zecfoundation
/
zebra
mirror of https://github.com/ZcashFoundation/zebra.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
zebra/zebra-consensus/src/transaction/check.rs

197 lines
7.0 KiB
Rust
Raw Normal View History

consensus: fix bug in coinbase joinsplit/spend check This function caused spurious "WrongVersion" errors, because the match pattern in the first arm was non-exhaustive, but the fallthrough match arm was present and assumed it would only be reached if the version was incorrect. This commit cleans up the implemenation, splits out the error variants, and renames the check to be more precise. To avoid this kind of bug in the future, two guidelines are useful: 1. Avoid fallthrough cases that circumvent non-exhaustive match checks; 2. Avoid nested conditionals, preferring a "straight-line" sequence of match arm => result pairs rather than nested matches or matches with conditionals inside.
2020-11-19 19:06:10 -08:00
//! Transaction checks.
//!
//! Code in this file can freely assume that no pre-V4 transactions are present.
Reject a mempool transaction if it has internal spend conflicts (#2843) * Reorder imports to follow convention Place the imports from `std` at the top. * Add transaction errors for double spends Add a variant for each pool. They represent a double spend inside a transaction. * Add `check::spend_conflicts` implementation Checks if a transaction has spend conflicts, i.e., if a transaction spends a UTXO more than once or if it reveals a nullifier more than once. * Reject transactions with internal spend conflicts The transaction verifier should reject transactions that spend the same transparent UTXO or that reveal the same nullifier. * Add transparent spend consensus rule Add it to the documentation to help with understanding and auditing it. Co-authored-by: teor <teor@riseup.net> * Use different nullifiers by default Don't use the same nullifier twice when mocking a `sprout::JoinSplitData` because it will lead to an invalid transaction. * Test transactions with repeated spend outpoints Since that represents a spend conflict, they should be rejected. * Test duplicate nullifiers in joinsplit Check if a mock transaction with a joinsplit that reveals the same nullifier twice is rejected. * Test duplicate nullifiers across joinsplits Check if a duplicate nullifier in two different joinsplits in the same transaction is rejected. * Test V4 transaction with duplicate Sapling spend Check if a V4 transaction that has a duplicate Sapling spend is rejected. * Test V5 transaction with duplicate Sapling spend Check if a V5 transaction that has a duplicate Sapling spend is rejected. * Test V5 transaction with duplicate Orchard actions Check if a V5 transaction that has duplicate Orchard actions is rejected by the transaction verifier. Co-authored-by: teor <teor@riseup.net>
2021-10-27 19:49:28 -07:00
use std::{borrow::Cow, collections::HashSet, convert::TryFrom, hash::Hash};
consensus: add transaction::check module
2020-10-16 14:40:00 -07:00
use zebra_chain::{
ZIP-211: Validate Disabling Addition of New Value to the Sprout Value Pool (#2399) * add disabled sprout pool check * change method name * change error name * fix typo * make the success test case in other tx than the coinbase * use new `height` method instead of deriving `PartialOrd` in `NetworkUpgrade` * move check of network upgrade into function, rename, docs * increase test coverage * fix comment
2021-07-01 16:03:34 -07:00
amount::{Amount, NonNegative},
block::Height,
Update `transaction::check::coinbase_tx_no_joinsplit_or_spend` to validate V5 coinbase transactions with Orchard shielded data (#2236) * Add a `Transaction::orchard_shielded_data` getter Allows accessing the Orchard shielded data if it is present in the transaction, regardless of the transaction version. * Refactor `orchard_nullifiers` to use new getter Allows making the method more concise. * Add `CoinbaseHasEnableSpendsOrchard` error variant Used when the validation rule is not met. * Implement `enableSpendsOrchard` in coinbase check The flag must not be set for the coinbase transaction. * Refactor `Transaction::orchard_*` getters Use the fact that `Option<T>` implements `Iterator<T>` to simplify the code and remove the need for boxing the iterators. Co-authored-by: teor <teor@riseup.net>
2021-06-02 18:54:08 -07:00
orchard::Flags,
ZIP-211: Validate Disabling Addition of New Value to the Sprout Value Pool (#2399) * add disabled sprout pool check * change method name * change error name * fix typo * make the success test case in other tx than the coinbase * use new `height` method instead of deriving `PartialOrd` in `NetworkUpgrade` * move check of network upgrade into function, rename, docs * increase test coverage * fix comment
2021-07-01 16:03:34 -07:00
parameters::{Network, NetworkUpgrade},
Move the check in `transaction::check::sapling_balances_match` to `V4` deserialization (#2234) * Implement `PartialEq<i64>` for `Amount` Allows to compare an `Amount` instance directly to an integer. * Add `SerializationError::BadTransactionBalance` Error variant representing deserialization of a transaction that doesn't conform to the Sapling consensus rule where the balance MUST be zero if there aren't any shielded spends and outputs. * Validate consensus rule when deserializing Return an error if the deserialized V4 transaction has a non-zero value balance but doesn't have any Sapling shielded spends nor outputs. * Add consensus rule link to field documentation Describe how the consensus rule is validated structurally by `ShieldedData`. * Clarify that `value_balance` is zero Make the description more concise and objective. Co-authored-by: Alfredo Garcia <oxarbitrage@gmail.com> * Update field documentation Include information about how the consensus rule is guaranteed during serialization. Co-authored-by: teor <teor@riseup.net> * Remove `check::sapling_balances_match` function The check is redundant because the respective consensus rule is validated structurally by `ShieldedData`. * Test deserialization of invalid V4 transaction A transaction with no Sapling shielded spends and no outputs but with a non-zero balance value should fail to deserialize. * Change least-significant byte of the value balance State how the byte index is calculated, and change the least significant-byte to be non-zero. Co-authored-by: teor <teor@riseup.net>
2021-06-03 15:53:00 -07:00
sapling::{Output, PerSpendAnchor, Spend},
Refactor Sapling data and use it in V4 (#1946) * start refactoring transaction v4 for transaction v5 - move ShieldedData to sapling - add AnchorVariant - rename shielded_data to sapling_shielded data in V4 - move value_balance into ShieldedData - update prop tests for new structure * add AnchorVariant to Spend - make anchor types available from sapling crate - update serialize * change shielded_balances_match() arguments * change variable name anchor to shared_anchor in ShieldedData * fix empty value balance serialization * use AnchorV in shielded spends * Rename anchor to per_spend_anchor * Use nullifiers function directly in non-finalized state * Use self.value_balance instead of passing it as an argument * Add missing fields to ShieldedData PartialEq * Derive Copy for tag types * Add doc comments for ShieldedData refactor * Implement a per-spend anchor compatibility iterator Co-authored-by: teor <teor@riseup.net>
2021-03-31 14:34:25 -07:00
transaction::Transaction,
consensus: add transaction::check module
2020-10-16 14:40:00 -07:00
};
Dedupe VerifyTransactionError into TransactionError
2020-10-26 23:42:27 -07:00
use crate::error::TransactionError;
consensus: add transaction::check module
2020-10-16 14:40:00 -07:00
consensus: fix bug in tx input/output presence check Making this check's match statement exhaustive revealed a bug similar to the previous commit. The logic in the spec is written in terms of numbers, but our data is internally represented in terms of enums (ADTs). This kind of cross-representation rule translation is a bug surface, which we can avoid by converting to counts and summing up. (We should use one style at a time).
2020-11-19 19:13:52 -08:00
/// Checks that the transaction has inputs and outputs.
///
Add V5 transparent and sapling to transaction::check, add missing coinbase PrevOut check (#2070) * validate sapling v5 tx * Make itertools dependency optional We only need itertools when the `proptest-impl` feature is enabled. * Check if V4 and V5 coinbase transactions contain PrevOut transparent inputs This is a bugfix on V4 transaction validation. The PrevOut consensus rule was not explicitly stated in the Zcash spec until April 2021. (But it was implied by Bitcoin, and partially implemented by Zebra.) Also do the shielded sapling input check for V5 transactions. * Add spec and orchard TODOs to has_inputs_and_outputs Also make the variable names match the spec. * Sort transaction functions to match v5 data order * Simplify transaction input and output checks Move counts or iterators into `Transaction` methods, so we can remove duplicate code, and make the consensus rule logic clearer. * Update sapling_balances_match for Transaction v5 - Quote from the spec - Explain why the function is redunant for v5 - Rename the function so it's clear that it is sapling-specific Co-authored-by: teor <teor@riseup.net>
2021-04-27 17:43:00 -07:00
/// For `Transaction::V4`:
Update `has_inputs_and_outputs()` for new consensus rules (#2398) * update the has_inputs_and_outputs() to new rules * apply clippy suggestions * add some TODOs
2021-06-28 15:28:49 -07:00
/// * At least one of `tx_in_count`, `nSpendsSapling`, and `nJoinSplit` MUST be non-zero.
/// * At least one of `tx_out_count`, `nOutputsSapling`, and `nJoinSplit` MUST be non-zero.
consensus: fix bug in tx input/output presence check Making this check's match statement exhaustive revealed a bug similar to the previous commit. The logic in the spec is written in terms of numbers, but our data is internally represented in terms of enums (ADTs). This kind of cross-representation rule translation is a bug surface, which we can avoid by converting to counts and summing up. (We should use one style at a time).
2020-11-19 19:13:52 -08:00
///
Add V5 transparent and sapling to transaction::check, add missing coinbase PrevOut check (#2070) * validate sapling v5 tx * Make itertools dependency optional We only need itertools when the `proptest-impl` feature is enabled. * Check if V4 and V5 coinbase transactions contain PrevOut transparent inputs This is a bugfix on V4 transaction validation. The PrevOut consensus rule was not explicitly stated in the Zcash spec until April 2021. (But it was implied by Bitcoin, and partially implemented by Zebra.) Also do the shielded sapling input check for V5 transactions. * Add spec and orchard TODOs to has_inputs_and_outputs Also make the variable names match the spec. * Sort transaction functions to match v5 data order * Simplify transaction input and output checks Move counts or iterators into `Transaction` methods, so we can remove duplicate code, and make the consensus rule logic clearer. * Update sapling_balances_match for Transaction v5 - Quote from the spec - Explain why the function is redunant for v5 - Rename the function so it's clear that it is sapling-specific Co-authored-by: teor <teor@riseup.net>
2021-04-27 17:43:00 -07:00
/// For `Transaction::V5`:
Update `has_inputs_and_outputs()` for new consensus rules (#2398) * update the has_inputs_and_outputs() to new rules * apply clippy suggestions * add some TODOs
2021-06-28 15:28:49 -07:00
/// * This condition must hold: `tx_in_count` > 0 or `nSpendsSapling` > 0 or
/// (`nActionsOrchard` > 0 and `enableSpendsOrchard` = 1)
/// * This condition must hold: `tx_out_count` > 0 or `nOutputsSapling` > 0 or
/// (`nActionsOrchard` > 0 and `enableOutputsOrchard` = 1)
Add V5 transparent and sapling to transaction::check, add missing coinbase PrevOut check (#2070) * validate sapling v5 tx * Make itertools dependency optional We only need itertools when the `proptest-impl` feature is enabled. * Check if V4 and V5 coinbase transactions contain PrevOut transparent inputs This is a bugfix on V4 transaction validation. The PrevOut consensus rule was not explicitly stated in the Zcash spec until April 2021. (But it was implied by Bitcoin, and partially implemented by Zebra.) Also do the shielded sapling input check for V5 transactions. * Add spec and orchard TODOs to has_inputs_and_outputs Also make the variable names match the spec. * Sort transaction functions to match v5 data order * Simplify transaction input and output checks Move counts or iterators into `Transaction` methods, so we can remove duplicate code, and make the consensus rule logic clearer. * Update sapling_balances_match for Transaction v5 - Quote from the spec - Explain why the function is redunant for v5 - Rename the function so it's clear that it is sapling-specific Co-authored-by: teor <teor@riseup.net>
2021-04-27 17:43:00 -07:00
///
/// This check counts both `Coinbase` and `PrevOut` transparent inputs.
consensus: add transaction::check module
2020-10-16 14:40:00 -07:00
///
replace canopy.pdf with protocol.pdf
2021-03-02 11:35:13 -08:00
/// https://zips.z.cash/protocol/protocol.pdf#txnencodingandconsensus
consensus: fix bug in tx input/output presence check Making this check's match statement exhaustive revealed a bug similar to the previous commit. The logic in the spec is written in terms of numbers, but our data is internally represented in terms of enums (ADTs). This kind of cross-representation rule translation is a bug surface, which we can avoid by converting to counts and summing up. (We should use one style at a time).
2020-11-19 19:13:52 -08:00
pub fn has_inputs_and_outputs(tx: &Transaction) -> Result<(), TransactionError> {
Validate spends of transparent coinbase outputs (#2525) * Validate transparent coinbase output maturity and shielding - Add a CoinbaseSpendRestriction enum and Transaction method - Validate transparent coinbase spends in non-finalized chains * Don't use genesis created UTXOs for spends in generated block chains * Refactor out a new_transaction_ordered_outputs function * Add Transaction::outputs_mut for tests * Generate valid transparent spends in arbitrary block chains * When generating blocks, fixup the block contents, then the block hash * Test that generated chains contain at least one transparent spend * Make generated chains long enough for reliable tests * Add transparent and shielded input and output methods to Transaction * Split chain generation into 3 functions * Test that unshielded and immature transparent coinbase spends fail * Comment punctuation * Clarify a comment * Clarify probability calculation * Test that shielded mature coinbase output spends succeed
2021-07-28 21:23:50 -07:00
if !tx.has_transparent_or_shielded_inputs() {
Add V5 transparent and sapling to transaction::check, add missing coinbase PrevOut check (#2070) * validate sapling v5 tx * Make itertools dependency optional We only need itertools when the `proptest-impl` feature is enabled. * Check if V4 and V5 coinbase transactions contain PrevOut transparent inputs This is a bugfix on V4 transaction validation. The PrevOut consensus rule was not explicitly stated in the Zcash spec until April 2021. (But it was implied by Bitcoin, and partially implemented by Zebra.) Also do the shielded sapling input check for V5 transactions. * Add spec and orchard TODOs to has_inputs_and_outputs Also make the variable names match the spec. * Sort transaction functions to match v5 data order * Simplify transaction input and output checks Move counts or iterators into `Transaction` methods, so we can remove duplicate code, and make the consensus rule logic clearer. * Update sapling_balances_match for Transaction v5 - Quote from the spec - Explain why the function is redunant for v5 - Rename the function so it's clear that it is sapling-specific Co-authored-by: teor <teor@riseup.net>
2021-04-27 17:43:00 -07:00
Err(TransactionError::NoInputs)
Validate spends of transparent coinbase outputs (#2525) * Validate transparent coinbase output maturity and shielding - Add a CoinbaseSpendRestriction enum and Transaction method - Validate transparent coinbase spends in non-finalized chains * Don't use genesis created UTXOs for spends in generated block chains * Refactor out a new_transaction_ordered_outputs function * Add Transaction::outputs_mut for tests * Generate valid transparent spends in arbitrary block chains * When generating blocks, fixup the block contents, then the block hash * Test that generated chains contain at least one transparent spend * Make generated chains long enough for reliable tests * Add transparent and shielded input and output methods to Transaction * Split chain generation into 3 functions * Test that unshielded and immature transparent coinbase spends fail * Comment punctuation * Clarify a comment * Clarify probability calculation * Test that shielded mature coinbase output spends succeed
2021-07-28 21:23:50 -07:00
} else if !tx.has_transparent_or_shielded_outputs() {
Add V5 transparent and sapling to transaction::check, add missing coinbase PrevOut check (#2070) * validate sapling v5 tx * Make itertools dependency optional We only need itertools when the `proptest-impl` feature is enabled. * Check if V4 and V5 coinbase transactions contain PrevOut transparent inputs This is a bugfix on V4 transaction validation. The PrevOut consensus rule was not explicitly stated in the Zcash spec until April 2021. (But it was implied by Bitcoin, and partially implemented by Zebra.) Also do the shielded sapling input check for V5 transactions. * Add spec and orchard TODOs to has_inputs_and_outputs Also make the variable names match the spec. * Sort transaction functions to match v5 data order * Simplify transaction input and output checks Move counts or iterators into `Transaction` methods, so we can remove duplicate code, and make the consensus rule logic clearer. * Update sapling_balances_match for Transaction v5 - Quote from the spec - Explain why the function is redunant for v5 - Rename the function so it's clear that it is sapling-specific Co-authored-by: teor <teor@riseup.net>
2021-04-27 17:43:00 -07:00
Err(TransactionError::NoOutputs)
} else {
Ok(())
consensus: add transaction::check module
2020-10-16 14:40:00 -07:00
}
}
Add V5 transparent and sapling to transaction::check, add missing coinbase PrevOut check (#2070) * validate sapling v5 tx * Make itertools dependency optional We only need itertools when the `proptest-impl` feature is enabled. * Check if V4 and V5 coinbase transactions contain PrevOut transparent inputs This is a bugfix on V4 transaction validation. The PrevOut consensus rule was not explicitly stated in the Zcash spec until April 2021. (But it was implied by Bitcoin, and partially implemented by Zebra.) Also do the shielded sapling input check for V5 transactions. * Add spec and orchard TODOs to has_inputs_and_outputs Also make the variable names match the spec. * Sort transaction functions to match v5 data order * Simplify transaction input and output checks Move counts or iterators into `Transaction` methods, so we can remove duplicate code, and make the consensus rule logic clearer. * Update sapling_balances_match for Transaction v5 - Quote from the spec - Explain why the function is redunant for v5 - Rename the function so it's clear that it is sapling-specific Co-authored-by: teor <teor@riseup.net>
2021-04-27 17:43:00 -07:00
/// Check that a coinbase transaction has no PrevOut inputs, JoinSplits, or spends.
///
/// A coinbase transaction MUST NOT have any transparent inputs, JoinSplit descriptions,
/// or Spend descriptions.
///
/// In a version 5 coinbase transaction, the enableSpendsOrchard flag MUST be 0.
///
/// This check only counts `PrevOut` transparent inputs.
Add coinbase shielded descriptions check
2020-10-13 23:10:18 -07:00
///
replace canopy.pdf with protocol.pdf
2021-03-02 11:35:13 -08:00
/// https://zips.z.cash/protocol/protocol.pdf#txnencodingandconsensus
Add V5 transparent and sapling to transaction::check, add missing coinbase PrevOut check (#2070) * validate sapling v5 tx * Make itertools dependency optional We only need itertools when the `proptest-impl` feature is enabled. * Check if V4 and V5 coinbase transactions contain PrevOut transparent inputs This is a bugfix on V4 transaction validation. The PrevOut consensus rule was not explicitly stated in the Zcash spec until April 2021. (But it was implied by Bitcoin, and partially implemented by Zebra.) Also do the shielded sapling input check for V5 transactions. * Add spec and orchard TODOs to has_inputs_and_outputs Also make the variable names match the spec. * Sort transaction functions to match v5 data order * Simplify transaction input and output checks Move counts or iterators into `Transaction` methods, so we can remove duplicate code, and make the consensus rule logic clearer. * Update sapling_balances_match for Transaction v5 - Quote from the spec - Explain why the function is redunant for v5 - Rename the function so it's clear that it is sapling-specific Co-authored-by: teor <teor@riseup.net>
2021-04-27 17:43:00 -07:00
pub fn coinbase_tx_no_prevout_joinsplit_spend(tx: &Transaction) -> Result<(), TransactionError> {
Add transaction downloader and verifier (#2679) * Add transaction downloader * Changed mempool downloader to be like inbound * Verifier working (logs result) * Apply suggestions from code review Co-authored-by: teor <teor@riseup.net> * Apply suggestions from code review Co-authored-by: teor <teor@riseup.net> * Fix coinbase check for mempool, improve is_coinbase() docs * Change other downloads.rs docs to reflect the mempool downloads.rs changes * Change TIMEOUTs to downloads.rs; add docs * Renamed is_coinbase() to has_valid_coinbase_transaction_inputs() and contains_coinbase_input() to has_any_coinbase_inputs(); reorder checks * Validate network upgrade for V4 transactions; check before computing sighash (for V5 too) * Add block_ prefix to downloads and verifier * Update zebra-consensus/src/transaction.rs Co-authored-by: teor <teor@riseup.net> * Add consensus doc; add more Block prefixes Co-authored-by: teor <teor@riseup.net>
2021-09-01 17:06:20 -07:00
if tx.has_valid_coinbase_transaction_inputs() {
Add V5 transparent and sapling to transaction::check, add missing coinbase PrevOut check (#2070) * validate sapling v5 tx * Make itertools dependency optional We only need itertools when the `proptest-impl` feature is enabled. * Check if V4 and V5 coinbase transactions contain PrevOut transparent inputs This is a bugfix on V4 transaction validation. The PrevOut consensus rule was not explicitly stated in the Zcash spec until April 2021. (But it was implied by Bitcoin, and partially implemented by Zebra.) Also do the shielded sapling input check for V5 transactions. * Add spec and orchard TODOs to has_inputs_and_outputs Also make the variable names match the spec. * Sort transaction functions to match v5 data order * Simplify transaction input and output checks Move counts or iterators into `Transaction` methods, so we can remove duplicate code, and make the consensus rule logic clearer. * Update sapling_balances_match for Transaction v5 - Quote from the spec - Explain why the function is redunant for v5 - Rename the function so it's clear that it is sapling-specific Co-authored-by: teor <teor@riseup.net>
2021-04-27 17:43:00 -07:00
if tx.contains_prevout_input() {
return Err(TransactionError::CoinbaseHasPrevOutInput);
} else if tx.joinsplit_count() > 0 {
return Err(TransactionError::CoinbaseHasJoinSplit);
} else if tx.sapling_spends_per_anchor().count() > 0 {
return Err(TransactionError::CoinbaseHasSpend);
Add coinbase shielded descriptions check
2020-10-13 23:10:18 -07:00
}
Add V5 transparent and sapling to transaction::check, add missing coinbase PrevOut check (#2070) * validate sapling v5 tx * Make itertools dependency optional We only need itertools when the `proptest-impl` feature is enabled. * Check if V4 and V5 coinbase transactions contain PrevOut transparent inputs This is a bugfix on V4 transaction validation. The PrevOut consensus rule was not explicitly stated in the Zcash spec until April 2021. (But it was implied by Bitcoin, and partially implemented by Zebra.) Also do the shielded sapling input check for V5 transactions. * Add spec and orchard TODOs to has_inputs_and_outputs Also make the variable names match the spec. * Sort transaction functions to match v5 data order * Simplify transaction input and output checks Move counts or iterators into `Transaction` methods, so we can remove duplicate code, and make the consensus rule logic clearer. * Update sapling_balances_match for Transaction v5 - Quote from the spec - Explain why the function is redunant for v5 - Rename the function so it's clear that it is sapling-specific Co-authored-by: teor <teor@riseup.net>
2021-04-27 17:43:00 -07:00
Update `transaction::check::coinbase_tx_no_joinsplit_or_spend` to validate V5 coinbase transactions with Orchard shielded data (#2236) * Add a `Transaction::orchard_shielded_data` getter Allows accessing the Orchard shielded data if it is present in the transaction, regardless of the transaction version. * Refactor `orchard_nullifiers` to use new getter Allows making the method more concise. * Add `CoinbaseHasEnableSpendsOrchard` error variant Used when the validation rule is not met. * Implement `enableSpendsOrchard` in coinbase check The flag must not be set for the coinbase transaction. * Refactor `Transaction::orchard_*` getters Use the fact that `Option<T>` implements `Iterator<T>` to simplify the code and remove the need for boxing the iterators. Co-authored-by: teor <teor@riseup.net>
2021-06-02 18:54:08 -07:00
if let Some(orchard_shielded_data) = tx.orchard_shielded_data() {
if orchard_shielded_data.flags.contains(Flags::ENABLE_SPENDS) {
return Err(TransactionError::CoinbaseHasEnableSpendsOrchard);
}
}
Add coinbase shielded descriptions check
2020-10-13 23:10:18 -07:00
}
Add V5 transparent and sapling to transaction::check, add missing coinbase PrevOut check (#2070) * validate sapling v5 tx * Make itertools dependency optional We only need itertools when the `proptest-impl` feature is enabled. * Check if V4 and V5 coinbase transactions contain PrevOut transparent inputs This is a bugfix on V4 transaction validation. The PrevOut consensus rule was not explicitly stated in the Zcash spec until April 2021. (But it was implied by Bitcoin, and partially implemented by Zebra.) Also do the shielded sapling input check for V5 transactions. * Add spec and orchard TODOs to has_inputs_and_outputs Also make the variable names match the spec. * Sort transaction functions to match v5 data order * Simplify transaction input and output checks Move counts or iterators into `Transaction` methods, so we can remove duplicate code, and make the consensus rule logic clearer. * Update sapling_balances_match for Transaction v5 - Quote from the spec - Explain why the function is redunant for v5 - Rename the function so it's clear that it is sapling-specific Co-authored-by: teor <teor@riseup.net>
2021-04-27 17:43:00 -07:00
Ok(())
Add coinbase shielded descriptions check
2020-10-13 23:10:18 -07:00
}
Merge pull request #1713 from ZcashFoundation/use-groth16-batch-math Use batch optimizations, load params in groth16::Verifier, verify Spend & Output descriptions in transaction verifier
2021-03-24 09:28:25 -07:00
/// Check that a Spend description's cv and rk are not of small order,
/// i.e. [h_J]cv MUST NOT be 𝒪_J and [h_J]rk MUST NOT be 𝒪_J.
///
/// https://zips.z.cash/protocol/protocol.pdf#spenddesc
Refactor Sapling data and use it in V4 (#1946) * start refactoring transaction v4 for transaction v5 - move ShieldedData to sapling - add AnchorVariant - rename shielded_data to sapling_shielded data in V4 - move value_balance into ShieldedData - update prop tests for new structure * add AnchorVariant to Spend - make anchor types available from sapling crate - update serialize * change shielded_balances_match() arguments * change variable name anchor to shared_anchor in ShieldedData * fix empty value balance serialization * use AnchorV in shielded spends * Rename anchor to per_spend_anchor * Use nullifiers function directly in non-finalized state * Use self.value_balance instead of passing it as an argument * Add missing fields to ShieldedData PartialEq * Derive Copy for tag types * Add doc comments for ShieldedData refactor * Implement a per-spend anchor compatibility iterator Co-authored-by: teor <teor@riseup.net>
2021-03-31 14:34:25 -07:00
pub fn spend_cv_rk_not_small_order(spend: &Spend<PerSpendAnchor>) -> Result<(), TransactionError> {
Merge pull request #1713 from ZcashFoundation/use-groth16-batch-math Use batch optimizations, load params in groth16::Verifier, verify Spend & Output descriptions in transaction verifier
2021-03-24 09:28:25 -07:00
if bool::from(spend.cv.0.is_small_order())
|| bool::from(
jubjub::AffinePoint::from_bytes(spend.rk.into())
.unwrap()
.is_small_order(),
)
{
Err(TransactionError::SmallOrder)
} else {
Ok(())
}
}
/// Check that a Output description's cv and epk are not of small order,
/// i.e. [h_J]cv MUST NOT be 𝒪_J and [h_J]epk MUST NOT be 𝒪_J.
///
/// https://zips.z.cash/protocol/protocol.pdf#outputdesc
pub fn output_cv_epk_not_small_order(output: &Output) -> Result<(), TransactionError> {
if bool::from(output.cv.0.is_small_order())
|| bool::from(
jubjub::AffinePoint::from_bytes(output.ephemeral_key.into())
.unwrap()
.is_small_order(),
)
{
Err(TransactionError::SmallOrder)
} else {
Ok(())
}
}
ZIP-211: Validate Disabling Addition of New Value to the Sprout Value Pool (#2399) * add disabled sprout pool check * change method name * change error name * fix typo * make the success test case in other tx than the coinbase * use new `height` method instead of deriving `PartialOrd` in `NetworkUpgrade` * move check of network upgrade into function, rename, docs * increase test coverage * fix comment
2021-07-01 16:03:34 -07:00
/// Check if a transaction is adding to the sprout pool after Canopy
/// network upgrade given a block height and a network.
///
/// https://zips.z.cash/zip-0211
/// https://zips.z.cash/protocol/protocol.pdf#joinsplitdesc
pub fn disabled_add_to_sprout_pool(
tx: &Transaction,
height: Height,
network: Network,
) -> Result<(), TransactionError> {
let canopy_activation_height = NetworkUpgrade::Canopy
.activation_height(network)
.expect("Canopy activation height must be present for both networks");
// [Canopy onward]: `vpub_old` MUST be zero.
// https://zips.z.cash/protocol/protocol.pdf#joinsplitdesc
if height >= canopy_activation_height {
let zero = Amount::<NonNegative>::try_from(0).expect("an amount of 0 is always valid");
Check remaining transaction value & make value balance signs match the spec (#2566) * Make Amount arithmetic more generic To modify generated amounts, we need some extra operations on `Amount`. We also need to extend existing operations to both `NonNegative` and `NegativeAllowed` amounts. * Add a constrain method for ValueBalance * Derive Eq for ValueBalance * impl Neg for ValueBalance * Make some Amount arithmetic expectations explicit * Explain why we use i128 for multiplication And expand the overflow error details. * Expand Amount::sum error details * Make amount::Error field order consistent * Rename an amount::Error variant to Constraint, so it's clearer * Add specific pool variants to ValueBalanceError * Update coinbase remaining value consensus rule comment This consensus rule was updated recently to include coinbase transactions, but Zebra doesn't check block subsidy or miner fees yet. * Add test methods for modifying transparent values and shielded value balances * Temporarily set values and value balances to zero in proptests In both generated chains and proptests that construct their own transactions. Using zero values reduces value calculation and value check test coverage. A future change will use non-zero values, and fix them so the check passes. * Add extra fields to remaining transaction value errors * Swap the transparent value balance sign to match shielded value balances This makes the signs of all the chain value pools consistent. * Use a NonNegative constraint for transparent values This fix: * makes the type signature match the consensus rules * avoids having to write code to handle negative values * Allocate total generated transaction input value to outputs If there isn't enough input value for an output, set it to zero. Temporarily reduce all generated values to avoid overflow. (We'll remove this workaround when we calculate chain value balances.) * Consistently use ValueBalanceError for ValueBalances * Make the value balance signs match the spec And rename and document methods so their signs are clearer. * Convert amount::Errors to specific pool ValueBalanceErrors * Move some error changes to the next PR * Add extra info to remaining transaction value errors (#2585) * Distinguish between overflow and negative remaining transaction value errors And make some error types cloneable. * Add methods for updating chain value pools (#2586) * Move amount::test to amount::tests:vectors * Make ValueBalance traits more consistent with Amount - implement Add and Sub variants with Result and Assign - derive Hash * Clarify some comments and expects * Create ValueBalance update methods for blocks and transactions Co-authored-by: Alfredo Garcia <oxarbitrage@gmail.com>
2021-08-09 10:22:26 -07:00
let tx_sprout_pool = tx.output_values_to_sprout();
ZIP-211: Validate Disabling Addition of New Value to the Sprout Value Pool (#2399) * add disabled sprout pool check * change method name * change error name * fix typo * make the success test case in other tx than the coinbase * use new `height` method instead of deriving `PartialOrd` in `NetworkUpgrade` * move check of network upgrade into function, rename, docs * increase test coverage * fix comment
2021-07-01 16:03:34 -07:00
for vpub_old in tx_sprout_pool {
if *vpub_old != zero {
return Err(TransactionError::DisabledAddToSproutPool);
}
}
}
Ok(())
}
Reject a mempool transaction if it has internal spend conflicts (#2843) * Reorder imports to follow convention Place the imports from `std` at the top. * Add transaction errors for double spends Add a variant for each pool. They represent a double spend inside a transaction. * Add `check::spend_conflicts` implementation Checks if a transaction has spend conflicts, i.e., if a transaction spends a UTXO more than once or if it reveals a nullifier more than once. * Reject transactions with internal spend conflicts The transaction verifier should reject transactions that spend the same transparent UTXO or that reveal the same nullifier. * Add transparent spend consensus rule Add it to the documentation to help with understanding and auditing it. Co-authored-by: teor <teor@riseup.net> * Use different nullifiers by default Don't use the same nullifier twice when mocking a `sprout::JoinSplitData` because it will lead to an invalid transaction. * Test transactions with repeated spend outpoints Since that represents a spend conflict, they should be rejected. * Test duplicate nullifiers in joinsplit Check if a mock transaction with a joinsplit that reveals the same nullifier twice is rejected. * Test duplicate nullifiers across joinsplits Check if a duplicate nullifier in two different joinsplits in the same transaction is rejected. * Test V4 transaction with duplicate Sapling spend Check if a V4 transaction that has a duplicate Sapling spend is rejected. * Test V5 transaction with duplicate Sapling spend Check if a V5 transaction that has a duplicate Sapling spend is rejected. * Test V5 transaction with duplicate Orchard actions Check if a V5 transaction that has duplicate Orchard actions is rejected by the transaction verifier. Co-authored-by: teor <teor@riseup.net>
2021-10-27 19:49:28 -07:00
/// Check if a transaction has any internal spend conflicts.
///
/// An internal spend conflict happens if the transaction spends a UTXO more than once or if it
/// reveals a nullifier more than once.
///
/// Consensus rules:
///
/// "each output of a particular transaction
/// can only be used as an input once in the block chain.
/// Any subsequent reference is a forbidden double spend-
/// an attempt to spend the same satoshis twice."
///
/// https://developer.bitcoin.org/devguide/block_chain.html#introduction
///
/// A _nullifier_ *MUST NOT* repeat either within a _transaction_, or across _transactions_ in a
/// _valid blockchain_ . *Sprout* and *Sapling* and *Orchard* _nulliers_ are considered disjoint,
/// even if they have the same bit pattern.
///
/// https://zips.z.cash/protocol/protocol.pdf#nullifierset
pub fn spend_conflicts(transaction: &Transaction) -> Result<(), TransactionError> {
use crate::error::TransactionError::*;
let transparent_outpoints = transaction.spent_outpoints().map(Cow::Owned);
let sprout_nullifiers = transaction.sprout_nullifiers().map(Cow::Borrowed);
let sapling_nullifiers = transaction.sapling_nullifiers().map(Cow::Borrowed);
let orchard_nullifiers = transaction.orchard_nullifiers().map(Cow::Borrowed);
check_for_duplicates(transparent_outpoints, DuplicateTransparentSpend)?;
check_for_duplicates(sprout_nullifiers, DuplicateSproutNullifier)?;
check_for_duplicates(sapling_nullifiers, DuplicateSaplingNullifier)?;
check_for_duplicates(orchard_nullifiers, DuplicateOrchardNullifier)?;
Ok(())
}
/// Check for duplicate items in a collection.
///
/// Each item should be wrapped by a [`Cow`] instance so that this helper function can properly
/// handle borrowed items and owned items.
///
/// If a duplicate is found, an error created by the `error_wrapper` is returned.
fn check_for_duplicates<'t, T>(
items: impl IntoIterator<Item = Cow<'t, T>>,
error_wrapper: impl FnOnce(T) -> TransactionError,
) -> Result<(), TransactionError>
where
T: Clone + Eq + Hash + 't,
{
let mut hash_set = HashSet::new();
for item in items {
if let Some(duplicate) = hash_set.replace(item) {
return Err(error_wrapper(duplicate.into_owned()));
}
}
Ok(())
}