Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Provide source, builder and codehash information in store code proposal message #1072

Merged
merged 20 commits into from
Nov 22, 2022

Conversation

orkunkl
Copy link
Contributor

@orkunkl orkunkl commented Nov 2, 2022

This PR's aim is to standardize contract verification on store code proposals.
On store code proposals, proposal creators usually pass code source, builder and code hash information as a part of the description. Let's move these fields back to proposal content and run a check during store to verify provided hash is correct.

@orkunkl orkunkl requested a review from alpe as a code owner November 2, 2022 06:35
}

func (m *StoreCodeProposal) Reset() { *m = StoreCodeProposal{} }
func (*StoreCodeProposal) ProtoMessage() {}
func (*StoreCodeProposal) Descriptor() ([]byte, []int) {
return fileDescriptor_be6422d717c730cb, []int{0}
}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've used make proto-gen to generate proto code. All proto files had these formatting changes, reverted them.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please use make proto-all which also runs the formatter (make format)

@codecov
Copy link

codecov bot commented Nov 2, 2022

Codecov Report

Merging #1072 (049ce58) into main (e6f5149) will increase coverage by 0.14%.
The diff coverage is 55.04%.

❗ Current head 049ce58 differs from pull request most recent head 36c921e. Consider uploading reports for the commit 36c921e to get more accurate results

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #1072      +/-   ##
==========================================
+ Coverage   59.80%   59.94%   +0.14%     
==========================================
  Files          54       54              
  Lines        7306     7373      +67     
==========================================
+ Hits         4369     4420      +51     
- Misses       2621     2632      +11     
- Partials      316      321       +5     
Impacted Files Coverage Δ
x/wasm/client/cli/tx.go 22.94% <ø> (ø)
x/wasm/keeper/proposal_handler.go 64.44% <33.33%> (-1.47%) ⬇️
x/wasm/client/cli/gov_tx.go 13.90% <50.00%> (+6.93%) ⬆️
x/wasm/types/proposal.go 55.33% <50.00%> (-0.20%) ⬇️
x/wasm/types/validation.go 87.50% <69.23%> (-12.50%) ⬇️
x/wasm/types/test_fixtures.go 93.61% <75.00%> (-1.16%) ⬇️
app/app.go 88.14% <0.00%> (-0.40%) ⬇️
app/test_helpers.go 0.80% <0.00%> (+0.01%) ⬆️
x/wasm/keeper/keeper.go 87.71% <0.00%> (+0.31%) ⬆️
x/wasm/keeper/relay.go 97.67% <0.00%> (+1.20%) ⬆️
... and 2 more

Copy link
Contributor

@alpe alpe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for bringing this topic up and this very nice PR 💐

I think validators have a hard time to verify a StoreCodeProposal currently. Providing additional data for this process can help with to build better tooling on the client side.
Nevertheless the data needs to be specified well and be verified, so that the expectations for everybody are the same.

We also need to support a transition period (on the server side) where fields are empty to not break execution of existing in flight proposals.

if err != nil {
return err
}

if !bytes.Equal(checksum, p.CodeHash) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There may be in flight proposals without this data. It would be good to not enforce the check when p.CodeHash is empty

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you got me wrong. if !bytes.Equal(checksum, p.CodeHash) makes a lot of sense and ensures consistency of the proposal. Please add it back but with a if p.CodeHash != nil && !bytes.Equal(checksum, p.CodeHash) so that it works for old in flight proposals (without the new fields) , too.

@@ -113,6 +113,16 @@ func (p StoreCodeProposal) ValidateBasic() error {
return sdkerrors.Wrap(err, "instantiate permission")
}
}

if len(p.Source) == 0 {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As mentioned above, these fields should be optional on the server side to support a transition period for in flight proposals.
But there is no problem to enforce checks on the CLI before submitting a proposal.
There can be stronger constraints on the expected data (when set).

args: []string{"--source=bar", "--builder=foo"},
expErr: true,
},
"happy path": {
Copy link
Contributor Author

@orkunkl orkunkl Nov 8, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am getting an error here that I could not solve.
The hash generated on 76th line and in parseStoreCodeArgs do not match. I decided to not get stuck and ask help from your elven 👀 @alpe here.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have commented on parseStoreCodeArgs which contains a 🐛

@orkunkl orkunkl requested a review from alpe November 8, 2022 15:16
Copy link
Contributor

@alpe alpe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the updates but I think updating the TX and gen-messages should be discussed first, given the negative experience on chain in the past. Let's have an issue for them and fully focus on the gov store proposal here to get it into v0.30 if possible

proto/cosmwasm/wasm/v1/proposal.proto Show resolved Hide resolved
@@ -41,7 +41,16 @@ message MsgStoreCode {
// InstantiatePermission access control to apply on contract creation,
// optional
AccessConfig instantiate_permission = 5;
// Source is a valid absolute HTTPS URI to the contract's source code,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The original intend as I understood it, was to add this metadata to the gov process where it made sense for me. Not sure about the TX though as they were not used proper in the past. Let's focus on the gov process in this PR and open a ticket for the TX to discuss, if you like.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Makes sense 👍

x/wasm/client/cli/genesis_msg.go Outdated Show resolved Hide resolved
x/wasm/client/cli/gov_tx.go Outdated Show resolved Hide resolved
x/wasm/client/cli/tx.go Outdated Show resolved Hide resolved
x/wasm/client/cli/tx.go Outdated Show resolved Hide resolved
x/wasm/client/cli/tx_test.go Outdated Show resolved Hide resolved
x/wasm/client/cli/tx_test.go Outdated Show resolved Hide resolved
args: []string{"--source=bar", "--builder=foo"},
expErr: true,
},
"happy path": {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have commented on parseStoreCodeArgs which contains a 🐛

"happy path": {
args: []string{"--source=bar", "--builder=foo", "--code-hash=" + checksumStr},
expErr: false,
},
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add a case where the source file is zipped so that you are not running into a problem when comparing the hash

@alpe
Copy link
Contributor

alpe commented Nov 11, 2022

fyi: @pinosu is working on the StoreAndInstantiateProposal that would also benefit from the new fields
Do you need help with the implementation?

@orkunkl
Copy link
Contributor Author

orkunkl commented Nov 15, 2022

@alpe I got carried away with other tasks, I will finish this today/tomorrow thanks!

@orkunkl orkunkl force-pushed the store-prop-codehash-check branch from 50904e6 to b102cfa Compare November 15, 2022 11:32
@orkunkl orkunkl force-pushed the store-prop-codehash-check branch from b102cfa to 477e8d9 Compare November 15, 2022 11:48
@orkunkl orkunkl force-pushed the store-prop-codehash-check branch from 477e8d9 to 151d18e Compare November 15, 2022 11:57
@orkunkl orkunkl requested a review from alpe November 16, 2022 08:38
Copy link
Contributor

@alpe alpe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the updates. Good progress! 🤾‍♂️
As I had mentioned before, I would like to have some good data validation on the new fields (when set) so that we ensure they won't break clients easily.

Also the StoreAndInstantiateContractProposal was merged to main meanwhile. This proposal would require the fields as well

go.mod Show resolved Hide resolved
x/wasm/types/proposal.go Show resolved Hide resolved
x/wasm/client/cli/tx.go Show resolved Hide resolved
x/wasm/simulation/proposals.go Show resolved Hide resolved
x/wasm/client/cli/gov_tx.go Outdated Show resolved Hide resolved
x/wasm/client/cli/gov_tx.go Outdated Show resolved Hide resolved
orkunkl and others added 12 commits November 19, 2022 14:23
Co-authored-by: Alexander Peters <alpe@users.noreply.github.com>
Bumps [github.com/cosmos/gogoproto](https://github.com/cosmos/gogoproto) from 1.4.2 to 1.4.3.
- [Release notes](https://github.com/cosmos/gogoproto/releases)
- [Changelog](https://github.com/cosmos/gogoproto/blob/main/CHANGELOG.md)
- [Commits](cosmos/gogoproto@v1.4.2...v1.4.3)

---
updated-dependencies:
- dependency-name: github.com/cosmos/gogoproto
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
* Enable larger wasm bytecode upload for gov proposals

* Set max proposal wasm code size to 3MB
* bump go 1.19

* add change log

* correct change log
@orkunkl
Copy link
Contributor Author

orkunkl commented Nov 21, 2022

Maybe best to wrap source, builder and code hash information under VerificationInfo and treat them as one pack?

@orkunkl orkunkl requested a review from alpe November 21, 2022 11:14
@alpe
Copy link
Contributor

alpe commented Nov 22, 2022

@Mergifyio rebase

alpe added 2 commits November 22, 2022 14:58
* main:
  Upgrade to IBC v4.2.0 with interchain-accounts v0.2.4 (#1088)
@sonarcloud
Copy link

sonarcloud bot commented Nov 22, 2022

SonarCloud Quality Gate failed.    Quality Gate failed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 9 Code Smells

No Coverage information No Coverage information
34.8% 34.8% Duplication

Copy link
Contributor

@alpe alpe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very good work! Thanks for applying all my requests. 🥇
I am looking forward to see some client side tooling that makes use of the new fields. Great innovation 👍

x/wasm/client/cli/gov_tx.go Show resolved Hide resolved
x/wasm/keeper/proposal_handler.go Show resolved Hide resolved
x/wasm/keeper/proposal_handler.go Show resolved Hide resolved
// if any set require others to be set
if len(source) != 0 || len(builder) != 0 || codeHash != nil {
if source == "" {
return fmt.Errorf("source is required")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit:

Suggested change
return fmt.Errorf("source is required")
return ErrEmpty.Wrap("source:)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The sdk package comes with some nice error support. Next time, please use them instead

@alpe alpe merged commit a589fe9 into main Nov 22, 2022
@alpe alpe deleted the store-prop-codehash-check branch November 22, 2022 14:14
NoahSaso pushed a commit to NoahSaso/wasmd that referenced this pull request Dec 2, 2022
…proposal message (CosmWasm#1072)

* Provide source, builder and codehash information in store code proposal message

* Make linter happy

* Update x/wasm/simulation/proposals.go

Co-authored-by: Alexander Peters <alpe@users.noreply.github.com>

* Update x/wasm/client/cli/gov_tx.go

* Update x/wasm/client/cli/gov_tx.go

* Bump github.com/cosmos/gogoproto from 1.4.2 to 1.4.3

Bumps [github.com/cosmos/gogoproto](https://github.com/cosmos/gogoproto) from 1.4.2 to 1.4.3.
- [Release notes](https://github.com/cosmos/gogoproto/releases)
- [Changelog](https://github.com/cosmos/gogoproto/blob/main/CHANGELOG.md)
- [Commits](cosmos/gogoproto@v1.4.2...v1.4.3)

---
updated-dependencies:
- dependency-name: github.com/cosmos/gogoproto
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update authz grant examples

* Enable larger wasm bytecode upload for gov proposals (CosmWasm#1095)

* Enable larger wasm bytecode upload for gov proposals

* Set max proposal wasm code size to 3MB

* Bump SDK to v0.45.11

* Fix license head

* Fix README header

* Bump version go to 1.19 (CosmWasm#1044)

* bump go 1.19

* add change log

* correct change log

* Provide source, builder and codehash information in store code proposal message

* Implement source, builder, code_info for StoreAndInstantiateProposal

* Apply review recommendations

* Make linter happy

* Fix tests

* Formatting only

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Alexander Peters <alpe@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Giancarlos Salas <giansalex@gmail.com>
Co-authored-by: pinosu <95283998+pinosu@users.noreply.github.com>
Co-authored-by: GNaD13 <89174180+GNaD13@users.noreply.github.com>
@faddat
Copy link
Contributor

faddat commented Dec 10, 2022

Incredibly important work. Thank you!

Magicloud pushed a commit to fpco/wasmd that referenced this pull request Jan 13, 2023
…proposal message (CosmWasm#1072)

* Provide source, builder and codehash information in store code proposal message

* Make linter happy

* Update x/wasm/simulation/proposals.go

Co-authored-by: Alexander Peters <alpe@users.noreply.github.com>

* Update x/wasm/client/cli/gov_tx.go

* Update x/wasm/client/cli/gov_tx.go

* Bump github.com/cosmos/gogoproto from 1.4.2 to 1.4.3

Bumps [github.com/cosmos/gogoproto](https://github.com/cosmos/gogoproto) from 1.4.2 to 1.4.3.
- [Release notes](https://github.com/cosmos/gogoproto/releases)
- [Changelog](https://github.com/cosmos/gogoproto/blob/main/CHANGELOG.md)
- [Commits](cosmos/gogoproto@v1.4.2...v1.4.3)

---
updated-dependencies:
- dependency-name: github.com/cosmos/gogoproto
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update authz grant examples

* Enable larger wasm bytecode upload for gov proposals (CosmWasm#1095)

* Enable larger wasm bytecode upload for gov proposals

* Set max proposal wasm code size to 3MB

* Bump SDK to v0.45.11

* Fix license head

* Fix README header

* Bump version go to 1.19 (CosmWasm#1044)

* bump go 1.19

* add change log

* correct change log

* Provide source, builder and codehash information in store code proposal message

* Implement source, builder, code_info for StoreAndInstantiateProposal

* Apply review recommendations

* Make linter happy

* Fix tests

* Formatting only

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Alexander Peters <alpe@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Giancarlos Salas <giansalex@gmail.com>
Co-authored-by: pinosu <95283998+pinosu@users.noreply.github.com>
Co-authored-by: GNaD13 <89174180+GNaD13@users.noreply.github.com>
conorpp pushed a commit to wormhole-foundation/wasmd that referenced this pull request Feb 1, 2023
…proposal message (CosmWasm#1072)

* Provide source, builder and codehash information in store code proposal message

* Make linter happy

* Update x/wasm/simulation/proposals.go

Co-authored-by: Alexander Peters <alpe@users.noreply.github.com>

* Update x/wasm/client/cli/gov_tx.go

* Update x/wasm/client/cli/gov_tx.go

* Bump github.com/cosmos/gogoproto from 1.4.2 to 1.4.3

Bumps [github.com/cosmos/gogoproto](https://github.com/cosmos/gogoproto) from 1.4.2 to 1.4.3.
- [Release notes](https://github.com/cosmos/gogoproto/releases)
- [Changelog](https://github.com/cosmos/gogoproto/blob/main/CHANGELOG.md)
- [Commits](cosmos/gogoproto@v1.4.2...v1.4.3)

---
updated-dependencies:
- dependency-name: github.com/cosmos/gogoproto
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update authz grant examples

* Enable larger wasm bytecode upload for gov proposals (CosmWasm#1095)

* Enable larger wasm bytecode upload for gov proposals

* Set max proposal wasm code size to 3MB

* Bump SDK to v0.45.11

* Fix license head

* Fix README header

* Bump version go to 1.19 (CosmWasm#1044)

* bump go 1.19

* add change log

* correct change log

* Provide source, builder and codehash information in store code proposal message

* Implement source, builder, code_info for StoreAndInstantiateProposal

* Apply review recommendations

* Make linter happy

* Fix tests

* Formatting only

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Alexander Peters <alpe@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Giancarlos Salas <giansalex@gmail.com>
Co-authored-by: pinosu <95283998+pinosu@users.noreply.github.com>
Co-authored-by: GNaD13 <89174180+GNaD13@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants