seal proofs are not verified

[zoedberg]

As discussed in https://github.com/RGB-WG/rust-rgb20/pull/10, it seems that consignment verification process is currently not calling any method to verify seals.

Looking at the verify UML schema it seems the verify_seal method should be called as part of the "single-use seal verification" phase.

@dr-orlovsky could you please help on this?

[dr-orlovsky]

Hm, I will spend more time auditing the whole codebase in BP Core & RGB Core (already started with BP Core), but for now I can state that:

1. All anchor verification has to be accomplished in RGB Core library - and nohow in RGB20 or RGB StdLib. RGB Node must call verification procedures from RGB Core

2. I am quite sure anchor & seal verification must happen in RGB Core, otherwise it is a severe bug.

[dr-orlovsky]

Please do not consider that RGB20, RGB21 or RGB stdlib should verify anything. These are purely API helper libraries which must not be relied upon for the verification process and has nothing to do with RGB consensus.

The same applies to RGB Node codebase: all verification must be delegated by the node to the Core library. Otherwise we would have the same mess as with Bitcoin Core, where for 10+ years they try to separate consensus from GUI

[dr-orlovsky]

Ok, looked at verify_seal. Unfortunately that API is not used by RGB Core, since single-use-seals are not directly usable. There is a layer inbetween RGB and single-use-seals, which is called anchors. The verification of single-use-seals is performed through anchors, which close multiple seals at once - that's why the API you are referencing is unusable for RGB commitments.

I created it couple of years ago and left for non-RGB protocols which will not have that complexity (i.e. when multiple several seals can be closed at once in one transaction).

[crisdut]

Hi @dr-orlovsky,

I have a question regards the verification of proofs.

Is it correct to add Anchor: :verify in rgb-cli transfer consume operation to verify if the transaction contains the specified proof in the consignment file?

I'm referring to this piece of code https://github.com/BP-WG/bp-core/blob/master/dbc/src/anchor.rs#L423

Thanks

[dr-orlovsky]

This should be called from RGB Core, not RGB Node.

RGB Node calls consignment verification, which is a part of RGB stdlib. It in turns calls per-anchor verifications which are part of RGB Core, and in turn calls this code

[crisdut]

This should be called from RGB Core, not RGB Node.

RGB Node calls consignment verification, which is a part of RGB stdlib. It in turns calls per-anchor verifications which are part of RGB Core, and in turn calls this code

Well, I think putting the anchor validation inside the Validator::validate is a good choice.

I will try make this after finish tapret tests.

[dr-orlovsky]

Not sure I understood your comment: what do you plan to add there?

Validation of single-use-seals happens exactly here: https://github.com/RGB-WG/rgb-core/blob/e9ae077c6c255ce05c6f783ab4a7fb81f938f35b/src/validation.rs#L551-L726

This code is called from Validator::validate so it is already there; nothing to add.

[crisdut]

Not sure I understood your comment: what do you plan to add there?

Validation of single-use-seals happens exactly here: https://github.com/RGB-WG/rgb-core/blob/e9ae077c6c255ce05c6f783ab4a7fb81f938f35b/src/validation.rs#L551-L726

This code is called from Validator::validate so it is already there; nothing to add.

I'm sorry. For whatever reason, I didn't realize the code was already added.

[dr-orlovsky]

@zoedberg are you ok with closing this issue?

[zoedberg]

@dr-orlovsky yes, I verified and I can confirm that the validation methods in src/validate.rs from rgb-core get called (from process_consignment in rgb-node precisely)

[zoedberg]

@dr-orlovsky @crisdut actually, I'm sorry but I figured out now that I made a mistake while cheking the usage of verify_seal, it actually gets called

[dr-orlovsky]

Don't worry: even I constantly forget how the code I wrote actually works.