From 393bf525d6e44242a0150baa2160e3ca3e1bb1b6 Mon Sep 17 00:00:00 2001
From: sowle <crypto.sowle@gmail.com>
Date: Fri, 9 Aug 2019 07:32:12 +0300
Subject: [PATCH] security improvement in
 get_a_to_b_relative_cumulative_difficulty()

---
 src/currency_core/blockchain_storage.cpp    | 2 +-
 src/currency_core/currency_format_utils.cpp | 9 +++++----
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/currency_core/blockchain_storage.cpp b/src/currency_core/blockchain_storage.cpp
index ad314c02..8ac0a716 100644
--- a/src/currency_core/blockchain_storage.cpp
+++ b/src/currency_core/blockchain_storage.cpp
@@ -1760,7 +1760,7 @@ bool blockchain_storage::is_reorganize_required(const block_extended_info& main_
 
     wide_difficulty_type alt_pos_diff_end = get_last_alt_x_block_cumulative_precise_adj_difficulty(alt_chain, alt_chain_bei.height, true);
     wide_difficulty_type alt_pos_diff_begin = get_last_alt_x_block_cumulative_precise_adj_difficulty(alt_chain_type(), connection_point.height-1, true);
-    alt_cumul_diff.pos_diff = alt_pos_diff_end- alt_pos_diff_begin;
+    alt_cumul_diff.pos_diff = alt_pos_diff_end - alt_pos_diff_begin;
     
     wide_difficulty_type alt_pow_diff_end = get_last_alt_x_block_cumulative_precise_adj_difficulty(alt_chain, alt_chain_bei.height, false);
     wide_difficulty_type alt_pow_diff_begin = get_last_alt_x_block_cumulative_precise_adj_difficulty(alt_chain_type(), connection_point.height - 1, false);
diff --git a/src/currency_core/currency_format_utils.cpp b/src/currency_core/currency_format_utils.cpp
index 071de5fa..ba411958 100644
--- a/src/currency_core/currency_format_utils.cpp
+++ b/src/currency_core/currency_format_utils.cpp
@@ -2709,10 +2709,11 @@ namespace currency
     const difficulties& a_diff,
     const difficulties& b_diff )
   {
-    const wide_difficulty_type& a_pos_cumulative_difficulty = a_diff.pos_diff != 0 ? a_diff.pos_diff:DIFFICULTY_STARTER;
-    const wide_difficulty_type& b_pos_cumulative_difficulty = b_diff.pos_diff != 0 ? b_diff.pos_diff : DIFFICULTY_STARTER;
-    const wide_difficulty_type& a_pow_cumulative_difficulty = a_diff.pow_diff != 0 ? a_diff.pow_diff : DIFFICULTY_STARTER;
-    const wide_difficulty_type& b_pow_cumulative_difficulty = b_diff.pow_diff != 0 ? b_diff.pow_diff : DIFFICULTY_STARTER;
+    static const wide_difficulty_type difficulty_starter = DIFFICULTY_STARTER;
+    const wide_difficulty_type& a_pos_cumulative_difficulty = a_diff.pos_diff > 0 ? a_diff.pos_diff : difficulty_starter;
+    const wide_difficulty_type& b_pos_cumulative_difficulty = b_diff.pos_diff > 0 ? b_diff.pos_diff : difficulty_starter;
+    const wide_difficulty_type& a_pow_cumulative_difficulty = a_diff.pow_diff > 0 ? a_diff.pow_diff : difficulty_starter;
+    const wide_difficulty_type& b_pow_cumulative_difficulty = b_diff.pow_diff > 0 ? b_diff.pow_diff : difficulty_starter;
 
     boost::multiprecision::uint1024_t basic_sum = boost::multiprecision::uint1024_t(a_pow_cumulative_difficulty) + (boost::multiprecision::uint1024_t(a_pos_cumulative_difficulty)*difficulty_pow_at_split_point) / difficulty_pos_at_split_point;
     boost::multiprecision::uint1024_t res =