@ocap/resolver 1.18.152 → 1.18.154

package/lib/index.js

@@ -162,7 +162,7 @@ module.exports = class OCAPResolver {
    * @param {object} params.filter bloom filter to do anti-replay check
    * @param {bool} params.validateTokenConfig should we validate token supply and token-holder balance, should be disabled when starting an existing chain
    */
-  constructor({ statedb, indexdb, config, filter, validateTokenConfig = true }) {
+  constructor({ statedb, indexdb, config, filter, validateTokenConfig = true, logger }) {
     if (!statedb) {
       throw new Error('OCAP Resolver requires a valid statedb implementation to work');
     }
@@ -170,6 +170,8 @@ module.exports = class OCAPResolver {
       throw new Error('OCAP Resolver requires a valid indexdb implementation to work');
     }
 
+    this.logger = logger || { info: debug, warn: debug, error: debug, debug };
+
     this.statedb = statedb;
     this.indexdb = indexdb;
     this.filter = filter;
@@ -208,7 +210,10 @@ module.exports = class OCAPResolver {
   }
 
   async sendTx({ tx: txBase64 }, ctx = {}) {
-    debug('sendTx', txBase64);
+    this.logger.info('sendTx', {
+      txBase64,
+      request: ctx.request,
+    });
 
     if (process.env.CHAIN_MODE === 'readonly') {
       throw new CustomError('FORBIDDEN', 'This chain node is running in readonly mode');
@@ -682,7 +687,16 @@ module.exports = class OCAPResolver {
   }
 
   async verifyAccountRisk(args, ctx) {
-    return tokenFlow.verifyAccountRisk(args, this, ctx);
+    return tokenFlow.verifyAccountRisk(
+      {
+        ...args,
+        accountLimit: process.env.VERIFY_RISK_ACCOUNT_LIMIT,
+        txLimit: process.env.VERIFY_RISK_TX_LIMIT,
+        tolerance: process.env.VERIFY_RISK_TOLERANCE,
+      },
+      this,
+      ctx
+    );
   }
 
   async listTokenFlows(args, ctx) {
@@ -1004,11 +1018,17 @@ module.exports = class OCAPResolver {
     return attachPaidTxGas(tx);
   }
 
-  async _getAllResults(dataKey, fn) {
+  async _getAllResults(dataKey, fn, limit) {
     const results = [];
     const pageSize = 100;
 
     const { paging, [dataKey]: firstPage } = await fn({ size: pageSize });
+
+    // Skip if total exceeds limit cause we cannot query full data
+    if (limit && paging.total > limit) {
+      throw new CustomError('EXCEED_LIMIT', `Total exceeds limit ${limit}`);
+    }
+
     if (paging.total < pageSize) {
       return firstPage;
     }

package/lib/migration-chain.js

@@ -1,4 +1,5 @@
 /* eslint-disable max-classes-per-file */
+const { isEthereumDid } = require('@arcblock/did');
 
 class MigrationNode {
   constructor(address, validFrom, validUntil = null, nextAddress = null) {
@@ -59,7 +60,7 @@ class MigrationChainManager {
    */
   _processMigration(fromAddr, toAddr, timestamp) {
     // Find or create the root address for this chain
-    const rootAddr = this.rootAddresses.get(fromAddr) || fromAddr;
+    const rootAddr = this.getRootAddress(fromAddr);
 
     // Get or create the chain
     if (!this.chains.has(rootAddr)) {
@@ -81,31 +82,29 @@ class MigrationChainManager {
     }
 
     // Update root address mapping for the new address
-    this.rootAddresses.set(toAddr, rootAddr);
+    this.rootAddresses.set(this.formatAddress(toAddr), rootAddr);
   }
 
   /**
    * Find the valid address at a specific timestamp
-   * @param {string} initialAddress - Address to look up
+   * @param {string} address - Address to look up
    * @param {Date} timestamp - Timestamp to check
    * @returns {string} Valid address at the timestamp
    */
-  findAddressAtTime(initialAddress, timestamp) {
-    // Get the root address
-    const rootAddr = this.rootAddresses.get(initialAddress) || initialAddress;
-    const chain = this.chains.get(rootAddr);
+  findAddressAtTime(address, timestamp) {
+    const chains = this.getMigrationHistory(address);
 
-    if (!chain) {
-      return initialAddress;
+    if (!chains?.length) {
+      return address;
     }
 
     // Binary search for the correct address
     let left = 0;
-    let right = chain.length - 1;
+    let right = chains.length - 1;
 
     while (left <= right) {
       const mid = Math.floor((left + right) / 2);
-      const node = chain[mid];
+      const node = chains[mid];
 
       if (node.validFrom <= timestamp && (!node.validUntil || timestamp < node.validUntil)) {
         return node.address;
@@ -117,7 +116,16 @@ class MigrationChainManager {
       }
     }
 
-    return chain[chain.length - 1].address;
+    return chains[chains.length - 1].address;
+  }
+
+  formatAddress(address) {
+    return isEthereumDid(address) ? address.toLowerCase() : address;
+  }
+
+  getRootAddress(address) {
+    const formattedAddress = this.formatAddress(address);
+    return this.rootAddresses.get(formattedAddress) || formattedAddress;
   }
 
   /**
@@ -126,7 +134,7 @@ class MigrationChainManager {
    * @returns {Array} List of migration nodes
    */
   getMigrationHistory(address) {
-    const rootAddr = this.rootAddresses.get(address) || address;
+    const rootAddr = this.getRootAddress(address);
     return this.chains.get(rootAddr) || [];
   }
 }

package/lib/token-flow.js

@@ -1,6 +1,6 @@
 /* eslint-disable no-await-in-loop */
 
-const { BN, fromTokenToUnit } = require('@ocap/util');
+const { BN, fromTokenToUnit, isSameDid } = require('@ocap/util');
 const { schemas, Joi } = require('@arcblock/validator');
 const { CustomError } = require('@ocap/util/lib/error');
 const uniq = require('lodash/uniq');
@@ -126,6 +126,11 @@ const getVaultAccounts = (config) => {
   return Object.values(config.vaults).flat().concat(FORGE_TOKEN_HOLDER);
 };
 
+const getInitialBalance = (address, config) => {
+  const account = config?.accounts?.find((x) => isSameDid(x.address, address));
+  return account ? fromTokenToUnit(account.balance) : ZERO;
+};
+
 const fixMigrateReceipts = async ({ accountAddress, tx }, resolver) => {
   const migrationChain = await resolver.getMigrationChain();
   const address = migrationChain.findAddressAtTime(accountAddress, new Date(tx.time));
@@ -134,14 +139,18 @@ const fixMigrateReceipts = async ({ accountAddress, tx }, resolver) => {
   // fix receipts address
   if (address && migrations.length) {
     tx.receipts.forEach((receipt) => {
-      if (migrations.some((x) => x.address === receipt.address)) {
+      if (migrations.some((x) => isSameDid(x.address, receipt.address))) {
         receipt.address = address;
       }
     });
   }
 };
 
-const verifyAccountRisk = async ({ accountAddress, tokenAddress }, resolver, ctx = {}) => {
+const verifyAccountRisk = async (
+  { accountAddress, tokenAddress, accountLimit = 400, txLimit = 10000, tolerance = '0.0000000001' },
+  resolver,
+  ctx = {}
+) => {
   // validate request params
   const { error } = paramsSchema.validate({ accountAddress, tokenAddress, resolver });
   if (error) {
@@ -151,12 +160,13 @@ const verifyAccountRisk = async ({ accountAddress, tokenAddress }, resolver, ctx
   const checkedAccounts = new Map();
   const checkedTx = new Map();
   const accountQueue = [accountAddress];
-  const maxAccountSize = 400;
+  const tokenState = await resolver.tokenCache.get(tokenAddress);
+  const toleranceUnit = fromTokenToUnit(tolerance, tokenState?.decimal);
   const vaultAccounts = getVaultAccounts(resolver.config);
 
   while (accountQueue.length) {
     // limit
-    if (checkedAccounts.size >= maxAccountSize) {
+    if (checkedAccounts.size >= accountLimit) {
       return {
         isRisky: false,
         reason: 'MAX_ACCOUNT_SIZE_LIMIT',
@@ -172,21 +182,33 @@ const verifyAccountRisk = async ({ accountAddress, tokenAddress }, resolver, ctx
     if (checkedAccounts.has(address)) continue;
     // skip trusted accounts
     if (await resolver.filter.isTrusted(address)) {
-      checkedAccounts.set(address, {});
+      checkedAccounts.set(address, true);
       continue;
     }
 
-    const transactions = await resolver._getAllResults('transactions', (paging) =>
-      resolver.listTransactions({ paging, accountFilter: { accounts: [address] } }, ctx)
-    );
-    const accountState = await resolver.getAccountState({ address, traceMigration: false }, ctx);
+    let transactions = [];
+    try {
+      transactions = await resolver._getAllResults(
+        'transactions',
+        (paging) => resolver.listTransactions({ paging, accountFilter: { accounts: [address] } }, ctx),
+        txLimit
+      );
+    } catch (e) {
+      // skip if tx limit exceeded
+      if (e.code === 'EXCEED_LIMIT') {
+        checkedAccounts.set(address, true);
+        continue;
+      }
+      throw e;
+    }
 
+    const accountState = await resolver.getAccountState({ address, traceMigration: false }, ctx);
     if (!accountState) {
       throw new CustomError('INVALID_REQUEST', `Invalid address ${address}`);
     }
-    const balance = accountState.tokens.find((item) => item.address === tokenAddress)?.value || 0;
+    const balance = accountState.tokens.find((item) => isSameDid(item.address, tokenAddress))?.value || 0;
 
-    let transferIn = ZERO;
+    let transferIn = getInitialBalance(address, resolver.config);
     let transferOut = ZERO;
 
     // Parse txs to get transfer amounts
@@ -205,20 +227,20 @@ const verifyAccountRisk = async ({ accountAddress, tokenAddress }, resolver, ctx
       // Calculate the total amount of transfer for this address
       transferIn = transferIn.add(
         transferInList
-          .filter((item) => item.address === address)
+          .filter((item) => isSameDid(item.address, address))
           .map((item) => item.value)
           .reduce((prev, cur) => prev.add(cur), ZERO)
       );
 
       transferOut = transferOut.add(
         transferOutList
-          .filter((item) => item.address === address)
+          .filter((item) => isSameDid(item.address, address))
           .map((item) => item.value)
           .reduce((prev, cur) => prev.add(cur), ZERO)
       );
 
       // push transferIn accounts to queue for next time check
-      if (transferInList.some((item) => item.address === address)) {
+      if (transferInList.some((item) => isSameDid(item.address, address))) {
         const accountsToQueue = transferOutList
           .filter((item) => {
             if (accountQueue.includes(item.address)) return false;
@@ -240,7 +262,12 @@ const verifyAccountRisk = async ({ accountAddress, tokenAddress }, resolver, ctx
     checkedAccounts.set(address, true);
 
     // Check if the balance not matches the transfer records
-    if (!transferIn.eq(transferOut.add(new BN(balance)))) {
+    if (
+      transferIn
+        .sub(transferOut.add(new BN(balance)))
+        .abs()
+        .gt(toleranceUnit)
+    ) {
       debug('Account balance does not match transfer records', {
         address,
         transferIn: transferIn.toString(),

package/package.json

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "1.18.152",
+  "version": "1.18.154",
   "description": "GraphQL resolver built upon ocap statedb and GQL layer",
   "main": "lib/index.js",
   "files": [
@@ -22,18 +22,18 @@
     "jest": "^29.7.0"
   },
   "dependencies": {
-    "@arcblock/did": "1.18.152",
-    "@arcblock/did-util": "1.18.152",
-    "@arcblock/validator": "1.18.152",
-    "@ocap/config": "1.18.152",
-    "@ocap/indexdb": "1.18.152",
-    "@ocap/mcrypto": "1.18.152",
-    "@ocap/message": "1.18.152",
-    "@ocap/state": "1.18.152",
-    "@ocap/tx-protocols": "1.18.152",
-    "@ocap/util": "1.18.152",
+    "@arcblock/did": "1.18.154",
+    "@arcblock/did-util": "1.18.154",
+    "@arcblock/validator": "1.18.154",
+    "@ocap/config": "1.18.154",
+    "@ocap/indexdb": "1.18.154",
+    "@ocap/mcrypto": "1.18.154",
+    "@ocap/message": "1.18.154",
+    "@ocap/state": "1.18.154",
+    "@ocap/tx-protocols": "1.18.154",
+    "@ocap/util": "1.18.154",
     "debug": "^4.3.6",
     "lodash": "^4.17.21"
   },
-  "gitHead": "4f31d06aa2a15b57a7d00fdec6241376f10ee873"
+  "gitHead": "414d4207886905fca9529912a12a3b6b8c811886"
 }