fix(server): replaced postcard-based integrity fingerprint with custom trait providing order-independent hashing

2026-04-06 15:45:46 +02:00
parent f6b62ab884
commit 5bc0c42cc7
8 changed files with 205 additions and 149 deletions
--- a/server/crates/arbiter-server/src/evm/policies.rs
+++ b/server/crates/arbiter-server/src/evm/policies.rs
@@ -7,7 +7,6 @@ use diesel::{
 };
 use diesel_async::{AsyncConnection, RunQueryDsl};

-use serde::Serialize;
 use thiserror::Error;

 use crate::{
@@ -64,7 +63,7 @@ pub enum EvalViolation {

 pub type DatabaseID = i32;

-#[derive(Debug, Serialize)]
+#[derive(Debug)]
 pub struct Grant<PolicySettings> {
    pub id: DatabaseID,
    pub common_settings_id: DatabaseID, // ID of the basic grant for shared-logic checks like rate limits and validity periods
@@ -128,19 +127,19 @@ pub enum SpecificMeaning {
    TokenTransfer(token_transfers::Meaning),
 }

-#[derive(Clone, Debug, PartialEq, Eq, Hash, Serialize)]
+#[derive(Clone, Debug, PartialEq, Eq, Hash, PartialOrd, Ord)]
 pub struct TransactionRateLimit {
    pub count: u32,
    pub window: Duration,
 }

-#[derive(Clone, Debug, PartialEq, Eq, Hash, Serialize)]
+#[derive(Clone, Debug, PartialEq, Eq, Hash, PartialOrd, Ord)]
 pub struct VolumeRateLimit {
    pub max_volume: U256,
    pub window: Duration,
 }

-#[derive(Clone, Debug, PartialEq, Eq, Hash, Serialize)]
+#[derive(Clone, Debug, PartialEq, Eq, Hash)]
 pub struct SharedGrantSettings {
    pub wallet_access_id: i32,
    pub chain: ChainId,
@@ -201,7 +200,7 @@ pub enum SpecificGrant {
    TokenTransfer(token_transfers::Settings),
 }

-#[derive(Debug, Serialize)]
+#[derive(Debug)]
 pub struct CombinedSettings<PolicyGrant> {
    pub shared: SharedGrantSettings,
    pub specific: PolicyGrant,
@@ -220,3 +219,38 @@ impl<P: Integrable> Integrable for CombinedSettings<P> {
    const KIND: &'static str = P::KIND;
    const VERSION: i32 = P::VERSION;
 }
+
+use crate::crypto::integrity::hashing::Hashable;
+
+impl Hashable for TransactionRateLimit {
+    fn hash<H: sha2::Digest>(&self, hasher: &mut H) {
+        self.count.hash(hasher);
+        self.window.hash(hasher);
+    }
+}
+
+impl Hashable for VolumeRateLimit {
+    fn hash<H: sha2::Digest>(&self, hasher: &mut H) {
+        self.max_volume.hash(hasher);
+        self.window.hash(hasher);
+    }
+}
+
+impl Hashable for SharedGrantSettings {
+    fn hash<H: sha2::Digest>(&self, hasher: &mut H) {
+        self.wallet_access_id.hash(hasher);
+        self.chain.hash(hasher);
+        self.valid_from.hash(hasher);
+        self.valid_until.hash(hasher);
+        self.max_gas_fee_per_gas.hash(hasher);
+        self.max_priority_fee_per_gas.hash(hasher);
+        self.rate_limit.hash(hasher);
+    }
+}
+
+impl<P: Hashable> Hashable for CombinedSettings<P> {
+    fn hash<H: sha2::Digest>(&self, hasher: &mut H) {
+        self.shared.hash(hasher);
+        self.specific.hash(hasher);
+    }
+}