script: introduce verify flags for OP_TEMPLATE

darosior · instagibbs · darosior · commit 6bed5166d65e · 2025-07-02T06:59:21.000-04:00
Script validation of OP_TEMPLATE is enabled past its activation height, which means it is currently
never enabled on mainnet/testnet and always is on regtest.

Tapscript spends making use of OP_TEMPLATE do not get relayed nor included in blocks until the soft
fork is active. Note how the standardness script verify flags are set such as even post activation,
an OP_TEMPLATEHASH related error would not be reported as a consensus error (and lead to peer
disconnection). This can be changed in a future release, once the soft fork activation isn't recent
anymore.

Co-Authored-by: Greg Sanders &lt;gsanders87@gmail.com&gt;
diff --git a/src/policy/policy.h b/src/policy/policy.h
@@ -123,7 +123,9 @@ static constexpr unsigned int STANDARD_SCRIPT_VERIFY_FLAGS{MANDATORY_SCRIPT_VERI
                                                              SCRIPT_VERIFY_CONST_SCRIPTCODE |
                                                              SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_TAPROOT_VERSION |
                                                              SCRIPT_VERIFY_DISCOURAGE_OP_SUCCESS |
-                                                             SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_PUBKEYTYPE};
+                                                             SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_PUBKEYTYPE |
+                                                             SCRIPT_VERIFY_DISCOURAGE_TEMPLATEHASH |
+                                                             SCRIPT_VERIFY_TEMPLATEHASH};
 
 /** For convenience, standard but not mandatory verify flags. */
 static constexpr unsigned int STANDARD_NOT_MANDATORY_VERIFY_FLAGS{STANDARD_SCRIPT_VERIFY_FLAGS & ~MANDATORY_SCRIPT_VERIFY_FLAGS};
diff --git a/src/script/interpreter.h b/src/script/interpreter.h
@@ -143,6 +143,12 @@ enum : uint32_t {
     // Making unknown public key versions (in BIP 342 scripts) non-standard
     SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_PUBKEYTYPE = (1U << 20),
 
+    // OP_TEMPLATEHASH validation (BIP xx)
+    SCRIPT_VERIFY_TEMPLATEHASH = (1U << 21),
+
+    // Make OP_TEMPLATEHASH spend non-standard before activation.
+    SCRIPT_VERIFY_DISCOURAGE_TEMPLATEHASH = (1U << 22),
+
     // Constants to point to the highest flag in use. Add new flags above this line.
     //
     SCRIPT_VERIFY_END_MARKER
diff --git a/src/test/fuzz/script_assets_test_minimizer.cpp b/src/test/fuzz/script_assets_test_minimizer.cpp
@@ -98,13 +98,14 @@ const std::map<std::string, unsigned int> FLAG_NAMES = {
     {std::string("CHECKSEQUENCEVERIFY"), (unsigned int)SCRIPT_VERIFY_CHECKSEQUENCEVERIFY},
     {std::string("WITNESS"), (unsigned int)SCRIPT_VERIFY_WITNESS},
     {std::string("TAPROOT"), (unsigned int)SCRIPT_VERIFY_TAPROOT},
+    {std::string("TEMPLATE"), (unsigned int)SCRIPT_VERIFY_TEMPLATEHASH},
 };
 
 std::vector<unsigned int> AllFlags()
 {
     std::vector<unsigned int> ret;
 
-    for (unsigned int i = 0; i < 128; ++i) {
+    for (unsigned int i = 0; i < 256; ++i) {
         unsigned int flag = 0;
         if (i & 1) flag |= SCRIPT_VERIFY_P2SH;
         if (i & 2) flag |= SCRIPT_VERIFY_DERSIG;
@@ -113,6 +114,7 @@ std::vector<unsigned int> AllFlags()
         if (i & 16) flag |= SCRIPT_VERIFY_CHECKSEQUENCEVERIFY;
         if (i & 32) flag |= SCRIPT_VERIFY_WITNESS;
         if (i & 64) flag |= SCRIPT_VERIFY_TAPROOT;
+        if (i & 128) flag |= SCRIPT_VERIFY_TEMPLATEHASH;
 
         // SCRIPT_VERIFY_WITNESS requires SCRIPT_VERIFY_P2SH
         if (flag & SCRIPT_VERIFY_WITNESS && !(flag & SCRIPT_VERIFY_P2SH)) continue;
diff --git a/src/test/script_tests.cpp b/src/test/script_tests.cpp
@@ -1553,7 +1553,7 @@ static std::vector<unsigned int> AllConsensusFlags()
 {
     std::vector<unsigned int> ret;
 
-    for (unsigned int i = 0; i < 128; ++i) {
+    for (unsigned int i = 0; i < 256; ++i) {
         unsigned int flag = 0;
         if (i & 1) flag |= SCRIPT_VERIFY_P2SH;
         if (i & 2) flag |= SCRIPT_VERIFY_DERSIG;
@@ -1562,6 +1562,7 @@ static std::vector<unsigned int> AllConsensusFlags()
         if (i & 16) flag |= SCRIPT_VERIFY_CHECKSEQUENCEVERIFY;
         if (i & 32) flag |= SCRIPT_VERIFY_WITNESS;
         if (i & 64) flag |= SCRIPT_VERIFY_TAPROOT;
+        if (i & 128) flag |= SCRIPT_VERIFY_TEMPLATEHASH;
 
         // SCRIPT_VERIFY_WITNESS requires SCRIPT_VERIFY_P2SH
         if (flag & SCRIPT_VERIFY_WITNESS && !(flag & SCRIPT_VERIFY_P2SH)) continue;
diff --git a/src/test/transaction_tests.cpp b/src/test/transaction_tests.cpp
@@ -70,6 +70,8 @@ static std::map<std::string, unsigned int> mapFlagNames = {
     {std::string("DISCOURAGE_UPGRADABLE_PUBKEYTYPE"), (unsigned int)SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_PUBKEYTYPE},
     {std::string("DISCOURAGE_OP_SUCCESS"), (unsigned int)SCRIPT_VERIFY_DISCOURAGE_OP_SUCCESS},
     {std::string("DISCOURAGE_UPGRADABLE_TAPROOT_VERSION"), (unsigned int)SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_TAPROOT_VERSION},
+    {std::string("TEMPLATEHASH"), (unsigned int)SCRIPT_VERIFY_TEMPLATEHASH},
+    {std::string("DISCOURAGE_TEMPLATEHASH"), (unsigned int)SCRIPT_VERIFY_DISCOURAGE_TEMPLATEHASH},
 };
 
 unsigned int ParseScriptFlags(std::string strFlags)
diff --git a/src/validation.cpp b/src/validation.cpp
@@ -1233,7 +1233,12 @@ bool MemPoolAccept::PolicyScriptChecks(const ATMPArgs& args, Workspace& ws)
     const CTransaction& tx = *ws.m_ptx;
     TxValidationState& state = ws.m_state;
 
-    constexpr unsigned int scriptVerifyFlags = STANDARD_SCRIPT_VERIFY_FLAGS;
+    unsigned int scriptVerifyFlags = STANDARD_SCRIPT_VERIFY_FLAGS;
+
+    // Past activation, don't discourage OP_TEMPLATEHASH spends.
+    if (DeploymentActiveAt(*m_active_chainstate.m_chain.Tip(), m_active_chainstate.m_chainman, Consensus::DEPLOYMENT_TEMPLATEHASH)) {
+        scriptVerifyFlags &= ~SCRIPT_VERIFY_DISCOURAGE_TEMPLATEHASH;
+    }
 
     // Check input scripts and signatures.
     // This is done last to help prevent CPU exhaustion denial-of-service attacks.
@@ -2406,6 +2411,11 @@ static unsigned int GetBlockScriptFlags(const CBlockIndex& block_index, const Ch
         flags |= SCRIPT_VERIFY_NULLDUMMY;
     }
 
+    // Enforce OP_TEMPLATEHASH (BIPxx)
+    if (DeploymentActiveAt(block_index, chainman, Consensus::DEPLOYMENT_TEMPLATEHASH)) {
+        flags |= SCRIPT_VERIFY_TEMPLATEHASH;
+    }
+
     return flags;
 }
 
