-
Notifications
You must be signed in to change notification settings - Fork 22
/
simple_spam_policy.go
297 lines (253 loc) · 10.5 KB
/
simple_spam_policy.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
// Copyright (c) 2022 Gobalsky Labs Limited
//
// Use of this software is governed by the Business Source License included
// in the LICENSE.VEGA file and at https://www.mariadb.com/bsl11.
//
// Change Date: 18 months from the later of the date of the first publicly
// available Distribution of this version of the repository, and 25 June 2022.
//
// On the date above, in accordance with the Business Source License, use
// of this software will be governed by version 3 or later of the GNU General
// Public License.
package spam
import (
"encoding/hex"
"errors"
"sort"
"sync"
"time"
protoapi "code.vegaprotocol.io/vega/protos/vega/api/v1"
"code.vegaprotocol.io/vega/core/blockchain/abci"
"code.vegaprotocol.io/vega/core/types"
"code.vegaprotocol.io/vega/libs/num"
"code.vegaprotocol.io/vega/libs/proto"
"code.vegaprotocol.io/vega/logging"
)
// Simple spam policy supports encforcing of max allowed commands and min required tokens + banning of parties when their reject rate in the block
// exceeds x%.
type SimpleSpamPolicy struct {
log *logging.Logger
accounts StakingAccounts
policyName string
maxAllowedCommands uint64
minTokensRequired *num.Uint
minTokensParamName string
maxAllowedParamName string
partyToCount map[string]uint64 // commands that are already on blockchain
blockPartyToCount map[string]uint64 // commands in the current block
bannedParties map[string]int64 // parties banned -> ban end time
partyBlockRejects map[string]*blockRejectInfo // total vs rejection in the current block
currentEpochSeq uint64 // current epoch sequence
lock sync.RWMutex // global lock to sync calls from multiple tendermint threads
banErr func(until time.Time) error
insufficientTokensErr error
tooManyCommands error
}
// NewSimpleSpamPolicy instantiates the simple spam policy.
func NewSimpleSpamPolicy(policyName string, minTokensParamName string, maxAllowedParamName string, log *logging.Logger, accounts StakingAccounts) *SimpleSpamPolicy {
return &SimpleSpamPolicy{
log: log,
accounts: accounts,
policyName: policyName,
partyToCount: map[string]uint64{},
blockPartyToCount: map[string]uint64{},
bannedParties: map[string]int64{},
partyBlockRejects: map[string]*blockRejectInfo{},
lock: sync.RWMutex{},
minTokensParamName: minTokensParamName,
maxAllowedParamName: maxAllowedParamName,
minTokensRequired: num.UintZero(),
maxAllowedCommands: 1, // default is allow one per epoch
banErr: func(until time.Time) error {
return errors.New("party is banned from submitting " + policyName + " until the earlier between " + until.String() + " and the beginning of the next epoch")
},
insufficientTokensErr: errors.New("party has insufficient associated governance tokens in their staking account to submit " + policyName + " request"),
tooManyCommands: errors.New("party has already submitted the maximum number of " + policyName + " requests per epoch"),
}
}
func (ssp *SimpleSpamPolicy) Serialise() ([]byte, error) {
partyToCount := []*types.PartyCount{}
for party, count := range ssp.partyToCount {
partyToCount = append(partyToCount, &types.PartyCount{
Party: party,
Count: count,
})
}
sort.SliceStable(partyToCount, func(i, j int) bool { return partyToCount[i].Party < partyToCount[j].Party })
bannedParties := make([]*types.BannedParty, 0, len(ssp.bannedParties))
for party, until := range ssp.bannedParties {
bannedParties = append(bannedParties, &types.BannedParty{
Party: party,
Until: until,
})
}
sort.SliceStable(bannedParties, func(i, j int) bool { return bannedParties[i].Party < bannedParties[j].Party })
payload := types.Payload{
Data: &types.PayloadSimpleSpamPolicy{
SimpleSpamPolicy: &types.SimpleSpamPolicy{
PolicyName: ssp.policyName,
PartyToCount: partyToCount,
BannedParty: bannedParties,
CurrentEpochSeq: ssp.currentEpochSeq,
},
},
}
return proto.Marshal(payload.IntoProto())
}
func (ssp *SimpleSpamPolicy) Deserialise(p *types.Payload) error {
pl := p.Data.(*types.PayloadSimpleSpamPolicy).SimpleSpamPolicy
ssp.partyToCount = map[string]uint64{}
for _, ptc := range pl.PartyToCount {
ssp.partyToCount[ptc.Party] = ptc.Count
}
ssp.bannedParties = make(map[string]int64, len(pl.BannedParty))
for _, bp := range pl.BannedParty {
ssp.bannedParties[bp.Party] = bp.Until
}
ssp.currentEpochSeq = pl.CurrentEpochSeq
return nil
}
// UpdateUintParam is called to update Uint net params for the policy
// Specifically the min tokens required for executing the command for which the policy is attached.
func (ssp *SimpleSpamPolicy) UpdateUintParam(name string, value *num.Uint) error {
if name == ssp.minTokensParamName {
ssp.minTokensRequired = value.Clone()
} else {
return errors.New("unknown parameter for simple spam policy")
}
return nil
}
// UpdateIntParam is called to update int net params for the policy
// Specifically the number of commands a party can submit in an epoch.
func (ssp *SimpleSpamPolicy) UpdateIntParam(name string, value int64) error {
if name == ssp.maxAllowedParamName {
ssp.maxAllowedCommands = uint64(value)
} else {
return errors.New("unknown parameter for simple spam policy")
}
return nil
}
// Reset is called when the epoch begins to reset policy state.
func (ssp *SimpleSpamPolicy) Reset(epoch types.Epoch) {
ssp.lock.Lock()
defer ssp.lock.Unlock()
ssp.currentEpochSeq = epoch.Seq
// reset counts
ssp.partyToCount = map[string]uint64{}
// clear banned on new epoch
ssp.bannedParties = map[string]int64{}
ssp.blockPartyToCount = map[string]uint64{}
ssp.partyBlockRejects = map[string]*blockRejectInfo{}
}
// EndOfBlock is called at the end of the processing of the block to carry over state and trigger bans if necessary.
func (ssp *SimpleSpamPolicy) EndOfBlock(blockHeight uint64, now time.Time, banDuration time.Duration) {
ssp.lock.Lock()
defer ssp.lock.Unlock()
// add the block's counters to the epoch's
for party, count := range ssp.blockPartyToCount {
if _, ok := ssp.partyToCount[party]; !ok {
ssp.partyToCount[party] = 0
}
ssp.partyToCount[party] += count
}
ssp.blockPartyToCount = map[string]uint64{}
// release bans
nowNano := now.UnixNano()
for k, v := range ssp.bannedParties {
if nowNano >= v {
delete(ssp.bannedParties, k)
}
}
endBanTime := now.Add(banDuration).UnixNano()
// ban parties with more than <banFactor> rejection rate in the block
for p, bStats := range ssp.partyBlockRejects {
if num.DecimalFromInt64(int64(bStats.rejected)).Div(num.DecimalFromInt64(int64(bStats.total))).GreaterThanOrEqual(banFactor) {
ssp.bannedParties[p] = endBanTime
}
}
ssp.partyBlockRejects = map[string]*blockRejectInfo{}
}
// PostBlockAccept is called to verify a transaction from the block before passed to the application layer.
func (ssp *SimpleSpamPolicy) PostBlockAccept(tx abci.Tx) (bool, error) {
party := tx.Party()
ssp.lock.Lock()
defer ssp.lock.Unlock()
// get number of commands preceding the block in this epoch
var epochCommands uint64
if count, ok := ssp.partyToCount[party]; ok {
epochCommands = count
}
// get number of votes so far in current block
var blockCommands uint64
if count, ok := ssp.blockPartyToCount[party]; ok {
blockCommands += count
}
// if too many votes in total - reject and update counters
if epochCommands+blockCommands >= ssp.maxAllowedCommands {
// update vote stats for the epoch
if partyRejectStats, ok := ssp.partyBlockRejects[party]; ok {
partyRejectStats.add(true)
} else {
ssp.partyBlockRejects[party] = &blockRejectInfo{total: 1, rejected: 1}
}
if ssp.log.GetLevel() <= logging.DebugLevel {
ssp.log.Debug("Spam post: party has already submitted the max amount of commands for "+ssp.policyName, logging.String("txHash", hex.EncodeToString(tx.Hash())), logging.String("party", party))
}
return false, ssp.tooManyCommands
}
// update block counters
if _, ok := ssp.blockPartyToCount[party]; !ok {
ssp.blockPartyToCount[party] = 0
}
ssp.blockPartyToCount[party]++
// update party and block stats
if partyRejectStats, ok := ssp.partyBlockRejects[party]; ok {
partyRejectStats.add(false)
} else {
ssp.partyBlockRejects[party] = &blockRejectInfo{total: 1, rejected: 0}
}
return true, nil
}
// PreBlockAccept checks if the commands violates spam rules based on the information we had about the number of existing commands preceding the current block.
func (ssp *SimpleSpamPolicy) PreBlockAccept(tx abci.Tx) (bool, error) {
party := tx.Party()
ssp.lock.RLock()
defer ssp.lock.RUnlock()
// check if the party is banned
until, ok := ssp.bannedParties[party]
if ok {
if ssp.log.GetLevel() <= logging.DebugLevel {
ssp.log.Debug("Spam pre: party is banned from "+ssp.policyName, logging.String("txHash", hex.EncodeToString(tx.Hash())), logging.String("party", party))
}
return false, ssp.banErr(time.Unix(0, until).UTC())
}
// check if the party has enough balance to submit commands
balance, err := ssp.accounts.GetAvailableBalance(party)
if !ssp.minTokensRequired.IsZero() && (err != nil || balance.LT(ssp.minTokensRequired)) {
if ssp.log.GetLevel() <= logging.DebugLevel {
ssp.log.Debug("Spam pre: party has insufficient balance for "+ssp.policyName, logging.String("txHash", hex.EncodeToString(tx.Hash())), logging.String("party", party), logging.String("balance", num.UintToString(balance)))
}
return false, ssp.insufficientTokensErr
}
// Check we have not exceeded our command limit for this given party in this epoch
if commandCount, ok := ssp.partyToCount[party]; ok && commandCount >= ssp.maxAllowedCommands {
if ssp.log.GetLevel() <= logging.DebugLevel {
ssp.log.Debug("Spam pre: party has already submitted the max amount of commands for "+ssp.policyName, logging.String("txHash", hex.EncodeToString(tx.Hash())), logging.String("party", party), logging.Uint64("count", commandCount), logging.Uint64("maxAllowed", ssp.maxAllowedCommands))
}
return false, ssp.tooManyCommands
}
return true, nil
}
func (ssp *SimpleSpamPolicy) GetSpamStats(party string) *protoapi.SpamStatistic {
ssp.lock.RLock()
defer ssp.lock.RUnlock()
return &protoapi.SpamStatistic{
CountForEpoch: ssp.partyToCount[party],
MaxForEpoch: ssp.maxAllowedCommands,
BannedUntil: parseBannedUntil(ssp.bannedParties[party]),
MinTokensRequired: ssp.minTokensRequired.String(),
}
}
func (ssp *SimpleSpamPolicy) GetVoteSpamStats(_ string) *protoapi.VoteSpamStatistics {
return nil
}