From bf2ac1749b7525a6a85f194aaf8152e447d603ee Mon Sep 17 00:00:00 2001
From: Scott Nadal <scott.nadal@gmail.com>
Date: Fri, 22 Jun 2012 22:54:47 +0100
Subject: [PATCH] PPCoin: Enter safe mode if detected invalid synchronized checkpoint

---
 src/checkpoints.cpp |   28 ++++++++++++++++++++++++++--
 src/checkpoints.h   |    1 +
 src/main.cpp        |    6 ++++++
 3 files changed, 33 insertions(+), 2 deletions(-)

diff --git a/src/checkpoints.cpp b/src/checkpoints.cpp
index 518e66c..1384082 100644
--- a/src/checkpoints.cpp
+++ b/src/checkpoints.cpp
@@ -60,6 +60,7 @@ namespace Checkpoints
     uint256 hashSyncCheckpoint;
     CSyncCheckpoint checkpointMessage;
     CSyncCheckpoint checkpointMessagePending;
+    uint256 hashInvalidCheckpoint = 0;
     CCriticalSection cs_hashSyncCheckpoint;
 
     // ppcoin: only descendant of current sync-checkpoint is allowed
@@ -72,15 +73,36 @@ namespace Checkpoints
 
         CBlockIndex* pindexSyncCheckpoint = mapBlockIndex[hashSyncCheckpoint];
         CBlockIndex* pindexCheckpointRecv = mapBlockIndex[hashCheckpoint];
+
         if (pindexCheckpointRecv->nHeight <= pindexSyncCheckpoint->nHeight)
-            return false;  // this is an older checkpoint, ignore
+        {
+            // Received an older checkpoint, trace back from current checkpoint
+            // to the same height of the received checkpoint to verify
+            // that current checkpoint should be a descendant block
+            CBlockIndex* pindex = pindexSyncCheckpoint;
+            while (pindex->nHeight > pindexCheckpointRecv->nHeight)
+                if (!(pindex = pindex->pprev))
+                    return error("ValidateSyncCheckpoint: pprev1 null - block index structure failure");
+            if (pindex->GetBlockHash() != hashCheckpoint)
+            {
+                hashInvalidCheckpoint = hashCheckpoint;
+                return error("ValidateSyncCheckpoint: new sync-checkpoint %s is conflicting with current sync-checkpoint %s", hashCheckpoint.ToString().c_str(), hashSyncCheckpoint.ToString().c_str());
+            }
+            return false; // ignore older checkpoint
+        }
 
+        // Received checkpoint should be a descendant block of the current
+        // checkpoint. Trace back to the same height of current checkpoint
+        // to verify.
         CBlockIndex* pindex = pindexCheckpointRecv;
         while (pindex->nHeight > pindexSyncCheckpoint->nHeight)
             if (!(pindex = pindex->pprev))
-                return error("ValidateSyncCheckpoint: pprev null - block index structure failure");
+                return error("ValidateSyncCheckpoint: pprev2 null - block index structure failure");
         if (pindex->GetBlockHash() != hashSyncCheckpoint)
+        {
+            hashInvalidCheckpoint = hashCheckpoint;
             return error("ValidateSyncCheckpoint: new sync-checkpoint %s is not a descendant of current sync-checkpoint %s", hashCheckpoint.ToString().c_str(), hashSyncCheckpoint.ToString().c_str());
+        }
         return true;
     }
 
@@ -104,6 +126,7 @@ namespace Checkpoints
                     if (!Reorganize(txdb, pindexCheckpoint))
                     {
                         txdb.TxnAbort();
+                        hashInvalidCheckpoint = checkpointMessagePending.hashCheckpoint;
                         return error("ProcessSyncCheckpoint: Reorganize failed for sync checkpoint %s", checkpointMessagePending.hashCheckpoint.ToString().c_str());
                     }
                 }
@@ -321,6 +344,7 @@ bool CSyncCheckpoint::ProcessSyncCheckpoint(CNode* pfrom)
             if (!Reorganize(txdb, pindexCheckpoint))
             {
                 txdb.TxnAbort();
+                Checkpoints::hashInvalidCheckpoint = hashCheckpoint;
                 return error("ProcessSyncCheckpoint: Reorganize failed for sync checkpoint %s", hashCheckpoint.ToString().c_str());
             }
         }
diff --git a/src/checkpoints.h b/src/checkpoints.h
index e90458e..caafb09 100644
--- a/src/checkpoints.h
+++ b/src/checkpoints.h
@@ -133,6 +133,7 @@ namespace Checkpoints
 
     extern uint256 hashSyncCheckpoint;
     extern CSyncCheckpoint checkpointMessage;
+    extern uint256 hashInvalidCheckpoint;
     extern CCriticalSection cs_hashSyncCheckpoint;
 
     bool AcceptPendingSyncCheckpoint();
diff --git a/src/main.cpp b/src/main.cpp
index 4e27d4b..a50b5ab 100644
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -1979,6 +1979,12 @@ string GetWarnings(string strFor)
         strStatusBar = strRPC = "WARNING: Displayed transactions may not be correct!  You may need to upgrade, or other nodes may need to upgrade.";
     }
 
+    if (Checkpoints::hashInvalidCheckpoint != 0)
+    {
+        nPriority = 3000;
+        strStatusBar = strRPC = "WARNING: Invalid checkpoint found!  Displayed transactions may not be correct!  You may need to upgrade, or other nodes may need to upgrade.";
+    }
+
     // Alerts
     CRITICAL_BLOCK(cs_mapAlerts)
     {
-- 
1.7.1