From e916c0a1edd178842f4c628f86985602b2b86edf Mon Sep 17 00:00:00 2001
From: random-zebra <random.zebra@protonmail.com>
Date: Wed, 25 Aug 2021 23:52:05 +0200
Subject: [PATCH 1/2] [BUG] Correct CCSV opcode handling in script evaluation

---
 src/script/interpreter.cpp | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/script/interpreter.cpp b/src/script/interpreter.cpp
index b79a591592e5..58f425737a82 100644
--- a/src/script/interpreter.cpp
+++ b/src/script/interpreter.cpp
@@ -957,14 +957,20 @@ bool EvalScript(std::vector<std::vector<unsigned char> >& stack, const CScript&
 
                 case OP_CHECKCOLDSTAKEVERIFY:
                 {
-                    return checker.CheckColdStake(false, script, stack, flags, serror);
+                    if (!checker.CheckColdStake(false, script, stack, flags, serror)) {
+                        // serror set
+                        return false;
+                    }
                 }
                 break;
 
                 case OP_CHECKCOLDSTAKEVERIFY_LOF:
                 {
                     // Allow last output script "free"
-                    return checker.CheckColdStake(true, script, stack, flags, serror);
+                    if (!checker.CheckColdStake(true, script, stack, flags, serror)) {
+                        // serror set
+                        return false;
+                    }
                 }
                 break;
 

From 50b9cb77ab6a2fea514166e376329b528c30b946 Mon Sep 17 00:00:00 2001
From: random-zebra <random.zebra@protonmail.com>
Date: Thu, 26 Aug 2021 21:45:07 +0200
Subject: [PATCH 2/2] [Refactor] check scriptsig size in CheckBlockSignature

---
 src/blocksignature.cpp | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/blocksignature.cpp b/src/blocksignature.cpp
index df698702803d..dc5f480fc7a1 100644
--- a/src/blocksignature.cpp
+++ b/src/blocksignature.cpp
@@ -76,14 +76,17 @@ bool CheckBlockSignature(const CBlock& block)
                 // p2pk scriptsig only contains the signature and p2pkh scriptpubkey only contain the hash.
                 return false;
             } else {
-                int start = 1 + (int) *txin.scriptSig.begin(); // skip sig
+                unsigned int start = 1 + (unsigned int) *txin.scriptSig.begin(); // skip sig
+                if (start >= txin.scriptSig.size() - 1) return false;
                 pubkey = CPubKey(txin.scriptSig.begin()+start+1, txin.scriptSig.end());
             }
         } else if (whichType == TX_COLDSTAKE) {
             // pick the public key from the P2CS input
             const CTxIn& txin = block.vtx[1]->vin[0];
-            int start = 1 + (int) *txin.scriptSig.begin(); // skip sig
+            unsigned int start = 1 + (unsigned int) *txin.scriptSig.begin(); // skip sig
+            if (start >= txin.scriptSig.size() - 1) return false;
             start += 1 + (int) *(txin.scriptSig.begin()+start); // skip flag
+            if (start >= txin.scriptSig.size() - 1) return false;
             pubkey = CPubKey(txin.scriptSig.begin()+start+1, txin.scriptSig.end());
         }
     }