From dd549d526d5a42dd5707103a4e43efad94ee74bd Mon Sep 17 00:00:00 2001 From: trantorian <114066155+Trantorian1@users.noreply.github.com> Date: Mon, 30 Dec 2024 17:37:43 +0100 Subject: [PATCH 1/2] fix(devnet): loosened devnet chain id restrictions --- CHANGELOG.md | 1 + README.md | 20 +++++++++++-------- .../madara/node/src/cli/block_production.rs | 5 ----- crates/madara/node/src/cli/mod.rs | 12 ----------- crates/madara/node/src/main.rs | 20 +++++++++---------- 5 files changed, 22 insertions(+), 36 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1ac02bfcc..359aa6b94 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,7 @@ ## Next release +- fix(devnet): loosened devnet chain id restrictions - chore: Move crates under a madara subdir - chore(nix): resolve flake and direnv compatibility issues - fix: Gateway path fix diff --git a/README.md b/README.md index 47906d2ff..a6330d505 100644 --- a/README.md +++ b/README.md @@ -94,6 +94,10 @@ You can choose between different build modes: Start the Madara client with a basic set of arguments depending on your chosen mode: +> [!NOTE] +> Head to the [Configuration](#%EF%B8%8F-configuration) section to learn more about +> customizing your node. + #### Full Node Synchronizes the state of the chain from genesis. @@ -125,16 +129,16 @@ cargo run --release -- \ A node in a private local network. ```bash -cargo run --release -- \ - --name Madara \ - --devnet \ - --base-path /var/lib/madara \ - --preset sepolia + cargo run --release -- \ + --name Madara \ + --devnet \ + --base-path ../madara_db \ + --chain-config-override=chain_id=MY_CUSTOM_DEVNET ``` -> [!NOTE] -> Head to the [Configuration](#%EF%B8%8F-configuration) section to learn more about -> customizing your node. +> [!CAUTION] +> Make sure to use a unique `chain_id` for your devnet to avoid potential replay +> attacks in other chains with the same chain id! #### 4. Presets diff --git a/crates/madara/node/src/cli/block_production.rs b/crates/madara/node/src/cli/block_production.rs index e85d18a10..ee4dd097a 100644 --- a/crates/madara/node/src/cli/block_production.rs +++ b/crates/madara/node/src/cli/block_production.rs @@ -6,11 +6,6 @@ pub struct BlockProductionParams { #[arg(env = "MADARA_BLOCK_PRODUCTION_DISABLED", long, alias = "no-block-production")] pub block_production_disabled: bool, - /// Launch a devnet with a production chain id (like SN_MAINNET, SN_SEPOLIA). - /// This in unsafe because your devnet transactions can be replayed on the actual network. - #[arg(env = "MADARA_OVERRIDE_DEVNET_CHAIN_ID", long, default_value_t = false)] - pub override_devnet_chain_id: bool, - /// Create this number of contracts in the genesis block for the devnet configuration. #[arg(env = "MADARA_DEVNET_CONTRACTS", long, default_value_t = 10)] pub devnet_contracts: u64, diff --git a/crates/madara/node/src/cli/mod.rs b/crates/madara/node/src/cli/mod.rs index 557f6d8de..76052c192 100644 --- a/crates/madara/node/src/cli/mod.rs +++ b/crates/madara/node/src/cli/mod.rs @@ -16,7 +16,6 @@ pub use db::*; pub use gateway::*; pub use l2::*; pub use rpc::*; -use starknet_api::core::ChainId; use std::str::FromStr; pub use telemetry::*; @@ -313,17 +312,6 @@ pub enum NetworkType { Devnet, } -impl NetworkType { - pub fn chain_id(&self) -> ChainId { - match self { - NetworkType::Main => ChainId::Mainnet, - NetworkType::Test => ChainId::Sepolia, - NetworkType::Integration => ChainId::IntegrationSepolia, - NetworkType::Devnet => ChainId::Other("MADARA_DEVNET".to_string()), - } - } -} - #[derive(Debug, Clone, clap::ValueEnum)] #[value(rename_all = "kebab-case")] pub enum ChainPreset { diff --git a/crates/madara/node/src/main.rs b/crates/madara/node/src/main.rs index b0958cc46..fafdb6fe6 100644 --- a/crates/madara/node/src/main.rs +++ b/crates/madara/node/src/main.rs @@ -7,7 +7,7 @@ mod util; use anyhow::{bail, Context}; use clap::Parser; -use cli::{NetworkType, RunCmd}; +use cli::RunCmd; use http::{HeaderName, HeaderValue}; use mc_analytics::Analytics; use mc_block_import::BlockImporter; @@ -20,6 +20,7 @@ use mc_telemetry::{SysInfo, TelemetryService}; use mp_oracle::pragma::PragmaOracleBuilder; use mp_utils::service::{MadaraServiceId, ServiceMonitor}; use service::{BlockProductionService, GatewayService, L1SyncService, L2SyncService, RpcService}; +use starknet_api::core::ChainId; use std::sync::Arc; const GREET_IMPL_NAME: &str = "Madara"; @@ -50,16 +51,13 @@ async fn main() -> anyhow::Result<()> { run_cmd.chain_config()? }; - // Check if the devnet is running with the correct chain id. - if run_cmd.devnet && chain_config.chain_id != NetworkType::Devnet.chain_id() { - if !run_cmd.block_production_params.override_devnet_chain_id { - tracing::error!("You're running a devnet with the network config of {:?}. This means that devnet transactions can be replayed on the actual network. Use `--network=devnet` instead. Or if this is the expected behavior please pass `--override-devnet-chain-id`", chain_config.chain_name); - panic!(); - } else { - // This log is immediately flooded with devnet accounts and so this can be missed. - // Should we add a delay here to make this clearly visisble? - tracing::warn!("You're running a devnet with the network config of {:?}. This means that devnet transactions can be replayed on the actual network.", run_cmd.network); - } + // Check if the devnet is running with the correct chain id. This is purely + // to avoid accidental setups which would allow for replay attacks. This is + // possible if the devnet has the same chain id as another popular chain, + // allowing txs which occur on it to also be replayed on that other chain. + if run_cmd.devnet && (chain_config.chain_id == ChainId::Mainnet || chain_config.chain_id == ChainId::Sepolia) { + tracing::error!("You're running a devnet with the network config of {0}. This means that devnet transactions can be replayed on the actual {0} network. Use `--network=devnet` instead.", chain_config.chain_name); + anyhow::bail!("Devnet") } let node_name = run_cmd.node_name_or_provide().await.to_string(); From 153792de7dfc721077edbd88f71d73185560be41 Mon Sep 17 00:00:00 2001 From: trantorian <114066155+Trantorian1@users.noreply.github.com> Date: Wed, 8 Jan 2025 10:18:58 +0100 Subject: [PATCH 2/2] fix(comments) --- crates/madara/node/src/cli/mod.rs | 4 ++++ crates/madara/node/src/main.rs | 8 +++++--- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/crates/madara/node/src/cli/mod.rs b/crates/madara/node/src/cli/mod.rs index 76052c192..9fae86aa8 100644 --- a/crates/madara/node/src/cli/mod.rs +++ b/crates/madara/node/src/cli/mod.rs @@ -187,6 +187,10 @@ pub struct RunCmd { #[arg(env = "MADARA_DEVNET", long, group = "mode")] pub devnet: bool, + /// Allows a devnet to have SN_MAIN or SN_SEPOLIA as its chain ID. + #[arg(env = "MADARA_DEVNET_UNSAFE", long, requires = "devnet")] + pub devnet_unsafe: bool, + /// The network chain configuration. #[clap(env = "MADARA_NETWORK", long, short, group = "full_mode_config")] pub network: Option, diff --git a/crates/madara/node/src/main.rs b/crates/madara/node/src/main.rs index fafdb6fe6..00314928b 100644 --- a/crates/madara/node/src/main.rs +++ b/crates/madara/node/src/main.rs @@ -55,9 +55,11 @@ async fn main() -> anyhow::Result<()> { // to avoid accidental setups which would allow for replay attacks. This is // possible if the devnet has the same chain id as another popular chain, // allowing txs which occur on it to also be replayed on that other chain. - if run_cmd.devnet && (chain_config.chain_id == ChainId::Mainnet || chain_config.chain_id == ChainId::Sepolia) { - tracing::error!("You're running a devnet with the network config of {0}. This means that devnet transactions can be replayed on the actual {0} network. Use `--network=devnet` instead.", chain_config.chain_name); - anyhow::bail!("Devnet") + if run_cmd.devnet + && (chain_config.chain_id == ChainId::Mainnet || chain_config.chain_id == ChainId::Sepolia) + && !run_cmd.devnet_unsafe + { + anyhow::bail!("You're running a devnet with the network config of {0}. This means that devnet transactions can be replayed on the actual {0} network. Use `--network=devnet` instead or force this configuration with `--devnet-unsafe`.", chain_config.chain_name); } let node_name = run_cmd.node_name_or_provide().await.to_string();