native: add Oracle.finish reentrancy test

2022-07-22 12:14:54 +03:00 · 2022-07-22 12:14:54 +03:00 · 8d170a1eb8
commit 8d170a1eb8
parent da2db74bc9
5 changed files with 31 additions and 2 deletions
--- a/internal/contracts/oracle_contract/oracle.go
+++ b/internal/contracts/oracle_contract/oracle.go
@ -1,8 +1,11 @@
 package oraclecontract

 import (
+	"github.com/nspcc-dev/neo-go/pkg/interop"
+	"github.com/nspcc-dev/neo-go/pkg/interop/contract"
 	"github.com/nspcc-dev/neo-go/pkg/interop/native/oracle"
 	"github.com/nspcc-dev/neo-go/pkg/interop/native/std"
+	"github.com/nspcc-dev/neo-go/pkg/interop/runtime"
 	"github.com/nspcc-dev/neo-go/pkg/interop/storage"
 	"github.com/nspcc-dev/neo-go/pkg/interop/util"
 )
@ -22,3 +25,18 @@ func Handle(url string, data interface{}, code int, res []byte) {
 	params := []interface{}{url, data, code, res}
 	storage.Put(storage.GetContext(), "lastOracleResponse", std.Serialize(params))
 }
+
+// HandleRecursive invokes oracle.finish again to test Oracle reentrance.
+func HandleRecursive(url string, data interface{}, code int, res []byte) {
+	// Regular safety check.
+	callingHash := runtime.GetCallingScriptHash()
+	if !callingHash.Equals(oracle.Hash) {
+		panic("not called from oracle contract")
+	}
+
+	runtime.Notify("Invocation")
+	if runtime.GetInvocationCounter() == 1 {
+		// We provide no wrapper for finish in interops, it's not usually needed.
+		contract.Call(interop.Hash160(oracle.Hash), "finish", contract.All)
+	}
+}
--- a/internal/contracts/oracle_contract/oracle.manifest.json
+++ b/internal/contracts/oracle_contract/oracle.manifest.json
@ -1 +1 @@
-{"name":"Oracle test","abi":{"methods":[{"name":"handle","offset":14,"parameters":[{"name":"url","type":"String"},{"name":"data","type":"Any"},{"name":"code","type":"Integer"},{"name":"res","type":"ByteArray"}],"returntype":"Void","safe":false},{"name":"requestURL","offset":0,"parameters":[{"name":"url","type":"String"},{"name":"filter","type":"ByteArray"},{"name":"callback","type":"String"},{"name":"userData","type":"Any"},{"name":"gasForResponse","type":"Integer"}],"returntype":"Void","safe":false}],"events":[]},"features":{},"groups":[],"permissions":[{"contract":"*","methods":["request"]}],"supportedstandards":[],"trusts":[],"extra":null}
+{"name":"Oracle test","abi":{"methods":[{"name":"handle","offset":14,"parameters":[{"name":"url","type":"String"},{"name":"data","type":"Any"},{"name":"code","type":"Integer"},{"name":"res","type":"ByteArray"}],"returntype":"Void","safe":false},{"name":"handleRecursive","offset":89,"parameters":[{"name":"url","type":"String"},{"name":"data","type":"Any"},{"name":"code","type":"Integer"},{"name":"res","type":"ByteArray"}],"returntype":"Void","safe":false},{"name":"requestURL","offset":0,"parameters":[{"name":"url","type":"String"},{"name":"filter","type":"ByteArray"},{"name":"callback","type":"String"},{"name":"userData","type":"Any"},{"name":"gasForResponse","type":"Integer"}],"returntype":"Void","safe":false}],"events":[{"name":"Invocation","parameters":null}]},"features":{},"groups":[],"permissions":[{"contract":"*","methods":["request","finish"]}],"supportedstandards":[],"trusts":[],"extra":null}
--- a/internal/contracts/oracle_contract/oracle.nef
+++ b/internal/contracts/oracle_contract/oracle.nef
--- a/internal/contracts/oracle_contract/oracle.yml
+++ b/internal/contracts/oracle_contract/oracle.yml
@ -2,5 +2,6 @@ name: "Oracle test"
 sourceurl: https://github.com/nspcc-dev/neo-go/
 supportedstandards: []
 events:
+  - name: Invocation
 permissions:
-  - methods: ["request"]
+  - methods: ["request", "finish"]
--- a/pkg/core/native/native_test/oracle_test.go
+++ b/pkg/core/native/native_test/oracle_test.go
@ -15,6 +15,7 @@ import (
 	"github.com/nspcc-dev/neo-go/pkg/core/transaction"
 	"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
 	"github.com/nspcc-dev/neo-go/pkg/neotest"
+	"github.com/nspcc-dev/neo-go/pkg/smartcontract/trigger"
 	"github.com/nspcc-dev/neo-go/pkg/vm/stackitem"
 	"github.com/stretchr/testify/require"
 )
@ -151,6 +152,15 @@ func TestOracle_Request(t *testing.T) {
 		require.Error(t, err)
 		require.True(t, strings.Contains(err.Error(), "oracle tx points to invalid request"))
 	})
+	t.Run("Reentrant", func(t *testing.T) {
+		putOracleRequest(t, helperValidatorInvoker, "url", nil, "handleRecursive", []byte{}, gasForResponse)
+		tx := prepareResponseTx(t, 2)
+		e.AddNewBlock(t, tx)
+		//		e.CheckFault(t, tx.Hash(), "")
+		aer, err := e.Chain.GetAppExecResults(tx.Hash(), trigger.Application)
+		require.NoError(t, err)
+		require.Equal(t, 2, len(aer[0].Events)) // OracleResponse + Invocation
+	})
 	t.Run("BadRequest", func(t *testing.T) {
 		t.Run("non-UTF8 url", func(t *testing.T) {
 			putOracleRequest(t, helperValidatorInvoker, "\xff", nil, "", []byte{1, 2}, gasForResponse, "invalid value: not UTF-8")