fix: avoid endless tx rescan when the inbound vote message is invalid #3184

ws4charlie · 2024-11-19T06:03:00Z

Description

The maximum length of inbound message is defined as const MaxMessageLength = 10240 in the zetacore. If for some reason (it is impossible at the moment), an inbound transaction carries a message longer message, the PostVoteInbound RPC call in observer code below will return an error (due to ValidateBasic failure), which result in endless rescan of the tx.

To avoid potential endless tx rescan, zetaclient should SKIP invalid inbound vote message.

// post inbound vote message to zetacore
for _, event := range events {
	msg := ob.GetInboundVoteFromBtcEvent(event)
	if msg != nil {
	    _, err = ob.PostVoteInbound(ctx, msg, zetacore.PostVoteInboundExecutionGasLimit)
	    if err != nil {
		return errors.Wrapf(err, "error PostVoteInbound") // we have to re-scan this block next time
	    }
	}
}

How Has This Been Tested?

Summary by CodeRabbit

Release Notes

New Features
- Whitelist functionality for SPL tokens on Solana.
- Integration of SPL deposits and withdrawals.
- Enhanced processability checks for inbound events.
- New methods for decoding memos and determining event processability.
Improvements
- Enhanced logging and error handling in inbound event processing.
- Improved build reproducibility for releases.
- Comprehensive testing framework with new tests for various scenarios.
Bug Fixes
- Resolved issues with message registration and handling compliance violations.
- Improved error handling for out-of-gas errors during omnichain calls.

coderabbitai · 2024-11-19T06:03:08Z

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

📝 Walkthrough

Walkthrough

The pull request introduces a comprehensive update to the ZetaChain project, featuring new functionalities such as whitelisting SPL tokens on Solana, improved build reproducibility, and enhanced testing frameworks for concurrent operations. Key refactoring efforts include the removal of the HSM signer from the zetaclient and adjustments to the zetaclientd CLI. Several fixes address issues related to message registration, peer discovery, and error handling during omnichain calls. The overall changes focus on enhancing functionality, improving code quality, and addressing various bugs across different components.

Changes

File Path	Change Summary
changelog.md	Updated to reflect new features, improvements, refactoring, and fixes, including whitelisting SPL tokens, SPL deposits/withdrawals, and enhanced testing frameworks.
x/crosschain/types/message_vote_inbound.go	Comment updated for `WithMemoRevertOptions` to `WithRevertOptions`, no logic change.
zetaclient/chains/bitcoin/observer/event.go	Removed `InboundProcessability` enum, updated `Processability` and `CheckEventProcessability` methods to use `clienttypes.InboundProcessability`.
zetaclient/chains/bitcoin/observer/event_test.go	Renamed test function from `Test_CheckProcessability` to `Test_Processability`, updated expected types in test cases to `clienttypes.InboundProcessability`.
zetaclient/chains/bitcoin/observer/inbound.go	Enhanced `GetInboundVoteFromBtcEvent` method logic to include message validation before returning.
zetaclient/chains/bitcoin/observer/inbound_test.go	Added new test cases for fee rate calculations and error handling, expanded coverage for transaction scenarios.
zetaclient/chains/solana/observer/inbound.go	Refactored `BuildInboundVoteMsgFromEvent` method to improve logging and error handling, added `CheckEventProcessability` method for better processability checks.
zetaclient/chains/solana/observer/inbound_test.go	Added `Test_CheckEventProcessability`, updated `Test_BuildInboundVoteMsgFromEvent` to reflect new validation logic.
zetaclient/compliance/compliance.go	Removed `DoesInboundContainsRestrictedAddress` function and associated imports, streamlining compliance checks.
zetaclient/types/event.go	Introduced new `InboundProcessability` enum and methods for `DecodeMemo` and `Processability` in `InboundEvent`.
zetaclient/types/event_test.go	Added unit tests for `InboundEvent` type, validating both decoding and processability logic.

Possibly related PRs

feat: implementation of Solana restricted address #2795: The implementation of Solana restricted address is related to the main PR's focus on enhancing functionality and security in transaction handling, particularly with respect to deposits and withdrawals.
fix: abort cctx on dust amount in revert outbound (Bitcoin and Solana) #3149: The fix to abort CCTX on dust amount in revert outbound transactions directly relates to the main PR's updates on handling transaction states and error conditions.
fix: skip depositor fee calculation on irrelevant transactions #3162: The fix to skip depositor fee calculation on irrelevant transactions aligns with the main PR's emphasis on improving transaction processing efficiency and error handling.
fix: avoid panic in inscription parsing #3155: The fix to avoid panic in inscription parsing is relevant as it addresses error handling in the context of Bitcoin transactions, which is a focus area in the main PR.
refactor: replace docker-based inscription builder sidecar with Golang implementation #3082: The refactor to replace the Docker-based inscription builder with a Golang implementation enhances the functionality related to Bitcoin inscriptions, which is a key aspect of the main PR's updates.

Suggested labels

no-changelog, CONSENSUS_BREAKING_ACK

Suggested reviewers

fbac
kingpinXD
swift1337
lumtis
skosito
brewmaster012

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

Review comments: Directly reply to a review comment made by CodeRabbit. Example:
- I pushed a fix in commit <commit_id>, please review it.
- Generate unit testing code for this file.
- Open a follow-up GitHub issue for this discussion.
Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
- @coderabbitai generate unit testing code for this file.
- @coderabbitai modularize this function.
PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
- @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
- @coderabbitai read src/utils.ts and generate unit testing code.
- @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
- @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

@coderabbitai pause to pause the reviews on a PR.
@coderabbitai resume to resume the paused reviews.
@coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
@coderabbitai full review to do a full review from scratch and review all the files again.
@coderabbitai summary to regenerate the summary of the PR.
@coderabbitai resolve resolve all the CodeRabbit review comments.
@coderabbitai configuration to show the current CodeRabbit configuration for the repository.
@coderabbitai help to get help.

Other keywords and placeholders

Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

Visit our Documentation for detailed information on how to use CodeRabbit.
Join our Discord Community to get help, request features, and share feedback.
Follow us on X/Twitter for updates and announcements.

codecov · 2024-11-19T06:13:38Z

Codecov Report

Attention: Patch coverage is 70.79646% with 33 lines in your changes missing coverage. Please review.

Project coverage is 62.06%. Comparing base (771317f) to head (fe26d13).
Report is 1 commits behind head on develop.

Files with missing lines	Patch %	Lines
zetaclient/chains/bitcoin/signer/signer.go	0.00%	18 Missing ⚠️
zetaclient/chains/solana/observer/inbound.go	87.09%	3 Missing and 1 partial ⚠️
zetaclient/chains/evm/observer/v2_inbound.go	0.00%	3 Missing ⚠️
...taclient/chains/evm/observer/v2_inbound_tracker.go	0.00%	3 Missing ⚠️
zetaclient/types/event.go	89.65%	2 Missing and 1 partial ⚠️
zetaclient/chains/bitcoin/observer/event.go	92.30%	1 Missing ⚠️
zetaclient/chains/bitcoin/observer/inbound.go	50.00%	1 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff             @@
##           develop    #3184      +/-   ##
===========================================
- Coverage    62.38%   62.06%   -0.33%     
===========================================
  Files          427      428       +1     
  Lines        30416    30438      +22     
===========================================
- Hits         18974    18890      -84     
- Misses       10596    10708     +112     
+ Partials       846      840       -6

Files with missing lines	Coverage Δ
x/crosschain/types/message_vote_inbound.go	`100.00% <ø> (ø)`
zetaclient/chains/base/observer.go	`85.36% <100.00%> (+0.25%)`	⬆️
zetaclient/compliance/compliance.go	`14.28% <ø> (+3.86%)`	⬆️
zetaclient/chains/bitcoin/observer/event.go	`95.65% <92.30%> (-0.10%)`	⬇️
zetaclient/chains/bitcoin/observer/inbound.go	`32.92% <50.00%> (+0.86%)`	⬆️
zetaclient/chains/evm/observer/v2_inbound.go	`0.00% <0.00%> (ø)`
...taclient/chains/evm/observer/v2_inbound_tracker.go	`0.00% <0.00%> (ø)`
zetaclient/types/event.go	`89.65% <89.65%> (ø)`
zetaclient/chains/solana/observer/inbound.go	`35.77% <87.09%> (+4.52%)`	⬆️
zetaclient/chains/bitcoin/signer/signer.go	`18.43% <0.00%> (+0.28%)`	⬆️

... and 5 files with indirect coverage changes

…n-invalid-vote-msg

coderabbitai

Actionable comments posted: 4

🧹 Outside diff range and nitpick comments (14)

zetaclient/types/event_test.go (3)
14-59: Consider adding more edge cases to strengthen test coverage.

While the current test cases cover the basic scenarios, consider adding these additional cases to improve robustness:

Invalid hex format in memo

Memo with incorrect length

Non-hex characters in memo

Example addition:
 tests := []struct {
     // ... existing fields
 }{
     // ... existing test cases
+    {
+        name: "should handle invalid hex format",
+        event: &types.InboundEvent{
+            Memo: []byte("invalid_hex"),
+        },
+        errMsg: "invalid hex string",
+    },
+    {
+        name: "should handle incorrect address length",
+        event: &types.InboundEvent{
+            Memo: []byte("0x1234"), // too short for an address
+        },
+        errMsg: "invalid address length",
+    },
 }
61-67: Consider extracting compliance config setup to a helper function.

The compliance config setup could be moved to a helper function to improve test maintainability and reusability.

Example:
+func setupTestComplianceConfig(t *testing.T) {
+    cfg := config.Config{
+        ComplianceConfig: sample.ComplianceConfig(),
+    }
+    config.LoadComplianceConfig(cfg)
+}
+
 func Test_Processability(t *testing.T) {
-    cfg := config.Config{
-        ComplianceConfig: sample.ComplianceConfig(),
-    }
-    config.LoadComplianceConfig(cfg)
+    setupTestComplianceConfig(t)
69-116: Consider adding edge cases for address validation.

The test cases cover the main scenarios but could be enhanced with edge cases:

Example additions:
 tests := []struct {
     // ... existing fields
 }{
     // ... existing test cases
+    {
+        name: "should handle empty sender address",
+        event: &types.InboundEvent{
+            Sender:   "",
+            Receiver: sample.EthAddress().Hex(),
+        },
+        expected: types.InboundProcessabilityBadFormat,
+    },
+    {
+        name: "should handle malformed receiver address",
+        event: &types.InboundEvent{
+            Sender:   sample.SolanaAddress(t),
+            Receiver: "invalid_address",
+        },
+        expected: types.InboundProcessabilityBadFormat,
+    },
 }
x/crosschain/types/message_vote_inbound.go (1)

Line range hint 8-13: Consider parameterizing MaxMessageLength

The hardcoded message length limit is critical for preventing endless tx rescans. Consider:

Moving this to chain parameters for runtime configurability

Adding metrics/logging when messages exceed this limit

Implementing graceful error handling in the state machine as noted in issue Create a param for message max length of MsgVoteOnObservedInboundTx #862

Would you like me to help create a proposal for parameterizing this constant and implementing the suggested improvements?
zetaclient/chains/solana/observer/inbound_test.go (2)
137-168: Test cases appropriately cover error scenarios.

The test cases effectively cover memo decoding failures, non-processable events, and message size validation. However, consider enhancing the message validation test case.

Consider adding these test cases for more comprehensive validation:
 t.Run("should return nil if message basic validation fails", func(t *testing.T) {
-    // create event with donation memo
-    sender := sample.SolanaAddress(t)
-    maxMsgBytes := crosschaintypes.MaxMessageLength / 2
-    event := sample.InboundEvent(chain.ChainId, sender, sender, 1280, []byte(strings.Repeat("a", maxMsgBytes+1)))
+    testCases := []struct {
+        name string
+        memo []byte
+    }{
+        {
+            name: "message too long",
+            memo: []byte(strings.Repeat("a", crosschaintypes.MaxMessageLength+1)),
+        },
+        {
+            name: "empty message",
+            memo: []byte{},
+        },
+        {
+            name: "invalid UTF-8",
+            memo: []byte{0xFF, 0xFE, 0xFD},
+        },
+    }
+
+    for _, tc := range testCases {
+        t.Run(tc.name, func(t *testing.T) {
+            sender := sample.SolanaAddress(t)
+            event := sample.InboundEvent(chain.ChainId, sender, sender, 1280, tc.memo)
+            msg := ob.BuildInboundVoteMsgFromEvent(event)
+            require.Nil(t, msg)
+        })
+    }
 })
170-217: Well-structured table-driven tests with room for enhancement.

The test implementation is clean and covers the main scenarios. However, consider adding more edge cases for robustness.

Consider adding these additional test cases:
 tests := []struct {
     name   string
     event  clienttypes.InboundEvent
     result bool
 }{
     // ... existing test cases ...
+    {
+        name: "should return false on empty sender",
+        event: clienttypes.InboundEvent{
+            Sender:   "",
+            Receiver: sample.EthAddress().Hex(),
+        },
+        result: false,
+    },
+    {
+        name: "should return false on empty receiver",
+        event: clienttypes.InboundEvent{
+            Sender:   sample.SolanaAddress(t),
+            Receiver: "",
+        },
+        result: false,
+    },
+    {
+        name: "should return false on zero amount",
+        event: clienttypes.InboundEvent{
+            Sender:   sample.SolanaAddress(t),
+            Receiver: sample.EthAddress().Hex(),
+            Amount:   0,
+        },
+        result: false,
+    },
 }
zetaclient/chains/bitcoin/observer/event_test.go (1)
Line range hint 45-109: Add test case for invalid message length

Based on the PR objectives to fix endless tx rescan for invalid inbound vote messages, consider adding a test case that verifies the behavior when message length exceeds 10,240 bytes.
 tests := []struct {
   name     string
   event    *observer.BTCInboundEvent
   expected clienttypes.InboundProcessability
 }{
+  {
+    name: "should return InboundProcessabilityBad for message exceeding max length",
+    event: &observer.BTCInboundEvent{
+      FromAddress: "tb1quhassyrlj43qar0mn0k5sufyp6mazmh2q85lr6ex8ehqfhxpzsksllwrsu",
+      ToAddress:   testutils.TSSAddressBTCAthens3,
+      MemoBytes:   make([]byte, 10241), // Exceeds 10,240 bytes
+    },
+    expected: clienttypes.InboundProcessabilityBad,
+  },
   // ... existing test cases ...
 }
zetaclient/chains/bitcoin/observer/inbound_test.go (3)
Line range hint 466-587: Consider using table-driven tests for error scenarios

The error test cases in TestGetBtcEventErrors could be refactored into a table-driven test format to improve maintainability and reduce code duplication.

Here's a suggested refactor:
 func TestGetBtcEventErrors(t *testing.T) {
-    // ... setup code ...
+    tests := []struct {
+        name          string
+        modifyTx      func(*btcjson.TxRawResult)
+        expectedError string
+    }{
+        {
+            name: "invalid Vout[0] script",
+            modifyTx: func(tx *btcjson.TxRawResult) {
+                tx.Vout[0].ScriptPubKey.Hex = "0014invalid000000000000000000000000000000000"
+            },
+            expectedError: "invalid script",
+        },
+        {
+            name: "no input found",
+            modifyTx: func(tx *btcjson.TxRawResult) {
+                tx.Vin = nil
+            },
+            expectedError: "no input found",
+        },
+        // ... add more test cases ...
+    }
+
+    for _, tt := range tests {
+        t.Run(tt.name, func(t *testing.T) {
+            tx := testutils.LoadBTCInboundRawResult(t, TestDataDir, chain.ChainId, txHash, false)
+            tt.modifyTx(tx)
+            
+            rpcClient := mocks.NewBTCRPCClient(t)
+            event, err := observer.GetBtcEventWithoutWitness(
+                rpcClient,
+                *tx,
+                tssAddress,
+                blockNumber,
+                log.Logger,
+                net,
+                feeCalculator,
+            )
+            require.ErrorContains(t, err, tt.expectedError)
+            require.Nil(t, event)
+        })
+    }
 }
Line range hint 32-40: Consider documenting test data versioning

The test relies on archived Bitcoin transaction data. Consider adding version information and data source documentation to prevent test brittleness.

Add a comment block explaining the test data:
+// TestDataDir contains archived Bitcoin transaction data from mainnet
+// Data source: mempool.space API
+// Last updated: <date>
+// Version: <version>
+// Note: Update this comment when adding or modifying test data
 var TestDataDir string
Line range hint 588-626: Consider adding network failure test cases

The test suite would benefit from additional test cases covering network-related failures such as timeouts and connection issues.

Add test cases for:

RPC timeout scenarios

Network disconnection during transaction fetch

Partial response handling

Example:
t.Run("should handle RPC timeout", func(t *testing.T) {
    rpcClient := mocks.NewBTCRPCClient(t)
    rpcClient.On("GetRawTransaction", mock.Anything).
        After(2*time.Second).  // Simulate timeout
        Return(nil, errors.New("context deadline exceeded"))
    
    // ... test implementation
})
changelog.md (1)
32-32: Verify changelog entry matches PR objectives

The changelog entry correctly:

Is placed in the "Fixes" section

Links to PR fix: avoid endless tx rescan when the inbound vote message is invalid #3184

Describes the fix for endless tx rescan

Uses consistent formatting with other entries

However, consider adding more context about the max message length validation that triggers this issue, as mentioned in the PR objectives.

Consider expanding the entry to:
-* [3184](https://github.com/zeta-chain/node/pull/3184) - zetaclient should not retry if inbound vote message validation fails
+* [3184](https://github.com/zeta-chain/node/pull/3184) - avoid endless tx rescan by skipping inbound vote messages that exceed max length (10,240 bytes)
zetaclient/types/event.go (2)

95-98: Avoid code duplication by reusing DecodeMemo method

In the Processability method, you're parsing the memo to extract the receiver address, similar to the logic in DecodeMemo(). Consider invoking DecodeMemo() within Processability() to prevent code duplication and ensure consistency in memo decoding.

93-111: Reorder checks for efficiency and correctness

In the Processability method, the donation check is performed after the restricted address check. Since donation transactions are handled differently and may not require further processing, consider checking for donations first. This can improve efficiency by avoiding unnecessary computations for donation transactions.
zetaclient/chains/solana/observer/inbound.go (1)
274-276: Optimize parameter passing by using a pointer receiver

The CheckEventProcessability method accepts the event parameter by value, which may lead to unnecessary copying of the InboundEvent struct. Passing by pointer is more efficient and aligns with Go best practices.

Apply this diff to update the function signature and its invocation:
- func (ob *Observer) CheckEventProcessability(event clienttypes.InboundEvent) bool {
+ func (ob *Observer) CheckEventProcessability(event *clienttypes.InboundEvent) bool {

  // In BuildInboundVoteMsgFromEvent
- if !ob.CheckEventProcessability(*event) {
+ if !ob.CheckEventProcessability(event) {

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 9d299f0 and 93fefe7.

📒 Files selected for processing (11)

changelog.md (1 hunks)
x/crosschain/types/message_vote_inbound.go (1 hunks)
zetaclient/chains/bitcoin/observer/event.go (4 hunks)
zetaclient/chains/bitcoin/observer/event_test.go (6 hunks)
zetaclient/chains/bitcoin/observer/inbound.go (1 hunks)
zetaclient/chains/bitcoin/observer/inbound_test.go (1 hunks)
zetaclient/chains/solana/observer/inbound.go (3 hunks)
zetaclient/chains/solana/observer/inbound_test.go (3 hunks)
zetaclient/compliance/compliance.go (0 hunks)
zetaclient/types/event.go (2 hunks)
zetaclient/types/event_test.go (1 hunks)

💤 Files with no reviewable changes (1)

zetaclient/compliance/compliance.go

🧰 Additional context used

📓 Path-based instructions (9)

x/crosschain/types/message_vote_inbound.go (1)