Re-implement limits and AML guard

Author: jeffyanta

go.mod

@@ -5,7 +5,7 @@ go 1.23.0
 require (
 	github.com/aws/aws-sdk-go-v2 v0.17.0
 	github.com/bits-and-blooms/bloom/v3 v3.1.0
-	github.com/code-payments/code-protobuf-api v1.19.1-0.20250429171947-b8896029c856
+	github.com/code-payments/code-protobuf-api v1.19.1-0.20250514180326-b429b6cc7221
 	github.com/code-payments/code-vm-indexer v0.1.11-0.20241028132209-23031e814fba
 	github.com/emirpasic/gods v1.12.0
 	github.com/envoyproxy/protoc-gen-validate v1.2.1

go.sum

@@ -78,8 +78,8 @@ github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnht
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cockroachdb/apd v1.1.0 h1:3LFP3629v+1aKXU5Q37mxmRxX/pIu1nijXydLShEq5I=
 github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ=
-github.com/code-payments/code-protobuf-api v1.19.1-0.20250429171947-b8896029c856 h1:qHd5MHS7948r1DJgY9wRRuNIrISLmcG7SK3I8ui7ilc=
-github.com/code-payments/code-protobuf-api v1.19.1-0.20250429171947-b8896029c856/go.mod h1:ee6TzKbgMS42ZJgaFEMG3c4R3dGOiffHSu6MrY7WQvs=
+github.com/code-payments/code-protobuf-api v1.19.1-0.20250514180326-b429b6cc7221 h1:7NZ/JOCHYx1G784ekmBdsCrHWLKtIwjz3x6dH2lRp1o=
+github.com/code-payments/code-protobuf-api v1.19.1-0.20250514180326-b429b6cc7221/go.mod h1:ee6TzKbgMS42ZJgaFEMG3c4R3dGOiffHSu6MrY7WQvs=
 github.com/code-payments/code-vm-indexer v0.1.11-0.20241028132209-23031e814fba h1:Bkp+gmeb6Y2PWXfkSCTMBGWkb2P1BujRDSjWeI+0j5I=
 github.com/code-payments/code-vm-indexer v0.1.11-0.20241028132209-23031e814fba/go.mod h1:jSiifpiBpyBQ8q2R0MGEbkSgWC6sbdRTyDBntmW+j1E=
 github.com/containerd/continuity v0.0.0-20190827140505-75bee3e2ccb6 h1:NmTXa/uVnDyp0TY5MKi197+3HWcnYWfnHGyaFthlnGw=

pkg/code/aml/guard.go

@@ -0,0 +1,90 @@
+package aml
+
+import (
+	"context"
+	"errors"
+	"time"
+
+	"github.com/sirupsen/logrus"
+
+	code_data "github.com/code-payments/code-server/pkg/code/data"
+	"github.com/code-payments/code-server/pkg/code/data/intent"
+	"github.com/code-payments/code-server/pkg/code/limit"
+	currency_util "github.com/code-payments/code-server/pkg/currency"
+	"github.com/code-payments/code-server/pkg/metrics"
+)
+
+var (
+	// These limits are intentionally higher than that enforced on clients,
+	// so we can do better rounding on limits per currency.
+	//
+	// todo: configurable
+	maxUsdTransactionValue = 2.0 * limit.SendLimits[currency_util.USD].PerTransaction
+	maxDailyUsdLimit       = 1.5 * limit.SendLimits[currency_util.USD].Daily
+)
+
+// Guard gates money movement by applying rules on operations of interest to
+// discourage money laundering.
+type Guard struct {
+	log  *logrus.Entry
+	data code_data.Provider
+}
+
+func NewGuard(data code_data.Provider) *Guard {
+	return &Guard{
+		log:  logrus.StandardLogger().WithField("type", "aml/guard"),
+		data: data,
+	}
+}
+
+// AllowMoneyMovement determines whether an intent that moves funds is allowed
+// to be executed.
+func (g *Guard) AllowMoneyMovement(ctx context.Context, intentRecord *intent.Record) (bool, error) {
+	tracer := metrics.TraceMethodCall(ctx, metricsStructName, "AllowMoneyMovement")
+	defer tracer.End()
+
+	var usdMarketValue float64
+	var consumptionCalculator func(ctx context.Context, owner string, since time.Time) (uint64, float64, error)
+	switch intentRecord.IntentType {
+	case intent.SendPublicPayment:
+		// Public sends are subject to USD-based limits
+		usdMarketValue = intentRecord.SendPublicPaymentMetadata.UsdMarketValue
+		consumptionCalculator = g.data.GetTransactedAmountForAntiMoneyLaundering
+	case intent.ReceivePaymentsPublicly:
+		// Public receives are always allowed
+		return true, nil
+	default:
+		err := errors.New("intent record must be a send or receive payment")
+		tracer.OnError(err)
+		return false, err
+	}
+
+	log := g.log.WithFields(logrus.Fields{
+		"method":    "AllowMoneyMovement",
+		"owner":     intentRecord.InitiatorOwnerAccount,
+		"usd_value": usdMarketValue,
+	})
+
+	// Bound the maximum dollar value of a payment
+	if usdMarketValue > maxUsdTransactionValue {
+		log.Info("denying intent that exceeds per-transaction usd value")
+		recordDenialEvent(ctx, "exceeds per-transaction usd value")
+		return false, nil
+	}
+
+	// Bound the maximum dollar value of payments in the last day
+	_, usdInLastDay, err := consumptionCalculator(ctx, intentRecord.InitiatorOwnerAccount, time.Now().Add(-24*time.Hour))
+	if err != nil {
+		log.WithError(err).Warn("failure calculating previous day transaction amount")
+		tracer.OnError(err)
+		return false, err
+	}
+
+	if usdInLastDay+usdMarketValue > maxDailyUsdLimit {
+		log.Info("denying intent that exceeds daily usd limit")
+		recordDenialEvent(ctx, "exceeds daily usd value")
+		return false, nil
+	}
+
+	return true, nil
+}

pkg/code/aml/guard_test.go

@@ -0,0 +1,192 @@
+package aml
+
+import (
+	"context"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/code-payments/code-server/pkg/code/common"
+	code_data "github.com/code-payments/code-server/pkg/code/data"
+	"github.com/code-payments/code-server/pkg/code/data/currency"
+	"github.com/code-payments/code-server/pkg/code/data/intent"
+	currency_lib "github.com/code-payments/code-server/pkg/currency"
+	"github.com/code-payments/code-server/pkg/testutil"
+)
+
+func TestGuard_SendPublicPayment_TransactionValue(t *testing.T) {
+	env := setupAmlTest(t)
+
+	owner := testutil.NewRandomAccount(t)
+
+	for _, acceptableValue := range []float64{
+		1,
+		maxUsdTransactionValue / 10,
+		maxUsdTransactionValue - 1,
+		maxUsdTransactionValue,
+	} {
+		intentRecord := makeSendPublicPaymentIntent(t, owner, acceptableValue, time.Now())
+
+		allow, err := env.guard.AllowMoneyMovement(env.ctx, intentRecord)
+		require.NoError(t, err)
+		assert.True(t, allow)
+	}
+
+	for _, unacceptableValue := range []float64{
+		maxUsdTransactionValue + 1,
+		maxUsdTransactionValue * 10,
+	} {
+		intentRecord := makeSendPublicPaymentIntent(t, owner, unacceptableValue, time.Now())
+
+		allow, err := env.guard.AllowMoneyMovement(env.ctx, intentRecord)
+		require.NoError(t, err)
+		assert.False(t, allow)
+	}
+}
+
+func TestGuard_SendPublicPayment_DailyUsdLimit(t *testing.T) {
+	env := setupAmlTest(t)
+
+	for _, tc := range []struct {
+		consumedUsdValue float64
+		at               time.Time
+		expected         bool
+	}{
+		// Intent consumes some of the daily limit, but not all
+		{
+			consumedUsdValue: maxDailyUsdLimit / 2,
+			at:               time.Now().Add(-12 * time.Hour),
+			expected:         true,
+		},
+		// Intent consumes the remaining daily limit
+		{
+			consumedUsdValue: maxDailyUsdLimit - 1,
+			at:               time.Now().Add(-12 * time.Hour),
+			expected:         true,
+		},
+		// Daily limit was breached, but more than a day ago
+		{
+			consumedUsdValue: maxDailyUsdLimit + 1,
+			at:               time.Now().Add(-24*time.Hour - time.Minute),
+			expected:         true,
+		},
+		// Daily limit is breached, but is close to expiring
+		{
+			consumedUsdValue: maxDailyUsdLimit,
+			at:               time.Now().Add(-24*time.Hour + time.Minute),
+			expected:         false,
+		},
+		// Daily limit is breached well within the time window
+		{
+			consumedUsdValue: maxDailyUsdLimit + 1,
+			at:               time.Now().Add(-12 * time.Hour),
+			expected:         false,
+		},
+	} {
+		owner := testutil.NewRandomAccount(t)
+		intentRecord := makeSendPublicPaymentIntent(t, owner, 1, time.Now())
+
+		// Sanity check the intent for $1 USD is allowed
+		allow, err := env.guard.AllowMoneyMovement(env.ctx, intentRecord)
+		require.NoError(t, err)
+		assert.True(t, allow)
+
+		// Save an intent to bring the user up to the desired consumed daily USD value
+		require.NoError(t, env.data.SaveIntent(env.ctx, makeSendPublicPaymentIntent(t, owner, tc.consumedUsdValue, tc.at)))
+
+		// Check whether we allow the $1 USD intent
+		allow, err = env.guard.AllowMoneyMovement(env.ctx, intentRecord)
+		require.NoError(t, err)
+		assert.Equal(t, tc.expected, allow)
+	}
+}
+
+func TestGuard_ReceivePaymentsPublicly(t *testing.T) {
+	env := setupAmlTest(t)
+
+	owner := testutil.NewRandomAccount(t)
+
+	for _, usdMarketValue := range []float64{
+		1,
+		1_000_000_000_000,
+	} {
+		intentRecord := makeReceivePaymentsPubliclyIntent(t, owner, usdMarketValue, time.Now())
+
+		// We should always allow a public receive
+		allow, err := env.guard.AllowMoneyMovement(env.ctx, intentRecord)
+		require.NoError(t, err)
+		assert.True(t, allow)
+	}
+}
+
+type amlTestEnv struct {
+	ctx   context.Context
+	data  code_data.Provider
+	guard *Guard
+}
+
+func setupAmlTest(t *testing.T) (env amlTestEnv) {
+	env.ctx = context.Background()
+	env.data = code_data.NewTestDataProvider()
+	env.guard = NewGuard(env.data)
+
+	testutil.SetupRandomSubsidizer(t, env.data)
+
+	env.data.ImportExchangeRates(env.ctx, &currency.MultiRateRecord{
+		Time: time.Now(),
+		Rates: map[string]float64{
+			string(currency_lib.USD): 0.1,
+		},
+	})
+
+	return env
+}
+
+func makeSendPublicPaymentIntent(t *testing.T, owner *common.Account, usdMarketValue float64, at time.Time) *intent.Record {
+	return &intent.Record{
+		IntentId:   testutil.NewRandomAccount(t).PublicKey().ToBase58(),
+		IntentType: intent.SendPublicPayment,
+
+		SendPublicPaymentMetadata: &intent.SendPublicPaymentMetadata{
+			DestinationOwnerAccount: testutil.NewRandomAccount(t).PublicKey().ToBase58(),
+			DestinationTokenAccount: testutil.NewRandomAccount(t).PublicKey().ToBase58(),
+			Quantity:                uint64(usdMarketValue),
+
+			ExchangeRate:     1,
+			ExchangeCurrency: currency_lib.USD,
+			NativeAmount:     usdMarketValue,
+			UsdMarketValue:   usdMarketValue,
+		},
+
+		InitiatorOwnerAccount: owner.PublicKey().ToBase58(),
+
+		State:     intent.StatePending,
+		CreatedAt: at,
+	}
+}
+
+func makeReceivePaymentsPubliclyIntent(t *testing.T, owner *common.Account, usdMarketValue float64, at time.Time) *intent.Record {
+	return &intent.Record{
+		IntentId:   testutil.NewRandomAccount(t).PublicKey().ToBase58(),
+		IntentType: intent.ReceivePaymentsPublicly,
+
+		ReceivePaymentsPubliclyMetadata: &intent.ReceivePaymentsPubliclyMetadata{
+			Source:       testutil.NewRandomAccount(t).PublicKey().ToBase58(),
+			Quantity:     uint64(usdMarketValue),
+			IsRemoteSend: true,
+
+			OriginalExchangeCurrency: currency_lib.USD,
+			OriginalExchangeRate:     1.0,
+			OriginalNativeAmount:     usdMarketValue,
+
+			UsdMarketValue: usdMarketValue,
+		},
+
+		InitiatorOwnerAccount: owner.PublicKey().ToBase58(),
+
+		State:     intent.StatePending,
+		CreatedAt: at,
+	}
+}

pkg/code/lawenforcement/metrics.go renamed to pkg/code/aml/metrics.go

@@ -1,4 +1,4 @@
-package lawenforcement
+package aml
 
 import (
 	"context"
@@ -7,7 +7,7 @@ import (
 )
 
 const (
-	metricsStructName = "lawenforcement.anti_money_laundering_guard"
+	metricsStructName = "aml.guard"
 
 	eventName = "AntiMoneyLaunderingGuardDenial"
 )

pkg/code/data/intent/memory/store.go

@@ -126,6 +126,20 @@ func (s *store) findByInitiatorAndType(intentType intent.Type, owner string) []*
 	return res
 }
 
+func (s *store) findByOwnerSinceTimestamp(owner string, since time.Time) []*intent.Record {
+	res := make([]*intent.Record, 0)
+	for _, item := range s.records {
+		if item.CreatedAt.Before(since) {
+			continue
+		}
+
+		if item.InitiatorOwnerAccount == owner {
+			res = append(res, item)
+		}
+	}
+	return res
+}
+
 func (s *store) filter(items []*intent.Record, cursor query.Cursor, limit uint64, direction query.Ordering) []*intent.Record {
 	var start uint64
 
@@ -203,6 +217,32 @@ func (s *store) filterByRemoteSendFlag(items []*intent.Record, want bool) []*int
 	return res
 }
 
+func sumQuarkAmount(items []*intent.Record) uint64 {
+	var value uint64
+	for _, item := range items {
+		if item.SendPublicPaymentMetadata != nil {
+			value += item.SendPublicPaymentMetadata.Quantity
+		}
+		if item.ReceivePaymentsPubliclyMetadata != nil {
+			value += item.ReceivePaymentsPubliclyMetadata.Quantity
+		}
+	}
+	return value
+}
+
+func sumUsdMarketValue(items []*intent.Record) float64 {
+	var value float64
+	for _, item := range items {
+		if item.SendPublicPaymentMetadata != nil {
+			value += item.SendPublicPaymentMetadata.UsdMarketValue
+		}
+		if item.ReceivePaymentsPubliclyMetadata != nil {
+			value += item.ReceivePaymentsPubliclyMetadata.UsdMarketValue
+		}
+	}
+	return value
+}
+
 func (s *store) Save(ctx context.Context, data *intent.Record) error {
 	if err := data.Validate(); err != nil {
 		return err
@@ -317,3 +357,13 @@ func (s *store) GetGiftCardClaimedIntent(ctx context.Context, giftCardVault stri
 	cloned := items[0].Clone()
 	return &cloned, nil
 }
+
+func (s *store) GetTransactedAmountForAntiMoneyLaundering(ctx context.Context, owner string, since time.Time) (uint64, float64, error) {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+
+	items := s.findByOwnerSinceTimestamp(owner, since)
+	items = s.filterByState(items, false, intent.StateRevoked)
+	items = s.filterByType(items, intent.SendPublicPayment)
+	return sumQuarkAmount(items), sumUsdMarketValue(items), nil
+}