FM-190: Check relayed bottom-up checkpoints #198
Conversation
aakoshh
force-pushed
the
fm-173-bottom-up-ckpt-msg
branch
from
0503c71
to
b610349
Compare
aakoshh
force-pushed
the
fm-190-check-bottom-up
branch
from
10084c4
to
06e0dc4
Compare
| /// The CID of the original message (assuming here that that's what was signed). | ||
| orig_cid: cid::Cid, | ||
| /// The signature over the original CID. | ||
| signature: Signature, |
There was a problem hiding this comment.
Just to double-check, this is the original signature of the message, right? Should we maybe call it WrappedMessage instead of SyntheticMessage? (weak opinion weakly held, but synthetic seemed like "artificial" to me :) )
There was a problem hiding this comment.
It is an artificial message, that's exactly what I was trying to convey, that it's just a transient technical message to piggy-back on the signature checks and FVM message execution. The construction of the FVM message from the original is synthesising an artificial message that nobody sent.
It's indeed wrapping something but that wouldn't say why; so does the other one after all.
You are correct that signature is the signature over the original message, in particular the CID of the original message.
We could get rid of this if we used FVM messages, in which case instead of synthesising a message in the ChainMessageInterpreter from an IPC specific one, we would parse an FVM message into an IPC message to look for CIDs to resolve.
There was a problem hiding this comment.
I think this is fine for now, and now I understand the rationale behind the name. Thanks!
|
|
||
| pub fn verify(&self, chain_id: &ChainID) -> Result<(), SignedMessageError> { | ||
| let mut data = self.orig_cid.to_bytes(); | ||
| data.extend(chain_id_bytes(chain_id).iter()); |
There was a problem hiding this comment.
I thought the chainID was a prefix instead of a suffix of the message cid. Out of a curiosity, is this Fendermint-specific or Filecoin also does this?
There was a problem hiding this comment.
I have no idea what Filecoin does, I did this in #115
Ethereum seems to play with the signature itself, which seemed so complicated I didn't think we need to replicate it in Fendermint. The ethers library takes care of it for us, but for regular messages I do the suffix. Is prefix safer?
aakoshh
force-pushed
the
fm-190-check-bottom-up
branch
from
06e0dc4
to
1fdbde4
Compare
Closes consensus-shipyard/ipc#314
Depends on #187
Introduces a
VerifiableMessageandSynteticMessagewhich are used to expand the messages handled by theSignedMessageInterpreterto include one that is artificially constructed by the interpreter to make use of existing services.In particular, the signed relayed bottom up checkpoint is turned into an FVM message, with the relayer signature assumed to be over the CID of the relay-message itself. The signature of this synthetic message is verified by the
SignedMessageInterpreterbefore it passes it into the innerFvmMessageInterpreterwhich checks the existence of the relayer account and the nonce.The PR adds missing gas fields to the relayed message.