[TrafficControl] Handle invalid client sig on rpc node

MystenLabs · Aug 13, 2024 · db9a166 · db9a166
1 parent c5766bc
commit db9a166
Show file tree

Hide file tree

Showing 3 changed files with 62 additions and 1 deletion.
diff --git a/crates/sui-core/src/authority_server.rs b/crates/sui-core/src/authority_server.rs
@@ -1083,7 +1083,7 @@ fn make_tonic_request_for_testing<T>(message: T) -> tonic::Request<T> {
 
 // TODO: refine error matching here
 fn normalize(err: SuiError) -> Weight {
- match dbg!(err) {
+ match err {
  SuiError::UserInputError { .. }
  | SuiError::InvalidSignature { .. }
  | SuiError::SignerSignatureAbsent { .. }

diff --git a/crates/sui-e2e-tests/tests/traffic_control_tests.rs b/crates/sui-e2e-tests/tests/traffic_control_tests.rs
@@ -5,6 +5,7 @@
 //! they should nearly all be tokio::test rather than simtest.
 
 use core::panic;
+use fastcrypto::encoding::Base64;
 use jsonrpsee::{
  core::{client::ClientT, RpcResult},
  rpc_params,
@@ -316,6 +317,63 @@ async fn test_fullnode_traffic_control_spam_blocked() -> Result<(), anyhow::Erro
  panic!("Expected spam policy to trigger within {txn_count} requests");
 }
 
+#[tokio::test]
+async fn test_fullnode_traffic_control_error_blocked() -> Result<(), anyhow::Error> {
+ let txn_count = 5;
+ let policy_config = PolicyConfig {
+ connection_blocklist_ttl_sec: 3,
+ error_policy_type: PolicyType::TestNConnIP(txn_count - 1),
+ dry_run: false,
+ ..Default::default()
+ };
+ let test_cluster = TestClusterBuilder::new()
+ .with_fullnode_policy_config(Some(policy_config))
+ .build()
+ .await;
+
+ let jsonrpc_client = &test_cluster.fullnode_handle.rpc_client;
+ let context = test_cluster.wallet;
+
+ let mut txns = batch_make_transfer_transactions(&context, txn_count as usize).await;
+ assert!(
+ txns.len() >= txn_count as usize,
+ "Expect at least {} txns. Do we generate enough gas objects during genesis?",
+ txn_count,
+ );
+
+ // it should take no more than 4 requests to be added to the blocklist
+ for _ in 0..txn_count {
+ let txn = txns.swap_remove(0);
+ let tx_digest = txn.digest();
+ let (tx_bytes, _signatures) = txn.to_tx_bytes_and_signatures();
+ // create invalid (empty) client signature
+ let signatures: Vec<Base64> = vec![];
+ let params = rpc_params![
+ tx_bytes,
+ signatures,
+ SuiTransactionBlockResponseOptions::new(),
+ ExecuteTransactionRequestType::WaitForLocalExecution
+ ];
+ let response: RpcResult<SuiTransactionBlockResponse> = jsonrpc_client
+ .request("sui_executeTransactionBlock", params.clone())
+ .await;
+ if let Err(err) = response {
+ if err.to_string().contains("Too many requests") {
+ return Ok(());
+ }
+ } else {
+ let SuiTransactionBlockResponse {
+ digest,
+ confirmed_local_execution,
+ ..
+ } = response.unwrap();
+ assert_eq!(&digest, tx_digest);
+ assert!(confirmed_local_execution.unwrap());
+ }
+ }
+ panic!("Expected spam policy to trigger within {txn_count} requests");
+}
+
 #[tokio::test]
 async fn test_validator_traffic_control_error_delegated() -> Result<(), anyhow::Error> {
  let n = 5;

diff --git a/crates/sui-json-rpc/src/axum_router.rs b/crates/sui-json-rpc/src/axum_router.rs
@@ -24,6 +24,7 @@ use serde_json::value::RawValue;
 use sui_core::traffic_controller::{
  metrics::TrafficControllerMetrics, policies::TrafficTally, TrafficController,
 };
+use sui_json_rpc_api::TRANSACTION_EXECUTION_CLIENT_ERROR_CODE;
 use sui_types::traffic_control::ClientIdSource;
 use sui_types::traffic_control::{PolicyConfig, Weight};
 use tracing::error;
@@ -278,6 +279,8 @@ fn handle_traffic_resp(
 fn normalize(err: ErrorCode) -> Weight {
  match err {
  ErrorCode::InvalidRequest | ErrorCode::InvalidParams => Weight::one(),
+ // e.g. invalid client signature
+ ErrorCode::ServerError(i) if i == TRANSACTION_EXECUTION_CLIENT_ERROR_CODE => Weight::one(),
  _ => Weight::zero(),
  }
 }