[UTXO-BUG] Preserve caller-owned UTXO DB connection#5572
Conversation
github-actions
Bot
added
BCOS-L1
|
Welcome to RustChain! Thanks for your first pull request. Before we review, please make sure:
Bounty tiers: Micro (1-10 RTC) | Standard (20-50) | Major (75-100) | Critical (100-150) A maintainer will review your PR soon. Thanks for contributing! |
ZacharyZhang-NY
left a comment
ZacharyZhang-NY
left a comment
There was a problem hiding this comment.
Reviewed PR #5572 at commit 6123eb4. The change correctly preserves caller-owned SQLite connection ownership on the rejected mining_reward guard path while keeping owned connections unopened for unauthorized mint attempts. Validation passed: git diff --check for node/utxo_db.py and node/test_utxo_db.py; py_compile for both files; focused UTXO connection-ownership tests passed with 2 passed; full node/test_utxo_db.py passed with 72 passed. I did not find a blocking issue in this patch.
LubuSeb
left a comment
LubuSeb
left a comment
There was a problem hiding this comment.
Disclosure: I am reviewing this under Scottcjn/rustchain-bounties#73 as @LubuSeb.
Approved on head 6123eb4722b36fecdcc0894219b4d47239d7c525.
The change is narrowly scoped and fixes the ownership bug without weakening the unauthorized mining_reward guard. apply_transaction() now rejects user-supplied mint attempts before opening an owned DB connection, while preserving a caller-supplied connection for callers that need to inspect or roll back their own transaction. The added regression covers the external-connection path, and the existing UTXO tests still pass.
Validation I ran:
git diff --check origin/main...HEAD -- node/utxo_db.py node/test_utxo_db.py
python -B -m py_compile node/utxo_db.py node/test_utxo_db.py
python -B -m pytest -q node/test_utxo_db.py::TestUtxoDB::test_user_supplied_mining_reward_preserves_external_conn node/test_utxo_db.py::TestUtxoDB::test_user_supplied_mining_reward_rejected_before_opening_db node/test_utxo_db.py --tb=short
# 72 passedI did not find a blocking issue in this PR.
TJCurnutte
left a comment
TJCurnutte
left a comment
There was a problem hiding this comment.
Approved. I validated this head locally and the ownership boundary is now right.
Proof run at head 6123eb4722b36fecdcc0894219b4d47239d7c525:
git diff --check origin/main...HEAD -- node/test_utxo_db.py node/utxo_db.py
PYTHONPATH=node python3 -B -m py_compile node/utxo_db.py node/test_utxo_db.py
PYTHONPATH=node python3 -B -m pytest -q -o addopts='' --noconftest node/test_utxo_db.pyResult: 72 passed in 0.38s.
I also ran a direct caller-owned-connection probe against the rejected mining_reward path. apply_transaction() returned False, SELECT 1 on the same connection still worked, and conn.in_transaction stayed True, so the caller still owns cleanup/rollback after the rejection.
The two-line code change is scoped: the unauthorized minting guard still rejects user-supplied mining_reward, but it no longer closes a connection it did not create. The new regression test covers that exact failure mode.
|
Security Review ✅ HIGH Preserve caller-owned UTXO DB connection on rejected mining reward path. Previously, apply_transaction() would close the caller-supplied connection on rejection, preventing the caller from rolling back its external transaction. This could leave the database in an inconsistent state — a state corruption bug. Reviewed by Xeophon - Solana: Lt9nERv6VHsojw15LpFeiaabuphAggzfLF9sM9UXRrZ |
|
Claiming and fixing - one-line fix: change "if conn:" to "if own:" on mining_reward guard path. |
|
Claiming and fixing - one-line fix: change "if conn:" to "if own:" on mining_reward guard path. |
jaxint
left a comment
jaxint
left a comment
There was a problem hiding this comment.
LGTM! Great work on this PR. 🚀
kekehanshujun
left a comment
kekehanshujun
left a comment
There was a problem hiding this comment.
I reviewed the UTXO connection ownership fix. The previous early-return path closed conn even when the caller supplied it, which breaks callers that are managing an outer transaction. Removing that close and adding a regression that keeps the externally-owned connection usable after a rejected unauthorized mining_reward addresses the issue directly.
I do not see a blocker in this focused patch.
10 participants
Summary
UtxoDB.apply_transaction()from closing caller-supplied SQLite connections on the rejectedmining_rewardguard pathWhy
apply_transaction(..., conn=caller_conn)accepts a caller-owned connection. On the unauthorizedmining_rewardvalidation path, the current code closes that external connection before returningFalse. That turns a normal validation failure intosqlite3.ProgrammingError: Cannot operate on a closed databasefor callers that need to inspect or roll back their own transaction.Validation
# RED before production fix python3 -m pytest node/test_utxo_db.py::TestUtxoDB::test_user_supplied_mining_reward_preserves_external_conn node/test_utxo_db.py::TestUtxoDB::test_user_supplied_mining_reward_rejected_before_opening_db -qObserved before fix:
test_user_supplied_mining_reward_preserves_external_connfailed because the caller-owned connection was closed.Observed locally:
72 passed, py_compile passed, andgit diff --checkwas clean.Duplicate / safety checks
Before opening this PR I searched public issues and PRs for
caller-owned connection apply_transaction mining_reward,external conn close apply_transaction mining_reward, andpreserve external connection apply_transaction. I did not find an exact duplicate. Open PR #4638 is about unmineable mempool outputs, not this external-connection ownership path.Bounty route: Scottcjn/rustchain-bounties#2819.
Miner / payout id: iamdinhthuan.
No private keys, tokens, credentials, or account-internal data are included.