// Copyright (C) Parity Technologies (UK) Ltd. // This file is part of Parity Bridges Common. // Parity Bridges Common is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // Parity Bridges Common is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with Parity Bridges Common. If not, see . use crate::{Config, GrandpaPalletOf, Pallet, RelayBlockHash, RelayBlockNumber}; use bp_header_chain::HeaderChain; use bp_parachains::BestParaHeadHash; use bp_polkadot_core::parachains::{ParaHash, ParaId}; use bp_runtime::OwnedBridgeModule; use frame_support::{ dispatch::CallableCallFor, traits::{Get, IsSubType}, }; use pallet_bridge_grandpa::SubmitFinalityProofHelper; use sp_runtime::{ transaction_validity::{InvalidTransaction, TransactionValidity, ValidTransaction}, RuntimeDebug, }; /// Info about a `SubmitParachainHeads` call which tries to update a single parachain. #[derive(PartialEq, RuntimeDebug)] pub struct SubmitParachainHeadsInfo { /// Number and hash of the finalized relay block that has been used to prove parachain /// finality. pub at_relay_block: (RelayBlockNumber, RelayBlockHash), /// Parachain identifier. pub para_id: ParaId, /// Hash of the bundled parachain head. pub para_head_hash: ParaHash, /// If `true`, then the call must be free (assuming that everything else is valid) to /// be treated as valid. pub is_free_execution_expected: bool, } /// Helper struct that provides methods for working with the `SubmitParachainHeads` call. pub struct SubmitParachainHeadsHelper, I: 'static> { _phantom_data: sp_std::marker::PhantomData<(T, I)>, } impl, I: 'static> SubmitParachainHeadsHelper { /// Check that is called from signed extension and takes the `is_free_execution_expected` /// into account. pub fn is_obsolete_from_extension(update: &SubmitParachainHeadsInfo) -> bool { // first do all base checks let (is_obsolete, improved_by) = Self::is_obsolete(update); if is_obsolete { return true; } // if we don't expect free execution - no more checks if !update.is_free_execution_expected { return false; } // reject if no more free slots remaining in the block if !SubmitFinalityProofHelper::::can_import_anything_for_free() { log::trace!( target: crate::LOG_TARGET, "The free parachain {:?} head can't be updated: no more free slots \ left in the block.", update.para_id, ); return true; } // reject if we are importing parachain headers too often if let Some(free_headers_interval) = T::FreeHeadersInterval::get() { let reject = improved_by < free_headers_interval; if reject { log::trace!( target: crate::LOG_TARGET, "The free parachain {:?} head can't be updated: it improves previous best head by {} while at least {} is expected.", update.para_id, improved_by, free_headers_interval, ); } reject } else { // free headers interval is not configured and call is expected to execute // for free => reject it log::trace!( target: crate::LOG_TARGET, "The free parachain {:?} head can't be updated: free interval is not \ configured in the runtime.", update.para_id, ); true } } /// Check if the para head provided by the `SubmitParachainHeads` is better than the best one /// we know. pub fn is_obsolete(update: &SubmitParachainHeadsInfo) -> (bool, RelayBlockNumber) { // check if we know better parachain head already let improved_by = match crate::ParasInfo::::get(update.para_id) { Some(stored_best_head) => { let improved_by = match update .at_relay_block .0 .checked_sub(stored_best_head.best_head_hash.at_relay_block_number) { Some(improved_by) if improved_by != 0 => improved_by, _ => { log::trace!( target: crate::LOG_TARGET, "The parachain head can't be updated. The parachain head for {:?} \ was already updated at better relay chain block {} >= {}.", update.para_id, stored_best_head.best_head_hash.at_relay_block_number, update.at_relay_block.0 ); return (true, 0) }, }; if stored_best_head.best_head_hash.head_hash == update.para_head_hash { log::trace!( target: crate::LOG_TARGET, "The parachain head can't be updated. The parachain head hash for {:?} \ was already updated to {} at block {} < {}.", update.para_id, update.para_head_hash, stored_best_head.best_head_hash.at_relay_block_number, update.at_relay_block.0 ); return (true, 0) } improved_by }, None => RelayBlockNumber::MAX, }; // let's check if our chain had no reorgs and we still know the relay chain header // used to craft the proof if GrandpaPalletOf::::finalized_header_state_root(update.at_relay_block.1).is_none() { log::trace!( target: crate::LOG_TARGET, "The parachain {:?} head can't be updated. Relay chain header {}/{} used to create \ parachain proof is missing from the storage.", update.para_id, update.at_relay_block.0, update.at_relay_block.1, ); return (true, 0) } (false, improved_by) } /// Check if the `SubmitParachainHeads` was successfully executed. pub fn was_successful(update: &SubmitParachainHeadsInfo) -> bool { match crate::ParasInfo::::get(update.para_id) { Some(stored_best_head) => stored_best_head.best_head_hash == BestParaHeadHash { at_relay_block_number: update.at_relay_block.0, head_hash: update.para_head_hash, }, None => false, } } } /// Trait representing a call that is a sub type of this pallet's call. pub trait CallSubType, I: 'static>: IsSubType, T>> { /// Create a new instance of `SubmitParachainHeadsInfo` from a `SubmitParachainHeads` call with /// one single parachain entry. fn one_entry_submit_parachain_heads_info(&self) -> Option { match self.is_sub_type() { Some(crate::Call::::submit_parachain_heads { ref at_relay_block, ref parachains, .. }) => match ¶chains[..] { &[(para_id, para_head_hash)] => Some(SubmitParachainHeadsInfo { at_relay_block: *at_relay_block, para_id, para_head_hash, is_free_execution_expected: false, }), _ => None, }, Some(crate::Call::::submit_parachain_heads_ex { ref at_relay_block, ref parachains, is_free_execution_expected, .. }) => match ¶chains[..] { &[(para_id, para_head_hash)] => Some(SubmitParachainHeadsInfo { at_relay_block: *at_relay_block, para_id, para_head_hash, is_free_execution_expected: *is_free_execution_expected, }), _ => None, }, _ => None, } } /// Create a new instance of `SubmitParachainHeadsInfo` from a `SubmitParachainHeads` call with /// one single parachain entry, if the entry is for the provided parachain id. fn submit_parachain_heads_info_for(&self, para_id: u32) -> Option { self.one_entry_submit_parachain_heads_info() .filter(|update| update.para_id.0 == para_id) } /// Validate parachain heads in order to avoid "mining" transactions that provide /// outdated bridged parachain heads. Without this validation, even honest relayers /// may lose their funds if there are multiple relays running and submitting the /// same information. /// /// This validation only works with transactions that are updating single parachain /// head. We can't use unbounded validation - it may take too long and either break /// block production, or "eat" significant portion of block production time literally /// for nothing. In addition, the single-parachain-head-per-transaction is how the /// pallet will be used in our environment. fn check_obsolete_submit_parachain_heads(&self) -> TransactionValidity where Self: Sized, { let update = match self.one_entry_submit_parachain_heads_info() { Some(update) => update, None => return Ok(ValidTransaction::default()), }; if Pallet::::ensure_not_halted().is_err() { return InvalidTransaction::Call.into() } if SubmitParachainHeadsHelper::::is_obsolete_from_extension(&update) { return InvalidTransaction::Stale.into() } Ok(ValidTransaction::default()) } } impl CallSubType for T::RuntimeCall where T: Config, T::RuntimeCall: IsSubType, T>>, { } #[cfg(test)] mod tests { use crate::{ mock::{run_test, RuntimeCall, TestRuntime}, CallSubType, PalletOperatingMode, ParaInfo, ParasInfo, RelayBlockHash, RelayBlockNumber, }; use bp_header_chain::StoredHeaderData; use bp_parachains::BestParaHeadHash; use bp_polkadot_core::parachains::{ParaHash, ParaHeadsProof, ParaId}; use bp_runtime::BasicOperatingMode; fn validate_submit_parachain_heads( num: RelayBlockNumber, parachains: Vec<(ParaId, ParaHash)>, ) -> bool { RuntimeCall::Parachains(crate::Call::::submit_parachain_heads { at_relay_block: (num, [num as u8; 32].into()), parachains, parachain_heads_proof: ParaHeadsProof { storage_proof: Vec::new() }, }) .check_obsolete_submit_parachain_heads() .is_ok() } fn insert_relay_block(num: RelayBlockNumber) { pallet_bridge_grandpa::ImportedHeaders::::insert( RelayBlockHash::from([num as u8; 32]), StoredHeaderData { number: num, state_root: RelayBlockHash::from([10u8; 32]) }, ); } fn sync_to_relay_header_10() { ParasInfo::::insert( ParaId(1), ParaInfo { best_head_hash: BestParaHeadHash { at_relay_block_number: 10, head_hash: [1u8; 32].into(), }, next_imported_hash_position: 0, }, ); } #[test] fn extension_rejects_header_from_the_obsolete_relay_block() { run_test(|| { // when current best finalized is #10 and we're trying to import header#5 => tx is // rejected sync_to_relay_header_10(); assert!(!validate_submit_parachain_heads(5, vec![(ParaId(1), [1u8; 32].into())])); }); } #[test] fn extension_rejects_header_from_the_same_relay_block() { run_test(|| { // when current best finalized is #10 and we're trying to import header#10 => tx is // rejected sync_to_relay_header_10(); assert!(!validate_submit_parachain_heads(10, vec![(ParaId(1), [1u8; 32].into())])); }); } #[test] fn extension_rejects_header_from_new_relay_block_with_same_hash() { run_test(|| { // when current best finalized is #10 and we're trying to import header#10 => tx is // rejected sync_to_relay_header_10(); assert!(!validate_submit_parachain_heads(20, vec![(ParaId(1), [1u8; 32].into())])); }); } #[test] fn extension_rejects_header_if_pallet_is_halted() { run_test(|| { // when pallet is halted => tx is rejected sync_to_relay_header_10(); PalletOperatingMode::::put(BasicOperatingMode::Halted); assert!(!validate_submit_parachain_heads(15, vec![(ParaId(1), [2u8; 32].into())])); }); } #[test] fn extension_accepts_new_header() { run_test(|| { // when current best finalized is #10 and we're trying to import header#15 => tx is // accepted sync_to_relay_header_10(); insert_relay_block(15); assert!(validate_submit_parachain_heads(15, vec![(ParaId(1), [2u8; 32].into())])); }); } #[test] fn extension_accepts_if_more_than_one_parachain_is_submitted() { run_test(|| { // when current best finalized is #10 and we're trying to import header#5, but another // parachain head is also supplied => tx is accepted sync_to_relay_header_10(); assert!(validate_submit_parachain_heads( 5, vec![(ParaId(1), [1u8; 32].into()), (ParaId(2), [1u8; 32].into())] )); }); } #[test] fn extension_rejects_initial_parachain_head_if_missing_relay_chain_header() { run_test(|| { // when relay chain header is unknown => "obsolete" assert!(!validate_submit_parachain_heads(10, vec![(ParaId(1), [1u8; 32].into())])); // when relay chain header is unknown => "ok" insert_relay_block(10); assert!(validate_submit_parachain_heads(10, vec![(ParaId(1), [1u8; 32].into())])); }); } #[test] fn extension_rejects_free_parachain_head_if_missing_relay_chain_header() { run_test(|| { sync_to_relay_header_10(); // when relay chain header is unknown => "obsolete" assert!(!validate_submit_parachain_heads(15, vec![(ParaId(2), [15u8; 32].into())])); // when relay chain header is unknown => "ok" insert_relay_block(15); assert!(validate_submit_parachain_heads(15, vec![(ParaId(2), [15u8; 32].into())])); }); } }