Add remote proxy support to AH Kusama #535
Conversation
I will also port it there. I wanted to include it in the next release if possible. People are having more and more these problems of proxies not being on AH and similar. This pallet could solve the issue without requiring a root referendum (we already had one and another is prepared AFAIK). |
Co-authored-by: Xiliang Chen <xlchen1291@gmail.com>
bkchr
changed the title
|
I'd be more comfortable if we also did a security audit for this before adding it to live Polkadot AssetHub |
The scope of the changes is quite narrow. Doing some proper review should be fine. The only difference to the real |
bkchr
changed the title
|
Okay removed the Polkadot integration for now. It can come later after the audit. |
|
Any chance the people chains can also be included while we're at it? This would help change the identity of pure proxies. |
There was a problem hiding this comment.
This means remove proxy is only fully effective after MaxStorageRootsToKeep blocks. It could be possible to construct some attack based on this behaivour. We should at very minimal document and communicate this change to ensure people are aware of the consequence.
We could ask the UI to display a warning to user when they are trying to remove a proxy indicating the account still have permission on other chain for X blocks.
Another way is somehow be able to blacklist this account for X blocks.
I mean I have documented it. Or where should I document this? |
Co-authored-by: Xiliang Chen <xlchen1291@gmail.com>
|
#441 we haven't figured out the whole process yet. I see a changelog entry but it does not have the warning. No one really read doc comments. |
What kind of warning should there be? I mean users will not see this changelog and would not understand it either. For them nothing breaks, this is more about telling UI builders to show this warning? And they hopefully read the docs to understand on how to implement it? We can also reduce the "keep alive" timer to 1 minute. Should still be enough time to build the proof and get it included. |
|
If the keep alive timer is only 1 minute then I wouldn't worry about it too much. Still mention it changelog will be nice, which I expect UI builders to read and think about it. |
| @@ -38,12 +38,15 @@ use assets_common::{ | |||
| }; | |||
| use cumulus_pallet_parachain_system::RelayNumberMonotonicallyIncreases; | |||
| use cumulus_primitives_core::{AggregateMessageOrigin, ParaId}; | |||
| use kusama_runtime_constants::time::MINUTES; | |||
There was a problem hiding this comment.
how about alias like RC_MINUTES? very easy to confuse with local MINUTES
| ) -> Option<ProxyDefinition<AccountId, ProxyType, BlockNumber>> { | ||
| let proxy_type = match a.proxy_type { | ||
| kusama_runtime_constants::proxy::ProxyType::Any => ProxyType::Any, | ||
| kusama_runtime_constants::proxy::ProxyType::NonTransfer => ProxyType::NonTransfer, |
There was a problem hiding this comment.
non transfer on two chains are very different. I think the initial idea was to let this for Any type.
There was a problem hiding this comment.
In what way they are different? The point being that you can not do any transfers. For me that is exactly the same on every chain.
pallets/remote-proxy/src/weight.rs
Outdated
|
|
||
| impl WeightInfo for () { | ||
| fn remote_proxy_with_registered_proof() -> Weight { | ||
| Weight::zero() |
| @@ -0,0 +1,70 @@ | |||
| [package] | |||
| name = "pallet-remote-proxy" | |||
There was a problem hiding this comment.
Is it a good idea to add the pallet here, instead of the sdk (or separate repo)? In particular, having it here prevents us from using it on Westend, Rococo and Versi.
There was a problem hiding this comment.
Disregard, was already asked.
|
/cmd bench --pallet pallet_remote_proxy |
|
Command "bench --pallet pallet_remote_proxy" has started 🚀 See logs here |
|
Command "bench --pallet pallet_remote_proxy" has finished ✅ See logs here |
|
/cmd bench --pallet pallet_remote_proxy |
|
Command "bench --pallet pallet_remote_proxy" has started 🚀 See logs here |
|
Command "bench --pallet pallet_remote_proxy" has finished ✅ See logs here |
This adds remote proxy support to AssetHub on Polkadot and Kusama. Currently it is configured only to support using proxies registered on the relay chain to work on AssetHub. In the future this can be expanded.