From b3f562caab00be9c2c475636d386db669a58f86d Mon Sep 17 00:00:00 2001
From: SChernykh <15806605+SChernykh@users.noreply.github.com>
Date: Tue, 23 Apr 2024 18:29:19 +0200
Subject: [PATCH] Added sanity checks for height and difficulty

---
 src/pool_block.h          | 6 ++++++
 src/pool_block_parser.inl | 8 ++++++++
 2 files changed, 14 insertions(+)

diff --git a/src/pool_block.h b/src/pool_block.h
index 947c50cf..4281bd60 100644
--- a/src/pool_block.h
+++ b/src/pool_block.h
@@ -53,6 +53,12 @@ static constexpr uint64_t MAX_BLOCK_SIZE = 128 * 1024 - 5;
 // 0.6 XMR
 static constexpr uint64_t BASE_BLOCK_REWARD = 600000000000ULL;
 
+// 1000 years at 1 TH/s. It should be enough for any normal use.
+static constexpr difficulty_type MAX_CUMULATIVE_DIFFICULTY{ 13019633956666736640ULL, 1710ULL };
+
+// 1000 years at 1 block/second. It should be enough for any normal use.
+static constexpr uint64_t MAX_SIDECHAIN_HEIGHT = 31556952000ULL;
+
 struct DifficultyData
 {
 	FORCEINLINE DifficultyData(uint64_t t, const difficulty_type& d) : m_timestamp(t), m_cumulativeDifficulty(d) {}
diff --git a/src/pool_block_parser.inl b/src/pool_block_parser.inl
index 5ff85b5b..d80048c0 100644
--- a/src/pool_block_parser.inl
+++ b/src/pool_block_parser.inl
@@ -306,12 +306,20 @@ int PoolBlock::deserialize(const uint8_t* data, size_t size, const SideChain& si
 
 		READ_VARINT(m_sidechainHeight);
 
+		if (m_sidechainHeight > MAX_SIDECHAIN_HEIGHT) {
+			return __LINE__;
+		}
+
 		READ_VARINT(m_difficulty.lo);
 		READ_VARINT(m_difficulty.hi);
 
 		READ_VARINT(m_cumulativeDifficulty.lo);
 		READ_VARINT(m_cumulativeDifficulty.hi);
 
+		if (m_cumulativeDifficulty > MAX_CUMULATIVE_DIFFICULTY) {
+			return __LINE__;
+		}
+
 		READ_BUF(m_sidechainExtraBuf, sizeof(m_sidechainExtraBuf));
 
 #undef READ_BYTE