core: implement oracle tx verification
This commit is contained in:
parent
f084acc339
commit
e91d13c615
3 changed files with 137 additions and 7 deletions
|
@ -1,6 +1,7 @@
|
||||||
package core
|
package core
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"bytes"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"math/big"
|
"math/big"
|
||||||
|
@ -1251,6 +1252,34 @@ func (bc *Blockchain) verifyTxAttributes(tx *transaction.Transaction) error {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return fmt.Errorf("%w: high priority tx is not signed by committee", ErrInvalidAttribute)
|
return fmt.Errorf("%w: high priority tx is not signed by committee", ErrInvalidAttribute)
|
||||||
|
case transaction.OracleResponseT:
|
||||||
|
h, err := bc.contracts.Oracle.GetScriptHash()
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("%w: %v", ErrInvalidAttribute, err)
|
||||||
|
}
|
||||||
|
hasOracle := false
|
||||||
|
for i := range tx.Signers {
|
||||||
|
if tx.Signers[i].Scopes != transaction.FeeOnly {
|
||||||
|
return fmt.Errorf("%w: oracle tx has invalid signer scope", ErrInvalidAttribute)
|
||||||
|
}
|
||||||
|
if tx.Signers[i].Account.Equals(h) {
|
||||||
|
hasOracle = true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if !hasOracle {
|
||||||
|
return fmt.Errorf("%w: oracle tx is not signed by oracle nodes", ErrInvalidAttribute)
|
||||||
|
}
|
||||||
|
if !bytes.Equal(tx.Script, native.GetOracleResponseScript()) {
|
||||||
|
return fmt.Errorf("%w: oracle tx has invalid script", ErrInvalidAttribute)
|
||||||
|
}
|
||||||
|
resp := tx.Attributes[i].Value.(*transaction.OracleResponse)
|
||||||
|
req, err := bc.contracts.Oracle.GetRequestInternal(bc.dao, resp.ID)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("%w: oracle tx points to invalid request: %v", ErrInvalidAttribute, err)
|
||||||
|
}
|
||||||
|
if uint64(tx.NetworkFee+tx.SystemFee) < req.GasForResponse {
|
||||||
|
return fmt.Errorf("%w: oracle tx has insufficient gas", ErrInvalidAttribute)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
|
|
|
@ -11,12 +11,15 @@ import (
|
||||||
"github.com/nspcc-dev/neo-go/pkg/core/block"
|
"github.com/nspcc-dev/neo-go/pkg/core/block"
|
||||||
"github.com/nspcc-dev/neo-go/pkg/core/interop/interopnames"
|
"github.com/nspcc-dev/neo-go/pkg/core/interop/interopnames"
|
||||||
"github.com/nspcc-dev/neo-go/pkg/core/mempool"
|
"github.com/nspcc-dev/neo-go/pkg/core/mempool"
|
||||||
|
"github.com/nspcc-dev/neo-go/pkg/core/native"
|
||||||
"github.com/nspcc-dev/neo-go/pkg/core/state"
|
"github.com/nspcc-dev/neo-go/pkg/core/state"
|
||||||
"github.com/nspcc-dev/neo-go/pkg/core/storage"
|
"github.com/nspcc-dev/neo-go/pkg/core/storage"
|
||||||
"github.com/nspcc-dev/neo-go/pkg/core/transaction"
|
"github.com/nspcc-dev/neo-go/pkg/core/transaction"
|
||||||
"github.com/nspcc-dev/neo-go/pkg/crypto/hash"
|
"github.com/nspcc-dev/neo-go/pkg/crypto/hash"
|
||||||
|
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
|
||||||
"github.com/nspcc-dev/neo-go/pkg/internal/testchain"
|
"github.com/nspcc-dev/neo-go/pkg/internal/testchain"
|
||||||
"github.com/nspcc-dev/neo-go/pkg/io"
|
"github.com/nspcc-dev/neo-go/pkg/io"
|
||||||
|
"github.com/nspcc-dev/neo-go/pkg/smartcontract"
|
||||||
"github.com/nspcc-dev/neo-go/pkg/smartcontract/trigger"
|
"github.com/nspcc-dev/neo-go/pkg/smartcontract/trigger"
|
||||||
"github.com/nspcc-dev/neo-go/pkg/util"
|
"github.com/nspcc-dev/neo-go/pkg/util"
|
||||||
"github.com/nspcc-dev/neo-go/pkg/vm"
|
"github.com/nspcc-dev/neo-go/pkg/vm"
|
||||||
|
@ -212,13 +215,17 @@ func TestVerifyTx(t *testing.T) {
|
||||||
bc := newTestChain(t)
|
bc := newTestChain(t)
|
||||||
defer bc.Close()
|
defer bc.Close()
|
||||||
|
|
||||||
accs := make([]*wallet.Account, 2)
|
accs := make([]*wallet.Account, 3)
|
||||||
for i := range accs {
|
for i := range accs {
|
||||||
var err error
|
var err error
|
||||||
accs[i], err = wallet.NewAccount()
|
accs[i], err = wallet.NewAccount()
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
oracleAcc := accs[2]
|
||||||
|
oraclePubs := keys.PublicKeys{oracleAcc.PrivateKey().PublicKey()}
|
||||||
|
require.NoError(t, oracleAcc.ConvertMultisig(1, oraclePubs))
|
||||||
|
|
||||||
neoHash := bc.contracts.NEO.Hash
|
neoHash := bc.contracts.NEO.Hash
|
||||||
gasHash := bc.contracts.GAS.Hash
|
gasHash := bc.contracts.GAS.Hash
|
||||||
w := io.NewBufBinWriter()
|
w := io.NewBufBinWriter()
|
||||||
|
@ -229,7 +236,7 @@ func TestVerifyTx(t *testing.T) {
|
||||||
amount = 1_000_000_000
|
amount = 1_000_000_000
|
||||||
}
|
}
|
||||||
emit.AppCallWithOperationAndArgs(w.BinWriter, sc, "transfer",
|
emit.AppCallWithOperationAndArgs(w.BinWriter, sc, "transfer",
|
||||||
neoOwner, a.PrivateKey().GetScriptHash(), amount)
|
neoOwner, a.Contract.ScriptHash(), amount)
|
||||||
emit.Opcode(w.BinWriter, opcode.ASSERT)
|
emit.Opcode(w.BinWriter, opcode.ASSERT)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -376,6 +383,95 @@ func TestVerifyTx(t *testing.T) {
|
||||||
}}
|
}}
|
||||||
require.NoError(t, bc.VerifyTx(tx))
|
require.NoError(t, bc.VerifyTx(tx))
|
||||||
})
|
})
|
||||||
|
t.Run("Oracle", func(t *testing.T) {
|
||||||
|
orc := bc.contracts.Oracle
|
||||||
|
req := &native.OracleRequest{GasForResponse: 1000_0000}
|
||||||
|
require.NoError(t, orc.PutRequestInternal(1, req, bc.dao))
|
||||||
|
|
||||||
|
oracleScript, err := smartcontract.CreateMajorityMultiSigRedeemScript(oraclePubs)
|
||||||
|
require.NoError(t, err)
|
||||||
|
oracleHash := hash.Hash160(oracleScript)
|
||||||
|
|
||||||
|
// We need to create new transaction,
|
||||||
|
// because hashes are cached after signing.
|
||||||
|
getOracleTx := func(t *testing.T) *transaction.Transaction {
|
||||||
|
tx := bc.newTestTx(h, native.GetOracleResponseScript())
|
||||||
|
resp := &transaction.OracleResponse{
|
||||||
|
ID: 1,
|
||||||
|
Code: transaction.Success,
|
||||||
|
Result: []byte{1, 2, 3},
|
||||||
|
}
|
||||||
|
tx.Attributes = []transaction.Attribute{{
|
||||||
|
Type: transaction.OracleResponseT,
|
||||||
|
Value: resp,
|
||||||
|
}}
|
||||||
|
tx.NetworkFee += 4_000_000 // multisig check
|
||||||
|
tx.SystemFee = int64(req.GasForResponse - uint64(tx.NetworkFee))
|
||||||
|
tx.Signers = []transaction.Signer{{
|
||||||
|
Account: oracleHash,
|
||||||
|
Scopes: transaction.FeeOnly,
|
||||||
|
}}
|
||||||
|
size := io.GetVarSize(tx)
|
||||||
|
netFee, sizeDelta := CalculateNetworkFee(oracleScript)
|
||||||
|
tx.NetworkFee += netFee
|
||||||
|
tx.NetworkFee += int64(size+sizeDelta) * bc.FeePerByte()
|
||||||
|
return tx
|
||||||
|
}
|
||||||
|
|
||||||
|
t.Run("NoOracleNodes", func(t *testing.T) {
|
||||||
|
tx := getOracleTx(t)
|
||||||
|
require.NoError(t, oracleAcc.SignTx(tx))
|
||||||
|
checkErr(t, ErrInvalidAttribute, tx)
|
||||||
|
})
|
||||||
|
|
||||||
|
txSetOracle := transaction.New(netmode.UnitTestNet, []byte{}, 0)
|
||||||
|
setSigner(txSetOracle, testchain.CommitteeScriptHash())
|
||||||
|
txSetOracle.Scripts = []transaction.Witness{{
|
||||||
|
InvocationScript: testchain.SignCommittee(txSetOracle.GetSignedPart()),
|
||||||
|
VerificationScript: testchain.CommitteeVerificationScript(),
|
||||||
|
}}
|
||||||
|
ic := bc.newInteropContext(trigger.All, bc.dao, nil, txSetOracle)
|
||||||
|
require.NoError(t, bc.contracts.Oracle.SetOracleNodes(ic, oraclePubs))
|
||||||
|
bc.contracts.Oracle.OnPersistEnd(ic.DAO)
|
||||||
|
_, err = ic.DAO.Persist()
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
t.Run("Valid", func(t *testing.T) {
|
||||||
|
tx := getOracleTx(t)
|
||||||
|
require.NoError(t, oracleAcc.SignTx(tx))
|
||||||
|
require.NoError(t, bc.VerifyTx(tx))
|
||||||
|
})
|
||||||
|
t.Run("InvalidRequestID", func(t *testing.T) {
|
||||||
|
tx := getOracleTx(t)
|
||||||
|
tx.Attributes[0].Value.(*transaction.OracleResponse).ID = 2
|
||||||
|
require.NoError(t, oracleAcc.SignTx(tx))
|
||||||
|
checkErr(t, ErrInvalidAttribute, tx)
|
||||||
|
})
|
||||||
|
t.Run("InvalidScope", func(t *testing.T) {
|
||||||
|
tx := getOracleTx(t)
|
||||||
|
tx.Signers[0].Scopes = transaction.Global
|
||||||
|
require.NoError(t, oracleAcc.SignTx(tx))
|
||||||
|
checkErr(t, ErrInvalidAttribute, tx)
|
||||||
|
})
|
||||||
|
t.Run("InvalidScript", func(t *testing.T) {
|
||||||
|
tx := getOracleTx(t)
|
||||||
|
tx.Script[0] = ^tx.Script[0]
|
||||||
|
require.NoError(t, oracleAcc.SignTx(tx))
|
||||||
|
checkErr(t, ErrInvalidAttribute, tx)
|
||||||
|
})
|
||||||
|
t.Run("InvalidSigner", func(t *testing.T) {
|
||||||
|
tx := getOracleTx(t)
|
||||||
|
tx.Signers[0].Account = accs[0].Contract.ScriptHash()
|
||||||
|
require.NoError(t, accs[0].SignTx(tx))
|
||||||
|
checkErr(t, ErrInvalidAttribute, tx)
|
||||||
|
})
|
||||||
|
t.Run("SmallFee", func(t *testing.T) {
|
||||||
|
tx := getOracleTx(t)
|
||||||
|
tx.SystemFee = 0
|
||||||
|
require.NoError(t, oracleAcc.SignTx(tx))
|
||||||
|
checkErr(t, ErrInvalidAttribute, tx)
|
||||||
|
})
|
||||||
|
})
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -313,21 +313,26 @@ func (o *Oracle) RequestInternal(ic *interop.Context, url, filter, cb string, us
|
||||||
CallbackMethod: cb,
|
CallbackMethod: cb,
|
||||||
UserData: data,
|
UserData: data,
|
||||||
}
|
}
|
||||||
|
return o.PutRequestInternal(id, req, ic.DAO)
|
||||||
|
}
|
||||||
|
|
||||||
|
// PutRequestInternal puts oracle request with the specified id to d.
|
||||||
|
func (o *Oracle) PutRequestInternal(id uint64, req *OracleRequest, d dao.DAO) error {
|
||||||
reqItem := &state.StorageItem{Value: req.Bytes()}
|
reqItem := &state.StorageItem{Value: req.Bytes()}
|
||||||
reqKey := makeRequestKey(id)
|
reqKey := makeRequestKey(id)
|
||||||
if err = ic.DAO.PutStorageItem(o.ContractID, reqKey, reqItem); err != nil {
|
if err := d.PutStorageItem(o.ContractID, reqKey, reqItem); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
// Add request ID to the id list.
|
// Add request ID to the id list.
|
||||||
lst := new(IDList)
|
lst := new(IDList)
|
||||||
key := makeIDListKey(url)
|
key := makeIDListKey(req.URL)
|
||||||
if err := o.getSerializableFromDAO(ic.DAO, key, lst); err != nil && !errors.Is(err, storage.ErrKeyNotFound) {
|
if err := o.getSerializableFromDAO(d, key, lst); err != nil && !errors.Is(err, storage.ErrKeyNotFound) {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
*lst = append(*lst, id)
|
*lst = append(*lst, id)
|
||||||
si = &state.StorageItem{Value: lst.Bytes()}
|
si := &state.StorageItem{Value: lst.Bytes()}
|
||||||
return ic.DAO.PutStorageItem(o.ContractID, key, si)
|
return d.PutStorageItem(o.ContractID, key, si)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (o *Oracle) getOracleNodes(ic *interop.Context, _ []stackitem.Item) stackitem.Item {
|
func (o *Oracle) getOracleNodes(ic *interop.Context, _ []stackitem.Item) stackitem.Item {
|
||||||
|
|
Loading…
Reference in a new issue