Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

perf(drive)!: verify instant lock signatures with Drive #1875

Merged
merged 51 commits into from
Jun 23, 2024
Merged

perf(drive)!: verify instant lock signatures with Drive #1875

merged 51 commits into from
Jun 23, 2024

Conversation

shumkov
Copy link
Member

@shumkov shumkov commented Jun 5, 2024
edited
Loading

Issue being fixed or feature implemented

Core RPC was never designed for public access and according to our tests is a weak point in the system. Under the load, instant lock signature verification takes seconds. Since users can trigger signature verification via invalid IdentityCreateTransition for free, this open a DoS attack vector.

What was done?

  • Own implementation of Instant Lock signature verification for InstantAssetLockProof without calling Core RPC
  • Introduced support for DIP24 rotating quorums
  • Base config network in dashmate changed to mainnet
  • Updated quorums configuration for local, testnet and mainnet
  • Added missing logging for invalid asset lock based state transitions
  • Updated invalid signature error for better verbosity
  • Fixed internal error if chain lock signature is not valid

How Has This Been Tested?

  • Unit tests skip instant lock signature verification with disable_instant_lock_signature_verification test config option.
  • Implemented Instant Lock quorums and signing in strategy tests
  • Updated run_chain_top_up_identities to use InstantLock singing with DIP24 rotating quorums
  • Updated run_chain_insert_one_new_identity_per_block_with_block_signing to use InstantLock singing with DIP8 classic quorums
  • With test suite against local network
  • With test suite against a devnet

Breaking Changes

InstantAssetLockProof might give different validation results, since our implementation supports only recent signatures, compared with Core RPC. This means the previous blockchain data might become invalid.

Checklist:

  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have added or updated relevant unit/integration/functional/e2e tests
  • I have added "!" to the title and described breaking changes in the corresponding section if my code contains any
  • I have made corresponding changes to the documentation if needed

For repository code-owners and collaborators only

  • I have assigned this pull request to a milestone

shumkov added 18 commits May 31, 2024 13:00
@shumkov
refactor: encapsulate chain lock validation quorum logic to be reused
85f2233
@shumkov
feat: introduce CoreQuorumSet
731673a
@shumkov
feat: verify recent instant lock signatures locally
6289886
@shumkov
feat: update instant lock quorums
10b982f
@shumkov
test: mock instant lock verification
ec321d3
@shumkov
test: implement instant lock signing
a3423f9
@shumkov
fix: return error if signature is not valid
dd3165e
@shumkov
docs: add todo for non-determinism issue
0c3425d
@shumkov
fix: non-deterministic quorum index is used
98a9e60
@shumkov
chore: log state transition validation result for asset lock based STs
eb43aa7
@shumkov
docs: add todo to have more verbose error
9102d0f
@shumkov
refactor: cleanup quorum set
0c6b1c6
@shumkov
fix: invalid selection logic for rotating quorums
ef8a001
@shumkov
test: fix instant lock signing logic in strategy tests
e14f9b7
@shumkov
chore(dashmate): update with new configuration
8842a22
@shumkov
chore(dashmate): add missing rotation option and correct llmq type
3260d80
@shumkov
docs: add todo for a bug
3462a77
@shumkov
chore: enhance logging for IS lock signature verification
d88fda3
@shumkov shumkov marked this pull request as ready for review June 7, 2024 07:42
@shumkov shumkov requested a review from QuantumExplorer as a code owner June 7, 2024 07:42
@shumkov shumkov changed the title perf(drive): verify instant lock signatures with Drive perf(drive): verify instant lock signatures with Drive [WIP] Jun 7, 2024
@shumkov shumkov changed the base branch from refactor/validating-quorums to v1.0-dev June 7, 2024 07:43
@shumkov shumkov changed the title perf(drive): verify instant lock signatures with Drive perf(drive)!: verify instant lock signatures with Drive Jun 14, 2024
@shumkov shumkov added this to the v1.0.0 milestone Jun 14, 2024
shumkov added 18 commits June 18, 2024 21:51
@shumkov
style: unused import
016afc3
@shumkov
revert: remove non-determinism fix
3c71b37
@shumkov
refactor: rename select_quorums
fc51742
@shumkov
refactor: core_instant_lock -> core_instant_send_lock
7b1c6e7
@shumkov
chore: exclude the testing config for production
b9f765a
@shumkov
refactor: CoreQuorumSet to VerificationQuorumSet
2a47154
@shumkov
refactoring: more renamings
e2b551f
@shumkov
fix: outdated name
654b67e
@shumkov
fix: commit signature verification is disabled by default
e5a1114
@shumkov
revert: quorum index update
828bf7e
@shumkov
fix: block is not signing by default
0684d6c
@shumkov
chore: kick off CI
53e84c6
@shumkov
ci: show Rust formatting output
5856674
@shumkov
ci: improve formatting output
7dc94a6
@shumkov
Merge branch 'v1.0-dev' into perf/drve/validate-is-locks
496eda5
@shumkov
ci: fix formatting task
7378e31
@shumkov
Merge remote-tracking branch 'origin/perf/drve/validate-is-locks' int…
93eb706 
…o perf/drve/validate-is-locks
@shumkov
style: fix formatting
a328355
QuantumExplorer
QuantumExplorer requested changes Jun 23, 2024
View reviewed changes
packages/rs-drive-abci/src/mimic/mod.rs Outdated Show resolved Hide resolved
.../rs-drive-abci/src/execution/platform_events/core_based_updates/update_quorum_info/v0/mod.rs Outdated
Comment on lines 219 to 226
self.update_quorums(
QuorumSetType::InstantLock(instant_lock_quorum_type),
block_platform_state,
platform_state,
&extended_quorum_list,
is_validator_set_updated,
core_block_height,
)?;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would do this only if instant_lock_quorum_type is different to chain_lock_quorum_type right?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed

.../rs-drive-abci/src/execution/platform_events/core_based_updates/update_quorum_info/v0/mod.rs Outdated

use crate::platform_types::validator_set::v0::{ValidatorSetV0, ValidatorSetV0Getters};
use crate::platform_types::validator_set::v0::{
ValidatorSetV0, ValidatorSetV0Getters, ValidatorSetV0Setters,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

unused

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed

...drive-abci/src/execution/platform_events/core_chain_lock/verify_chain_lock_locally/v0/mod.rs Show resolved Hide resolved
@shumkov
Copy link
Member Author

shumkov commented Jun 23, 2024

Agreed with @QuantumExplorer that I will merge this PR and he will do a post review of the recent two changes later.

@shumkov shumkov merged commit a89d854 into v1.0-dev Jun 23, 2024
119 checks passed
@shumkov shumkov deleted the perf/drve/validate-is-locks branch June 23, 2024 12:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@QuantumExplorer QuantumExplorer QuantumExplorer requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.0.0
Development

Successfully merging this pull request may close these issues.
2 participants
@shumkov @QuantumExplorer