test: Add assumeutxo test for wrong hash #28647
Conversation
|
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. Code CoverageFor detailed information about the code coverage, see the test coverage report. ReviewsSee the guideline for information on the review process.
If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update. ConflictsNo conflicts as of last run. |
|
Concept ACK Nice. Tried to work on this as well recently and thought it's not possible without implementing a VARINT-parser (for the |
theStack
left a comment
theStack
left a comment
There was a problem hiding this comment.
Code-review ACK fa91fc737dc88899fa7452941327546ec3f73972
pablomartin4btc
left a comment
pablomartin4btc
left a comment
There was a problem hiding this comment.
cr ACK fa91fc737dc88899fa7452941327546ec3f73972
There was a problem hiding this comment.
Isn't the bad coin height test also already covered with the test where you made the fix?
There was a problem hiding this comment.
Yeah, I wonder how one could test a "valid" hash but invalid snapshot file. I guess one would have to add a hash of the invalid file to the source code.
Though, this comment presumably refers to https://maflcko.github.io/b-c-cov/total.coverage/src/validation.cpp.gcov.html#5398 which is still uncovered.
There was a problem hiding this comment.
I wonder how one could test a "valid" hash but invalid snapshot file
I would just generally understand this as taking a valid snapshot file and altering the content so that it still serializes correctly but results in a different hash. The way I understand it "valid hash" here means that the hash in the metadata of the file matches the hash in the chainparams.
I guess one would have to add a hash of the invalid file to the source code.
That implies that the attacker is able to give the user a build that is not a release, no? (or we have made a huge mistake when adding the hash) If the attackers are able to do that they could do anything so it doesn't seem feasible to cover such a scenario in our tests.
There was a problem hiding this comment.
Right. Though, in that case, it could make sense to transform the unreachable/untestable code, if there is any, into an assert fail, or use the Assume fail.
There was a problem hiding this comment.
Yeah, I wonder how one could test a "valid" hash but invalid snapshot file. I guess one would have to add a hash of the invalid file to the source code.
Yes, my suggestion was to add an invalid regtest hash to the source code so we can verify that assumeutxo code does what it is supposed to do when an invalid hash is added.
And I don't like the idea of making the executable abort when an invalid hash is detected, instead of returning a normal error message, because that would make it more difficult than it needs to be to write a test covering all the error cases, and also make error handling internally more fragile and less straightforward.
This is just to explain my earlier suggestion though. I see these hashes as external inputs that should be validated like other inputs, even they happen to be hard coded to prevent usage errors. But if you want to treat these hashes as normal source code that should be able to trigger crashes in other parts of the source code, that is also reasonable.
|
utACK fa91fc737dc88899fa7452941327546ec3f73972 |
maflcko
force-pushed
the
2310-test-au-
branch
from
fa91fc7 to
fa68571
Compare
|
utACK fa68571 |
DrahtBot
requested review from
pablomartin4btc and
theStack
and removed request for
pablomartin4btc
DrahtBot
requested review from
pablomartin4btc
and removed request for
pablomartin4btc
fa68571 test: Add assumeutxo test for wrong hash (MarcoFalke) Pull request description: Also: * Update test TODOs * Fix off-by-4 typo in test, remove `struct` import ACKs for top commit: fjahr: utACK fa68571 theStack: Code-review re-ACK fa68571 pablomartin4btc: re ACK fa68571 ryanofsky: Code review ACK fa68571 Tree-SHA512: 877653010efe4e20018827e8ec2801d036e1344457401f0c9e5d55907b817724201dd2e3f0f29505bbff619882c0c2cd731ecdcd209258bcefe11b86ff0205dd
6 participants
Also:
structimport