Merge pull request #4379 from anoma/tomas/sa-tests

sa fixes tests

Author: mergify[bot]

.github/workflows/ci.yml

@@ -362,11 +362,11 @@ jobs:
         run: sccache --stop-server || true
 
   check-benchmarks:
-    runs-on: [self-hosted, 8vcpu-16ram-ubuntu22-namada-x86]
+    runs-on: [self-hosted, 16vcpu-32ram-ubuntu22-namada-x86]
     container:
       image: ghcr.io/heliaxdev/namada-ci:namada-main
     if: github.event.pull_request.draft == false || contains(github.head_ref, 'mergify/merge-queue') || contains(github.ref_name, 'mergify/merge-queue')
-    timeout-minutes: 25
+    timeout-minutes: 35
     needs: [build-wasm]
 
     steps:

crates/benches/Cargo.toml

@@ -32,6 +32,11 @@ name = "wasm_opcodes"
 harness = false
 path = "wasm_opcodes.rs"
 
+[[bench]]
+name = "mempool_validate"
+harness = false
+path = "mempool_validate.rs"
+
 [features]
 namada-eth-bridge = ["namada_apps_lib/namada-eth-bridge"]
 

crates/benches/mempool_validate.rs

@@ -0,0 +1,236 @@
+#![allow(clippy::disallowed_methods)]
+
+use std::collections::BTreeMap;
+
+use criterion::{criterion_group, criterion_main, Criterion};
+use namada_apps_lib::collections::HashSet;
+use namada_apps_lib::key::{common, ed25519, RefTo, SigScheme};
+use namada_apps_lib::time::DateTimeUtc;
+use namada_apps_lib::tx::data::{Fee, GasLimit, TxType, WrapperTx};
+use namada_apps_lib::tx::{self, Signer, Tx};
+use namada_apps_lib::{address, token};
+use namada_node::bench_utils::BenchShell;
+use namada_node::shell::{MempoolTxType, ResultCode};
+use rand::rngs::StdRng;
+use rand::SeedableRng;
+
+/// The value of namada-mainnet-genesis `max_tx_bytes` protocol parameter
+const MAX_TX_BYTES: usize = 1048576;
+
+/// Benchmark mempool validation with a tx containing the max. number of bytes
+/// allowed by mainnet genesis parameters, filled with smallest data sections,
+/// but without an authorization section.
+fn max_tx_sections_validation(c: &mut Criterion) {
+    let mut group = c.benchmark_group("non_uniq_sections_validation");
+
+    let bench_shell = BenchShell::default();
+    let shell = bench_shell.read();
+
+    let chain_id = shell.chain_id.clone();
+    let timestamp = DateTimeUtc::now();
+    let gas_limit = GasLimit::from(u64::MAX);
+    let mut rng = StdRng::from_seed([0; 32]);
+    let secret_key = ed25519::SigScheme::generate(&mut rng);
+    let pk = common::PublicKey::Ed25519(secret_key.ref_to());
+
+    let amount = token::Amount::from_u64(1);
+    let amount_per_gas_unit =
+        token::DenominatedAmount::new(amount, token::Denomination(0u8));
+    let token = address::testing::nam();
+    let fee = Fee {
+        amount_per_gas_unit,
+        token,
+    };
+    let wrapper = WrapperTx { fee, pk, gas_limit };
+    let tx_type = TxType::Wrapper(Box::new(wrapper));
+
+    let batch = HashSet::new();
+    let header = tx::Header {
+        chain_id,
+        expiration: None,
+        timestamp,
+        batch,
+        atomic: false,
+        tx_type,
+    };
+
+    let (tx_1_section_len, section_additional_len) = {
+        let tx = Tx {
+            header: header.clone(),
+            sections: vec![tx::Section::Data(tx::Data::new(vec![0_u8]))],
+        };
+        let tx_bytes = tx.try_to_bytes().unwrap();
+        let tx_1_section_len = tx_bytes.len();
+
+        let tx = Tx {
+            header: header.clone(),
+            sections: vec![
+                tx::Section::Data(tx::Data::new(vec![0_u8])),
+                tx::Section::Data(tx::Data::new(vec![0_u8])),
+            ],
+        };
+        let tx_bytes = tx.try_to_bytes().unwrap();
+        let tx_2_sections_len = tx_bytes.len();
+
+        (tx_1_section_len, tx_2_sections_len - tx_1_section_len)
+    };
+
+    let sections_available_space = MAX_TX_BYTES - tx_1_section_len;
+    let num_of_sections = sections_available_space / section_additional_len + 1;
+
+    let mut sections = Vec::with_capacity(num_of_sections);
+    for _ in 0..num_of_sections {
+        sections.push(tx::Section::Data(tx::Data::new(vec![0_u8])));
+    }
+    let tx = Tx {
+        header: header.clone(),
+        sections,
+    };
+    let tx_bytes = tx.try_to_bytes().unwrap();
+    assert!(tx_bytes.len() <= MAX_TX_BYTES);
+
+    let res = shell.mempool_validate(&tx_bytes, MempoolTxType::NewTransaction);
+    assert_eq!(res.code, ResultCode::InvalidSig.into());
+
+    group.bench_function("Shell::mempool_validate", |b| {
+        b.iter(|| {
+            shell.mempool_validate(&tx_bytes, MempoolTxType::NewTransaction);
+        });
+    });
+}
+
+/// Benchmark mempool validation with a tx containing the max. number of bytes
+/// allowed by mainnet genesis parameters, filled with smallest data sections
+/// and an authorization section.
+fn max_tx_sections_with_auth_validation(c: &mut Criterion) {
+    let mut group = c.benchmark_group("uniq_sections_auth_validation");
+
+    let bench_shell = BenchShell::default();
+    let shell = bench_shell.read();
+
+    let chain_id = shell.chain_id.clone();
+    let timestamp = DateTimeUtc::now();
+    let gas_limit = GasLimit::from(u64::MAX);
+    let mut rng = StdRng::from_seed([0; 32]);
+    let secret_key = ed25519::SigScheme::generate(&mut rng);
+    let pk = common::PublicKey::Ed25519(secret_key.ref_to());
+
+    let amount = token::Amount::from_u64(1);
+    let amount_per_gas_unit =
+        token::DenominatedAmount::new(amount, token::Denomination(0u8));
+    let token = address::testing::nam();
+    let fee = Fee {
+        amount_per_gas_unit,
+        token,
+    };
+    let wrapper = WrapperTx { fee, pk, gas_limit };
+    let tx_type = TxType::Wrapper(Box::new(wrapper));
+
+    let batch = HashSet::new();
+    let header = tx::Header {
+        chain_id,
+        expiration: None,
+        timestamp,
+        batch,
+        atomic: false,
+        tx_type,
+    };
+
+    let (tx_1_section_len, section_additional_len) = {
+        let data = tx::Section::Data(tx::Data::new(vec![0_u8]));
+        let data_hash = data.get_hash();
+        let targets = vec![
+            tx::Section::Header(header.clone()).get_hash(),
+            data_hash,
+            data_hash,
+        ];
+        let auth = tx::Authorization {
+            targets,
+            signer: Signer::PubKeys(vec![]),
+            signatures: BTreeMap::default(),
+        };
+        let tx = Tx {
+            header: header.clone(),
+            sections: vec![data.clone(), tx::Section::Authorization(auth)],
+        };
+        let tx_bytes = tx.try_to_bytes().unwrap();
+        let tx_1_section_len = tx_bytes.len();
+
+        let targets = vec![
+            tx::Section::Header(header.clone()).get_hash(),
+            data_hash,
+            data_hash,
+            data_hash,
+        ];
+        let auth = tx::Authorization {
+            targets,
+            signer: Signer::PubKeys(vec![]),
+            signatures: BTreeMap::default(),
+        };
+        let tx = Tx {
+            header: header.clone(),
+            sections: vec![
+                data.clone(),
+                data,
+                tx::Section::Authorization(auth),
+            ],
+        };
+        let tx_bytes = tx.try_to_bytes().unwrap();
+        let tx_2_sections_len = tx_bytes.len();
+
+        (tx_1_section_len, tx_2_sections_len - tx_1_section_len)
+    };
+
+    let sections_available_space = MAX_TX_BYTES - tx_1_section_len;
+    let num_of_sections = sections_available_space / section_additional_len + 1;
+
+    // Generate unique sections and add a target for each
+    let mut sections = Vec::with_capacity(num_of_sections + 1);
+    let mut targets = Vec::with_capacity(num_of_sections + 1);
+    targets.push(tx::Section::Header(header.clone()).get_hash());
+    for _ in 0..num_of_sections {
+        let data = tx::Section::Data(tx::Data::new(vec![0_u8]));
+        let data_hash = data.get_hash();
+        sections.push(data);
+        targets.push(data_hash);
+    }
+
+    // Add auth raw hash target and section. Add the authorization section last
+    // so that `Tx::verify_signatures` has to iterate through all sections
+    let auth = tx::Authorization {
+        targets: targets.clone(),
+        signer: Signer::PubKeys(vec![]),
+        signatures: BTreeMap::default(),
+    };
+    let raw_hash = auth.get_raw_hash();
+    targets.push(raw_hash);
+    let auth = tx::Authorization {
+        targets,
+        signer: Signer::PubKeys(vec![]),
+        signatures: BTreeMap::default(),
+    };
+    sections.push(tx::Section::Authorization(auth));
+
+    let tx = Tx {
+        header: header.clone(),
+        sections,
+    };
+    let tx_bytes = tx.try_to_bytes().unwrap();
+    assert!(tx_bytes.len() <= MAX_TX_BYTES);
+
+    let res = shell.mempool_validate(&tx_bytes, MempoolTxType::NewTransaction);
+    assert_eq!(res.code, ResultCode::InvalidSig.into());
+
+    group.bench_function("Shell::mempool_validate", |b| {
+        b.iter(|| {
+            shell.mempool_validate(&tx_bytes, MempoolTxType::NewTransaction);
+        });
+    });
+}
+
+criterion_group!(
+    mempool_validate,
+    max_tx_sections_validation,
+    max_tx_sections_with_auth_validation,
+);
+criterion_main!(mempool_validate);

crates/node/src/shell/mod.rs

@@ -2967,6 +2967,54 @@ mod shell_tests {
         assert_eq!(result.code, ResultCode::TooLarge.into());
     }
 
+    /// Test max tx sections limit in CheckTx
+    #[test]
+    fn test_max_tx_sections_check_tx() {
+        let (shell, _recv, _, _) = test_utils::setup();
+
+        let new_tx = |num_of_sections: usize| {
+            let keypair = super::test_utils::gen_keypair();
+            let mut wrapper =
+                Tx::from_type(TxType::Wrapper(Box::new(WrapperTx::new(
+                    Fee {
+                        amount_per_gas_unit: DenominatedAmount::native(
+                            100.into(),
+                        ),
+                        token: shell.state.in_mem().native_token.clone(),
+                    },
+                    keypair.ref_to(),
+                    (GAS_LIMIT * 10).into(),
+                ))));
+            wrapper.header.chain_id = shell.chain_id.clone();
+            wrapper
+                .set_code(Code::new("wasm_code".as_bytes().to_owned(), None));
+
+            // Wrapper sig and header
+            const OTHER_SECTIONS: usize = 2;
+            for _ in 0..(num_of_sections - OTHER_SECTIONS) {
+                wrapper.set_data(Data::new(vec![0]));
+            }
+            wrapper.sign_wrapper(keypair);
+
+            assert_eq!(wrapper.sections.len(), num_of_sections);
+            wrapper
+        };
+
+        // test a tx on the limit of number of sections
+        let result = shell.mempool_validate(
+            new_tx(MAX_TX_SECTIONS_LEN).to_bytes().as_ref(),
+            MempoolTxType::NewTransaction,
+        );
+        assert!(result.code != ResultCode::InvalidTx.into());
+
+        // test a tx exceeding the limit of number of sections
+        let result = shell.mempool_validate(
+            new_tx(MAX_TX_SECTIONS_LEN + 1).to_bytes().as_ref(),
+            MempoolTxType::NewTransaction,
+        );
+        assert_eq!(result.code, ResultCode::InvalidTx.into());
+    }
+
     /// Test the that the shell can restore it's state
     /// from a snapshot if it is not syncing
     #[test]

crates/node/src/shell/process_proposal.rs

@@ -1922,4 +1922,57 @@ mod test_process_proposal {
             assert!(rsp.is_ok());
         }
     }
+
+    /// Process Proposal should reject a block containing a tx with a number of
+    /// sections exceeding the limit
+    #[test]
+    fn test_max_sections_exceeded_tx_rejected() {
+        let (shell, _recv, _, _) = test_utils::setup_at_height(3u64);
+
+        let keypair = namada_apps_lib::wallet::defaults::daewon_keypair();
+
+        // Make a transaction that exceeds the number of max number of allowed
+        // sections
+        let mut tx = Tx::from_type(TxType::Wrapper(Box::new(WrapperTx::new(
+            Fee {
+                amount_per_gas_unit: DenominatedAmount::native(100.into()),
+                token: shell.state.in_mem().native_token.clone(),
+            },
+            keypair.ref_to(),
+            (GAS_LIMIT * 10).into(),
+        ))));
+        tx.header.chain_id = shell.chain_id.clone();
+        tx.set_code(Code::new("wasm_code".as_bytes().to_owned(), None));
+
+        // Wrapper sig and header
+        const OTHER_SECTIONS: usize = 2;
+        for _ in 0..(MAX_TX_SECTIONS_LEN - OTHER_SECTIONS + 1) {
+            tx.set_data(Data::new(vec![0]));
+        }
+        tx.sign_wrapper(keypair);
+
+        assert_eq!(tx.sections.len(), MAX_TX_SECTIONS_LEN + 1);
+
+        let response = {
+            let request = ProcessProposal {
+                txs: vec![tx.to_bytes()],
+            };
+            if let Err(TestError::RejectProposal(resp)) =
+                shell.process_proposal(request)
+            {
+                if let [resp] = resp.as_slice() {
+                    resp.clone()
+                } else {
+                    panic!("Test failed")
+                }
+            } else {
+                panic!("Test failed")
+            }
+        };
+        assert_eq!(response.result.code, u32::from(ResultCode::InvalidTx));
+        assert_eq!(
+            response.result.info,
+            format!("Tx contains more than {MAX_TX_SECTIONS_LEN} sections."),
+        );
+    }
 }