Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

how to grant limited authority to save contract upgrade materials? #8378

Open
dckc opened this issue Sep 23, 2023 · 2 comments
Open

how to grant limited authority to save contract upgrade materials? #8378

dckc opened this issue Sep 23, 2023 · 2 comments
Assignees
@michaelfig
Labels
contract-upgrade cosmic-swingset package: cosmic-swingset enhancement New feature or request mn2 Issue related to a MN2 dapp needs-design security

Comments

@dckc
Copy link
Member

dckc commented Sep 23, 2023

What is the Problem Being Solved?

In a permit for a core-eval, we have items such as contractKits and zone that can be used to store adminFacet durably. But they also grant access to all creator facets of all other contracts. In order to save privateArgs, we can use instancePrivateArgs, but that grants tremendous authority as well.

Description of the Design

TBD

@michaelfig and @turadg have kicked around some ideas.

Security / Upgrade Considerations

This is all about granting the least authority that a core-eval needs in order to preserve materials for later upgrade.

Scaling Considerations

not much

Test Plan

?
@dckc dckc added enhancement New feature or request cosmic-swingset package: cosmic-swingset needs-design contract-upgrade mn2 Issue related to a MN2 dapp labels Sep 23, 2023
@dckc dckc mentioned this issue Sep 23, 2023
Closed
This was referenced Nov 3, 2023
Closed
Merged
@dckc
Copy link
Member Author

dckc commented Nov 30, 2023

potential solution permits that attenuate collections such as instancePrivateArgs

 "instancePrivateArgsPart": {
    "myContract": true
  }

cc @raphdev

@dckc dckc mentioned this issue Nov 30, 2023
Open
@dckc dckc added the security label Nov 30, 2023
@dckc dckc mentioned this issue Dec 1, 2023
Draft
2 tasks
This was referenced Dec 1, 2023
Open
Closed
@dckc
Copy link
Member Author

dckc commented Jan 23, 2024

In #8786, I just added:

Read/write access to the whole vatStore is excess authority; we only need access to read one of its entries, not authority to scribble over all the others and upgrade all the other vats.

I expect proposals to upgrade non-contract vats to only come from Agoric OpCo for the forseeable future, so that seems less risky than things like contractKits and instancePrivateArgs.

cc @raphdev

@dckc dckc mentioned this issue Oct 2, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@michaelfig michaelfig

Labels
contract-upgrade cosmic-swingset package: cosmic-swingset enhancement New feature or request mn2 Issue related to a MN2 dapp needs-design security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dckc @michaelfig