refactor: checking mech and requester staking validity #37
Conversation
kupermind
commented
Aug 23, 2024
kupermind
commented
- Checking mech and requester staking validity.
| interface IMechMarketplace { | ||
| /// @dev Sets mech registration status. | ||
| /// @param mech Mech address. | ||
| /// @param status True, if registered, false otherwise. | ||
| function setMechRegistrationStatus(address mech, bool status) external; | ||
| } |
There was a problem hiding this comment.
No need to register mech in the marketplace anymore.
| function setMechRegistrationStatus(address mech, bool status) external; | ||
|
|
There was a problem hiding this comment.
No need to register mechs in the marketplace now.
| enum RequestStatus { | ||
| DoesNotExist, | ||
| Requested, | ||
| Delivered | ||
| } | ||
|
|
||
| // Agent mech version number | ||
| string public constant VERSION = "1.1.0"; | ||
| // Domain separator type hash | ||
| bytes32 public constant DOMAIN_SEPARATOR_TYPE_HASH = | ||
| keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)"); | ||
| // Original domain separator value | ||
| bytes32 public immutable domainSeparator; | ||
| // Original chain Id | ||
| uint256 public immutable chainId; |
There was a problem hiding this comment.
Reverted back the logic for when agent mechs process requests not via a marketplace
There was a problem hiding this comment.
request Ids must be unique and not intersect with the Marketplace ones.
| // Map of request counts for corresponding addresses | ||
| mapping(address => uint256) public mapRequestCounts; | ||
| // Map of delivery counts for corresponding addresses | ||
| mapping(address => uint256) public mapDeliveryCounts; |
There was a problem hiding this comment.
Adding actual delivery counts tracking.
| // Mapping of account nonces | ||
| mapping(address => uint256) public mapNonces; |
There was a problem hiding this comment.
Needed for local requests.
|
|
||
| /// @dev Changes mech marketplace address. | ||
| /// @param newMechMarketplace New mech marketplace address. | ||
| function changeMechMarketplace(address newMechMarketplace) external onlyOperator { |
There was a problem hiding this comment.
Not needed anymore, we stick to the specified marketplace, otherwise things become super convoluted. If there is a need to change the marketplace, makes sense to create another mech.
| /// @notice This function ultimately calls mech marketplace contract to finalize the delivery. | ||
| /// @param requestId Request id. | ||
| /// @param data Self-descriptive opaque data-blob. | ||
| function _deliver(uint256 requestId, bytes memory data) internal returns (bytes memory requestData) { |
There was a problem hiding this comment.
Extracted into an internal function - such that we can separate external local delivery (without a marketplace) and delivery via a marketplace
| /// @dev Registers a request without a marketplace. | ||
| /// @param data Self-descriptive opaque data-blob. | ||
| /// @return requestId Request Id. | ||
| function request(bytes memory data) external payable returns (uint256 requestId) { |
There was a problem hiding this comment.
Requests are also separated into local requests and requests via a marketplace.
| // Decrease the total number of requests by this mech | ||
| mapRequestsCounts[account]--; | ||
| numTotalRequests--; |
There was a problem hiding this comment.
We don't decrease the number of requests now, leave them for statistics and possible karma. The more valuable agent mech will be the one that has fewer requests than deliveries, meaning it was not asked as a priority mech a lot, but it kept delivering instead of priority mechs.
contracts/AgentMech.sol
Outdated
| /// @param requestId Request id. | ||
| /// @param data Self-descriptive opaque data-blob. | ||
| /// @param mechServiceId Mech operator service Id. | ||
| function deliverMarketplace(uint256 requestId, bytes memory data, uint256 mechServiceId) external onlyOperator { |
There was a problem hiding this comment.
When delivering via a marketplace, the mech needs to provide its service Id in order to validate in the marketplace. Discussed with Ardian, he said it should be very easy to do. We could also figure out each specific mech's service Id, but it would take O(n) operations.
contracts/MechMarketplace.sol
Outdated
| // Minimum response time | ||
| uint256 public immutable minResponseTimeout; | ||
| // Maximum response time | ||
| uint256 public immutable maxResponseTimeout; | ||
| // Approved mech bytecode hash | ||
| bytes32 public immutable mechBytecodeHash; |
There was a problem hiding this comment.
These are becoming immutable such that the contract is not ownable.
contracts/MechMarketplace.sol
Outdated
| // Maximum response time | ||
| uint256 public immutable maxResponseTimeout; | ||
| // Approved mech bytecode hash | ||
| bytes32 public immutable mechBytecodeHash; |
There was a problem hiding this comment.
Specifying mech contract bytecode hash this marketplace is going to work with in order to help avoid malicious mechs.
There was a problem hiding this comment.
Hm, I see, this answers my question below. But this also means the marketplace is static wrt to mechs.
What exact exploit are we preventing with this?
There was a problem hiding this comment.
We have elaborated on this already, changing in the next PR to deal with the staking factory verification for both mech and trader staking contracts.
| uint256 priorityMechServiceId, | ||
| uint256 responseTimeout, | ||
| address requesterStakingInstance, | ||
| uint256 requesterServiceId |
There was a problem hiding this comment.
In order to check the priority mech validity and requester services validity (aka traders), their service Ids need to be supplied. Also, for the requester the corresponding service staking instance is needed.
contracts/AgentMech.sol
Outdated
| /// @dev Delivers a request. | ||
| /// @param requestId Request id. | ||
| /// @param requestData Self-descriptive opaque data-blob. | ||
| function deliver(uint256 requestId, bytes memory requestData) external; | ||
| /// @param deliveryMechServiceId Mech operator service Id. | ||
| function deliverMarketplace(uint256 requestId, bytes memory requestData, uint256 deliveryMechServiceId) external; |
There was a problem hiding this comment.
So a delivering mech could pass as the deliveryMechServiceId someone else's id ..
There was a problem hiding this comment.
I found below that we are applying checks ..
contracts/MechMarketplace.sol
Outdated
| /// @param mechServiceId Mech operator service Id. | ||
| function checkMech(address mech, uint256 mechServiceId) public view { | ||
| // Check that the mech address corresponds to the authorized bytecode hash | ||
| bytes32 mechHash = keccak256(mech.code); |
There was a problem hiding this comment.
what are we checking here exactly?
There was a problem hiding this comment.
Going to be obsolete
| // Agent mech itself cannot post a request | ||
| if (mapMechRegistrations[msg.sender]) { | ||
| revert UnauthorizedAccount(msg.sender); | ||
| } |
There was a problem hiding this comment.
why was this dropped?
There was a problem hiding this comment.
Discussed, mech marketplace is going to be ownerless, and mech registration is not needed, as all the validity is based on the staking factory verification.
contracts/MechMarketplace.sol
Outdated
| if (msg.sender == mech && status) { | ||
| revert UnauthorizedAccount(msg.sender); | ||
| // Check if the mech service is staked | ||
| IStaking.StakingState state = IStaking(mechStakingInstance).getStakingState(mechServiceId); |
There was a problem hiding this comment.
why are we not making mechStakingInstance an argument in this method? It seems this is now scoped to a single hardcoded mechStakingInstance.
There was a problem hiding this comment.
Not relevant anymore as part of the ongoing PR.
| /// @param _karmaProxy Karma proxy contract address. | ||
| /// @param _minResponseTimeout Min response time in sec. | ||
| /// @param _maxResponseTimeout Max response time in sec. | ||
| constructor(address _factory, address _karmaProxy, uint256 _minResponseTimeout, uint256 _maxResponseTimeout) { | ||
| /// @param _agentMechBytecodeHash Approved agent mech bytecode hash. | ||
| constructor( |
There was a problem hiding this comment.
why is factor no longer needed?
There was a problem hiding this comment.
The factory will be needed again, but not the mech factory :)
contracts/MechMarketplace.sol
Outdated
| // Maximum response time | ||
| uint256 public immutable maxResponseTimeout; | ||
| // Approved mech bytecode hash | ||
| bytes32 public immutable mechBytecodeHash; |
There was a problem hiding this comment.
Hm, I see, this answers my question below. But this also means the marketplace is static wrt to mechs.
What exact exploit are we preventing with this?
| enum RequestStatus { | ||
| DoesNotExist, | ||
| Requested, | ||
| Delivered | ||
| } | ||
|
|
||
| // Agent mech version number | ||
| string public constant VERSION = "1.1.0"; | ||
| // Domain separator type hash | ||
| bytes32 public constant DOMAIN_SEPARATOR_TYPE_HASH = | ||
| keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)"); | ||
| // Original domain separator value | ||
| bytes32 public immutable domainSeparator; | ||
| // Original chain Id | ||
| uint256 public immutable chainId; |
refactor: staking factory to check mech and requester staking instances
