Access Controller manifest classifications#140
Conversation
GhenadieVP
changed the title
* Bump IndexMap version (#142) * bump * bump * disable SCCache to validate the CI * Bump crossbeam-channel from 0.5.13 to 0.5.15 (#139) Bumps [crossbeam-channel](https://github.com/crossbeam-rs/crossbeam) from 0.5.13 to 0.5.15. - [Release notes](https://github.com/crossbeam-rs/crossbeam/releases) - [Changelog](https://github.com/crossbeam-rs/crossbeam/blob/master/CHANGELOG.md) - [Commits](crossbeam-rs/crossbeam@crossbeam-channel-0.5.13...crossbeam-channel-0.5.15) --- updated-dependencies: - dependency-name: crossbeam-channel dependency-version: 0.5.15 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* comment all jobs but one * comment rest of workflow * update artifacts jobs to v4 * update * update artifacts actions * specifiy download artifact dir * uncomment all * fix all artifacts steps to v4
Fix Static Analysis Hiccups
| } | ||
| } | ||
|
|
||
| fn is_instruction_permitted(context: InstructionContext<'_>) -> bool { |
There was a problem hiding this comment.
Since we can rely more on the TypedManifestNativeInvocation type we can collapse this entire function into a single matches! statement:
matches!(
context,
InstructionContext::InvocationInstruction {
instruction,
typed_native_invocation: Some(
TypedNativeInvocation {
// Fee payment methods
invocation: TypedManifestNativeInvocation::AccountBlueprintInvocation(AccountBlueprintInvocation::Method(AccountBlueprintMethod::LockFee(..)))
| TypedManifestNativeInvocation::AccountBlueprintInvocation(AccountBlueprintInvocation::Method(AccountBlueprintMethod::LockContingentFee(..)))
| TypedManifestNativeInvocation::AccessControllerBlueprintInvocation(AccessControllerBlueprintInvocation::Method(AccessControllerBlueprintMethod::LockRecoveryFee(..)))
// Recovery methods
| TypedManifestNativeInvocation::AccessControllerBlueprintInvocation(AccessControllerBlueprintInvocation::Method(AccessControllerBlueprintMethod::TimedConfirmRecovery(..))),
..
}
),
..
}
// Only call-method invocations are permitted.
if instruction.belongs_to_invocation_instructions_and(|instruction| instruction.is_call_method_instruction())
);
| ) | ||
| | ( | ||
| Some(GroupedEntityType::AccessControllerEntities(..)), | ||
| ACCESS_CONTROLLER_CREATE_PROOF_IDENT |
There was a problem hiding this comment.
Not sure if this should be allowed when confirming a timed recovery?
There was a problem hiding this comment.
Ditto: consider using the syntax I provided in the previous comment for a simpler way to express what instructions are permitted and what isn't.
There was a problem hiding this comment.
In my understanding this is used for the scenario when the fee payer is a securified account, for which case it is needed to create the proof for locking the fee from the account
There was a problem hiding this comment.
Fair enough, then we should keep it. Consider using the syntax that I mentioned.
crates/radix-engine-toolkit/src/manifest_analysis/classification/access_controller_recovery.rs
Show resolved
Hide resolved
crates/radix-engine-toolkit/src/manifest_analysis/classification/access_controller_recovery.rs
Show resolved
Hide resolved
| ) => true, | ||
| // Recovery idents - starting and confirming | ||
| ( | ||
| Some(GroupedEntityType::AccessControllerEntities(..)), |
There was a problem hiding this comment.
There's some inconsistency between this method and the process_instruction method.
In the process_instruction method you process the instructions which initiate recovery, but not the instructions that confirm, timed confirm, or cancel the recovery proposal. So there's a disconnect between the instructions permitted in this analyzer and the instructions processed by this analyzer which is mostly incorrect.
| Some(GroupedEntityType::AccessControllerEntities(..)), | ||
| ACCESS_CONTROLLER_INITIATE_RECOVERY_AS_PRIMARY_IDENT | ||
| | ACCESS_CONTROLLER_INITIATE_RECOVERY_AS_RECOVERY_IDENT | ||
| | ACCESS_CONTROLLER_QUICK_CONFIRM_PRIMARY_ROLE_RECOVERY_PROPOSAL_IDENT |
There was a problem hiding this comment.
Why is there no ACCESS_CONTROLLER_TIMED_CONFIRM_RECOVERY_IDENT?
There was a problem hiding this comment.
I'll follow the spec doc you have shared, I am not entirely sure if many of these are needed.
There was a problem hiding this comment.
I think that it would be better to do that since it covers all of the methods that should be covered.
| invocation: | ||
| TypedManifestNativeInvocation::AccessControllerBlueprintInvocation( | ||
| AccessControllerBlueprintInvocation::Method( | ||
| AccessControllerBlueprintMethod::InitiateRecoveryAsPrimary(..) |
There was a problem hiding this comment.
Here you process recovery initiation but doesn't process recovery confirmation but you permit recovery confirmation in this analyzer which is incorrect.
What's the purpose of this analyzer? To catch all ACs for which we started recovery? To catch all ACs for which we touch any recovery operation? To catch all ACs for which we confirm recovery? If we be more specific about it's purpose then we can agree on how to implement it best.
There was a problem hiding this comment.
What's the purpose of this analyzer? To catch all ACs for which we started recovery?
Yes. This might analyzer might be a bit specific to Wallet needs, where we do care only to determine the ac for which the recovery is started. Down the line, the Wallet might not even sign this specific manifest, but a different variant based on the user signature flow.
There was a problem hiding this comment.
Yes. This might analyzer might be a bit specific to Wallet needs, where we do care only to determine the ac for which the recovery is started.
If you only want to determine the ACs for which recovery has started, then do you assume that in some of these manifests users will also complete the recovery? Because this would then determine what set of instructions should be permitted or not permitted.
| ( | ||
| Some(GroupedEntityType::AccessControllerEntities(..)), | ||
| ACCESS_CONTROLLER_STOP_TIMED_RECOVERY_IDENT | ||
| | ACCESS_CONTROLLER_CANCEL_PRIMARY_ROLE_RECOVERY_PROPOSAL_IDENT |
There was a problem hiding this comment.
The analyzer is called StopTimedRecovery but we permit these methods. Why? Also, we permit them but don't process them, why?
There was a problem hiding this comment.
it is allowed to perform the stop and cancel the proposal in the same transaction, instead of having separate transaction for stopping the timed recovery and then for cancelling the proposal.
it is not processed given that we do extract the necessary information from the StopTimedRecovery, but I guess there should be at least a validation that stop and cancel refer to the same AC.
| let blueprint_id = | ||
| BlueprintId::new(package_address, blueprint_name); | ||
| let typed_invocation = | ||
| TypedManifestNativeInvocation::from_function_invocation( |
There was a problem hiding this comment.
The typed invocation is already available in the context. You don't need to re-create it again.
| } | ||
| } | ||
|
|
||
| fn is_instruction_permitted(context: InstructionContext<'_>) -> bool { |
There was a problem hiding this comment.
All of the logic in this function can be more succinctly expressed as:
matches!(
context,
InstructionContext::InvocationInstruction {
typed_native_invocation: Some(TypedNativeInvocation {
invocation:
TypedManifestNativeInvocation::AccountBlueprintInvocation(
AccountBlueprintInvocation::Method(
AccountBlueprintMethod::Securify(..)
| AccountBlueprintMethod::CreateProofOfAmount(..)
| AccountBlueprintMethod::CreateProofOfNonFungibles(..)
| AccountBlueprintMethod::LockFee(..)
| AccountBlueprintMethod::LockContingentFee(..)
)
)
| TypedManifestNativeInvocation::IdentityBlueprintInvocation(
IdentityBlueprintInvocation::Method(
IdentityBlueprintMethod::Securify(..)
)
)
| TypedManifestNativeInvocation::AccessControllerBlueprintInvocation(
AccessControllerBlueprintInvocation::Function(
AccessControllerBlueprintFunction::Create(..)
)
| AccessControllerBlueprintInvocation::Method(
AccessControllerBlueprintMethod::CreateProof(..)
)
)
| TypedManifestNativeInvocation::MetadataBlueprintInvocation(
MetadataBlueprintInvocation::Method(
MetadataBlueprintMethod::Set(..)
)
),
..
}),
..
}
| InstructionContext::NonInvocationInstruction {
instruction: GroupedInstruction::ProofInstructions(..)
| GroupedInstruction::TakeFromWorktopInstructions(..)
| GroupedInstruction::AddressAllocationInstructions(
AddressAllocationInstructions::AllocateGlobalAddress(
AllocateGlobalAddress { package_address: ACCESS_CONTROLLER_PACKAGE, .. }
)
),
..
}
);4 participants
Uh oh!
There was an error while loading. Please reload this page.