Add server-side check for insanely high fees.

Goal is to prevent a situation like decred/dcrwallet#2000 from
happening again even if users are running the buggy client code.

Author: jrick

coinjoin/coinjoin.go

@@ -219,6 +219,11 @@ func feeForSerializeSize(relayFeePerKb int64, txSerializeSize int) int64 {
 	return fee
 }
 
+func paysHighFees(relayFeePerKb, fee int64, txSerializeSize int) bool {
+	maxFee := feeForSerializeSize(50*relayFeePerKb, txSerializeSize)
+	return fee > maxFee
+}
+
 func (t *Tx) ValidateUnmixed(unmixed []byte, mcount int) error {
 	var fee int64
 	other := new(wire.MsgTx)
@@ -254,10 +259,15 @@ func (t *Tx) ValidateUnmixed(unmixed []byte, mcount int) error {
 	for i := 0; i < mcount; i++ {
 		other.AddTxOut(bogusMixedOut)
 	}
-	requiredFee := feeForSerializeSize(t.feeRate, other.SerializeSize())
+	size := other.SerializeSize()
+	requiredFee := feeForSerializeSize(t.feeRate, size)
 	if fee < requiredFee {
 		return errors.New("coinjoin: unmixed transaction does not pay enough network fees")
 	}
+	if paysHighFees(t.feeRate, fee, size) {
+		return errors.New("coinjoin: unmixed transaction pays insanely high fees")
+	}
+
 	return nil
 }
 

integration/honest_test.go

@@ -196,7 +196,7 @@ func TestHonest(t *testing.T) {
 		i := i
 		go func() {
 			input := &wire.TxIn{ValueIn: inputValue * 1e8}
-			change := &wire.TxOut{Value: 1e8 - int64(1+i)*0.001e8, PkScript: change}
+			change := &wire.TxOut{Value: 1e8 - 0.0001e8 + int64(i+1), PkScript: change}
 			con := newConfirmer(input, change)
 			conn, err := tls.Dial("tcp", s.Addr, nettest.ClientTLS)
 			if err != nil {