fix: add more guardrails for binary_request_receipt_for_tx endpoint (#338)

Author: PudgyPug

src/state-manager/AccountPatcher.ts

@@ -91,6 +91,10 @@ import {
 import { BadRequest, InternalError, serializeResponseError } from '../types/ResponseError'
 import { Utils } from '@shardus/types'
 import { RepairOOSAccountsReq, deserializeRepairOOSAccountsReq, serializeRepairOOSAccountsReq } from '../types/RepairOOSAccountsReq'
+import { robustQuery } from '../p2p/Utils'
+import { RequestReceiptForTxReqSerialized, serializeRequestReceiptForTxReq } from '../types/RequestReceiptForTxReq'
+import { deserializeRequestReceiptForTxResp, RequestReceiptForTxRespSerialized } from '../types/RequestReceiptForTxResp'
+import { Node } from '../shardus/shardus-types'
 
 type Line = {
   raw: string
@@ -569,6 +573,49 @@ class AccountPatcher {
               continue
             }
 
+            const queryFn = async (node: Node) => {
+              const message = { txid: txId, timestamp: accountData.timestamp }
+              return await this.p2p.askBinary<
+                RequestReceiptForTxReqSerialized,
+                RequestReceiptForTxRespSerialized
+              >(
+                node,
+                InternalRouteEnum.binary_request_receipt_for_tx,
+                message,
+                serializeRequestReceiptForTxReq,
+                deserializeRequestReceiptForTxResp,
+                {}
+              )
+            }
+
+            // make sure tx hasn't been altered by robust querying for the proposal using request txid and timestamp
+            const txReceipt = await robustQuery(storageNodes, queryFn)
+            if (txReceipt.isRobustResult === false) {
+              nestedCountersInstance.countEvent(
+                'accountPatcher',
+                `binary/repair_oos_accounts: robust query failed for txId: ${txId}`
+              )
+              continue
+            }
+            
+            if (txReceipt.topResult.success !== true 
+              || txReceipt.topResult.receipt == null
+              || txReceipt.topResult.receipt.proposalHash == null) {
+              nestedCountersInstance.countEvent(
+                'accountPatcher',
+                `binary/repair_oos_accounts: robust query couldn't find queueEntry for txId: ${txId}`
+              )
+              continue
+            }
+            
+            if (signedReceipt.proposalHash !== txReceipt.topResult.receipt.proposalHash) {
+              nestedCountersInstance.countEvent(
+                'accountPatcher',
+                `binary/repair_oos_accounts: proposal hash mismatch for txId: ${txId}`
+              )
+              continue
+            }
+
             // if (receivedBestVote != null) {
               // Check if vote is from eligible list of voters for this TX
             // if (

src/state-manager/TransactionConsensus.ts

@@ -1735,6 +1735,13 @@ class TransactionConsenus {
       voteHash: receipt.proposalHash,
       voteTime: 0,
     }
+    
+    if (
+      receipt.proposalHash !==
+      this.stateManager.transactionConsensus.calculateVoteHash(receipt.proposal)
+    ) {
+      return false
+    }
 
     for (let i = 0; i < receipt.signaturePack.length; i++) {
       const sign = receipt.signaturePack[i]

src/state-manager/index.ts

@@ -1428,6 +1428,15 @@ class StateManager {
             return
           }
 
+          if (queueEntry.acceptedTx?.timestamp !== deserialized.timestamp) {
+            response.note = `requested timestamp does not match txid: ${utils.stringifyReduce(deserialized.txid)} 
+            request: ${deserialized.timestamp} 
+            queueuEntry timestamp: ${queueEntry.acceptedTx?.timestamp}
+            dbg:${this.debugTXHistory[utils.stringifyReduce(deserialized.txid)]}`
+            respond(response, serializeRequestReceiptForTxResp)
+            return
+          }
+
           response.receipt = this.getSignedReceipt(queueEntry)
           if (response.receipt != null) {
             response.success = true