feat(config): change allowShieldedTransactionApi default to false for security

1. change shielded transaction API default from true to false in config.conf
2. update Args.java and CommonParameter.java to reflect new default
3. add allowShieldedTransactionApi to whitelist config
4. replace arithmetic operators with StrictMathWrapper for overflow protection
5. update test to handle ArithmeticException from StrictMathWrapper.subtractExact

Closes #6611

Author: Federico2014

common/src/main/java/org/tron/common/parameter/CommonParameter.java

@@ -335,7 +335,7 @@ public class CommonParameter {
 
   @Getter
   @Setter
-  public boolean allowShieldedTransactionApi; // clearParam: true
+  public boolean allowShieldedTransactionApi = false;
   @Getter
   @Setter
   public long blockNumForEnergyLimit;

framework/src/main/java/org/tron/core/config/args/Args.java

@@ -726,7 +726,7 @@ public static void applyConfigParams(
       logger.warn("Configuring [node.fullNodeAllowShieldedTransaction] will be deprecated. "
           + "Please use [node.allowShieldedTransactionApi] instead.");
     } else {
-      PARAMETER.allowShieldedTransactionApi = true;
+      PARAMETER.allowShieldedTransactionApi = false;
     }
 
     PARAMETER.zenTokenId = config.hasPath(ConfigKey.NODE_ZEN_TOKENID)

framework/src/main/java/org/tron/core/zen/ShieldedTRC20ParametersBuilder.java

@@ -14,6 +14,7 @@
 import org.tron.api.GrpcAPI;
 import org.tron.api.GrpcAPI.BytesMessage;
 import org.tron.api.GrpcAPI.ShieldedTRC20Parameters;
+import org.tron.common.math.StrictMathWrapper;
 import org.tron.common.utils.ByteArray;
 import org.tron.common.utils.ByteUtil;
 import org.tron.common.utils.Sha256Hash;
@@ -548,7 +549,7 @@ public void addSpend(
       byte[] path,
       long position) throws ZksnarkException {
     spends.add(new SpendDescriptionInfo(expsk, note, anchor, path, position));
-    valueBalance += note.getValue();
+    valueBalance = StrictMathWrapper.addExact(valueBalance, note.getValue());
   }
 
   public void addSpend(
@@ -559,7 +560,7 @@ public void addSpend(
       byte[] path,
       long position) {
     spends.add(new SpendDescriptionInfo(expsk, note, alpha, anchor, path, position));
-    valueBalance += note.getValue();
+    valueBalance = StrictMathWrapper.addExact(valueBalance, note.getValue());
   }
 
   public void addSpend(
@@ -571,22 +572,22 @@ public void addSpend(
       byte[] path,
       long position) {
     spends.add(new SpendDescriptionInfo(ak, nsk, note, alpha, anchor, path, position));
-    valueBalance += note.getValue();
+    valueBalance = StrictMathWrapper.addExact(valueBalance, note.getValue());
   }
 
   public void addOutput(byte[] ovk, PaymentAddress to, long value, byte[] memo)
       throws ZksnarkException {
     Note note = new Note(to, value);
     note.setMemo(memo);
     receives.add(new ReceiveDescriptionInfo(ovk, note));
-    valueBalance -= value;
+    valueBalance = StrictMathWrapper.subtractExact(valueBalance, value);
   }
 
   public void addOutput(byte[] ovk, DiversifierT d, byte[] pkD, long value, byte[] r, byte[] memo) {
     Note note = new Note(d, pkD, value, r);
     note.setMemo(memo);
     receives.add(new ReceiveDescriptionInfo(ovk, note));
-    valueBalance -= value;
+    valueBalance = StrictMathWrapper.subtractExact(valueBalance, value);
   }
 
   public static class SpendDescriptionInfo {

framework/src/main/java/org/tron/core/zen/ZenTransactionBuilder.java

@@ -10,6 +10,7 @@
 import lombok.Setter;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.ArrayUtils;
+import org.tron.common.math.StrictMathWrapper;
 import org.tron.common.utils.ByteArray;
 import org.tron.common.zksnark.IncrementalMerkleVoucherContainer;
 import org.tron.common.zksnark.JLibrustzcash;
@@ -67,7 +68,7 @@ public ZenTransactionBuilder() {
 
   public void addSpend(SpendDescriptionInfo spendDescriptionInfo) {
     spends.add(spendDescriptionInfo);
-    valueBalance += spendDescriptionInfo.note.getValue();
+    valueBalance = StrictMathWrapper.addExact(valueBalance, spendDescriptionInfo.note.getValue());
   }
 
   public void addSpend(
@@ -76,7 +77,7 @@ public void addSpend(
       byte[] anchor,
       IncrementalMerkleVoucherContainer voucher) throws ZksnarkException {
     spends.add(new SpendDescriptionInfo(expsk, note, anchor, voucher));
-    valueBalance += note.getValue();
+    valueBalance = StrictMathWrapper.addExact(valueBalance, note.getValue());
   }
 
   public void addSpend(
@@ -86,7 +87,7 @@ public void addSpend(
       byte[] anchor,
       IncrementalMerkleVoucherContainer voucher) {
     spends.add(new SpendDescriptionInfo(expsk, note, alpha, anchor, voucher));
-    valueBalance += note.getValue();
+    valueBalance = StrictMathWrapper.addExact(valueBalance, note.getValue());
   }
 
   public void addSpend(
@@ -98,22 +99,22 @@ public void addSpend(
       byte[] anchor,
       IncrementalMerkleVoucherContainer voucher) {
     spends.add(new SpendDescriptionInfo(ak, nsk, ovk, note, alpha, anchor, voucher));
-    valueBalance += note.getValue();
+    valueBalance = StrictMathWrapper.addExact(valueBalance, note.getValue());
   }
 
   public void addOutput(byte[] ovk, PaymentAddress to, long value, byte[] memo)
       throws ZksnarkException {
     Note note = new Note(to, value);
     note.setMemo(memo);
     receives.add(new ReceiveDescriptionInfo(ovk, note));
-    valueBalance -= value;
+    valueBalance = StrictMathWrapper.subtractExact(valueBalance, value);
   }
 
   public void addOutput(byte[] ovk, DiversifierT d, byte[] pkD, long value, byte[] r, byte[] memo) {
     Note note = new Note(d, pkD, value, r);
     note.setMemo(memo);
     receives.add(new ReceiveDescriptionInfo(ovk, note));
-    valueBalance -= value;
+    valueBalance = StrictMathWrapper.subtractExact(valueBalance, value);
   }
 
   public void setTransparentInput(byte[] address, long value) {

framework/src/main/resources/config.conf

@@ -178,7 +178,10 @@ node {
 
   minParticipationRate = 15
 
-  # allowShieldedTransactionApi = true
+  # WARNING: Some shielded transaction APIs require sending private keys as parameters.
+  # Calling these APIs on untrusted or remote nodes may leak your private keys.
+  # It is recommended to invoke them locally for development and testing.
+  # allowShieldedTransactionApi = false
 
   # openPrintLog = true
 

framework/src/test/java/org/tron/core/ShieldedTRC20BuilderTest.java

@@ -76,6 +76,7 @@ public class ShieldedTRC20BuilderTest extends BaseTest {
   @BeforeClass
   public static void initZksnarkParams() {
     ZksnarkInitService.librustzcashInitZksnarkParams();
+    Args.getInstance().allowShieldedTransactionApi = true;
   }
 
   @Ignore
@@ -2461,6 +2462,4 @@ private byte[] longTo32Bytes(long value) {
     byte[] zeroBytes = new byte[24];
     return ByteUtil.merge(zeroBytes, longBytes);
   }
-
-
 }

framework/src/test/java/org/tron/core/actuator/ShieldedTransferActuatorTest.java

@@ -1157,6 +1157,9 @@ public void publicAddressToShieldNoteValueFailure() {
       actuator.validate();
       actuator.execute(ret);
       Assert.assertTrue(false);
+    } catch (ArithmeticException e) {
+      // StrictMathWrapper.subtractExact throws ArithmeticException on overflow
+      Assert.assertTrue(true);
     } catch (ContractValidateException e) {
       Assert.assertTrue(e instanceof ContractValidateException);
       Assert.assertEquals("librustzcashSaplingFinalCheck error", e.getMessage());

framework/src/test/java/org/tron/core/services/RpcApiServicesTest.java

@@ -150,6 +150,7 @@ public class RpcApiServicesTest {
   public static void init() throws IOException {
     Args.setParam(new String[] {"-d", temporaryFolder.newFolder().toString()},
         TestConstants.TEST_CONF);
+    getInstance().allowShieldedTransactionApi = true;
     Assert.assertEquals(5, getInstance().getRpcMaxRstStream());
     Assert.assertEquals(10, getInstance().getRpcSecondsPerWindow());
     String OWNER_ADDRESS = Wallet.getAddressPreFixString()

framework/src/test/java/org/tron/core/services/http/CreateSpendAuthSigServletTest.java

@@ -24,6 +24,7 @@ public class CreateSpendAuthSigServletTest extends BaseTest {
                 "--output-directory", dbPath(),
             }, TestConstants.TEST_CONF
     );
+    Args.getInstance().allowShieldedTransactionApi = true;
   }
 
   @Resource

framework/src/test/java/org/tron/core/zksnark/MerkleContainerTest.java

@@ -40,6 +40,7 @@ public class MerkleContainerTest extends BaseTest {
 
   static {
     Args.setParam(new String[]{"-d", dbPath()}, TestConstants.TEST_CONF);
+    Args.getInstance().allowShieldedTransactionApi = true;
   }
 
   /*@Before