defined separate whitelist and parameters for emergency upgrade

Author: vlad

cosmwasm/enclaves/execute/src/registration/offchain.rs

@@ -772,36 +772,18 @@ pub unsafe extern "C" fn ecall_onchain_approve_upgrade(
     sgx_types::sgx_status_t::SGX_SUCCESS
 }
 
-fn is_export_approved_offchain(mut f_in: File, report: &sgx_report_body_t) -> bool {
+fn load_offchain_signers(
+    mut f_in: File,
+    report: &sgx_report_body_t,
+) -> std::collections::HashSet<[u8; 20]> {
     let mut json_data = String::new();
     f_in.read_to_string(&mut json_data).unwrap();
 
     // Deserialize the JSON string into a HashMap<String, String>
     let signatures: HashMap<String, (String, String)> =
         serde_json::from_str(&json_data).expect("Failed to deserialize JSON");
 
-    // Build the not-yet-voted validators map
-    let mut not_yet_voted_validators: HashMap<[u8; 20], u64> = HashMap::new();
-    let mut total_voting_power: u64 = 0;
-
-    let validator_set = {
-        let extra = KEY_MANAGER.extra_data.lock().unwrap();
-        extra.decode_validator_set().unwrap()
-    };
-
-    for validator in validator_set.validators() {
-        //println!("Address: {}", validator.address);
-        //println!("Voting Power: {}", validator.power);
-        let power: u64 = validator.power.value();
-        if power > 0 {
-            total_voting_power += power;
-            let addr: [u8; 20] = validator.address.as_bytes().try_into().unwrap();
-            not_yet_voted_validators.insert(addr, power);
-        }
-    }
-
-    let mut approved_power: u64 = 0;
-    let mut approved_whitelisted: usize = 0;
+    let mut signers = std::collections::HashSet::new();
 
     for (addr_str, (pubkey_str, sig_str)) in &signatures {
         let pubkey_bytes = base64::decode(pubkey_str).unwrap();
@@ -838,60 +820,105 @@ fn is_export_approved_offchain(mut f_in: File, report: &sgx_report_body_t) -> bo
             panic!("Incorrect signature for address: {}", addr_str);
         }
 
-        let (voter_power, is_whitelisted) =
-            if let Some((_, power)) = not_yet_voted_validators.remove_entry(&addr) {
-                //not_yet_voted_validators.remove(&addr);
+        if signers.insert(addr) {
+            println!("  Approved by {}", addr_str);
+        }
+    }
 
-                #[cfg(feature = "verify-validator-whitelist")]
-                let is_whitelisted = validator_whitelist::VALIDATOR_WHITELIST.contains(addr_str);
+    signers
+}
 
-                #[cfg(not(feature = "verify-validator-whitelist"))]
-                let is_whitelisted = false;
+#[cfg(feature = "verify-validator-whitelist")]
+fn count_included_addresses(
+    signers: &std::collections::HashSet<[u8; 20]>,
+    list: &validator_whitelist::ValidatorList,
+) -> usize {
+    let mut res: usize = 0;
+
+    for addr_str in &list.0 {
+        let addr_vec = hex::decode(addr_str).unwrap();
+        let addr: [u8; 20] = addr_vec.try_into().unwrap();
+
+        if signers.contains(&addr) {
+            res += 1;
+        }
+    }
 
-                approved_power += power;
-                if is_whitelisted {
-                    approved_whitelisted += 1;
-                }
+    res
+}
 
-                (power, is_whitelisted)
-            } else {
-                (0, false)
-            };
+fn is_standard_consensus_reached(signers: &std::collections::HashSet<[u8; 20]>) -> bool {
+    let mut total_voting_power: u64 = 0;
+    let mut approved_power: u64 = 0;
 
-        println!(
-            "  Approved by {}, power = {}, whitelisted = {}",
-            addr_str, voter_power, is_whitelisted
-        );
+    let validator_set = {
+        let extra = KEY_MANAGER.extra_data.lock().unwrap();
+        extra.decode_validator_set().unwrap()
+    };
+
+    for validator in validator_set.validators() {
+        let power: u64 = validator.power.value();
+        total_voting_power += power;
+
+        let addr: [u8; 20] = validator.address.as_bytes().try_into().unwrap();
+        if signers.contains(&addr) {
+            approved_power += power;
+        }
     }
 
     println!(
-        "Total Power = {}, Approved Power = {}, Total whitelisted = {}",
-        total_voting_power, approved_power, approved_whitelisted
+        "Total Power = {}, Approved Power = {}",
+        total_voting_power, approved_power
     );
 
-    #[cfg(feature = "verify-validator-whitelist")]
-    if approved_whitelisted < validator_whitelist::VALIDATOR_THRESHOLD {
-        error!("not enogh whitelisted validators");
+    if approved_power * 3 < total_voting_power * 2 {
+        println!(" not enogh voting power");
         return false;
     }
 
-    if approved_power * 3 < total_voting_power * 2 {
-        #[cfg(feature = "verify-validator-whitelist")]
-        let emergency_threshold_reached =
-            approved_whitelisted >= validator_whitelist::VALIDATOR_THRESHOLD_EMERGENCY;
-
-        #[cfg(not(feature = "verify-validator-whitelist"))]
-        let emergency_threshold_reached = false;
-
-        if !emergency_threshold_reached {
-            error!("not enough voting power, emergency threshold not reached");
+    #[cfg(feature = "verify-validator-whitelist")]
+    {
+        let approved_whitelisted =
+            count_included_addresses(signers, &validator_whitelist::VALIDATOR_WHITELIST);
+        if approved_whitelisted < validator_whitelist::VALIDATOR_THRESHOLD {
+            println!(
+                " not enogh whitelisted validators: {}",
+                approved_whitelisted
+            );
             return false;
         }
     }
-
     true
 }
 
+fn is_export_approved_offchain(f_in: File, report: &sgx_report_body_t) -> bool {
+    let signers = load_offchain_signers(f_in, report);
+
+    let b1 = is_standard_consensus_reached(&signers);
+    println!("Standard consensus reached: {}", b1);
+
+    #[cfg(not(feature = "verify-validator-whitelist"))]
+    let b2 = false;
+
+    #[cfg(feature = "verify-validator-whitelist")]
+    let b2 = {
+        let approved_whitelisted = count_included_addresses(
+            &signers,
+            &validator_whitelist::VALIDATOR_WHITELIST_EMERGENCY,
+        );
+        println!(
+            " Emergency whitelisted validators: {}",
+            approved_whitelisted
+        );
+
+        approved_whitelisted >= validator_whitelist::VALIDATOR_THRESHOLD_EMERGENCY
+    };
+
+    println!("Emergency threshold reached: {}", b2);
+
+    b1 || b2
+}
+
 fn is_export_approved(report: &sgx_report_body_t) -> bool {
     // Current policy: we demand the same mr_signer
 

cosmwasm/enclaves/shared/block-verifier/fixtures/validator_whitelist_emergency_prod.txt

@@ -0,0 +1 @@
+90D3EAB32E1A7BDD4BCEB233D9BB49D07EBD32C9,E937690E72C1B4FDB08403B05EE820CF74C4D69D,E855109B212B9EB65C982FD44EE13E77E9E33C4A,3199A17457ADAED098B8EB1DC932CC7DFBDC54E7,BEACB43688A1BD8B61E27CAC56218282E502DA36,2E76AE6E453395F35D6C0728D44FB6147CE5B5A0,186ED967212C36E398521B2EFF12C510E71180F6,4CCE562B1E2BC571751DB512222CED5A082470EA,70668F4E3B7617E68ADBA53E6046A070270968B1,2C8E9639ADE5D341E8FB26106940FC97DB518AA4,1F4A4BFA289E55D13ED370E49F53ACC5CDD29B75,93163CAF1597772C427DC32EAEF23F01DCA69E02,84BC2C72491187FAB144F628166E10D592786616,2DD098C8ECAF04DFE31BBC59799C786AC09BF53F,73D9DDC9EBB5BDB44ADA9FF2051610B75CB31A8D,C48710DB80EA8538C8E8BA17035D62630AF5C216,AE0226C471CD72E7472C4757B09749452F233337,61698CC93DE528E25201B117A607F0334EDF4FFA,CA3F5240708BCF13B5384F14D0E3262ECDDA90BB,81EBCE2FFC29820351C086E9EDA6A220098FF41C,F28CB422A38A6BBA98DA3344DDF8D6FBC3413319,45521282C12E0EC1691495FCA714947DCA072745,214F7EE52D4EEABD8D82AFBE84DEF724BE70013F,531AB764AF24CB94A20019C152C8CA685F11DB11,71C48CE361D456D7D24CC02D37736F4868B3B881

cosmwasm/enclaves/shared/block-verifier/src/validator_whitelist.rs

@@ -1,11 +1,6 @@
 use std::collections::HashSet;
 use tendermint_light_client_verifier::types::UntrustedBlockState;
 
-#[cfg(not(feature = "production"))]
-const WHITELIST_FROM_FILE: &str = include_str!("../fixtures/validator_whitelist.txt");
-#[cfg(feature = "production")]
-const WHITELIST_FROM_FILE: &str = include_str!("../fixtures/validator_whitelist_prod.txt");
-
 #[cfg(not(feature = "production"))]
 pub const VALIDATOR_THRESHOLD: usize = 1;
 #[cfg(not(feature = "production"))]
@@ -14,10 +9,18 @@ pub const VALIDATOR_THRESHOLD_EMERGENCY: usize = 2;
 #[cfg(feature = "production")]
 pub const VALIDATOR_THRESHOLD: usize = 5;
 #[cfg(feature = "production")]
-pub const VALIDATOR_THRESHOLD_EMERGENCY: usize = 25;
+pub const VALIDATOR_THRESHOLD_EMERGENCY: usize = 11;
+
+#[cfg(not(feature = "production"))]
+lazy_static::lazy_static! {
+    pub static ref VALIDATOR_WHITELIST: ValidatorList = ValidatorList::from_str("../fixtures/validator_whitelist.txt");
+    pub static ref VALIDATOR_WHITELIST_EMERGENCY: ValidatorList = ValidatorList::from_str("../fixtures/validator_whitelist.txt");
+}
 
+#[cfg(feature = "production")]
 lazy_static::lazy_static! {
-    pub static ref VALIDATOR_WHITELIST: ValidatorList = ValidatorList::from_str(WHITELIST_FROM_FILE);
+    pub static ref VALIDATOR_WHITELIST: ValidatorList = ValidatorList::from_str("../fixtures/validator_whitelist_prod.txt");
+    pub static ref VALIDATOR_WHITELIST_EMERGENCY: ValidatorList = ValidatorList::from_str("../fixtures/validator_whitelist_emergency_prod.txt");
 }
 
 #[derive(Debug, Clone)]