Skip to content

Commit

Permalink
fix: remove timestamp from contracts (#1029)
Browse files Browse the repository at this point in the history
  • Loading branch information
frdomovic authored Dec 20, 2024
1 parent d7fcf9f commit ab1d7e7
Show file tree
Hide file tree
Showing 8 changed files with 1 addition and 215 deletions.
10 changes: 0 additions & 10 deletions contracts/icp/context-config/src/mutate.rs
Original file line number Diff line number Diff line change
Expand Up @@ -21,16 +21,6 @@ pub async fn mutate(signed_request: ICSigned<ICRequest>) -> Result<(), String> {
.parse(|r| *r.signer_id)
.map_err(|e| format!("Failed to verify signature: {}", e))?;

// Add debug logging
let current_time = ic_cdk::api::time() / 1_000_000;
let time_diff = current_time.saturating_sub(request.timestamp_ms);
if time_diff > 1000 * 5 {
return Err(format!(
"request expired: diff={}ms, current={}, request={}",
time_diff, current_time, request.timestamp_ms
));
}

match request.kind {
ICRequestKind::Context(ICContextRequest { context_id, kind }) => match kind {
ICContextRequestKind::Add {
Expand Down
136 changes: 1 addition & 135 deletions contracts/icp/context-config/tests/integration.rs
Original file line number Diff line number Diff line change
@@ -1,5 +1,3 @@
use std::time::{Duration, SystemTime, UNIX_EPOCH};

use calimero_context_config::icp::repr::ICRepr;
use calimero_context_config::icp::types::{
ICApplication, ICCapability, ICContextRequest, ICContextRequestKind, ICRequest, ICRequestKind,
Expand Down Expand Up @@ -43,13 +41,6 @@ fn create_signed_request(signer_key: &SigningKey, request: ICRequest) -> ICSigne
ICSigned::new(request, |bytes| signer_key.sign(bytes)).expect("Failed to create signed request")
}

fn get_time_nanos(pic: &PocketIc) -> u64 {
pic.get_time()
.duration_since(UNIX_EPOCH)
.expect("Time went backwards")
.as_nanos() as u64
}

fn handle_response(
response: Result<WasmResult, UserError>,
expected_success: bool,
Expand Down Expand Up @@ -87,13 +78,6 @@ fn test_proxy_management() {
let (pic, canister) = setup();
let mut rng = rand::thread_rng();

// Advance IC time
let current_nanos = SystemTime::now()
.duration_since(UNIX_EPOCH)
.unwrap()
.as_nanos() as u64;
pic.advance_time(Duration::from_nanos(current_nanos));

// Create test identities
let context_sk = SigningKey::from_bytes(&rng.gen());
let context_pk = context_sk.verifying_key();
Expand All @@ -119,7 +103,6 @@ fn test_proxy_management() {
},
}),
signer_id: context_id.rt().expect("infallible conversion"),
timestamp_ms: get_time_nanos(&pic),
nonce: 0,
};

Expand All @@ -141,7 +124,6 @@ fn test_proxy_management() {
kind: ICContextRequestKind::UpdateProxyContract,
}),
signer_id: bob_pk.rt().expect("infallible conversion"),
timestamp_ms: get_time_nanos(&pic),
nonce: 0,
};

Expand All @@ -161,7 +143,6 @@ fn test_proxy_management() {
kind: ICContextRequestKind::UpdateProxyContract,
}),
signer_id: (alice_pk.to_bytes().rt().expect("infallible conversion")),
timestamp_ms: get_time_nanos(&pic),
nonce: 0,
};

Expand All @@ -180,22 +161,12 @@ fn test_mutate_success_cases() {
let (pic, canister) = setup();
let mut rng = rand::thread_rng();

// Advance IC time to current time
let current_nanos = SystemTime::now()
.duration_since(UNIX_EPOCH)
.unwrap()
.as_nanos() as u64;
pic.advance_time(Duration::from_nanos(current_nanos));

// Create context keys and ID
let context_sk = SigningKey::from_bytes(&rng.gen());
let context_pk = context_sk.verifying_key();
let context_id = context_pk.rt().expect("infallible conversion");

// Get current IC time in nanoseconds
let current_time = get_time_nanos(&pic);

// Create the request with IC time in nanoseconds
// Create the request
let request = ICRequest {
kind: ICRequestKind::Context(ICContextRequest {
context_id,
Expand All @@ -211,7 +182,6 @@ fn test_mutate_success_cases() {
},
}),
signer_id: (context_id.as_bytes().rt().expect("infallible conversion")),
timestamp_ms: current_time,
nonce: 0,
};

Expand All @@ -230,13 +200,6 @@ fn test_member_management() {
let (pic, canister) = setup();
let mut rng = rand::thread_rng();

// Advance IC time
let current_nanos = SystemTime::now()
.duration_since(UNIX_EPOCH)
.unwrap()
.as_nanos() as u64;
pic.advance_time(Duration::from_nanos(current_nanos));

// Create test identities
let context_sk = SigningKey::from_bytes(&rng.gen());
let context_pk = context_sk.verifying_key();
Expand Down Expand Up @@ -266,7 +229,6 @@ fn test_member_management() {
},
}),
signer_id: (context_id.as_bytes().rt().expect("infallible conversion")),
timestamp_ms: get_time_nanos(&pic),
nonce: 0,
};

Expand All @@ -288,7 +250,6 @@ fn test_member_management() {
},
}),
signer_id: (alice_pk.rt().expect("infallible conversion")),
timestamp_ms: get_time_nanos(&pic),
nonce: 0,
};

Expand Down Expand Up @@ -333,7 +294,6 @@ fn test_member_management() {
},
}),
signer_id: (alice_pk.rt().expect("infallible conversion")),
timestamp_ms: get_time_nanos(&pic),
nonce: 0,
};

Expand Down Expand Up @@ -372,13 +332,6 @@ fn test_capability_management() {
let (pic, canister) = setup();
let mut rng = rand::thread_rng();

// Advance IC time
let current_nanos = SystemTime::now()
.duration_since(UNIX_EPOCH)
.unwrap()
.as_nanos() as u64;
pic.advance_time(Duration::from_nanos(current_nanos));

// Create test identities
let context_sk = SigningKey::from_bytes(&rng.gen());
let context_pk = context_sk.verifying_key();
Expand Down Expand Up @@ -408,7 +361,6 @@ fn test_capability_management() {
},
}),
signer_id: (context_id.as_bytes().rt().expect("infallible conversion")),
timestamp_ms: get_time_nanos(&pic),
nonce: 0,
};

Expand All @@ -430,7 +382,6 @@ fn test_capability_management() {
},
}),
signer_id: (alice_pk.to_bytes().rt().expect("infallible conversion")),
timestamp_ms: get_time_nanos(&pic),
nonce: 0,
};

Expand All @@ -452,7 +403,6 @@ fn test_capability_management() {
},
}),
signer_id: (alice_pk.to_bytes().rt().expect("infallible conversion")),
timestamp_ms: get_time_nanos(&pic),
nonce: 0,
};

Expand Down Expand Up @@ -494,7 +444,6 @@ fn test_capability_management() {
},
}),
signer_id: (alice_pk.to_bytes().rt().expect("infallible conversion")),
timestamp_ms: get_time_nanos(&pic),
nonce: 0,
};

Expand Down Expand Up @@ -530,13 +479,6 @@ fn test_application_update() {
let (pic, canister) = setup();
let mut rng = rand::thread_rng();

// Advance IC time
let current_nanos = SystemTime::now()
.duration_since(UNIX_EPOCH)
.unwrap()
.as_nanos() as u64;
pic.advance_time(Duration::from_nanos(current_nanos));

// Create test identities
let context_sk = SigningKey::from_bytes(&rng.gen());
let context_pk = context_sk.verifying_key();
Expand Down Expand Up @@ -570,7 +512,6 @@ fn test_application_update() {
},
}),
signer_id: (context_id.as_bytes().rt().expect("infallible conversion")),
timestamp_ms: get_time_nanos(&pic),
nonce: 0,
};

Expand Down Expand Up @@ -628,7 +569,6 @@ fn test_application_update() {
},
}),
signer_id: (bob_pk.to_bytes().rt().expect("infallible conversion")),
timestamp_ms: get_time_nanos(&pic),
nonce: 0,
};

Expand Down Expand Up @@ -681,7 +621,6 @@ fn test_application_update() {
},
}),
signer_id: (alice_pk.to_bytes().rt().expect("infallible conversion")),
timestamp_ms: get_time_nanos(&pic),
nonce: 0,
};

Expand Down Expand Up @@ -751,7 +690,6 @@ fn test_edge_cases() {
},
}),
signer_id: (context_id.as_bytes().rt().expect("infallible conversion")),
timestamp_ms: get_time_nanos(&pic),
nonce: 0,
};

Expand All @@ -771,7 +709,6 @@ fn test_edge_cases() {
kind: ICContextRequestKind::AddMembers { members: vec![] },
}),
signer_id: (alice_pk.to_bytes().rt().expect("infallible conversion")),
timestamp_ms: get_time_nanos(&pic),
nonce: 0,
};

Expand All @@ -794,7 +731,6 @@ fn test_edge_cases() {
},
}),
signer_id: (alice_pk.to_bytes().rt().expect("infallible conversion")),
timestamp_ms: get_time_nanos(&pic),
nonce: 0,
};

Expand Down Expand Up @@ -825,73 +761,6 @@ fn test_edge_cases() {
}
}

#[ignore = "we're deprecating timestamp checks, in favor of nonce checks"]
#[test]
fn test_timestamp_scenarios() {
let (pic, canister) = setup();
let mut rng = rand::thread_rng();

// Setup initial context
let context_sk = SigningKey::from_bytes(&rng.gen());
let context_pk = context_sk.verifying_key();
let context_id = context_pk.to_bytes().rt().expect("infallible conversion");
let alice_sk = SigningKey::from_bytes(&rng.gen());
let alice_pk = alice_sk.verifying_key();
let alice_id = alice_pk.to_bytes().rt().expect("infallible conversion");

// Create initial context with current timestamp
let current_time = get_time_nanos(&pic);
let create_request = ICRequest {
kind: ICRequestKind::Context(ICContextRequest {
context_id,
kind: ICContextRequestKind::Add {
author_id: alice_id,
application: ICApplication {
id: rng.gen::<[_; 32]>().rt().expect("infallible conversion"),
blob: rng.gen::<[_; 32]>().rt().expect("infallible conversion"),
size: 0,
source: String::new(),
metadata: vec![],
},
},
}),
signer_id: (context_id.as_bytes().rt().expect("infallible conversion")),
timestamp_ms: current_time,
nonce: 0,
};

let signed_request = create_signed_request(&context_sk, create_request);
let response = pic.update_call(
canister,
Principal::anonymous(),
"mutate",
candid::encode_one(signed_request).unwrap(),
);
handle_response(response, true, "Context creation");

// Try with expired timestamp (more than 5 seconds old)
let expired_request = ICRequest {
kind: ICRequestKind::Context(ICContextRequest {
context_id,
kind: ICContextRequestKind::AddMembers {
members: vec![rng.gen::<[_; 32]>().rt().expect("infallible conversion")],
},
}),
signer_id: (alice_pk.to_bytes().rt().expect("infallible conversion")),
timestamp_ms: current_time - 6_000_000_000, // 6 seconds ago
nonce: 0,
};

let signed_request = create_signed_request(&alice_sk, expired_request);
let response = pic.update_call(
canister,
Principal::anonymous(),
"mutate",
candid::encode_one(signed_request).unwrap(),
);
handle_response(response, false, "Expired timestamp request");
}

#[test]
fn test_concurrent_operations() {
let (pic, canister) = setup();
Expand Down Expand Up @@ -921,7 +790,6 @@ fn test_concurrent_operations() {
},
}),
signer_id: (context_id.as_bytes().rt().expect("infallible conversion")),
timestamp_ms: get_time_nanos(&pic),
nonce: 0,
};

Expand All @@ -935,7 +803,6 @@ fn test_concurrent_operations() {
.expect("Context creation should succeed");

// Create multiple member additions with same timestamp
let timestamp = get_time_nanos(&pic);
let mut requests = Vec::new();
for _ in 0..3 {
let new_member = rng.gen::<[_; 32]>().rt().expect("infallible conversion");
Expand All @@ -947,7 +814,6 @@ fn test_concurrent_operations() {
},
}),
signer_id: (alice_pk.to_bytes().rt().expect("infallible conversion")),
timestamp_ms: timestamp,
nonce: 0,
};
requests.push(create_signed_request(&alice_sk, request));
Expand Down
1 change: 0 additions & 1 deletion contracts/icp/context-proxy/src/query.rs
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,6 @@ pub fn get_proposal_approvals_with_signer(
.map(|signer_id| ICProposalApprovalWithSigner {
proposal_id: proposal_id.clone(),
signer_id: signer_id.clone(),
added_timestamp: 0, // TODO: We need to store approval timestamps
})
.collect()
} else {
Expand Down
Loading

0 comments on commit ab1d7e7

Please sign in to comment.