[fix] #4226: Prevent registering genesis Domain or Account

Signed-off-by: Dmitry Murzin <[email protected]>
hyperledger-iroha · Apr 15, 2024 · 90ec4cd · 90ec4cd
1 parent 7d08b9f
commit 90ec4cd
Show file tree

Hide file tree

Showing 4 changed files with 63 additions and 2 deletions.
diff --git a/configs/swarm/executor.wasm b/configs/swarm/executor.wasm
diff --git a/core/src/smartcontracts/isi/domain.rs b/core/src/smartcontracts/isi/domain.rs
@@ -35,7 +35,7 @@ impl Registrable for iroha_data_model::domain::NewDomain {
 /// - update metadata
 /// - transfer, etc.
 pub mod isi {
-    use iroha_data_model::isi::error::RepetitionError;
+    use iroha_data_model::isi::error::{InstructionExecutionError, RepetitionError};
     use iroha_logger::prelude::*;
 
     use super::*;
@@ -55,6 +55,12 @@ pub mod isi {
                 .validate_len(state_transaction.config.ident_length_limits)
                 .map_err(Error::from)?;
 
+            if account_id == *iroha_genesis::GENESIS_ACCOUNT_ID {
+                return Err(InstructionExecutionError::InvariantViolation(
+                    "Not allowed to register `genesis@genesis` account".to_owned(),
+                ));
+            }
+
             let domain = state_transaction.world.domain_mut(&account_id.domain_id)?;
             if domain.accounts.get(&account_id).is_some() {
                 return Err(RepetitionError {

diff --git a/core/src/smartcontracts/isi/mod.rs b/core/src/smartcontracts/isi/mod.rs
@@ -256,13 +256,15 @@ mod tests {
 
     use iroha_crypto::KeyPair;
     use iroha_data_model::metadata::MetadataValueBox;
+    use iroha_genesis::GENESIS_ACCOUNT_ID;
     use tokio::test;
 
     use super::*;
     use crate::{
         kura::Kura,
         query::store::LiveQueryStore,
         state::{State, World},
+        tx::AcceptTransactionFail,
         PeersIds,
     };
 
@@ -474,4 +476,51 @@ mod tests {
 
         Ok(())
     }
+
+    #[test]
+    async fn not_allowed_to_register_genesis_domain_or_account() -> Result<()> {
+        let kura = Kura::blank_kura_for_testing();
+        let state = state_with_test_domains(&kura)?;
+        let mut staet_block = state.block();
+        let mut state_transaction = staet_block.transaction();
+        let account_id = AccountId::from_str("alice@wonderland")?;
+        assert!(matches!(
+            Register::domain(Domain::new(DomainId::from_str("genesis")?))
+                .execute(&account_id, &mut state_transaction)
+                .expect_err("Error expected"),
+            Error::InvariantViolation(_)
+        ));
+        let (public_key, _) = KeyPair::random().into_parts();
+        let register_account = Register::account(Account::new(
+            AccountId::from_str("genesis@genesis")?,
+            public_key,
+        ));
+        assert!(matches!(
+            register_account
+                .execute(&account_id, &mut state_transaction)
+                .expect_err("Error expected"),
+            Error::InvariantViolation(_)
+        ));
+        Ok(())
+    }
+
+    #[test]
+    async fn transaction_signed_by_genesis_account_should_be_rejected() -> Result<()> {
+        let chain_id = ChainId::from("0");
+        let kura = Kura::blank_kura_for_testing();
+        let state = state_with_test_domains(&kura)?;
+        let state_block = state.block();
+
+        let instructions: [InstructionBox; 0] = [];
+        let genesis_keys = KeyPair::random();
+        let tx = TransactionBuilder::new(chain_id.clone(), GENESIS_ACCOUNT_ID.clone())
+            .with_instructions(instructions)
+            .sign(&genesis_keys);
+        let tx_limits = &state_block.transaction_executor().transaction_limits;
+        assert!(matches!(
+            AcceptedTransaction::accept(tx, &chain_id, tx_limits),
+            Err(AcceptTransactionFail::UnexpectedGenesisAccountSignature)
+        ));
+        Ok(())
+    }
 }
diff --git a/core/src/smartcontracts/isi/world.rs b/core/src/smartcontracts/isi/world.rs
@@ -19,7 +19,7 @@ impl Registrable for NewRole {
 pub mod isi {
     use eyre::Result;
     use iroha_data_model::{
-        isi::error::{InvalidParameterError, RepetitionError},
+        isi::error::{InstructionExecutionError, InvalidParameterError, RepetitionError},
         prelude::*,
         query::error::FindError,
         Level,
@@ -87,6 +87,12 @@ pub mod isi {
                 .validate_len(state_transaction.config.ident_length_limits)
                 .map_err(Error::from)?;
 
+            if domain_id == *iroha_genesis::GENESIS_DOMAIN_ID {
+                return Err(InstructionExecutionError::InvariantViolation(
+                    "Not allowed to register `genesis` domain".to_owned(),
+                ));
+            }
+
             let world = &mut state_transaction.world;
             if world.domains.get(&domain_id).is_some() {
                 return Err(RepetitionError {