Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[FR] - Add File Hash Validation when Building Transaction #882

Closed
Crypto2099 opened this issue Sep 4, 2024 · 2 comments · Fixed by #895, #910, #915, #916 or #927
Closed

[FR] - Add File Hash Validation when Building Transaction #882

Crypto2099 opened this issue Sep 4, 2024 · 2 comments · Fixed by #895, #910, #915, #916 or #927
Assignees

Comments

@Crypto2099
Copy link

Internal/External
External

Area
Other

Describe the feature you'd like
When publishing an action that expects or includes a remotely hosted metadata file and a confirmation hash (e.g. pool registration/update, governance action creation/submission) and using cardano-cli transaction build then we should provide a mechanism to provide some dummy-proofing for the user w.r.t. validating that the provided hash matches the file contents at the remote source.

Describe alternatives you've considered
The current alternative is for users to download the file themselves from the remote source and then hash the file and double-check that the values entered into these commands (cardano-cli transaction build or cardano-cli governance create-info) match.

Additional context / screenshots
A very "costly" real world example is the first Governance Action published to mainnet: https://cexplorer.io/tx/15f82a365bdee483a4b03873a40d3829cc88c048ff3703e11bd01dd9e035c916/governance#data

File URL: ipfs://QmWjcHsrq9kKHZZ7aPPFjqN6wLuxH9d8bcqssmrE7H4cvb

Here we had two potential points where the CLI could have provided confirmation/validation of the URI and the hash.

There are currently two types of certificates that rely on remotely hosted files and their hashes being published to the blockchain:

  • Governance Actions
  • Governance Votes
  • dRep Registrations/Updates
  • Stake Pool Registrations/Updates

Governance Action Create

dev@null:~$ body_hash=$(./cardano-signer hash --cip100 --data-file govaction.jsonld)
dev@null:~$ file_hash=$(b2sum -l 256 govaction.jsonld)
dev@null:~$ cardano-cli conway governance action create-info \
>  --mainnet \
>  --governance-action-deposit 100000000000 \
>  --deposit-return-stake-verification-key-file govaction.staking.vkey \
>  --anchor-url ipfs://QmWjcHsrq9kKHZZ7aPPFjqN6wLuxH9d8bcqssmrE7H4cvb \
>  --anchor-data-hash $body_hash \
>  --out-file governance.action

Here we have an opportunity for the CLI (assuming there is an IPFS_GATEWAY_URI environment variable set) to fetch the resource to a local temporary file and confirm that the correct and matching hash has been used. In the example shown, we've incorrectly used the body_hash instead of the file_hash (which is what actually happened with this first gov action).

Governance Vote

dev@null:~$ cardano-cli conway governance vote create \
> --yes \
> --governance-action-tx-id abc123 \
> --governance-action-index 0 \
> --drep-verification-key-file adam.drep.vkey \
> --anchor-url abc.123.fun \
> --anchor-data-hash abc123 \
> --out-file adam.vote

dRep Registration Certificate

dev@null:~$ cardano-cli conway governance drep registration-certificate \
> --drep-verification-key-file adam.drep.vkey \
> --key-reg-deposit-amt 2000000 \
> --drep-metadata-url abc.123.xyz \
> --drep-metadata-hash abc123 \
> --out-file adam.drep.cert

dRep Update Certificate

dev@null:~$ cardano-cli conway governance drep update-certificate \
> --drep-verification-key-file adam.drep.vkey \
> --key-reg-deposit-amt 2000000 \
> --drep-metadata-url abc.123.xyz \
> --drep-metadata-hash abc123 \
> --out-file adam.drep.cert

Stake Pool Registration Certificate

dev@null:~$ body_hash=$(./cardano-signer hash --cip100 --data-file govaction.jsonld)
dev@null:~$ file_hash=$(b2sum -l 256 govaction.jsonld)
dev@null:~$ pool_metadata=$(cardano-cli conway stake-pool metadata-hash --pool-metadata-file pool.json)
dev@null:~$ cardano-cli conway stake-pool registration-certificate \
> --mainnet \
> --stake-pool-verification-key-file mypool.cold.vkey \
> --vrf-verification-key-file mypool.vrf.vkey \
> --pool-pledge 100000000000 \
> --pool-cost 170000000 \
> --pool-margin 0.01 \
> --pool-reward-account-verification-key-file mypool.rewards.vkey \
> --pool-owner-stake-verification-key-file mypool.owner.vkey \
> --pool-relay-ipv4 192.168.0.1 \
> --pool-relay-port 1337 \
> --metadata-url https://github.com/crypto2099/mypool.json \
> --metadata-hash $file_hash \
> --out-file my-pool.cert

Here we have an opportunity for the CLI (maybe assuming there is an IPFS_GATEWAY_URI environment variable set if we switch to allowing IPFS URIs for stake pool metadata in the future) to fetch the resource to a local temporary file and confirm that the correct and matching hash has been used. In the example shown, we've incorrectly used the file_hash variable which is the blake2b-256 of our Governance Action metadata file rather than our stake pool metadata file so this will cause issues and errors downstream with explorers (this has happened literally hundreds if not thousands of times in the 4 years since Shelley).

Certificate Transaction Building

When using cardano-cli transaction build... we can assume that the user is utilizing a "hot" network environment with a local or remote connection to a node and so, it should be possible to check when there is a proposal-file, vote-file, or certificate-file and their related metadata URLs and hashes are valid and either:

  • Issue a warning if the hashes cannot be checked for some reason (file not accessible?)
  • Issue a warning if the hash does not match the file contents
cardano-cli conway transaction build \
--mainnet \
--tx-in ${tx_in_id} \
--change-address ${my_change_address} \
--proposal-file ${gov_action_file} \
--vote-file ${gov_vote_file} \
--certificate-file ${pool_cert_file} \
--out-file my.tx.unsigned
@Jimbo4350
Copy link
Contributor

Jimbo4350 commented Sep 9, 2024

Thanks for this @Crypto2099. @palas is looking in to it.

@palas
Copy link
Contributor

palas commented Sep 25, 2024

Sorry for the opening and closing, but GitHub closes automatically every time I merge a PR...

@palas palas linked a pull request Oct 24, 2024 that will close this issue
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment