forked from TrueCloudLab/neoneo-go
core: implement oracle tx verification
This commit is contained in:
parent
f084acc339
commit
e91d13c615
3 changed files with 137 additions and 7 deletions
|
@ -1,6 +1,7 @@
|
|||
package core
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"errors"
|
||||
"fmt"
|
||||
"math/big"
|
||||
|
@ -1251,6 +1252,34 @@ func (bc *Blockchain) verifyTxAttributes(tx *transaction.Transaction) error {
|
|||
}
|
||||
}
|
||||
return fmt.Errorf("%w: high priority tx is not signed by committee", ErrInvalidAttribute)
|
||||
case transaction.OracleResponseT:
|
||||
h, err := bc.contracts.Oracle.GetScriptHash()
|
||||
if err != nil {
|
||||
return fmt.Errorf("%w: %v", ErrInvalidAttribute, err)
|
||||
}
|
||||
hasOracle := false
|
||||
for i := range tx.Signers {
|
||||
if tx.Signers[i].Scopes != transaction.FeeOnly {
|
||||
return fmt.Errorf("%w: oracle tx has invalid signer scope", ErrInvalidAttribute)
|
||||
}
|
||||
if tx.Signers[i].Account.Equals(h) {
|
||||
hasOracle = true
|
||||
}
|
||||
}
|
||||
if !hasOracle {
|
||||
return fmt.Errorf("%w: oracle tx is not signed by oracle nodes", ErrInvalidAttribute)
|
||||
}
|
||||
if !bytes.Equal(tx.Script, native.GetOracleResponseScript()) {
|
||||
return fmt.Errorf("%w: oracle tx has invalid script", ErrInvalidAttribute)
|
||||
}
|
||||
resp := tx.Attributes[i].Value.(*transaction.OracleResponse)
|
||||
req, err := bc.contracts.Oracle.GetRequestInternal(bc.dao, resp.ID)
|
||||
if err != nil {
|
||||
return fmt.Errorf("%w: oracle tx points to invalid request: %v", ErrInvalidAttribute, err)
|
||||
}
|
||||
if uint64(tx.NetworkFee+tx.SystemFee) < req.GasForResponse {
|
||||
return fmt.Errorf("%w: oracle tx has insufficient gas", ErrInvalidAttribute)
|
||||
}
|
||||
}
|
||||
}
|
||||
return nil
|
||||
|
|
|
@ -11,12 +11,15 @@ import (
|
|||
"github.com/nspcc-dev/neo-go/pkg/core/block"
|
||||
"github.com/nspcc-dev/neo-go/pkg/core/interop/interopnames"
|
||||
"github.com/nspcc-dev/neo-go/pkg/core/mempool"
|
||||
"github.com/nspcc-dev/neo-go/pkg/core/native"
|
||||
"github.com/nspcc-dev/neo-go/pkg/core/state"
|
||||
"github.com/nspcc-dev/neo-go/pkg/core/storage"
|
||||
"github.com/nspcc-dev/neo-go/pkg/core/transaction"
|
||||
"github.com/nspcc-dev/neo-go/pkg/crypto/hash"
|
||||
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
|
||||
"github.com/nspcc-dev/neo-go/pkg/internal/testchain"
|
||||
"github.com/nspcc-dev/neo-go/pkg/io"
|
||||
"github.com/nspcc-dev/neo-go/pkg/smartcontract"
|
||||
"github.com/nspcc-dev/neo-go/pkg/smartcontract/trigger"
|
||||
"github.com/nspcc-dev/neo-go/pkg/util"
|
||||
"github.com/nspcc-dev/neo-go/pkg/vm"
|
||||
|
@ -212,13 +215,17 @@ func TestVerifyTx(t *testing.T) {
|
|||
bc := newTestChain(t)
|
||||
defer bc.Close()
|
||||
|
||||
accs := make([]*wallet.Account, 2)
|
||||
accs := make([]*wallet.Account, 3)
|
||||
for i := range accs {
|
||||
var err error
|
||||
accs[i], err = wallet.NewAccount()
|
||||
require.NoError(t, err)
|
||||
}
|
||||
|
||||
oracleAcc := accs[2]
|
||||
oraclePubs := keys.PublicKeys{oracleAcc.PrivateKey().PublicKey()}
|
||||
require.NoError(t, oracleAcc.ConvertMultisig(1, oraclePubs))
|
||||
|
||||
neoHash := bc.contracts.NEO.Hash
|
||||
gasHash := bc.contracts.GAS.Hash
|
||||
w := io.NewBufBinWriter()
|
||||
|
@ -229,7 +236,7 @@ func TestVerifyTx(t *testing.T) {
|
|||
amount = 1_000_000_000
|
||||
}
|
||||
emit.AppCallWithOperationAndArgs(w.BinWriter, sc, "transfer",
|
||||
neoOwner, a.PrivateKey().GetScriptHash(), amount)
|
||||
neoOwner, a.Contract.ScriptHash(), amount)
|
||||
emit.Opcode(w.BinWriter, opcode.ASSERT)
|
||||
}
|
||||
}
|
||||
|
@ -376,6 +383,95 @@ func TestVerifyTx(t *testing.T) {
|
|||
}}
|
||||
require.NoError(t, bc.VerifyTx(tx))
|
||||
})
|
||||
t.Run("Oracle", func(t *testing.T) {
|
||||
orc := bc.contracts.Oracle
|
||||
req := &native.OracleRequest{GasForResponse: 1000_0000}
|
||||
require.NoError(t, orc.PutRequestInternal(1, req, bc.dao))
|
||||
|
||||
oracleScript, err := smartcontract.CreateMajorityMultiSigRedeemScript(oraclePubs)
|
||||
require.NoError(t, err)
|
||||
oracleHash := hash.Hash160(oracleScript)
|
||||
|
||||
// We need to create new transaction,
|
||||
// because hashes are cached after signing.
|
||||
getOracleTx := func(t *testing.T) *transaction.Transaction {
|
||||
tx := bc.newTestTx(h, native.GetOracleResponseScript())
|
||||
resp := &transaction.OracleResponse{
|
||||
ID: 1,
|
||||
Code: transaction.Success,
|
||||
Result: []byte{1, 2, 3},
|
||||
}
|
||||
tx.Attributes = []transaction.Attribute{{
|
||||
Type: transaction.OracleResponseT,
|
||||
Value: resp,
|
||||
}}
|
||||
tx.NetworkFee += 4_000_000 // multisig check
|
||||
tx.SystemFee = int64(req.GasForResponse - uint64(tx.NetworkFee))
|
||||
tx.Signers = []transaction.Signer{{
|
||||
Account: oracleHash,
|
||||
Scopes: transaction.FeeOnly,
|
||||
}}
|
||||
size := io.GetVarSize(tx)
|
||||
netFee, sizeDelta := CalculateNetworkFee(oracleScript)
|
||||
tx.NetworkFee += netFee
|
||||
tx.NetworkFee += int64(size+sizeDelta) * bc.FeePerByte()
|
||||
return tx
|
||||
}
|
||||
|
||||
t.Run("NoOracleNodes", func(t *testing.T) {
|
||||
tx := getOracleTx(t)
|
||||
require.NoError(t, oracleAcc.SignTx(tx))
|
||||
checkErr(t, ErrInvalidAttribute, tx)
|
||||
})
|
||||
|
||||
txSetOracle := transaction.New(netmode.UnitTestNet, []byte{}, 0)
|
||||
setSigner(txSetOracle, testchain.CommitteeScriptHash())
|
||||
txSetOracle.Scripts = []transaction.Witness{{
|
||||
InvocationScript: testchain.SignCommittee(txSetOracle.GetSignedPart()),
|
||||
VerificationScript: testchain.CommitteeVerificationScript(),
|
||||
}}
|
||||
ic := bc.newInteropContext(trigger.All, bc.dao, nil, txSetOracle)
|
||||
require.NoError(t, bc.contracts.Oracle.SetOracleNodes(ic, oraclePubs))
|
||||
bc.contracts.Oracle.OnPersistEnd(ic.DAO)
|
||||
_, err = ic.DAO.Persist()
|
||||
require.NoError(t, err)
|
||||
|
||||
t.Run("Valid", func(t *testing.T) {
|
||||
tx := getOracleTx(t)
|
||||
require.NoError(t, oracleAcc.SignTx(tx))
|
||||
require.NoError(t, bc.VerifyTx(tx))
|
||||
})
|
||||
t.Run("InvalidRequestID", func(t *testing.T) {
|
||||
tx := getOracleTx(t)
|
||||
tx.Attributes[0].Value.(*transaction.OracleResponse).ID = 2
|
||||
require.NoError(t, oracleAcc.SignTx(tx))
|
||||
checkErr(t, ErrInvalidAttribute, tx)
|
||||
})
|
||||
t.Run("InvalidScope", func(t *testing.T) {
|
||||
tx := getOracleTx(t)
|
||||
tx.Signers[0].Scopes = transaction.Global
|
||||
require.NoError(t, oracleAcc.SignTx(tx))
|
||||
checkErr(t, ErrInvalidAttribute, tx)
|
||||
})
|
||||
t.Run("InvalidScript", func(t *testing.T) {
|
||||
tx := getOracleTx(t)
|
||||
tx.Script[0] = ^tx.Script[0]
|
||||
require.NoError(t, oracleAcc.SignTx(tx))
|
||||
checkErr(t, ErrInvalidAttribute, tx)
|
||||
})
|
||||
t.Run("InvalidSigner", func(t *testing.T) {
|
||||
tx := getOracleTx(t)
|
||||
tx.Signers[0].Account = accs[0].Contract.ScriptHash()
|
||||
require.NoError(t, accs[0].SignTx(tx))
|
||||
checkErr(t, ErrInvalidAttribute, tx)
|
||||
})
|
||||
t.Run("SmallFee", func(t *testing.T) {
|
||||
tx := getOracleTx(t)
|
||||
tx.SystemFee = 0
|
||||
require.NoError(t, oracleAcc.SignTx(tx))
|
||||
checkErr(t, ErrInvalidAttribute, tx)
|
||||
})
|
||||
})
|
||||
})
|
||||
}
|
||||
|
||||
|
|
|
@ -313,21 +313,26 @@ func (o *Oracle) RequestInternal(ic *interop.Context, url, filter, cb string, us
|
|||
CallbackMethod: cb,
|
||||
UserData: data,
|
||||
}
|
||||
return o.PutRequestInternal(id, req, ic.DAO)
|
||||
}
|
||||
|
||||
// PutRequestInternal puts oracle request with the specified id to d.
|
||||
func (o *Oracle) PutRequestInternal(id uint64, req *OracleRequest, d dao.DAO) error {
|
||||
reqItem := &state.StorageItem{Value: req.Bytes()}
|
||||
reqKey := makeRequestKey(id)
|
||||
if err = ic.DAO.PutStorageItem(o.ContractID, reqKey, reqItem); err != nil {
|
||||
if err := d.PutStorageItem(o.ContractID, reqKey, reqItem); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Add request ID to the id list.
|
||||
lst := new(IDList)
|
||||
key := makeIDListKey(url)
|
||||
if err := o.getSerializableFromDAO(ic.DAO, key, lst); err != nil && !errors.Is(err, storage.ErrKeyNotFound) {
|
||||
key := makeIDListKey(req.URL)
|
||||
if err := o.getSerializableFromDAO(d, key, lst); err != nil && !errors.Is(err, storage.ErrKeyNotFound) {
|
||||
return err
|
||||
}
|
||||
*lst = append(*lst, id)
|
||||
si = &state.StorageItem{Value: lst.Bytes()}
|
||||
return ic.DAO.PutStorageItem(o.ContractID, key, si)
|
||||
si := &state.StorageItem{Value: lst.Bytes()}
|
||||
return d.PutStorageItem(o.ContractID, key, si)
|
||||
}
|
||||
|
||||
func (o *Oracle) getOracleNodes(ic *interop.Context, _ []stackitem.Item) stackitem.Item {
|
||||
|
|
Loading…
Reference in a new issue