[FR] - Add File Hash Validation when Building Transaction #882
Description
Internal/External
External
Area
Other
Describe the feature you'd like
When publishing an action that expects or includes a remotely hosted metadata file and a confirmation hash (e.g. pool registration/update, governance action creation/submission) and using cardano-cli transaction build then we should provide a mechanism to provide some dummy-proofing for the user w.r.t. validating that the provided hash matches the file contents at the remote source.
Describe alternatives you've considered
The current alternative is for users to download the file themselves from the remote source and then hash the file and double-check that the values entered into these commands (cardano-cli transaction build or cardano-cli governance create-info) match.
Additional context / screenshots
A very "costly" real world example is the first Governance Action published to mainnet: https://cexplorer.io/tx/15f82a365bdee483a4b03873a40d3829cc88c048ff3703e11bd01dd9e035c916/governance#data
File URL: ipfs://QmWjcHsrq9kKHZZ7aPPFjqN6wLuxH9d8bcqssmrE7H4cvb
Here we had two potential points where the CLI could have provided confirmation/validation of the URI and the hash.
There are currently two types of certificates that rely on remotely hosted files and their hashes being published to the blockchain:
- Governance Actions
- Governance Votes
- dRep Registrations/Updates
- Stake Pool Registrations/Updates
Governance Action Create
dev@null:~$ body_hash=$(./cardano-signer hash --cip100 --data-file govaction.jsonld)
dev@null:~$ file_hash=$(b2sum -l 256 govaction.jsonld)
dev@null:~$ cardano-cli conway governance action create-info \
> --mainnet \
> --governance-action-deposit 100000000000 \
> --deposit-return-stake-verification-key-file govaction.staking.vkey \
> --anchor-url ipfs://QmWjcHsrq9kKHZZ7aPPFjqN6wLuxH9d8bcqssmrE7H4cvb \
> --anchor-data-hash $body_hash \
> --out-file governance.actionHere we have an opportunity for the CLI (assuming there is an IPFS_GATEWAY_URI environment variable set) to fetch the resource to a local temporary file and confirm that the correct and matching hash has been used. In the example shown, we've incorrectly used the body_hash instead of the file_hash (which is what actually happened with this first gov action).
Governance Vote
dev@null:~$ cardano-cli conway governance vote create \
> --yes \
> --governance-action-tx-id abc123 \
> --governance-action-index 0 \
> --drep-verification-key-file adam.drep.vkey \
> --anchor-url abc.123.fun \
> --anchor-data-hash abc123 \
> --out-file adam.votedRep Registration Certificate
dev@null:~$ cardano-cli conway governance drep registration-certificate \
> --drep-verification-key-file adam.drep.vkey \
> --key-reg-deposit-amt 2000000 \
> --drep-metadata-url abc.123.xyz \
> --drep-metadata-hash abc123 \
> --out-file adam.drep.certdRep Update Certificate
dev@null:~$ cardano-cli conway governance drep update-certificate \
> --drep-verification-key-file adam.drep.vkey \
> --key-reg-deposit-amt 2000000 \
> --drep-metadata-url abc.123.xyz \
> --drep-metadata-hash abc123 \
> --out-file adam.drep.certStake Pool Registration Certificate
dev@null:~$ body_hash=$(./cardano-signer hash --cip100 --data-file govaction.jsonld)
dev@null:~$ file_hash=$(b2sum -l 256 govaction.jsonld)
dev@null:~$ pool_metadata=$(cardano-cli conway stake-pool metadata-hash --pool-metadata-file pool.json)
dev@null:~$ cardano-cli conway stake-pool registration-certificate \
> --mainnet \
> --stake-pool-verification-key-file mypool.cold.vkey \
> --vrf-verification-key-file mypool.vrf.vkey \
> --pool-pledge 100000000000 \
> --pool-cost 170000000 \
> --pool-margin 0.01 \
> --pool-reward-account-verification-key-file mypool.rewards.vkey \
> --pool-owner-stake-verification-key-file mypool.owner.vkey \
> --pool-relay-ipv4 192.168.0.1 \
> --pool-relay-port 1337 \
> --metadata-url https://github.com/crypto2099/mypool.json \
> --metadata-hash $file_hash \
> --out-file my-pool.certHere we have an opportunity for the CLI (maybe assuming there is an IPFS_GATEWAY_URI environment variable set if we switch to allowing IPFS URIs for stake pool metadata in the future) to fetch the resource to a local temporary file and confirm that the correct and matching hash has been used. In the example shown, we've incorrectly used the file_hash variable which is the blake2b-256 of our Governance Action metadata file rather than our stake pool metadata file so this will cause issues and errors downstream with explorers (this has happened literally hundreds if not thousands of times in the 4 years since Shelley).
Certificate Transaction Building
When using cardano-cli transaction build... we can assume that the user is utilizing a "hot" network environment with a local or remote connection to a node and so, it should be possible to check when there is a proposal-file, vote-file, or certificate-file and their related metadata URLs and hashes are valid and either:
- Issue a warning if the hashes cannot be checked for some reason (file not accessible?)
- Issue a warning if the hash does not match the file contents
cardano-cli conway transaction build \
--mainnet \
--tx-in ${tx_in_id} \
--change-address ${my_change_address} \
--proposal-file ${gov_action_file} \
--vote-file ${gov_vote_file} \
--certificate-file ${pool_cert_file} \
--out-file my.tx.unsigned