github.com/bloxroute-labs/bor@v0.1.4/signer/fourbyte/validation.go (about) 1 // Copyright 2018 The go-ethereum Authors 2 // This file is part of go-ethereum. 3 // 4 // go-ethereum is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // go-ethereum is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU General Public License for more details. 13 // 14 // You should have received a copy of the GNU General Public License 15 // along with go-ethereum. If not, see <http://www.gnu.org/licenses/>. 16 17 package fourbyte 18 19 import ( 20 "bytes" 21 "errors" 22 "fmt" 23 "math/big" 24 25 "github.com/maticnetwork/bor/common" 26 "github.com/maticnetwork/bor/signer/core" 27 ) 28 29 // ValidateTransaction does a number of checks on the supplied transaction, and 30 // returns either a list of warnings, or an error (indicating that the transaction 31 // should be immediately rejected). 32 func (db *Database) ValidateTransaction(selector *string, tx *core.SendTxArgs) (*core.ValidationMessages, error) { 33 messages := new(core.ValidationMessages) 34 35 // Prevent accidental erroneous usage of both 'input' and 'data' (show stopper) 36 if tx.Data != nil && tx.Input != nil && !bytes.Equal(*tx.Data, *tx.Input) { 37 return nil, errors.New(`ambiguous request: both "data" and "input" are set and are not identical`) 38 } 39 // Place data on 'data', and nil 'input' 40 var data []byte 41 if tx.Input != nil { 42 tx.Data = tx.Input 43 tx.Input = nil 44 } 45 if tx.Data != nil { 46 data = *tx.Data 47 } 48 // Contract creation doesn't validate call data, handle first 49 if tx.To == nil { 50 // Contract creation should contain sufficient data to deploy a contract. A 51 // typical error is omitting sender due to some quirk in the javascript call 52 // e.g. https://github.com/maticnetwork/bor/issues/16106. 53 if len(data) == 0 { 54 // Prevent sending ether into black hole (show stopper) 55 if tx.Value.ToInt().Cmp(big.NewInt(0)) > 0 { 56 return nil, errors.New("tx will create contract with value but empty code") 57 } 58 // No value submitted at least, critically Warn, but don't blow up 59 messages.Crit("Transaction will create contract with empty code") 60 } else if len(data) < 40 { // arbitrary heuristic limit 61 messages.Warn(fmt.Sprintf("Transaction will create contract, but payload is suspiciously small (%d bytes)", len(data))) 62 } 63 // Method selector should be nil for contract creation 64 if selector != nil { 65 messages.Warn("Transaction will create contract, but method selector supplied, indicating intent to call a method") 66 } 67 return messages, nil 68 } 69 // Not a contract creation, validate as a plain transaction 70 if !tx.To.ValidChecksum() { 71 messages.Warn("Invalid checksum on recipient address") 72 } 73 if bytes.Equal(tx.To.Address().Bytes(), common.Address{}.Bytes()) { 74 messages.Crit("Transaction recipient is the zero address") 75 } 76 // Semantic fields validated, try to make heads or tails of the call data 77 db.validateCallData(selector, data, messages) 78 return messages, nil 79 } 80 81 // validateCallData checks if the ABI call-data + method selector (if given) can 82 // be parsed and seems to match. 83 func (db *Database) validateCallData(selector *string, data []byte, messages *core.ValidationMessages) { 84 // If the data is empty, we have a plain value transfer, nothing more to do 85 if len(data) == 0 { 86 return 87 } 88 // Validate the call data that it has the 4byte prefix and the rest divisible by 32 bytes 89 if len(data) < 4 { 90 messages.Warn("Transaction data is not valid ABI (missing the 4 byte call prefix)") 91 return 92 } 93 if n := len(data) - 4; n%32 != 0 { 94 messages.Warn(fmt.Sprintf("Transaction data is not valid ABI (length should be a multiple of 32 (was %d))", n)) 95 } 96 // If a custom method selector was provided, validate with that 97 if selector != nil { 98 if info, err := verifySelector(*selector, data); err != nil { 99 messages.Warn(fmt.Sprintf("Transaction contains data, but provided ABI signature could not be matched: %v", err)) 100 } else { 101 messages.Info(info.String()) 102 db.AddSelector(*selector, data[:4]) 103 } 104 return 105 } 106 // No method selector was provided, check the database for embedded ones 107 embedded, err := db.Selector(data[:4]) 108 if err != nil { 109 messages.Warn(fmt.Sprintf("Transaction contains data, but the ABI signature could not be found: %v", err)) 110 return 111 } 112 if info, err := verifySelector(embedded, data); err != nil { 113 messages.Warn(fmt.Sprintf("Transaction contains data, but provided ABI signature could not be varified: %v", err)) 114 } else { 115 messages.Info(info.String()) 116 } 117 }