Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add an Invariant check that a deleted account has no traceable objects left on the ledger. #4638

Closed
ximinez opened this issue Aug 1, 2023 · 4 comments
Closed

Add an Invariant check that a deleted account has no traceable objects left on the ledger. #4638

ximinez opened this issue Aug 1, 2023 · 4 comments
Assignees
@ximinez
Labels
Feature Request Used to indicate requests to add new features

Comments

@ximinez
Copy link
Collaborator

ximinez commented Aug 1, 2023
edited
Loading

Summary

Add a new class to InvariantCheck.h/cpp that finds any deleted AccountRoots (there should only be one, of course) and attempts to read the directory root, and any other objects that can be accessed directly (e.g. the SignerList, NFT page... that might be all of them).

Motivation

The first version of AMM (#4294) support merged to develop did not delete the AMM AccountRoot correctly. Fortunately, this was discovered and reported, and a fix is in progress (#4626). During the review of the second PR, it occurred to me that this issue would have been avoided if there was an invariant to verify if a deleted account has no "artifacts" left on the ledger. (#4626 (comment))

Solution

Create a new invariant class (possible name CompletelyDeletedAccount). Use the visitEntry function to build a vector of deleted AccountRoots (There should only be one, but that's checked by the existing AccountRootsNotDeleted class). Use the finalize function to attempt to read any directly accessible objects from the view. "Directly accessible" in this case means any object that can be addressed (via a Keylet) using only the sfAccountID. That includes, but is not necessarily limited to:

  • Keylet ownerDir(AccountID const& id) noexcept;
  • Keylet signers(AccountID const& account) noexcept;
  • Keylet nftpage_min(AccountID const& owner);
  • Keylet nftpage_max(AccountID const& owner);

Edit: And don't forget to check the for an AMM object if AMMID is populated.
@ximinez ximinez added the Feature Request Used to indicate requests to add new features label Aug 1, 2023
@intelliot
Copy link
Collaborator

After the proposed invariant check has been added, what would occur if a transaction attempts to violate the invariant?

@ximinez
Copy link
Collaborator Author

ximinez commented Aug 3, 2023

After the proposed invariant check has been added, what would occur if a transaction attempts to violate the invariant?

It would get a tecINVARIANT_FAILED result, doing nothing but claim a fee, which would raise alarm bells all over the place. https://github.com/XRPLF/rippled/blob/develop/src/ripple/app/tx/impl/Transactor.cpp#L923-L949

@ximinez ximinez self-assigned this Aug 14, 2023
ximinez added a commit to ximinez/rippled that referenced this issue Aug 17, 2023
@ximinez
Test the new invariant
c711650 
* Resolves XRPLF#4638
@ximinez ximinez mentioned this issue Aug 17, 2023
Merged
ximinez added a commit to ximinez/rippled that referenced this issue Aug 18, 2023
@ximinez
Test the new invariant
b61cd86 
* Resolves XRPLF#4638
@intelliot
Copy link
Collaborator

tecINVARIANT_FAILED makes sense. Could you be more specific about the alarm bells? I'm not sure where those are implemented, and where exactly they show up. I think we may want to add some alerting, at minimum for us internally, but potentially for the broader community as well.

@ximinez
Copy link
Collaborator Author

ximinez commented Aug 26, 2023

Note to self: rewrite the NFT page lookups to use succ. See also: RPC::getAccountObjects.

ximinez added a commit to ximinez/rippled that referenced this issue Sep 1, 2023
@ximinez
Test the new invariant
62db8b9 
* Resolves XRPLF#4638
ximinez added a commit to ximinez/rippled that referenced this issue Sep 1, 2023
@ximinez
Test the new invariant
da3692c 
* Resolves XRPLF#4638
ximinez added a commit to ximinez/rippled that referenced this issue Sep 11, 2023
@ximinez
Test the new invariant
947f710 
* Resolves XRPLF#4638
ximinez added a commit to ximinez/rippled that referenced this issue Sep 12, 2023
@ximinez
Test the new invariant
d158bfd 
* Resolves XRPLF#4638
ximinez added a commit to ximinez/rippled that referenced this issue Sep 13, 2023
@ximinez
Test the new invariant
8a285a7 
* Resolves XRPLF#4638
ximinez added a commit to ximinez/rippled that referenced this issue Sep 14, 2023
@ximinez
Test the new invariant
a334d98 
* Resolves XRPLF#4638
ximinez added a commit to ximinez/rippled that referenced this issue Sep 14, 2023
@ximinez
Adds invariant AccountRootsDeletedClean:
cfb4d1d 
* Checks that a deleted account doesn't leave any directly
  accessible artifacts behind.
* Always tests, but only changes the transaction result if
  featureInvariantsV1_1 is enabled.
* Unit tests.

* Resolves XRPLF#4638
ximinez added a commit to ximinez/rippled that referenced this issue Sep 14, 2023
@ximinez
Adds invariant AccountRootsDeletedClean:
5ed066f 
* Checks that a deleted account doesn't leave any directly
  accessible artifacts behind.
* Always tests, but only changes the transaction result if
  featureInvariantsV1_1 is enabled.
* Unit tests.

* Resolves XRPLF#4638
ximinez added a commit to ximinez/rippled that referenced this issue Sep 15, 2023
@ximinez
Adds invariant AccountRootsDeletedClean:
6699dc2 
* Checks that a deleted account doesn't leave any directly
  accessible artifacts behind.
* Always tests, but only changes the transaction result if
  featureInvariantsV1_1 is enabled.
* Unit tests.

* Resolves XRPLF#4638
ximinez added a commit to ximinez/rippled that referenced this issue Sep 18, 2023
@ximinez
Adds invariant AccountRootsDeletedClean:
cdda729 
* Checks that a deleted account doesn't leave any directly
  accessible artifacts behind.
* Always tests, but only changes the transaction result if
  featureInvariantsV1_1 is enabled.
* Unit tests.

* Resolves XRPLF#4638
ximinez added a commit to ximinez/rippled that referenced this issue Sep 28, 2023
@ximinez
Adds invariant AccountRootsDeletedClean:
9580a7d 
* Checks that a deleted account doesn't leave any directly
  accessible artifacts behind.
* Always tests, but only changes the transaction result if
  featureInvariantsV1_1 is enabled.
* Unit tests.

* Resolves XRPLF#4638
ximinez added a commit to ximinez/rippled that referenced this issue Sep 28, 2023
@ximinez
Adds invariant AccountRootsDeletedClean:
5249527 
* Checks that a deleted account doesn't leave any directly
  accessible artifacts behind.
* Always tests, but only changes the transaction result if
  featureInvariantsV1_1 is enabled.
* Unit tests.

* Resolves XRPLF#4638
ximinez added a commit to ximinez/rippled that referenced this issue Oct 2, 2023
@ximinez
Adds invariant AccountRootsDeletedClean:
9136e22 
* Checks that a deleted account doesn't leave any directly
  accessible artifacts behind.
* Always tests, but only changes the transaction result if
  featureInvariantsV1_1 is enabled.
* Unit tests.

* Resolves XRPLF#4638
ximinez added a commit to ximinez/rippled that referenced this issue Oct 3, 2023
@ximinez
Adds invariant AccountRootsDeletedClean:
de83eaf 
* Checks that a deleted account doesn't leave any directly
  accessible artifacts behind.
* Always tests, but only changes the transaction result if
  featureInvariantsV1_1 is enabled.
* Unit tests.

* Resolves XRPLF#4638
ximinez added a commit to ximinez/rippled that referenced this issue Oct 5, 2023
@ximinez
Adds invariant AccountRootsDeletedClean:
f3b12db 
* Checks that a deleted account doesn't leave any directly
  accessible artifacts behind.
* Always tests, but only changes the transaction result if
  featureInvariantsV1_1 is enabled.
* Unit tests.

* Resolves XRPLF#4638
ximinez added a commit to ximinez/rippled that referenced this issue Oct 6, 2023
@ximinez
Adds invariant AccountRootsDeletedClean:
53e0482 
* Checks that a deleted account doesn't leave any directly
  accessible artifacts behind.
* Always tests, but only changes the transaction result if
  featureInvariantsV1_1 is enabled.
* Unit tests.

* Resolves XRPLF#4638
ximinez added a commit to ximinez/rippled that referenced this issue Oct 9, 2023
@ximinez
Adds invariant AccountRootsDeletedClean:
ca69b62 
* Checks that a deleted account doesn't leave any directly
  accessible artifacts behind.
* Always tests, but only changes the transaction result if
  featureInvariantsV1_1 is enabled.
* Unit tests.

* Resolves XRPLF#4638
ximinez added a commit to ximinez/rippled that referenced this issue Oct 10, 2023
@ximinez
Adds invariant AccountRootsDeletedClean:
3f43634 
* Checks that a deleted account doesn't leave any directly
  accessible artifacts behind.
* Always tests, but only changes the transaction result if
  featureInvariantsV1_1 is enabled.
* Unit tests.

* Resolves XRPLF#4638
ximinez added a commit to ximinez/rippled that referenced this issue Oct 12, 2023
@ximinez
Adds invariant AccountRootsDeletedClean:
06560e6 
* Checks that a deleted account doesn't leave any directly
  accessible artifacts behind.
* Always tests, but only changes the transaction result if
  featureInvariantsV1_1 is enabled.
* Unit tests.

* Resolves XRPLF#4638
ximinez added a commit to ximinez/rippled that referenced this issue Oct 19, 2023
@ximinez
Adds invariant AccountRootsDeletedClean:
110ecde 
* Checks that a deleted account doesn't leave any directly
  accessible artifacts behind.
* Always tests, but only changes the transaction result if
  featureInvariantsV1_1 is enabled.
* Unit tests.

* Resolves XRPLF#4638
ximinez added a commit to ximinez/rippled that referenced this issue Oct 20, 2023
@ximinez
Adds invariant AccountRootsDeletedClean:
9c97694 
* Checks that a deleted account doesn't leave any directly
  accessible artifacts behind.
* Always tests, but only changes the transaction result if
  featureInvariantsV1_1 is enabled.
* Unit tests.

* Resolves XRPLF#4638
ximinez added a commit to ximinez/rippled that referenced this issue Oct 23, 2023
@ximinez
Adds invariant AccountRootsDeletedClean:
a679e84 
* Checks that a deleted account doesn't leave any directly
  accessible artifacts behind.
* Always tests, but only changes the transaction result if
  featureInvariantsV1_1 is enabled.
* Unit tests.

* Resolves XRPLF#4638
ximinez added a commit to ximinez/rippled that referenced this issue Oct 23, 2023
@ximinez
Adds invariant AccountRootsDeletedClean:
d9d403e 
* Checks that a deleted account doesn't leave any directly
  accessible artifacts behind.
* Always tests, but only changes the transaction result if
  featureInvariantsV1_1 is enabled.
* Unit tests.

* Resolves XRPLF#4638
ximinez added a commit to ximinez/rippled that referenced this issue Oct 23, 2023
@ximinez
Adds invariant AccountRootsDeletedClean:
bb4ce71 
* Checks that a deleted account doesn't leave any directly
  accessible artifacts behind.
* Always tests, but only changes the transaction result if
  featureInvariantsV1_1 is enabled.
* Unit tests.

* Resolves XRPLF#4638
@zrayn zrayn closed this as completed in a17ccca Jul 5, 2024
vlntb pushed a commit to vlntb/rippled that referenced this issue Aug 23, 2024
@ximinez @vlntb
Invariant: prevent a deleted account from leaving (most) artifacts on…
69f8590 
… the ledger. (XRPLF#4663)

* Add feature / amendment "InvariantsV1_1"

* Adds invariant AccountRootsDeletedClean:

* Checks that a deleted account doesn't leave any directly
  accessible artifacts behind.
* Always tests, but only changes the transaction result if
  featureInvariantsV1_1 is enabled.
* Unit tests.

* Resolves XRPLF#4638

* [FOLD] Review feedback from @gregtatcam:

* Fix unused variable warning
* Improve Invariant test const correctness

* [FOLD] Review feedback from @mvadari:

* Centralize the account keylet function list, and some optimization

* [FOLD] Some structured binding doesn't work in clang

* [FOLD] Review feedback 2 from @mvadari:

* Clean up and clarify some comments.

* [FOLD] Change InvariantsV1_1 to unsupported

* Will allow multiple PRs to be merged over time using the same amendment.

* fixup! [FOLD] Change InvariantsV1_1 to unsupported

* [FOLD] Update and clarify some comments. No code changes.

* Move CMake directory

* Rearrange sources

* Rewrite includes

* Recompute loops

* Fix merge issue and formatting

---------

Co-authored-by: Pretty Printer <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ximinez ximinez

Labels
Feature Request Used to indicate requests to add new features
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@intelliot @ximinez