core, vm: remove allowed triggers from syscalls

Closes #1205.
This commit is contained in:
Anna Shaleva 2020-07-22 19:40:32 +03:00
parent d8a1c3de46
commit 8fde41001e
6 changed files with 25 additions and 82 deletions

View file

@ -59,8 +59,6 @@ type Function struct {
Name string Name string
Func func(*Context, *vm.VM) error Func func(*Context, *vm.VM) error
Price int64 Price int64
// AllowedTriggers is a set of triggers which are allowed to initiate invocation.
AllowedTriggers trigger.Type
// RequiredFlags is a set of flags which must be set during script invocations. // RequiredFlags is a set of flags which must be set during script invocations.
// Default value is NoneFlag i.e. no flags are required. // Default value is NoneFlag i.e. no flags are required.
RequiredFlags smartcontract.CallFlag RequiredFlags smartcontract.CallFlag

View file

@ -18,7 +18,6 @@ import (
"github.com/nspcc-dev/neo-go/pkg/core/interop/runtime" "github.com/nspcc-dev/neo-go/pkg/core/interop/runtime"
"github.com/nspcc-dev/neo-go/pkg/core/native" "github.com/nspcc-dev/neo-go/pkg/core/native"
"github.com/nspcc-dev/neo-go/pkg/smartcontract" "github.com/nspcc-dev/neo-go/pkg/smartcontract"
"github.com/nspcc-dev/neo-go/pkg/smartcontract/trigger"
"github.com/nspcc-dev/neo-go/pkg/vm" "github.com/nspcc-dev/neo-go/pkg/vm"
"github.com/nspcc-dev/neo-go/pkg/vm/emit" "github.com/nspcc-dev/neo-go/pkg/vm/emit"
) )
@ -74,31 +73,20 @@ var systemInterops = []interop.Function{
{Name: "System.Binary.Base64Encode", Func: runtimeEncode, Price: 100000}, {Name: "System.Binary.Base64Encode", Func: runtimeEncode, Price: 100000},
{Name: "System.Binary.Deserialize", Func: runtimeDeserialize, Price: 500000}, {Name: "System.Binary.Deserialize", Func: runtimeDeserialize, Price: 500000},
{Name: "System.Binary.Serialize", Func: runtimeSerialize, Price: 100000}, {Name: "System.Binary.Serialize", Func: runtimeSerialize, Price: 100000},
{Name: "System.Blockchain.GetBlock", Func: bcGetBlock, Price: 2500000, {Name: "System.Blockchain.GetBlock", Func: bcGetBlock, Price: 2500000, RequiredFlags: smartcontract.AllowStates},
AllowedTriggers: trigger.Application, RequiredFlags: smartcontract.AllowStates}, {Name: "System.Blockchain.GetContract", Func: bcGetContract, Price: 1000000, RequiredFlags: smartcontract.AllowStates},
{Name: "System.Blockchain.GetContract", Func: bcGetContract, Price: 1000000, {Name: "System.Blockchain.GetHeight", Func: bcGetHeight, Price: 400, RequiredFlags: smartcontract.AllowStates},
AllowedTriggers: trigger.Application, RequiredFlags: smartcontract.AllowStates}, {Name: "System.Blockchain.GetTransaction", Func: bcGetTransaction, Price: 1000000, RequiredFlags: smartcontract.AllowStates},
{Name: "System.Blockchain.GetHeight", Func: bcGetHeight, Price: 400, {Name: "System.Blockchain.GetTransactionFromBlock", Func: bcGetTransactionFromBlock, Price: 1000000, RequiredFlags: smartcontract.AllowStates},
AllowedTriggers: trigger.Application, RequiredFlags: smartcontract.AllowStates}, {Name: "System.Blockchain.GetTransactionHeight", Func: bcGetTransactionHeight, Price: 1000000, RequiredFlags: smartcontract.AllowStates},
{Name: "System.Blockchain.GetTransaction", Func: bcGetTransaction, Price: 1000000, {Name: "System.Contract.Call", Func: contractCall, Price: 1000000, RequiredFlags: smartcontract.AllowCall},
AllowedTriggers: trigger.Application, RequiredFlags: smartcontract.AllowStates}, {Name: "System.Contract.CallEx", Func: contractCallEx, Price: 1000000, RequiredFlags: smartcontract.AllowCall},
{Name: "System.Blockchain.GetTransactionFromBlock", Func: bcGetTransactionFromBlock, Price: 1000000, {Name: "System.Contract.Create", Func: contractCreate, Price: 0, RequiredFlags: smartcontract.AllowModifyStates},
AllowedTriggers: trigger.Application, RequiredFlags: smartcontract.AllowStates},
{Name: "System.Blockchain.GetTransactionHeight", Func: bcGetTransactionHeight, Price: 1000000,
AllowedTriggers: trigger.Application, RequiredFlags: smartcontract.AllowStates},
{Name: "System.Contract.Call", Func: contractCall, Price: 1000000,
AllowedTriggers: trigger.System | trigger.Application, RequiredFlags: smartcontract.AllowCall},
{Name: "System.Contract.CallEx", Func: contractCallEx, Price: 1000000,
AllowedTriggers: trigger.System | trigger.Application, RequiredFlags: smartcontract.AllowCall},
{Name: "System.Contract.Create", Func: contractCreate, Price: 0,
AllowedTriggers: trigger.Application, RequiredFlags: smartcontract.AllowModifyStates},
{Name: "System.Contract.CreateStandardAccount", Func: contractCreateStandardAccount, Price: 10000}, {Name: "System.Contract.CreateStandardAccount", Func: contractCreateStandardAccount, Price: 10000},
{Name: "System.Contract.Destroy", Func: contractDestroy, Price: 1000000, {Name: "System.Contract.Destroy", Func: contractDestroy, Price: 1000000, RequiredFlags: smartcontract.AllowModifyStates},
AllowedTriggers: trigger.Application, RequiredFlags: smartcontract.AllowModifyStates},
{Name: "System.Contract.IsStandard", Func: contractIsStandard, Price: 30000}, {Name: "System.Contract.IsStandard", Func: contractIsStandard, Price: 30000},
{Name: "System.Contract.GetCallFlags", Func: contractGetCallFlags, Price: 30000}, {Name: "System.Contract.GetCallFlags", Func: contractGetCallFlags, Price: 30000},
{Name: "System.Contract.Update", Func: contractUpdate, Price: 0, {Name: "System.Contract.Update", Func: contractUpdate, Price: 0, RequiredFlags: smartcontract.AllowModifyStates},
AllowedTriggers: trigger.Application, RequiredFlags: smartcontract.AllowModifyStates},
{Name: "System.Enumerator.Concat", Func: enumerator.Concat, Price: 400}, {Name: "System.Enumerator.Concat", Func: enumerator.Concat, Price: 400},
{Name: "System.Enumerator.Create", Func: enumerator.Create, Price: 400}, {Name: "System.Enumerator.Create", Func: enumerator.Create, Price: 400},
{Name: "System.Enumerator.Next", Func: enumerator.Next, Price: 1000000}, {Name: "System.Enumerator.Next", Func: enumerator.Next, Price: 1000000},
@ -119,28 +107,19 @@ var systemInterops = []interop.Function{
{Name: "System.Runtime.GetInvocationCounter", Func: runtime.GetInvocationCounter, Price: 400}, {Name: "System.Runtime.GetInvocationCounter", Func: runtime.GetInvocationCounter, Price: 400},
{Name: "System.Runtime.GetNotifications", Func: runtime.GetNotifications, Price: 10000}, {Name: "System.Runtime.GetNotifications", Func: runtime.GetNotifications, Price: 10000},
{Name: "System.Runtime.GetScriptContainer", Func: engineGetScriptContainer, Price: 250}, {Name: "System.Runtime.GetScriptContainer", Func: engineGetScriptContainer, Price: 250},
{Name: "System.Runtime.GetTime", Func: runtimeGetTime, Price: 250, {Name: "System.Runtime.GetTime", Func: runtimeGetTime, Price: 250, RequiredFlags: smartcontract.AllowStates},
AllowedTriggers: trigger.Application, RequiredFlags: smartcontract.AllowStates},
{Name: "System.Runtime.GetTrigger", Func: runtimeGetTrigger, Price: 250}, {Name: "System.Runtime.GetTrigger", Func: runtimeGetTrigger, Price: 250},
{Name: "System.Runtime.Log", Func: runtimeLog, Price: 1000000, RequiredFlags: smartcontract.AllowNotify}, {Name: "System.Runtime.Log", Func: runtimeLog, Price: 1000000, RequiredFlags: smartcontract.AllowNotify},
{Name: "System.Runtime.Notify", Func: runtimeNotify, Price: 1000000, RequiredFlags: smartcontract.AllowNotify}, {Name: "System.Runtime.Notify", Func: runtimeNotify, Price: 1000000, RequiredFlags: smartcontract.AllowNotify},
{Name: "System.Runtime.Platform", Func: runtimePlatform, Price: 250}, {Name: "System.Runtime.Platform", Func: runtimePlatform, Price: 250},
{Name: "System.Storage.Delete", Func: storageDelete, Price: StoragePrice, {Name: "System.Storage.Delete", Func: storageDelete, Price: StoragePrice, RequiredFlags: smartcontract.AllowModifyStates},
AllowedTriggers: trigger.Application, RequiredFlags: smartcontract.AllowModifyStates}, {Name: "System.Storage.Find", Func: storageFind, Price: 1000000, RequiredFlags: smartcontract.AllowStates},
{Name: "System.Storage.Find", Func: storageFind, Price: 1000000, {Name: "System.Storage.Get", Func: storageGet, Price: 1000000, RequiredFlags: smartcontract.AllowStates},
AllowedTriggers: trigger.Application, RequiredFlags: smartcontract.AllowStates}, {Name: "System.Storage.GetContext", Func: storageGetContext, Price: 400, RequiredFlags: smartcontract.AllowStates},
{Name: "System.Storage.Get", Func: storageGet, Price: 1000000, {Name: "System.Storage.GetReadOnlyContext", Func: storageGetReadOnlyContext, Price: 400, RequiredFlags: smartcontract.AllowStates},
AllowedTriggers: trigger.Application, RequiredFlags: smartcontract.AllowStates}, {Name: "System.Storage.Put", Func: storagePut, Price: 0, RequiredFlags: smartcontract.AllowModifyStates}, // These don't have static price in C# code.
{Name: "System.Storage.GetContext", Func: storageGetContext, Price: 400, {Name: "System.Storage.PutEx", Func: storagePutEx, Price: 0, RequiredFlags: smartcontract.AllowModifyStates},
AllowedTriggers: trigger.Application, RequiredFlags: smartcontract.AllowStates}, {Name: "System.Storage.AsReadOnly", Func: storageContextAsReadOnly, Price: 400, RequiredFlags: smartcontract.AllowStates},
{Name: "System.Storage.GetReadOnlyContext", Func: storageGetReadOnlyContext, Price: 400,
AllowedTriggers: trigger.Application, RequiredFlags: smartcontract.AllowStates},
{Name: "System.Storage.Put", Func: storagePut, Price: 0,
AllowedTriggers: trigger.Application, RequiredFlags: smartcontract.AllowModifyStates}, // These don't have static price in C# code.
{Name: "System.Storage.PutEx", Func: storagePutEx, Price: 0,
AllowedTriggers: trigger.Application, RequiredFlags: smartcontract.AllowModifyStates},
{Name: "System.Storage.AsReadOnly", Func: storageContextAsReadOnly, Price: 400,
AllowedTriggers: trigger.Application, RequiredFlags: smartcontract.AllowStates},
} }
var neoInterops = []interop.Function{ var neoInterops = []interop.Function{
@ -150,8 +129,7 @@ var neoInterops = []interop.Function{
{Name: "Neo.Crypto.CheckMultisigWithECDsaSecp256k1", Func: crypto.ECDSASecp256k1CheckMultisig, Price: 0}, {Name: "Neo.Crypto.CheckMultisigWithECDsaSecp256k1", Func: crypto.ECDSASecp256k1CheckMultisig, Price: 0},
{Name: "Neo.Crypto.SHA256", Func: crypto.Sha256, Price: 1000000}, {Name: "Neo.Crypto.SHA256", Func: crypto.Sha256, Price: 1000000},
{Name: "Neo.Crypto.RIPEMD160", Func: crypto.RipeMD160, Price: 1000000}, {Name: "Neo.Crypto.RIPEMD160", Func: crypto.RipeMD160, Price: 1000000},
{Name: "Neo.Native.Deploy", Func: native.Deploy, Price: 0, {Name: "Neo.Native.Deploy", Func: native.Deploy, Price: 0, RequiredFlags: smartcontract.AllowModifyStates},
AllowedTriggers: trigger.Application, RequiredFlags: smartcontract.AllowModifyStates},
} }
// initIDinInteropsSlice initializes IDs from names in one given // initIDinInteropsSlice initializes IDs from names in one given

View file

@ -6,7 +6,6 @@ import (
"sort" "sort"
"github.com/nspcc-dev/neo-go/pkg/smartcontract" "github.com/nspcc-dev/neo-go/pkg/smartcontract"
"github.com/nspcc-dev/neo-go/pkg/smartcontract/trigger"
"github.com/nspcc-dev/neo-go/pkg/vm/emit" "github.com/nspcc-dev/neo-go/pkg/vm/emit"
"github.com/nspcc-dev/neo-go/pkg/vm/stackitem" "github.com/nspcc-dev/neo-go/pkg/vm/stackitem"
) )
@ -16,12 +15,9 @@ type InteropFunc func(vm *VM) error
// InteropFuncPrice represents an interop function with a price. // InteropFuncPrice represents an interop function with a price.
type InteropFuncPrice struct { type InteropFuncPrice struct {
Func InteropFunc Func InteropFunc
Price int64 Price int64
// AllowedTriggers is a mask representing triggers which should be allowed by an interop. RequiredFlags smartcontract.CallFlag
// 0 is interpreted as All.
AllowedTriggers trigger.Type
RequiredFlags smartcontract.CallFlag
} }
// interopIDFuncPrice adds an ID to the InteropFuncPrice. // interopIDFuncPrice adds an ID to the InteropFuncPrice.

View file

@ -18,7 +18,6 @@ import (
"github.com/nspcc-dev/neo-go/pkg/encoding/bigint" "github.com/nspcc-dev/neo-go/pkg/encoding/bigint"
"github.com/nspcc-dev/neo-go/pkg/smartcontract" "github.com/nspcc-dev/neo-go/pkg/smartcontract"
"github.com/nspcc-dev/neo-go/pkg/smartcontract/trigger"
"github.com/nspcc-dev/neo-go/pkg/vm/opcode" "github.com/nspcc-dev/neo-go/pkg/vm/opcode"
"github.com/nspcc-dev/neo-go/pkg/vm/stackitem" "github.com/nspcc-dev/neo-go/pkg/vm/stackitem"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
@ -127,8 +126,7 @@ func getTestingInterop(id uint32) *InteropFuncPrice {
} }
case binary.LittleEndian.Uint32([]byte{0x55, 0x55, 0x55, 0x55}): case binary.LittleEndian.Uint32([]byte{0x55, 0x55, 0x55, 0x55}):
return &InteropFuncPrice{ return &InteropFuncPrice{
Func: f, Func: f,
AllowedTriggers: trigger.Application,
} }
} }
return nil return nil

View file

@ -1253,9 +1253,6 @@ func (v *VM) execute(ctx *Context, op opcode.Opcode, parameter []byte) (err erro
case opcode.SYSCALL: case opcode.SYSCALL:
interopID := GetInteropID(parameter) interopID := GetInteropID(parameter)
ifunc := v.GetInteropByID(interopID) ifunc := v.GetInteropByID(interopID)
if ifunc.AllowedTriggers != 0 && ifunc.AllowedTriggers&v.trigger == 0 {
panic(fmt.Sprintf("trigger not allowed: %s", v.trigger))
}
if !v.Context().callFlag.Has(ifunc.RequiredFlags) { if !v.Context().callFlag.Has(ifunc.RequiredFlags) {
panic(fmt.Sprintf("missing call flags: %05b vs %05b", v.Context().callFlag, ifunc.RequiredFlags)) panic(fmt.Sprintf("missing call flags: %05b vs %05b", v.Context().callFlag, ifunc.RequiredFlags))
} }

View file

@ -14,7 +14,6 @@ import (
"github.com/nspcc-dev/neo-go/pkg/internal/random" "github.com/nspcc-dev/neo-go/pkg/internal/random"
"github.com/nspcc-dev/neo-go/pkg/io" "github.com/nspcc-dev/neo-go/pkg/io"
"github.com/nspcc-dev/neo-go/pkg/smartcontract" "github.com/nspcc-dev/neo-go/pkg/smartcontract"
"github.com/nspcc-dev/neo-go/pkg/smartcontract/trigger"
"github.com/nspcc-dev/neo-go/pkg/vm/emit" "github.com/nspcc-dev/neo-go/pkg/vm/emit"
"github.com/nspcc-dev/neo-go/pkg/vm/opcode" "github.com/nspcc-dev/neo-go/pkg/vm/opcode"
"github.com/nspcc-dev/neo-go/pkg/vm/stackitem" "github.com/nspcc-dev/neo-go/pkg/vm/stackitem"
@ -841,29 +840,6 @@ func TestCallFlags(t *testing.T) {
t.Run("AllFlagsProvided", getTestCallFlagsFunc(readOnly, smartcontract.ReadOnly, new(int))) t.Run("AllFlagsProvided", getTestCallFlagsFunc(readOnly, smartcontract.ReadOnly, new(int)))
} }
func getTestTriggerFunc(syscall []byte, tr trigger.Type, result interface{}) func(t *testing.T) {
return func(t *testing.T) {
script := append([]byte{byte(opcode.SYSCALL)}, syscall...)
v := NewWithTrigger(tr)
v.RegisterInteropGetter(getTestingInterop)
v.LoadScript(script)
if result == nil {
checkVMFailed(t, v)
return
}
runVM(t, v)
require.Equal(t, result, v.PopResult())
}
}
func TestAllowedTriggers(t *testing.T) {
noFlags := []byte{0x77, 0x77, 0x77, 0x77}
appOnly := []byte{0x55, 0x55, 0x55, 0x55}
t.Run("Application/NeedNothing", getTestTriggerFunc(noFlags, trigger.Application, new(int)))
t.Run("Application/NeedApplication", getTestTriggerFunc(appOnly, trigger.Application, new(int)))
t.Run("System/NeedApplication", getTestTriggerFunc(appOnly, trigger.System, nil))
}
func callNTimes(n uint16) []byte { func callNTimes(n uint16) []byte {
return makeProgram( return makeProgram(
opcode.PUSHINT16, opcode.Opcode(n), opcode.Opcode(n>>8), // little-endian opcode.PUSHINT16, opcode.Opcode(n), opcode.Opcode(n>>8), // little-endian