Audit 302 (#123)

Author: ixje

docs/source/whatsnew/0.9.1.rst

@@ -0,0 +1,14 @@
+.. _whatsnew-v091:
+
+*******************************
+  What's New in neo-mamba 0.9.1
+*******************************
+
+:Author: Erik van den Brink
+
+v3.0.2 compatibility
+===================
+
+This release fixes bugs after auditing neo-mamba vs neo-cli v3.0.2. The TestNet is audited up to block `189200`,
+whereas MainNet is audited up to block `127057`.
+

docs/source/whatsnew/index.rst

@@ -18,4 +18,5 @@ This chapter describes the most important changes between the neo-mamba versions
    0.6.rst
    0.7.rst
    0.8.rst
-   0.9.rst
+   0.9.rst
+   0.9.1.rst

neo3/__init__.py

@@ -7,7 +7,7 @@
 from neo3.core import cryptography
 from .singleton import _Singleton
 
-version = '0.9'
+version = '0.9.1'
 
 core_logger = logging.getLogger('neo3.core')
 network_logger = logging.getLogger('neo3.network')

neo3/contracts/__init__.py

@@ -60,7 +60,6 @@ def validate_type(obj: object, type_: typing.Type):
            'syscall_name_to_int',
            'DesignationContract',
            'DesignateRole',
-           'NameService',
            'LedgerContract',
            'NEF',
            'MethodToken',

neo3/contracts/applicationengine.py

@@ -51,7 +51,7 @@ def __init__(self,
             self.nonce_data = self.script_container.hash().to_array()[:16]
         else:
             self.nonce_data = b'\x00' * 16
-        if self.snapshot and self.snapshot.persisting_block:
+        if self.snapshot is not None and self.snapshot.persisting_block is not None:
             nonce = self.snapshot.persisting_block.nonce
             nonce ^= int.from_bytes(self.nonce_data, "little", signed=False)
             self.nonce_data = nonce.to_bytes(16, "little")
@@ -268,7 +268,7 @@ def load_token(self, token_id: int) -> vm.ExecutionContext:
 
         token = nef.tokens[token_id]
         if token.parameters_count > len(self.current_context.evaluation_stack):
-            raise ValueError("Token count exceeds available paremeters on evaluation stack")
+            raise ValueError("Token count exceeds available parameters on evaluation stack")
         args: List[vm.StackItem] = []
         for _ in range(token.parameters_count):
             args.append(self.pop())
@@ -432,7 +432,7 @@ def _native_to_stackitem(self, value, native_type) -> vm.StackItem:
         Convert native type to VM type
 
         Note: order of checking matters.
-        e.g. a Transaction should be treated as IInteropable, while its also ISerializable
+        e.g. a Transaction should be treated as IInteroperable, while its also ISerializable
         """
         if isinstance(value, vm.StackItem):
             return value
@@ -466,5 +466,15 @@ def _native_to_stackitem(self, value, native_type) -> vm.StackItem:
                 return self._native_to_stackitem(value, native_type)
             else:
                 raise ValueError  # shouldn't be possible, but silences mypy
+        elif native_type == list:
+            arr = vm.ArrayStackItem(self.reference_counter)
+            for item in value:
+                arr.append(self._native_to_stackitem(item, type(item)))
+            return arr
+        elif native_type == tuple:
+            _struct = vm.StructStackItem(self.reference_counter)
+            _struct.append(self._native_to_stackitem(value[0], type(value[0])))
+            _struct.append(self._native_to_stackitem(value[1], type(value[1])))
+            return _struct
         else:
             return vm.StackItem.from_interface(value)

neo3/contracts/native/fungible.py

@@ -96,7 +96,7 @@ def balance_of(self, snapshot: storage.Snapshot, account: types.UInt160) -> vm.B
 
         Note: The returned value is still in internal format. Divide the results by the contract's `decimals`
         """
-        storage_item = snapshot.storages.try_get(self.key_account + account)
+        storage_item = snapshot.storages.try_get(self.key_account + account, read_only=True)
         if storage_item is None:
             return vm.BigInteger.zero()
         else:
@@ -641,17 +641,11 @@ def vote(self,
         return True
 
     @register("getCandidates", contracts.CallFlags.READ_STATES, cpu_price=1 << 22)
-    def get_candidates(self, engine: contracts.ApplicationEngine) -> None:
+    def get_candidates(self, engine: contracts.ApplicationEngine) -> List[Tuple[cryptography.ECPoint, vm.BigInteger]]:
         """
         Fetch all registered candidates, convert them to a StackItem and push them onto the evaluation stack.
         """
-        array = vm.ArrayStackItem(engine.reference_counter)
-        for k, v in self._get_candidates(engine.snapshot):
-            struct = vm.StructStackItem(engine.reference_counter)
-            struct.append(vm.ByteStringStackItem(k.to_array()))
-            struct.append(vm.IntegerStackItem(v))
-            array.append(struct)
-        engine.push(array)
+        return self._get_candidates(engine.snapshot)
 
     @register("getNextBlockValidators", contracts.CallFlags.READ_STATES, cpu_price=1 << 16)
     def get_next_block_validators(self, snapshot: storage.Snapshot) -> List[cryptography.ECPoint]:
@@ -915,16 +909,14 @@ def _compute_committee_members(self, snapshot: storage.Snapshot) -> Dict[cryptog
     def _get_candidates(self,
                         snapshot: storage.Snapshot) -> \
             List[Tuple[cryptography.ECPoint, vm.BigInteger]]:
-        if self._candidates_dirty:
-            self._candidates = []
-            for k, v in snapshot.storages.find(self.key_candidate.to_array()):
-                candidate = _CandidateState.deserialize_from_bytes(v.value)
-                if candidate.registered:
-                    # take of the CANDIDATE prefix
-                    point = cryptography.ECPoint.deserialize_from_bytes(k.key[1:])
-                    self._candidates.append((point, candidate.votes))
-            self._candidates_dirty = False
-
+        self._candidates = []
+        for k, v in snapshot.storages.find(self.key_candidate.to_array()):
+            candidate = _CandidateState.deserialize_from_bytes(v.value)
+            if candidate.registered:
+                # take of the CANDIDATE prefix
+                point = cryptography.ECPoint.deserialize_from_bytes(k.key[1:])
+                self._candidates.append((point, candidate.votes))
+        self._candidates_dirty = False
         return self._candidates
 
     def _should_refresh_committee(self, height: int) -> bool:

neo3/contracts/native/ledger.py

@@ -39,15 +39,15 @@ def get_block(self, snapshot: storage.Snapshot, index_or_hash: bytes) -> Optiona
             height = vm.BigInteger(index_or_hash)
             if height < 0 or height > 4294967295:  # uint.MaxValue
                 raise ValueError("Invalid height")
-            block = snapshot.blocks.try_get_by_height(height, read_only=True)
+            block = snapshot.blocks.try_get_by_height(int(height), read_only=True)
         elif len(index_or_hash) == types.UInt256._BYTE_LEN:
             block_hash = types.UInt256(index_or_hash)
             block = snapshot.blocks.try_get(block_hash, read_only=True)
         else:
             raise ValueError("Invalid data")
 
-        if block and not self._is_traceable_block(snapshot, block.index):
-            block = None
+        if block is None or not self._is_traceable_block(snapshot, block.index):
+            return None
         return block.trim()
 
     @register("getTransaction", contracts.CallFlags.READ_STATES, cpu_price=1 << 15)

neo3/core/cryptography/ecc.py

@@ -32,6 +32,9 @@ def __bool__(self):
     def __hash__(self):
         return hash(self.x + self.y)
 
+    def __deepcopy__(self, memodict={}):
+        return ECPoint.deserialize_from_bytes(self.to_array(), self.curve, False)
+
     def is_zero(self):
         return self.x == 0 and self.y == 0
 

neo3/core/types/uint.py

@@ -18,12 +18,10 @@ def __init__(self, num_bytes: int, data: Union[bytes, bytearray] = None) -> None
 
         if data is None:
             self._data = bytes(num_bytes)
-
         else:
-            self._data = data
-
-            if len(self._data) != num_bytes:
-                raise ValueError(f"Invalid UInt: data length {len(self._data)} != specified num_bytes {num_bytes}")
+            if len(data) < num_bytes:
+                raise ValueError(f"Invalid UInt: data length {len(data)} != specified num_bytes {num_bytes}")
+            self._data = data[:num_bytes]
 
     def __len__(self) -> int:
         """ Count of data bytes. """

neo3/network/payloads/block.py

@@ -302,7 +302,7 @@ def _serializable_init(cls):
         return cls(Header._serializable_init(), [])
 
 
-class TrimmedBlock(serialization.ISerializable):
+class TrimmedBlock(serialization.ISerializable, IInteroperable):
     """
     A size reduced Block instance.
 
@@ -350,6 +350,20 @@ def deserialize(self, reader: serialization.BinaryReader) -> None:
         self.header = reader.read_serializable(Header)
         self.hashes = reader.read_serializable_list(types.UInt256, max=0xFFFF)
 
+    def to_stack_item(self, reference_counter: vm.ReferenceCounter) -> vm.StackItem:
+        array = vm.ArrayStackItem(reference_counter)
+        array.append(vm.ByteStringStackItem(self.header.hash().to_array()))
+        array.append(vm.IntegerStackItem(self.header.version))
+        array.append(vm.ByteStringStackItem(self.header.prev_hash.to_array()))
+        array.append(vm.ByteStringStackItem(self.header.merkle_root.to_array()))
+        array.append(vm.IntegerStackItem(self.header.timestamp))
+        array.append(vm.IntegerStackItem(self.header.nonce))
+        array.append(vm.IntegerStackItem(self.header.index))
+        array.append(vm.IntegerStackItem(self.header.primary_index))
+        array.append(vm.ByteStringStackItem(self.header.next_consensus.to_array()))
+        array.append(vm.IntegerStackItem(len(self.hashes)))
+        return array
+
     @classmethod
     def _serializable_init(cls):
         return cls(Header._serializable_init(), [])

neo3/storage/cache.py

@@ -170,6 +170,7 @@ def __init__(self, db):
         self._internal_get = self._db._internal_block_get
         self._internal_try_get = self._db._internal_block_try_get
         self._internal_all = self._db._internal_block_all
+        self._internal_get_by_height = self._db._internal_block_get_by_height
 
     def put(self, block: payloads.Block) -> None:
         """
@@ -213,7 +214,7 @@ def get_by_height(self, height: int, read_only=False) -> payloads.Block:
         """
         block_hash = self._height_hash_mapping.get(height, None)
         if block_hash is None:
-            raise KeyError
+            block_hash = self._internal_get_by_height(height).hash()  # raises KeyError if block is not found
         return self.get(block_hash, read_only)
 
     def try_get(self, hash: types.UInt256, read_only=False) -> Optional[payloads.Block]:
@@ -237,11 +238,12 @@ def try_get_by_height(self, height: int, read_only=False) -> Optional[payloads.B
             height: block index.
             read_only: set to True to safeguard against return value modifications being persisted when committing.
         """
-        block_hash = self._height_hash_mapping.get(height, None)
-        if block_hash is None:
+        try:
+            block = self.get_by_height(height, read_only)
+        except KeyError:
             return None
 
-        return self.try_get(block_hash, read_only)
+        return self.try_get(block.hash(), read_only)
 
     def delete(self, hash: types.UInt256) -> None:
         """
@@ -280,8 +282,8 @@ def all(self) -> Iterator[payloads.Block]:
 
 
 class CachedContractAccess(CachedAccess):
-    _gas_token_script_hash = types.UInt160.from_string("f61eebf573ea36593fd43aa150c055ad7906ab83")
-    _neo_token_script_hash = types.UInt160.from_string("70e2301955bf1e74cbb31d18c2f96972abadb328")
+    _gas_token_script_hash = types.UInt160.from_string("d2a4cff31913016155e38e474a2c06d08be276cf")
+    _neo_token_script_hash = types.UInt160.from_string("ef4073a0f2b305a38ec4050e4d3d28bc40ea63f5")
 
     def __init__(self, db):
         super(CachedContractAccess, self).__init__(db)

neo3/wallet/account.py

@@ -4,7 +4,7 @@
 import hashlib
 import unicodedata
 from typing import Optional, Dict, Any, List
-from Crypto.Cipher import AES
+from Crypto.Cipher import AES  # type: ignore
 from jsonschema import validate  # type: ignore
 from neo3 import settings, contracts, vm, wallet, storage
 from neo3.network import payloads

requirements.txt

@@ -4,10 +4,10 @@ base58==1.0.3
 bitarray==1.0.1
 coverage>=5.0.2
 Events==0.3
-lz4==2.2.1
+lz4==3.1.3
 neo3crypto==0.2
-neo3vm>=0.8.2
-neo3vm-stubs>=0.8.2
+neo3vm>=0.8.3
+neo3vm-stubs>=0.8.3
 mmh3==2.5.1
 mypy>=0.782
 mypy-extensions==0.4.3
@@ -18,5 +18,5 @@ Sphinx==3.5.2
 sphinx-autodoc-typehints==1.11.1
 pycryptodome==3.10.1
 pycodestyle==2.5.0
-pybiginteger>=1.2.3
-pybiginteger-stubs>=1.2.3
+pybiginteger>=1.2.4
+pybiginteger-stubs>=1.2.4

setup.py

@@ -75,7 +75,7 @@ def run(self):
 setup(
     name='neo-mamba',
     python_requires='==3.8.*',
-    version='0.9',
+    version='0.9.1',
     description="Python SDK for the NEO 3 blockchain",
     long_description=readme,
     long_description_content_type="text/x-rst",

tests/contracts/test_json.py

@@ -228,9 +228,7 @@ def test_serialization_map(self):
         m[key3] = v3
         m[key2] = v2
         s = contracts.JSONSerializer.serialize(m, 999)
-        # this is a known deviation. NEO preserved key order, we don't
-        # but shouldn't matter as it gets deserialized to a map stackitem
-        expected = r'{"test1":1,"test2":2,"test3":3}'
+        expected = r'{"test1":1,"test3":3,"test2":2}'
         self.assertEqual(expected, s)
 
     def test_serialization_array(self):