diff --git a/stacks-signer/src/cli.rs b/stacks-signer/src/cli.rs index 639b57f3a..8430bfe31 100644 --- a/stacks-signer/src/cli.rs +++ b/stacks-signer/src/cli.rs @@ -236,6 +236,12 @@ pub struct GenerateStackingSignatureArgs { /// Use `1` for stack-aggregation-commit #[arg(long)] pub period: u64, + /// The max amount of uSTX that can be used in this unique transaction + #[arg(long)] + pub max_amount: u128, + /// A unique identifier to prevent re-using this authorization + #[arg(long)] + pub auth_id: u128, } /// Parse the contract ID diff --git a/stacks-signer/src/main.rs b/stacks-signer/src/main.rs index e59722dd5..0cc67e56c 100644 --- a/stacks-signer/src/main.rs +++ b/stacks-signer/src/main.rs @@ -315,6 +315,8 @@ fn handle_generate_stacking_signature( args.method.topic(), config.network.to_chain_id(), args.period.into(), + args.max_amount, + args.auth_id, ) .expect("Failed to generate signature"); @@ -403,11 +405,14 @@ pub mod tests { lock_period: u128, public_key: &Secp256k1PublicKey, signature: Vec, + amount: u128, + max_amount: u128, + auth_id: u128, ) -> bool { let program = format!( r#" {} - (verify-signer-key-sig {} u{} "{}" u{} (some 0x{}) 0x{}) + (verify-signer-key-sig {} u{} "{}" u{} (some 0x{}) 0x{} u{} u{} u{}) "#, &*POX_4_CODE, //s Value::Tuple(pox_addr.clone().as_clarity_tuple().unwrap()), //p @@ -416,6 +421,9 @@ pub mod tests { lock_period, to_hex(signature.as_slice()), to_hex(public_key.to_bytes_compressed().as_slice()), + amount, + max_amount, + auth_id, ); execute_v2(&program) .expect("FATAL: could not execute program") @@ -436,6 +444,8 @@ pub mod tests { reward_cycle: 6, method: Pox4SignatureTopic::StackStx.into(), period: 12, + max_amount: u128::MAX, + auth_id: 1, }; let signature = handle_generate_stacking_signature(args.clone(), false); @@ -448,6 +458,9 @@ pub mod tests { args.period.into(), &public_key, signature.to_rsv(), + 100, + args.max_amount, + args.auth_id, ); assert!(valid); @@ -455,6 +468,8 @@ pub mod tests { args.period = 6; args.method = Pox4SignatureTopic::AggregationCommit.into(); args.reward_cycle = 7; + args.auth_id = 2; + args.max_amount = 100; let signature = handle_generate_stacking_signature(args.clone(), false); let public_key = Secp256k1PublicKey::from_private(&config.stacks_private_key); @@ -466,6 +481,9 @@ pub mod tests { args.period.into(), &public_key, signature.to_rsv(), + 100, + args.max_amount, + args.auth_id, ); assert!(valid); } @@ -480,6 +498,8 @@ pub mod tests { reward_cycle: 6, method: Pox4SignatureTopic::StackStx.into(), period: 12, + max_amount: u128::MAX, + auth_id: 1, }; let signature = handle_generate_stacking_signature(args.clone(), false); @@ -492,6 +512,8 @@ pub mod tests { &Pox4SignatureTopic::StackStx, CHAIN_ID_TESTNET, args.period.into(), + args.max_amount, + args.auth_id, ); let verify_result = public_key.verify(&message_hash.0, &signature); diff --git a/stackslib/src/chainstate/nakamoto/coordinator/tests.rs b/stackslib/src/chainstate/nakamoto/coordinator/tests.rs index 721149789..f2dcfe4c1 100644 --- a/stackslib/src/chainstate/nakamoto/coordinator/tests.rs +++ b/stackslib/src/chainstate/nakamoto/coordinator/tests.rs @@ -97,6 +97,8 @@ fn advance_to_nakamoto( 6, &Pox4SignatureTopic::StackStx, 12_u128, + u128::MAX, + 1, ); let signing_key = StacksPublicKey::from_private(&test_stacker.signer_private_key); @@ -109,6 +111,8 @@ fn advance_to_nakamoto( &signing_key, 34, Some(signature), + u128::MAX, + 1, ) }) .collect() diff --git a/stackslib/src/chainstate/stacks/boot/mod.rs b/stackslib/src/chainstate/stacks/boot/mod.rs index abba9be6c..59c18a1c5 100644 --- a/stackslib/src/chainstate/stacks/boot/mod.rs +++ b/stackslib/src/chainstate/stacks/boot/mod.rs @@ -1845,6 +1845,8 @@ pub mod test { signer_key: &StacksPublicKey, burn_ht: u64, signature_opt: Option>, + max_amount: u128, + auth_id: u128, ) -> StacksTransaction { let addr_tuple = Value::Tuple(addr.as_clarity_tuple().unwrap()); let signature = match signature_opt { @@ -1862,6 +1864,8 @@ pub mod test { Value::UInt(lock_period), signature, Value::buff_from(signer_key.to_bytes_compressed()).unwrap(), + Value::UInt(max_amount), + Value::UInt(auth_id), ], ) .unwrap(); @@ -2005,6 +2009,8 @@ pub mod test { lock_period: u128, signer_key: StacksPublicKey, signature_opt: Option>, + max_amount: u128, + auth_id: u128, ) -> StacksTransaction { let addr_tuple = Value::Tuple(addr.as_clarity_tuple().unwrap()); let signature = match signature_opt { @@ -2020,6 +2026,8 @@ pub mod test { addr_tuple, signature, Value::buff_from(signer_key.to_bytes_compressed()).unwrap(), + Value::UInt(max_amount), + Value::UInt(auth_id), ], ) .unwrap(); @@ -2114,6 +2122,8 @@ pub mod test { reward_cycle: u128, signature_opt: Option>, signer_key: &Secp256k1PublicKey, + max_amount: u128, + auth_id: u128, ) -> StacksTransaction { let addr_tuple = Value::Tuple(pox_addr.as_clarity_tuple().unwrap()); let signature = match signature_opt { @@ -2129,6 +2139,8 @@ pub mod test { Value::UInt(reward_cycle), signature, Value::buff_from(signer_key.to_bytes_compressed()).unwrap(), + Value::UInt(max_amount), + Value::UInt(auth_id), ], ) .unwrap(); @@ -2192,6 +2204,8 @@ pub mod test { reward_cycle: u128, topic: &Pox4SignatureTopic, period: u128, + max_amount: u128, + auth_id: u128, ) -> Vec { let signature = make_pox_4_signer_key_signature( pox_addr, @@ -2200,6 +2214,8 @@ pub mod test { topic, CHAIN_ID_TESTNET, period, + max_amount, + auth_id, ) .unwrap(); @@ -2215,6 +2231,8 @@ pub mod test { enabled: bool, nonce: u64, sender_key: Option<&StacksPrivateKey>, + max_amount: u128, + auth_id: u128, ) -> StacksTransaction { let signer_pubkey = StacksPublicKey::from_private(signer_key); let payload = TransactionPayload::new_contract_call( @@ -2228,6 +2246,8 @@ pub mod test { Value::string_ascii_from_bytes(topic.get_name_str().into()).unwrap(), Value::buff_from(signer_pubkey.to_bytes_compressed()).unwrap(), Value::Bool(enabled), + Value::UInt(max_amount), + Value::UInt(auth_id), ], ) .unwrap(); diff --git a/stackslib/src/chainstate/stacks/boot/pox-4.clar b/stackslib/src/chainstate/stacks/boot/pox-4.clar index d54f3b8d5..26c1f8c61 100644 --- a/stackslib/src/chainstate/stacks/boot/pox-4.clar +++ b/stackslib/src/chainstate/stacks/boot/pox-4.clar @@ -32,6 +32,8 @@ (define-constant ERR_DELEGATION_ALREADY_REVOKED 34) (define-constant ERR_INVALID_SIGNATURE_PUBKEY 35) (define-constant ERR_INVALID_SIGNATURE_RECOVER 36) +(define-constant ERR_SIGNER_AUTH_AMOUNT_TOO_HIGH 37) +(define-constant ERR_SIGNER_AUTH_USED 38) ;; Valid values for burnchain address versions. ;; These first four correspond to address hash modes in Stacks 2.1, @@ -233,10 +235,30 @@ topic: (string-ascii 12), ;; The PoX address that can be used with this signer key pox-addr: { version: (buff 1), hashbytes: (buff 32) }, + ;; The unique auth-id for this authorization + auth-id: uint, + ;; The maximum amount of uSTX that can be used (per tx) with this signer key + max-amount: uint, } bool ;; Whether the authorization can be used or not ) +;; State for tracking used signer key authorizations. This prevents re-use +;; of the same signature or pre-set authorization for multiple transactions. +;; Refer to the `signer-key-authorizations` map for the documentation on these fields +(define-map used-signer-key-authorizations + { + signer-key: (buff 33), + reward-cycle: uint, + period: uint, + topic: (string-ascii 12), + pox-addr: { version: (buff 1), hashbytes: (buff 32) }, + auth-id: uint, + max-amount: uint, + } + bool ;; Whether the field has been used or not +) + ;; What's the reward cycle number of the burnchain block height? ;; Will runtime-abort if height is less than the first burnchain block (this is intentional) (define-read-only (burn-height-to-reward-cycle (height uint)) @@ -603,7 +625,9 @@ (start-burn-ht uint) (lock-period uint) (signer-sig (optional (buff 65))) - (signer-key (buff 33))) + (signer-key (buff 33)) + (max-amount uint) + (auth-id uint)) ;; this stacker's first reward cycle is the _next_ reward cycle (let ((first-reward-cycle (+ u1 (current-pox-reward-cycle))) (specified-reward-cycle (+ u1 (burn-height-to-reward-cycle start-burn-ht)))) @@ -629,7 +653,7 @@ (err ERR_STACKING_INSUFFICIENT_FUNDS)) ;; Validate ownership of the given signer key - (try! (verify-signer-key-sig pox-addr (- first-reward-cycle u1) "stack-stx" lock-period signer-sig signer-key)) + (try! (consume-signer-key-authorization pox-addr (- first-reward-cycle u1) "stack-stx" lock-period signer-sig signer-key amount-ustx max-amount auth-id)) ;; ensure that stacking can be performed (try! (can-stack-stx pox-addr amount-ustx first-reward-cycle lock-period)) @@ -708,12 +732,14 @@ ;; Generate a message hash for validating a signer key. ;; The message hash follows SIP018 for signing structured data. The structured data -;; is the tuple `{ pox-addr: { version, hashbytes }, reward-cycle }`. The domain is -;; `{ name: "pox-4-signer", version: "1.0.0", chain-id: chain-id }`. +;; is the tuple `{ pox-addr: { version, hashbytes }, reward-cycle, auth-id, max-amount }`. +;; The domain is `{ name: "pox-4-signer", version: "1.0.0", chain-id: chain-id }`. (define-read-only (get-signer-key-message-hash (pox-addr { version: (buff 1), hashbytes: (buff 32) }) (reward-cycle uint) (topic (string-ascii 12)) - (period uint)) + (period uint) + (max-amount uint) + (auth-id uint)) (sha256 (concat SIP018_MSG_PREFIX (concat @@ -724,6 +750,8 @@ reward-cycle: reward-cycle, topic: topic, period: period, + auth-id: auth-id, + max-amount: max-amount, }))))))) ;; Verify a signature from the signing key for this specific stacker. @@ -747,21 +775,55 @@ (topic (string-ascii 12)) (period uint) (signer-sig-opt (optional (buff 65))) - (signer-key (buff 33))) - (match signer-sig-opt - ;; `signer-sig` is present, verify the signature - signer-sig (ok (asserts! - (is-eq - (unwrap! (secp256k1-recover? - (get-signer-key-message-hash pox-addr reward-cycle topic period) - signer-sig) (err ERR_INVALID_SIGNATURE_RECOVER)) - signer-key) - (err ERR_INVALID_SIGNATURE_PUBKEY))) - ;; `signer-sig` is not present, verify that an authorization was previously added for this key - (ok (asserts! (default-to false (map-get? signer-key-authorizations - { signer-key: signer-key, reward-cycle: reward-cycle, period: period, topic: topic, pox-addr: pox-addr })) - (err ERR_NOT_ALLOWED))) + (signer-key (buff 33)) + (amount uint) + (max-amount uint) + (auth-id uint)) + (begin + ;; Validate that amount is less than or equal to `max-amount` + (asserts! (>= max-amount amount) (err ERR_SIGNER_AUTH_AMOUNT_TOO_HIGH)) + (asserts! (is-none (map-get? used-signer-key-authorizations { signer-key: signer-key, reward-cycle: reward-cycle, topic: topic, period: period, pox-addr: pox-addr, auth-id: auth-id, max-amount: max-amount })) + (err ERR_SIGNER_AUTH_USED)) + (match signer-sig-opt + ;; `signer-sig` is present, verify the signature + signer-sig (ok (asserts! + (is-eq + (unwrap! (secp256k1-recover? + (get-signer-key-message-hash pox-addr reward-cycle topic period max-amount auth-id) + signer-sig) (err ERR_INVALID_SIGNATURE_RECOVER)) + signer-key) + (err ERR_INVALID_SIGNATURE_PUBKEY))) + ;; `signer-sig` is not present, verify that an authorization was previously added for this key + (ok (asserts! (default-to false (map-get? signer-key-authorizations + { signer-key: signer-key, reward-cycle: reward-cycle, period: period, topic: topic, pox-addr: pox-addr, auth-id: auth-id, max-amount: max-amount })) + (err ERR_NOT_ALLOWED))) )) + ) + +;; This function does two things: +;; +;; - Verify that a signer key is authorized to be used +;; - Updates the `used-signer-key-authorizations` map to prevent reuse +;; +;; This "wrapper" method around `verify-signer-key-sig` allows that function to remain +;; read-only, so that it can be used by clients as a sanity check before submitting a transaction. +(define-private (consume-signer-key-authorization (pox-addr { version: (buff 1), hashbytes: (buff 32) }) + (reward-cycle uint) + (topic (string-ascii 12)) + (period uint) + (signer-sig-opt (optional (buff 65))) + (signer-key (buff 33)) + (amount uint) + (max-amount uint) + (auth-id uint)) + (begin + ;; verify the authorization + (try! (verify-signer-key-sig pox-addr reward-cycle topic period signer-sig-opt signer-key amount max-amount auth-id)) + ;; update the `used-signer-key-authorizations` map + (asserts! (map-insert used-signer-key-authorizations + { signer-key: signer-key, reward-cycle: reward-cycle, topic: topic, period: period, pox-addr: pox-addr, auth-id: auth-id, max-amount: max-amount } true) + (err ERR_SIGNER_AUTH_USED)) + (ok true))) ;; Commit partially stacked STX and allocate a new PoX reward address slot. ;; This allows a stacker/delegate to lock fewer STX than the minimal threshold in multiple transactions, @@ -778,7 +840,9 @@ (define-private (inner-stack-aggregation-commit (pox-addr { version: (buff 1), hashbytes: (buff 32) }) (reward-cycle uint) (signer-sig (optional (buff 65))) - (signer-key (buff 33))) + (signer-key (buff 33)) + (max-amount uint) + (auth-id uint)) (let ((partial-stacked ;; fetch the partial commitments (unwrap! (map-get? partial-stacked-by-cycle { pox-addr: pox-addr, sender: tx-sender, reward-cycle: reward-cycle }) @@ -786,8 +850,8 @@ ;; must be called directly by the tx-sender or by an allowed contract-caller (asserts! (check-caller-allowed) (err ERR_STACKING_PERMISSION_DENIED)) - (try! (verify-signer-key-sig pox-addr reward-cycle "agg-commit" u1 signer-sig signer-key)) (let ((amount-ustx (get stacked-amount partial-stacked))) + (try! (consume-signer-key-authorization pox-addr reward-cycle "agg-commit" u1 signer-sig signer-key amount-ustx max-amount auth-id)) (try! (can-stack-stx pox-addr amount-ustx reward-cycle u1)) ;; Add the pox addr to the reward cycle, and extract the index of the PoX address ;; so the delegator can later use it to call stack-aggregation-increase. @@ -821,8 +885,10 @@ (define-public (stack-aggregation-commit (pox-addr { version: (buff 1), hashbytes: (buff 32) }) (reward-cycle uint) (signer-sig (optional (buff 65))) - (signer-key (buff 33))) - (match (inner-stack-aggregation-commit pox-addr reward-cycle signer-sig signer-key) + (signer-key (buff 33)) + (max-amount uint) + (auth-id uint)) + (match (inner-stack-aggregation-commit pox-addr reward-cycle signer-sig signer-key max-amount auth-id) pox-addr-index (ok true) commit-err (err commit-err))) @@ -831,8 +897,10 @@ (define-public (stack-aggregation-commit-indexed (pox-addr { version: (buff 1), hashbytes: (buff 32) }) (reward-cycle uint) (signer-sig (optional (buff 65))) - (signer-key (buff 33))) - (inner-stack-aggregation-commit pox-addr reward-cycle signer-sig signer-key)) + (signer-key (buff 33)) + (max-amount uint) + (auth-id uint)) + (inner-stack-aggregation-commit pox-addr reward-cycle signer-sig signer-key max-amount auth-id)) ;; Commit partially stacked STX to a PoX address which has already received some STX (more than the Stacking min). ;; This allows a delegator to lock up marginally more STX from new delegates, even if they collectively do not @@ -1080,7 +1148,9 @@ (define-public (stack-extend (extend-count uint) (pox-addr { version: (buff 1), hashbytes: (buff 32) }) (signer-sig (optional (buff 65))) - (signer-key (buff 33))) + (signer-key (buff 33)) + (max-amount uint) + (auth-id uint)) (let ((stacker-info (stx-account tx-sender)) ;; to extend, there must already be an etry in the stacking-state (stacker-state (unwrap! (get-stacker-info tx-sender) (err ERR_STACK_EXTEND_NOT_LOCKED))) @@ -1106,7 +1176,7 @@ (err ERR_STACKING_IS_DELEGATED)) ;; Verify signature from delegate that allows this sender for this cycle - (try! (verify-signer-key-sig pox-addr cur-cycle "stack-extend" extend-count signer-sig signer-key)) + (try! (consume-signer-key-authorization pox-addr cur-cycle "stack-extend" extend-count signer-sig signer-key u0 max-amount auth-id)) ;; TODO: add more assertions to sanity check the `stacker-info` values with ;; the `stacker-state` values @@ -1362,13 +1432,15 @@ (reward-cycle uint) (topic (string-ascii 12)) (signer-key (buff 33)) - (allowed bool)) + (allowed bool) + (max-amount uint) + (auth-id uint)) (begin ;; Validate that `tx-sender` has the same pubkey hash as `signer-key` (asserts! (is-eq (unwrap! (principal-construct? (if is-in-mainnet STACKS_ADDR_VERSION_MAINNET STACKS_ADDR_VERSION_TESTNET) (hash160 signer-key)) (err ERR_INVALID_SIGNER_KEY)) tx-sender) (err ERR_NOT_ALLOWED)) - (map-set signer-key-authorizations { pox-addr: pox-addr, period: period, reward-cycle: reward-cycle, topic: topic, signer-key: signer-key } allowed) + (map-set signer-key-authorizations { pox-addr: pox-addr, period: period, reward-cycle: reward-cycle, topic: topic, signer-key: signer-key, auth-id: auth-id, max-amount: max-amount } allowed) (ok allowed))) ;; Get the _current_ PoX stacking delegation information for a stacker. If the information diff --git a/stackslib/src/chainstate/stacks/boot/pox_4_tests.rs b/stackslib/src/chainstate/stacks/boot/pox_4_tests.rs index ebb8c5f07..a914646b5 100644 --- a/stackslib/src/chainstate/stacks/boot/pox_4_tests.rs +++ b/stackslib/src/chainstate/stacks/boot/pox_4_tests.rs @@ -491,6 +491,7 @@ fn pox_extend_transition() { AddressHashMode::SerializeP2PKH, key_to_stacks_addr(&alice).bytes, ); + let auth_id = 1; let alice_signature = make_signer_key_signature( &alice_pox_addr, @@ -498,6 +499,8 @@ fn pox_extend_transition() { reward_cycle, &Pox4SignatureTopic::StackStx, 4_u128, + u128::MAX, + auth_id, ); let alice_lockup = make_pox_4_lockup( &alice, @@ -511,6 +514,8 @@ fn pox_extend_transition() { &alice_signer_key, tip.block_height, Some(alice_signature), + u128::MAX, + auth_id, ); let alice_pox_4_lock_nonce = 2; let alice_first_pox_4_unlock_height = @@ -569,6 +574,8 @@ fn pox_extend_transition() { reward_cycle, &Pox4SignatureTopic::StackStx, 3_u128, + u128::MAX, + 2, ); let tip = get_tip(peer.sortdb.as_ref()); @@ -581,6 +588,8 @@ fn pox_extend_transition() { &StacksPublicKey::from_private(&bob_signer_private), tip.block_height, Some(bob_signature), + u128::MAX, + 2, ); // new signing key needed @@ -593,6 +602,8 @@ fn pox_extend_transition() { reward_cycle, &Pox4SignatureTopic::StackExtend, 6_u128, + u128::MAX, + 3, ); // Alice can stack-extend in PoX v2 @@ -603,6 +614,8 @@ fn pox_extend_transition() { 6, alice_signer_key, Some(alice_signature), + u128::MAX, + 3, ); let alice_pox_4_extend_nonce = 3; @@ -864,6 +877,8 @@ fn pox_lock_unlock() { reward_cycle, &Pox4SignatureTopic::StackStx, lock_period.into(), + u128::MAX, + 1, ); txs.push(make_pox_4_lockup( key, @@ -874,6 +889,8 @@ fn pox_lock_unlock() { &StacksPublicKey::from_private(&signer_key), tip_height, Some(signature), + u128::MAX, + 1, )); pox_addr }) @@ -1455,6 +1472,9 @@ fn verify_signer_key_sig( reward_cycle: u128, period: u128, topic: &Pox4SignatureTopic, + amount: u128, + max_amount: u128, + auth_id: u128, ) -> Value { let result: Value = with_sortdb(peer, |ref mut chainstate, ref mut sortdb| { chainstate @@ -1469,13 +1489,16 @@ fn verify_signer_key_sig( LimitedCostTracker::new_free(), |env| { let program = format!( - "(verify-signer-key-sig {} u{} \"{}\" u{} (some 0x{}) 0x{})", + "(verify-signer-key-sig {} u{} \"{}\" u{} (some 0x{}) 0x{} u{} u{} u{})", Value::Tuple(pox_addr.clone().as_clarity_tuple().unwrap()), reward_cycle, topic.get_name_str(), period, to_hex(&signature), signing_key.to_hex(), + amount, + max_amount, + auth_id ); env.eval_read_only(&boot_code_id("pox-4", false), &program) }, @@ -1543,8 +1566,15 @@ fn verify_signer_key_signatures() { // Test 1: invalid reward cycle used in signature let last_reward_cycle = reward_cycle - 1; - let signature = - make_signer_key_signature(&bob_pox_addr, &bob, last_reward_cycle, &topic, period); + let signature = make_signer_key_signature( + &bob_pox_addr, + &bob, + last_reward_cycle, + &topic, + period, + u128::MAX, + 1, + ); let result = verify_signer_key_sig( &signature, @@ -1555,12 +1585,23 @@ fn verify_signer_key_signatures() { reward_cycle, period, &topic, + 1, + u128::MAX, + 1, ); assert_eq!(result, expected_error); // Test 2: Invalid pox-addr used in signature - let signature = make_signer_key_signature(&alice_pox_addr, &bob, reward_cycle, &topic, period); + let signature = make_signer_key_signature( + &alice_pox_addr, + &bob, + reward_cycle, + &topic, + period, + u128::MAX, + 1, + ); let result = verify_signer_key_sig( &signature, @@ -1571,13 +1612,24 @@ fn verify_signer_key_signatures() { reward_cycle, period, &topic, + 1, + u128::MAX, + 1, ); assert_eq!(result, expected_error); // Test 3: Invalid signer key used in signature - let signature = make_signer_key_signature(&bob_pox_addr, &alice, reward_cycle, &topic, period); + let signature = make_signer_key_signature( + &bob_pox_addr, + &alice, + reward_cycle, + &topic, + period, + u128::MAX, + 1, + ); let result = verify_signer_key_sig( &signature, @@ -1588,6 +1640,9 @@ fn verify_signer_key_signatures() { reward_cycle, period, &topic, + 1, + u128::MAX, + 1, ); assert_eq!(result, expected_error); @@ -1599,6 +1654,8 @@ fn verify_signer_key_signatures() { reward_cycle, &Pox4SignatureTopic::StackStx, period, + u128::MAX, + 1, ); let result = verify_signer_key_sig( &signature, @@ -1609,12 +1666,23 @@ fn verify_signer_key_signatures() { reward_cycle, period, &Pox4SignatureTopic::StackExtend, // different + 1, + u128::MAX, + 1, ); assert_eq!(result, expected_error); // Test 5: invalid period - let signature = make_signer_key_signature(&bob_pox_addr, &bob, reward_cycle, &topic, period); + let signature = make_signer_key_signature( + &bob_pox_addr, + &bob, + reward_cycle, + &topic, + period, + u128::MAX, + 1, + ); let result = verify_signer_key_sig( &signature, &bob_public_key, @@ -1624,13 +1692,28 @@ fn verify_signer_key_signatures() { reward_cycle, period + 1, // different &topic, + 1, + u128::MAX, + 1, ); assert_eq!(result, expected_error); + // TODO: using incorrect auth-id + // TODO: using incorrect max-amount + // TODO: using amount > max-amount + // Test 6: using a valid signature - let signature = make_signer_key_signature(&bob_pox_addr, &bob, reward_cycle, &topic, period); + let signature = make_signer_key_signature( + &bob_pox_addr, + &bob, + reward_cycle, + &topic, + period, + u128::MAX, + 1, + ); let result = verify_signer_key_sig( &signature, @@ -1641,6 +1724,9 @@ fn verify_signer_key_signatures() { reward_cycle, period, &topic, + 1, + u128::MAX, + 1, ); assert_eq!(result, Value::okay_true()); @@ -1681,6 +1767,8 @@ fn stack_stx_verify_signer_sig() { reward_cycle - 1, &topic, lock_period, + u128::MAX, + 1, ); let invalid_cycle_nonce = stacker_nonce; let invalid_cycle_stack = make_pox_4_lockup( @@ -1692,6 +1780,8 @@ fn stack_stx_verify_signer_sig() { &signer_public_key, block_height, Some(signature), + u128::MAX, + 1, ); // test 2: invalid pox addr @@ -1702,6 +1792,8 @@ fn stack_stx_verify_signer_sig() { reward_cycle, &topic, lock_period, + u128::MAX, + 1, ); let invalid_stacker_nonce = stacker_nonce; let invalid_stacker_tx = make_pox_4_lockup( @@ -1713,6 +1805,8 @@ fn stack_stx_verify_signer_sig() { &signer_public_key, block_height, Some(signature), + u128::MAX, + 1, ); // Test 3: invalid key used to sign @@ -1723,6 +1817,8 @@ fn stack_stx_verify_signer_sig() { reward_cycle, &topic, lock_period, + u128::MAX, + 1, ); let invalid_key_nonce = stacker_nonce; let invalid_key_tx = make_pox_4_lockup( @@ -1734,6 +1830,8 @@ fn stack_stx_verify_signer_sig() { &signer_public_key, block_height, Some(signature), + u128::MAX, + 1, ); // Test 4: invalid topic @@ -1744,6 +1842,8 @@ fn stack_stx_verify_signer_sig() { reward_cycle, &Pox4SignatureTopic::StackExtend, // wrong topic lock_period, + u128::MAX, + 1, ); let invalid_topic_nonce = stacker_nonce; let invalid_topic_tx = make_pox_4_lockup( @@ -1755,6 +1855,8 @@ fn stack_stx_verify_signer_sig() { &signer_public_key, block_height, Some(signature), + u128::MAX, + 1, ); // Test 5: invalid period @@ -1765,6 +1867,8 @@ fn stack_stx_verify_signer_sig() { reward_cycle, &topic, lock_period + 1, // wrong period + u128::MAX, + 1, ); let invalid_period_nonce = stacker_nonce; let invalid_period_tx = make_pox_4_lockup( @@ -1776,12 +1880,25 @@ fn stack_stx_verify_signer_sig() { &signer_public_key, block_height, Some(signature), + u128::MAX, + 1, ); + // TODO: invalid auth-id + // TODO: invalid amount + // TODO: invalid max-amount + // Test 6: valid signature stacker_nonce += 1; - let signature = - make_signer_key_signature(&pox_addr, &signer_key, reward_cycle, &topic, lock_period); + let signature = make_signer_key_signature( + &pox_addr, + &signer_key, + reward_cycle, + &topic, + lock_period, + u128::MAX, + 1, + ); let valid_nonce = stacker_nonce; let valid_tx = make_pox_4_lockup( &stacker_key, @@ -1792,6 +1909,8 @@ fn stack_stx_verify_signer_sig() { &signer_public_key, block_height, Some(signature), + u128::MAX, + 1, ); let txs = vec![ @@ -1850,6 +1969,8 @@ fn stack_extend_verify_sig() { reward_cycle, &Pox4SignatureTopic::StackStx, lock_period, + u128::MAX, + 1, ); let stack_nonce = stacker_nonce; let stack_tx = make_pox_4_lockup( @@ -1861,6 +1982,8 @@ fn stack_extend_verify_sig() { &signer_public_key, block_height, Some(signature), + u128::MAX, + 1, ); // We need a new signer-key for the extend tx @@ -1874,6 +1997,8 @@ fn stack_extend_verify_sig() { reward_cycle - 1, &topic, lock_period, + u128::MAX, + 1, ); stacker_nonce += 1; let invalid_cycle_nonce = stacker_nonce; @@ -1884,6 +2009,8 @@ fn stack_extend_verify_sig() { lock_period, signer_public_key.clone(), Some(signature), + u128::MAX, + 1, ); // Test 2: invalid pox-addr @@ -1895,6 +2022,8 @@ fn stack_extend_verify_sig() { reward_cycle, &topic, lock_period, + u128::MAX, + 1, ); let invalid_stacker_nonce = stacker_nonce; let invalid_stacker_tx = make_pox_4_extend( @@ -1904,13 +2033,22 @@ fn stack_extend_verify_sig() { lock_period, signer_public_key.clone(), Some(signature), + u128::MAX, + 1, ); // Test 3: invalid key used to sign stacker_nonce += 1; let other_key = Secp256k1PrivateKey::new(); - let signature = - make_signer_key_signature(&pox_addr, &other_key, reward_cycle, &topic, lock_period); + let signature = make_signer_key_signature( + &pox_addr, + &other_key, + reward_cycle, + &topic, + lock_period, + u128::MAX, + 1, + ); let invalid_key_nonce = stacker_nonce; let invalid_key_tx = make_pox_4_extend( &stacker_key, @@ -1919,12 +2057,23 @@ fn stack_extend_verify_sig() { lock_period, signer_public_key.clone(), Some(signature), + u128::MAX, + 1, ); + // TODO: invalid auth-id, amount, max-amount + // Test 4: valid stack-extend stacker_nonce += 1; - let signature = - make_signer_key_signature(&pox_addr, &signer_key, reward_cycle, &topic, lock_period); + let signature = make_signer_key_signature( + &pox_addr, + &signer_key, + reward_cycle, + &topic, + lock_period, + u128::MAX, + 1, + ); let valid_nonce = stacker_nonce; let valid_tx = make_pox_4_extend( &stacker_key, @@ -1933,6 +2082,8 @@ fn stack_extend_verify_sig() { lock_period, signer_public_key.clone(), Some(signature), + u128::MAX, + 1, ); peer.tenure_with_txs( @@ -2026,6 +2177,8 @@ fn stack_agg_commit_verify_sig() { reward_cycle, // wrong cycle &topic, 1_u128, + u128::MAX, + 1, ); let invalid_cycle_nonce = delegate_nonce; let invalid_cycle_tx = make_pox_4_aggregation_commit_indexed( @@ -2035,6 +2188,8 @@ fn stack_agg_commit_verify_sig() { next_reward_cycle, Some(signature), &signer_pk, + u128::MAX, + 1, ); // Test 2: invalid pox addr @@ -2046,6 +2201,8 @@ fn stack_agg_commit_verify_sig() { next_reward_cycle, &topic, 1_u128, + u128::MAX, + 1, ); let invalid_pox_addr_nonce = delegate_nonce; let invalid_stacker_tx = make_pox_4_aggregation_commit_indexed( @@ -2055,12 +2212,21 @@ fn stack_agg_commit_verify_sig() { next_reward_cycle, Some(signature), &signer_pk, + u128::MAX, + 1, ); // Test 3: invalid signature delegate_nonce += 1; - let signature = - make_signer_key_signature(&pox_addr, &delegate_key, next_reward_cycle, &topic, 1_u128); + let signature = make_signer_key_signature( + &pox_addr, + &delegate_key, + next_reward_cycle, + &topic, + 1_u128, + u128::MAX, + 1, + ); let invalid_key_nonce = delegate_nonce; let invalid_key_tx = make_pox_4_aggregation_commit_indexed( &delegate_key, @@ -2069,6 +2235,8 @@ fn stack_agg_commit_verify_sig() { next_reward_cycle, Some(signature), &signer_pk, + u128::MAX, + 1, ); // Test 4: invalid period in signature @@ -2079,6 +2247,8 @@ fn stack_agg_commit_verify_sig() { next_reward_cycle, &topic, 2_u128, // wrong period + u128::MAX, + 1, ); let invalid_period_nonce = delegate_nonce; let invalid_period_tx = make_pox_4_aggregation_commit_indexed( @@ -2088,6 +2258,8 @@ fn stack_agg_commit_verify_sig() { next_reward_cycle, Some(signature), &signer_pk, + u128::MAX, + 1, ); // Test 5: invalid topic in signature @@ -2098,6 +2270,8 @@ fn stack_agg_commit_verify_sig() { next_reward_cycle, &Pox4SignatureTopic::StackStx, // wrong topic 1_u128, + u128::MAX, + 1, ); let invalid_topic_nonce = delegate_nonce; let invalid_topic_tx = make_pox_4_aggregation_commit_indexed( @@ -2107,12 +2281,25 @@ fn stack_agg_commit_verify_sig() { next_reward_cycle, Some(signature), &signer_pk, + u128::MAX, + 1, ); + // TODO: using incorrect auth-id + // TODO: using incorrect max-amount + // TODO: using amount > max-amount + // Test 6: valid signature delegate_nonce += 1; - let signature = - make_signer_key_signature(&pox_addr, &signer_sk, next_reward_cycle, &topic, 1_u128); + let signature = make_signer_key_signature( + &pox_addr, + &signer_sk, + next_reward_cycle, + &topic, + 1_u128, + u128::MAX, + 1, + ); let valid_nonce = delegate_nonce; let valid_tx = make_pox_4_aggregation_commit_indexed( &delegate_key, @@ -2121,6 +2308,8 @@ fn stack_agg_commit_verify_sig() { next_reward_cycle, Some(signature), &signer_pk, + u128::MAX, + 1, ); peer.tenure_with_txs( @@ -2256,6 +2445,8 @@ fn stack_stx_signer_key() { reward_cycle, &Pox4SignatureTopic::StackStx, 2_u128, + u128::MAX, + 1, ); let txs = vec![make_pox_4_contract_call( @@ -2269,6 +2460,8 @@ fn stack_stx_signer_key() { Value::UInt(2), Value::some(Value::buff_from(signature.clone()).unwrap()).unwrap(), signer_key_val.clone(), + Value::UInt(u128::MAX), + Value::UInt(1), ], )]; @@ -2346,6 +2539,8 @@ fn stack_stx_signer_auth() { &signer_public_key, block_height, None, + u128::MAX, + 1, ); let enable_auth_nonce = signer_nonce; @@ -2358,6 +2553,8 @@ fn stack_stx_signer_auth() { true, signer_nonce, None, + u128::MAX, + 1, ); // Ensure that stack-stx succeeds with auth @@ -2372,6 +2569,8 @@ fn stack_stx_signer_auth() { &signer_public_key, block_height, None, + u128::MAX, + 1, ); let txs = vec![failed_stack_tx, enable_auth_tx, valid_stack_tx]; @@ -2478,6 +2677,8 @@ fn stack_agg_commit_signer_auth() { next_reward_cycle, None, &signer_pk, + u128::MAX, + 1, ); // Signer enables auth @@ -2491,6 +2692,8 @@ fn stack_agg_commit_signer_auth() { true, enable_auth_nonce, None, + u128::MAX, + 1, ); // Stack agg works with auth @@ -2503,6 +2706,8 @@ fn stack_agg_commit_signer_auth() { next_reward_cycle, None, &signer_pk, + u128::MAX, + 1, ); let txs = vec![ @@ -2557,6 +2762,8 @@ fn stack_extend_signer_auth() { reward_cycle, &Pox4SignatureTopic::StackStx, lock_period, + u128::MAX, + 1, ); let stack_nonce = stacker_nonce; let stack_tx = make_pox_4_lockup( @@ -2568,6 +2775,8 @@ fn stack_extend_signer_auth() { &signer_public_key, block_height, Some(signature), + u128::MAX, + 1, ); // Stack-extend should fail without auth @@ -2580,6 +2789,8 @@ fn stack_extend_signer_auth() { lock_period, signer_public_key.clone(), None, + u128::MAX, + 1, ); // Enable authorization @@ -2593,6 +2804,8 @@ fn stack_extend_signer_auth() { true, enable_auth_nonce, None, + u128::MAX, + 1, ); // Stack-extend should work with auth @@ -2605,6 +2818,8 @@ fn stack_extend_signer_auth() { lock_period, signer_public_key.clone(), None, + u128::MAX, + 1, ); let txs = vec![stack_tx, invalid_cycle_tx, enable_auth_tx, valid_tx]; @@ -2655,6 +2870,8 @@ fn test_set_signer_key_auth() { true, invalid_enable_nonce, Some(&alice_key), + u128::MAX, + 1, ); // Disable auth for `signer-key` @@ -2668,6 +2885,8 @@ fn test_set_signer_key_auth() { false, disable_auth_nonce, None, + u128::MAX, + 1, ); let latest_block = @@ -2690,6 +2909,8 @@ fn test_set_signer_key_auth() { &Pox4SignatureTopic::StackStx, lock_period.try_into().unwrap(), &signer_public_key, + u128::MAX, + 1, ); assert_eq!(signer_key_enabled.unwrap(), false); @@ -2706,6 +2927,8 @@ fn test_set_signer_key_auth() { true, enable_auth_nonce, None, + u128::MAX, + 1, ); let latest_block = peer.tenure_with_txs(&[enable_auth_tx], &mut coinbase_nonce); @@ -2718,6 +2941,8 @@ fn test_set_signer_key_auth() { &Pox4SignatureTopic::StackStx, lock_period.try_into().unwrap(), &signer_public_key, + u128::MAX, + 1, ); assert_eq!(signer_key_enabled.unwrap(), true); @@ -2734,6 +2959,8 @@ fn test_set_signer_key_auth() { false, disable_auth_nonce, None, + u128::MAX, + 1, ); let latest_block = peer.tenure_with_txs(&[disable_auth_tx], &mut coinbase_nonce); @@ -2746,6 +2973,8 @@ fn test_set_signer_key_auth() { &Pox4SignatureTopic::StackStx, lock_period.try_into().unwrap(), &signer_public_key, + u128::MAX, + 1, ); assert_eq!(signer_key_enabled.unwrap(), false); @@ -2786,6 +3015,8 @@ fn stack_extend_signer_key() { reward_cycle, &Pox4SignatureTopic::StackStx, lock_period, + u128::MAX, + 1, ); let txs = vec![make_pox_4_lockup( @@ -2797,6 +3028,8 @@ fn stack_extend_signer_key() { &signer_key, block_height, Some(signature), + u128::MAX, + 1, )]; stacker_nonce += 1; @@ -2809,21 +3042,19 @@ fn stack_extend_signer_key() { reward_cycle, &Pox4SignatureTopic::StackExtend, 1_u128, + u128::MAX, + 1, ); - // (define-public (stack-extend (extend-count uint) - // (pox-addr { version: (buff 1), hashbytes: (buff 32) }) - // (signer-key (buff 33))) - let update_txs = vec![make_pox_4_contract_call( - stacker_key, + let update_txs = vec![make_pox_4_extend( + &stacker_key, stacker_nonce, - "stack-extend", - vec![ - Value::UInt(1), - pox_addr_val.clone(), - Value::some(Value::buff_from(signature.clone()).unwrap()).unwrap(), - signer_extend_key_val.clone(), - ], + pox_addr.clone(), + 1, + signer_extend_key.clone(), + Some(signature), + u128::MAX, + 1, )]; latest_block = peer.tenure_with_txs(&update_txs, &mut coinbase_nonce); @@ -2894,6 +3125,8 @@ fn delegate_stack_stx_signer_key() { next_reward_cycle.into(), &Pox4SignatureTopic::AggregationCommit, 1_u128, + u128::MAX, + 1, ); let txs = vec![ @@ -2931,6 +3164,8 @@ fn delegate_stack_stx_signer_key() { Value::UInt(next_reward_cycle.into()), Value::some(Value::buff_from(signature).unwrap()).unwrap(), signer_key_val.clone(), + Value::UInt(u128::MAX), + Value::UInt(1), ], ), ]; @@ -3081,6 +3316,8 @@ fn delegate_stack_stx_extend_signer_key() { next_reward_cycle.into(), &Pox4SignatureTopic::AggregationCommit, 1_u128, + u128::MAX, + 1, ); let delegate_stack_extend = make_pox_4_delegate_stack_extend( @@ -3100,6 +3337,8 @@ fn delegate_stack_stx_extend_signer_key() { Value::UInt(next_reward_cycle.into()), Value::some(Value::buff_from(signature).unwrap()).unwrap(), signer_key_val.clone(), + Value::UInt(u128::MAX), + Value::UInt(1), ], ); @@ -3109,6 +3348,8 @@ fn delegate_stack_stx_extend_signer_key() { extend_cycle.into(), &Pox4SignatureTopic::AggregationCommit, 1_u128, + u128::MAX, + 2, ); let agg_tx_1 = make_pox_4_contract_call( @@ -3120,6 +3361,8 @@ fn delegate_stack_stx_extend_signer_key() { Value::UInt(extend_cycle.into()), Value::some(Value::buff_from(extend_signature).unwrap()).unwrap(), signer_extend_key_val.clone(), + Value::UInt(u128::MAX), + Value::UInt(2), ], ); @@ -3185,6 +3428,8 @@ fn stack_increase() { reward_cycle, &Pox4SignatureTopic::StackStx, lock_period, + u128::MAX, + 1, ); let stack_stx = make_pox_4_lockup( @@ -3196,6 +3441,8 @@ fn stack_increase() { &signing_pk, block_height as u64, Some(signature), + u128::MAX, + 1, ); // Initial tx arr includes a stack_stx pox_4 helper found in mod.rs @@ -3324,6 +3571,8 @@ fn delegate_stack_increase() { next_reward_cycle.into(), &Pox4SignatureTopic::AggregationCommit, 1_u128, + u128::MAX, + 1, ); let agg_tx = make_pox_4_contract_call( @@ -3335,6 +3584,8 @@ fn delegate_stack_increase() { Value::UInt(next_reward_cycle.into()), (Value::some(Value::buff_from(signature).unwrap()).unwrap()), signer_key_val.clone(), + Value::UInt(u128::MAX), + Value::UInt(1), ], ); @@ -3404,6 +3655,8 @@ pub fn get_signer_key_authorization_pox_4( topic: &Pox4SignatureTopic, period: u128, signer_key: &StacksPublicKey, + max_amount: u128, + auth_id: u128, ) -> Option { with_clarity_db_ro(peer, tip, |db| { let lookup_tuple = TupleData::from_data(vec![ @@ -3421,6 +3674,8 @@ pub fn get_signer_key_authorization_pox_4( "signer-key".into(), Value::buff_from(signer_key.to_bytes_compressed()).unwrap(), ), + ("max-amount".into(), Value::UInt(max_amount)), + ("auth-id".into(), Value::UInt(auth_id)), ]) .unwrap() .into(); diff --git a/stackslib/src/net/tests/mod.rs b/stackslib/src/net/tests/mod.rs index acff183d9..11d473c1e 100644 --- a/stackslib/src/net/tests/mod.rs +++ b/stackslib/src/net/tests/mod.rs @@ -394,6 +394,8 @@ impl NakamotoBootPlan { reward_cycle.into(), &crate::util_lib::signed_structured_data::pox4::Pox4SignatureTopic::StackStx, 12_u128, + u128::MAX, + 1, ); make_pox_4_lockup( &test_stacker.stacker_private_key, @@ -404,6 +406,8 @@ impl NakamotoBootPlan { &StacksPublicKey::from_private(&test_stacker.signer_private_key), 34, Some(signature), + u128::MAX, + 1, ) }) .collect(); diff --git a/stackslib/src/util_lib/signed_structured_data.rs b/stackslib/src/util_lib/signed_structured_data.rs index 019443842..b2cbbb467 100644 --- a/stackslib/src/util_lib/signed_structured_data.rs +++ b/stackslib/src/util_lib/signed_structured_data.rs @@ -96,6 +96,8 @@ pub mod pox4 { topic: &Pox4SignatureTopic, chain_id: u32, period: u128, + max_amount: u128, + auth_id: u128, ) -> Sha256Sum { let domain_tuple = make_pox_4_signed_data_domain(chain_id); let data_tuple = Value::Tuple( @@ -110,6 +112,8 @@ pub mod pox4 { "topic".into(), Value::string_ascii_from_bytes(topic.get_name_str().into()).unwrap(), ), + ("auth-id".into(), Value::UInt(auth_id)), + ("max-amount".into(), Value::UInt(max_amount)), ]) .unwrap(), ); @@ -134,9 +138,18 @@ pub mod pox4 { topic: &Pox4SignatureTopic, chain_id: u32, period: u128, + max_amount: u128, + auth_id: u128, ) -> Result { - let msg_hash = - make_pox_4_signer_key_message_hash(pox_addr, reward_cycle, topic, chain_id, period); + let msg_hash = make_pox_4_signer_key_message_hash( + pox_addr, + reward_cycle, + topic, + chain_id, + period, + max_amount, + auth_id, + ); signer_key.sign(msg_hash.as_bytes()) } @@ -166,6 +179,8 @@ pub mod pox4 { topic: &Pox4SignatureTopic, lock_period: u128, sender: &PrincipalData, + max_amount: u128, + auth_id: u128, ) -> Vec { let pox_contract_id = boot_code_id(POX_4_NAME, false); sim.execute_next_block_as_conn(|conn| { @@ -178,11 +193,13 @@ pub mod pox4 { LimitedCostTracker::new_free(), |env| { let program = format!( - "(get-signer-key-message-hash {} u{} \"{}\" u{})", + "(get-signer-key-message-hash {} u{} \"{}\" u{} u{} u{})", Value::Tuple(pox_addr.clone().as_clarity_tuple().unwrap()), //p reward_cycle, topic.get_name_str(), - lock_period + lock_period, + max_amount, + auth_id, ); env.eval_read_only(&pox_contract_id, &program) }, @@ -242,6 +259,8 @@ pub mod pox4 { let reward_cycle: u128 = 1; let topic = Pox4SignatureTopic::StackStx; let lock_period = 12; + let auth_id = 111; + let max_amount = u128::MAX; let expected_hash_vec = make_pox_4_signer_key_message_hash( &pox_addr, @@ -249,6 +268,8 @@ pub mod pox4 { &Pox4SignatureTopic::StackStx, CHAIN_ID_TESTNET, lock_period, + max_amount, + auth_id, ); let expected_hash = expected_hash_vec.as_bytes(); @@ -261,6 +282,8 @@ pub mod pox4 { &topic, lock_period, &principal, + max_amount, + auth_id, ); assert_eq!(expected_hash.clone(), result.as_slice()); @@ -276,6 +299,8 @@ pub mod pox4 { &topic, lock_period, &principal, + max_amount, + auth_id, ); assert_ne!(expected_hash.clone(), result.as_slice()); @@ -287,6 +312,8 @@ pub mod pox4 { &topic, lock_period, &principal, + max_amount, + auth_id, ); assert_ne!(expected_hash.clone(), result.as_slice()); @@ -298,6 +325,8 @@ pub mod pox4 { &Pox4SignatureTopic::AggregationCommit, lock_period, &principal, + max_amount, + auth_id, ); assert_ne!(expected_hash.clone(), result.as_slice()); @@ -309,6 +338,34 @@ pub mod pox4 { &topic, 0, &principal, + max_amount, + auth_id, + ); + assert_ne!(expected_hash.clone(), result.as_slice()); + + // Test 5: invalid max amount + let result = call_get_signer_message_hash( + &mut sim, + &pox_addr, + reward_cycle, + &topic, + lock_period, + &principal, + 1010101, + auth_id, + ); + assert_ne!(expected_hash.clone(), result.as_slice()); + + // Test 6: invalid auth id + let result = call_get_signer_message_hash( + &mut sim, + &pox_addr, + reward_cycle, + &topic, + lock_period, + &principal, + max_amount, + 10101, ); assert_ne!(expected_hash.clone(), result.as_slice()); } @@ -316,12 +373,14 @@ pub mod pox4 { #[test] /// Fixture message hash to test against in other libraries fn test_sig_hash_fixture() { - let fixture = "3dd864afd98609df3911a7ab6f0338ace129e56ad394d85866d298a7eda3ad98"; + let fixture = "ec5b88aa81a96a6983c26cdba537a13d253425348ffc0ba6b07130869b025a2d"; let pox_addr = PoxAddress::standard_burn_address(false); let pubkey_hex = "0206952cd8813a64f7b97144c984015490a8f9c5778e8f928fbc8aa6cbf02f48e6"; let pubkey = Secp256k1PublicKey::from_hex(pubkey_hex).unwrap(); let reward_cycle: u128 = 1; let lock_period = 12; + let auth_id = 111; + let max_amount = u128::MAX; let message_hash = make_pox_4_signer_key_message_hash( &pox_addr, @@ -329,6 +388,8 @@ pub mod pox4 { &Pox4SignatureTopic::StackStx, CHAIN_ID_TESTNET, lock_period, + max_amount, + auth_id, ); assert_eq!(to_hex(message_hash.as_bytes()), fixture); diff --git a/testnet/stacks-node/src/mockamoto.rs b/testnet/stacks-node/src/mockamoto.rs index 2629f4f9b..6a98d7358 100644 --- a/testnet/stacks-node/src/mockamoto.rs +++ b/testnet/stacks-node/src/mockamoto.rs @@ -863,6 +863,8 @@ impl MockamotoNode { &Pox4SignatureTopic::StackStx, CHAIN_ID_TESTNET, 12_u128, + u128::MAX, + 1, ) .unwrap() .to_rsv(); @@ -877,6 +879,8 @@ impl MockamotoNode { ClarityValue::UInt(12), ClarityValue::some(ClarityValue::buff_from(signature).unwrap()).unwrap(), ClarityValue::buff_from(signer_key).unwrap(), + ClarityValue::UInt(u128::MAX), + ClarityValue::UInt(1), ], }) } else { @@ -887,6 +891,8 @@ impl MockamotoNode { &Pox4SignatureTopic::StackExtend, CHAIN_ID_TESTNET, 5_u128, + u128::MAX, + 1, ) .unwrap() .to_rsv(); @@ -901,6 +907,8 @@ impl MockamotoNode { pox_address.as_clarity_tuple().unwrap().into(), ClarityValue::some(ClarityValue::buff_from(signature).unwrap()).unwrap(), ClarityValue::buff_from(signer_key).unwrap(), + ClarityValue::UInt(u128::MAX), + ClarityValue::UInt(1), ], }) }; diff --git a/testnet/stacks-node/src/tests/nakamoto_integrations.rs b/testnet/stacks-node/src/tests/nakamoto_integrations.rs index e97aefd42..7bec90231 100644 --- a/testnet/stacks-node/src/tests/nakamoto_integrations.rs +++ b/testnet/stacks-node/src/tests/nakamoto_integrations.rs @@ -397,6 +397,8 @@ pub fn boot_to_epoch_3( &Pox4SignatureTopic::StackStx, CHAIN_ID_TESTNET, 12_u128, + u128::MAX, + 1, ) .unwrap() .to_rsv(); @@ -418,6 +420,8 @@ pub fn boot_to_epoch_3( clarity::vm::Value::some(clarity::vm::Value::buff_from(signature).unwrap()) .unwrap(), clarity::vm::Value::buff_from(signer_pk.to_bytes_compressed()).unwrap(), + clarity::vm::Value::UInt(u128::MAX), + clarity::vm::Value::UInt(1), ], ); submit_tx(&http_origin, &stacking_tx); @@ -642,6 +646,8 @@ pub fn boot_to_epoch_3_reward_set( &Pox4SignatureTopic::StackStx, CHAIN_ID_TESTNET, lock_period, + u128::MAX, + 1, ) .unwrap() .to_rsv(); @@ -662,6 +668,8 @@ pub fn boot_to_epoch_3_reward_set( clarity::vm::Value::some(clarity::vm::Value::buff_from(signature).unwrap()) .unwrap(), clarity::vm::Value::buff_from(signer_pk.to_bytes_compressed()).unwrap(), + clarity::vm::Value::UInt(u128::MAX), + clarity::vm::Value::UInt(1), ], ); submit_tx(&http_origin, &stacking_tx); @@ -1232,6 +1240,8 @@ fn correct_burn_outs() { &Pox4SignatureTopic::StackStx, CHAIN_ID_TESTNET, 1_u128, + u128::MAX, + 1, ) .unwrap() .to_rsv(); @@ -1251,6 +1261,8 @@ fn correct_burn_outs() { clarity::vm::Value::some(clarity::vm::Value::buff_from(signature).unwrap()) .unwrap(), clarity::vm::Value::buff_from(pk_bytes).unwrap(), + clarity::vm::Value::UInt(u128::MAX), + clarity::vm::Value::UInt(1), ], ); let txid = submit_tx(&http_origin, &stacking_tx);