From 6add4f3e505d6d93688bace4c21ded198014dc75 Mon Sep 17 00:00:00 2001
From: Evgenii Stratonikov <evgeniy@nspcc.ru>
Date: Fri, 28 Feb 2020 16:53:26 +0300
Subject: [PATCH] transaction: disallow negative outputs

Otherwise it is possible to make outputs which will sum
to the expected value, but steal GAS from some other account.
---
 pkg/core/transaction/transaction.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/pkg/core/transaction/transaction.go b/pkg/core/transaction/transaction.go
index e9384f50a..f20962bc3 100644
--- a/pkg/core/transaction/transaction.go
+++ b/pkg/core/transaction/transaction.go
@@ -100,6 +100,12 @@ func (t *Transaction) DecodeBinary(br *io.BinReader) {
 	br.ReadArray(&t.Attributes)
 	br.ReadArray(&t.Inputs)
 	br.ReadArray(&t.Outputs)
+	for i := range t.Outputs {
+		if t.Outputs[i].Amount.LessThan(0) {
+			br.Err = errors.New("negative output")
+			return
+		}
+	}
 	br.ReadArray(&t.Scripts)
 
 	// Create the hash of the transaction at decode, so we dont need