CompactBlock parsing and scanning#114
Conversation
str4d
force-pushed
the
compact-blocks
branch
from
99aef05 to
14caa7d
Compare
|
Rebased on master to fix merge conflicts in |
str4d
force-pushed
the
compact-blocks
branch
from
612cd43 to
8ca2a95
Compare
|
Rebased on master to fix a bug in the tests after the API changes in #109. |
str4d
force-pushed
the
compact-blocks
branch
from
8ca2a95 to
7d1b442
Compare
|
Force-pushed to undo the |
Codecov Report
@@ Coverage Diff @@
## master #114 +/- ##
=========================================
Coverage ? 55.96%
=========================================
Files ? 42
Lines ? 6082
Branches ? 0
=========================================
Hits ? 3404
Misses ? 2678
Partials ? 0
Continue to review full report at Codecov.
|
defuse
left a comment
defuse
left a comment
There was a problem hiding this comment.
utACK.
API comments:
This interacts with how light wallets handle reorgs, which we want to make as easy as possible so they don't introduce double-spend vulnerabilities with bad reorg handling. With this API, the most obvious way is to keep a copy of the state from N blocks back and rewind to that point then scan_blocks up to the current tip. The caller could forget to revert parts of the state e.g. the nullifier set. The caller could also pass blocks in the wrong order, blocks from a new chain that suddenly grew longer, etc.
We could take responsibility for these problems at this layer by providing a stateful block scanner, one that checks the blocks form a valid chain (prevhash, PoW), automatically keeps track of the witnesses and transactions, and implements rolling-back for reorgs. Light wallets would still have to include some logic for reorgs (at least to refresh the UI to hide payments that disappeared) but if they rely on a stateful scanner as the source of truth when calculating balance, payments received, etc. there's less chance for them to introduce vulnerabilities. There are some trade-offs, like if they want to store their own metadata with each transaction or index them for search, the stateful scanner we provide might not be flexible enough.
(I'm not suggesting that happen in this PR, it would be a higher-level interface that uses scan_block.)
Will the caller ever want to delete viewing keys? Using the key index means that's not possible without screwing up all of the account numbers.
It's outside the scope of this PR, but parse_note_plaintext_without_memo which is called by try_sapling_compact_note_decryption probably leaks some info to local side-channels, maybe we should document that somewhere?
This enables basic verification of chain validity when CompactBlocks are received without the full header.
Checking for spent notes in a block is still not completely constant time, due to filtering out negative results of the constant-time comparison. Part of zcash#84.
cargo fmt does not build the code, and running it in a fresh clone of the codebase will fail because the protobuf code has not been generated.
cargo fmt does not build the code, and running it in a fresh clone of the codebase will fail because the protobuf code has not been generated.
|
Rebased on master to fix merge conflicts caused by #138. |
|
Thanks for the API comments @defuse 🙂 I will merge this PR as-is and then address the comments in subsequent issues. |
4 participants
No description provided.