forked from TrueCloudLab/neoneo-go
network: forbid Notary contract to be a sender of main transaction
This prevents the possible attack on notary request sender when malicious partie is allowed to send notary request with main transaction being someone else's fallback. Signed-off-by: Anna Shaleva <shaleva.ann@nspcc.ru>
This commit is contained in:
parent
e7a83cbef9
commit
966111f4a8
2 changed files with 14 additions and 1 deletions
|
@ -1201,6 +1201,9 @@ func (s *Server) verifyNotaryRequest(_ *transaction.Transaction, data any) error
|
||||||
if r.FallbackTransaction.Sender() != notaryHash {
|
if r.FallbackTransaction.Sender() != notaryHash {
|
||||||
return fmt.Errorf("P2PNotary contract should be a sender of the fallback transaction, got %s", address.Uint160ToString(r.FallbackTransaction.Sender()))
|
return fmt.Errorf("P2PNotary contract should be a sender of the fallback transaction, got %s", address.Uint160ToString(r.FallbackTransaction.Sender()))
|
||||||
}
|
}
|
||||||
|
if r.MainTransaction.Sender() == notaryHash {
|
||||||
|
return errors.New("P2PNotary contract is not allowed to be the sender of the main transaction")
|
||||||
|
}
|
||||||
depositExpiration := s.chain.GetNotaryDepositExpiration(payer)
|
depositExpiration := s.chain.GetNotaryDepositExpiration(payer)
|
||||||
if r.FallbackTransaction.ValidUntilBlock >= depositExpiration {
|
if r.FallbackTransaction.ValidUntilBlock >= depositExpiration {
|
||||||
return fmt.Errorf("fallback transaction is valid after deposit is unlocked: ValidUntilBlock is %d, deposit lock for %s expires at %d", r.FallbackTransaction.ValidUntilBlock, address.Uint160ToString(payer), depositExpiration)
|
return fmt.Errorf("fallback transaction is valid after deposit is unlocked: ValidUntilBlock is %d, deposit lock for %s expires at %d", r.FallbackTransaction.ValidUntilBlock, address.Uint160ToString(payer), depositExpiration)
|
||||||
|
|
|
@ -1036,7 +1036,10 @@ func TestVerifyNotaryRequest(t *testing.T) {
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
newNotaryRequest := func() *payload.P2PNotaryRequest {
|
newNotaryRequest := func() *payload.P2PNotaryRequest {
|
||||||
return &payload.P2PNotaryRequest{
|
return &payload.P2PNotaryRequest{
|
||||||
MainTransaction: &transaction.Transaction{Script: []byte{0, 1, 2}},
|
MainTransaction: &transaction.Transaction{
|
||||||
|
Script: []byte{0, 1, 2},
|
||||||
|
Signers: []transaction.Signer{{Account: random.Uint160()}},
|
||||||
|
},
|
||||||
FallbackTransaction: &transaction.Transaction{
|
FallbackTransaction: &transaction.Transaction{
|
||||||
ValidUntilBlock: 321,
|
ValidUntilBlock: 321,
|
||||||
Signers: []transaction.Signer{{Account: bc.NotaryContractScriptHash}, {Account: random.Uint160()}},
|
Signers: []transaction.Signer{{Account: bc.NotaryContractScriptHash}, {Account: random.Uint160()}},
|
||||||
|
@ -1057,6 +1060,13 @@ func TestVerifyNotaryRequest(t *testing.T) {
|
||||||
require.Error(t, s.verifyNotaryRequest(nil, r))
|
require.Error(t, s.verifyNotaryRequest(nil, r))
|
||||||
})
|
})
|
||||||
|
|
||||||
|
t.Run("bad main sender", func(t *testing.T) {
|
||||||
|
bc.VerifyWitnessF = func() (int64, error) { return 0, nil }
|
||||||
|
r := newNotaryRequest()
|
||||||
|
r.MainTransaction.Signers[0] = transaction.Signer{Account: bc.NotaryContractScriptHash}
|
||||||
|
require.Error(t, s.verifyNotaryRequest(nil, r))
|
||||||
|
})
|
||||||
|
|
||||||
t.Run("expired deposit", func(t *testing.T) {
|
t.Run("expired deposit", func(t *testing.T) {
|
||||||
r := newNotaryRequest()
|
r := newNotaryRequest()
|
||||||
bc.NotaryDepositExpiration = r.FallbackTransaction.ValidUntilBlock
|
bc.NotaryDepositExpiration = r.FallbackTransaction.ValidUntilBlock
|
||||||
|
|
Loading…
Reference in a new issue