-
Notifications
You must be signed in to change notification settings - Fork 4.5k
adds system instruction to upgrade legacy nonce versions #25789
adds system instruction to upgrade legacy nonce versions #25789
Conversation
7d8e88a
to
077e8e2
Compare
14419a4
to
1f652f1
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is looking good, thanks for plumbing through cli and web3.js! just need to add the account owner check, i think
return Err(InstructionError::InvalidInstructionData); | ||
} | ||
instruction_context.check_number_of_instruction_accounts(1)?; | ||
let mut nonce_account = |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we need to verify that the account owner is the system program here to avoid account confusion vulnerabilities
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done!
Codecov Report
@@ Coverage Diff @@
## master #25789 +/- ##
===========================================
- Coverage 82.1% 75.4% -6.8%
===========================================
Files 628 40 -588
Lines 171471 2345 -169126
Branches 0 338 +338
===========================================
- Hits 140878 1769 -139109
+ Misses 30593 459 -30134
- Partials 0 117 +117 |
3ea2f13
to
9c7a7fc
Compare
9c7a7fc
to
9d46737
Compare
cli/src/nonce.rs
Outdated
) -> ProcessResult { | ||
let latest_blockhash = rpc_client.get_latest_blockhash()?; | ||
let ixs = vec![upgrade_nonce_account(nonce_account)].with_memo(memo); | ||
// TODO what signers? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this comment still needed?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, this code is still in WIP until #25788 is merged.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
removed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm after the todo comment cleanup
cli/src/nonce.rs
Outdated
// TODO: need signers. | ||
signers: CliSigners::default(), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is fine because if CliSigners
is empty, we fall back to the wallet keypair here:
Line 183 in cbb0f07
if signers.is_empty() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
removed todo
@@ -307,6 +307,13 @@ pub enum SystemInstruction { | |||
/// Owner to use to derive the funding account address | |||
from_owner: Pubkey, | |||
}, | |||
|
|||
/// One-time idempotent upgrade of legacy nonce versions in order to bump |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what does this idempotent
refers to? i mean, this instruction impl. errors InstructionError::InvalidArgument
if Current
nonce account (i.e. already upgraded) is given. So, you cannot invoke UpgradeNonceAccount
multiple times successfully, given the same nonce account.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It refers to the nonce account value.
If the instruction is applied multiple times on the same nonce account, the nonce account will not change beyond the first time.
e9f5265
to
2562de1
Compare
2562de1
to
b1b5da1
Compare
let nonce_versions: nonce::state::Versions = nonce_account.get_state()?; | ||
match nonce_versions.upgrade() { | ||
None => Err(InstructionError::InvalidArgument), | ||
Some(nonce_versions) => nonce_account.set_state(&nonce_versions), | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚨 🚨 🚨
The assumptions here are that:
- Any extant system account that has non-zero data and is not a nonce account is invalid.
- Writing to these invalid accounts is fine and won't break anything.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe I didn't see them but would be good to have a test to exercise these assumptions
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe these assumptions come from get_system_account_kind
:
https://github.com/solana-labs/solana/blob/b4bdbb27d/runtime/src/system_instruction_processor.rs#L546-L563
b1b5da1
to
ec261e1
Compare
solana-labs#25788 permanently disables durable transactions with legacy nonce versions which are within chain blockhash domain. This commit adds a new system instruction for a one-time idempotent upgrade of legacy nonce accounts in order to bump them out of chain blockhash domain.
ec261e1
to
5cd72ba
Compare
…#25789) #25788 permanently disables durable transactions with legacy nonce versions which are within chain blockhash domain. This commit adds a new system instruction for a one-time idempotent upgrade of legacy nonce accounts in order to bump them out of chain blockhash domain. (cherry picked from commit b419031) # Conflicts: # runtime/src/system_instruction_processor.rs # sdk/program/src/system_instruction.rs # web3.js/src/system-program.ts
…#25789) #25788 permanently disables durable transactions with legacy nonce versions which are within chain blockhash domain. This commit adds a new system instruction for a one-time idempotent upgrade of legacy nonce accounts in order to bump them out of chain blockhash domain. (cherry picked from commit b419031) # Conflicts: # sdk/program/src/system_instruction.rs # web3.js/src/system-program.ts
…5789) (#25890) * feat(nonce): adds system instruction to upgrade legacy nonce versions (#25789) #25788 permanently disables durable transactions with legacy nonce versions which are within chain blockhash domain. This commit adds a new system instruction for a one-time idempotent upgrade of legacy nonce accounts in order to bump them out of chain blockhash domain. (cherry picked from commit b419031) # Conflicts: # runtime/src/system_instruction_processor.rs # sdk/program/src/system_instruction.rs # web3.js/src/system-program.ts * removes mergify merge conflicts * backport UpgradeNonceAccount Co-authored-by: behzad nouri <behzadnouri@gmail.com>
…5789) (#25891) * feat(nonce): adds system instruction to upgrade legacy nonce versions (#25789) #25788 permanently disables durable transactions with legacy nonce versions which are within chain blockhash domain. This commit adds a new system instruction for a one-time idempotent upgrade of legacy nonce accounts in order to bump them out of chain blockhash domain. (cherry picked from commit b419031) # Conflicts: # sdk/program/src/system_instruction.rs # web3.js/src/system-program.ts * removes mergify merge conflicts * backport UpgradeNonceAccount Co-authored-by: behzad nouri <behzadnouri@gmail.com>
if !separate_nonce_from_blockhash { | ||
return Err(InstructionError::InvalidInstructionData); | ||
} | ||
instruction_context.check_number_of_instruction_accounts(1)?; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
check_number_of_instruction_accounts
is not necessary here as UpgradeNonceAccount
is added as a whole. It was only used for older instructions to keep the error priorities the same without a feature gate.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Though keeping it is consistent with the rest of the instruction processing and might make folks wonder why other places and not here. I would vote to keep it here for consistency with the other instructions and remove them all at once when deemed appropriate.
Problem
#25788
permanently disables durable transactions with legacy nonce versions
which are within chain blockhash domain.
Summary of Changes
This commit adds a new system instruction for a one-time idempotent
upgrade of legacy nonce accounts in order to bump them out of chain
blockhash domain.