Support dedicated lanes for pallets #962
Conversation
svyatonik
force-pushed
the
pass-message-send-origin-to-verify-message
branch
from
7ee6e51
to
e641a1f
Compare
My understanding is that any pallet may declare its own origin (using
The trait is a way to keep using existing generic code (instant payments), which was previously using The simpler option would be to use |
There was a problem hiding this comment.
My understanding is that any pallet may declare its own origin (using #[pallet::origin]). All origins (including the one from frame_system) are then merged into final runtime-specific Origin. So when origin comes to message lane verifier/message payment components, they'll need to know at least two things:
I see it totally makes sense, I didn't connect the dots. Looks good to me!
| /// The call is originated by the token swap account. | ||
| TokenSwap { | ||
| /// Id of the account that has started the swap. | ||
| source_account_at_this_chain: AccountId, |
There was a problem hiding this comment.
This field isn't used now anywhere deployments, but if this pallet will ever end up in some real-chain && we'll want to filter it by the token-swap originator, then we may use this field in the filter. Could remove on demand
|
@svyatonik shall we merge? |
I've been asking this on Riot couple of weeks ago :) It won't be audited, and imo it deserves audit. So probably not now? Or we'll have some dedicated release branch without this PR merged in? |
tomusdrw
added
the
PR-onice
Sorry, must have missed it or forgot. Sounds good, let's wait and branch out when we are ready to go live and after that merge to master. |
|
We've branched out |
Let's not merge any needsaudit PRs related to existing pallets until we'll have a strict audit solution+policy. Like before opening |
svyatonik
added
PR-audited
* Fix mandatory headers scanning in on-demand relay (#1306) * more logging in on-demand headerss * remove `maximal_headers_difference` concept from on-demand-relay * another leftover from previous on-demand version * removed extra log * fmt * increase relay balance guard limits for Polkadot<>Kusama bridge (#1308) * fix benchmarks before using it in Polkadot/Kusama/Rococo runtimes (#1309) * Endow relayer account at target chain in message benchmarks (#1310) * endow relayer account at target chain in message benchmarks * pick another line * expose fee multiplier metrics in messages relay (#1312) * Fix issues from cargo deny (#1311) * update libp2p-core (RUSTSEC-2022-0009) * update thread_local (RUSTSEC-2022-0006) * time 0.2 -> time 0.3 * ignore RUSTSEC-2021-0130 * proper migration to time 0.3 * fix clippy? * Revert "fix clippy?" This reverts commit 53bc289. * Add some tests to check integrity of chain constants + bridge configuration (#1316) * add some tests to check integrity of chain constants + bridge configuration * try to use named parameters where possible * Encode and estimate Rococo/Wococo/Kusama/Polkadot messages (#1322) * encode and estimate Rococo/Wococo/Kusama/Polkadot messages * allow send-message for non-bundled chains * weight -> dispatch-weight * fmt * fix spelling * impl Decode for SignedExtensions (otherwise transaction resubmitter panicks) (#1325) * use mortal transactions in transaction resubmitter (#1326) * Using-same-fork metric for finality and complex relay (#1327) * using_same_fork metric in finality relay * support `using_different_forks` in messages relay * added dashboards and alerts * lockfile * fix typo in alert expression (#1329) * removed extra *_RUNTIME_VERSION consts from relay code (#1330) * Reinitialize bridge relay subcommand (#1331) * reinitialize bridge subcommand * PolkadotToKusama in reinit-bridge * fix clippy issues (#1332) * Revert "Revert "override conversion rate in estimate-message-fee RPC (#1189)" (#1275)" (#1333) This reverts commit ed7def6. * Override conversion rate when computing message fee (#1261) * override conversion rate when message is sent * spelling + fmt * add --conversion-rate-override cli option * try to read conversion rate from cmd output * fix output * fmt * fi typo in generator script (#1334) * override conversion rate in tokens swap generator (#1335) * fix conversion rate override in token swap (#1336) * synchronize relay cli changes and token swap generator script (#1337) * fixed mess with conversion rates (#1338) * fix generator scripts to be consistent with updatedrelay output (#1339) * Increase rate from metric when estimating fee (#1340) * ignore errors when dumping logs and container is missing * fixed typo * print correct payload length * increase conversion rate a bit when estimating fee (to avoid message rejects when rate update tx is active) * fmt * fix conversion rate metric in dashboards (#1341) * get rid of '[No Data] Messages from Millau to Rialto are not being delivered' warnings (#1342) * use DecodeLimit when decoding incoming calls (#1344) * update regex to 1.5.5 (#1345) * edition = "2021" (#1346) * Mortal conversion rate updater transactions (#1257) * merge all similar update_conversion_rate functions * stall timeout in conversion rate update loop * fmt * fix * added alerts for relay balances (#1347) * replace From<>InboundLaneApi with direct storage reads (#1348) * added no_stack_overflow_when_decoding_nested_call_during_dispatch test (#1349) * ignore more "increase" alerts that are sometimes signalling NoData at startup (#1351) * Support dedicated lanes for pallets (#962) * pass call origin to the message verifier * is_outbound_lane_enabled -> is_message_accepted * trait SenderOrigin * only accept messages from token swap pallet to token swap lane * tests for edge cases of pay_delivery_and_dispatch_fee * fixed origin verification * fmt * fix benchmarks compilation * fix TODO with None account and non-zero message fee (already covered by tests) * revert cargo fmt changes temporarily * Update Substrate/Polkadot/Cumulus references (#1353) * cumulus: 4e95228 polkadot: 975e780ae0d988dc033f400ba822d14b326ee5b9 substrate: 89fcb3e4f62d221d4e161a437768e77d6265889e * fix refs * sync changes from paritytech/polkadot#3828 * sync changes from paritytech/polkadot#4387 * sync changes from paritytech/polkadot#3940 * sync with changes from paritytech/polkadot#4493 * sync with changes from paritytech/polkadot#4958 * sync with changes from paritytech/polkadot#3889 * sync with changes from paritytech/polkadot#5033 * sync with changes from paritytech/polkadot#5065 * compilation fixes * fixed prometheus endpoint startup (it now requires to be spawned within tokio context) * update chain versions (#1358) * update parity-scale-codec to 3.1.2 (#1359) * fix parse_transaction on Rialto+Millau (#1360)
* pass call origin to the message verifier * is_outbound_lane_enabled -> is_message_accepted * trait SenderOrigin * only accept messages from token swap pallet to token swap lane * tests for edge cases of pay_delivery_and_dispatch_fee * fixed origin verification * fmt * fix benchmarks compilation * fix TODO with None account and non-zero message fee (already covered by tests) * revert cargo fmt changes temporarily
* pass call origin to the message verifier * is_outbound_lane_enabled -> is_message_accepted * trait SenderOrigin * only accept messages from token swap pallet to token swap lane * tests for edge cases of pay_delivery_and_dispatch_fee * fixed origin verification * fmt * fix benchmarks compilation * fix TODO with None account and non-zero message fee (already covered by tests) * revert cargo fmt changes temporarily
Initial concept of the lane was that single application will use single lane (now we have two generic lanes in test deployments, though). While working on #944 I've found that the current set of messages integration APIs doesn't allow us to have lanes dedicated to runtime pallets. So if we have pallet (in this context: application) that is going to use messages pallet to send messages, then we can't verify (in the
LaneMessageVerifier) that the message is actually sent by the pallet (not by the regular user).Why this is important? In #935 I've introduced at-source-chain-callback for processing messages dispatch result. This callback is something like
fn on_messages_dispatched(lane: LaneId, dispatch_results: MessageDispatchResults) {}. If the token-swap pallet (from #944 that uses this callback) would use existing generic lanes (0x00000000 or 0x00000001), then implementation of this callback won't be trivial - it'll need to check if every dispatched message is actually token-swap pallet message (=> extra storage read for every message) before doing something useful. If we'll have lane, dedicated to this pallet, then the implementation won't need to do this check (because it'll hasif lane != T::OutboundLaneId::get() { return }) && will only deal with its own messages.I've started this back in the April && just opening this PR for visibility now. If you guys think it makes sense to support such 'dedicated' lanes, then I'll continue to work on this after #935 is accepted. If this is not required - I'll just close the PR. Probably after review of #935 , something will change - I just didn't want to lose this code.
The alternative solutions I've considered:
enum SendOrigin { External(AccountId), Root, Internal }in messages integration APIs. But then I've found that pallets may define their own origins && I've decided to use it - it seems to be the proper way;frame_system::RawOrigin::None- so it'll mean that the message is sent by the runtime itself. But this is super-confusing.