[FR] - Add File Hash Validation when Building Transaction

[Crypto2099]

Internal/External
External

Area
Other

Describe the feature you'd like
When publishing an action that expects or includes a remotely hosted metadata file and a confirmation hash (e.g. pool registration/update, governance action creation/submission) and using cardano-cli transaction build then we should provide a mechanism to provide some dummy-proofing for the user w.r.t. validating that the provided hash matches the file contents at the remote source.

Describe alternatives you've considered
The current alternative is for users to download the file themselves from the remote source and then hash the file and double-check that the values entered into these commands (cardano-cli transaction build or cardano-cli governance create-info) match.

Additional context / screenshots
A very "costly" real world example is the first Governance Action published to mainnet: https://cexplorer.io/tx/15f82a365bdee483a4b03873a40d3829cc88c048ff3703e11bd01dd9e035c916/governance#data

File URL: ipfs://QmWjcHsrq9kKHZZ7aPPFjqN6wLuxH9d8bcqssmrE7H4cvb

Here we had two potential points where the CLI could have provided confirmation/validation of the URI and the hash.

There are currently two types of certificates that rely on remotely hosted files and their hashes being published to the blockchain:

• Governance Actions
• Governance Votes
• dRep Registrations/Updates
• Stake Pool Registrations/Updates

Governance Action Create

dev@null:~$ body_hash=$(./cardano-signer hash --cip100 --data-file govaction.jsonld)
dev@null:~$ file_hash=$(b2sum -l 256 govaction.jsonld)
dev@null:~$ cardano-cli conway governance action create-info \
>  --mainnet \
>  --governance-action-deposit 100000000000 \
>  --deposit-return-stake-verification-key-file govaction.staking.vkey \
>  --anchor-url ipfs://QmWjcHsrq9kKHZZ7aPPFjqN6wLuxH9d8bcqssmrE7H4cvb \
>  --anchor-data-hash $body_hash \
>  --out-file governance.action

Here we have an opportunity for the CLI (assuming there is an IPFS_GATEWAY_URI environment variable set) to fetch the resource to a local temporary file and confirm that the correct and matching hash has been used. In the example shown, we've incorrectly used the body_hash instead of the file_hash (which is what actually happened with this first gov action).

Governance Vote

dev@null:~$ cardano-cli conway governance vote create \
> --yes \
> --governance-action-tx-id abc123 \
> --governance-action-index 0 \
> --drep-verification-key-file adam.drep.vkey \
> --anchor-url abc.123.fun \
> --anchor-data-hash abc123 \
> --out-file adam.vote

dRep Registration Certificate

dev@null:~$ cardano-cli conway governance drep registration-certificate \
> --drep-verification-key-file adam.drep.vkey \
> --key-reg-deposit-amt 2000000 \
> --drep-metadata-url abc.123.xyz \
> --drep-metadata-hash abc123 \
> --out-file adam.drep.cert

dRep Update Certificate

dev@null:~$ cardano-cli conway governance drep update-certificate \
> --drep-verification-key-file adam.drep.vkey \
> --key-reg-deposit-amt 2000000 \
> --drep-metadata-url abc.123.xyz \
> --drep-metadata-hash abc123 \
> --out-file adam.drep.cert

Stake Pool Registration Certificate

dev@null:~$ body_hash=$(./cardano-signer hash --cip100 --data-file govaction.jsonld)
dev@null:~$ file_hash=$(b2sum -l 256 govaction.jsonld)
dev@null:~$ pool_metadata=$(cardano-cli conway stake-pool metadata-hash --pool-metadata-file pool.json)
dev@null:~$ cardano-cli conway stake-pool registration-certificate \
> --mainnet \
> --stake-pool-verification-key-file mypool.cold.vkey \
> --vrf-verification-key-file mypool.vrf.vkey \
> --pool-pledge 100000000000 \
> --pool-cost 170000000 \
> --pool-margin 0.01 \
> --pool-reward-account-verification-key-file mypool.rewards.vkey \
> --pool-owner-stake-verification-key-file mypool.owner.vkey \
> --pool-relay-ipv4 192.168.0.1 \
> --pool-relay-port 1337 \
> --metadata-url https://github.com/crypto2099/mypool.json \
> --metadata-hash $file_hash \
> --out-file my-pool.cert

Here we have an opportunity for the CLI (maybe assuming there is an IPFS_GATEWAY_URI environment variable set if we switch to allowing IPFS URIs for stake pool metadata in the future) to fetch the resource to a local temporary file and confirm that the correct and matching hash has been used. In the example shown, we've incorrectly used the file_hash variable which is the blake2b-256 of our Governance Action metadata file rather than our stake pool metadata file so this will cause issues and errors downstream with explorers (this has happened literally hundreds if not thousands of times in the 4 years since Shelley).

Certificate Transaction Building

When using cardano-cli transaction build... we can assume that the user is utilizing a "hot" network environment with a local or remote connection to a node and so, it should be possible to check when there is a proposal-file, vote-file, or certificate-file and their related metadata URLs and hashes are valid and either:

• Issue a warning if the hashes cannot be checked for some reason (file not accessible?)
• Issue a warning if the hash does not match the file contents

cardano-cli conway transaction build \
--mainnet \
--tx-in ${tx_in_id} \
--change-address ${my_change_address} \
--proposal-file ${gov_action_file} \
--vote-file ${gov_vote_file} \
--certificate-file ${pool_cert_file} \
--out-file my.tx.unsigned

[Jimbo4350]

Thanks for this @Crypto2099. @palas is looking in to it.

[palas]

Sorry for the opening and closing, but GitHub closes automatically every time I merge a PR...