Skip to content

Commit

Permalink
Merge pull request #6435 from onflow/jord/script-parse-recover
Browse files Browse the repository at this point in the history
Transaction Validator recovers from script parse panic
  • Loading branch information
jordanschalm authored Sep 6, 2024
2 parents 59a9dc7 + 8f8888c commit 661a419
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 4 deletions.
17 changes: 13 additions & 4 deletions access/validator.go
Original file line number Diff line number Diff line change
Expand Up @@ -320,11 +320,20 @@ func (v *TransactionValidator) checkExpiry(tx *flow.TransactionBody) error {
return nil
}

func (v *TransactionValidator) checkCanBeParsed(tx *flow.TransactionBody) error {
func (v *TransactionValidator) checkCanBeParsed(tx *flow.TransactionBody) (err error) {
defer func() {
if r := recover(); r != nil {
if panicErr, ok := r.(error); ok {
err = InvalidScriptError{ParserErr: panicErr}
} else {
err = InvalidScriptError{ParserErr: fmt.Errorf("non-error-typed panic: %v", r)}
}
}
}()
if v.options.CheckScriptsParse {
_, err := parser.ParseProgram(nil, tx.Script, parser.Config{})
if err != nil {
return InvalidScriptError{ParserErr: err}
_, parseErr := parser.ParseProgram(nil, tx.Script, parser.Config{})
if parseErr != nil {
return InvalidScriptError{ParserErr: parseErr}
}
}

Expand Down
19 changes: 19 additions & 0 deletions engine/collection/ingest/engine_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -172,6 +172,25 @@ func (suite *Suite) TestInvalidTransaction() {
suite.Assert().True(errors.As(err, &access.InvalidScriptError{}))
})

// In some cases the Cadence parser will panic rather than return an error.
// If this happens, we should recover from the panic and return an InvalidScriptError.
// See: https://github.com/onflow/cadence/issues/3428, https://github.com/dapperlabs/flow-go/issues/6964
suite.Run("transaction script exceeds parse token limit (Cadence parser panic should be caught)", func() {
const tokenLimit = 1 << 19
script := "{};"
for len(script) < tokenLimit {
script += script
}

tx := unittest.TransactionBodyFixture()
tx.ReferenceBlockID = suite.root.ID()
tx.Script = []byte("transaction { execute {" + script + "}}")

err := suite.engine.ProcessTransaction(&tx)
suite.Assert().Error(err)
suite.Assert().True(errors.As(err, &access.InvalidScriptError{}))
})

suite.Run("invalid signature format", func() {
signer := flow.Testnet.Chain().ServiceAddress()
keyIndex := uint32(0)
Expand Down

0 comments on commit 661a419

Please sign in to comment.