fix!(da): validate transactions also if no signer whitelist is given (#1208)

Author: mzabaluev

Cargo.lock

@@ -1,17 +1,8 @@
-use movement_da_light_node_da::DaOperations;
-use movement_da_light_node_prevalidator::{aptos::whitelist::Validator, PrevalidatorOperations};
-use movement_signer::cryptography::secp256k1::Secp256k1;
-use movement_signer_loader::LoadedSigner;
-use std::boxed::Box;
-use std::fmt::Debug;
-use std::path::PathBuf;
-use std::pin::Pin;
-use std::sync::{atomic::AtomicU64, Arc};
-use std::time::Duration;
-
 use memseq::{Sequencer, Transaction};
 use movement_da_light_node_celestia::da::Da as CelestiaDa;
+use movement_da_light_node_da::DaOperations;
 use movement_da_light_node_digest_store::da::Da as DigestStoreDa;
+use movement_da_light_node_prevalidator::{aptos::Validator, Prevalidated};
 use movement_da_light_node_proto as grpc;
 use movement_da_light_node_proto::blob_response::BlobType;
 use movement_da_light_node_proto::light_node_service_server::LightNodeService;
@@ -20,8 +11,11 @@ use movement_da_util::{
 	blob::ir::{blob::DaBlob, data::InnerSignedBlobV1Data},
 	config::Config,
 };
+use movement_signer::cryptography::secp256k1::Secp256k1;
 use movement_signer::{cryptography::Curve, Digester, Signing, Verify};
+use movement_signer_loader::LoadedSigner;
 use movement_types::block::Block;
+
 use serde::{Deserialize, Serialize};
 use tokio::{
 	sync::mpsc::{Receiver, Sender},
@@ -30,6 +24,13 @@ use tokio::{
 use tokio_stream::Stream;
 use tracing::{debug, info};
 
+use std::boxed::Box;
+use std::fmt::Debug;
+use std::path::PathBuf;
+use std::pin::Pin;
+use std::sync::{atomic::AtomicU64, Arc};
+use std::time::Duration;
+
 use crate::{passthrough::LightNode as LightNodePassThrough, LightNodeRuntime};
 
 const LOGGING_UID: AtomicU64 = AtomicU64::new(0);
@@ -53,7 +54,7 @@ where
 {
 	pub pass_through: LightNodePassThrough<O, C, Da, V>,
 	pub memseq: Arc<memseq::Memseq<memseq::RocksdbMempool>>,
-	pub prevalidator: Option<Arc<Validator>>,
+	pub prevalidator: Arc<Validator>,
 }
 
 impl<O, C, Da, V> Debug for LightNode<O, C, Da, V>
@@ -104,10 +105,10 @@ impl LightNodeRuntime
 
 		// prevalidator
 		let whitelisted_accounts = config.whitelisted_accounts()?;
-		let prevalidator = match whitelisted_accounts {
-			Some(whitelisted_accounts) => Some(Arc::new(Validator::new(whitelisted_accounts))),
-			None => None,
-		};
+		let prevalidator = Arc::new(match whitelisted_accounts {
+			Some(whitelisted_accounts) => Validator::with_whitelist(whitelisted_accounts),
+			None => Validator::new(),
+		});
 
 		Ok(Self { pass_through, memseq, prevalidator })
 	}
@@ -401,6 +402,8 @@ where
 		&self,
 		request: tonic::Request<grpc::BatchWriteRequest>,
 	) -> std::result::Result<tonic::Response<grpc::BatchWriteResponse>, tonic::Status> {
+		use movement_da_light_node_prevalidator::Error;
+
 		let blobs_for_submission = request.into_inner().blobs;
 
 		// make transactions from the blobs
@@ -409,30 +412,18 @@ where
 			let transaction: Transaction = serde_json::from_slice(&blob.data)
 				.map_err(|e| tonic::Status::internal(e.to_string()))?;
 
-			match &self.prevalidator {
-				Some(prevalidator) => {
-					// match the prevalidated status, if validation error discard if internal error raise internal error
-					match prevalidator.prevalidate(transaction).await {
-						Ok(prevalidated) => {
-							transactions.push(prevalidated.into_inner());
-						}
-						Err(e) => {
-							match e {
-								movement_da_light_node_prevalidator::Error::Validation(_) => {
-									// discard the transaction
-									info!(
-										"discarding transaction due to prevalidation error {:?}",
-										e
-									);
-								}
-								movement_da_light_node_prevalidator::Error::Internal(e) => {
-									return Err(tonic::Status::internal(e.to_string()));
-								}
-							}
-						}
-					}
+			// match the prevalidated status, if validation error discard if internal error raise internal error
+			match self.prevalidator.prevalidate(transaction) {
+				Ok(Prevalidated(transaction)) => {
+					transactions.push(transaction);
+				}
+				Err(Error::Validation(e)) => {
+					// discard the transaction
+					info!("discarding transaction due to prevalidation error: {}", e);
+				}
+				Err(Error::Internal(e)) => {
+					return Err(tonic::Status::internal(e.to_string()));
 				}
-				None => transactions.push(transaction),
 			}
 		}
 

protocol-units/da/movement/protocol/light-node/src/sequencer.rs

@@ -28,14 +28,13 @@ thiserror = { workspace = true }
 serde_json = { workspace = true }
 ecdsa = { workspace = true, features = ["signing", "verifying", "der"] }
 tracing = { workspace = true }
-movement-types = { workspace = true}
+movement-types = { workspace = true }
 bcs = { workspace = true }
-aptos-types = { workspace = true, optional = true}
+aptos-types = { workspace = true, optional = true }
 
 [dev-dependencies]
-movement-da-light-node-setup = { workspace = true }
-dot-movement = { workspace = true }
-k256 = { workspace = true }
+aptos-crypto = { workspace = true }
+aptos-sdk = { workspace = true }
 rand = { workspace = true }
 
 

protocol-units/da/movement/protocol/prevalidator/Cargo.toml

@@ -0,0 +1,183 @@
+//! Prevalidation of Aptos transactions.
+
+use crate::{Error, Prevalidated};
+
+use aptos_types::account_address::AccountAddress;
+use aptos_types::transaction::SignedTransaction as AptosTransaction;
+use movement_types::transaction::Transaction;
+
+use std::collections::HashSet;
+
+/// Prevalidates a Transaction as a correctly encoded and signed AptosTransaction,
+/// optionally vetted against a whitelist of sender addresses.
+pub struct Validator {
+	whitelist: Option<HashSet<AccountAddress>>,
+}
+
+impl Validator {
+	/// Creates a Validator with no whitelist. All well-formed signed transactions
+	/// are validated.
+	pub fn new() -> Self {
+		Validator { whitelist: None }
+	}
+
+	/// Creates a Validator configured with a whitelist. Transactions are checked
+	/// against the addresses in the whitelist, in addition to being well-formed
+	/// and signed.
+	pub fn with_whitelist<I>(whitelist: I) -> Self
+	where
+		I: IntoIterator<Item = AccountAddress>,
+	{
+		Validator { whitelist: Some(whitelist.into_iter().collect()) }
+	}
+
+	/// Returns `Ok` if the transaction is valid accordingly to this instance's
+	/// configuration. `Err` is returned for validation errors.
+	pub fn prevalidate(
+		&self,
+		transaction: Transaction,
+	) -> Result<Prevalidated<Transaction>, Error> {
+		// Deserialize data as Aptos transaction, fail if invalid.
+		let aptos_transaction: AptosTransaction =
+			bcs::from_bytes(&transaction.data()).map_err(|e| {
+				Error::Validation(format!("failed to deserialize Aptos transaction: {}", e))
+			})?;
+
+		// Verify that the signature is valid
+		aptos_transaction
+			.verify_signature()
+			.map_err(|e| Error::Validation(format!("signature verification failed: {}", e)))?;
+
+		// Check the sender against the whitelist, if provided.
+		if let Some(whitelist) = &self.whitelist {
+			if !whitelist.contains(&aptos_transaction.sender()) {
+				return Err(Error::Validation("transaction sender not in whitelist".into()));
+			}
+		}
+
+		Ok(Prevalidated(transaction))
+	}
+}
+
+#[cfg(test)]
+mod tests {
+	use super::*;
+	use aptos_crypto::{ed25519::Ed25519PrivateKey, Uniform as _};
+	use aptos_sdk::{
+		transaction_builder::TransactionFactory,
+		types::{chain_id::ChainId, LocalAccount},
+	};
+	use aptos_types::account_config::aptos_test_root_address;
+	use aptos_types::transaction::{RawTransaction, SignedTransaction};
+	use movement_types::transaction::Transaction;
+
+	use rand::rngs::OsRng;
+
+	fn create_test_transaction(account: &LocalAccount) -> Result<Transaction, anyhow::Error> {
+		let tx_factory = TransactionFactory::new(ChainId::test())
+			.with_gas_unit_price(100)
+			.with_max_gas_amount(100_000);
+
+		let aptos_transaction = account
+			.sign_with_transaction_builder(tx_factory.create_user_account(account.public_key()));
+
+		let serialized_aptos_transaction = bcs::to_bytes(&aptos_transaction)?;
+
+		Ok(Transaction::new(serialized_aptos_transaction, 0, aptos_transaction.sequence_number()))
+	}
+
+	fn create_test_transaction_with_invalid_signature(
+		account: &LocalAccount,
+	) -> Result<Transaction, anyhow::Error> {
+		// Create a raw transaction
+		let factory = TransactionFactory::new(ChainId::test());
+		let raw_txn: RawTransaction = factory
+			.transfer(aptos_test_root_address(), 1000)
+			.sender(account.address())
+			.sequence_number(0)
+			.build();
+
+		// Now generate a DIFFERENT key to sign (invalid signer)
+		let bad_key = Ed25519PrivateKey::generate(&mut OsRng);
+
+		// Manually create a SignedTransaction with the wrong signature
+		let aptos_transaction = raw_txn.sign(
+			&bad_key,
+			account.public_key().clone(), // <- NOTE: still using the correct pubkey
+		)?;
+		let aptos_transaction: SignedTransaction = aptos_transaction.into_inner();
+
+		let serialized_aptos_transaction = bcs::to_bytes(&aptos_transaction)?;
+
+		Ok(Transaction::new(serialized_aptos_transaction, 0, aptos_transaction.sequence_number()))
+	}
+
+	#[test]
+	fn invalid_transaction() -> Result<(), anyhow::Error> {
+		let tx = Transaction::new(vec![42; 42], 0, 0);
+
+		let validator = Validator::new();
+
+		match validator.prevalidate(tx) {
+			Err(Error::Validation(_)) => Ok(()),
+			Err(e) => panic!("unexpected error: {e:?}"),
+			Ok(_) => panic!("should not prevalidate an invalid payload"),
+		}
+	}
+
+	#[test]
+	fn incorrectly_signed_transaction() -> Result<(), anyhow::Error> {
+		let account = LocalAccount::generate(&mut OsRng);
+		let tx = create_test_transaction_with_invalid_signature(&account)?;
+
+		let validator = Validator::new();
+
+		match validator.prevalidate(tx) {
+			Err(Error::Validation(_)) => Ok(()),
+			Err(e) => panic!("unexpected error: {e:?}"),
+			Ok(_) => panic!("should not prevalidate an invalid payload"),
+		}
+	}
+
+	#[test]
+	fn valid_transaction_no_whitelist() -> Result<(), anyhow::Error> {
+		let account = LocalAccount::generate(&mut OsRng);
+		let tx = create_test_transaction(&account)?;
+		let tx_hash = tx.id();
+
+		let validator = Validator::new();
+		let Prevalidated(tx) = validator.prevalidate(tx)?;
+
+		assert_eq!(tx.id(), tx_hash);
+		Ok(())
+	}
+
+	#[test]
+	fn valid_transaction_sender_whitelisted() -> Result<(), anyhow::Error> {
+		let account = LocalAccount::generate(&mut OsRng);
+		let tx = create_test_transaction(&account)?;
+		let tx_hash = tx.id();
+
+		let validator = Validator::with_whitelist([account.address()]);
+		let Prevalidated(tx) = validator.prevalidate(tx)?;
+
+		assert_eq!(tx.id(), tx_hash);
+		Ok(())
+	}
+
+	#[test]
+	fn valid_transaction_sender_not_in_whitelist() -> Result<(), anyhow::Error> {
+		let mut rng = OsRng;
+		let account = LocalAccount::generate(&mut rng);
+		let tx = create_test_transaction(&account)?;
+		let whitelisted_account = LocalAccount::generate(&mut rng);
+
+		let validator = Validator::with_whitelist([whitelisted_account.address()]);
+
+		match validator.prevalidate(tx) {
+			Err(Error::Validation(_)) => Ok(()),
+			Err(e) => panic!("unexpected error: {e:?}"),
+			Ok(_) => panic!("should not prevalidate an invalid payload"),
+		}
+	}
+}