[FOLD] Validate LastUpdateTime within range {close-300sec, close+300sec}

gregtatcam · Jan 13, 2024 · fa876df · fa876df
1 parent ebb6b28
commit fa876df
Show file tree

Hide file tree

Showing 5 changed files with 16 additions and 15 deletions.
diff --git a/src/ripple/app/tx/impl/SetOracle.cpp b/src/ripple/app/tx/impl/SetOracle.cpp
@@ -82,11 +82,12 @@ SetOracle::preclaim(PreclaimContext const& ctx)
         duration_cast<seconds>(ctx.view.info().closeTime.time_since_epoch())
             .count();
     std::size_t const lastUpdateTime = ctx.tx[sfLastUpdateTime];
-    if (lastUpdateTime <= epoch_offset.count())
+    if (lastUpdateTime < epoch_offset.count())
         return tecINVALID_UPDATE_TIME;
     std::size_t const lastUpdateTimeEpoch =
         lastUpdateTime - epoch_offset.count();
-    if (lastUpdateTimeEpoch < closeTime ||
+    if (lastUpdateTimeEpoch <
+            closeTime - std::min(closeTime, maxLastUpdateTimeDelta) ||
         lastUpdateTimeEpoch > (closeTime + maxLastUpdateTimeDelta))
         return tecINVALID_UPDATE_TIME;
 

diff --git a/src/ripple/protocol/Protocol.h b/src/ripple/protocol/Protocol.h
@@ -124,7 +124,7 @@ std::size_t constexpr maxOracleSymbolClass = 16;
 /** The maximum allowed time difference between lastUpdateTime and the time
     of the last closed ledger
 */
-std::size_t constexpr maxLastUpdateTimeDelta = 30;
+std::size_t constexpr maxLastUpdateTimeDelta = 300;
 
 }  // namespace ripple
 

diff --git a/src/test/app/Oracle_test.cpp b/src/test/app/Oracle_test.cpp
@@ -224,23 +224,23 @@ struct Oracle_test : public beast::unit_test::suite
             env.fund(XRP(1'000), owner);
             Oracle oracle(env, {.owner = owner});
             BEAST_EXPECT(oracle.exists());
-            env.close(std::chrono::seconds(100));
-            // Less than the last close time
+            env.close(std::chrono::seconds(400));
+            // Less than the last close time - 300s
             oracle.set(UpdateArg{
                 .series = {{"XRP", "USD", 740, 1}},
                 .lastUpdateTime = 60,
                 .err = ter(tecINVALID_UPDATE_TIME)});
-            // Greater than last close time + 30 sec
+            // Greater than last close time + 300s
             oracle.set(UpdateArg{
                 .series = {{"XRP", "USD", 740, 1}},
-                .lastUpdateTime = 500,
+                .lastUpdateTime = 800,
                 .err = ter(tecINVALID_UPDATE_TIME)});
             oracle.set(UpdateArg{.series = {{"XRP", "USD", 740, 1}}});
-            BEAST_EXPECT(oracle.expectLastUpdateTime(946684950));
+            BEAST_EXPECT(oracle.expectLastUpdateTime(946685240));
             // Less than the previous lastUpdateTime
             oracle.set(UpdateArg{
                 .series = {{"XRP", "USD", 740, 1}},
-                .lastUpdateTime = 149,
+                .lastUpdateTime = 439,
                 .err = ter(tecINVALID_UPDATE_TIME)});
         }
 
@@ -273,7 +273,7 @@ struct Oracle_test : public beast::unit_test::suite
             Oracle oracle(env, {.owner = owner, .series = series});
             BEAST_EXPECT(oracle.exists());
             BEAST_EXPECT(ownerCount(env, owner) == (count + adj));
-            BEAST_EXPECT(oracle.expectLastUpdateTime(946684810));
+            BEAST_EXPECT(oracle.expectLastUpdateTime(946684800));
         };
 
         {

diff --git a/src/test/jtx/impl/Oracle.cpp b/src/test/jtx/impl/Oracle.cpp
@@ -204,7 +204,7 @@ Oracle::set(UpdateArg const& arg)
             duration_cast<seconds>(
                 env_.current()->info().closeTime.time_since_epoch())
                 .count() +
-            10 + epoch_offset.count());
+            epoch_offset.count());
     Json::Value dataSeries(Json::arrayValue);
     auto assetToStr = [](std::string const& s) {
         // assume standard currency

diff --git a/src/test/rpc/GetAggregatePrice_test.cpp b/src/test/rpc/GetAggregatePrice_test.cpp
@@ -132,7 +132,7 @@ class GetAggregatePrice_test : public beast::unit_test::suite
                 ret[jss::entire_set][jss::standard_deviation] ==
                 "0.3027650354097492");
             BEAST_EXPECT(ret[jss::median] == "74.45");
-            BEAST_EXPECT(ret[jss::time] == 946684900);
+            BEAST_EXPECT(ret[jss::time] == 946684890);
         }
 
         // Aggregate data set includes all price oracle instances
@@ -154,7 +154,7 @@ class GetAggregatePrice_test : public beast::unit_test::suite
             BEAST_EXPECT(
                 ret[jss::trimmed_set][jss::standard_deviation] ==
                 "0.187082869338697");
-            BEAST_EXPECT(ret[jss::time] == 946684900);
+            BEAST_EXPECT(ret[jss::time] == 946684890);
         }
 
         // A reduced dataset, as some price oracles have data beyond three
@@ -203,7 +203,7 @@ class GetAggregatePrice_test : public beast::unit_test::suite
             BEAST_EXPECT(
                 ret[jss::trimmed_set][jss::standard_deviation] ==
                 "0.158113883008419");
-            BEAST_EXPECT(ret[jss::time] == 946684900);
+            BEAST_EXPECT(ret[jss::time] == 946684890);
         }
 
         // Reduced data set because of the time threshold
@@ -230,7 +230,7 @@ class GetAggregatePrice_test : public beast::unit_test::suite
             BEAST_EXPECT(ret[jss::entire_set][jss::size].asUInt() == 8);
             BEAST_EXPECT(ret[jss::entire_set][jss::standard_deviation] == "0");
             BEAST_EXPECT(ret[jss::median] == "74");
-            BEAST_EXPECT(ret[jss::time] == 946685000);
+            BEAST_EXPECT(ret[jss::time] == 946684990);
         }
     }