Discord invite widget

eula disclaimer
Signed-off-by: Valentyn Faychuk <valy@detee.ltd>
2025-02-03 16:55:04 +02:00 · 2025-01-30 23:34:26 +02:00 · 2025-01-22 05:23:11 +02:00 · 2025-01-21 22:45:31 +02:00 · 2025-01-21 22:17:57 +02:00 · 2025-01-10 19:52:32 +02:00
13 changed files with 544 additions and 116 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -1572,7 +1572,7 @@ dependencies = [
 [[package]]
 name = "detee-sgx"
 version = "0.1.0"
-source = "git+https://gitea.detee.cloud/general/detee-sgx#f7eaed1392ae79ecc1105a50d919026f016a4e78"
+source = "git+https://gitea.detee.cloud/general/detee-sgx?branch=dthc#8ced0efcbac57f118b202785c783f2a7d39bf700"
 dependencies = [
 "aes-gcm",
 "hex",
@ -2104,6 +2104,7 @@ dependencies = [
 "hyper 1.4.1",
 "hyper-rustls 0.27.3",
 "hyper-util",
 "mpl-token-metadata",
 "prost",
 "prost-types",
 "public-ip",
@ -2879,6 +2880,19 @@ version = "1.12.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c9be0862c1b3f26a88803c4a49de6889c10e608b3ee9344e6ef5b45fb37ad3d1"
 [[package]]
 name = "mpl-token-metadata"
 version = "5.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "989e6a3000e761d3b2d685662a3a9ee99826f9369fb033bd1bc7011b1cf02ed9"
 dependencies = [
 "borsh 0.10.4",
 "num-derive 0.3.3",
 "num-traits",
 "solana-program",
 "thiserror",
 ]
 [[package]]
 name = "multimap"
 version = "0.10.0"
@ -2968,6 +2982,17 @@ version = "0.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9"
 [[package]]
 name = "num-derive"
 version = "0.3.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "876a53fff98e03a936a674b29568b0e605f06b29372c2489ff4de23f1949743d"
 dependencies = [
 "proc-macro2",
 "quote",
 "syn 1.0.109",
 ]
 [[package]]
 name = "num-derive"
 version = "0.4.2"
@ -4471,7 +4496,7 @@ dependencies = [
 "log",
 "memoffset",
 "num-bigint 0.4.6",
- "num-derive",
+ "num-derive 0.4.2",
 "num-traits",
 "parking_lot",
 "rand 0.8.5",
@ -4500,7 +4525,7 @@ dependencies = [
 "itertools 0.12.1",
 "libc",
 "log",
- "num-derive",
+ "num-derive 0.4.2",
 "num-traits",
 "percentage",
 "rand 0.8.5",
@ -4586,7 +4611,7 @@ dependencies = [
 "console",
 "dialoguer",
 "log",
- "num-derive",
+ "num-derive 0.4.2",
 "num-traits",
 "parking_lot",
 "qstring",
@ -4906,7 +4931,7 @@ checksum = "cfd8e539a9963c2914ff8426dfe92351a902892aea465cd507e36d638ca0b7d6"
 dependencies = [
 "bincode",
 "log",
- "num-derive",
+ "num-derive 0.4.2",
 "num-traits",
 "rustc_version",
 "serde",
@ -4933,7 +4958,7 @@ dependencies = [
 "itertools 0.12.1",
 "lazy_static",
 "merlin",
- "num-derive",
+ "num-derive 0.4.2",
 "num-traits",
 "rand 0.7.3",
 "serde",
@ -4963,7 +4988,7 @@ dependencies = [
 "itertools 0.12.1",
 "lazy_static",
 "merlin",
- "num-derive",
+ "num-derive 0.4.2",
 "num-traits",
 "rand 0.7.3",
 "serde",
@ -5017,7 +5042,7 @@ checksum = "68034596cf4804880d265f834af1ff2f821ad5293e41fa0f8f59086c181fc38e"
 dependencies = [
 "assert_matches",
 "borsh 1.5.1",
- "num-derive",
+ "num-derive 0.4.2",
 "num-traits",
 "solana-program",
 "spl-token",
@ -5032,7 +5057,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "714b53f7312c2802c62f14bc8a07916c2c872761e3d6be97e99fd432be7799ca"
 dependencies = [
 "borsh 1.5.1",
- "num-derive",
+ "num-derive 0.4.2",
 "num-traits",
 "solana-program",
 "spl-associated-token-account-client",
@ -5128,7 +5153,7 @@ version = "0.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d7b28bed65356558133751cc32b48a7a5ddfc59ac4e941314630bbed1ac10532"
 dependencies = [
- "num-derive",
+ "num-derive 0.4.2",
 "num-traits",
 "solana-program",
 "spl-program-error-derive",
@ -5183,7 +5208,7 @@ checksum = "70a0f06ac7f23dc0984931b1fe309468f14ea58e32660439c1cef19456f5d0e3"
 dependencies = [
 "arrayref",
 "bytemuck",
- "num-derive",
+ "num-derive 0.4.2",
 "num-traits",
 "num_enum",
 "solana-program",
@ -5198,7 +5223,7 @@ checksum = "d9c10f3483e48679619c76598d4e4aebb955bc49b0a5cc63323afbf44135c9bf"
 dependencies = [
 "arrayref",
 "bytemuck",
- "num-derive",
+ "num-derive 0.4.2",
 "num-traits",
 "num_enum",
 "solana-program",
@ -5222,7 +5247,7 @@ checksum = "c0b788a8c34a917b68b4ed2cdec255d03cc09ccba21545dac39c08a97fce640f"
 dependencies = [
 "arrayref",
 "bytemuck",
- "num-derive",
+ "num-derive 0.4.2",
 "num-traits",
 "num_enum",
 "solana-program",
--- a/Cargo.toml
+++ b/Cargo.toml
@ -22,6 +22,7 @@ solana-program = "2.0"
 solana-sdk = "2.0"
 spl-associated-token-account = "5.0"
 spl-token = "6.0"
 mpl-token-metadata = "5.0"
 tokio = { version = "1.40", features = ["macros", "rt-multi-thread", "fs"] } # this can be "full"
 tokio-stream = { version = "0.1", features = ["sync"] }
 # sgx poc dependencies
@ -32,7 +33,7 @@ tower-http = { version = "0.6", features = ["full"] }
 hyper = "1.4"
 hyper-util = "0.1"
 hyper-rustls = { version = "0.27", features = ["http2"] }
-detee-sgx = { git = "https://gitea.detee.cloud/general/detee-sgx", features = ["tonic", "occlum", "sealing"] }
+detee-sgx = { git = "https://gitea.detee.cloud/general/detee-sgx", branch = "dthc", features = ["tonic", "occlum", "sealing"] }
 [build-dependencies]
 tonic-build = "0.12"
--- a/227
+++ b/227
@ -0,0 +1,227 @@
                    GNU GENERAL PUBLIC LICENSE
                       Version 2, June 1991
 Copyright (C) 2025, DeTEE, Ltd. https://detee.ltd/
 Everyone is permitted to copy and distribute verbatim copies
 of this license document, but changing it is not allowed.
 Contact the author at https://detee.ltd/#contacts
   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
  0. This License applies to any program or other work which contains
 a notice placed by the copyright holder saying it may be distributed
 under the terms of this General Public License.  The "Program", below,
 refers to any such program or work, and a "work based on the Program"
 means either the Program or any derivative work under copyright law:
 that is to say, a work containing the Program or a portion of it,
 either verbatim or with modifications and/or translated into another
 language.  (Hereinafter, translation is included without limitation in
 the term "modification".)  Each licensee is addressed as "you".
 Activities other than copying, distribution and modification are not
 covered by this License; they are outside its scope.  The act of
 running the Program is not restricted, and the output from the Program
 is covered only if its contents constitute a work based on the
 Program (independent of having been made by running the Program).
 Whether that is true depends on what the Program does.
  1. You may copy and distribute verbatim copies of the Program's
 source code as you receive it, in any medium, provided that you
 conspicuously and appropriately publish on each copy an appropriate
 copyright notice and disclaimer of warranty; keep intact all the
 notices that refer to this License and to the absence of any warranty;
 and give any other recipients of the Program a copy of this License
 along with the Program.
 You may charge a fee for the physical act of transferring a copy, and
 you may at your option offer warranty protection in exchange for a fee.
  2. You may modify your copy or copies of the Program or any portion
 of it, thus forming a work based on the Program, and copy and
 distribute such modifications or work under the terms of Section 1
 above, provided that you also meet all of these conditions:
    a) You must cause the modified files to carry prominent notices
    stating that you changed the files and the date of any change.
    b) You must cause any work that you distribute or publish, that in
    whole or in part contains or is derived from the Program or any
    part thereof, to be licensed as a whole at no charge to all third
    parties under the terms of this License.
    c) If the modified program normally reads commands interactively
    when run, you must cause it, when started running for such
    interactive use in the most ordinary way, to print or display an
    announcement including an appropriate copyright notice and a
    notice that there is no warranty (or else, saying that you provide
    a warranty) and that users may redistribute the program under
    these conditions, and telling the user how to view a copy of this
    License.  (Exception: if the Program itself is interactive but
    does not normally print such an announcement, your work based on
    the Program is not required to print an announcement.)
 These requirements apply to the modified work as a whole.  If
 identifiable sections of that work are not derived from the Program,
 and can be reasonably considered independent and separate works in
 themselves, then this License, and its terms, do not apply to those
 sections when you distribute them as separate works.  But when you
 distribute the same sections as part of a whole which is a work based
 on the Program, the distribution of the whole must be on the terms of
 this License, whose permissions for other licensees extend to the
 entire whole, and thus to each and every part regardless of who wrote it.
 Thus, it is not the intent of this section to claim rights or contest
 your rights to work written entirely by you; rather, the intent is to
 exercise the right to control the distribution of derivative or
 collective works based on the Program.
 In addition, mere aggregation of another work not based on the Program
 with the Program (or with a work based on the Program) on a volume of
 a storage or distribution medium does not bring the other work under
 the scope of this License.
  3. You may copy and distribute the Program (or a work based on it,
 under Section 2) in object code or executable form under the terms of
 Sections 1 and 2 above provided that you also do one of the following:
    a) Accompany it with the complete corresponding machine-readable
    source code, which must be distributed under the terms of Sections
    1 and 2 above on a medium customarily used for software interchange; or,
    b) Accompany it with a written offer, valid for at least three
    years, to give any third party, for a charge no more than your
    cost of physically performing source distribution, a complete
    machine-readable copy of the corresponding source code, to be
    distributed under the terms of Sections 1 and 2 above on a medium
    customarily used for software interchange; or,
    c) Accompany it with the information you received as to the offer
    to distribute corresponding source code.  (This alternative is
    allowed only for noncommercial distribution and only if you
    received the program in object code or executable form with such
    an offer, in accord with Subsection b above.)
 The source code for a work means the preferred form of the work for
 making modifications to it.  For an executable work, complete source
 code means all the source code for all modules it contains, plus any
 associated interface definition files, plus the scripts used to
 control compilation and installation of the executable.  However, as a
 special exception, the source code distributed need not include
 anything that is normally distributed (in either source or binary
 form) with the major components (compiler, kernel, and so on) of the
 operating system on which the executable runs, unless that component
 itself accompanies the executable.
 If distribution of executable or object code is made by offering
 access to copy from a designated place, then offering equivalent
 access to copy the source code from the same place counts as
 distribution of the source code, even though third parties are not
 compelled to copy the source along with the object code.
  4. You may not copy, modify, sublicense, or distribute the Program
 except as expressly provided under this License.  Any attempt
 otherwise to copy, modify, sublicense or distribute the Program is
 void, and will automatically terminate your rights under this License.
 However, parties who have received copies, or rights, from you under
 this License will not have their licenses terminated so long as such
 parties remain in full compliance.
  5. You are not required to accept this License, since you have not
 signed it.  However, nothing else grants you permission to modify or
 distribute the Program or its derivative works.  These actions are
 prohibited by law if you do not accept this License.  Therefore, by
 modifying or distributing the Program (or any work based on the
 Program), you indicate your acceptance of this License to do so, and
 all its terms and conditions for copying, distributing or modifying
 the Program or works based on it.
  6. Each time you redistribute the Program (or any work based on the
 Program), the recipient automatically receives a license from the
 original licensor to copy, distribute or modify the Program subject to
 these terms and conditions.  You may not impose any further
 restrictions on the recipients' exercise of the rights granted herein.
 You are not responsible for enforcing compliance by third parties to
 this License.
  7. If, as a consequence of a court judgment or allegation of patent
 infringement or for any other reason (not limited to patent issues),
 conditions are imposed on you (whether by court order, agreement or
 otherwise) that contradict the conditions of this License, they do not
 excuse you from the conditions of this License.  If you cannot
 distribute so as to satisfy simultaneously your obligations under this
 License and any other pertinent obligations, then as a consequence you
 may not distribute the Program at all.  For example, if a patent
 license would not permit royalty-free redistribution of the Program by
 all those who receive copies directly or indirectly through you, then
 the only way you could satisfy both it and this License would be to
 refrain entirely from distribution of the Program.
 If any portion of this section is held invalid or unenforceable under
 any particular circumstance, the balance of the section is intended to
 apply and the section as a whole is intended to apply in other
 circumstances.
 It is not the purpose of this section to induce you to infringe any
 patents or other property right claims or to contest validity of any
 such claims; this section has the sole purpose of protecting the
 integrity of the free software distribution system, which is
 implemented by public license practices.  Many people have made
 generous contributions to the wide range of software distributed
 through that system in reliance on consistent application of that
 system; it is up to the author/donor to decide if he or she is willing
 to distribute software through any other system and a licensee cannot
 impose that choice.
 This section is intended to make thoroughly clear what is believed to
 be a consequence of the rest of this License.
  8. If the distribution and/or use of the Program is restricted in
 certain countries either by patents or by copyrighted interfaces, the
 original copyright holder who places the Program under this License
 may add an explicit geographical distribution limitation excluding
 those countries, so that distribution is permitted only in or among
 countries not thus excluded.  In such case, this License incorporates
 the limitation as if written in the body of this License.
  9. The Free Software Foundation may publish revised and/or new versions
 of the General Public License from time to time.  Such new versions will
 be similar in spirit to the present version, but may differ in detail to
 address new problems or concerns.
 Each version is given a distinguishing version number.  If the Program
 specifies a version number of this License which applies to it and "any
 later version", you have the option of following the terms and conditions
 either of that version or of any later version published by the Free
 Software Foundation.  If the Program does not specify a version number of
 this License, you may choose any version ever published by the Free Software
 Foundation.
  10. If you wish to incorporate parts of the Program into other free
 programs whose distribution conditions are different, write to the author
 to ask for permission.  For software which is copyrighted by the Free
 Software Foundation, write to the Free Software Foundation; we sometimes
 make exceptions for this.  Our decision will be guided by the two goals
 of preserving the free status of all derivatives of our free software and
 of promoting the sharing and reuse of software generally.
                            NO WARRANTY
  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
 FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
 OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
 PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
 OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
 MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
 TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
 PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
 REPAIR OR CORRECTION.
  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
 WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
 REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
 INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
 OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
 TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
 YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
 PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
 POSSIBILITY OF SUCH DAMAGES.
--- a/README.md
+++ b/README.md
@ -1,5 +1,24 @@
 # Welcome to the HACKER CHALLENGE
 > [!WARNING]
 > 
 > Hacker challenge is licensed under [GPLv2](./LICENSE).\
 > To participate in the Hacker Challenge, you must agree with following:
 > 
 > - I acknowledge that I will not be able to recover any cryptocurrencies that I
 >   send to the Hacker Challenge wallet, and I am relinquishing ownership rights
 >   to any cryptocurrencies sent to the Hacker Challenge wallet.
 > - I acknowledge that the tokens minted by the Hacker Challenge have no inherent
 >   value, and that these tokens have the sole purpose of testing the security of
 >   the challenge.
 > - I have read the [EULA](https://detee.ltd/hacker-challenge-eula) and I accept
 >   all terms.
 #### Join our Discord if you have questions:
 [![Discord](https://img.shields.io/discord/1315810972476379166?color=%235865F2&label=discord&style=for-the-badge)](https://discord.gg/bbWJxftNWy)
 ## Building and packaging the challenge
 The host can be without SGX support.
@ -8,7 +27,10 @@ Do the following steps to build the challenge:
 ```bash
 # Notice that there is no SGX device mounted, run inside rewrite directory
-docker run --rm --name packager -it -v .:/root/rewrite occlum/occlum:latest-ubuntu20.04
+docker run --rm --name packager -it -v .:/root/rewrite detee/occlum:0.30.1-ubuntu20.04
 # If you are running the packager on Mac, don't forget to set the VMM to QEMU (Legacy),
 # and run the following command once you are inside the container
 ln -s /usr/local/occlum/bin/x86_64-linux-musl-ar /usr/local/occlum/bin/musl-ar
 # Inside the docker container run package.sh and follow its instructions
 cd /root/rewrite && ./scripts/package.sh --prep
 exit # Feel free to exit the container
--- a/docker/challenge.Dockerfile
+++ b/docker/challenge.Dockerfile
@ -1,4 +1,4 @@
-FROM occlum/occlum:latest-ubuntu20.04 AS build
+FROM detee/occlum:0.30.1-ubuntu20.04 AS build
 WORKDIR /
 RUN mkdir sgx_libs &&\
--- a/scripts/package.sh
+++ b/scripts/package.sh
@ -9,15 +9,10 @@ prerequisites=$1
 if [ "$prerequisites" == "--prep" ]; then
    echo "Preparing the packager environment"
    apt update && apt install -y openssh-client
-    rustup install 1.83.0
+    rustup install 1.84.0
    rustup install stable-x86_64-unknown-linux-gnu
    rustup default stable
    rustup target add x86_64-unknown-linux-musl
    echo "Building the occlum fork"
    [ -d occlum ] || git clone https://gitea.detee.cloud/general/occlum.git
    (cd occlum && make submodule)
    (cd occlum/tools/toolchains/utils_lib && ./build.sh)
 fi
 if [ -n "$TEST" ]; then
--- a/scripts/testnet.sh
+++ b/scripts/testnet.sh
@ -47,12 +47,11 @@ address=$(docker logs dthc0 | grep 'SOL' | awk '{ print $NF }')
 "${script_dir}"/mint_sol "${address}"
 while true; do
    echo -n "." && sleep 1
-    docker logs dthc0 | grep -q "Mint created" && echo && break
+    docker logs dthc0 | grep -q "Heartbeat..." && echo && break
 done
 echo "Creating a cluster with ${num_nodes} nodes"
 for n in $(seq 1 $num_nodes); do
    #init_nodes=$(docker inspect dthc0 --format '{{ .NetworkSettings.Networks.dthc.IPAddress }}')
    node_ip="172.18.0.$((2 + n))"
    node_port=$((31300 + n))
    node_volume="/tmp/dthc${n}"
@ -69,15 +68,13 @@ for n in $(seq 1 $num_nodes); do
               detee/hacker-challenge:test
 done
 echo "Initialing test.."
 sleep 4;
 echo "Running the test mint"
 for n in {1..20}; do
    node_port=$((31300 + n))
-    curl -X POST "127.0.0.1:${node_port}/mint" \
+    curl -X POST "127.0.0.1:${node_port}/mint?address=EZT16iP1SQVUFf1AJN6oiE5BZPnyBUqaKDkZ4oZRsvhR" --connect-timeout 5 2> /dev/null
         --json '{"wallet": "EZT16iP1SQVUFf1AJN6oiE5BZPnyBUqaKDkZ4oZRsvhR"}' \
         --connect-timeout 5 2> /dev/null
    echo ""
 done
 # curl 127.0.0.1:31303/metrics
 # curl -X POST 127.0.0.1:31303/mint -d '{"wallet": "EZT16iP1SQVUFf1AJN6oiE5BZPnyBUqaKDkZ4oZRsvhR"}' -H 'Content-Type: application/json'
 # docker run --name dthc0 --network dthc -d --ip 172.18.0.2 --env NODE_IP="172.18.0.2" --env INIT_NODES="172.18.0.5 172.18.0.3 172.18.0.4" --volume /tmp/dthc0:/challenge/main --publish 31300:31372 --device /dev/sgx/provision --device /dev/sgx/enclave detee/hacker-challenge:test
--- a/src/datastore.rs
+++ b/src/datastore.rs
@ -1,8 +1,11 @@
 use crate::persistence::{SealError, SealedFile};
 use serde::{Deserialize, Serialize};
 use serde_with::{serde_as, TimestampSeconds};
-use std::collections::{HashMap, HashSet};
+use std::{
-use std::time::{Duration, SystemTime, UNIX_EPOCH};
+    collections::{HashMap, HashSet},
    sync::atomic::{AtomicBool, Ordering},
    time::{Duration, SystemTime, UNIX_EPOCH},
 };
 use tokio::sync::RwLock;
 type IP = String;
@ -94,14 +97,22 @@ pub struct State {
    my_ip: String,
    nodes: RwLock<HashMap<IP, NodeInfo>>,
    conns: RwLock<HashSet<IP>>,
    timeout: u64,
    is_minting: AtomicBool,
 }
 impl State {
-    pub fn new(my_ip: String) -> Self {
+    pub fn new(my_ip: String, timeout: u64) -> Self {
        let mut nodes = HashMap::new();
        let my_info = NodeInfo::load();
        nodes.insert(my_ip.clone(), my_info);
-        Self { my_ip, nodes: RwLock::new(nodes), conns: RwLock::new(HashSet::new()) }
+        Self {
            my_ip,
            timeout,
            nodes: RwLock::new(nodes),
            conns: RwLock::new(HashSet::new()),
            is_minting: AtomicBool::new(false),
        }
    }
    pub async fn add_conn(&self, ip: &str) {
@ -198,6 +209,18 @@ impl State {
        self.my_ip.clone()
    }
    pub fn get_timeout(&self) -> Duration {
        Duration::from_secs(self.timeout)
    }
    pub fn is_minting(&self) -> bool {
        self.is_minting.compare_exchange(false, true, Ordering::SeqCst, Ordering::SeqCst).is_err()
    }
    pub fn release_minting(&self) {
        self.is_minting.store(false, Ordering::SeqCst);
    }
    pub async fn get_my_info(&self) -> NodeInfo {
        let nodes = self.nodes.read().await;
        nodes.get(&self.my_ip).cloned().unwrap_or(NodeInfo::new_empty())
@ -205,7 +228,7 @@ impl State {
    pub async fn get_connected_ips(&self) -> Vec<String> {
        let conns = self.conns.read().await;
-        conns.iter().map(|n| n.clone()).collect()
+        conns.iter().cloned().collect()
    }
    // returns a random node that does not have an active connection
@ -226,15 +249,22 @@ impl State {
            .nth(skip)
    }
    pub async fn update_keepalive(&self) {
        let mut nodes = self.nodes.write().await;
        if let Some(my_info) = nodes.get_mut(&self.my_ip) {
            let mut updated_info = my_info.clone();
            updated_info.keepalive = SystemTime::now();
            let _ = nodes.insert(self.my_ip.clone(), updated_info);
        }
    }
    /// This returns true if the update should be further forwarded
    /// For example, we never forward our own updates that came back
    pub async fn process_node_update(&self, (node_ip, node_info): (String, NodeInfo)) -> bool {
        let is_update_mine = node_ip.eq(&self.my_ip);
        let mut nodes = self.nodes.write().await;
-        let is_update_new = nodes
+        let is_update_new =
-            .get(&node_ip)
+            nodes.get(&node_ip).map(|curr_info| node_info.is_newer_than(curr_info)).unwrap_or(true);
            .map(|curr_info| node_info.is_newer_than(&curr_info))
            .unwrap_or(true);
        if is_update_new {
            println!("Inserting: {}, {}", node_ip, node_info.to_json());
            let _ = nodes.insert(node_ip, node_info);
@ -242,13 +272,15 @@ impl State {
        is_update_new && !is_update_mine
    }
-    pub async fn remove_inactive_nodes(&self, max_age: u64) {
+    pub async fn remove_inactive_nodes(&self) {
        let mut nodes = self.nodes.write().await;
        // TODO: Check if it is possible to corrupt SGX system time
        // TODO: Double check if we need to cleanup nodes
        let now = SystemTime::now();
        let max_age = self.timeout;
        nodes.retain(|_, n| {
            let age = now.duration_since(n.keepalive).unwrap_or(Duration::ZERO).as_secs();
-            age <= max_age
+            age < max_age
        });
    }
 }
--- a/src/grpc/client.rs
+++ b/src/grpc/client.rs
@ -104,19 +104,26 @@ impl ConnManager {
                }
            });
-        let response = client.get_updates(rx_stream).await;
+        let to_stream = match client.get_updates(rx_stream).await {
-        if let Err(e) = response {
+            Ok(response) => {
                let stream = response.into_inner();
                stream.timeout(self.state.get_timeout())
            }
            Err(e) => {
                println!("Error connecting to {remote_ip}: {e}");
                if e.to_string().contains("QuoteVerifyError") {
                    self.state.increase_net_attacks().await;
                }
                return Err(e.into());
            }
-        let mut resp_stream = response.unwrap().into_inner();
+        };
-        // Immediately send our info as a network update
+        // TODO: Check if immediately sending our info as a network update to everybody works
-        let _ = self.tx.send((self.state.get_my_ip().await, self.state.get_my_info().await).into());
+        //let _ = self.tx.send((self.state.get_my_ip().await, self.state.get_my_info().await).into());
-        while let Some(update) = resp_stream.message().await? {
+
        tokio::pin!(to_stream);
        let mut updates = to_stream.take_while(Result::is_ok);
        while let Some(Ok(Ok(update))) = updates.next().await {
            // Update the entire network in case the information is new
            if self.state.process_node_update(update.clone().into()).await {
                // If process update returns true, the update must be forwarded
@ -126,7 +133,7 @@ impl ConnManager {
            }
        }
-        Ok(())
+        Err(std::io::Error::new(std::io::ErrorKind::Other, "Updates interrupted").into())
    }
 }
--- a/src/grpc/server.rs
+++ b/src/grpc/server.rs
@ -6,7 +6,7 @@ use crate::{datastore::State, grpc::challenge::update_server::Update};
 use detee_sgx::RaTlsConfig;
 use rustls::pki_types::CertificateDer;
 use std::{pin::Pin, sync::Arc};
-use tokio::sync::broadcast::Sender;
+use tokio::{sync::broadcast::Sender, time::interval};
 use tokio_stream::{Stream, StreamExt};
 use tonic::{Request, Response, Status, Streaming};
@ -75,6 +75,7 @@ impl NodeServer {
            let tls_acceptor = tls_acceptor.clone();
            let svc = svc.clone();
            state.declare_myself_public().await;
            let state = state.clone();
            tokio::spawn(async move {
                let mut certificates = Vec::new();
@ -91,7 +92,10 @@ impl NodeServer {
                let conn = if let Err(e) = conn {
                    println!("Error accepting TLS connection: {e}");
-                    if e.to_string().contains("HandshakeFailure") {
+                    let attack_error_messages = ["handshake", "certificate", "quote"];
                    let err_str = e.to_string().to_lowercase();
                    if attack_error_messages.iter().any(|att_er_str| err_str.contains(att_er_str)) {
                        state.increase_net_attacks().await;
                    }
                    return;
@ -106,6 +110,8 @@ impl NodeServer {
                    }));
                let svc = ServiceBuilder::new().layer(extension_layer).service(svc);
                let ip = addr.ip().to_string();
                state.add_conn(&ip).await;
                if let Err(e) = http
                    .serve_connection(
                        TokioIo::new(conn),
@ -117,6 +123,7 @@ impl NodeServer {
                {
                    println!("Error serving connection: {}", e);
                }
                state.delete_conn(&ip).await;
            });
        }
    }
@ -131,12 +138,12 @@ struct ConnInfo {
 #[tonic::async_trait]
 impl Update for NodeServer {
    type GetUpdatesStream = Pin<Box<dyn Stream<Item = Result<NodeUpdate, Status>> + Send>>;
    async fn get_keys(&self, _request: Request<Empty>) -> Result<Response<Keys>, Status> {
        Ok(Response::new(self.keys.clone()))
    }
    type GetUpdatesStream = Pin<Box<dyn Stream<Item = Result<NodeUpdate, Status>> + Send>>;
    async fn get_updates(
        &self,
        req: Request<Streaming<NodeUpdate>>,
@ -151,18 +158,18 @@ impl Update for NodeServer {
        let my_ip = self.state.get_my_ip().await;
        let stream = async_stream::stream! {
            state.declare_myself_public().await;
            state.add_conn(&remote_ip).await;
            let known_nodes: Vec<NodeUpdate> = state.get_nodes().await.into_iter().map(Into::into).collect();
            for update in known_nodes {
                yield Ok(update);
            }
-            let error_status: Status;
+            let error_status: Status; // Gets initialized inside loop
            let mut timeout = interval(state.get_timeout());
            timeout.tick().await;
            loop {
                tokio::select! {
                    Some(msg) = inbound.next() => {
                        timeout.reset();
                        match msg {
                            Ok(update) => {
                                if update.ip == remote_ip {
@ -174,7 +181,7 @@ impl Update for NodeServer {
                                }
                                if state.process_node_update(update.clone().into()).await {
-                                    // if process update returns true, the update must be forwarded
+                                    // If process update returns true, the update must be forwarded
                                    if tx.send((remote_ip.clone(), update).into()).is_err() {
                                        println!("Tokio broadcast receivers had an issue consuming the channel");
                                    };
@ -188,18 +195,22 @@ impl Update for NodeServer {
                    }
                    Ok(update) = rx.recv() => {
                        if update.sender_ip != remote_ip {
-                            // don't bounce back the update we just received
+                            // Don't bounce back the update we just received
                            yield Ok(update.update);
                        }
-                        // disconnect client if too many connections are active
+                        // TODO: check if disconnect client if too many connections are active
                        // Its tested and working
                        if tx.receiver_count() > 9 {
                            error_status = Status::internal("Already have too many clients. Connect to another server.");
                            break;
                        }
                    }
                    _ = timeout.tick() => {
                        error_status = Status::internal(format!("Disconnecting after {}s timeout", state.get_timeout().as_secs()));
                        break;
                    }
                }
            }
            state.delete_conn(&remote_ip).await;
            yield Err(error_status);
        };
--- a/src/http_server.rs
+++ b/src/http_server.rs
@ -2,6 +2,7 @@ use crate::{datastore, datastore::State, solana::SolClient};
 use actix_web::{get, post, web, App, HttpResponse, HttpServer, Responder};
 use chrono::{DateTime, Utc};
 use serde::{Deserialize, Serialize};
 use serde_json::json;
 use std::sync::Arc;
 const HOMEPAGE: &str = include_str!("HOMEPAGE.md");
@ -55,26 +56,31 @@ async fn get_nodes(state: web::Data<Arc<State>>) -> HttpResponse {
 #[derive(Deserialize)]
 struct MintReq {
-    wallet: String,
+    address: String,
 }
 #[post("/mint")]
 async fn mint(
    state: web::Data<Arc<State>>,
    sol_client: web::Data<Arc<SolClient>>,
-    req: web::Json<MintReq>,
+    req: web::Query<MintReq>,
 ) -> impl Responder {
-    let recipient = req.into_inner().wallet;
+    let recipient = req.into_inner().address;
    state.increase_mint_requests().await;
    let result =
        web::block(move || sol_client.mint(&recipient).map_err(|e| e.to_string())).await.unwrap(); // TODO: check if this can get a BlockingError
-    match result {
+    if state.is_minting() {
        return HttpResponse::TooManyRequests().json(json!({ "error": "already mint processing" }));
    }
    let mint_res = sol_client.mint(&recipient).await;
    state.release_minting();
    match mint_res {
        Ok(s) => {
            state.increase_mints().await;
-            HttpResponse::Ok().body(format!(r#"{{" signature": "{s} "}}"#))
+            HttpResponse::Ok().json(json!({"signature": s}))
        }
-        Err(e) => HttpResponse::InternalServerError().body(format!(r#"{{ "error": "{e}" }}"#)),
+        Err(e) => HttpResponse::InternalServerError().json(json!({ "error": e.to_string() })),
    }
 }
--- a/src/main.rs
+++ b/src/main.rs
@ -51,10 +51,14 @@ pub async fn heartbeat(
    loop {
        interval.tick().await;
        println!("Heartbeat...");
-        state.remove_inactive_nodes(HEARTBEAT_INTERVAL * 3).await;
+        state.update_keepalive().await;
        state.remove_inactive_nodes().await;
        let connected_ips = state.get_connected_ips().await;
-        println!("Connected nodes ({}): {:?}", connected_ips.len(), connected_ips);
+        let my_ip = state.get_my_ip().await;
-        let _ = tx.send((state.get_my_ip().await, state.get_my_info().await).into());
+        println!("Connected nodes ({}): \"{}\" -> {:?}", connected_ips.len(), my_ip, connected_ips);
        let my_node_info = state.get_my_info().await;
        my_node_info.save();
        let _ = tx.send((state.get_my_ip().await, my_node_info).into());
        if connected_ips.len() < NUM_CONNECTIONS {
            if let Some(node_ip) = state.get_random_disconnected_ip().await {
                println!("Dialing random node {}", node_ip);
@ -127,7 +131,7 @@ async fn main() {
    let my_ip = resolve_my_ipv4().await; // Guaranteed to be correct IPv4
    println!("Starting on IP {}", my_ip);
-    let state = Arc::new(State::new(my_ip.clone()));
+    let state = Arc::new(State::new(my_ip.clone(), HEARTBEAT_INTERVAL * 3));
    let sol_client = Arc::new(init_token(state.clone(), ra_cfg.clone()).await);
    let mut tasks = JoinSet::new();
--- a/src/solana.rs
+++ b/src/solana.rs
@ -1,6 +1,11 @@
 #![allow(dead_code)]
 use crate::{grpc::challenge::Keys, persistence::KeysFile};
-use solana_client::rpc_client::RpcClient;
+use mpl_token_metadata::{
    instructions::{CreateMetadataAccountV3, CreateMetadataAccountV3InstructionArgs},
    types::DataV2,
    ID as mpl_token_metadata_id,
 };
 use solana_client::nonblocking::rpc_client::RpcClient;
 use solana_program::program_pack::Pack;
 use solana_sdk::{
    pubkey::Pubkey, signature::keypair::Keypair, signer::Signer, system_instruction,
@ -28,7 +33,7 @@ pub struct SolClient {
 impl SolClient {
    pub async fn create_new_token() -> Self {
-        let client = RpcClient::new(RPC_URL);
+        let client = RpcClient::new(RPC_URL.to_string());
        let keypair = Keypair::new();
        let token = create_token(&client, &keypair).await;
        Self { client, keypair, token }
@ -42,10 +47,11 @@ impl SolClient {
        self.get_keys().into()
    }
-    pub fn mint(&self, recipient: &str) -> Result<String, Box<dyn std::error::Error>> {
+    pub async fn mint(&self, recipient: &str) -> Result<String, Box<dyn std::error::Error>> {
        // TODO: add the priority fee for the case when the solana network is congested
        use std::str::FromStr;
        let recipient = solana_sdk::pubkey::Pubkey::from_str(recipient)?;
-        let associated_token_address = self.create_token_account(&recipient)?;
+        let associated_token_address = self.create_token_account(&recipient).await?;
        let mint_to_instruction = mint_to(
            &spl_token::id(),
            &self.token,
@ -59,32 +65,32 @@ impl SolClient {
            &[mint_to_instruction],
            Some(&self.keypair.pubkey()),
            &[&self.keypair],
-            self.client.get_latest_blockhash()?,
+            self.client.get_latest_blockhash().await?,
        );
-        let signature = self.client.send_and_confirm_transaction(&transaction)?;
+        let signature = self.client.send_and_confirm_transaction(&transaction).await?;
        Ok(signature.to_string())
    }
-    fn create_token_account(
+    async fn create_token_account(
        &self,
        recipient: &Pubkey,
    ) -> Result<Pubkey, Box<dyn std::error::Error>> {
        let address = get_associated_token_address(recipient, &self.token);
-        if self.client.get_account(&address).is_err() {
+        if self.client.get_account(&address).await.is_err() {
            let create_token_account_instruction = create_associated_token_account(
                &self.keypair.pubkey(),
                recipient,
                &self.token,
                &spl_token::id(),
            );
-            let recent_blockhash = self.client.get_latest_blockhash()?;
+            let recent_blockhash = self.client.get_latest_blockhash().await?;
            let tx = Transaction::new_signed_with_payer(
                &[create_token_account_instruction],
                Some(&self.keypair.pubkey()),
                &[&self.keypair],
                recent_blockhash,
            );
-            self.client.send_and_confirm_transaction(&tx)?;
+            self.client.send_and_confirm_transaction(&tx).await?;
        }
        Ok(address)
    }
@ -114,7 +120,7 @@ impl TryFrom<Keys> for SolClient {
        };
        let token = Pubkey::from_str(&keys.token_address)
            .map_err(|_| "Could not parse wallet address.".to_string())?;
-        Ok(Self { client: RpcClient::new(RPC_URL), keypair, token })
+        Ok(Self { client: RpcClient::new(RPC_URL.to_string()), keypair, token })
    }
 }
@ -127,31 +133,56 @@ impl TryFrom<KeysFile> for SolClient {
    }
 }
-async fn wait_for_sol(client: &RpcClient, pubkey: &Pubkey) {
+async fn create_token(client: &RpcClient, payer_keypair: &Keypair) -> Pubkey {
-    println!("Waiting to receive 0.01 SOL in address {pubkey}");
+    // #1 top up the payer
-    loop {
+    println!("Waiting for at least 0.01 SOL in address {}", payer_keypair.pubkey());
    while !has_enough_lamports(client, &payer_keypair.pubkey(), 10_000_000).await {
        sleep(Duration::from_secs(30)).await;
-        match client.get_balance(pubkey) {
+    }
    // #2 create token mint
    println!("Creating Token Mint");
    let mut mint_pubkey = None;
    while mint_pubkey.is_none() {
        sleep(Duration::from_secs(30)).await;
        mint_pubkey = create_mint(client, payer_keypair).await;
    }
    let mint_pubkey = mint_pubkey.unwrap();
    println!("Token Mint created: {mint_pubkey}");
    // #3 create token meta
    println!("Creating Token Metadata");
    while !create_meta(client, payer_keypair, &mint_pubkey).await {
        sleep(Duration::from_secs(30)).await;
    }
    println!("Token Metadata created");
    mint_pubkey
 }
 async fn has_enough_lamports(client: &RpcClient, pubkey: &Pubkey, threshold: u64) -> bool {
    match client.get_balance(pubkey).await {
        Ok(balance) => {
-                println!("Got {balance} lamports.");
+            println!("{pubkey} needs {threshold} and has {balance}");
-                if balance > 10_000_000 {
+            balance >= threshold
                    return;
        }
-            }
+        Err(e) => {
-            Err(e) => println!("Could not get balance: {e:?}"),
+            println!("Could not get balance: {e:?}");
            false
        }
    }
 }
-async fn create_token(client: &RpcClient, keypair: &Keypair) -> Pubkey {
+async fn create_mint(client: &RpcClient, payer_keypair: &Keypair) -> Option<Pubkey> {
    wait_for_sol(client, &keypair.pubkey()).await;
    let mint_keypair = Keypair::new();
-    let payer = Keypair::from_base58_string(&keypair.to_base58_string());
+    let mint_rent = client
-    let mint_rent = client.get_minimum_balance_for_rent_exemption(Mint::LEN).unwrap();
+        .get_minimum_balance_for_rent_exemption(Mint::LEN)
        .await
        .map_err(|e| println!("Can't get minimum balance for rent exemption: {e}"))
        .ok()?;
    let create_mint_account_ix = system_instruction::create_account(
-        &payer.pubkey(),
+        &payer_keypair.pubkey(),
        &mint_keypair.pubkey(),
        mint_rent,
        Mint::LEN as u64,
@ -159,21 +190,91 @@ async fn create_token(client: &RpcClient, keypair: &Keypair) -> Pubkey {
    );
    let init_mint_ix =
-        initialize_mint(&spl_token::id(), &mint_keypair.pubkey(), &payer.pubkey(), None, 9)
+        initialize_mint(&spl_token::id(), &mint_keypair.pubkey(), &payer_keypair.pubkey(), None, 9)
-            .unwrap();
+            .map_err(|e| println!("Can't initialize mint: {e}"))
            .ok()?;
    let recent_blockhash = client
        .get_latest_blockhash()
        .await
        .map_err(|e| println!("Can't get latest blockhash: {e}"))
        .ok()?;
    let recent_blockhash = client.get_latest_blockhash().unwrap();
    let tx = Transaction::new_signed_with_payer(
        &[create_mint_account_ix, init_mint_ix],
-        Some(&payer.pubkey()),
+        Some(&payer_keypair.pubkey()),
-        &[&payer, &mint_keypair],
+        &[&payer_keypair, &mint_keypair],
        recent_blockhash,
    );
-    let signature = client.send_and_confirm_transaction(&tx).unwrap();
+    client
-
+        .send_and_confirm_transaction(&tx)
-    println!("Mint created: {}", mint_keypair.pubkey());
+        .await
-    println!("Transaction signature: {}", signature);
+        .map_err(|e| println!("Can't execute transaction: {e}"))
-
+        .map(|s| {
            println!("Transaction signature: {}", s);
            mint_keypair.pubkey()
        })
        .ok()
 }
 async fn create_meta(client: &RpcClient, payer_keypair: &Keypair, mint_pubkey: &Pubkey) -> bool {
    create_meta_int(client, payer_keypair, mint_pubkey).await.is_some()
 }
 async fn create_meta_int(
    client: &RpcClient,
    payer_keypair: &Keypair,
    mint_pubkey: &Pubkey,
 ) -> Option<()> {
    let metadata_seeds = &[b"metadata", mpl_token_metadata_id.as_ref(), mint_pubkey.as_ref()];
    let (metadata_pda, _bump) =
        Pubkey::find_program_address(metadata_seeds, &mpl_token_metadata_id);
    let data_v2 = DataV2 {
        name: "DeTEE Hacker Challenge Token".to_string(),
        symbol: "DTHC".to_string(),
        uri: "https://detee.ltd/dthc/meta.json".to_string(),
        seller_fee_basis_points: 0, // usually for NFTs, can be 0 for fungible
        creators: None, // or Some(vec![Creator { ... }]) if you want to specify creators
        collection: None,
        uses: None,
    };
    let create_metadata_account_ix = CreateMetadataAccountV3 {
        metadata: metadata_pda,
        mint: *mint_pubkey,
        mint_authority: payer_keypair.pubkey(),
        payer: payer_keypair.pubkey(),
        update_authority: (payer_keypair.pubkey(), true),
        system_program: solana_program::system_program::id(),
        rent: None,
    }
    .instruction(CreateMetadataAccountV3InstructionArgs {
        data: data_v2,
        is_mutable: true,
        collection_details: None,
    });
    let recent_blockhash = client
        .get_latest_blockhash()
        .await
        .map_err(|e| println!("Can't get latest blockhash: {e}"))
        .ok()?;
    let tx = Transaction::new_signed_with_payer(
        &[create_metadata_account_ix],
        Some(&payer_keypair.pubkey()),
        &[&payer_keypair],
        recent_blockhash,
    );
    client
        .send_and_confirm_transaction(&tx)
        .await
        .map_err(|e| println!("Can't execute transaction: {e}"))
        .map(|s| {
            println!("Transaction signature: {}", s);
        })
        .ok()
 }
Author	SHA1	Message	Date
Valentyn Faychuk	dec033fb67	Discord invite widget	2025-02-03 16:55:04 +02:00
Valentyn Faychuk	6c3c04bb90	eula disclaimer Signed-off-by: Valentyn Faychuk <valy@detee.ltd>	2025-01-30 23:34:26 +02:00
Valentyn Faychuk	48803d4e89	switch to detee occlum Signed-off-by: Valentyn Faychuk <valy@detee.ltd>	2025-01-22 05:23:11 +02:00
Valentyn Faychuk	17cb3342ad	fix compilation issue for newer versions of occlum	2025-01-21 22:45:31 +02:00
Valentyn Faychuk	1c4f9abd03	update sgx library to get patch for vulnerabilities	2025-01-21 22:17:57 +02:00
Valentyn Faychuk	dfd5081b1b	fix testnet	2025-01-10 19:52:32 +02:00
Valentyn Faychuk	85e0215869	token metadata	2025-01-10 19:16:17 +02:00
Valentyn Faychuk	bfb4a03b88	correct token creation retries	2025-01-10 05:06:27 +02:00
Noor	1a897d780f	refactor mint endpoint to use query parameters and improve test script accordingly	2025-01-10 01:58:07 +00:00
Valentyn Faychuk	855e9ab28b	fix wait for sol bug	2025-01-10 01:38:06 +02:00
Valentyn Faychuk	3ceb4227cc	gplv2 license and token creation retries Signed-off-by: Valentyn Faychuk <valy@detee.ltd>	2025-01-10 00:55:31 +02:00
Valentyn Faychuk	4ae3d05a1d	formatting and heartbeat log	2025-01-07 15:39:48 +02:00
Noor	3be12f7807	solved requested changes enhance error handling for TLS connections and improve attack detection	2025-01-06 16:36:11 +00:00
Noor	e86ee534ed	handle TLS attack included net attack count on non supported tls connection counted as attack for tls without client cert and missing quote on tls client cert	2025-01-06 16:36:11 +00:00
Noor	ad9c445fe5	saving node information while heartbeating	2025-01-02 17:09:39 +00:00
Noor	f67146aa13	minting state implement 1 minting at a time to prevent ddos enhanced json response	2024-12-31 12:43:12 +00:00
Noor	5514f7b794	async solana client remove blocking on actix handler asynchronous mint method fix clippy on node comparison	2024-12-30 22:47:45 +00:00
Noor	8226f03e7c	fix grpc client error reset timeout on inbound message insted of creating new timer which was triggering timeout	2024-12-27 10:08:29 +00:00
Valentyn Faychuk	4a6e8c4c73	update keepalive Signed-off-by: Valentyn Faychuk <valy@detee.ltd>	2024-12-26 15:18:29 +00:00
Noor	ce69455dd6	handle empty node list before finding disconnected ip	2024-12-25 01:26:44 +00:00
Valentyn Faychuk	01e90f874c	connections stability fixes Signed-off-by: Valentyn Faychuk <valy@detee.ltd>	2024-12-24 17:46:39 +00:00