taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

make reserve balance check used in internal_auditor mode only

Browse Source
This commit is contained in:
Christian Grothoff 2021-01-07 21:25:52 +01:00
parent 9d5a3ef659
commit 6ccda0b02e
No known key found for this signature in database
GPG Key ID: 939E6BE1E29FC3CC
2 changed files with 72 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

129
src/auditor/taler-helper-auditor-reserves.c
View File

@ -1026,7 +1026,6 @@ verify_reserve_balance (void *cls,
{ {
struct ReserveContext *rc = cls; struct ReserveContext *rc = cls;
struct ReserveSummary *rs = value; struct ReserveSummary *rs = value;
struct TALER_EXCHANGEDB_Reserve reserve;
struct TALER_Amount balance; struct TALER_Amount balance;
struct TALER_Amount nbalance; struct TALER_Amount nbalance;
enum GNUNET_DB_QueryStatus qs; enum GNUNET_DB_QueryStatus qs;
@ -1063,73 +1062,81 @@ verify_reserve_balance (void *cls,
&nbalance)); &nbalance));
} }
/* Now check OUR balance calculation vs. the one the exchange has if (internal_checks)
in its database */
reserve.pub = rs->reserve_pub;
qs = TALER_ARL_edb->reserves_get (TALER_ARL_edb->cls,
TALER_ARL_esession,
&reserve);
if (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != qs)
{ {
/* If the exchange doesn't have this reserve in the summary, it /* Now check OUR balance calculation vs. the one the exchange has
is like the exchange 'lost' that amount from its records, in its database. This can only be done when we are doing an
making an illegitimate gain over the amount it dropped. internal audit, as otherwise the balance of the 'reserves' table
We don't add the amount to some total simply because it is is not replicated at the auditor. */
not an actualized gain and could be trivially corrected by struct TALER_EXCHANGEDB_Reserve reserve;
restoring the summary. *///
TALER_ARL_report (report_reserve_balance_insufficient_inconsistencies,
json_pack ("{s:o, s:o}",
"reserve_pub",
GNUNET_JSON_from_data_auto (&rs->reserve_pub),
"gain",
TALER_JSON_from_amount (&nbalance)));
if (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs)
{
GNUNET_break (0);
qs = GNUNET_DB_STATUS_HARD_ERROR;
}
rc->qs = qs;
}
else
{
/* Check that exchange's balance matches our expected balance for the reserve */
if (0 != TALER_amount_cmp (&nbalance,
&reserve.balance))
{
struct TALER_Amount delta;
if (0 < TALER_amount_cmp (&nbalance, reserve.pub = rs->reserve_pub;
&reserve.balance)) qs = TALER_ARL_edb->reserves_get (TALER_ARL_edb->cls,
{ TALER_ARL_esession,
/* balance > reserve.balance */ &reserve);
TALER_ARL_amount_subtract (&delta, if (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT != qs)
&nbalance, {
&reserve.balance); /* If the exchange doesn't have this reserve in the summary, it
TALER_ARL_amount_add (&total_balance_summary_delta_plus, is like the exchange 'lost' that amount from its records,
&total_balance_summary_delta_plus, making an illegitimate gain over the amount it dropped.
&delta); We don't add the amount to some total simply because it is
} not an actualized gain and could be trivially corrected by
else restoring the summary. *///
{ TALER_ARL_report (report_reserve_balance_insufficient_inconsistencies,
/* balance < reserve.balance */ json_pack ("{s:o, s:o}",
TALER_ARL_amount_subtract (&delta,
&reserve.balance,
&nbalance);
TALER_ARL_amount_add (&total_balance_summary_delta_minus,
&total_balance_summary_delta_minus,
&delta);
}
TALER_ARL_report (report_reserve_balance_summary_wrong_inconsistencies,
json_pack ("{s:o, s:o, s:o}",
"reserve_pub", "reserve_pub",
GNUNET_JSON_from_data_auto ( GNUNET_JSON_from_data_auto (
&rs->reserve_pub), &rs->reserve_pub),
"exchange", "gain",
TALER_JSON_from_amount (&reserve.balance),
"auditor",
TALER_JSON_from_amount (&nbalance))); TALER_JSON_from_amount (&nbalance)));
if (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs)
{
GNUNET_break (0);
qs = GNUNET_DB_STATUS_HARD_ERROR;
}
rc->qs = qs;
} }
} else
{
/* Check that exchange's balance matches our expected balance for the reserve */
if (0 != TALER_amount_cmp (&nbalance,
&reserve.balance))
{
struct TALER_Amount delta;
if (0 < TALER_amount_cmp (&nbalance,
&reserve.balance))
{
/* balance > reserve.balance */
TALER_ARL_amount_subtract (&delta,
&nbalance,
&reserve.balance);
TALER_ARL_amount_add (&total_balance_summary_delta_plus,
&total_balance_summary_delta_plus,
&delta);
}
else
{
/* balance < reserve.balance */
TALER_ARL_amount_subtract (&delta,
&reserve.balance,
&nbalance);
TALER_ARL_amount_add (&total_balance_summary_delta_minus,
&total_balance_summary_delta_minus,
&delta);
}
TALER_ARL_report (report_reserve_balance_summary_wrong_inconsistencies,
json_pack ("{s:o, s:o, s:o}",
"reserve_pub",
GNUNET_JSON_from_data_auto (
&rs->reserve_pub),
"exchange",
TALER_JSON_from_amount (&reserve.balance),
"auditor",
TALER_JSON_from_amount (&nbalance)));
}
}
} /* end of 'if (internal_checks)' */
/* Check that reserve is being closed if it is past its expiration date /* Check that reserve is being closed if it is past its expiration date
(and the closing fee would not exceed the remaining balance) */ (and the closing fee would not exceed the remaining balance) */

8
src/auditor/test-auditor.sh
View File

@ -104,13 +104,13 @@ function audit_only () {
echo -n "." echo -n "."
$VALGRIND taler-helper-auditor-deposits -L DEBUG -c $CONF -m $MASTER_PUB > test-audit-deposits-inc.json 2> test-audit-deposits-inc.log || exit_fail "incremental deposits audit failed" $VALGRIND taler-helper-auditor-deposits -L DEBUG -c $CONF -m $MASTER_PUB > test-audit-deposits-inc.json 2> test-audit-deposits-inc.log || exit_fail "incremental deposits audit failed"
echo -n "." echo -n "."
$VALGRIND taler-helper-auditor-reserves -L DEBUG -c $CONF -m $MASTER_PUB > test-audit-reserves.json 2> test-audit-reserves.log || exit_fail "reserves audit failed" $VALGRIND taler-helper-auditor-reserves -i -L DEBUG -c $CONF -m $MASTER_PUB > test-audit-reserves.json 2> test-audit-reserves.log || exit_fail "reserves audit failed"
echo -n "." echo -n "."
$VALGRIND taler-helper-auditor-reserves -L DEBUG -c $CONF -m $MASTER_PUB > test-audit-reserves-inc.json 2> test-audit-reserves-inc.log || exit_fail "incremental reserves audit failed" $VALGRIND taler-helper-auditor-reserves -i -L DEBUG -c $CONF -m $MASTER_PUB > test-audit-reserves-inc.json 2> test-audit-reserves-inc.log || exit_fail "incremental reserves audit failed"
echo -n "." echo -n "."
$VALGRIND taler-helper-auditor-wire -L DEBUG -c $CONF -m $MASTER_PUB > test-audit-wire.json 2> test-wire-audit.log || exit_fail "wire audit failed" $VALGRIND taler-helper-auditor-wire -i -L DEBUG -c $CONF -m $MASTER_PUB > test-audit-wire.json 2> test-wire-audit.log || exit_fail "wire audit failed"
echo -n "." echo -n "."
$VALGRIND taler-helper-auditor-wire -L DEBUG -c $CONF -m $MASTER_PUB > test-audit-wire-inc.json 2> test-wire-audit-inc.log || exit_fail "wire audit failed" $VALGRIND taler-helper-auditor-wire -i -L DEBUG -c $CONF -m $MASTER_PUB > test-audit-wire-inc.json 2> test-wire-audit-inc.log || exit_fail "wire audit failed"
echo -n "." echo -n "."
echo " DONE" echo " DONE"