fix: check validity of asset-locked amount in coin base tx for new block

Author: knst

src/evo/creditpool.cpp

@@ -251,6 +251,18 @@ CCreditPoolDiff::CCreditPoolDiff(CCreditPool starter, const CBlockIndex *pindex,
     assert(pindex);
 }
 
+bool CCreditPoolDiff::setTarget(const CTransaction& tx, TxValidationState& state)
+{
+    CCbTx cbTx;
+    if (!GetTxPayload(tx, cbTx)) {
+        return state.Invalid(TxValidationResult::TX_CONSENSUS, "bad-cbtx-payload");
+    }
+
+    if (cbTx.nVersion == 3) {
+        targetLocked = cbTx.assetLockedAmount;
+    }
+    return true;
+}
 
 bool CCreditPoolDiff::lock(const CTransaction& tx, TxValidationState& state)
 {
@@ -298,6 +310,8 @@ bool CCreditPoolDiff::unlock(const CTransaction& tx, TxValidationState& state)
 
 bool CCreditPoolDiff::processTransaction(const CTransaction& tx, TxValidationState& state) {
     if (tx.nVersion != 3) return true;
+    if (tx.nType == TRANSACTION_COINBASE) return setTarget(tx, state);
+
     if (tx.nType != TRANSACTION_ASSET_LOCK && tx.nType != TRANSACTION_ASSET_UNLOCK) return true;
 
     if (!CheckAssetLockUnlockTx(tx, pindex, this->pool, state)) {

src/evo/creditpool.h

@@ -104,6 +104,9 @@ class CCreditPoolDiff {
     CAmount sessionLocked{0};
     CAmount sessionUnlocked{0};
 
+    // target value is used to validate CbTx. If values mismatched, block is invalid
+    std::optional<CAmount> targetLocked;
+
     const CBlockIndex *pindex{nullptr};
 public:
     explicit CCreditPoolDiff(CCreditPool starter, const CBlockIndex *pindex, const Consensus::Params& consensusParams);
@@ -119,7 +122,16 @@ class CCreditPoolDiff {
         return pool.locked + sessionLocked - sessionUnlocked;
     }
 
+    const std::optional<CAmount>& getTargetLocked() const {
+        return targetLocked;
+    }
+
+    std::string ToString() const {
+        return strprintf("CCreditPoolDiff(target=%lld,sessionLocked=%lld,sessionUnlocked=%lld,newIndexes=%lld,pool=%s", getTargetLocked() ? *getTargetLocked() : -1, sessionLocked, sessionUnlocked, newIndexes.size(), pool.ToString());
+    }
+
 private:
+    bool setTarget(const CTransaction& tx, TxValidationState& state);
     bool lock(const CTransaction& tx, TxValidationState& state);
     bool unlock(const CTransaction& tx, TxValidationState& state);
 };

src/evo/specialtxman.cpp

@@ -156,6 +156,16 @@ bool ProcessSpecialTxsInBlock(const CBlock& block, const CBlockIndex* pindex, ll
                 return false;
             }
         }
+        if (creditPoolDiff) {
+            CAmount locked_proposed{0};
+            if(creditPoolDiff->getTargetLocked()) locked_proposed = *creditPoolDiff->getTargetLocked();
+
+            CAmount locked_calculated = creditPoolDiff->getTotalLocked();
+            if (locked_proposed != locked_calculated) {
+                LogPrintf("%s: mismatched locked amount in CbTx: %lld against re-calculated: %lld\n", __func__, locked_proposed, locked_calculated);
+                return state.Invalid(BlockValidationResult::BLOCK_CONSENSUS, "bad-cbtx-assetlocked-amount");
+            }
+        }
 
         int64_t nTime2 = GetTimeMicros();
         nTimeLoop += nTime2 - nTime1;

test/functional/feature_asset_locks.py

@@ -142,7 +142,7 @@ def check_mempool_result(self, result_expected, tx):
         assert_equal([result_expected], result_test)
         self.check_mempool_size()
 
-    def create_and_check_block(self, tx, expected_error = None):
+    def create_and_check_block(self, txes, expected_error = None):
         node = self.nodes[0]
         best_block_hash = node.getbestblockhash()
         best_block = node.getblock(best_block_hash)
@@ -151,8 +151,10 @@ def create_and_check_block(self, tx, expected_error = None):
         block_time = best_block["time"] + 1
 
         cbb = create_coinbase(height, dip4_activated=True, v20_activated=True)
+        cbb.calc_sha256()
         block = create_block(tip, cbb, block_time, version=3)
-        block.vtx.append(tx)
+        for tx in txes:
+            block.vtx.append(tx)
         block.hashMerkleRoot = block.calc_merkle_root()
         block.solve()
         result = node.submitblock(block.serialize().hex())
@@ -265,6 +267,10 @@ def run_test(self):
         assert_equal(get_credit_pool_amount(node), locked_1)
         self.sync_all()
 
+        self.log.info('Mine block with incorrect credit-poool value...')
+        extra_lock_tx = create_assetlock(node, coin, COIN, pubkey)
+        self.create_and_check_block([extra_lock_tx], expected_error = 'bad-cbtx-assetlocked-amount')
+
         self.log.info("Mine a quorum...")
         self.mine_quorum()
         assert_equal(get_credit_pool_amount(node), locked_1)
@@ -362,7 +368,7 @@ def run_test(self):
         assert_equal(get_credit_pool_amount(node), locked_1 - 3 * COIN)
 
         # Forcibly mine asset_unlock_tx_too_late and ensure block is invalid
-        self.create_and_check_block(asset_unlock_tx_too_late, expected_error = "bad-assetunlock-not-active-quorum")
+        self.create_and_check_block([asset_unlock_tx_too_late], expected_error = "bad-assetunlock-not-active-quorum")
 
         node.generate(1)
         self.sync_all()
@@ -384,7 +390,7 @@ def run_test(self):
         self.ensure_tx_is_not_mined(txid_in_block)
 
         # Forcibly mine asset_unlock_tx_full and ensure block is invalid
-        self.create_and_check_block(asset_unlock_tx_full, expected_error = "failed-creditpool-unlock-too-much")
+        self.create_and_check_block([asset_unlock_tx_full], expected_error = "failed-creditpool-unlock-too-much")
 
         self.mempool_size += 1
         asset_unlock_tx_full = create_assetunlock(node, self.mninfo, 301, get_credit_pool_amount(node), pubkey)
@@ -404,7 +410,7 @@ def run_test(self):
                 reason = "double index")
 
         # Forcibly mine asset_unlock_tx_full and ensure block is invalid
-        self.create_and_check_block(asset_unlock_tx_duplicate_index, expected_error = "bad-assetunlock-duplicated-index")
+        self.create_and_check_block([asset_unlock_tx_duplicate_index], expected_error = "bad-assetunlock-duplicated-index")
 
         self.log.info("Fast forward to the next day to reset all current unlock limits...")
         self.slowly_generate_batch(blocks_in_one_day  + 1)