search

celestiaorg / celestia-app

Celestia consensus node
https://celestiaorg.github.io/celestia-app/
Apache License 2.0
345 stars 292 forks source link

feat: check for correct signer in PFB construction #4027

Closed cmwaters closed 1 week ago

cmwaters commented 2 weeks ago

We already check this in CheckTx and ProcessProposal. This adds the same check to the client side construction so it errors before being submitted to the network. (the check being that the signer in the blob and the actual signer of the PFB are the same)

coderabbitai[bot] commented 2 weeks ago
📝 Walkthrough
📝 Walkthrough ## Walkthrough The changes in this pull request involve modifications to the `CreatePayForBlobs` method in the `Signer` struct and the `NewMsgPayForBlobs` function in the `payforblob.go` file. The validation step for blobs has been removed from the `CreatePayForBlobs` method, allowing the creation of transaction messages without prior validation. In contrast, the `NewMsgPayForBlobs` function has been updated to enhance validation logic, including a new function for validating blob share versions, which checks compliance with signing rules. These changes alter error handling and validation processes related to blob transactions. ## Changes | File Path | Change Summary | |----------------------------------|---------------------------------------------------------------------------------------------------| | pkg/user/signer.go | Removed validation call to `blobtypes.ValidateBlobs(blobs...)` in `CreatePayForBlobs` method. | | x/blob/types/payforblob.go | Updated parameter name from `version` to `appVersion` in `NewMsgPayForBlobs`. Added error handling for signer conversion and a new `ValidateBlobShareVersion` function for blob validation. | | app/test/check_tx_test.go | Updated `TestCheckTx` to use correct signer address for blob transactions and enhanced transaction creation logic. | | app/test/process_proposal_test.go | Added new test cases to `TestProcessProposal` to cover various blob transaction scenarios, including validation for invalid signatures and oversized transactions. | ## Possibly related PRs - #3433: This PR introduces multi-account support in the `Signer`, which is directly related to the changes in the `CreatePayForBlobs` method in the main PR, as it modifies how transactions are created with different accounts. - #3942: This PR enhances the transaction preparation process, including limits on the number of messages, which is relevant to the changes in the `CreatePayForBlobs` method as it affects how blob transactions are handled during proposal preparation. - #3954: This PR optimizes the `checkTx` function, which may relate to the overall transaction handling and validation processes impacted by the changes in the `CreatePayForBlobs` method.

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share - [X](https://twitter.com/intent/tweet?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A&url=https%3A//coderabbit.ai) - [Mastodon](https://mastodon.social/share?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A%20https%3A%2F%2Fcoderabbit.ai) - [Reddit](https://www.reddit.com/submit?title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&text=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code.%20Check%20it%20out%3A%20https%3A//coderabbit.ai) - [LinkedIn](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fcoderabbit.ai&mini=true&title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&summary=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code)
🪧 Tips ### Chat There are 3 ways to chat with [CodeRabbit](https://coderabbit.ai): > ‼️ **IMPORTANT** > Auto-reply has been disabled for this repository in the CodeRabbit settings. The CodeRabbit bot will not respond to your replies unless it is explicitly tagged. - Files and specific lines of code (under the "Files changed" tab): Tag `@coderabbitai` in a new review comment at the desired location with your query. Examples: - `@coderabbitai generate unit testing code for this file.` - `@coderabbitai modularize this function.` - PR comments: Tag `@coderabbitai` in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples: - `@coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.` - `@coderabbitai read src/utils.ts and generate unit testing code.` - `@coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.` - `@coderabbitai help me debug CodeRabbit configuration file.` Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. ### CodeRabbit Commands (Invoked using PR comments) - `@coderabbitai pause` to pause the reviews on a PR. - `@coderabbitai resume` to resume the paused reviews. - `@coderabbitai review` to trigger an incremental review. This is useful when automatic reviews are disabled for the repository. - `@coderabbitai full review` to do a full review from scratch and review all the files again. - `@coderabbitai summary` to regenerate the summary of the PR. - `@coderabbitai resolve` resolve all the CodeRabbit review comments. - `@coderabbitai configuration` to show the current CodeRabbit configuration for the repository. - `@coderabbitai help` to get help. ### Other keywords and placeholders - Add `@coderabbitai ignore` anywhere in the PR description to prevent this PR from being reviewed. - Add `@coderabbitai summary` to generate the high-level summary at a specific location in the PR description. - Add `@coderabbitai` anywhere in the PR title to generate the title automatically. ### Documentation and Community - Visit our [Documentation](https://coderabbit.ai/docs) for detailed information on how to use CodeRabbit. - Join our [Discord Community](http://discord.gg/coderabbit) to get help, request features, and share feedback. - Follow us on [X/Twitter](https://twitter.com/coderabbitai) for updates and announcements.