Salted nonces

CHANGELOG.md

@@ -0,0 +1,20 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+## [0.3.0]
+
+### Added
+- 4 bytes salts added to state for security purposes
+- SaltManager role to manage salts rotation functionality
+- Expirable nonces: contain expiration deadline in nanoseconds
+- Salted nonces: contain salt part as validity identifier
+- Cleanup functionality for nonces to preserve storage: all expired nonces or nonces with invalid salt can be cleared. Legacy nonces can't be cleared before a complete prohibition on its usage.
+
+### Changed
+- State versioning
+- Nonce versioning
+- Updated nonce format: The new version must contain the salt part + expiration date to determine if it is valid, but legacy nonces are still supported
+- Optimized nonce storage by adding hashers into maps
+- Intent simulation output returns all nonces committed by transaction
+

core/src/accounts.rs

@@ -4,7 +4,7 @@ use near_sdk::{AccountIdRef, near};
 use serde_with::serde_as;
 use std::borrow::Cow;
 
-use crate::Nonce;
+use crate::{Nonce, Salt};
 
 #[must_use = "make sure to `.emit()` this event"]
 #[near(serializers = [json])]
@@ -63,3 +63,19 @@ impl NonceEvent {
         Self { nonce }
     }
 }
+
+#[must_use = "make sure to `.emit()` this event"]
+#[near(serializers = [json])]
+#[derive(Debug, Clone)]
+pub struct RotateSaltEvent {
+    pub old_salt: Salt,
+    pub new_salt: Salt,
+}
+
+#[must_use = "make sure to `.emit()` this event"]
+#[near(serializers = [json])]
+#[derive(Debug, Clone)]
+pub struct InvalidateSaltEvent {
+    pub current: Salt,
+    pub invalidated: Salt,
+}

core/src/engine/mod.rs

@@ -6,7 +6,7 @@ pub use self::{inspector::*, state::*};
 use defuse_crypto::{Payload, SignedPayload};
 
 use crate::{
-    DefuseError, ExpirableNonce, Result,
+    Deadline, DefuseError, ExpirableNonce, Nonce, Result, SaltedNonce, VersionedNonce,
     intents::{DefuseIntents, ExecutableIntent},
     payload::{DefusePayload, ExtractDefusePayload, multi::MultiPayload},
 };
@@ -64,10 +64,6 @@ where
 
         self.inspector.on_deadline(deadline);
 
-        if ExpirableNonce::maybe_from(nonce).is_some_and(|n| deadline > n.deadline) {
-            return Err(DefuseError::DeadlineGreaterThanNonce);
-        }
-
         // make sure message is still valid
         if deadline.has_expired() {
             return Err(DefuseError::DeadlineExpired);
@@ -79,6 +75,7 @@ where
         }
 
         // commit nonce
+        self.verify_intent_nonce(nonce, deadline)?;
         self.state.commit_nonce(signer_id.clone(), nonce)?;
 
         intents.execute_intent(&signer_id, self, hash)?;
@@ -87,6 +84,32 @@ where
         Ok(())
     }
 
+    #[inline]
+    fn verify_intent_nonce(&self, nonce: Nonce, intent_deadline: Deadline) -> Result<()> {
+        match VersionedNonce::from(nonce) {
+            // NOTE: it is allowed to commit legacy nonces in this version
+            VersionedNonce::Legacy(_) => {}
+            VersionedNonce::V1(SaltedNonce {
+                salt,
+                nonce: ExpirableNonce { deadline, .. },
+            }) => {
+                if !self.state.is_valid_salt(salt) {
+                    return Err(DefuseError::InvalidSalt);
+                }
+
+                if intent_deadline > deadline {
+                    return Err(DefuseError::DeadlineGreaterThanNonce);
+                }
+
+                if deadline.has_expired() {
+                    return Err(DefuseError::NonceExpired);
+                }
+            }
+        }
+
+        Ok(())
+    }
+
     #[inline]
     fn finalize(self) -> Result<Transfers> {
         self.state

core/src/engine/state/cached.rs

@@ -1,5 +1,5 @@
 use crate::{
-    DefuseError, Nonce, Nonces, Result,
+    DefuseError, Nonce, Nonces, Result, Salt,
     amounts::Amounts,
     fees::Pips,
     intents::{
@@ -119,6 +119,10 @@ where
             .is_some_and(|a| a.auth_by_predecessor_id_toggled);
         was_enabled ^ toggled
     }
+
+    fn is_valid_salt(&self, salt: Salt) -> bool {
+        self.view.is_valid_salt(salt)
+    }
 }
 
 impl<W> State for CachedState<W>
@@ -175,20 +179,14 @@ where
             .commit_nonce(nonce)
     }
 
-    fn cleanup_expired_nonces(
-        &mut self,
-        account_id: &AccountId,
-        nonces: impl IntoIterator<Item = Nonce>,
-    ) -> Result<()> {
+    fn cleanup_nonce(&mut self, account_id: &AccountId, nonce: Nonce) -> Result<()> {
         let account = self
             .accounts
             .get_mut(account_id)
             .ok_or_else(|| DefuseError::AccountNotFound(account_id.clone()))?
             .as_inner_unchecked_mut();
 
-        for n in nonces {
-            account.clear_expired_nonce(n);
-        }
+        account.cleanup_nonce(nonce);
 
         Ok(())
     }
@@ -417,7 +415,7 @@ impl CachedAccount {
     }
 
     #[inline]
-    pub fn clear_expired_nonce(&mut self, n: U256) -> bool {
-        self.nonces.clear_expired(n)
+    pub fn cleanup_nonce(&mut self, n: U256) -> bool {
+        self.nonces.cleanup(n)
     }
 }

core/src/engine/state/deltas.rs

@@ -1,5 +1,5 @@
 use crate::{
-    DefuseError, Nonce, Result,
+    DefuseError, Nonce, Result, Salt,
     amounts::Amounts,
     fees::Pips,
     intents::{
@@ -96,6 +96,11 @@ where
     fn is_auth_by_predecessor_id_enabled(&self, account_id: &AccountIdRef) -> bool {
         self.state.is_auth_by_predecessor_id_enabled(account_id)
     }
+
+    #[inline]
+    fn is_valid_salt(&self, salt: Salt) -> bool {
+        self.state.is_valid_salt(salt)
+    }
 }
 
 impl<S> State for Deltas<S>
@@ -118,12 +123,8 @@ where
     }
 
     #[inline]
-    fn cleanup_expired_nonces(
-        &mut self,
-        account_id: &AccountId,
-        nonces: impl IntoIterator<Item = Nonce>,
-    ) -> Result<()> {
-        self.state.cleanup_expired_nonces(account_id, nonces)
+    fn cleanup_nonce(&mut self, account_id: &AccountId, nonce: Nonce) -> Result<()> {
+        self.state.cleanup_nonce(account_id, nonce)
     }
 
     fn internal_add_balance(

core/src/engine/state/mod.rs

@@ -2,7 +2,7 @@ pub mod cached;
 pub mod deltas;
 
 use crate::{
-    Nonce, Result,
+    Nonce, Result, Salt,
     fees::Pips,
     intents::{
         auth::AuthCall,
@@ -42,6 +42,9 @@ pub trait StateView {
     /// Returns whether authentication by `PREDECESSOR_ID` is enabled.
     fn is_auth_by_predecessor_id_enabled(&self, account_id: &AccountIdRef) -> bool;
 
+    /// Returns whether salt in nonce is valid
+    fn is_valid_salt(&self, salt: Salt) -> bool;
+
     #[inline]
     fn cached(self) -> CachedState<Self>
     where
@@ -59,11 +62,7 @@ pub trait State: StateView {
 
     fn commit_nonce(&mut self, account_id: AccountId, nonce: Nonce) -> Result<()>;
 
-    fn cleanup_expired_nonces(
-        &mut self,
-        account_id: &AccountId,
-        nonces: impl IntoIterator<Item = Nonce>,
-    ) -> Result<()>;
+    fn cleanup_nonce(&mut self, account_id: &AccountId, nonce: Nonce) -> Result<()>;
 
     fn internal_add_balance(
         &mut self,

core/src/error.rs

@@ -55,6 +55,9 @@ pub enum DefuseError {
     #[error("nonce was already expired")]
     NonceExpired,
 
+    #[error("invalid nonce")]
+    InvalidNonce,
+
     #[error("public key '{1}' already exists for account '{0}'")]
     PublicKeyExists(AccountId, PublicKey),
 
@@ -66,4 +69,7 @@ pub enum DefuseError {
 
     #[error("wrong verifying_contract")]
     WrongVerifyingContract,
+
+    #[error("invalid salt")]
+    InvalidSalt,
 }

core/src/events.rs

@@ -4,7 +4,7 @@ use derive_more::derive::From;
 use near_sdk::{near, serde::Deserialize};
 
 use crate::{
-    accounts::{AccountEvent, NonceEvent, PublicKeyEvent},
+    accounts::{AccountEvent, InvalidateSaltEvent, NonceEvent, PublicKeyEvent, RotateSaltEvent},
     fees::{FeeChangedEvent, FeeCollectorChangedEvent},
     intents::{
         IntentEvent,
@@ -63,6 +63,12 @@ pub enum DefuseEvent<'a> {
 
     #[event_version("0.3.0")]
     SetAuthByPredecessorId(AccountEvent<'a, SetAuthByPredecessorId>),
+
+    #[event_version("0.4.0")]
+    RotateSalt(RotateSaltEvent),
+
+    #[event_version("0.4.0")]
+    InvalidateSalt(InvalidateSaltEvent),
 }
 
 pub trait DefuseIntentEmit<'a>: Into<DefuseEvent<'a>> {