blockchain/stake: Cleanup various parts of the treasury code.#3680
Open
davecgh wants to merge 12 commits intodecred:masterfrom
Open
blockchain/stake: Cleanup various parts of the treasury code.#3680davecgh wants to merge 12 commits intodecred:masterfrom
davecgh wants to merge 12 commits intodecred:masterfrom
Conversation
Transactions with input values that are negative or greater than the max supply ultimately will always eventually end up invalid by checks performed much later in the validation process. Moreover, the aforementioned conditions are entirely context free. Given that, it is much more efficient and robust to simply reject any transactions that violate them as early as possible in the validation process. The context-free transaction sanity checks are the ideal location since they are among the earliest validation checks that are performed. However, unconfirmed transactions are allowed to leave the input value set to the special sentinel value of -1 (wire.NullValueIn) that signals the actual value will be filled in later. The sanity checks take place before that information is available to populate, so that case needs to be exempted and left for the later checks to reject as they already do now. With that in mind, this modifies CheckTransactionSanity to reject transactions that violate those conditions accordingly. It also adds ErrFraudAmountIn to uniquely identify when checks fail validation for that reason. Finally, it modifies the rule error conversion in the internal blockchain code to recognize and convert the new error.
This adds a few additional tests for transaction sanity checking to ensure negative values, except the special sentinel value, and values greater than the max supply are rejected as expected.
The current code uses a single global constant for the consensus script version. This does not cause any issue at the moment since everything requires version 0 and version 0 is the only supported script version anyway. However, it is highly misleading and quite brittle. It implies that the constant could be bumped to a new version, but that is not the case at all. For example, if the value were to change to, say, version 1, it would break consensus because it would make all historical stake transactions invalid. In practice, supporting a new script version means each individual supported stake transaction type needs to be carefully analyzed and updated to support both the old version for historical transactions as well as the new version. Moreover, that support would need to be dependent on the state of a consensus vote. This modifies each instance that checks the required script version to use a local constant instead to help make it clear that every individual case can be different and requires individual analysis and support in the event of any new supported script versions.
This reworks the tests in TestTreasuryIsFunctions for the treasury add, treasurybase, and treasury spend identification funcs to make them more comprehensive, correct some that weren't actually testing what they claimed, and make them much more consistent with the other tests throughout the code base. Not only does it perform more comprehensive testing, it reduces the test code by about 42%. In particular: - Use hex to bytes for hard-coded byte slices for some of the globals instead of the much more verbose raw byte slices - Introduce helper functions to create the various components of the transactions - Start with well-formed transactions and modify them for each test instead of building them from scratch every time - Run all identification funcs against all of the transaction types to help ensure none of them are incorrectly detected as any other - Significantly improves readability and adds descriptions to make it clear for people not familiar with the code - Modernize the test formatting - Effectively add more tests overall due to cross testing - Correct test intending to pass stakebase but not treasury add and assert it actually passes the stakebase checks This is part of a larger overall effort to bring the treasury code up to the standards used throughout the rest of the blockchain consensus code.
Now that the updated treasury spend tests cover the fully valid case, there is no benefit to repeating it in another test. This is part of a larger overall effort to bring the treasury code up to the standards used throughout the rest of the blockchain consensus code.
This reworks the treasury spend error tests to use the newly introduced functions that start with a valid treasury spend and then mutates a copy to induce the specific error to test. In the process, it also corrects some tests that weren't actually tsting what they claimed. The result is significantly more readable, provides more comprehensive test coverage, is more consistent with the other tests throughout the code base, and reduces the test code for the relevant tests by about 69%. This is part of a larger overall effort to bring the treasury code up to the standards used throughout the rest of the blockchain consensus code.
This reworks the treasury add error tests to use the newly introduced functions that start with a valid treasury add transaction and then mutates a copy to induce the specific error to test. In the process, it also corrects some tests that weren't actually tsting what they claimed. The result is significantly more readable, provides more comprehensive test coverage, is more consistent with the other tests throughout the code base, and reduces the test code for the relevant tests by about 56%. This is part of a larger overall effort to bring the treasury code up to the standards used throughout the rest of the blockchain consensus code.
This reworks the treasurybase error tests to use the newly introduced functions that start with a valid treasurybase and then mutates a copy to induce the specific error to test. In the process, it also corrects some tests that weren't actually tsting what they claimed. The result is significantly more readable, provides more comprehensive test coverage, is more consistent with the other tests throughout the code base, and reduces the test code for the relevant tests by about 63%. This is part of a larger overall effort to bring the treasury code up to the standards used throughout the rest of the blockchain consensus code.
This cleans up the CheckTAdd method to make it much more consistent with the other code used in consensus throughout the rest of the code base. While there are no known exploitable issues with the func and it has worked well for a while now, it is highly inconsistent with the rest of the consensus code in style and polish and has various other issues. For example: - several of the reported error message are incorrect - most of the error message don't provide very helpful messages and reference internal names that are not visible to users - inconsistent variable names - uses less efficient inverted logic tests - various misleading and inaccurate comments - exported func comment refers to internal func that is not visible in generated documention This is part of a larger overall effort to bring the treasury code up to the standards used throughout the rest of the blockchain consensus code.
This cleans up the CheckTSpend method to make it much more consistent with the other code used in consensus throughout the rest of the code base. While there are no known exploitable issues with the func and it has worked well for a while now, it is highly inconsistent with the rest of the consensus code in style and polish and has various other issues. For example: - several of the reported error message are incorrect - most of the error message don't provide very helpful messages and reference internal names that are not visible to users - inconsistent errors - inconsistent variable names - uses less efficient and harder to read inverted logic tests - various misleading and inaccurate comments This is part of a larger overall effort to bring the treasury code up to the standards used throughout the rest of the blockchain consensus code.
This cleans up the CheckTreasuryBase method to make it much more consistent with the other code used in consensus throughout the rest of the code base. While there are no known exploitable issues with the func and it has worked well for a while now, it is highly inconsistent with the rest of the consensus code in style and polish and has various other issues. For example: - several of the reported error message are incorrect - most of the error message don't provide very helpful messages and reference internal names that are not visible to users - inconsistent variable names - some checks are not in the most logical order - various misleading and inaccurate comments - some checks are not making use of existing funcs This is part of a larger overall effort to bring the treasury code up to the standards used throughout the rest of the blockchain consensus code.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is rebased on #3677 and #3679.
This reworks a significant portion of the treasury code and related tests in
blockchain/staketo make it them more consistent with the quality of the other consensus code throughout the code base.It is part of a larger overall effort to bring the treasury code up to the standards used throughout the rest of the blockchain consensus code.
It consists of a series of commits to help ease the review process. Each commit is intended to be a self-contained and logically easy to follow change such that the code continues to compile and works properly at each step.
See the description of each commit for further details.
A high level overview of all changes are: