Various fixes

.github/workflows/dependency-review.yml

@@ -0,0 +1,20 @@
+# Dependency Review Action
+#
+# This Action will scan dependency manifest files that change as part of a Pull Request, surfacing known-vulnerable versions of the packages declared or updated in the PR. Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging.
+#
+# Source repository: https://github.com/actions/dependency-review-action
+# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
+name: 'Dependency Review'
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout Repository'
+        uses: actions/checkout@v3
+      - name: 'Dependency Review'
+        uses: actions/dependency-review-action@v2

config_example.json

@@ -24,6 +24,15 @@
             "checkThreshold": 500,
             "purgeInterval": 300
         },
+        "bannedAddresses": {
+            "enabled": false,
+            "banned": [
+                "banned address 1",
+                "banned address 2",
+                "etcetera"
+            ]
+        },
+
         "redis": {
             "_disabled_socket": "/var/run/redis/redis.sock",
             "_socket": "Set socket to enable UNIX domain sockets, otherwise leave unset and set host and port.",

init.js

@@ -290,8 +290,9 @@ var spawnPoolWorkers = function(){
 
                         var redisCommands = [];
 
-                        // if its been less than 15 minutes since last share was submitted
-                        var timeChangeSec = roundTo(Math.max(now - lastShareTime, 0) / 1000, 4);
+                        // if its been less than 15 minutes since last share was submitted by any stratum
+                        var lastShareTimeUnified = Math.max(redisCommands.push(['hget', msg.coin + ':lastSeen', workerAddress]), lastShareTime);
+                        var timeChangeSec = roundTo(Math.max(now - lastShareTimeUnified, 0) / 1000, 4);
                         //var timeChangeTotal = roundTo(Math.max(now - lastStartTime, 0) / 1000, 4);
                         if (timeChangeSec < 900) {
                             // loyal miner keeps mining :)

libs/api.js

@@ -29,6 +29,59 @@ module.exports = function(logger, portalConfig, poolConfigs){
                     res.end(JSON.stringify(data));                                        
                 });
                 break;
+			case 'worker_balances':
+				res.header('Content-Type', 'application/json');
+				if (req.url.indexOf("?") > 0) {
+					var url_parms = req.url.split("?");
+					if (url_parms.length > 0) {
+						var address = url_parms[1] || null;
+						if (address != null && address.length > 0) {
+							address = address.split(".")[0];
+							//portalStats.getPoolBalancesByAddress(address, function(balances) {
+							//	res.end(JSON.stringify(balances));
+							//});
+							portalStats.getPoolBalancesByAddress(address, function(balances) {
+								var formattedBalances = {};
+
+								balances.forEach(function (balance) {
+									if (!formattedBalances[balance.pool]) {
+										formattedBalances[balance.pool] = {
+											name: balance.pool,
+											totalPaid: 0,
+											totalBalance: 0,
+											totalImmature: 0,
+											workers: []
+										};
+									}
+
+									formattedBalances[balance.pool].totalPaid += balance.paid;
+									formattedBalances[balance.pool].totalBalance += balance.balance;
+									formattedBalances[balance.pool].totalImmature += balance.immature;
+
+									formattedBalances[balance.pool].workers.push({
+										name: balance.worker,
+										balance: balance.balance,
+										paid: balance.paid,
+										immature: balance.immature
+									});
+									formattedBalances[balance.pool].totalPaid = (Math.round(formattedBalances[balance.pool].totalPaid * 100000000) / 100000000);
+                               		formattedBalances[balance.pool].totalBalance = (Math.round(formattedBalances[balance.pool].totalBalance * 100000000) / 100000000);
+                                 	formattedBalances[balance.pool].totalImmature = (Math.round(formattedBalances[balance.pool].totalImmature * 100000000) / 100000000);
+								});
+
+								var finalBalances = Object.values(formattedBalances);
+								res.end(JSON.stringify(finalBalances));
+                			});
+						} else {
+							res.end(JSON.stringify({ result: "error", message: "Invalid wallet address" }));
+						}
+					} else {
+						res.end(JSON.stringify({ result: "error", message: "Invalid URL parameters" }));
+					}
+				} else {
+					res.end(JSON.stringify({ result: "error", message: "URL parameters not found" }));
+				}
+				return;
             case 'payments':
                 var poolBlocks = [];
                 for(var pool in portalStats.stats.pools) {

libs/paymentProcessor.js

@@ -7,6 +7,9 @@ var async = require('async');
 var Stratum = require('stratum-pool');
 var util = require('stratum-pool/lib/util.js');
 var CreateRedisClient = require('./createRedisClient.js');
+var WAValidator = require('wallet-address-validator');
+
+let badBlocks = {}
 
 module.exports = function(logger){
 
@@ -742,39 +745,59 @@ function SetupForPool(logger, poolOptions, setupFinished){
                         // update confirmations for round
                         if (tx && tx.result)
                             round.confirmations = parseInt((tx.result.confirmations || 0));
-                        
+
                         // look for transaction errors
+                        // NOTE: We should combine these two if blocks into one since the only difference is in the logged message.
                         if (tx.error && tx.error.code === -5){
-                            logger.warning(logSystem, logComponent, 'Daemon reports invalid transaction: ' + round.txHash);
-                            round.category = 'kicked';
+                            if (undefined == badBlocks[round.txHash]) {
+                                badBlocks[round.txHash] = 0
+                            }
+
+                            if (badBlocks[round.txHash] >= 15) {
+                                logger.warning(logSystem, logComponent, 'ERROR: Daemon reports invalid transaction: ' + round.txHash)
+                                delete badBlocks[round.txHash]
+                                round.category = 'kicked'
+                            } else {
+                                badBlocks[round.txHash]++
+                                logger.warning(logSystem, logComponent, `Abandoned block ${round.txHash} check ${badBlocks[round.txHash]}/15`)
+                            }
                             return;
                         }
                         else if (!tx.result.details || (tx.result.details && tx.result.details.length === 0)){
-                            logger.warning(logSystem, logComponent, 'Daemon reports no details for transaction: ' + round.txHash);
-                            round.category = 'kicked';
-                            return;
-                        }
-                        else if (tx.error || !tx.result){
-                            logger.error(logSystem, logComponent, 'Odd error with gettransaction ' + round.txHash + ' ' + JSON.stringify(tx));
+                            if (undefined == badBlocks[round.txHash]) {
+                                badBlocks[round.txHash] = 0
+                            }
+                            if (badBlocks[round.txHash] >= 15) {
+                                logger.warning(logSystem, logComponent, 'ERROR: Daemon reports no details for transaction: ' + round.txHash)
+                                delete badBlocks[round.txHash]
+                                round.category = 'kicked'
+                            } else {
+                                badBlocks[round.txHash]++
+                                logger.warning(logSystem, logComponent, `Abandoned block ${round.txHash} check ${badBlocks[round.txHash]}/15`)
+                            }
                             return;
                         }
+
                         // get the coin base generation tx
-                        var generationTx = tx.result.details.filter(function(tx){
-                            return tx.address === poolOptions.address;
-                        })[0];
-                        if (!generationTx && tx.result.details.length === 1){
-                            generationTx = tx.result.details[0];
+                        var generationTx = tx.result.details.filter(tx => tx.address === poolOptions.address)[0]
+                        if (!generationTx && tx.result.details.length === 1) {
+                            generationTx = tx.result.details[0]
                         }
                         if (!generationTx){
-                            logger.error(logSystem, logComponent, 'Missing output details to pool address for transaction ' + round.txHash);
-                            return;
+                            return logger.error(logSystem, logComponent, `ERROR: Missing output details to pool address for transaction ${round.txHash}`)
                         }
                         // get transaction category for round
-                        round.category = generationTx.category;
+                        round.category = generationTx.category
                         // get reward for newly generated blocks
                         if (round.category === 'generate' || round.category === 'immature') {
                             round.reward = coinsRound(parseFloat(generationTx.amount || generationTx.value));
                         }
+
+                        // Clear blocks that previously triggered an attempted kick.
+                        if (!round.txHash in badBlocks) {
+                            logger.error(logSystem, logComponent, `${round.txHash} is no longer bad!`)
+                            delete badBlocks[round.txHash]
+                        }
                     });
 
                     var canDeleteShares = function(r){
@@ -1417,11 +1440,15 @@ function SetupForPool(logger, poolOptions, setupFinished){
 
 
     var getProperAddress = function(address){
-        if (address.length >= 40){
-            logger.warning(logSystem, logComponent, 'Invalid address '+address+', convert to address '+(poolOptions.invalidAddress || poolOptions.address));
-            return (poolOptions.invalidAddress || poolOptions.address);
+        // Validation of Public and Identity addresses
+        var isvalid = WAValidator.validate(String(address).split(".")[0], 'VRSC');
+        if(isvalid !== true){
+/*
+            // Validation of sapling addreses (disabled until paymentProcessor.js can handle sapling payments)
+            var isvalid = WAValidator.validate(String(address).split(".")[0], 'VRSC', 'sapling');
         }
-        if (address.length <= 30) {
+        if (isvalid !== true){
+*/
             logger.warning(logSystem, logComponent, 'Invalid address '+address+', convert to address '+(poolOptions.invalidAddress || poolOptions.address));
             return (poolOptions.invalidAddress || poolOptions.address);
         }

libs/poolWorker.js

@@ -5,6 +5,7 @@ var net     = require('net');
 var MposCompatibility = require('./mposCompatibility.js');
 var ShareProcessor = require('./shareProcessor.js');
 var CreateRedisClient = require('./createRedisClient.js');
+var WAValidator = require('wallet-address-validator');
 
 module.exports = function(logger){
 
@@ -134,23 +135,23 @@ module.exports = function(logger){
             var shareProcessor = new ShareProcessor(logger, poolOptions);
 
             handlers.auth = function(port, workerName, password, authCallback){
-                if (poolOptions.validateWorkerUsername !== true)
-                    authCallback(true);
-                else {
-                        pool.daemon.cmd('validateaddress', [String(workerName).split(".")[0]], function (results) {
-                            var isValid = results.filter(function (r) {
-                                if (r.response)
-                                {
-                                    return r.response.isvalid;
-                                }
-                                else
-                                {
-                                    return false;
-                                }
-                            }).length > 0;
-                            authCallback(isValid);
-                        });
+                if (poolOptions.bannedAddresses.banned.indexOf(workerName) !== -1 && poolOptions.bannedAddresses.enabled == true) {
+                    //Banned addresses return false if that option is enabled
+                    isvalid = false;
+                } else if (poolOptions.validateWorkerUsername !== true) {
+                    //Addresses are not checked for validity
+                    isvalid = true;
+                } else {
+                    //Validation of Public and Identity addresses
+                    var isvalid = WAValidator.validate(String(workerName).split(".")[0], 'VRSC');
+/*
+                    //Validation of sapling addreses (disabled until paymentProcessor.js can handle sapling payments)
+                    if(isvalid !== true){
+                        var isvalid = WAValidator.validate(String(address).split(".")[0], 'VRSC', 'sapling');
                     }
+*/
+                }
+                authCallback(isvalid);
             };
 
             handlers.share = function(isValidShare, isValidBlock, data){

libs/shareProcessor.js

@@ -26,7 +26,7 @@ module.exports = function(logger, poolConfig){
     var logSystem = 'Pool';
     var logComponent = coin;
     var logSubCat = 'Thread ' + (parseInt(forkId) + 1);
-    
+
     var connection = CreateRedisClient(redisConfig);
     if (redisConfig.password) {
         connection.auth(redisConfig.password);
@@ -69,19 +69,20 @@ module.exports = function(logger, poolConfig){
     this.handleShare = function(isValidShare, isValidBlock, shareData) {
 
         var redisCommands = [];
+        var dateNow = Date.now();
 
         if (isValidShare) {
             redisCommands.push(['hincrbyfloat', coin + ':shares:pbaasCurrent', shareData.worker, shareData.difficulty]);
             redisCommands.push(['hincrbyfloat', coin + ':shares:roundCurrent', shareData.worker, shareData.difficulty]);
             redisCommands.push(['hincrby', coin + ':stats', 'validShares', 1]);
+            redisCommands.push(['hset', coin + ':lastSeen', shareData.worker, dateNow]);
         } else {
             redisCommands.push(['hincrby', coin + ':stats', 'invalidShares', 1]);
         }
 
         /* Stores share diff, worker, and unique value with a score that is the timestamp. Unique value ensures it
            doesn't overwrite an existing entry, and timestamp as score lets us query shares from last X minutes to
            generate hashrate for each worker and pool. */
-        var dateNow = Date.now();
         var hashrateData = [ isValidShare ? shareData.difficulty : -shareData.difficulty, shareData.worker, dateNow];
         redisCommands.push(['zadd', coin + ':hashrate', dateNow / 1000 | 0, hashrateData.join(':')]);