tronprotocol
diff --git a/‎.github/ISSUE_TEMPLATE/ask-a-question.md‎
Lines changed: 2 additions & 20 deletions b/‎.github/ISSUE_TEMPLATE/ask-a-question.md‎
Lines changed: 2 additions & 20 deletions
diff --git a/‎.github/ISSUE_TEMPLATE/report-a-bug.md‎
Lines changed: 1 addition & 1 deletion b/‎.github/ISSUE_TEMPLATE/report-a-bug.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/ISSUE_TEMPLATE/request-a-feature.md‎
Lines changed: 1 addition & 1 deletion b/‎.github/ISSUE_TEMPLATE/request-a-feature.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/codeql.yml‎
Lines changed: 64 additions & 0 deletions b/‎.github/workflows/codeql.yml‎
Lines changed: 64 additions & 0 deletions
diff --git a/‎.gitignore‎
Lines changed: 1 addition & 0 deletions b/‎.gitignore‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎README.md‎
Lines changed: 10 additions & 11 deletions b/‎README.md‎
Lines changed: 10 additions & 11 deletions
diff --git a/‎SECURITY.md‎
Lines changed: 7 additions & 0 deletions b/‎SECURITY.md‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎actuator/build.gradle‎
Lines changed: 1 addition & 22 deletions b/‎actuator/build.gradle‎
Lines changed: 1 addition & 22 deletions
diff --git a/‎actuator/src/main/java/org/tron/core/actuator/CancelAllUnfreezeV2Actuator.java‎
Lines changed: 5 additions & 0 deletions b/‎actuator/src/main/java/org/tron/core/actuator/CancelAllUnfreezeV2Actuator.java‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎actuator/src/main/java/org/tron/core/actuator/DelegateResourceActuator.java‎
Lines changed: 22 additions & 36 deletions b/‎actuator/src/main/java/org/tron/core/actuator/DelegateResourceActuator.java‎
Lines changed: 22 additions & 36 deletions
@@ -2,27 +2,9 @@
 name: Ask a question
 about: Something is unclear
 title: ''
-labels: ''
+labels: 'type:docs'
 assignees: ''
 
 ---
-
-<!-- Please answer these questions before submitting your issue. Thanks! -->
-
-### System information
-
-java-tron version: `java -jar FullNode.jar -v`
-OS & Version: Windows/Linux/OSX
-
-
-### 1. What did you do?
-<!--If possible, provide a recipe for reproducing the error. -->
-
-
-### 2. What did you expect to see?
-
-
-
-### 3. What did you see instead?
-
+This should only be used in very rare cases e.g. if you are not 100% sure if something is a bug or asking a question that leads to improving the documentation. For general questions please use [Discord](https://discord.gg/cGKSsRVCGm) or [Telegram](https://t.me/TronOfficialDevelopersGroupEn).
 
@@ -2,7 +2,7 @@
 name: Report a bug
 about: Create a report to help us improve
 title: ''
-labels: ''
+labels: 'type:bug'
 assignees: ''
 
 ---
 
@@ -2,7 +2,7 @@
 name: Request a feature
 about: Suggest an idea for this project
 title: ''
-labels: ''
+labels: 'type:feature'
 assignees: ''
 
 ---
 
@@ -0,0 +1,64 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ 'develop', 'master', 'release_**' ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ 'develop' ]
+  schedule:
+    - cron: '6 10 * * 0'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'java' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Use only 'java' to analyze code written in Java, Kotlin or both
+        # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both
+        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+
+        # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        # queries: security-extended,security-and-quality
+
+    # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v2
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+
+    #   If the Autobuild fails above, remove it and uncomment the following three lines.
+    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
+
+    # - run: |
+    #     echo "Run, Build Application using script"
+    #     ./location_of_script_within_repo/buildscript.sh
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2
+      with:
+        category: "/language:${{matrix.language}}"
@@ -56,3 +56,4 @@ Wallet
 /vm_trace/
 
 /framework/propPath
+.cache
@@ -42,15 +42,14 @@
 </p>
 
 ## Table of Contents
-- [What’s TRON?](#What’s-TRON)
-- [Building the Source Code](#Building-the-source)
-  - [Getting the Source Code](#Getting-the-Source-Code)
-  - [Build](#Build)
-- [Running java-tron](#Running-java-tron)
-- [Community](#Community)
-- [Contribution](#Contribution)
-- [Resources](#Resources)
-- [License](#License)
+- [What’s TRON?](#whats-tron)
+- [Building the Source Code](#building-the-source)
+- [Running java-tron](#running-java-tron)
+- [Community](#community)
+- [Contribution](#contribution)
+- [Resources](#resources)
+- [Integrity Check](#integrity-check)
+- [License](#license)
 
 ## What's TRON?
 
@@ -63,7 +62,7 @@ TRON is a project dedicated to building the infrastructure for a truly decentral
 TRON enables large-scale development and engagement. With over 2000 transactions per second (TPS), high concurrency, low latency, and massive data transmission. It is ideal for building decentralized entertainment applications. Free features and incentive systems allow developers to create premium app experiences for users.
 
 # Building the source
-Building java-tron requires `git` and `Oracle JDK 1.8` to be installed, other JDK versions are not supported yet. Make sure you operate on `Linux` and `MacOS` operating systems.
+Building java-tron requires `git` and 64-bit version of `Oracle JDK 1.8` to be installed, other JDK versions are not supported yet. Make sure you operate on `Linux` and `MacOS` operating systems.
 
 Clone the repo and switch to the `master` branch
 
@@ -79,7 +78,7 @@ $ ./gradlew clean build -x test
 
 
 # Running java-tron
-Running java-tron requires `Oracle JDK 1.8` to be installed, other JDK versions are not supported yet. Make sure you operate on `Linux` and `MacOS` operating systems.
+Running java-tron requires 64-bit version of `Oracle JDK 1.8` to be installed, other JDK versions are not supported yet. Make sure you operate on `Linux` and `MacOS` operating systems.
 
 Get the mainnet configuration file: [main_net_config.conf](https://github.com/tronprotocol/tron-deployment/blob/master/main_net_config.conf), other network configuration files can be find [here](https://github.com/tronprotocol/tron-deployment).
 ## Hardware Requirements
 
@@ -0,0 +1,7 @@
+## Supported Versions
+Please see [Releases](https://github.com/tronprotocol/java-tron/releases). We recommend using the [most recently released version](https://github.com/tronprotocol/java-tron/releases/latest).
+
+## Reporting a Vulnerability
+**Please do not file a public ticket** mentioning the vulnerability.
+To find out how to report a vulnerability in TRON, visit [https://hackerone.com/tron_dao](https://hackerone.com/tron_dao?type=team) or email [[email protected]](mailto:[email protected]).  
+Please read the [disclosure policy](https://www.hackerone.com/disclosure-guidelines) for more information about publicly disclosed security vulnerabilities.
@@ -16,8 +16,6 @@ dependencies {
     testImplementation "junit:junit:$junitVersion"
     testImplementation "org.mockito:mockito-core:$mockitoVersion"
 
-    testImplementation "org.testng:testng:$testNgVersion"
-
     compile "org.slf4j:jcl-over-slf4j:$slf4jVersion"
     compile group: 'org.bouncycastle', name: 'bcprov-jdk15on', version: '1.69'
     compile group: 'commons-codec', name: 'commons-codec', version: '1.11'
@@ -49,34 +47,15 @@ test {
     }
 }
 
-task testng(type: Test) {
-    useTestNG()
-    testLogging {
-        events = ["skipped", "failed"]
-        exceptionFormat = "full"
-
-        debug.events = ["skipped", "failed"]
-        debug.exceptionFormat = "full"
-
-        info.events = ["failed", "skipped"]
-        info.exceptionFormat = "full"
-
-        warn.events = ["failed", "skipped"]
-        warn.exceptionFormat = "full"
-    }
-}
-
 jacocoTestReport {
     reports {
         xml.enabled = true
         html.enabled = true
     }
-    executionData.from = '../framework/build/jacoco/jacocoTest.exec'
+    getExecutionData().setFrom(fileTree('../framework/build/jacoco').include("**.exec"))
     afterEvaluate {
         classDirectories.from = classDirectories.files.collect {
             fileTree(dir: it,)
         }
     }
 }
-
-check.dependsOn testng
@@ -58,6 +58,11 @@ public boolean execute(Object result) throws ContractExeException {
     List<UnFreezeV2> unfrozenV2List = ownerCapsule.getUnfrozenV2List();
     long now = dynamicStore.getLatestBlockHeaderTimestamp();
     AtomicLong atomicWithdrawExpireBalance = new AtomicLong(0L);
+    /* The triple object is defined by resource type, with left representing the pair object
+    corresponding to bandwidth, middle representing the pair object corresponding to energy, and
+    right representing the pair object corresponding to tron power. The pair object for each
+    resource type, left represents resource weight, and right represents the number of unfreeze
+    resources for that resource type. */
     Triple<Pair<AtomicLong, AtomicLong>, Pair<AtomicLong, AtomicLong>, Pair<AtomicLong, AtomicLong>>
         triple = Triple.of(
         Pair.of(new AtomicLong(0L), new AtomicLong(0L)),
 
@@ -1,11 +1,14 @@
 package org.tron.core.actuator;
 
 import static org.tron.core.actuator.ActuatorConstant.NOT_EXIST_STR;
+import static org.tron.core.config.Parameter.ChainConstant.BLOCK_PRODUCED_INTERVAL;
 import static org.tron.core.config.Parameter.ChainConstant.DELEGATE_PERIOD;
 import static org.tron.core.config.Parameter.ChainConstant.TRX_PRECISION;
 import static org.tron.protos.contract.Common.ResourceCode;
 import static org.tron.protos.contract.Common.ResourceCode.BANDWIDTH;
 import static org.tron.protos.contract.Common.ResourceCode.ENERGY;
+import static org.tron.core.vm.utils.FreezeV2Util.getV2EnergyUsage;
+import static org.tron.core.vm.utils.FreezeV2Util.getV2NetUsage;
 
 import com.google.protobuf.ByteString;
 import com.google.protobuf.InvalidProtocolBufferException;
@@ -64,7 +67,8 @@ public boolean execute(Object result) throws ContractExeException {
     DynamicPropertiesStore dynamicStore = chainBaseManager.getDynamicPropertiesStore();
     long delegateBalance = delegateResourceContract.getBalance();
     boolean lock = delegateResourceContract.getLock();
-    long lockPeriod = getLockPeriod(dynamicStore, delegateResourceContract);
+    long lockPeriod = getLockPeriod(dynamicStore.supportMaxDelegateLockPeriod(),
+            delegateResourceContract);
     byte[] receiverAddress = delegateResourceContract.getReceiverAddress().toByteArray();
 
     // delegate resource to receiver
@@ -143,7 +147,7 @@ public boolean validate() throws ContractValidateException {
 
     long delegateBalance = delegateResourceContract.getBalance();
     if (delegateBalance < TRX_PRECISION) {
-      throw new ContractValidateException("delegateBalance must be more than 1TRX");
+      throw new ContractValidateException("delegateBalance must be greater than or equal to 1 TRX");
     }
 
     switch (delegateResourceContract.getResource()) {
@@ -153,22 +157,15 @@ public boolean validate() throws ContractValidateException {
 
         long accountNetUsage = ownerCapsule.getNetUsage();
         if (null != this.getTx() && this.getTx().isTransactionCreate()) {
-          accountNetUsage += TransactionUtil.estimateConsumeBandWidthSize(ownerCapsule,
-              chainBaseManager);
+          accountNetUsage += TransactionUtil.estimateConsumeBandWidthSize(dynamicStore,
+                  ownerCapsule.getFrozenV2BalanceForBandwidth());
         }
         long netUsage = (long) (accountNetUsage * TRX_PRECISION * ((double)
             (dynamicStore.getTotalNetWeight()) / dynamicStore.getTotalNetLimit()));
-
-        long remainNetUsage = netUsage
-            - ownerCapsule.getFrozenBalance()
-            - ownerCapsule.getAcquiredDelegatedFrozenBalanceForBandwidth()
-            - ownerCapsule.getAcquiredDelegatedFrozenV2BalanceForBandwidth();
-
-        remainNetUsage = Math.max(0, remainNetUsage);
-
-        if (ownerCapsule.getFrozenV2BalanceForBandwidth() - remainNetUsage < delegateBalance) {
+        long v2NetUsage = getV2NetUsage(ownerCapsule, netUsage);
+        if (ownerCapsule.getFrozenV2BalanceForBandwidth() - v2NetUsage < delegateBalance) {
           throw new ContractValidateException(
-              "delegateBalance must be less than available FreezeBandwidthV2 balance");
+              "delegateBalance must be less than or equal to available FreezeBandwidthV2 balance");
         }
       }
       break;
@@ -178,17 +175,10 @@ public boolean validate() throws ContractValidateException {
 
         long energyUsage = (long) (ownerCapsule.getEnergyUsage() * TRX_PRECISION * ((double)
             (dynamicStore.getTotalEnergyWeight()) / dynamicStore.getTotalEnergyCurrentLimit()));
-
-        long remainEnergyUsage = energyUsage
-            - ownerCapsule.getEnergyFrozenBalance()
-            - ownerCapsule.getAcquiredDelegatedFrozenBalanceForEnergy()
-            - ownerCapsule.getAcquiredDelegatedFrozenV2BalanceForEnergy();
-
-        remainEnergyUsage = Math.max(0, remainEnergyUsage);
-
-        if (ownerCapsule.getFrozenV2BalanceForEnergy() - remainEnergyUsage < delegateBalance) {
+        long v2EnergyUsage = getV2EnergyUsage(ownerCapsule, energyUsage);
+        if (ownerCapsule.getFrozenV2BalanceForEnergy() - v2EnergyUsage < delegateBalance) {
           throw new ContractValidateException(
-                  "delegateBalance must be less than available FreezeEnergyV2 balance");
+                  "delegateBalance must be less than or equal to available FreezeEnergyV2 balance");
         }
       }
       break;
@@ -199,7 +189,7 @@ public boolean validate() throws ContractValidateException {
 
     byte[] receiverAddress = delegateResourceContract.getReceiverAddress().toByteArray();
 
-    if (ArrayUtils.isEmpty(receiverAddress) || !DecodeUtil.addressValid(receiverAddress)) {
+    if (!DecodeUtil.addressValid(receiverAddress)) {
       throw new ContractValidateException("Invalid receiverAddress");
     }
 
@@ -219,7 +209,7 @@ public boolean validate() throws ContractValidateException {
 
     boolean lock = delegateResourceContract.getLock();
     if (lock && dynamicStore.supportMaxDelegateLockPeriod()) {
-      long lockPeriod = getLockPeriod(dynamicStore, delegateResourceContract);
+      long lockPeriod = getLockPeriod(true, delegateResourceContract);
       long maxDelegateLockPeriod = dynamicStore.getMaxDelegateLockPeriod();
       if (lockPeriod < 0 || lockPeriod > maxDelegateLockPeriod) {
         throw new ContractValidateException(
@@ -257,20 +247,20 @@ public boolean validate() throws ContractValidateException {
     return true;
   }
 
-  private long getLockPeriod(DynamicPropertiesStore dynamicStore,
+  private long getLockPeriod(boolean supportMaxDelegateLockPeriod,
       DelegateResourceContract delegateResourceContract) {
     long lockPeriod = delegateResourceContract.getLockPeriod();
-    if (dynamicStore.supportMaxDelegateLockPeriod()) {
-      return lockPeriod == 0 ? DELEGATE_PERIOD / 3000 : lockPeriod;
+    if (supportMaxDelegateLockPeriod) {
+      return lockPeriod == 0 ? DELEGATE_PERIOD / BLOCK_PRODUCED_INTERVAL : lockPeriod;
     } else {
-      return 0;
+      return DELEGATE_PERIOD / BLOCK_PRODUCED_INTERVAL;
     }
   }
 
   private void validRemainTime(ResourceCode resourceCode, long lockPeriod, long expireTime,
       long now) throws ContractValidateException {
     long remainTime = expireTime - now;
-    if (lockPeriod * 3 * 1000 < remainTime) {
+    if (lockPeriod * BLOCK_PRODUCED_INTERVAL < remainTime) {
       throw new ContractValidateException(
           "The lock period for " + resourceCode.name() + " this time cannot be less than the "
               + "remaining time[" + remainTime + "ms] of the last lock period for "
@@ -303,11 +293,7 @@ private void delegateResource(byte[] ownerAddress, byte[] receiverAddress, boole
     //modify DelegatedResourceStore
     long expireTime = 0;
     if (lock) {
-      if (dynamicPropertiesStore.supportMaxDelegateLockPeriod()) {
-        expireTime = now + lockPeriod * 3 * 1000;
-      } else {
-        expireTime = now + DELEGATE_PERIOD;
-      }
+      expireTime = now + lockPeriod * BLOCK_PRODUCED_INTERVAL;
     }
     byte[] key = DelegatedResourceCapsule.createDbKeyV2(ownerAddress, receiverAddress, lock);
     DelegatedResourceCapsule delegatedResourceCapsule = delegatedResourceStore.get(key);
Original file line number	Diff line number	Diff line change
`@@ -56,3 +56,4 @@ Wallet`
`56`	`56`	`/vm_trace/`
`57`	`57`
`58`	`58`	`/framework/propPath`
	`59`	`+.cache`