP_DATA_71, "OP_DATA_71", 72, opcodePushData},
383 OP_DATA_72: {OP_DATA_72, "OP_DATA_72", 73, opcodePushData},
384 OP_DATA_73: {OP_DATA_73, "OP_DATA_73", 74, opcodePushData},
385 OP_DATA_74: {OP_DATA_74, "OP_DATA_74", 75, opcodePushData},
386 OP_DATA_75: {OP_DATA_75, "OP_DATA_75", 76, opcodePushData},
387 OP_PUSHDATA1: {OP_PUSHDATA1, "OP_PUSHDATA1", -1, opcodePushData},
388 OP_PUSHDATA2: {OP_PUSHDATA2, "OP_PUSHDATA2", -2, opcodePushData},
389 OP_PUSHDATA4: {OP_PUSHDATA4, "OP_PUSHDATA4", -4, opcodePushData},
390 OP_1NEGATE: {OP_1NEGATE, "OP_1NEGATE", 1, opcode1Negate},
391 OP_RESERVED: {OP_RESERVED, "OP_RESERVED", 1, opcodeReserved},
392 OP_TRUE: {OP_TRUE, "OP_1", 1, opcodeN},
393 OP_2: {OP_2, "OP_2", 1, opcodeN},
394 OP_3: {OP_3, "OP_3", 1, opcodeN},
395 OP_4: {OP_4, "OP_4", 1, opcodeN},
396 OP_5: {OP_5, "OP_5", 1, opcodeN},
397 OP_6: {OP_6, "OP_6", 1, opcodeN},
398 OP_7: {OP_7, "OP_7", 1, opcodeN},
399 OP_8: {OP_8, "OP_8", 1, opcodeN},
400 OP_9: {OP_9, "OP_9", 1, opcodeN},
401 OP_10: {OP_10, "OP_10", 1, opcodeN},
402 OP_11: {OP_11, "OP_11", 1, opcodeN},
403 OP_12: {OP_12, "OP_12", 1, opcodeN},
404 OP_13: {OP_13, "OP_13", 1, opcodeN},
405 OP_14: {OP_14, "OP_14", 1, opcodeN},
406 OP_15: {OP_15, "OP_15", 1, opcodeN},
407 OP_16: {OP_16, "OP_16", 1, opcodeN},
410 OP_NOP: {OP_NOP, "OP_NOP", 1, opcodeNop},
411 OP_VER: {OP_VER, "OP_VER", 1, opcodeReserved},
412 OP_IF: {OP_IF, "OP_IF", 1, opcodeIf},
413 OP_NOTIF: {OP_NOTIF, "OP_NOTIF", 1, opcodeNotIf},
414 OP_VERIF: {OP_VERIF, "OP_VERIF", 1, opcodeReserved},
415 OP_VERNOTIF: {OP_VERNOTIF, "OP_VERNOTIF", 1, opcodeReserved},
416 OP_ELSE: {OP_ELSE, "OP_ELSE", 1, opcodeElse},
417 OP_ENDIF: {OP_ENDIF, "OP_ENDIF", 1, opcodeEndif},
418 OP_VERIFY: {OP_VERIFY, "OP_VERIFY", 1, opcodeVerify},
419 OP_RETURN: {OP_RETURN, "OP_RETURN", 1, opcodeReturn},
420 OP_CHECKLOCKTIMEVERIFY: {OP_CHECKLOCKTIMEVERIFY, "OP_CHECKLOCKTIMEVERIFY", 1, opcodeCheckLockTimeVerify},
421 OP_CHECKSEQUENCEVERIFY: {OP_CHECKSEQUENCEVERIFY, "OP_CHECKSEQUENCEVERIFY", 1, opcodeCheckSequenceVerify},
424 OP_TOALTSTACK: {OP_TOALTSTACK, "OP_TOALTSTACK", 1, opcodeToAltStack},
425 OP_FROMALTSTACK: {OP_FROMALTSTACK, "OP_FROMALTSTACK", 1, opcodeFromAltStack},
426 OP_2DROP: {OP_2DROP, "OP_2DROP", 1, opcode2Drop},
427 OP_2DUP: {OP_2DUP, "OP_2DUP", 1, opcode2Dup},
428 OP_3DUP: {OP_3DUP, "OP_3DUP", 1, opcode3Dup},
429 OP_2OVER: {OP_2OVER, "OP_2OVER", 1, opcode2Over},
430 OP_2ROT: {OP_2ROT, "OP_2ROT", 1, opcode2Rot},
431 OP_2SWAP: {OP_2SWAP, "OP_2SWAP", 1, opcode2Swap},
432 OP_IFDUP: {OP_IFDUP, "OP_IFDUP", 1, opcodeIfDup},
433 OP_DEPTH: {OP_DEPTH, "OP_DEPTH", 1, opcodeDepth},
434 OP_DROP: {OP_DROP, "OP_DROP", 1, opcodeDrop},
435 OP_DUP: {OP_DUP, "OP_DUP", 1, opcodeDup},
436 OP_NIP: {OP_NIP, "OP_NIP", 1, opcodeNip},
437 OP_OVER: {OP_OVER, "OP_OVER", 1, opcodeOver},
438 OP_PICK: {OP_PICK, "OP_PICK", 1, opcodePick},
439 OP_ROLL: {OP_ROLL, "OP_ROLL", 1, opcodeRoll},
440 OP_ROT: {OP_ROT, "OP_ROT", 1, opcodeRot},
441 OP_SWAP: {OP_SWAP, "OP_SWAP", 1, opcodeSwap},
442 OP_TUCK: {OP_TUCK, "OP_TUCK", 1, opcodeTuck},
445 OP_CAT: {OP_CAT, "OP_CAT", 1, opcodeDisabled},
446 OP_SUBSTR: {OP_SUBSTR, "OP_SUBSTR", 1, opcodeDisabled},
447 OP_LEFT: {OP_LEFT, "OP_LEFT", 1, opcodeDisabled},
448 OP_RIGHT: {OP_RIGHT, "OP_RIGHT", 1, opcodeDisabled},
449 OP_SIZE: {OP_SIZE, "OP_SIZE", 1, opcodeSize},
451 // Bitwise logic opcodes.
452 OP_INVERT: {OP_INVERT, "OP_INVERT", 1, opcodeDisabled},
453 OP_AND: {OP_AND, "OP_AND", 1, opcodeDisabled},
454 OP_OR: {OP_OR, "OP_OR", 1, opcodeDisabled},
455 OP_XOR: {OP_XOR, "OP_XOR", 1, opcodeDisabled},
456 OP_EQUAL: {OP_EQUAL, "OP_EQUAL", 1, opcodeEqual},
457 OP_EQUALVERIFY: {OP_EQUALVERIFY, "OP_EQUALVERIFY", 1, opcodeEqualVerify},
458 OP_RESERVED1: {OP_RESERVED1, "OP_RESERVED1", 1, opcodeReserved},
459 OP_RESERVED2: {OP_RESERVED2, "OP_RESERVED2", 1, opcodeReserved},
461 // Numeric related opcodes.
462 OP_1ADD: {OP_1ADD, "OP_1ADD", 1, opcode1Add},
463 OP_1SUB: {OP_1SUB, "OP_1SUB", 1, opcode1Sub},
464 OP_2MUL: {OP_2MUL, "OP_2MUL", 1, opcodeDisabled},
465 OP_2DIV: {OP_2DIV, "OP_2DIV", 1, opcodeDisabled},
466 OP_NEGATE: {OP_NEGATE, "OP_NEGATE", 1, opcodeNegate},
467 OP_ABS: {OP_ABS, "OP_ABS", 1, opcodeAbs},
468 OP_NOT: {OP_NOT, "OP_NOT", 1, opcodeNot},
469 OP_0NOTEQUAL: {OP_0NOTEQUAL, "OP_0NOTEQUAL", 1, opcode0NotEqual},
470 OP_ADD: {OP_ADD, "OP_ADD", 1, opcodeAdd},
471 OP_SUB: {OP_SUB, "OP_SUB", 1, opcodeSub},
472 OP_MUL: {OP_MUL, "OP_MUL", 1, opcodeDisabled},
473 OP_DIV: {OP_DIV, "OP_DIV", 1, opcodeDisabled},
474 OP_MOD: {OP_MOD, "OP_MOD", 1, opcodeDisabled},
475 OP_LSHIFT: {OP_LSHIFT, "OP_LSHIFT", 1, opcodeDisabled},
476 OP_RSHIFT: {OP_RSHIFT, "OP_RSHIFT", 1, opcodeDisabled},
477 OP_BOOLAND: {OP_BOOLAND, "OP_BOOLAND", 1, opcodeBoolAnd},
478 OP_BOOLOR: {OP_BOOLOR, "OP_BOOLOR", 1, opcodeBoolOr},
479 OP_NUMEQUAL: {OP_NUMEQUAL, "OP_NUMEQUAL", 1, opcodeNumEqual},
480 OP_NUMEQUALVERIFY: {OP_NUMEQUALVERIFY, "OP_NUMEQUALVERIFY", 1, opcodeNumEqualVerify},
481 OP_NUMNOTEQUAL: {OP_NUMNOTEQUAL, "OP_NUMNOTEQUAL", 1, opcodeNumNotEqual},
482 OP_LESSTHAN: {OP_LESSTHAN, "OP_LESSTHAN", 1, opcodeLessThan},
483 OP_GREATERTHAN: {OP_GREATERTHAN, "OP_GREATERTHAN", 1, opcodeGreaterThan},
484 OP_LESSTHANOREQUAL: {OP_LESSTHANOREQUAL, "OP_LESSTHANOREQUAL", 1, opcodeLessThanOrEqual},
485 OP_GREATERTHANOREQUAL: {OP_GREATERTHANOREQUAL, "OP_GREATERTHANOREQUAL", 1, opcodeGreaterThanOrEqual},
486 OP_MIN: {OP_MIN, "OP_MIN", 1, opcodeMin},
487 OP_MAX: {OP_MAX, "OP_MAX", 1, opcodeMax},
488 OP_WITHIN: {OP_WITHIN, "OP_WITHIN", 1, opcodeWithin},
491 OP_RIPEMD160: {OP_RIPEMD160, "OP_RIPEMD160", 1, opcodeRipemd160},
492 OP_SHA1: {OP_SHA1, "OP_SHA1", 1, opcodeSha1},
493 OP_SHA256: {OP_SHA256, "OP_SHA256", 1, opcodeSha256},
494 OP_HASH160: {OP_HASH160, "OP_HASH160", 1, opcodeHash160},
495 OP_HASH256: {OP_HASH256, "OP_HASH256", 1, opcodeHash256},
496 OP_CODESEPARATOR: {OP_CODESEPARATOR, "OP_CODESEPARATOR", 1, opcodeCodeSeparator},
497 OP_CHECKSIG: {OP_CHECKSIG, "OP_CHECKSIG", 1, opcodeCheckSig},
498 OP_CHECKSIGVERIFY: {OP_CHECKSIGVERIFY, "OP_CHECKSIGVERIFY", 1, opcodeCheckSigVerify},
499 OP_CHECKMULTISIG: {OP_CHECKMULTISIG, "OP_CHECKMULTISIG", 1, opcodeCheckMultiSig},
500 OP_CHECKMULTISIGVERIFY: {OP_CHECKMULTISIGVERIFY, "OP_CHECKMULTISIGVERIFY", 1, opcodeCheckMultiSigVerify},
503 OP_NOP1: {OP_NOP1, "OP_NOP1", 1, opcodeNop},
504 OP_NOP4: {OP_NOP4, "OP_NOP4", 1, opcodeNop},
505 OP_NOP5: {OP_NOP5, "OP_NOP5", 1, opcodeNop},
506 OP_NOP6: {OP_NOP6, "OP_NOP6", 1, opcodeNop},
507 OP_NOP7: {OP_NOP7, "OP_NOP7", 1, opcodeNop},
508 OP_NOP8: {OP_NOP8, "OP_NOP8", 1, opcodeNop},
509 OP_NOP9: {OP_NOP9, "OP_NOP9", 1, opcodeNop},
510 OP_NOP10: {OP_NOP10, "OP_NOP10", 1, opcodeNop},
512 // Undefined opcodes.
513 OP_UNKNOWN186: {OP_UNKNOWN186, "OP_UNKNOWN186", 1, opcodeInvalid},
514 OP_UNKNOWN187: {OP_UNKNOWN187, "OP_UNKNOWN187", 1, opcodeInvalid},
515 OP_UNKNOWN188: {OP_UNKNOWN188, "OP_UNKNOWN188", 1, opcodeInvalid},
516 OP_UNKNOWN189: {OP_UNKNOWN189, "OP_UNKNOWN189", 1, opcodeInvalid},
517 OP_UNKNOWN190: {OP_UNKNOWN190, "OP_UNKNOWN190", 1, opcodeInvalid},
518 OP_UNKNOWN191: {OP_UNKNOWN191, "OP_UNKNOWN191", 1, opcodeInvalid},
519 OP_UNKNOWN192: {OP_UNKNOWN192, "OP_UNKNOWN192", 1, opcodeInvalid},
520 OP_UNKNOWN193: {OP_UNKNOWN193, "OP_UNKNOWN193", 1, opcodeInvalid},
521 OP_UNKNOWN194: {OP_UNKNOWN194, "OP_UNKNOWN194", 1, opcodeInvalid},
522 OP_UNKNOWN195: {OP_UNKNOWN195, "OP_UNKNOWN195", 1, opcodeInvalid},
523 OP_UNKNOWN196: {OP_UNKNOWN196, "OP_UNKNOWN196", 1, opcodeInvalid},
524 OP_UNKNOWN197: {OP_UNKNOWN197, "OP_UNKNOWN197", 1, opcodeInvalid},
525 OP_UNKNOWN198: {OP_UNKNOWN198, "OP_UNKNOWN198", 1, opcodeInvalid},
526 OP_UNKNOWN199: {OP_UNKNOWN199, "OP_UNKNOWN199", 1, opcodeInvalid},
527 OP_UNKNOWN200: {OP_UNKNOWN200, "OP_UNKNOWN200", 1, opcodeInvalid},
528 OP_UNKNOWN201: {OP_UNKNOWN201, "OP_UNKNOWN201", 1, opcodeInvalid},
529 OP_UNKNOWN202: {OP_UNKNOWN202, "OP_UNKNOWN202", 1, opcodeInvalid},
530 OP_UNKNOWN203: {OP_UNKNOWN203, "OP_UNKNOWN203", 1, opcodeInvalid},
531 OP_UNKNOWN204: {OP_UNKNOWN204, "OP_UNKNOWN204", 1, opcodeInvalid},
532 OP_UNKNOWN205: {OP_UNKNOWN205, "OP_UNKNOWN205", 1, opcodeInvalid},
533 OP_UNKNOWN206: {OP_UNKNOWN206, "OP_UNKNOWN206", 1, opcodeInvalid},
534 OP_UNKNOWN207: {OP_UNKNOWN207, "OP_UNKNOWN207", 1, opcodeInvalid},
535 OP_UNKNOWN208: {OP_UNKNOWN208, "OP_UNKNOWN208", 1, opcodeInvalid},
536 OP_UNKNOWN209: {OP_UNKNOWN209, "OP_UNKNOWN209", 1, opcodeInvalid},
537 OP_UNKNOWN210: {OP_UNKNOWN210, "OP_UNKNOWN210", 1, opcodeInvalid},
538 OP_UNKNOWN211: {OP_UNKNOWN211, "OP_UNKNOWN211", 1, opcodeInvalid},
539 OP_UNKNOWN212: {OP_UNKNOWN212, "OP_UNKNOWN212", 1, opcodeInvalid},
540 OP_UNKNOWN213: {OP_UNKNOWN213, "OP_UNKNOWN213", 1, opcodeInvalid},
541 OP_UNKNOWN214: {OP_UNKNOWN214, "OP_UNKNOWN214", 1, opcodeInvalid},
542 OP_UNKNOWN215: {OP_UNKNOWN215, "OP_UNKNOWN215", 1, opcodeInvalid},
543 OP_UNKNOWN216: {OP_UNKNOWN216, "OP_UNKNOWN216", 1, opcodeInvalid},
544 OP_UNKNOWN217: {OP_UNKNOWN217, "OP_UNKNOWN217", 1, opcodeInvalid},
545 OP_UNKNOWN218: {OP_UNKNOWN218, "OP_UNKNOWN218", 1, opcodeInvalid},
546 OP_UNKNOWN219: {OP_UNKNOWN219, "OP_UNKNOWN219", 1, opcodeInvalid},
547 OP_UNKNOWN220: {OP_UNKNOWN220, "OP_UNKNOWN220", 1, opcodeInvalid},
548 OP_UNKNOWN221: {OP_UNKNOWN221, "OP_UNKNOWN221", 1, opcodeInvalid},
549 OP_UNKNOWN222: {OP_UNKNOWN222, "OP_UNKNOWN222", 1, opcodeInvalid},
550 OP_UNKNOWN223: {OP_UNKNOWN223, "OP_UNKNOWN223", 1, opcodeInvalid},
551 OP_UNKNOWN224: {OP_UNKNOWN224, "OP_UNKNOWN224", 1, opcodeInvalid},
552 OP_UNKNOWN225: {OP_UNKNOWN225, "OP_UNKNOWN225", 1, opcodeInvalid},
553 OP_UNKNOWN226: {OP_UNKNOWN226, "OP_UNKNOWN226", 1, opcodeInvalid},
554 OP_UNKNOWN227: {OP_UNKNOWN227, "OP_UNKNOWN227", 1, opcodeInvalid},
555 OP_UNKNOWN228: {OP_UNKNOWN228, "OP_UNKNOWN228", 1, opcodeInvalid},
556 OP_UNKNOWN229: {OP_UNKNOWN229, "OP_UNKNOWN229", 1, opcodeInvalid},
557 OP_UNKNOWN230: {OP_UNKNOWN230, "OP_UNKNOWN230", 1, opcodeInvalid},
558 OP_UNKNOWN231: {OP_UNKNOWN231, "OP_UNKNOWN231", 1, opcodeInvalid},
559 OP_UNKNOWN232: {OP_UNKNOWN232, "OP_UNKNOWN232", 1, opcodeInvalid},
560 OP_UNKNOWN233: {OP_UNKNOWN233, "OP_UNKNOWN233", 1, opcodeInvalid},
561 OP_UNKNOWN234: {OP_UNKNOWN234, "OP_UNKNOWN234", 1, opcodeInvalid},
562 OP_UNKNOWN235: {OP_UNKNOWN235, "OP_UNKNOWN235", 1, opcodeInvalid},
563 OP_UNKNOWN236: {OP_UNKNOWN236, "OP_UNKNOWN236", 1, opcodeInvalid},
564 OP_UNKNOWN237: {OP_UNKNOWN237, "OP_UNKNOWN237", 1, opcodeInvalid},
565 OP_UNKNOWN238: {OP_UNKNOWN238, "OP_UNKNOWN238", 1, opcodeInvalid},
566 OP_UNKNOWN239: {OP_UNKNOWN239, "OP_UNKNOWN239", 1, opcodeInvalid},
567 OP_UNKNOWN240: {OP_UNKNOWN240, "OP_UNKNOWN240", 1, opcodeInvalid},
568 OP_UNKNOWN241: {OP_UNKNOWN241, "OP_UNKNOWN241", 1, opcodeInvalid},
569 OP_UNKNOWN242: {OP_UNKNOWN242, "OP_UNKNOWN242", 1, opcodeInvalid},
570 OP_UNKNOWN243: {OP_UNKNOWN243, "OP_UNKNOWN243", 1, opcodeInvalid},
571 OP_UNKNOWN244: {OP_UNKNOWN244, "OP_UNKNOWN244", 1, opcodeInvalid},
572 OP_UNKNOWN245: {OP_UNKNOWN245, "OP_UNKNOWN245", 1, opcodeInvalid},
573 OP_UNKNOWN246: {OP_UNKNOWN246, "OP_UNKNOWN246", 1, opcodeInvalid},
574 OP_UNKNOWN247: {OP_UNKNOWN247, "OP_UNKNOWN247", 1, opcodeInvalid},
575 OP_UNKNOWN248: {OP_UNKNOWN248, "OP_UNKNOWN248", 1, opcodeInvalid},
576 OP_UNKNOWN249: {OP_UNKNOWN249, "OP_UNKNOWN249", 1, opcodeInvalid},
578 // Bitcoin Core internal use opcode. Defined here for completeness.
579 OP_SMALLINTEGER: {OP_SMALLINTEGER, "OP_SMALLINTEGER", 1, opcodeInvalid},
580 OP_PUBKEYS: {OP_PUBKEYS, "OP_PUBKEYS", 1, opcodeInvalid},
581 OP_UNKNOWN252: {OP_UNKNOWN252, "OP_UNKNOWN252", 1, opcodeInvalid},
582 OP_PUBKEYHASH: {OP_PUBKEYHASH, "OP_PUBKEYHASH", 1, opcodeInvalid},
583 OP_PUBKEY: {OP_PUBKEY, "OP_PUBKEY", 1, opcodeInvalid},
585 OP_INVALIDOPCODE: {OP_INVALIDOPCODE, "OP_INVALIDOPCODE", 1, opcodeInvalid},
588 // opcodeOnelineRepls defines opcode names which are replaced when doing a
589 // one-line disassembly. This is done to match the output of the reference
590 // implementation while not changing the opcode names in the nicer full
592 var opcodeOnelineRepls = map[string]string{
613 // parsedOpcode represents an opcode that has been parsed and includes any
614 // potential data associated with it.
615 type parsedOpcode struct {
620 // isDisabled returns whether or not the opcode is disabled and thus is always
621 // bad to see in the instruction stream (even if turned off by a conditional).
622 func (pop *parsedOpcode) isDisabled() bool {
623 switch pop.opcode.value {
659 // alwaysIllegal returns whether or not the opcode is always illegal when passed
660 // over by the program counter even if in a non-executed branch (it isn't a
661 // coincidence that they are conditionals).
662 func (pop *parsedOpcode) alwaysIllegal() bool {
663 switch pop.opcode.value {
673 // isConditional returns whether or not the opcode is a conditional opcode which
674 // changes the conditional execution stack when executed.
675 func (pop *parsedOpcode) isConditional() bool {
676 switch pop.opcode.value {
690 // checkMinimalDataPush returns whether or not the current data push uses the
691 // smallest possible opcode to represent it. For example, the value 15 could
692 // be pushed with OP_DATA_1 15 (among other variations); however, OP_15 is a
693 // single opcode that represents the same value and is only a single byte versus
695 func (pop *parsedOpcode) checkMinimalDataPush() error {
698 opcode := pop.opcode.value
700 if dataLen == 0 && opcode != OP_0 {
701 str := fmt.Sprintf("zero length data push is encoded with "+
702 "opcode %s instead of OP_0", pop.opcode.name)
703 return scriptError(ErrMinimalData, str)
704 } else if dataLen == 1 && data[0] >= 1 && data[0] <= 16 {
705 if opcode != OP_1+data[0]-1 {
706 // Should have used OP_1 .. OP_16
707 str := fmt.Sprintf("data push of the value %d encoded "+
708 "with opcode %s instead of OP_%d", data[0],
709 pop.opcode.name, data[0])
710 return scriptError(ErrMinimalData, str)
712 } else if dataLen == 1 && data[0] == 0x81 {
713 if opcode != OP_1NEGATE {
714 str := fmt.Sprintf("data push of the value -1 encoded "+
715 "with opcode %s instead of OP_1NEGATE",
717 return scriptError(ErrMinimalData, str)
719 } else if dataLen <= 75 {
720 if int(opcode) != dataLen {
721 // Should have used a direct push
722 str := fmt.Sprintf("data push of %d bytes encoded "+
723 "with opcode %s instead of OP_DATA_%d", dataLen,
724 pop.opcode.name, dataLen)
725 return scriptError(ErrMinimalData, str)
727 } else if dataLen <= 255 {
728 if opcode != OP_PUSHDATA1 {
729 str := fmt.Sprintf("data push of %d bytes encoded "+
730 "with opcode %s instead of OP_PUSHDATA1",
731 dataLen, pop.opcode.name)
732 return scriptError(ErrMinimalData, str)
734 } else if dataLen <= 65535 {
735 if opcode != OP_PUSHDATA2 {
736 str := fmt.Sprintf("data push of %d bytes encoded "+
737 "with opcode %s instead of OP_PUSHDATA2",
738 dataLen, pop.opcode.name)
739 return scriptError(ErrMinimalData, str)
745 // print returns a human-readable string representation of the opcode for use
746 // in script disassembly.
747 func (pop *parsedOpcode) print(oneline bool) string {
748 // The reference implementation one-line disassembly replaces opcodes
749 // which represent values (e.g. OP_0 through OP_16 and OP_1NEGATE)
750 // with the raw value. However, when not doing a one-line dissassembly,
751 // we prefer to show the actual opcode names. Thus, only replace the
752 // opcodes in question when the oneline flag is set.
753 opcodeName := pop.opcode.name
755 if replName, ok := opcodeOnelineRepls[opcodeName]; ok {
756 opcodeName = replName
759 // Nothing more to do for non-data push opcodes.
760 if pop.opcode.length == 1 {
764 return fmt.Sprintf("%x", pop.data)
767 // Nothing more to do for non-data push opcodes.
768 if pop.opcode.length == 1 {
772 // Add length for the OP_PUSHDATA# opcodes.
773 retString := opcodeName
774 switch pop.opcode.length {
776 retString += fmt.Sprintf(" 0x%02x", len(pop.data))
778 retString += fmt.Sprintf(" 0x%04x", len(pop.data))
780 retString += fmt.Sprintf(" 0x%08x", len(pop.data))
783 return fmt.Sprintf("%s 0x%02x", retString, pop.data)
786 // bytes returns any data associated with the opcode encoded as it would be in
787 // a script. This is used for unparsing scripts from parsed opcodes.
788 func (pop *parsedOpcode) bytes() ([]byte, error) {
790 if pop.opcode.length > 0 {
791 retbytes = make([]byte, 1, pop.opcode.length)
793 retbytes = make([]byte, 1, 1+len(pop.data)-
797 retbytes[0] = pop.opcode.value
798 if pop.opcode.length == 1 {
799 if len(pop.data) != 0 {
800 str := fmt.Sprintf("internal consistency error - "+
801 "parsed opcode %s has data length %d when %d "+
802 "was expected", pop.opcode.name, len(pop.data),
804 return nil, scriptError(ErrInternal, str)
808 nbytes := pop.opcode.length
809 if pop.opcode.length < 0 {
811 // tempting just to hardcode to avoid the complexity here.
812 switch pop.opcode.length {
814 retbytes = append(retbytes, byte(l))
815 nbytes = int(retbytes[1]) + len(retbytes)
817 retbytes = append(retbytes, byte(l&0xff),
819 nbytes = int(binary.LittleEndian.Uint16(retbytes[1:])) +
822 retbytes = append(retbytes, byte(l&0xff),
823 byte((l>>8)&0xff), byte((l>>16)&0xff),
825 nbytes = int(binary.LittleEndian.Uint32(retbytes[1:])) +
830 retbytes = append(retbytes, pop.data...)
832 if len(retbytes) != nbytes {
833 str := fmt.Sprintf("internal consistency error - "+
834 "parsed opcode %s has data length %d when %d was "+
835 "expected", pop.opcode.name, len(retbytes), nbytes)
836 return nil, scriptError(ErrInternal, str)
842 // *******************************************
843 // Opcode implementation functions start here.
844 // *******************************************
846 // opcodeDisabled is a common handler for disabled opcodes. It returns an
847 // appropriate error indicating the opcode is disabled. While it would
848 // ordinarily make more sense to detect if the script contains any disabled
849 // opcodes before executing in an initial parse step, the consensus rules
850 // dictate the script doesn't fail until the program counter passes over a
851 // disabled opcode (even when they appear in a branch that is not executed).
852 func opcodeDisabled(op *parsedOpcode, vm *Engine) error {
853 str := fmt.Sprintf("attempt to execute disabled opcode %s",
855 return scriptError(ErrDisabledOpcode, str)
858 // opcodeReserved is a common handler for all reserved opcodes. It returns an
859 // appropriate error indicating the opcode is reserved.
860 func opcodeReserved(op *parsedOpcode, vm *Engine) error {
861 str := fmt.Sprintf("attempt to execute reserved opcode %s",
863 return scriptError(ErrReservedOpcode, str)
866 // opcodeInvalid is a common handler for all invalid opcodes. It returns an
867 // appropriate error indicating the opcode is invalid.
868 func opcodeInvalid(op *parsedOpcode, vm *Engine) error {
869 str := fmt.Sprintf("attempt to execute invalid opcode %s",
871 return scriptError(ErrReservedOpcode, str)
874 // opcodeFalse pushes an empty array to the data stack to represent false. Note
875 // that 0, when encoded as a number according to the numeric encoding consensus
876 // rules, is an empty array.
877 func opcodeFalse(op *parsedOpcode, vm *Engine) error {
878 vm.dstack.PushByteArray(nil)
882 // opcodePushData is a common handler for the vast majority of opcodes that push
883 // raw data (bytes) to the data stack.
884 func opcodePushData(op *parsedOpcode, vm *Engine) error {
885 vm.dstack.PushByteArray(op.data)
889 // opcode1Negate pushes -1, encoded as a number, to the data stack.
890 func opcode1Negate(op *parsedOpcode, vm *Engine) error {
891 vm.dstack.PushInt(scriptNum(-1))
895 // opcodeN is a common handler for the small integer data push opcodes. It
896 // pushes the numeric value the opcode represents (which will be from 1 to 16)
897 // onto the data stack.
898 func opcodeN(op *parsedOpcode, vm *Engine) error {
899 // The opcodes are all defined consecutively, so the numeric value is
901 vm.dstack.PushInt(scriptNum((op.opcode.value - (OP_1 - 1))))
905 // opcodeNop is a common handler for the NOP family of opcodes. As the name
906 // implies it generally does nothing, however, it will return an error when
907 // the flag to discourage use of NOPs is set for select opcodes.
908 func opcodeNop(op *parsedOpcode, vm *Engine) error {
909 switch op.opcode.value {
910 case OP_NOP1, OP_NOP4, OP_NOP5,
911 OP_NOP6, OP_NOP7, OP_NOP8, OP_NOP9, OP_NOP10:
912 if vm.hasFlag(ScriptDiscourageUpgradableNops) {
913 str := fmt.Sprintf("OP_NOP%d reserved for soft-fork "+
914 "upgrades", op.opcode.value-(OP_NOP1-1))
915 return scriptError(ErrDiscourageUpgradableNOPs, str)
921 // popIfBool enforces the "minimal if" policy during script execution if the
922 // particular flag is set. If so, in order to eliminate an additional source
923 // of nuisance malleability, post-segwit for version 0 witness programs, we now
924 // require the following: for OP_IF and OP_NOT_IF, the top stack item MUST
925 // either be an empty byte slice, or [0x01]. Otherwise, the item at the top of
926 // the stack will be popped and interpreted as a boolean.
927 func popIfBool(vm *Engine) (bool, error) {
928 // When not in witness execution mode, not executing a v0 witness
929 // program, or the minimal if flag isn't set pop the top stack item as
931 if !vm.isWitnessVersionActive(0) || !vm.hasFlag(ScriptVerifyMinimalIf) {
932 return vm.dstack.PopBool()
935 // At this point, a v0 witness program is being executed and the minimal
936 // if flag is set, so enforce additional constraints on the top stack
938 so, err := vm.dstack.PopByteArray()
943 // The top element MUST have a length of at least one.
945 str := fmt.Sprintf("minimal if is active, top element MUST "+
946 "have a length of at least, instead length is %v",
948 return false, scriptError(ErrMinimalIf, str)
951 // Additionally, if the length is one, then the value MUST be 0x01.
952 if len(so) == 1 && so[0] != 0x01 {
953 str := fmt.Sprintf("minimal if is active, top stack item MUST "+
954 "be an empty byte array or 0x01, is instead: %v",
956 return false, scriptError(ErrMinimalIf, str)
959 return asBool(so), nil
962 // opcodeIf treats the top item on the data stack as a boolean and removes it.
964 // An appropriate entry is added to the conditional stack depending on whether
965 // the boolean is true and whether this if is on an executing branch in order
966 // to allow proper execution of further opcodes depending on the conditional
967 // logic. When the boolean is true, the first branch will be executed (unless
968 // this opcode is nested in a non-executed branch).
970 // <expression> if [statements] [else [statements]] endif
972 // Note that, unlike for all non-conditional opcodes, this is executed even when
973 // it is on a non-executing branch so proper nesting is maintained.
975 // Data stack transformation: [... bool] -> [...]
976 // Conditional stack transformation: [...] -> [... OpCondValue]
977 func opcodeIf(op *parsedOpcode, vm *Engine) error {
978 condVal := OpCondFalse
979 if vm.isBranchExecuting() {
980 ok, err := popIfBool(vm)
991 vm.condStack = append(vm.condStack, condVal)
995 // opcodeNotIf treats the top item on the data stack as a boolean and removes
998 // An appropriate entry is added to the conditional stack depending on whether
999 // the boolean is true and whether this if is on an executing branch in order
1000 // to allow proper execution of further opcodes depending on the conditional
1001 // logic. When the boolean is false, the first branch will be executed (unless
1002 // this opcode is nested in a non-executed branch).
1004 // <expression> notif [statements] [else [statements]] endif
1006 // Note that, unlike for all non-conditional opcodes, this is executed even when
1007 // it is on a non-executing branch so proper nesting is maintained.
1009 // Data stack transformation: [... bool] -> [...]
1010 // Conditional stack transformation: [...] -> [... OpCondValue]
1011 func opcodeNotIf(op *parsedOpcode, vm *Engine) error {
1012 condVal := OpCondFalse
1013 if vm.isBranchExecuting() {
1014 ok, err := popIfBool(vm)
1020 condVal = OpCondTrue
1023 condVal = OpCondSkip
1025 vm.condStack = append(vm.condStack, condVal)
1029 // opcodeElse inverts conditional execution for other half of if/else/endif.
1031 // An error is returned if there has not already been a matching OP_IF.
1033 // Conditional stack transformation: [... OpCondValue] -> [... !OpCondValue]
1034 func opcodeElse(op *parsedOpcode, vm *Engine) error {
1035 if len(vm.condStack) == 0 {
1036 str := fmt.Sprintf("encountered opcode %s with no matching "+
1037 "opcode to begin conditional execution", op.opcode.name)
1038 return scriptError(ErrUnbalancedConditional, str)
1041 conditionalIdx := len(vm.condStack) - 1
1042 switch vm.condStack[conditionalIdx] {
1044 vm.condStack[conditionalIdx] = OpCondFalse
1046 vm.condStack[conditionalIdx] = OpCondTrue
1048 // Value doesn't change in skip since it indicates this opcode
1049 // is nested in a non-executed branch.
1054 // opcodeEndif terminates a conditional block, removing the value from the
1055 // conditional execution stack.
1057 // An error is returned if there has not already been a matching OP_IF.
1059 // Conditional stack transformation: [... OpCondValue] -> [...]
1060 func opcodeEndif(op *parsedOpcode, vm *Engine) error {
1061 if len(vm.condStack) == 0 {
1062 str := fmt.Sprintf("encountered opcode %s with no matching "+
1063 "opcode to begin conditional execution", op.opcode.name)
1064 return scriptError(ErrUnbalancedConditional, str)
1067 vm.condStack = vm.condStack[:len(vm.condStack)-1]
1071 // abstractVerify examines the top item on the data stack as a boolean value and
1072 // verifies it evaluates to true. An error is returned either when there is no
1073 // item on the stack or when that item evaluates to false. In the latter case
1074 // where the verification fails specifically due to the top item evaluating
1075 // to false, the returned error will use the passed error code.
1076 func abstractVerify(op *parsedOpcode, vm *Engine, c ErrorCode) error {
1077 verified, err := vm.dstack.PopBool()
1083 str := fmt.Sprintf("%s failed", op.opcode.name)
1084 return scriptError(c, str)
1089 // opcodeVerify examines the top item on the data stack as a boolean value and
1090 // verifies it evaluates to true. An error is returned if it does not.
1091 func opcodeVerify(op *parsedOpcode, vm *Engine) error {
1092 return abstractVerify(op, vm, ErrVerify)
1095 // opcodeReturn returns an appropriate error since it is always an error to
1096 // return early from a script.
1097 func opcodeReturn(op *parsedOpcode, vm *Engine) error {
1098 return scriptError(ErrEarlyReturn, "script returned early")
1101 // verifyLockTime is a helper function used to validate locktimes.
1102 func verifyLockTime(txLockTime, threshold, lockTime int64) error {
1103 // The lockTimes in both the script and transaction must be of the same
1105 if !((txLockTime < threshold && lockTime < threshold) ||
1106 (txLockTime >= threshold && lockTime >= threshold)) {
1107 str := fmt.Sprintf("mismatched locktime types -- tx locktime "+
1108 "%d, stack locktime %d", txLockTime, lockTime)
1109 return scriptError(ErrUnsatisfiedLockTime, str)
1112 if lockTime > txLockTime {
1113 str := fmt.Sprintf("locktime requirement not satisfied -- "+
1114 "locktime is greater than the transaction locktime: "+
1115 "%d > %d", lockTime, txLockTime)
1116 return scriptError(ErrUnsatisfiedLockTime, str)
1122 // opcodeCheckLockTimeVerify compares the top item on the data stack to the
1123 // LockTime field of the transaction containing the script signature
1124 // validating if the transaction outputs are spendable yet. If flag
1125 // ScriptVerifyCheckLockTimeVerify is not set, the code continues as if OP_NOP2
1127 func opcodeCheckLockTimeVerify(op *parsedOpcode, vm *Engine) error {
1128 // If the ScriptVerifyCheckLockTimeVerify script flag is not set, treat
1129 // opcode as OP_NOP2 instead.
1130 if !vm.hasFlag(ScriptVerifyCheckLockTimeVerify) {
1131 if vm.hasFlag(ScriptDiscourageUpgradableNops) {
1132 return scriptError(ErrDiscourageUpgradableNOPs,
1133 "OP_NOP2 reserved for soft-fork upgrades")
1138 // The current transaction locktime is a uint32 resulting in a maximum
1139 // locktime of 2^32-1 (the year 2106). However, scriptNums are signed
1140 // and therefore a standard 4-byte scriptNum would only support up to a
1141 // maximum of 2^31-1 (the year 2038). Thus, a 5-byte scriptNum is used
1142 // here since it will support up to 2^39-1 which allows dates beyond the
1143 // current locktime limit.
1145 // PeekByteArray is used here instead of PeekInt because we do not want
1146 // to be limited to a 4-byte integer for reasons specified above.
1147 so, err := vm.dstack.PeekByteArray(0)
1151 lockTime, err := makeScriptNum(so, vm.dstack.verifyMinimalData, 5)
1156 // In the rare event that the argument needs to be < 0 due to some
1157 // arithmetic being done first, you can always use
1158 // 0 OP_MAX OP_CHECKLOCKTIMEVERIFY.
1160 str := fmt.Sprintf("negative lock time: %d", lockTime)
1161 return scriptError(ErrNegativeLockTime, str)
1164 // The lock time field of a transaction is either a block height at
1165 // which the transaction is finalized or a timestamp depending on if the
1166 // value is before the txscript.LockTimeThreshold. When it is under the
1167 // threshold it is a block height.
1168 err = verifyLockTime(int64(vm.tx.LockTime), LockTimeThreshold,
1174 // The lock time feature can also be disabled, thereby bypassing
1175 // OP_CHECKLOCKTIMEVERIFY, if every transaction input has been finalized by
1176 // setting its sequence to the maximum value (wire.MaxTxInSequenceNum). This
1177 // condition would result in the transaction being allowed into the blockchain
1178 // making the opcode ineffective.
1180 // This condition is prevented by enforcing that the input being used by
1181 // the opcode is unlocked (its sequence number is less than the max
1182 // value). This is sufficient to prove correctness without having to
1183 // check every input.
1185 // NOTE: This implies that even if the transaction is not finalized due to
1186 // another input being unlocked, the opcode execution will still fail when the
1187 // input being used by the opcode is locked.
1188 if vm.tx.TxIn[vm.txIdx].Sequence == wire.MaxTxInSequenceNum {
1189 return scriptError(ErrUnsatisfiedLockTime,
1190 "transaction input is finalized")
1196 // opcodeCheckSequenceVerify compares the top item on the data stack to the
1197 // LockTime field of the transaction containing the script signature
1198 // validating if the transaction outputs are spendable yet. If flag
1199 // ScriptVerifyCheckSequenceVerify is not set, the code continues as if OP_NOP3
1201 func opcodeCheckSequenceVerify(op *parsedOpcode, vm *Engine) error {
1202 // If the ScriptVerifyCheckSequenceVerify script flag is not set, treat
1203 // opcode as OP_NOP3 instead.
1204 if !vm.hasFlag(ScriptVerifyCheckSequenceVerify) {
1205 if vm.hasFlag(ScriptDiscourageUpgradableNops) {
1206 return scriptError(ErrDiscourageUpgradableNOPs,
1207 "OP_NOP3 reserved for soft-fork upgrades")
1212 // The current transaction sequence is a uint32 resulting in a maximum
1213 // sequence of 2^32-1. However, scriptNums are signed and therefore a
1214 // standard 4-byte scriptNum would only support up to a maximum of
1215 // 2^31-1. Thus, a 5-byte scriptNum is used here since it will support
1216 // up to 2^39-1 which allows sequences beyond the current sequence
1219 // PeekByteArray is used here instead of PeekInt because we do not want
1220 // to be limited to a 4-byte integer for reasons specified above.
1221 so, err := vm.dstack.PeekByteArray(0)
1225 stackSequence, err := makeScriptNum(so, vm.dstack.verifyMinimalData, 5)
1230 // In the rare event that the argument needs to be < 0 due to some
1231 // arithmetic being done first, you can always use
1232 // 0 OP_MAX OP_CHECKSEQUENCEVERIFY.
1233 if stackSequence < 0 {
1234 str := fmt.Sprintf("negative sequence: %d", stackSequence)
1235 return scriptError(ErrNegativeLockTime, str)
1238 sequence := int64(stackSequence)
1240 // To provide for future soft-fork extensibility, if the
1241 // operand has the disabled lock-time flag set,
1242 // CHECKSEQUENCEVERIFY behaves as a NOP.
1243 if sequence&int64(wire.SequenceLockTimeDisabled) != 0 {
1247 // Transaction version numbers not high enough to trigger CSV rules must
1249 if vm.tx.Version < 2 {
1250 str := fmt.Sprintf("invalid transaction version: %d",
1252 return scriptError(ErrUnsatisfiedLockTime, str)
1255 // Sequence numbers with their most significant bit set are not
1256 // consensus constrained. Testing that the transaction's sequence
1257 // number does not have this bit set prevents using this property
1258 // to get around a CHECKSEQUENCEVERIFY check.
1259 txSequence := int64(vm.tx.TxIn[vm.txIdx].Sequence)
1260 if txSequence&int64(wire.SequenceLockTimeDisabled) != 0 {
1261 str := fmt.Sprintf("transaction sequence has sequence "+
1262 "locktime disabled bit set: 0x%x", txSequence)
1263 return scriptError(ErrUnsatisfiedLockTime, str)
1266 // Mask off non-consensus bits before doing comparisons.
1267 lockTimeMask := int64(wire.SequenceLockTimeIsSeconds |
1268 wire.SequenceLockTimeMask)
1269 return verifyLockTime(txSequence&lockTimeMask,
1270 wire.SequenceLockTimeIsSeconds, sequence&lockTimeMask)
1273 // opcodeToAltStack removes the top item from the main data stack and pushes it
1274 // onto the alternate data stack.
1276 // Main data stack transformation: [... x1 x2 x3] -> [... x1 x2]
1277 // Alt data stack transformation: [... y1 y2 y3] -> [... y1 y2 y3 x3]
1278 func opcodeToAltStack(op *parsedOpcode, vm *Engine) error {
1279 so, err := vm.dstack.PopByteArray()
1283 vm.astack.PushByteArray(so)
1288 // opcodeFromAltStack removes the top item from the alternate data stack and
1289 // pushes it onto the main data stack.
1291 // Main data stack transformation: [... x1 x2 x3] -> [... x1 x2 x3 y3]
1292 // Alt data stack transformation: [... y1 y2 y3] -> [... y1 y2]
1293 func opcodeFromAltStack(op *parsedOpcode, vm *Engine) error {
1294 so, err := vm.astack.PopByteArray()
1298 vm.dstack.PushByteArray(so)
1303 // opcode2Drop removes the top 2 items from the data stack.
1305 // Stack transformation: [... x1 x2 x3] -> [... x1]
1306 func opcode2Drop(op *parsedOpcode, vm *Engine) error {
1307 return vm.dstack.DropN(2)
1310 // opcode2Dup duplicates the top 2 items on the data stack.
1312 // Stack transformation: [... x1 x2 x3] -> [... x1 x2 x3 x2 x3]
1313 func opcode2Dup(op *parsedOpcode, vm *Engine) error {
1314 return vm.dstack.DupN(2)
1317 // opcode3Dup duplicates the top 3 items on the data stack.
1319 // Stack transformation: [... x1 x2 x3] -> [... x1 x2 x3 x1 x2 x3]
1320 func opcode3Dup(op *parsedOpcode, vm *Engine) error {
1321 return vm.dstack.DupN(3)
1324 // opcode2Over duplicates the 2 items before the top 2 items on the data stack.
1326 // Stack transformation: [... x1 x2 x3 x4] -> [... x1 x2 x3 x4 x1 x2]
1327 func opcode2Over(op *parsedOpcode, vm *Engine) error {
1328 return vm.dstack.OverN(2)
1331 // opcode2Rot rotates the top 6 items on the data stack to the left twice.
1333 // Stack transformation: [... x1 x2 x3 x4 x5 x6] -> [... x3 x4 x5 x6 x1 x2]
1334 func opcode2Rot(op *parsedOpcode, vm *Engine) error {
1335 return vm.dstack.RotN(2)
1338 // opcode2Swap swaps the top 2 items on the data stack with the 2 that come
1341 // Stack transformation: [... x1 x2 x3 x4] -> [... x3 x4 x1 x2]
1342 func opcode2Swap(op *parsedOpcode, vm *Engine) error {
1343 return vm.dstack.SwapN(2)
1346 // opcodeIfDup duplicates the top item of the stack if it is not zero.
1348 // Stack transformation (x1==0): [... x1] -> [... x1]
1349 // Stack transformation (x1!=0): [... x1] -> [... x1 x1]
1350 func opcodeIfDup(op *parsedOpcode, vm *Engine) error {
1351 so, err := vm.dstack.PeekByteArray(0)
1356 // Push copy of data iff it isn't zero
1358 vm.dstack.PushByteArray(so)
1364 // opcodeDepth pushes the depth of the data stack prior to executing this
1365 // opcode, encoded as a number, onto the data stack.
1367 // Stack transformation: [...] -> [... <num of items on the stack>]
1368 // Example with 2 items: [x1 x2] -> [x1 x2 2]
1369 // Example with 3 items: [x1 x2 x3] -> [x1 x2 x3 3]
1370 func opcodeDepth(op *parsedOpcode, vm *Engine) error {
1371 vm.dstack.PushInt(scriptNum(vm.dstack.Depth()))
1375 // opcodeDrop removes the top item from the data stack.
1377 // Stack transformation: [... x1 x2 x3] -> [... x1 x2]
1378 func opcodeDrop(op *parsedOpcode, vm *Engine) error {
1379 return vm.dstack.DropN(1)
1382 // opcodeDup duplicates the top item on the data stack.
1384 // Stack transformation: [... x1 x2 x3] -> [... x1 x2 x3 x3]
1385 func opcodeDup(op *parsedOpcode, vm *Engine) error {
1386 return vm.dstack.DupN(1)
1389 // opcodeNip removes the item before the top item on the data stack.
1391 // Stack transformation: [... x1 x2 x3] -> [... x1 x3]
1392 func opcodeNip(op *parsedOpcode, vm *Engine) error {
1393 return vm.dstack.NipN(1)
1396 // opcodeOver duplicates the item before the top item on the data stack.
1398 // Stack transformation: [... x1 x2 x3] -> [... x1 x2 x3 x2]
1399 func opcodeOver(op *parsedOpcode, vm *Engine) error {
1400 return vm.dstack.OverN(1)
1403 // opcodePick treats the top item on the data stack as an integer and duplicates
1404 // the item on the stack that number of items back to the top.
1406 // Stack transformation: [xn ... x2 x1 x0 n] -> [xn ... x2 x1 x0 xn]
1407 // Example with n=1: [x2 x1 x0 1] -> [x2 x1 x0 x1]
1408 // Example with n=2: [x2 x1 x0 2] -> [x2 x1 x0 x2]
1409 func opcodePick(op *parsedOpcode, vm *Engine) error {
1410 val, err := vm.dstack.PopInt()
1415 return vm.dstack.PickN(val.Int32())
1418 // opcodeRoll treats the top item on the data stack as an integer and moves
1419 // the item on the stack that number of items back to the top.
1421 // Stack transformation: [xn ... x2 x1 x0 n] -> [... x2 x1 x0 xn]
1422 // Example with n=1: [x2 x1 x0 1] -> [x2 x0 x1]
1423 // Example with n=2: [x2 x1 x0 2] -> [x1 x0 x2]
1424 func opcodeRoll(op *parsedOpcode, vm *Engine) error {
1425 val, err := vm.dstack.PopInt()
1430 return vm.dstack.RollN(val.Int32())
1433 // opcodeRot rotates the top 3 items on the data stack to the left.
1435 // Stack transformation: [... x1 x2 x3] -> [... x2 x3 x1]
1436 func opcodeRot(op *parsedOpcode, vm *Engine) error {
1437 return vm.dstack.RotN(1)
1440 // opcodeSwap swaps the top two items on the stack.
1442 // Stack transformation: [... x1 x2] -> [... x2 x1]
1443 func opcodeSwap(op *parsedOpcode, vm *Engine) error {
1444 return vm.dstack.SwapN(1)
1447 // opcodeTuck inserts a duplicate of the top item of the data stack before the
1448 // second-to-top item.
1450 // Stack transformation: [... x1 x2] -> [... x2 x1 x2]
1451 func opcodeTuck(op *parsedOpcode, vm *Engine) error {
1452 return vm.dstack.Tuck()
1455 // opcodeSize pushes the size of the top item of the data stack onto the data
1458 // Stack transformation: [... x1] -> [... x1 len(x1)]
1459 func opcodeSize(op *parsedOpcode, vm *Engine) error {
1460 so, err := vm.dstack.PeekByteArray(0)
1465 vm.dstack.PushInt(scriptNum(len(so)))
1469 // opcodeEqual removes the top 2 items of the data stack, compares them as raw
1470 // bytes, and pushes the result, encoded as a boolean, back to the stack.
1472 // Stack transformation: [... x1 x2] -> [... bool]
1473 func opcodeEqual(op *parsedOpcode, vm *Engine) error {
1474 a, err := vm.dstack.PopByteArray()
1478 b, err := vm.dstack.PopByteArray()
1483 vm.dstack.PushBool(bytes.Equal(a, b))
1487 // opcodeEqualVerify is a combination of opcodeEqual and opcodeVerify.
1488 // Specifically, it removes the top 2 items of the data stack, compares them,
1489 // and pushes the result, encoded as a boolean, back to the stack. Then, it
1490 // examines the top item on the data stack as a boolean value and verifies it
1491 // evaluates to true. An error is returned if it does not.
1493 // Stack transformation: [... x1 x2] -> [... bool] -> [...]
1494 func opcodeEqualVerify(op *parsedOpcode, vm *Engine) error {
1495 err := opcodeEqual(op, vm)
1497 err = abstractVerify(op, vm, ErrEqualVerify)
1502 // opcode1Add treats the top item on the data stack as an integer and replaces
1503 // it with its incremented value (plus 1).
1505 // Stack transformation: [... x1 x2] -> [... x1 x2+1]
1506 func opcode1Add(op *parsedOpcode, vm *Engine) error {
1507 m, err := vm.dstack.PopInt()
1512 vm.dstack.PushInt(m + 1)
1516 // opcode1Sub treats the top item on the data stack as an integer and replaces
1517 // it with its decremented value (minus 1).
1519 // Stack transformation: [... x1 x2] -> [... x1 x2-1]
1520 func opcode1Sub(op *parsedOpcode, vm *Engine) error {
1521 m, err := vm.dstack.PopInt()
1525 vm.dstack.PushInt(m - 1)
1530 // opcodeNegate treats the top item on the data stack as an integer and replaces
1531 // it with its negation.
1533 // Stack transformation: [... x1 x2] -> [... x1 -x2]
1534 func opcodeNegate(op *parsedOpcode, vm *Engine) error {
1535 m, err := vm.dstack.PopInt()
1540 vm.dstack.PushInt(-m)
1544 // opcodeAbs treats the top item on the data stack as an integer and replaces it
1545 // it with its absolute value.
1547 // Stack transformation: [... x1 x2] -> [... x1 abs(x2)]
1548 func opcodeAbs(op *parsedOpcode, vm *Engine) error {
1549 m, err := vm.dstack.PopInt()
1557 vm.dstack.PushInt(m)
1561 // opcodeNot treats the top item on the data stack as an integer and replaces
1562 // it with its "inverted" value (0 becomes 1, non-zero becomes 0).
1564 // NOTE: While it would probably make more sense to treat the top item as a
1565 // boolean, and push the opposite, which is really what the intention of this
1566 // opcode is, it is extremely important that is not done because integers are
1567 // interpreted differently than booleans and the consensus rules for this opcode
1568 // dictate the item is interpreted as an integer.
1570 // Stack transformation (x2==0): [... x1 0] -> [... x1 1]
1571 // Stack transformation (x2!=0): [... x1 1] -> [... x1 0]
1572 // Stack transformation (x2!=0): [... x1 17] -> [... x1 0]
1573 func opcodeNot(op *parsedOpcode, vm *Engine) error {
1574 m, err := vm.dstack.PopInt()
1580 vm.dstack.PushInt(scriptNum(1))
1582 vm.dstack.PushInt(scriptNum(0))
1587 // opcode0NotEqual treats the top item on the data stack as an integer and
1588 // replaces it with either a 0 if it is zero, or a 1 if it is not zero.
1590 // Stack transformation (x2==0): [... x1 0] -> [... x1 0]
1591 // Stack transformation (x2!=0): [... x1 1] -> [... x1 1]
1592 // Stack transformation (x2!=0): [... x1 17] -> [... x1 1]
1593 func opcode0NotEqual(op *parsedOpcode, vm *Engine) error {
1594 m, err := vm.dstack.PopInt()
1602 vm.dstack.PushInt(m)
1606 // opcodeAdd treats the top two items on the data stack as integers and replaces
1607 // them with their sum.
1609 // Stack transformation: [... x1 x2] -> [... x1+x2]
1610 func opcodeAdd(op *parsedOpcode, vm *Engine) error {
1611 v0, err := vm.dstack.PopInt()
1616 v1, err := vm.dstack.PopInt()
1621 vm.dstack.PushInt(v0 + v1)
1625 // opcodeSub treats the top two items on the data stack as integers and replaces
1626 // them with the result of subtracting the top entry from the second-to-top
1629 // Stack transformation: [... x1 x2] -> [... x1-x2]
1630 func opcodeSub(op *parsedOpcode, vm *Engine) error {
1631 v0, err := vm.dstack.PopInt()
1636 v1, err := vm.dstack.PopInt()
1641 vm.dstack.PushInt(v1 - v0)
1645 // opcodeBoolAnd treats the top two items on the data stack as integers. When
1646 // both of them are not zero, they are replaced with a 1, otherwise a 0.
1648 // Stack transformation (x1==0, x2==0): [... 0 0] -> [... 0]
1649 // Stack transformation (x1!=0, x2==0): [... 5 0] -> [... 0]
1650 // Stack transformation (x1==0, x2!=0): [... 0 7] -> [... 0]
1651 // Stack transformation (x1!=0, x2!=0): [... 4 8] -> [... 1]
1652 func opcodeBoolAnd(op *parsedOpcode, vm *Engine) error {
1653 v0, err := vm.dstack.PopInt()
1658 v1, err := vm.dstack.PopInt()
1663 if v0 != 0 && v1 != 0 {
1664 vm.dstack.PushInt(scriptNum(1))
1666 vm.dstack.PushInt(scriptNum(0))
1672 // opcodeBoolOr treats the top two items on the data stack as integers. When
1673 // either of them are not zero, they are replaced with a 1, otherwise a 0.
1675 // Stack transformation (x1==0, x2==0): [... 0 0] -> [... 0]
1676 // Stack transformation (x1!=0, x2==0): [... 5 0] -> [... 1]
1677 // Stack transformation (x1==0, x2!=0): [... 0 7] -> [... 1]
1678 // Stack transformation (x1!=0, x2!=0): [... 4 8] -> [... 1]
1679 func opcodeBoolOr(op *parsedOpcode, vm *Engine) error {
1680 v0, err := vm.dstack.PopInt()
1685 v1, err := vm.dstack.PopInt()
1690 if v0 != 0 || v1 != 0 {
1691 vm.dstack.PushInt(scriptNum(1))
1693 vm.dstack.PushInt(scriptNum(0))
1699 // opcodeNumEqual treats the top two items on the data stack as integers. When
1700 // they are equal, they are replaced with a 1, otherwise a 0.
1702 // Stack transformation (x1==x2): [... 5 5] -> [... 1]
1703 // Stack transformation (x1!=x2): [... 5 7] -> [... 0]
1704 func opcodeNumEqual(op *parsedOpcode, vm *Engine) error {
1705 v0, err := vm.dstack.PopInt()
1710 v1, err := vm.dstack.PopInt()
1716 vm.dstack.PushInt(scriptNum(1))
1718 vm.dstack.PushInt(scriptNum(0))
1724 // opcodeNumEqualVerify is a combination of opcodeNumEqual and opcodeVerify.
1726 // Specifically, treats the top two items on the data stack as integers. When
1727 // they are equal, they are replaced with a 1, otherwise a 0. Then, it examines
1728 // the top item on the data stack as a boolean value and verifies it evaluates
1729 // to true. An error is returned if it does not.
1731 // Stack transformation: [... x1 x2] -> [... bool] -> [...]
1732 func opcodeNumEqualVerify(op *parsedOpcode, vm *Engine) error {
1733 err := opcodeNumEqual(op, vm)
1735 err = abstractVerify(op, vm, ErrNumEqualVerify)
1740 // opcodeNumNotEqual treats the top two items on the data stack as integers.
1741 // When they are NOT equal, they are replaced with a 1, otherwise a 0.
1743 // Stack transformation (x1==x2): [... 5 5] -> [... 0]
1744 // Stack transformation (x1!=x2): [... 5 7] -> [... 1]
1745 func opcodeNumNotEqual(op *parsedOpcode, vm *Engine) error {
1746 v0, err := vm.dstack.PopInt()
1751 v1, err := vm.dstack.PopInt()
1757 vm.dstack.PushInt(scriptNum(1))
1759 vm.dstack.PushInt(scriptNum(0))
1765 // opcodeLessThan treats the top two items on the data stack as integers. When
1766 // the second-to-top item is less than the top item, they are replaced with a 1,
1769 // Stack transformation: [... x1 x2] -> [... bool]
1770 func opcodeLessThan(op *parsedOpcode, vm *Engine) error {
1771 v0, err := vm.dstack.PopInt()
1776 v1, err := vm.dstack.PopInt()
1782 vm.dstack.PushInt(scriptNum(1))
1784 vm.dstack.PushInt(scriptNum(0))
1790 // opcodeGreaterThan treats the top two items on the data stack as integers.
1791 // When the second-to-top item is greater than the top item, they are replaced
1792 // with a 1, otherwise a 0.
1794 // Stack transformation: [... x1 x2] -> [... bool]
1795 func opcodeGreaterThan(op *parsedOpcode, vm *Engine) error {
1796 v0, err := vm.dstack.PopInt()
1801 v1, err := vm.dstack.PopInt()
1807 vm.dstack.PushInt(scriptNum(1))
1809 vm.dstack.PushInt(scriptNum(0))
1814 // opcodeLessThanOrEqual treats the top two items on the data stack as integers.
1815 // When the second-to-top item is less than or equal to the top item, they are
1816 // replaced with a 1, otherwise a 0.
1818 // Stack transformation: [... x1 x2] -> [... bool]
1819 func opcodeLessThanOrEqual(op *parsedOpcode, vm *Engine) error {
1820 v0, err := vm.dstack.PopInt()
1825 v1, err := vm.dstack.PopInt()
1831 vm.dstack.PushInt(scriptNum(1))
1833 vm.dstack.PushInt(scriptNum(0))
1838 // opcodeGreaterThanOrEqual treats the top two items on the data stack as
1839 // integers. When the second-to-top item is greater than or equal to the top
1840 // item, they are replaced with a 1, otherwise a 0.
1842 // Stack transformation: [... x1 x2] -> [... bool]
1843 func opcodeGreaterThanOrEqual(op *parsedOpcode, vm *Engine) error {
1844 v0, err := vm.dstack.PopInt()
1849 v1, err := vm.dstack.PopInt()
1855 vm.dstack.PushInt(scriptNum(1))
1857 vm.dstack.PushInt(scriptNum(0))
1863 // opcodeMin treats the top two items on the data stack as integers and replaces
1864 // them with the minimum of the two.
1866 // Stack transformation: [... x1 x2] -> [... min(x1, x2)]
1867 func opcodeMin(op *parsedOpcode, vm *Engine) error {
1868 v0, err := vm.dstack.PopInt()
1873 v1, err := vm.dstack.PopInt()
1879 vm.dstack.PushInt(v1)
1881 vm.dstack.PushInt(v0)
1887 // opcodeMax treats the top two items on the data stack as integers and replaces
1888 // them with the maximum of the two.
1890 // Stack transformation: [... x1 x2] -> [... max(x1, x2)]
1891 func opcodeMax(op *parsedOpcode, vm *Engine) error {
1892 v0, err := vm.dstack.PopInt()
1897 v1, err := vm.dstack.PopInt()
1903 vm.dstack.PushInt(v1)
1905 vm.dstack.PushInt(v0)
1911 // opcodeWithin treats the top 3 items on the data stack as integers. When the
1912 // value to test is within the specified range (left inclusive), they are
1913 // replaced with a 1, otherwise a 0.
1915 // The top item is the max value, the second-top-item is the minimum value, and
1916 // the third-to-top item is the value to test.
1918 // Stack transformation: [... x1 min max] -> [... bool]
1919 func opcodeWithin(op *parsedOpcode, vm *Engine) error {
1920 maxVal, err := vm.dstack.PopInt()
1925 minVal, err := vm.dstack.PopInt()
1930 x, err := vm.dstack.PopInt()
1935 if x >= minVal && x < maxVal {
1936 vm.dstack.PushInt(scriptNum(1))
1938 vm.dstack.PushInt(scriptNum(0))
1943 // calcHash calculates the hash of hasher over buf.
1944 func calcHash(buf []byte, hasher hash.Hash) []byte {
1946 return hasher.Sum(nil)
1949 // opcodeRipemd160 treats the top item of the data stack as raw bytes and
1950 // replaces it with ripemd160(data).
1952 // Stack transformation: [... x1] -> [... ripemd160(x1)]
1953 func opcodeRipemd160(op *parsedOpcode, vm *Engine) error {
1954 buf, err := vm.dstack.PopByteArray()
1959 vm.dstack.PushByteArray(calcHash(buf, ripemd160.New()))
1963 // opcodeSha1 treats the top item of the data stack as raw bytes and replaces it
1966 // Stack transformation: [... x1] -> [... sha1(x1)]
1967 func opcodeSha1(op *parsedOpcode, vm *Engine) error {
1968 buf, err := vm.dstack.PopByteArray()
1973 hash := sha1.Sum(buf)
1974 vm.dstack.PushByteArray(hash[:])
1978 // opcodeSha256 treats the top item of the data stack as raw bytes and replaces
1979 // it with sha256(data).
1981 // Stack transformation: [... x1] -> [... sha256(x1)]
1982 func opcodeSha256(op *parsedOpcode, vm *Engine) error {
1983 buf, err := vm.dstack.PopByteArray()
1988 hash := sha256.Sum256(buf)
1989 vm.dstack.PushByteArray(hash[:])
1993 // opcodeHash160 treats the top item of the data stack as raw bytes and replaces
1994 // it with ripemd160(sha256(data)).
1996 // Stack transformation: [... x1] -> [... ripemd160(sha256(x1))]
1997 func opcodeHash160(op *parsedOpcode, vm *Engine) error {
1998 buf, err := vm.dstack.PopByteArray()
2003 hash := sha256.Sum256(buf)
2004 vm.dstack.PushByteArray(calcHash(hash[:], ripemd160.New()))
2008 // opcodeHash256 treats the top item of the data stack as raw bytes and replaces
2009 // it with sha256(sha256(data)).
2011 // Stack transformation: [... x1] -> [... sha256(sha256(x1))]
2012 func opcodeHash256(op *parsedOpcode, vm *Engine) error {
2013 buf, err := vm.dstack.PopByteArray()
2018 vm.dstack.PushByteArray(chainhash.DoubleHashB(buf))
2022 // opcodeCodeSeparator stores the current script offset as the most recently
2023 // seen OP_CODESEPARATOR which is used during signature checking.
2025 // This opcode does not change the contents of the data stack.
2026 func opcodeCodeSeparator(op *parsedOpcode, vm *Engine) error {
2027 vm.lastCodeSep = vm.scriptOff
2031 // opcodeCheckSig treats the top 2 items on the stack as a public key and a
2032 // signature and replaces them with a bool which indicates if the signature was
2033 // successfully verified.
2035 // The process of verifying a signature requires calculating a signature hash in
2036 // the same way the transaction signer did. It involves hashing portions of the
2037 // transaction based on the hash type byte (which is the final byte of the
2038 // signature) and the portion of the script starting from the most recent
2039 // OP_CODESEPARATOR (or the beginning of the script if there are none) to the
2040 // end of the script (with any other OP_CODESEPARATORs removed). Once this
2041 // "script hash" is calculated, the signature is checked using standard
2042 // cryptographic methods against the provided public key.
2044 // Stack transformation: [... signature pubkey] -> [... bool]
2045 func opcodeCheckSig(op *parsedOpcode, vm *Engine) error {
2046 pkBytes, err := vm.dstack.PopByteArray()
2051 fullSigBytes, err := vm.dstack.PopByteArray()
2056 // The signature actually needs needs to be longer than this, but at
2057 // least 1 byte is needed for the hash type below. The full length is
2058 // checked depending on the script flags and upon parsing the signature.
2059 if len(fullSigBytes) < 1 {
2060 vm.dstack.PushBool(false)
2064 // Trim off hashtype from the signature string and check if the
2065 // signature and pubkey conform to the strict encoding requirements
2066 // depending on the flags.
2068 // NOTE: When the strict encoding flags are set, any errors in the
2069 // signature or public encoding here result in an immediate script error
2070 // (and thus no result bool is pushed to the data stack). This differs
2071 // from the logic below where any errors in parsing the signature is
2072 // treated as the signature failure resulting in false being pushed to
2073 // the data stack. This is required because the more general script
2074 // validation consensus rules do not have the new strict encoding
2075 // requirements enabled by the flags.
2076 hashType := SigHashType(fullSigBytes[len(fullSigBytes)-1])
2077 sigBytes := fullSigBytes[:len(fullSigBytes)-1]
2078 if err := vm.checkHashTypeEncoding(hashType); err != nil {
2081 if err := vm.checkSignatureEncoding(sigBytes); err != nil {
2084 if err := vm.checkPubKeyEncoding(pkBytes); err != nil {
2088 // Get script starting from the most recent OP_CODESEPARATOR.
2089 subScript := vm.subScript()
2091 // Generate the signature hash based on the signature hash type.
2093 if vm.isWitnessVersionActive(0) {
2094 var sigHashes *TxSigHashes
2095 if vm.hashCache != nil {
2096 sigHashes = vm.hashCache
2098 sigHashes = NewTxSigHashes(&vm.tx)
2101 hash, err = calcWitnessSignatureHash(subScript, sigHashes, hashType,
2102 &vm.tx, vm.txIdx, vm.inputAmount)
2107 // Remove the signature since there is no way for a signature
2109 subScript = removeOpcodeByData(subScript, fullSigBytes)
2111 hash = calcSignatureHash(subScript, hashType, &vm.tx, vm.txIdx)
2114 pubKey, err := btcec.ParsePubKey(pkBytes, btcec.S256())
2116 vm.dstack.PushBool(false)
2120 var signature *btcec.Signature
2121 if vm.hasFlag(ScriptVerifyStrictEncoding) ||
2122 vm.hasFlag(ScriptVerifyDERSignatures) {
2124 signature, err = btcec.ParseDERSignature(sigBytes, btcec.S256())
2126 signature, err = btcec.ParseSignature(sigBytes, btcec.S256())
2129 vm.dstack.PushBool(false)
2134 if vm.sigCache != nil {
2135 var sigHash chainhash.Hash
2136 copy(sigHash[:], hash)
2138 valid = vm.sigCache.Exists(sigHash, signature, pubKey)
2139 if !valid && signature.Verify(hash, pubKey) {
2140 vm.sigCache.Add(sigHash, signature, pubKey)
2144 valid = signature.Verify(hash, pubKey)
2147 if !valid && vm.hasFlag(ScriptVerifyNullFail) && len(sigBytes) > 0 {
2148 str := "signature not empty on failed checksig"
2149 return scriptError(ErrNullFail, str)
2152 vm.dstack.PushBool(valid)
2156 // opcodeCheckSigVerify is a combination of opcodeCheckSig and opcodeVerify.
2157 // The opcodeCheckSig function is invoked followed by opcodeVerify. See the
2158 // documentation for each of those opcodes for more details.
2160 // Stack transformation: signature pubkey] -> [... bool] -> [...]
2161 func opcodeCheckSigVerify(op *parsedOpcode, vm *Engine) error {
2162 err := opcodeCheckSig(op, vm)
2164 err = abstractVerify(op, vm, ErrCheckSigVerify)
2169 // parsedSigInfo houses a raw signature along with its parsed form and a flag
2170 // for whether or not it has already been parsed. It is used to prevent parsing
2171 // the same signature multiple times when verifying a multisig.
2172 type parsedSigInfo struct {
2174 parsedSignature *btcec.Signature
2178 // opcodeCheckMultiSig treats the top item on the stack as an integer number of
2179 // public keys, followed by that many entries as raw data representing the public
2180 // keys, followed by the integer number of signatures, followed by that many
2181 // entries as raw data representing the signatures.
2183 // Due to a bug in the original Satoshi client implementation, an additional
2184 // dummy argument is also required by the consensus rules, although it is not
2185 // used. The dummy value SHOULD be an OP_0, although that is not required by
2186 // the consensus rules. When the ScriptStrictMultiSig flag is set, it must be
2189 // All of the aforementioned stack items are replaced with a bool which
2190 // indicates if the requisite number of signatures were successfully verified.
2192 // See the opcodeCheckSigVerify documentation for more details about the process
2193 // for verifying each signature.
2195 // Stack transformation:
2196 // [... dummy [sig ...] numsigs [pubkey ...] numpubkeys] -> [... bool]
2197 func opcodeCheckMultiSig(op *parsedOpcode, vm *Engine) error {
2198 numKeys, err := vm.dstack.PopInt()
2203 numPubKeys := int(numKeys.Int32())
2205 str := fmt.Sprintf("number of pubkeys %d is negative",
2207 return scriptError(ErrInvalidPubKeyCount, str)
2209 if numPubKeys > MaxPubKeysPerMultiSig {
2210 str := fmt.Sprintf("too many pubkeys: %d > %d",
2211 numPubKeys, MaxPubKeysPerMultiSig)
2212 return scriptError(ErrInvalidPubKeyCount, str)
2214 vm.numOps += numPubKeys
2215 if vm.numOps > MaxOpsPerScript {
2216 str := fmt.Sprintf("exceeded max operation limit of %d",
2218 return scriptError(ErrTooManyOperations, str)
2221 pubKeys := make([][]byte, 0, numPubKeys)
2222 for i := 0; i < numPubKeys; i++ {
2223 pubKey, err := vm.dstack.PopByteArray()
2227 pubKeys = append(pubKeys, pubKey)
2230 numSigs, err := vm.dstack.PopInt()
2234 numSignatures := int(numSigs.Int32())
2235 if numSignatures < 0 {
2236 str := fmt.Sprintf("number of signatures %d is negative",
2238 return scriptError(ErrInvalidSignatureCount, str)
2241 if numSignatures > numPubKeys {
2242 str := fmt.Sprintf("more signatures than pubkeys: %d > %d",
2243 numSignatures, numPubKeys)
2244 return scriptError(ErrInvalidSignatureCount, str)
2247 signatures := make([]*parsedSigInfo, 0, numSignatures)
2248 for i := 0; i < numSignatures; i++ {
2249 signature, err := vm.dstack.PopByteArray()
2253 sigInfo := &parsedSigInfo{signature: signature}
2254 signatures = append(signatures, sigInfo)
2257 // A bug in the original Satoshi client implementation means one more
2258 // stack value than should be used must be popped. Unfortunately, this
2259 // buggy behavior is now part of the consensus and a hard fork would be
2260 // required to fix it.
2261 dummy, err := vm.dstack.PopByteArray()
2266 // Since the dummy argument is otherwise not checked, it could be any
2267 // value which unfortunately provides a source of malleability. Thus,
2268 // there is a script flag to force an error when the value is NOT 0.
2269 if vm.hasFlag(ScriptStrictMultiSig) && len(dummy) != 0 {
2270 str := fmt.Sprintf("multisig dummy argument has length %d "+
2271 "instead of 0", len(dummy))
2272 return scriptError(ErrSigNullDummy, str)
2275 // Get script starting from the most recent OP_CODESEPARATOR.
2276 script := vm.subScript()
2278 // Remove the signature in pre version 0 segwit scripts since there is
2279 // no way for a signature to sign itself.
2280 if !vm.isWitnessVersionActive(0) {
2281 for _, sigInfo := range signatures {
2282 script = removeOpcodeByData(script, sigInfo.signature)
2290 for numSignatures > 0 {
2291 // When there are more signatures than public keys remaining,
2292 // there is no way to succeed since too many signatures are
2293 // invalid, so exit early.
2296 if numSignatures > numPubKeys {
2301 sigInfo := signatures[signatureIdx]
2302 pubKey := pubKeys[pubKeyIdx]
2304 // The order of the signature and public key evaluation is
2305 // important here since it can be distinguished by an
2306 // OP_CHECKMULTISIG NOT when the strict encoding flag is set.
2308 rawSig := sigInfo.signature
2309 if len(rawSig) == 0 {
2310 // Skip to the next pubkey if signature is empty.
2314 // Split the signature into hash type and signature components.
2315 hashType := SigHashType(rawSig[len(rawSig)-1])
2316 signature := rawSig[:len(rawSig)-1]
2318 // Only parse and check the signature encoding once.
2319 var parsedSig *btcec.Signature
2320 if !sigInfo.parsed {
2321 if err := vm.checkHashTypeEncoding(hashType); err != nil {
2324 if err := vm.checkSignatureEncoding(signature); err != nil {
2328 // Parse the signature.
2330 if vm.hasFlag(ScriptVerifyStrictEncoding) ||
2331 vm.hasFlag(ScriptVerifyDERSignatures) {
2333 parsedSig, err = btcec.ParseDERSignature(signature,
2336 parsedSig, err = btcec.ParseSignature(signature,
2339 sigInfo.parsed = true
2343 sigInfo.parsedSignature = parsedSig
2345 // Skip to the next pubkey if the signature is invalid.
2346 if sigInfo.parsedSignature == nil {
2350 // Use the already parsed signature.
2351 parsedSig = sigInfo.parsedSignature
2354 if err := vm.checkPubKeyEncoding(pubKey); err != nil {
2358 // Parse the pubkey.
2359 parsedPubKey, err := btcec.ParsePubKey(pubKey, btcec.S256())
2364 // Generate the signature hash based on the signature hash type.
2366 if vm.isWitnessVersionActive(0) {
2367 var sigHashes *TxSigHashes
2368 if vm.hashCache != nil {
2369 sigHashes = vm.hashCache
2371 sigHashes = NewTxSigHashes(&vm.tx)
2374 hash, err = calcWitnessSignatureHash(script, sigHashes, hashType,
2375 &vm.tx, vm.txIdx, vm.inputAmount)
2380 hash = calcSignatureHash(script, hashType, &vm.tx, vm.txIdx)
2384 if vm.sigCache != nil {
2385 var sigHash chainhash.Hash
2386 copy(sigHash[:], hash)
2388 valid = vm.sigCache.Exists(sigHash, parsedSig, parsedPubKey)
2389 if !valid && parsedSig.Verify(hash, parsedPubKey) {
2390 vm.sigCache.Add(sigHash, parsedSig, parsedPubKey)
2394 valid = parsedSig.Verify(hash, parsedPubKey)
2398 // PubKey verified, move on to the next signature.
2404 if !success && vm.hasFlag(ScriptVerifyNullFail) {
2405 for _, sig := range signatures {
2406 if len(sig.signature) > 0 {
2407 str := "not all signatures empty on failed checkmultisig"
2408 return scriptError(ErrNullFail, str)
2413 vm.dstack.PushBool(success)
2417 // opcodeCheckMultiSigVerify is a combination of opcodeCheckMultiSig and
2418 // opcodeVerify. The opcodeCheckMultiSig is invoked followed by opcodeVerify.
2419 // See the documentation for each of those opcodes for more details.
2421 // Stack transformation:
2422 // [... dummy [sig ...] numsigs [pubkey ...] numpubkeys] -> [... bool] -> [...]
2423 func opcodeCheckMultiSigVerify(op *parsedOpcode, vm *Engine) error {
2424 err := opcodeCheckMultiSig(op, vm)
2426 err = abstractVerify(op, vm, ErrCheckMultiSigVerify)
2431 // OpcodeByName is a map that can be used to lookup an opcode by its
2432 // human-readable name (OP_CHECKMULTISIG, OP_CHECKSIG, etc).
2433 var OpcodeByName = make(map[string]byte)
2436 // Initialize the opcode name to value map using the contents of the
2437 // opcode array. Also add entries for "OP_FALSE", "OP_TRUE", and
2438 // "OP_NOP2" since they are aliases for "OP_0", "OP_1",
2439 // and "OP_CHECKLOCKTIMEVERIFY" respectively.
2440 for _, op := range opcodeArray {
2441 OpcodeByName[op.name] = op.value
2443 OpcodeByName["OP_FALSE"] = OP_FALSE
2444 OpcodeByName["OP_TRUE"] = OP_TRUE
2445 OpcodeByName["OP_NOP2"] = OP_CHECKLOCKTIMEVERIFY
2446 OpcodeByName["OP_NOP3"] = OP_CHECKSEQUENCEVERIFY
OSDN Git Service
