add firewall hook #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open

dangell7 wants to merge 4 commits into main from firewall

contracts/firewall/base.c

-Original file line number
+Diff line change
@@ -0,0 +1,14 @@
+    /**
+     *
+     */
+    #include "hookapi.h"
+    int64_t hook(uint32_t reserved) {
+        TRACESTR("Base.c: Called.");
+        accept(SBUF("base: Finished."), __LINE__);
+        _g(1,1);
+        // unreachable
+        return 0;
+    }

contracts/firewall/firewall_base.c

-Original file line number
+Diff line change
@@ -0,0 +1,109 @@
+    #include "hookapi.h"
+    #include <stdint.h>
+    /**
+        This hook is an omnibus hook that contains 2 different hooks' functionalities. Each of these
+        can be enabled or disabled and configured using the provided install-time hook parameter as
+        described below:
+        All integer values are little endian unless otherwise marked
+        Firewall Hook
+            Parameter Name: 0x4650 ('FP')
+            Parameter Value: <20 byte account ID of blocklist provider>
+            Parameter Name: 0x4649 ('FI')
+            Parameter Value: <uint256 bit field of allowable transaction types in>
+            Parameter Name: 0x464F ('FO')
+            Parameter Value: <uint256 bit field of allowable transaction types out>
+            Parameter Name: 0x4644 ('FD')
+            Parameter Value: minimum drops threshold for incoming XRP payments (xfl LE)
+            Parameter Name: 0x4654 ('FT')
+            Parameter Value: minimum threshold for incoming trustline payments (xfl LE)
+    **/
+    uint8_t tts[32] = {
+xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU,0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU,
+xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU,0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU, 0xFFU
+    };
+    int64_t hook(uint32_t r)
+    {
+        _g(1,1);
+        // get the account id
+        uint8_t otxn_account[20];
+        otxn_field(SBUF(otxn_account), sfAccount);
+        uint8_t hook_acc[20];
+        hook_account(SBUF(hook_acc));
+        uint8_t outgoing = BUFFER_EQUAL_20(hook_acc, otxn_account);
+        uint32_t tt = otxn_type();
+        if (tt == 22)
+            accept(SBUF("Firewall: Ignoring SetHook txn"), __LINE__);
+        // get the relevant amount, if any
+        int64_t amount = -1;
+        int64_t amount_native;
+        otxn_slot(1);
+        if (slot_subfield(1, sfAmount, 1) == 1)
+        {
+            amount = slot_float(1);
+            amount_native = slot_size(1) == 8;
+        }
+        // check flags
+        uint8_t flagbuf[4];
+        otxn_field(SBUF(flagbuf), sfFlags);
+        // Blocklist
+        {
+            uint8_t param_name[2] = {'F', 'P'};
+            uint8_t provider[20];
+            hook_param(SBUF(provider), SBUF(param_name));
+            uint8_t dummy[64];
+            if (state_foreign(dummy, 32, SBUF(otxn_account), dummy + 32, 32, SBUF(provider)) > 0)
+                rollback(SBUF("Firewall: Blocklist match"), __LINE__);
+        }
+        // Firewall
+        {
+            // check allowable txn types
+            {
+                uint8_t param_name[2] = {'F', outgoing ? 'O' : 'I'};
+                hook_param(tts, 32, SBUF(param_name));
+                // check if its on the list of blocked txn types
+                if (tts[tt >> 3] & (tt % 8))
+                    rollback(SBUF("Firewall: Txn type"), __LINE__);
+            }
+            // if its an incoming payment ensure it passes the threshold
+            if (!outgoing && amount >= 0)
+            {
+                if (flagbuf[2] & 2U)
+                    rollback(SBUF("Firewall: Incoming partial payment"), __LINE__);
+                TRACEVAR(amount_native);
+                // threshold for drops
+                uint8_t param_name[2] = {'F', amount_native ? 'D' : 'T'};
+                TRACEHEX(param_name);
+                // if the parameter doesn't exist then the threshold is unlimited or rather 9.999999999999999e+95
+                int64_t threshold = 7810234554605699071LL;
+                hook_param(&threshold, 8, SBUF(param_name));
+                TRACEVAR(amount);
+                TRACEVAR(threshold);
+                if (float_compare(amount, threshold, COMPARE_LESS) == 1)
+                    rollback(SBUF("Firewall: Amount below threshold"), __LINE__);
+            }
+        }
+        return accept(SBUF("Firewall: Txn within thresholds"), __LINE__);
+    }

contracts/firewall/firewall_provider.c

-Original file line number
+Diff line change
@@ -0,0 +1,89 @@
+    #include "hookapi.h"
+    #include <stdint.h>
+    #define ASSERT(x)\
+    {\
+        if (!(x))\
+            rollback(0,0,__LINE__);\
+    }
+    #define DONE()\
+        accept(0,0,__LINE__)
+    /**
+     * Account Owner can:
+     * ttINVOKE:
+     *  Blob: (packed data) (up to 32)
+     *      ( 1 byte action type + 20 byte account id ) +
+     *
+     * Action Type: 0 to remove account, 1 to add account
+     */
+    int64_t hook(uint32_t r)
+    {
+        _g(1,1);
+        // pass anything that isn't a ttINVOKE
+        if (otxn_type() != ttINVOKE)
+            DONE();
+        // get the account id
+        uint8_t account_field[20];
+        ASSERT(otxn_field(SBUF(account_field), sfAccount) == 20);
+        uint8_t hook_accid[20];
+        hook_account(SBUF(hook_accid));
+        // ignore anything that isn't a self invoke
+        if (!BUFFER_EQUAL_20(hook_accid, account_field))
+            DONE();
+        // if there's a destination set
+        uint8_t dest[20];
+        if (otxn_field(SBUF(dest), sfDestination) == 20)
+        {
+            if (!BUFFER_EQUAL_20(hook_accid, dest))
+            {
+                // .. then they are invoking someone else's hook
+                // and we need to not interfere with that.
+                DONE();
+            }
+        }
+        uint8_t txn_id[32];
+        ASSERT(otxn_id(txn_id, 32, 0) == 32);
+    #define sfBlob ((7U << 16U) + 26U)
+        ASSERT(otxn_slot(1) == 1);
+        ASSERT(slot_subfield(1, sfBlob, 2) == 2);
+        uint8_t buffer[676];
+        ASSERT(slot(SBUF(buffer), 2) > 0);
+        trace(SBUF("blob-buffer"), buffer, 676, 1);
+        uint16_t len = (uint16_t)buffer[0];
+        uint8_t* ptr = buffer + 1;
+        if (len > 192)
+        {
+            len = 193 + ((len - 193) * 256) + ((uint16_t)(buffer[1]));
+            ptr++;
+        }
+        uint8_t* end = ptr + len;
+        // execution to here means it's a valid modification instruction
+        while (ptr < end)
+        {
+            GUARD(32);
+            uint8_t* dptr = *ptr == 0 ? txn_id : 0;
+            uint64_t dlen = *ptr == 0 ? 32 : 0;
+            ASSERT(state_set(dptr, dlen, ptr+1, 20) == dlen);
+            ptr += 21;
+        }
+        DONE();
+    }

contracts/utils/hookapi.h

-Original file line number
+Diff line change
@@ Expand Up / @@ -53,5 +53,6 @@ @@
     #include "sfcodes.h"
     #include "macro.h"
     #include "date.h"
+    #include "tts.h"
     #endif

contracts/utils/macro.h

-Original file line number
+Diff line change
@@ Expand Up / @@ -301,43 +301,6 @@ int out_len = 0;\ @@
         if (i < 0) buf[0] |= 0x80U;\
     }
-    #define ttPAYMENT 0
-    #define ttESCROW_CREATE 1
-    #define ttESCROW_FINISH 2
-    #define ttACCOUNT_SET 3
-    #define ttESCROW_CANCEL 4
-    #define ttREGULAR_KEY_SET 5
-    #define ttOFFER_CREATE 7
-    #define ttOFFER_CANCEL 8
-    #define ttTICKET_CREATE 10
-    #define ttSIGNER_LIST_SET 12
-    #define ttPAYCHAN_CREATE 13
-    #define ttPAYCHAN_FUND 14
-    #define ttPAYCHAN_CLAIM 15
-    #define ttCHECK_CREATE 16
-    #define ttCHECK_CASH 17
-    #define ttCHECK_CANCEL 18
-    #define ttDEPOSIT_PREAUTH 19
-    #define ttTRUST_SET 20
-    #define ttACCOUNT_DELETE 21
-    #define ttSET_HOOK 22
-    #define ttNFTOKEN_MINT 25
-    #define ttNFTOKEN_BURN 26
-    #define ttNFTOKEN_CREATE_OFFER 27
-    #define ttNFTOKEN_CANCEL_OFFER 28
-    #define ttNFTOKEN_ACCEPT_OFFER 29
-    #define ttURITOKEN_MINT 45
-    #define ttURITOKEN_BURN 46
-    #define ttURITOKEN_BUY 47
-    #define ttURITOKEN_CREATE_SELL_OFFER 48
-    #define ttURITOKEN_CANCEL_SELL_OFFER 49
-    #define ttIMPORT 97
-    #define ttCLAIM_REWARD 98
-    #define ttINVOKE 99
-    #define ttAMENDMENT 100
-    #define ttFEE 101
-    #define ttUNL_MODIFY 102
-    #define ttEMIT_FAILURE 103
     #define tfCANONICAL 0x80000000UL
     #define atACCOUNT 1U
@@ Expand Down @@

contracts/utils/tts.h

-Original file line number
+Diff line change
@@ -0,0 +1,42 @@
+    // For documentation please see: https://xrpl-hooks.readme.io/reference/
+    #define ttPAYMENT 0
+    #define ttESCROW_CREATE 1
+    #define ttESCROW_FINISH 2
+    #define ttACCOUNT_SET 3
+    #define ttESCROW_CANCEL 4
+    #define ttREGULAR_KEY_SET 5
+    // #define ttNICKNAME_SET 6 // deprecated
+    #define ttOFFER_CREATE 7
+    #define ttOFFER_CANCEL 8
+    #define ttTICKET_CREATE 10
+    // #define ttSPINAL_TAP 11 // deprecated
+    #define ttSIGNER_LIST_SET 12
+    #define ttPAYCHAN_CREATE 13
+    #define ttPAYCHAN_FUND 14
+    #define ttPAYCHAN_CLAIM 15
+    #define ttCHECK_CREATE 16
+    #define ttCHECK_CASH 17
+    #define ttCHECK_CANCEL 18
+    #define ttDEPOSIT_PREAUTH 19
+    #define ttTRUST_SET 20
+    #define ttACCOUNT_DELETE 21
+    #define ttHOOK_SET 22
+    #define ttNFTOKEN_MINT 25
+    #define ttNFTOKEN_BURN 26
+    #define ttNFTOKEN_CREATE_OFFER 27
+    #define ttNFTOKEN_CANCEL_OFFER 28
+    #define ttNFTOKEN_ACCEPT_OFFER 29
+    #define ttURITOKEN_MINT 45
+    #define ttURITOKEN_BURN 46
+    #define ttURITOKEN_BUY 47
+    #define ttURITOKEN_CREATE_SELL_OFFER 48
+    #define ttURITOKEN_CANCEL_SELL_OFFER 49
+    #define ttGENESIS_MINT 96
+    #define ttIMPORT 97
+    #define ttCLAIM_REWARD 98
+    #define ttINVOKE 99
+    #define ttAMENDMENT 100
+    #define ttFEE 101
+    #define ttUNL_MODIFY 102
+    #define ttEMIT_FAILURE 103
+    #define ttUNL_REPORT 104

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

add firewall hook #1

Uh oh!

Diff view

Diff view

There are no files selected for viewing

Uh oh!

add firewall hook #1

Are you sure you want to change the base?

Uh oh!

add firewall hook #1

Uh oh!

Uh oh!

Diff view

Diff view

There are no files selected for viewing

Uh oh!