Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Vesting use case succeeds even if validator is set to True #942

Open
locallycompact opened this issue Feb 9, 2023 · 9 comments
Open

Vesting use case succeeds even if validator is set to True #942

locallycompact opened this issue Feb 9, 2023 · 9 comments
Labels
enhancement New feature or request Tracked Issue is tracked in our internal backlog

Comments

@locallycompact
Copy link
Contributor

locallycompact commented Feb 9, 2023

Summary

applying this diff

@@ -131,21 +131,7 @@ remainingFrom t@VestingTranche{vestingTrancheAmount} range =
 {-# INLINABLE validate #-}
 validate :: VestingParams -> () -> () -> V2.ScriptContext -> Bool
 validate VestingParams{vestingTranche1, vestingTranche2, vestingOwner} () () [email protected]{scriptContextTxInfo=txInfo@TxInfo{txInfoValidRange}} =
-    let
-        remainingActual  = V2.valueLockedBy txInfo (V2.ownHash ctx)
-
-        remainingExpected =
-            remainingFrom vestingTranche1 txInfoValidRange
-            + remainingFrom vestingTranche2 txInfoValidRange
-
-    in remainingActual `Value.geq` remainingExpected
-            -- The policy encoded in this contract
-            -- is "vestingOwner can do with the funds what they want" (as opposed
-            -- to "the funds must be paid to vestingOwner"). This is enforcey by
-            -- the following condition:
-            && V2.txSignedBy txInfo (unPaymentPubKeyHash vestingOwner)
-            -- That way the recipient of the funds can pay them to whatever address they
-            -- please, potentially saving one transaction.
+       True

 vestingScript :: VestingParams -> Validator
 vestingScript = Scripts.validatorScript . typedValidator

still makes all the tests for this use case pass

Steps to reproduce the behavior

apply the diff

Actual Result

doesn't work

Expected Result

should work

Describe the approach you would take to fix this

No response

System info

nixos

@locallycompact locallycompact added the bug Something isn't working label Feb 9, 2023
@locallycompact
Copy link
Contributor Author

Can anyone shed any light on this? It's very confusing.

@nielstron
Copy link

Are there any negative test cases for this contract i.e. cases where the contract is expected to fail?

@berewt
Copy link
Contributor

berewt commented Mar 9, 2023

I had a look at it. The Vesting test aren't unit test about the validators, but integration tests that test both the OffChain and the OnChain code at the same time. The retrieve endpoint do an off chain of the avaible founds before we try and submit the Tx, so the too permissive enchain code isn't checked in the end.

We should have add a test on the enchain code itself though, you're right.

@berewt berewt added Tracked Issue is tracked in our internal backlog enhancement New feature or request and removed bug Something isn't working labels Mar 9, 2023
@locallycompact
Copy link
Contributor Author

A negative test case would not be a test of the on-chain code directly but an adversarial action that expects the model not to change.

@berewt
Copy link
Contributor

berewt commented Mar 13, 2023

Both are valid test scenarios actually, you want to check the behaviour of the onchain code and to protect yourself against malicious transaction.

@locallycompact
Copy link
Contributor Author

I really don't see how. The validator only makes sense in the context you intend it to form a functioning contract. A validator by itself is not correct or incorrect, it just is what it is.

@berewt
Copy link
Contributor

berewt commented Mar 24, 2023

The validator itself is a function, you can use test to specify it and validates that it behaves as specified by the tests.
You can then check if this specification is correct in the context of a functioning contract by providing adversarial attacks.

Your validator can respect the specification and the specification can be too weak to ensure properties of a functioning contract, or it can be what is needed.
Checking both allows you to know if the validator is incorrect or if your specifications are too weak.

@locallycompact
Copy link
Contributor Author

The validator is just a content-addressed predicate. The same validator in different contexts can be used for completely different behaviour. There is nothing to say by testing the validator in isolation except to say that it is that predicate. Everything that is testable is defined by what actions you perform and what should the result be.

@berewt
Copy link
Contributor

berewt commented Mar 24, 2023

We're derailing out of the scope of the issue and it's probably the best place to talk about It (not that I wouldn't like to, but I prefer to keep the comments focused on the initial issue). The issue is tracked. We'll see when and how we'll be able to address it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request Tracked Issue is tracked in our internal backlog
Projects
None yet
Development

No branches or pull requests

3 participants