feat: Disable hook execution in certain calls (#21732)

Signed-off-by: Neeharika-Sompalli <neeharika.sompalli@swirldslabs.com>

Author: Neeharika-Sompalli

hapi/hedera-protobuf-java-api/src/main/proto/services/basic_types.proto

@@ -480,14 +480,10 @@ message HookEntityId {
  */
 message HookCall {
     oneof id {
-        /**
-         * The full id of the hook to call, when the owning entity is not forced by the call site.
-         */
-        HookId full_hook_id  = 1;
         /**
          * The numeric id of the hook to call, when the owning entity is forced by the call site.
          */
-        int64 hook_id = 2;
+        int64 hook_id = 1;
     }
 
     /**

hapi/hedera-protobuf-java-api/src/main/proto/services/response_code.proto

@@ -1903,4 +1903,10 @@ enum ResponseCodeEnum {
      * consensus node.
      */
     ACCOUNT_IS_LINKED_TO_A_NODE = 524;
+
+    /**
+     *  Hooks are not supported to be used in Batch transactions and Scheduled transactions.
+     * They are only supported in a top level CryptoTransfer transaction.
+     */
+    HOOKS_EXECUTIONS_REQUIRE_TOP_LEVEL_CRYPTO_TRANSFER = 525;
 }

hedera-node/hapi-utils/src/main/java/com/hedera/node/app/hapi/utils/contracts/HookUtils.java

@@ -76,7 +76,7 @@ public static Bytes leftPad32(@NonNull final com.hedera.pbj.runtime.io.buffer.By
      * @param op the crypto transfer operation
      * @return true if the crypto transfer operation has any hooks set in any of the account amounts or nft transfers
      */
-    public static boolean hasHooks(final @NonNull CryptoTransferTransactionBody op) {
+    public static boolean hasHookExecutions(final @NonNull CryptoTransferTransactionBody op) {
         for (final AccountAmount aa : op.transfersOrElse(TransferList.DEFAULT).accountAmounts()) {
             if (aa.hasPreTxAllowanceHook() || aa.hasPrePostTxAllowanceHook()) {
                 return true;

hedera-node/hedera-schedule-service-impl/src/main/java/com/hedera/node/app/service/schedule/impl/handlers/ScheduleCreateHandler.java

@@ -2,6 +2,7 @@
 package com.hedera.node.app.service.schedule.impl.handlers;
 
 import static com.hedera.hapi.node.base.ResponseCodeEnum.ACCOUNT_ID_DOES_NOT_EXIST;
+import static com.hedera.hapi.node.base.ResponseCodeEnum.HOOKS_EXECUTIONS_REQUIRE_TOP_LEVEL_CRYPTO_TRANSFER;
 import static com.hedera.hapi.node.base.ResponseCodeEnum.IDENTICAL_SCHEDULE_ALREADY_CREATED;
 import static com.hedera.hapi.node.base.ResponseCodeEnum.INVALID_ADMIN_KEY;
 import static com.hedera.hapi.node.base.ResponseCodeEnum.INVALID_TRANSACTION;
@@ -40,6 +41,7 @@
 import com.hedera.hapi.node.state.throttles.ThrottleUsageSnapshots;
 import com.hedera.node.app.hapi.fees.usage.SigUsage;
 import com.hedera.node.app.hapi.fees.usage.schedule.ScheduleOpsUsage;
+import com.hedera.node.app.hapi.utils.contracts.HookUtils;
 import com.hedera.node.app.hapi.utils.fee.SigValueObj;
 import com.hedera.node.app.service.entityid.EntityIdFactory;
 import com.hedera.node.app.service.schedule.ScheduleStreamBuilder;
@@ -104,6 +106,12 @@ public void pureChecks(@NonNull final PureChecksContext context) throws PreCheck
         validateTruePreCheck(op.hasScheduledTransactionBody(), INVALID_TRANSACTION);
         // (FUTURE) Add a dedicated response code for an op waiting for an unspecified expiration time
         validateFalsePreCheck(op.waitForExpiry() && !op.hasExpirationTime(), MISSING_EXPIRY_TIME);
+        if (op.scheduledTransactionBodyOrThrow().hasCryptoTransfer()) {
+            validateFalsePreCheck(
+                    HookUtils.hasHookExecutions(
+                            op.scheduledTransactionBodyOrThrow().cryptoTransferOrThrow()),
+                    HOOKS_EXECUTIONS_REQUIRE_TOP_LEVEL_CRYPTO_TRANSFER);
+        }
     }
 
     @Override

hedera-node/hedera-schedule-service-impl/src/test/java/com/hedera/node/app/service/schedule/impl/handlers/ScheduleCreateHandlerTest.java

@@ -2,24 +2,32 @@
 package com.hedera.node.app.service.schedule.impl.handlers;
 
 import static com.hedera.hapi.node.base.ResponseCodeEnum.ACCOUNT_ID_DOES_NOT_EXIST;
+import static com.hedera.hapi.node.base.ResponseCodeEnum.HOOKS_EXECUTIONS_REQUIRE_TOP_LEVEL_CRYPTO_TRANSFER;
 import static com.hedera.hapi.node.base.ResponseCodeEnum.IDENTICAL_SCHEDULE_ALREADY_CREATED;
 import static com.hedera.hapi.node.base.ResponseCodeEnum.MAX_ENTITIES_IN_PRICE_REGIME_HAVE_BEEN_CREATED;
 import static com.hedera.hapi.node.base.ResponseCodeEnum.SCHEDULED_TRANSACTION_NOT_IN_WHITELIST;
+import static com.hedera.node.app.spi.fixtures.workflows.ExceptionConditions.responseCode;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.assertj.core.api.BDDAssertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyInt;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 
+import com.hedera.hapi.node.base.AccountAmount;
 import com.hedera.hapi.node.base.AccountID;
 import com.hedera.hapi.node.base.HederaFunctionality;
+import com.hedera.hapi.node.base.HookCall;
 import com.hedera.hapi.node.base.Key;
 import com.hedera.hapi.node.base.ScheduleID;
 import com.hedera.hapi.node.base.Timestamp;
+import com.hedera.hapi.node.base.TransferList;
 import com.hedera.hapi.node.scheduled.SchedulableTransactionBody;
 import com.hedera.hapi.node.scheduled.SchedulableTransactionBody.DataOneOfType;
+import com.hedera.hapi.node.scheduled.ScheduleCreateTransactionBody;
 import com.hedera.hapi.node.state.schedule.Schedule;
 import com.hedera.hapi.node.state.throttles.ThrottleUsageSnapshots;
+import com.hedera.hapi.node.token.CryptoTransferTransactionBody;
 import com.hedera.hapi.node.transaction.TransactionBody;
 import com.hedera.node.app.hapi.utils.keys.KeyComparator;
 import com.hedera.node.app.service.entityid.EntityNumGenerator;
@@ -32,6 +40,7 @@
 import com.hedera.node.app.spi.workflows.HandleException;
 import com.hedera.node.app.spi.workflows.PreCheckException;
 import com.hedera.node.app.spi.workflows.PreHandleContext;
+import com.hedera.node.app.spi.workflows.PureChecksContext;
 import com.hedera.node.app.workflows.prehandle.PreHandleContextImpl;
 import java.security.InvalidKeyException;
 import java.time.InstantSource;
@@ -51,6 +60,9 @@ class ScheduleCreateHandlerTest extends ScheduleHandlerTestBase {
     @Mock
     private ScheduleFeeCharging feeCharging;
 
+    @Mock
+    private PureChecksContext pureChecksContext;
+
     private ScheduleCreateHandler subject;
     private PreHandleContext realPreContext;
 
@@ -60,6 +72,33 @@ void setUp() throws PreCheckException, InvalidKeyException {
         setUpBase();
     }
 
+    @Test
+    void schedulingHookExecutionFails() {
+        final TransactionBody createTransaction = TransactionBody.newBuilder()
+                .scheduleCreate(ScheduleCreateTransactionBody.newBuilder()
+                        .memo("test memo")
+                        .scheduledTransactionBody(SchedulableTransactionBody.newBuilder()
+                                .cryptoTransfer(CryptoTransferTransactionBody.newBuilder()
+                                        .transfers(TransferList.newBuilder()
+                                                .accountAmounts(
+                                                        AccountAmount.newBuilder()
+                                                                .accountID(payer)
+                                                                .preTxAllowanceHook(HookCall.DEFAULT)
+                                                                .amount(1L)
+                                                                .build(),
+                                                        AccountAmount.newBuilder()
+                                                                .accountID(scheduler)
+                                                                .amount(-1L)
+                                                                .build()))
+                                        .build()))
+                        .build())
+                .build();
+        given(pureChecksContext.body()).willReturn(createTransaction);
+        assertThatThrownBy(() -> subject.pureChecks(pureChecksContext))
+                .isInstanceOf(PreCheckException.class)
+                .has(responseCode(HOOKS_EXECUTIONS_REQUIRE_TOP_LEVEL_CRYPTO_TRANSFER));
+    }
+
     @Test
     void preHandleVanilla() throws PreCheckException {
         realPreContext = new PreHandleContextImpl(

hedera-node/hedera-smart-contract-service-impl/src/main/java/com/hedera/node/app/service/contract/impl/exec/ContextTransactionProcessor.java

@@ -261,7 +261,7 @@ private HevmTransactionCreationResult safeCreateHevmTransaction() {
         try {
             final var hevmTransaction = hevmTransactionFactory.fromHapiTransaction(context.body(), context.payer());
             validatePayloadLength(hevmTransaction);
-            return new HevmTransactionCreationResult(hevmTransaction, hevmTransaction.isHookDispatch());
+            return new HevmTransactionCreationResult(hevmTransaction, hevmTransaction.hookOwnerAddress() != null);
         } catch (HandleException e) {
             final var evmTxn = hevmTransactionFactory.fromContractTxException(context.body(), e);
             // Return a HederaEvmTransaction that represents the error in order to charge fees to the sender

hedera-node/hedera-smart-contract-service-impl/src/main/java/com/hedera/node/app/service/contract/impl/exec/TransactionProcessor.java

@@ -126,7 +126,7 @@ private HederaEvmTransactionResult processTransactionWithParties(
             @NonNull final OpsDurationCounter opsDurationCounter,
             @NonNull final InvolvedParties parties) {
         // If it is hook dispatch, skip gas charging because gas is pre-paid in cryptoTransfer already
-        final var gasCharges = transaction.isHookDispatch()
+        final var gasCharges = transaction.hookOwnerAddress() != null
                 ? GasCharges.NONE
                 : gasCharging.chargeForGas(parties.sender(), parties.relayer(), context, updater, transaction);
         final var initialFrame = frameBuilder.buildInitialFrameWith(
@@ -148,7 +148,7 @@ private HederaEvmTransactionResult processTransactionWithParties(
         // Maybe refund some of the charged fees before committing if not a hook dispatch
         // Note that for hook dispatch, gas is charged during cryptoTransfer and will not be refunded once
         // hook is executed
-        if (!transaction.isHookDispatch()) {
+        if (transaction.hookOwnerAddress() == null) {
             gasCharging.maybeRefundGiven(
                     transaction.unusedGas(result.gasUsed()),
                     gasCharges.relayerAllowanceUsed(),

hedera-node/hedera-smart-contract-service-impl/src/main/java/com/hedera/node/app/service/contract/impl/exec/operations/AbstractCustomCreateOperation.java

@@ -5,6 +5,7 @@
 import static org.hyperledger.besu.evm.frame.ExceptionalHaltReason.INSUFFICIENT_GAS;
 import static org.hyperledger.besu.evm.internal.Words.clampedToLong;
 
+import com.hedera.node.app.service.contract.impl.exec.utils.FrameUtils;
 import com.hedera.node.app.service.contract.impl.state.ProxyWorldUpdater;
 import edu.umd.cs.findbugs.annotations.NonNull;
 import edu.umd.cs.findbugs.annotations.Nullable;
@@ -90,6 +91,9 @@ protected AbstractCustomCreateOperation(
 
     @Override
     public OperationResult execute(@NonNull final MessageFrame frame, @NonNull final EVM evm) {
+        if (FrameUtils.isHookExecution(frame)) {
+            return new OperationResult(0, ExceptionalHaltReason.INVALID_OPERATION);
+        }
         if (!isEnabled(frame)) {
             return INVALID_RESPONSE;
         }

hedera-node/hedera-smart-contract-service-impl/src/main/java/com/hedera/node/app/service/contract/impl/exec/operations/CustomCallCodeOperation.java

@@ -4,10 +4,12 @@
 import com.hedera.node.app.service.contract.impl.exec.AddressChecks;
 import com.hedera.node.app.service.contract.impl.exec.FeatureFlags;
 import com.hedera.node.app.service.contract.impl.exec.processors.CustomMessageCallProcessor;
+import com.hedera.node.app.service.contract.impl.exec.utils.FrameUtils;
 import edu.umd.cs.findbugs.annotations.NonNull;
 import java.util.Objects;
 import org.hyperledger.besu.datatypes.Address;
 import org.hyperledger.besu.evm.EVM;
+import org.hyperledger.besu.evm.frame.ExceptionalHaltReason;
 import org.hyperledger.besu.evm.frame.MessageFrame;
 import org.hyperledger.besu.evm.gascalculator.GasCalculator;
 import org.hyperledger.besu.evm.operation.CallCodeOperation;
@@ -58,6 +60,10 @@ public OperationResult executeUnchecked(@NonNull MessageFrame frame, @NonNull EV
 
     @Override
     public OperationResult execute(@NonNull final MessageFrame frame, @NonNull final EVM evm) {
+        // Call code operations originating from a hook execution are not allowed
+        if (FrameUtils.isHookExecution(frame)) {
+            return new OperationResult(0, ExceptionalHaltReason.INVALID_OPERATION);
+        }
         return BasicCustomCallOperation.super.executeChecked(frame, evm);
     }
 }

hedera-node/hedera-smart-contract-service-impl/src/main/java/com/hedera/node/app/service/contract/impl/exec/operations/CustomCallOperation.java

@@ -2,6 +2,7 @@
 package com.hedera.node.app.service.contract.impl.exec.operations;
 
 import static com.hedera.node.app.service.contract.impl.exec.failure.CustomExceptionalHaltReason.INVALID_SOLIDITY_ADDRESS;
+import static com.hedera.node.app.service.contract.impl.exec.systemcontracts.HtsSystemContract.HTS_HOOKS_CONTRACT_ADDRESS;
 import static com.hedera.node.app.service.contract.impl.exec.utils.FrameUtils.contractRequired;
 import static com.hedera.node.app.service.contract.impl.utils.ConversionUtils.isLongZero;
 
@@ -77,6 +78,15 @@ public OperationResult execute(@NonNull final MessageFrame frame, @NonNull final
         }
     }
 
+    @Override
+    public Address sender(final MessageFrame frame) {
+        if (frame.getRecipientAddress().equals(HTS_HOOKS_CONTRACT_ADDRESS)) {
+            // If the sender is the HTS hooks contract, we want to use the owner of the hook as the sender
+            return FrameUtils.hookOwnerAddress(frame);
+        }
+        return super.sender(frame);
+    }
+
     private boolean mustBePresent(@NonNull final MessageFrame frame, @NonNull final Address toAddress) {
         // This call will create the "to" address, so it doesn't need to be present
         if (impliesLazyCreation(frame, toAddress) && featureFlags.isImplicitCreationEnabled()) {