From a508d5a51d4d8de2422793193cc1735485bc81e3 Mon Sep 17 00:00:00 2001
From: Christopher Jeffrey <chjjeffrey@gmail.com>
Date: Sat, 17 Sep 2016 19:40:22 -0700
Subject: [PATCH] rpc: getwork - verify header before mutating current block.

---
 lib/http/rpc.js | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/lib/http/rpc.js b/lib/http/rpc.js
index 428e9453..997bf5ef 100644
--- a/lib/http/rpc.js
+++ b/lib/http/rpc.js
@@ -1422,7 +1422,7 @@ RPC.prototype.verifychain = function verifychain(args, callback) {
 
 RPC.prototype._submitwork = function getwork(data, callback) {
   var attempt = this.attempt;
-  var block, header, cb;
+  var block, header, cb, cur;
 
   if (data.length !== 128)
     return callback(new RPCError('Invalid parameter.'));
@@ -1435,18 +1435,29 @@ RPC.prototype._submitwork = function getwork(data, callback) {
   reverseEndian(data);
 
   header = bcoin.headers.fromAbbr(data);
+  block = attempt.block;
+
+  if (header.prevBlock !== block.prevBlock
+      || header.bits !== block.bits) {
+    return callback(null, false);
+  }
+
+  if (!header.verify())
+    return callback(null, false);
+
   cb = this.coinbase[header.merkleRoot];
 
   if (!cb)
     return callback(null, false);
 
-  block = attempt.block;
+  cur = block.txs[0];
   block.txs[0] = cb;
   attempt.updateMerkle();
 
-  if (header.prevBlock !== block.prevBlock
-      || header.merkleRoot !== block.merkleRoot
-      || header.bits !== block.bits) {
+  if (header.merkleRoot !== block.merkleRoot) {
+    block.txs[0] = cur;
+    attempt.updateMerkle();
+    this.logger.warning('Bad calculated merkle root for submitted work.');
     return callback(null, false);
   }