feat: add zetaclient dry-mode support for TON#4253
Closed
feat: add zetaclient dry-mode support for TON#4253
Conversation
* fix: ratelimiting race condition vuln * fix: ratelimiting race condition vuln - Fix race condition in RateLimiter.Release() function - Replace non-atomic check-then-act with atomic decrement and bounds checking - Add comprehensive test suite to verify the fix - Update changelog with PR #4072 * fix: correct atomic implementation to prevent underflow - Replace flawed Add(-1) approach with proper CompareAndSwap - Fix underflow detection issue where uint32 wrap-around was missed - Add TestRateLimiterUnderflowProtection to verify the fix - Ensure Release() never causes negative counters or semaphore over-release * refactor: simplify rate limiter Release() implementation - Remove unnecessary infinite loop in CAS operation - Single CAS attempt is sufficient for race condition protection - Maintains thread-safety while being more efficient - All tests still pass with simplified implementation * fix: correct order of operations in rate limiter Release() - Fix race condition by decrementing counter before releasing semaphore - Ensure pending counter accurately reflects semaphore state - Simplify implementation by using correct operation order - All tests pass with cleaner, more logical approach * test: add tests that reproduce the original race condition vulnerability - Add BuggyRateLimiter that implements the original vulnerable code - Add TestBuggyRateLimiterRaceCondition to demonstrate the race condition - Add TestBuggyRateLimiterStressTest to stress test the vulnerability - Add TestVulnerabilityDemonstration to show before/after comparison - Add TestBuggyRateLimiterExcessiveReleases to show excessive release issues - These tests demonstrate the theoretical vulnerability even if timing makes it hard to reproduce consistently * fix: address race condition and underflow issues in RateLimiter - Fix race condition in Release() by reordering operations (decrement pending first, then release semaphore) - Fix Pending() function to handle negative atomic.Int32 values correctly - Add comprehensive tests to verify fixes - Remove buggy code from tests as requested by reviewers - Document original vulnerability in test comments The original race condition allowed multiple goroutines to release more permits than acquired. The Pending() function could return incorrect values due to negative atomic.Int32 conversion. Fixes: #4072 * refactor: rename test and update changelog to reflect actual improvements - Rename TestVulnerabilityDemonstration to TestRateLimiterRobustness - Update test description to reflect code quality improvements rather than vulnerability fixes - Update changelog entry to match actual changes - Tests still pass, confirming the improvements are working correctly The reviewer correctly pointed out that if tests pass on develop without fixes, then we're improving robustness rather than fixing vulnerabilities.
* remove support for v1 revert address for BTC * add changelog --------- Co-authored-by: Lucas Bertrand <lucas.bertrand.22@gmail.com>
* update go mod * add a new message for migrating funds * add migrate funds to e2e * rebase from develop * add v2 e2e test to check flow * add zeta gateway deposit to zetaclient * add github workflow * update comments * fix code formating * fix code formating * fix code formating * fix unit tests * fix unit tests * revert to old command to start e2e test * remove message for migration and refactor to using contract directly * add changelog * generate files after removing new message * update generated files * update generated files * update go mod * update deposit * add unit tests * add unit tests * generate files * generate files * undo changes based on develop * update deposit and revert smart contract call * rename zeta deposit test file * rename zeta deposit test file * add abort and revert tests * add TestZetaDepositAndCallNoMessage * add TestZetaDepositAndCallNoMessage * remove payable from TestAbort contract * rename to LegacyZETADepositAndCallContract * improve unit test coverage * fix unit tests * add some delay in TestZetacore_SubscribeNewBlocks * update comment for handling zeta token zrc20 * add e2e test * add e2e test for withdraw * refactor ProcessZEVMInboundV2 * add core registry to setup * refactor e2e test helper functions * add unit test for zeta withdraw * add unit test for withdraw and call * resolve comments 1 * add unit test for ProcessRevert * add unit test for ProcessRevert * add unit test for ProcessRevert * improve abort tests * improve abort tests * resolve comments * resolve comments 2 * update upgrade height to 280 to allow the first test to run the entire cycle * wrap zeta mints in tmp context * wrap zeta mint in temp context * rebase * add changelog * add changelog * adjust comments * Update cmd/zetae2e/config/contracts.go Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * fix gas pool zeta calcualation * add unit test for executeWithMintedZeta * fix comments 1 * add unit tests * update test dapp to use zeta token for consuming gas * add core registry to zeta e2e post upgrade handler * revert legacy test * update changes based on comments 1 --------- Co-authored-by: Charlie Chen <34498985+ws4charlie@users.noreply.github.com> Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
…4090) * print error message detail when memo decoding failed * add changelog entry * keep invalid memo log on Info level --------- Co-authored-by: Lucas Bertrand <lucas.bertrand.22@gmail.com>
* update go mod * add a new message for migrating funds * add migrate funds to e2e * rebase from develop * add v2 e2e test to check flow * add zeta gateway deposit to zetaclient * add github workflow * update comments * fix code formating * fix code formating * fix code formating * fix unit tests * fix unit tests * revert to old command to start e2e test * remove message for migration and refactor to using contract directly * add changelog * generate files after removing new message * update generated files * update generated files * update go mod * update deposit * add unit tests * add unit tests * generate files * generate files * undo changes based on develop * update deposit and revert smart contract call * rename zeta deposit test file * rename zeta deposit test file * add abort and revert tests * add TestZetaDepositAndCallNoMessage * add TestZetaDepositAndCallNoMessage * remove payable from TestAbort contract * rename to LegacyZETADepositAndCallContract * improve unit test coverage * fix unit tests * add some delay in TestZetacore_SubscribeNewBlocks * update comment for handling zeta token zrc20 * add e2e test * add e2e test for withdraw * refactor ProcessZEVMInboundV2 * add core registry to setup * refactor e2e test helper functions * add unit test for zeta withdraw * add unit test for withdraw and call * resolve comments 1 * add unit test for ProcessRevert * add unit test for ProcessRevert * add unit test for ProcessRevert * improve abort tests * improve abort tests * resolve comments * resolve comments 2 * update upgrade height to 280 to allow the first test to run the entire cycle * wrap zeta mints in tmp context * wrap zeta mint in temp context * rebase * add changelog * add changelog * adjust comments * Update cmd/zetae2e/config/contracts.go Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * fix gas pool zeta calcualation * add unit test for executeWithMintedZeta * fix comments 1 * add unit tests * update admin * revert unncessary changes * disable account balance verification for admin tests * improve naming for deposit functions * add changelog * update comments * update test legacy test zeta to use EVMAddress * remove skipping admin in upgrade setup --------- Co-authored-by: Charlie Chen <34498985+ws4charlie@users.noreply.github.com> Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* check balance after eth deposit test * fix typo * fix import
* fix flaky solana depositAndCall tests * add changelog entry * add wait logic inside AssertTestDAppEVMCalled
…sgUpdateParams (#4094) * update zeta evm * update commit * fix: use evm chain id from eth config in rpc backend (#4096) * fix: cancel solana WaC if tx size is too large (#4098) * cancel solana WaC if tx size is too large * align the comments with the code * fix: nil reference in trace block (#4093) * update to commit be548f7691876e656ec61aa46e31ed337be92f4e , on branch release/v34 --------- Co-authored-by: skosito <skostic9242@gmail.com> Co-authored-by: Charlie Chen <34498985+ws4charlie@users.noreply.github.com> Co-authored-by: morde08 <peter@zetachain.com>
* dont return err if tx is not found in get tx receipt * fix tests * changelog
…nect to zetacore (#4068) * save initial work to remote * add unit test and live test for zetacore hostname support * add changelog entry; fix gosec and clean unused code * fix CI upgrade test --------- Co-authored-by: Tanmay <tanmay@zetachain.com>
* fix dbg trace by block * PR comments * changelog
* cancel solana WaC if tx size is too large * add changelog entry
… digest (#4116) * inbound * . * changelog
… deltas on startup. (#4097) * update 1 * add start-skip-consensus-overwrite-test * generate files * update tests * add unit tests * add unit tests for GenesisChainID * add unit tests for GenesisChainID * rename genesisChainID * fix typo * remove testnet from overwrite check
Signed-off-by: yinwenyu6 <yinwenyu6@outlook.com>
* re-enable sui authenticated call * integrate message context ID as dynamic field * add changelog entry * make issueMessageContext function self-contained * fix unit test * remove --skip-dependency-verification in sui gateway upgrade test * cancel withdrawAndCall on invalid payload * adopt new increase_nonce signature to adopt gas refund logic when cancelling a CCTX * apply stringent check on Sui transaction's checkpoint * apply status check on Sui inbound * fix CI upgrade test * fix unit test
Signed-off-by: pxwanglu <pxwanglu@icloud.com>
* fix solana e2e SPL balance check by waiting maximum 30 seconds * add changelog entry
* refactor: remove intx and outtx deprecated queries * fixes in e2e
Signed-off-by: wmypku <wmypku@outlook.com>
Signed-off-by: tzchenxixi <tzchenxixi@icloud.com>
* add back precompiles * add abci field to proposal * test * enable back * test no creating proposasl * disable zeta-ante * cleanup v33 upgrade helper * add v35 as reference * remove gas stability pool temporary * update to v36 and disable fast confirmation test * bitcoin fast confirmation * increase ersion for zeta * remove erc20 init handler * disable zevm to evm revert for older version * disable zevm to evm revert abort for older version * increase upgrade height
…e parameter (#4153) * add GatewayGasLimit to state * refactor function name from MustGetGatewayGasLimit to GetGatewayGasLimitSafe * update unit tests * update unit tests * update proto files * replace big int with uint64 * changelog * add check of older value * add v4 migration back for authority module * update setup handler to remove setting erc20 module * test changes * revert to using v32 as base branch for upgrades --------- Co-authored-by: lumtis <lucas.bertrand.22@gmail.com>
* do not deploy example contract in e2e tests, use pre-deployed example dapp V2 instead * add changelog entry * clean up debugging log * remove commented code * add back extra zrc20 SPL balance check
…4165) * fix flaky depositAndCall caused by sender assertion * add changelog entry
* refactor: remove index field in ballot * changelog * fix unit tests
…C20CustodyFunds` (#4199) * make message legacy * remove other reference * changelog
* refactor: rename whitelistERC20 into whitelistAsset * e2e test * e2e test * fix event * simulation * changelogs * update auth list * add migration script * apply comment
…ail (#4211) * add error message to CCTX struct when Bitcoin deposit failed * add changelog entry * fix unit test; improve function naming * add unit test for inbound vote digest * exclude inbound observation error message from digest
Contributor
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the You can disable this status message by setting the ✨ Finishing touches🧪 Generate unit tests
Tip 👮 Agentic pre-merge checks are now available in preview!Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.
Please see the documentation for more information. Example: reviews:
pre_merge_checks:
custom_checks:
- name: "Undocumented Breaking Changes"
mode: "warning"
instructions: |
Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).Please share your feedback with us on this Discord post. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
github-actions
bot
added
ci
github-actions
bot
removed
ci
Contributor
|
Need to reopen from the |
github-actions
bot
added
ci
Member
Author
|
Moved to #4277. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
16 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Work in progress, do not review.
Closes #4228.
How Has This Been Tested?