Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: zero value nonce is invalid #881

Merged
merged 6 commits into from
Jul 12, 2023
Merged

fix: zero value nonce is invalid #881

merged 6 commits into from
Jul 12, 2023

Conversation

bryanchriswhite
Copy link
Contributor

@bryanchriswhite bryanchriswhite commented Jul 5, 2023
edited by reviewpad bot
Loading

Description

Because 0 is the zero (default) value for uint64, if it is valid to be used as a nonce, it becomes difficult to distinguish the scenario where sender did not set a nonce from one where they explicitly set it to 0.

I'm not confident whether the ability to make this distinction matters now or has the potential to later but was following a feeling.

Summary generated by Reviewpad on 11 Jul 23 11:56 UTC

This pull request includes the following changes:

  • In the p2p/module.go file, the handlePocketEnvelope function now checks if poktEnvelope.Nonce is zero and returns an error if it is. The error message includes the hex-encoded nonce value.
  • In the p2p/module_test.go file, new test cases have been added to test the handling of an invalid nonce.
  • In the p2p/types/errors.go file, a new error variable ErrInvalidNonce has been added to represent an invalid nonce value.
  • In the shared/crypto/rand.go file, a check has been added to ensure that the generated nonce value is not zero. If it is zero, the function recursively calls itself to generate a new nonce.

Issue

N/A; observation made while working on #732.

Type of change

Please mark the relevant option(s):

  • New feature, functionality or library
  • Bug fix
  • Code health or cleanup
  • Major breaking change
  • Documentation
  • Other

List of changes

  • Adds ErrInvalidNonce P2P error type
  • Ensures the P2P message handler rejects the zero value Nonce (uint64(0)) is invalid
  • Ensures the GetNonce function never returns the zero value

Testing

  • make develop_test; if any code changes were made
  • make test_e2e on k8s LocalNet; if any code changes were made
  • e2e-devnet-test passes tests on DevNet; if any code was changed
  • Docker Compose LocalNet; if any major functionality was changed or introduced
  • k8s LocalNet; if any infrastructure or configuration changes were made

Required Checklist

  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have added, or updated, godoc format comments on touched members (see: tip.golang.org/doc/comment)
  • I have tested my changes using the available tooling
  • I have updated the corresponding CHANGELOG

If Applicable Checklist

  • I have updated the corresponding README(s); local and/or global
  • I have added tests that prove my fix is effective or that my feature works
  • I have added, or updated, mermaid.js diagrams in the corresponding README(s)
  • I have added, or updated, documentation and mermaid.js diagrams in shared/docs/* if I updated shared/*README(s)

@bryanchriswhite bryanchriswhite added core Core infrastructure - protocol related p2p P2P specific changes labels Jul 5, 2023
@bryanchriswhite bryanchriswhite self-assigned this Jul 5, 2023
@reviewpad reviewpad bot added the medium Pull request is medium label Jul 5, 2023
@bryanchriswhite bryanchriswhite requested a review from dylanlott July 5, 2023 09:21
dylanlott
dylanlott reviewed Jul 5, 2023
View reviewed changes
p2p/module.go
@@ -374,6 +374,14 @@ func (m *p2pModule) handlePocketEnvelope(pocketEnvelopeBz []byte) error {
return fmt.Errorf("decoding network message: %w", err)
}

if poktEnvelope.Nonce == 0 {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤝 🙌

dylanlott
dylanlott reviewed Jul 5, 2023
View reviewed changes
shared/crypto/rand.go
@@ -21,6 +21,11 @@ func GetNonce() uint64 {
rand.Seed(time.Now().UTC().UnixNano()) //nolint:staticcheck // G404 - Weak random source is okay in unit tests
return rand.Uint64() //nolint:gosec // G404 - Weak source of random here is fallback
}

// 0 is an invalid value
if bigNonce.Uint64() == 0 {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@bryanchriswhite bryanchriswhite marked this pull request as ready for review July 6, 2023 06:30
@bryanchriswhite bryanchriswhite requested a review from Olshansk July 6, 2023 06:30
Olshansk
Olshansk requested changes Jul 6, 2023
View reviewed changes
p2p/module_test.go Show resolved Hide resolved
@bryanchriswhite
Merge remote-tracking branch 'pokt/main' into fix/zero-value-nonce
7aced4e 
* pokt/main:
  [P2P] Integrate background router (#732)
  Update main README.md
  [Bug] Fix CI linter errors (#885)
  [Tooling] Block `IN_THIS_*` comments from passing CI (#889)
  [Utility] Update E2E feature path template doc (#870)
  [IBC] Add nil check on proof for membership and non-membership proof creation (#877)
  Added git diff state to devlog10
  Devlog 10 (#872)
@bryanchriswhite
test: add zero value case
0d2f1a0
@bryanchriswhite
Merge remote-tracking branch 'pokt/main' into fix/zero-value-nonce
ca9c5e0 
* pokt/main:
  chore: introduce `Submodule` interface (#855)
@bryanchriswhite
fix: gofmt
7cebe81
@bryanchriswhite bryanchriswhite requested a review from Olshansk July 11, 2023 12:18
@bryanchriswhite bryanchriswhite merged commit 021d90f into main Jul 12, 2023
@bryanchriswhite bryanchriswhite deleted the fix/zero-value-nonce branch July 12, 2023 07:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dylanlott dylanlott dylanlott left review comments

@Olshansk Olshansk Olshansk approved these changes

Assignees

@bryanchriswhite bryanchriswhite

Labels
core Core infrastructure - protocol related medium Pull request is medium p2p P2P specific changes waiting-for-review
Projects
V1 Dashboard
Status: Done
Milestone
M1: Pocket PoS (Proof of Stake)
Development

Successfully merging this pull request may close these issues.
3 participants
@bryanchriswhite @Olshansk @dylanlott