chore(release): v1.0.7-beta

[shamardy]

Features:

• Trading Protocol Upgrade #1895
  • SwapOpsV2 trait was added containing methods of the new protocol (WIP) in #1927
  • SwapOpsV2 was implemented for UtxoStandardCoin in #1927
  • Dockerized integration tests added, sending and spending/refunding "dex fee + premium" UTXO in #1927
• HD Wallet #1838
  • Global enabling of an account'/change/address_index path for all coins using hd_account_id config parameter was replaced by enable_hd which is a bool that defaults to false in #1933
  • path_to_address parameter was added to coins activation requests to set the default account'/change/address_index path that will be used for swaps. If not provided, the default will be 0'/0/0 in #1933
  • HD withdrawal from any account'/change/address_index path was implemented for UTXO, EVM and Tendermint coins in #1933
• Pirate Integration #927
  • ARRR synchronization now supports using a specific start date. This allows users to specify a specific date as the starting point for synchronization as a substitute for the checkpoint block from config or syncing from the first block #1922

Enhancements/Fixes:

• Adex-CLI #1682
  • The file permissions of the cli config file is now set to 660 in unix to disallow reading by other users #1913
  • Activation types have been introduced to prevent malicious substitution of them in the activation scheme file #1912
  • HTTPS connection support was added in #1910
  • Activation scheme was changed so the related data types were refactored to be fit for it in #1938
• PoSV coins withdrawal issue was fixed. The issue was a missing n_time field in the generated transaction. The fix now correctly considers when n_time is required, and the rawtransaction can be broadcasted #1925
• Latest relayer channel is now used for tendermint test #1929
• Price urls were updated in #1928
• NFT transactions that transfer multiple NFT tokens were fixed in db, log_index is now used as part of the transfers history table primary key #1926
• State machine was refactored as a preparation step for StorableStateMachine pattern extension in #1927
• A fix was introduced to use kmd rewards for fees if change + interest is below dust threshold in #1944
• Debug info was removed from release binary to reduce the file size in #1954
• Failing tests due to BCHD were ignored in #1955

[cipig]

running fine on 6 mm nodes since 24h

[ca333]

cc @DeckerSU @Alrighttt

@rozhkovdmitrii why two diff versions? (we seem using a total of 3 diff across codebase, 0.19.1, 0.20.4 and 0.20.8)

cli lockfile:

[[package]]
name = "rustls"
version = "0.19.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "35edb675feee39aec9c99fa5ff985081995a06d594114ae14cbe797ad7b7a6d7"
dependencies = [
 "base64 0.13.1",
 "log 0.4.17",
 "ring",
 "sct 0.6.1",
 "webpki 0.21.4",
]

[[package]]
name = "rustls"
version = "0.20.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fff78fc74d175294f4e83b28343315ffcfb114b156f0185e9741cb5570f50e2f"
dependencies = [
 "log 0.4.17",
 "ring",
 "sct 0.7.0",
 "webpki 0.22.0",
]

[ca333]

jfyi: dangerous_configuration: this feature enables a dangerous() method on ClientConfig and ServerConfig that allows setting inadvisable options, such as replacing the certificate verification process. Applications requesting this feature should be reviewed carefully.

assume this is for self-signed / local cert handling? cc @shamardy

[shamardy]

assume this is for self-signed / local cert handling?

Yes. To disable certificate verification from cli side dangerous_configuration has to be used

komodo-defi-framework/mm2src/adex_cli/src/transport.rs

Lines 106 to 108 in 867a01a

	config
	.dangerous()
	.set_certificate_verifier(Arc::new(NoCertificateVerification {}));

P.S. dangerous_configuration is not used from the https server side in mm2.

[rozhkovdmitrii]

Thank you for pointing it out )

Originally the version of rustls was not constrained and "0.20.8" was used in adex-cli.

Version "0.19.1" is used as subdependency of `mm2_net`

$ cargo tree --manifest-path mm2src/adex_cli/Cargo.toml -i [email protected]
rustls v0.19.1
├── adex-cli v0.1.0 (/home/rozhkov/sources/atomicDEX-API/mm2src/adex_cli)
└── futures-rustls v0.21.1
    └── mm2_core v0.1.0 (/home/rozhkov/sources/atomicDEX-API/mm2src/mm2_core)
        └── mm2_net v0.1.0 (/home/rozhkov/sources/atomicDEX-API/mm2src/mm2_net)
            └── adex-cli v0.1.0 (/home/rozhkov/sources/atomicDEX-API/mm2src/adex_cli)

On 03.08 I had to start using rustls as explicit dependency and I was oriented on using rustls 0.20.4. It was a version which of mm2 was dependent on. Perhaps I had to strongly tie adex-cli on 0.20.4 to be able to manage versions manually.

Now using both version "0.19.1" and "0.20.8" looks appropriate in my honest opinion

---

Concerning the question why dangerous_configuration feature was utilized - that was to make it able to connect to mm2 that issues self signed certificate.

Thank you

[shamardy]

Concerning the question why dangerous_configuration feature was utilized - that was to make it able to connect to mm2 that issues self signed certificate.

mm2 can be initialized using a certificate file too, it doesn't have to be self-signed but will be in most cases. It would be good to allow the cli user to disable certificate verification themselves like it's done in some other clients (e.g. postman provides this, it doesn't disable it by default). Please open an issue for this @rozhkovdmitrii and it can be done later as it's not urgent at all.

[rozhkovdmitrii]

Please open an issue for this @rozhkovdmitrii and it can be done later as it's not urgent at all.

done

[DeckerSU]

I just wanted to mention something about the versions of hyper-rustls and rustls. From what I understand, the version of rustls that we use should exactly match the version of rustls that hyper-rustls depends on. For example, if we are using hyper-rustls 0.23, we should also use rustls 0.20.8. This is important because if there is a version mismatch, such as using hyper-rustls 0.23 and rustls 0.21.7, we may encounter unexpected errors like below:

note: `ClientConfig` is defined in crate `rustls`
   --> /home/decker/.cargo/registry/src/index.crates.io-6f17d22bba15001f/rustls-0.21.7/src/client/client_conn.rs:128:1
    |
128 | pub struct ClientConfig {
    | ^^^^^^^^^^^^^^^^^^^^^^^
note: `rustls::client::client_conn::ClientConfig` is defined in crate `rustls`
   --> /home/decker/.cargo/registry/src/index.crates.io-6f17d22bba15001f/rustls-0.20.8/src/client/client_conn.rs:91:1
    |
91  | pub struct ClientConfig {
    | ^^^^^^^^^^^^^^^^^^^^^^^
    = note: perhaps two different versions of crate `rustls` are being used?

To avoid any potential compatibility issues, it may be better to specify the exact versions of the crates using the = symbol. This way, we can ensure that the versions of hyper-rustls and rustls are precisely matched, reducing the chances of encountering any compatibility problems. Perhaps I may have slightly overestimated the significance of the "issue", but I have personally encountered package version mismatches during some of my own tests. Anyway, JFYI.

[rozhkovdmitrii]

Thank you for pointing it out 🙏, solved

[shamardy]

@rozhkovdmitrii can you please make this fix and the one here #1936 (comment) in a seperate PR? The whole release will be blocked until #1932 is sec reviewed and QA tested otherwise.

[rozhkovdmitrii]

done

[ca333]

is this advised? Wouldn't it be better/safer to assume config file has correct permission setting as opposed to implementing a de-facto "chmod" into mm2?
Rly concerned over likely unneeded filestream ops and speaking general - against this.

[Alrighttt]

I advised him to this as it's creating the config JSON that is used by a separate process, mm2.

There could be a better solution, but without this, the seed will be readable by any user on the system.

[Alrighttt]

my original comment
#1871 (comment)

[rozhkovdmitrii]

Yep, it was adviced.

The command: adex-cli config set -u http://localhost:77873 -p creates the configuration file and setting permissions could look quite essential.

cc: @Alrighttt

[Alrighttt]

It's not totally necessary. Maybe a warning while creating this configuration would suffice since the target audience of this app is presumably power users or at least users familiar with a terminal.

[rozhkovdmitrii]

done

[ca333]

duplicate feedback from above:

is this advised? Wouldn't it be better/safer to assume config file has correct permission setting as opposed to implementing a de-facto "chmod" into mm2?
Rly concerned over likely unneeded filestream ops and speaking general - against this.

[Alrighttt]

<pubkey0> OP_CHECKSIGVERIFY <pubkey1> OP_CHECKSIG is more efficient than OP_CHECKMULTISIG if it's used for only two keys

[artemii235]

Noted, I will do it in the next iteration(s).

[Alrighttt]

Any chain ticker starting with a number will cause the sql statement that creates the table to fail unexpectedly.

[Alrighttt]

I realize this isn't directly related to the changes in this PR. However, if we are still in the process of restructuring the DB, please consider #1916

[shamardy]

It's not a problem in this case since we use hardcoded chain tickers for NFTs

komodo-defi-framework/mm2src/coins/nft/nft_structs.rs

Lines 71 to 81 in 92372cb

	impl ConvertChain for Chain {
	fn to_ticker(&self) -> String {
	match self {
	Chain::Avalanche => "AVAX".to_owned(),
	Chain::Bsc => "BNB".to_owned(),
	Chain::Eth => "ETH".to_owned(),
	Chain::Fantom => "FTM".to_owned(),
	Chain::Polygon => "MATIC".to_owned(),
	}
	}
	}

but this should be solved in a general way for other coins tables such as 1inch.

[Alrighttt]

This is a very dangerous way of building an sql statement and likely subject to sql injection. This goes for all the similarly built sql statements within this file.

[Alrighttt]

Oh my mistake, I misread this. Realizing now this is only inserting the table_name, not all the parameters.

[laruh]

This function is just to build sql command string, which rusqlite actually asks to provide for execute() function for example.
It requires params sql: &str, params: P where in rusqlite, P: Params is a trait bound that indicates that the params argument must implement the Params trait. The Params trait is implemented for types that can be used as parameters in a prepared statement. In other words, P: Params means that the params variable must be of a type that can be used as parameters in the execute function. The Params trait is implemented for various types, including tuples, arrays, and slices of types that implement the ToSql trait.
execute() prepares sql statement, binds the parameters to the statement and execute it if you take a look at the source code. You can do it easily if you open project in Clion for example.

For params we create an array from Nft and NftTransferHistory fields

[laruh]

as for table name, we validate it with validate_table_name function which does provide protection against sql injection attacks by only allowing alphanumeric characters and underscores in table names.

[DeckerSU]

Regarding the details_json field. I'm curious to know if it is justified to store both the individual fields and the entire JSON string containing those fields separately in the table. I'm not sure if there's a better way to do it, but is this approach architecturally justified?

[DeckerSU]

By the way, I am not very knowledgeable in SQL. However, I have noticed that we are currently using the COUNT(*) function to obtain the total number of entries in an SQLite table. We then use OFFSET and LIMIT to retrieve the desired page in the finalize_%something%_sql_builder function. This involves two separate queries. However, some tables have a log_index field which could potentially be used as a cursor. In other words, we can retrieve the desired page using the following query:

SELECT * 
FROM table_name 
WHERE log_index > %index_of_last_page_end%
ORDER BY log_index 
LIMIT %page_size%;

This would only require one query. It is possible that this approach may not be suitable in this case, or the number of entries in such tables may be small enough that there would be no significant difference between the COUNT(*) + OFFSET/LIMIT approach and the approach mentioned above. However, for large datasets, the approach described above would likely be more efficient.

Just thinking out loud, nothing more.

[laruh]

Sorry, its a deep night, just a brief note, that log_index is an index of transaction, bcz there could be several transactions with the same transaction_hash, thats why we have primary key (transaction_hash, log_index), its not related to position in the sql table.
we count all items to show total objects in response. for example in get_nft_transfers

pub struct NftsTransferHistoryList {
    pub(crate) transfer_history: Vec<NftTransferHistory>,
    pub(crate) skipped: usize,
    pub(crate) total: usize,
}

[laruh]

@DeckerSU to be more clear.
Unique transaction_hash can have only one transaction. A single transaction can trigger multiple events, and each event generates a log entry. For example, if a single transaction triggers three events, there will be three log entries associated with that transaction, each with a different log_index: 0, 1, and 2.
log_index as a primary key was added in this PR. If user sends a batch transfer (see safeBatchTransferFrom) with multiple NFTs you will see in response from moralis transactions with the same transaction_hash but different log_index for each NFT which was sent in this transaction.

[DeckerSU]

@laruh Thank you for the detailed explanation. I now understand that I misunderstood the purpose/function of the log_index field. I mistakenly thought it was used for indexing/ordering in the table, but now it is clear that it serves a different purpose. I apologize for taking up your time.

[laruh]

@laruh Thank you for the detailed explanation. I now understand that I misunderstood the purpose/function of the log_index field. I mistakenly thought it was used for indexing/ordering in the table, but now it is clear that it serves a different purpose. I apologize for taking up your time.

No no, it's alright, we are all here to understand and evaluate each other's code. Please feel free to ask anything!
Moreover, the question about details_json was important, I made a decision to try a bit another version of db tables, where we keep all unchangeable and unnecessary for select fields in details_json, while other fields will be kept in separate db fields (actually the same tables view as we have now, but another logic for details_json). This way should make the update some specific field process easier, bcz we dont need anymore to get rust structures from db first, update them and update db tables next.
Although it can affect get process bcz we have to fetch all fields from db to get rust structure, the code maintenance should get easier.

[ca333]

secure code reviewed - no malicious bits detected

[DeckerSU]

LGTM from a security standpoint. However, the review did not cover the swap protocol upgrade (swap proto v2 changes) and watcher related components. I am not very familiar with the logic it should implement, so I cannot properly assess it from my perspective.