-
Notifications
You must be signed in to change notification settings - Fork 331
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(wallet): add check for network and genesis_hash consistency #1777
base: master
Are you sure you want to change the base?
feat(wallet): add check for network and genesis_hash consistency #1777
Conversation
c287ce3
to
e60e101
Compare
let network_genesis_hash = genesis_block(network).block_hash(); | ||
if network_genesis_hash != exp_genesis_hash { | ||
return Err(LoadError::Mismatch(LoadMismatch::Genesis { | ||
loaded: network_genesis_hash, | ||
expected: exp_genesis_hash, | ||
})); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm still unsure of how to properly test this one (or if it's even needed), because I can't initially create a wallet with network
and genesis_hash
that are valid (consistent) on create_with_params
, but it will fail with an inconsistent check_genesis_hash
on load_with_params
.
It'll always fail on the previous check.
- add new `MismatchError::Genesis` and `DescriptorError::Mismatch` error variants, when the genesis_hash parameter and network are inconsistent. - add check on `create_with_params` to check that `genesis_hash` and `network` genesis hash are consistent, return `Descriptor::Mismatch` error otherwise. - add check on `load_with_params` to check that `check_genesis_hash` is also consistent with the genesis hash of current loaded `network`, return the `LoadMismatch` error variant otherwise.
e60e101
to
67e4862
Compare
I had previously understood that bdk allowed you to use a custom genesis hash, meaning one that doesn't match the chain hash of the specified network. I interpreted the issue as saying the network isn't checked to be among the valid networks of a descriptor, but as you said that logic exists in |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approach-NACK, Concept-NACK
It seems the intention of the PR is to enforce a 1-possible-genesis-hash-per-network-variant invariance. The correct way to do this is to change the datastructure, not enforce the invariance ad-hoc with errors.
So now the question is whether we want to be able have the caller provide a custom genesis hash. I think we still should, but maybe our approach needs to be a bit different.
It is true that the Network
enum is intended to represent a single network per variant so the current code is hard to reason with. To fix this, maybe we can introduce a new enum:
pub enum BdkNetwork {
Network(bitcoin::Network),
Custom(BlockHash),
}
impl BdkNetwork {
/// Handy to work with keys.
///
/// The `Custom` variant will always be `Text`.
pub fn kind(&self) -> bitcoin::NetworkKind {}
}
let genesis_hash = params | ||
.genesis_hash | ||
.unwrap_or(genesis_block(network).block_hash()); | ||
|
||
if genesis_hash.ne(&genesis_block(network).block_hash()) { | ||
return Err(DescriptorError::Mismatch(MismatchError::Genesis { | ||
network: genesis_block(network).block_hash(), | ||
parameter: genesis_hash, | ||
})); | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As mentioned by @ValuedMammal, the intention here is so the caller can provide a custom genesis hash.
However, if the intention is to enforce a 1-possible-genesis-hash-per-network-variant invariance, changing the data structure to disallow the invariance would make a lot more sense. I.e. remove params.genesis_hash
.
Agree, if we opt-out from allowing custom genesis_hash/networks, we can just remove the parameter altogether.
Yes, I agree with also allowing a custom genesis_hash. I didn't have that in mind when working on the changes. However, by the initial issue description, I reasoned that the current implementation is too loose and would allow a user to use a custom Genesis hash on Mainnet and Testnet.
Thanks, this seems like a better approach. |
As discussed with VM, another possible approach would be to:
It would still allow the usage of a custom However, any of both approaches: stated above or introducing a new type Although the current API allows some inadequate usage/inconsistency as the code snippet below, it seems a better approach to put this PR aside now and return to it later. Any other thoughts? #[test]
fn test_create_genesis_hash_and_network_inconsistency() {
let (external, internal) = get_test_tr_single_sig_xprv_and_change_desc();
let mainnet_genesis_hash = BlockHash::from_byte_array(ChainHash::BITCOIN.to_bytes());
let _ = Wallet::create(external, internal)
.genesis_hash(mainnet_genesis_hash)
.network(Network::Regtest)
.create_wallet_no_persist()
.unwrap();
} |
fixes #1716
Description
Adds a new check on both
create_with_params
andload_with_params
to validate that the givengenesis_hash
parameter matches thegenesis_hash
for expectedNetwork
, returns a newDescriptorError::Mismatch
orLoadError::LoadMismatch
error variants, respectively.Notes to the reviewers
I'm not sure if adding the check on
load_with_params
is needed, and if that branch will ever be reached, at least it seems not trivial to test it using the standard of tests we currently have, that its: 1) creating a wallet; 2) loading and asserting the expected checks.Changelog notice
genesis_hash
andnetwork
parameters.MismatchError
enum andDescriptor::Mismatch
variant.Checklists
All Submissions:
cargo fmt
andcargo clippy
before committingNew Features:
Bugfixes: