From b3fb1dc6ed3c5610c03abdd6f2ff7bf164fb83ca Mon Sep 17 00:00:00 2001
From: Determinant <tederminant@gmail.com>
Date: Thu, 20 Aug 2020 02:21:57 -0400
Subject: add flow check for ExportTx

---
 plugin/evm/export_tx.go | 32 ++++++++++++++++++++++++++++++--
 plugin/evm/vm.go        |  7 ++++++-
 2 files changed, 36 insertions(+), 3 deletions(-)

diff --git a/plugin/evm/export_tx.go b/plugin/evm/export_tx.go
index 4f47a16..8b3c4f8 100644
--- a/plugin/evm/export_tx.go
+++ b/plugin/evm/export_tx.go
@@ -91,8 +91,36 @@ func (tx *UnsignedExportTx) SemanticVerify(
 		return permError{err}
 	}
 
-	// TODO: credential check
-	// TODO: flow check
+	f := crypto.FactorySECP256K1R{}
+	for i, cred := range stx.Creds {
+		if err := cred.Verify(); err != nil {
+			return permError{err}
+		}
+		pubKey, err := f.RecoverPublicKey(tx.UnsignedBytes(), cred.(*secp256k1fx.Credential).Sigs[0][:])
+		if err != nil {
+			return permError{err}
+		}
+		if tx.Ins[i].Address != PublicKeyToEthAddress(pubKey) {
+			return permError{errPublicKeySignatureMismatch}
+		}
+	}
+
+	// do flow-checking
+	fc := avax.NewFlowChecker()
+	fc.Produce(vm.ctx.AVAXAssetID, vm.txFee)
+
+	for _, out := range tx.ExportedOutputs {
+		fc.Produce(out.AssetID(), out.Output().Amount())
+	}
+
+	for _, in := range tx.Ins {
+		fc.Consume(vm.ctx.AVAXAssetID, in.Amount)
+	}
+
+	if err := fc.Verify(); err != nil {
+		return permError{err}
+	}
+
 	// TODO: verify UTXO outputs via gRPC
 	return nil
 }
diff --git a/plugin/evm/vm.go b/plugin/evm/vm.go
index 8823380..98ecb6f 100644
--- a/plugin/evm/vm.go
+++ b/plugin/evm/vm.go
@@ -175,6 +175,7 @@ func (vm *VM) getAtomicTx(block *types.Block) *Tx {
 			panic(err)
 		}
 	}
+	atx.Sign(vm.codec, nil)
 	return atx
 }
 
@@ -719,8 +720,12 @@ func (vm *VM) GetAtomicUTXOs(
 }
 
 func GetEthAddress(privKey *crypto.PrivateKeySECP256K1R) common.Address {
+	return PublicKeyToEthAddress(privKey.PublicKey())
+}
+
+func PublicKeyToEthAddress(pubKey crypto.PublicKey) common.Address {
 	return ethcrypto.PubkeyToAddress(
-		(*privKey.PublicKey().(*crypto.PublicKeySECP256K1R).ToECDSA()))
+		(*pubKey.(*crypto.PublicKeySECP256K1R).ToECDSA()))
 }
 
 func (vm *VM) GetSpendableCanonical(keys []*crypto.PrivateKeySECP256K1R, amount uint64) ([]EVMInput, [][]*crypto.PrivateKeySECP256K1R, error) {
-- 
cgit v1.2.3