added implicit max_execution_time when executin readonly calls in cost-free mode

Author: rdeioris

stackslib/src/net/api/callreadonly.rs

@@ -14,12 +14,14 @@
 // You should have received a copy of the GNU General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
+use std::time::Duration;
+
 use clarity::vm::analysis::CheckErrors;
 use clarity::vm::ast::parser::v1::CLARITY_NAME_REGEX;
 use clarity::vm::clarity::ClarityConnection;
-use clarity::vm::costs::{ExecutionCost, LimitedCostTracker};
+use clarity::vm::costs::{CostErrors, ExecutionCost, LimitedCostTracker};
+use clarity::vm::errors::Error as ClarityRuntimeError;
 use clarity::vm::errors::Error::Unchecked;
-use clarity::vm::errors::{Error as ClarityRuntimeError, InterpreterError};
 use clarity::vm::representations::{CONTRACT_NAME_REGEX_STRING, STANDARD_PRINCIPAL_REGEX_STRING};
 use clarity::vm::types::{PrincipalData, QualifiedContractIdentifier};
 use clarity::vm::{ClarityName, ContractName, SymbolicExpression, Value};
@@ -68,10 +70,16 @@ pub struct RPCCallReadOnlyRequestHandler {
     pub sender: Option<PrincipalData>,
     pub sponsor: Option<PrincipalData>,
     pub arguments: Option<Vec<Value>>,
+
+    read_only_max_execution_time: Duration,
 }
 
 impl RPCCallReadOnlyRequestHandler {
-    pub fn new(maximum_call_argument_size: u32, read_only_call_limit: ExecutionCost) -> Self {
+    pub fn new(
+        maximum_call_argument_size: u32,
+        read_only_call_limit: ExecutionCost,
+        read_only_max_execution_time: Duration,
+    ) -> Self {
         Self {
             maximum_call_argument_size,
             read_only_call_limit,
@@ -80,6 +88,7 @@ impl RPCCallReadOnlyRequestHandler {
             sender: None,
             sponsor: None,
             arguments: None,
+            read_only_max_execution_time,
         }
     }
 }
@@ -184,6 +193,12 @@ impl RPCRequestHandler for RPCCallReadOnlyRequestHandler {
             }
         };
 
+        let cost_tracker = contents
+            .get_query_args()
+            .get("cost_tracker")
+            .map(|cost_tracker| cost_tracker.as_str().into())
+            .unwrap_or(CostTrackerRequest::Limited);
+
         let contract_identifier = self
             .contract_identifier
             .take()
@@ -216,20 +231,27 @@ impl RPCRequestHandler for RPCCallReadOnlyRequestHandler {
                 cost_limit.write_length = 0;
                 cost_limit.write_count = 0;
 
+                let mut enforce_max_execution_time = false;
+
                 chainstate.maybe_read_only_clarity_tx(
                     &sortdb.index_handle_at_block(chainstate, &tip)?,
                     &tip,
                     |clarity_tx| {
                         let epoch = clarity_tx.get_epoch();
                         let cost_track = clarity_tx
-                            .with_clarity_db_readonly(|clarity_db| {
-                                LimitedCostTracker::new_mid_block(
+                            .with_clarity_db_readonly(|clarity_db| match cost_tracker {
+                                CostTrackerRequest::Limited => LimitedCostTracker::new_mid_block(
                                     mainnet, chain_id, cost_limit, clarity_db, epoch,
-                                )
+                                ),
+                                CostTrackerRequest::Free => {
+                                    enforce_max_execution_time = true;
+                                    Ok(LimitedCostTracker::new_free())
+                                }
+                                CostTrackerRequest::Invalid => {
+                                    Err(CostErrors::Expect("Invalid cost tracker".into()))
+                                }
                             })
-                            .map_err(|_| {
-                                ClarityRuntimeError::from(InterpreterError::CostContractLoadFailure)
-                            })?;
+                            .map_err(|e| ClarityRuntimeError::from(e))?;
 
                         let clarity_version = clarity_tx
                             .with_analysis_db_readonly(|analysis_db| {
@@ -250,6 +272,13 @@ impl RPCRequestHandler for RPCCallReadOnlyRequestHandler {
                             sponsor,
                             cost_track,
                             |env| {
+                                // cost tracking in read only calls is meamingful mainly from a security point of view
+                                // for this reason we enforce max_execution_time when cost tracking is disabled/free
+                                if enforce_max_execution_time {
+                                    env.global_context
+                                        .set_max_execution_time(self.read_only_max_execution_time);
+                                }
+
                                 // we want to execute any function as long as no actual writes are made as
                                 // opposed to be limited to purely calling `define-read-only` functions,
                                 // so use `read_only = false`.  This broadens the number of functions that
@@ -326,6 +355,38 @@ impl HttpResponse for RPCCallReadOnlyRequestHandler {
     }
 }
 
+/// All representations of the `cost_tracker=` query parameter value
+#[derive(Debug, Clone, PartialEq)]
+pub enum CostTrackerRequest {
+    Limited,
+    Free,
+    Invalid,
+}
+
+impl CostTrackerRequest {}
+
+impl std::fmt::Display for CostTrackerRequest {
+    fn fmt(&self, f: &mut std::fmt::Formatter) -> std::fmt::Result {
+        match self {
+            Self::Limited => write!(f, "limited"),
+            Self::Free => write!(f, "free"),
+            Self::Invalid => write!(f, "invalid"),
+        }
+    }
+}
+
+impl From<&str> for CostTrackerRequest {
+    fn from(s: &str) -> CostTrackerRequest {
+        if s == "limited" || s == "" {
+            CostTrackerRequest::Limited
+        } else if s == "free" {
+            CostTrackerRequest::Free
+        } else {
+            CostTrackerRequest::Invalid
+        }
+    }
+}
+
 impl StacksHttpRequest {
     /// Make a new request to run a read-only function
     pub fn new_callreadonlyfunction(
@@ -337,6 +398,7 @@ impl StacksHttpRequest {
         function_name: ClarityName,
         function_args: Vec<Value>,
         tip_req: TipRequest,
+        cost_tracker: CostTrackerRequest,
     ) -> StacksHttpRequest {
         StacksHttpRequest::new_for_peer(
             host,
@@ -345,14 +407,17 @@ impl StacksHttpRequest {
                 "/v2/contracts/call-read/{}/{}/{}",
                 &contract_addr, &contract_name, &function_name
             ),
-            HttpRequestContents::new().for_tip(tip_req).payload_json(
-                serde_json::to_value(CallReadOnlyRequestBody {
-                    sender: sender.to_string(),
-                    sponsor: sponsor.map(|s| s.to_string()),
-                    arguments: function_args.into_iter().map(|v| v.to_string()).collect(),
-                })
-                .expect("FATAL: failed to encode infallible data"),
-            ),
+            HttpRequestContents::new()
+                .for_tip(tip_req)
+                .query_arg("cost_tracker".to_string(), cost_tracker.to_string())
+                .payload_json(
+                    serde_json::to_value(CallReadOnlyRequestBody {
+                        sender: sender.to_string(),
+                        sponsor: sponsor.map(|s| s.to_string()),
+                        arguments: function_args.into_iter().map(|v| v.to_string()).collect(),
+                    })
+                    .expect("FATAL: failed to encode infallible data"),
+                ),
         )
         .expect("FATAL: failed to construct request from infallible data")
     }

stackslib/src/net/api/mod.rs

@@ -73,6 +73,7 @@ impl StacksHttp {
         self.register_rpc_endpoint(callreadonly::RPCCallReadOnlyRequestHandler::new(
             self.maximum_call_argument_size,
             self.read_only_call_limit.clone(),
+            self.read_only_max_execution_time,
         ));
         self.register_rpc_endpoint(getaccount::RPCGetAccountRequestHandler::new());
         self.register_rpc_endpoint(getattachment::RPCGetAttachmentRequestHandler::new());

stackslib/src/net/api/tests/callreadonly.rs

@@ -15,14 +15,16 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 use std::net::{IpAddr, Ipv4Addr, SocketAddr};
+use std::time::Duration;
 
 use clarity::types::chainstate::StacksBlockId;
 use clarity::vm::types::{PrincipalData, QualifiedContractIdentifier, StacksAddressExtensions};
 use stacks_common::types::chainstate::StacksAddress;
 use stacks_common::types::Address;
 
-use super::test_rpc;
+use super::{test_rpc, test_rpc_with_config};
 use crate::core::BLOCK_LIMIT_MAINNET_21;
+use crate::net::api::callreadonly::CostTrackerRequest;
 use crate::net::api::*;
 use crate::net::connection::ConnectionOptions;
 use crate::net::httpcore::{
@@ -47,6 +49,7 @@ fn test_try_parse_request() {
         "ro-test".try_into().unwrap(),
         vec![],
         TipRequest::SpecificTip(StacksBlockId([0x22; 32])),
+        CostTrackerRequest::Limited,
     );
     assert_eq!(
         request.contents().tip_request(),
@@ -58,8 +61,11 @@ fn test_try_parse_request() {
     debug!("Request:\n{}\n", std::str::from_utf8(&bytes).unwrap());
 
     let (parsed_preamble, offset) = http.read_preamble(&bytes).unwrap();
-    let mut handler =
-        callreadonly::RPCCallReadOnlyRequestHandler::new(4096, BLOCK_LIMIT_MAINNET_21);
+    let mut handler = callreadonly::RPCCallReadOnlyRequestHandler::new(
+        4096,
+        BLOCK_LIMIT_MAINNET_21,
+        Duration::from_secs(30),
+    );
     let mut parsed_request = http
         .handle_try_parse_request(
             &mut handler,
@@ -119,6 +125,7 @@ fn test_try_make_response() {
         "ro-confirmed".try_into().unwrap(),
         vec![],
         TipRequest::UseLatestAnchoredTip,
+        CostTrackerRequest::Limited,
     );
     requests.push(request);
 
@@ -134,6 +141,7 @@ fn test_try_make_response() {
         "ro-test".try_into().unwrap(),
         vec![],
         TipRequest::UseLatestUnconfirmedTip,
+        CostTrackerRequest::Limited,
     );
     requests.push(request);
 
@@ -149,6 +157,7 @@ fn test_try_make_response() {
         "does-not-exist".try_into().unwrap(),
         vec![],
         TipRequest::UseLatestUnconfirmedTip,
+        CostTrackerRequest::Limited,
     );
     requests.push(request);
 
@@ -164,6 +173,7 @@ fn test_try_make_response() {
         "ro-test".try_into().unwrap(),
         vec![],
         TipRequest::UseLatestUnconfirmedTip,
+        CostTrackerRequest::Limited,
     );
     requests.push(request);
 
@@ -179,6 +189,7 @@ fn test_try_make_response() {
         "ro-confirmed".try_into().unwrap(),
         vec![],
         TipRequest::SpecificTip(StacksBlockId([0x11; 32])),
+        CostTrackerRequest::Limited,
     );
     requests.push(request);
 
@@ -269,3 +280,119 @@ fn test_try_make_response() {
     let (preamble, payload) = response.destruct();
     assert_eq!(preamble.status_code, 404);
 }
+
+#[test]
+fn test_try_make_response_free_cost_tracker() {
+    let addr = SocketAddr::new(IpAddr::V4(Ipv4Addr::new(127, 0, 0, 1)), 33333);
+
+    let mut requests = vec![];
+
+    // query confirmed tip
+    let request = StacksHttpRequest::new_callreadonlyfunction(
+        addr.into(),
+        StacksAddress::from_string("ST2DS4MSWSGJ3W9FBC6BVT0Y92S345HY8N3T6AV7R").unwrap(),
+        "hello-world".try_into().unwrap(),
+        StacksAddress::from_string("ST2DS4MSWSGJ3W9FBC6BVT0Y92S345HY8N3T6AV7R")
+            .unwrap()
+            .to_account_principal(),
+        None,
+        "ro-confirmed".try_into().unwrap(),
+        vec![],
+        TipRequest::UseLatestAnchoredTip,
+        CostTrackerRequest::Free,
+    );
+    requests.push(request);
+
+    let mut responses = test_rpc_with_config(
+        function_name!(),
+        requests,
+        |peer_1_config| {
+            peer_1_config
+                .connection_opts
+                .read_only_max_execution_time_secs = 0
+        },
+        |peer_2_config| {
+            peer_2_config
+                .connection_opts
+                .read_only_max_execution_time_secs = 0
+        },
+    );
+
+    // confirmed tip
+    let response = responses.remove(0);
+    debug!(
+        "Response:\n{}\n",
+        std::str::from_utf8(&response.try_serialize().unwrap()).unwrap()
+    );
+
+    assert_eq!(
+        response.preamble().get_canonical_stacks_tip_height(),
+        Some(1)
+    );
+
+    let resp = response.decode_call_readonly_response().unwrap();
+
+    assert!(!resp.okay);
+    assert!(resp.result.is_none());
+    assert!(resp.cause.is_some());
+
+    assert_eq!(resp.cause.unwrap(), "Unchecked(ExecutionTimeExpired)");
+}
+
+#[test]
+fn test_try_make_response_invalid_cost_tracker() {
+    let addr = SocketAddr::new(IpAddr::V4(Ipv4Addr::new(127, 0, 0, 1)), 33333);
+
+    let mut requests = vec![];
+
+    // query confirmed tip
+    let request = StacksHttpRequest::new_callreadonlyfunction(
+        addr.into(),
+        StacksAddress::from_string("ST2DS4MSWSGJ3W9FBC6BVT0Y92S345HY8N3T6AV7R").unwrap(),
+        "hello-world".try_into().unwrap(),
+        StacksAddress::from_string("ST2DS4MSWSGJ3W9FBC6BVT0Y92S345HY8N3T6AV7R")
+            .unwrap()
+            .to_account_principal(),
+        None,
+        "ro-confirmed".try_into().unwrap(),
+        vec![],
+        TipRequest::UseLatestAnchoredTip,
+        CostTrackerRequest::Invalid,
+    );
+    requests.push(request);
+
+    let mut responses = test_rpc_with_config(
+        function_name!(),
+        requests,
+        |peer_1_config| {
+            peer_1_config
+                .connection_opts
+                .read_only_max_execution_time_secs = 0
+        },
+        |peer_2_config| {
+            peer_2_config
+                .connection_opts
+                .read_only_max_execution_time_secs = 0
+        },
+    );
+
+    // confirmed tip
+    let response = responses.remove(0);
+    debug!(
+        "Response:\n{}\n",
+        std::str::from_utf8(&response.try_serialize().unwrap()).unwrap()
+    );
+
+    assert_eq!(
+        response.preamble().get_canonical_stacks_tip_height(),
+        Some(1)
+    );
+
+    let resp = response.decode_call_readonly_response().unwrap();
+
+    assert!(!resp.okay);
+    assert!(resp.result.is_none());
+    assert!(resp.cause.is_some());
+
+    assert_eq!(resp.cause.unwrap(), "Interpreter(Expect(\"Interpreter failure during cost calculation: Invalid cost tracker\"))");
+}