Add tests for adversarial scenarios (#300)

* fix and test cheating scenario (malicious double spend)

* test and fix async vtxo cheating cases

* add replace statement in go.mod

* Update server/internal/core/application/covenantless.go

Co-authored-by: Pietralberto Mazza <[email protected]>
Signed-off-by: Louis Singer <[email protected]>

* Update server/internal/infrastructure/wallet/btc-embedded/psbt.go

Co-authored-by: Pietralberto Mazza <[email protected]>
Signed-off-by: Louis Singer <[email protected]>

* Update server/test/e2e/covenant/e2e_test.go

Co-authored-by: Pietralberto Mazza <[email protected]>
Signed-off-by: Louis Singer <[email protected]>

* Update server/test/e2e/covenantless/e2e_test.go

Co-authored-by: Pietralberto Mazza <[email protected]>
Signed-off-by: Louis Singer <[email protected]>

* Update server/test/e2e/covenantless/e2e_test.go

Co-authored-by: Pietralberto Mazza <[email protected]>
Signed-off-by: Louis Singer <[email protected]>

* remove unused

* [btc-embedded] fix GetNotificationChannel

* [tx-builder] fix redeem transaction fee estimator

* close grpc client in tests

* [application] rework listentoscannerNotification

* [application][covenant] fix getConnectorAmount

* [tx-builder][covenant] get connector amount from wallet

* e2e test sleep time

* [liquid-standalone] ListConnectorUtxos: filter by script client side

* fix Makefile integrationtest

* do not use cache in integration tests

* use VtxoKey as argument of findForfeitTxBitcoin

* wrap adversarial test in t.Run

* increaste test timeout

* CI: setup go 1.23.1

* CI: revert go version

* add replace in server/go.mod

* Update server/internal/core/application/covenant.go

Co-authored-by: Pietralberto Mazza <[email protected]>
Signed-off-by: Louis Singer <[email protected]>

* remove replace

* readd replace statement

* fixes

* go work sync

* fix CI

---------

Signed-off-by: Louis Singer <[email protected]>
Co-authored-by: Pietralberto Mazza <[email protected]>

.github/workflows/ark.artifacts.yaml

@@ -12,9 +12,9 @@ jobs:
       uses: actions/checkout@v2
 
     - name: Set up Go
-      uses: actions/setup-go@v2
+      uses: actions/setup-go@v4
       with:
-        go-version: 1.21.0
+        go-version: 1.23.1
 
     - name: Build binaries
       run: make build-all

.github/workflows/ark.integration.yaml

@@ -2,7 +2,8 @@ name: ci_integration
 
 on:
   push:
-    branches: [master]
+    branches:
+      - master
   pull_request:
     branches:
       - master
@@ -15,11 +16,12 @@ jobs:
       run:
         working-directory: ./server
     steps:
-      - uses: actions/setup-go@v3
-        with:
-          go-version: ">1.17.2"
       - uses: actions/checkout@v3
-      - run: go get -v -t -d ./...
+      - uses: actions/setup-go@v4
+        with:
+          go-version: '>=1.23.1'
+      - name: Run go work sync
+        run: go work sync
 
       - name: Run Nigiri
         uses: vulpemventures/nigiri-github-action@v1

.github/workflows/ark.release.yaml

@@ -16,9 +16,9 @@ jobs:
       uses: actions/checkout@v2
 
     - name: Set up Go
-      uses: actions/setup-go@v2
+      uses: actions/setup-go@v4
       with:
-        go-version: 1.21.0
+        go-version: 1.23.1
 
     # Build binaries for all architectures
     - name: Build binaries

.github/workflows/ark.unit.yaml

@@ -2,10 +2,11 @@ name: ci_unit
 
 on:
   push:
+    branches:
+      - master
     paths:
       - 'server/**'
       - 'pkg/client-sdk/**'
-    branches: [master]
   pull_request:
     branches:
       - master
@@ -56,7 +57,8 @@ jobs:
         uses: securego/gosec@master
         with:
           args: '-severity high -quiet -exclude=G115 ./...'
-      - run: go get -v -t -d ./...
+      - name: Run go work sync
+        run: go work sync
       - name: unit testing
         run: make test
 
@@ -83,4 +85,4 @@ jobs:
           args: '-severity high -quiet -exclude=G115 ./...'
       - run: go get -v -t -d ./...
       - name: unit testing
-        run: make test
+        run: make test

docker-compose.clark.regtest.yml

@@ -11,7 +11,6 @@ services:
       - ARK_LOG_LEVEL=5
       - ARK_ROUND_LIFETIME=512
       - ARK_TX_BUILDER_TYPE=covenantless
-      - ARK_MIN_RELAY_FEE=200
       - ARK_ESPLORA_URL=http://chopsticks:3000
       - ARK_BITCOIND_RPC_USER=admin1
       - ARK_BITCOIND_RPC_PASS=123

pkg/client-sdk/ark_sdk.go

@@ -15,7 +15,7 @@ type ArkClient interface {
 	Unlock(ctx context.Context, password string) error
 	Lock(ctx context.Context, password string) error
 	Balance(ctx context.Context, computeExpiryDetails bool) (*Balance, error)
-	Receive(ctx context.Context) (string, string, error)
+	Receive(ctx context.Context) (offchainAddr, boardingAddr string, err error)
 	SendOnChain(ctx context.Context, receivers []Receiver) (string, error)
 	SendOffChain(
 		ctx context.Context, withExpiryCoinselect bool, receivers []Receiver,
@@ -26,7 +26,7 @@ type ArkClient interface {
 	) (string, error)
 	SendAsync(ctx context.Context, withExpiryCoinselect bool, receivers []Receiver) (string, error)
 	Claim(ctx context.Context) (string, error)
-	ListVtxos(ctx context.Context) ([]client.Vtxo, []client.Vtxo, error)
+	ListVtxos(ctx context.Context) (spendable, spent []client.Vtxo, err error)
 	GetTransactionHistory(ctx context.Context) ([]Transaction, error)
 	Dump(ctx context.Context) (seed string, err error)
 }

pkg/client-sdk/covenant_client.go

@@ -17,7 +17,7 @@ import (
 	"github.com/ark-network/ark/pkg/client-sdk/client"
 	"github.com/ark-network/ark/pkg/client-sdk/explorer"
 	"github.com/ark-network/ark/pkg/client-sdk/internal/utils"
-	"github.com/ark-network/ark/pkg/client-sdk/internal/utils/redemption"
+	"github.com/ark-network/ark/pkg/client-sdk/redemption"
 	"github.com/ark-network/ark/pkg/client-sdk/store"
 	"github.com/ark-network/ark/pkg/client-sdk/wallet"
 	"github.com/btcsuite/btcd/btcec/v2/schnorr"

pkg/client-sdk/covenantless_client.go

@@ -18,7 +18,7 @@ import (
 	"github.com/ark-network/ark/pkg/client-sdk/client"
 	"github.com/ark-network/ark/pkg/client-sdk/explorer"
 	"github.com/ark-network/ark/pkg/client-sdk/internal/utils"
-	"github.com/ark-network/ark/pkg/client-sdk/internal/utils/redemption"
+	"github.com/ark-network/ark/pkg/client-sdk/redemption"
 	"github.com/ark-network/ark/pkg/client-sdk/store"
 	"github.com/ark-network/ark/pkg/client-sdk/wallet"
 	"github.com/btcsuite/btcd/btcec/v2/schnorr"
@@ -975,6 +975,15 @@ func (a *covenantlessArkClient) handleRoundStream(
 
 	var signerSession bitcointree.SignerSession
 
+	const (
+		start = iota
+		roundSigningStarted
+		roundSigningNoncesGenerated
+		roundFinalization
+	)
+
+	step := start
+
 	for {
 		select {
 		case <-ctx.Done():
@@ -991,24 +1000,35 @@ func (a *covenantlessArkClient) handleRoundStream(
 				return "", fmt.Errorf("round failed: %s", event.(client.RoundFailedEvent).Reason)
 			case client.RoundSigningStartedEvent:
 				pingStop()
+				if step != start {
+					continue
+				}
 				log.Info("a round signing started")
 				signerSession, err = a.handleRoundSigningStarted(
 					ctx, roundEphemeralKey, event.(client.RoundSigningStartedEvent),
 				)
 				if err != nil {
 					return "", err
 				}
+				step++
 				continue
 			case client.RoundSigningNoncesGeneratedEvent:
+				if step != roundSigningStarted {
+					continue
+				}
 				pingStop()
 				log.Info("round combined nonces generated")
 				if err := a.handleRoundSigningNoncesGenerated(
 					ctx, event.(client.RoundSigningNoncesGeneratedEvent), roundEphemeralKey, signerSession,
 				); err != nil {
 					return "", err
 				}
+				step++
 				continue
 			case client.RoundFinalizationEvent:
+				if step != roundSigningNoncesGenerated {
+					continue
+				}
 				pingStop()
 				log.Info("a round finalization started")
 
@@ -1031,6 +1051,8 @@ func (a *covenantlessArkClient) handleRoundStream(
 
 				log.Info("done.")
 				log.Info("waiting for round finalization...")
+				step++
+				continue
 			}
 		}
 	}

pkg/client-sdk/internal/utils/utils.go

@@ -8,6 +8,7 @@ import (
 	"fmt"
 	"runtime/debug"
 	"sort"
+	"sync"
 
 	"github.com/ark-network/ark/common"
 	"github.com/ark-network/ark/pkg/client-sdk/client"
@@ -265,8 +266,13 @@ func DecryptAES128(encrypted, password []byte) ([]byte, error) {
 	return plaintext, nil
 }
 
+var lock = &sync.Mutex{}
+
 // deriveKey derives a 32 byte array key from a custom passhprase
 func deriveKey(password, salt []byte) ([]byte, []byte, error) {
+	lock.Lock()
+	defer lock.Unlock()
+
 	if salt == nil {
 		salt = make([]byte, 32)
 		if _, err := rand.Read(salt); err != nil {

pkg/client-sdk/wallet/singlekey/bitcoin_wallet.go

@@ -181,14 +181,16 @@ func (s *bitcoinWallet) SignTransaction(
 						return "", fmt.Errorf("signature verification failed")
 					}
 
-					updater.Upsbt.Inputs[i].TaprootScriptSpendSig = []*psbt.TaprootScriptSpendSig{
-						{
-							XOnlyPubKey: schnorr.SerializePubKey(pubkey),
-							LeafHash:    hash.CloneBytes(),
-							Signature:   sig.Serialize(),
-							SigHash:     txscript.SigHashDefault,
-						},
+					if len(updater.Upsbt.Inputs[i].TaprootScriptSpendSig) == 0 {
+						updater.Upsbt.Inputs[i].TaprootScriptSpendSig = make([]*psbt.TaprootScriptSpendSig, 0)
 					}
+
+					updater.Upsbt.Inputs[i].TaprootScriptSpendSig = append(updater.Upsbt.Inputs[i].TaprootScriptSpendSig, &psbt.TaprootScriptSpendSig{
+						XOnlyPubKey: schnorr.SerializePubKey(pubkey),
+						LeafHash:    hash.CloneBytes(),
+						Signature:   sig.Serialize(),
+						SigHash:     txscript.SigHashDefault,
+					})
 				}
 			}
 		}

server/Makefile

@@ -23,7 +23,8 @@ help:
 ## intergrationtest: runs integration tests
 integrationtest:
 	@echo "Running integration tests..."
-	@go test -v -count=1 -race -timeout 200s github.com/ark-network/ark/server/test/e2e/...
+	@go test -v -count 1 -timeout 300s github.com/ark-network/ark/server/test/e2e/covenant
+	@go test -v -count 1 -timeout 300s github.com/ark-network/ark/server/test/e2e/covenantless
 
 ## lint: lint codebase
 lint: