feat: Provide source, builder and codehash information in store code proposal message #1072
Conversation
x/wasm/types/proposal.pb.go
Outdated
| } | ||
|
|
||
| func (m *StoreCodeProposal) Reset() { *m = StoreCodeProposal{} } | ||
| func (*StoreCodeProposal) ProtoMessage() {} | ||
| func (*StoreCodeProposal) Descriptor() ([]byte, []int) { | ||
| return fileDescriptor_be6422d717c730cb, []int{0} | ||
| } | ||
|
|
There was a problem hiding this comment.
I've used make proto-gen to generate proto code. All proto files had these formatting changes, reverted them.
There was a problem hiding this comment.
Please use make proto-all which also runs the formatter (make format)
Codecov Report
@@ Coverage Diff @@
## main #1072 +/- ##
==========================================
+ Coverage 59.80% 59.94% +0.14%
==========================================
Files 54 54
Lines 7306 7373 +67
==========================================
+ Hits 4369 4420 +51
- Misses 2621 2632 +11
- Partials 316 321 +5
|
There was a problem hiding this comment.
Thanks for bringing this topic up and this very nice PR 💐
I think validators have a hard time to verify a StoreCodeProposal currently. Providing additional data for this process can help with to build better tooling on the client side.
Nevertheless the data needs to be specified well and be verified, so that the expectations for everybody are the same.
We also need to support a transition period (on the server side) where fields are empty to not break execution of existing in flight proposals.
x/wasm/keeper/proposal_handler.go
Outdated
| if err != nil { | ||
| return err | ||
| } | ||
|
|
||
| if !bytes.Equal(checksum, p.CodeHash) { |
There was a problem hiding this comment.
There may be in flight proposals without this data. It would be good to not enforce the check when p.CodeHash is empty
There was a problem hiding this comment.
I think you got me wrong. if !bytes.Equal(checksum, p.CodeHash) makes a lot of sense and ensures consistency of the proposal. Please add it back but with a if p.CodeHash != nil && !bytes.Equal(checksum, p.CodeHash) so that it works for old in flight proposals (without the new fields) , too.
x/wasm/types/proposal.go
Outdated
| @@ -113,6 +113,16 @@ func (p StoreCodeProposal) ValidateBasic() error { | |||
| return sdkerrors.Wrap(err, "instantiate permission") | |||
| } | |||
| } | |||
|
|
|||
| if len(p.Source) == 0 { | |||
There was a problem hiding this comment.
As mentioned above, these fields should be optional on the server side to support a transition period for in flight proposals.
But there is no problem to enforce checks on the CLI before submitting a proposal.
There can be stronger constraints on the expected data (when set).
x/wasm/client/cli/tx_test.go
Outdated
| args: []string{"--source=bar", "--builder=foo"}, | ||
| expErr: true, | ||
| }, | ||
| "happy path": { |
There was a problem hiding this comment.
I am getting an error here that I could not solve.
The hash generated on 76th line and in parseStoreCodeArgs do not match. I decided to not get stuck and ask help from your elven 👀 @alpe here.
There was a problem hiding this comment.
I have commented on parseStoreCodeArgs which contains a 🐛
proto/cosmwasm/wasm/v1/tx.proto
Outdated
| @@ -41,7 +41,16 @@ message MsgStoreCode { | |||
| // InstantiatePermission access control to apply on contract creation, | |||
| // optional | |||
| AccessConfig instantiate_permission = 5; | |||
| // Source is a valid absolute HTTPS URI to the contract's source code, | |||
There was a problem hiding this comment.
The original intend as I understood it, was to add this metadata to the gov process where it made sense for me. Not sure about the TX though as they were not used proper in the past. Let's focus on the gov process in this PR and open a ticket for the TX to discuss, if you like.
x/wasm/client/cli/tx_test.go
Outdated
| args: []string{"--source=bar", "--builder=foo"}, | ||
| expErr: true, | ||
| }, | ||
| "happy path": { |
There was a problem hiding this comment.
I have commented on parseStoreCodeArgs which contains a 🐛
x/wasm/client/cli/tx_test.go
Outdated
| "happy path": { | ||
| args: []string{"--source=bar", "--builder=foo", "--code-hash=" + checksumStr}, | ||
| expErr: false, | ||
| }, |
There was a problem hiding this comment.
Please add a case where the source file is zipped so that you are not running into a problem when comparing the hash
|
fyi: @pinosu is working on the StoreAndInstantiateProposal that would also benefit from the new fields |
|
@alpe I got carried away with other tasks, I will finish this today/tomorrow thanks! |
orkunkl
force-pushed
the
store-prop-codehash-check
branch
from
50904e6
to
b102cfa
Compare
orkunkl
force-pushed
the
store-prop-codehash-check
branch
from
b102cfa
to
477e8d9
Compare
orkunkl
force-pushed
the
store-prop-codehash-check
branch
from
477e8d9
to
151d18e
Compare
There was a problem hiding this comment.
Thanks for the updates. Good progress! 🤾♂️
As I had mentioned before, I would like to have some good data validation on the new fields (when set) so that we ensure they won't break clients easily.
Also the StoreAndInstantiateContractProposal was merged to main meanwhile. This proposal would require the fields as well
Co-authored-by: Alexander Peters <alpe@users.noreply.github.com>
Bumps [github.com/cosmos/gogoproto](https://github.com/cosmos/gogoproto) from 1.4.2 to 1.4.3. - [Release notes](https://github.com/cosmos/gogoproto/releases) - [Changelog](https://github.com/cosmos/gogoproto/blob/main/CHANGELOG.md) - [Commits](cosmos/gogoproto@v1.4.2...v1.4.3) --- updated-dependencies: - dependency-name: github.com/cosmos/gogoproto dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* Enable larger wasm bytecode upload for gov proposals * Set max proposal wasm code size to 3MB
* bump go 1.19 * add change log * correct change log
|
Maybe best to wrap source, builder and code hash information under |
|
@Mergifyio rebase |
* main: Upgrade to IBC v4.2.0 with interchain-accounts v0.2.4 (#1088)
|
SonarCloud Quality Gate failed.
|
| // if any set require others to be set | ||
| if len(source) != 0 || len(builder) != 0 || codeHash != nil { | ||
| if source == "" { | ||
| return fmt.Errorf("source is required") |
There was a problem hiding this comment.
nit:
| return fmt.Errorf("source is required") | |
| return ErrEmpty.Wrap("source:) |
There was a problem hiding this comment.
The sdk package comes with some nice error support. Next time, please use them instead
…proposal message (CosmWasm#1072) * Provide source, builder and codehash information in store code proposal message * Make linter happy * Update x/wasm/simulation/proposals.go Co-authored-by: Alexander Peters <alpe@users.noreply.github.com> * Update x/wasm/client/cli/gov_tx.go * Update x/wasm/client/cli/gov_tx.go * Bump github.com/cosmos/gogoproto from 1.4.2 to 1.4.3 Bumps [github.com/cosmos/gogoproto](https://github.com/cosmos/gogoproto) from 1.4.2 to 1.4.3. - [Release notes](https://github.com/cosmos/gogoproto/releases) - [Changelog](https://github.com/cosmos/gogoproto/blob/main/CHANGELOG.md) - [Commits](cosmos/gogoproto@v1.4.2...v1.4.3) --- updated-dependencies: - dependency-name: github.com/cosmos/gogoproto dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Update authz grant examples * Enable larger wasm bytecode upload for gov proposals (CosmWasm#1095) * Enable larger wasm bytecode upload for gov proposals * Set max proposal wasm code size to 3MB * Bump SDK to v0.45.11 * Fix license head * Fix README header * Bump version go to 1.19 (CosmWasm#1044) * bump go 1.19 * add change log * correct change log * Provide source, builder and codehash information in store code proposal message * Implement source, builder, code_info for StoreAndInstantiateProposal * Apply review recommendations * Make linter happy * Fix tests * Formatting only Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Alexander Peters <alpe@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Giancarlos Salas <giansalex@gmail.com> Co-authored-by: pinosu <95283998+pinosu@users.noreply.github.com> Co-authored-by: GNaD13 <89174180+GNaD13@users.noreply.github.com>
|
Incredibly important work. Thank you! |
…proposal message (CosmWasm#1072) * Provide source, builder and codehash information in store code proposal message * Make linter happy * Update x/wasm/simulation/proposals.go Co-authored-by: Alexander Peters <alpe@users.noreply.github.com> * Update x/wasm/client/cli/gov_tx.go * Update x/wasm/client/cli/gov_tx.go * Bump github.com/cosmos/gogoproto from 1.4.2 to 1.4.3 Bumps [github.com/cosmos/gogoproto](https://github.com/cosmos/gogoproto) from 1.4.2 to 1.4.3. - [Release notes](https://github.com/cosmos/gogoproto/releases) - [Changelog](https://github.com/cosmos/gogoproto/blob/main/CHANGELOG.md) - [Commits](cosmos/gogoproto@v1.4.2...v1.4.3) --- updated-dependencies: - dependency-name: github.com/cosmos/gogoproto dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Update authz grant examples * Enable larger wasm bytecode upload for gov proposals (CosmWasm#1095) * Enable larger wasm bytecode upload for gov proposals * Set max proposal wasm code size to 3MB * Bump SDK to v0.45.11 * Fix license head * Fix README header * Bump version go to 1.19 (CosmWasm#1044) * bump go 1.19 * add change log * correct change log * Provide source, builder and codehash information in store code proposal message * Implement source, builder, code_info for StoreAndInstantiateProposal * Apply review recommendations * Make linter happy * Fix tests * Formatting only Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Alexander Peters <alpe@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Giancarlos Salas <giansalex@gmail.com> Co-authored-by: pinosu <95283998+pinosu@users.noreply.github.com> Co-authored-by: GNaD13 <89174180+GNaD13@users.noreply.github.com>
…proposal message (CosmWasm#1072) * Provide source, builder and codehash information in store code proposal message * Make linter happy * Update x/wasm/simulation/proposals.go Co-authored-by: Alexander Peters <alpe@users.noreply.github.com> * Update x/wasm/client/cli/gov_tx.go * Update x/wasm/client/cli/gov_tx.go * Bump github.com/cosmos/gogoproto from 1.4.2 to 1.4.3 Bumps [github.com/cosmos/gogoproto](https://github.com/cosmos/gogoproto) from 1.4.2 to 1.4.3. - [Release notes](https://github.com/cosmos/gogoproto/releases) - [Changelog](https://github.com/cosmos/gogoproto/blob/main/CHANGELOG.md) - [Commits](cosmos/gogoproto@v1.4.2...v1.4.3) --- updated-dependencies: - dependency-name: github.com/cosmos/gogoproto dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Update authz grant examples * Enable larger wasm bytecode upload for gov proposals (CosmWasm#1095) * Enable larger wasm bytecode upload for gov proposals * Set max proposal wasm code size to 3MB * Bump SDK to v0.45.11 * Fix license head * Fix README header * Bump version go to 1.19 (CosmWasm#1044) * bump go 1.19 * add change log * correct change log * Provide source, builder and codehash information in store code proposal message * Implement source, builder, code_info for StoreAndInstantiateProposal * Apply review recommendations * Make linter happy * Fix tests * Formatting only Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Alexander Peters <alpe@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Giancarlos Salas <giansalex@gmail.com> Co-authored-by: pinosu <95283998+pinosu@users.noreply.github.com> Co-authored-by: GNaD13 <89174180+GNaD13@users.noreply.github.com>
This PR's aim is to standardize contract verification on store code proposals.
On store code proposals, proposal creators usually pass code source, builder and code hash information as a part of the description. Let's move these fields back to proposal content and run a check during store to verify provided hash is correct.