soroban-cli 26.1.0

Soroban CLI
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221

use crate::xdr::{HostFunction, SorobanAuthorizedFunction, SorobanAuthorizedInvocation};

/// Classification of an `Address`-credential auth entry's relationship to the
/// transaction's host function.
///
/// `SourceAccount` credential entries are out of scope here — they are signed
/// implicitly via the transaction envelope and never reach this classifier.
#[derive(Debug, PartialEq, Eq)]
pub enum AuthStyle {
    /// `root_invocation` matches the host function exactly. Safe to sign:
    /// the entry is bound to the host function.
    Strict,
    /// `root_invocation` does not match the host function exactly. Any transaction
    /// whose auth tree contains this entry could consume the resulting signature.
    NonStrict,
    /// `root_invocation` is not expected for the host function
    Invalid,
}

/// Classify an auth invocation against the transaction's host function.
///
/// ### Arguments
/// * `source_host_fn`- The transaction's host function
/// * `auth_invocation` - The auth entry's root invocation
pub fn classify_auth_invocation(
    source_host_fn: &HostFunction,
    auth_invocation: &SorobanAuthorizedInvocation,
) -> AuthStyle {
    // No auth entries are valid for `UploadContractWasm`.
    if matches!(source_host_fn, HostFunction::UploadContractWasm(_)) {
        return AuthStyle::Invalid;
    }

    // Check if the auth entry's root invocation matches the host function exactly.
    // This is different than just a `root_auth` check, as contracts that authorize with
    // `require_auth_for_args` at the root are not considered strict auth. This tradeoff is
    // made to ensure that even a tampered auth entry can be flagged as non-strict.
    let is_strict = match (source_host_fn, &auth_invocation.function) {
        (HostFunction::InvokeContract(op), SorobanAuthorizedFunction::ContractFn(args)) => {
            args == op
        }
        (
            HostFunction::CreateContract(op),
            SorobanAuthorizedFunction::CreateContractHostFn(args),
        ) => args == op,
        (
            HostFunction::CreateContractV2(op),
            SorobanAuthorizedFunction::CreateContractV2HostFn(args),
        ) => args == op,
        _ => false,
    };

    if is_strict {
        AuthStyle::Strict
    } else {
        AuthStyle::NonStrict
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use crate::xdr::{
        AccountId, BytesM, ContractExecutable, ContractIdPreimage, ContractIdPreimageFromAddress,
        CreateContractArgsV2, Hash, InvokeContractArgs, PublicKey, ScAddress, ScSymbol, ScVal,
        Uint256, VecM,
    };
    use stellar_strkey::ed25519;

    const SOURCE_ACCOUNT: &str = "GBZXN7PIRZGNMHGA7MUUUF4GWPY5AYPV6LY4UV2GL6VJGIQRXFDNMADI";

    fn source_bytes() -> [u8; 32] {
        ed25519::PublicKey::from_string(SOURCE_ACCOUNT).unwrap().0
    }

    fn ed25519_address(bytes: [u8; 32]) -> ScAddress {
        ScAddress::Account(AccountId(PublicKey::PublicKeyTypeEd25519(Uint256(bytes))))
    }

    fn host_fn_invoke(contract: [u8; 32], fn_name: &str, args: &[ScVal]) -> HostFunction {
        HostFunction::InvokeContract(InvokeContractArgs {
            contract_address: ScAddress::Contract(stellar_xdr::curr::ContractId(Hash(contract))),
            function_name: ScSymbol(fn_name.try_into().unwrap()),
            args: args.try_into().unwrap(),
        })
    }

    fn host_fn_create(wasm_hash: [u8; 32], args: &[ScVal]) -> HostFunction {
        HostFunction::CreateContractV2(CreateContractArgsV2 {
            contract_id_preimage: ContractIdPreimage::Address(ContractIdPreimageFromAddress {
                address: ed25519_address(source_bytes()),
                salt: Uint256([0u8; 32]),
            }),
            executable: ContractExecutable::Wasm(wasm_hash.into()),
            constructor_args: args.try_into().unwrap(),
        })
    }

    fn invocation_contract(
        contract: [u8; 32],
        fn_name: &str,
        args: &[ScVal],
    ) -> SorobanAuthorizedInvocation {
        SorobanAuthorizedInvocation {
            function: SorobanAuthorizedFunction::ContractFn(InvokeContractArgs {
                contract_address: ScAddress::Contract(stellar_xdr::curr::ContractId(Hash(
                    contract,
                ))),
                function_name: ScSymbol(fn_name.try_into().unwrap()),
                args: args.to_vec().try_into().unwrap(),
            }),
            sub_invocations: VecM::default(),
        }
    }

    fn invocation_create(wasm_hash: [u8; 32], args: &[ScVal]) -> SorobanAuthorizedInvocation {
        SorobanAuthorizedInvocation {
            function: SorobanAuthorizedFunction::CreateContractV2HostFn(CreateContractArgsV2 {
                contract_id_preimage: ContractIdPreimage::Address(ContractIdPreimageFromAddress {
                    address: ed25519_address(source_bytes()),
                    salt: Uint256([0u8; 32]),
                }),
                executable: ContractExecutable::Wasm(wasm_hash.into()),
                constructor_args: args.try_into().unwrap(),
            }),
            sub_invocations: VecM::default(),
        }
    }

    #[test]
    fn test_matching_root_invocation_is_strict() {
        let contract = [1u8; 32];
        let args = &[ScVal::U32(42), ScVal::Symbol("hello".try_into().unwrap())];

        let host_fn = host_fn_invoke(contract, "hello", args);
        let invocation = invocation_contract(contract, "hello", args);

        let style = classify_auth_invocation(&host_fn, &invocation);
        assert_eq!(style, AuthStyle::Strict);
    }

    #[test]
    fn test_subinvocations_dont_affect_root_match() {
        let contract = [1u8; 32];
        let other = [99u8; 32];
        let args = &[ScVal::U32(42), ScVal::Symbol("hello".try_into().unwrap())];

        let host_fn = host_fn_invoke(contract, "hello", args);
        let mut invocation = invocation_contract(contract, "hello", args);
        invocation.sub_invocations = [invocation_contract(other, "other", &[])]
            .try_into()
            .unwrap();

        let style = classify_auth_invocation(&host_fn, &invocation);
        assert_eq!(style, AuthStyle::Strict);
    }

    #[test]
    fn test_different_root_contract_is_non_strict() {
        let contract = [1u8; 32];
        let other = [99u8; 32];

        let host_fn = host_fn_invoke(contract, "hello", &[]);
        let invocation = invocation_contract(other, "hello", &[]);

        let style = classify_auth_invocation(&host_fn, &invocation);
        assert_eq!(style, AuthStyle::NonStrict);
    }

    #[test]
    fn test_different_function_same_contract_is_non_strict() {
        let contract = [1u8; 32];

        let host_fn = host_fn_invoke(contract, "hello", &[]);
        let invocation = invocation_contract(contract, "transfer", &[]);

        let style = classify_auth_invocation(&host_fn, &invocation);
        assert_eq!(style, AuthStyle::NonStrict);
    }

    #[test]
    fn test_different_args_is_non_strict() {
        let contract = [1u8; 32];
        let args = &[ScVal::U32(42), ScVal::Symbol("hello".try_into().unwrap())];
        let wrong = &[ScVal::U32(43), ScVal::Symbol("hello".try_into().unwrap())];

        let host_fn = host_fn_invoke(contract, "hello", args);
        let invocation = invocation_contract(contract, "hello", wrong);

        let style = classify_auth_invocation(&host_fn, &invocation);
        assert_eq!(style, AuthStyle::NonStrict);
    }

    #[test]
    fn test_upload_wasm_with_auth_entry_is_invalid() {
        let contract = [1u8; 32];
        let wasm_hash: BytesM = [42u8; 32].try_into().unwrap();

        let host_fn = HostFunction::UploadContractWasm(wasm_hash);
        let invocation = invocation_contract(contract, "hello", &[]);

        let style = classify_auth_invocation(&host_fn, &invocation);
        assert_eq!(style, AuthStyle::Invalid);
    }

    #[test]
    fn test_matching_create_contract_root_is_strict() {
        let contract = [1u8; 32];
        let wasm_hash = [42u8; 32];
        let args = &[ScVal::U32(42), ScVal::Symbol("hello".try_into().unwrap())];

        let host_fn = host_fn_create(wasm_hash, args);
        let mut invocation = invocation_create(wasm_hash, args);
        invocation.sub_invocations = [invocation_contract(contract, "__constructor", args)]
            .try_into()
            .unwrap();

        let style = classify_auth_invocation(&host_fn, &invocation);
        assert_eq!(style, AuthStyle::Strict);
    }
}