Problem (Fix #1313): light client doesn't verify the fetched staking state #1511
Conversation
yihuang
requested review from
calvinaco,
devashishdxt and
tomtau
as code owners
There was a problem hiding this comment.
Tx construction in network-ops doesn't verify staking state for now, because the unit tests are hard to mock the env.
Need to sync wallet before fetching the new staking state now.
maybe the verification option could be added as extra argument -- in local setting, one could disable it if one knows it's querying against the user's own full node; in mocked unit tests it could also be disabled?
| address: &StakedStateAddress, | ||
| verify: bool, | ||
| ) -> Result<StakedState> { | ||
| let mstaking = if verify { |
There was a problem hiding this comment.
instead of mstaking,
how about full word variable name ?
There was a problem hiding this comment.
I believe the name style of mxxx is adopted from Haskell, because I've seen this style in our code base several times before, so I keep on using it. Basically in these cases mxxx means Option<xxx> or Result<xxx>.
| ) -> Result<StakedState> { | ||
| let mstaking = if verify { | ||
| let sync_state = self.wallet_client.get_sync_state(name)?; | ||
| let rsp = self.client.query( |
There was a problem hiding this comment.
full name with "response"
There was a problem hiding this comment.
Personally, I think well-known shortcuts should be ok to keep the code short, actually easier to read.
| format!("Cannot deserialize staked state for address: {}", address) | ||
| })?; | ||
|
|
||
| let mut proof_bytes = rsp.proof.as_ref().unwrap().ops[0].data.as_slice(); |
There was a problem hiding this comment.
expect and
assert!(ops.len()>0)?
There was a problem hiding this comment.
Changed to return proper error for invalid response.
Added a |
yihuang
force-pushed
the
issue1313
branch
2 times, most recently
from
69ec821
to
a038294
Compare
yihuang
force-pushed
the
issue1313
branch
3 times, most recently
from
3810b92
to
c8eb7e8
Compare
Codecov Report
@@ Coverage Diff @@
## master #1511 +/- ##
==========================================
- Coverage 65.78% 65.66% -0.12%
==========================================
Files 161 161
Lines 21818 21892 +74
==========================================
+ Hits 14353 14376 +23
- Misses 7465 7516 +51
|
|
bors r+ |
1511: Problem (Fix #1313): light client doesn't verify the fetched staking state r=tomtau a=yihuang Solution: - Add staking_root in sync state - Remove the "account" path in favor of the new "staking" path - Client staking state command add wallet name parameter, and verify staking state and proof against the trusted staking_root in sync state - Need to sync wallet before fetching the new staking state now. (you can still get any staking state without verification by request abci_query API directly) 1516: Problem (Fix #1515): unbond tx don't subtract fee from bonded r=tomtau a=yihuang Solution: - Fix the bug and add unit test Co-authored-by: yihuang <huang@crypto.com>
|
Build failed (retrying...): |
1511: Problem (Fix #1313): light client doesn't verify the fetched staking state r=tomtau a=yihuang Solution: - Add staking_root in sync state - Remove the "account" path in favor of the new "staking" path - Client staking state command add wallet name parameter, and verify staking state and proof against the trusted staking_root in sync state - Need to sync wallet before fetching the new staking state now. (you can still get any staking state without verification by request abci_query API directly) Co-authored-by: yihuang <huang@crypto.com>
|
bors r- |
|
Canceled. |
|
multi-node integration test fails with
|
This is actually a separate issue, solved in #1524. |
yihuang
force-pushed
the
issue1313
branch
2 times, most recently
from
a70190c
to
6322057
Compare
chain-abci/src/app/query.rs
Outdated
| "account" => { | ||
| let account_address = StakedStateAddress::try_from(_req.data.as_slice()); | ||
| if let (Some(state), Ok(address)) = (&self.last_state, account_address) { | ||
| let (account, _proof) = | ||
| get_with_proof(&self.storage, state.staking_version, &address); | ||
| match account { | ||
| Some(a) => { | ||
| resp.value = a.encode(); | ||
| // TODO: inclusion proof | ||
| } | ||
| None => { | ||
| resp.log += "account lookup failed: account not exists"; | ||
| resp.code = 1; | ||
| } | ||
| } | ||
| } else { | ||
| resp.log += "account lookup failed (either invalid address or node not correctly restored / initialized)"; | ||
| resp.code = 3; | ||
| } | ||
| } |
There was a problem hiding this comment.
is there a need to do a breaking change? the original default behaviour should identical to "staking" path without any parameters? it could possibly be a non-breaking change with "staking" | "account" => {... pattern match... it could log some deprecation warning for "account" path that it'd be removed in the future
Do you mean keep the account path and staking path at the same time? |
yes, for the time being |
…d staking state Solution: - Add staking_root in sync state - Remove the "account" path in favor of the new "staking" path - Client staking state command add wallet name parameter, and verify staking state and proof against the trusted staking_root in sync state - Need to sync wallet before fetching the new staking state now.
Ok, done. |
|
bors r+ |
|
Build succeeded: |
Solution:
and verify staking state and proof against the trusted staking_root in sync state