-
Notifications
You must be signed in to change notification settings - Fork 22
/
simple_spam_policy.go
224 lines (190 loc) · 7.65 KB
/
simple_spam_policy.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
// Copyright (C) 2023 Gobalsky Labs Limited
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as
// published by the Free Software Foundation, either version 3 of the
// License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
package spam
import (
"encoding/hex"
"errors"
"sort"
"sync"
"code.vegaprotocol.io/vega/core/blockchain/abci"
"code.vegaprotocol.io/vega/core/types"
"code.vegaprotocol.io/vega/libs/num"
"code.vegaprotocol.io/vega/libs/proto"
"code.vegaprotocol.io/vega/logging"
protoapi "code.vegaprotocol.io/vega/protos/vega/api/v1"
)
// Simple spam policy supports encforcing of max allowed commands and min required tokens + banning of parties when their reject rate in the block
// exceeds x%.
type SimpleSpamPolicy struct {
log *logging.Logger
accounts StakingAccounts
policyName string
maxAllowedCommands uint64
minTokensRequired *num.Uint
minTokensParamName string
maxAllowedParamName string
partyToCount map[string]uint64 // commands that are already on blockchain
blockPartyToCount map[string]uint64 // commands in the current block
currentEpochSeq uint64 // current epoch sequence
lock sync.RWMutex // global lock to sync calls from multiple tendermint threads
insufficientTokensErr error
tooManyCommands error
}
// NewSimpleSpamPolicy instantiates the simple spam policy.
func NewSimpleSpamPolicy(policyName string, minTokensParamName string, maxAllowedParamName string, log *logging.Logger, accounts StakingAccounts) *SimpleSpamPolicy {
return &SimpleSpamPolicy{
log: log,
accounts: accounts,
policyName: policyName,
partyToCount: map[string]uint64{},
blockPartyToCount: map[string]uint64{},
lock: sync.RWMutex{},
minTokensParamName: minTokensParamName,
maxAllowedParamName: maxAllowedParamName,
minTokensRequired: num.UintZero(),
maxAllowedCommands: 1, // default is allow one per epoch
insufficientTokensErr: errors.New("party has insufficient associated governance tokens in their staking account to submit " + policyName + " request"),
tooManyCommands: errors.New("party has already submitted the maximum number of " + policyName + " requests per epoch"),
}
}
func (ssp *SimpleSpamPolicy) Serialise() ([]byte, error) {
partyToCount := []*types.PartyCount{}
for party, count := range ssp.partyToCount {
partyToCount = append(partyToCount, &types.PartyCount{
Party: party,
Count: count,
})
}
sort.SliceStable(partyToCount, func(i, j int) bool { return partyToCount[i].Party < partyToCount[j].Party })
payload := types.Payload{
Data: &types.PayloadSimpleSpamPolicy{
SimpleSpamPolicy: &types.SimpleSpamPolicy{
PolicyName: ssp.policyName,
PartyToCount: partyToCount,
CurrentEpochSeq: ssp.currentEpochSeq,
},
},
}
return proto.Marshal(payload.IntoProto())
}
func (ssp *SimpleSpamPolicy) Deserialise(p *types.Payload) error {
pl := p.Data.(*types.PayloadSimpleSpamPolicy).SimpleSpamPolicy
ssp.partyToCount = map[string]uint64{}
for _, ptc := range pl.PartyToCount {
ssp.partyToCount[ptc.Party] = ptc.Count
}
ssp.currentEpochSeq = pl.CurrentEpochSeq
return nil
}
// UpdateUintParam is called to update Uint net params for the policy
// Specifically the min tokens required for executing the command for which the policy is attached.
func (ssp *SimpleSpamPolicy) UpdateUintParam(name string, value *num.Uint) error {
if name == ssp.minTokensParamName {
ssp.minTokensRequired = value.Clone()
} else {
return errors.New("unknown parameter for simple spam policy")
}
return nil
}
// UpdateIntParam is called to update int net params for the policy
// Specifically the number of commands a party can submit in an epoch.
func (ssp *SimpleSpamPolicy) UpdateIntParam(name string, value int64) error {
if name == ssp.maxAllowedParamName {
ssp.maxAllowedCommands = uint64(value)
} else {
return errors.New("unknown parameter for simple spam policy")
}
return nil
}
// Reset is called when the epoch begins to reset policy state.
func (ssp *SimpleSpamPolicy) Reset(epoch types.Epoch) {
ssp.lock.Lock()
defer ssp.lock.Unlock()
ssp.currentEpochSeq = epoch.Seq
// reset counts
ssp.partyToCount = map[string]uint64{}
ssp.blockPartyToCount = map[string]uint64{}
}
func (ssp *SimpleSpamPolicy) UpdateTx(tx abci.Tx) {
ssp.lock.Lock()
defer ssp.lock.Unlock()
if _, ok := ssp.partyToCount[tx.Party()]; !ok {
ssp.partyToCount[tx.Party()] = 0
}
ssp.partyToCount[tx.Party()]++
}
// CheckBlockTx is called to verify a transaction from the block before passed to the application layer.
func (ssp *SimpleSpamPolicy) CheckBlockTx(tx abci.Tx) error {
party := tx.Party()
ssp.lock.Lock()
defer ssp.lock.Unlock()
// get number of commands preceding the block in this epoch
var epochCommands uint64
if count, ok := ssp.partyToCount[party]; ok {
epochCommands = count
}
// get number of votes so far in current block
var blockCommands uint64
if count, ok := ssp.blockPartyToCount[party]; ok {
blockCommands += count
}
// if too many votes in total - reject
if epochCommands+blockCommands >= ssp.maxAllowedCommands {
return ssp.tooManyCommands
}
// update block counters
if _, ok := ssp.blockPartyToCount[party]; !ok {
ssp.blockPartyToCount[party] = 0
}
ssp.blockPartyToCount[party]++
return nil
}
func (ssp *SimpleSpamPolicy) RollbackProposal() {
ssp.blockPartyToCount = map[string]uint64{}
}
// PreBlockAccept checks if the commands violates spam rules based on the information we had about the number of existing commands preceding the current block.
func (ssp *SimpleSpamPolicy) PreBlockAccept(tx abci.Tx) error {
party := tx.Party()
ssp.lock.RLock()
defer ssp.lock.RUnlock()
// check if the party has enough balance to submit commands
balance, err := ssp.accounts.GetAvailableBalance(party)
if !ssp.minTokensRequired.IsZero() && (err != nil || balance.LT(ssp.minTokensRequired)) {
if ssp.log.GetLevel() <= logging.DebugLevel {
ssp.log.Debug("Spam pre: party has insufficient balance for "+ssp.policyName, logging.String("txHash", hex.EncodeToString(tx.Hash())), logging.String("party", party), logging.String("balance", num.UintToString(balance)))
}
return ssp.insufficientTokensErr
}
// Check we have not exceeded our command limit for this given party in this epoch
if commandCount, ok := ssp.partyToCount[party]; ok && commandCount >= ssp.maxAllowedCommands {
if ssp.log.GetLevel() <= logging.DebugLevel {
ssp.log.Debug("Spam pre: party has already submitted the max amount of commands for "+ssp.policyName, logging.String("txHash", hex.EncodeToString(tx.Hash())), logging.String("party", party), logging.Uint64("count", commandCount), logging.Uint64("maxAllowed", ssp.maxAllowedCommands))
}
return ssp.tooManyCommands
}
return nil
}
func (ssp *SimpleSpamPolicy) GetSpamStats(party string) *protoapi.SpamStatistic {
ssp.lock.RLock()
defer ssp.lock.RUnlock()
return &protoapi.SpamStatistic{
CountForEpoch: ssp.partyToCount[party],
MaxForEpoch: ssp.maxAllowedCommands,
MinTokensRequired: ssp.minTokensRequired.String(),
}
}
func (ssp *SimpleSpamPolicy) GetVoteSpamStats(_ string) *protoapi.VoteSpamStatistics {
return nil
}