From 23a1430395e0a1f4edfe6fd113601f9df2252e1f Mon Sep 17 00:00:00 2001 From: Evgenii Stratonikov Date: Tue, 28 Jul 2020 17:15:23 +0300 Subject: [PATCH] core: allow to restrict creating callbacks from syscalls Specify DisallowCallback flag if syscall is not allowed to be used in a callback. Signed-off-by: Evgenii Stratonikov --- pkg/core/interop/callback/syscall.go | 3 ++ pkg/core/interop/context.go | 2 + pkg/core/interop_system_test.go | 9 ++++ pkg/core/interops.go | 71 +++++++++++++++------------- 4 files changed, 53 insertions(+), 32 deletions(-) diff --git a/pkg/core/interop/callback/syscall.go b/pkg/core/interop/callback/syscall.go index 6a7047f01..d52c091d3 100644 --- a/pkg/core/interop/callback/syscall.go +++ b/pkg/core/interop/callback/syscall.go @@ -34,6 +34,9 @@ func CreateFromSyscall(ic *interop.Context, v *vm.VM) error { if f == nil { return errors.New("syscall not found") } + if f.DisallowCallback { + return errors.New("syscall is not allowed to be used in a callback") + } v.Estack().PushVal(stackitem.NewInterop(&SyscallCallback{f})) return nil } diff --git a/pkg/core/interop/context.go b/pkg/core/interop/context.go index 4d8ca639b..c35bf7936 100644 --- a/pkg/core/interop/context.go +++ b/pkg/core/interop/context.go @@ -65,6 +65,8 @@ type Function struct { ID uint32 Name string Func func(*Context, *vm.VM) error + // DisallowCallback is true iff syscall can't be used in a callback. + DisallowCallback bool // ParamCount is a number of function parameters. ParamCount int Price int64 diff --git a/pkg/core/interop_system_test.go b/pkg/core/interop_system_test.go index 1ada9b251..aab9e5159 100644 --- a/pkg/core/interop_system_test.go +++ b/pkg/core/interop_system_test.go @@ -853,6 +853,11 @@ func TestSyscallCallback(t *testing.T) { }, ParamCount: 2, }, + { + ID: 0x53, + Func: func(_ *interop.Context, _ *vm.VM) error { return nil }, + DisallowCallback: true, + }, }) t.Run("Good", func(t *testing.T) { @@ -875,5 +880,9 @@ func TestSyscallCallback(t *testing.T) { v := loadScript([]byte{byte(opcode.RET)}, stackitem.NewArray(nil), 0x43) require.Error(t, callback.CreateFromSyscall(ic, v)) }) + t.Run("Disallowed", func(t *testing.T) { + v := loadScript([]byte{byte(opcode.RET)}, stackitem.NewArray(nil), 0x53) + require.Error(t, callback.CreateFromSyscall(ic, v)) + }) }) } diff --git a/pkg/core/interops.go b/pkg/core/interops.go index b6136a311..6b92e703d 100644 --- a/pkg/core/interops.go +++ b/pkg/core/interops.go @@ -47,31 +47,31 @@ var systemInterops = []interop.Function{ RequiredFlags: smartcontract.AllowStates, ParamCount: 2}, {Name: "System.Blockchain.GetTransactionHeight", Func: bcGetTransactionHeight, Price: 1000000, RequiredFlags: smartcontract.AllowStates, ParamCount: 1}, - {Name: "System.Callback.Create", Func: callback.Create, Price: 400, ParamCount: 3}, - {Name: "System.Callback.CreateFromMethod", Func: callback.CreateFromMethod, Price: 1000000, ParamCount: 2}, - {Name: "System.Callback.CreateFromSyscall", Func: callback.CreateFromSyscall, Price: 400, ParamCount: 1}, - {Name: "System.Callback.Invoke", Func: callback.Invoke, Price: 1000000, ParamCount: 2}, + {Name: "System.Callback.Create", Func: callback.Create, Price: 400, ParamCount: 3, DisallowCallback: true}, + {Name: "System.Callback.CreateFromMethod", Func: callback.CreateFromMethod, Price: 1000000, ParamCount: 2, DisallowCallback: true}, + {Name: "System.Callback.CreateFromSyscall", Func: callback.CreateFromSyscall, Price: 400, ParamCount: 1, DisallowCallback: true}, + {Name: "System.Callback.Invoke", Func: callback.Invoke, Price: 1000000, ParamCount: 2, DisallowCallback: true}, {Name: "System.Contract.Call", Func: contractCall, Price: 1000000, - RequiredFlags: smartcontract.AllowCall, ParamCount: 3}, + RequiredFlags: smartcontract.AllowCall, ParamCount: 3, DisallowCallback: true}, {Name: "System.Contract.CallEx", Func: contractCallEx, Price: 1000000, - RequiredFlags: smartcontract.AllowCall, ParamCount: 4}, + RequiredFlags: smartcontract.AllowCall, ParamCount: 4, DisallowCallback: true}, {Name: "System.Contract.Create", Func: contractCreate, Price: 0, - RequiredFlags: smartcontract.AllowModifyStates, ParamCount: 2}, - {Name: "System.Contract.CreateStandardAccount", Func: contractCreateStandardAccount, Price: 10000, ParamCount: 1}, - {Name: "System.Contract.Destroy", Func: contractDestroy, Price: 1000000, RequiredFlags: smartcontract.AllowModifyStates}, + RequiredFlags: smartcontract.AllowModifyStates, ParamCount: 2, DisallowCallback: true}, + {Name: "System.Contract.CreateStandardAccount", Func: contractCreateStandardAccount, Price: 10000, ParamCount: 1, DisallowCallback: true}, + {Name: "System.Contract.Destroy", Func: contractDestroy, Price: 1000000, RequiredFlags: smartcontract.AllowModifyStates, DisallowCallback: true}, {Name: "System.Contract.IsStandard", Func: contractIsStandard, Price: 30000, ParamCount: 1}, - {Name: "System.Contract.GetCallFlags", Func: contractGetCallFlags, Price: 30000}, + {Name: "System.Contract.GetCallFlags", Func: contractGetCallFlags, Price: 30000, DisallowCallback: true}, {Name: "System.Contract.Update", Func: contractUpdate, Price: 0, - RequiredFlags: smartcontract.AllowModifyStates, ParamCount: 2}, - {Name: "System.Enumerator.Concat", Func: enumerator.Concat, Price: 400, ParamCount: 2}, - {Name: "System.Enumerator.Create", Func: enumerator.Create, Price: 400, ParamCount: 1}, - {Name: "System.Enumerator.Next", Func: enumerator.Next, Price: 1000000, ParamCount: 1}, - {Name: "System.Enumerator.Value", Func: enumerator.Value, Price: 400, ParamCount: 1}, - {Name: "System.Iterator.Concat", Func: iterator.Concat, Price: 400, ParamCount: 2}, - {Name: "System.Iterator.Create", Func: iterator.Create, Price: 400, ParamCount: 1}, - {Name: "System.Iterator.Key", Func: iterator.Key, Price: 400, ParamCount: 1}, - {Name: "System.Iterator.Keys", Func: iterator.Keys, Price: 400, ParamCount: 1}, - {Name: "System.Iterator.Values", Func: iterator.Values, Price: 400, ParamCount: 1}, + RequiredFlags: smartcontract.AllowModifyStates, ParamCount: 2, DisallowCallback: true}, + {Name: "System.Enumerator.Concat", Func: enumerator.Concat, Price: 400, ParamCount: 2, DisallowCallback: true}, + {Name: "System.Enumerator.Create", Func: enumerator.Create, Price: 400, ParamCount: 1, DisallowCallback: true}, + {Name: "System.Enumerator.Next", Func: enumerator.Next, Price: 1000000, ParamCount: 1, DisallowCallback: true}, + {Name: "System.Enumerator.Value", Func: enumerator.Value, Price: 400, ParamCount: 1, DisallowCallback: true}, + {Name: "System.Iterator.Concat", Func: iterator.Concat, Price: 400, ParamCount: 2, DisallowCallback: true}, + {Name: "System.Iterator.Create", Func: iterator.Create, Price: 400, ParamCount: 1, DisallowCallback: true}, + {Name: "System.Iterator.Key", Func: iterator.Key, Price: 400, ParamCount: 1, DisallowCallback: true}, + {Name: "System.Iterator.Keys", Func: iterator.Keys, Price: 400, ParamCount: 1, DisallowCallback: true}, + {Name: "System.Iterator.Values", Func: iterator.Values, Price: 400, ParamCount: 1, DisallowCallback: true}, {Name: "System.Json.Deserialize", Func: json.Deserialize, Price: 500000, ParamCount: 1}, {Name: "System.Json.Serialize", Func: json.Serialize, Price: 100000, ParamCount: 1}, {Name: "System.Runtime.CheckWitness", Func: runtime.CheckWitness, Price: 30000, @@ -85,20 +85,27 @@ var systemInterops = []interop.Function{ {Name: "System.Runtime.GetScriptContainer", Func: engineGetScriptContainer, Price: 250}, {Name: "System.Runtime.GetTime", Func: runtimeGetTime, Price: 250, RequiredFlags: smartcontract.AllowStates}, {Name: "System.Runtime.GetTrigger", Func: runtimeGetTrigger, Price: 250}, - {Name: "System.Runtime.Log", Func: runtimeLog, Price: 1000000, RequiredFlags: smartcontract.AllowNotify, ParamCount: 1}, - {Name: "System.Runtime.Notify", Func: runtimeNotify, Price: 1000000, RequiredFlags: smartcontract.AllowNotify, ParamCount: 2}, + {Name: "System.Runtime.Log", Func: runtimeLog, Price: 1000000, RequiredFlags: smartcontract.AllowNotify, + ParamCount: 1, DisallowCallback: true}, + {Name: "System.Runtime.Notify", Func: runtimeNotify, Price: 1000000, RequiredFlags: smartcontract.AllowNotify, + ParamCount: 2, DisallowCallback: true}, {Name: "System.Runtime.Platform", Func: runtimePlatform, Price: 250}, {Name: "System.Storage.Delete", Func: storageDelete, Price: StoragePrice, - RequiredFlags: smartcontract.AllowModifyStates, ParamCount: 2}, - {Name: "System.Storage.Find", Func: storageFind, Price: 1000000, RequiredFlags: smartcontract.AllowStates, ParamCount: 2}, - {Name: "System.Storage.Get", Func: storageGet, Price: 1000000, RequiredFlags: smartcontract.AllowStates, ParamCount: 2}, - {Name: "System.Storage.GetContext", Func: storageGetContext, Price: 400, RequiredFlags: smartcontract.AllowStates}, - {Name: "System.Storage.GetReadOnlyContext", Func: storageGetReadOnlyContext, Price: 400, RequiredFlags: smartcontract.AllowStates}, + RequiredFlags: smartcontract.AllowModifyStates, ParamCount: 2, DisallowCallback: true}, + {Name: "System.Storage.Find", Func: storageFind, Price: 1000000, RequiredFlags: smartcontract.AllowStates, + ParamCount: 2, DisallowCallback: true}, + {Name: "System.Storage.Get", Func: storageGet, Price: 1000000, RequiredFlags: smartcontract.AllowStates, + ParamCount: 2, DisallowCallback: true}, + {Name: "System.Storage.GetContext", Func: storageGetContext, Price: 400, + RequiredFlags: smartcontract.AllowStates, DisallowCallback: true}, + {Name: "System.Storage.GetReadOnlyContext", Func: storageGetReadOnlyContext, Price: 400, + RequiredFlags: smartcontract.AllowStates, DisallowCallback: true}, {Name: "System.Storage.Put", Func: storagePut, Price: 0, RequiredFlags: smartcontract.AllowModifyStates, - ParamCount: 3}, // These don't have static price in C# code. - {Name: "System.Storage.PutEx", Func: storagePutEx, Price: 0, RequiredFlags: smartcontract.AllowModifyStates, ParamCount: 4}, + ParamCount: 3, DisallowCallback: true}, // These don't have static price in C# code. + {Name: "System.Storage.PutEx", Func: storagePutEx, Price: 0, RequiredFlags: smartcontract.AllowModifyStates, + ParamCount: 4, DisallowCallback: true}, {Name: "System.Storage.AsReadOnly", Func: storageContextAsReadOnly, Price: 400, - RequiredFlags: smartcontract.AllowStates, ParamCount: 1}, + RequiredFlags: smartcontract.AllowStates, ParamCount: 1, DisallowCallback: true}, } var neoInterops = []interop.Function{ @@ -110,8 +117,8 @@ var neoInterops = []interop.Function{ {Name: "Neo.Crypto.CheckMultisigWithECDsaSecp256k1", Func: crypto.ECDSASecp256k1CheckMultisig, Price: 0, ParamCount: 3}, {Name: "Neo.Crypto.SHA256", Func: crypto.Sha256, Price: 1000000, ParamCount: 1}, {Name: "Neo.Crypto.RIPEMD160", Func: crypto.RipeMD160, Price: 1000000, ParamCount: 1}, - {Name: "Neo.Native.Call", Func: native.Call, Price: 0, ParamCount: 1}, - {Name: "Neo.Native.Deploy", Func: native.Deploy, Price: 0, RequiredFlags: smartcontract.AllowModifyStates}, + {Name: "Neo.Native.Call", Func: native.Call, Price: 0, ParamCount: 1, DisallowCallback: true}, + {Name: "Neo.Native.Deploy", Func: native.Deploy, Price: 0, RequiredFlags: smartcontract.AllowModifyStates, DisallowCallback: true}, } // initIDinInteropsSlice initializes IDs from names in one given