Merge branch 'CosmWasm:master' into ica-45

CHANGELOG.md

@@ -2,7 +2,20 @@
 
 ## [Unreleased](https://github.com/CosmWasm/wasmd/tree/HEAD)
 
-[Full Changelog](https://github.com/CosmWasm/wasmd/compare/v0.24.0...master)
+[Full Changelog](https://github.com/CosmWasm/wasmd/compare/v0.25.0...master)
+
+## [v0.25.0](https://github.com/CosmWasm/wasmd/tree/v0.25.0) (2022-04-06)
+
+**API Breaking**
+- Upgrade wasmvm to v1.0.0-beta10 [\#790](https://github.com/CosmWasm/wasmd/pull/790), [\#800](https://github.com/CosmWasm/wasmd/pull/800)
+
+**Implemented Enhancements**
+- Fix: close iterators [\#792](https://github.com/CosmWasm/wasmd/pull/792)
+- Use callback pattern for contract state iterator [\#794](https://github.com/CosmWasm/wasmd/pull/794)
+- Bump github.com/stretchr/testify from 1.7.0 to 1.7.1 [\#787](https://github.com/CosmWasm/wasmd/pull/787)
+- Bump github.com/cosmos/ibc-go/v2 from 2.0.3 to 2.2.0 [\#786](https://github.com/CosmWasm/wasmd/pull/786)
+
+[Full Changelog](https://github.com/CosmWasm/wasmd/compare/v0.24.0...v0.25.0)
 
 ## [v0.24.0](https://github.com/CosmWasm/wasmd/tree/v0.24.0) (2022-03-09)
 

Dockerfile

@@ -1,6 +1,7 @@
 # docker build . -t cosmwasm/wasmd:latest
 # docker run --rm -it cosmwasm/wasmd:latest /bin/sh
 FROM golang:1.17-alpine3.15 AS go-builder
+ARG arch=x86_64
 
 # this comes from standard alpine nightly file
 # https://github.com/rust-lang/docker-rust-nightly/blob/master/alpine3.12/Dockerfile
@@ -15,11 +16,18 @@ WORKDIR /code
 COPY . /code/
 
 # See https://github.com/CosmWasm/wasmvm/releases
-ADD https://github.com/CosmWasm/wasmvm/releases/download/v1.0.0-beta7/libwasmvm_muslc.a /lib/libwasmvm_muslc.a
-RUN sha256sum /lib/libwasmvm_muslc.a | grep d0152067a5609bfdfb3f0d5d6c0f2760f79d5f2cd7fd8513cafa9932d22eb350
+ADD https://github.com/CosmWasm/wasmvm/releases/download/v1.0.0-beta10/libwasmvm_muslc.aarch64.a /lib/libwasmvm_muslc.aarch64.a
+ADD https://github.com/CosmWasm/wasmvm/releases/download/v1.0.0-beta10/libwasmvm_muslc.x86_64.a /lib/libwasmvm_muslc.x86_64.a
+RUN sha256sum /lib/libwasmvm_muslc.aarch64.a | grep 5b7abfdd307568f5339e2bea1523a6aa767cf57d6a8c72bc813476d790918e44
+RUN sha256sum /lib/libwasmvm_muslc.x86_64.a | grep 2f44efa9c6c1cda138bd1f46d8d53c5ebfe1f4a53cf3457b01db86472c4917ac
+
+# Copy the library you want to the final location that will be found by the linker flag `-lwasmvm_muslc`
+RUN cp /lib/libwasmvm_muslc.${arch}.a /lib/libwasmvm_muslc.a
 
 # force it to use static lib (from above) not standard libgo_cosmwasm.so file
-RUN LEDGER_ENABLED=false BUILD_TAGS=muslc make build
+RUN LEDGER_ENABLED=false BUILD_TAGS=muslc LINK_STATICALLY=true make build
+RUN echo "Ensuring binary is statically linked ..." \
+ && (file /code/build/wasmd | grep "statically linked")
 
 # --------------------------------------------------------
 FROM alpine:3.15

Makefile

@@ -65,6 +65,9 @@ ldflags = -X github.com/cosmos/cosmos-sdk/version.Name=wasm \
 ifeq ($(WITH_CLEVELDB),yes)
  ldflags += -X github.com/cosmos/cosmos-sdk/types.DBBackend=cleveldb
 endif
+ifeq ($(LINK_STATICALLY),true)
+ ldflags += -linkmode=external -extldflags "-Wl,-z,muldefs -static"
+endif
 ldflags += $(LDFLAGS)
 ldflags := $(strip $(ldflags))
 

SECURITY.md

@@ -1,39 +1,13 @@
 # Security Policy
 
-## Reporting a Vulnerability
-
-Please report any security issues via email to security@confio.gmbh. 
-
-You will receive a response from us within 2 working days. If the issue is confirmed, we will release a patch as soon as possible depending on complexity but historically within a few days.
-
-Please avoid opening public issues on GitHub that contain information about a potential security vulnerability as this makes it difficult to reduce the impact and harm of valid security issues.
+This repository is maintained by Confio as part of the CosmWasm stack.
+Please see https://github.com/CosmWasm/advisories/blob/main/SECURITY.md
+for our security policy.
 
 ## Supported Versions
 
 This is alpha software, do not run on a production system. Notably, we currently provide no migration path not even "dump state and restart" to move to future versions.
 
-We will have a stable v0.x version before the final v1.0.0 version with the same API as the v1.0 version in order to run last testnets and manual testing on it. We have not yet committed to that version number. wasmd 0.22 will support Cosmos SDK 0.44/0.45 and should be quite close to a final API, minus some minor details.
+We will have a stable v0.x version before the final v1.0.0 version with the same API as the v1.0 version in order to run last testnets and manual testing on it. We have not yet committed to that version number. wasmd 0.25 will support Cosmos SDK 0.44/0.45 and should be quite close to a final API, minus some minor details.
 
 Our v1.0.0 release plans were also delayed by upstream release cycles, and we have continued to refine APIs while we can.
-
-## Coordinated Vulnerability Disclosure Policy
-
-We ask security researchers to keep vulnerabilities and communications around vulnerability submissions private and confidential until a patch is developed. In addition to this, we ask that you:
-
- - Allow us a reasonable amount of time to correct or address security vulnerabilities.
- - Avoid exploiting any vulnerabilities that you discover.
- - Demonstrate good faith by not disrupting or degrading services built on top of this software.
-
-## Vulnerability Disclosure Process
-
-Confio uses the following disclosure process for the various CosmWasm-related repos:
-
- - Once a security report is received, the core development team works to verify the issue.
- - Patches are prepared for eligible releases in private repositories.
- - We notify the community that a security release is coming, to give users time to prepare their systems for the update. Notifications can include Discord messages, tweets, and emails to partners and validators. Please also see [CosmWasm/advisories](https://github.com/CosmWasm/advisories) if you want to receive notifications.
- - No less than 24 hours following this notification, the fixes are applied publicly and new releases are issued.
- - Once releases are available, we notify the community, again, through the same channels as above.
- - Once the patches have been properly rolled out, we will publish a post with further details on the vulnerability as well as our response to it.
- - Note that we are working on a concept for bug bounties and they are not currently available.
-
- This process can take some time. Every effort will be made to handle the bug as quickly and thoroughly as possible. However, it's important that we follow the process described above to ensure that disclosures are handled consistently and to keep this codebase and the projects that depend on them secure.

go.mod

@@ -3,7 +3,7 @@ module github.com/CosmWasm/wasmd
 go 1.17
 
 require (
- github.com/CosmWasm/wasmvm v1.0.0-beta7
+ github.com/CosmWasm/wasmvm v1.0.0-beta10
  github.com/cosmos/cosmos-sdk v0.45.1
  github.com/cosmos/iavl v0.17.3
  github.com/cosmos/ibc-go/v3 v3.0.0

go.sum

@@ -70,8 +70,8 @@ github.com/BurntSushi/toml v1.0.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbi
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/ChainSafe/go-schnorrkel v0.0.0-20200405005733-88cbf1b4c40d h1:nalkkPQcITbvhmL4+C4cKA87NW0tfm3Kl9VXRoPywFg=
 github.com/ChainSafe/go-schnorrkel v0.0.0-20200405005733-88cbf1b4c40d/go.mod h1:URdX5+vg25ts3aCh8H5IFZybJYKWhJHYMTnf+ULtoC4=
-github.com/CosmWasm/wasmvm v1.0.0-beta7 h1:hCa6P8tUTh8viabzeXfede5iPlopSav9Guh+hupXjvU=
-github.com/CosmWasm/wasmvm v1.0.0-beta7/go.mod h1:y+yd9piV8KlrB7ISRZz1sDwH4UVm4Q9rEX9501dBNog=
+github.com/CosmWasm/wasmvm v1.0.0-beta10 h1:N99+PRcrh4FeDP1xQuJGaAsr+7U+TZAHKG8mybnAsKU=
+github.com/CosmWasm/wasmvm v1.0.0-beta10/go.mod h1:y+yd9piV8KlrB7ISRZz1sDwH4UVm4Q9rEX9501dBNog=
 github.com/DATA-DOG/go-sqlmock v1.5.0/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q5eFN3EC/SaM=
 github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
 github.com/DataDog/zstd v1.4.1/go.mod h1:1jcaCB/ufaK+sKp1NBhlGmpz41jOoPQ35bpF36t7BBo=

x/wasm/Governance.md

@@ -57,18 +57,110 @@ See [params.go](https://github.com/CosmWasm/wasmd/blob/master/x/wasm/types/param
  },
  "instantiate_default_permission": "Everybody"
  }
- },
+ }, 
 ```
 
 The values can be updated via gov proposal implemented in the `params` module.
 
+### Update Params Via [ParamChangeProposal](https://github.com/cosmos/cosmos-sdk/blob/v0.45.3/proto/cosmos/params/v1beta1/params.proto#L10)
+Example to submit a parameter change gov proposal:
+```sh
+wasmd tx gov submit-proposal param-change <proposal-json-file> --from validator --chain-id=testing -b block
+```
+#### Content examples
+* Disable wasm code uploads
+```json
+{
+ "title": "Foo",
+ "description": "Bar",
+ "changes": [
+ {
+ "subspace": "wasm",
+ "key": "uploadAccess",
+ "value": {
+ "permission": "Nobody"
+ }
+ }
+ ],
+ "deposit": ""
+}
+```
+* Allow wasm code uploads for everybody
+```json
+{
+ "title": "Foo",
+ "description": "Bar",
+ "changes": [
+ {
+ "subspace": "wasm",
+ "key": "uploadAccess",
+ "value": {
+ "permission": "Everybody"
+ }
+ }
+ ],
+ "deposit": ""
+}
+```
+
+* Restrict code uploads to a single address
+```json
+{
+ "title": "Foo",
+ "description": "Bar",
+ "changes": [
+ {
+ "subspace": "wasm",
+ "key": "uploadAccess",
+ "value": {
+ "permission": "OnlyAddress",
+ "address": "cosmos1qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq0fr2sh"
+ }
+ }
+ ],
+ "deposit": ""
+}
+```
+* Set chain **default** instantiation settings to nobody
+```json
+{
+ "title": "Foo",
+ "description": "Bar",
+ "changes": [
+ {
+ "subspace": "wasm",
+ "key": "instantiateAccess",
+ "value": "Nobody"
+ }
+ ],
+ "deposit": ""
+}
+```
+* Set chain **default** instantiation settings to everybody
+```json
+{
+ "title": "Foo",
+ "description": "Bar",
+ "changes": [
+ {
+ "subspace": "wasm",
+ "key": "instantiateAccess",
+ "value": "Everybody"
+ }
+ ],
+ "deposit": ""
+}
+```
+
 ### Enable gov proposals at **compile time**. 
-As gov proposals bypass the existing authorzation policy they are diabled and require to be enabled at compile time. 
+As gov proposals bypass the existing authorization policy they are disabled and require to be enabled at compile time. 
 ```
 -X github.com/CosmWasm/wasmd/app.ProposalsEnabled=true - enable all x/wasm governance proposals (default false)
 -X github.com/CosmWasm/wasmd/app.EnableSpecificProposals=MigrateContract,UpdateAdmin,ClearAdmin - enable a subset of the x/wasm governance proposal types (overrides ProposalsEnabled)
 ```
 
+The `ParamChangeProposal` is always enabled.
+
 ### Tests
 * [params validation unit tests](https://github.com/CosmWasm/wasmd/blob/master/x/wasm/types/params_test.go)
 * [genesis validation tests](https://github.com/CosmWasm/wasmd/blob/master/x/wasm/types/genesis_test.go)

x/wasm/keeper/events_test.go

@@ -183,6 +183,13 @@ func TestNewCustomEvents(t *testing.T) {
  sdk.NewAttribute("_contract_address", myContract.String()),
  sdk.NewAttribute("my Key", "myVal"))},
  },
+ "empty event elements": {
+ src: make(wasmvmtypes.Events, 10),
+ isError: true,
+ },
+ "nil": {
+ exp: sdk.Events{},
+ },
  }
  for name, spec := range specs {
  t.Run(name, func(t *testing.T) {
@@ -240,6 +247,15 @@ func TestNewWasmModuleEvent(t *testing.T) {
  sdk.NewAttribute("_contract_address", myContract.String()),
  sdk.NewAttribute("my-real-key", "some-val"))},
  },
+ "empty elements": {
+ src: make([]wasmvmtypes.EventAttribute, 10),
+ isError: true,
+ },
+ "nil": {
+ exp: sdk.Events{sdk.NewEvent("wasm",
+ sdk.NewAttribute("_contract_address", myContract.String()),
+ )},
+ },
  }
  for name, spec := range specs {
  t.Run(name, func(t *testing.T) {

x/wasm/keeper/gas_register_test.go

@@ -283,6 +283,26 @@ func TestReplyCost(t *testing.T) {
  srcConfig: DefaultGasRegisterConfig(),
  exp: sdk.Gas(DefaultInstanceCost + 3*DefaultContractMessageDataCost),
  },
+ "subcall response with empty events": {
+ src: wasmvmtypes.Reply{
+ Result: wasmvmtypes.SubcallResult{
+ Ok: &wasmvmtypes.SubcallResponse{
+ Events: make([]wasmvmtypes.Event, 10),
+ },
+ },
+ },
+ srcConfig: DefaultGasRegisterConfig(),
+ exp: DefaultInstanceCost,
+ },
+ "subcall response with events unset": {
+ src: wasmvmtypes.Reply{
+ Result: wasmvmtypes.SubcallResult{
+ Ok: &wasmvmtypes.SubcallResponse{},
+ },
+ },
+ srcConfig: DefaultGasRegisterConfig(),
+ exp: DefaultInstanceCost,
+ },
  }
  for name, spec := range specs {
  t.Run(name, func(t *testing.T) {
@@ -298,6 +318,33 @@ func TestReplyCost(t *testing.T) {
  }
 }
 
+func TestEventCosts(t *testing.T) {
+ // most cases are covered in TestReplyCost already. This ensures some edge cases
+ specs := map[string]struct {
+ srcAttrs []wasmvmtypes.EventAttribute
+ srcEvents wasmvmtypes.Events
+ expGas sdk.Gas
+ }{
+ "empty events": {
+ srcEvents: make([]wasmvmtypes.Event, 1),
+ expGas: DefaultPerCustomEventCost,
+ },
+ "empty attributes": {
+ srcAttrs: make([]wasmvmtypes.EventAttribute, 1),
+ expGas: DefaultPerAttributeCost,
+ },
+ "both nil": {
+ expGas: 0,
+ },
+ }
+ for name, spec := range specs {
+ t.Run(name, func(t *testing.T) {
+ gotGas := NewDefaultWasmGasRegister().EventCosts(spec.srcAttrs, spec.srcEvents)
+ assert.Equal(t, spec.expGas, gotGas)
+ })
+ }
+}
+
 func TestToWasmVMGasConversion(t *testing.T) {
  specs := map[string]struct {
  src storetypes.Gas

x/wasm/keeper/genesis.go

@@ -102,23 +102,18 @@ func ExportGenesis(ctx sdk.Context, keeper *Keeper) *types.GenesisState {
  })
 
  keeper.IterateContractInfo(ctx, func(addr sdk.AccAddress, contract types.ContractInfo) bool {
- contractStateIterator := keeper.GetContractState(ctx, addr)
  var state []types.Model
- for ; contractStateIterator.Valid(); contractStateIterator.Next() {
- m := types.Model{
- Key: contractStateIterator.Key(),
- Value: contractStateIterator.Value(),
- }
- state = append(state, m)
- }
+ keeper.IterateContractState(ctx, addr, func(key, value []byte) bool {
+ state = append(state, types.Model{Key: key, Value: value})
+ return false
+ })
  // redact contract info
  contract.Created = nil
  genState.Contracts = append(genState.Contracts, types.Contract{
  ContractAddress: addr.String(),
  ContractInfo: contract,
  ContractState: state,
  })
-
  return false
  })
 

x/wasm/keeper/genesis_test.go

@@ -113,14 +113,17 @@ func TestGenesisExportImport(t *testing.T) {
  wasmKeeper.IterateContractInfo(srcCtx, func(address sdk.AccAddress, info wasmTypes.ContractInfo) bool {
  wasmKeeper.removeFromContractCodeSecondaryIndex(srcCtx, address, wasmKeeper.getLastContractHistoryEntry(srcCtx, address))
  prefixStore := prefix.NewStore(srcCtx.KVStore(wasmKeeper.storeKey), types.GetContractCodeHistoryElementPrefix(address))
- for iter := prefixStore.Iterator(nil, nil); iter.Valid(); iter.Next() {
+ iter := prefixStore.Iterator(nil, nil)
+
+ for ; iter.Valid(); iter.Next() {
  prefixStore.Delete(iter.Key())
  }
  x := &info
  newHistory := x.ResetFromGenesis(dstCtx)
  wasmKeeper.storeContractInfo(srcCtx, address, x)
  wasmKeeper.addToContractCodeSecondaryIndex(srcCtx, address, newHistory)
  wasmKeeper.appendToContractHistory(srcCtx, address, newHistory)
+ iter.Close()
  return false
  })
 
@@ -145,6 +148,8 @@ func TestGenesisExportImport(t *testing.T) {
  if !assert.False(t, dstIT.Valid()) {
  t.Fatalf("dest Iterator still has key :%X", dstIT.Key())
  }
+ srcIT.Close()
+ dstIT.Close()
  }
 }