From 6e8bef671afb23de1bb6880e855020333cc61a37 Mon Sep 17 00:00:00 2001 From: Alex Vanin Date: Thu, 29 Apr 2021 16:12:41 +0300 Subject: [PATCH] [#74] balance: Support notary disabled work flow Signed-off-by: Alex Vanin --- balance/balance_contract.go | 158 ++++++++++++++++++++++++++++++++---- common/vote.go | 25 ++++++ 2 files changed, 166 insertions(+), 17 deletions(-) diff --git a/balance/balance_contract.go b/balance/balance_contract.go index 0a59f6d..9d7e7e0 100644 --- a/balance/balance_contract.go +++ b/balance/balance_contract.go @@ -126,10 +126,43 @@ func Transfer(from, to interop.Hash160, amount int, data interface{}) bool { func TransferX(from, to interop.Hash160, amount int, details []byte) bool { ctx := storage.GetContext() + notaryDisabled := storage.Get(ctx, notaryDisabledKey).(bool) - multiaddr := common.AlphabetAddress() - if !runtime.CheckWitness(multiaddr) { - panic("transferX: this method must be invoked from inner ring") + var ( // for invocation collection without notary + alphabet []common.IRNode + nodeKey []byte + inderectCall bool + ) + + if notaryDisabled { + alphabet = common.AlphabetNodes() + nodeKey = common.InnerRingInvoker(alphabet) + if len(nodeKey) == 0 { + panic("transferX: this method must be invoked from inner ring") + } + + inderectCall = common.FromKnownContract( + ctx, + runtime.GetCallingScriptHash(), + containerContractKey, + ) + } else { + multiaddr := common.AlphabetAddress() + if !runtime.CheckWitness(multiaddr) { + panic("transferX: this method must be invoked from inner ring") + } + } + + if notaryDisabled && !inderectCall { + threshold := len(alphabet)*2/3 + 1 + id := common.InvokeID([]interface{}{from, to, amount}, []byte("transfer")) + + n := common.Vote(ctx, id, nodeKey) + if n < threshold { + return true + } + + common.RemoveVotes(ctx, id) } result := token.transfer(ctx, from, to, amount, true, details) @@ -145,20 +178,47 @@ func TransferX(from, to interop.Hash160, amount int, details []byte) bool { func Lock(txDetails []byte, from, to interop.Hash160, amount, until int) bool { ctx := storage.GetContext() + notaryDisabled := storage.Get(ctx, notaryDisabledKey).(bool) - multiaddr := common.AlphabetAddress() - if !runtime.CheckWitness(multiaddr) { - panic("lock: this method must be invoked from inner ring") + var ( // for invocation collection without notary + alphabet []common.IRNode + nodeKey []byte + ) + + if notaryDisabled { + alphabet = common.AlphabetNodes() + nodeKey = common.InnerRingInvoker(alphabet) + if len(nodeKey) == 0 { + panic("lock: this method must be invoked from inner ring") + } + } else { + multiaddr := common.AlphabetAddress() + if !runtime.CheckWitness(multiaddr) { + panic("lock: this method must be invoked from inner ring") + } } + details := common.LockTransferDetails(txDetails) + lockAccount := Account{ Balance: 0, Until: until, Parent: from, } - common.SetSerialized(ctx, to, lockAccount) - details := common.LockTransferDetails(txDetails) + if notaryDisabled { + threshold := len(alphabet)*2/3 + 1 + id := common.InvokeID([]interface{}{txDetails}, []byte("lock")) + + n := common.Vote(ctx, id, nodeKey) + if n < threshold { + return true + } + + common.RemoveVotes(ctx, id) + } + + common.SetSerialized(ctx, to, lockAccount) result := token.transfer(ctx, from, to, amount, true, details) if !result { @@ -174,10 +234,22 @@ func Lock(txDetails []byte, from, to interop.Hash160, amount, until int) bool { func NewEpoch(epochNum int) bool { ctx := storage.GetContext() + notaryDisabled := storage.Get(ctx, notaryDisabledKey).(bool) - multiaddr := common.AlphabetAddress() - if !runtime.CheckWitness(multiaddr) { - panic("newEpoch: this method must be invoked from inner ring") + if notaryDisabled { + indirectCall := common.FromKnownContract( + ctx, + runtime.GetCallingScriptHash(), + netmapContractKey, + ) + if !indirectCall { + panic("newEpoch: this method must be invoked from inner ring") + } + } else { + multiaddr := common.AlphabetAddress() + if !runtime.CheckWitness(multiaddr) { + panic("newEpoch: this method must be invoked from inner ring") + } } it := storage.Find(ctx, []byte{}, storage.KeysOnly) @@ -204,14 +276,40 @@ func NewEpoch(epochNum int) bool { func Mint(to interop.Hash160, amount int, txDetails []byte) bool { ctx := storage.GetContext() + notaryDisabled := storage.Get(ctx, notaryDisabledKey).(bool) - multiaddr := common.AlphabetAddress() - if !runtime.CheckWitness(multiaddr) { - panic("mint: this method must be invoked from inner ring") + var ( // for invocation collection without notary + alphabet []common.IRNode + nodeKey []byte + ) + + if notaryDisabled { + alphabet = common.AlphabetNodes() + nodeKey = common.InnerRingInvoker(alphabet) + if len(nodeKey) == 0 { + panic("mint: this method must be invoked from inner ring") + } + } else { + multiaddr := common.AlphabetAddress() + if !runtime.CheckWitness(multiaddr) { + panic("mint: this method must be invoked from inner ring") + } } details := common.MintTransferDetails(txDetails) + if notaryDisabled { + threshold := len(alphabet)*2/3 + 1 + id := common.InvokeID([]interface{}{txDetails}, []byte("mint")) + + n := common.Vote(ctx, id, nodeKey) + if n < threshold { + return true + } + + common.RemoveVotes(ctx, id) + } + ok := token.transfer(ctx, nil, to, amount, true, details) if !ok { panic("mint: can't transfer assets") @@ -228,14 +326,40 @@ func Mint(to interop.Hash160, amount int, txDetails []byte) bool { func Burn(from interop.Hash160, amount int, txDetails []byte) bool { ctx := storage.GetContext() + notaryDisabled := storage.Get(ctx, notaryDisabledKey).(bool) - multiaddr := common.AlphabetAddress() - if !runtime.CheckWitness(multiaddr) { - panic("burn: this method must be invoked from inner ring") + var ( // for invocation collection without notary + alphabet []common.IRNode + nodeKey []byte + ) + + if notaryDisabled { + alphabet = common.AlphabetNodes() + nodeKey = common.InnerRingInvoker(alphabet) + if len(nodeKey) == 0 { + panic("burn: this method must be invoked from inner ring") + } + } else { + multiaddr := common.AlphabetAddress() + if !runtime.CheckWitness(multiaddr) { + panic("burn: this method must be invoked from inner ring") + } } details := common.BurnTransferDetails(txDetails) + if notaryDisabled { + threshold := len(alphabet)*2/3 + 1 + id := common.InvokeID([]interface{}{txDetails}, []byte("burn")) + + n := common.Vote(ctx, id, nodeKey) + if n < threshold { + return true + } + + common.RemoveVotes(ctx, id) + } + ok := token.transfer(ctx, from, nil, amount, true, details) if !ok { panic("burn: can't transfer assets") diff --git a/common/vote.go b/common/vote.go index a29ea4d..bd45cf6 100644 --- a/common/vote.go +++ b/common/vote.go @@ -120,3 +120,28 @@ func InvokeID(args []interface{}, prefix []byte) []byte { return crypto.Sha256(prefix) } + +/* + Check if invocation made from known container or audit contracts. + This is necessary because calls from these contracts require to do transfer + without signature collection (1 invoke transfer). + + IR1, IR2, IR3, IR4 -(4 invokes)-> [ Container Contract ] -(1 invoke)-> [ Balance Contract ] + + We can do 1 invoke transfer if: + - invoke happened from inner ring node, + - it is indirect invocation from other smart-contract. + + However there is a possible attack, when malicious inner ring node creates + malicious smart-contract in morph chain to do inderect call. + + MaliciousIR -(1 invoke)-> [ Malicious Contract ] -(1 invoke) -> [ Balance Contract ] + + To prevent that, we have to allow 1 invoke transfer from authorised well known + smart-contracts, that will be set up at `Init` method. +*/ + +func FromKnownContract(ctx storage.Context, caller interop.Hash160, key string) bool { + addr := storage.Get(ctx, key).(interop.Hash160) + return BytesEqual(caller, addr) +}