[GRIN-Wallet] Test Slatepack flow (Tor)

phyro commented 3 years ago

Description: Test that transacting with Slatepacks through Tor works.

Tor transacting should work for both flows:

sender-initiated send -> receive -> finalize and
receiver-initiated (invoice) flow invoice -> pay -> finalize

Prerequisites: Setup two GRIN-Wallets (1) + (2) and send funds from wallet (1) to wallet (2) via Slatepacks through Tor.

Example: grin-wallet send -d ....

You will create a transaction and check the behavior of wallet (1) and wallet (2) if there is any problems.

Expected result: You should be able to finalize the transaction later on wallet (1) whenever you want, without any problems.

Note: More about these flows can be read on:

Include the output of command

grin-wallet -V

and your environment

uname -a

ndcroos commented 3 years ago

Prerequisites:

* grin-wallet 5.0.0-beta.4
* grin node 5.0.0-rc.1
* Linux debian 4.19.0-13-amd64 #1 SMP Debian 4.19.160-2 (2020-11-28) x86_64 GNU/Linux
* Tor version 0.4.4.5, compiled with zstd 1.1.2, running with zstd 1.3.8.
* wallet 1 address (account name: default): grin1cwutd4sr0t0ac62764r9vz6wkgpmnmpheynh5tw56zvczvh8apdszxp25w
* wallet 2 address (account name: issue16): grin1zygggqt5exf3zux7zaycgj8jv7gj005rhalewa3ap9kf3h74220q50mp8y

Step 1 : send funds from wallet (1) to wallet (2) using Tor: sender-initiated

Wallet (2) starts listening via Tor:

~/grin-wallet-2$ grin-wallet -r "https://grinnode.live:3413" listen
Password: 
20201224 13:34:02.439 WARN grin_wallet_controller::controller - Starting TOR Hidden Service for API listener at address ceiiialuzgjrc4g6c5eyishsm6isppudx57zo5r5bfwjrx6vkkph6rad, binding to 127.0.0.1:3415
20201224 13:34:06.447 WARN grin_wallet_controller::controller - Starting HTTP Foreign listener API server at 127.0.0.1:3415.
20201224 13:34:06.457 WARN grin_wallet_controller::controller - HTTP Foreign listener started.
20201224 13:34:06.458 WARN grin_wallet_controller::controller - Slatepack Address is: grin1zygggqt5exf3zux7zaycgj8jv7gj005rhalewa3ap9kf3h74220q50mp8y

Send from wallet (1) to wallet (2):

~$ grin-wallet -r "https://grinnode.live:3413" send -d grin1zygggqt5exf3zux7zaycgj8jv7gj005rhalewa3ap9kf3h74220q50mp8y 0.1
Password: 
20201224 13:36:09.136 WARN grin_wallet_api::owner - Attempting to send transaction via TOR
Tx sent successfully
Command 'send' completed successfully

Wallet (2) checks balance:

~/grin-wallet-2$ grin-wallet info
Password: 
20201224 13:43:27.210 WARN grin_wallet_libwallet::api_impl::owner_updater - Scanning - 0% complete
20201224 13:43:31.292 WARN grin_wallet_libwallet::api_impl::owner_updater - Scanning - 99% complete
20201224 13:43:31.301 WARN grin_wallet_libwallet::api_impl::owner_updater - Scanning - 99% complete
20201224 13:43:31.320 WARN grin_wallet_libwallet::api_impl::owner_updater - Scanning - 99% complete
20201224 13:43:31.321 WARN grin_wallet_libwallet::api_impl::owner_updater - Scanning - 99% complete
20201224 13:43:31.322 WARN grin_wallet_libwallet::api_impl::owner_updater - Scanning Complete

____ Wallet Summary Info - Account 'default' as of height 1016186 ____

 Confirmed Total                  | 0.300000000 
 Awaiting Confirmation (< 10)     | 0.100000000 
 Awaiting Finalization            | 0.000000000 
 Locked by previous transaction   | 0.000000000 
 -------------------------------- | ------------- 
 Currently Spendable              | 0.200000000 

Command 'info' completed successfully

Step 2 : Wallet (1) sends invoice to Wallet (2), Wallet (2) pays

Send invoice from wallet (1) to (2):

~$ grin-wallet -r "https://grinnode.live:3413" invoice -d grin1zygggqt5exf3zux7zaycgj8jv7gj005rhalewa3ap9kf3h74220q50mp8y 0.1
Password: 
/home/nick-test/.grin/main/slatepack/54fc8615-90b9-4066-8eb9-387ecec78025.I1.slatepack

Slatepack data follows. Please provide this output to the other party

--- CUT BELOW THIS LINE ---

BEGINSLATEPACK. 6Ttj8x9pMHzZhkf eqSEu8AXtCHd13U NnGLPm5dwtb9Wxt iVZAWiZ8r5QCGMW QAd28qrUmrrhcTj yCkg1sBwEjyzXMv SsDahoxgGJo3tET y75eAbFVinsbk5o iJwjFX82b9sPgRb w1k9jW4UG1K8q87 ZhiiNuo9bJTHxAA yaqbemDGxMkPEE7 WvAwgj1sYwfyvHg DB6zXMDhDtsJYg7 N4SZ9G9rGnRw3Jp QyxQvH8c33Vc4Ac jxS5Maab9RKAApM byV8cYkNLED3p9R QmaihHFhqTUouzi KsCgxaA4hNi7XvB 3xMP4uu5b25Lnt2 RzCe8bvFtqyZhJL uxW6vsG4hLf25Se jX4XSVFAMr5gvU9 K3bVMqpkpLDzW2t 9WS36jNk6P9Atuv GzLDJ3zpqNpWniY JyiHQnaUr3QALtD dvYVZ5QAbC7T2J4 1V8dEJNGqBTyyUz Ci9Jfx1oD1ULf2y aHXuwDVaUtNXMLk zG1XvmMKTUr1FBB XjvKMCo1sX1n7G7 86keBhPEo3DJg5s FeiJ5PKUFSEapEX EVvB8xBYduhZr3R xn8oshrfZ9dS9w7 bp9shWDCYVJZHY3 d63AM3TgxzCfnUY 5a3onpsim1n3BPn BQkeW9eaVBUg36A gEy73y6buZLsder 5gZaCEkX9gGBLHB f4ydvYYnvDqgUxr CnejoV1xsKkvHdV. ENDSLATEPACK.

--- CUT ABOVE THIS LINE ---

Slatepack data was also output to

/home/nick-test/.grin/main/slatepack/54fc8615-90b9-4066-8eb9-387ecec78025.I1.slatepack

The slatepack data is encrypted for the recipient only

Command 'invoice' completed successfully

Start wallet (1) Tor service:

~$ grin-wallet -r "https://grinnode.live:3413" listen
Password: 
20201224 13:56:28.390 WARN grin_wallet_controller::controller - Starting TOR Hidden Service for API listener at address yo4lnvqdplp5y2k62vdfmc2owib3t3bxzetxulou2cmycmxh5bnsplqd, binding to 127.0.0.1:3415
20201224 13:56:47.116 WARN grin_wallet_controller::controller - Starting HTTP Foreign listener API server at 127.0.0.1:3415.
20201224 13:56:47.210 WARN grin_wallet_controller::controller - HTTP Foreign listener started.
20201224 13:56:47.210 WARN grin_wallet_controller::controller - Slatepack Address is: grin1cwutd4sr0t0ac62764r9vz6wkgpmnmpheynh5tw56zvczvh8apdszxp25w

Wallet (2) pays:

~/grin-wallet-2$ grin-wallet -r "https://grinnode.live:3413" pay
Password: 
Please paste your encoded slatepack message:
BEGINSLATEPACK. 6Ttj8x9pMHzZhkf eqSEu8AXtCHd13U NnGLPm5dwtb9Wxt iVZAWiZ8r5QCGMW QAd28qrUmrrhcTj yCkg1sBwEjyzXMv SsDahoxgGJo3tET y75eAbFVinsbk5o iJwjFX82b9sPgRb w1k9jW4UG1K8q87 ZhiiNuo9bJTHxAA yaqbemDGxMkPEE7 WvAwgj1sYwfyvHg DB6zXMDhDtsJYg7 N4SZ9G9rGnRw3Jp QyxQvH8c33Vc4Ac jxS5Maab9RKAApM byV8cYkNLED3p9R QmaihHFhqTUouzi KsCgxaA4hNi7XvB 3xMP4uu5b25Lnt2 RzCe8bvFtqyZhJL uxW6vsG4hLf25Se jX4XSVFAMr5gvU9 K3bVMqpkpLDzW2t 9WS36jNk6P9Atuv GzLDJ3zpqNpWniY JyiHQnaUr3QALtD dvYVZ5QAbC7T2J4 1V8dEJNGqBTyyUz Ci9Jfx1oD1ULf2y aHXuwDVaUtNXMLk zG1XvmMKTUr1FBB XjvKMCo1sX1n7G7 86keBhPEo3DJg5s FeiJ5PKUFSEapEX EVvB8xBYduhZr3R xn8oshrfZ9dS9w7 bp9shWDCYVJZHY3 d63AM3TgxzCfnUY 5a3onpsim1n3BPn BQkeW9eaVBUg36A gEy73y6buZLsder 5gZaCEkX9gGBLHB f4ydvYYnvDqgUxr CnejoV1xsKkvHdV. ENDSLATEPACK.

This command will pay the amount specified in the invoice using your wallet's funds.
After you confirm, the following will occur: 

* 0.100000000 of your wallet funds will be added to the transaction to pay this invoice.
* The wallet will IMMEDIATELY attempt to send the resulting transaction to the wallet listening at: 'grin1cwutd4sr0t0ac62764r9vz6wkgpmnmpheynh5tw56zvczvh8apdszxp25w'.
* If other wallet is not listening, the resulting transaction will output as a slatepack which you can manually send back to the invoice creator.

Please review the above information carefully before proceeding

To proceed, type the exact amount of the invoice as displayed above (or Q/q to quit) > 0.100000000
20201224 13:59:40.952 WARN grin_wallet_api::owner - Attempting to send transaction via TOR

Transaction paid and sent back to initiator at grin1cwutd4sr0t0ac62764r9vz6wkgpmnmpheynh5tw56zvczvh8apdszxp25w for finalization.

Command 'pay' completed successfully

Wallet (1) state, the invoice for 0.10 is shown in awaiting for confirmation:

~$ grin-wallet -r "https://grinnode.live:3413" info
Password: 
20201224 14:04:01.113 WARN grin_wallet_libwallet::api_impl::owner_updater - Scanning - 0% complete
20201224 14:04:02.360 WARN grin_wallet_libwallet::api_impl::owner_updater - Scanning - 99% complete
20201224 14:04:02.378 WARN grin_wallet_libwallet::api_impl::owner_updater - Scanning - 99% complete
20201224 14:04:02.386 WARN grin_wallet_libwallet::api_impl::owner_updater - Scanning - 99% complete
20201224 14:04:02.386 WARN grin_wallet_libwallet::api_impl::owner_updater - Scanning - 99% complete
20201224 14:04:02.387 WARN grin_wallet_libwallet::api_impl::owner_updater - Scanning Complete

____ Wallet Summary Info - Account 'default' as of height 1016218 ____

 Confirmed Total                  | 4.584500000 
 Awaiting Confirmation (< 10)     | 0.100000000 
 Awaiting Finalization            | 0.000000000 
 Locked by previous transaction   | 0.000000000 
 -------------------------------- | ------------- 
 Currently Spendable              | 4.484500000 

Command 'info' completed successfully

Wallet (2) state:

~/grin-wallet-2$ grin-wallet -r "https://grinnode.live:3413" info
Password: 
20201224 14:02:56.399 WARN grin_wallet_libwallet::api_impl::owner_updater - Scanning - 0% complete
20201224 14:02:57.662 WARN grin_wallet_libwallet::api_impl::owner_updater - Scanning - 99% complete
20201224 14:02:57.675 WARN grin_wallet_libwallet::api_impl::owner_updater - Scanning - 99% complete
20201224 14:02:57.683 WARN grin_wallet_libwallet::api_impl::owner_updater - Scanning - 99% complete
20201224 14:02:57.683 WARN grin_wallet_libwallet::api_impl::owner_updater - Scanning - 99% complete
20201224 14:02:57.683 WARN grin_wallet_libwallet::api_impl::owner_updater - Scanning - 99% complete
20201224 14:02:57.795 WARN grin_wallet_libwallet::api_impl::owner_updater - Scanning Complete

____ Wallet Summary Info - Account 'default' as of height 1016217 ____

 Confirmed Total                  | 0.376500000 
 Awaiting Confirmation (< 10)     | 0.076500000 
 Awaiting Finalization            | 0.000000000 
 Locked by previous transaction   | 0.000000000 
 -------------------------------- | ------------- 
 Currently Spendable              | 0.300000000 

Command 'info' completed successfully

marekyggdrasil commented 3 years ago

@ndcroos provided his results via secret gist. No vulnerabilities were discovered so its ok to disclose the content. Great work!

https://gist.github.com/ndcroos/48447f6c0a14e81709e6de5b7acd1857#gistcomment-3572103

ndcroos commented 3 years ago

I added information about the used Tor version in my comment above.

Grinnode-live / 2020-grin-bug-bash-challenge