Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add(consensus): Check consensus branch ids in tx verifier #9063

Merged
merged 15 commits into from
Dec 5, 2024

Conversation

upbqdn
Copy link
Member

@upbqdn upbqdn commented Dec 2, 2024

Motivation

Close #9064.

Context

The tx verifier is not checking if the nConsensusBranchId field in V5 txs conforms to the following consensus rule:

[NU5 onward] If effectiveVersion ≥ 5, the nConsensusBranchId field MUST match the consensus branch ID used for SIGHASH transaction hashes, as specified in ZIP-244.

We have this check in the block verifier. However, since the mempool uses only the tx verifier, it can currently accept txs with an incorrect nConsenusBranchId.

Specifications & References

Solution

Tests

  • Add unit tests.
  • Adjust existing unit tests.

PR Author's Checklist

  • The PR name will make sense to users.
  • The PR provides a CHANGELOG summary.
  • The solution is tested.
  • The documentation is up to date.
  • The PR has a priority label.

PR Reviewer's Checklist

  • The PR Author's checklist is complete.
  • The PR resolves the issue.

@upbqdn upbqdn added C-bug Category: This is a bug A-consensus Area: Consensus rule updates NU-6 Network Upgrade: NU6 specific tasks P-High 🔥 rust Pull requests that update Rust code labels Dec 2, 2024
@upbqdn upbqdn self-assigned this Dec 2, 2024
@upbqdn upbqdn requested a review from a team as a code owner December 2, 2024 11:18
@upbqdn upbqdn requested review from oxarbitrage and removed request for a team December 2, 2024 11:18
@mpguerra mpguerra linked an issue Dec 2, 2024 that may be closed by this pull request
@conradoplg
Copy link
Collaborator

Just for reference I think the 4.10 rules are about the branch ID used in SIGHASH. What we seem to have missed is from 7.1.2:

the nConsensusBranchId field MUST match the consensus branch ID used for SIGHASH transaction hashes

which we check for transactions in blocks, but not for transactions in the mempool.

Copy link
Collaborator

@conradoplg conradoplg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good, but since it's a consensus change, I'll leave approval for the next reviewer

zebra-consensus/src/transaction/check.rs Outdated Show resolved Hide resolved
@conradoplg
Copy link
Collaborator

I confirmed that running a sendrawtransaction with an outdated-Ywallet-generated tx returns:

error code: 0
error message:
transaction did not pass consensus validation

Copy link
Contributor

@daira daira left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

utACK for the non-test code. I did not thoroughly review the tests.

oxarbitrage
oxarbitrage previously approved these changes Dec 3, 2024
Copy link
Contributor

@oxarbitrage oxarbitrage left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good, thank you @upbqdn

zebra-consensus/src/transaction/check.rs Outdated Show resolved Hide resolved
zebra-consensus/src/error.rs Outdated Show resolved Hide resolved
@upbqdn
Copy link
Member Author

upbqdn commented Dec 3, 2024

Just for reference I think the 4.10 rules are about the branch ID used in SIGHASH. What we seem to have missed is from 7.1.2:

the nConsensusBranchId field MUST match the consensus branch ID used for SIGHASH transaction hashes

which we check for transactions in blocks, but not for transactions in the mempool.

I agree. To reflect this, I updated the implementation in b83ee0b and 4f37471 and the PR description as well.

@upbqdn
Copy link
Member Author

upbqdn commented Dec 3, 2024

Consensus rules often start with conditions such as "[NU5 onward]". We take those conditions as implicit in the code, but we could implement them by checking what NU is active for the thing being checked. Should we start making those conditions explicit?

@upbqdn upbqdn force-pushed the fix-consensus-branch-id branch 2 times, most recently from c2fe569 to 8deea77 Compare December 3, 2024 17:49
@upbqdn upbqdn force-pushed the fix-consensus-branch-id branch from c900e55 to c698507 Compare December 3, 2024 17:56
@upbqdn
Copy link
Member Author

upbqdn commented Dec 3, 2024

I made the NU5 onward condition explicit in c698507.

oxarbitrage
oxarbitrage previously approved these changes Dec 3, 2024
@arya2 arya2 added the extra-reviews This PR needs at least 2 reviews to merge label Dec 3, 2024
arya2
arya2 previously approved these changes Dec 3, 2024
Copy link
Contributor

@arya2 arya2 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks really good, thank you for the fix and the related cleanups.

I left a few suggestions for cleanups but there are no blockers.

zebra-chain/src/transaction.rs Outdated Show resolved Hide resolved
zebra-consensus/src/transaction.rs Show resolved Hide resolved
zebra-chain/src/transaction.rs Show resolved Hide resolved
zebra-consensus/src/transaction/tests.rs Show resolved Hide resolved
@upbqdn upbqdn dismissed stale reviews from arya2 and oxarbitrage via 3e7b308 December 4, 2024 11:50
arya2
arya2 previously approved these changes Dec 4, 2024
mergify bot added a commit that referenced this pull request Dec 5, 2024
@mergify mergify bot merged commit bd122b6 into main Dec 5, 2024
113 of 124 checks passed
@mergify mergify bot deleted the fix-consensus-branch-id branch December 5, 2024 15:06
@mpguerra mpguerra linked an issue Dec 16, 2024 that may be closed by this pull request
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
A-consensus Area: Consensus rule updates C-bug Category: This is a bug extra-reviews This PR needs at least 2 reviews to merge NU-6 Network Upgrade: NU6 specific tasks P-High 🔥 rust Pull requests that update Rust code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Mempool can accept V5 txs with incorrect nConsensusBranchId bug: sendrawtransaction discrepancy
5 participants