server/eth: Implement ValidateContract.

[JoeGruffins]

server/eth: Implement ValidateContract.

Require the the Contract field of msgjson.Init be filled with the txdata
used to create the swap. Validate that txdata to be of the correct
format sending the expected types of arguments.

work towards #1154 depends on #1235

[buck54321]

I guess we'll still have to figure out when and how we confirm ownership of the account, but it won't be via coin like this anymore.

[JoeGruffins]

Yeah, this pr is only the last commit, so I'll rebase and remove that.

[buck54321]

I think this is the essential part of this PR after the changes re #1154 / #1243.

[martonp]

Why did you choose the contract to be the txdata? Now that we are doing batch initiations, the contract will represent multiple swaps.

[chappjc]

Why did you choose the contract to be the txdata? Now that we are doing batch initiations, the contract will represent multiple swaps.

I'd like to get on the same page here, so to provide context for discussion:

• server gets init message with a coinID []byte and a contract []byte
• performs basic validation of the coinID and contract. For the contract, using DCR as an example, this means decoding the script to ensure it's the right form of contract to perform a swap, not even checking the amounts, address, locktime, etc. For ETH, I believe we would just need to ensure that a known deployed swap contract is being used (one of the pre-validated contracts). There's only one in v0.

func (dcr *Backend) ValidateContract(contract []byte) error {
	_, _, _, _, err := dexdcr.ExtractSwapDetails(contract, chainParams)
	return err
}

• after basic validation, server starts searching for the transaction on the network to actually check the swap details because ValidateContract does not do much here, using the Contract(coinID, contract) method
• the result of finding it is the counterparty's address, lockTime, and amount of the particular swap (which keyed by secret hash, wherever we are encoding that with ETH now). For ETH, I'm not yet certain if this data should come out of the transaction call data, or wait until the contract account's state reflects the new init. In any case, if txData does have a role server-side (besides relaying that to the counter-party), it would come after Contract actually retrieves it. To me it looks like the ValidateContract with ETH should just check that the intended contract address is one of the ones known to the server i.e. a pre-validated contract.

[chappjc]

So, please bring me up to speed: what is the current coinID encoding and contract bytes in the init request? All that needs to be conveyed I think is: 1) the swap's unique secret hash, 2) the intended swap contract address, and 3) presumably the transaction and batch swap index to retrieve txData. Only (2) is used by ValidateContract, while all are used for Contract.
What is the current thinking about where all this data will be encoded?
The txData comes from the returned contract object from chain.Contract(params.CoinID, params.Contract), so it's definitely not going to be around for the preliminary ValidateContract call.

[buck54321]

@chappjc see also #1154 (comment)

I recommend that for Init we send only secret hash = contract and txid = coin ID. Don't need an index, since we have the secret hash, I think. I made a comment here too, but I don't think we need any special encoding for "coin ID" = txid.

With that scheme, the only thing ValidateContract needs to do for ETH is to check the length of the secret hash.

[chappjc]

In that comment, @buck54321:

2 I'm going to propose something different for contract address validation, but if we do want to validate the contract address, it'll need to be done earlier than this anyway, so let's not plan to send it here.

What do you mean by "earlier than this"? Init is the start of the swap, so the contract address that's targeted for the swap would need to come here. Do you intend to pick it out of the transaction data after retrieving it via the txid? If so, this would come in processInit from the Contract method. Which is fine.

Will have a look at #1307

With that scheme, the only thing ValidateContract needs to do for ETH is to check the length of the secret hash.

I agree that ValidateContract can and should do very little at this stage (before finding the tx on-chain).

[buck54321]

What do you mean by "earlier than this"? Init is the start of the swap, so the contract address that's targeted for the swap would need to come here.

We shouldn't even place an order on a server using an unsupported contract address. #1301 links the contract address to the dex.Asset.Version version.

[chappjc]

Yes, of course. But this is server-side validation. In some server checks (not ValidateContract), the contract address has to be checked. I think the right place to get that is from the tx data retrieved by the txid, but I want to understand your thinking on this.

Presumably the Contract method that tries to get all the swap data like counterparty address, swap amount, and locktime, will have to get that data from the transaction it gets via txid, but also validate the effect on the contract state at some point.

[buck54321]

Presumably the Contract method that tries to get all the swap data like counterparty address, swap amount, and locktime, will have to get that data from the transaction it gets via txid, but also validate the effect on the contract state at some point.

Right. And the contract address doesn't need be decoded from the txdata. It should be the to address of the transaction.

[chappjc]

Great, we are 100% on the same page now. The contract address is validated when Contract verifies the txn in fact interacts with the right contract (the to address as you point out).
I also agree that ValidateAddress can do no more than check the length of the secret hash. Checking a provided swap contract address is pointless because it can be a lie. Anything else has to come out of the located transaction and its call data on-network, or the effects of the transaction on the contract state.

[JoeGruffins]

Will be moved to dex/networks

[JoeGruffins]

The txData comes from the returned contract object from chain.Contract(params.CoinID, params.Contract), so it's definitely not going to be around for the preliminary ValidateContract call.

Whoops.

Now that we are doing batch initiations, the contract will represent multiple swaps.

Also whoops, but I guess we don't have that data yet anyway.

[martonp]

Looks good.