npm - @ocap/tx-pipeline - Versions diffs - 1.18.162 → 1.18.164 - Mend

@ocap/tx-pipeline 1.18.162 → 1.18.164

Files changed (4) hide show

package/lib/index.js +4 -0
package/lib/pipes/take-state-snapshot.js +33 -0
package/lib/pipes/verify-state-diff.js +192 -0
package/package.json +9 -9

package/lib/index.js CHANGED Viewed

@@ -23,6 +23,8 @@ const VerifyTxSize = require('./pipes/verify-tx-size');
 const VerifyTxInput = require('./pipes/verify-tx-input');
 const VerifyUpdater = require('./pipes/verify-updater');
 const VerifyTokenBalance = require('./pipes/verify-token-balance');
+const VerifyStateDiff = require('./pipes/verify-state-diff');
+const TakeStateSnapshot = require('./pipes/take-state-snapshot');
 module.exports = {
   Runner,
@@ -51,5 +53,7 @@ module.exports = {
     VerifyTxSize,
     VerifyTxInput,
     VerifyTokenBalance,
+    VerifyStateDiff,
+    TakeStateSnapshot,
   },
 };

package/lib/pipes/take-state-snapshot.js ADDED Viewed

@@ -0,0 +1,33 @@
+const { cloneDeep } = require('lodash');
+const { groupStatesByAddress } = require('./verify-state-diff');
+module.exports = function CreateTakeStateSnapshotPipe({ key = 'stateSnapshot' } = {}) {
+  return async function TakeStateSnapshot(context, next) {
+    const { statedb, config } = context;
+    const statesMap = groupStatesByAddress(context);
+    // feeVaultState is usually add to context at the end, so we need to query it here
+    if (!statesMap[config.vaults.txFee]) {
+      statesMap[config.vaults.txFee] = [await statedb.account.get(config.vaults.txFee, context)];
+    }
+    // for acquire transactions, we should pre-fetch the account state in the mint hooks to verify their balance changes later
+    if (context.factoryState && ['fg:t:acquire_asset_v3', 'fg:t:acquire_asset_v2'].includes(context.txType)) {
+      const mintHook = context.factoryState.hooks?.find((x) => x.name === 'mint');
+      const states = await Promise.all(
+        (mintHook?.compiled || []).map((x) => {
+          const address = x.args.to;
+          return statesMap[address]?.[0] || statedb.account.get(address, context);
+        })
+      );
+      states.forEach((x) => {
+        statesMap[x.address] = [x];
+      });
+    }
+    context[key] = cloneDeep(statesMap);
+    return next();
+  };
+};

package/lib/pipes/verify-state-diff.js ADDED Viewed

@@ -0,0 +1,192 @@
+/* eslint-disable no-await-in-loop */
+/* eslint-disable consistent-return */
+const isEqual = require('lodash/isEqual');
+const mergeWith = require('lodash/mergeWith');
+const clone = require('lodash/clone');
+const { BN, isSameDid } = require('@ocap/util');
+const { CustomError: Error } = require('@ocap/util/lib/error');
+const { groupReceiptTokenChanges, create: createTxState } = require('@ocap/state/lib/states/tx');
+const { getRelatedAddresses } = require('@ocap/util/lib/get-related-addr');
+const {
+  types: { RoleType },
+} = require('@ocap/mcrypto');
+const { toTypeInfo } = require('@arcblock/did');
+const { pickBy } = require('lodash');
+function groupStatesByAddress(context) {
+  /**
+   * a map of address -> state list
+   * @type {Record<string, []>}
+   */
+  const statesMap = {};
+  for (const [stateKey, stateOrStates] of Object.entries(context)) {
+    const states = [].concat(stateOrStates).filter((x) => x && x.address && x.tokens && x.context);
+    for (const state of states) {
+      // mintHookStates has the highest priority
+      if (stateKey === 'mintHookStates') {
+        statesMap[state.address] = [state];
+        continue;
+      }
+      // skip state with the same tokens as existing states
+      const curStates = statesMap[state.address] || [];
+      if (curStates.every((x) => !isEqual(x.tokens, state.tokens))) {
+        statesMap[state.address] = curStates.concat(state);
+      }
+    }
+  }
+  return statesMap;
+}
+function findStates(address, statesMap) {
+  if (statesMap[address]) {
+    return statesMap[address];
+  }
+  // Try to find state from migrated addresses
+  const matchedAddress = Object.keys(statesMap).find((x) => {
+    const state = statesMap[x][0];
+    const relatedAddresses = getRelatedAddresses(state);
+    return !state.migratedTo?.length && relatedAddresses.some((y) => isSameDid(y, address));
+  });
+  return statesMap[matchedAddress] || [];
+}
+function getStateTokens(state, txType) {
+  const isStakeAddress = toTypeInfo(state.address).role === RoleType.ROLE_STAKE;
+  if (txType === 'slash_stake' && isStakeAddress) {
+    return mergeTokenChange(state.revokedTokens, state.tokens);
+  }
+  if (txType === 'claim_stake' && isStakeAddress) {
+    return state.revokedTokens;
+  }
+  return state.tokens;
+}
+function mergeTokenChange(token1, token2, operator = 'add') {
+  return mergeWith(clone(token1), token2, (a, b) => {
+    return new BN(a || 0)[operator](new BN(b)).toString();
+  });
+}
+/**
+ * Update migrated addresses in receipts to their latest addresses
+ */
+function fixMigratedReceipts(receipts, statesMap) {
+  const states = Object.values(statesMap).flat();
+  const fixedReceipts = receipts.map((receipt) => {
+    const state = states.find((x) => {
+      const relatedAddresses = getRelatedAddresses(x);
+      return !x.migratedTo?.length && relatedAddresses.some((address) => isSameDid(address, receipt.address));
+    });
+    return {
+      ...receipt,
+      address: state?.address || receipt.address,
+    };
+  });
+  return fixedReceipts;
+}
+/**
+ * verify that account balances are updated correctly by comparing before and after states
+ */
+module.exports = function CreateVerifyStateDiffPipe({ snapshotKey = 'stateSnapshot' } = {}) {
+  return async function VerifyStateDiff(context, next) {
+    const { logger, [snapshotKey]: snapshotStates } = context;
+    if (!snapshotStates) {
+      return next(
+        new Error('FORBIDDEN', `context.${snapshotKey} is missing, please call VerifyStateDiff after TakeStateSnapshot`)
+      );
+    }
+    const txState = createTxState(context, 'OK', false);
+    const contextStates = groupStatesByAddress(context);
+    const receipts = fixMigratedReceipts(txState.receipts, contextStates);
+    const receiptChanges = groupReceiptTokenChanges(receipts);
+    // verify: receipts -> state diff
+    // before tokens + receipt changes = after tokens
+    for (const [address, tokenChanges] of Object.entries(receiptChanges)) {
+      const beforeState = findStates(address, snapshotStates)[0];
+      const afterStates = findStates(address, contextStates);
+      if (!afterStates.length) {
+        logger?.error('INVALID_RECEIPT', 'Changed state not found for receipt', {
+          address,
+          context,
+          tokenChanges,
+        });
+        return next(new Error('INVALID_RECEIPT', 'Changed state not found for receipt'));
+      }
+      // if beforeState does not exist, it means afterState is created in this transaction,
+      // so its tokens should exactly match the receipts
+      const expectedTokens = beforeState
+        ? mergeTokenChange(getStateTokens(beforeState, txState.type), tokenChanges)
+        : tokenChanges;
+      const matchAfterState = afterStates.find((x) => isEqual(expectedTokens, getStateTokens(x, txState.type)));
+      if (!matchAfterState) {
+        logger?.error('INVALID_RECEIPT', 'Tx receipts does not match with state diff', {
+          txState,
+          expectedTokens,
+          beforeState,
+          afterStates,
+          tokenChanges,
+        });
+        return next(new Error('INVALID_RECEIPT', 'Tx receipts does not match with state diff'));
+      }
+    }
+    // verify: state diff -> receipts
+    // after tokens - before tokens = receipt changes
+    for (const [address, afterStates] of Object.entries(contextStates)) {
+      const beforeState = findStates(address, snapshotStates)[0];
+      const beforeTokens = beforeState ? getStateTokens(beforeState, txState.type) : {};
+      const roleType = toTypeInfo(address).role;
+      // there might be multiple afterStates found, e.g. when signerState and senderState have the same address,
+      // and it's possible that senderState has updated tokens but signerState hasn't.
+      // so we need to verify each afterState. there are two cases:
+      // 1. state with updated tokens: their tokens differ from beforeState.tokens, so they will enter verification logic
+      // 2. state with no updated tokens: their tokens match beforeState.tokens, so they will skip verification logic
+      for (const afterState of afterStates) {
+        const afterTokens = getStateTokens(afterState, txState.type);
+        if (!beforeState || !isEqual(afterTokens, beforeTokens)) {
+          const tokenChange = pickBy(
+            beforeState ? mergeTokenChange(afterTokens, beforeTokens, 'sub') : afterTokens,
+            (value) => value !== '0'
+          );
+          let expectedChange = receiptChanges[address] || {};
+          // revoke_stake only moves tokens from staked to revoked tokens and without generating any receipts
+          // after tokens - before tokens = before revoke tokens - after revoke tokens
+          if (txState.type === 'revoke_stake' && roleType === RoleType.ROLE_STAKE) {
+            expectedChange = pickBy(
+              mergeTokenChange(beforeState.revokedTokens, afterState.revokedTokens, 'sub'),
+              (value) => value !== '0'
+            );
+          }
+          if (!isEqual(tokenChange, expectedChange)) {
+            logger?.error('INVALID_RECEIPT', 'State diff does not match with tx receipts', {
+              txState,
+              beforeState,
+              afterState,
+              afterStates,
+              tokenChange,
+              expectedChange,
+            });
+            return next(new Error('INVALID_RECEIPT', 'State diff does not match with tx receipts'));
+          }
+        }
+      }
+    }
+    next();
+  };
+};
+module.exports.groupStatesByAddress = groupStatesByAddress;

package/package.json CHANGED Viewed

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "1.18.162",
+  "version": "1.18.164",
   "description": "Pipeline runner and common pipelines to process transactions",
   "main": "lib/index.js",
   "files": [
@@ -29,16 +29,16 @@
     "elliptic": "6.5.3"
   },
   "dependencies": {
-    "@arcblock/did": "1.18.162",
-    "@arcblock/did-util": "1.18.162",
-    "@ocap/mcrypto": "1.18.162",
-    "@ocap/message": "1.18.162",
-    "@ocap/state": "1.18.162",
-    "@ocap/util": "1.18.162",
-    "@ocap/wallet": "1.18.162",
+    "@arcblock/did": "1.18.164",
+    "@arcblock/did-util": "1.18.164",
+    "@ocap/mcrypto": "1.18.164",
+    "@ocap/message": "1.18.164",
+    "@ocap/state": "1.18.164",
+    "@ocap/util": "1.18.164",
+    "@ocap/wallet": "1.18.164",
     "debug": "^4.3.6",
     "empty-value": "^1.0.1",
     "lodash": "^4.17.21"
   },
-  "gitHead": "54c0d27c13d94fd758335e65648326a8d04dd30c"
+  "gitHead": "f517d0620f7fb4acd26716ab76f68829587b6483"
 }