Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Masp/Base boundary conditions #1962

Closed
Tracked by #2020
CarloModicaPortfolio opened this issue Oct 2, 2023 · 2 comments
Closed
Tracked by #2020

Masp/Base boundary conditions #1962

CarloModicaPortfolio opened this issue Oct 2, 2023 · 2 comments

Comments

@CarloModicaPortfolio
Copy link

Looking at the MASP VP, and it looks like some of the coundary conditions are not checked. More specifically:

According to specs: If the source address is not the MASP validity predicate, then the transparent transaction value pool's amount must equal zero. But in vp_masp.rs:

        if transfer.source != masp() {
            // Handle transparent input
            // Note that the asset type is timestamped so shields
            // where the shielded value has an incorrect timestamp
            // are automatically rejected
            for denom in token::MaspDenom::iter() {
                let (_transp_asset, transp_amt) = convert_amount(
                    ctx.get_block_epoch().unwrap(),
                    &transfer.token,
                    transfer.amount.into(),
                    denom,
                );

                // Non-masp sources add to transparent tx pool
                transparent_tx_pool += transp_amt;

looks like that transparent_tx_pool is never checked to be zero.

Similarly when the source is the MASP vp, both according to specs and code comment the transparent transaction value pool's amount must equal the containing wrapper transaction's fee amount. This checks seems to be missing in the code. Nor seems to be checked if the transparent transaction value pool's asset type is be derived from the containing wrapper transaction's fee token.
The code below:

            // Handle shielded input
            // The following boundary conditions must be satisfied
            // 1. Zero transparent input
            // 2. the transparent transaction value pool's amount must equal< the
            // containing wrapper transaction's fee amount
            // Satisfies 1.
            if let Some(transp_bundle) = shielded_tx.transparent_bundle() {
                if !transp_bundle.vin.is_empty() {
                    debug_log!(
                        "Transparent input to a transaction from the masp \
                         must be 0 but is {}",
                        transp_bundle.vin.len()
                    );
                    return reject();

Lastly, there is a missmatch between specs and code when the target adress is not the MASP vp, as the specs say there must be exactly one transparent output, while in the code there can be up to 4.
@cwgoes cwgoes mentioned this issue Oct 20, 2023
Closed
20 tasks
@cwgoes cwgoes mentioned this issue Nov 5, 2023
Closed
7 tasks
@grarco
Copy link
Collaborator

grarco commented Nov 27, 2023

With regards to the fees, the logic in the code should be correct as we decided to not allow fee payment directly in a masp transfer, the check is here:

namada/shared/src/ledger/native_vp/masp.rs

Lines 280 to 284 in a07a3b2

Some(Ordering::Greater) => {
tracing::debug!(
"Transaction fees cannot be paid inside MASP transaction."
);
return Ok(false);

I probably forgot to remove the misleading comment and update the specs

@cwgoes
Copy link
Collaborator

cwgoes commented Feb 2, 2024

Superseded by more recent work.

@cwgoes cwgoes closed this as completed Feb 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@cwgoes @grarco @CarloModicaPortfolio