Merge #14039: Disallow extended encoding for non-witness transactions

bb530ef Disallow extended encoding for non-witness transactions (Pieter Wuille)

Pull request description:

  BIP144 specifies that transactions without witness should use the legacy encoding, which is currently not enforced.

  This rule was present in the original SegWit implementation (bitcoin/bitcoin#8149), but was subsequently dropped (bitcoin/bitcoin#8589).

  As all hashes, txids, and weights are always computed over a reserialized version of a transaction, it is mostly harmless to permit extended encoding for non-segwit transactions, but I'd rather strictly follow the BIP.

ACKs for commit bb530e:
  instagibbs:
    utACK bitcoin/bitcoin@bb530ef
  stevenroose:
    utACK bb530ef

Tree-SHA512: 1aeccd6a555f43784fefb076ce2e8ad2f5ba7be49840544a50050d0390f82373f87201bf56cf8bb30841b4f9cd893b382261a080da875d4e11ab7051f8640dbe

Author: MarcoFalke

src/primitives/transaction.h

@@ -222,6 +222,10 @@ inline void UnserializeTransaction(TxType& tx, Stream& s) {
         for (size_t i = 0; i < tx.vin.size(); i++) {
             s >> tx.vin[i].scriptWitness.stack;
         }
+        if (!tx.HasWitness()) {
+            /* It's illegal to encode witnesses when all witness stacks are empty. */
+            throw std::ios_base::failure("Superfluous witness record");
+        }
     }
     if (flags) {
         /* Unknown flag in the serialization */