Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

remove nonce removal leftovers #5

Merged
merged 1 commit into from
Nov 3, 2024
Merged

remove nonce removal leftovers #5

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 0 additions & 8 deletions cmd/wavelet/events.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,6 @@ func setEvents(c *wctl.Client) (func(), error) {
c.OnGasBalanceUpdated = onGasBalanceUpdated
c.OnStakeUpdated = onStakeUpdated
c.OnRewardUpdated = onRewardUpdate
c.OnNonceUpdated = onNonceUpdated

if err := addToCloser(&toClose)(c.PollAccounts()); err != nil {
return cleanup, err
Comment on lines 46 to 47
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The error handling in this block is straightforward but could be enhanced by providing more context-specific error messages or handling specific error types differently. This would improve the maintainability and debuggability of the code.

Suggested Improvement:
Consider enhancing the error handling by checking for specific error types and handling them accordingly. This could involve retrying the operation, logging additional details, or taking other corrective actions based on the nature of the error.

Expand Down Expand Up @@ -169,13 +168,6 @@ func onRewardUpdate(u wctl.RewardUpdated) {
Msg("Reward updated.")
}

func onNonceUpdated(u wctl.NonceUpdated) {
logger.Info().
Hex("public_key", u.AccountID[:]).
Uint64("nonce", u.Nonce).
Msg("Nonce updated.")
}

func onPeerJoin(u wctl.PeerJoin) {
logger.Info().
Hex("public_key", u.AccountID[:]).
Comment on lines 172 to 173
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The logging in this function uses structured logging, which is good for clarity and consistency. However, care must be taken to ensure that sensitive information is not logged, and that the logging mechanism is secure against injection attacks.

Suggested Improvement:
Review the logged information to ensure that no sensitive data is exposed. Additionally, consider implementing safeguards against log injection, such as sanitizing inputs that are logged.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Micro-Learning Topic: Injection attack (Detected by phrase)

Matched on "injection attack"

Injection flaws, such as SQL, NoSQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization. Source: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

Try a challenge in Secure Code Warrior

Helpful references

Micro-Learning Topic: Log injection (Detected by phrase)

Matched on "log injection"

What is this? (2min video)

The Log Forging vulnerability is caused by writing unvalidated user input to log files can allow an attacker to forge log entries or inject malicious content into the logs.

Try a challenge in Secure Code Warrior

Helpful references
  • OWASP Log Forging - OWASP community page with comprehensive information about log forging, and links to various OWASP resources to help detect or prevent it.

Expand Down
2 changes: 0 additions & 2 deletions collapse.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -131,7 +131,6 @@ type CollapseContext struct {
balances map[AccountID]uint64
stakes map[AccountID]uint64
rewards map[AccountID]uint64
nonces map[AccountID]uint64
contracts map[TransactionID][]byte
contractGasBalances map[TransactionID]uint64
contractVMs map[AccountID]*VMState
Expand Down Expand Up @@ -160,7 +159,6 @@ func (c *CollapseContext) init() {
c.balances = make(map[AccountID]uint64)
c.stakes = make(map[AccountID]uint64)
c.rewards = make(map[AccountID]uint64)
c.nonces = make(map[AccountID]uint64)
c.contracts = make(map[TransactionID][]byte)
c.contractGasBalances = make(map[TransactionID]uint64)
c.contractVMs = make(map[AccountID]*VMState)
Comment on lines 159 to 164
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggestion: Optimize Memory Usage by Specifying Initial Map Capacities

When initializing maps in the init method, consider specifying an initial capacity if the expected number of entries is known or can be estimated. This can help in optimizing memory allocation and potentially improving the performance of the operations involving these maps.

For example, if you expect the number of accounts to not exceed 1000 initially, you could initialize the balances map as follows:

c.balances = make(map[AccountID]uint64, 1000)

This change could prevent frequent reallocations as the map grows, leading to more efficient memory usage.

Expand Down
13 changes: 1 addition & 12 deletions site/docs/transactions.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,17 +47,6 @@ Upon the creation of a transaction, the transaction creator would sign the tag,
would play the role of being the transactions sender. The sender would then assign consensus-related information to the transaction, sign the entirety of
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nitpick (documentation): Add missing apostrophe in 'transactions sender'

the transaction, and broadcast it out to the network to be verified and finalized by other Wavelet nodes.

## Replay Attacks

A nonce is associated to each and every Wavelet account. A nonce is an incremental, ascending counter that gets incremented every single time a transaction
that was created by some given account gets finalized and apply to the ledgers state.

The nonce is used to prevent replay attacks, where after an account creates a transaction, there may exist a possibility that several nodes may attempt
to re-sign the transaction such that the transaction may operate and be applied on the ledger indefinite amounts of times.

By attaching a nonce counter, once a single instance of some accounts transaction gets finalized, no other node may re-sign and re-broadcast the transaction
to cause a replay attack.

## Binary Format

Transactions are encoded using a simple binary encoding scheme, where all integers are little-endian encoded, and all variable-sized arrays are
Expand All @@ -70,7 +59,7 @@ The current binary format of a Wavelet transaction is denoted as follows:
| Flag | A single byte that is 1 if the Creator Account ID is the same as the Sender Account ID, and is 0 otherwise. |
| Sender Account ID | 256-bit wallet address/public key. |
| Creator Account ID | 256-bit wallet address/public key. |
| Nonce | Latest nonce value of the creators account, denoted as an unsigned 64-bit little-endian integer. |
| Nonce | Unique value, denoted as an unsigned 64-bit little-endian integer. |
| Parent IDs | Length-prefixed array of 256-bit transaction IDs; assigned by the transactions sender. |
| Parent Seeds | Array of 256-bit transaction seeds, with the same length as the Parent IDs field and therefore not length-prefixed; must correspond to the transactions specified by Parent IDs. |
| Depth | Unsigned 64-bit little-endian integer; assigned by the transactions sender. |
Expand Down
2 changes: 1 addition & 1 deletion vote_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -533,4 +533,4 @@ func TestCollectVotesForSync(t *testing.T) {

assert.False(t, snowball.Decided())
})
}
}
1 change: 0 additions & 1 deletion wctl/wctl.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,6 @@ type Client struct {
OnNumPagesUpdated
OnStakeUpdated
OnRewardUpdated
OnNonceUpdated

// Network
OnPeerJoin
Comment on lines 104 to 109
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The callback fields defined in the Client struct (lines 104-109) are not explicitly typed, which could lead to runtime errors if incorrect functions are assigned. It is recommended to define these callbacks with specific function signatures or use interface types to ensure type safety and clarity. For example:

type PeerEventHandler func(peerID string) error

OnPeerJoin PeerEventHandler
OnPeerLeave PeerEventHandler

This change would make the code more robust by enforcing the correct type of function to be assigned to each callback, reducing the risk of runtime errors.

Comment on lines 104 to 109
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The callbacks defined (e.g., OnNumPagesUpdated, OnStakeUpdated) do not include mechanisms for error handling. In a networked or blockchain context, where these callbacks might handle critical updates, it's important to implement error handling to maintain system stability. Consider modifying the callback definitions to include error returns, which can then be handled appropriately. For example:

type UpdateHandler func() error

OnNumPagesUpdated UpdateHandler
OnStakeUpdated UpdateHandler

This modification ensures that errors are not silently ignored and are handled appropriately, enhancing the reliability of the system.

Expand Down
7 changes: 0 additions & 7 deletions wctl/ws_callbacks.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,13 +43,6 @@ type (
Time time.Time `json:"time"`
}
OnRewardUpdated = func(RewardUpdated)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The OnRewardUpdated function type does not include error handling capabilities. In event-driven programming, it's crucial to manage errors effectively to ensure system stability and prevent crashes. Recommendation: Modify the OnRewardUpdated function type to include an error return value, allowing the callback to communicate any issues encountered during execution.

Example:

OnRewardUpdated = func(RewardUpdated) error


NonceUpdated struct {
AccountID [32]byte `json:"account_id"`
Nonce uint64 `json:"nonce"`
Time time.Time `json:"time"`
}
OnNonceUpdated = func(NonceUpdated)
)

// Mod: network
Expand Down