core: check transaction's scripts length during decoding

This commit is contained in:
Anna Shaleva 2021-02-15 16:40:42 +03:00
parent 3fed06989a
commit a6d4a266b9
6 changed files with 29 additions and 17 deletions

View file

@ -1384,14 +1384,13 @@ func (bc *Blockchain) verifyHeader(currHeader, prevHeader *block.Header) error {
// Various errors that could be returned upon verification. // Various errors that could be returned upon verification.
var ( var (
ErrTxExpired = errors.New("transaction has expired") ErrTxExpired = errors.New("transaction has expired")
ErrInsufficientFunds = errors.New("insufficient funds") ErrInsufficientFunds = errors.New("insufficient funds")
ErrTxSmallNetworkFee = errors.New("too small network fee") ErrTxSmallNetworkFee = errors.New("too small network fee")
ErrTxTooBig = errors.New("too big transaction") ErrTxTooBig = errors.New("too big transaction")
ErrMemPoolConflict = errors.New("invalid transaction due to conflicts with the memory pool") ErrMemPoolConflict = errors.New("invalid transaction due to conflicts with the memory pool")
ErrInvalidScript = errors.New("invalid script") ErrInvalidScript = errors.New("invalid script")
ErrTxInvalidWitnessNum = errors.New("number of signers doesn't match witnesses") ErrInvalidAttribute = errors.New("invalid attribute")
ErrInvalidAttribute = errors.New("invalid attribute")
) )
// verifyAndPoolTx verifies whether a transaction is bonafide or not and tries // verifyAndPoolTx verifies whether a transaction is bonafide or not and tries
@ -1856,9 +1855,6 @@ func (bc *Blockchain) verifyHashAgainstScript(hash util.Uint160, witness *transa
// not yet added into any block. // not yet added into any block.
// Golang implementation of VerifyWitnesses method in C# (https://github.com/neo-project/neo/blob/master/neo/SmartContract/Helper.cs#L87). // Golang implementation of VerifyWitnesses method in C# (https://github.com/neo-project/neo/blob/master/neo/SmartContract/Helper.cs#L87).
func (bc *Blockchain) verifyTxWitnesses(t *transaction.Transaction, block *block.Block, isPartialTx bool) error { func (bc *Blockchain) verifyTxWitnesses(t *transaction.Transaction, block *block.Block, isPartialTx bool) error {
if len(t.Signers) != len(t.Scripts) {
return fmt.Errorf("%w: %d vs %d", ErrTxInvalidWitnessNum, len(t.Signers), len(t.Scripts))
}
interopCtx := bc.newInteropContext(trigger.Verification, bc.dao, block, t) interopCtx := bc.newInteropContext(trigger.Verification, bc.dao, block, t)
gasLimit := t.NetworkFee - int64(t.Size())*bc.FeePerByte() gasLimit := t.NetworkFee - int64(t.Size())*bc.FeePerByte()
if bc.P2PSigExtensionsEnabled() { if bc.P2PSigExtensionsEnabled() {

View file

@ -439,10 +439,6 @@ func TestVerifyTx(t *testing.T) {
err := bc.PoolTx(tx2) err := bc.PoolTx(tx2)
require.True(t, errors.Is(err, ErrMemPoolConflict)) require.True(t, errors.Is(err, ErrMemPoolConflict))
}) })
t.Run("NotEnoughWitnesses", func(t *testing.T) {
tx := bc.newTestTx(h, testScript)
checkErr(t, ErrTxInvalidWitnessNum, tx)
})
t.Run("InvalidWitnessHash", func(t *testing.T) { t.Run("InvalidWitnessHash", func(t *testing.T) {
tx := bc.newTestTx(h, testScript) tx := bc.newTestTx(h, testScript)
require.NoError(t, accs[0].SignTx(tx)) require.NoError(t, accs[0].SignTx(tx))

View file

@ -280,8 +280,8 @@ func createVMAndContractState(t *testing.T) (*vm.VM, *state.Contract, *interop.C
func createVMAndTX(t *testing.T) (*vm.VM, *transaction.Transaction, *interop.Context, *Blockchain) { func createVMAndTX(t *testing.T) (*vm.VM, *transaction.Transaction, *interop.Context, *Blockchain) {
script := []byte{byte(opcode.PUSH1), byte(opcode.RET)} script := []byte{byte(opcode.PUSH1), byte(opcode.RET)}
tx := transaction.New(netmode.UnitTestNet, script, 0) tx := transaction.New(netmode.UnitTestNet, script, 0)
tx.Signers = []transaction.Signer{{Account: util.Uint160{1, 2, 3, 4}}} tx.Signers = []transaction.Signer{{Account: util.Uint160{1, 2, 3, 4}}}
tx.Scripts = []transaction.Witness{{InvocationScript: []byte{}, VerificationScript: []byte{}}}
chain := newTestChain(t) chain := newTestChain(t)
d := dao.NewSimple(storage.NewMemoryStore(), netmode.UnitTestNet, chain.config.StateRootInHeader) d := dao.NewSimple(storage.NewMemoryStore(), netmode.UnitTestNet, chain.config.StateRootInHeader)
context := chain.newInteropContext(trigger.Application, d, nil, tx) context := chain.newInteropContext(trigger.Application, d, nil, tx)

View file

@ -31,6 +31,9 @@ const (
DummyVersion = 255 DummyVersion = 255
) )
// ErrInvalidWitnessNum returns when the number of witnesses does not match signers.
var ErrInvalidWitnessNum = errors.New("number of signers doesn't match witnesses")
// Transaction is a process recorded in the NEO blockchain. // Transaction is a process recorded in the NEO blockchain.
type Transaction struct { type Transaction struct {
// The trading version which is currently 0. // The trading version which is currently 0.
@ -170,7 +173,11 @@ func (t *Transaction) DecodeBinary(br *io.BinReader) {
if br.Err != nil { if br.Err != nil {
return return
} }
br.ReadArray(&t.Scripts) br.ReadArray(&t.Scripts, len(t.Signers))
if len(t.Signers) != len(t.Scripts) {
br.Err = fmt.Errorf("%w: %d vs %d", ErrInvalidWitnessNum, len(t.Signers), len(t.Scripts))
return
}
// Create the hash of the transaction at decode, so we dont need // Create the hash of the transaction at decode, so we dont need
// to do it anymore. // to do it anymore.

View file

@ -13,6 +13,7 @@ import (
"github.com/nspcc-dev/neo-go/pkg/config/netmode" "github.com/nspcc-dev/neo-go/pkg/config/netmode"
"github.com/nspcc-dev/neo-go/pkg/encoding/fixedn" "github.com/nspcc-dev/neo-go/pkg/encoding/fixedn"
"github.com/nspcc-dev/neo-go/pkg/util" "github.com/nspcc-dev/neo-go/pkg/util"
"github.com/nspcc-dev/neo-go/pkg/vm/opcode"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
) )
@ -77,6 +78,7 @@ func TestNew(t *testing.T) {
script := []byte{0x51} script := []byte{0x51}
tx := New(netmode.UnitTestNet, script, 1) tx := New(netmode.UnitTestNet, script, 1)
tx.Signers = []Signer{{Account: util.Uint160{1, 2, 3}}} tx.Signers = []Signer{{Account: util.Uint160{1, 2, 3}}}
tx.Scripts = []Witness{{InvocationScript: []byte{}, VerificationScript: []byte{}}}
assert.Equal(t, int64(1), tx.SystemFee) assert.Equal(t, int64(1), tx.SystemFee)
assert.Equal(t, script, tx.Script) assert.Equal(t, script, tx.Script)
// Update hash fields to match tx2 that is gonna autoupdate them on decode. // Update hash fields to match tx2 that is gonna autoupdate them on decode.
@ -90,6 +92,7 @@ func TestNewTransactionFromBytes(t *testing.T) {
tx := New(netmode.UnitTestNet, script, 1) tx := New(netmode.UnitTestNet, script, 1)
tx.NetworkFee = 123 tx.NetworkFee = 123
tx.Signers = []Signer{{Account: util.Uint160{1, 2, 3}}} tx.Signers = []Signer{{Account: util.Uint160{1, 2, 3}}}
tx.Scripts = []Witness{{InvocationScript: []byte{}, VerificationScript: []byte{}}}
data, err := testserdes.EncodeBinary(tx) data, err := testserdes.EncodeBinary(tx)
require.NoError(t, err) require.NoError(t, err)
@ -118,6 +121,15 @@ func TestDecodingTXWithNoScript(t *testing.T) {
require.Error(t, err) require.Error(t, err)
} }
func TestDecodingTxWithInvalidWitnessesNumber(t *testing.T) {
tx := New(netmode.UnitTestNet, []byte{byte(opcode.RET)}, 1)
tx.Signers = []Signer{{Account: util.Uint160{1, 2, 3}}}
tx.Scripts = []Witness{{InvocationScript: []byte{}, VerificationScript: []byte{}}, {InvocationScript: []byte{}, VerificationScript: []byte{}}}
data, err := testserdes.EncodeBinary(tx)
require.NoError(t, err)
require.True(t, errors.Is(testserdes.DecodeBinary(data, new(Transaction)), ErrInvalidWitnessNum))
}
func TestUnmarshalNeoFSTX(t *testing.T) { func TestUnmarshalNeoFSTX(t *testing.T) {
txjson := []byte(` txjson := []byte(`
{ {

View file

@ -306,6 +306,7 @@ func newDummyBlock(height uint32, txCount int) *block.Block {
func newDummyTx() *transaction.Transaction { func newDummyTx() *transaction.Transaction {
tx := transaction.New(netmode.UnitTestNet, random.Bytes(100), 123) tx := transaction.New(netmode.UnitTestNet, random.Bytes(100), 123)
tx.Signers = []transaction.Signer{{Account: random.Uint160()}} tx.Signers = []transaction.Signer{{Account: random.Uint160()}}
tx.Scripts = []transaction.Witness{{InvocationScript: []byte{}, VerificationScript: []byte{}}}
tx.Size() tx.Size()
tx.Hash() tx.Hash()
return tx return tx