feat: initiated feature of zetaclient-restricted-address (#1790)

* initiated feature of zetaclient-banned-address

* fix some issues in e2e tests

* fix gosec issues

* some unit tests, comments and refactor

* unified log prints for restricted address detection

* move restricted address to Unreleased section

* improved compliance log prints

* update compliance log print according to CharlieMc

changelog.md

@@ -2,7 +2,12 @@
 
 ## Unreleased
 
+### Features
+
+* [1789](https://github.com/zeta-chain/node/issues/1789) - block cross-chain transactions that involve restricted addresses
+
 ### Refactor
+
 * [1783](https://github.com/zeta-chain/node/pull/1783) - refactor zetaclient metrics naming and structure
 
 ### Tests

cmd/zetaclientd/init.go

@@ -4,6 +4,7 @@ import (
 	"github.com/rs/zerolog"
 	"github.com/spf13/cobra"
 	"github.com/zeta-chain/zetacore/zetaclient/config"
+	"github.com/zeta-chain/zetacore/zetaclient/testutils"
 )
 
 var InitCmd = &cobra.Command{
@@ -95,6 +96,7 @@ func Initialize(_ *cobra.Command, _ []string) error {
 	configData.KeyringBackend = config.KeyringBackend(initArgs.KeyringBackend)
 	configData.HsmMode = initArgs.HsmMode
 	configData.HsmHotKey = initArgs.HsmHotKey
+	configData.ComplianceConfig = testutils.ComplianceConfigTest()
 
 	//Save config file
 	return config.Save(&configData, rootArgs.zetaCoreHome)

cmd/zetaclientd/main.go

@@ -1,10 +1,15 @@
 package main
 
 import (
+	"path/filepath"
+
+	"github.com/rs/zerolog/log"
+
 	ecdsakeygen "github.com/binance-chain/tss-lib/ecdsa/keygen"
 	"github.com/cosmos/cosmos-sdk/server"
 	svrcmd "github.com/cosmos/cosmos-sdk/server/cmd"
 	"github.com/rs/zerolog"
+	clientcommon "github.com/zeta-chain/zetacore/zetaclient/common"
 	"github.com/zeta-chain/zetacore/zetaclient/config"
 
 	"github.com/zeta-chain/zetacore/cmd"
@@ -20,6 +25,10 @@ import (
 	"github.com/zeta-chain/zetacore/app"
 )
 
+const (
+	ComplianceLogFile = "compliance.log"
+)
+
 var (
 	preParams *ecdsakeygen.LocalPreParams
 )
@@ -51,19 +60,53 @@ func SetupConfigForTest() {
 
 }
 
-func InitLogger(cfg *config.Config) zerolog.Logger {
+func InitLogger(cfg *config.Config) (clientcommon.ClientLogger, error) {
+	// open compliance log file
+	file, err := OpenComplianceLogFile(cfg)
+	if err != nil {
+		return clientcommon.DefaultLoggers(), err
+	}
+
 	var logger zerolog.Logger
+	var loggerCompliance zerolog.Logger
 	switch cfg.LogFormat {
 	case "json":
 		logger = zerolog.New(os.Stdout).Level(zerolog.Level(cfg.LogLevel)).With().Timestamp().Logger()
+		loggerCompliance = zerolog.New(file).Level(zerolog.Level(cfg.LogLevel)).With().Timestamp().Logger()
 	case "text":
 		logger = zerolog.New(zerolog.ConsoleWriter{Out: os.Stdout, TimeFormat: time.RFC3339}).Level(zerolog.Level(cfg.LogLevel)).With().Timestamp().Logger()
+		loggerCompliance = zerolog.New(file).Level(zerolog.Level(cfg.LogLevel)).With().Timestamp().Logger()
 	default:
 		logger = zerolog.New(zerolog.ConsoleWriter{Out: os.Stdout, TimeFormat: time.RFC3339})
+		loggerCompliance = zerolog.New(file).With().Timestamp().Logger()
 	}
 
 	if cfg.LogSampler {
 		logger = logger.Sample(&zerolog.BasicSampler{N: 5})
 	}
-	return logger
+	log.Logger = logger // set global logger
+
+	return clientcommon.ClientLogger{
+		Std:        log.Logger,
+		Compliance: loggerCompliance,
+	}, nil
+}
+
+func OpenComplianceLogFile(cfg *config.Config) (*os.File, error) {
+	// use zetacore home as default
+	logPath := cfg.ZetaCoreHome
+	if cfg.ComplianceConfig != nil && cfg.ComplianceConfig.LogPath != "" {
+		logPath = cfg.ComplianceConfig.LogPath
+	}
+
+	// clean file name
+	name := filepath.Join(logPath, ComplianceLogFile)
+	name, err := filepath.Abs(name)
+	if err != nil {
+		return nil, err
+	}
+	name = filepath.Clean(name)
+
+	// open (or create) compliance log file
+	return os.OpenFile(name, os.O_APPEND|os.O_WRONLY|os.O_CREATE, 0600)
 }

cmd/zetaclientd/start.go

@@ -57,7 +57,12 @@ func start(_ *cobra.Command, _ []string) error {
 	if err != nil {
 		return err
 	}
-	log.Logger = InitLogger(cfg)
+	loggers, err := InitLogger(cfg)
+	if err != nil {
+		log.Error().Err(err).Msg("InitLogger failed")
+		return err
+	}
+
 	//Wait until zetacore has started
 	if len(cfg.Peer) != 0 {
 		err := validatePeer(cfg.Peer)
@@ -67,9 +72,10 @@ func start(_ *cobra.Command, _ []string) error {
 		}
 	}
 
-	masterLogger := log.Logger
+	masterLogger := loggers.Std
 	startLogger := masterLogger.With().Str("module", "startup").Logger()
 
+	// Wait until zetacore is up
 	waitForZetaCore(cfg, startLogger)
 	startLogger.Info().Msgf("ZetaCore is ready , Trying to connect to %s", cfg.Peer)
 
@@ -218,8 +224,8 @@ func start(_ *cobra.Command, _ []string) error {
 		}
 	}
 
-	// CreateSignerMap: This creates a map of all signers for each chain . Each signer is responsible for signing transactions for a particular chain
-	signerMap, err := CreateSignerMap(tss, masterLogger, cfg, telemetryServer)
+	// CreateSignerMap: This creates a map of all signers for each chain. Each signer is responsible for signing transactions for a particular chain
+	signerMap, err := CreateSignerMap(tss, loggers, cfg, telemetryServer)
 	if err != nil {
 		log.Error().Err(err).Msg("CreateSignerMap")
 		return err
@@ -232,8 +238,8 @@ func start(_ *cobra.Command, _ []string) error {
 	}
 	dbpath := filepath.Join(userDir, ".zetaclient/chainobserver")
 
-	// CreateChainClientMap : This creates a map of all chain clients . Each chain client is responsible for listening to events on the chain and processing them
-	chainClientMap, err := CreateChainClientMap(zetaBridge, tss, dbpath, masterLogger, cfg, telemetryServer)
+	// CreateChainClientMap : This creates a map of all chain clients. Each chain client is responsible for listening to events on the chain and processing them
+	chainClientMap, err := CreateChainClientMap(zetaBridge, tss, dbpath, loggers, cfg, telemetryServer)
 	if err != nil {
 		startLogger.Err(err).Msg("CreateSignerMap")
 		return err

cmd/zetaclientd/utils.go

@@ -3,11 +3,11 @@ package main
 import (
 	sdk "github.com/cosmos/cosmos-sdk/types"
 	ethcommon "github.com/ethereum/go-ethereum/common"
-	"github.com/rs/zerolog"
 	"github.com/zeta-chain/zetacore/common"
 	"github.com/zeta-chain/zetacore/common/cosmos"
 	"github.com/zeta-chain/zetacore/zetaclient/authz"
 	"github.com/zeta-chain/zetacore/zetaclient/bitcoin"
+	clientcommon "github.com/zeta-chain/zetacore/zetaclient/common"
 	"github.com/zeta-chain/zetacore/zetaclient/config"
 	"github.com/zeta-chain/zetacore/zetaclient/interfaces"
 	"github.com/zeta-chain/zetacore/zetaclient/keys"
@@ -51,7 +51,7 @@ func CreateZetaBridge(cfg *config.Config, telemetry *metrics.TelemetryServer, ho
 
 func CreateSignerMap(
 	tss interfaces.TSSSigner,
-	logger zerolog.Logger,
+	loggers clientcommon.ClientLogger,
 	cfg *config.Config,
 	ts *metrics.TelemetryServer,
 ) (map[common.Chain]interfaces.ChainSigner, error) {
@@ -63,19 +63,19 @@ func CreateSignerMap(
 		}
 		mpiAddress := ethcommon.HexToAddress(evmConfig.ChainParams.ConnectorContractAddress)
 		erc20CustodyAddress := ethcommon.HexToAddress(evmConfig.ChainParams.Erc20CustodyContractAddress)
-		signer, err := evm.NewEVMSigner(evmConfig.Chain, evmConfig.Endpoint, tss, config.GetConnectorABI(), config.GetERC20CustodyABI(), mpiAddress, erc20CustodyAddress, logger, ts)
+		signer, err := evm.NewEVMSigner(evmConfig.Chain, evmConfig.Endpoint, tss, config.GetConnectorABI(), config.GetERC20CustodyABI(), mpiAddress, erc20CustodyAddress, loggers, ts)
 		if err != nil {
-			logger.Error().Err(err).Msgf("NewEVMSigner error for chain %s", evmConfig.Chain.String())
+			loggers.Std.Error().Err(err).Msgf("NewEVMSigner error for chain %s", evmConfig.Chain.String())
 			continue
 		}
 		signerMap[evmConfig.Chain] = signer
 	}
 	// BTC signer
 	btcChain, btcConfig, enabled := cfg.GetBTCConfig()
 	if enabled {
-		signer, err := bitcoin.NewBTCSigner(btcConfig, tss, logger, ts)
+		signer, err := bitcoin.NewBTCSigner(btcConfig, tss, loggers, ts)
 		if err != nil {
-			logger.Error().Err(err).Msgf("NewBTCSigner error for chain %s", btcChain.String())
+			loggers.Std.Error().Err(err).Msgf("NewBTCSigner error for chain %s", btcChain.String())
 		} else {
 			signerMap[btcChain] = signer
 		}
@@ -88,7 +88,7 @@ func CreateChainClientMap(
 	bridge *zetabridge.ZetaCoreBridge,
 	tss interfaces.TSSSigner,
 	dbpath string,
-	logger zerolog.Logger,
+	loggers clientcommon.ClientLogger,
 	cfg *config.Config,
 	ts *metrics.TelemetryServer,
 ) (map[common.Chain]interfaces.ChainClient, error) {
@@ -98,19 +98,19 @@ func CreateChainClientMap(
 		if evmConfig.Chain.IsZetaChain() {
 			continue
 		}
-		co, err := evm.NewEVMChainClient(bridge, tss, dbpath, logger, cfg, *evmConfig, ts)
+		co, err := evm.NewEVMChainClient(bridge, tss, dbpath, loggers, cfg, *evmConfig, ts)
 		if err != nil {
-			logger.Error().Err(err).Msgf("NewEVMChainClient error for chain %s", evmConfig.Chain.String())
+			loggers.Std.Error().Err(err).Msgf("NewEVMChainClient error for chain %s", evmConfig.Chain.String())
 			continue
 		}
 		clientMap[evmConfig.Chain] = co
 	}
 	// BTC client
 	btcChain, btcConfig, enabled := cfg.GetBTCConfig()
 	if enabled {
-		co, err := bitcoin.NewBitcoinClient(btcChain, bridge, tss, dbpath, logger, btcConfig, ts)
+		co, err := bitcoin.NewBitcoinClient(btcChain, bridge, tss, dbpath, loggers, btcConfig, ts)
 		if err != nil {
-			logger.Error().Err(err).Msgf("NewBitcoinClient error for chain %s", btcChain.String())
+			loggers.Std.Error().Err(err).Msgf("NewBitcoinClient error for chain %s", btcChain.String())
 
 		} else {
 			clientMap[btcChain] = co

common/utils.go

@@ -41,3 +41,26 @@ func StringToHash(chainID int64, hash string) ([]byte, error) {
 	}
 	return nil, fmt.Errorf("cannot convert hash to bytes for chain %d", chainID)
 }
+
+// ParseAddressAndData parses the message string into an address and data
+// message is hex encoded byte array
+// [ contractAddress calldata ]
+// [ 20B, variable]
+func ParseAddressAndData(message string) (ethcommon.Address, []byte, error) {
+	if len(message) == 0 {
+		return ethcommon.Address{}, nil, nil
+	}
+
+	data, err := hex.DecodeString(message)
+	if err != nil {
+		return ethcommon.Address{}, nil, fmt.Errorf("message should be a hex encoded string: " + err.Error())
+	}
+
+	if len(data) < 20 {
+		return ethcommon.Address{}, data, nil
+	}
+
+	address := ethcommon.BytesToAddress(data[:20])
+	data = data[20:]
+	return address, data, nil
+}

x/crosschain/keeper/evm_deposit.go

@@ -43,7 +43,7 @@ func (k Keeper) HandleEVMDeposit(
 		}
 	} else {
 		// cointype is Gas or ERC20; then it could be a ZRC20 deposit/depositAndCall cctx.
-		parsedAddress, data, err := parseAddressAndData(msg.Message)
+		parsedAddress, data, err := common.ParseAddressAndData(msg.Message)
 		if err != nil {
 			return false, errors.Wrap(types.ErrUnableToParseAddress, err.Error())
 		}
@@ -110,26 +110,3 @@ func errShouldRevertCctx(err error) bool {
 		errors.Is(err, fungibletypes.ErrCallNonContract) ||
 		errors.Is(err, fungibletypes.ErrPausedZRC20)
 }
-
-// parseAddressAndData parses the message string into an address and data
-// message is hex encoded byte array
-// [ contractAddress calldata ]
-// [ 20B, variable]
-func parseAddressAndData(message string) (ethcommon.Address, []byte, error) {
-	if len(message) == 0 {
-		return ethcommon.Address{}, nil, nil
-	}
-
-	data, err := hex.DecodeString(message)
-	if err != nil {
-		return ethcommon.Address{}, nil, fmt.Errorf("message should be a hex encoded string: " + err.Error())
-	}
-
-	if len(data) < 20 {
-		return ethcommon.Address{}, data, nil
-	}
-
-	address := ethcommon.BytesToAddress(data[:20])
-	data = data[20:]
-	return address, data, nil
-}