Force using principal accounts for X-chain withdrawals

CryptoPascal31 · Jun 13, 2023 · e92ccb8 · e92ccb8
1 parent 1d1e714
commit e92ccb8
Show file tree

Hide file tree

Showing 5 changed files with 41 additions and 14 deletions.
diff --git a/gen_test_vectors/index.js b/gen_test_vectors/index.js
@@ -6,6 +6,7 @@ import {hash} from '@kadena/cryptography-utils'
 const MNEMONIC = "obscure vivid ill elite sister evoke faculty accident slide alter kiwi captain"
 const RELAY_MODULE = "free.cyKlone-relay-v0"
 const MAIN_WITHDRAWER = "bob"
+const XCHAIN_WITHDRAWER = "r:user.bob"
 const XCHAIN_DST = "3"
 const NO_POOL = "";
 
@@ -76,7 +77,7 @@ function gen_pact_proof_relay(deposit_index, tree_size)
 
 function gen_pact_proof_relay_xchain(deposit_index, tree_size)
 {
-  const relayer = compute_cap_guard_principal(MAIN_WITHDRAWER + XCHAIN_DST)
+  const relayer = compute_cap_guard_principal(XCHAIN_WITHDRAWER + XCHAIN_DST)
   console.log(relayer)
   return gen_proof(relayer, deposit_index, tree_size)
          .then( (x) =>[`(defconst WITHDRAW_RELAY_XCHAIN_${deposit_index}_${tree_size}_NULL:string "${x.nullifier_hash}")`,

diff --git a/pact/contracts/cyklone-relay.pact b/pact/contracts/cyklone-relay.pact
@@ -1,5 +1,5 @@
 (module cyKlone-relay-v0 GOVERNANCE
-  (defconst VERSION:string "0.25")
+  (defconst VERSION:string "0.26")
   (implements gas-payer-v1)
 
   (use free.util-math [xEy])
@@ -103,6 +103,11 @@
   (defun relay-withdraw-xchain (dst-account:string dst-guard:guard target-chain:string nullifier-hash:string root:string proof:string)
     @doc "User callable function to withdraw from the relay account and make a transfer-create to the final user account"
     (enforce XCHAIN-ENABLED "X-chain withdrawal disabled")
+    ; Definitively, it too dangerous to allow X-chain withdrawal with non prinicipal account
+    ; There is a risk of f frontrunning and loosing funds.
+    (enforce (validate-principal dst-guard dst-account)
+             "X-chain withdrawals are only allowed for principal accounts")
+
     ; First step => Withdraw to relay
     ; _dst-account is set to account+chain_id
     (let* ((_dst-account (+ dst-account target-chain))

diff --git a/pact/tests/benchmarks.repl b/pact/tests/benchmarks.repl
@@ -41,6 +41,13 @@
 (load "test-vectors.pact")
 (commit-tx)
 
+;Create a keyset to use a keyset-ref as a principal withdrawing account
+(begin-tx)
+(namespace 'user)
+(env-data {'k:["bob-key"]})
+(define-keyset "user.bob" (read-keyset 'k))
+(commit-tx)
+
 (env-gasmodel "table")
 (env-gaslimit 1000000000)
 
@@ -103,7 +110,7 @@
 (use test-vectors)
 (env-data {'ks:["bob-key"], 'pool:"10KDA"})
 (env-gas 0)
-(relay-withdraw-xchain "bob" (read-keyset 'ks) "16" WITHDRAW_RELAY_0_0_NULL WITHDRAW_RELAY_0_0_ROOT WITHDRAW_RELAY_0_0_PROOF)
+(relay-withdraw-xchain "r:user.bob" (keyset-ref-guard "user.bob") "3" WITHDRAW_RELAY_XCHAIN_0_0_NULL WITHDRAW_RELAY_XCHAIN_0_0_ROOT WITHDRAW_RELAY_XCHAIN_0_0_PROOF)
 (print (format "Relay withdrawal X: {}" [(env-gas)]))
 (rollback-tx)
 

diff --git a/pact/tests/cyKlone-relay.repl b/pact/tests/cyKlone-relay.repl
@@ -36,6 +36,14 @@
 (init)
 (commit-tx)
 
+;Create a keyset to use a keyset-ref as a principal withdrawing account
+(begin-tx)
+(namespace 'user)
+(env-data {'k:["bob-key"]})
+(define-keyset "user.bob" (read-keyset 'k))
+(commit-tx)
+
+
 ; Load test vectors and utils in the root namespace
 (begin-tx)
 (load "test-vectors.pact")
@@ -76,27 +84,33 @@
 (use free.cyKlone-relay-v0)
 (use test-vectors)
 (if XCHAIN-ENABLED
-  (let ((_ 0))
+  (let ((acc "r:user.bob")
+        (guard (keyset-ref-guard "user.bob")))
     (env-data {'ks:["bob-key"], 'pool:"10KDA"})
-    (print (format "Relayer account:{} -> {}" ["bob" (relayer-account "bob")]))
+    (print (format "Relayer account:{} -> {}" ["r:user.bob" (relayer-account "r:user.bob")]))
     ; Target chain "3" has been fixed in the test vectors generation JS
+
+    ; => Withdrawing using a non principal account should not work
+    (expect-failure "Not a principal account" "principal"
+                    (relay-withdraw-xchain "bob" guard "4" WITHDRAW_RELAY_XCHAIN_1_1_NULL WITHDRAW_RELAY_XCHAIN_1_1_ROOT WITHDRAW_RELAY_XCHAIN_1_1_PROOF))
+
     ; => Withdrawing using the non X-chain proof should not work
     (expect-failure "Bad chain" "Proof does not match"
-                    (relay-withdraw-xchain "bob" (read-keyset 'ks) "3" WITHDRAW_RELAY_1_1_NULL WITHDRAW_RELAY_1_1_ROOT WITHDRAW_RELAY_1_1_PROOF))
+                    (relay-withdraw-xchain acc guard "3" WITHDRAW_RELAY_1_1_NULL WITHDRAW_RELAY_1_1_ROOT WITHDRAW_RELAY_1_1_PROOF))
 
     ; => Withdrawing to chain "4" should not work
     (expect-failure "Bad chain" "Proof does not match"
-                    (relay-withdraw-xchain "bob" (read-keyset 'ks) "4" WITHDRAW_RELAY_XCHAIN_1_1_NULL WITHDRAW_RELAY_XCHAIN_1_1_ROOT WITHDRAW_RELAY_XCHAIN_1_1_PROOF))
+                    (relay-withdraw-xchain acc guard "4" WITHDRAW_RELAY_XCHAIN_1_1_NULL WITHDRAW_RELAY_XCHAIN_1_1_ROOT WITHDRAW_RELAY_XCHAIN_1_1_PROOF))
 
     ; => But chain "3" should work
-    (relay-withdraw-xchain "bob" (read-keyset 'ks) "3" WITHDRAW_RELAY_XCHAIN_1_1_NULL WITHDRAW_RELAY_XCHAIN_1_1_ROOT WITHDRAW_RELAY_XCHAIN_1_1_PROOF)
+    (relay-withdraw-xchain acc guard "3" WITHDRAW_RELAY_XCHAIN_1_1_NULL WITHDRAW_RELAY_XCHAIN_1_1_ROOT WITHDRAW_RELAY_XCHAIN_1_1_PROOF)
     (expect-that "Balance of gas station" (<= TOTAL-GAS) (coin.get-balance (gas-payer-account)))
 
     ; Check Pact state to confirm that exvrything worked
     (bind (at 'yield (pact-state)) {'amount:=ps_amount, 'receiver:=ps_receiver, 'receiver-guard:=ps_guard}
       (expect-that "Good amount" (and? (< 9.9) (> 10.0)) ps_amount)
-      (expect "Good receiver" "bob" ps_receiver)
-      (expect "Good receiver guard" (read-keyset 'ks) ps_guard)
+      (expect "Good receiver" "r:user.bob" ps_receiver)
+      (expect "Good receiver guard" (keyset-ref-guard "user.bob") ps_guard)
     ))
   (print "X-chain disabled => Bypass test")
 )

diff --git a/pact/tests/test-vectors.pact b/pact/tests/test-vectors.pact
@@ -118,14 +118,14 @@
 ; -------------------------- RELAY WITHDRAWAL ----------------------------------
   (defconst WITHDRAW_RELAY_0_0_NULL:string "L0dUnibUYCOcQJdaHDe7LJhGbE6UkS5V66J39WnuHkM")
   (defconst WITHDRAW_RELAY_0_0_ROOT:string "GHmGMz-scxQA3N3QfTHndeP6DZl9ZjGcA6sD7ZTGQb0")
-  (defconst WITHDRAW_RELAY_0_0_PROOF:string "JLykwgqSNl9UsChNOl1vlrDIt-t6vCw6MZYo-qzX0z4FPV4hw0-ogP4UlYFGDypgMgYjfVUqnrRSYqq4QPp-FoIi2fUQcGS47-LA5KQnVBqXIVnZNGzuxQ-Xcp0uXb44QEl_qcd96d45AcF5TQnZ06D8pUiICAsKW4j4zerwTo6IDTtPfVyVqBMDjlUHjM-uEBXIEusJuID7dOPyInLKDHYEpV4rjpnCwZo2zevc-vop0otfvG3sI7mort9Q4gBDpYKnUYG9Ocw59y6tDlRcXuHIoSc1xYkISPYXw2ZSBTBogE8Ca1G6lX0ZYviaLNAGc46JMdEJCntJldpuDUPY_zts")
+  (defconst WITHDRAW_RELAY_0_0_PROOF:string "JdHHTBKpDJ9DnFh7HDzSm83ISMwlX3mEL4AmgDolcEAGuJC7iyXJkfIOre6x_N62DVR3_pdDN-ssfcaQwrfiDwFU52A9biYhKvwRhwvr5gM9mt4HVQa6Lzry1_x5HBBuMJqR_sN5b00Lbgdo8FMt6LRD2Qi4Gp2ky-yrtYrkKTm0H8sXbexaYtrPAMKyaaN0JnWKgn0oV4bjaPQCGt0S1HIFk16Q9bN1ljrktaG6P55uxv4ip4hKGvlVrejR05ZCyYENJmpQg1pQZln0kzh-Ph7N7YYBntL8Kd64fQ4oZsECsC8g53DthHQCuUO2TsKGioty2nPkQWBVbUzMJsAW8IUM")
   (defconst WITHDRAW_RELAY_1_1_NULL:string "DXTdpjx9E7TXWxe3Wxguzo6mT1AjhJ5Ophex_th-tc4")
   (defconst WITHDRAW_RELAY_1_1_ROOT:string "MB9xr8oRJ3S8KOWmND7AmUChEV0wt2CZGW43zJdYVvY")
-  (defconst WITHDRAW_RELAY_1_1_PROOF:string "Kc4hC3rhH9rvk1bAjuhNfI0yoNs38VLuK6aPo2wfnqgJ6Cc1YwcidGgkdDLlYhgYfK5YxXrax81vurLMeuTwqEGmrI6gADxDsgvU4fvkes2kSQ745_UoEg6W21EV_3p3sEG0ICA1Uqms9bHJZXG0i5LsLklzxeh1mOv1WS1rStM0BNfKASO7jGUA7XJvKUsiyYpnC1sVH30TZGHeKy6VKPUFU1uA33QzTRiktZgcapFFIjTtAqeIHE5GaaLbe1txPULecPueeessPcBqpqGOeLLWwAakXoAFfwsgnv8BaMvRMGY1ajWPJOWXFMmEr-6HVFjr1St77ULqrq0XtXk2egF0")
+  (defconst WITHDRAW_RELAY_1_1_PROOF:string "A9Trq_rw4DHgUJ1ov5Hcns1qIo57WTDtfwXqnaKlO70BFem6DqaRyYDyNnfT0owUQ-Upbl9liT445hvld_hlsgHbqA4dFxGgh1R9NygDYrnrkOco7Z_tJTw4TiZ6ZuzB8ETH8ekO_v9J6i2P1GFgoxKNeyzZDyFTB3B-HEjjr6jUDRMhD5wJer0xgGabD26lmv1tetCUSj-1_PjXpSG0Ea8LVGR3JQf57c2kRhTptH9D02dtWkoANKuk1XkK-aS6M4IIwpu7rjRB7QsSXldgXGIR3xhYyx7vmKvTGfRGFzX1wBtZQNa0Fiq3_tsOU3B6GewLGuovAR_jjWtk5t5axvlU")
   (defconst WITHDRAW_RELAY_XCHAIN_0_0_NULL:string "L0dUnibUYCOcQJdaHDe7LJhGbE6UkS5V66J39WnuHkM")
   (defconst WITHDRAW_RELAY_XCHAIN_0_0_ROOT:string "GHmGMz-scxQA3N3QfTHndeP6DZl9ZjGcA6sD7ZTGQb0")
-  (defconst WITHDRAW_RELAY_XCHAIN_0_0_PROOF:string "BJfGBX0gIvvvbsGxdrte8WFdhHRvu02qRjXgZxtAIL8HmPg-jzaUjNIgE1Z2OFgQu-POWfo3KOeRcknS501QnIC7lBdu-1n97bUrKkvX5IW3AL_7-hdnZoT5zNSSxMlcgJIb9Bc_ocgWTmI9LBJqRH8ZCbse5MblyPgQcsQLC38oC-iuNZnkoRVm48q3xYCkxKYggsNHcylYzTG8yPN7QkoHVB80bdZoU2zdbwusXc-RoS9vnz_OhXy3LzGo9wOSBQJUg4tlF5xTKrhTX21KkIVYSARITDiW3_ODIDJD5mV2MGRRm-nl57AgUA7IkFaFF0XMVKbajRSDvn6WISOBs5v8")
+  (defconst WITHDRAW_RELAY_XCHAIN_0_0_PROOF:string "BeHoPNwT1Q9pFx6dttfdkMgS1V7dcQeOf9ImvwQ1AoMHfAVBzzyE5YlcrJN--MDFboHLHkIKJx4sFn3zrTM0RAKqrEBtHZqZ4EcDt2XCgssuBzPRRVBOl3h4C8q5oInEUJm1wYN04p0AnwbzVMG6H5tzvFRDw4XbudN-b4TDnmHgGVHS_YtHF-NknyouepiJ9xC7bcRuVg27vphEG80PRzYA_CCXAol8J1r_MVK91LW57hf82_N_4zHtT6LT5CkDdkIN7uqV79HWsrVKZkKTUM7w_9X-43Z0nV5WWRScQapDoDzSbYJpKbp20x4oWUkkNdTc7_57XMbwMHcN9CAHxt5Q")
   (defconst WITHDRAW_RELAY_XCHAIN_1_1_NULL:string "DXTdpjx9E7TXWxe3Wxguzo6mT1AjhJ5Ophex_th-tc4")
   (defconst WITHDRAW_RELAY_XCHAIN_1_1_ROOT:string "MB9xr8oRJ3S8KOWmND7AmUChEV0wt2CZGW43zJdYVvY")
-  (defconst WITHDRAW_RELAY_XCHAIN_1_1_PROOF:string "AZ-PXCIIh0NOqJ6qMveVEFqGvVNwnrove7FWFGJlZEALW-vK02sl5gn_EQeoVyd6AZWQ9J1VctJUPTxJEirjuoEmmxkLxszOG2yTl8CvxDirMwLRXBXqfKk4ypyiwEq9gAESaYcYP0dsw1k7dorh5WM1DIKewDRBsAGSBn_j7V-AKNqOvLTasFkEZHZjt_aG-rpzPorsFEo8HBYJ0t2g81ECXa_GinjtSD3zxjbwj2EbmH-W1ZdoEEuuaBcCF1stpgJYpvKqxXQlW6RF2rSU0_gxeHNoJoMdf6sMKNM7sExGkJPZI1OGNXDKhgYj5HfEXDtMwzWQAkLgSlsc3aYiUNBY")
+  (defconst WITHDRAW_RELAY_XCHAIN_1_1_PROOF:string "JHoeBnuHRsj3Ul_yOGTCoouuG96mFUBg4Ci2x19VMBcK92qtTRrR6Q3HyDFfwcygydZr-MeTCf4k0atGQADVKcD4YyWbiiNiJlQuI8vFPwDDQxzzZTgkaUo2pUuZdfuxAA3cFiuRHPsAqIVcQwzeCHxnleWMlZVE4CrcxB6vW_WgJjx-dQ_3eYy3bQGSIKaE0ddw_zyslgLLPIQnCDpGLKELh14N2xo8iYno6g1S2-EHtC1vO3RnuPJVwRgDJGGhNoABu2drSF1UDIxRvskcWsbftxyxjjgY_kcVFkqnms_UYLUCmLWAtbidh70pSIXyx41WTEu8V64Nw93jWUrea5qM")
 )