BLUE-130 Global txreceipt verification #80
Conversation
PR Reviewer Guide 🔍
|
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
S0naliThakur
force-pushed
the
global-txreceipt-verification
branch
5 times, most recently
from
93334f1
to
170baf0
Compare
mhanson-github
force-pushed
the
global-txreceipt-verification
branch
from
fea0f4e
to
b4d2042
Compare
| const { signs } = appliedReceipt | ||
| // Refer to https://github.com/shardeum/shardus-core/blob/7d8877b7e1a5b18140f898a64b932182d8a35298/src/p2p/GlobalAccounts.ts#L397 | ||
| let votingGroupCount = cycleShardData.shardGlobals.nodesPerConsenusGroup | ||
| if (votingGroupCount > cycleShardData.nodes.length) { |
There was a problem hiding this comment.
Should we have a lower bound to the acceptable voting group count?
src/Data/Collector.ts
Outdated
| if (votingGroupCount > cycleShardData.nodes.length) { | ||
| votingGroupCount = cycleShardData.nodes.length | ||
| } | ||
| let isReceiptMajority = (signs.length / votingGroupCount) * 100 >= 60 |
There was a problem hiding this comment.
Can we make the percentage for majority configurable?
There was a problem hiding this comment.
config requiredMajorityVotesPercentage introduced for the same
src/Data/Collector.ts
Outdated
| for (const sign of signs) { | ||
| const { owner: nodePubKey } = sign | ||
| // Get the node id from the public key | ||
| const node = cycleShardData.nodes.find((node) => node.publicKey === nodePubKey) |
There was a problem hiding this comment.
Is there a way to avoid this find operation on every iteration? This loop feels suboptimal.
There was a problem hiding this comment.
using Map now for reduced complexity
src/Data/Collector.ts
Outdated
| } | ||
| uniqueSigners.add(nodePubKey) | ||
| } | ||
| isReceiptMajority = (uniqueSigners.size / votingGroupCount) * 100 >= 60 |
There was a problem hiding this comment.
Move to majority number to config here too.
src/Data/Collector.ts
Outdated
| const { signs, tx } = appliedReceipt | ||
| // Using a map to store the good signatures to avoid duplicates | ||
| const goodSignatures = new Map() | ||
| for (const sign of signs) { |
There was a problem hiding this comment.
Do we not need to exclude signatures from nodes not part of the consensus group here like on the previous file? Or are we filtering the signatures earlier and they are not reaching here if they are from invalid nodes?
There was a problem hiding this comment.
100 - consensus group size
60 - required
Not part of the node list: 10
Not part of the partition group: 5
85>60
sign verify
85>60
There was a problem hiding this comment.
The signatures were not getting filtered earlier, only the required no of signatures was being calculated based on the valid node count. Have introduced the filtering in this section now.
| Penalty = 12, | ||
| } | ||
|
|
||
| export const verifyGlobalTxAccountChange = ( |
There was a problem hiding this comment.
Can we write unit tests for this function?
… debug logs for account query Adding global-txreceipt-verification Added global tx receipt validation and verification Added account verification for global tx receipt Updated the new poqo receipt change
fix receipt verification
S0naliThakur
force-pushed
the
global-txreceipt-verification
branch
from
b4d2042
to
5e1c1d7
Compare
| (signs.length / votingGroupCount) * 100 >= config.requiredMajorityVotesPercentage | ||
| if (!isReceiptMajority) { | ||
| Logger.mainLogger.error( | ||
| `Invalid receipt globalModification signs count is less than ${config.requiredMajorityVotesPercentage}% of the votingGroupCount, ${signs.length}, ${votingGroupCount}` |
Check warning
Code scanning / CodeQL
Log injection Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 8 days ago
To fix the log injection issue, we need to sanitize the user input before logging it. Specifically, we should remove any newline characters from the config.requiredMajorityVotesPercentage value before including it in the log message. This can be done using String.prototype.replace to ensure no line endings are present in the user input.
| @@ -494,3 +494,3 @@ | ||
| Logger.mainLogger.error( | ||
| `Invalid receipt globalModification signs count is less than ${config.requiredMajorityVotesPercentage}% of the votingGroupCount, ${signs.length}, ${votingGroupCount}` | ||
| `Invalid receipt globalModification signs count is less than ${config.requiredMajorityVotesPercentage.replace(/\n|\r/g, "")}% of the votingGroupCount, ${signs.length}, ${votingGroupCount}` | ||
| ) |
| return result | ||
| } | ||
|
|
||
| const nodeMap = new Map<string, P2PTypes.NodeListTypes.Node>() |
There was a problem hiding this comment.
Since this map is only going to change once per cycle we can move this up the level for further optimisation. But for now LGTM.
* Added composite indexes ( cycle and timesamp ) on each data and added debug logs for account query Adding global-txreceipt-verification Added global tx receipt validation and verification Added account verification for global tx receipt Updated the new poqo receipt change * fix empty cycleInfo fix receipt verification * enhance node validation * shardus/types version update- 1.2.21 * fix(lint): fixed list error on votingGroupCount --------- Co-authored-by: Sonali Thakur <[email protected]> Co-authored-by: Arham Jain <[email protected]>
No description provided.