feat(crypto): shielded transaction API security enhancement (#6694)

Author: Federico2014

common/src/main/java/org/tron/common/parameter/CommonParameter.java

@@ -338,7 +338,7 @@ public class CommonParameter {
 
   @Getter
   @Setter
-  public boolean allowShieldedTransactionApi; // clearParam: true
+  public boolean allowShieldedTransactionApi; // clearParam: false
   @Getter
   @Setter
   public long blockNumForEnergyLimit;

common/src/main/java/org/tron/core/config/args/NodeConfig.java

@@ -86,7 +86,7 @@ public class NodeConfig {
   private boolean unsolidifiedBlockCheck = false;
   private int maxUnsolidifiedBlocks = 54;
   private String zenTokenId = "000000";
-  private boolean allowShieldedTransactionApi = true;
+  private boolean allowShieldedTransactionApi = false;
   private double activeConnectFactor = 0.1;
   private double connectFactor = 0.6;
   // Legacy alias `maxActiveNodesWithSameIp` has no bean field: we only peek at it via

common/src/main/java/org/tron/core/exception/ZksnarkException.java

@@ -9,4 +9,8 @@ public ZksnarkException() {
   public ZksnarkException(String message) {
     super(message);
   }
+
+  public ZksnarkException(String message, Throwable cause) {
+    super(message, cause);
+  }
 }

common/src/main/resources/reference.conf

@@ -215,7 +215,7 @@ node {
   minParticipationRate = 0
 
   # Whether to enable shielded transaction API
-  allowShieldedTransactionApi = true
+  allowShieldedTransactionApi = false
 
   # Whether to print config log at startup
   openPrintLog = true

common/src/test/java/org/tron/core/config/args/NodeConfigTest.java

@@ -284,26 +284,26 @@ public void testLegacyAliasTakesPriorityOverModernKey() {
   }
 
   @Test
-  public void testShieldedApiDefaultsToTrueWhenNeitherKeySet() {
+  public void testShieldedApiDefaultsToFalseWhenNeitherKeySet() {
     NodeConfig nc = NodeConfig.fromConfig(withRef());
-    assertTrue(nc.isAllowShieldedTransactionApi());
+    assertFalse(nc.isAllowShieldedTransactionApi());
   }
 
   @Test
   public void testShieldedApiModernKeyRespected() {
     NodeConfig nc = NodeConfig.fromConfig(
-        withRef("node.allowShieldedTransactionApi = false"));
-    assertFalse(nc.isAllowShieldedTransactionApi());
+        withRef("node.allowShieldedTransactionApi = true"));
+    assertTrue(nc.isAllowShieldedTransactionApi());
   }
 
   @Test
   public void testShieldedApiLegacyKeyRespected() {
-    // Regression guard: reference.conf ships `allowShieldedTransactionApi = true`, which
+    // Regression guard: reference.conf ships `allowShieldedTransactionApi = false`, which
     // used to make the legacy-key fallback dead code. A user who only set the legacy key
     // must still have their value honored.
     NodeConfig nc = NodeConfig.fromConfig(
-        withRef("node.fullNodeAllowShieldedTransaction = false"));
-    assertFalse(nc.isAllowShieldedTransactionApi());
+        withRef("node.fullNodeAllowShieldedTransaction = true"));
+    assertTrue(nc.isAllowShieldedTransactionApi());
   }
 
   @Test

common/src/test/java/org/tron/core/exception/ZksnarkExceptionTest.java

@@ -0,0 +1,29 @@
+package org.tron.core.exception;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+public class ZksnarkExceptionTest {
+
+  @Test
+  public void testNoArgConstructor() {
+    ZksnarkException e = new ZksnarkException();
+    Assert.assertNull(e.getMessage());
+    Assert.assertNull(e.getCause());
+  }
+
+  @Test
+  public void testMessageConstructor() {
+    ZksnarkException e = new ZksnarkException("boom");
+    Assert.assertEquals("boom", e.getMessage());
+    Assert.assertNull(e.getCause());
+  }
+
+  @Test
+  public void testMessageAndCauseConstructor() {
+    Throwable cause = new ArithmeticException("overflow");
+    ZksnarkException e = new ZksnarkException("wrapped", cause);
+    Assert.assertEquals("wrapped", e.getMessage());
+    Assert.assertSame(cause, e.getCause());
+  }
+}