Add trust check to token fetch in cic-eth task

This commit is contained in:
nolash 2021-10-08 18:39:22 +02:00
parent 53e9c63698
commit 6ccffb15b6
Signed by untrusted user who does not match committer: lash
GPG Key ID: 21D2E7BB88C2A746
9 changed files with 60 additions and 10 deletions

View File

@ -1,5 +1,5 @@
SQLAlchemy==1.3.20 SQLAlchemy==1.3.20
cic-eth-registry>=0.6.1a3,<0.7.0 cic-eth-registry>=0.6.1a5,<0.7.0
hexathon~=0.0.1a8 hexathon~=0.0.1a8
chainqueue>=0.0.4a6,<0.1.0 chainqueue>=0.0.4a6,<0.1.0
eth-erc20>=0.1.2a2,<0.2.0 eth-erc20>=0.1.2a2,<0.2.0

View File

@ -7,11 +7,16 @@ from chainlib.connection import RPCConnection
from chainlib.chain import ChainSpec from chainlib.chain import ChainSpec
from cic_eth_registry.erc20 import ERC20Token from cic_eth_registry.erc20 import ERC20Token
from hexathon import add_0x from hexathon import add_0x
from eth_address_declarator import Declarator
from cic_eth_registry import CICRegistry
from okota.token_index import to_identifier
# local imports # local imports
from cic_eth.task import ( from cic_eth.task import (
BaseTask, BaseTask,
) )
from cic_eth.db.models.role import AccountRole
from cic_eth.error import TrustError
celery_app = celery.current_app celery_app = celery.current_app
logg = logging.getLogger() logg = logging.getLogger()
@ -31,8 +36,18 @@ def default_token(self):
def token(self, tokens, chain_spec_dict): def token(self, tokens, chain_spec_dict):
chain_spec = ChainSpec.from_dict(chain_spec_dict) chain_spec = ChainSpec.from_dict(chain_spec_dict)
rpc = RPCConnection.connect(chain_spec, 'default') rpc = RPCConnection.connect(chain_spec, 'default')
declarator = Declarator(chain_spec)
r = [] session = self.create_session()
sender_address = AccountRole.get_address('DEFAULT', session)
sender_address = AccountRole.get_address('DEFAULT', session)
registry = CICRegistry(chain_spec, rpc)
declarator_address = registry.by_name('AddressDeclarator', sender_address=sender_address)
have_proof = False
result_data = []
for token in tokens: for token in tokens:
token_chain_object = ERC20Token(chain_spec, rpc, add_0x(token['address'])) token_chain_object = ERC20Token(chain_spec, rpc, add_0x(token['address']))
token_chain_object.load(rpc) token_chain_object.load(rpc)
@ -41,7 +56,26 @@ def token(self, tokens, chain_spec_dict):
'name': token_chain_object.name, 'name': token_chain_object.name,
'symbol': token_chain_object.symbol, 'symbol': token_chain_object.symbol,
'address': token_chain_object.address, 'address': token_chain_object.address,
'declaration': {},
} }
r.append(token_data)
return r token_proof_hex = to_identifier(token_chain_object.symbol)
logg.debug('token proof to match is {}'.format(token_proof_hex))
for trusted_address in self.trusted_addresses:
o = declarator.declaration(declarator_address, trusted_address, token_chain_object.address, sender_address=sender_address)
r = rpc.do(o)
declarations = declarator.parse_declaration(r)
token_data['declaration'][trusted_address] = declarations
logg.debug('declarations for {} by {}: {}'.format(token_chain_object.address, trusted_address, declarations))
for declaration in declarations:
if declaration == token_proof_hex:
logg.debug('have token proof {} match for trusted address {}'.format(declaration, trusted_address))
have_proof = True
if not have_proof:
raise TrustError('no proof found for token {}'.format(token_chain_object.symbol))
result_data.append(token_data)
return result_data

View File

@ -48,8 +48,6 @@ class RoleMissingError(Exception):
pass pass
class IntegrityError(Exception): class IntegrityError(Exception):
"""Exception raised to signal irregularities with deduplication and ordering of tasks """Exception raised to signal irregularities with deduplication and ordering of tasks
@ -85,3 +83,8 @@ class RoleAgencyError(SeppukuError):
class YouAreBrokeError(Exception): class YouAreBrokeError(Exception):
"""Exception raised when a value transfer is attempted without access to sufficient funds """Exception raised when a value transfer is attempted without access to sufficient funds
""" """
class TrustError(Exception):
"""Exception raised when required trust proofs are missing for a request
"""

View File

@ -16,6 +16,10 @@ def init_celery_tasks(
contract_roles, contract_roles,
): ):
BaseTask.call_address = contract_roles['DEFAULT'] BaseTask.call_address = contract_roles['DEFAULT']
BaseTask.trusted_addresses = [
contract_roles['TRUSTED_DECLARATOR'],
contract_roles['CONTRACT_DEPLOYER'],
]
# celery fixtures # celery fixtures

View File

@ -210,6 +210,7 @@ def main():
default_token.load(conn) default_token.load(conn)
BaseTask.default_token_decimals = default_token.decimals BaseTask.default_token_decimals = default_token.decimals
BaseTask.default_token_name = default_token.name BaseTask.default_token_name = default_token.name
BaseTask.trusted_addresses = trusted_addresses
BaseTask.run_dir = config.get('CIC_RUN_DIR') BaseTask.run_dir = config.get('CIC_RUN_DIR')
logg.info('default token set to {} {}'.format(BaseTask.default_token_symbol, BaseTask.default_token_address)) logg.info('default token set to {} {}'.format(BaseTask.default_token_symbol, BaseTask.default_token_address))

View File

@ -28,6 +28,7 @@ class BaseTask(celery.Task):
session_func = SessionBase.create_session session_func = SessionBase.create_session
call_address = ZERO_ADDRESS call_address = ZERO_ADDRESS
trusted_addresses = []
create_nonce_oracle = RPCNonceOracle create_nonce_oracle = RPCNonceOracle
create_gas_oracle = RPCGasOracle create_gas_oracle = RPCGasOracle
default_token_address = None default_token_address = None

View File

@ -6,10 +6,11 @@ redis==3.5.3
hexathon~=0.0.1a8 hexathon~=0.0.1a8
pycryptodome==3.10.1 pycryptodome==3.10.1
liveness~=0.0.1a7 liveness~=0.0.1a7
eth-address-index>=0.2.3a4,<0.3.0 eth-address-index>=0.2.4a1,<0.3.0
eth-accounts-index>=0.1.2a3,<0.2.0 eth-accounts-index>=0.1.2a3,<0.2.0
cic-eth-registry>=0.6.1a3,<0.7.0 cic-eth-registry>=0.6.1a5,<0.7.0
erc20-faucet>=0.3.2a2,<0.4.0 erc20-faucet>=0.3.2a2,<0.4.0
erc20-transfer-authorization>=0.3.5a2,<0.4.0 erc20-transfer-authorization>=0.3.5a2,<0.4.0
sarafu-faucet>=0.0.7a2,<0.1.0 sarafu-faucet>=0.0.7a2,<0.1.0
moolb~=0.1.1b2 moolb~=0.1.1b2
okota>=0.2.4a6,<0.3.0

View File

@ -1,7 +1,13 @@
# standard imports
import logging
# local imports # local imports
from cic_eth.api.api_task import Api from cic_eth.api.api_task import Api
from cic_eth.task import BaseTask from cic_eth.task import BaseTask
logg = logging.getLogger()
def test_default_token( def test_default_token(
default_chain_spec, default_chain_spec,
foo_token, foo_token,

View File

@ -1,6 +1,6 @@
crypto-dev-signer>=0.4.15a7,<=0.4.15 crypto-dev-signer>=0.4.15rc2,<=0.4.15
chainqueue>=0.0.5a1,<0.1.0 chainqueue>=0.0.5a1,<0.1.0
cic-eth-registry>=0.6.1a3,<0.7.0 cic-eth-registry>=0.6.1a6,<0.7.0
redis==3.5.3 redis==3.5.3
hexathon~=0.0.1a8 hexathon~=0.0.1a8
pycryptodome==3.10.1 pycryptodome==3.10.1