neo-go/pkg/vm/contract_checks.go

203 lines
5.6 KiB
Go
Raw Permalink Normal View History

package vm
import (
"encoding/binary"
"errors"
"fmt"
"github.com/nspcc-dev/neo-go/pkg/core/interop/interopnames"
"github.com/nspcc-dev/neo-go/pkg/encoding/bigint"
"github.com/nspcc-dev/neo-go/pkg/util/bitfield"
"github.com/nspcc-dev/neo-go/pkg/vm/opcode"
"github.com/nspcc-dev/neo-go/pkg/vm/stackitem"
)
// MaxMultisigKeys is the maximum number of keys allowed for correct multisig contract.
const MaxMultisigKeys = 1024
var (
verifyInteropID = interopnames.ToID([]byte(interopnames.SystemCryptoCheckSig))
multisigInteropID = interopnames.ToID([]byte(interopnames.SystemCryptoCheckMultisig))
)
func getNumOfThingsFromInstr(instr opcode.Opcode, param []byte) (int, bool) {
var nthings int
2020-04-21 13:45:48 +00:00
switch {
case opcode.PUSH1 <= instr && instr <= opcode.PUSH16:
nthings = int(instr-opcode.PUSH1) + 1
2020-04-21 13:45:48 +00:00
case instr <= opcode.PUSHINT256:
n := bigint.FromBytes(param)
if !n.IsInt64() || n.Sign() < 0 || n.Int64() > MaxMultisigKeys {
2020-04-21 13:45:48 +00:00
return 0, false
}
nthings = int(n.Int64())
default:
return 0, false
}
if nthings < 1 || nthings > MaxMultisigKeys {
return 0, false
}
return nthings, true
}
// IsMultiSigContract checks whether the passed script is a multi-signature
// contract.
func IsMultiSigContract(script []byte) bool {
_, _, ok := ParseMultiSigContract(script)
return ok
}
// ParseMultiSigContract returns the number of signatures and a list of public keys
// from the verification script of the contract.
func ParseMultiSigContract(script []byte) (int, [][]byte, bool) {
var nsigs, nkeys int
if len(script) < 42 {
return nsigs, nil, false
}
ctx := NewContext(script)
instr, param, err := ctx.Next()
if err != nil {
return nsigs, nil, false
}
nsigs, ok := getNumOfThingsFromInstr(instr, param)
if !ok {
return nsigs, nil, false
}
var pubs [][]byte
for {
instr, param, err = ctx.Next()
if err != nil {
return nsigs, nil, false
}
if instr != opcode.PUSHDATA1 {
break
}
if len(param) < 33 {
return nsigs, nil, false
}
pubs = append(pubs, param)
nkeys++
if nkeys > MaxMultisigKeys {
return nsigs, nil, false
}
}
if nkeys < nsigs {
return nsigs, nil, false
}
nkeys2, ok := getNumOfThingsFromInstr(instr, param)
if !ok {
return nsigs, nil, false
}
if nkeys2 != nkeys {
return nsigs, nil, false
}
instr, param, err = ctx.Next()
if err != nil || instr != opcode.SYSCALL || binary.LittleEndian.Uint32(param) != multisigInteropID {
return nsigs, nil, false
}
instr, _, err = ctx.Next()
if err != nil || instr != opcode.RET || ctx.ip != len(script) {
return nsigs, nil, false
}
return nsigs, pubs, true
}
// IsSignatureContract checks whether the passed script is a signature check
// contract.
func IsSignatureContract(script []byte) bool {
2021-03-05 09:22:48 +00:00
_, ok := ParseSignatureContract(script)
return ok
}
// ParseSignatureContract parses a simple signature contract and returns
// a public key.
2021-03-05 09:22:48 +00:00
func ParseSignatureContract(script []byte) ([]byte, bool) {
if len(script) != 40 {
2021-03-05 09:22:48 +00:00
return nil, false
}
// We don't use Context for this simple case, it's more efficient this way.
if script[0] == byte(opcode.PUSHDATA1) && // PUSHDATA1
script[1] == 33 && // with a public key parameter
script[35] == byte(opcode.SYSCALL) && // and a CheckSig SYSCALL.
binary.LittleEndian.Uint32(script[36:]) == verifyInteropID {
return script[2:35], true
}
return nil, false
}
// IsStandardContract checks whether the passed script is a signature or
// multi-signature contract.
func IsStandardContract(script []byte) bool {
return IsSignatureContract(script) || IsMultiSigContract(script)
}
// IsScriptCorrect checks the script for errors and mask provided for correctness wrt
// instruction boundaries. Normally, it returns nil, but it can return some specific
// error if there is any.
func IsScriptCorrect(script []byte, methods bitfield.Field) error {
var (
l = len(script)
instrs = bitfield.New(l)
jumps = bitfield.New(l)
)
ctx := NewContext(script)
for ctx.nextip < l {
op, param, err := ctx.Next()
if err != nil {
return err
}
instrs.Set(ctx.ip)
switch op {
case opcode.JMP, opcode.JMPIF, opcode.JMPIFNOT, opcode.JMPEQ, opcode.JMPNE,
opcode.JMPGT, opcode.JMPGE, opcode.JMPLT, opcode.JMPLE,
opcode.CALL, opcode.ENDTRY, opcode.JMPL, opcode.JMPIFL,
opcode.JMPIFNOTL, opcode.JMPEQL, opcode.JMPNEL,
opcode.JMPGTL, opcode.JMPGEL, opcode.JMPLTL, opcode.JMPLEL,
opcode.ENDTRYL, opcode.CALLL, opcode.PUSHA:
off, _, err := calcJumpOffset(ctx, param)
if err != nil {
return err
}
// `calcJumpOffset` does bounds checking but can return `len(script)`.
// This check avoids panic in bitset when script length is a multiple of 64.
if off != len(script) {
jumps.Set(off)
}
case opcode.TRY, opcode.TRYL:
catchP, finallyP := getTryParams(op, param)
off, _, err := calcJumpOffset(ctx, catchP)
if err != nil {
return err
}
if off != len(script) {
jumps.Set(off)
}
off, _, err = calcJumpOffset(ctx, finallyP)
if err != nil {
return err
}
if off != len(script) {
jumps.Set(off)
}
case opcode.NEWARRAYT, opcode.ISTYPE, opcode.CONVERT:
typ := stackitem.Type(param[0])
if !typ.IsValid() {
return fmt.Errorf("invalid type specification at offset %d", ctx.ip)
}
if typ == stackitem.AnyT && op != opcode.NEWARRAYT {
return fmt.Errorf("using type ANY is incorrect at offset %d", ctx.ip)
}
}
}
if !jumps.IsSubset(instrs) {
return errors.New("some jumps are done to wrong offsets (not to instruction boundary)")
}
if methods != nil && !methods.IsSubset(instrs) {
return errors.New("some methods point to wrong offsets (not to instruction boundary)")
}
return nil
}