R4R: CheckTx AnteHandler for Ethereum Tx Messages

Gopkg.toml

@@ -7,8 +7,8 @@
 
 [[constraint]]
   name = "github.com/cosmos/cosmos-sdk"
-  # TODO: Replace this with 0.27
-  revision = "1ea0e4c457fc105b48131a60e3d28c6c1bb32cc0"
+  revision = "75fbce8e854c888063cab7e22930e2a6e382880f"
+  # version = "v0.27.0"
 
 [[constraint]]
   name = "github.com/hashicorp/golang-lru"
@@ -40,20 +40,20 @@
 
 [[override]]
   name = "github.com/tendermint/go-amino"
-  version = "v0.14.0"
-
-[[override]]
-  name = "github.com/tendermint/iavl"
-  version = "=v0.11.1"
+  version = "v0.14.1"
 
 [[override]]
   name = "golang.org/x/crypto"
   source = "https://github.com/tendermint/crypto"
   revision = "3764759f34a542a3aef74d6b02e35be7ab893bba"
 
+[[override]]
+  name = "github.com/tendermint/iavl"
+  version = "v0.12.0"
+
 [[override]]
   name = "github.com/tendermint/tendermint"
-  version = "v0.26.1"
+  revision = "v0.27.0-dev1"
 
 [[override]]
   name = "golang.org/x/sys"

app/ante.go

@@ -1,29 +1,20 @@
 package app
 
 import (
-	"encoding/hex"
+	"fmt"
+	"math/big"
 
 	sdk "github.com/cosmos/cosmos-sdk/types"
 	"github.com/cosmos/cosmos-sdk/x/auth"
-	"github.com/tendermint/tendermint/crypto/secp256k1"
 
+	"github.com/cosmos/ethermint/types"
 	evmtypes "github.com/cosmos/ethermint/x/evm/types"
-)
-
-var dummySecp256k1Pubkey secp256k1.PubKeySecp256k1 // used for tx simulation
 
-const (
-	memoCostPerByte     = 1
-	maxMemoCharacters   = 100
-	secp256k1VerifyCost = 100
+	ethcmn "github.com/ethereum/go-ethereum/common"
+	ethcore "github.com/ethereum/go-ethereum/core"
 )
 
-func init() {
-	bz, _ := hex.DecodeString("035AD6810A47F073553FF30D2FCC7E0D3B1C0B74B61A1AAA2582344037151E143A")
-	copy(dummySecp256k1Pubkey[:], bz)
-}
-
-// NewAnteHandler returns an ante handelr responsible for attempting to route an
+// NewAnteHandler returns an ante handler responsible for attempting to route an
 // Ethereum or SDK transaction to an internal ante handler for performing
 // transaction-level processing (e.g. fee payment, signature verification) before
 // being passed onto it's respective handler.
@@ -35,57 +26,147 @@ func NewAnteHandler(ak auth.AccountKeeper, fck auth.FeeCollectionKeeper) sdk.Ant
 		ctx sdk.Context, tx sdk.Tx, sim bool,
 	) (newCtx sdk.Context, res sdk.Result, abort bool) {
 
-		stdTx, ok := tx.(auth.StdTx)
-		if !ok {
-			return ctx, sdk.ErrInternal("transaction type invalid: must be StdTx").Result(), true
-		}
+		switch castTx := tx.(type) {
+		case auth.StdTx:
+			return auth.NewAnteHandler(ak, fck)(ctx, castTx, sim)
 
-		// TODO: Handle gas/fee checking and spam prevention. We may need two
-		// different models for SDK and Ethereum txs. The SDK currently supports a
-		// primitive model where a constant gas price is used.
-		//
-		// Ref: #473
+		case *evmtypes.EthereumTxMsg:
+			return ethAnteHandler(ctx, castTx, ak)
 
-		if ethTx, ok := isEthereumTx(stdTx); ethTx != nil && ok {
-			return ethAnteHandler(ctx, ethTx, ak)
+		default:
+			return ctx, sdk.ErrInternal(fmt.Sprintf("transaction type invalid: %T", tx)).Result(), true
 		}
-
-		return auth.NewAnteHandler(ak, fck)(ctx, stdTx, sim)
 	}
 }
 
 // ----------------------------------------------------------------------------
 // Ethereum Ante Handler
 
 // ethAnteHandler defines an internal ante handler for an Ethereum transaction
-// ethTx that implements the sdk.Msg interface. The Ethereum transaction is a
-// single message inside a auth.StdTx.
-//
-// For now we simply pass the transaction on as the EVM shares common business
-// logic of an ante handler. Anything not handled by the EVM that should be
-// prior to transaction processing, should be done here.
+// ethTxMsg. During CheckTx, the transaction is passed through a series of
+// pre-message execution validation checks such as signature and account
+// verification in addition to minimum fees being checked. Otherwise, during
+// DeliverTx, the transaction is simply passed to the EVM which will also
+// perform the same series of checks. The distinction is made in CheckTx to
+// prevent spam and DoS attacks.
 func ethAnteHandler(
-	ctx sdk.Context, ethTx *evmtypes.MsgEthereumTx, ak auth.AccountKeeper,
+	ctx sdk.Context, ethTxMsg *evmtypes.EthereumTxMsg, ak auth.AccountKeeper,
 ) (newCtx sdk.Context, res sdk.Result, abort bool) {
 
+	if ctx.IsCheckTx() {
+		// Only perform pre-message (Ethereum transaction) execution validation
+		// during CheckTx. Otherwise, during DeliverTx the EVM will handle them.
+		if res := validateEthTxCheckTx(ctx, ak, ethTxMsg); !res.IsOK() {
+			return newCtx, res, true
+		}
+	}
+
 	return ctx, sdk.Result{}, false
 }
 
 // ----------------------------------------------------------------------------
 // Auxiliary
 
-// isEthereumTx returns a boolean if a given standard SDK transaction contains
-// an Ethereum transaction. If so, the transaction is also returned. A standard
-// SDK transaction contains an Ethereum transaction if it only has a single
-// message and that embedded message if of type MsgEthereumTx.
-func isEthereumTx(tx auth.StdTx) (*evmtypes.MsgEthereumTx, bool) {
-	msgs := tx.GetMsgs()
-	if len(msgs) == 1 {
-		ethTx, ok := msgs[0].(*evmtypes.MsgEthereumTx)
-		if ok {
-			return ethTx, true
-		}
+func validateEthTxCheckTx(
+	ctx sdk.Context, ak auth.AccountKeeper, ethTxMsg *evmtypes.EthereumTxMsg,
+) sdk.Result {
+
+	chainID, ok := new(big.Int).SetString(ctx.ChainID(), 10)
+	if !ok {
+		return types.ErrInvalidChainID(fmt.Sprintf("invalid chainID: %s", ctx.ChainID())).Result()
+	}
+
+	// Validate sufficient fees have been provided that meet a minimum threshold
+	// defined by the proposer (for mempool purposes during CheckTx).
+	if res := ensureSufficientMempoolFees(ctx, ethTxMsg); !res.IsOK() {
+		return res
+	}
+
+	// validate sender/signature
+	signer, err := ethTxMsg.VerifySig(chainID)
+	if err != nil {
+		return sdk.ErrUnauthorized("signature verification failed").Result()
+	}
+
+	// validate account (nonce and balance checks)
+	if res := validateAccount(ctx, ak, ethTxMsg, signer); !res.IsOK() {
+		return res
+	}
+
+	// validate enough intrinsic gas
+	if res := validateIntrinsicGas(ethTxMsg); !res.IsOK() {
+		return res
+	}
+
+	return sdk.Result{}
+}
+
+// validateIntrinsicGas validates that the Ethereum tx message has enough to
+// cover intrinsic gas.
+func validateIntrinsicGas(ethTxMsg *evmtypes.EthereumTxMsg) sdk.Result {
+	gas, err := ethcore.IntrinsicGas(ethTxMsg.Data.Payload, ethTxMsg.To() == nil, false)
+	if err != nil {
+		return sdk.ErrInternal(fmt.Sprintf("failed to compute intrinsic gas cost: %s", err)).Result()
+	}
+
+	if ethTxMsg.Data.GasLimit < gas {
+		return sdk.ErrInternal(
+			fmt.Sprintf("intrinsic gas too low; %d < %d", ethTxMsg.Data.GasLimit, gas),
+		).Result()
+	}
+
+	return sdk.Result{}
+}
+
+// validateAccount validates the account nonce and that the account has enough
+// funds to cover the tx cost.
+func validateAccount(
+	ctx sdk.Context, ak auth.AccountKeeper, ethTxMsg *evmtypes.EthereumTxMsg, signer ethcmn.Address,
+) sdk.Result {
+
+	acc := ak.GetAccount(ctx, sdk.AccAddress(signer.Bytes()))
+
+	// on InitChain make sure account number == 0
+	if ctx.BlockHeight() == 0 && acc.GetAccountNumber() != 0 {
+		return sdk.ErrInternal(
+			fmt.Sprintf(
+				"invalid account number for height zero; got %d, expected 0", acc.GetAccountNumber(),
+			)).Result()
+	}
+
+	seq := acc.GetSequence()
+	if ethTxMsg.Data.AccountNonce < seq {
+		return sdk.ErrInvalidSequence(
+			fmt.Sprintf("nonce too low; got %d, expected >= %d", ethTxMsg.Data.AccountNonce, seq)).Result()
+	}
+
+	// validate sender has enough funds
+	balance := acc.GetCoins().AmountOf(types.DenomDefault)
+	if balance.BigInt().Cmp(ethTxMsg.Cost()) < 0 {
+		return sdk.ErrInsufficientFunds(
+			fmt.Sprintf("insufficient funds: %s < %s", balance, ethTxMsg.Cost()),
+		).Result()
+	}
+
+	return sdk.Result{}
+}
+
+// ensureSufficientMempoolFees verifies that enough fees have been provided by the
+// Ethereum transaction that meet the minimum threshold set by the block
+// proposer.
+//
+// NOTE: This should only be ran during a CheckTx mode.
+func ensureSufficientMempoolFees(ctx sdk.Context, ethTxMsg *evmtypes.EthereumTxMsg) sdk.Result {
+	// fee = GP * GL
+	feeAmt := new(big.Int).Mul(ethTxMsg.Data.Price, new(big.Int).SetUint64(ethTxMsg.Data.GasLimit))
+	fee := sdk.Coins{sdk.NewInt64Coin(types.DenomDefault, feeAmt.Int64())}
+
+	if !ctx.MinimumFees().IsZero() && !fee.IsAllGTE(ctx.MinimumFees()) {
+		// reject the transaction that does not meet the minimum fee
+		return sdk.ErrInsufficientFee(
+			fmt.Sprintf("insufficient fee, got: %q required: %q", fee, ctx.MinimumFees()),
+		).Result()
 	}
 
-	return nil, false
+	return sdk.Result{}
 }