Merge pull request cardano-foundation#253 from cardano-foundation/fix/ID-504-Other-Escrow-Token-Compromised

nemo83 · web-flow · commit e5538f857df0 · 2025-08-08T12:07:29.000+01:00
Fix/id 504 other escrow token compromised
diff --git a/cardano/gateway/.env.example b/cardano/gateway/.env.example
@@ -12,7 +12,7 @@ OGMIOS_ENDPOINT=http://127.0.0.1:1337
 CARDANO_CHAIN_HOST=127.0.0.1
 CARDANO_CHAIN_PORT=3001
 CARDANO_NETWORK_MAGIC=42
-CARDANO_EPOCH_NONCE_GENESIS="5a9f8426ad4079263b88c45c84079a2ccbd3e7d4218166404dababe07f69fdad"
+CARDANO_EPOCH_NONCE_GENESIS="41c48395859c96d1a431ee848a4d2795f65a4ab19ca37ceeb4d13824792f1fa5"
 
 HANDLER_JSON_PATH=/usr/src/app/cardano/offchain/deployments/handler.json
 
diff --git a/cardano/gateway/src/config/constant.config.ts b/cardano/gateway/src/config/constant.config.ts
@@ -1 +1,3 @@
 export const MinimumActiveEpoch = BigInt(2);
+
+export const TRANSACTION_TIME_TO_LIVE = 20_000; // 20 seconds
diff --git a/cardano/gateway/src/tx/channel.service.ts b/cardano/gateway/src/tx/channel.service.ts
@@ -64,6 +64,7 @@ import {
 import { ORDER_MAPPING_CHANNEL } from '~@/constant/channel';
 import { Order } from '~@/shared/types/channel/order';
 import { sleep } from '../shared/helpers/time';
+import { TRANSACTION_TIME_TO_LIVE } from '~@/config/constant.config';
 
 @Injectable()
 export class ChannelService {
@@ -82,7 +83,7 @@ export class ChannelService {
         channelOpenInitOperator,
         constructedAddress,
       );
-      const validToTime = Date.now() + 3 * 1e5;
+      const validToTime = Date.now() + TRANSACTION_TIME_TO_LIVE;
       const validToSlot = unixTimeToSlot(this.lucidService.lucid.config().network, Number(validToTime));
       const currentSlot = this.lucidService.lucid.currentSlot();
       if (currentSlot > validToSlot) {
@@ -126,7 +127,8 @@ export class ChannelService {
         channelOpenTryOperator,
         constructedAddress,
       );
-      const unsignedChannelOpenTryTxValidTo: TxBuilder = unsignedChannelOpenTryTx.validTo(Date.now() + 300 * 1e3);
+      const validToTime = Date.now() + TRANSACTION_TIME_TO_LIVE;
+      const unsignedChannelOpenTryTxValidTo: TxBuilder = unsignedChannelOpenTryTx.validTo(validToTime);
       // TODO: signing should be done by the relayer in the future
       const signedChannelOpenTryTxCompleted = await (await unsignedChannelOpenTryTxValidTo.complete()).sign
         .withWallet()
@@ -159,7 +161,7 @@ export class ChannelService {
         channelOpenAckOperator,
         constructedAddress,
       );
-      const validToTime = Date.now() + 3 * 1e5;
+      const validToTime = Date.now() + TRANSACTION_TIME_TO_LIVE;
       const validToSlot = unixTimeToSlot(this.lucidService.lucid.config().network, Number(validToTime));
       const currentSlot = this.lucidService.lucid.currentSlot();
       if (currentSlot > validToSlot) {
@@ -200,9 +202,8 @@ export class ChannelService {
         channelOpenConfirmOperator,
         constructedAddress,
       );
-      const unsignedChannelConfirmInitTxValidTo: TxBuilder = unsignedChannelConfirmInitTx.validTo(
-        Date.now() + 600 * 1e3,
-      );
+      const validToTime = Date.now() + TRANSACTION_TIME_TO_LIVE;
+      const unsignedChannelConfirmInitTxValidTo: TxBuilder = unsignedChannelConfirmInitTx.validTo(validToTime);
 
       // TODO: signing should be done by the relayer in the future
       const signedChannelConfirmInitTxCompleted = await (await unsignedChannelConfirmInitTxValidTo.complete()).sign
@@ -243,7 +244,8 @@ export class ChannelService {
         channelCloseInitOperator,
         constructedAddress,
       );
-      const unsignedChannelCloseInitTxValidTo: TxBuilder = unsignedChannelCloseInitTx.validTo(Date.now() + 300 * 1e3);
+      const validToTime = Date.now() + TRANSACTION_TIME_TO_LIVE;
+      const unsignedChannelCloseInitTxValidTo: TxBuilder = unsignedChannelCloseInitTx.validTo(validToTime);
 
       // TODO: signing should be done by the relayer in the future
       const signedChannelCloseInitTxCompleted = await (await unsignedChannelCloseInitTxValidTo.complete()).sign
diff --git a/cardano/gateway/src/tx/client.service.ts b/cardano/gateway/src/tx/client.service.ts
@@ -31,6 +31,7 @@ import {
 import { checkForMisbehaviour } from '@shared/types/misbehaviour/misbehaviour';
 import { UpdateOnMisbehaviourOperatorDto, UpdateClientOperatorDto } from './dto/client/update-client-operator.dto';
 import { validateAndFormatCreateClientParams, validateAndFormatUpdateClientParams } from './helper/client.validate';
+import { TRANSACTION_TIME_TO_LIVE } from '~@/config/constant.config';
 
 @Injectable()
 export class ClientService {
@@ -121,9 +122,10 @@ export class ClientService {
 
         const unsignedUpdateClientTx: TxBuilder =
           await this.buildUnsignedUpdateOnMisbehaviour(updateOnMisbehaviourOperator);
+        const validToTime = Date.now() + TRANSACTION_TIME_TO_LIVE;
         const unSignedTxValidTo: TxBuilder = unsignedUpdateClientTx
           .validFrom(new Date().valueOf())
-          .validTo(new Date().valueOf());
+          .validTo(validToTime);
         // Todo: signing should be done by the relayer in the future
         const signedUpdateClientTxCompleted = await (await unSignedTxValidTo.complete()).sign.withWallet().complete();
 
@@ -145,7 +147,7 @@ export class ClientService {
           BigInt(currentClientDatum.state.clientState.maxClockDrift || 0)) /
           10n ** 6n +
         100n * 10n ** 3n;
-      const validToTime = new Date().valueOf() + 100 * 1e3;
+      const validToTime = Date.now() + TRANSACTION_TIME_TO_LIVE;
       const updateClientHeaderOperator: UpdateClientOperatorDto = {
         clientId,
         header,
@@ -166,7 +168,7 @@ export class ClientService {
       }
 
       const validFrom = Number(validFromTime);
-      const validTo = new Date().valueOf() + 100 * 1e3;
+      const validTo = Date.now() + TRANSACTION_TIME_TO_LIVE;
 
       const unSignedTxValidTo: TxBuilder = unsignedUpdateClientTx.validFrom(validFrom).validTo(validTo);
 
diff --git a/cardano/gateway/src/tx/connection.service.ts b/cardano/gateway/src/tx/connection.service.ts
@@ -47,6 +47,7 @@ import { ClientState as CardanoClientState } from '@plus/proto-types/build/ibc/l
 import { Any } from '@plus/proto-types/build/google/protobuf/any';
 import { getMithrilClientStateForVerifyProofRedeemer } from '../shared/helpers/mithril-client';
 import { ClientState as MithrilClientState } from '@plus/proto-types/build/ibc/lightclients/mithril/mithril';
+import { TRANSACTION_TIME_TO_LIVE } from '~@/config/constant.config';
 @Injectable()
 export class ConnectionService {
   constructor(
@@ -68,9 +69,8 @@ export class ConnectionService {
         connectionOpenInitOperator,
         constructedAddress,
       );
-      const unsignedConnectionOpenInitTxValidTo: TxBuilder = unsignedConnectionOpenInitTx.validTo(
-        Date.now() + 100 * 1e3,
-      );
+      const validToTime = Date.now() + TRANSACTION_TIME_TO_LIVE;
+      const unsignedConnectionOpenInitTxValidTo: TxBuilder = unsignedConnectionOpenInitTx.validTo(validToTime);
 
       // Todo: signing should be done by the relayer in the future
       const signedConnectionOpenInitTxCompleted = await (await unsignedConnectionOpenInitTxValidTo.complete()).sign
@@ -108,7 +108,8 @@ export class ConnectionService {
         connectionOpenTryOperator,
         constructedAddress,
       );
-      const unsignedConnectionOpenTryTxValidTo: TxBuilder = unsignedConnectionOpenTryTx.validTo(Date.now() + 100 * 1e3);
+      const validToTime = Date.now() + TRANSACTION_TIME_TO_LIVE;
+      const unsignedConnectionOpenTryTxValidTo: TxBuilder = unsignedConnectionOpenTryTx.validTo(validToTime);
 
       // Todo: signing should be done by the relayer in the future
       const signedConnectionOpenTryTxCompleted = await (await unsignedConnectionOpenTryTxValidTo.complete()).sign
@@ -146,7 +147,8 @@ export class ConnectionService {
         connectionOpenAckOperator,
         constructedAddress,
       );
-      const unsignedConnectionOpenAckTxValidTo: TxBuilder = unsignedConnectionOpenAckTx.validTo(Date.now() + 100 * 1e3);
+      const validToTime = Date.now() + TRANSACTION_TIME_TO_LIVE;
+      const unsignedConnectionOpenAckTxValidTo: TxBuilder = unsignedConnectionOpenAckTx.validTo(validToTime);
       // Todo: signing should be done by the relayer in the future
       const signedConnectionOpenAckTxCompleted = await (await unsignedConnectionOpenAckTxValidTo.complete()).sign
         .withWallet()
@@ -187,9 +189,8 @@ export class ConnectionService {
         connectionOpenConfirmOperator,
         constructedAddress,
       );
-      const unsignedConnectionOpenConfirmTxValidTo: TxBuilder = unsignedConnectionOpenConfirmTx.validTo(
-        Date.now() + 150 * 1e3,
-      );
+      const validToTime = Date.now() + TRANSACTION_TIME_TO_LIVE;
+      const unsignedConnectionOpenConfirmTxValidTo: TxBuilder = unsignedConnectionOpenConfirmTx.validTo(validToTime);
 
       // Todo: signing should be done by the relayer in the future
       const signedConnectionOpenConfirmTxCompleted = await (
diff --git a/cardano/gateway/src/tx/packet.service.ts b/cardano/gateway/src/tx/packet.service.ts
@@ -71,6 +71,7 @@ import { packetAcknowledgementPath, packetCommitmentPath, packetReceiptPath } fr
 import { Order as ChannelOrder } from '@plus/proto-types/build/ibc/core/channel/v1/channel';
 import { Order } from '~@/shared/types/channel/order';
 import { GrpcInternalException, GrpcInvalidArgumentException } from '~@/exception/grpc_exceptions';
+import { TRANSACTION_TIME_TO_LIVE } from '~@/config/constant.config';
 
 @Injectable()
 export class PacketService {
@@ -133,7 +134,7 @@ export class PacketService {
         constructedAddress,
       );
 
-      const validToTime = Date.now() + 3 * 1e5;
+      const validToTime = Date.now() + TRANSACTION_TIME_TO_LIVE;
       const validToSlot = this.lucidService.lucid.unixTimeToSlot(Number(validToTime));
       const currentSlot = this.lucidService.lucid.currentSlot();
       if (currentSlot > validToSlot) {
@@ -181,7 +182,7 @@ export class PacketService {
       const sendPacketOperator = validateAndFormatSendPacketParams(data);
 
       const unsignedSendPacketTx: TxBuilder = await this.buildUnsignedSendPacketTx(sendPacketOperator);
-      const validToTime = Date.now() + 3 * 1e5;
+      const validToTime = Date.now() + TRANSACTION_TIME_TO_LIVE;
       const validToSlot = this.lucidService.lucid.unixTimeToSlot(Number(validToTime));
       const currentSlot = this.lucidService.lucid.currentSlot();
       if (currentSlot > validToSlot) {
@@ -227,7 +228,8 @@ export class PacketService {
         timeoutPacketOperator,
         constructedAddress,
       );
-      const unsignedSendPacketTxValidTo: TxBuilder = unsignedSendPacketTx.validTo(Date.now() + 3 * 1e5);
+      const validToTime = Date.now() + TRANSACTION_TIME_TO_LIVE;
+      const unsignedSendPacketTxValidTo: TxBuilder = unsignedSendPacketTx.validTo(validToTime);
 
       // Todo: signing should be done in the relayer in the future
       const signedSendPacketTxCompleted = await (await unsignedSendPacketTxValidTo.complete()).sign
@@ -280,7 +282,7 @@ export class PacketService {
         timeoutRefreshOperator,
         constructedAddress,
       );
-      const validToTime = Date.now() + 3 * 1e5;
+      const validToTime = Date.now() + TRANSACTION_TIME_TO_LIVE;
       const validToSlot = this.lucidService.lucid.unixTimeToSlot(Number(validToTime));
 
       const currentSlot = this.lucidService.lucid.currentSlot();
@@ -329,7 +331,8 @@ export class PacketService {
         ackPacketOperator,
         constructedAddress,
       );
-      const unsignedAckPacketTxValidTo: TxBuilder = unsignedAckPacketTx.validTo(Date.now() + 300 * 1e3);
+      const validToTime = Date.now() + TRANSACTION_TIME_TO_LIVE;
+      const unsignedAckPacketTxValidTo: TxBuilder = unsignedAckPacketTx.validTo(validToTime);
 
       // Todo: signing should be done in the relayer in the future
       const signedAckPacketCompleted = await (await unsignedAckPacketTxValidTo.complete()).sign.withWallet().complete();
diff --git a/cardano/onchain/lib/ibc/client/ics-007-tendermint-client/client_datum.ak b/cardano/onchain/lib/ibc/client/ics-007-tendermint-client/client_datum.ak
@@ -97,25 +97,25 @@ pub fn update_state(
       },
     }
 
-  expect
-    (expected_updated_output.state.client_state == output_datum.state.client_state)?
-  expect (expected_updated_output.token == output_datum.token)?
-
   let output_cons_states = output_datum.state.consensus_states
   let expected_cons_states = expected_updated_output.state.consensus_states
 
   let block_heights = pairs.keys(output_cons_states)
   expect list.difference(block_heights, pairs.keys(expected_cons_states)) == []
   expect list.difference(pairs.keys(expected_cons_states), block_heights) == []
-  list.all(
-    block_heights,
-    fn(block_height) {
-      pairs.get_all(output_cons_states, block_height) == pairs.get_all(
-        expected_cons_states,
-        block_height,
-      )
-    },
-  )
+  and {
+    (expected_updated_output.state.client_state == output_datum.state.client_state)?,
+    (expected_updated_output.token == output_datum.token)?,
+    list.all(
+      block_heights,
+      fn(block_height) {
+        pairs.get_all(output_cons_states, block_height) == pairs.get_all(
+          expected_cons_states,
+          block_height,
+        )
+      },
+    ),
+  }
 }
 
 pub fn update_state_on_misbehaviour(
diff --git a/cardano/onchain/lib/ibc/client/ics-007-tendermint-client/client_datum.test.ak b/cardano/onchain/lib/ibc/client/ics-007-tendermint-client/client_datum.test.ak
@@ -238,8 +238,7 @@ test test_is_initialized_valid_fail_with_invalid_consensus_states() fail {
       mock_latest_height,
       [],
     )
-  let mock_consensus_states =
-    []
+  let mock_consensus_states = []
   let mock_auth_token =
     AuthToken {
       policy_id: mock_auth_token_policy_id,
diff --git a/cardano/onchain/lib/ibc/client/mithril-client/protos/mithril_pb.test.ak b/cardano/onchain/lib/ibc/client/mithril-client/protos/mithril_pb.test.ak
@@ -56,7 +56,7 @@ test test_size_for_protocol_parameters_succeed() {
         phi_f: Some(Fraction { numerator: 20, denominator: 100 }),
       },
     ),
-  ) == 10
+  ) == 27
 }
 
 test test_marshal_for_fraction_same_result_empty() {
diff --git a/cardano/onchain/validators/minting_channel.test.ak b/cardano/onchain/validators/minting_channel.test.ak
@@ -299,7 +299,7 @@ fn setup() -> MockData {
     Input {
       output_reference: OutputReference {
         transaction_id: #"30b9c5259b2a19052508957a025b5f150204027f1c6545fd886da6d281f6e926",
-        output_index: 0,
+        output_index: 1,
       },
       output: Output {
         address: from_script("mock module script hash"),
diff --git a/cardano/onchain/validators/minting_port.test.ak b/cardano/onchain/validators/minting_port.test.ak
@@ -2,8 +2,8 @@ use aiken/crypto.{Blake2b_224, Hash, Script}
 use cardano/address.{from_script}
 use cardano/assets.{PolicyId, from_asset}
 use cardano/transaction.{
-  InlineDatum, Input, Mint, Output, OutputReference, Redeemer, ScriptPurpose,
-  Spend, Transaction,
+  InlineDatum, Input, Mint, NoDatum, Output, OutputReference, Redeemer,
+  ScriptPurpose, Spend, Transaction,
 }
 use ibc/auth.{AuthToken}
 use ibc/core/ics_005/port_redeemer.{MintPortRedeemer}
@@ -96,7 +96,7 @@ test mint_port_succeed() {
     Output {
       address: from_script(mock.spend_module_script_hash),
       value: from_asset(mock.port_token.policy_id, mock.port_token.name, 1),
-      datum: InlineDatum(Void),
+      datum: NoDatum,
       reference_script: None,
     }
   let outputs = [module_output]
diff --git a/cardano/onchain/validators/minting_voucher.ak b/cardano/onchain/validators/minting_voucher.ak
@@ -51,7 +51,7 @@ validator mint_voucher(module_token: AuthToken) {
             packet_source_channel,
             data.denom,
           )
-        trace @"mint_voucher: receiver chain is not source"
+        trace @"mint_voucher: valid receiver?": valid_receiver
 
         let source_prefix =
           transfer_coin.get_denom_prefix(packet_dest_port, packet_dest_channel)
@@ -73,10 +73,20 @@ validator mint_voucher(module_token: AuthToken) {
         trace @"mint_voucher: converted receiver to public key hash"
         let receiver_address = from_verification_key(receiver_public_key_hash)
 
-        expect Some(payout_output) =
-          list.find(
+        // There should be just one output with the receiver address AND tokens of the voucher minting policy
+        expect [payout_output] =
+          list.filter(
             transaction.outputs,
-            fn(output) { output.address == receiver_address },
+            fn(output) {
+              and {
+                output.address == receiver_address,
+                (
+                  output.value
+                    |> assets.without_lovelace
+                    |> assets.policies
+                ) == [voucher_minting_policy_id],
+              }
+            },
           )
 
         and {
@@ -246,6 +256,6 @@ fn valid_voucher_output(
   expect [actual_policy_id] = assets.policies(voucher_output_value)
   and {
     (actual_policy_id == voucher_policy_id)?,
-    (quantity_of(voucher_output_value, voucher_policy_id, asset_name) >= transfer_amount)?,
+    (quantity_of(voucher_output_value, voucher_policy_id, asset_name) == transfer_amount)?,
   }
 }
diff --git a/cardano/onchain/validators/spending_channel.ak b/cardano/onchain/validators/spending_channel.ak
@@ -59,8 +59,10 @@ validator spend_channel(
           pairs.get_first(redeemers, Mint(chan_close_init_policy_id))
 
         expect redeemer: AuthToken = redeemer
-        expect _ = validate_output_datum(spent_output.address, outputs)
-        redeemer == datum.token
+        and {
+          no_output_for_address(spent_output.address, outputs),
+          redeemer == datum.token,
+        }
       }
       ChanCloseConfirm { .. } -> {
         expect Some(redeemer) =
@@ -127,6 +129,10 @@ fn find_updated_output(address: Address, outputs: List<Output>) -> Output {
   updated_output
 }
 
+fn no_output_for_address(address: Address, outputs: List<Output>) -> Bool {
+  list.is_empty(list.filter(outputs, fn(output) { output.address == address }))
+}
+
 fn extract_output_datum(output: Output) -> ChannelDatum {
   expect datum: ChannelDatum = validator_utils.get_inline_datum(output)
   datum
diff --git a/cardano/onchain/validators/spending_channel.test.ak b/cardano/onchain/validators/spending_channel.test.ak
@@ -281,7 +281,7 @@ fn setup() -> MockData {
     Input {
       output_reference: OutputReference {
         transaction_id: #"30b9c5259b2a19052508957a025b5f150204027f1c6545fd886da6d281f6e926",
-        output_index: 0,
+        output_index: 10,
       },
       output: Output {
         address: from_script("mock module script hash"),
@@ -440,7 +440,6 @@ test chan_open_ack_succeed() {
 
   let channel_input =
     build_channel_input(input_channel_datum, mock_data.channel_token)
-
   let inputs = [mock_data.module_input, channel_input]
 
   //========================arrange reference_inputs=======================
@@ -490,7 +489,6 @@ test chan_open_ack_succeed() {
 
   let channel_output =
     build_channel_output(output_channel_datum, mock_data.channel_token)
-
   let outputs = [channel_output]
 
   //========================arrange validity_range=======================
diff --git a/cardano/onchain/validators/spending_transfer_module.ak b/cardano/onchain/validators/spending_transfer_module.ak
diff --git a/caribic/src/setup.rs b/caribic/src/setup.rs
diff --git a/chains/cardano/docker-compose.yaml b/chains/cardano/docker-compose.yaml
diff --git a/chains/mithrils/scripts/docker-compose.yaml b/chains/mithrils/scripts/docker-compose.yaml

Original file line number	Diff line number	Diff line change
`@@ -1 +1,3 @@`
`1`	`1`	`export const MinimumActiveEpoch = BigInt(2);`
	`2`	`+`
	`3`	`+export const TRANSACTION_TIME_TO_LIVE = 20_000; // 20 seconds`
Original file line number	Diff line number	Diff line change
`@@ -56,7 +56,7 @@ test test_size_for_protocol_parameters_succeed() {`
`56`	`56`	`phi_f: Some(Fraction { numerator: 20, denominator: 100 }),`
`57`	`57`	`},`
`58`	`58`	`),`
`59`		`- ) == 10`
	`59`	`+ ) == 27`
`60`	`60`	`}`
`61`	`61`
`62`	`62`	`test test_marshal_for_fraction_same_result_empty() {`