add a GRPC for program fingerprint

proto/shentu/bounty/v1/bounty.proto

@@ -13,14 +13,13 @@ message Program {
   option (gogoproto.equal) = false;
   option (gogoproto.goproto_getters) = false;
 
-  string program_id = 1 [(gogoproto.jsontag) = "id", (gogoproto.moretags) = "yaml:\"id\""];
+  string program_id = 1 [(gogoproto.moretags) = "yaml:\"program_id\""];
   string name = 2 [(gogoproto.moretags) = "yaml:\"name\""];
   // JSON by ProgramDetail
   string detail = 3 [(gogoproto.moretags) = "yaml:\"detail\""];
   string admin_address = 4 [(gogoproto.moretags) = "yaml:\"admin_address\""];
   ProgramStatus status = 5 [(gogoproto.moretags) = "yaml:\"status\""];
-  repeated BountyLevel bounty_levels = 6 [(gogoproto.nullable) = false, (gogoproto.moretags) = "yaml:\"bounty_levels\""];
-  google.protobuf.Timestamp create_time = 7
+  google.protobuf.Timestamp create_time = 6
   [(gogoproto.stdtime) = true, (gogoproto.nullable) = false, (gogoproto.moretags) = "yaml:\"create_time\""];
 }
 
@@ -29,7 +28,7 @@ message Finding {
   option (gogoproto.goproto_getters) = false;
 
   string program_id = 1 [(gogoproto.moretags) = "yaml:\"program_id\""];
-  string finding_id = 2 [(gogoproto.jsontag) = "id", (gogoproto.moretags) = "yaml:\"id\""];
+  string finding_id = 2 [(gogoproto.moretags) = "yaml:\"finding_id\""];
   string title = 3;
   string description = 4 [(gogoproto.moretags) = "yaml:\"description\""];
   string proof_of_concept = 5 [(gogoproto.moretags) = "yaml:\"proof_of_concept\""];
@@ -40,11 +39,24 @@ message Finding {
   FindingStatus status = 9 [(gogoproto.moretags) = "yaml:\"status\""];
   // JSON by FindingDetail
   string detail = 10 [(gogoproto.moretags) = "yaml:\"detail\""];
-  google.protobuf.Timestamp create_time = 11
+  string payment_hash = 11 [(gogoproto.moretags) = "yaml:\"payment_hash\""];
+  google.protobuf.Timestamp create_time = 12
   [(gogoproto.stdtime) = true, (gogoproto.nullable) = false, (gogoproto.moretags) = "yaml:\"create_time\""];
 }
 
-message FindingFingerPrint {
+message ProgramFingerprint {
+  option (gogoproto.equal) = false;
+  option (gogoproto.goproto_getters) = false;
+
+  string program_id = 1 [(gogoproto.jsontag) = "id", (gogoproto.moretags) = "yaml:\"id\""];
+  string name = 2 [(gogoproto.moretags) = "yaml:\"name\""];
+  // JSON by ProgramDetail
+  string detail = 3 [(gogoproto.moretags) = "yaml:\"detail\""];
+  string admin_address = 4 [(gogoproto.moretags) = "yaml:\"admin_address\""];
+  ProgramStatus status = 5 [(gogoproto.moretags) = "yaml:\"status\""];
+}
+
+message FindingFingerprint {
   option (gogoproto.equal) = false;
   option (gogoproto.goproto_getters) = false;
 
@@ -53,10 +65,11 @@ message FindingFingerPrint {
   string title = 3;
   // hash(description + proof_of_concept + submitter)
   string finding_hash = 4 [(gogoproto.moretags) = "yaml:\"finding_hash\""];
-  SeverityLevel severity_level = 6 [(gogoproto.moretags) = "yaml:\"severity_level\""];
-  FindingStatus status = 7 [(gogoproto.moretags) = "yaml:\"status\""];
+  SeverityLevel severity_level = 5 [(gogoproto.moretags) = "yaml:\"severity_level\""];
+  FindingStatus status = 6 [(gogoproto.moretags) = "yaml:\"status\""];
   // JSON by FindingDetail
-  string detail = 8 [(gogoproto.moretags) = "yaml:\"detail\""];
+  string detail = 7 [(gogoproto.moretags) = "yaml:\"detail\""];
+  string payment_hash = 8 [(gogoproto.moretags) = "yaml:\"payment_hash\""];
 }
 
 enum ProgramStatus {
@@ -88,20 +101,19 @@ enum FindingStatus {
   FINDING_STATUS_CLOSED = 4 [(gogoproto.enumvalue_customname) = "FindingStatusClosed"];
 }
 
-message BountyLevel {
-  option (gogoproto.equal) = false;
-  option (gogoproto.goproto_getters) = false;
-
-  SeverityLevel severity_level = 1 [(gogoproto.moretags) = "yaml:\"severity_level\""];
-  bool   poc = 2;
-  cosmos.base.v1beta1.Coin min_bounty = 3 [(gogoproto.nullable) = false, (gogoproto.moretags) = "yaml:\"min_bounty\""];
-  cosmos.base.v1beta1.Coin max_bounty = 4 [(gogoproto.nullable) = false, (gogoproto.moretags) = "yaml:\"max_bounty\""];
-}
+//message BountyLevel {
+//  option (gogoproto.equal) = false;
+//  option (gogoproto.goproto_getters) = false;
+//
+//  SeverityLevel severity_level = 1 [(gogoproto.moretags) = "yaml:\"severity_level\""];
+//  bool   poc = 2;
+//  cosmos.base.v1beta1.Coin min_bounty = 3 [(gogoproto.nullable) = false, (gogoproto.moretags) = "yaml:\"min_bounty\""];
+//  cosmos.base.v1beta1.Coin max_bounty = 4 [(gogoproto.nullable) = false, (gogoproto.moretags) = "yaml:\"max_bounty\""];
+//}
 
 //// ProgramDetail defines a program detail.
 //type ProgramDetail struct {
 //    Type           string        `json:"type"`
-//    Name           string        `json:"name"`
 //    Logo           string        `json:"logo"`
 //    Desc           string        `json:"desc"`
 //    Targets        []string      `json:"targets"`
@@ -121,6 +133,4 @@ message BountyLevel {
 //    Attachments   []string     `json:"attachments"`
 //    ReceiverInfo  ReceiverInfo `json:"receiver_info"`
 //    PaidInfo      PaidInfo     `json:"paid_info"`
-//    FindingHash   string       `json:"finding_hash"`
-//    ShentuAddress string       `json:"shentu_addr"`
 //}

proto/shentu/bounty/v1/query.proto

@@ -32,10 +32,15 @@ service Query {
     option (google.api.http).get = "/shentu/bounty/v1/findings/{finding_id}";
   }
 
-  // FindingFingerprint queries Finding Fingerprint based on FindingId.
+  // FindingFingerprint queries finding fingerprint based on findingId.
   rpc FindingFingerprint(QueryFindingFingerprintRequest) returns (QueryFindingFingerprintResponse) {
     option (google.api.http).get = "/shentu/bounty/v1/findings/{finding_id}/fingerprint";
   }
+
+  // ProgramFingerprint queries program fingerprint based on programId.
+  rpc ProgramFingerprint(QueryProgramFingerprintRequest) returns (QueryProgramFingerprintResponse) {
+    option (google.api.http).get = "/shentu/bounty/v1/programs/{program_id}/fingerprint";
+  }
 }
 
 // QueryHostsRequest is the request type for the Query/Hosts RPC method.
@@ -118,4 +123,15 @@ message QueryFindingFingerprintRequest {
 // QueryFindingFingerPrintResponse is the response type for the Query/Finding RPC method.
 message QueryFindingFingerprintResponse {
   string fingerprint = 1;
+}
+
+// QueryProgramFingerprintRequest is the request type for the Query/Finding RPC method.
+message QueryProgramFingerprintRequest {
+  // program_id defines the unique id of the finding.
+  string program_id = 1;
+}
+
+// QueryProgramFingerprintResponse is the response type for the Query/Finding RPC method.
+message QueryProgramFingerprintResponse {
+  string fingerprint = 1;
 }

proto/shentu/bounty/v1/tx.proto

@@ -52,8 +52,7 @@ message MsgCreateProgram {
   string program_id = 1 [(gogoproto.moretags) = "yaml:\"program_id\""];
   string name = 2;
   string detail = 3;
-  repeated BountyLevel bounty_levels = 4 [(gogoproto.nullable) = false, (gogoproto.moretags) = "yaml:\"bounty_levels\""];
-  string operator_address = 5 [(gogoproto.moretags) = "yaml:\"operator_address\""];
+  string operator_address = 4 [(gogoproto.moretags) = "yaml:\"operator_address\""];
 }
 
 // MsgEditProgram defines a SDK message for editing a program.
@@ -64,8 +63,7 @@ message MsgEditProgram {
   string program_id = 1 [(gogoproto.moretags) = "yaml:\"program_id\""];
   string name = 2;
   string detail = 3;
-  repeated BountyLevel bounty_levels = 4 [(gogoproto.nullable) = false, (gogoproto.moretags) = "yaml:\"bounty_levels\""];
-  string operator_address = 5 [(gogoproto.moretags) = "yaml:\"operator_address\""];
+  string operator_address = 4 [(gogoproto.moretags) = "yaml:\"operator_address\""];
 }
 
 // MsgCreateProgramResponse defines the Msg/CreateProgram response type.
@@ -104,7 +102,7 @@ message MsgSubmitFinding {
   string finding_id = 2 [(gogoproto.moretags) = "yaml:\"finding_id\""];
   string title = 3;
   string finding_hash = 4 [(gogoproto.moretags) = "yaml:\"finding_hash\""];
-  string submitter_address = 5 [(gogoproto.moretags) = "yaml:\"submitter_address\""];
+  string operator_address = 5 [(gogoproto.moretags) = "yaml:\"operator_address\""];
   SeverityLevel severity_level = 6 [(gogoproto.moretags) = "yaml:\"severity_level\""];
   string detail = 7;
 }
@@ -120,9 +118,10 @@ message MsgEditFinding {
   string finding_id = 1 [(gogoproto.moretags) = "yaml:\"finding_id\""];
   string title = 2;
   string finding_hash = 3 [(gogoproto.moretags) = "yaml:\"finding_hash\""];
-  string submitter_address = 4 [(gogoproto.moretags) = "yaml:\"submitter_address\""];
+  string operator_address = 4 [(gogoproto.moretags) = "yaml:\"operator_address\""];
   SeverityLevel severity_level = 5 [(gogoproto.moretags) = "yaml:\"severity_level\""];
   string detail = 6;
+  string payment_hash = 7 [(gogoproto.moretags) = "yaml:\"payment_hash\""];
 }
 
 // MsgEditFindingResponse defines the MsgEditFinding response type.

x/bounty/client/cli/tx.go

@@ -59,7 +59,7 @@ func NewCreateProgramCmd() *cobra.Command {
 				return err
 			}
 
-			msg := types.NewMsgCreateProgram(pid, name, desc, creatorAddr, nil)
+			msg := types.NewMsgCreateProgram(pid, name, desc, creatorAddr)
 
 			return tx.GenerateOrBroadcastTxCLI(clientCtx, cmd.Flags(), msg)
 		},
@@ -102,7 +102,7 @@ func NewEditProgramCmd() *cobra.Command {
 				return err
 			}
 
-			msg := types.NewMsgEditProgram(pid, name, detail, creatorAddr, nil)
+			msg := types.NewMsgEditProgram(pid, name, detail, creatorAddr)
 
 			return tx.GenerateOrBroadcastTxCLI(clientCtx, cmd.Flags(), msg)
 		},

x/bounty/keeper/finding.go

@@ -130,6 +130,11 @@ func (k Keeper) ConfirmFinding(ctx sdk.Context, msg *types.MsgConfirmFinding) (t
 	if !found {
 		return finding, types.ErrFindingNotExists
 	}
+	// only FindingStatusSubmitted
+	if finding.Status != types.FindingStatusSubmitted {
+		return finding, types.ErrFindingStatusInvalid
+	}
+
 	// get program
 	program, isExist := k.GetProgram(ctx, finding.ProgramId)
 	if !isExist {
@@ -139,31 +144,32 @@ func (k Keeper) ConfirmFinding(ctx sdk.Context, msg *types.MsgConfirmFinding) (t
 		return finding, types.ErrProgramNotActive
 	}
 
-	// only host can update finding comment
+	// only program admin can confirm finding
 	if program.AdminAddress != msg.OperatorAddress {
 		return finding, types.ErrProgramCreatorInvalid
 	}
 
 	// fingerprint comparison
-	fingerprintHash := k.GetFindingFingerPrintHash(&finding)
+	fingerprintHash := k.GetFindingFingerprintHash(&finding)
 	if msg.Fingerprint != fingerprintHash {
 		return finding, types.ErrFindingHashInvalid
 	}
 	return finding, nil
 }
 
-func (k Keeper) GetFindingFingerPrintHash(finding *types.Finding) string {
-	findingFingerPrint := &types.FindingFingerPrint{
+func (k Keeper) GetFindingFingerprintHash(finding *types.Finding) string {
+	findingFingerprint := &types.FindingFingerprint{
 		ProgramId:     finding.ProgramId,
 		FindingId:     finding.FindingId,
 		Title:         finding.Title,
 		FindingHash:   finding.FindingHash,
 		SeverityLevel: finding.SeverityLevel,
 		Status:        finding.Status,
 		Detail:        finding.Detail,
+		PaymentHash:   finding.PaymentHash,
 	}
 
-	bz := k.cdc.MustMarshal(findingFingerPrint)
+	bz := k.cdc.MustMarshal(findingFingerprint)
 	hash := sha256.Sum256(bz)
 	return hex.EncodeToString(hash[:])
 }

x/bounty/keeper/grpc_query.go

@@ -119,6 +119,22 @@ func (k Keeper) FindingFingerprint(c context.Context, req *types.QueryFindingFin
 		return nil, status.Errorf(codes.NotFound, "finding %s doesn't exist", req.FindingId)
 	}
 
-	findingFingerPrintHash := k.GetFindingFingerPrintHash(&finding)
+	findingFingerPrintHash := k.GetFindingFingerprintHash(&finding)
 	return &types.QueryFindingFingerprintResponse{Fingerprint: findingFingerPrintHash}, nil
 }
+
+func (k Keeper) ProgramFingerprint(c context.Context, req *types.QueryProgramFingerprintRequest) (*types.QueryProgramFingerprintResponse, error) {
+	if req == nil {
+		return nil, status.Error(codes.InvalidArgument, "invalid request")
+	}
+	if len(req.ProgramId) == 0 {
+		return nil, status.Error(codes.InvalidArgument, "program-id can not be 0")
+	}
+	ctx := sdk.UnwrapSDKContext(c)
+	program, found := k.GetProgram(ctx, req.ProgramId)
+	if !found {
+		return nil, status.Errorf(codes.NotFound, "program %s doesn't exist", req.ProgramId)
+	}
+	programFingerPrintHash := k.GetProgramFingerprintHash(&program)
+	return &types.QueryProgramFingerprintResponse{Fingerprint: programFingerPrintHash}, nil
+}

x/bounty/keeper/msg_server.go

@@ -35,7 +35,7 @@ func (k msgServer) CreateProgram(goCtx context.Context, msg *types.MsgCreateProg
 	}
 
 	createTime := ctx.BlockHeader().Time
-	program, err := types.NewProgram(msg.ProgramId, msg.Name, msg.Detail, operatorAddr, types.ProgramStatusInactive, msg.BountyLevels, createTime)
+	program, err := types.NewProgram(msg.ProgramId, msg.Name, msg.Detail, operatorAddr, types.ProgramStatusInactive, createTime)
 	if err != nil {
 		return nil, err
 	}
@@ -92,9 +92,6 @@ func (k msgServer) EditProgram(goCtx context.Context, msg *types.MsgEditProgram)
 	if len(msg.Detail) > 0 {
 		program.Detail = msg.Detail
 	}
-	if len(msg.BountyLevels) > 0 {
-		program.BountyLevels = msg.BountyLevels
-	}
 
 	k.SetProgram(ctx, program)
 
@@ -166,7 +163,7 @@ func (k msgServer) CloseProgram(goCtx context.Context, msg *types.MsgCloseProgra
 func (k msgServer) SubmitFinding(goCtx context.Context, msg *types.MsgSubmitFinding) (*types.MsgSubmitFindingResponse, error) {
 	ctx := sdk.UnwrapSDKContext(goCtx)
 
-	operatorAddr, err := sdk.AccAddressFromBech32(msg.SubmitterAddress)
+	operatorAddr, err := sdk.AccAddressFromBech32(msg.OperatorAddress)
 	if err != nil {
 		return nil, err
 	}
@@ -205,7 +202,7 @@ func (k msgServer) SubmitFinding(goCtx context.Context, msg *types.MsgSubmitFind
 		sdk.NewEvent(
 			sdk.EventTypeMessage,
 			sdk.NewAttribute(sdk.AttributeKeyModule, types.AttributeValueCategory),
-			sdk.NewAttribute(sdk.AttributeKeySender, msg.SubmitterAddress),
+			sdk.NewAttribute(sdk.AttributeKeySender, msg.OperatorAddress),
 		),
 	})
 
@@ -218,10 +215,6 @@ func (k msgServer) EditFinding(goCtx context.Context, msg *types.MsgEditFinding)
 	if !found {
 		return nil, types.ErrFindingNotExists
 	}
-	// check submitter
-	if finding.SubmitterAddress != msg.SubmitterAddress {
-		return nil, types.ErrFindingSubmitterInvalid
-	}
 	// check program
 	program, isExist := k.GetProgram(ctx, finding.ProgramId)
 	if !isExist {
@@ -231,6 +224,45 @@ func (k msgServer) EditFinding(goCtx context.Context, msg *types.MsgEditFinding)
 		return nil, types.ErrProgramNotActive
 	}
 
+	// program admin edit paymentHash
+	if len(msg.PaymentHash) > 0 {
+		// check status
+		if finding.Status != types.FindingStatusConfirmed {
+			return nil, types.ErrFindingStatusInvalid
+		}
+		// check operator is program admin
+		if program.AdminAddress != msg.OperatorAddress {
+			return nil, types.ErrFindingSubmitterInvalid
+		}
+		finding.PaymentHash = msg.PaymentHash
+
+		k.SetFinding(ctx, finding)
+
+		ctx.EventManager().EmitEvents(sdk.Events{
+			sdk.NewEvent(
+				types.EventTypeEditFindingPaymentHash,
+				sdk.NewAttribute(types.AttributeKeyFindingID, finding.FindingId),
+				sdk.NewAttribute(types.AttributeKeyProgramID, finding.ProgramId),
+			),
+			sdk.NewEvent(
+				sdk.EventTypeMessage,
+				sdk.NewAttribute(sdk.AttributeKeyModule, types.AttributeValueCategory),
+				sdk.NewAttribute(sdk.AttributeKeySender, msg.OperatorAddress),
+			),
+		})
+		return &types.MsgEditFindingResponse{}, nil
+	}
+
+	// whitehat edit finding
+	// check status
+	if finding.Status != types.FindingStatusSubmitted {
+		return nil, types.ErrFindingStatusInvalid
+	}
+
+	// check operator is whitehat
+	if finding.SubmitterAddress != msg.OperatorAddress {
+		return nil, types.ErrFindingSubmitterInvalid
+	}
 	if len(msg.Title) > 0 {
 		finding.Title = msg.Title
 	}
@@ -255,7 +287,7 @@ func (k msgServer) EditFinding(goCtx context.Context, msg *types.MsgEditFinding)
 		sdk.NewEvent(
 			sdk.EventTypeMessage,
 			sdk.NewAttribute(sdk.AttributeKeyModule, types.AttributeValueCategory),
-			sdk.NewAttribute(sdk.AttributeKeySender, msg.SubmitterAddress),
+			sdk.NewAttribute(sdk.AttributeKeySender, msg.OperatorAddress),
 		),
 	})