Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: check for correct signer in PFB construction #4027

Merged
merged 3 commits into from
Nov 8, 2024

Conversation

cmwaters
Copy link
Contributor

@cmwaters cmwaters commented Nov 7, 2024

We already check this in CheckTx and ProcessProposal. This adds the same check to the client side construction so it errors before being submitted to the network. (the check being that the signer in the blob and the actual signer of the PFB are the same)

@cmwaters cmwaters requested a review from a team as a code owner November 7, 2024 16:14
@cmwaters cmwaters requested review from staheri14 and ninabarbakadze and removed request for a team November 7, 2024 16:14
@celestia-bot celestia-bot requested a review from a team November 7, 2024 16:14
Copy link
Contributor

coderabbitai bot commented Nov 7, 2024

📝 Walkthrough
📝 Walkthrough

Walkthrough

The changes in this pull request involve modifications to the CreatePayForBlobs method in the Signer struct and the NewMsgPayForBlobs function in the payforblob.go file. The validation step for blobs has been removed from the CreatePayForBlobs method, allowing the creation of transaction messages without prior validation. In contrast, the NewMsgPayForBlobs function has been updated to enhance validation logic, including a new function for validating blob share versions, which checks compliance with signing rules. These changes alter error handling and validation processes related to blob transactions.

Changes

File Path Change Summary
pkg/user/signer.go Removed validation call to blobtypes.ValidateBlobs(blobs...) in CreatePayForBlobs method.
x/blob/types/payforblob.go Updated parameter name from version to appVersion in NewMsgPayForBlobs. Added error handling for signer conversion and a new ValidateBlobShareVersion function for blob validation.
app/test/check_tx_test.go Updated TestCheckTx to use correct signer address for blob transactions and enhanced transaction creation logic.
app/test/process_proposal_test.go Added new test cases to TestProcessProposal to cover various blob transaction scenarios, including validation for invalid signatures and oversized transactions.

Possibly related PRs

  • feat: add multi-account support #3433: This PR introduces multi-account support in the Signer, which is directly related to the changes in the CreatePayForBlobs method in the main PR, as it modifies how transactions are created with different accounts.
  • feat: limit the number of messages in prepare proposal #3942: This PR enhances the transaction preparation process, including limits on the number of messages, which is relevant to the changes in the CreatePayForBlobs method as it affects how blob transactions are handled during proposal preparation.
  • chore: optimize checkTx #3954: This PR optimizes the checkTx function, which may relate to the overall transaction handling and validation processes impacted by the changes in the CreatePayForBlobs method.

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

‼️ IMPORTANT
Auto-reply has been disabled for this repository in the CodeRabbit settings. The CodeRabbit bot will not respond to your replies unless it is explicitly tagged.

  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (2)
x/blob/types/payforblob.go (2)

46-61: LGTM with a minor suggestion for error handling.

The enhanced validation flow and parameter rename improve clarity and correctness. Consider wrapping the AccAddressFromBech32 error for better context.

 signerBytes, err := sdk.AccAddressFromBech32(signer)
 if err != nil {
-    return nil, err
+    return nil, fmt.Errorf("invalid signer address: %w", err)
 }

232-240: Consider improving readability of the validation logic.

While the implementation is functionally correct, the condition could be more intuitive, and the error message could be more user-friendly.

 func ValidateBlobShareVersion(signer sdk.AccAddress, blobs ...*share.Blob) error {
     for _, blob := range blobs {
-        if blob.ShareVersion() != share.ShareVersionOne && !bytes.Equal(blob.Signer(), []byte(signer)) {
-            return ErrInvalidBlobSigner.Wrapf("blob signer %X does not match msgPFB signer %X", blob.Signer(), signer)
+        // For ShareVersionOne, validate that the blob signer matches the message signer
+        if blob.ShareVersion() == share.ShareVersionOne && !bytes.Equal(blob.Signer(), []byte(signer)) {
+            return ErrInvalidBlobSigner.Wrapf(
+                "invalid signer for ShareVersionOne blob: expected %s, got %s",
+                signer.String(),
+                sdk.AccAddress(blob.Signer()).String(),
+            )
         }
     }
     return nil
 }
📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 7ba7f3b and 8d52f4f.

📒 Files selected for processing (2)
  • pkg/user/signer.go (0 hunks)
  • x/blob/types/payforblob.go (3 hunks)
💤 Files with no reviewable changes (1)
  • pkg/user/signer.go
🔇 Additional comments (1)
x/blob/types/payforblob.go (1)

4-4: LGTM: Import addition is appropriate.

The "bytes" import is correctly added and used for byte comparison in the new validation function.

Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (2)
app/test/check_tx_test.go (1)

192-203: LGTM! Consider enhancing test readability.

The test case correctly verifies that CheckTx rejects transactions where the blob's signer doesn't match the transaction signer. The implementation properly isolates the test variable by first creating a valid transaction and then modifying only the signer.

Consider adding a comment explaining the test strategy to make it more maintainable:

 getTx: func() []byte {
        signer := createSigner(t, kr, accs[10], encCfg.TxConfig, 11)
+       // First create a valid blob and transaction
        blob, err := share.NewV1Blob(share.RandomBlobNamespace(), []byte("data"), signer.Account(accs[10]).Address())
        require.NoError(t, err)
        blobTx, _, err := signer.CreatePayForBlobs(accs[10], []*share.Blob{blob}, opts...)
        require.NoError(t, err)

+       // Replace the blob with one that has a different signer
        blob, err = share.NewV1Blob(share.RandomBlobNamespace(), []byte("data"), testnode.RandomAddress().(sdk.AccAddress))
        require.NoError(t, err)
app/test/process_proposal_test.go (1)

324-326: Add a comment to clarify the purpose of modifying msg.Signer

Modifying msg.Signer after creation may be non-obvious to readers. Since this test aims to simulate a message with an invalid signer, consider adding a comment to explain the intention behind overwriting the Signer field.

Apply this diff to add a clarifying comment:

 msg, err := blobtypes.NewMsgPayForBlobs(falseAddr.String(), appconsts.LatestVersion, blob)
 require.NoError(t, err)
+ // Overwrite the Signer to simulate an invalid signer scenario
 msg.Signer = addr.String()
📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 8d52f4f and 940492d.

📒 Files selected for processing (3)
  • app/test/check_tx_test.go (1 hunks)
  • app/test/process_proposal_test.go (1 hunks)
  • x/blob/types/payforblob.go (3 hunks)
🔇 Additional comments (3)
x/blob/types/payforblob.go (3)

46-46: LGTM: Parameter name change improves clarity.

The rename from version to appVersion better reflects the parameter's purpose as the application version used in commitment creation.


52-60: LGTM: Early signer validation enhances security.

The new validation logic properly converts and validates the signer address before proceeding with expensive operations like commitment creation. This aligns with the PR's objective to catch signer mismatches early in the transaction process.


232-240: Document ShareVersion validation rules.

While the validation for ShareVersionOne is clear, it would be helpful to document why ShareVersionZero blobs don't require signer validation. Consider adding a comment explaining the different validation rules for each share version.

Let's verify the share version usage across the codebase:

Comment on lines -95 to -97
if err := blobtypes.ValidateBlobs(blobs...); err != nil {
return nil, 0, err
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is just redundant, correct?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yup, it's called below in NewMsgPayForBlobs

@cmwaters cmwaters merged commit 55247cb into main Nov 8, 2024
29 checks passed
@cmwaters cmwaters deleted the cal/blob-signer-err branch November 8, 2024 12:17
rach-id pushed a commit that referenced this pull request Nov 26, 2024
We already check this in `CheckTx` and `ProcessProposal`. This adds the
same check to the client side construction so it errors before being
submitted to the network. (the check being that the signer in the blob
and the actual signer of the PFB are the same)

(cherry picked from commit 55247cb)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants