Skip to content

check wallet id when receiving a transaction from the network#1743

Open
HayimShaul wants to merge 51 commits into
mainfrom
1631_semantic_security
Open

check wallet id when receiving a transaction from the network#1743
HayimShaul wants to merge 51 commits into
mainfrom
1631_semantic_security

Conversation

@HayimShaul

Copy link
Copy Markdown
Contributor

check wallet id when receiving a transaction from the network

Addresses one check mentioned in #1631

Comment thread token/services/ttx/transaction.go Outdated
Comment thread token/services/ttx/transaction.go Outdated
@HayimShaul HayimShaul force-pushed the 1631_semantic_security branch from 66719d8 to 686ab72 Compare June 7, 2026 08:18
@HayimShaul HayimShaul force-pushed the 1631_semantic_security branch from 75916c9 to 098c54c Compare June 15, 2026 08:19
HayimShaul pushed a commit that referenced this pull request Jun 16, 2026
The wallet validation added in PR #1743 is causing HTLC locked tokens
to not be tracked correctly in both fabtoken and dlog implementations.
The validation logic itself is correct (using EnrollmentID() instead of
GetRecipientIdentity() to avoid side effects), but there appears to be
a deeper issue with how the validation interacts with HTLC token storage.

Temporarily disabling the validation until the root cause can be identified.
The validation can be re-enabled by uncommenting the function call.

Diagnostic logging has been added to help identify the issue in future debugging.

Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
@mergify mergify Bot mentioned this pull request Jun 18, 2026
@AkramBitar AkramBitar marked this pull request as ready for review June 18, 2026 10:12
Comment thread integration/token/fungible/views/auditor.go Outdated
// Notice that, this step would not be required if the issuer knew already which
// identity the recipient wants to use.
recipient, err := ttx.RequestRecipientIdentity(context, p.Recipient, ServiceOpts(p.TMSID, ttx.WithRecipientWalletID(p.RecipientWalletID))...)
assert.NoError(err, "failed getting recipient identity")

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why you replaced the assert with return?

Comment thread integration/token/fungible/views/utils.go

walletIDs := []string{provider.BaseID()}
if sender {
walletID = senderWallet(ctx, w.wallet)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why we replaced senderWallet with append?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The original code was returning immediately after finding the first valid iterator (typically for the base wallet ID like 'bob'), without querying the second wallet ID (like 'htlc.recipientbob') where HTLC locked tokens are actually stored.

The Problem
In HTLC (Hash Time Locked Contract) scenarios, tokens can be stored under multiple wallet IDs:

Base wallet ID (e.g., "bob") - the user's main wallet
HTLC-specific wallet ID (e.g., "htlc.recipientbob" or "htlc.senderbob") - where locked tokens are stored
The old code would query only the first wallet ID and return, missing all tokens in the HTLC-specific wallet.

The Solution
The PR (commit d6c7fd8) changed the logic to:

Build an array of wallet IDs to query:

Always includes the base wallet ID
Adds sender-specific or recipient-specific HTLC wallet ID based on the sender flag
Query ALL wallet IDs and collect valid iterators from each

Chain iterators together using a new chainedIterator type that sequentially iterates through all of them

Graceful fallback: If one wallet ID fails (e.g., doesn't exist yet), it continues with others instead of failing completely

This ensures that HTLC queries return tokens from both the base wallet AND the HTLC-specific wallet, fixing the broken HTLC functionality in both fabtoken and dlog implementations.

The test TestOwnerWalletFilterIteratorFallsBackToBaseWalletID demonstrates this fallback behavior where the HTLC wallet ID fails but tokens are still found in the base wallet.

walletIDs = append(walletIDs, provider.SenderID(ctx))
} else {
walletID = recipientWallet(ctx, w.wallet)
walletIDs = append(walletIDs, provider.RecipientID(ctx))

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why we replaced recipientWallet with append?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same answer as above

Comment thread token/services/interop/htlc/wallet.go
Comment thread token/services/ttx/recipients.go
Comment thread token/wallet.go
Comment thread token/services/ttx/transaction.go Outdated
if len(txEIDs) == 0 {
logger.DebugfContext(ctx, "no enrollment IDs to validate in transaction")

return nil

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why returned nil here?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this function validates all enrollment ids. nil means there's no error. If there are no enrollment ids to validate no need to check anything

Comment thread token/services/ttx/transaction.go Outdated
} else {
// EID is not in our local set - could be:
// 1. A remote party's EID (valid - we don't validate remote parties)
// 2. A malformed local EID (invalid - but we can't distinguish without more context)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, so if it is invalid what is the action item that we need to do? only to have a message in the log file?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can't distinguish between a remote wallet and an invalid local wallet.
The issue this PR addresses requested to validate that all wallets in database are valid.
Since you can't distinguish between a malformed local and a remote we can only log what we found

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, please add log

Hayim.Shaul@ibm.com added 15 commits June 30, 2026 07:53
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
fmt
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Hayim.Shaul@ibm.com added 22 commits June 30, 2026 07:54
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
The wallet validation added in PR #1743 is causing HTLC locked tokens
to not be tracked correctly in both fabtoken and dlog implementations.
The validation logic itself is correct (using EnrollmentID() instead of
GetRecipientIdentity() to avoid side effects), but there appears to be
a deeper issue with how the validation interacts with HTLC token storage.

Temporarily disabling the validation until the root cause can be identified.
The validation can be re-enabled by uncommenting the function call.

Diagnostic logging has been added to help identify the issue in future debugging.

Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
- Enable debug log level for fabtoken tests (was info)
- Add verbose test progress logging to track execution flow
- Add detailed logging to RegisterAuditor, IssueCash, CheckBalanceWithLocked
- Add logging to Restart and HTLCLock functions
- Add step-by-step logging in TestHTLCSingleNetwork

This will help diagnose the timeout issue in interop-fabtoken-t1 tests.
All logging uses [TEST] prefix for easy filtering.

Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Root cause: The filterIterator function was returning after finding the first
valid iterator (for base wallet ID 'bob'), without querying the second wallet
ID ('htlc.recipientbob') where HTLC locked tokens are actually stored.

This caused all HTLC locked token queries to return 0 tokens, breaking HTLC
functionality in both fabtoken and dlog implementations.

Solution: Collect iterators from ALL wallet IDs and chain them together using
a new chainedIterator type that sequentially iterates through all of them.

The bug was NOT related to the wallet validation changes - it was a pre-existing
issue in the HTLC wallet filter logic that only became apparent when tests
checked for locked tokens after node restart.

Fixes: interop-dlog-t1, interop-fabtoken-t1, and related HTLC tests
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Now that the HTLC iterator bug is fixed, we can safely re-enable the wallet
validation that was temporarily disabled during debugging.

Also removed excessive debug logging that was added during diagnosis:
- Removed [TEST] prefix logging from integration tests
- Removed verbose HTLC filterIterator debug logs
- Kept only essential logging for multi-iterator chaining

Changes:
- token/services/ttx/transaction.go: Re-enabled validationFunc() call
- token/services/interop/htlc/wallet.go: Cleaned up debug logging
- integration/token/interop/tests.go: Removed verbose test logging
- integration/token/interop/support.go: Removed verbose helper logging

Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
@HayimShaul HayimShaul force-pushed the 1631_semantic_security branch from b07bed1 to dfb4f9f Compare June 30, 2026 08:01
Hayim.Shaul@ibm.com added 7 commits June 30, 2026 08:18
fix
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
fix
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
fix
Signed-off-by: Hayim.Shaul@ibm.com <hayimsha@fhe03.vpc.cloud9.ibm.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Check wallet_id upon receiving a transaction from the network [HIGH] Semantic Invariant Enforcement at the Store-Service Boundary [HIGH]

3 participants