Skip to content

Validation errors (duplicated account) ignored in accounts-allowlist and empty list returned #7138

New issue
New issue
Closed
Closed
Validation errors (duplicated account) ignored in accounts-allowlist and empty list returned#7138
Labels
P5Very Low (ex: JSON-RPC json object response not ignoring null keys, typo on a CLI description)bugSomething isn't workinggood first issueGood for newcomersnon mainnet (private networks)not related to mainnet features - covers privacy, permissioning, IBFT2, QBFT
@aiza-fp

Description

@aiza-fp
aiza-fp
opened on May 23, 2024

Description

When an initial accounts-allowlist is defined, no exception is thrown if there are duplicated accounts. Other input validation errors are being ignored too.

Acceptance Criteria

  • If a validation error occurs an exception is thrown

Steps to Reproduce (Bug)

  1. Define a accounts-allowlist in the default permissions file or custom file where a duplicated account can be found.
  2. Start the node and use the PERM API to perm_getAccountsAllowlist (see example below).
  3. The result is an empty list (see example below).

Expected behavior: Get an exception that stops the node or ignore the duplicated account.

Actual behavior: It returns an empty list and it doesn't show a warning or throw an exception.

Frequency: 100%

Logs (if a bug)

No logs

Versions (Add all that apply)

  • Software version: 24.5.1
  • Java version: openjdk-java-21
  • OS Name & Version: linux-x86_64
  • Docker Version: 26.0.0

Additional Information - Example:

WORKS FINE:
accounts-allowlist=["0x4c3be0df1d9ff62856b721c13cefd1721b383bdc","0x432132e8561785c33afe931762cf8eeb9c80e3ad","0xcb88953e60948e3a76fa658d65b7c2d5043c6409","0xdd76406b124f9e3ae9fbeb47e4d8dc0ab143902d"]

RESULT:
$ curl -X POST --data '{"jsonrpc":"2.0","method":"perm_getAccountsAllowlist","params":[], "id":1}' http://127.0.0.1:8545
{"jsonrpc":"2.0","id":1,"result":["0x4c3be0df1d9ff62856b721c13cefd1721b383bdc","0x432132e8561785c33afe931762cf8eeb9c80e3ad","0xcb88953e60948e3a76fa658d65b7c2d5043c6409","0xdd76406b124f9e3ae9fbeb47e4d8dc0ab143902d"]}

MODIFIED, WITH DUPLICATED ACCOUNT
accounts-allowlist=["0x4c3be0df1d9ff62856b721c13cefd1721b383bdc","0x432132e8561785c33afe931762cf8eeb9c80e3ad","0xcb88953e60948e3a76fa658d65b7c2d5043c6409","0x432132E8561785c33Afe931762cf8EEb9c80E3aD"]

RESULT:
$ curl -X POST --data '{"jsonrpc":"2.0","method":"perm_getAccountsAllowlist","params":[], "id":1}' http://127.0.0.1:8545
{"jsonrpc":"2.0","id":1,"result":[]}

The bug is in the file AccountLocalConfigPermissioningController.java, methods readAccountsFromConfig and addAccounts because they are not taking into account the result returned by addAccounts. Errors returned by inputValidation are ignored.

Metadata

Metadata

Assignees

No one assigned

    Labels

    P5Very Low (ex: JSON-RPC json object response not ignoring null keys, typo on a CLI description)bugSomething isn't workinggood first issueGood for newcomersnon mainnet (private networks)not related to mainnet features - covers privacy, permissioning, IBFT2, QBFT

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions