Merge pull request #357 from aergoio/topic/blacklist

add blacklist
aergoio · Jun 4, 2024 · 21555a7 · 21555a7
2 parents ddbbd8b + b8f67f7
commit 21555a7
Show file tree

Hide file tree

Showing 5 changed files with 108 additions and 9 deletions.
diff --git a/blacklist/blacklist.go b/blacklist/blacklist.go
@@ -0,0 +1,59 @@
+package blacklist
+
+import (
+	"github.com/aergoio/aergo/v2/types"
+	"github.com/aergoio/aergo/v2/internal/common"
+	"github.com/aergoio/aergo/v2/internal/enc/hex"
+)
+
+type Blacklist struct {
+	sourcelist []string        // account address (b58 encoded like Am...) or id (32 bytes in hex = 64 bytes)
+	blocked    map[string]bool // all above converted to account id (32 bytes)
+}
+
+var globalBlacklist *Blacklist
+
+// Initialize sets up the blacklist with the given addresses.
+// This function should be called only once at the start.
+func Initialize(addresses []string) {
+	conf := &Blacklist{}
+	conf.sourcelist = make([]string, len(addresses))
+	copy(conf.sourcelist, addresses)
+	conf.blocked = make(map[string]bool)
+	for _, v := range addresses {
+		key, err := toKey(v)
+		if err == nil {
+			conf.blocked[key] = true
+		} else {
+			// Handle invalid address, log or take other actions as needed
+		}
+	}
+	globalBlacklist = conf
+}
+
+func Check(address string) bool {
+	if globalBlacklist == nil {
+		return false
+	}
+	key, err := toKey(address)
+	if err != nil {
+		return false
+	}
+	return globalBlacklist.blocked[key]
+}
+
+func toKey(address string) (string, error) {
+	var key []byte
+	var err error
+	if len(address) == 64 {
+		key, err = hex.Decode(address)
+	} else {
+		var addr []byte
+		addr, err = types.DecodeAddress(address)
+		if err != nil {
+			return "", err
+		}
+		key = common.Hasher(addr)
+	}
+	return string(key), err
+}
diff --git a/config/config.go b/config/config.go
@@ -157,6 +157,8 @@ func (ctx *ServerContext) GetDefaultMempoolConfig() *MempoolConfig {
 		FadeoutPeriod:  types.DefaultEvictPeriod,
 		VerifierNumber: runtime.NumCPU(),
 		DumpFilePath:   ctx.ExpandPathEnv("$HOME/mempool.dump"),
+		BlockDeploy:    false,
+		Blacklist:      nil,
 	}
 }
 

diff --git a/config/types.go b/config/types.go
@@ -127,6 +127,8 @@ type MempoolConfig struct {
 	FadeoutPeriod  int    `mapstructure:"fadeoutperiod" description:"time period for evict transactions(in hour)"`
 	VerifierNumber int    `mapstructure:"verifiers" description:"number of concurrent verifier"`
 	DumpFilePath   string `mapstructure:"dumpfilepath" description:"file path for recording mempool at process termintation"`
+	BlockDeploy    bool   `mapstructure:"blockdeploy" description:"block the deployment of new contracts"`
+	Blacklist      []string `mapstructure:"blacklist" description:"List of account addresses or ids to be blocked"`
 }
 
 // ConsensusConfig defines configurations for consensus service
@@ -258,6 +260,10 @@ enablefadeout = {{.Mempool.EnableFadeout}}
 fadeoutperiod = {{.Mempool.FadeoutPeriod}}
 verifiers = {{.Mempool.VerifierNumber}}
 dumpfilepath = "{{.Mempool.DumpFilePath}}"
+blockdeploy = {{.Mempool.BlockDeploy}}
+blacklist = [{{range .Mempool.Blacklist}}
+"{{.}}", {{end}}
+]
 
 [consensus]
 enablebp = {{.Consensus.EnableBp}}

diff --git a/contract/vm.go b/contract/vm.go
@@ -44,6 +44,7 @@ import (
 	"github.com/aergoio/aergo/v2/state/statedb"
 	"github.com/aergoio/aergo/v2/types"
 	"github.com/aergoio/aergo/v2/types/dbkey"
+	"github.com/aergoio/aergo/v2/blacklist"
 	jsoniter "github.com/json-iterator/go"
 )
 
@@ -292,6 +293,16 @@ func newExecutor(
 	}
 	ctx.callDepth++
 
+	if blacklist.Check(types.EncodeAddress(contractId)) {
+		ce := &executor{
+			code: contract,
+			ctx:  ctx,
+		}
+		ce.err = fmt.Errorf("contract not available")
+		ctrLgr.Error().Err(ce.err).Str("contract", types.EncodeAddress(contractId)).Msg("blocked contract")
+		return ce
+	}
+
 	ce := &executor{
 		code: contract,
 		L:    GetLState(),
@@ -817,11 +828,13 @@ func Call(
 	ce := newExecutor(contract, contractAddress, ctx, &ci, ctx.curContract.amount, false, false, contractState)
 	defer ce.close()
 
-	startTime := time.Now()
-	// execute the contract call
-	ce.call(callMaxInstLimit, nil)
-	vmExecTime := time.Now().Sub(startTime).Microseconds()
-	vmLogger.Trace().Int64("execµs", vmExecTime).Stringer("txHash", types.LogBase58(ce.ctx.txHash)).Msg("tx execute time in vm")
+	if ce.err == nil {
+		startTime := time.Now()
+		// execute the contract call
+		ce.call(callMaxInstLimit, nil)
+		vmExecTime := time.Now().Sub(startTime).Microseconds()
+		vmLogger.Trace().Int64("execµs", vmExecTime).Stringer("txHash", types.LogBase58(ce.ctx.txHash)).Msg("tx execute time in vm")
+	}
 
 	// check if there is an error
 	err = ce.err
@@ -964,8 +977,10 @@ func Create(
 	ce := newExecutor(contract, contractAddress, ctx, &ci, ctx.curContract.amount, true, false, contractState)
 	defer ce.close()
 
-	// call the constructor
-	ce.call(callMaxInstLimit, nil)
+	if err == nil {
+		// call the constructor
+		ce.call(callMaxInstLimit, nil)
+	}
 
 	// check if the call failed
 	err = ce.err
@@ -1092,7 +1107,9 @@ func Query(contractAddress []byte, bs *state.BlockState, cdb ChainAccessor, cont
 		}
 	}()
 
-	ce.call(queryMaxInstLimit, nil)
+	if err == nil {
+		ce.call(queryMaxInstLimit, nil)
+	}
 
 	return []byte(ce.jsonRet), ce.err
 }
@@ -1166,7 +1183,9 @@ func CheckFeeDelegation(contractAddress []byte, bs *state.BlockState, bi *types.
 		}
 	}()
 
-	ce.call(queryMaxInstLimit, nil)
+	if err == nil {
+		ce.call(queryMaxInstLimit, nil)
+	}
 
 	if ce.err != nil {
 		return ce.err

diff --git a/mempool/mempool.go b/mempool/mempool.go
@@ -35,6 +35,7 @@ import (
 	"github.com/aergoio/aergo/v2/state/statedb"
 	"github.com/aergoio/aergo/v2/types"
 	"github.com/aergoio/aergo/v2/types/message"
+	"github.com/aergoio/aergo/v2/blacklist"
 )
 
 const (
@@ -74,6 +75,7 @@ type MemPool struct {
 	acceptChainIdHash []byte
 	isPublic          bool
 	whitelist         *whitelistConf
+	blockDeploy       bool
 	// followings are for test
 	testConfig bool
 	deadtx     int
@@ -102,13 +104,17 @@ func NewMemPoolService(cfg *cfg.Config, cs *chain.ChainService) *MemPool {
 		status:   initial,
 		verifier: nil,
 		quit:     make(chan bool),
+		blockDeploy: cfg.Mempool.BlockDeploy,
 	}
 	actor.BaseComponent = component.NewBaseComponent(message.MemPoolSvc, actor, log.NewLogger("mempool"))
 	if cfg.Mempool.EnableFadeout == false {
 		evictPeriod = 0
 	} else if cfg.Mempool.FadeoutPeriod > 0 {
 		evictPeriod = time.Duration(cfg.Mempool.FadeoutPeriod) * time.Hour
 	}
+	if cfg.Mempool.Blacklist != nil {
+		blacklist.Initialize(cfg.Mempool.Blacklist)
+	}
 	return actor
 }
 
@@ -607,13 +613,17 @@ func (mp *MemPool) nextBlockVersion() int32 {
 }
 
 // check tx sanity
+// check if sender is on blacklist
 // check if sender has enough balance
 // check if recipient is valid name
 // check tx account is lower than known value
 func (mp *MemPool) validateTx(tx types.Transaction, account types.Address) error {
 	if !mp.whitelist.Check(types.EncodeAddress(account)) {
 		return types.ErrTxNotAllowedAccount
 	}
+	if blacklist.Check(types.EncodeAddress(account)) {
+		return types.ErrTxNotAllowedAccount
+	}
 	ns, err := mp.getAccountState(account)
 	if err != nil {
 		return err
@@ -657,6 +667,9 @@ func (mp *MemPool) validateTx(tx types.Transaction, account types.Address) error
 		if tx.GetBody().GetRecipient() != nil {
 			return types.ErrTxInvalidRecipient
 		}
+		if mp.blockDeploy {
+			return types.ErrTxInvalidType
+		}
 	case types.TxType_GOVERNANCE:
 		id := tx.GetBody().GetRecipient()
 		aergoState, err := mp.getAccountState(id)