Merge pull request #109 from ArkEcosystem/mainnet-dev

Merge mainnet-dev into mainnet

Author: faustbrian

config.mainnet.json

@@ -1,7 +1,7 @@
 {
   "port": 4001,
   "address": "0.0.0.0",
-  "version": "1.0.3",
+  "version": "1.1.0",
   "fileLogLevel": "info",
   "logFileName": "logs/ark.log",
   "consoleLogLevel": "info",

helpers/z_schema.js

@@ -84,6 +84,12 @@ function schema(network){
     }
   });
 
+  this.z_schema.registerFormat('voteString', function (str) {
+    //Excluding capital hex characters
+    //(mainnet database could contain mixed case vote strings?)
+    return /^[-+]0[23][0-9a-fA-F]{64}$/.test(str);
+  });
+
   this.z_schema.registerFormat('queryList', function (obj) {
     obj.limit = 100;
     return true;

logic/account.js

@@ -17,7 +17,7 @@ function Account (scope, cb) {
 
 	self = this;
 	db = this.scope.db;
-	library = this.scope.library;
+	library = this.scope;
 	genesisBlock = this.scope.genesisblock.block;
 
 	this.table = 'mem_accounts';

logic/transaction.js

@@ -391,6 +391,8 @@ Transaction.prototype.process = function (trs, sender, requester, cb) {
 Transaction.prototype.verify = function (trs, sender, requester, cb) {
 	var valid = false;
 	var err = null;
+	const INT_32_MIN = -2147483648;
+	const INT_32_MAX = 2147483647;
 
 	if (typeof requester === 'function') {
 		cb = requester;
@@ -568,9 +570,13 @@ Transaction.prototype.verify = function (trs, sender, requester, cb) {
 		return cb(senderBalance.error);
 	}
 
+	if (trs.timestamp < INT_32_MIN || trs.timestamp > INT_32_MAX) {
+		return cb('Invalid transaction timestamp. Timestamp is not in the int32 range.');
+	}
+
 	// Check timestamp
 	if (slots.getSlotNumber(trs.timestamp) > slots.getSlotNumber()) {
-		return cb('Invalid transaction timestamp');
+		return cb('Invalid transaction timestamp. Timestamp is in the future.');
 	}
 
 	// Check fee

logic/vote.js

@@ -210,6 +210,10 @@ Vote.prototype.schema = {
 	properties: {
 		votes: {
 			type: 'array',
+			items: {
+				type: 'string',
+				format: 'voteString',
+			},
 			minLength: 1,
 			maxLength: constants.maximumVotes,
 			uniqueItems: true

modules/blocks.js

@@ -572,7 +572,7 @@ Blocks.prototype.getCommonBlock = function (peer, height, cb) {
 				if (err || res.body.error) {
 					return waterCb(err || res.body.error.toString());
 				} else if (!res.body.common) {
-					return waterCb(['Chain comparison failed with peer:', peer.string, 'using ids:', ids].join(' '));
+					return waterCb(['Chain comparison failed with peer:', peer.toString(), 'using ids:', ids].join(' '));
 				} else {
 					return waterCb(null, res);
 				}
@@ -586,7 +586,7 @@ Blocks.prototype.getCommonBlock = function (peer, height, cb) {
 				height: res.body.common.height
 			}).then(function (rows) {
 				if (!rows.length || !rows[0].count) {
-					return waterCb(['Chain comparison failed with peer:', peer.string, 'using block:', JSON.stringify(res.body.common)].join(' '));
+					return waterCb(['Chain comparison failed with peer:', peer.toString(), 'using block:', JSON.stringify(res.body.common)].join(' '));
 				} else {
 					return waterCb(null, res.body);
 				}

modules/delegates.js

@@ -14,6 +14,7 @@ var schema = require('../schema/delegates.js');
 var slots = require('../helpers/slots.js');
 var sql = require('../sql/delegates.js');
 var transactionTypes = require('../helpers/transactionTypes.js');
+var crypto = require('crypto')
 
 // Private fields
 var modules, library, self, __private = {}, shared = {};
@@ -62,7 +63,7 @@ __private.attachApi = function () {
 		'get /fee': 'getFee',
 		'get /forging/getForgedByAccount': 'getForgedByAccount',
 		'put /': 'addDelegate',
- 		'get /getNextForgers': 'getNextForgers'
+		'get /getNextForgers': 'getNextForgers'
 	});
 
 	if (process.env.DEBUG) {
@@ -87,85 +88,85 @@ __private.attachApi = function () {
 			tmpKepairs = {};
 			return res.json({success: true});
 		});
-	}
-
-	router.post('/forging/enable', function (req, res) {
-		library.schema.validate(req.body, schema.enableForging, function (err) {
-			if (err) {
-				return res.json({success: false, error: err[0].message});
-			}
-
-			var ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress;
 
-			if (!checkIpInList(library.config.forging.access.whiteList, ip)) {
-				return res.json({success: false, error: 'Access denied'});
-			}
+		router.post('/forging/enable', function (req, res) {
+			library.schema.validate(req.body, schema.enableForging, function (err) {
+				if (err) {
+					return res.json({success: false, error: err[0].message});
+				}
 
-			var keypair = library.crypto.makeKeypair(crypto.createHash('sha256').update(req.body.secret, 'utf8').digest());
+				var ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress;
 
-			if (req.body.publicKey) {
-				if (keypair.publicKey.toString('hex') !== req.body.publicKey) {
-					return res.json({success: false, error: 'Invalid passphrase'});
+				if (!checkIpInList(library.config.forging.access.whiteList, ip)) {
+					return res.json({success: false, error: 'Access denied'});
 				}
-			}
 
-			if (__private.keypairs[keypair.publicKey.toString('hex')]) {
-				return res.json({success: false, error: 'Forging is already enabled'});
-			}
+				var keypair = library.crypto.makeKeypair(crypto.createHash('sha256').update(req.body.secret, 'utf8').digest());
 
-			modules.accounts.getAccount({publicKey: keypair.publicKey.toString('hex')}, function (err, account) {
-				if (err) {
-					return res.json({success: false, error: err});
+				if (req.body.publicKey) {
+					if (keypair.publicKey.toString('hex') !== req.body.publicKey) {
+						return res.json({success: false, error: 'Invalid passphrase'});
+					}
 				}
-				if (account && account.isDelegate) {
-					__private.keypairs[keypair.publicKey.toString('hex')] = keypair;
-					library.logger.info('Forging enabled on account: ' + account.address);
-					return res.json({success: true, address: account.address});
-				} else {
-					return res.json({success: false, error: 'Delegate not found'});
+
+				if (__private.keypairs[keypair.publicKey.toString('hex')]) {
+					return res.json({success: false, error: 'Forging is already enabled'});
 				}
+
+				modules.accounts.getAccount({publicKey: keypair.publicKey.toString('hex')}, function (err, account) {
+					if (err) {
+						return res.json({success: false, error: err});
+					}
+					if (account && account.isDelegate) {
+						__private.keypairs[keypair.publicKey.toString('hex')] = keypair;
+						library.logger.info('Forging enabled on account: ' + account.address);
+						return res.json({success: true, address: account.address});
+					} else {
+						return res.json({success: false, error: 'Delegate not found'});
+					}
+				});
 			});
 		});
-	});
 
-	router.post('/forging/disable', function (req, res) {
-		library.schema.validate(req.body, schema.disableForging, function (err) {
-			if (err) {
-				return res.json({success: false, error: err[0].message});
-			}
-
-			var ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress;
-
-			if (!checkIpInList(library.config.forging.access.whiteList, ip)) {
-				return res.json({success: false, error: 'Access denied'});
-			}
+		router.post('/forging/disable', function (req, res) {
+			library.schema.validate(req.body, schema.disableForging, function (err) {
+				if (err) {
+					return res.json({success: false, error: err[0].message});
+				}
 
-			var keypair = library.crypto.makeKeypair(crypto.createHash('sha256').update(req.body.secret, 'utf8').digest());
+				var ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress;
 
-			if (req.body.publicKey) {
-				if (keypair.publicKey.toString('hex') !== req.body.publicKey) {
-					return res.json({success: false, error: 'Invalid passphrase'});
+				if (!checkIpInList(library.config.forging.access.whiteList, ip)) {
+					return res.json({success: false, error: 'Access denied'});
 				}
-			}
 
-			if (!__private.keypairs[keypair.publicKey.toString('hex')]) {
-				return res.json({success: false, error: 'Delegate not found'});
-			}
+				var keypair = library.crypto.makeKeypair(crypto.createHash('sha256').update(req.body.secret, 'utf8').digest());
 
-			modules.accounts.getAccount({publicKey: keypair.publicKey.toString('hex')}, function (err, account) {
-				if (err) {
-					return res.json({success: false, error: err});
+				if (req.body.publicKey) {
+					if (keypair.publicKey.toString('hex') !== req.body.publicKey) {
+						return res.json({success: false, error: 'Invalid passphrase'});
+					}
 				}
-				if (account && account.isDelegate) {
-					delete __private.keypairs[keypair.publicKey.toString('hex')];
-					library.logger.info('Forging disabled on account: ' + account.address);
-					return res.json({success: true, address: account.address});
-				} else {
+
+				if (!__private.keypairs[keypair.publicKey.toString('hex')]) {
 					return res.json({success: false, error: 'Delegate not found'});
 				}
+
+				modules.accounts.getAccount({publicKey: keypair.publicKey.toString('hex')}, function (err, account) {
+					if (err) {
+						return res.json({success: false, error: err});
+					}
+					if (account && account.isDelegate) {
+						delete __private.keypairs[keypair.publicKey.toString('hex')];
+						library.logger.info('Forging disabled on account: ' + account.address);
+						return res.json({success: true, address: account.address});
+					} else {
+						return res.json({success: false, error: 'Delegate not found'});
+					}
+				});
 			});
 		});
-	});
+	}
 
 	router.get('/forging/status', function (req, res) {
 		library.schema.validate(req.query, schema.forgingStatus, function (err) {
@@ -514,7 +515,7 @@ Delegates.prototype.getDelegates = function (query, cb) {
 		var realLimit = Math.min(offset + limit, count);
 
 		var lastBlock   = modules.blockchain.getLastBlock(),
-		    totalSupply = __private.blockReward.calcSupply(lastBlock.height);
+			totalSupply = __private.blockReward.calcSupply(lastBlock.height);
 
 		for (var i = 0; i < delegates.length; i++) {
 			delegates[i].rate = i + 1;
@@ -737,7 +738,7 @@ __private.toggleForgingOnReceipt = function () {
 
 
 		// if (lastReceipt.secondsAgo > timeOut) {
-		// 	return self.disableForging('timeout');
+		//  return self.disableForging('timeout');
 		// } else {
 		return self.enableForging();
 		// }
@@ -879,7 +880,7 @@ shared.getDelegates = function (req, cb) {
 				if (data.sortMethod === 'ASC') {
 					return sorta - sortb;
 				} else {
-				 	return sortb - sorta;
+					return sortb - sorta;
 				}
 			}
 

modules/nodeManager.js

@@ -158,7 +158,8 @@ NodeManager.prototype.onBlocksReceived = function(blocks, peer, cb) {
 			block.totalAmount = parseInt(block.totalAmount);
 			block.totalFee = parseInt(block.totalFee);
 			block.verified = false;
-		  block.processed = false;
+			block.processed = false;
+			if (block.numberOfTransactions == 0) block.transactions = [];
       // looks like the last block pulled, let's broadcast it
 			block.broadcast = blocks.length == 1;
 
@@ -499,12 +500,12 @@ NodeManager.prototype.onBlockReceived = function(block, peer, cb) {
 					modules.blockchain.removeBlock(block);
 					return mSequence(err, block);
 				}
-				modules.blockchain.upsertBlock(block);
 				library.logger.debug("processing block with "+block.transactions.length+" transactions", block.height);
 				return library.bus.message('verifyBlock', block, function(err){
 					if(err){
 						library.logger.error("Error processing block at height", block.height);
-						modules.blockchain.removeBlock(block);
+					} else {
+						modules.blockchain.upsertBlock(block);
 					}
 					return mSequence(err, block);
 				});

modules/transactionPool.js

@@ -18,6 +18,7 @@ function TransactionPool (cb, scope) {
 	self.unconfirmed = { };
 	self.queued = { };
 	self.multisignature = { };
+	self.invalid = { };
 
 	// TODO: to remove
 	self.expiryInterval = 30000;
@@ -355,20 +356,22 @@ TransactionPool.prototype.receiveTransactions = function (transactions, cb) {
 			return eachSeriesCb();
 		}
 		else {
-			// we add transaction in mempool but still can be a spam.
-			// be sure to remove if there is an error in processing
-			__private.mempool[transaction.id]=transaction;
+			if (!self.invalid[transaction.id])
 			__private.processVerifyTransaction(transaction, function (err) {
 				if (!err) {
+					__private.mempool[transaction.id]=transaction;
 					return self.queueTransaction(transaction, eachSeriesCb);
 				} else {
-					// TODO: do we want to remove from mempool if somebody is spamming?
-					// we delete the tx in 1 min, so max 1 verification per spammy tx
-					// we keep the error in memory.
+					// delete all invalid txs after 1 min
 					transaction.error=err;
-					setTimeout(function(){
-						delete __private.mempool[transaction.id];
-					}, 60000);
+					if(JSON.stringify(self.invalid) === JSON.stringify({})) {
+						setTimeout(function() {
+							self.invalid = {};
+						}, 60000)
+					}
+
+					self.invalid[transaction.id] = true;
+
 					return eachSeriesCb(err, transaction);
 				}
 			});

modules/transport.js

@@ -18,7 +18,7 @@ var modules, library, self, __private = {}, shared = {};
 
 __private.headers = {};
 __private.messages = {};
-__private.broadcastTransactions = [];
+__private.broadcastTransactions = {};
 
 // Constructor
 function Transport (cb, scope) {
@@ -27,9 +27,13 @@ function Transport (cb, scope) {
 
 	setInterval(function(){
 		var maxspliced = 10;
-		if(maxspliced > __private.broadcastTransactions.length) maxspliced = __private.broadcastTransactions.length;
+		if(maxspliced > Object.keys(__private.broadcastTransactions).length) maxspliced = Object.keys(__private.broadcastTransactions).length;
 		if(maxspliced > 0){
-			var transactions = __private.broadcastTransactions.splice(0, maxspliced);
+			var transactions = Object.keys(__private.broadcastTransactions).splice(0, maxspliced).map(tx => {
+				var thistx = __private.broadcastTransactions[tx];
+				delete __private.broadcastTransactions[tx];
+				return thistx;
+			});
 			self.broadcast({limit: 20}, {api: '/transactions', data: {transactions: transactions}, method: 'POST'});
 		}
 	}, 3000);
@@ -507,7 +511,7 @@ Transport.prototype.onBroadcastTransaction = function (transaction) {
 	delete transaction.verified;
 	delete transaction.processed;
 
-	__private.broadcastTransactions.push(transaction);
+	__private.broadcastTransactions[transaction.id] = transaction;
 };
 
 //