Merge pull request #3805 from sisuresh/key-validation

Footprint validation

Reviewed-by: dmkozh

src/herder/test/HerderTests.cpp

@@ -1619,15 +1619,15 @@ TEST_CASE("surge pricing", "[herder][txset]")
                 auto write = rand_uniform<uint32_t>(
                     0, std::min(conf.txMaxWriteLedgerEntries(),
                                 (conf.txMaxReadLedgerEntries() - read)));
-                for (auto const& key : LedgerTestUtils::
-                         generateValidLedgerEntryKeysWithExclusions(
-                             {CONFIG_SETTING}, write))
+                for (auto const& key :
+                     LedgerTestUtils::generateUniqueValidSorobanLedgerEntryKeys(
+                         write))
                 {
                     res.footprint.readWrite.emplace_back(key);
                 }
-                for (auto const& key : LedgerTestUtils::
-                         generateValidLedgerEntryKeysWithExclusions(
-                             {CONFIG_SETTING}, read))
+                for (auto const& key :
+                     LedgerTestUtils::generateUniqueValidSorobanLedgerEntryKeys(
+                         read))
                 {
                     res.footprint.readOnly.emplace_back(key);
                 }

src/ledger/test/LedgerTestUtils.cpp

@@ -635,6 +635,14 @@ generateValidLedgerEntryKeysWithExclusions(
     }
     return keys;
 }
+#ifdef ENABLE_NEXT_PROTOCOL_VERSION_UNSAFE_FOR_PRODUCTION
+std::vector<LedgerKey>
+generateUniqueValidSorobanLedgerEntryKeys(size_t n)
+{
+    return LedgerTestUtils::generateValidUniqueLedgerEntryKeysWithExclusions(
+        {OFFER, DATA, CLAIMABLE_BALANCE, LIQUIDITY_POOL, CONFIG_SETTING}, n);
+}
+#endif
 
 std::vector<LedgerKey>
 generateValidUniqueLedgerEntryKeysWithExclusions(

src/ledger/test/LedgerTestUtils.h

@@ -46,6 +46,10 @@ std::vector<LedgerEntry> generateValidUniqueLedgerEntries(size_t n);
 std::vector<LedgerKey> generateValidLedgerEntryKeysWithExclusions(
     std::unordered_set<LedgerEntryType> const& excludedTypes, size_t n);
 
+#ifdef ENABLE_NEXT_PROTOCOL_VERSION_UNSAFE_FOR_PRODUCTION
+std::vector<LedgerKey> generateUniqueValidSorobanLedgerEntryKeys(size_t n);
+#endif
+
 std::vector<LedgerKey> generateValidUniqueLedgerEntryKeysWithExclusions(
     std::unordered_set<LedgerEntryType> const& excludedTypes, size_t n);
 

src/transactions/InvokeHostFunctionOpFrame.cpp

@@ -507,6 +507,15 @@ InvokeHostFunctionOpFrame::doCheckValid(SorobanNetworkConfig const& config,
     {
         return false;
     }
+    if (hostFn.type() == HOST_FUNCTION_TYPE_CREATE_CONTRACT)
+    {
+        auto const& preimage = hostFn.createContract().contractIDPreimage;
+        if (preimage.type() == CONTRACT_ID_PREIMAGE_FROM_ASSET &&
+            !isAssetValid(preimage.fromAsset(), ledgerVersion))
+        {
+            return false;
+        }
+    }
     return true;
 }
 

src/transactions/RevokeSponsorshipOpFrame.cpp

@@ -45,7 +45,7 @@ getAccountID(LedgerEntry const& le)
     case CLAIMABLE_BALANCE:
         return *le.ext.v1().sponsoringID;
     default:
-        abort();
+        throw std::runtime_error("Invalid key type");
     }
 }
 
@@ -434,6 +434,7 @@ RevokeSponsorshipOpFrame::doCheckValid(uint32_t ledgerVersion)
         case LIQUIDITY_POOL:
 #ifdef ENABLE_NEXT_PROTOCOL_VERSION_UNSAFE_FOR_PRODUCTION
         case CONTRACT_DATA:
+        case CONTRACT_CODE:
         case CONFIG_SETTING:
 #endif
             innerResult().code(REVOKE_SPONSORSHIP_MALFORMED);

src/transactions/SponsorshipUtils.cpp

@@ -205,6 +205,7 @@ computeMultiplier(LedgerEntry const& le)
 #ifdef ENABLE_NEXT_PROTOCOL_VERSION_UNSAFE_FOR_PRODUCTION
     case CONFIG_SETTING:
     case CONTRACT_DATA:
+    case CONTRACT_CODE:
 #endif
     case LIQUIDITY_POOL:
         throw std::runtime_error(
@@ -229,6 +230,7 @@ isSubentry(LedgerEntry const& le)
 #ifdef ENABLE_NEXT_PROTOCOL_VERSION_UNSAFE_FOR_PRODUCTION
     case CONTRACT_DATA:
     case CONFIG_SETTING:
+    case CONTRACT_CODE:
 #endif
     case LIQUIDITY_POOL:
         throw std::runtime_error(

src/transactions/TransactionFrame.cpp

@@ -586,8 +586,8 @@ TransactionFrame::validateSorobanOpsConsistency() const
 }
 
 bool
-TransactionFrame::validateSorobanResources(
-    SorobanNetworkConfig const& config) const
+TransactionFrame::validateSorobanResources(SorobanNetworkConfig const& config,
+                                           uint32_t protocolVersion) const
 {
     auto const& resources = sorobanResources();
     auto const& readEntries = resources.footprint.readOnly;
@@ -615,16 +615,56 @@ TransactionFrame::validateSorobanResources(
     {
         return false;
     }
+    auto footprintKeyIsValid = [&](LedgerKey const& key) -> bool {
+        if (isSorobanExtEntry(key))
+        {
+            return false;
+        }
+
+        switch (key.type())
+        {
+        case ACCOUNT:
+        case CONTRACT_DATA:
+        case CONTRACT_CODE:
+            break;
+        case TRUSTLINE:
+        {
+            auto const& tl = key.trustLine();
+            if (!isAssetValid(tl.asset, protocolVersion) ||
+                (tl.asset.type() == ASSET_TYPE_NATIVE) ||
+                isIssuer(tl.accountID, tl.asset))
+            {
+                return false;
+            }
+            break;
+        }
+        case OFFER:
+        case DATA:
+        case CLAIMABLE_BALANCE:
+        case LIQUIDITY_POOL:
+        case CONFIG_SETTING:
+            return false;
+        default:
+            throw std::runtime_error("unknown ledger key type");
+        }
+
+        if (xdr::xdr_size(key) > config.maxContractDataKeySizeBytes())
+        {
+            return false;
+        }
+
+        return true;
+    };
     for (auto const& lk : readEntries)
     {
-        if (xdr::xdr_size(lk) > config.maxContractDataKeySizeBytes())
+        if (!footprintKeyIsValid(lk))
         {
             return false;
         }
     }
     for (auto const& lk : writeEntries)
     {
-        if (xdr::xdr_size(lk) > config.maxContractDataKeySizeBytes())
+        if (!footprintKeyIsValid(lk))
         {
             return false;
         }
@@ -923,7 +963,7 @@ TransactionFrame::commonValidPreSeqNum(Application& app, AbstractLedgerTxn& ltx,
         }
         auto const& sorobanConfig =
             app.getLedgerManager().getSorobanNetworkConfig(ltx);
-        if (!validateSorobanResources(sorobanConfig))
+        if (!validateSorobanResources(sorobanConfig, ledgerVersion))
         {
             getResult().result.code(txSOROBAN_RESOURCE_LIMIT_EXCEEDED);
             return false;

src/transactions/TransactionFrame.h

@@ -136,7 +136,8 @@ class TransactionFrame : public TransactionFrameBase
 
 #ifdef ENABLE_NEXT_PROTOCOL_VERSION_UNSAFE_FOR_PRODUCTION
     bool validateSorobanOpsConsistency() const;
-    bool validateSorobanResources(SorobanNetworkConfig const& config) const;
+    bool validateSorobanResources(SorobanNetworkConfig const& config,
+                                  uint32_t protocolVersion) const;
     void refundSorobanFee(uint32_t protocolVersion,
                           SorobanNetworkConfig const& sorobanConfig,
                           Config const& cfg, AbstractLedgerTxn& ltx);

src/transactions/test/TxEnvelopeTests.cpp

@@ -2531,9 +2531,8 @@ TEST_CASE("soroban transaction validation", "[tx][envelope][soroban]")
     resources.extendedMetaDataSizeBytes =
         InitialSorobanNetworkConfig::TX_MAX_EXTENDED_META_DATA_SIZE_BYTES;
 
-    auto keys =
-        LedgerTestUtils::generateValidUniqueLedgerEntryKeysWithExclusions(
-            {}, InitialSorobanNetworkConfig::TX_MAX_READ_LEDGER_ENTRIES);
+    auto keys = LedgerTestUtils::generateUniqueValidSorobanLedgerEntryKeys(
+        InitialSorobanNetworkConfig::TX_MAX_READ_LEDGER_ENTRIES);
 
     resources.footprint.readWrite.assign(
         keys.begin(),