Token network registry preconditions

[rakanalh]

Merge after #4876

Fixes: #4889
Fixes: #4888
Fixes: #4886
Fixes: #4884
Fixes #4882

Description

Please, describe what this PR does in detail:

• If it's a bug fix, detail the root cause of the bug and how this PR fixes it.
• If it's a new feature, describe the feature this PR is introducing and design decisions.
• If it's a refactoring, describe why it is necessary. What are its pros and cons in respect to the previous code, and other possible design choices.

PR review check list

Quality check list that cannot be automatically verified.

• Safety
  • The changes respect the necessary conditions for safety (https://raiden-network-specification.readthedocs.io/en/latest/smart_contracts.html#protocol-values-constraints)
• Code quality
  • Error conditions are handled
  • Exceptions are propagated to the correct parent greenlet
  • Exceptions are correctly classified as recoverable or unrecoverable
• Compatibility
  • State changes are forward compatible
  • Transport messages are backwards and forward compatible
• Commits
  • Have good messages
  • Squashed unecessary commits
• If it's a bug fix:
  • Regression test for the bug
    • Properly covers the bug
    • If an integration test is used, it could not be written as a unit test
• Documentation
  • A new CLI flag was introduced, is there documentation that explains usage?
• Specs
  • If this is a protocol change, are the specs updated accordingly? If so, please link PR from the specs repo.
• Is it a user facing feature/bug fix?
  • Changelog entry has been added

[hackaugusto]

Checklist of the preconditions:

• canCreateTokenNetwork modified
• require(token_to_token_networks[_token_address] == address(0x0));, done by already_registered = self.get_token_network
• require(_token_address != address(0x0));, done above by if token_address == NULL_ADDRESS_BYTES:
• require(_secret_registry != address(0x0));, checked implicitly, if the registry exist this value is not zero.
• require(_deprecation_executor != address(0x0));, checked implicitly, if the registry exist this value is not zero.
• require(_chain_id > 0);, checked implicitly, if the registry exist this value is not zero.
• require(_settlement_timeout_min > 0);, checked implicitly, if the registry exist this value is not zero.
• require(_settlement_timeout_max > _settlement_timeout_min);, checked implicitly, if the registry exist this value is greater than the min.
• require(contractExists(_token_address));, checked implicitly, if the proxy exist the address was checked for code.
• require(contractExists(_secret_registry));, checked implicitly, if the registry exist this value is greater than the min.
• require(_token_network_deposit_limit > 0);
• require(_token_network_deposit_limit >= _channel_participant_deposit_limit);
• require(token.totalSupply() > 0);, done by token_supply = token_proxy.total_supply(block_identifier=block_identifier).

[hackaugusto]

btw, the checks for:

require(_token_network_deposit_limit > 0);
require(_token_network_deposit_limit >= _channel_participant_deposit_limit);

can be done above, together with the check for the NULL_ADDRESS_BYTES.

[hackaugusto]

side note, can you try this out and see if the proxy will raise an exception instead of returning ""? The RPC call does return "", and back in the day when we used the JSONRPCClient to do these requests that was the value we got. However, I believe that web3 will actually check if the return type of the called function matches the value returned by the RPC call, and if the types don't match I believe it will raise an exception. In this case the total_supply ABI says the return type is an int, so I think that an exception will be raised here. You can easily check that by instantiating a Token proxy using the TokenNetworkRegistry address and calling the function.

[rakanalh]

Created an issue for this: #4945

[pirapira]

I think we should not check this. After a fork, there will be a fork with the original chain_id and another fork with a different chain_id. The choice is on the user.

[rakanalh]

That's not something we have to handle. Because when the user runs Raiden, it is ran on a specific chain ID. If there was a fork at some point and the user choose to use that new chain, Raiden has to be restarted to use that chain which will have a new ID.

[pirapira]

1. We deploy the contract on chain_id == 1 and store chain_id == 1 in the contract
2. A fork happens into chain_ids 1 and 231.
3. A user tries to use the smart contract on chain 231.

In this case, the smart contract still remembers chain_id == 1 (that's the left hand side). But blockchain_service.network_id points to 231 because now the user is trying to use chain_id 231. So the check fails here. If the proxy allows, the transaction would succeed onchain because on-chain we don't check that the chain_id is a particular value.

[pirapira]

I already know that the user runs Raiden on a specific chain ID, but I see the problem ^.

[LefterisJP]

Isn't it also a problem that we store the chain id in the contract though? If there is a fork and both sides survive (let's say 1 and 231 per your example), the contracts would need to be redeployed in 231 chain.

If they are not then the on-chain chain_id would be wrong and as such all functions using it such as recoverAddressFromBalanceProof() would not work.

[pirapira]

Currently, the onchain chain_id would be wrong. That's why no strict checks should be performed with it.

[pirapira]

This point is kept track in #4956

[pirapira]

Here too, this check is nowhere in smart contracts. And I think Raiden should be usable on both chains after a fork.

[pirapira]

This point is kept track in #4956

[pirapira]

I heard that the proxies should not raise specific errors. This should be BrokenPreconditionError. #4878 (comment)

[rakanalh]

@pirapira No... it seems like the definition is still vague. This should not be a precondition error.

[pirapira]

token_network_deposit_limit > 0 is a precondition. Here we're in a proxy and checking a precondition before estimating the gas. So the exception should be BrokenPreconditionError.

[pirapira]

This point is kept track in #4957

[codecov]

Codecov Report

Merging #4936 into develop will decrease coverage by 0.4%.
The diff coverage is 42.3%.

@@             Coverage Diff             @@
##           develop    #4936      +/-   ##
===========================================
- Coverage    80.79%   80.39%   -0.41%     
===========================================
  Files          120      120              
  Lines        14514    14604      +90     
  Branches      2238     2265      +27     
===========================================
+ Hits         11727    11741      +14     
- Misses        2134     2193      +59     
- Partials       653      670      +17

Impacted Files	Coverage Δ
raiden/exceptions.py	100% <100%> (ø)	⬆️
raiden/app.py	95% <100%> (+0.26%)	⬆️
raiden/network/proxies/token_network_registry.py	52.63% <40.47%> (-24.52%)	⬇️
raiden/waiting.py	81.71% <0%> (-4%)	⬇️
raiden/utils/__init__.py	82.69% <0%> (-0.97%)	⬇️
raiden/tasks.py	66.91% <0%> (-0.74%)	⬇️
raiden/raiden_event_handler.py	91.84% <0%> (-0.63%)	⬇️
raiden/transfer/channel.py	89% <0%> (-0.44%)	⬇️
raiden/transfer/mediated_transfer/mediator.py	90.25% <0%> (-0.2%)	⬇️
raiden/network/pathfinding.py	87.08% <0%> (-0.06%)	⬇️
... and 6 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 0490408...1efc4b6. Read the comment docs.

[pirapira]

This can happen only when the API didn't check enough conditions. This should crash the node with BrokenPreconditionError.

[pirapira]

This can only happen when the API didn't check the condition. This situation should crash the node with BrokenPreconditionError.