More comprehensive script validation

kjartan221 · kjartan221 · commit a235b552d68f · 2026-01-06T14:44:04.000+01:00
diff --git a/src/services/fractionalize/FractionalizeTopicManager.ts b/src/services/fractionalize/FractionalizeTopicManager.ts
@@ -109,34 +109,181 @@ export default class FractionalizeTopicManager implements TopicManager {
   }
 }
 
+// Template sections for comprehensive script validation
 const TEMPLATES = {
-  // Script hexstrings for each type (gotten from scriptHex function below)
-  "server-token": "00630300000000000000000000000000000000000000005112000000000000000000000000000000000000000000240000000000000000000000000000000000000000686e7ea9140000000000000000000000000000000000000000886b6b516c6c52ae6a200000000000000000000000000000000000000000",
-  "transfer-token": "006303000000000000000000000000000000000000000051120000000000000000000000000000000000000000002400000000000000000000000000000000000000006876a914000000000000000000000000000000000000000088ac6a200000000000000000000000000000000000000000",
-  "payment": "6e7ea9140000000000000000000000000000000000000000886b6b516c6c52ae"
+  "server-token": {
+    // OP_0 OP_IF 'ord' OP_1 'application/bsv-20' OP_0
+    formatStart: '0063036f726451126170706c69636174696f6e2f6273762d323000',
+    // OP_ENDIF OP_2DUP OP_CAT OP_HASH160
+    formatMiddle: '686e7ea9',
+    // OP_EQUALVERIFY OP_TOALTSTACK OP_TOALTSTACK OP_1 OP_FROMALTSTACK OP_FROMALTSTACK OP_2 OP_CHECKMULTISIG
+    formatEnd: '886b6b516c6c52ae'
+  },
+  "transfer-token": {
+    // OP_0 OP_IF 'ord' OP_1 'application/bsv-20' OP_0
+    formatStart: '0063036f726451126170706c69636174696f6e2f6273762d323000',
+    // OP_ENDIF OP_DUP OP_HASH160
+    formatMiddle: '6876a9',
+    // OP_EQUALVERIFY OP_CHECKSIG
+    formatEnd: '88ac'
+  },
+  "payment": {
+    // OP_2DUP OP_CAT OP_HASH160
+    formatStart: '6e7ea9',
+    // OP_EQUALVERIFY OP_TOALTSTACK OP_TOALTSTACK OP_1 OP_FROMALTSTACK OP_FROMALTSTACK OP_2 OP_CHECKMULTISIG
+    formatEnd: '886b6b516c6c52ae'
+  }
 }
-const NORMALIZED_TEMPLATES = {
-  "server-token": Script.fromHex(TEMPLATES["server-token"]).toASM(),
-  "transfer-token": Script.fromHex(TEMPLATES["transfer-token"]).toASM(),
-  "payment": Script.fromHex(TEMPLATES["payment"]).toASM()
-};
 
 function checkScriptFormat(script: Script, type: "server-token" | "transfer-token" | "payment") {
-  const inputScript = Script.fromHex(script.toHex())
+  try {
+    const chunks = script.chunks
 
-  // Blank out the data fields to leave us with a standard template
-  inputScript.chunks.forEach(chunk => {
-    if (chunk.data && Utils.toHex(chunk.data) !== Utils.toHex([33])) {
-      chunk.data = Array(20).fill(0)
-    }
-  });
+    switch (type) {
+      case "server-token": {
+        // Server token: ordinal inscription + multisig
+        // Structure: formatStart (0-5) | JSON (6) | formatMiddle (7-10) | hash (11) | formatEnd (12-19) | OP_RETURN (20)
+
+        // Check formatStart (chunks 0-5): OP_0 OP_IF 'ord' OP_1 'application/bsv-20' OP_0
+        const formatStart = new Script(chunks.slice(0, 6)).toHex()
+        if (formatStart !== TEMPLATES['server-token'].formatStart) {
+          throw new Error('Malformed formatStart')
+        }
+
+        // Validate JSON payload (chunk 6)
+        try {
+          const formatJsonPayload = JSON.parse(Utils.toUTF8(chunks[6].data))
+          const incorrectlyFormatted =
+            (formatJsonPayload.p !== 'bsv-20') ||
+            !(formatJsonPayload.op === 'transfer' || formatJsonPayload.op === 'deploy+mint') ||
+            formatJsonPayload.amt === undefined ||
+            (formatJsonPayload.op === 'transfer' && !formatJsonPayload.id)
+
+          if (incorrectlyFormatted) {
+            throw new Error('Malformed JSON payload')
+          }
+        } catch (error) {
+          throw new Error(`Invalid JSON payload: ${error.message}`)
+        }
+
+        // Check formatMiddle (chunks 7-10): OP_ENDIF OP_2DUP OP_CAT OP_HASH160
+        const formatMiddle = new Script(chunks.slice(7, 11)).toHex()
+        if (formatMiddle !== TEMPLATES['server-token'].formatMiddle) {
+          throw new Error('Malformed formatMiddle')
+        }
+
+        // Check hash data (chunk 11): should be 20 bytes
+        if (!chunks[11].data || chunks[11].data.length !== 20) {
+          throw new Error('Invalid hash data length')
+        }
+
+        // Check formatEnd (chunks 12-19): multisig ending
+        const formatEnd = new Script(chunks.slice(12, 20)).toHex()
+        if (formatEnd !== TEMPLATES['server-token'].formatEnd) {
+          throw new Error('Malformed formatEnd')
+        }
+
+        // Check OP_RETURN (chunk 20)
+        if (chunks[20].op !== 106) {  // 106 = 0x6a = OP_RETURN
+          throw new Error('No OP_RETURN at the end')
+        }
+
+        // Validate OP_RETURN contains data (original mint txid)
+        if (!chunks[20].data || chunks[20].data.length === 0) {
+          throw new Error('Missing OP_RETURN data')
+        }
+
+        return { valid: true, message: 'Script is valid' }
+      }
 
-  // Check if the script matches the template
-  // Normalize scripts to ASM to handle pushdata code differences
-  const isValid = inputScript.toASM() === NORMALIZED_TEMPLATES[type];
+      case "transfer-token": {
+        // Transfer token: ordinal inscription + P2PKH
+        // Structure: formatStart (0-5) | JSON (6) | formatMiddle (7-9) | hash (10) | formatEnd (11-12) | OP_RETURN (13)
+
+        // Check formatStart (chunks 0-5)
+        const formatStart = new Script(chunks.slice(0, 6)).toHex()
+        if (formatStart !== TEMPLATES['transfer-token'].formatStart) {
+          throw new Error('Malformed formatStart')
+        }
+
+        // Validate JSON payload (chunk 6)
+        try {
+          const formatJsonPayload = JSON.parse(Utils.toUTF8(chunks[6].data))
+          const incorrectlyFormatted =
+            (formatJsonPayload.p !== 'bsv-20') ||
+            !(formatJsonPayload.op === 'transfer' || formatJsonPayload.op === 'deploy+mint') ||
+            formatJsonPayload.amt === undefined ||
+            (formatJsonPayload.op === 'transfer' && !formatJsonPayload.id)
+
+          if (incorrectlyFormatted) {
+            throw new Error('Malformed JSON payload')
+          }
+        } catch (error) {
+          throw new Error(`Invalid JSON payload: ${error.message}`)
+        }
 
-  return {
-    valid: isValid,
-    message: isValid ? 'Script is valid' : 'Script is invalid'
+        // Check formatMiddle (chunks 7-9): OP_ENDIF OP_DUP OP_HASH160
+        const formatMiddle = new Script(chunks.slice(7, 10)).toHex()
+        if (formatMiddle !== TEMPLATES['transfer-token'].formatMiddle) {
+          throw new Error('Malformed formatMiddle')
+        }
+
+        // Check pubkey hash data (chunk 10): should be 20 bytes
+        if (!chunks[10].data || chunks[10].data.length !== 20) {
+          throw new Error('Invalid pubkey hash data length')
+        }
+
+        // Check formatEnd (chunks 11-12): OP_EQUALVERIFY OP_CHECKSIG
+        const formatEnd = new Script(chunks.slice(11, 13)).toHex()
+        if (formatEnd !== TEMPLATES['transfer-token'].formatEnd) {
+          throw new Error('Malformed formatEnd')
+        }
+
+        // Check OP_RETURN (chunk 13)
+        if (chunks[13].op !== 106) {  // 106 = 0x6a = OP_RETURN
+          throw new Error('No OP_RETURN at the end')
+        }
+
+        // Validate OP_RETURN contains data (original mint txid)
+        if (!chunks[13].data || chunks[13].data.length === 0) {
+          throw new Error('Missing OP_RETURN data')
+        }
+
+        return { valid: true, message: 'Script is valid' }
+      }
+
+      case "payment": {
+        // Payment script: just multisig, no ordinal inscription
+        // Structure: formatStart (0-2) | hash (3) | formatEnd (4-11)
+
+        // Check formatStart (chunks 0-2): OP_2DUP OP_CAT OP_HASH160
+        const formatStart = new Script(chunks.slice(0, 3)).toHex()
+        if (formatStart !== TEMPLATES['payment'].formatStart) {
+          throw new Error('Malformed formatStart')
+        }
+
+        // Check hash data (chunk 3): should be 20 bytes
+        if (!chunks[3].data || chunks[3].data.length !== 20) {
+          throw new Error('Invalid hash data length')
+        }
+
+        // Check formatEnd (chunks 4-11): multisig ending
+        const formatEnd = new Script(chunks.slice(4, 12)).toHex()
+        if (formatEnd !== TEMPLATES['payment'].formatEnd) {
+          throw new Error('Malformed formatEnd')
+        }
+
+        return { valid: true, message: 'Script is valid' }
+      }
+
+      default:
+        throw new Error(`Unknown script type: ${type}`)
+    }
+
+  } catch (error) {
+    return {
+      valid: false,
+      message: error?.message || 'Invalid script format'
+    }
   }
 }
diff --git a/src/services/monsterbattle/MonsterBattleTopicManager.ts b/src/services/monsterbattle/MonsterBattleTopicManager.ts
@@ -46,23 +46,14 @@ export default class MonsterBattleTopicManager implements TopicManager {
 
           console.log('[MonsterBattle] Incoming ordinal transaction')
 
-          // Check for our ordinal script format
-          if (output.lockingScript.chunks.length < 14) throw new Error('Invalid locking script error 1')
-          if (output.lockingScript.chunks[0].op !== OP.OP_0) throw new Error('Invalid locking script error 2')
-          if (output.lockingScript.chunks[1].op !== OP.OP_IF) throw new Error('Invalid locking script error 3')
-          if (output.lockingScript.chunks[3].op !== OP.OP_1) throw new Error('Invalid locking script error 4')
-          if (output.lockingScript.chunks[5].op !== OP.OP_0) throw new Error('Invalid locking script error 5')
-          if (output.lockingScript.chunks[7].op !== OP.OP_ENDIF) throw new Error('Invalid locking script error 6')
-          if (output.lockingScript.chunks[8].op !== OP.OP_DUP) throw new Error('Invalid locking script error 7')
-          if (output.lockingScript.chunks[9].op !== OP.OP_HASH160) throw new Error('Invalid locking script error 8')
-          if (output.lockingScript.chunks[10].op !== 20) throw new Error('Invalid locking script error 9')
-          if (output.lockingScript.chunks[11].op !== OP.OP_EQUALVERIFY) throw new Error('Invalid locking script error 10')
-          if (output.lockingScript.chunks[12].op !== OP.OP_CHECKSIG) throw new Error('Invalid locking script error 11')
-          if (output.lockingScript.chunks[13].op !== OP.OP_RETURN) throw new Error('Invalid locking script error 12')
-
-          console.log(`[MonsterBattle] Ordinal transaction passed checks`)
-
-          outputsToAdmit.push(index)
+          // Check for ordinal inscription format
+          const result = checkScriptFormat(output.lockingScript)
+          if (result.valid) {
+            console.log(`[MonsterBattle] Ordinal transaction passed checks`)
+            outputsToAdmit.push(index)
+          } else {
+            console.log(`[MonsterBattle] Ordinal validation failed: ${result.message}`)
+          }
         } catch (err) {
           console.error(`Error processing output ${index}:`, err)
           // Continue with next output
@@ -113,6 +104,85 @@ export default class MonsterBattleTopicManager implements TopicManager {
   }
 }
 
+// Template sections for ordinal inscription validation
+// Structure: formatStart (0-5) | JSON (6) | formatMiddle (7-9) | hash (10) | formatEnd (11-12) | OP_RETURN (13)
+const TEMPLATES = {
+  // OP_0 OP_IF 'ord' OP_1 'application/bsv-21' OP_0
+  formatStart: '0063036f726451126170706c69636174696f6e2f6273762d323100',
+  // OP_ENDIF OP_DUP OP_HASH160
+  formatMiddle: '6876a9',
+  // OP_EQUALVERIFY OP_CHECKSIG
+  formatEnd: '88ac'
+}
+
+function checkScriptFormat(script: Script) {
+  try {
+    const chunks = script.chunks
+
+    // Check minimum chunk count
+    if (chunks.length < 14) {
+      throw new Error('Insufficient chunks in script')
+    }
+
+    // Check formatStart (chunks 0-5): OP_0 OP_IF 'ord' OP_1 'application/bsv-21' OP_0
+    const formatStart = new Script(chunks.slice(0, 6)).toHex()
+    if (formatStart !== TEMPLATES.formatStart) {
+      throw new Error('Malformed formatStart')
+    }
+
+    // Validate JSON payload (chunk 6)
+    try {
+      const formatJsonPayload = JSON.parse(Utils.toUTF8(chunks[6].data))
+      const incorrectlyFormatted =
+        (formatJsonPayload.p !== 'bsv-20') ||
+        !(formatJsonPayload.op === 'transfer' || formatJsonPayload.op === 'deploy+mint') ||
+        formatJsonPayload.amt === undefined ||
+        (formatJsonPayload.op === 'transfer' && !formatJsonPayload.id)
+
+      if (incorrectlyFormatted) {
+        throw new Error('Malformed JSON payload')
+      }
+    } catch (error) {
+      throw new Error(`Invalid JSON payload: ${error.message}`)
+    }
+
+    // Check formatMiddle (chunks 7-9): OP_ENDIF OP_DUP OP_HASH160
+    const formatMiddle = new Script(chunks.slice(7, 10)).toHex()
+    if (formatMiddle !== TEMPLATES.formatMiddle) {
+      throw new Error('Malformed formatMiddle')
+    }
+
+    // Check pubkey hash data (chunk 10): should be 20 bytes
+    if (!chunks[10].data || chunks[10].data.length !== 20) {
+      throw new Error('Invalid pubkey hash data length')
+    }
+
+    // Check formatEnd (chunks 11-12): OP_EQUALVERIFY OP_CHECKSIG
+    const formatEnd = new Script(chunks.slice(11, 13)).toHex()
+    if (formatEnd !== TEMPLATES.formatEnd) {
+      throw new Error('Malformed formatEnd')
+    }
+
+    // Check OP_RETURN (chunk 13)
+    if (chunks[13].op !== 106) {  // 106 = 0x6a = OP_RETURN
+      throw new Error('No OP_RETURN at the end')
+    }
+
+    // Validate OP_RETURN contains data
+    if (!chunks[13].data || chunks[13].data.length === 0) {
+      throw new Error('Missing OP_RETURN data')
+    }
+
+    return { valid: true, message: 'Script is valid' }
+
+  } catch (error) {
+    return {
+      valid: false,
+      message: error?.message || 'Invalid script format'
+    }
+  }
+}
+
 // Helper to check if script is P2PKH
 function isP2PKH(script: Script): boolean {
   const chunks = script.chunks;
