Merge pull request #163 from dashpay/feature/chainlock-peer-reputation

feat: add peer reputation penalization for invalid ChainLocks

Author: PastaPastaPasta

dash-spv-ffi/FFI_API.md

@@ -303,10 +303,10 @@ dash_spv_ffi_config_get_mempool_strategy(config: *const FFIClientConfig,) -> FFI
 ```
 
 **Description:**
-Gets the mempool synchronization strategy  # Safety - `config` must be a valid pointer to an FFIClientConfig or null - If null, returns FFIMempoolStrategy::Selective as default
+Gets the mempool synchronization strategy  # Safety - `config` must be a valid pointer to an FFIClientConfig or null - If null, returns FFIMempoolStrategy::FetchAll as default
 
 **Safety:**
-- `config` must be a valid pointer to an FFIClientConfig or null - If null, returns FFIMempoolStrategy::Selective as default
+- `config` must be a valid pointer to an FFIClientConfig or null - If null, returns FFIMempoolStrategy::FetchAll as default
 
 **Module:** `config`
 

dash-spv-ffi/include/dash_spv_ffi.h

@@ -19,7 +19,6 @@ namespace dash_spv_ffi {
 typedef enum FFIMempoolStrategy {
   FetchAll = 0,
   BloomFilter = 1,
-  Selective = 2,
 } FFIMempoolStrategy;
 
 typedef enum FFISyncStage {
@@ -817,7 +816,7 @@ int32_t dash_spv_ffi_config_set_persist_mempool(struct FFIClientConfig *config,
  *
  * # Safety
  * - `config` must be a valid pointer to an FFIClientConfig or null
- * - If null, returns FFIMempoolStrategy::Selective as default
+ * - If null, returns FFIMempoolStrategy::FetchAll as default
  */
 
 enum FFIMempoolStrategy dash_spv_ffi_config_get_mempool_strategy(const struct FFIClientConfig *config)

dash-spv-ffi/src/client.rs

@@ -296,6 +296,12 @@ impl FFIDashSpvClient {
                     dash_spv::types::SpvEvent::ChainLockReceived {
                         ..
                     } => {}
+                    dash_spv::types::SpvEvent::InstantLockReceived {
+                        ..
+                    } => {
+                        // InstantLock received and validated
+                        // TODO: Add FFI callback if needed for instant lock notifications
+                    }
                     dash_spv::types::SpvEvent::MempoolTransactionAdded {
                         ref txid,
                         amount,
@@ -1445,7 +1451,7 @@ pub unsafe extern "C" fn dash_spv_ffi_client_record_send(
         }
     };
 
-    let txid = match Txid::from_str(txid_str) {
+    let _txid = match Txid::from_str(txid_str) {
         Ok(t) => t,
         Err(e) => {
             set_last_error(&format!("Invalid txid: {}", e));
@@ -1468,7 +1474,6 @@ pub unsafe extern "C" fn dash_spv_ffi_client_record_send(
                 }
             }
         };
-        spv_client.record_transaction_send(txid).await;
         let mut guard = inner.lock().unwrap();
         *guard = Some(spv_client);
         Ok(())

dash-spv-ffi/src/config.rs

@@ -503,13 +503,13 @@ pub unsafe extern "C" fn dash_spv_ffi_config_get_mempool_tracking(
 ///
 /// # Safety
 /// - `config` must be a valid pointer to an FFIClientConfig or null
-/// - If null, returns FFIMempoolStrategy::Selective as default
+/// - If null, returns FFIMempoolStrategy::FetchAll as default
 #[no_mangle]
 pub unsafe extern "C" fn dash_spv_ffi_config_get_mempool_strategy(
     config: *const FFIClientConfig,
 ) -> FFIMempoolStrategy {
     if config.is_null() {
-        return FFIMempoolStrategy::Selective;
+        return FFIMempoolStrategy::FetchAll;
     }
 
     let config = unsafe { &*((*config).inner as *const ClientConfig) };

dash-spv-ffi/src/types.rs

@@ -395,15 +395,13 @@ pub unsafe extern "C" fn dash_spv_ffi_string_array_destroy(arr: *mut FFIArray) {
 pub enum FFIMempoolStrategy {
     FetchAll = 0,
     BloomFilter = 1,
-    Selective = 2,
 }
 
 impl From<MempoolStrategy> for FFIMempoolStrategy {
     fn from(strategy: MempoolStrategy) -> Self {
         match strategy {
             MempoolStrategy::FetchAll => FFIMempoolStrategy::FetchAll,
             MempoolStrategy::BloomFilter => FFIMempoolStrategy::BloomFilter,
-            MempoolStrategy::Selective => FFIMempoolStrategy::Selective,
         }
     }
 }
@@ -413,7 +411,6 @@ impl From<FFIMempoolStrategy> for MempoolStrategy {
         match strategy {
             FFIMempoolStrategy::FetchAll => MempoolStrategy::FetchAll,
             FFIMempoolStrategy::BloomFilter => MempoolStrategy::BloomFilter,
-            FFIMempoolStrategy::Selective => MempoolStrategy::Selective,
         }
     }
 }

dash-spv/src/client/chainlock.rs

@@ -37,10 +37,16 @@ impl<
         let chain_state = self.state.read().await;
         {
             let mut storage = self.storage.lock().await;
-            self.chainlock_manager
+            if let Err(e) = self
+                .chainlock_manager
                 .process_chain_lock(chainlock.clone(), &chain_state, &mut *storage)
                 .await
-                .map_err(SpvError::Validation)?;
+            {
+                // Penalize the peer that relayed the invalid ChainLock
+                let reason = format!("Invalid ChainLock: {}", e);
+                let _ = self.network.penalize_last_message_peer_invalid_chainlock(&reason).await;
+                return Err(SpvError::Validation(e));
+            }
         }
         drop(chain_state);
 
@@ -89,20 +95,39 @@ impl<
     ) -> Result<()> {
         tracing::info!("Processing InstantSendLock for tx {}", islock.txid);
 
-        // TODO: Implement InstantSendLock validation
-        // - Verify BLS signature against known quorum
-        // - Check if all inputs are locked
-        // - Mark transaction as instantly confirmed
-        // - Store InstantSendLock for future reference
+        // Get the masternode engine from sync manager for proper quorum verification
+        let masternode_engine = self.sync_manager.get_masternode_engine().ok_or_else(|| {
+            SpvError::Validation(crate::error::ValidationError::MasternodeVerification(
+                "Masternode engine not available for InstantLock verification".to_string(),
+            ))
+        })?;
+
+        // Validate the InstantLock (structure + BLS signature)
+        // This is REQUIRED for security - never accept InstantLocks without signature verification
+        let validator = crate::validation::instantlock::InstantLockValidator::new();
+        if let Err(e) = validator.validate(&islock, masternode_engine) {
+            // Penalize the peer that relayed the invalid InstantLock
+            let reason = format!("Invalid InstantLock: {}", e);
+            tracing::warn!("{}", reason);
+
+            // Ban the peer using the reputation system
+            let _ = self.network.penalize_last_message_peer_invalid_instantlock(&reason).await;
+
+            return Err(SpvError::Validation(e));
+        }
 
-        // For now, just log the InstantSendLock details
         tracing::info!(
-            "InstantSendLock validated: txid={}, inputs={}, signature={:?}",
+            "✅ InstantSendLock validated successfully: txid={}, inputs={}",
             islock.txid,
-            islock.inputs.len(),
-            islock.signature.to_string().chars().take(20).collect::<String>()
+            islock.inputs.len()
         );
 
+        // Emit InstantLock event
+        self.emit_event(SpvEvent::InstantLockReceived {
+            txid: islock.txid,
+            inputs: islock.inputs.clone(),
+        });
+
         Ok(())
     }
 

dash-spv/src/client/config.rs

@@ -12,12 +12,10 @@ use crate::types::ValidationMode;
 /// Strategy for handling mempool (unconfirmed) transactions.
 #[derive(Debug, Clone, Copy, PartialEq, Eq)]
 pub enum MempoolStrategy {
-    /// Fetch all announced transactions (poor privacy, high bandwidth).
+    /// Fetch all announced transactions (high bandwidth, sees all transactions).
     FetchAll,
     /// Use BIP37 bloom filters (moderate privacy, good efficiency).
     BloomFilter,
-    /// Only fetch when recently sent or from known addresses (good privacy, default).
-    Selective,
 }
 
 /// Configuration for the Dash SPV client.
@@ -132,9 +130,6 @@ pub struct ClientConfig {
     /// Time after which unconfirmed transactions are pruned (seconds).
     pub mempool_timeout_secs: u64,
 
-    /// Time window for recent sends in selective mode (seconds).
-    pub recent_send_window_secs: u64,
-
     /// Whether to fetch transactions from INV messages immediately.
     pub fetch_mempool_transactions: bool,
 
@@ -232,11 +227,10 @@ impl Default for ClientConfig {
             max_filter_gap_restart_attempts: 5,
             max_filter_gap_sync_size: 50000,
             // Mempool defaults
-            enable_mempool_tracking: false,
-            mempool_strategy: MempoolStrategy::Selective,
+            enable_mempool_tracking: true,
+            mempool_strategy: MempoolStrategy::FetchAll,
             max_mempool_transactions: 1000,
-            mempool_timeout_secs: 3600,   // 1 hour
-            recent_send_window_secs: 300, // 5 minutes
+            mempool_timeout_secs: 3600, // 1 hour
             fetch_mempool_transactions: true,
             persist_mempool: false,
             // Request control defaults
@@ -388,12 +382,6 @@ impl ClientConfig {
         self
     }
 
-    /// Set recent send window for selective strategy.
-    pub fn with_recent_send_window(mut self, window_secs: u64) -> Self {
-        self.recent_send_window_secs = window_secs;
-        self
-    }
-
     /// Enable or disable mempool persistence.
     pub fn with_mempool_persistence(mut self, enabled: bool) -> Self {
         self.persist_mempool = enabled;
@@ -449,13 +437,6 @@ impl ClientConfig {
             if self.mempool_timeout_secs == 0 {
                 return Err("mempool_timeout_secs must be > 0".to_string());
             }
-            if self.mempool_strategy == MempoolStrategy::Selective
-                && self.recent_send_window_secs == 0
-            {
-                return Err(
-                    "recent_send_window_secs must be > 0 for Selective strategy".to_string()
-                );
-            }
         }
 
         Ok(())

dash-spv/src/client/config_test.rs

@@ -33,11 +33,10 @@ mod tests {
         assert_eq!(config.filter_request_delay_ms, 0);
 
         // Mempool defaults
-        assert!(!config.enable_mempool_tracking);
-        assert_eq!(config.mempool_strategy, MempoolStrategy::Selective);
+        assert!(config.enable_mempool_tracking);
+        assert_eq!(config.mempool_strategy, MempoolStrategy::FetchAll);
         assert_eq!(config.max_mempool_transactions, 1000);
         assert_eq!(config.mempool_timeout_secs, 3600);
-        assert_eq!(config.recent_send_window_secs, 300);
         assert!(config.fetch_mempool_transactions);
         assert!(!config.persist_mempool);
     }
@@ -74,7 +73,6 @@ mod tests {
             .with_mempool_tracking(MempoolStrategy::BloomFilter)
             .with_max_mempool_transactions(500)
             .with_mempool_timeout(7200)
-            .with_recent_send_window(600)
             .with_mempool_persistence(true)
             .with_start_height(100000);
 
@@ -93,7 +91,6 @@ mod tests {
         assert_eq!(config.mempool_strategy, MempoolStrategy::BloomFilter);
         assert_eq!(config.max_mempool_transactions, 500);
         assert_eq!(config.mempool_timeout_secs, 7200);
-        assert_eq!(config.recent_send_window_secs, 600);
         assert!(config.persist_mempool);
         assert_eq!(config.start_from_height, Some(100000));
     }
@@ -200,22 +197,7 @@ mod tests {
         assert_eq!(result.unwrap_err(), "mempool_timeout_secs must be > 0");
     }
 
-    #[test]
-    fn test_validation_invalid_selective_strategy() {
-        let config = ClientConfig {
-            enable_mempool_tracking: true,
-            mempool_strategy: MempoolStrategy::Selective,
-            recent_send_window_secs: 0,
-            ..Default::default()
-        };
-
-        let result = config.validate();
-        assert!(result.is_err());
-        assert_eq!(
-            result.unwrap_err(),
-            "recent_send_window_secs must be > 0 for Selective strategy"
-        );
-    }
+    // Removed selective strategy validation test; Selective variant no longer exists
 
     #[test]
     fn test_cfheader_gap_settings() {

dash-spv/src/client/lifecycle.rs

@@ -10,7 +10,6 @@
 
 use std::collections::HashSet;
 use std::sync::Arc;
-use std::time::Duration;
 use tokio::sync::{mpsc, Mutex, RwLock};
 
 use crate::chain::ChainLockManager;
@@ -121,7 +120,6 @@ impl<
             // TODO: Get monitored addresses from wallet
             self.mempool_filter = Some(Arc::new(MempoolFilter::new(
                 self.config.mempool_strategy,
-                Duration::from_secs(self.config.recent_send_window_secs),
                 self.config.max_mempool_transactions,
                 self.mempool_state.clone(),
                 HashSet::new(), // Will be populated from wallet's monitored addresses

dash-spv/src/client/mempool.rs

@@ -8,7 +8,6 @@
 
 use std::collections::HashSet;
 use std::sync::Arc;
-use std::time::Duration;
 
 use crate::error::Result;
 use crate::mempool_filter::MempoolFilter;
@@ -38,7 +37,6 @@ impl<
             // TODO: Get monitored addresses from wallet
             self.mempool_filter = Some(Arc::new(MempoolFilter::new(
                 self.config.mempool_strategy,
-                Duration::from_secs(self.config.recent_send_window_secs),
                 self.config.max_mempool_transactions,
                 self.mempool_state.clone(),
                 HashSet::new(), // Will be populated from wallet's monitored addresses
@@ -147,19 +145,11 @@ impl<
         // For now, create empty filter until wallet integration is complete
         self.mempool_filter = Some(Arc::new(MempoolFilter::new(
             self.config.mempool_strategy,
-            Duration::from_secs(self.config.recent_send_window_secs),
             self.config.max_mempool_transactions,
             self.mempool_state.clone(),
             HashSet::new(), // Will be populated from wallet's monitored addresses
             self.config.network,
         )));
         tracing::info!("Updated mempool filter (wallet integration pending)");
     }
-
-    /// Record a transaction send for mempool filtering.
-    pub async fn record_transaction_send(&self, txid: dashcore::Txid) {
-        if let Some(ref mempool_filter) = self.mempool_filter {
-            mempool_filter.record_send(txid).await;
-        }
-    }
 }