Merge #642: Dynamic federations

f7905d6 Generalize the number of epochs old a peg-in can be and still be valid (Gregory Sanders)
b105ff4 feature_fedpeg.py: Run in various dynafed transition settings (Gregory Sanders)
feef196 Fix compilation of raw transaction operations with peg-in inputs (Gregory Sanders)
953dd82 p2sh-wrap peg-in addresses if fedpeg_program is p2sh-wrapped (Gregory Sanders)
e2be235 Refactor IsPAKValid to not magically acquire chainparams (Gregory Sanders)
ecdefc5 Remove script/standard dependence of ContextualCheckDynaFedHeader (Gregory Sanders)
59bed57 Remove dyanfed.cpp's dependency on script/standard.h (Gregory Sanders)
50a2b59 After a reorg, boot all peg-ins and peg-outs from mempool (Gregory Sanders)
6000752 Enforce PAK checks on dynafed proposals (Gregory Sanders)
dce4cec Replace fedpeg template init check for pak one (Gregory Sanders)
afdf023 Update python test framework for DynaFedParamEntry fedpeg program (Gregory Sanders)
95d8339 Add functional test for illegal proposals (Gregory Sanders)
1baad6b Update dynafed functional test to new behavior (Gregory Sanders)
a3cf151 fixup proposal checks (Gregory Sanders)
04cc767 getnewblockhex fills out proposal fedpeg program (Gregory Sanders)
44f55d3 Make future parent segwit versions in fedpegscripts be vacuously true (Gregory Sanders)
d7faffd Add dynafed proposal restrictions (Gregory Sanders)
37f90ba Add description of NextBlockIsParameterTransition (Gregory Sanders)
d9387cb Remove misleading comment for ContextualCheckDynaFedHeader use (Gregory Sanders)
bd11097 Add fedpeg_program field in dynafed header (Gregory Sanders)
4ad2b80 CreatePAKListFromExtensionSpace just uses FromBytes for correctness (Gregory Sanders)
6a5eaa1 Remove short-circuit dynafed vote fail for readability (Gregory Sanders)
dddc040 s/m_dyna_params/m_dynafed_params/ (Gregory Sanders)
6ed63c1 Light explanation of dynamic federations fields (Gregory Sanders)
1599638 s/ConsensusParamEntry/DynaFedParamEntry/ (Gregory Sanders)
642260a s/m_sbs_wit_limit/m_signblock_witness_limit/ (Gregory Sanders)
b668046 s/HF_MASK/DYNAFED_HF_MASK/ (Gregory Sanders)
0fd39ed s/d_params/dynafed_params/ (Gregory Sanders)
1779956 signrawtransaction* should use up to date fedpegscript for peg-in signing (Gregory Sanders)
47db75e Dynafed RPC support, tests, and deployment for custom chains (Gregory Sanders)
aac354b OP_TRUE outputs should be allowed to be segwit-ified by decodescript (Gregory Sanders)
055514b Have removeForBlock boot transactions when required (Gregory Sanders)
525b24c Expose fedpeg fetching to consensus and mempool internals (Gregory Sanders)
4ac437b GetTransactionSigOpCost shouldn't need fedpegscript to evaluate (Gregory Sanders)
5097c38 Add and update startup args for dynafed (Gregory Sanders)
24535d6 Add unused dynamic genesis block style in chainparams (Gregory Sanders)
d10c42a Create epoch length chainparam (Gregory Sanders)
b996a42 Set default of multi_data_permitted to enforce_pak (Gregory Sanders)
f6f6308 Correct comment about liquidv1 fedpeg matching template (Gregory Sanders)
4c00eb4 Miner should stop trying to account for old PAK system (Gregory Sanders)
0e10287 Add miner ability to make dynafed blocks (Gregory Sanders)
5d281e7 ContextualCheckBlockHeader: dynafed doesn't call CheckChallenge (Gregory Sanders)
9fe43cd Introduce contextual block checks for dynafed (Gregory Sanders)
3605505 Enable pak enforcement at mempool/block level when appropriate (Gregory Sanders)
802a055 ScriptHasValidPAKProof takes fedpeg as arg (Gregory Sanders)
89174e9 Remove old mempool-booting logic (Gregory Sanders)
edb865c Remove standardness checks for PAK (Gregory Sanders)
804cd9f Update PAK internals, helper functions (Gregory Sanders)
16b87ba Disable PAK loading from configuration on init, disable pak test (Gregory Sanders)
918896d Add inactive versionbits dynafed deployment (Gregory Sanders)
0a8565b ReadBlockFromDisk: do genesis block check before block proof check (Gregory Sanders)
6f0d924 Bump last old block version for versonbits due to elements (Gregory Sanders)
563cd93 Add python implementation of dynafed block serialization (Gregory Sanders)
8d3091b Deserialize merkle proofs without witness, which matters for dynafed (Gregory Sanders)
830f917 Add fedpegscript-fetching helper (Gregory Sanders)
b56fe14 calculate_contract: remove most template checks and assert in preperation for dynafed (Gregory Sanders)
fd63cee Add note on peg-in sigops (Gregory Sanders)
f17d7de Add dynafed helper functions (Gregory Sanders)
4aa5f99 Refactor block_proof to support dynafed (Gregory Sanders)
4e52f2c Add dynamic federation blockheader fields to chaindb serialization (Gregory Sanders)
a74accf Add dynamic federations blockheader serialization with HF bit (Gregory Sanders)
2845e78 Define dynamic federations primitives (Gregory Sanders)

Pull request description:

  This is a proposal implementation of something myself and Andrew have been working on, to enable dynamic membership in the blocksigning set, fedpeg signing set, and under the same coordination mechanism, the PAK enforcement.

  At a really high level:

  1) If 4/5 of last N(what we call an epoch length) blocks signal desire for a change in the parameters of the system, they are replaced with the proposed. These changes can be proposed/driven by `getnewblockhex`.
  2) Once dynamic federations is active(versionbits deployment), signblockscripts can only be native segwit scripts, in other words, must be a version byte followed by the witness program. The blockheader now has a witness stack as well.
  3) The fedpegscript of last N epochs are both allowed as a grace period for users putting money into the system.
  4) PAK enforcement has been upgraded to consensus-enforcement once dynamic federations activates

  A design document is forthcoming.

Tree-SHA512: 26c6e05c85adb77345d8d481f20e8095bc2f9e5ad7b9a8824008a056637af7c6e87e522b038a6c6c108889d60b2fd1d6ecbd3e0afe2b696579000d18b0f1ecad

Author: stevenroose

src/Makefile.am

@@ -134,6 +134,7 @@ BITCOIN_CORE_H = \
   core_io.h \
   core_memusage.h \
   cuckoocache.h \
+  dynafed.h \
   fs.h \
   httprpc.h \
   httpserver.h \
@@ -401,10 +402,13 @@ libbitcoin_consensus_a_SOURCES = \
   arith_uint256.cpp \
   arith_uint256.h \
   asset.cpp \
+  chain.h \
+  chain.cpp \
   consensus/merkle.cpp \
   consensus/merkle.h \
   consensus/params.h \
   consensus/validation.h \
+  dynafed.cpp \
   hash.cpp \
   hash.h \
   prevector.h \

src/block_proof.cpp

@@ -19,21 +19,18 @@ bool CheckChallenge(const CBlockHeader& block, const CBlockIndex& indexLast, con
     }
 }
 
-void ResetChallenge(CBlockHeader& block, const CBlockIndex& indexLast, const Consensus::Params& params)
+static bool CheckProofGeneric(const CBlockHeader& block, const uint32_t max_block_signature_size, const CScript& challenge, const CScript& scriptSig, const CScriptWitness& witness)
 {
-    block.proof.challenge = indexLast.proof.challenge;
-}
-
-static bool CheckProofGeneric(const CBlockHeader& block, const Consensus::Params& params, const CScript& challenge)
-{
-    if (block.GetHash() == params.hashGenesisBlock)
-       return true;
+    // scriptSig or witness will be nonempty, but not both, so just compare both limits
+    if (scriptSig.size() > max_block_signature_size) {
+        return false;
+    }
 
-    if (block.proof.solution.size() > params.max_block_signature_size) {
+    if (witness.GetSerializedSize() > max_block_signature_size) {
         return false;
     }
 
-    // Some anti-DoS flags, though consensus.max_block_signature_size caps the possible
+    // Some anti-DoS flags, though max_block_signature_size caps the possible
     // danger in malleation of the block witness data.
     unsigned int proof_flags = SCRIPT_VERIFY_P2SH // For cleanstack evalution under segwit flag
         | SCRIPT_VERIFY_STRICTENC // Minimally-sized DER sigs
@@ -42,26 +39,36 @@ static bool CheckProofGeneric(const CBlockHeader& block, const Consensus::Params
         | SCRIPT_VERIFY_MINIMALDATA // Pushes are minimally-sized
         | SCRIPT_VERIFY_SIGPUSHONLY // Witness is push-only
         | SCRIPT_VERIFY_LOW_S // Stop easiest signature fiddling
-        | SCRIPT_VERIFY_WITNESS // Required for cleanstack eval in VerifyScript
+        | SCRIPT_VERIFY_WITNESS // Witness and to enforce cleanstack
         | SCRIPT_NO_SIGHASH_BYTE; // non-Check(Multi)Sig signatures will not have sighash byte
-    return GenericVerifyScript(block.proof.solution, challenge, proof_flags, block);
+    return GenericVerifyScript(scriptSig, witness, challenge, proof_flags, block);
 }
 
 bool CheckProof(const CBlockHeader& block, const Consensus::Params& params)
 {
     if (g_signed_blocks) {
-        return CheckProofGeneric(block, params, params.signblockscript);
+        const DynaFedParams& dynafed_params = block.m_dynafed_params;
+        if (dynafed_params.IsNull()) {
+            return CheckProofGeneric(block, params.max_block_signature_size, params.signblockscript, block.proof.solution, CScriptWitness());
+        } else {
+            return CheckProofGeneric(block, dynafed_params.m_current.m_signblock_witness_limit, dynafed_params.m_current.m_signblockscript, CScript(), block.m_signblock_witness);
+        }
     } else {
         return CheckProofOfWork(block.GetHash(), block.nBits, params);
     }
 }
 
 bool CheckProofSignedParent(const CBlockHeader& block, const Consensus::Params& params)
 {
-    return CheckProofGeneric(block, params, params.parent_chain_signblockscript);
-}
-
-void ResetProof(CBlockHeader& block)
-{
-    block.proof.solution.clear();
+    const DynaFedParams& dynafed_params = block.m_dynafed_params;
+    if (dynafed_params.IsNull()) {
+        return CheckProofGeneric(block, params.max_block_signature_size, params.parent_chain_signblockscript, block.proof.solution, CScriptWitness());
+    } else {
+        // Dynamic federations means we cannot validate the signer set
+        // at least without tracking the parent chain more directly.
+        // Note that we do not even serialize dynamic federation block witness data
+        // currently for merkle proofs which is the only context in which
+        // this function is currently used.
+        return true;
+    }
 }

src/block_proof.h

@@ -20,8 +20,6 @@ class CScript;
 /** Check on header proof, depending on chain type, PoW or signed **/
 bool CheckProof(const CBlockHeader& block, const Consensus::Params&);
 bool CheckProofSignedParent(const CBlockHeader& block, const Consensus::Params&);
-void ResetProof(CBlockHeader& block);
 bool CheckChallenge(const CBlockHeader& block, const CBlockIndex& indexLast, const Consensus::Params&);
-void ResetChallenge(CBlockHeader& block, const CBlockIndex& indexLast, const Consensus::Params&);
 
 #endif // BITCOIN_BLOCK_PROOF_H

src/chain.h

@@ -221,6 +221,9 @@ class CBlockIndex
     uint32_t nBits;
     uint32_t nNonce;
     CProof proof;
+    // Dynamic federation fields
+    DynaFedParams dynafed_params;
+    CScriptWitness m_signblock_witness;
 
     //! (memory only) Sequential id assigned to distinguish order in which blocks are received.
     int32_t nSequenceId;
@@ -250,6 +253,8 @@ class CBlockIndex
         nBits          = 0;
         nNonce         = 0;
         proof.SetNull();
+        dynafed_params.SetNull();
+        m_signblock_witness.SetNull();
     }
 
     CBlockIndex()
@@ -267,6 +272,8 @@ class CBlockIndex
         nBits          = block.nBits;
         nNonce         = block.nNonce;
         proof          = block.proof;
+        dynafed_params       = block.m_dynafed_params;
+        m_signblock_witness = block.m_signblock_witness;
     }
 
     CDiskBlockPos GetBlockPos() const {
@@ -301,6 +308,8 @@ class CBlockIndex
         block.nBits          = nBits;
         block.nNonce         = nNonce;
         block.proof          = proof;
+        block.m_dynafed_params  = dynafed_params;
+        block.m_signblock_witness = m_signblock_witness;
         return block;
     }
 
@@ -423,13 +432,35 @@ class CDiskBlockIndex : public CBlockIndex
             READWRITE(VARINT(nUndoPos));
 
         // block header
-        READWRITE(this->nVersion);
+
+        // Detect dynamic federation block serialization using "HF bit",
+        // or the signed bit which is invalid in Bitcoin
+        bool is_dyna = false;
+        int32_t nVersion;
+        if (ser_action.ForRead()) {
+            READWRITE(nVersion);
+            is_dyna = nVersion < 0;
+            this->nVersion = ~CBlockHeader::DYNAFED_HF_MASK & nVersion;
+        } else {
+            nVersion = this->nVersion;
+            if (!dynafed_params.IsNull()) {
+                nVersion |= CBlockHeader::DYNAFED_HF_MASK;
+                is_dyna = true;
+            }
+            READWRITE(nVersion);
+        }
+
         READWRITE(hashPrev);
         READWRITE(hashMerkleRoot);
         READWRITE(nTime);
         // For compatibility with elements 0.14 based chains
         if (g_signed_blocks) {
-            READWRITE(proof);
+            if (is_dyna) {
+                READWRITE(dynafed_params);
+                READWRITE(m_signblock_witness.stack);
+            } else {
+                READWRITE(proof);
+            }
         } else {
             READWRITE(nBits);
             READWRITE(nNonce);
@@ -449,6 +480,7 @@ class CDiskBlockIndex : public CBlockIndex
         block.nBits           = nBits;
         block.nNonce          = nNonce;
         block.proof           = proof;
+        block.m_dynafed_params   = dynafed_params;
         return block.GetHash();
     }
 

src/chainparams.cpp

@@ -134,6 +134,7 @@ class CMainParams : public CChainParams {
         g_signed_blocks = false;
         g_con_elementsmode = false;
         g_con_blockheightinheader = false;
+        consensus.total_valid_epochs = 0;
 
         /**
          * The message start string is designed to be unlikely to occur in normal data.
@@ -263,6 +264,7 @@ class CTestNetParams : public CChainParams {
         g_signed_blocks = false;
         g_con_elementsmode = false;
         g_con_blockheightinheader = false;
+        consensus.total_valid_epochs = 0;
 
         pchMessageStart[0] = 0x0b;
         pchMessageStart[1] = 0x11;
@@ -366,6 +368,7 @@ class CRegTestParams : public CChainParams {
         g_signed_blocks = false;
         g_con_elementsmode = false;
         g_con_blockheightinheader = false;
+        consensus.total_valid_epochs = 0;
 
         pchMessageStart[0] = 0xfa;
         pchMessageStart[1] = 0xbf;
@@ -482,6 +485,11 @@ class CCustomParams : public CRegTestParams {
 
         consensus.nMinimumChainWork = uint256S(args.GetArg("-con_nminimumchainwork", "0x0"));
         consensus.defaultAssumeValid = uint256S(args.GetArg("-con_defaultassumevalid", "0x00"));
+        // TODO: Embed in genesis block in nTime field with new genesis block type
+        consensus.dynamic_epoch_length = args.GetArg("-dynamic_epoch_length", 10);
+        // TODO: pass in serialized vector of byte vectors, parse into extension space
+        // Junk keys for testing
+        consensus.first_extension_space = {ParseHex("02fcba7ecf41bc7e1be4ee122d9d22e3333671eb0a3a87b5cdf099d59874e1940f02fcba7ecf41bc7e1be4ee122d9d22e3333671eb0a3a87b5cdf099d59874e1940f")};
 
         nPruneAfterHeight = (uint64_t)args.GetArg("-npruneafterheight", nPruneAfterHeight);
         fDefaultConsistencyChecks = args.GetBoolArg("-fdefaultconsistencychecks", fDefaultConsistencyChecks);
@@ -558,7 +566,7 @@ class CCustomParams : public CRegTestParams {
         enforce_pak = args.GetBoolArg("-enforce_pak", false);
 
         // Allow multiple op_return outputs by relay policy
-        multi_data_permitted = args.GetBoolArg("-multi_data_permitted", true);
+        multi_data_permitted = args.GetBoolArg("-multi_data_permitted", enforce_pak);
 
         // bitcoin regtest is the parent chain by default
         parentGenesisBlockHash = uint256S(args.GetArg("-parentgenesisblockhash", "0f9188f13cb7b2c71f2a335e3a4fc328bf5beb436012afca590b1a11466e2206"));
@@ -577,6 +585,8 @@ class CCustomParams : public CRegTestParams {
         uint256 entropy;
         GenerateAssetEntropy(entropy,  COutPoint(uint256(commit), 0), parentGenesisBlockHash);
 
+        consensus.total_valid_epochs = args.GetArg("-total_valid_epochs", 2);
+
         // Elements serialization uses derivation, bitcoin serialization uses 0x00
         if (g_con_elementsmode) {
             CalculateAsset(consensus.pegged_asset, entropy);
@@ -600,6 +610,10 @@ class CCustomParams : public CRegTestParams {
         consensus.vDeployments[Consensus::DEPLOYMENT_CSV].nStartTime = args.GetArg("-con_csv_deploy_start", Consensus::BIP9Deployment::ALWAYS_ACTIVE);
         consensus.vDeployments[Consensus::DEPLOYMENT_CSV].nTimeout = Consensus::BIP9Deployment::NO_TIMEOUT;
 
+        consensus.vDeployments[Consensus::DEPLOYMENT_DYNA_FED].bit = 25;
+        consensus.vDeployments[Consensus::DEPLOYMENT_DYNA_FED].nStartTime = args.GetArg("-con_dyna_deploy_start", Consensus::BIP9Deployment::ALWAYS_ACTIVE);
+        consensus.vDeployments[Consensus::DEPLOYMENT_DYNA_FED].nTimeout = Consensus::BIP9Deployment::NO_TIMEOUT;
+
     }
 
     void SetGenesisBlock() {
@@ -613,6 +627,11 @@ class CCustomParams : public CRegTestParams {
             if (initialFreeCoins != 0 || initial_reissuance_tokens != 0) {
                 AppendInitialIssuance(genesis, COutPoint(uint256(commit), 0), parentGenesisBlockHash, (initialFreeCoins > 0) ? 1 : 0, initialFreeCoins, (initial_reissuance_tokens > 0) ? 1 : 0, initial_reissuance_tokens, CScript() << OP_TRUE);
             }
+        } else if (consensus.genesis_style == "dynamic") {
+            // Liquid v2 HF, from genesis. Upgrading networks still use "elements".
+            // TODO fill out genesis block with special commitments including epoch
+            // length in nTime
+            throw std::runtime_error(strprintf("Invalid -genesis_style (%s)", consensus.genesis_style));
         } else {
             throw std::runtime_error(strprintf("Invalid -genesis_style (%s)", consensus.genesis_style));
         }

src/chainparamsbase.cpp

@@ -42,11 +42,13 @@ void SetupChainParamsBaseOptions()
     gArgs.AddArg("-con_parentpowlimit", "The proof-of-work limit value for the parent chain.", false, OptionsCategory::CHAINPARAMS);
     gArgs.AddArg("-con_parent_chain_signblockscript", "Whether parent chain uses pow or signed blocks. If the parent chain uses signed blocks, the challenge (scriptPubKey) script. If not, an empty string. (default: empty script [ie parent uses pow])", false, OptionsCategory::CHAINPARAMS);
 
-    gArgs.AddArg("-fedpegscript", "The script for the federated peg.", false, OptionsCategory::CHAINPARAMS);
-    gArgs.AddArg("-enforce_pak", "Causes standardness checks to enforce Pegout Authorization Key(PAK) validation, and miner to include PAK commitments when configured. Can not be set when acceptnonstdtx is set to true.", false, OptionsCategory::ELEMENTS);
-    gArgs.AddArg("-multi_data_permitted", "Allow relay of multiple OP_RETURN outputs. (default: true)", false, OptionsCategory::ELEMENTS);
-    gArgs.AddArg("-pak", "Entries in the PAK list. Order of entries matter.", false, OptionsCategory::ELEMENTS);
+    gArgs.AddArg("-fedpegscript", "The script for the federated peg enforce from genesis block. This script may stop being enforced once dynamic federations activates.", false, OptionsCategory::CHAINPARAMS);
+    gArgs.AddArg("-enforce_pak", "Causes standardness checks to enforce Pegout Authorization Key(PAK) validation before dynamic federations, and consensus enforcement after.", false, OptionsCategory::ELEMENTS);
+    gArgs.AddArg("-multi_data_permitted", "Allow relay of multiple OP_RETURN outputs. (default: -enforce_pak)", false, OptionsCategory::ELEMENTS);
     gArgs.AddArg("-con_csv_deploy_start", "Starting height for CSV deployment. (default: -1, which means ACTIVE from genesis)", false, OptionsCategory::ELEMENTS);
+    gArgs.AddArg("-con_dyna_deploy_start", "Starting height for Dynamic Federations deployment. Once active, signblockscript becomes a BIP141 WSH scriptPubKey of the original signblockscript. All other dynamic parameters stay constant.(default: -1, which means ACTIVE from genesis)", false, OptionsCategory::ELEMENTS);
+    gArgs.AddArg("-dynamic_epoch_length", "Per-chain parameter that sets how many blocks dynamic federation voting and enforcement are in effect for.", false, OptionsCategory::ELEMENTS);
+    gArgs.AddArg("-total_valid_epochs", "Per-chain parameter that sets how long a particular fedpegscript is in effect for.", false, OptionsCategory::ELEMENTS);
     // END ELEMENTS
     //
 }

src/consensus/params.h

@@ -22,6 +22,7 @@ enum DeploymentPos
     DEPLOYMENT_TESTDUMMY,
     DEPLOYMENT_CSV, // Deployment of BIP68, BIP112, and BIP113.
     DEPLOYMENT_SEGWIT, // Deployment of BIP141, BIP143, and BIP147.
+    DEPLOYMENT_DYNA_FED, // Deployment of dynamic federation
     // NOTE: Also add new deployments to VersionBitsDeploymentInfo in versionbits.cpp
     MAX_VERSION_BITS_DEPLOYMENTS
 };
@@ -99,6 +100,13 @@ struct Params {
     CScript signblockscript;
     uint32_t max_block_signature_size;
     // g_signed_blocks - Whether blocks are signed or not, get around circular dep
+    // Set positive to avoid division by 0
+    // for non-dynafed chains and unit tests
+    uint32_t dynamic_epoch_length = std::numeric_limits<uint32_t>::max();
+    // Used to seed the extension space for first dynamic blocks
+    std::vector<std::vector<unsigned char>> first_extension_space;
+    // Used to allow M-epoch-old peg-in addresses as deposits
+    size_t total_valid_epochs;
 };
 } // namespace Consensus
 

src/consensus/tx_verify.cpp

@@ -157,24 +157,28 @@ int64_t GetTransactionSigOpCost(const CTransaction& tx, const CCoinsViewCache& i
         nSigOps += GetP2SHSigOpCount(tx, inputs) * WITNESS_SCALE_FACTOR;
     }
 
+    // Note that we only count segwit sigops for peg-in inputs
     for (unsigned int i = 0; i < tx.vin.size(); i++)
     {
-        CTxOut prevout;
+        CScript scriptPubKey;
         if (tx.vin[i].m_is_pegin) {
             std::string err;
-            // Make sure witness exists and is properly formatted
-            if (tx.witness.vtxinwit.size() != tx.vin.size() || !IsValidPeginWitness(tx.witness.vtxinwit[i].m_pegin_witness, tx.vin[i].prevout, err, false)) {
+            // Make sure witness exists and has enough peg-in witness fields for
+            // the claim_script
+            if (tx.witness.vtxinwit.size() != tx.vin.size() ||
+                    tx.witness.vtxinwit[i].m_pegin_witness.stack.size() < 4) {
                 continue;
             }
-            prevout = GetPeginOutputFromWitness(tx.witness.vtxinwit[i].m_pegin_witness);
+            const auto pegin_witness = tx.witness.vtxinwit[i].m_pegin_witness;
+            scriptPubKey = CScript(pegin_witness.stack[3].begin(), pegin_witness.stack[3].end());
         } else {
             const Coin& coin = inputs.AccessCoin(tx.vin[i].prevout);
             assert(!coin.IsSpent());
-            prevout = coin.out;
+            scriptPubKey = coin.out.scriptPubKey;
         }
 
         const CScriptWitness* pScriptWitness = tx.witness.vtxinwit.size() > i ? &tx.witness.vtxinwit[i].scriptWitness : NULL;
-        nSigOps += CountWitnessSigOps(tx.vin[i].scriptSig, prevout.scriptPubKey, pScriptWitness, flags);
+        nSigOps += CountWitnessSigOps(tx.vin[i].scriptSig, scriptPubKey, pScriptWitness, flags);
     }
     return nSigOps;
 }
@@ -239,7 +243,7 @@ bool CheckTransaction(const CTransaction& tx, CValidationState &state, bool fChe
 }
 
 namespace Consensus {
-bool CheckTxInputs(const CTransaction& tx, CValidationState& state, const CCoinsViewCache& inputs, int nSpendHeight, CAmountMap& fee_map, std::set<std::pair<uint256, COutPoint>>& setPeginsSpent, std::vector<CCheck*> *pvChecks, const bool cacheStore, bool fScriptChecks)
+bool CheckTxInputs(const CTransaction& tx, CValidationState& state, const CCoinsViewCache& inputs, int nSpendHeight, CAmountMap& fee_map, std::set<std::pair<uint256, COutPoint>>& setPeginsSpent, std::vector<CCheck*> *pvChecks, const bool cacheStore, bool fScriptChecks, const std::vector<std::pair<CScript, CScript>>& fedpegscripts)
 {
     // are the actual inputs available?
     if (!inputs.HaveInputs(tx)) {
@@ -254,7 +258,7 @@ bool CheckTxInputs(const CTransaction& tx, CValidationState& state, const CCoins
         if (tx.vin[i].m_is_pegin) {
             // Check existence and validity of pegin witness
             std::string err;
-            if (tx.witness.vtxinwit.size() <= i || !IsValidPeginWitness(tx.witness.vtxinwit[i].m_pegin_witness, prevout, err, true)) {
+            if (tx.witness.vtxinwit.size() <= i || !IsValidPeginWitness(tx.witness.vtxinwit[i].m_pegin_witness, fedpegscripts, prevout, err, true)) {
                 return state.DoS(0, false, REJECT_PEGIN, "bad-pegin-witness", false, err);
             }
             std::pair<uint256, COutPoint> pegin = std::make_pair(uint256(tx.witness.vtxinwit[i].m_pegin_witness.stack[2]), prevout);

src/consensus/tx_verify.h

@@ -31,7 +31,7 @@ namespace Consensus {
  * @param[out] fee_map Set to the transaction fee if successful.
  * Preconditions: tx.IsCoinBase() is false.
  */
-bool CheckTxInputs(const CTransaction& tx, CValidationState& state, const CCoinsViewCache& inputs, int nSpendHeight, CAmountMap& fee_map, std::set<std::pair<uint256, COutPoint>>& setPeginsSpent, std::vector<CCheck*> *pvChecks, const bool cacheStore, bool fScriptChecks);
+bool CheckTxInputs(const CTransaction& tx, CValidationState& state, const CCoinsViewCache& inputs, int nSpendHeight, CAmountMap& fee_map, std::set<std::pair<uint256, COutPoint>>& setPeginsSpent, std::vector<CCheck*> *pvChecks, const bool cacheStore, bool fScriptChecks, const std::vector<std::pair<CScript, CScript>>& fedpegscripts);
 } // namespace Consensus
 
 /** Auxiliary functions for transaction validation (ideally should not be exposed) */