From 08fecb8fe3a6ee124cc8bdc6e7042dcb664f6bd1 Mon Sep 17 00:00:00 2001
From: Daniel Karzel <daniel@comit.network>
Date: Mon, 26 Apr 2021 22:07:49 +1000
Subject: [PATCH] Peer check for incoming transfer proofs

Bob validates that incoming transfer proof messages are coming from the peer-id of Alice.
Currently Bob will ignore any transfer proof message that is not coming from the counterparty peer-id associated to the current swap in execution.
Once we add support for trying to save received transfer proofs for swaps that are currently not in execution we can also adapy allowing this for different counterparty peer-ids. This requires access to the database in Bob's event loop.
---
 swap/src/network/transfer_proof.rs  |  1 +
 swap/src/protocol/bob/behaviour.rs  |  1 +
 swap/src/protocol/bob/event_loop.rs | 17 ++++++++++++++---
 3 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/swap/src/network/transfer_proof.rs b/swap/src/network/transfer_proof.rs
index be6bb09e..def98bb9 100644
--- a/swap/src/network/transfer_proof.rs
+++ b/swap/src/network/transfer_proof.rs
@@ -68,6 +68,7 @@ impl From<(PeerId, Message)> for bob::OutEvent {
             } => Self::TransferProofReceived {
                 msg: Box::new(request),
                 channel,
+                peer,
             },
             Message::Response { .. } => Self::unexpected_response(peer),
         }
diff --git a/swap/src/protocol/bob/behaviour.rs b/swap/src/protocol/bob/behaviour.rs
index 06ca9a8c..91a7c47b 100644
--- a/swap/src/protocol/bob/behaviour.rs
+++ b/swap/src/protocol/bob/behaviour.rs
@@ -21,6 +21,7 @@ pub enum OutEvent {
     TransferProofReceived {
         msg: Box<transfer_proof::Request>,
         channel: ResponseChannel<()>,
+        peer: PeerId,
     },
     EncryptedSignatureAcknowledged {
         id: RequestId,
diff --git a/swap/src/protocol/bob/event_loop.rs b/swap/src/protocol/bob/event_loop.rs
index ba63880b..c4bfc0a8 100644
--- a/swap/src/protocol/bob/event_loop.rs
+++ b/swap/src/protocol/bob/event_loop.rs
@@ -117,11 +117,22 @@ impl EventLoop {
                                 let _ = responder.respond(*response);
                             }
                         }
-                        SwarmEvent::Behaviour(OutEvent::TransferProofReceived { msg, channel }) => {
-                            if msg.swap_id != self.swap_id {
+                        SwarmEvent::Behaviour(OutEvent::TransferProofReceived { msg, channel, peer }) => {
+                            let swap_id = msg.swap_id;
+
+                            if peer != self.alice_peer_id {
+                                tracing::warn!(
+                                            %swap_id,
+                                            "Ignoring malicious transfer proof from {}, expected to receive it from {}",
+                                            peer,
+                                            self.alice_peer_id);
+                                        continue;
+                            }
+
+                            if swap_id != self.swap_id {
 
                                 // TODO: Save unexpected transfer proofs in the database and check for messages in the database when handling swaps
-                                tracing::warn!("Received unexpected transfer proof for swap {} while running swap {}. This transfer proof will be ignored.", msg.swap_id, self.swap_id);
+                                tracing::warn!("Received unexpected transfer proof for swap {} while running swap {}. This transfer proof will be ignored.", swap_id, self.swap_id);
 
                                 // When receiving a transfer proof that is unexpected we still have to acknowledge that it was received
                                 let _ = self.swarm.behaviour_mut().transfer_proof.send_response(channel, ());