mirror of
https://github.com/sigp/lighthouse.git
synced 2026-07-05 05:44:30 +00:00
* types: first updates for v0.8 * state_processing: epoch processing v0.8.0 * state_processing: block processing v0.8.0 * tree_hash_derive: support generics in SignedRoot * types v0.8: update to use ssz_types * state_processing v0.8: use ssz_types * ssz_types: add bitwise methods and from_elem * types: fix v0.8 FIXMEs * ssz_types: add bitfield shift_up * ssz_types: iterators and DerefMut for VariableList * types,state_processing: use VariableList * ssz_types: fix BitVector Decode impl Fixed a typo in the implementation of ssz::Decode for BitVector, which caused it to be considered variable length! * types: fix test modules for v0.8 update * types: remove slow type-level arithmetic * state_processing: fix tests for v0.8 * op_pool: update for v0.8 * ssz_types: Bitfield difference length-independent Allow computing the difference of two bitfields of different lengths. * Implement compact committee support * epoch_processing: committee & active index roots * state_processing: genesis state builder v0.8 * state_processing: implement v0.8.1 * Further improve tree_hash * Strip examples, tests from cached_tree_hash * Update TreeHash, un-impl CachedTreeHash * Update bitfield TreeHash, un-impl CachedTreeHash * Update FixedLenVec TreeHash, unimpl CachedTreeHash * Update update tree_hash_derive for new TreeHash * Fix TreeHash, un-impl CachedTreeHash for ssz_types * Remove fixed_len_vec, ssz benches SSZ benches relied upon fixed_len_vec -- it is easier to just delete them and rebuild them later (when necessary) * Remove boolean_bitfield crate * Fix fake_crypto BLS compile errors * Update ef_tests for new v.8 type params * Update ef_tests submodule to v0.8.1 tag * Make fixes to support parsing ssz ef_tests * `compact_committee...` to `compact_committees...` * Derive more traits for `CompactCommittee` * Flip bitfield byte-endianness * Fix tree_hash for bitfields * Modify CLI output for ef_tests * Bump ssz crate version * Update ssz_types doc comment * Del cached tree hash tests from ssz_static tests * Tidy SSZ dependencies * Rename ssz_types crate to eth2_ssz_types * validator_client: update for v0.8 * ssz_types: update union/difference for bit order swap * beacon_node: update for v0.8, EthSpec * types: disable cached tree hash, update min spec * state_processing: fix slot bug in committee update * tests: temporarily disable fork choice harness test See #447 * committee cache: prevent out-of-bounds access In the case where we tried to access the committee of a shard that didn't have a committee in the current epoch, we were accessing elements beyond the end of the shuffling vector and panicking! This commit adds a check to make the failure safe and explicit. * fix bug in get_indexed_attestation and simplify There was a bug in our implementation of get_indexed_attestation whereby incorrect "committee indices" were used to index into the custody bitfield. The bug was only observable in the case where some bits of the custody bitfield were set to 1. The implementation has been simplified to remove the bug, and a test added. * state_proc: workaround for compact committees bug https://github.com/ethereum/eth2.0-specs/issues/1315 * v0.8: updates to make the EF tests pass * Remove redundant max operation checks. * Always supply both messages when checking attestation signatures -- allowing verification of an attestation with no signatures. * Swap the order of the fork and domain constant in `get_domain`, to match the spec. * rustfmt * ef_tests: add new epoch processing tests * Integrate v0.8 into master (compiles) * Remove unused crates, fix clippy lints * Replace v0.6.3 tags w/ v0.8.1 * Remove old comment * Ensure lmd ghost tests only run in release * Update readme
206 lines
7.1 KiB
Rust
206 lines
7.1 KiB
Rust
use super::errors::{TransferInvalid as Invalid, TransferValidationError as Error};
|
|
use bls::get_withdrawal_credentials;
|
|
use tree_hash::SignedRoot;
|
|
use types::*;
|
|
|
|
/// Indicates if a `Transfer` is valid to be included in a block in the current epoch of the given
|
|
/// state.
|
|
///
|
|
/// Returns `Ok(())` if the `Transfer` is valid, otherwise indicates the reason for invalidity.
|
|
///
|
|
/// Spec v0.8.0
|
|
pub fn verify_transfer<T: EthSpec>(
|
|
state: &BeaconState<T>,
|
|
transfer: &Transfer,
|
|
spec: &ChainSpec,
|
|
) -> Result<(), Error> {
|
|
verify_transfer_parametric(state, transfer, spec, false)
|
|
}
|
|
|
|
/// Like `verify_transfer` but doesn't run checks which may become true in future states.
|
|
///
|
|
/// Spec v0.8.0
|
|
pub fn verify_transfer_time_independent_only<T: EthSpec>(
|
|
state: &BeaconState<T>,
|
|
transfer: &Transfer,
|
|
spec: &ChainSpec,
|
|
) -> Result<(), Error> {
|
|
verify_transfer_parametric(state, transfer, spec, true)
|
|
}
|
|
|
|
/// Parametric version of `verify_transfer` that allows some checks to be skipped.
|
|
///
|
|
/// When `time_independent_only == true`, time-specific parameters are ignored, including:
|
|
///
|
|
/// - Balance considerations (e.g., adequate balance, not dust, etc).
|
|
/// - `transfer.slot` does not have to exactly match `state.slot`, it just needs to be in the
|
|
/// present or future.
|
|
/// - Validator transfer eligibility (e.g., is withdrawable)
|
|
///
|
|
/// Spec v0.8.0
|
|
fn verify_transfer_parametric<T: EthSpec>(
|
|
state: &BeaconState<T>,
|
|
transfer: &Transfer,
|
|
spec: &ChainSpec,
|
|
time_independent_only: bool,
|
|
) -> Result<(), Error> {
|
|
let sender_balance = *state
|
|
.balances
|
|
.get(transfer.sender as usize)
|
|
.ok_or_else(|| Error::Invalid(Invalid::FromValidatorUnknown(transfer.sender)))?;
|
|
|
|
let recipient_balance = *state
|
|
.balances
|
|
.get(transfer.recipient as usize)
|
|
.ok_or_else(|| Error::Invalid(Invalid::FromValidatorUnknown(transfer.recipient)))?;
|
|
|
|
// Safely determine `amount + fee`.
|
|
let total_amount = transfer
|
|
.amount
|
|
.checked_add(transfer.fee)
|
|
.ok_or_else(|| Error::Invalid(Invalid::FeeOverflow(transfer.amount, transfer.fee)))?;
|
|
|
|
// Verify the sender has adequate balance.
|
|
verify!(
|
|
time_independent_only || sender_balance >= total_amount,
|
|
Invalid::FromBalanceInsufficient(total_amount, sender_balance)
|
|
);
|
|
|
|
// Verify sender balance will not be "dust" (i.e., greater than zero but less than the minimum deposit
|
|
// amount).
|
|
verify!(
|
|
time_independent_only
|
|
|| (sender_balance == total_amount)
|
|
|| (sender_balance >= (total_amount + spec.min_deposit_amount)),
|
|
Invalid::SenderDust(sender_balance - total_amount, spec.min_deposit_amount)
|
|
);
|
|
|
|
// Verify the recipient balance will not be dust.
|
|
verify!(
|
|
time_independent_only || ((recipient_balance + transfer.amount) >= spec.min_deposit_amount),
|
|
Invalid::RecipientDust(sender_balance - total_amount, spec.min_deposit_amount)
|
|
);
|
|
|
|
// If loosely enforcing `transfer.slot`, ensure the slot is not in the past. Otherwise, ensure
|
|
// the transfer slot equals the state slot.
|
|
if time_independent_only {
|
|
verify!(
|
|
state.slot <= transfer.slot,
|
|
Invalid::TransferSlotInPast(state.slot, transfer.slot)
|
|
);
|
|
} else {
|
|
verify!(
|
|
state.slot == transfer.slot,
|
|
Invalid::StateSlotMismatch(state.slot, transfer.slot)
|
|
);
|
|
}
|
|
|
|
// Load the sender `Validator` record from the state.
|
|
let sender_validator = state
|
|
.validators
|
|
.get(transfer.sender as usize)
|
|
.ok_or_else(|| Error::Invalid(Invalid::FromValidatorUnknown(transfer.sender)))?;
|
|
|
|
// Ensure one of the following is met:
|
|
//
|
|
// - Time dependent checks are being ignored.
|
|
// - The sender has never been eligible for activation.
|
|
// - The sender is withdrawable at the state's epoch.
|
|
// - The transfer will not reduce the sender below the max effective balance.
|
|
verify!(
|
|
time_independent_only
|
|
|| sender_validator.activation_eligibility_epoch == spec.far_future_epoch
|
|
|| sender_validator.is_withdrawable_at(state.current_epoch())
|
|
|| total_amount + spec.max_effective_balance <= sender_balance,
|
|
Invalid::FromValidatorIneligibleForTransfer(transfer.sender)
|
|
);
|
|
|
|
// Ensure the withdrawal credentials generated from the sender's pubkey match those stored in
|
|
// the validator registry.
|
|
//
|
|
// This ensures the validator can only perform a transfer when they are in control of the
|
|
// withdrawal address.
|
|
let transfer_withdrawal_credentials = Hash256::from_slice(
|
|
&get_withdrawal_credentials(&transfer.pubkey, spec.bls_withdrawal_prefix_byte)[..],
|
|
);
|
|
verify!(
|
|
sender_validator.withdrawal_credentials == transfer_withdrawal_credentials,
|
|
Invalid::WithdrawalCredentialsMismatch(
|
|
sender_validator.withdrawal_credentials,
|
|
transfer_withdrawal_credentials
|
|
)
|
|
);
|
|
|
|
// Verify the transfer signature.
|
|
let message = transfer.signed_root();
|
|
let domain = spec.get_domain(
|
|
transfer.slot.epoch(T::slots_per_epoch()),
|
|
Domain::Transfer,
|
|
&state.fork,
|
|
);
|
|
verify!(
|
|
transfer
|
|
.signature
|
|
.verify(&message[..], domain, &transfer.pubkey),
|
|
Invalid::BadSignature
|
|
);
|
|
|
|
Ok(())
|
|
}
|
|
|
|
/// Executes a transfer on the state.
|
|
///
|
|
/// Does not check that the transfer is valid, however checks for overflow in all actions.
|
|
///
|
|
/// Spec v0.8.0
|
|
pub fn execute_transfer<T: EthSpec>(
|
|
state: &mut BeaconState<T>,
|
|
transfer: &Transfer,
|
|
spec: &ChainSpec,
|
|
) -> Result<(), Error> {
|
|
let sender_balance = *state
|
|
.balances
|
|
.get(transfer.sender as usize)
|
|
.ok_or_else(|| Error::Invalid(Invalid::FromValidatorUnknown(transfer.sender)))?;
|
|
let recipient_balance = *state
|
|
.balances
|
|
.get(transfer.recipient as usize)
|
|
.ok_or_else(|| Error::Invalid(Invalid::ToValidatorUnknown(transfer.recipient)))?;
|
|
|
|
let proposer_index =
|
|
state.get_beacon_proposer_index(state.slot, RelativeEpoch::Current, spec)?;
|
|
let proposer_balance = state.balances[proposer_index];
|
|
|
|
let total_amount = transfer
|
|
.amount
|
|
.checked_add(transfer.fee)
|
|
.ok_or_else(|| Error::Invalid(Invalid::FeeOverflow(transfer.amount, transfer.fee)))?;
|
|
|
|
state.balances[transfer.sender as usize] =
|
|
sender_balance.checked_sub(total_amount).ok_or_else(|| {
|
|
Error::Invalid(Invalid::FromBalanceInsufficient(
|
|
total_amount,
|
|
sender_balance,
|
|
))
|
|
})?;
|
|
|
|
state.balances[transfer.recipient as usize] = recipient_balance
|
|
.checked_add(transfer.amount)
|
|
.ok_or_else(|| {
|
|
Error::Invalid(Invalid::ToBalanceOverflow(
|
|
recipient_balance,
|
|
transfer.amount,
|
|
))
|
|
})?;
|
|
|
|
state.balances[proposer_index] =
|
|
proposer_balance.checked_add(transfer.fee).ok_or_else(|| {
|
|
Error::Invalid(Invalid::ProposerBalanceOverflow(
|
|
proposer_balance,
|
|
transfer.fee,
|
|
))
|
|
})?;
|
|
|
|
Ok(())
|
|
}
|