Skip to content

feat: payment amount verification tests + unified vault migration#23

Open
mickvandijke wants to merge 8 commits intomainfrom
feat/payment-verification-tests
Open

feat: payment amount verification tests + unified vault migration#23
mickvandijke wants to merge 8 commits intomainfrom
feat/payment-verification-tests

Conversation

@mickvandijke
Copy link
Copy Markdown
Contributor

@mickvandijke mickvandijke commented Apr 1, 2026

Summary

  • Add 4 E2E security tests verifying nodes reject underpayment for single-node and merkle payment modes
  • Migrate client payment code to the unified payment vault contract (single approval instead of separate data_payments/merkle_payments)
  • Use node-reported prices directly instead of fetching from on-chain contract

New security tests

Test Payment mode Attack
test_attack_underpayment_single_node Single Pay 1 atto instead of 3× median
test_attack_underpayment_half_price Single Pay ~1.5× instead of required 3×
test_attack_merkle_proof_for_wrong_chunk Merkle Use valid proof for a different chunk
test_attack_merkle_proof_swap_within_batch Merkle Swap proofs between chunks in same batch

Companion PR

Depends on WithAutonomi/ant-node — fix/merkle-underpayment-verification which fixes a critical vulnerability where the merkle payment verifier only checked paid_amount.is_zero() instead of paid_amount >= candidate.price, allowing clients to underpay by submitting fake low prices in pool commitments.

Test plan

  • cargo test -p ant-core --test e2e_security test_attack_underpayment — both single-node underpayment tests pass
  • cargo test -p ant-core --test e2e_merkle test_attack_merkle_proof — both merkle proof security tests pass
  • cargo test -p ant-core --test e2e_merkle test_merkle_data_upload_download — legitimate merkle payments still work
  • Full CI

🤖 Generated with Claude Code

@mickvandijke @claude
feat: add payment amount verification tests and migrate to unified pa…
9cf4cb5 
…yment vault

Add E2E security tests verifying that nodes reject underpayment for both
single-node and merkle payment modes:

- test_attack_underpayment_single_node: pays 1 atto instead of 3x median
- test_attack_underpayment_half_price: pays ~1.5x instead of 3x median
- test_attack_merkle_proof_for_wrong_chunk: uses proof for wrong chunk
- test_attack_merkle_proof_swap_within_batch: swaps proofs between chunks

Also migrates client payment code to the unified payment vault contract,
replacing separate data_payments/merkle_payments approvals with a single
payment_vault approval, and using node-reported prices directly instead
of fetching from the on-chain contract.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@mickvandijke mickvandijke force-pushed the feat/payment-verification-tests branch from a09c731 to 9cf4cb5 Compare April 1, 2026 20:46
@mickvandijke mickvandijke marked this pull request as ready for review April 1, 2026 22:56
mickvandijke and others added 7 commits April 2, 2026 09:43
@mickvandijke @claude
fix: update ant-node and evmlib to fix payment verification failure
d22458a 
The verifier was calling verifyPayment with original quote prices from
ProofOfPayment::digest(), but the SingleNode model pays 3x to the median
and 0 to others. The contract does exact amount matching, so all 5 quotes
failed verification. The updated ant-node reconstructs actual paid amounts
via SingleNodePayment::from_quotes() before calling verifyPayment.

- ant-node: 08bb16f5 -> f283b9ac
- evmlib: f4cdd45e -> 56148ce8

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@mickvandijke @claude
fix: target median peer in underpayment security tests
b7ac3b3 
Both underpayment tests were sending the PUT to quotes.first() (arbitrary
peer) instead of the median peer. Since verify() only checks the target
node's own payment, non-median nodes see expected=0, on-chain=0 and pass
verification regardless of median tampering. Now we resolve the median
peer via rewards_address after from_quotes() sorts internally.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@mickvandijke
chore: update Cargo.lock dependencies
0ee36ac 
Updated `ant-node` and `evmlib` to newer commits and adjusted dependency versions in `Cargo.lock` for compatibility. Removed redundant `windows` package versions for cleanup.
@mickvandijke
chore: remove unused constants and update dependency versions in Carg…
8255db7 
…o.lock

Removed `TEST_INITIAL_RECORDS` constant due to redundancy. Updated `windows-sys` and `socket2` dependencies in `Cargo.lock` for compatibility.
@mickvandijke
chore: update ant-node dependency in Cargo.lock
d01c3ea
@mickvandijke
fix: add missing price field to prepared batch chunks
6a38018 
Include `price` in `PreparedChunk` to ensure complete amount details are preserved during batch processing.
@mickvandijke
chore: update evmlib to 0.7 and adjust Cargo.lock dependencies
8287da6
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mickvandijke