Merge pull request #447 from stellar/txEndpointForce

Add `force` flag to tx endpoint

Author: marta-lokhova

docs/software/commands.md

@@ -364,6 +364,12 @@ Most commands return their results in JSON format.
         The network is under high load and the fee is too low.
     * "FILTERED" - transaction rejected because it contains an operation type that Stellar Core filters out. See Stellar Core configuration `EXCLUDE_TRANSACTIONS_CONTAINING_OPERATION_TYPE` for more details.
 
+  Optional parameters:
+    * `force=true` - bypasses banned account filtering (see `banaccounts`),
+      allowing the transaction into the mempool even if its source account or
+      fee source is on the ban list. Other filtering (operation type, Soroban
+      key filtering) still applies. Example: `tx?blob=Base64&force=true`
+
 * **upgrades**
   * `upgrades?mode=get`<br>
     Retrieves the currently configured upgrade settings.<br>

src/herder/Herder.h

@@ -139,10 +139,11 @@ class Herder
     // generator, and therefore can skip certain expensive validity checks
     virtual TransactionQueue::AddResult
     recvTransaction(TransactionFrameBasePtr tx, bool submittedFromSelf,
-                    bool isLoadgenTx = false) = 0;
+                    bool force = false, bool isLoadgenTx = false) = 0;
 #else
     virtual TransactionQueue::AddResult
-    recvTransaction(TransactionFrameBasePtr tx, bool submittedFromSelf) = 0;
+    recvTransaction(TransactionFrameBasePtr tx, bool submittedFromSelf,
+                    bool force = false) = 0;
 #endif
     virtual void peerDoesntHave(stellar::MessageType type,
                                 uint256 const& itemID, Peer::pointer peer) = 0;

src/herder/HerderImpl.cpp

@@ -612,7 +612,8 @@ HerderImpl::emitEnvelope(SCPEnvelope const& envelope)
 }
 
 TransactionQueue::AddResult
-HerderImpl::recvTransaction(TransactionFrameBasePtr tx, bool submittedFromSelf
+HerderImpl::recvTransaction(TransactionFrameBasePtr tx, bool submittedFromSelf,
+                            bool force
 #ifdef BUILD_TESTS
                             ,
                             bool isLoadgenTx
@@ -644,7 +645,7 @@ HerderImpl::recvTransaction(TransactionFrameBasePtr tx, bool submittedFromSelf
     }
     else if (!tx->isSoroban())
     {
-        result = mTransactionQueue.tryAdd(tx, submittedFromSelf
+        result = mTransactionQueue.tryAdd(tx, submittedFromSelf, force
 #ifdef BUILD_TESTS
                                           ,
                                           isLoadgenTx
@@ -653,7 +654,7 @@ HerderImpl::recvTransaction(TransactionFrameBasePtr tx, bool submittedFromSelf
     }
     else if (mSorobanTransactionQueue)
     {
-        result = mSorobanTransactionQueue->tryAdd(tx, submittedFromSelf
+        result = mSorobanTransactionQueue->tryAdd(tx, submittedFromSelf, force
 #ifdef BUILD_TESTS
                                                   ,
                                                   isLoadgenTx

src/herder/HerderImpl.h

@@ -101,11 +101,11 @@ class HerderImpl : public Herder
 #ifdef BUILD_TESTS
     TransactionQueue::AddResult
     recvTransaction(TransactionFrameBasePtr tx, bool submittedFromSelf,
-                    bool isLoadgenTx = false) override;
+                    bool force = false, bool isLoadgenTx = false) override;
 #else
-    TransactionQueue::AddResult
-    recvTransaction(TransactionFrameBasePtr tx,
-                    bool submittedFromSelf) override;
+    TransactionQueue::AddResult recvTransaction(TransactionFrameBasePtr tx,
+                                                bool submittedFromSelf,
+                                                bool force = false) override;
 #endif
 
     EnvelopeStatus recvSCPEnvelope(SCPEnvelope const& envelope) override;

src/herder/TransactionQueue.cpp

@@ -315,7 +315,8 @@ TransactionQueue::sourceAccountPending(AccountID const& accountID) const
 TransactionQueue::AddResult
 TransactionQueue::canAdd(
     TransactionFrameBasePtr tx, AccountStates::iterator& stateIter,
-    std::vector<std::pair<TransactionFrameBasePtr, bool>>& txsToEvict
+    std::vector<std::pair<TransactionFrameBasePtr, bool>>& txsToEvict,
+    bool force
 #ifdef BUILD_TESTS
     ,
     bool isLoadgenTx
@@ -342,7 +343,7 @@ TransactionQueue::canAdd(
         mQueueMetrics->mTxsFilteredDueToFootprintKeys.inc();
         return AddResult(TransactionQueue::AddResultCode::ADD_STATUS_FILTERED);
     }
-    if (!tx->validateAccountFilterForFlooding(mFilteredAccounts))
+    if (!force && !tx->validateAccountFilterForFlooding(mFilteredAccounts))
     {
         mQueueMetrics->mTxsFilteredDueToAccountKeys.inc();
         return AddResult(TransactionQueue::AddResultCode::ADD_STATUS_FILTERED);
@@ -669,7 +670,8 @@ TransactionQueue::findAllAssetPairsInvolvedInPaymentLoops(
 }
 
 TransactionQueue::AddResult
-TransactionQueue::tryAdd(TransactionFrameBasePtr tx, bool submittedFromSelf
+TransactionQueue::tryAdd(TransactionFrameBasePtr tx, bool submittedFromSelf,
+                         bool force
 #ifdef BUILD_TESTS
                          ,
                          bool isLoadgenTx
@@ -687,7 +689,7 @@ TransactionQueue::tryAdd(TransactionFrameBasePtr tx, bool submittedFromSelf
     AccountStates::iterator stateIter;
 
     std::vector<std::pair<TransactionFrameBasePtr, bool>> txsToEvict;
-    auto res = canAdd(tx, stateIter, txsToEvict
+    auto res = canAdd(tx, stateIter, txsToEvict, force
 #ifdef BUILD_TESTS
                       ,
                       isLoadgenTx

src/herder/TransactionQueue.h

@@ -138,9 +138,10 @@ class TransactionQueue
 
 #ifdef BUILD_TESTS
     AddResult tryAdd(TransactionFrameBasePtr tx, bool submittedFromSelf,
-                     bool isLoadgenTx = false);
+                     bool force = false, bool isLoadgenTx = false);
 #else
-    AddResult tryAdd(TransactionFrameBasePtr tx, bool submittedFromSelf);
+    AddResult tryAdd(TransactionFrameBasePtr tx, bool submittedFromSelf,
+                     bool force = false);
 #endif
     void removeApplied(Transactions const& txs);
     // Ban transactions that are no longer valid or have insufficient fee;
@@ -274,11 +275,12 @@ class TransactionQueue
     TransactionQueue::AddResult
     canAdd(TransactionFrameBasePtr tx, AccountStates::iterator& stateIter,
            std::vector<std::pair<TransactionFrameBasePtr, bool>>& txsToEvict,
-           bool isLoadgenTx = false);
+           bool force = false, bool isLoadgenTx = false);
 #else
     TransactionQueue::AddResult
     canAdd(TransactionFrameBasePtr tx, AccountStates::iterator& stateIter,
-           std::vector<std::pair<TransactionFrameBasePtr, bool>>& txsToEvict);
+           std::vector<std::pair<TransactionFrameBasePtr, bool>>& txsToEvict,
+           bool force = false);
 #endif
 
     void releaseFeeMaybeEraseAccountState(TransactionFrameBasePtr tx);

src/main/CommandHandler.cpp

@@ -1145,6 +1145,7 @@ CommandHandler::tx(std::string const& params, std::string& retStr)
     std::map<std::string, std::string> paramMap;
     http::server::server::parseParams(params, paramMap);
     std::string blob = paramMap["blob"];
+    bool force = paramMap["force"] == "true";
 
     if (!blob.empty())
     {
@@ -1168,7 +1169,7 @@ CommandHandler::tx(std::string const& params, std::string& retStr)
         {
             // Add it to our current set and make sure it is valid.
             auto addResult =
-                mApp.getHerder().recvTransaction(transaction, true);
+                mApp.getHerder().recvTransaction(transaction, true, force);
 
             root["status"] = TX_STATUS_STRING[static_cast<int>(addResult.code)];
             if (addResult.code ==

src/main/test/BannedAccountsPersistorTests.cpp

@@ -158,6 +158,64 @@ TEST_CASE("FILTERED_G_ADDRESSES migration", "[banaccounts]")
 
 TEST_CASE("banaccounts HTTP command with persistence", "[banaccounts]")
 {
+    SECTION("force flag bypasses banned account filtering")
+    {
+        VirtualClock clock;
+        auto cfg = getTestConfig();
+        cfg.FILTERED_G_ADDRESSES = {};
+        Application::pointer app = createTestApplication(clock, cfg);
+
+        auto root = app->getRoot();
+        auto srcKey = SecretKey::pseudoRandomForTesting();
+        auto src = root->create(srcKey, 1000000000);
+
+        // Ban the source account
+        auto addr = KeyUtils::toStrKey(srcKey.getPublicKey());
+        app->getCommandHandler().manualCmd("banaccounts?accountids=" + addr);
+
+        auto acc = getAccount("forceAcc");
+        auto tx = src.tx({createAccount(acc.getPublicKey(), 1)});
+
+        // Without force: filtered
+        REQUIRE(
+            app->getHerder().recvTransaction(tx, false, /*force=*/false).code ==
+            TransactionQueue::AddResultCode::ADD_STATUS_FILTERED);
+
+        // With force: bypasses account filter
+        REQUIRE(
+            app->getHerder().recvTransaction(tx, false, /*force=*/true).code ==
+            TransactionQueue::AddResultCode::ADD_STATUS_PENDING);
+    }
+
+    SECTION("force flag bypasses ban for fee-bump with banned fee source")
+    {
+        VirtualClock clock;
+        auto cfg = getTestConfig();
+        cfg.FILTERED_G_ADDRESSES = {};
+        Application::pointer app = createTestApplication(clock, cfg);
+
+        auto root = app->getRoot();
+        auto filteredKey = SecretKey::pseudoRandomForTesting();
+        auto feeSourceAcct = root->create(filteredKey, 1000000000);
+
+        // Ban the fee source account
+        auto addr = KeyUtils::toStrKey(filteredKey.getPublicKey());
+        app->getCommandHandler().manualCmd("banaccounts?accountids=" + addr);
+
+        auto innerTx = root->tx({payment(root->getPublicKey(), 1)});
+        auto fb = feeBump(*app, feeSourceAcct, innerTx, 200);
+
+        // Without force: filtered
+        REQUIRE(
+            app->getHerder().recvTransaction(fb, false, /*force=*/false).code ==
+            TransactionQueue::AddResultCode::ADD_STATUS_FILTERED);
+
+        // With force: bypasses account filter
+        REQUIRE(
+            app->getHerder().recvTransaction(fb, false, /*force=*/true).code ==
+            TransactionQueue::AddResultCode::ADD_STATUS_PENDING);
+    }
+
     SECTION("ban via command persists and filters transactions")
     {
         VirtualClock clock;
@@ -178,8 +236,9 @@ TEST_CASE("banaccounts HTTP command with persistence", "[banaccounts]")
         // Transaction from the banned source should be filtered
         auto acc = getAccount("acc");
         auto tx = src.tx({createAccount(acc.getPublicKey(), 1)});
-        REQUIRE(app->getHerder().recvTransaction(tx, false).code ==
-                TransactionQueue::AddResultCode::ADD_STATUS_FILTERED);
+        REQUIRE(
+            app->getHerder().recvTransaction(tx, false, /*force=*/false).code ==
+            TransactionQueue::AddResultCode::ADD_STATUS_FILTERED);
 
         // Verify persisted
         REQUIRE(app->getBannedAccountsPersistor().getBannedAccounts().size() ==

src/main/test/CommandHandlerTests.cpp

@@ -2,6 +2,7 @@
 // under the Apache License, Version 2.0. See the COPYING file at the root
 // of this distribution or at http://www.apache.org/licenses/LICENSE-2.0
 
+#include "crypto/KeyUtils.h"
 #include "ledger/LedgerTxn.h"
 #include "ledger/test/LedgerTestUtils.h"
 #include "main/Application.h"
@@ -603,3 +604,41 @@ TEST_CASE("toggleoverlayonlymode", "[commandhandler]")
         REQUIRE(root["overlay_only_mode"].asBool() == expectedMode);
     }
 }
+
+TEST_CASE("tx force flag bypasses banned account filter", "[commandhandler]")
+{
+    VirtualClock clock;
+    auto cfg = getTestConfig();
+    cfg.FILTERED_G_ADDRESSES = {};
+    auto app = createTestApplication(clock, cfg);
+    auto& ch = app->getCommandHandler();
+
+    closeLedgerOn(*app, 2, 1, 1, 2017);
+
+    auto root = app->getRoot();
+    auto srcKey = SecretKey::pseudoRandomForTesting();
+    auto src = root->create(srcKey, 1000000000);
+
+    // Ban the source account
+    auto addr = KeyUtils::toStrKey(srcKey.getPublicKey());
+    ch.manualCmd("banaccounts?accountids=" + addr);
+
+    // Build a valid transaction from the banned account
+    auto acc = getAccount("forceTestAcc");
+    auto tx = src.tx({createAccount(acc.getPublicKey(), 1)});
+    auto blob = decoder::encode_b64(xdr::xdr_to_opaque(tx->getEnvelope()));
+
+    SECTION("without force flag, tx is filtered")
+    {
+        std::string ret;
+        ch.tx("?blob=" + blob, ret);
+        REQUIRE(ret.find("FILTERED") != std::string::npos);
+    }
+
+    SECTION("with force=true, tx bypasses account ban")
+    {
+        std::string ret;
+        ch.tx("?blob=" + blob + "&force=true", ret);
+        REQUIRE(ret.find("PENDING") != std::string::npos);
+    }
+}

src/simulation/LoadGenerator.cpp

@@ -1418,8 +1418,8 @@ LoadGenerator::execute(TransactionFrameBasePtr txf, LoadGenMode mode,
 
     // Skip certain checks for pregenerated transactions
     bool isPregeneratedTx = (mode == LoadGenMode::PAY_PREGENERATED);
-    auto addResult =
-        mApp.getHerder().recvTransaction(txf, true, isPregeneratedTx);
+    auto addResult = mApp.getHerder().recvTransaction(
+        txf, true, /*force=*/false, /*isLoadgenTx=*/isPregeneratedTx);
     if (addResult.code != TransactionQueue::AddResultCode::ADD_STATUS_PENDING)
     {