Merge branch 'dev' into fix/log4net-remote-executionv-ulnerability

Author: chopin-fan

.github/workflows/sonarqube.yaml

@@ -17,18 +17,19 @@ jobs:
       - name: Create temporary global.json
         run: echo '{"sdk":{"version":"8.0.*"}}' > ./global.json
       - name: Set up JDK 17
-        uses: actions/setup-java@v1
+        uses: actions/setup-java@v4
         with:
+          distribution: 'temurin'
           java-version: 17
       - name: Cache SonarQube packages
-        uses: actions/cache@v1
+        uses: actions/cache@v4
         with:
           path: ~/.sonar/cache
           key: ${{ runner.os }}-sonar
           restore-keys: ${{ runner.os }}-sonar
       - name: Cache SonarQube scanner
         id: cache-sonar-scanner
-        uses: actions/cache@v1
+        uses: actions/cache@v4
         with:
           path: ./.sonar/scanner
           key: ${{ runner.os }}-sonar-scanner

contract/AElf.Contracts.MultiToken/TokenContractState.cs

@@ -38,6 +38,7 @@ public partial class TokenContractState : ContractState
     public SingletonState<DeveloperFeeController> DeveloperFeeController { get; set; }
     public SingletonState<AuthorityInfo> SymbolToPayTxFeeController { get; set; }
     public SingletonState<AuthorityInfo> SideChainRentalController { get; set; }
+    public SingletonState<AuthorityInfo> TransferBlackListController { get; set; }
 
     /// <summary>
     ///     symbol -> address -> is in white list.
@@ -76,4 +77,6 @@ public partial class TokenContractState : ContractState
 
     // Alias -> Actual Symbol
     public MappedState<string, string> SymbolAliasMap { get; set; }
+
+    public MappedState<Address, bool> TransferBlackList { get; set; }
 }

contract/AElf.Contracts.MultiToken/TokenContract_Actions.cs

@@ -559,6 +559,7 @@ public override Empty RegisterCrossChainTokenContractAddress(RegisterCrossChainT
     /// <returns></returns>
     public override Empty CrossChainTransfer(CrossChainTransferInput input)
     {
+        Assert(!IsInTransferBlackListInternal(Context.Sender), "Sender is in transfer blacklist.");
         var tokenInfo = AssertValidToken(input.Symbol, input.Amount);
         AssertValidMemo(input.Memo);
         var issueChainId = GetIssueChainId(tokenInfo.Symbol);
@@ -849,4 +850,66 @@ private void CheckTokenAlias(string alias, string collectionSymbol)
         Assert(parts.Last() == TokenContractConstants.CollectionSymbolSuffix, "Incorrect collection symbol suffix.");
         Assert(alias == parts.First(), $"Alias for an item of {collectionSymbol} cannot be {alias}.");
     }
+
+    public override Empty AddToTransferBlackList(Address input)
+    {
+        AssertControllerForTransferBlackList();
+        Assert(input != null && !input.Value.IsNullOrEmpty(), "Invalid address.");
+        State.TransferBlackList[input] = true;
+        return new Empty();
+    }
+
+    public override Empty BatchAddToTransferBlackList(BatchAddToTransferBlackListInput input)
+    {
+        AssertControllerForTransferBlackList();
+        Assert(input != null && input.Addresses != null && input.Addresses.Count > 0, "Invalid input.");
+        
+        // Validate all addresses first
+        foreach (var address in input.Addresses)
+        {
+            Assert(address != null && !address.Value.IsNullOrEmpty(), "Invalid address.");
+        }
+        
+        // Remove duplicates and add to blacklist
+        var uniqueAddresses = input.Addresses.Distinct().ToList();
+        foreach (var address in uniqueAddresses)
+        {
+            State.TransferBlackList[address] = true;
+        }
+        
+        return new Empty();
+    }
+
+    public override Empty RemoveFromTransferBlackList(Address input)
+    {
+        // Removing from transfer blacklist requires higher security and response speed is not critical, 
+        // so it should be controlled by Parliament.
+        AssertSenderAddressWith(GetDefaultParliamentController().OwnerAddress);
+        Assert(input != null && !input.Value.IsNullOrEmpty(), "Invalid address.");
+        State.TransferBlackList[input] = false;
+        return new Empty();
+    }
+
+    public override Empty BatchRemoveFromTransferBlackList(BatchRemoveFromTransferBlackListInput input)
+    {
+        // Removing from transfer blacklist requires higher security and response speed is not critical, 
+        // so it should be controlled by Parliament.
+        AssertSenderAddressWith(GetDefaultParliamentController().OwnerAddress);
+        Assert(input != null && input.Addresses != null && input.Addresses.Count > 0, "Invalid input.");
+        
+        // Validate all addresses first
+        foreach (var address in input.Addresses)
+        {
+            Assert(address != null && !address.Value.IsNullOrEmpty(), "Invalid address.");
+        }
+        
+        // Remove duplicates and remove from blacklist
+        var uniqueAddresses = input.Addresses.Distinct().ToList();
+        foreach (var address in uniqueAddresses)
+        {
+            State.TransferBlackList[address] = false;
+        }
+        
+        return new Empty();
+    }
 }

contract/AElf.Contracts.MultiToken/TokenContract_Fees.cs

@@ -237,6 +237,7 @@ private void ModifyDelegation(TransactionFeeBill bill, TransactionFreeFeeAllowan
     private void ModifyBalance(Address fromAddress, TransactionFeeBill bill,
         TransactionFreeFeeAllowanceBill allowanceBill)
     {
+        Assert(!IsInTransferBlackListInternal(fromAddress), "Charge fee address is in transfer blacklist.");
         SetOrRefreshTransactionFeeFreeAllowances(fromAddress);
         var freeAllowancesMap = CalculateTransactionFeeFreeAllowances(fromAddress);
 

contract/AElf.Contracts.MultiToken/TokenContract_Helper.cs

@@ -98,6 +98,7 @@ private void AssertValidInputAddress(Address input)
 
     private void DoTransfer(Address from, Address to, string symbol, long amount, string memo = null)
     {
+        Assert(!IsInTransferBlackListInternal(from), "From address is in transfer blacklist.");
         Assert(from != to, "Can't do transfer to sender itself.");
         AssertValidMemo(memo);
         ModifyBalance(from, symbol, -amount);
@@ -419,4 +420,9 @@ private void SetTokenInfo(TokenInfo tokenInfo)
         var symbol = tokenInfo.Symbol;
         State.TokenInfos[symbol] = tokenInfo;
     }
+
+    private bool IsInTransferBlackListInternal(Address address)
+    {
+        return State.TransferBlackList[address];
+    }
 }

contract/AElf.Contracts.MultiToken/TokenContract_Method_Authorization.cs

@@ -87,6 +87,15 @@ public override Empty ChangeDeveloperController(AuthorityInfo input)
         return new Empty();
     }
 
+    public override Empty ChangeTransferBlackListController(AuthorityInfo input)
+    {
+        AssertSenderAddressWith(GetDefaultParliamentController().OwnerAddress);
+        var organizationExist = CheckOrganizationExist(input);
+        Assert(organizationExist, "Invalid authority input.");
+        State.TransferBlackListController.Value = input;
+        return new Empty();
+    }
+
     private void CreateReferendumControllerForUserFee(Address parliamentAddress)
     {
         State.ReferendumContract.CreateOrganizationBySystemContract.Send(
@@ -364,6 +373,13 @@ private AuthorityInfo GetDefaultSideChainRentalController(AuthorityInfo defaultP
         };
     }
 
+    private AuthorityInfo GetTransferBlackListController()
+    {
+        if (State.TransferBlackListController.Value == null)
+            return GetDefaultParliamentController();
+        return State.TransferBlackListController.Value;
+    }
+
     private void AssertDeveloperFeeController()
     {
         Assert(State.DeveloperFeeController.Value != null,
@@ -396,5 +412,11 @@ private void AssertControllerForSideChainRental()
         Assert(State.SideChainRentalController.Value.OwnerAddress == Context.Sender, "no permission");
     }
 
+    private void AssertControllerForTransferBlackList()
+    {
+        var controller = GetTransferBlackListController();
+        Assert(Context.Sender == controller.OwnerAddress, "No permission");
+    }
+
     #endregion
 }

contract/AElf.Contracts.MultiToken/TokenContract_Views.cs

@@ -292,4 +292,16 @@ private string GetActualTokenSymbol(string aliasOrSymbol)
 
         return aliasOrSymbol;
     }
+
+    [View]
+    public override BoolValue IsInTransferBlackList(Address input)
+    {
+        return new BoolValue { Value = State.TransferBlackList[input] };
+    }
+
+    [View]
+    public override AuthorityInfo GetTransferBlackListController(Empty input)
+    {
+        return GetTransferBlackListController();
+    }
 }

protobuf/token_contract_impl.proto

@@ -77,6 +77,10 @@ service TokenContractImpl {
     rpc ChangeDeveloperController (AuthorityInfo) returns (google.protobuf.Empty) {
     }
 
+    // Change the governance organization of the transfer blacklist management.
+    rpc ChangeTransferBlackListController (AuthorityInfo) returns (google.protobuf.Empty) {
+    }
+
     rpc ConfigTransactionFeeFreeAllowances (ConfigTransactionFeeFreeAllowancesInput) returns (google.protobuf.Empty) {
     }
 
@@ -136,6 +140,11 @@ service TokenContractImpl {
         option (aelf.is_view) = true;
     }
 
+    // Query the governance organization of the transfer blacklist management.
+    rpc GetTransferBlackListController (google.protobuf.Empty) returns (AuthorityInfo) {
+        option (aelf.is_view) = true;
+    }
+    
     // Compute the virtual address for locking.
     rpc GetVirtualAddressForLocking (GetVirtualAddressForLockingInput) returns (aelf.Address) {
         option (aelf.is_view) = true;
@@ -185,6 +194,27 @@ service TokenContractImpl {
 
     rpc ExtendSeedExpirationTime (ExtendSeedExpirationTimeInput) returns (google.protobuf.Empty) {
     }
+
+    // Add an address to the transfer blacklist. 
+    rpc AddToTransferBlackList (aelf.Address) returns (google.protobuf.Empty) {
+    }
+    
+    // Add multiple addresses to the transfer blacklist. 
+    rpc BatchAddToTransferBlackList (BatchAddToTransferBlackListInput) returns (google.protobuf.Empty) {
+    }
+
+    // Remove an address from the transfer blacklist. Only parliament owner can call this method.
+    rpc RemoveFromTransferBlackList (aelf.Address) returns (google.protobuf.Empty) {
+    }
+    
+    // Remove multiple addresses from the transfer blacklist. Only parliament owner can call this method.
+    rpc BatchRemoveFromTransferBlackList (BatchRemoveFromTransferBlackListInput) returns (google.protobuf.Empty) {
+    }
+
+    // Check if an address is in the transfer blacklist.
+    rpc IsInTransferBlackList (aelf.Address) returns (google.protobuf.BoolValue) {
+        option (aelf.is_view) = true;
+    }
 }
 
 message AdvanceResourceTokenInput {
@@ -460,4 +490,12 @@ message SeedExpirationTimeUpdated {
     string symbol = 2;
     int64 old_expiration_time = 3;
     int64 new_expiration_time = 4;
+}
+
+message BatchAddToTransferBlackListInput {
+    repeated aelf.Address addresses = 1;
+}
+
+message BatchRemoveFromTransferBlackListInput {
+    repeated aelf.Address addresses = 1;
 }

templates/build-template-linux.yml

@@ -14,7 +14,7 @@ jobs:
   displayName: Build tasks (Linux) [${{ parameters.n }} of ${{ parameters.parts }} parts]
   timeoutInMinutes: 120
   pool:
-    vmImage: ubuntu-latest
+    vmImage: ubuntu-22.04
   variables:
     CI_TEST: true
   steps: