diff --git a/docs/proto/proto-docs.md b/docs/proto/proto-docs.md index ef464a9f38..abd59632e5 100644 --- a/docs/proto/proto-docs.md +++ b/docs/proto/proto-docs.md @@ -1004,6 +1004,9 @@ and instantiate the contract. | `label` | [string](#string) | | Label is optional metadata to be stored with a constract instance. | | `msg` | [bytes](#bytes) | | Msg json encoded message to be passed to the contract on instantiation | | `funds` | [cosmos.base.v1beta1.Coin](#cosmos.base.v1beta1.Coin) | repeated | Funds coins that are transferred to the contract on instantiation | +| `source` | [string](#string) | | Source is the URL where the code is hosted | +| `builder` | [string](#string) | | Builder is the docker image used to build the code deterministically, used for smart contract verification | +| `code_hash` | [bytes](#bytes) | | CodeHash is the SHA256 sum of the code outputted by builder, used for smart contract verification | @@ -1024,6 +1027,9 @@ StoreCodeProposal gov proposal content type to submit WASM code to the system | `wasm_byte_code` | [bytes](#bytes) | | WASMByteCode can be raw or gzip compressed | | `instantiate_permission` | [AccessConfig](#cosmwasm.wasm.v1.AccessConfig) | | InstantiatePermission to apply on contract creation, optional | | `unpin_code` | [bool](#bool) | | UnpinCode code on upload, optional | +| `source` | [string](#string) | | Source is the URL where the code is hosted | +| `builder` | [string](#string) | | Builder is the docker image used to build the code deterministically, used for smart contract verification | +| `code_hash` | [bytes](#bytes) | | CodeHash is the SHA256 sum of the code outputted by builder, used for smart contract verification | diff --git a/go.mod b/go.mod index f7d483c3b7..9140e8e461 100644 --- a/go.mod +++ b/go.mod @@ -10,6 +10,7 @@ require ( github.com/cosmos/iavl v0.19.4 github.com/cosmos/ibc-go/v4 v4.2.0 github.com/cosmos/interchain-accounts v0.2.4 + github.com/docker/distribution v2.8.1+incompatible github.com/dvsekhvalnov/jose2go v1.5.0 github.com/gogo/protobuf v1.3.3 github.com/golang/protobuf v1.5.2 @@ -95,6 +96,7 @@ require ( github.com/minio/highwayhash v1.0.2 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/mtibben/percent v0.2.1 // indirect + github.com/opencontainers/go-digest v1.0.0 // indirect github.com/pelletier/go-toml v1.9.5 // indirect github.com/pelletier/go-toml/v2 v2.0.5 // indirect github.com/petermattis/goid v0.0.0-20180202154549-b0b1615b78e5 // indirect diff --git a/go.sum b/go.sum index a2fe53b4a0..c7b2fad923 100644 --- a/go.sum +++ b/go.sum @@ -212,6 +212,8 @@ github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13 h1:fAjc9m62+UWV/WA github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/dlclark/regexp2 v1.2.0/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc= +github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68= +github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v1.4.2-0.20180625184442-8e610b2b55bf/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ= github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4= @@ -587,6 +589,7 @@ github.com/onsi/gomega v1.10.1 h1:o0+MgICZLuZ7xjH7Vx6zS/zcu93/BEp1VwkIW1mEXCE= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= +github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0-rc2 h1:2zx/Stx4Wc5pIPDvIxHXvXtQFW/7XWJGmnM7r3wg034= github.com/opencontainers/runc v1.1.3 h1:vIXrkId+0/J2Ymu2m7VjGvbSlAId9XNRPhn2p4b+d8w= github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis= diff --git a/proto/cosmwasm/wasm/v1/proposal.proto b/proto/cosmwasm/wasm/v1/proposal.proto index a4e57b7dd9..b8a143b672 100644 --- a/proto/cosmwasm/wasm/v1/proposal.proto +++ b/proto/cosmwasm/wasm/v1/proposal.proto @@ -26,6 +26,14 @@ message StoreCodeProposal { AccessConfig instantiate_permission = 7; // UnpinCode code on upload, optional bool unpin_code = 8; + // Source is the URL where the code is hosted + string source = 9; + // Builder is the docker image used to build the code deterministically, used + // for smart contract verification + string builder = 10; + // CodeHash is the SHA256 sum of the code outputted by builder, used for smart + // contract verification + bytes code_hash = 11; } // InstantiateContractProposal gov proposal content type to instantiate a @@ -199,4 +207,12 @@ message StoreAndInstantiateContractProposal { (gogoproto.nullable) = false, (gogoproto.castrepeated) = "github.com/cosmos/cosmos-sdk/types.Coins" ]; + // Source is the URL where the code is hosted + string source = 11; + // Builder is the docker image used to build the code deterministically, used + // for smart contract verification + string builder = 12; + // CodeHash is the SHA256 sum of the code outputted by builder, used for smart + // contract verification + bytes code_hash = 13; } diff --git a/x/wasm/client/cli/gov_tx.go b/x/wasm/client/cli/gov_tx.go index 131ccda57d..3c8a7b9f3a 100644 --- a/x/wasm/client/cli/gov_tx.go +++ b/x/wasm/client/cli/gov_tx.go @@ -1,10 +1,15 @@ package cli import ( + "bytes" + "crypto/sha256" "fmt" + "net/url" "strconv" "strings" + "github.com/docker/distribution/reference" + "github.com/cosmos/cosmos-sdk/client" "github.com/cosmos/cosmos-sdk/client/tx" sdk "github.com/cosmos/cosmos-sdk/types" @@ -13,13 +18,14 @@ import ( govtypes "github.com/cosmos/cosmos-sdk/x/gov/types" "github.com/pkg/errors" "github.com/spf13/cobra" + flag "github.com/spf13/pflag" "github.com/CosmWasm/wasmd/x/wasm/types" ) func ProposalStoreCodeCmd() *cobra.Command { cmd := &cobra.Command{ - Use: "wasm-store [wasm file] --title [text] --description [text] --run-as [address]", + Use: "wasm-store [wasm file] --title [text] --description [text] --run-as [address] --unpin-code [unpin_code] --source [source] --builder [builder] --code-hash [code_hash]", Short: "Submit a wasm binary proposal", Args: cobra.ExactArgs(1), RunE: func(cmd *cobra.Command, args []string) error { @@ -45,6 +51,10 @@ func ProposalStoreCodeCmd() *cobra.Command { return err } + source, builder, codeHash, err := parseVerificationFlags(src.WASMByteCode, cmd.Flags()) + if err != nil { + return err + } content := types.StoreCodeProposal{ Title: proposalTitle, Description: proposalDescr, @@ -52,6 +62,9 @@ func ProposalStoreCodeCmd() *cobra.Command { WASMByteCode: src.WASMByteCode, InstantiatePermission: src.InstantiatePermission, UnpinCode: unpinCode, + Source: source, + Builder: builder, + CodeHash: codeHash, } msg, err := govtypes.NewMsgSubmitProposal(&content, deposit, clientCtx.GetFromAddress()) @@ -73,6 +86,9 @@ func ProposalStoreCodeCmd() *cobra.Command { cmd.Flags().String(flagInstantiateByAddress, "", "Only this address can instantiate a contract instance from the code, optional") cmd.Flags().Bool(flagUnpinCode, false, "Unpin code on upload, optional") cmd.Flags().StringSlice(flagInstantiateByAnyOfAddress, []string{}, "Any of the addresses can instantiate a contract from the code, optional") + cmd.Flags().String(flagSource, "", "Code Source URL is a valid absolute HTTPS URI to the contract's source code,") + cmd.Flags().String(flagBuilder, "", "Builder is a valid docker image name with tag, such as \"cosmwasm/workspace-optimizer:0.12.9\"") + cmd.Flags().BytesHex(flagCodeHash, nil, "CodeHash is the sha256 hash of the wasm code") // proposal flags cmd.Flags().String(cli.FlagTitle, "", "Title of proposal") @@ -81,6 +97,48 @@ func ProposalStoreCodeCmd() *cobra.Command { return cmd } +func parseVerificationFlags(wasm []byte, flags *flag.FlagSet) (string, string, []byte, error) { + source, err := flags.GetString(flagSource) + if err != nil { + return "", "", nil, fmt.Errorf("source: %s", err) + } + builder, err := flags.GetString(flagBuilder) + if err != nil { + return "", "", nil, fmt.Errorf("builder: %s", err) + } + codeHash, err := flags.GetBytesHex(flagCodeHash) + if err != nil { + return "", "", nil, fmt.Errorf("codeHash: %s", err) + } + + // if any set require others to be set + if len(source) != 0 || len(builder) != 0 || len(codeHash) != 0 { + if source == "" { + return "", "", nil, fmt.Errorf("source is required") + } + if _, err = url.ParseRequestURI(source); err != nil { + return "", "", nil, fmt.Errorf("source: %s", err) + } + if builder == "" { + return "", "", nil, fmt.Errorf("builder is required") + } + if _, err := reference.ParseDockerRef(builder); err != nil { + return "", "", nil, fmt.Errorf("builder: %s", err) + } + if len(codeHash) == 0 { + return "", "", nil, fmt.Errorf("code hash is required") + } + // wasm is unzipped in parseStoreCodeArgs + // checksum generation will be decoupled here + // reference https://github.com/CosmWasm/wasmvm/issues/359 + checksum := sha256.Sum256(wasm) + if !bytes.Equal(checksum[:], codeHash) { + return "", "", nil, fmt.Errorf("code-hash mismatch: %X, checksum: %X", codeHash, checksum) + } + } + return source, builder, codeHash, nil +} + func ProposalInstantiateContractCmd() *cobra.Command { cmd := &cobra.Command{ Use: "instantiate-contract [code_id_int64] [json_encoded_init_args] --label [text] --title [text] --description [text] --run-as [address] --admin [address,optional] --amount [coins,optional]", @@ -143,7 +201,8 @@ func ProposalInstantiateContractCmd() *cobra.Command { func ProposalStoreAndInstantiateContractCmd() *cobra.Command { cmd := &cobra.Command{ - Use: "store-instantiate [wasm file] [json_encoded_init_args] --label [text] --title [text] --description [text] --run-as [address] --admin [address,optional] --amount [coins,optional]", + Use: "store-instantiate [wasm file] [json_encoded_init_args] --label [text] --title [text] --description [text] --run-as [address]" + + "--unpin-code [unpin_code,optional] --source [source,optional] --builder [builder,optional] --code-hash [code_hash,optional] --admin [address,optional] --amount [coins,optional]", Short: "Submit and instantiate a wasm contract proposal", Args: cobra.ExactArgs(2), RunE: func(cmd *cobra.Command, args []string) error { @@ -169,6 +228,11 @@ func ProposalStoreAndInstantiateContractCmd() *cobra.Command { return err } + source, builder, codeHash, err := parseVerificationFlags(src.WASMByteCode, cmd.Flags()) + if err != nil { + return err + } + amountStr, err := cmd.Flags().GetString(flagAmount) if err != nil { return fmt.Errorf("amount: %s", err) @@ -208,6 +272,9 @@ func ProposalStoreAndInstantiateContractCmd() *cobra.Command { WASMByteCode: src.WASMByteCode, InstantiatePermission: src.InstantiatePermission, UnpinCode: unpinCode, + Source: source, + Builder: builder, + CodeHash: codeHash, Admin: adminStr, Label: label, Msg: []byte(args[1]), @@ -232,6 +299,9 @@ func ProposalStoreAndInstantiateContractCmd() *cobra.Command { cmd.Flags().String(flagInstantiateNobody, "", "Nobody except the governance process can instantiate a contract from the code, optional") cmd.Flags().String(flagInstantiateByAddress, "", "Only this address can instantiate a contract instance from the code, optional") cmd.Flags().Bool(flagUnpinCode, false, "Unpin code on upload, optional") + cmd.Flags().String(flagSource, "", "Code Source URL is a valid absolute HTTPS URI to the contract's source code,") + cmd.Flags().String(flagBuilder, "", "Builder is a valid docker image name with tag, such as \"cosmwasm/workspace-optimizer:0.12.9\"") + cmd.Flags().BytesHex(flagCodeHash, nil, "CodeHash is the sha256 hash of the wasm code") cmd.Flags().StringSlice(flagInstantiateByAnyOfAddress, []string{}, "Any of the addresses can instantiate a contract from the code, optional") cmd.Flags().String(flagAmount, "", "Coins to send to the contract during instantiation") cmd.Flags().String(flagLabel, "", "A human-readable name for this contract in lists") diff --git a/x/wasm/client/cli/gov_tx_test.go b/x/wasm/client/cli/gov_tx_test.go index 7c8600e07f..147b9f61b1 100644 --- a/x/wasm/client/cli/gov_tx_test.go +++ b/x/wasm/client/cli/gov_tx_test.go @@ -1,6 +1,7 @@ package cli import ( + "os" "testing" "github.com/stretchr/testify/assert" @@ -95,3 +96,63 @@ func TestParseAccessConfigUpdates(t *testing.T) { }) } } + +func TestParseCodeInfoFlags(t *testing.T) { + correctSource := "https://github.com/CosmWasm/wasmd/blob/main/x/wasm/keeper/testdata/hackatom.wasm" + correctBuilderRef := "cosmwasm/workspace-optimizer:0.12.9" + + wasmBin, err := os.ReadFile("../../keeper/testdata/hackatom.wasm") + require.NoError(t, err) + + checksumStr := "13a1fc994cc6d1c81b746ee0c0ff6f90043875e0bf1d9be6b7d779fc978dc2a5" + + specs := map[string]struct { + args []string + expErr bool + }{ + "source missing": { + args: []string{"--builder=" + correctBuilderRef, "--code-hash=" + checksumStr}, + expErr: true, + }, + "builder missing": { + args: []string{"--code-source-url=" + correctSource, "--code-hash=" + checksumStr}, + expErr: true, + }, + "code hash missing": { + args: []string{"--code-source-url=" + correctSource, "--builder=" + correctBuilderRef}, + expErr: true, + }, + "source format wrong": { + args: []string{"--code-source-url=" + "format_wrong", "--builder=" + correctBuilderRef, "--code-hash=" + checksumStr}, + expErr: true, + }, + "builder format wrong": { + args: []string{"--code-source-url=" + correctSource, "--builder=" + "format//", "--code-hash=" + checksumStr}, + expErr: true, + }, + "code hash wrong": { + args: []string{"--code-source-url=" + correctSource, "--builder=" + correctBuilderRef, "--code-hash=" + "AA"}, + expErr: true, + }, + "happy path, none set": { + args: []string{}, + expErr: false, + }, + "happy path all set": { + args: []string{"--code-source-url=" + correctSource, "--builder=" + correctBuilderRef, "--code-hash=" + checksumStr}, + expErr: false, + }, + } + for name, spec := range specs { + t.Run(name, func(t *testing.T) { + flags := ProposalStoreCodeCmd().Flags() + require.NoError(t, flags.Parse(spec.args)) + _, _, _, gotErr := parseVerificationFlags(wasmBin, flags) + if spec.expErr { + require.Error(t, gotErr) + return + } + require.NoError(t, gotErr) + }) + } +} diff --git a/x/wasm/client/cli/tx.go b/x/wasm/client/cli/tx.go index 35ccd7c1c7..7d7770d086 100644 --- a/x/wasm/client/cli/tx.go +++ b/x/wasm/client/cli/tx.go @@ -25,6 +25,9 @@ import ( const ( flagAmount = "amount" flagLabel = "label" + flagSource = "code-source-url" + flagBuilder = "builder" + flagCodeHash = "code-hash" flagAdmin = "admin" flagNoAdmin = "no-admin" flagFixMsg = "fix-msg" diff --git a/x/wasm/client/proposal_handler_test.go b/x/wasm/client/proposal_handler_test.go index 3e82c62e07..086e3cb3ae 100644 --- a/x/wasm/client/proposal_handler_test.go +++ b/x/wasm/client/proposal_handler_test.go @@ -62,7 +62,26 @@ func TestGovRestHandlers(t *testing.T) { "run_as": "cosmos100dejzacpanrldpjjwksjm62shqhyss44jf5xz", "wasm_byte_code": []byte("valid wasm byte code"), "source": "https://example.com/", - "builder": "my/builder:tag", + "builder": "cosmwasm/workspace-optimizer:v0.12.9", + "code_hash": "79F174F09BFE3F83398BF7C147929D5F735161BD46D645E85216BB13BF91D42D", + "instantiate_permission": dict{ + "permission": "OnlyAddress", + "address": "cosmos1ve557a5g9yw2g2z57js3pdmcvd5my6g8ze20np", + }, + "deposit": []dict{{"denom": "ustake", "amount": "10"}}, + "proposer": "cosmos1ve557a5g9yw2g2z57js3pdmcvd5my6g8ze20np", + "base_req": aBaseReq, + }, + expCode: http.StatusOK, + }, + "store-code without verification info": { + srcPath: "/gov/proposals/wasm_store_code", + srcBody: dict{ + "title": "Test Proposal", + "description": "My proposal", + "type": "store-code", + "run_as": "cosmos100dejzacpanrldpjjwksjm62shqhyss44jf5xz", + "wasm_byte_code": []byte("valid wasm byte code"), "instantiate_permission": dict{ "permission": "OnlyAddress", "address": "cosmos1ve557a5g9yw2g2z57js3pdmcvd5my6g8ze20np", @@ -82,7 +101,8 @@ func TestGovRestHandlers(t *testing.T) { "run_as": "cosmos100dejzacpanrldpjjwksjm62shqhyss44jf5xz", "wasm_byte_code": []byte("valid wasm byte code"), "source": "https://example.com/", - "builder": "my/builder:tag", + "builder": "cosmwasm/workspace-optimizer:v0.12.9", + "code_hash": "79F174F09BFE3F83398BF7C147929D5F735161BD46D645E85216BB13BF91D42D", "deposit": []dict{{"denom": "ustake", "amount": "10"}}, "proposer": "cosmos1ve557a5g9yw2g2z57js3pdmcvd5my6g8ze20np", "base_req": aBaseReq, @@ -98,7 +118,8 @@ func TestGovRestHandlers(t *testing.T) { "run_as": "cosmos100dejzacpanrldpjjwksjm62shqhyss44jf5xz", "wasm_byte_code": []byte("valid wasm byte code"), "source": "https://example.com/", - "builder": "my/builder:tag", + "builder": "cosmwasm/workspace-optimizer:v0.12.9", + "code_hash": "79F174F09BFE3F83398BF7C147929D5F735161BD46D645E85216BB13BF91D42D", "instantiate_permission": dict{ "permission": "Nobody", "address": "cosmos1ve557a5g9yw2g2z57js3pdmcvd5my6g8ze20np", @@ -118,7 +139,8 @@ func TestGovRestHandlers(t *testing.T) { "run_as": "cosmos100dejzacpanrldpjjwksjm62shqhyss44jf5xz", "wasm_byte_code": []byte("valid wasm byte code"), "source": "https://example.com/", - "builder": "my/builder:tag", + "code_hash": "79F174F09BFE3F83398BF7C147929D5F735161BD46D645E85216BB13BF91D42D", + "builder": "cosmwasm/workspace-optimizer:v0.12.9", "instantiate_permission": dict{ "permission": "OnlyAddress", "address": "cosmos1ve557a5g9yw2g2z57js3pdmcvd5my6g8ze20np", @@ -130,6 +152,27 @@ func TestGovRestHandlers(t *testing.T) { expCode: http.StatusBadRequest, }, "store-code with incomplete content data: no wasm_byte_code": { + srcPath: "/gov/proposals/wasm_store_code", + srcBody: dict{ + "title": "Test Proposal", + "description": "My proposal", + "type": "store-code", + "run_as": "cosmos100dejzacpanrldpjjwksjm62shqhyss44jf5xz", + "wasm_byte_code": "", + "builder": "cosmwasm/workspace-optimizer:v0.12.9", + "source": "https://example.com/", + "code_hash": "79F174F09BFE3F83398BF7C147929D5F735161BD46D645E85216BB13BF91D42D", + "instantiate_permission": dict{ + "permission": "OnlyAddress", + "address": "cosmos1ve557a5g9yw2g2z57js3pdmcvd5my6g8ze20np", + }, + "deposit": []dict{{"denom": "ustake", "amount": "10"}}, + "proposer": "cosmos1ve557a5g9yw2g2z57js3pdmcvd5my6g8ze20np", + "base_req": aBaseReq, + }, + expCode: http.StatusBadRequest, + }, + "store-code with incomplete content data: no builder": { srcPath: "/gov/proposals/wasm_store_code", srcBody: dict{ "title": "Test Proposal", @@ -138,7 +181,47 @@ func TestGovRestHandlers(t *testing.T) { "run_as": "cosmos100dejzacpanrldpjjwksjm62shqhyss44jf5xz", "wasm_byte_code": "", "source": "https://example.com/", - "builder": "my/builder:tag", + "code_hash": "79F174F09BFE3F83398BF7C147929D5F735161BD46D645E85216BB13BF91D42D", + "instantiate_permission": dict{ + "permission": "OnlyAddress", + "address": "cosmos1ve557a5g9yw2g2z57js3pdmcvd5my6g8ze20np", + }, + "deposit": []dict{{"denom": "ustake", "amount": "10"}}, + "proposer": "cosmos1ve557a5g9yw2g2z57js3pdmcvd5my6g8ze20np", + "base_req": aBaseReq, + }, + expCode: http.StatusBadRequest, + }, + "store-code with incomplete content data: no code hash": { + srcPath: "/gov/proposals/wasm_store_code", + srcBody: dict{ + "title": "Test Proposal", + "description": "My proposal", + "type": "store-code", + "run_as": "cosmos100dejzacpanrldpjjwksjm62shqhyss44jf5xz", + "wasm_byte_code": "", + "builder": "cosmwasm/workspace-optimizer:v0.12.9", + "source": "https://example.com/", + "instantiate_permission": dict{ + "permission": "OnlyAddress", + "address": "cosmos1ve557a5g9yw2g2z57js3pdmcvd5my6g8ze20np", + }, + "deposit": []dict{{"denom": "ustake", "amount": "10"}}, + "proposer": "cosmos1ve557a5g9yw2g2z57js3pdmcvd5my6g8ze20np", + "base_req": aBaseReq, + }, + expCode: http.StatusBadRequest, + }, + "store-code with incomplete content data: no source": { + srcPath: "/gov/proposals/wasm_store_code", + srcBody: dict{ + "title": "Test Proposal", + "description": "My proposal", + "type": "store-code", + "run_as": "cosmos100dejzacpanrldpjjwksjm62shqhyss44jf5xz", + "wasm_byte_code": "", + "builder": "cosmwasm/workspace-optimizer:v0.12.9", + "code_hash": "79F174F09BFE3F83398BF7C147929D5F735161BD46D645E85216BB13BF91D42D", "instantiate_permission": dict{ "permission": "OnlyAddress", "address": "cosmos1ve557a5g9yw2g2z57js3pdmcvd5my6g8ze20np", diff --git a/x/wasm/client/rest/gov.go b/x/wasm/client/rest/gov.go index 3a27d2f0d7..c57e3a9ac5 100644 --- a/x/wasm/client/rest/gov.go +++ b/x/wasm/client/rest/gov.go @@ -30,6 +30,14 @@ type StoreCodeProposalJSONReq struct { // UnpinCode indicates if the code should not be pinned as part of the proposal. UnpinCode bool `json:"unpin_code" yaml:"unpin_code"` + + // Source is the URL where the code is hosted + Source string `json:"source" yaml:"source"` + // Builder is the docker image used to build the code deterministically, used for smart + // contract verification + Builder string `json:"builder" yaml:"builder"` + // CodeHash is the SHA256 sum of the code outputted by optimizer, used for smart contract verification + CodeHash []byte `json:"code_hash" yaml:"code_hash"` } func (s StoreCodeProposalJSONReq) Content() govtypes.Content { @@ -40,6 +48,9 @@ func (s StoreCodeProposalJSONReq) Content() govtypes.Content { WASMByteCode: s.WASMByteCode, InstantiatePermission: s.InstantiatePermission, UnpinCode: s.UnpinCode, + Source: s.Source, + Builder: s.Builder, + CodeHash: s.CodeHash, } } diff --git a/x/wasm/keeper/proposal_handler.go b/x/wasm/keeper/proposal_handler.go index b39a8c4238..08f2774f3e 100644 --- a/x/wasm/keeper/proposal_handler.go +++ b/x/wasm/keeper/proposal_handler.go @@ -1,7 +1,9 @@ package keeper import ( + "bytes" "encoding/hex" + "fmt" sdk "github.com/cosmos/cosmos-sdk/types" sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" @@ -66,11 +68,15 @@ func handleStoreCodeProposal(ctx sdk.Context, k types.ContractOpsKeeper, p types if err != nil { return sdkerrors.Wrap(err, "run as address") } - codeID, _, err := k.Create(ctx, runAsAddr, p.WASMByteCode, p.InstantiatePermission) + codeID, checksum, err := k.Create(ctx, runAsAddr, p.WASMByteCode, p.InstantiatePermission) if err != nil { return err } + if len(p.CodeHash) != 0 && !bytes.Equal(checksum, p.CodeHash) { + return fmt.Errorf("code-hash mismatch: %X, checksum: %X", p.CodeHash, checksum) + } + // if code should not be pinned return earlier if p.UnpinCode { return nil @@ -120,11 +126,15 @@ func handleStoreAndInstantiateContractProposal(ctx sdk.Context, k types.Contract } } - codeID, _, err := k.Create(ctx, runAsAddr, p.WASMByteCode, p.InstantiatePermission) + codeID, checksum, err := k.Create(ctx, runAsAddr, p.WASMByteCode, p.InstantiatePermission) if err != nil { return err } + if p.CodeHash != nil && !bytes.Equal(checksum, p.CodeHash) { + return sdkerrors.Wrap(fmt.Errorf("code-hash mismatch: %X, checksum: %X", p.CodeHash, checksum), "code-hash mismatch") + } + if !p.UnpinCode { if err := k.PinCode(ctx, codeID); err != nil { return err diff --git a/x/wasm/keeper/proposal_integration_test.go b/x/wasm/keeper/proposal_integration_test.go index 8055ca385a..74ef6928b9 100644 --- a/x/wasm/keeper/proposal_integration_test.go +++ b/x/wasm/keeper/proposal_integration_test.go @@ -29,6 +29,8 @@ func TestStoreCodeProposal(t *testing.T) { }) wasmCode, err := os.ReadFile("./testdata/hackatom.wasm") require.NoError(t, err) + checksum, err := hex.DecodeString("13a1fc994cc6d1c81b746ee0c0ff6f90043875e0bf1d9be6b7d779fc978dc2a5") + require.NoError(t, err) specs := map[string]struct { codeID int64 @@ -51,6 +53,7 @@ func TestStoreCodeProposal(t *testing.T) { p.RunAs = myActorAddress p.WASMByteCode = wasmCode p.UnpinCode = spec.unpinCode + p.CodeHash = checksum }) // when stored @@ -221,6 +224,9 @@ func TestStoreAndInstantiateContractProposal(t *testing.T) { wasmCode, err := os.ReadFile("./testdata/hackatom.wasm") require.NoError(t, err) + checksum, err := hex.DecodeString("13a1fc994cc6d1c81b746ee0c0ff6f90043875e0bf1d9be6b7d779fc978dc2a5") + require.NoError(t, err) + var ( oneAddress sdk.AccAddress = bytes.Repeat([]byte{0x1}, types.ContractAddrLen) otherAddress sdk.AccAddress = bytes.Repeat([]byte{0x2}, types.ContractAddrLen) @@ -231,6 +237,7 @@ func TestStoreAndInstantiateContractProposal(t *testing.T) { p.RunAs = oneAddress.String() p.Admin = otherAddress.String() p.Label = "testing" + p.CodeHash = checksum }) em := sdk.NewEventManager() diff --git a/x/wasm/simulation/proposals.go b/x/wasm/simulation/proposals.go index 1ee9584811..585827c041 100644 --- a/x/wasm/simulation/proposals.go +++ b/x/wasm/simulation/proposals.go @@ -84,6 +84,9 @@ func SimulateStoreCodeProposal(wasmKeeper WasmKeeper) simtypes.ContentSimulatorF wasmBz, &permission, false, + "", + "", + []byte{}, ) } } diff --git a/x/wasm/types/proposal.go b/x/wasm/types/proposal.go index e56300a911..1597818597 100644 --- a/x/wasm/types/proposal.go +++ b/x/wasm/types/proposal.go @@ -2,6 +2,7 @@ package types import ( "encoding/base64" + "encoding/hex" "fmt" "strings" @@ -94,8 +95,11 @@ func NewStoreCodeProposal( wasmBz []byte, permission *AccessConfig, unpinCode bool, + source string, + builder string, + codeHash []byte, ) *StoreCodeProposal { - return &StoreCodeProposal{title, description, runAs, wasmBz, permission, unpinCode} + return &StoreCodeProposal{title, description, runAs, wasmBz, permission, unpinCode, source, builder, codeHash} } // ProposalRoute returns the routing key of a parameter change proposal. @@ -128,6 +132,10 @@ func (p StoreCodeProposal) ValidateBasic() error { return sdkerrors.Wrap(err, "instantiate permission") } } + + if err := ValidateVerificationInfo(p.Source, p.Builder, p.CodeHash); err != nil { + return sdkerrors.Wrapf(err, "code verification info") + } return nil } @@ -138,7 +146,10 @@ func (p StoreCodeProposal) String() string { Description: %s Run as: %s WasmCode: %X -`, p.Title, p.Description, p.RunAs, p.WASMByteCode) + Source: %s + Builder: %s + Code Hash: %X +`, p.Title, p.Description, p.RunAs, p.WASMByteCode, p.Source, p.Builder, p.CodeHash) } // MarshalYAML pretty prints the wasm byte code @@ -149,12 +160,18 @@ func (p StoreCodeProposal) MarshalYAML() (interface{}, error) { RunAs string `yaml:"run_as"` WASMByteCode string `yaml:"wasm_byte_code"` InstantiatePermission *AccessConfig `yaml:"instantiate_permission"` + Source string `yaml:"source"` + Builder string `yaml:"builder"` + CodeHash string `yaml:"code_hash"` }{ Title: p.Title, Description: p.Description, RunAs: p.RunAs, WASMByteCode: base64.StdEncoding.EncodeToString(p.WASMByteCode), InstantiatePermission: p.InstantiatePermission, + Source: p.Source, + Builder: p.Builder, + CodeHash: hex.EncodeToString(p.CodeHash), }, nil } @@ -259,6 +276,9 @@ func NewStoreAndInstantiateContractProposal( description string, runAs string, wasmBz []byte, + source string, + builder string, + codeHash []byte, permission *AccessConfig, unpinCode bool, admin string, @@ -271,6 +291,9 @@ func NewStoreAndInstantiateContractProposal( Description: description, RunAs: runAs, WASMByteCode: wasmBz, + Source: source, + Builder: builder, + CodeHash: codeHash, InstantiatePermission: permission, UnpinCode: unpinCode, Admin: admin, @@ -307,6 +330,10 @@ func (p StoreAndInstantiateContractProposal) ValidateBasic() error { return sdkerrors.Wrapf(sdkerrors.ErrInvalidRequest, "code bytes %s", err.Error()) } + if err := ValidateVerificationInfo(p.Source, p.Builder, p.CodeHash); err != nil { + return sdkerrors.Wrap(err, "code info") + } + if p.InstantiatePermission != nil { if err := p.InstantiatePermission.ValidateBasic(); err != nil { return sdkerrors.Wrap(err, "instantiate permission") @@ -339,13 +366,16 @@ func (p StoreAndInstantiateContractProposal) String() string { Description: %s Run as: %s WasmCode: %X + Source: %s + Builder: %s + Code Hash: %X Instantiate permission: %s Unpin code: %t Admin: %s Label: %s Msg: %q Funds: %s -`, p.Title, p.Description, p.RunAs, p.WASMByteCode, p.InstantiatePermission, p.UnpinCode, p.Admin, p.Label, p.Msg, p.Funds) +`, p.Title, p.Description, p.RunAs, p.WASMByteCode, p.Source, p.Builder, p.CodeHash, p.InstantiatePermission, p.UnpinCode, p.Admin, p.Label, p.Msg, p.Funds) } // MarshalYAML pretty prints the wasm byte code and the init message @@ -355,6 +385,9 @@ func (p StoreAndInstantiateContractProposal) MarshalYAML() (interface{}, error) Description string `yaml:"description"` RunAs string `yaml:"run_as"` WASMByteCode string `yaml:"wasm_byte_code"` + Source string `yaml:"source"` + Builder string `yaml:"builder"` + CodeHash string `yaml:"code_hash"` InstantiatePermission *AccessConfig `yaml:"instantiate_permission"` UnpinCode bool `yaml:"unpin_code"` Admin string `yaml:"admin"` @@ -370,6 +403,9 @@ func (p StoreAndInstantiateContractProposal) MarshalYAML() (interface{}, error) UnpinCode: p.UnpinCode, Admin: p.Admin, Label: p.Label, + Source: p.Source, + Builder: p.Builder, + CodeHash: hex.EncodeToString(p.CodeHash), Msg: string(p.Msg), Funds: p.Funds, }, nil diff --git a/x/wasm/types/proposal.pb.go b/x/wasm/types/proposal.pb.go index 27a9ed0b9f..dbce4e7172 100644 --- a/x/wasm/types/proposal.pb.go +++ b/x/wasm/types/proposal.pb.go @@ -17,9 +17,8 @@ import ( ) // Reference imports to suppress errors if they are not otherwise used. -var _ = proto.Marshal - var ( + _ = proto.Marshal _ = fmt.Errorf _ = math.Inf ) @@ -44,6 +43,14 @@ type StoreCodeProposal struct { InstantiatePermission *AccessConfig `protobuf:"bytes,7,opt,name=instantiate_permission,json=instantiatePermission,proto3" json:"instantiate_permission,omitempty"` // UnpinCode code on upload, optional UnpinCode bool `protobuf:"varint,8,opt,name=unpin_code,json=unpinCode,proto3" json:"unpin_code,omitempty"` + // Source is the URL where the code is hosted + Source string `protobuf:"bytes,9,opt,name=source,proto3" json:"source,omitempty"` + // Builder is the docker image used to build the code deterministically, used + // for smart contract verification + Builder string `protobuf:"bytes,10,opt,name=builder,proto3" json:"builder,omitempty"` + // CodeHash is the SHA256 sum of the code outputted by builder, used for smart + // contract verification + CodeHash []byte `protobuf:"bytes,11,opt,name=code_hash,json=codeHash,proto3" json:"code_hash,omitempty"` } func (m *StoreCodeProposal) Reset() { *m = StoreCodeProposal{} } @@ -606,6 +613,14 @@ type StoreAndInstantiateContractProposal struct { Msg RawContractMessage `protobuf:"bytes,9,opt,name=msg,proto3,casttype=RawContractMessage" json:"msg,omitempty"` // Funds coins that are transferred to the contract on instantiation Funds github_com_cosmos_cosmos_sdk_types.Coins `protobuf:"bytes,10,rep,name=funds,proto3,castrepeated=github.com/cosmos/cosmos-sdk/types.Coins" json:"funds"` + // Source is the URL where the code is hosted + Source string `protobuf:"bytes,11,opt,name=source,proto3" json:"source,omitempty"` + // Builder is the docker image used to build the code deterministically, used + // for smart contract verification + Builder string `protobuf:"bytes,12,opt,name=builder,proto3" json:"builder,omitempty"` + // CodeHash is the SHA256 sum of the code outputted by builder, used for smart + // contract verification + CodeHash []byte `protobuf:"bytes,13,opt,name=code_hash,json=codeHash,proto3" json:"code_hash,omitempty"` } func (m *StoreAndInstantiateContractProposal) Reset() { *m = StoreAndInstantiateContractProposal{} } @@ -663,62 +678,66 @@ func init() { func init() { proto.RegisterFile("cosmwasm/wasm/v1/proposal.proto", fileDescriptor_be6422d717c730cb) } var fileDescriptor_be6422d717c730cb = []byte{ - // 877 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xd4, 0x56, 0xcd, 0x6e, 0xe3, 0x44, - 0x1c, 0xcf, 0xe4, 0xc3, 0x49, 0xa6, 0x11, 0x04, 0x6f, 0xda, 0x0d, 0x05, 0xec, 0xc8, 0x8b, 0x56, - 0xbe, 0xe0, 0x90, 0x22, 0x21, 0xe0, 0x16, 0x07, 0x0e, 0x5d, 0x51, 0xa9, 0x72, 0x55, 0xad, 0x04, - 0x12, 0xd1, 0xc4, 0x9e, 0x7a, 0x2d, 0xe2, 0x19, 0xcb, 0x33, 0x6e, 0xb7, 0x6f, 0x01, 0x12, 0xe2, - 0xb4, 0x0f, 0x80, 0xb8, 0x20, 0xee, 0x3c, 0x40, 0xc5, 0x69, 0x8f, 0x2b, 0x21, 0x19, 0x36, 0x7d, - 0x83, 0x1e, 0x39, 0xa1, 0x99, 0x71, 0xb2, 0x69, 0x77, 0xdb, 0xdd, 0x15, 0x4d, 0xa5, 0xbd, 0x38, - 0x99, 0xf9, 0x7f, 0xfd, 0xe6, 0xa7, 0xff, 0x17, 0x34, 0x7d, 0xca, 0xe2, 0x23, 0xc4, 0xe2, 0xbe, - 0xfc, 0x1c, 0x0e, 0xfa, 0x49, 0x4a, 0x13, 0xca, 0xd0, 0xd4, 0x49, 0x52, 0xca, 0xa9, 0xde, 0x9e, - 0x2b, 0x38, 0xf2, 0x73, 0x38, 0xd8, 0xec, 0x84, 0x34, 0xa4, 0x52, 0xd8, 0x17, 0xff, 0x94, 0xde, - 0xa6, 0x21, 0xf4, 0x28, 0xeb, 0x4f, 0x10, 0xc3, 0xfd, 0xc3, 0xc1, 0x04, 0x73, 0x34, 0xe8, 0xfb, - 0x34, 0x22, 0x85, 0xfc, 0xfd, 0xe7, 0x02, 0xf1, 0xe3, 0x04, 0x33, 0x25, 0xb5, 0x1e, 0x95, 0xe1, - 0x3b, 0x7b, 0x9c, 0xa6, 0x78, 0x44, 0x03, 0xbc, 0x5b, 0x20, 0xd0, 0x3b, 0xb0, 0xc6, 0x23, 0x3e, - 0xc5, 0x5d, 0xd0, 0x03, 0x76, 0xd3, 0x53, 0x07, 0xbd, 0x07, 0xd7, 0x02, 0xcc, 0xfc, 0x34, 0x4a, - 0x78, 0x44, 0x49, 0xb7, 0x2c, 0x65, 0xcb, 0x57, 0xfa, 0x3a, 0xd4, 0xd2, 0x8c, 0x8c, 0x11, 0xeb, - 0x56, 0x94, 0x61, 0x9a, 0x91, 0x21, 0xd3, 0x3f, 0x85, 0x6f, 0x89, 0xd8, 0xe3, 0xc9, 0x31, 0xc7, - 0x63, 0x9f, 0x06, 0xb8, 0x5b, 0xed, 0x01, 0xbb, 0xe5, 0xb6, 0x67, 0xb9, 0xd9, 0xba, 0x3f, 0xdc, - 0xdb, 0x71, 0x8f, 0xb9, 0x04, 0xe0, 0xb5, 0x84, 0xde, 0xfc, 0xa4, 0xef, 0xc3, 0x8d, 0x88, 0x30, - 0x8e, 0x08, 0x8f, 0x10, 0xc7, 0xe3, 0x04, 0xa7, 0x71, 0xc4, 0x98, 0x88, 0x5d, 0xef, 0x01, 0x7b, - 0x6d, 0xcb, 0x70, 0x2e, 0x72, 0xe4, 0x0c, 0x7d, 0x1f, 0x33, 0x36, 0xa2, 0xe4, 0x20, 0x0a, 0xbd, - 0xf5, 0x25, 0xeb, 0xdd, 0x85, 0xb1, 0xfe, 0x01, 0x84, 0x19, 0x49, 0x22, 0xa2, 0xa0, 0x34, 0x7a, - 0xc0, 0x6e, 0x78, 0x4d, 0x79, 0x23, 0xa2, 0xde, 0xab, 0x36, 0x6a, 0x6d, 0xed, 0x5e, 0xb5, 0xa1, - 0xb5, 0xeb, 0xd6, 0x9f, 0x65, 0xf8, 0xde, 0xf6, 0x33, 0x27, 0x23, 0x4a, 0x78, 0x8a, 0x7c, 0xbe, - 0x2a, 0xa2, 0x3a, 0xb0, 0x86, 0x82, 0x38, 0x22, 0x92, 0x9f, 0xa6, 0xa7, 0x0e, 0xfa, 0x1d, 0x58, - 0x17, 0x48, 0xc7, 0x51, 0xd0, 0xad, 0xf5, 0x80, 0x5d, 0x75, 0xe1, 0x2c, 0x37, 0x35, 0x81, 0x75, - 0xfb, 0x4b, 0x4f, 0x13, 0xa2, 0xed, 0x40, 0x98, 0x4e, 0xd1, 0x04, 0x4f, 0xbb, 0x9a, 0x32, 0x95, - 0x07, 0xdd, 0x86, 0x95, 0x98, 0x85, 0x92, 0xae, 0x96, 0xbb, 0xf1, 0x6f, 0x6e, 0xea, 0x1e, 0x3a, - 0x9a, 0xbf, 0x62, 0x07, 0x33, 0x86, 0x42, 0xec, 0x09, 0x15, 0x1d, 0xc1, 0xda, 0x41, 0x46, 0x02, - 0xd6, 0x6d, 0xf4, 0x2a, 0xf6, 0xda, 0xd6, 0xbb, 0x8e, 0x4a, 0x2b, 0x47, 0xa4, 0x95, 0x53, 0xa4, - 0x95, 0x33, 0xa2, 0x11, 0x71, 0x3f, 0x3e, 0xc9, 0xcd, 0xd2, 0xaf, 0x7f, 0x9b, 0x76, 0x18, 0xf1, - 0x07, 0xd9, 0xc4, 0xf1, 0x69, 0xdc, 0x2f, 0x72, 0x50, 0xfd, 0x7c, 0xc4, 0x82, 0xef, 0x8b, 0x24, - 0x13, 0x06, 0xcc, 0x53, 0x9e, 0xad, 0x3f, 0x00, 0xbc, 0xbd, 0x13, 0x85, 0xe9, 0x75, 0x12, 0xb9, - 0x09, 0x1b, 0x7e, 0xe1, 0xab, 0x20, 0x6d, 0x71, 0x7e, 0x35, 0xde, 0x0a, 0x86, 0xb4, 0x97, 0x32, - 0x64, 0xfd, 0x04, 0x60, 0x67, 0x2f, 0x0b, 0xe8, 0x4a, 0xb0, 0x57, 0x2e, 0x60, 0x2f, 0x60, 0x55, - 0x5f, 0x0e, 0xeb, 0xc7, 0x32, 0xbc, 0xfd, 0xd5, 0x43, 0xec, 0x67, 0xab, 0x4f, 0xcf, 0xab, 0xc8, - 0x2e, 0x00, 0xd7, 0x5e, 0x23, 0xd3, 0xb4, 0x95, 0x65, 0xda, 0x23, 0x00, 0x6f, 0xed, 0x27, 0x01, - 0xe2, 0x78, 0x28, 0x2a, 0xe8, 0x7f, 0xf3, 0x31, 0x80, 0x4d, 0x82, 0x8f, 0xc6, 0xaa, 0x36, 0x25, - 0x25, 0x6e, 0xe7, 0x2c, 0x37, 0xdb, 0xc7, 0x28, 0x9e, 0x7e, 0x61, 0x2d, 0x44, 0x96, 0xd7, 0x20, - 0xf8, 0x48, 0x86, 0xbc, 0x8a, 0x2b, 0xeb, 0x01, 0xd4, 0x47, 0x53, 0x8c, 0xd2, 0xeb, 0x01, 0x77, - 0x45, 0x1a, 0x59, 0xbf, 0x01, 0xd8, 0xde, 0x55, 0x7d, 0x8d, 0x2d, 0x02, 0xdd, 0x3d, 0x17, 0xc8, - 0x6d, 0x9f, 0xe5, 0x66, 0x4b, 0xbd, 0x44, 0x5e, 0x5b, 0xf3, 0xd0, 0x9f, 0xbd, 0x20, 0xb4, 0xbb, - 0x71, 0x96, 0x9b, 0xba, 0xd2, 0x5e, 0x12, 0x5a, 0xe7, 0x21, 0x7d, 0x2e, 0x20, 0xc9, 0xca, 0x13, - 0x19, 0x54, 0xb1, 0xab, 0xae, 0x31, 0xcb, 0xcd, 0xba, 0x2a, 0x3d, 0x76, 0x96, 0x9b, 0x6f, 0x2b, - 0x0f, 0x73, 0x25, 0xcb, 0xab, 0xab, 0x72, 0x64, 0xd6, 0xef, 0x00, 0xea, 0xfb, 0xf3, 0x5e, 0xfc, - 0x86, 0x60, 0xfe, 0x19, 0x40, 0x7d, 0x79, 0xf0, 0xa8, 0xd4, 0x5b, 0xee, 0x3f, 0xe0, 0xd2, 0xfe, - 0xf3, 0xed, 0xa5, 0x33, 0xae, 0xfc, 0x2a, 0x33, 0xce, 0xad, 0x8a, 0x1a, 0xb9, 0x64, 0xd2, 0x59, - 0xa7, 0x00, 0x9a, 0x0a, 0xcc, 0xf9, 0x21, 0x76, 0x10, 0x85, 0x37, 0xc8, 0xec, 0x77, 0x70, 0x1d, - 0x49, 0xc8, 0x63, 0x5f, 0x86, 0x1e, 0x67, 0x12, 0x92, 0xa2, 0x79, 0x6d, 0xeb, 0xc3, 0xab, 0x5f, - 0xa8, 0xf0, 0x17, 0xef, 0xbc, 0x85, 0x9e, 0x93, 0x30, 0xeb, 0xaf, 0x0a, 0xbc, 0x23, 0x77, 0x98, - 0x21, 0x09, 0x6e, 0x70, 0x58, 0x5f, 0xff, 0x56, 0x53, 0xbb, 0xbe, 0xad, 0x46, 0xbb, 0xb0, 0xd5, - 0x3c, 0x5b, 0x2d, 0xea, 0xcb, 0xab, 0xc5, 0x62, 0x6b, 0x68, 0xbc, 0x60, 0x6b, 0x68, 0xbe, 0x46, - 0x2f, 0x87, 0xab, 0xea, 0xe5, 0xee, 0xd7, 0x27, 0x4f, 0x8d, 0xd2, 0x93, 0xa7, 0x46, 0xe9, 0x97, - 0x99, 0x01, 0x4e, 0x66, 0x06, 0x78, 0x3c, 0x33, 0xc0, 0x3f, 0x33, 0x03, 0xfc, 0x70, 0x6a, 0x94, - 0x1e, 0x9f, 0x1a, 0xa5, 0x27, 0xa7, 0x46, 0xe9, 0x9b, 0xbb, 0x4b, 0x6e, 0x47, 0x94, 0xc5, 0xf7, - 0xe7, 0x0b, 0x6f, 0xd0, 0x7f, 0xa8, 0x16, 0x5f, 0xe9, 0x7a, 0xa2, 0xc9, 0xb5, 0xf7, 0x93, 0xff, - 0x02, 0x00, 0x00, 0xff, 0xff, 0x50, 0x71, 0x76, 0x67, 0x7f, 0x0b, 0x00, 0x00, + // 936 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xd4, 0x56, 0x4f, 0x6f, 0xe3, 0x44, + 0x14, 0xcf, 0xe4, 0x8f, 0xe3, 0xbc, 0x04, 0x08, 0xde, 0xb4, 0x6b, 0xba, 0x60, 0x47, 0x5e, 0xb4, + 0xca, 0x05, 0x87, 0x14, 0x09, 0x01, 0xb7, 0x38, 0x20, 0xd1, 0x15, 0x95, 0x2a, 0x57, 0xd5, 0x4a, + 0x20, 0x11, 0x4d, 0xec, 0x69, 0x62, 0x91, 0x78, 0x22, 0x8f, 0xdd, 0x6e, 0xbf, 0x05, 0x48, 0x88, + 0x13, 0x1f, 0x00, 0xed, 0x05, 0x71, 0xe7, 0x03, 0x54, 0x9c, 0xf6, 0xb8, 0x27, 0xc3, 0xa6, 0x47, + 0x6e, 0x3d, 0x72, 0x42, 0x33, 0xe3, 0x84, 0xb4, 0xbb, 0xcd, 0xee, 0x8a, 0xa6, 0xd2, 0x5e, 0x9c, + 0xbc, 0x79, 0x6f, 0xe6, 0xfd, 0xde, 0x4f, 0x6f, 0xe6, 0xfd, 0xc0, 0xf4, 0x28, 0x9b, 0x1c, 0x63, + 0x36, 0x69, 0x8b, 0xcf, 0x51, 0xa7, 0x3d, 0x8d, 0xe8, 0x94, 0x32, 0x3c, 0xb6, 0xa7, 0x11, 0x8d, + 0xa9, 0x56, 0x9f, 0x07, 0xd8, 0xe2, 0x73, 0xd4, 0xd9, 0x6a, 0x0c, 0xe9, 0x90, 0x0a, 0x67, 0x9b, + 0xff, 0x93, 0x71, 0x5b, 0x06, 0x8f, 0xa3, 0xac, 0x3d, 0xc0, 0x8c, 0xb4, 0x8f, 0x3a, 0x03, 0x12, + 0xe3, 0x4e, 0xdb, 0xa3, 0x41, 0x98, 0xf9, 0xdf, 0x7d, 0x26, 0x51, 0x7c, 0x32, 0x25, 0x4c, 0x7a, + 0xad, 0xbf, 0xf3, 0xf0, 0xf6, 0x7e, 0x4c, 0x23, 0xd2, 0xa3, 0x3e, 0xd9, 0xcb, 0x10, 0x68, 0x0d, + 0x28, 0xc5, 0x41, 0x3c, 0x26, 0x3a, 0x6a, 0xa2, 0x56, 0xc5, 0x95, 0x86, 0xd6, 0x84, 0xaa, 0x4f, + 0x98, 0x17, 0x05, 0xd3, 0x38, 0xa0, 0xa1, 0x9e, 0x17, 0xbe, 0xe5, 0x25, 0x6d, 0x03, 0x94, 0x28, + 0x09, 0xfb, 0x98, 0xe9, 0x05, 0xb9, 0x31, 0x4a, 0xc2, 0x2e, 0xd3, 0x3e, 0x86, 0x37, 0x79, 0xee, + 0xfe, 0xe0, 0x24, 0x26, 0x7d, 0x8f, 0xfa, 0x44, 0x2f, 0x36, 0x51, 0xab, 0xe6, 0xd4, 0x67, 0xa9, + 0x59, 0x7b, 0xd0, 0xdd, 0xdf, 0x75, 0x4e, 0x62, 0x01, 0xc0, 0xad, 0xf1, 0xb8, 0xb9, 0xa5, 0x1d, + 0xc0, 0x66, 0x10, 0xb2, 0x18, 0x87, 0x71, 0x80, 0x63, 0xd2, 0x9f, 0x92, 0x68, 0x12, 0x30, 0xc6, + 0x73, 0x97, 0x9b, 0xa8, 0x55, 0xdd, 0x36, 0xec, 0xcb, 0x1c, 0xd9, 0x5d, 0xcf, 0x23, 0x8c, 0xf5, + 0x68, 0x78, 0x18, 0x0c, 0xdd, 0x8d, 0xa5, 0xdd, 0x7b, 0x8b, 0xcd, 0xda, 0x7b, 0x00, 0x49, 0x38, + 0x0d, 0x42, 0x09, 0x45, 0x6d, 0xa2, 0x96, 0xea, 0x56, 0xc4, 0x8a, 0xc8, 0xba, 0x09, 0x0a, 0xa3, + 0x49, 0xe4, 0x11, 0xbd, 0x22, 0x8a, 0xc8, 0x2c, 0x4d, 0x87, 0xf2, 0x20, 0x09, 0xc6, 0x3e, 0x89, + 0x74, 0x10, 0x8e, 0xb9, 0xa9, 0xdd, 0x81, 0x0a, 0x3f, 0xaa, 0x3f, 0xc2, 0x6c, 0xa4, 0x57, 0x79, + 0x69, 0xae, 0xca, 0x17, 0xbe, 0xc4, 0x6c, 0x74, 0xbf, 0xa8, 0x96, 0xea, 0xca, 0xfd, 0xa2, 0xaa, + 0xd4, 0xcb, 0xd6, 0x1f, 0x79, 0xb8, 0xb3, 0xf3, 0x1f, 0xa6, 0x1e, 0x0d, 0xe3, 0x08, 0x7b, 0xf1, + 0xba, 0x78, 0x6f, 0x40, 0x09, 0xfb, 0x93, 0x20, 0x14, 0x74, 0x57, 0x5c, 0x69, 0x68, 0x77, 0xa1, + 0x2c, 0xd0, 0x06, 0xbe, 0x5e, 0x6a, 0xa2, 0x56, 0xd1, 0x81, 0x59, 0x6a, 0x2a, 0xbc, 0xf4, 0x9d, + 0xcf, 0x5d, 0x85, 0xbb, 0x76, 0x7c, 0xbe, 0x75, 0x8c, 0x07, 0x64, 0xac, 0x2b, 0x72, 0xab, 0x30, + 0xb4, 0x16, 0x14, 0x26, 0x6c, 0x28, 0xd8, 0xaf, 0x39, 0x9b, 0xff, 0xa4, 0xa6, 0xe6, 0xe2, 0xe3, + 0x79, 0x15, 0xbb, 0x84, 0x31, 0x3c, 0x24, 0x2e, 0x0f, 0xd1, 0x30, 0x94, 0x0e, 0x93, 0xd0, 0x67, + 0xba, 0xda, 0x2c, 0xb4, 0xaa, 0xdb, 0xef, 0xd8, 0xb2, 0x4b, 0x6d, 0xde, 0xa5, 0x76, 0xd6, 0xa5, + 0x76, 0x8f, 0x06, 0xa1, 0xf3, 0xe1, 0x69, 0x6a, 0xe6, 0x1e, 0xfd, 0x69, 0xb6, 0x86, 0x41, 0x3c, + 0x4a, 0x06, 0xb6, 0x47, 0x27, 0xed, 0xac, 0xa5, 0xe5, 0xcf, 0x07, 0xcc, 0xff, 0x2e, 0xeb, 0x59, + 0xbe, 0x81, 0xb9, 0xf2, 0x64, 0xeb, 0x77, 0x04, 0xb7, 0x77, 0x83, 0x61, 0x74, 0x9d, 0x44, 0x6e, + 0x81, 0xea, 0x65, 0x67, 0x65, 0xa4, 0x2d, 0xec, 0x97, 0xe3, 0x2d, 0x63, 0x48, 0x79, 0x21, 0x43, + 0xd6, 0x8f, 0x08, 0x1a, 0xfb, 0x89, 0x4f, 0xd7, 0x82, 0xbd, 0x70, 0x09, 0x7b, 0x06, 0xab, 0xf8, + 0x62, 0x58, 0x3f, 0xe4, 0xe1, 0xf6, 0x17, 0x0f, 0x89, 0x97, 0xac, 0xbf, 0x3d, 0x57, 0x91, 0x9d, + 0x01, 0x2e, 0xbd, 0x42, 0xa7, 0x29, 0x6b, 0xeb, 0xb4, 0x9f, 0x11, 0xdc, 0x3a, 0x98, 0xfa, 0x38, + 0x26, 0x5d, 0x7e, 0x83, 0xfe, 0x37, 0x1f, 0x1d, 0xa8, 0x84, 0xe4, 0xb8, 0x2f, 0xef, 0xa6, 0xa0, + 0xc4, 0x69, 0x9c, 0xa7, 0x66, 0xfd, 0x04, 0x4f, 0xc6, 0x9f, 0x59, 0x0b, 0x97, 0xe5, 0xaa, 0x21, + 0x39, 0x16, 0x29, 0x57, 0x71, 0x65, 0x8d, 0x40, 0xeb, 0x8d, 0x09, 0x8e, 0xae, 0x07, 0xdc, 0x8a, + 0x36, 0xb2, 0x7e, 0x45, 0x50, 0xdf, 0x93, 0xcf, 0x24, 0x5b, 0x24, 0xba, 0x77, 0x21, 0x91, 0x53, + 0x3f, 0x4f, 0xcd, 0x9a, 0xac, 0x44, 0x2c, 0x5b, 0xf3, 0xd4, 0x9f, 0x3c, 0x27, 0xb5, 0xb3, 0x79, + 0x9e, 0x9a, 0x9a, 0x8c, 0x5e, 0x72, 0x5a, 0x17, 0x21, 0x7d, 0x0a, 0x6a, 0x76, 0xf3, 0x78, 0x07, + 0x15, 0x5a, 0x45, 0xc7, 0x98, 0xa5, 0x66, 0x59, 0x5e, 0x3d, 0x76, 0x9e, 0x9a, 0x6f, 0xc9, 0x13, + 0xe6, 0x41, 0x96, 0x5b, 0x96, 0xd7, 0x91, 0x59, 0xbf, 0x21, 0xd0, 0x0e, 0xe6, 0x4f, 0xfb, 0x6b, + 0x82, 0xf9, 0x27, 0x04, 0xda, 0xf2, 0x1c, 0x93, 0xad, 0xb7, 0xfc, 0xfe, 0xa0, 0x2b, 0xdf, 0x9f, + 0x6f, 0xae, 0x1c, 0x99, 0xf9, 0x97, 0x19, 0x99, 0x4e, 0x91, 0xdf, 0x91, 0x2b, 0x06, 0xa7, 0x75, + 0x86, 0xc0, 0x94, 0x60, 0x2e, 0x0e, 0xb1, 0xc3, 0x60, 0x78, 0x83, 0xcc, 0x7e, 0x0b, 0x1b, 0x58, + 0x40, 0xee, 0x7b, 0x22, 0x75, 0x3f, 0x11, 0x90, 0x24, 0xcd, 0xd5, 0xed, 0xf7, 0x57, 0x57, 0x28, + 0xf1, 0x67, 0x75, 0xde, 0xc2, 0xcf, 0x78, 0x98, 0xf5, 0xa8, 0x08, 0x77, 0x85, 0x24, 0xea, 0x86, + 0xfe, 0x0d, 0x0e, 0xeb, 0xeb, 0x17, 0x49, 0xa5, 0xeb, 0x13, 0x49, 0xca, 0x65, 0x91, 0xb4, 0x90, + 0x16, 0xe5, 0x65, 0x69, 0xb1, 0x50, 0x0d, 0xea, 0x73, 0x54, 0x43, 0xe5, 0x15, 0xde, 0x72, 0x58, + 0xd7, 0x5b, 0xbe, 0xa4, 0xee, 0xaa, 0x57, 0xa9, 0xbb, 0xda, 0x0a, 0x75, 0xf7, 0xc6, 0x45, 0x75, + 0xe7, 0x7c, 0x75, 0xfa, 0xd4, 0xc8, 0x3d, 0x79, 0x6a, 0xe4, 0x7e, 0x99, 0x19, 0xe8, 0x74, 0x66, + 0xa0, 0xc7, 0x33, 0x03, 0xfd, 0x35, 0x33, 0xd0, 0xf7, 0x67, 0x46, 0xee, 0xf1, 0x99, 0x91, 0x7b, + 0x72, 0x66, 0xe4, 0xbe, 0xbe, 0xb7, 0x84, 0xb2, 0x47, 0xd9, 0xe4, 0xc1, 0x5c, 0x8e, 0xfb, 0xed, + 0x87, 0x52, 0x96, 0x0b, 0xa4, 0x03, 0x45, 0x88, 0xf2, 0x8f, 0xfe, 0x0d, 0x00, 0x00, 0xff, 0xff, + 0x13, 0x9e, 0x35, 0x27, 0x1d, 0x0c, 0x00, 0x00, } func (this *StoreCodeProposal) Equal(that interface{}) bool { @@ -758,6 +777,15 @@ func (this *StoreCodeProposal) Equal(that interface{}) bool { if this.UnpinCode != that1.UnpinCode { return false } + if this.Source != that1.Source { + return false + } + if this.Builder != that1.Builder { + return false + } + if !bytes.Equal(this.CodeHash, that1.CodeHash) { + return false + } return true } @@ -1183,6 +1211,15 @@ func (this *StoreAndInstantiateContractProposal) Equal(that interface{}) bool { return false } } + if this.Source != that1.Source { + return false + } + if this.Builder != that1.Builder { + return false + } + if !bytes.Equal(this.CodeHash, that1.CodeHash) { + return false + } return true } @@ -1206,6 +1243,27 @@ func (m *StoreCodeProposal) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + if len(m.CodeHash) > 0 { + i -= len(m.CodeHash) + copy(dAtA[i:], m.CodeHash) + i = encodeVarintProposal(dAtA, i, uint64(len(m.CodeHash))) + i-- + dAtA[i] = 0x5a + } + if len(m.Builder) > 0 { + i -= len(m.Builder) + copy(dAtA[i:], m.Builder) + i = encodeVarintProposal(dAtA, i, uint64(len(m.Builder))) + i-- + dAtA[i] = 0x52 + } + if len(m.Source) > 0 { + i -= len(m.Source) + copy(dAtA[i:], m.Source) + i = encodeVarintProposal(dAtA, i, uint64(len(m.Source))) + i-- + dAtA[i] = 0x4a + } if m.UnpinCode { i-- if m.UnpinCode { @@ -1836,6 +1894,27 @@ func (m *StoreAndInstantiateContractProposal) MarshalToSizedBuffer(dAtA []byte) _ = i var l int _ = l + if len(m.CodeHash) > 0 { + i -= len(m.CodeHash) + copy(dAtA[i:], m.CodeHash) + i = encodeVarintProposal(dAtA, i, uint64(len(m.CodeHash))) + i-- + dAtA[i] = 0x6a + } + if len(m.Builder) > 0 { + i -= len(m.Builder) + copy(dAtA[i:], m.Builder) + i = encodeVarintProposal(dAtA, i, uint64(len(m.Builder))) + i-- + dAtA[i] = 0x62 + } + if len(m.Source) > 0 { + i -= len(m.Source) + copy(dAtA[i:], m.Source) + i = encodeVarintProposal(dAtA, i, uint64(len(m.Source))) + i-- + dAtA[i] = 0x5a + } if len(m.Funds) > 0 { for iNdEx := len(m.Funds) - 1; iNdEx >= 0; iNdEx-- { { @@ -1965,6 +2044,18 @@ func (m *StoreCodeProposal) Size() (n int) { if m.UnpinCode { n += 2 } + l = len(m.Source) + if l > 0 { + n += 1 + l + sovProposal(uint64(l)) + } + l = len(m.Builder) + if l > 0 { + n += 1 + l + sovProposal(uint64(l)) + } + l = len(m.CodeHash) + if l > 0 { + n += 1 + l + sovProposal(uint64(l)) + } return n } @@ -2276,6 +2367,18 @@ func (m *StoreAndInstantiateContractProposal) Size() (n int) { n += 1 + l + sovProposal(uint64(l)) } } + l = len(m.Source) + if l > 0 { + n += 1 + l + sovProposal(uint64(l)) + } + l = len(m.Builder) + if l > 0 { + n += 1 + l + sovProposal(uint64(l)) + } + l = len(m.CodeHash) + if l > 0 { + n += 1 + l + sovProposal(uint64(l)) + } return n } @@ -2502,6 +2605,104 @@ func (m *StoreCodeProposal) Unmarshal(dAtA []byte) error { } } m.UnpinCode = bool(v != 0) + case 9: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Source", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProposal + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthProposal + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthProposal + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Source = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 10: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Builder", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProposal + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthProposal + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthProposal + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Builder = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 11: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field CodeHash", wireType) + } + var byteLen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProposal + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + byteLen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if byteLen < 0 { + return ErrInvalidLengthProposal + } + postIndex := iNdEx + byteLen + if postIndex < 0 { + return ErrInvalidLengthProposal + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.CodeHash = append(m.CodeHash[:0], dAtA[iNdEx:postIndex]...) + if m.CodeHash == nil { + m.CodeHash = []byte{} + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipProposal(dAtA[iNdEx:]) @@ -4757,6 +4958,104 @@ func (m *StoreAndInstantiateContractProposal) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 11: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Source", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProposal + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthProposal + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthProposal + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Source = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 12: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Builder", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProposal + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthProposal + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthProposal + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Builder = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 13: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field CodeHash", wireType) + } + var byteLen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowProposal + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + byteLen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if byteLen < 0 { + return ErrInvalidLengthProposal + } + postIndex := iNdEx + byteLen + if postIndex < 0 { + return ErrInvalidLengthProposal + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.CodeHash = append(m.CodeHash[:0], dAtA[iNdEx:postIndex]...) + if m.CodeHash == nil { + m.CodeHash = []byte{} + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipProposal(dAtA[iNdEx:]) diff --git a/x/wasm/types/proposal_test.go b/x/wasm/types/proposal_test.go index 245184752b..581ed85d80 100644 --- a/x/wasm/types/proposal_test.go +++ b/x/wasm/types/proposal_test.go @@ -106,6 +106,31 @@ func TestValidateStoreCodeProposal(t *testing.T) { "all good": { src: StoreCodeProposalFixture(), }, + "all good no code verification info": { + src: StoreCodeProposalFixture(func(p *StoreCodeProposal) { + p.Source = "" + p.Builder = "" + p.CodeHash = nil + }), + }, + "source missing": { + src: StoreCodeProposalFixture(func(p *StoreCodeProposal) { + p.Source = "" + }), + expErr: true, + }, + "builder missing": { + src: StoreCodeProposalFixture(func(p *StoreCodeProposal) { + p.Builder = "" + }), + expErr: true, + }, + "code hash missing": { + src: StoreCodeProposalFixture(func(p *StoreCodeProposal) { + p.CodeHash = nil + }), + expErr: true, + }, "with instantiate permission": { src: StoreCodeProposalFixture(func(p *StoreCodeProposal) { accessConfig := AccessTypeOnlyAddress.With(anyAddress) @@ -267,6 +292,31 @@ func TestValidateStoreAndInstantiateContractProposal(t *testing.T) { "all good": { src: StoreAndInstantiateContractProposalFixture(), }, + "all good no code verification info": { + src: StoreAndInstantiateContractProposalFixture(func(p *StoreAndInstantiateContractProposal) { + p.Source = "" + p.Builder = "" + p.CodeHash = nil + }), + }, + "source missing": { + src: StoreAndInstantiateContractProposalFixture(func(p *StoreAndInstantiateContractProposal) { + p.Source = "" + }), + expErr: true, + }, + "builder missing": { + src: StoreAndInstantiateContractProposalFixture(func(p *StoreAndInstantiateContractProposal) { + p.Builder = "" + }), + expErr: true, + }, + "code hash missing": { + src: StoreAndInstantiateContractProposalFixture(func(p *StoreAndInstantiateContractProposal) { + p.CodeHash = nil + }), + expErr: true, + }, "with instantiate permission": { src: StoreAndInstantiateContractProposalFixture(func(p *StoreAndInstantiateContractProposal) { accessConfig := AccessTypeOnlyAddress.With(anyAddress) @@ -647,6 +697,9 @@ func TestProposalStrings(t *testing.T) { Description: Bar Run as: cosmos1qyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqs2m6sx4 WasmCode: 0102030405060708090A + Source: https://example.com/ + Builder: cosmwasm/workspace-optimizer:v0.12.8 + Code Hash: 6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D `, }, "instantiate contract": { @@ -763,6 +816,9 @@ description: Bar run_as: cosmos1qyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqs2m6sx4 wasm_byte_code: AQIDBAUGBwgJCg== instantiate_permission: null +source: https://example.com/ +builder: cosmwasm/workspace-optimizer:v0.12.8 +code_hash: 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d `, }, "instantiate contract": { diff --git a/x/wasm/types/test_fixtures.go b/x/wasm/types/test_fixtures.go index c37b6d9ddf..e62399972f 100644 --- a/x/wasm/types/test_fixtures.go +++ b/x/wasm/types/test_fixtures.go @@ -3,6 +3,7 @@ package types import ( "bytes" "crypto/sha256" + "encoding/hex" "encoding/json" "math/rand" @@ -200,11 +201,21 @@ func MsgExecuteContractFixture(mutators ...func(*MsgExecuteContract)) *MsgExecut func StoreCodeProposalFixture(mutators ...func(*StoreCodeProposal)) *StoreCodeProposal { const anyAddress = "cosmos1qyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqs2m6sx4" + wasm := []byte{0x0} + // got the value from shell sha256sum + codeHash, err := hex.DecodeString("6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D") + if err != nil { + panic(err) + } + p := &StoreCodeProposal{ Title: "Foo", Description: "Bar", RunAs: anyAddress, - WASMByteCode: []byte{0x0}, + WASMByteCode: wasm, + Source: "https://example.com/", + Builder: "cosmwasm/workspace-optimizer:v0.12.8", + CodeHash: codeHash, } for _, m := range mutators { m(p) @@ -260,6 +271,12 @@ func StoreAndInstantiateContractProposalFixture(mutators ...func(p *StoreAndInst } ) const anyAddress = "cosmos1qyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqs2m6sx4" + wasm := []byte{0x0} + // got the value from shell sha256sum + codeHash, err := hex.DecodeString("6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D") + if err != nil { + panic(err) + } initMsgBz, err := json.Marshal(initMsg) if err != nil { @@ -269,7 +286,10 @@ func StoreAndInstantiateContractProposalFixture(mutators ...func(p *StoreAndInst Title: "Foo", Description: "Bar", RunAs: anyAddress, - WASMByteCode: []byte{0x0}, + WASMByteCode: wasm, + Source: "https://example.com/", + Builder: "cosmwasm/workspace-optimizer:v0.12.9", + CodeHash: codeHash, Admin: anyAddress, Label: "testing", Msg: initMsgBz, diff --git a/x/wasm/types/validation.go b/x/wasm/types/validation.go index cf6b1511b2..526a6bf55a 100644 --- a/x/wasm/types/validation.go +++ b/x/wasm/types/validation.go @@ -1,7 +1,11 @@ package types import ( + "fmt" + "net/url" + sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" + "github.com/docker/distribution/reference" ) // MaxSaltSize is the longest salt that can be used when instantiating a contract @@ -49,3 +53,27 @@ func ValidateSalt(salt []byte) error { } return nil } + +// ValidateVerificationInfo ensure source, builder and checksum constraints +func ValidateVerificationInfo(source, builder string, codeHash []byte) error { + // if any set require others to be set + if len(source) != 0 || len(builder) != 0 || codeHash != nil { + if source == "" { + return fmt.Errorf("source is required") + } + if _, err := url.ParseRequestURI(source); err != nil { + return fmt.Errorf("source: %s", err) + } + if builder == "" { + return fmt.Errorf("builder is required") + } + if _, err := reference.ParseDockerRef(builder); err != nil { + return fmt.Errorf("builder: %s", err) + } + if codeHash == nil { + return fmt.Errorf("code hash is required") + } + // code hash checksum match validation is done in the keeper, ungzipping consumes gas + } + return nil +}