Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: avoid endless tx rescan when the inbound vote message is invalid #3184

Merged

Conversation

ws4charlie
Copy link
Contributor

@ws4charlie ws4charlie commented Nov 19, 2024

Description

The maximum length of inbound message is defined as const MaxMessageLength = 10240 in the zetacore. If for some reason (it is impossible at the moment), an inbound transaction carries a message longer message, the PostVoteInbound RPC call in observer code below will return an error (due to ValidateBasic failure), which result in endless rescan of the tx.

To avoid potential endless tx rescan, zetaclient should SKIP invalid inbound vote message.

// post inbound vote message to zetacore
for _, event := range events {
	msg := ob.GetInboundVoteFromBtcEvent(event)
	if msg != nil {
	    _, err = ob.PostVoteInbound(ctx, msg, zetacore.PostVoteInboundExecutionGasLimit)
	    if err != nil {
		return errors.Wrapf(err, "error PostVoteInbound") // we have to re-scan this block next time
	    }
	}
}

How Has This Been Tested?

  • Tested CCTX in localnet
  • Tested in development environment
  • Go unit tests
  • Go integration tests
  • Tested via GitHub Actions

Summary by CodeRabbit

Release Notes

  • New Features

    • Whitelist functionality for SPL tokens on Solana.
    • Integration of SPL deposits and withdrawals.
    • Enhanced processability checks for inbound events.
    • New methods for decoding memos and determining event processability.
  • Improvements

    • Enhanced logging and error handling in inbound event processing.
    • Improved build reproducibility for releases.
    • Comprehensive testing framework with new tests for various scenarios.
  • Bug Fixes

    • Resolved issues with message registration and handling compliance violations.
    • Improved error handling for out-of-gas errors during omnichain calls.

Copy link
Contributor

coderabbitai bot commented Nov 19, 2024

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

📝 Walkthrough
📝 Walkthrough
📝 Walkthrough
📝 Walkthrough
📝 Walkthrough
📝 Walkthrough
📝 Walkthrough
📝 Walkthrough
📝 Walkthrough
📝 Walkthrough
📝 Walkthrough
📝 Walkthrough
📝 Walkthrough
📝 Walkthrough
📝 Walkthrough
📝 Walkthrough
📝 Walkthrough
📝 Walkthrough
📝 Walkthrough
📝 Walkthrough

Walkthrough

The pull request introduces a comprehensive update to the ZetaChain project, featuring new functionalities such as whitelisting SPL tokens on Solana, improved build reproducibility, and enhanced testing frameworks for concurrent operations. Key refactoring efforts include the removal of the HSM signer from the zetaclient and adjustments to the zetaclientd CLI. Several fixes address issues related to message registration, peer discovery, and error handling during omnichain calls. The overall changes focus on enhancing functionality, improving code quality, and addressing various bugs across different components.

Changes

File Path Change Summary
changelog.md Updated to reflect new features, improvements, refactoring, and fixes, including whitelisting SPL tokens, SPL deposits/withdrawals, and enhanced testing frameworks.
x/crosschain/types/message_vote_inbound.go Comment updated for WithMemoRevertOptions to WithRevertOptions, no logic change.
zetaclient/chains/bitcoin/observer/event.go Removed InboundProcessability enum, updated Processability and CheckEventProcessability methods to use clienttypes.InboundProcessability.
zetaclient/chains/bitcoin/observer/event_test.go Renamed test function from Test_CheckProcessability to Test_Processability, updated expected types in test cases to clienttypes.InboundProcessability.
zetaclient/chains/bitcoin/observer/inbound.go Enhanced GetInboundVoteFromBtcEvent method logic to include message validation before returning.
zetaclient/chains/bitcoin/observer/inbound_test.go Added new test cases for fee rate calculations and error handling, expanded coverage for transaction scenarios.
zetaclient/chains/solana/observer/inbound.go Refactored BuildInboundVoteMsgFromEvent method to improve logging and error handling, added CheckEventProcessability method for better processability checks.
zetaclient/chains/solana/observer/inbound_test.go Added Test_CheckEventProcessability, updated Test_BuildInboundVoteMsgFromEvent to reflect new validation logic.
zetaclient/compliance/compliance.go Removed DoesInboundContainsRestrictedAddress function and associated imports, streamlining compliance checks.
zetaclient/types/event.go Introduced new InboundProcessability enum and methods for DecodeMemo and Processability in InboundEvent.
zetaclient/types/event_test.go Added unit tests for InboundEvent type, validating both decoding and processability logic.

Possibly related PRs

Suggested labels

no-changelog, CONSENSUS_BREAKING_ACK

Suggested reviewers

  • fbac
  • kingpinXD
  • swift1337
  • lumtis
  • skosito
  • brewmaster012

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

Copy link

codecov bot commented Nov 19, 2024

Codecov Report

Attention: Patch coverage is 70.79646% with 33 lines in your changes missing coverage. Please review.

Project coverage is 62.06%. Comparing base (771317f) to head (fe26d13).
Report is 1 commits behind head on develop.

Files with missing lines Patch % Lines
zetaclient/chains/bitcoin/signer/signer.go 0.00% 18 Missing ⚠️
zetaclient/chains/solana/observer/inbound.go 87.09% 3 Missing and 1 partial ⚠️
zetaclient/chains/evm/observer/v2_inbound.go 0.00% 3 Missing ⚠️
...taclient/chains/evm/observer/v2_inbound_tracker.go 0.00% 3 Missing ⚠️
zetaclient/types/event.go 89.65% 2 Missing and 1 partial ⚠️
zetaclient/chains/bitcoin/observer/event.go 92.30% 1 Missing ⚠️
zetaclient/chains/bitcoin/observer/inbound.go 50.00% 1 Missing ⚠️
Additional details and impacted files

Impacted file tree graph

@@             Coverage Diff             @@
##           develop    #3184      +/-   ##
===========================================
- Coverage    62.38%   62.06%   -0.33%     
===========================================
  Files          427      428       +1     
  Lines        30416    30438      +22     
===========================================
- Hits         18974    18890      -84     
- Misses       10596    10708     +112     
+ Partials       846      840       -6     
Files with missing lines Coverage Δ
x/crosschain/types/message_vote_inbound.go 100.00% <ø> (ø)
zetaclient/chains/base/observer.go 85.36% <100.00%> (+0.25%) ⬆️
zetaclient/compliance/compliance.go 14.28% <ø> (+3.86%) ⬆️
zetaclient/chains/bitcoin/observer/event.go 95.65% <92.30%> (-0.10%) ⬇️
zetaclient/chains/bitcoin/observer/inbound.go 32.92% <50.00%> (+0.86%) ⬆️
zetaclient/chains/evm/observer/v2_inbound.go 0.00% <0.00%> (ø)
...taclient/chains/evm/observer/v2_inbound_tracker.go 0.00% <0.00%> (ø)
zetaclient/types/event.go 89.65% <89.65%> (ø)
zetaclient/chains/solana/observer/inbound.go 35.77% <87.09%> (+4.52%) ⬆️
zetaclient/chains/bitcoin/signer/signer.go 18.43% <0.00%> (+0.28%) ⬆️

... and 5 files with indirect coverage changes

@ws4charlie ws4charlie added zetaclient Issues related to ZetaClient chain:bitcoin Bitcoin chain related chain:solana SOLANA_TESTS Run make start-solana-test audit Fixes for issues found in audit labels Nov 19, 2024
@ws4charlie ws4charlie marked this pull request as ready for review November 19, 2024 19:25
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 4

🧹 Outside diff range and nitpick comments (14)
zetaclient/types/event_test.go (3)

14-59: Consider adding more edge cases to strengthen test coverage.

While the current test cases cover the basic scenarios, consider adding these additional cases to improve robustness:

  • Invalid hex format in memo
  • Memo with incorrect length
  • Non-hex characters in memo

Example addition:

 tests := []struct {
     // ... existing fields
 }{
     // ... existing test cases
+    {
+        name: "should handle invalid hex format",
+        event: &types.InboundEvent{
+            Memo: []byte("invalid_hex"),
+        },
+        errMsg: "invalid hex string",
+    },
+    {
+        name: "should handle incorrect address length",
+        event: &types.InboundEvent{
+            Memo: []byte("0x1234"), // too short for an address
+        },
+        errMsg: "invalid address length",
+    },
 }

61-67: Consider extracting compliance config setup to a helper function.

The compliance config setup could be moved to a helper function to improve test maintainability and reusability.

Example:

+func setupTestComplianceConfig(t *testing.T) {
+    cfg := config.Config{
+        ComplianceConfig: sample.ComplianceConfig(),
+    }
+    config.LoadComplianceConfig(cfg)
+}
+
 func Test_Processability(t *testing.T) {
-    cfg := config.Config{
-        ComplianceConfig: sample.ComplianceConfig(),
-    }
-    config.LoadComplianceConfig(cfg)
+    setupTestComplianceConfig(t)

69-116: Consider adding edge cases for address validation.

The test cases cover the main scenarios but could be enhanced with edge cases:

Example additions:

 tests := []struct {
     // ... existing fields
 }{
     // ... existing test cases
+    {
+        name: "should handle empty sender address",
+        event: &types.InboundEvent{
+            Sender:   "",
+            Receiver: sample.EthAddress().Hex(),
+        },
+        expected: types.InboundProcessabilityBadFormat,
+    },
+    {
+        name: "should handle malformed receiver address",
+        event: &types.InboundEvent{
+            Sender:   sample.SolanaAddress(t),
+            Receiver: "invalid_address",
+        },
+        expected: types.InboundProcessabilityBadFormat,
+    },
 }
x/crosschain/types/message_vote_inbound.go (1)

Line range hint 8-13: Consider parameterizing MaxMessageLength

The hardcoded message length limit is critical for preventing endless tx rescans. Consider:

  1. Moving this to chain parameters for runtime configurability
  2. Adding metrics/logging when messages exceed this limit
  3. Implementing graceful error handling in the state machine as noted in issue Create a param for message max length of MsgVoteOnObservedInboundTx #862

Would you like me to help create a proposal for parameterizing this constant and implementing the suggested improvements?

zetaclient/chains/solana/observer/inbound_test.go (2)

137-168: Test cases appropriately cover error scenarios.

The test cases effectively cover memo decoding failures, non-processable events, and message size validation. However, consider enhancing the message validation test case.

Consider adding these test cases for more comprehensive validation:

 t.Run("should return nil if message basic validation fails", func(t *testing.T) {
-    // create event with donation memo
-    sender := sample.SolanaAddress(t)
-    maxMsgBytes := crosschaintypes.MaxMessageLength / 2
-    event := sample.InboundEvent(chain.ChainId, sender, sender, 1280, []byte(strings.Repeat("a", maxMsgBytes+1)))
+    testCases := []struct {
+        name string
+        memo []byte
+    }{
+        {
+            name: "message too long",
+            memo: []byte(strings.Repeat("a", crosschaintypes.MaxMessageLength+1)),
+        },
+        {
+            name: "empty message",
+            memo: []byte{},
+        },
+        {
+            name: "invalid UTF-8",
+            memo: []byte{0xFF, 0xFE, 0xFD},
+        },
+    }
+
+    for _, tc := range testCases {
+        t.Run(tc.name, func(t *testing.T) {
+            sender := sample.SolanaAddress(t)
+            event := sample.InboundEvent(chain.ChainId, sender, sender, 1280, tc.memo)
+            msg := ob.BuildInboundVoteMsgFromEvent(event)
+            require.Nil(t, msg)
+        })
+    }
 })

170-217: Well-structured table-driven tests with room for enhancement.

The test implementation is clean and covers the main scenarios. However, consider adding more edge cases for robustness.

Consider adding these additional test cases:

 tests := []struct {
     name   string
     event  clienttypes.InboundEvent
     result bool
 }{
     // ... existing test cases ...
+    {
+        name: "should return false on empty sender",
+        event: clienttypes.InboundEvent{
+            Sender:   "",
+            Receiver: sample.EthAddress().Hex(),
+        },
+        result: false,
+    },
+    {
+        name: "should return false on empty receiver",
+        event: clienttypes.InboundEvent{
+            Sender:   sample.SolanaAddress(t),
+            Receiver: "",
+        },
+        result: false,
+    },
+    {
+        name: "should return false on zero amount",
+        event: clienttypes.InboundEvent{
+            Sender:   sample.SolanaAddress(t),
+            Receiver: sample.EthAddress().Hex(),
+            Amount:   0,
+        },
+        result: false,
+    },
 }
zetaclient/chains/bitcoin/observer/event_test.go (1)

Line range hint 45-109: Add test case for invalid message length

Based on the PR objectives to fix endless tx rescan for invalid inbound vote messages, consider adding a test case that verifies the behavior when message length exceeds 10,240 bytes.

 tests := []struct {
   name     string
   event    *observer.BTCInboundEvent
   expected clienttypes.InboundProcessability
 }{
+  {
+    name: "should return InboundProcessabilityBad for message exceeding max length",
+    event: &observer.BTCInboundEvent{
+      FromAddress: "tb1quhassyrlj43qar0mn0k5sufyp6mazmh2q85lr6ex8ehqfhxpzsksllwrsu",
+      ToAddress:   testutils.TSSAddressBTCAthens3,
+      MemoBytes:   make([]byte, 10241), // Exceeds 10,240 bytes
+    },
+    expected: clienttypes.InboundProcessabilityBad,
+  },
   // ... existing test cases ...
 }
zetaclient/chains/bitcoin/observer/inbound_test.go (3)

Line range hint 466-587: Consider using table-driven tests for error scenarios

The error test cases in TestGetBtcEventErrors could be refactored into a table-driven test format to improve maintainability and reduce code duplication.

Here's a suggested refactor:

 func TestGetBtcEventErrors(t *testing.T) {
-    // ... setup code ...
+    tests := []struct {
+        name          string
+        modifyTx      func(*btcjson.TxRawResult)
+        expectedError string
+    }{
+        {
+            name: "invalid Vout[0] script",
+            modifyTx: func(tx *btcjson.TxRawResult) {
+                tx.Vout[0].ScriptPubKey.Hex = "0014invalid000000000000000000000000000000000"
+            },
+            expectedError: "invalid script",
+        },
+        {
+            name: "no input found",
+            modifyTx: func(tx *btcjson.TxRawResult) {
+                tx.Vin = nil
+            },
+            expectedError: "no input found",
+        },
+        // ... add more test cases ...
+    }
+
+    for _, tt := range tests {
+        t.Run(tt.name, func(t *testing.T) {
+            tx := testutils.LoadBTCInboundRawResult(t, TestDataDir, chain.ChainId, txHash, false)
+            tt.modifyTx(tx)
+            
+            rpcClient := mocks.NewBTCRPCClient(t)
+            event, err := observer.GetBtcEventWithoutWitness(
+                rpcClient,
+                *tx,
+                tssAddress,
+                blockNumber,
+                log.Logger,
+                net,
+                feeCalculator,
+            )
+            require.ErrorContains(t, err, tt.expectedError)
+            require.Nil(t, event)
+        })
+    }
 }

Line range hint 32-40: Consider documenting test data versioning

The test relies on archived Bitcoin transaction data. Consider adding version information and data source documentation to prevent test brittleness.

Add a comment block explaining the test data:

+// TestDataDir contains archived Bitcoin transaction data from mainnet
+// Data source: mempool.space API
+// Last updated: <date>
+// Version: <version>
+// Note: Update this comment when adding or modifying test data
 var TestDataDir string

Line range hint 588-626: Consider adding network failure test cases

The test suite would benefit from additional test cases covering network-related failures such as timeouts and connection issues.

Add test cases for:

  1. RPC timeout scenarios
  2. Network disconnection during transaction fetch
  3. Partial response handling

Example:

t.Run("should handle RPC timeout", func(t *testing.T) {
    rpcClient := mocks.NewBTCRPCClient(t)
    rpcClient.On("GetRawTransaction", mock.Anything).
        After(2*time.Second).  // Simulate timeout
        Return(nil, errors.New("context deadline exceeded"))
    
    // ... test implementation
})
changelog.md (1)

32-32: Verify changelog entry matches PR objectives

The changelog entry correctly:

However, consider adding more context about the max message length validation that triggers this issue, as mentioned in the PR objectives.

Consider expanding the entry to:

-* [3184](https://github.com/zeta-chain/node/pull/3184) - zetaclient should not retry if inbound vote message validation fails
+* [3184](https://github.com/zeta-chain/node/pull/3184) - avoid endless tx rescan by skipping inbound vote messages that exceed max length (10,240 bytes)
zetaclient/types/event.go (2)

95-98: Avoid code duplication by reusing DecodeMemo method

In the Processability method, you're parsing the memo to extract the receiver address, similar to the logic in DecodeMemo(). Consider invoking DecodeMemo() within Processability() to prevent code duplication and ensure consistency in memo decoding.


93-111: Reorder checks for efficiency and correctness

In the Processability method, the donation check is performed after the restricted address check. Since donation transactions are handled differently and may not require further processing, consider checking for donations first. This can improve efficiency by avoiding unnecessary computations for donation transactions.

zetaclient/chains/solana/observer/inbound.go (1)

274-276: Optimize parameter passing by using a pointer receiver

The CheckEventProcessability method accepts the event parameter by value, which may lead to unnecessary copying of the InboundEvent struct. Passing by pointer is more efficient and aligns with Go best practices.

Apply this diff to update the function signature and its invocation:

- func (ob *Observer) CheckEventProcessability(event clienttypes.InboundEvent) bool {
+ func (ob *Observer) CheckEventProcessability(event *clienttypes.InboundEvent) bool {

  // In BuildInboundVoteMsgFromEvent
- if !ob.CheckEventProcessability(*event) {
+ if !ob.CheckEventProcessability(event) {
📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 9d299f0 and 93fefe7.

📒 Files selected for processing (11)
  • changelog.md (1 hunks)
  • x/crosschain/types/message_vote_inbound.go (1 hunks)
  • zetaclient/chains/bitcoin/observer/event.go (4 hunks)
  • zetaclient/chains/bitcoin/observer/event_test.go (6 hunks)
  • zetaclient/chains/bitcoin/observer/inbound.go (1 hunks)
  • zetaclient/chains/bitcoin/observer/inbound_test.go (1 hunks)
  • zetaclient/chains/solana/observer/inbound.go (3 hunks)
  • zetaclient/chains/solana/observer/inbound_test.go (3 hunks)
  • zetaclient/compliance/compliance.go (0 hunks)
  • zetaclient/types/event.go (2 hunks)
  • zetaclient/types/event_test.go (1 hunks)
💤 Files with no reviewable changes (1)
  • zetaclient/compliance/compliance.go
🧰 Additional context used
📓 Path-based instructions (9)
x/crosschain/types/message_vote_inbound.go (1)

Pattern **/*.go: Review the Go code, point out issues relative to principles of clean code, expressiveness, and performance.

zetaclient/chains/bitcoin/observer/event.go (1)

Pattern **/*.go: Review the Go code, point out issues relative to principles of clean code, expressiveness, and performance.

zetaclient/chains/bitcoin/observer/event_test.go (1)

Pattern **/*.go: Review the Go code, point out issues relative to principles of clean code, expressiveness, and performance.

zetaclient/chains/bitcoin/observer/inbound.go (1)

Pattern **/*.go: Review the Go code, point out issues relative to principles of clean code, expressiveness, and performance.

zetaclient/chains/bitcoin/observer/inbound_test.go (1)

Pattern **/*.go: Review the Go code, point out issues relative to principles of clean code, expressiveness, and performance.

zetaclient/chains/solana/observer/inbound.go (1)

Pattern **/*.go: Review the Go code, point out issues relative to principles of clean code, expressiveness, and performance.

zetaclient/chains/solana/observer/inbound_test.go (1)

Pattern **/*.go: Review the Go code, point out issues relative to principles of clean code, expressiveness, and performance.

zetaclient/types/event.go (1)

Pattern **/*.go: Review the Go code, point out issues relative to principles of clean code, expressiveness, and performance.

zetaclient/types/event_test.go (1)

Pattern **/*.go: Review the Go code, point out issues relative to principles of clean code, expressiveness, and performance.

📓 Learnings (2)
zetaclient/chains/bitcoin/observer/inbound.go (1)
Learnt from: ws4charlie
PR: zeta-chain/node#2899
File: zetaclient/chains/bitcoin/observer/inbound.go:37-38
Timestamp: 2024-11-12T13:20:12.658Z
Learning: In `BTCInboundEvent`, it's acceptable to use `float64` for monetary values (`Value` and `DepositorFee`) because precision is ensured through conversion to integer when building the vote message.
zetaclient/chains/bitcoin/observer/inbound_test.go (1)
Learnt from: ws4charlie
PR: zeta-chain/node#2899
File: zetaclient/chains/bitcoin/observer/inbound.go:366-371
Timestamp: 2024-11-12T13:20:12.658Z
Learning: The `bitcoin.CalcDepositorFee` function is covered by live tests.
🪛 GitHub Check: codecov/patch
zetaclient/chains/bitcoin/observer/inbound.go

[warning] 369-369: zetaclient/chains/bitcoin/observer/inbound.go#L369
Added line #L369 was not covered by tests


[warning] 375-377: zetaclient/chains/bitcoin/observer/inbound.go#L375-L377
Added lines #L375 - L377 were not covered by tests

zetaclient/chains/solana/observer/inbound.go

[warning] 324-326: zetaclient/chains/solana/observer/inbound.go#L324-L326
Added lines #L324 - L326 were not covered by tests

zetaclient/types/event.go

[warning] 79-80: zetaclient/types/event.go#L79-L80
Added lines #L79 - L80 were not covered by tests

🔇 Additional comments (11)
zetaclient/types/event_test.go (1)

1-12: LGTM! Well-structured test package setup.

The package follows Go testing best practices by using a separate _test package for black-box testing, and imports are well-organized.

x/crosschain/types/message_vote_inbound.go (2)

25-25: LGTM: Comment update improves clarity

The comment update better reflects the function's purpose by removing the redundant "Memo" prefix.


Line range hint 143-159: Verify validation error handling in upstream components

The ValidateBasic() implementation correctly validates message length, but let's ensure the error is properly handled upstream to prevent endless rescans.

Let's verify the error handling implementation:

✅ Verification successful

Based on the search results, I can see that ValidateBasic() is properly handled in various components:

  1. In CLI commands and RPC endpoints, validation errors are caught and returned early
  2. In the observer components (Bitcoin, Solana), validation errors are logged and handled gracefully
  3. No endless retry loops were found in the codebase that could cause rescans
  4. The validation errors are properly propagated up the call stack

Validation is properly handled upstream, preventing endless rescans

The implementation shows proper error handling patterns across different components:

  • Early validation in RPC/CLI layers
  • Proper error logging in observer components
  • No retry loops that could cause endless rescans
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for handlers of ValidateBasic errors
rg -A 5 "msg\.ValidateBasic\(\)" 

# Search for potential retry loops that might cause endless rescans
ast-grep --pattern 'for {
  $$$
  ValidateBasic()
  $$$
}'

Length of output: 34597

zetaclient/chains/solana/observer/inbound_test.go (1)

5-5: LGTM: Import additions and client setup changes are appropriate.

The new imports and modified client setup align well with the test requirements.

Also applies to: 13-13, 113-115

zetaclient/chains/bitcoin/observer/event.go (2)

22-22: LGTM: Clean import addition

The addition of the clienttypes import aligns with the refactoring to use centralized enum definitions.


Line range hint 53-75: LGTM: Clean enum migration

The Processability method has been successfully migrated to use the centralized enum type while maintaining the same logical flow and comprehensive compliance checks.

zetaclient/chains/bitcoin/observer/event_test.go (2)

25-25: LGTM: Clean import addition

The addition of clienttypes import aligns with the type migration and follows Go conventions.


45-45: LGTM: Clean function rename and type migration

The function rename is more concise and the type changes are consistent with the migration to clienttypes package.

Also applies to: 56-56

zetaclient/chains/bitcoin/observer/inbound.go (1)

364-379: LGTM! The validation effectively prevents endless rescan.

The addition of message validation before returning successfully addresses the PR objective. This ensures that invalid messages are caught early, preventing endless rescan attempts.

Enhance error logging for better debugging.

Consider including more context in the error log by adding the validation error details:

-		ob.Logger().Inbound.Error().Err(err).Fields(lf).Msg("invalid inbound vote message")
+		ob.Logger().Inbound.Error().Err(err).Fields(lf).
+			Msgf("invalid inbound vote message: %v", err)

Add test coverage for validation logic.

The static analysis indicates that the validation error path (lines 375-377) lacks test coverage. Consider adding test cases for:

  • Invalid message scenarios that should trigger validation errors
  • Edge cases around memo processing
🧰 Tools
🪛 GitHub Check: codecov/patch

[warning] 369-369: zetaclient/chains/bitcoin/observer/inbound.go#L369
Added line #L369 was not covered by tests


[warning] 375-377: zetaclient/chains/bitcoin/observer/inbound.go#L375-L377
Added lines #L375 - L377 were not covered by tests

zetaclient/chains/bitcoin/observer/inbound_test.go (1)

160-162: LGTM: Mock client setup properly initialized

The addition of OperatorAddress with a sample Bech32 address ensures proper initialization of the mock client.

zetaclient/types/event.go (1)

78-80: ⚠️ Potential issue

Clarify the 'unreachable code' comment and ensure proper test coverage

The comment // unreachable code suggests that the error handling block may not be executed. However, if memo.DecodeLegacyMemoHex can return an error, this code is reachable and should be handled appropriately. Please verify whether this error case is possible.

  • If the error is possible: Remove the 'unreachable code' comment and add unit tests to cover this error handling path.
  • If the error is impossible: Remove the error handling code to simplify the function.

To confirm whether memo.DecodeLegacyMemoHex can return an error, you can review its implementation with the following script:

🧰 Tools
🪛 GitHub Check: codecov/patch

[warning] 79-80: zetaclient/types/event.go#L79-L80
Added lines #L79 - L80 were not covered by tests

zetaclient/chains/bitcoin/observer/event.go Outdated Show resolved Hide resolved
zetaclient/types/event.go Show resolved Hide resolved
zetaclient/chains/solana/observer/inbound.go Outdated Show resolved Hide resolved
zetaclient/chains/solana/observer/inbound.go Outdated Show resolved Hide resolved
zetaclient/types/event.go Outdated Show resolved Hide resolved
zetaclient/chains/bitcoin/observer/inbound.go Outdated Show resolved Hide resolved
zetaclient/chains/solana/observer/inbound.go Outdated Show resolved Hide resolved
zetaclient/chains/solana/observer/inbound.go Show resolved Hide resolved
@ws4charlie ws4charlie requested a review from swift1337 November 21, 2024 17:06
@ws4charlie ws4charlie enabled auto-merge November 21, 2024 17:06
changelog.md Outdated Show resolved Hide resolved
@ws4charlie ws4charlie enabled auto-merge November 22, 2024 21:50
zetaclient/chains/bitcoin/signer/signer.go Outdated Show resolved Hide resolved
zetaclient/chains/evm/observer/v2_inbound.go Outdated Show resolved Hide resolved
zetaclient/types/event.go Outdated Show resolved Hide resolved
zetaclient/chains/solana/observer/inbound.go Show resolved Hide resolved
zetaclient/types/event.go Show resolved Hide resolved
Copy link

gitguardian bot commented Nov 25, 2024

⚠️ GitGuardian has uncovered 1 secret following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

🔎 Detected hardcoded secret in your pull request
GitGuardian id GitGuardian status Secret Commit Filename
14567965 Triggered Generic Password d723e09 cmd/zetaclientd/start.go View secret
🛠 Guidelines to remediate hardcoded secrets
  1. Understand the implications of revoking this secret by investigating where it is used in your code.
  2. Replace and store your secret safely. Learn here the best practices.
  3. Revoke and rotate this secret.
  4. If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider


🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.

@ws4charlie ws4charlie added this pull request to the merge queue Nov 25, 2024
Merged via the queue into develop with commit cc3bc86 Nov 25, 2024
41 checks passed
@ws4charlie ws4charlie deleted the avoid-btc-solana-inbound-endless-rescan-on-invalid-vote-msg branch November 25, 2024 22:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
audit Fixes for issues found in audit chain:bitcoin Bitcoin chain related chain:solana SOLANA_TESTS Run make start-solana-test zetaclient Issues related to ZetaClient
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants