Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Gettotalsupply #1447

Closed
wants to merge 5 commits into from
Closed
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
87 changes: 86 additions & 1 deletion src/rpc/misc.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -1582,12 +1582,96 @@ UniValue gettotalsupply(const JSONRPCRequest& request)
if(!pblocktree->ReadTotalSupply(total))
throw JSONRPCError(RPC_DATABASE_ERROR, "Cannot read the total supply from the database. This functionality requires -addressindex to be enabled. Enabling -addressindex requires reindexing.");

total += 49839700000000; // The actual amount of coins forged during the Zerocoin attacks (the negative balance after the pool closed), you can verify the number by calling getzerocoinpoolbalance rpc
total += 3131972000000; // The remaining amount of forged coins during CVE-2018-17144 attacks, after subtracting locked coins and burnt Coins sent to unrecoverable address https://explorer.firo.org/tx/0b53178c1b22bae4c04ef943ee6d6d30f2483327fe9beb54952951592e8ce368

Comment on lines +1585 to +1587
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Clarify the hardcoded values in the gettotalsupply function.

The function now includes hardcoded values to adjust for historical discrepancies due to attacks. It's crucial to document the source and calculation method of these values for future reference and auditability.

UniValue result(UniValue::VOBJ);
result.push_back(Pair("total", total));

return result;
}

UniValue getzerocoinpoolbalance(const JSONRPCRequest& request)
{
if (request.fHelp || request.params.size() != 0)
throw std::runtime_error(
"getzerocoinpoolbalance\n"
"\nReturns the total coin amount, which remains after zerocoin pool closed.\n"
"\nArguments: none\n"
"\nResult:\n"
"{\n"
" \"total\" (string) The total balance\n"
"}\n"
"\nExamples:\n"
+ HelpExampleCli("getzerocoinpoolbalance", "")
+ HelpExampleRpc("getzerocoinpoolbalance", "")
);

CAmount nTotalAmount = 0;

// Iterate over all mints
std::vector<std::pair<CAddressIndexKey, CAmount> > addressIndex;
if (GetAddressIndex(uint160(), AddressType::zerocoinMint, addressIndex)) {
for (std::vector<std::pair<CAddressIndexKey, CAmount> >::const_iterator it=addressIndex.begin(); it!=addressIndex.end(); it++) {
nTotalAmount += it->second;
}
}
addressIndex.clear();

// Iterate over all spends
if (GetAddressIndex(uint160(), AddressType::zerocoinSpend, addressIndex)) {
for (std::vector < std::pair < CAddressIndexKey, CAmount > > ::const_iterator it = addressIndex.begin();
it != addressIndex.end(); it++) {
nTotalAmount += it->second;
}
}

return UniValue(nTotalAmount);
}
Comment on lines +1594 to +1630
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tip

Codebase Verification

The GetAddressIndex function includes basic error handling to check if the address index is enabled and to handle read failures. However, the getzerocoinpoolbalance function does not include error handling for cases where GetAddressIndex might fail.

Consider adding error handling for GetAddressIndex calls in getzerocoinpoolbalance.

  • File: src/rpc/misc.cpp
  • Lines: 1594-1630
Analysis chain

Review the implementation of getzerocoinpoolbalance.

This function calculates the remaining balance of the Zerocoin pool. It's important to ensure that the address index data used for calculations is accurate and up-to-date. Additionally, consider adding error handling for cases where GetAddressIndex might fail.

Scripts executed

The following scripts were executed for the analysis:


Script:

#!/bin/bash
# Description: Verify that GetAddressIndex is retrieving accurate data.

# Test: Check if GetAddressIndex returns expected results. Expect: Valid and accurate data.
rg --type cpp "GetAddressIndex" src/

Length of output: 972



Script:

#!/bin/bash
# Retrieve the implementation of GetAddressIndex from src/validation.cpp and src/validation.h
ast-grep --lang cpp --pattern 'bool GetAddressIndex($_, $_, $_)' 

Length of output: 66



Script:

#!/bin/bash
# Use rg to find the exact location of GetAddressIndex in src/validation.cpp
rg --type cpp "GetAddressIndex" src/validation.cpp

# Display the implementation of GetAddressIndex from src/validation.cpp
rg --type cpp -A 20 "bool GetAddressIndex" src/validation.cpp

Length of output: 966


UniValue getCVE17144amount(const JSONRPCRequest& request)
{
if (request.fHelp || request.params.size() != 0)
throw std::runtime_error(
"getCVE17144amount\n"
"\nReturns the total amount of forged coins during CVE-2018-17144 attacks.\n"
"\nArguments: none\n"
"\nResult:\n"
"{\n"
" \"total\" (string) The total balance\n"
"}\n"
"\nExamples:\n"
+ HelpExampleCli("getCVE17144amount", "")
+ HelpExampleRpc("getCVE17144amount", "")
);
// as the attack happened at block 293526,
// get the block
CBlockIndex *mintBlock = chainActive[293526];
CBlock block;
if (!ReadBlockFromDisk(block, mintBlock, ::Params().GetConsensus())) {
throw std::runtime_error(std::string("can't read block from disk, "));
}
CAmount amount = 0;
for (CTransactionRef tx : block.vtx) {
std::set<COutPoint> vInOutPoints;
if (!tx->IsCoinBase() && !tx->HasNoRegularInputs()) {
std::set<COutPoint> vInOutPoints;
for (const auto& txin : tx->vin)
{
if (!vInOutPoints.insert(txin.prevout).second) {
CTransactionRef tx;
uint256 hashBlock;
if (!GetTransaction(txin.prevout.hash, tx, Params().GetConsensus(), hashBlock, true)) {
continue;
}
amount += tx->vout[txin.prevout.n].nValue;
}
}
}
}
return amount;
Comment on lines +1632 to +1672
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Check calculation logic in getCVE17144amount.

The function calculates the total forged coins during the CVE-2018-17144 attacks. It's crucial to ensure that the block data is read correctly and that the transaction inputs are uniquely counted. The current implementation might double-count inputs due to the redeclaration of vInOutPoints inside the loop.

-            std::set<COutPoint> vInOutPoints;
+            vInOutPoints.clear();
Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
UniValue getCVE17144amount(const JSONRPCRequest& request)
{
if (request.fHelp || request.params.size() != 0)
throw std::runtime_error(
"getCVE17144amount\n"
"\nReturns the total amount of forged coins during CVE-2018-17144 attacks.\n"
"\nArguments: none\n"
"\nResult:\n"
"{\n"
" \"total\" (string) The total balance\n"
"}\n"
"\nExamples:\n"
+ HelpExampleCli("getCVE17144amount", "")
+ HelpExampleRpc("getCVE17144amount", "")
);
// as the attack happened at block 293526,
// get the block
CBlockIndex *mintBlock = chainActive[293526];
CBlock block;
if (!ReadBlockFromDisk(block, mintBlock, ::Params().GetConsensus())) {
throw std::runtime_error(std::string("can't read block from disk, "));
}
CAmount amount = 0;
for (CTransactionRef tx : block.vtx) {
std::set<COutPoint> vInOutPoints;
if (!tx->IsCoinBase() && !tx->HasNoRegularInputs()) {
std::set<COutPoint> vInOutPoints;
for (const auto& txin : tx->vin)
{
if (!vInOutPoints.insert(txin.prevout).second) {
CTransactionRef tx;
uint256 hashBlock;
if (!GetTransaction(txin.prevout.hash, tx, Params().GetConsensus(), hashBlock, true)) {
continue;
}
amount += tx->vout[txin.prevout.n].nValue;
}
}
}
}
return amount;
for (CTransactionRef tx : block.vtx) {
std::set<COutPoint> vInOutPoints;
if (!tx->IsCoinBase() && !tx->HasNoRegularInputs()) {
vInOutPoints.clear();
for (const auto& txin : tx->vin)
{
if (!vInOutPoints.insert(txin.prevout).second) {
CTransactionRef tx;
uint256 hashBlock;
if (!GetTransaction(txin.prevout.hash, tx, Params().GetConsensus(), hashBlock, true)) {
continue;
}
amount += tx->vout[txin.prevout.n].nValue;
}
}
}
}

}

UniValue getinfoex(const JSONRPCRequest& request)
{
if (request.fHelp || request.params.size() != 0)
Expand Down Expand Up @@ -1713,7 +1797,8 @@ static const CRPCCommand commands[] =
/* Not shown in help */
{ "hidden", "getinfoex", &getinfoex, false },
{ "addressindex", "gettotalsupply", &gettotalsupply, false },

{ "addressindex", "getzerocoinpoolbalance", &getzerocoinpoolbalance, false },
{ "addressindex", "getCVE17144amount", &getCVE17144amount, false },
/* Mobile related */
{ "mobile", "getanonymityset", &getanonymityset, false },
{ "mobile", "getmintmetadata", &getmintmetadata, true },
Expand Down
Loading