gaspersic/solana
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Move Budget out of the SDK

Browse Source
This commit is contained in:
Greg Fitzgerald
2019-03-02 14:23:22 -07:00
committed by Michael Vines
parent d22a13257e
commit e6486b2824
22 changed files with 128 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

278
sdk/src/budget_expr.rs
View File

@ -1,278 +0,0 @@
//! The `budget_expr` module provides a domain-specific language for payment plans. Users create BudgetExpr objects that
//! are given to an interpreter. The interpreter listens for `Witness` transactions,
//! which it uses to reduce the payment plan. When the budget is reduced to a
//! `Payment`, the payment is executed.
use crate::payment_plan::{Payment, Witness};
use crate::pubkey::Pubkey;
use chrono::prelude::*;
use std::mem;
/// A data type representing a `Witness` that the payment plan is waiting on.
#[derive(Serialize, Deserialize, Debug, PartialEq, Eq, Clone)]
pub enum Condition {
/// Wait for a `Timestamp` `Witness` at or after the given `DateTime`.
Timestamp(DateTime<Utc>, Pubkey),
/// Wait for a `Signature` `Witness` from `Pubkey`.
Signature(Pubkey),
}
impl Condition {
/// Return true if the given Witness satisfies this Condition.
pub fn is_satisfied(&self, witness: &Witness, from: &Pubkey) -> bool {
match (self, witness) {
(Condition::Signature(pubkey), Witness::Signature) => pubkey == from,
(Condition::Timestamp(dt, pubkey), Witness::Timestamp(last_time)) => {
pubkey == from && dt <= last_time
}
_ => false,
}
}
}
/// A data type representing a payment plan.
#[repr(C)]
#[derive(Serialize, Deserialize, Debug, PartialEq, Eq, Clone)]
pub enum BudgetExpr {
/// Make a payment.
Pay(Payment),
/// Make a payment after some condition.
After(Condition, Box<BudgetExpr>),
/// Either make a payment after one condition or a different payment after another
/// condition, which ever condition is satisfied first.
Or((Condition, Box<BudgetExpr>), (Condition, Box<BudgetExpr>)),
/// Make a payment after both of two conditions are satisfied
And(Condition, Condition, Box<BudgetExpr>),
}
impl BudgetExpr {
/// Create the simplest budget - one that pays `tokens` to Pubkey.
pub fn new_payment(tokens: u64, to: Pubkey) -> Self {
BudgetExpr::Pay(Payment { tokens, to })
}
/// Create a budget that pays `tokens` to `to` after being witnessed by `from`.
pub fn new_authorized_payment(from: Pubkey, tokens: u64, to: Pubkey) -> Self {
BudgetExpr::After(
Condition::Signature(from),
Box::new(Self::new_payment(tokens, to)),
)
}
/// Create a budget that pays tokens` to `to` after being witnessed by 2x `from`s
pub fn new_2_2_multisig_payment(from0: Pubkey, from1: Pubkey, tokens: u64, to: Pubkey) -> Self {
BudgetExpr::And(
Condition::Signature(from0),
Condition::Signature(from1),
Box::new(Self::new_payment(tokens, to)),
)
}
/// Create a budget that pays `tokens` to `to` after the given DateTime.
pub fn new_future_payment(dt: DateTime<Utc>, from: Pubkey, tokens: u64, to: Pubkey) -> Self {
BudgetExpr::After(
Condition::Timestamp(dt, from),
Box::new(Self::new_payment(tokens, to)),
)
}
/// Create a budget that pays `tokens` to `to` after the given DateTime
/// unless cancelled by `from`.
pub fn new_cancelable_future_payment(
dt: DateTime<Utc>,
from: Pubkey,
tokens: u64,
to: Pubkey,
) -> Self {
BudgetExpr::Or(
(
Condition::Timestamp(dt, from),
Box::new(Self::new_payment(tokens, to)),
),
(
Condition::Signature(from),
Box::new(Self::new_payment(tokens, to)),
),
)
}
/// Return Payment if the budget requires no additional Witnesses.
pub fn final_payment(&self) -> Option<Payment> {
match self {
BudgetExpr::Pay(payment) => Some(payment.clone()),
_ => None,
}
}
/// Return true if the budget spends exactly `spendable_tokens`.
pub fn verify(&self, spendable_tokens: u64) -> bool {
match self {
BudgetExpr::Pay(payment) => payment.tokens == spendable_tokens,
BudgetExpr::After(_, sub_expr) | BudgetExpr::And(_, _, sub_expr) => {
sub_expr.verify(spendable_tokens)
}
BudgetExpr::Or(a, b) => a.1.verify(spendable_tokens) && b.1.verify(spendable_tokens),
}
}
/// Apply a witness to the budget to see if the budget can be reduced.
/// If so, modify the budget in-place.
pub fn apply_witness(&mut self, witness: &Witness, from: &Pubkey) {
let new_expr = match self {
BudgetExpr::After(cond, sub_expr) if cond.is_satisfied(witness, from) => {
Some(sub_expr.clone())
}
BudgetExpr::Or((cond, sub_expr), _) if cond.is_satisfied(witness, from) => {
Some(sub_expr.clone())
}
BudgetExpr::Or(_, (cond, sub_expr)) if cond.is_satisfied(witness, from) => {
Some(sub_expr.clone())
}
BudgetExpr::And(cond0, cond1, sub_expr) => {
if cond0.is_satisfied(witness, from) {
Some(Box::new(BudgetExpr::After(cond1.clone(), sub_expr.clone())))
} else if cond1.is_satisfied(witness, from) {
Some(Box::new(BudgetExpr::After(cond0.clone(), sub_expr.clone())))
} else {
None
}
}
_ => None,
};
if let Some(expr) = new_expr {
mem::replace(self, *expr);
}
}
}
#[cfg(test)]
mod tests {
use super::*;
use crate::signature::{Keypair, KeypairUtil};
#[test]
fn test_signature_satisfied() {
let from = Pubkey::default();
assert!(Condition::Signature(from).is_satisfied(&Witness::Signature, &from));
}
#[test]
fn test_timestamp_satisfied() {
let dt1 = Utc.ymd(2014, 11, 14).and_hms(8, 9, 10);
let dt2 = Utc.ymd(2014, 11, 14).and_hms(10, 9, 8);
let from = Pubkey::default();
assert!(Condition::Timestamp(dt1, from).is_satisfied(&Witness::Timestamp(dt1), &from));
assert!(Condition::Timestamp(dt1, from).is_satisfied(&Witness::Timestamp(dt2), &from));
assert!(!Condition::Timestamp(dt2, from).is_satisfied(&Witness::Timestamp(dt1), &from));
}
#[test]
fn test_verify() {
let dt = Utc.ymd(2014, 11, 14).and_hms(8, 9, 10);
let from = Pubkey::default();
let to = Pubkey::default();
assert!(BudgetExpr::new_payment(42, to).verify(42));
assert!(BudgetExpr::new_authorized_payment(from, 42, to).verify(42));
assert!(BudgetExpr::new_future_payment(dt, from, 42, to).verify(42));
assert!(BudgetExpr::new_cancelable_future_payment(dt, from, 42, to).verify(42));
}
#[test]
fn test_authorized_payment() {
let from = Pubkey::default();
let to = Pubkey::default();
let mut expr = BudgetExpr::new_authorized_payment(from, 42, to);
expr.apply_witness(&Witness::Signature, &from);
assert_eq!(expr, BudgetExpr::new_payment(42, to));
}
#[test]
fn test_future_payment() {
let dt = Utc.ymd(2014, 11, 14).and_hms(8, 9, 10);
let from = Keypair::new().pubkey();
let to = Keypair::new().pubkey();
let mut expr = BudgetExpr::new_future_payment(dt, from, 42, to);
expr.apply_witness(&Witness::Timestamp(dt), &from);
assert_eq!(expr, BudgetExpr::new_payment(42, to));
}
#[test]
fn test_unauthorized_future_payment() {
// Ensure timestamp will only be acknowledged if it came from the
// whitelisted public key.
let dt = Utc.ymd(2014, 11, 14).and_hms(8, 9, 10);
let from = Keypair::new().pubkey();
let to = Keypair::new().pubkey();
let mut expr = BudgetExpr::new_future_payment(dt, from, 42, to);
let orig_expr = expr.clone();
expr.apply_witness(&Witness::Timestamp(dt), &to); // <-- Attack!
assert_eq!(expr, orig_expr);
}
#[test]
fn test_cancelable_future_payment() {
let dt = Utc.ymd(2014, 11, 14).and_hms(8, 9, 10);
let from = Pubkey::default();
let to = Pubkey::default();
let mut expr = BudgetExpr::new_cancelable_future_payment(dt, from, 42, to);
expr.apply_witness(&Witness::Timestamp(dt), &from);
assert_eq!(expr, BudgetExpr::new_payment(42, to));
let mut expr = BudgetExpr::new_cancelable_future_payment(dt, from, 42, to);
expr.apply_witness(&Witness::Signature, &from);
assert_eq!(expr, BudgetExpr::new_payment(42, from));
}
#[test]
fn test_2_2_multisig_payment() {
let from0 = Keypair::new().pubkey();
let from1 = Keypair::new().pubkey();
let to = Pubkey::default();
let mut expr = BudgetExpr::new_2_2_multisig_payment(from0, from1, 42, to);
expr.apply_witness(&Witness::Signature, &from0);
assert_eq!(expr, BudgetExpr::new_authorized_payment(from1, 42, to));
}
#[test]
fn test_multisig_after_sig() {
let from0 = Keypair::new().pubkey();
let from1 = Keypair::new().pubkey();
let from2 = Keypair::new().pubkey();
let to = Pubkey::default();
let expr = BudgetExpr::new_2_2_multisig_payment(from0, from1, 42, to);
let mut expr = BudgetExpr::After(Condition::Signature(from2), Box::new(expr));
expr.apply_witness(&Witness::Signature, &from2);
expr.apply_witness(&Witness::Signature, &from0);
assert_eq!(expr, BudgetExpr::new_authorized_payment(from1, 42, to));
}
#[test]
fn test_multisig_after_ts() {
let from0 = Keypair::new().pubkey();
let from1 = Keypair::new().pubkey();
let dt = Utc.ymd(2014, 11, 11).and_hms(7, 7, 7);
let to = Pubkey::default();
let expr = BudgetExpr::new_2_2_multisig_payment(from0, from1, 42, to);
let mut expr = BudgetExpr::After(Condition::Timestamp(dt, from0), Box::new(expr));
expr.apply_witness(&Witness::Timestamp(dt), &from0);
assert_eq!(
expr,
BudgetExpr::new_2_2_multisig_payment(from0, from1, 42, to)
);
expr.apply_witness(&Witness::Signature, &from0);
assert_eq!(expr, BudgetExpr::new_authorized_payment(from1, 42, to));
}
}

37
sdk/src/budget_instruction.rs
View File

@ -1,37 +0,0 @@
use crate::budget_expr::BudgetExpr;
use crate::budget_program;
use crate::pubkey::Pubkey;
use crate::transaction_builder::BuilderInstruction;
use chrono::prelude::{DateTime, Utc};
/// A smart contract.
#[derive(Serialize, Deserialize, Debug, PartialEq, Eq, Clone)]
pub struct Contract {
/// The number of tokens allocated to the `BudgetExpr` and any transaction fees.
pub tokens: u64,
pub budget_expr: BudgetExpr,
}
/// An instruction to progress the smart contract.
#[derive(Serialize, Deserialize, Debug, PartialEq, Eq, Clone)]
pub enum Instruction {
/// Declare and instantiate `BudgetExpr`.
NewBudget(BudgetExpr),
/// Tell a payment plan acknowledge the given `DateTime` has past.
ApplyTimestamp(DateTime<Utc>),
/// Tell the budget that the `NewBudget` with `Signature` has been
/// signed by the containing transaction's `Pubkey`.
ApplySignature,
}
impl Instruction {
pub fn new_budget(contract: Pubkey, expr: BudgetExpr) -> BuilderInstruction {
BuilderInstruction::new(
budget_program::id(),
&Instruction::NewBudget(expr),
vec![(contract, false)],
)
}
}

14
sdk/src/budget_program.rs
View File

@ -1,14 +0,0 @@
use crate::pubkey::Pubkey;
pub const BUDGET_PROGRAM_ID: [u8; 32] = [
129, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0,
];
pub fn id() -> Pubkey {
Pubkey::new(&BUDGET_PROGRAM_ID)
}
pub fn check_id(program_id: &Pubkey) -> bool {
program_id.as_ref() == BUDGET_PROGRAM_ID
}

293
sdk/src/budget_transaction.rs
View File

@ -1,293 +0,0 @@
//! The `budget_transaction` module provides functionality for creating Budget transactions.
use crate::budget_expr::{BudgetExpr, Condition};
use crate::budget_instruction::Instruction;
use crate::budget_program;
use crate::hash::Hash;
use crate::pubkey::Pubkey;
use crate::signature::{Keypair, KeypairUtil};
use crate::system_instruction::SystemInstruction;
use crate::transaction::Transaction;
use crate::transaction_builder::TransactionBuilder;
use bincode::deserialize;
use chrono::prelude::*;
pub struct BudgetTransaction {}
impl BudgetTransaction {
/// Create and sign a new Transaction. Used for unit-testing.
pub fn new_payment(
from_keypair: &Keypair,
to: Pubkey,
tokens: u64,
recent_blockhash: Hash,
fee: u64,
) -> Transaction {
let contract = Keypair::new().pubkey();
let from = from_keypair.pubkey();
let payment = BudgetExpr::new_payment(tokens - fee, to);
TransactionBuilder::new(fee)
.push(SystemInstruction::new_move(from, contract, tokens))
.push(Instruction::new_budget(contract, payment))
.sign(&[from_keypair], recent_blockhash)
}
/// Create and sign a new Transaction. Used for unit-testing.
#[allow(clippy::new_ret_no_self)]
pub fn new(
from_keypair: &Keypair,
to: Pubkey,
tokens: u64,
recent_blockhash: Hash,
) -> Transaction {
Self::new_payment(from_keypair, to, tokens, recent_blockhash, 0)
}
/// Create and sign a new Witness Timestamp. Used for unit-testing.
pub fn new_timestamp(
from_keypair: &Keypair,
contract: Pubkey,
to: Pubkey,
dt: DateTime<Utc>,
recent_blockhash: Hash,
) -> Transaction {
let instruction = Instruction::ApplyTimestamp(dt);
Transaction::new(
from_keypair,
&[contract, to],
budget_program::id(),
&instruction,
recent_blockhash,
0,
)
}
/// Create and sign a new Witness Signature. Used for unit-testing.
pub fn new_signature(
from_keypair: &Keypair,
contract: Pubkey,
to: Pubkey,
recent_blockhash: Hash,
) -> Transaction {
let instruction = Instruction::ApplySignature;
let mut keys = vec![contract];
if from_keypair.pubkey() != to {
keys.push(to);
}
Transaction::new(
from_keypair,
&keys,
budget_program::id(),
&instruction,
recent_blockhash,
0,
)
}
/// Create and sign a postdated Transaction. Used for unit-testing.
pub fn new_on_date(
from_keypair: &Keypair,
to: Pubkey,
contract: Pubkey,
dt: DateTime<Utc>,
dt_pubkey: Pubkey,
cancelable: Option<Pubkey>,
tokens: u64,
recent_blockhash: Hash,
) -> Transaction {
let expr = if let Some(from) = cancelable {
BudgetExpr::Or(
(
Condition::Timestamp(dt, dt_pubkey),
Box::new(BudgetExpr::new_payment(tokens, to)),
),
(
Condition::Signature(from),
Box::new(BudgetExpr::new_payment(tokens, from)),
),
)
} else {
BudgetExpr::After(
Condition::Timestamp(dt, dt_pubkey),
Box::new(BudgetExpr::new_payment(tokens, to)),
)
};
let instruction = Instruction::NewBudget(expr);
Transaction::new(
from_keypair,
&[contract],
budget_program::id(),
&instruction,
recent_blockhash,
0,
)
}
/// Create and sign a multisig Transaction.
pub fn new_when_signed(
from_keypair: &Keypair,
to: Pubkey,
contract: Pubkey,
witness: Pubkey,
cancelable: Option<Pubkey>,
tokens: u64,
recent_blockhash: Hash,
) -> Transaction {
let expr = if let Some(from) = cancelable {
BudgetExpr::Or(
(
Condition::Signature(witness),
Box::new(BudgetExpr::new_payment(tokens, to)),
),
(
Condition::Signature(from),
Box::new(BudgetExpr::new_payment(tokens, from)),
),
)
} else {
BudgetExpr::After(
Condition::Signature(witness),
Box::new(BudgetExpr::new_payment(tokens, to)),
)
};
let instruction = Instruction::NewBudget(expr);
Transaction::new(
from_keypair,
&[contract],
budget_program::id(),
&instruction,
recent_blockhash,
0,
)
}
pub fn system_instruction(tx: &Transaction, index: usize) -> Option<SystemInstruction> {
deserialize(&tx.userdata(index)).ok()
}
pub fn instruction(tx: &Transaction, index: usize) -> Option<Instruction> {
deserialize(&tx.userdata(index)).ok()
}
/// Verify only the payment plan.
pub fn verify_plan(tx: &Transaction) -> bool {
if let Some(SystemInstruction::Move { tokens }) = Self::system_instruction(tx, 0) {
if let Some(Instruction::NewBudget(expr)) = BudgetTransaction::instruction(&tx, 1) {
if !(tx.fee <= tokens && expr.verify(tokens - tx.fee)) {
return false;
}
}
}
true
}
}
#[cfg(test)]
mod tests {
use super::*;
use bincode::{deserialize, serialize};
#[test]
fn test_claim() {
let keypair = Keypair::new();
let zero = Hash::default();
let tx0 = BudgetTransaction::new(&keypair, keypair.pubkey(), 42, zero);
assert!(BudgetTransaction::verify_plan(&tx0));
}
#[test]
fn test_payment() {
let zero = Hash::default();
let keypair0 = Keypair::new();
let keypair1 = Keypair::new();
let pubkey1 = keypair1.pubkey();
let tx0 = BudgetTransaction::new(&keypair0, pubkey1, 42, zero);
assert!(BudgetTransaction::verify_plan(&tx0));
}
#[test]
fn test_payment_with_fee() {
let zero = Hash::default();
let keypair0 = Keypair::new();
let pubkey1 = Keypair::new().pubkey();
let tx0 = BudgetTransaction::new_payment(&keypair0, pubkey1, 1, zero, 1);
assert!(BudgetTransaction::verify_plan(&tx0));
}
#[test]
fn test_serialize_claim() {
let zero = Hash::default();
let keypair0 = Keypair::new();
let pubkey1 = Keypair::new().pubkey();
let tx0 = BudgetTransaction::new_payment(&keypair0, pubkey1, 1, zero, 1);
let buf = serialize(&tx0).unwrap();
let tx1: Transaction = deserialize(&buf).unwrap();
assert_eq!(tx1, tx0);
}
#[test]
fn test_token_attack() {
let zero = Hash::default();
let keypair = Keypair::new();
let pubkey = keypair.pubkey();
let mut tx = BudgetTransaction::new(&keypair, pubkey, 42, zero);
let mut system_instruction = BudgetTransaction::system_instruction(&tx, 0).unwrap();
if let SystemInstruction::Move { ref mut tokens } = system_instruction {
*tokens = 1_000_000; // <-- attack, part 1!
let mut instruction = BudgetTransaction::instruction(&tx, 1).unwrap();
if let Instruction::NewBudget(ref mut expr) = instruction {
if let BudgetExpr::Pay(ref mut payment) = expr {
payment.tokens = *tokens; // <-- attack, part 2!
}
}
tx.instructions[1].userdata = serialize(&instruction).unwrap();
}
tx.instructions[0].userdata = serialize(&system_instruction).unwrap();
assert!(BudgetTransaction::verify_plan(&tx));
assert!(!tx.verify_signature());
}
#[test]
fn test_hijack_attack() {
let keypair0 = Keypair::new();
let keypair1 = Keypair::new();
let thief_keypair = Keypair::new();
let pubkey1 = keypair1.pubkey();
let zero = Hash::default();
let mut tx = BudgetTransaction::new(&keypair0, pubkey1, 42, zero);
let mut instruction = BudgetTransaction::instruction(&tx, 1);
if let Some(Instruction::NewBudget(ref mut expr)) = instruction {
if let BudgetExpr::Pay(ref mut payment) = expr {
payment.to = thief_keypair.pubkey(); // <-- attack!
}
}
tx.instructions[1].userdata = serialize(&instruction).unwrap();
assert!(BudgetTransaction::verify_plan(&tx));
assert!(!tx.verify_signature());
}
#[test]
fn test_overspend_attack() {
let keypair0 = Keypair::new();
let keypair1 = Keypair::new();
let zero = Hash::default();
let mut tx = BudgetTransaction::new(&keypair0, keypair1.pubkey(), 1, zero);
let mut instruction = BudgetTransaction::instruction(&tx, 1).unwrap();
if let Instruction::NewBudget(ref mut expr) = instruction {
if let BudgetExpr::Pay(ref mut payment) = expr {
payment.tokens = 2; // <-- attack!
}
}
tx.instructions[1].userdata = serialize(&instruction).unwrap();
assert!(!BudgetTransaction::verify_plan(&tx));
// Also, ensure all branchs of the plan spend all tokens
let mut instruction = BudgetTransaction::instruction(&tx, 1).unwrap();
if let Instruction::NewBudget(ref mut expr) = instruction {
if let BudgetExpr::Pay(ref mut payment) = expr {
payment.tokens = 0; // <-- whoops!
}
}
tx.instructions[1].userdata = serialize(&instruction).unwrap();
assert!(!BudgetTransaction::verify_plan(&tx));
}
}

5
sdk/src/lib.rs
View File

@ -1,9 +1,5 @@
pub mod account;
pub mod bpf_loader;
pub mod budget_expr;
pub mod budget_instruction;
pub mod budget_program;
pub mod budget_transaction;
pub mod genesis_block;
pub mod hash;
pub mod loader_instruction;
@ -11,7 +7,6 @@ pub mod loader_transaction;
pub mod native_loader;
pub mod native_program;
pub mod packet;
pub mod payment_plan;
pub mod pubkey;
pub mod shortvec;
pub mod signature;