Safe Haskell	Safe-Inferred
Language	GHC2021

Hydra.Chain.Direct.Contract.Close

Synopsis

healthyCloseTx :: (Tx, UTxO)
healthyCloseInitialTx :: (Tx, UTxO)
healthyCloseLowerBoundSlot :: SlotNo
healthyCloseUpperBoundPointInTime :: PointInTime
healthyOpenHeadTxIn :: TxIn
healthyOpenHeadTxOut :: TxOut CtxUTxO
healthySnapshot :: Snapshot Tx
healthyCloseUTxO :: UTxO
healthyCloseSnapshotNumber :: SnapshotNumber
healthyOpenHeadDatum :: State
healthyContestationPeriod :: ContestationPeriod
healthyContestationPeriodSeconds :: Integer
healthyUTxO :: UTxO
healthyParticipants :: [VerificationKey PaymentKey]
somePartyCardanoVerificationKey :: VerificationKey PaymentKey
healthySigningKeys :: [SigningKey HydraKey]
healthyParties :: [Party]
healthyOnChainParties :: [Party]
healthySignature :: SnapshotNumber -> MultiSignature (Snapshot Tx)
healthyContestationDeadline :: UTCTime
healthyClosedUTxOHash :: BuiltinByteString
healthyClosedUTxO :: UTxO
data CloseMutation
- = NotContinueContract
- | MutateSignatureButNotSnapshotNumber
- | MutateSnapshotNumberButNotSignature
- | MutateSnapshotNumberToLessThanEqualZero
- | SnapshotNotSignedByAllParties
- | MutateRequiredSigner
- | MutateNoRequiredSigner
- | MutateMultipleRequiredSigner
- | MutateCloseUTxOHash
- | MutatePartiesInOutput
- | MutateHeadIdInOutput
- | MutateInfiniteLowerBound
- | MutateInfiniteUpperBound
- | MutateContestationDeadline
- | MutateValidityInterval
- | CloseFromDifferentHead
- | MutateTokenMintingOrBurning
- | MutateContesters
- | MutateValueInOutput
- | MutateContestationPeriod
genCloseMutation :: (Tx, UTxO) -> Gen SomeMutation
data CloseInitialMutation = MutateCloseContestationDeadline'
genCloseInitialMutation :: (Tx, UTxO) -> Gen SomeMutation
genMutatedDeadline :: Gen POSIXTime

Documentation

healthyCloseTx :: (Tx, UTxO) Source #

Healthy close transaction for the generic case were we close a head after one or more snapshot have been agreed upon between the members.

healthyCloseInitialTx :: (Tx, UTxO) Source #

Healthy close transaction for the specific case were we close a head with the initial UtxO, that is, no snapshot have been agreed upon and signed by the head members yet.

healthyCloseLowerBoundSlot :: SlotNo Source #

healthyCloseUpperBoundPointInTime :: PointInTime Source #

healthyOpenHeadTxIn :: TxIn Source #

healthyOpenHeadTxOut :: TxOut CtxUTxO Source #

healthySnapshot :: Snapshot Tx Source #

healthyCloseUTxO :: UTxO Source #

healthyCloseSnapshotNumber :: SnapshotNumber Source #

healthyOpenHeadDatum :: State Source #

healthyContestationPeriod :: ContestationPeriod Source #

healthyContestationPeriodSeconds :: Integer Source #

healthyUTxO :: UTxO Source #

healthyParticipants :: [VerificationKey PaymentKey] Source #

somePartyCardanoVerificationKey :: VerificationKey PaymentKey Source #

healthySigningKeys :: [SigningKey HydraKey] Source #

healthyParties :: [Party] Source #

healthyOnChainParties :: [Party] Source #

healthySignature :: SnapshotNumber -> MultiSignature (Snapshot Tx) Source #

healthyContestationDeadline :: UTCTime Source #

healthyClosedUTxOHash :: BuiltinByteString Source #

healthyClosedUTxO :: UTxO Source #

data CloseMutation Source #

Constructors

NotContinueContract	Ensures collectCom does not allow any output address but νHead.
MutateSignatureButNotSnapshotNumber	Ensures the snapshot signature is multisigned by all valid Head participants. Invalidates the tx by changing the redeemer signature but not the snapshot number in output head datum.
MutateSnapshotNumberButNotSignature	Ensures the snapshot number is consistent with the signature. Invalidates the tx by changing the snapshot number in resulting head output but not the redeemer signature.
MutateSnapshotNumberToLessThanEqualZero	Check that snapshot numbers <= 0 need to close the head with the initial UTxO hash.
SnapshotNotSignedByAllParties	Ensures the close snapshot is multisigned by all Head participants by changing the parties in the input head datum. If they do not align the multisignature will not be valid anymore.
MutateRequiredSigner	Ensures close is authenticated by a one of the Head members by changing the signer used on the tx to not be one of PTs.
MutateNoRequiredSigner	Ensures close is authenticated by a one of the Head members by changing the signer used on the tx to be empty.
MutateMultipleRequiredSigner	Ensures close is authenticated by a one of the Head members by changing the signer used on the tx to have multiple signers (including the signer to not fail for SignerIsNotAParticipant).
MutateCloseUTxOHash	Invalidates the tx by changing the utxo hash in resulting head output. Ensures the output state is consistent with the redeemer.
MutatePartiesInOutput	Ensures parties do not change between head input datum and head output datum.
MutateHeadIdInOutput	Ensures headId do not change between head input datum and head output datum.
MutateInfiniteLowerBound	Invalidates the tx by changing the lower bound to be non finite.
MutateInfiniteUpperBound	Invalidates the tx by changing the upper bound to be non finite.
MutateContestationDeadline	Invalidates the tx by changing the contestation deadline to not satisfy `contestationDeadline = upperBound + contestationPeriod`.
MutateValidityInterval	Invalidates the tx by changing the lower and upper bound to be not bounded as per spec `upperBound - lowerBound <= contestationPeriod`. This also changes the resulting `head output` contestation deadline to be valid, so it satisfy `contestationDeadline = upperBound + contestationPeriod`.
CloseFromDifferentHead	Ensure the Head cannot be closed with correct authentication from a different Head. We simulate this by changing the head policy id of the ST and PTs to be of a different head - a real attack would be to add inputs with those tokens on top of spending the head output, a bit like a double satisfaction attack. Note that the token name stays the same and consistent with the signer. This will cause authentication failure because the signer's PT, although with a consistent name, is not from the right head (has a different policy id than in the datum).
MutateTokenMintingOrBurning	Minting or burning of tokens should not be possible in close.
MutateContesters	Invalidates the tx by changing the contesters to be non empty.
MutateValueInOutput	Invalidates the tx by changing output values arbitrarily to be different (not preserved) from the head. Ensures values are preserved between head input and output.
MutateContestationPeriod	Invalidate the tx by changing the contestation period.

Instances

Instances details

Bounded CloseMutation Source #
Instance details Defined in Hydra.Chain.Direct.Contract.Close Methods minBound :: CloseMutation Source # maxBound :: CloseMutation Source #
Enum CloseMutation Source #
Instance details Defined in Hydra.Chain.Direct.Contract.Close Methods succ :: CloseMutation -> CloseMutation Source # pred :: CloseMutation -> CloseMutation Source # toEnum :: Int -> CloseMutation Source # fromEnum :: CloseMutation -> Int Source # enumFrom :: CloseMutation -> [CloseMutation] Source # enumFromThen :: CloseMutation -> CloseMutation -> [CloseMutation] Source # enumFromTo :: CloseMutation -> CloseMutation -> [CloseMutation] Source # enumFromThenTo :: CloseMutation -> CloseMutation -> CloseMutation -> [CloseMutation] Source #
Generic CloseMutation Source #
Instance details Defined in Hydra.Chain.Direct.Contract.Close Associated Types type Rep CloseMutation :: Type -> Type Source # Methods from :: CloseMutation -> Rep CloseMutation x Source # to :: Rep CloseMutation x -> CloseMutation Source #
Show CloseMutation Source #
Instance details Defined in Hydra.Chain.Direct.Contract.Close Methods showsPrec :: Int -> CloseMutation -> ShowS Source # show :: CloseMutation -> String Source # showList :: [CloseMutation] -> ShowS Source #
type Rep CloseMutation Source #
Instance details Defined in Hydra.Chain.Direct.Contract.Close type Rep CloseMutation = D1 ('MetaData "CloseMutation" "Hydra.Chain.Direct.Contract.Close" "main" 'False) ((((C1 ('MetaCons "NotContinueContract" 'PrefixI 'False) (U1 :: Type -> Type) :+: C1 ('MetaCons "MutateSignatureButNotSnapshotNumber" 'PrefixI 'False) (U1 :: Type -> Type)) :+: (C1 ('MetaCons "MutateSnapshotNumberButNotSignature" 'PrefixI 'False) (U1 :: Type -> Type) :+: (C1 ('MetaCons "MutateSnapshotNumberToLessThanEqualZero" 'PrefixI 'False) (U1 :: Type -> Type) :+: C1 ('MetaCons "SnapshotNotSignedByAllParties" 'PrefixI 'False) (U1 :: Type -> Type)))) :+: ((C1 ('MetaCons "MutateRequiredSigner" 'PrefixI 'False) (U1 :: Type -> Type) :+: C1 ('MetaCons "MutateNoRequiredSigner" 'PrefixI 'False) (U1 :: Type -> Type)) :+: (C1 ('MetaCons "MutateMultipleRequiredSigner" 'PrefixI 'False) (U1 :: Type -> Type) :+: (C1 ('MetaCons "MutateCloseUTxOHash" 'PrefixI 'False) (U1 :: Type -> Type) :+: C1 ('MetaCons "MutatePartiesInOutput" 'PrefixI 'False) (U1 :: Type -> Type))))) :+: (((C1 ('MetaCons "MutateHeadIdInOutput" 'PrefixI 'False) (U1 :: Type -> Type) :+: C1 ('MetaCons "MutateInfiniteLowerBound" 'PrefixI 'False) (U1 :: Type -> Type)) :+: (C1 ('MetaCons "MutateInfiniteUpperBound" 'PrefixI 'False) (U1 :: Type -> Type) :+: (C1 ('MetaCons "MutateContestationDeadline" 'PrefixI 'False) (U1 :: Type -> Type) :+: C1 ('MetaCons "MutateValidityInterval" 'PrefixI 'False) (U1 :: Type -> Type)))) :+: ((C1 ('MetaCons "CloseFromDifferentHead" 'PrefixI 'False) (U1 :: Type -> Type) :+: C1 ('MetaCons "MutateTokenMintingOrBurning" 'PrefixI 'False) (U1 :: Type -> Type)) :+: (C1 ('MetaCons "MutateContesters" 'PrefixI 'False) (U1 :: Type -> Type) :+: (C1 ('MetaCons "MutateValueInOutput" 'PrefixI 'False) (U1 :: Type -> Type) :+: C1 ('MetaCons "MutateContestationPeriod" 'PrefixI 'False) (U1 :: Type -> Type))))))

genCloseMutation :: (Tx, UTxO) -> Gen SomeMutation Source #

data CloseInitialMutation Source #

Constructors

MutateCloseContestationDeadline'

Instances

Instances details

Bounded CloseInitialMutation Source #
Instance details Defined in Hydra.Chain.Direct.Contract.Close Methods minBound :: CloseInitialMutation Source # maxBound :: CloseInitialMutation Source #
Enum CloseInitialMutation Source #
Instance details Defined in Hydra.Chain.Direct.Contract.Close Methods succ :: CloseInitialMutation -> CloseInitialMutation Source # pred :: CloseInitialMutation -> CloseInitialMutation Source # toEnum :: Int -> CloseInitialMutation Source # fromEnum :: CloseInitialMutation -> Int Source # enumFrom :: CloseInitialMutation -> [CloseInitialMutation] Source # enumFromThen :: CloseInitialMutation -> CloseInitialMutation -> [CloseInitialMutation] Source # enumFromTo :: CloseInitialMutation -> CloseInitialMutation -> [CloseInitialMutation] Source # enumFromThenTo :: CloseInitialMutation -> CloseInitialMutation -> CloseInitialMutation -> [CloseInitialMutation] Source #
Generic CloseInitialMutation Source #
Instance details Defined in Hydra.Chain.Direct.Contract.Close Associated Types type Rep CloseInitialMutation :: Type -> Type Source # Methods from :: CloseInitialMutation -> Rep CloseInitialMutation x Source # to :: Rep CloseInitialMutation x -> CloseInitialMutation Source #
Show CloseInitialMutation Source #
Instance details Defined in Hydra.Chain.Direct.Contract.Close Methods showsPrec :: Int -> CloseInitialMutation -> ShowS Source # show :: CloseInitialMutation -> String Source # showList :: [CloseInitialMutation] -> ShowS Source #
type Rep CloseInitialMutation Source #
Instance details Defined in Hydra.Chain.Direct.Contract.Close type Rep CloseInitialMutation = D1 ('MetaData "CloseInitialMutation" "Hydra.Chain.Direct.Contract.Close" "main" 'False) (C1 ('MetaCons "MutateCloseContestationDeadline'" 'PrefixI 'False) (U1 :: Type -> Type))

genCloseInitialMutation :: (Tx, UTxO) -> Gen SomeMutation Source #

Mutations for the specific case of closing with the intial state. We should probably validate all the mutation to this initial state but at least we keep this regression test as we stumbled upon problems with the following case. The nice thing to do would probably to generate either "normal" healthyCloseTx or or healthyCloseInitialTx and apply all the mutations to it but we didn't manage to do that right away.

genMutatedDeadline :: Gen POSIXTime Source #

Generate not acceptable, but interesting deadlines.