add reverting_tx_check

Author: wlawt

crates/ingress-rpc/src/service.rs

@@ -173,11 +173,13 @@ where
         }
 
         let mut total_gas = 0u64;
+        let mut tx_hashes = Vec::new();
         for tx_data in &bundle.txs {
             let transaction = self.validate_tx(tx_data).await?;
             total_gas = total_gas.saturating_add(transaction.gas_limit());
+            tx_hashes.push(transaction.tx_hash());
         }
 
-        validate_bundle(bundle, total_gas)
+        validate_bundle(bundle, total_gas, tx_hashes)
     }
 }

crates/ingress-rpc/src/validation.rs

@@ -169,7 +169,12 @@ pub async fn validate_tx<T: Transaction>(
 /// - Partial transaction dropping is not supported, `dropping_tx_hashes` must be empty
 /// - extra_fields must be empty
 /// - refunds are not initially supported (refund_percent, refund_recipient, refund_tx_hashes must be empty)
-pub fn validate_bundle(bundle: &EthSendBundle, bundle_gas: u64) -> RpcResult<()> {
+/// - revert protection is not supported, all transaction hashes must be in `reverting_tx_hashes`
+pub fn validate_bundle(
+    bundle: &EthSendBundle,
+    bundle_gas: u64,
+    tx_hashes: Vec<B256>,
+) -> RpcResult<()> {
     // Don't allow bundles to be submitted over 1 hour into the future
     // TODO: make the window configurable
     let valid_timestamp_window = SystemTime::now()
@@ -225,6 +230,16 @@ pub fn validate_bundle(bundle: &EthSendBundle, bundle_gas: u64) -> RpcResult<()>
         );
     }
 
+    // revert protection: all transaction hashes must be in `reverting_tx_hashes`
+    for tx_hash in &tx_hashes {
+        if !bundle.reverting_tx_hashes.contains(tx_hash) {
+            return Err(EthApiError::InvalidParams(
+                "Transaction hash not found in reverting_tx_hashes".into(),
+            )
+            .into_rpc_err());
+        }
+    }
+
     Ok(())
 }
 
@@ -541,7 +556,7 @@ mod tests {
             ..Default::default()
         };
         assert_eq!(
-            validate_bundle(&bundle, 0),
+            validate_bundle(&bundle, 0, vec![]),
             Err(EthApiError::InvalidParams(
                 "Bundle cannot be more than 1 hour in the future".into()
             )
@@ -553,6 +568,7 @@ mod tests {
     async fn test_err_bundle_max_gas_limit_too_high() {
         let signer = PrivateKeySigner::random();
         let mut encoded_txs = vec![];
+        let mut tx_hashes = vec![];
 
         // Create transactions that collectively exceed MAX_BUNDLE_GAS (25M)
         // Each transaction uses 4M gas, so 8 transactions = 32M gas > 25M limit
@@ -574,6 +590,8 @@ mod tests {
 
             let signature = signer.sign_transaction_sync(&mut tx).unwrap();
             let envelope = OpTxEnvelope::Eip1559(tx.into_signed(signature));
+            let tx_hash = envelope.clone().try_into_recovered().unwrap().tx_hash();
+            tx_hashes.push(tx_hash);
 
             // Encode the transaction
             let mut encoded = vec![];
@@ -591,7 +609,7 @@ mod tests {
         };
 
         // Test should fail due to exceeding gas limit
-        let result = validate_bundle(&bundle, total_gas);
+        let result = validate_bundle(&bundle, total_gas, tx_hashes);
         assert!(result.is_err());
         if let Err(e) = result {
             let error_message = format!("{e:?}");
@@ -603,6 +621,7 @@ mod tests {
     async fn test_err_bundle_too_many_transactions() {
         let signer = PrivateKeySigner::random();
         let mut encoded_txs = vec![];
+        let mut tx_hashes = vec![];
 
         let gas = 4_000_000;
         let mut total_gas = 0u64;
@@ -622,6 +641,8 @@ mod tests {
 
             let signature = signer.sign_transaction_sync(&mut tx).unwrap();
             let envelope = OpTxEnvelope::Eip1559(tx.into_signed(signature));
+            let tx_hash = envelope.clone().try_into_recovered().unwrap().tx_hash();
+            tx_hashes.push(tx_hash);
 
             // Encode the transaction
             let mut encoded = vec![];
@@ -639,7 +660,7 @@ mod tests {
         };
 
         // Test should fail due to exceeding gas limit
-        let result = validate_bundle(&bundle, total_gas);
+        let result = validate_bundle(&bundle, total_gas, tx_hashes);
         assert!(result.is_err());
         if let Err(e) = result {
             let error_message = format!("{e:?}");
@@ -655,7 +676,7 @@ mod tests {
             ..Default::default()
         };
         assert_eq!(
-            validate_bundle(&bundle, 0),
+            validate_bundle(&bundle, 0, vec![]),
             Err(
                 EthApiError::InvalidParams("Partial transaction dropping is not supported".into())
                     .into_rpc_err()
@@ -672,7 +693,7 @@ mod tests {
             ..Default::default()
         };
         assert_eq!(
-            validate_bundle(&bundle, 0),
+            validate_bundle(&bundle, 0, vec![]),
             Err(EthApiError::InvalidParams("extra_fields must be empty".into()).into_rpc_err())
         );
     }
@@ -684,7 +705,7 @@ mod tests {
             ..Default::default()
         };
         assert_eq!(
-            validate_bundle(&bundle, 0),
+            validate_bundle(&bundle, 0, vec![]),
             Err(
                 EthApiError::InvalidParams("refunds are not initially supported".into())
                     .into_rpc_err()
@@ -699,7 +720,7 @@ mod tests {
             ..Default::default()
         };
         assert_eq!(
-            validate_bundle(&bundle, 0),
+            validate_bundle(&bundle, 0, vec![]),
             Err(
                 EthApiError::InvalidParams("refunds are not initially supported".into())
                     .into_rpc_err()
@@ -714,11 +735,62 @@ mod tests {
             ..Default::default()
         };
         assert_eq!(
-            validate_bundle(&bundle, 0),
+            validate_bundle(&bundle, 0, vec![]),
             Err(
                 EthApiError::InvalidParams("refunds are not initially supported".into())
                     .into_rpc_err()
             )
         );
     }
+
+    #[tokio::test]
+    async fn test_err_bundle_not_all_tx_hashes_in_reverting_tx_hashes() {
+        let signer = PrivateKeySigner::random();
+        let mut encoded_txs = vec![];
+        let mut tx_hashes = vec![];
+
+        let gas = 4_000_000;
+        let mut total_gas = 0u64;
+        for _ in 0..4 {
+            let mut tx = TxEip1559 {
+                chain_id: 1,
+                nonce: 0,
+                gas_limit: gas,
+                max_fee_per_gas: 200000u128,
+                max_priority_fee_per_gas: 100000u128,
+                to: Address::random().into(),
+                value: U256::from(1000000u128),
+                access_list: Default::default(),
+                input: bytes!("").clone(),
+            };
+            total_gas = total_gas.saturating_add(gas);
+
+            let signature = signer.sign_transaction_sync(&mut tx).unwrap();
+            let envelope = OpTxEnvelope::Eip1559(tx.into_signed(signature));
+            let tx_hash = envelope.clone().try_into_recovered().unwrap().tx_hash();
+            tx_hashes.push(tx_hash);
+
+            // Encode the transaction
+            let mut encoded = vec![];
+            envelope.encode_2718(&mut encoded);
+            encoded_txs.push(Bytes::from(encoded));
+        }
+
+        let bundle = EthSendBundle {
+            txs: encoded_txs,
+            block_number: 0,
+            min_timestamp: None,
+            max_timestamp: None,
+            reverting_tx_hashes: tx_hashes[..2].to_vec(),
+            ..Default::default()
+        };
+
+        // Test should fail due to exceeding gas limit
+        let result = validate_bundle(&bundle, total_gas, tx_hashes);
+        assert!(result.is_err());
+        if let Err(e) = result {
+            let error_message = format!("{e:?}");
+            assert!(error_message.contains("Bundle can only contain 3 transactions"));
+        }
+    }
 }