diff --git a/contracts/icp/context-config/src/mutate.rs b/contracts/icp/context-config/src/mutate.rs index 910017621..10f8357ca 100644 --- a/contracts/icp/context-config/src/mutate.rs +++ b/contracts/icp/context-config/src/mutate.rs @@ -21,16 +21,6 @@ pub async fn mutate(signed_request: ICSigned) -> Result<(), String> { .parse(|r| *r.signer_id) .map_err(|e| format!("Failed to verify signature: {}", e))?; - // Add debug logging - let current_time = ic_cdk::api::time() / 1_000_000; - let time_diff = current_time.saturating_sub(request.timestamp_ms); - if time_diff > 1000 * 5 { - return Err(format!( - "request expired: diff={}ms, current={}, request={}", - time_diff, current_time, request.timestamp_ms - )); - } - match request.kind { ICRequestKind::Context(ICContextRequest { context_id, kind }) => match kind { ICContextRequestKind::Add { diff --git a/contracts/icp/context-config/tests/integration.rs b/contracts/icp/context-config/tests/integration.rs index 4aee2827d..dbd7f5134 100644 --- a/contracts/icp/context-config/tests/integration.rs +++ b/contracts/icp/context-config/tests/integration.rs @@ -1,5 +1,3 @@ -use std::time::{Duration, SystemTime, UNIX_EPOCH}; - use calimero_context_config::icp::repr::ICRepr; use calimero_context_config::icp::types::{ ICApplication, ICCapability, ICContextRequest, ICContextRequestKind, ICRequest, ICRequestKind, @@ -43,13 +41,6 @@ fn create_signed_request(signer_key: &SigningKey, request: ICRequest) -> ICSigne ICSigned::new(request, |bytes| signer_key.sign(bytes)).expect("Failed to create signed request") } -fn get_time_nanos(pic: &PocketIc) -> u64 { - pic.get_time() - .duration_since(UNIX_EPOCH) - .expect("Time went backwards") - .as_nanos() as u64 -} - fn handle_response( response: Result, expected_success: bool, @@ -87,13 +78,6 @@ fn test_proxy_management() { let (pic, canister) = setup(); let mut rng = rand::thread_rng(); - // Advance IC time - let current_nanos = SystemTime::now() - .duration_since(UNIX_EPOCH) - .unwrap() - .as_nanos() as u64; - pic.advance_time(Duration::from_nanos(current_nanos)); - // Create test identities let context_sk = SigningKey::from_bytes(&rng.gen()); let context_pk = context_sk.verifying_key(); @@ -119,7 +103,6 @@ fn test_proxy_management() { }, }), signer_id: context_id.rt().expect("infallible conversion"), - timestamp_ms: get_time_nanos(&pic), nonce: 0, }; @@ -141,7 +124,6 @@ fn test_proxy_management() { kind: ICContextRequestKind::UpdateProxyContract, }), signer_id: bob_pk.rt().expect("infallible conversion"), - timestamp_ms: get_time_nanos(&pic), nonce: 0, }; @@ -161,7 +143,6 @@ fn test_proxy_management() { kind: ICContextRequestKind::UpdateProxyContract, }), signer_id: (alice_pk.to_bytes().rt().expect("infallible conversion")), - timestamp_ms: get_time_nanos(&pic), nonce: 0, }; @@ -180,22 +161,12 @@ fn test_mutate_success_cases() { let (pic, canister) = setup(); let mut rng = rand::thread_rng(); - // Advance IC time to current time - let current_nanos = SystemTime::now() - .duration_since(UNIX_EPOCH) - .unwrap() - .as_nanos() as u64; - pic.advance_time(Duration::from_nanos(current_nanos)); - // Create context keys and ID let context_sk = SigningKey::from_bytes(&rng.gen()); let context_pk = context_sk.verifying_key(); let context_id = context_pk.rt().expect("infallible conversion"); - // Get current IC time in nanoseconds - let current_time = get_time_nanos(&pic); - - // Create the request with IC time in nanoseconds + // Create the request let request = ICRequest { kind: ICRequestKind::Context(ICContextRequest { context_id, @@ -211,7 +182,6 @@ fn test_mutate_success_cases() { }, }), signer_id: (context_id.as_bytes().rt().expect("infallible conversion")), - timestamp_ms: current_time, nonce: 0, }; @@ -230,13 +200,6 @@ fn test_member_management() { let (pic, canister) = setup(); let mut rng = rand::thread_rng(); - // Advance IC time - let current_nanos = SystemTime::now() - .duration_since(UNIX_EPOCH) - .unwrap() - .as_nanos() as u64; - pic.advance_time(Duration::from_nanos(current_nanos)); - // Create test identities let context_sk = SigningKey::from_bytes(&rng.gen()); let context_pk = context_sk.verifying_key(); @@ -266,7 +229,6 @@ fn test_member_management() { }, }), signer_id: (context_id.as_bytes().rt().expect("infallible conversion")), - timestamp_ms: get_time_nanos(&pic), nonce: 0, }; @@ -288,7 +250,6 @@ fn test_member_management() { }, }), signer_id: (alice_pk.rt().expect("infallible conversion")), - timestamp_ms: get_time_nanos(&pic), nonce: 0, }; @@ -333,7 +294,6 @@ fn test_member_management() { }, }), signer_id: (alice_pk.rt().expect("infallible conversion")), - timestamp_ms: get_time_nanos(&pic), nonce: 0, }; @@ -372,13 +332,6 @@ fn test_capability_management() { let (pic, canister) = setup(); let mut rng = rand::thread_rng(); - // Advance IC time - let current_nanos = SystemTime::now() - .duration_since(UNIX_EPOCH) - .unwrap() - .as_nanos() as u64; - pic.advance_time(Duration::from_nanos(current_nanos)); - // Create test identities let context_sk = SigningKey::from_bytes(&rng.gen()); let context_pk = context_sk.verifying_key(); @@ -408,7 +361,6 @@ fn test_capability_management() { }, }), signer_id: (context_id.as_bytes().rt().expect("infallible conversion")), - timestamp_ms: get_time_nanos(&pic), nonce: 0, }; @@ -430,7 +382,6 @@ fn test_capability_management() { }, }), signer_id: (alice_pk.to_bytes().rt().expect("infallible conversion")), - timestamp_ms: get_time_nanos(&pic), nonce: 0, }; @@ -452,7 +403,6 @@ fn test_capability_management() { }, }), signer_id: (alice_pk.to_bytes().rt().expect("infallible conversion")), - timestamp_ms: get_time_nanos(&pic), nonce: 0, }; @@ -494,7 +444,6 @@ fn test_capability_management() { }, }), signer_id: (alice_pk.to_bytes().rt().expect("infallible conversion")), - timestamp_ms: get_time_nanos(&pic), nonce: 0, }; @@ -530,13 +479,6 @@ fn test_application_update() { let (pic, canister) = setup(); let mut rng = rand::thread_rng(); - // Advance IC time - let current_nanos = SystemTime::now() - .duration_since(UNIX_EPOCH) - .unwrap() - .as_nanos() as u64; - pic.advance_time(Duration::from_nanos(current_nanos)); - // Create test identities let context_sk = SigningKey::from_bytes(&rng.gen()); let context_pk = context_sk.verifying_key(); @@ -570,7 +512,6 @@ fn test_application_update() { }, }), signer_id: (context_id.as_bytes().rt().expect("infallible conversion")), - timestamp_ms: get_time_nanos(&pic), nonce: 0, }; @@ -628,7 +569,6 @@ fn test_application_update() { }, }), signer_id: (bob_pk.to_bytes().rt().expect("infallible conversion")), - timestamp_ms: get_time_nanos(&pic), nonce: 0, }; @@ -681,7 +621,6 @@ fn test_application_update() { }, }), signer_id: (alice_pk.to_bytes().rt().expect("infallible conversion")), - timestamp_ms: get_time_nanos(&pic), nonce: 0, }; @@ -751,7 +690,6 @@ fn test_edge_cases() { }, }), signer_id: (context_id.as_bytes().rt().expect("infallible conversion")), - timestamp_ms: get_time_nanos(&pic), nonce: 0, }; @@ -771,7 +709,6 @@ fn test_edge_cases() { kind: ICContextRequestKind::AddMembers { members: vec![] }, }), signer_id: (alice_pk.to_bytes().rt().expect("infallible conversion")), - timestamp_ms: get_time_nanos(&pic), nonce: 0, }; @@ -794,7 +731,6 @@ fn test_edge_cases() { }, }), signer_id: (alice_pk.to_bytes().rt().expect("infallible conversion")), - timestamp_ms: get_time_nanos(&pic), nonce: 0, }; @@ -825,73 +761,6 @@ fn test_edge_cases() { } } -#[ignore = "we're deprecating timestamp checks, in favor of nonce checks"] -#[test] -fn test_timestamp_scenarios() { - let (pic, canister) = setup(); - let mut rng = rand::thread_rng(); - - // Setup initial context - let context_sk = SigningKey::from_bytes(&rng.gen()); - let context_pk = context_sk.verifying_key(); - let context_id = context_pk.to_bytes().rt().expect("infallible conversion"); - let alice_sk = SigningKey::from_bytes(&rng.gen()); - let alice_pk = alice_sk.verifying_key(); - let alice_id = alice_pk.to_bytes().rt().expect("infallible conversion"); - - // Create initial context with current timestamp - let current_time = get_time_nanos(&pic); - let create_request = ICRequest { - kind: ICRequestKind::Context(ICContextRequest { - context_id, - kind: ICContextRequestKind::Add { - author_id: alice_id, - application: ICApplication { - id: rng.gen::<[_; 32]>().rt().expect("infallible conversion"), - blob: rng.gen::<[_; 32]>().rt().expect("infallible conversion"), - size: 0, - source: String::new(), - metadata: vec![], - }, - }, - }), - signer_id: (context_id.as_bytes().rt().expect("infallible conversion")), - timestamp_ms: current_time, - nonce: 0, - }; - - let signed_request = create_signed_request(&context_sk, create_request); - let response = pic.update_call( - canister, - Principal::anonymous(), - "mutate", - candid::encode_one(signed_request).unwrap(), - ); - handle_response(response, true, "Context creation"); - - // Try with expired timestamp (more than 5 seconds old) - let expired_request = ICRequest { - kind: ICRequestKind::Context(ICContextRequest { - context_id, - kind: ICContextRequestKind::AddMembers { - members: vec![rng.gen::<[_; 32]>().rt().expect("infallible conversion")], - }, - }), - signer_id: (alice_pk.to_bytes().rt().expect("infallible conversion")), - timestamp_ms: current_time - 6_000_000_000, // 6 seconds ago - nonce: 0, - }; - - let signed_request = create_signed_request(&alice_sk, expired_request); - let response = pic.update_call( - canister, - Principal::anonymous(), - "mutate", - candid::encode_one(signed_request).unwrap(), - ); - handle_response(response, false, "Expired timestamp request"); -} - #[test] fn test_concurrent_operations() { let (pic, canister) = setup(); @@ -921,7 +790,6 @@ fn test_concurrent_operations() { }, }), signer_id: (context_id.as_bytes().rt().expect("infallible conversion")), - timestamp_ms: get_time_nanos(&pic), nonce: 0, }; @@ -935,7 +803,6 @@ fn test_concurrent_operations() { .expect("Context creation should succeed"); // Create multiple member additions with same timestamp - let timestamp = get_time_nanos(&pic); let mut requests = Vec::new(); for _ in 0..3 { let new_member = rng.gen::<[_; 32]>().rt().expect("infallible conversion"); @@ -947,7 +814,6 @@ fn test_concurrent_operations() { }, }), signer_id: (alice_pk.to_bytes().rt().expect("infallible conversion")), - timestamp_ms: timestamp, nonce: 0, }; requests.push(create_signed_request(&alice_sk, request)); diff --git a/contracts/icp/context-proxy/src/query.rs b/contracts/icp/context-proxy/src/query.rs index eb644b9b9..ff2c36912 100644 --- a/contracts/icp/context-proxy/src/query.rs +++ b/contracts/icp/context-proxy/src/query.rs @@ -72,7 +72,6 @@ pub fn get_proposal_approvals_with_signer( .map(|signer_id| ICProposalApprovalWithSigner { proposal_id: proposal_id.clone(), signer_id: signer_id.clone(), - added_timestamp: 0, // TODO: We need to store approval timestamps }) .collect() } else { diff --git a/contracts/icp/context-proxy/tests/integration.rs b/contracts/icp/context-proxy/tests/integration.rs index d7f74f21d..0f553b3a3 100644 --- a/contracts/icp/context-proxy/tests/integration.rs +++ b/contracts/icp/context-proxy/tests/integration.rs @@ -1,5 +1,4 @@ use std::cell::RefCell; -use std::time::UNIX_EPOCH; use calimero_context_config::icp::repr::ICRepr; use calimero_context_config::icp::types::{ @@ -37,13 +36,6 @@ fn create_signed_context_request( ICSigned::new(request, |bytes| signer_key.sign(bytes)).expect("Failed to create signed request") } -fn get_time_nanos(pic: &PocketIc) -> u64 { - pic.get_time() - .duration_since(UNIX_EPOCH) - .expect("Time went backwards") - .as_nanos() as u64 -} - // Helper function to create a proposal and verify response fn create_and_verify_proposal( pic: &PocketIc, @@ -196,7 +188,6 @@ fn create_context_with_proxy( }, }), signer_id: context_id.rt().expect("infallible conversion"), - timestamp_ms: get_time_nanos(pic), nonce: 0, }; @@ -254,7 +245,6 @@ fn add_members_to_context( kind: ICContextRequestKind::AddMembers { members }, }), signer_id: author_pk.rt().expect("infallible conversion"), - timestamp_ms: get_time_nanos(pic), nonce: 0, }; @@ -346,7 +336,6 @@ fn test_update_proxy_contract() { kind: ICContextRequestKind::UpdateProxyContract, }), signer_id: author_pk.rt().expect("infallible conversion"), - timestamp_ms: get_time_nanos(&pic), nonce: 0, }; @@ -639,7 +628,6 @@ fn test_approve_own_proposal() { let approval = ICProposalApprovalWithSigner { signer_id: author_id, proposal_id, - added_timestamp: get_time_nanos(&pic), }; let request = ICProxyMutateRequest::Approve { approval }; @@ -683,7 +671,6 @@ fn test_approve_non_existent_proposal() { let approval = ICProposalApprovalWithSigner { signer_id, proposal_id, - added_timestamp: get_time_nanos(&pic), }; let request = ICProxyMutateRequest::Approve { approval }; @@ -878,7 +865,6 @@ fn test_proposal_execution_transfer() { let approval = ICProposalApprovalWithSigner { signer_id, proposal_id, - added_timestamp: get_time_nanos(&pic), }; let request = ICProxyMutateRequest::Approve { approval }; @@ -1023,7 +1009,6 @@ fn test_proposal_execution_external_call() { let approval = ICProposalApprovalWithSigner { signer_id, proposal_id, - added_timestamp: get_time_nanos(&pic), }; let request = ICProxyMutateRequest::Approve { approval }; @@ -1164,7 +1149,6 @@ fn test_proposal_execution_external_call_with_deposit() { let approval = ICProposalApprovalWithSigner { signer_id, proposal_id, - added_timestamp: get_time_nanos(&pic), }; let request = ICProxyMutateRequest::Approve { approval }; diff --git a/contracts/near/context-config/src/mutate.rs b/contracts/near/context-config/src/mutate.rs index b84845479..07476002b 100644 --- a/contracts/near/context-config/src/mutate.rs +++ b/contracts/near/context-config/src/mutate.rs @@ -23,12 +23,6 @@ impl ContextConfigs { .parse(|i| *i.signer_id) .expect("failed to parse input"); - require!( - env::block_timestamp_ms().saturating_sub(request.timestamp_ms) - <= self.config.validity_threshold_ms, - "request expired" - ); - match request.kind { RequestKind::Context(ContextRequest { context_id, kind, .. diff --git a/contracts/near/context-config/tests/sandbox.rs b/contracts/near/context-config/tests/sandbox.rs index e8a734db1..73f9112ee 100644 --- a/contracts/near/context-config/tests/sandbox.rs +++ b/contracts/near/context-config/tests/sandbox.rs @@ -823,45 +823,6 @@ async fn main() -> eyre::Result<()> { assert_eq!(res.logs(), ["Set validity threshold to `5s`"]); - let req = node1.call(contract.id(), "mutate").args_json(Signed::new( - &{ - let kind = RequestKind::Context(ContextRequest::new( - context_id, - ContextRequestKind::RemoveMembers { - members: vec![carol_cx_id].into(), - }, - )); - - Request::new( - alice_cx_id.rt()?, - kind, - *nonces.get(&Member::Alice).unwrap(), - ) - }, - |p| alice_cx_sk.sign(p), - )?); - - assert_eq!( - fetch_nonce(&contract, context_id, alice_cx_id) - .await? - .unwrap(), - 4, - "Alice: Nonce should be 4 after request reverted - expired" - ); - - time::sleep(time::Duration::from_secs(5)).await; - - let res = req - .transact() - .await? - .raw_bytes() - .expect_err("request should've expired"); - - { - let err = res.to_string(); - assert!(err.contains("request expired"), "{}", err); - } - let res: Vec> = contract .view("members") .args_json(json!({ diff --git a/crates/context/config/src/icp.rs b/crates/context/config/src/icp.rs index 0fc859c98..25b5b948a 100644 --- a/crates/context/config/src/icp.rs +++ b/crates/context/config/src/icp.rs @@ -161,7 +161,6 @@ impl From for ProposalWithApprovals { pub struct ICProposalApprovalWithSigner { pub proposal_id: ICRepr, pub signer_id: ICRepr, - pub added_timestamp: u64, } #[derive(CandidType, Deserialize, Clone, Debug)] @@ -194,7 +193,6 @@ impl TryFrom for ICProxyMutateRequest { approval: ICProposalApprovalWithSigner { proposal_id: approval.proposal_id.rt().map_err(|e| e.to_string())?, signer_id: approval.signer_id.rt().map_err(|e| e.to_string())?, - added_timestamp: approval.added_timestamp, }, }, }; diff --git a/crates/context/config/src/icp/types.rs b/crates/context/config/src/icp/types.rs index 41749f698..935dc6c0f 100644 --- a/crates/context/config/src/icp/types.rs +++ b/crates/context/config/src/icp/types.rs @@ -1,6 +1,5 @@ use std::borrow::Cow; use std::marker::PhantomData; -use std::time::{SystemTime, UNIX_EPOCH}; use candid::CandidType; use ed25519_dalek::{Verifier, VerifyingKey}; @@ -160,7 +159,6 @@ impl<'a> From> for ICRequestKind { pub struct ICRequest { pub kind: ICRequestKind, pub signer_id: ICRepr, - pub timestamp_ms: u64, pub nonce: u64, } @@ -169,10 +167,6 @@ impl ICRequest { Self { signer_id: ICRepr::new(signer_id), kind, - timestamp_ms: SystemTime::now() - .duration_since(UNIX_EPOCH) - .expect("Time went backwards") - .as_millis() as u64, nonce, } }