Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validation of damaged consignment panics instead of error #254

Closed
zoedberg opened this issue Jun 13, 2024 · 4 comments · Fixed by #260
Closed

Validation of damaged consignment panics instead of error #254

zoedberg opened this issue Jun 13, 2024 · 4 comments · Fixed by #260
Assignees
@dr-orlovsky
Labels
bug Something isn't working
Milestone
v0.11.x

Comments

@zoedberg
Copy link
Contributor

I've manually edited a consignment and validation panicked.

In detail it panicked at panic!("provided {opid} is absent"); (https://github.com/RGB-WG/rgb-core/blob/master/src/validation/validator.rs#L224)

I think we should change this panic to an error and more in general we should avoid panicking during validation, otherwise an attacker can send invalid consignment on purpose to make a wallet panic.
@dr-orlovsky dr-orlovsky self-assigned this Jun 13, 2024
@dr-orlovsky
Copy link
Member

I agree on avoiding panics overall, but here It seems panic is necessary since it reveals a business-logic bug in validation code: the index of operations seems to be inconsistent. I need to debug: can you please provide details on how you have edited the consignment (or attach the consignment which doesn't work)?

@dr-orlovsky dr-orlovsky added the bug Something isn't working label Jun 13, 2024
@dr-orlovsky dr-orlovsky added this to the v0.11.x milestone Jun 13, 2024
@dr-orlovsky dr-orlovsky changed the title avoid panics during validation Validation of damaged consignment panics instead of error Jun 13, 2024
@dr-orlovsky dr-orlovsky moved this to In review in RGB release v0.11 Jun 16, 2024
@dr-orlovsky dr-orlovsky moved this from In review to Ready in RGB release v0.11 Jun 16, 2024
@St333p
Copy link
Contributor

St333p commented Jun 17, 2024

edited_consignment.zip
Here is the modified consignment that causes the panic (zipped since github does not support yaml). The chain entry of a correct consignment was changed to liquid.

Error message is:

thread 'validate_consignment_chain_fail' panicked at [...]rgb-core/src/validation/validator.rs:224:13:
provided 6952f2a77ae37c17742d80d1c0328539703258674aa815b7543d7eedb8d2f365 is absent

@crisdut
Copy link
Member

crisdut commented Jul 11, 2024

Looking at the implementation:

In the validation step, we use the IndexedConsignment structure. If we look at the method, which is called in line, we can conclude that either this OpId is equal to Genesis or was not indexed correctly at structure initialization.

@zoedberg can you provide the IndexedConsignment, please?

Also, @zoedberg It's not related to the error, but I noticed that your transition af2e0914c57bd299b30a38739968c1fd7baf41f102d06c46aff6641b4c7e9bee has the transitionType equal to 65535 instead of 10000

PS: This validation was recently added, see here.

@zoedberg
Copy link
Contributor Author

@zoedberg can you provide the IndexedConsignment, please?

You should be able to easily convert the provided yaml consignment to a IndexedConsignment

Also, @zoedberg It's not related to the error, but I noticed that your transition af2e0914c57bd299b30a38739968c1fd7baf41f102d06c46aff6641b4c7e9bee has the transitionType equal to 65535 instead of 10000

The consignment has been created using the upstream pay method, nothing custom has been done on my side. Do you think this is a bug?

@dr-orlovsky dr-orlovsky mentioned this issue Jul 11, 2024
Merged
@dr-orlovsky dr-orlovsky linked a pull request Jul 11, 2024 that will close this issue
Refactor validation status to match all other API changes #260
Merged
@github-project-automation github-project-automation bot moved this from Ready to Done in RGB release v0.11 Jul 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dr-orlovsky dr-orlovsky

Labels
bug Something isn't working
Projects
RGB release v0.11
Status: Done
Milestone
v0.11.x
Development

Successfully merging a pull request may close this issue.

Refactor validation status to match all other API changes RGB-WG/rgb-core
4 participants
@dr-orlovsky @crisdut @zoedberg @St333p