-
Notifications
You must be signed in to change notification settings - Fork 324
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[account] revert ConvertFreshAccountToZeroNonceType func #4163
Conversation
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #4163 +/- ##
==========================================
+ Coverage 75.38% 76.14% +0.76%
==========================================
Files 303 340 +37
Lines 25923 29171 +3248
==========================================
+ Hits 19541 22212 +2671
- Misses 5360 5851 +491
- Partials 1022 1108 +86 ☔ View full report in Codecov by Sentry. |
require.NoError(err) | ||
require.Equal(uint64(1), acct.PendingNonce()) | ||
require.Error(acct.SetPendingNonce(0)) | ||
require.Error(acct.SetPendingNonce(3)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
see above comment about SetPendingNonce(2)
// so we can convert it to zero-nonce account | ||
if st.accountType == 0 && st.nonce == 0 && nonce == 1 { | ||
st.accountType = 1 | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
calling SetPendingNonce(2)
will skip this conversion, and remain legacy account.
Do we want to allow this behavior? i.e., the legacy account could convert to zero-nonce type (by sending first tx nonce=0), or remain legacy (by sending first tx nonce=1)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the account isn't a fresh account if its pending nonce is set to 2. And the nonce of a fresh account will be guaranteed by checkNonceContinuity()
if st.accountType == 0 && st.nonce == 0 && nonce == 1 { | ||
st.accountType = 1 | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should be a hard-fork?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
pendingNonce = state.PendingNonceConsideringFreshAccount() | ||
} else { | ||
pendingNonce = state.PendingNonce() | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- consider the case, where the legacy address send a first tx with
tx.Nonce=2
here it returnspendingNonce = 0
- inside EVM code, it calls
SetNonce(GetNonce()+1)
so it callsSetNonce(1)
- then in our
SetNonce()
, it will hit
if !stateDB.useConfirmedNonce {
nonce--
}
nonce=0
, and finally calls SetPendingNonce(nonce+1)
--> SetPendingNonce(1)
4. SetPendingNonce(1)
will trigger the conversion, convert the address to zero-nonce type with s.nonce = 1
5. but the first tx of this address now has nonce=2
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For Step 1, the tx.nonce is 0 if state.PendingNonceConsideringFreshAccount()
is triggered in the EVM. I might ignore the case it's triggered when tx.nonce is 2. Could you give more details about how to reproduce?
For Step 5, What do you mean the address has nonce=2
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the above steps illustrate a possible attack, someone just sends a tx with tx.Nonce=2
, or a malicious delegate just run such a tx, when state.PendingNonceConsideringFreshAccount()
is triggered in the EVM, it is GetNonce() = 0
, it will pass SetNonce(1)
and trigger the conversion
in other words, the first tx of such address will always trigger the conversion, regardless of the tx itself has Nonce=2
or even Nonce=5
and this will be caught by checkNonceContinuity
, but it becomes a potential attack
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the problem has been settled in offline discussion.
pendingNonce = state.PendingNonceConsideringFreshAccount() | ||
} else { | ||
pendingNonce = state.PendingNonce() | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the problem has been settled in offline discussion.
@@ -117,6 +117,7 @@ type ( | |||
UseZeroNonceForFreshAccount bool | |||
SharedGasWithDapp bool | |||
DisableDelegateEndorsement bool | |||
RefactorFreshAccountConversion bool |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
default value (false) is the value after hard fork
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
so should use PendingNonceConsideringFreshAccount()
to get pending nonce of any account instead of PendingNonce()
from now on, right?
PendingNonce() can be removed in another pr after the activated height since it's used in API now |
Quality Gate failedFailed conditions |
Description
Please include a summary of the changes and the related issue. Please also include relevant motivation and context. List any dependencies that are required for this change.
Fixes #(issue)
Type of change
Please delete options that are not relevant.
How Has This Been Tested?
Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration
Test Configuration:
Checklist: