Merge pull request #1143 from input-output-hk/ensemble/529/observe-other-head-initialised

Client receives notification when an irrelevant InitTx is observed

Author: locallycompact

CHANGELOG.md

@@ -13,17 +13,22 @@ changes.
 - Improved `gen-hydra-keys` command to not overwrite keys if they are present
   already.
 
+- Clients are notified when head initialization is ignored via a new
+  `IgnoredHeadInitializing` API server output. This helps detecting
+  misconfigurations of credentials and head parameters (which need to match).
+  [#529](https://github.com/input-output-hk/hydra/issues/529)
+
 - Hydra node API `submit-transaction` endpoint now accepts three types of
   encoding: Base16 encoded CBOR string, TextEnvelope type and JSON.
 
 - **BREAKING** Introduce messages resending logic in the `Network`
   layer to improve reliability in the face of transient connection
-  issues
+  issues.
 
 - Persist network messages on disk in order to gracefully handle crashes
 
-- **BREAKING** Changes to Hydra scripts due to upgrading our toolchain to
-  GHC 9.6.2.
+- **BREAKING** Changes to Hydra script hashes due to upgrading our toolchain to
+  GHC 9.6
 
 ## [0.13.0] - 2023-10-03
 

fourmolu.yaml

@@ -6,3 +6,4 @@ diff-friendly-import-export: true # 'false' uses Ormolu-style lists
 respectful: true # don't be too opinionated about newlines etc.
 haddock-style: single-line # '--' vs. '{-'
 newlines-between-decls: 1 # number of newlines between top-level declarations
+single-constraint-parens: never # whether or not to put braces around single constraints: https://fourmolu.github.io/config/single-constraint-parens/

hydra-cluster/src/Hydra/Cluster/Scenarios.hs

@@ -19,6 +19,7 @@ import CardanoClient (
 import CardanoNode (RunningNode (..))
 import Control.Lens ((^?))
 import Data.Aeson (Value, object, (.=))
+import qualified Data.Aeson as Aeson
 import Data.Aeson.Lens (key, _JSON)
 import Data.Aeson.Types (parseMaybe)
 import Data.ByteString (isInfixOf)
@@ -54,6 +55,7 @@ import Hydra.Cardano.Api (
  )
 import Hydra.Cardano.Api.Prelude (ReferenceScript (..), TxOut (..), TxOutDatum (..))
 import Hydra.Chain (HeadId)
+import Hydra.Chain.Direct.Tx (assetNameFromVerificationKey)
 import Hydra.Cluster.Faucet (createOutputAtAddress, seedFromFaucet, seedFromFaucet_)
 import qualified Hydra.Cluster.Faucet as Faucet
 import Hydra.Cluster.Fixture (Actor (..), actorName, alice, aliceSk, aliceVk, bob, bobSk, bobVk)
@@ -62,9 +64,20 @@ import Hydra.ContestationPeriod (ContestationPeriod (UnsafeContestationPeriod))
 import Hydra.Ledger (IsTx (balance))
 import Hydra.Ledger.Cardano (genKeyPair)
 import Hydra.Logging (Tracer, traceWith)
-import Hydra.Options (ChainConfig, networkId, startChainFrom)
+import Hydra.Options (ChainConfig (..), networkId, startChainFrom)
 import Hydra.Party (Party)
-import HydraNode (EndToEndLog (..), HydraClient, input, output, requestCommitTx, send, waitFor, waitForAllMatch, waitMatch, withHydraNode)
+import HydraNode (
+  EndToEndLog (..),
+  HydraClient,
+  input,
+  output,
+  requestCommitTx,
+  send,
+  waitFor,
+  waitForAllMatch,
+  waitMatch,
+  withHydraNode,
+ )
 import qualified Network.HTTP.Client as L
 import Network.HTTP.Req (
   HttpException (VanillaHttpException),
@@ -419,7 +432,7 @@ canSubmitTransactionThroughAPI ::
   TxId ->
   IO ()
 canSubmitTransactionThroughAPI tracer workDir node hydraScriptsTxId =
-   (`finally` returnFundsToFaucet tracer node Alice) $ do
+  (`finally` returnFundsToFaucet tracer node Alice) $ do
     refuelIfNeeded tracer node Alice 25_000_000
     aliceChainConfig <- chainConfigFor Alice workDir nodeSocket [] $ UnsafeContestationPeriod 100
     let hydraNodeId = 1
@@ -451,7 +464,6 @@ canSubmitTransactionThroughAPI tracer workDir node hydraScriptsTxId =
           (sendRequest hydraNodeId signedRequest <&> responseBody)
             `shouldReturn` TransactionSubmitted
  where
-
   RunningNode{networkId, nodeSocket} = node
   sendRequest hydraNodeId tx =
     runReq defaultHttpConfig $
@@ -462,6 +474,39 @@ canSubmitTransactionThroughAPI tracer workDir node hydraScriptsTxId =
         (Proxy :: Proxy (JsonResponse TransactionSubmitted))
         (port $ 4000 + hydraNodeId)
 
+-- | Two hydra node setup where Alice is wrongly configured to use Carol's
+-- cardano keys instead of Bob's which will prevent him to be notified the
+-- `HeadIsInitializing` but he should still receive some notification.
+initWithWrongKeys :: FilePath -> Tracer IO EndToEndLog -> RunningNode -> TxId -> IO ()
+initWithWrongKeys workDir tracer node@RunningNode{nodeSocket} hydraScriptsTxId = do
+  (aliceCardanoVk, _) <- keysFor Alice
+  (carolCardanoVk, _) <- keysFor Carol
+
+  aliceChainConfig <- chainConfigFor Alice workDir nodeSocket [Carol] (UnsafeContestationPeriod 2)
+  bobChainConfig <- chainConfigFor Bob workDir nodeSocket [Alice] (UnsafeContestationPeriod 2)
+
+  withHydraNode tracer aliceChainConfig workDir 3 aliceSk [bobVk] [3, 4] hydraScriptsTxId $ \n1 -> do
+    withHydraNode tracer bobChainConfig workDir 4 bobSk [aliceVk] [3, 4] hydraScriptsTxId $ \n2 -> do
+      seedFromFaucet_ node aliceCardanoVk 100_000_000 (contramap FromFaucet tracer)
+
+      send n1 $ input "Init" []
+      headId <-
+        waitForAllMatch 10 [n1] $
+          headIsInitializingWith (Set.fromList [alice, bob])
+
+      let expectedHashes =
+            assetNameFromVerificationKey
+              <$> [aliceCardanoVk, carolCardanoVk]
+
+      -- We want the client to observe headId being opened without bob (node 2)
+      -- being part of it
+      pubKeyHashes <- waitMatch 10 n2 $ \v -> do
+        guard $ v ^? key "tag" == Just (Aeson.String "IgnoredHeadInitializing")
+        guard $ v ^? key "headId" == Just (toJSON headId)
+        v ^? key "participants" . _JSON
+
+      Set.fromList pubKeyHashes `shouldBe` Set.fromList expectedHashes
+
 -- | Refuel given 'Actor' with given 'Lovelace' if current marked UTxO is below that amount.
 refuelIfNeeded ::
   Tracer IO EndToEndLog ->

hydra-cluster/src/HydraNode.hs

@@ -60,7 +60,7 @@ send HydraClient{tracer, hydraNodeId, connection} v = do
   sendTextData connection (Aeson.encode v)
   traceWith tracer $ SentMessage hydraNodeId v
 
-waitNext :: HasCallStack => HydraClient -> IO Aeson.Value
+waitNext :: (HasCallStack) => HydraClient -> IO Aeson.Value
 waitNext HydraClient{connection} = do
   bytes <- receiveData connection
   case Aeson.eitherDecode' bytes of
@@ -74,11 +74,11 @@ output tag pairs = object $ ("tag" .= tag) : pairs
 -- | Wait some time for a single API server output from each of given nodes.
 -- This function waits for @delay@ seconds for message @expected@  to be seen by all
 -- given @nodes@.
-waitFor :: HasCallStack => Tracer IO EndToEndLog -> DiffTime -> [HydraClient] -> Aeson.Value -> IO ()
+waitFor :: (HasCallStack) => Tracer IO EndToEndLog -> DiffTime -> [HydraClient] -> Aeson.Value -> IO ()
 waitFor tracer delay nodes v = waitForAll tracer delay nodes [v]
 
 -- | Wait up to some time for an API server output to match the given predicate.
-waitMatch :: HasCallStack => DiffTime -> HydraClient -> (Aeson.Value -> Maybe a) -> IO a
+waitMatch :: (HasCallStack) => DiffTime -> HydraClient -> (Aeson.Value -> Maybe a) -> IO a
 waitMatch delay client@HydraClient{tracer, hydraNodeId} match = do
   seenMsgs <- newTVarIO []
   timeout delay (go seenMsgs) >>= \case
@@ -122,7 +122,7 @@ waitForAllMatch delay nodes match = do
 -- | Wait some time for a list of outputs from each of given nodes.
 -- This function is the generalised version of 'waitFor', allowing several messages
 -- to be waited for and received in /any order/.
-waitForAll :: HasCallStack => Tracer IO EndToEndLog -> DiffTime -> [HydraClient] -> [Aeson.Value] -> IO ()
+waitForAll :: (HasCallStack) => Tracer IO EndToEndLog -> DiffTime -> [HydraClient] -> [Aeson.Value] -> IO ()
 waitForAll tracer delay nodes expected = do
   traceWith tracer (StartWaiting (map hydraNodeId nodes) expected)
   forConcurrently_ nodes $ \client@HydraClient{hydraNodeId} -> do
@@ -180,7 +180,7 @@ requestCommitTx :: HydraClient -> UTxO -> IO Tx
 requestCommitTx client =
   requestCommitTx' client . fmap (`TxOutWithWitness` Nothing)
 
-getMetrics :: HasCallStack => HydraClient -> IO ByteString
+getMetrics :: (HasCallStack) => HydraClient -> IO ByteString
 getMetrics HydraClient{hydraNodeId} = do
   failAfter 3 $
     try (runReq defaultHttpConfig request) >>= \case
@@ -208,13 +208,13 @@ data EndToEndLog
   | RemainingFunds {actor :: String, utxo :: UTxO}
   | PublishedHydraScriptsAt {hydraScriptsTxId :: TxId}
   | UsingHydraScriptsAt {hydraScriptsTxId :: TxId}
-  | CreatedKey { keyPath :: FilePath }
+  | CreatedKey {keyPath :: FilePath}
   deriving (Eq, Show, Generic, ToJSON, FromJSON, ToObject)
 
 -- XXX: The two lists need to be of same length. Also the verification keys can
 -- be derived from the signing keys.
 withHydraCluster ::
-  HasCallStack =>
+  (HasCallStack) =>
   Tracer IO EndToEndLog ->
   FilePath ->
   SocketPath ->
@@ -229,7 +229,28 @@ withHydraCluster ::
   ContestationPeriod ->
   (NonEmpty HydraClient -> IO a) ->
   IO a
-withHydraCluster tracer workDir nodeSocket firstNodeId allKeys hydraKeys hydraScriptsTxId contestationPeriod action = do
+withHydraCluster tracer workDir nodeSocket firstNodeId allKeys hydraKeys hydraScriptsTxId contestationPeriod action =
+  withConfiguredHydraCluster tracer workDir nodeSocket firstNodeId allKeys hydraKeys hydraScriptsTxId (const $ id) contestationPeriod action
+
+withConfiguredHydraCluster ::
+  (HasCallStack) =>
+  Tracer IO EndToEndLog ->
+  FilePath ->
+  SocketPath ->
+  -- | First node id
+  -- This sets the starting point for assigning ports
+  Int ->
+  -- | NOTE: This decides on the size of the cluster!
+  [(VerificationKey PaymentKey, SigningKey PaymentKey)] ->
+  [SigningKey HydraKey] ->
+  -- | Transaction id at which Hydra scripts should have been published.
+  TxId ->
+  -- | Modifies the `ChainConfig` passed to a node upon startup
+  (Int -> ChainConfig -> ChainConfig) ->
+  ContestationPeriod ->
+  (NonEmpty HydraClient -> IO a) ->
+  IO a
+withConfiguredHydraCluster tracer workDir nodeSocket firstNodeId allKeys hydraKeys hydraScriptsTxId chainConfigDecorator contestationPeriod action = do
   when (clusterSize == 0) $
     failure "Cannot run a cluster with 0 number of nodes"
   when (length allKeys /= length hydraKeys) $
@@ -248,24 +269,25 @@ withHydraCluster tracer workDir nodeSocket firstNodeId allKeys hydraKeys hydraSc
   startNodes clients = \case
     [] -> action (fromList $ reverse clients)
     (nodeId : rest) -> do
-      let hydraSKey = hydraKeys Prelude.!! (nodeId - firstNodeId)
-          hydraVKeys = map getVerificationKey $ filter (/= hydraSKey) hydraKeys
-          cardanoVerificationKeys = [workDir </> show i <.> "vk" | i <- allNodeIds, i /= nodeId]
+      let hydraSigningKey = hydraKeys Prelude.!! (nodeId - firstNodeId)
+          hydraVerificationKeys = map getVerificationKey $ filter (/= hydraSigningKey) hydraKeys
           cardanoSigningKey = workDir </> show nodeId <.> "sk"
+          cardanoVerificationKeys = [workDir </> show i <.> "vk" | i <- allNodeIds, i /= nodeId]
           chainConfig =
-            defaultChainConfig
-              { nodeSocket
-              , cardanoSigningKey
-              , cardanoVerificationKeys
-              , contestationPeriod
-              }
+            chainConfigDecorator nodeId $
+              defaultChainConfig
+                { nodeSocket
+                , cardanoSigningKey
+                , cardanoVerificationKeys
+                , contestationPeriod
+                }
       withHydraNode
         tracer
         chainConfig
         workDir
         nodeId
-        hydraSKey
-        hydraVKeys
+        hydraSigningKey
+        hydraVerificationKeys
         allNodeIds
         hydraScriptsTxId
         (\c -> startNodes (c : clients) rest)
@@ -384,7 +406,7 @@ withConnectionToNode tracer hydraNodeId action = do
 hydraNodeProcess :: RunOptions -> CreateProcess
 hydraNodeProcess = proc "hydra-node" . toArgs
 
-waitForNodesConnected :: HasCallStack => Tracer IO EndToEndLog -> [HydraClient] -> IO ()
+waitForNodesConnected :: (HasCallStack) => Tracer IO EndToEndLog -> [HydraClient] -> IO ()
 waitForNodesConnected tracer clients =
   mapM_ waitForNodeConnected clients
  where

hydra-cluster/test/Test/EndToEndSpec.hs

@@ -55,18 +55,7 @@ import Hydra.Cluster.Fixture (
   carolSk,
   carolVk,
  )
-import Hydra.Cluster.Scenarios (
-  canCloseWithLongContestationPeriod,
-  canSubmitTransactionThroughAPI,
-  headIsInitializingWith,
-  refuelIfNeeded,
-  restartedNodeCanAbort,
-  restartedNodeCanObserveCommitTx,
-  singlePartyCannotCommitExternallyWalletUtxo,
-  singlePartyCommitsExternalScriptWithInlineDatum,
-  singlePartyCommitsFromExternalScript,
-  singlePartyHeadFullLifeCycle,
- )
+import Hydra.Cluster.Scenarios (canCloseWithLongContestationPeriod, canSubmitTransactionThroughAPI, headIsInitializingWith, initWithWrongKeys, refuelIfNeeded, restartedNodeCanAbort, restartedNodeCanObserveCommitTx, singlePartyCannotCommitExternallyWalletUtxo, singlePartyCommitsExternalScriptWithInlineDatum, singlePartyCommitsFromExternalScript, singlePartyHeadFullLifeCycle)
 import Hydra.Cluster.Util (chainConfigFor, keysFor)
 import Hydra.ContestationPeriod (ContestationPeriod (UnsafeContestationPeriod))
 import Hydra.Crypto (generateSigningKey)
@@ -351,6 +340,13 @@ spec = around showLogsOnFailure $
                 (initAndClose tmpDir tracer 0 hydraScriptsTxId node)
                 (initAndClose tmpDir tracer 1 hydraScriptsTxId node)
 
+      it "alice inits a Head with incorrect keys preventing bob from observing InitTx" $ \tracer ->
+        failAfter 60 $
+          withClusterTempDir "incorrect-cardano-keys" $ \tmpDir -> do
+            withCardanoNodeDevnet (contramap FromCardanoNode tracer) tmpDir $ \node -> do
+              publishHydraScriptsAs node Faucet
+                >>= initWithWrongKeys tmpDir tracer node
+
       it "bob cannot abort alice's head" $ \tracer -> do
         failAfter 60 $
           withClusterTempDir "two-heads-cant-abort" $ \tmpDir -> do
@@ -533,14 +529,6 @@ initAndClose tmpDir tracer clusterIx hydraScriptsTxId node@RunningNode{nodeSocke
   bobKeys@(bobCardanoVk, _) <- generate genKeyPair
   carolKeys@(carolCardanoVk, _) <- generate genKeyPair
 
-  let aliceSk = generateSigningKey ("alice-" <> show clusterIx)
-  let bobSk = generateSigningKey ("bob-" <> show clusterIx)
-  let carolSk = generateSigningKey ("carol-" <> show clusterIx)
-
-  let alice = deriveParty aliceSk
-  let bob = deriveParty bobSk
-  let carol = deriveParty carolSk
-
   let cardanoKeys = [aliceKeys, bobKeys, carolKeys]
       hydraKeys = [aliceSk, bobSk, carolSk]
 

hydra-node/exe/hydra-node/Main.hs

@@ -101,7 +101,6 @@ main = do
                 RunOptions{apiHost, apiPort} = opts
             apiPersistence <- createPersistenceIncremental $ persistenceDir <> "/server-output"
             withAPIServer apiHost apiPort party apiPersistence (contramap APIServer tracer) chain pparams (putEvent . ClientEvent) $ \server -> do
-
               -- Network
               withNetwork tracer persistenceDir (connectionMessages server) signingKey otherParties host port peers nodeId putNetworkEvent $ \hn -> do
                 -- Main loop

hydra-node/hydra-node.cabal

@@ -99,6 +99,7 @@ library
     Hydra.HeadLogic
     Hydra.HeadLogic.Error
     Hydra.HeadLogic.Event
+    Hydra.HeadLogic.Heads
     Hydra.HeadLogic.Outcome
     Hydra.HeadLogic.SnapshotOutcome
     Hydra.HeadLogic.State
@@ -147,7 +148,6 @@ library
     , cardano-ledger-core
     , cardano-ledger-mary
     , cardano-ledger-shelley
-    , cardano-prelude
     , cardano-slotting
     , cardano-strict-containers
     , cborg

hydra-node/json-schemas/api.yaml

@@ -852,6 +852,39 @@ components:
         additionalProperties: false
         $ref: "https://raw.githubusercontent.com/CardanoSolutions/cardanonical/main/cardano.json#/definitions/ProtocolParameters"
 
+    IgnoredHeadInitializing:
+      title: IgnoredHeadInitializing
+      description: |
+        A `Init` transaction has been observed on-chain, with the given HeadId
+        and the given participant identifiers (commonly public key hashes), but
+        we are not part of it. It could denote a misconfiguration, or simply
+        some other group of parties opening a head.
+      payload:
+        type: object
+        required:
+          - tag
+          - headId
+          - participants
+          - seq
+          - timestamp
+        properties:
+          tag:
+            type: string
+            enum: ["IgnoredHeadInitializing"]
+          headId:
+            $ref: "api.yaml#/components/schemas/HeadId"
+          participants:
+            type: array
+            items:
+              type: string
+              contentEncoding: base16
+              description: |
+                A hex-encoded string identifying a participant on-chain (usually a hash of a key)
+          seq:
+            $ref: "api.yaml#/components/schemas/SequenceNumber"
+          timestamp:
+            $ref: "api.yaml#/components/schemas/UTCTime"
+
   ########
   #
   # Schemas