Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

XCM: Derive remote accounts according to polkadot standards #2315

Merged
merged 73 commits into from
May 30, 2023
Merged

XCM: Derive remote accounts according to polkadot standards #2315

merged 73 commits into from
May 30, 2023

Conversation

librelois
Copy link
Collaborator

@librelois librelois commented May 25, 2023
edited
Loading

What does it do?

Cherry pick paritytech/polkadot#6662 on our polkadot fork and replace our custom non-standard hash derivation by the new type ForeignChainAliasAccount

⚠️ Breaking Change ⚠️

The DescendOrigin instruction now derives accounts in a different way:

new behavior: blake2_256("ForeignChainAliasAccountPrefix_Para20" | paraId | address | parents)

old behavior: blake2_256("multiloc" | multilocation)

What important points reviewers should know?

Is there something left for follow-up PRs?

What alternative implementations were considered?

Are there relevant PRs or issues in other repositories (Substrate, Polkadot, Frontier, Cumulus)?

What value does it bring to the blockchain users?

nbaztec and others added 30 commits April 1, 2023 14:13
@nbaztec
update to v0.9.40
6d394d0
@nbaztec
update benchmarking weight template
d26b671
@nbaztec
fix build
2821987
@nbaztec
make test compile
1ed2a6d
@crystalin
Includes page heap fixes
fb2df2a
@nbaztec
compile runtime-benchmarks
c9c9faf
@nbaztec
Merge branch 'upgrade-v0.9.40' of github.com:PureStake/moonbeam into …
02b81f3 
…upgrade-v0.9.40
@nbaztec
make warp sync work
2882824
@nbaztec
merge master
7fd8681
@nbaztec
toml sort
a723757
@nbaztec
fix editorconfig
471a4d2
@nbaztec
use new substrate version
e10550f
@nbaztec
fix warp sync
0fb006c
@nbaztec
merge conflicts
7d58b9d
@nbaztec
sort
d76bc6b
@nbaztec
fix --dev
a4b0848
@nbaztec
remove duplicate SetMembersOrigin
0e45f47
@nbaztec
toml-sort
56ae6f8
@nbaztec
remove kitchensink-runtime
0ccee4a
@nbaztec
fix builkd
7da9ed8
@nbaztec
Merge branch 'master' into upgrade-v0.9.40
a1dead6
@nbaztec
use new weights
eea7baa
@nbaztec
Merge branch 'master' into upgrade-v0.9.40
aa5e0cc
@librelois
set manual weights for xcm fungible
8091cee
@nbaztec
use Weight::from_parts
817adaa
@nbaztec
Merge branch 'upgrade-v0.9.40' of github.com:PureStake/moonbeam into …
f329f16 
…upgrade-v0.9.40
@nbaztec
use 0 pov_size for ref_time weight
d41c37a
@nbaztec
update nimbus
6dbca4e
@nbaztec
exclude generated weight files from editorconfig
d8136c1
@nbaztec
fmt
5e801c5
@librelois librelois added B7-runtimenoteworthy Changes should be noted in any runtime-upgrade release notes D5-nicetohaveaudit⚠️ PR contains trivial changes to logic that should be properly reviewed. breaking Needs to be mentioned in breaking changes labels May 25, 2023
@librelois librelois changed the base branch from master to upgrade-v0.9.40 May 25, 2023 06:57
Base automatically changed from upgrade-v0.9.40 to master May 25, 2023 12:28
@github-actions
Copy link
Contributor

github-actions bot commented May 25, 2023
edited
Loading

Coverage generated "Thu May 25 14:39:08 UTC 2023":
https://s3.amazonaws.com/moonbeam-coverage/pulls/2315/html/index.html

Master coverage: 70.88%
Pull coverage: 70.88%

@librelois librelois marked this pull request as ready for review May 25, 2023 14:12
notlesh
notlesh reviewed May 25, 2023
View reviewed changes
primitives/account/src/lib.rs
Comment on lines +76 to +82
impl From<[u8; 32]> for AccountId20 {
fn from(bytes: [u8; 32]) -> Self {
let mut buffer = [0u8; 20];
buffer.copy_from_slice(&bytes[..20]);
Self(buffer)
}
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this could be misleading to put here because there are many (most) cases where we don't want to create and use an AccountId20 from an arbitrary 32-byte array.

Whenever we use an AccountId20 in a trusted way, it's important that it come from something that a user either doesn't have influence over or is extremely hard to guess (e.g. guessing random private keys). I worry that putting this simple conversion could lead to misuse by using an AccountId20 that was generated from an insecure source of bytes.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall you are right, but this conversion is only made because the conversion built by polkadot works with 32 byte accounts, so we need to pass from there to a 20 byte account.

This has no security concerns because the 32 byte account is derived with a hash in the first place.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The particular usage of it isn't what concerns me, it's having it in the first place. Couldn't we create a fn that needs to be explicitly called, something like unsafe_from_bytes_32 or from_known_secure_bytes or something like that? Doing so would obviously avoid any possible confusion.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Or is there a requirement that there be a From impl for it to work?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@notlesh the From<[u8; 32]> impl is a requirement from ForeignChainAliasAccount, it can't compile without it

Agusrodri
Agusrodri reviewed May 26, 2023
View reviewed changes
tests/util/xcm.ts
...new Uint8Array([32]),
...new TextEncoder().encode("multiloc"),
...derivedMultiLocation.toU8a(),
...new TextEncoder().encode("ForeignChainAliasAccountPrefix_Para32"),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What happens if we need to test the conversion of an address coming from the relay? Shouldn't we add an extra method (e.g descendOriginFromRelay) for that? And include the ForeignChainAliasAccountPrefix_Relay.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Agusrodri, yes we will need to add a new helper function descendOriginFromRelay

@librelois librelois merged commit a59057c into master May 30, 2023
@librelois librelois deleted the elois-xcm-account-derivation branch May 30, 2023 08:33
timbrinded pushed a commit that referenced this pull request Jun 2, 2023
@librelois @nbaztec
@crystalin @girazoki @tgmichel @timbrinded
XCM: Derive remote accounts according to polkadot standards (#2315)
4db1ed0 
* update to v0.9.40

* update benchmarking weight template

* fix build

* make test compile

* Includes page heap fixes

* compile runtime-benchmarks

* make warp sync work

* toml sort

* fix editorconfig

* use new substrate version

* fix warp sync

* sort

* fix --dev

* remove duplicate SetMembersOrigin

* toml-sort

* remove kitchensink-runtime

* fix builkd

* use new weights

* set manual weights for xcm fungible

* use Weight::from_parts

* use 0 pov_size for ref_time weight

* update nimbus

* exclude generated weight files from editorconfig

* fmt

* fmt

* fix rust tests

* fix import

* fix tests

* use Weight part pov_size to 0

* make dalek test work

* fix transfer tests

* use BoundedVec for auto compound delegations

* fix modexp test

* fix modexp test

* fix tests

* fix weight tests

* fix staking tests via chunking

* fix modexp test

* fix lint and test

* fix rust weight tests

* fix partial ts tests

* temp fix for xcm v2

* Fixes weight until benchmarking is fixed

* set manual weight, fix ts tests

* Adds temp hack for xcm tests

* Use RefundSurplus as the no-op for saturating the queue, which does not have pov

* Update evm to 0.39

* Revert "Update evm to 0.39"

This reverts commit 882b85e.

* upgrade polkadot for better support of xcm v2

* prettier

* prettier

* Revert temp fix for XCM weight

* upgrade polkadot fork

* Fixing hrmp-mock tests

* clean up

* update polkadot fork to expose ForeignChainAliasAccount

* Generate remote accounts according to polkadot standards

* prettier

* fix rust test

* ts tests first pass

---------

Co-authored-by: Nisheeth Barthwal <nbaztec@gmail.com>
Co-authored-by: crystalin <alan.sapede@gmail.com>
Co-authored-by: girazoki <gorka.irazoki@gmail.com>
Co-authored-by: tgmichel <telmo@purestake.com>
@notlesh notlesh added D1-audited👍 PR contains changes to fund-managing logic that has been properly reviewed and externally audited and removed D5-nicetohaveaudit⚠️ PR contains trivial changes to logic that should be properly reviewed. labels Aug 16, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Agusrodri Agusrodri Agusrodri left review comments

@notlesh notlesh notlesh left review comments

@girazoki girazoki girazoki approved these changes

@tgmichel tgmichel Awaiting requested review from tgmichel

Assignees
No one assigned
Labels
B7-runtimenoteworthy Changes should be noted in any runtime-upgrade release notes breaking Needs to be mentioned in breaking changes D1-audited👍 PR contains changes to fund-managing logic that has been properly reviewed and externally audited
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@librelois @notlesh @girazoki @Agusrodri @nbaztec @crystalin @tgmichel