Skip to content
  • Gavin Wood's avatar
    FRAME: Create `TransactionExtension` as a replacement for `SignedExtension` (#2280) · fd5f9292
    Gavin Wood authored
    
    
    Closes #2160
    
    First part of [Extrinsic
    Horizon](https://github.com/paritytech/polkadot-sdk/issues/2415)
    
    Introduces a new trait `TransactionExtension` to replace
    `SignedExtension`. Introduce the idea of transactions which obey the
    runtime's extensions and have according Extension data (né Extra data)
    yet do not have hard-coded signatures.
    
    Deprecate the terminology of "Unsigned" when used for
    transactions/extrinsics owing to there now being "proper" unsigned
    transactions which obey the extension framework and "old-style" unsigned
    which do not. Instead we have __*General*__ for the former and
    __*Bare*__ for the latter. (Ultimately, the latter will be phased out as
    a type of transaction, and Bare will only be used for Inherents.)
    
    Types of extrinsic are now therefore:
    - Bare (no hardcoded signature, no Extra data; used to be known as
    "Unsigned")
    - Bare transactions (deprecated): Gossiped, validated with
    `ValidateUnsigned` (deprecated) and the `_bare_compat` bits of
    `TransactionExtension` (deprecated).
      - Inherents: Not gossiped, validated with `ProvideInherent`.
    - Extended (Extra data): Gossiped, validated via `TransactionExtension`.
      - Signed transactions (with a hardcoded signature).
      - General transactions (without a hardcoded signature).
    
    `TransactionExtension` differs from `SignedExtension` because:
    - A signature on the underlying transaction may validly not be present.
    - It may alter the origin during validation.
    - `pre_dispatch` is renamed to `prepare` and need not contain the checks
    present in `validate`.
    - `validate` and `prepare` is passed an `Origin` rather than a
    `AccountId`.
    - `validate` may pass arbitrary information into `prepare` via a new
    user-specifiable type `Val`.
    - `AdditionalSigned`/`additional_signed` is renamed to
    `Implicit`/`implicit`. It is encoded *for the entire transaction* and
    passed in to each extension as a new argument to `validate`. This
    facilitates the ability of extensions to acts as underlying crypto.
    
    There is a new `DispatchTransaction` trait which contains only default
    function impls and is impl'ed for any `TransactionExtension` impler. It
    provides several utility functions which reduce some of the tedium from
    using `TransactionExtension` (indeed, none of its regular functions
    should now need to be called directly).
    
    Three transaction version discriminator ("versions") are now
    permissible:
    - 0b000000100: Bare (used to be called "Unsigned"): contains Signature
    or Extra (extension data). After bare transactions are no longer
    supported, this will strictly identify an Inherents only.
    - 0b100000100: Old-school "Signed" Transaction: contains Signature and
    Extra (extension data).
    - 0b010000100: New-school "General" Transaction: contains Extra
    (extension data), but no Signature.
    
    For the New-school General Transaction, it becomes trivial for authors
    to publish extensions to the mechanism for authorizing an Origin, e.g.
    through new kinds of key-signing schemes, ZK proofs, pallet state,
    mutations over pre-authenticated origins or any combination of the
    above.
    
    ## Code Migration
    
    ### NOW: Getting it to build
    
    Wrap your `SignedExtension`s in `AsTransactionExtension`. This should be
    accompanied by renaming your aggregate type in line with the new
    terminology. E.g. Before:
    
    ```rust
    /// The SignedExtension to the basic transaction logic.
    pub type SignedExtra = (
    	/* snip */
    	MySpecialSignedExtension,
    );
    /// Unchecked extrinsic type as expected by this runtime.
    pub type UncheckedExtrinsic =
    	generic::UncheckedExtrinsic<Address, RuntimeCall, Signature, SignedExtra>;
    ```
    
    After:
    
    ```rust
    /// The extension to the basic transaction logic.
    pub type TxExtension = (
    	/* snip */
    	AsTransactionExtension<MySpecialSignedExtension>,
    );
    /// Unchecked extrinsic type as expected by this runtime.
    pub type UncheckedExtrinsic =
    	generic::UncheckedExtrinsic<Address, RuntimeCall, Signature, TxExtension>;
    ```
    
    You'll also need to alter any transaction building logic to add a
    `.into()` to make the conversion happen. E.g. Before:
    
    ```rust
    fn construct_extrinsic(
    		/* snip */
    ) -> UncheckedExtrinsic {
    	let extra: SignedExtra = (
    		/* snip */
    		MySpecialSignedExtension::new(/* snip */),
    	);
    	let payload = SignedPayload::new(call.clone(), extra.clone()).unwrap();
    	let signature = payload.using_encoded(|e| sender.sign(e));
    	UncheckedExtrinsic::new_signed(
    		/* snip */
    		Signature::Sr25519(signature),
    		extra,
    	)
    }
    ```
    
    After:
    
    ```rust
    fn construct_extrinsic(
    		/* snip */
    ) -> UncheckedExtrinsic {
    	let tx_ext: TxExtension = (
    		/* snip */
    		MySpecialSignedExtension::new(/* snip */).into(),
    	);
    	let payload = SignedPayload::new(call.clone(), tx_ext.clone()).unwrap();
    	let signature = payload.using_encoded(|e| sender.sign(e));
    	UncheckedExtrinsic::new_signed(
    		/* snip */
    		Signature::Sr25519(signature),
    		tx_ext,
    	)
    }
    ```
    
    ### SOON: Migrating to `TransactionExtension`
    
    Most `SignedExtension`s can be trivially converted to become a
    `TransactionExtension`. There are a few things to know.
    
    - Instead of a single trait like `SignedExtension`, you should now
    implement two traits individually: `TransactionExtensionBase` and
    `TransactionExtension`.
    - Weights are now a thing and must be provided via the new function `fn
    weight`.
    
    #### `TransactionExtensionBase`
    
    This trait takes care of anything which is not dependent on types
    specific to your runtime, most notably `Call`.
    
    - `AdditionalSigned`/`additional_signed` is renamed to
    `Implicit`/`implicit`.
    - Weight must be returned by implementing the `weight` function. If your
    extension is associated with a pallet, you'll probably want to do this
    via the pallet's existing benchmarking infrastructure.
    
    #### `TransactionExtension`
    
    Generally:
    - `pre_dispatch` is now `prepare` and you *should not reexecute the
    `validate` functionality in there*!
    - You don't get an account ID any more; you get an origin instead. If
    you need to presume an account ID, then you can use the trait function
    `AsSystemOriginSigner::as_system_origin_signer`.
    - You get an additional ticket, similar to `Pre`, called `Val`. This
    defines data which is passed from `validate` into `prepare`. This is
    important since you should not be duplicating logic from `validate` to
    `prepare`, you need a way of passing your working from the former into
    the latter. This is it.
    - This trait takes two type parameters: `Call` and `Context`. `Call` is
    the runtime call type which used to be an associated type; you can just
    move it to become a type parameter for your trait impl. `Context` is not
    currently used and you can safely implement over it as an unbounded
    type.
    - There's no `AccountId` associated type any more. Just remove it.
    
    Regarding `validate`:
    - You get three new parameters in `validate`; all can be ignored when
    migrating from `SignedExtension`.
    - `validate` returns a tuple on success; the second item in the tuple is
    the new ticket type `Self::Val` which gets passed in to `prepare`. If
    you use any information extracted during `validate` (off-chain and
    on-chain, non-mutating) in `prepare` (on-chain, mutating) then you can
    pass it through with this. For the tuple's last item, just return the
    `origin` argument.
    
    Regarding `prepare`:
    - This is renamed from `pre_dispatch`, but there is one change:
    - FUNCTIONALITY TO VALIDATE THE TRANSACTION NEED NOT BE DUPLICATED FROM
    `validate`!!
    - (This is different to `SignedExtension` which was required to run the
    same checks in `pre_dispatch` as in `validate`.)
    
    Regarding `post_dispatch`:
    - Since there are no unsigned transactions handled by
    `TransactionExtension`, `Pre` is always defined, so the first parameter
    is `Self::Pre` rather than `Option<Self::Pre>`.
    
    If you make use of `SignedExtension::validate_unsigned` or
    `SignedExtension::pre_dispatch_unsigned`, then:
    - Just use the regular versions of these functions instead.
    - Have your logic execute in the case that the `origin` is `None`.
    - Ensure your transaction creation logic creates a General Transaction
    rather than a Bare Transaction; this means having to include all
    `TransactionExtension`s' data.
    - `ValidateUnsigned` can still be used (for now) if you need to be able
    to construct transactions which contain none of the extension data,
    however these will be phased out in stage 2 of the Transactions Horizon,
    so you should consider moving to an extension-centric design.
    
    ## TODO
    
    - [x] Introduce `CheckSignature` impl of `TransactionExtension` to
    ensure it's possible to have crypto be done wholly in a
    `TransactionExtension`.
    - [x] Deprecate `SignedExtension` and move all uses in codebase to
    `TransactionExtension`.
      - [x] `ChargeTransactionPayment`
      - [x] `DummyExtension`
      - [x] `ChargeAssetTxPayment` (asset-tx-payment)
      - [x] `ChargeAssetTxPayment` (asset-conversion-tx-payment)
      - [x] `CheckWeight`
      - [x] `CheckTxVersion`
      - [x] `CheckSpecVersion`
      - [x] `CheckNonce`
      - [x] `CheckNonZeroSender`
      - [x] `CheckMortality`
      - [x] `CheckGenesis`
      - [x] `CheckOnlySudoAccount`
      - [x] `WatchDummy`
      - [x] `PrevalidateAttests`
      - [x] `GenericSignedExtension`
      - [x] `SignedExtension` (chain-polkadot-bulletin)
      - [x] `RefundSignedExtensionAdapter`
    - [x] Implement `fn weight` across the board.
    - [ ] Go through all pre-existing extensions which assume an account
    signer and explicitly handle the possibility of another kind of origin.
    - [x] `CheckNonce` should probably succeed in the case of a non-account
    origin.
    - [x] `CheckNonZeroSender` should succeed in the case of a non-account
    origin.
    - [x] `ChargeTransactionPayment` and family should fail in the case of a
    non-account origin.
      - [ ] 
    - [x] Fix any broken tests.
    
    ---------
    
    Signed-off-by: default avatargeorgepisaltu <[email protected]>
    Signed-off-by: default avatarAlexandru Vasile <[email protected]>
    Signed-off-by: default avatardependabot[bot] <[email protected]>
    Signed-off-by: default avatarOliver Tale-Yazdi <[email protected]>
    Signed-off-by: default avatarAlexandru Gheorghe <[email protected]>
    Signed-off-by: default avatarAndrei Sandu <[email protected]>
    Co-authored-by: default avatarNikhil Gupta <[email protected]>
    Co-authored-by: default avatargeorgepisaltu <[email protected]>
    Co-authored-by: default avatarChevdor <[email protected]>
    Co-authored-by: default avatarBastian Köcher <[email protected]>
    Co-authored-by: default avatarMaciej <[email protected]>
    Co-authored-by: default avatarJavier Viola <[email protected]>
    Co-authored-by: default avatarMarcin S. <[email protected]>
    Co-authored-by: default avatarTsvetomir Dimitrov <[email protected]>
    Co-authored-by: default avatarJavier Bullrich <[email protected]>
    Co-authored-by: default avatarKoute <[email protected]>
    Co-authored-by: default avatarAdrian Catangiu <[email protected]>
    Co-authored-by: Vladimir Istyufeev's avatarVladimir Istyufeev <[email protected]>
    Co-authored-by: default avatarRoss Bulat <[email protected]>
    Co-authored-by: default avatarGonçalo Pestana <[email protected]>
    Co-authored-by: default avatarLiam Aharon <[email protected]>
    Co-authored-by: default avatarSvyatoslav Nikolsky <[email protected]>
    Co-authored-by: default avatarAndré Silva <[email protected]>
    Co-authored-by: default avatarOliver Tale-Yazdi <[email protected]>
    Co-authored-by: default avatars0me0ne-unkn0wn <[email protected]>
    Co-authored-by: default avatarordian <[email protected]>
    Co-authored-by: default avatarSebastian Kunert <[email protected]>
    Co-authored-by: default avatarAaro Altonen <[email protected]>
    Co-authored-by: default avatarDmitry Markin <[email protected]>
    Co-authored-by: default avatarAlexandru Vasile <[email protected]>
    Co-authored-by: default avatarAlexander Samusev <[email protected]>
    Co-authored-by: default avatarJulian Eager <[email protected]>
    Co-authored-by: default avatarMichal Kucharczyk <[email protected]>
    Co-authored-by: default avatarDavide Galassi <[email protected]>
    Co-authored-by: default avatarDónal Murray <[email protected]>
    Co-authored-by: default avataryjh <[email protected]>
    Co-authored-by: default avatarTom Mi <[email protected]>
    Co-authored-by: default avatardependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    Co-authored-by: default avatarWill | Paradox | ParaNodes.io <[email protected]>
    Co-authored-by: default avatarBastian Köcher <[email protected]>
    Co-authored-by: default avatarJoshy Orndorff <[email protected]>
    Co-authored-by: default avatarJoshy Orndorff <[email protected]>
    Co-authored-by: default avatarPG Herveou <[email protected]>
    Co-authored-by: default avatarAlexander Theißen <[email protected]>
    Co-authored-by: default avatarKian Paimani <[email protected]>
    Co-authored-by: default avatarJuan Girini <[email protected]>
    Co-authored-by: default avatarbader y <[email protected]>
    Co-authored-by: default avatarJames Wilson <[email protected]>
    Co-authored-by: default avatarjoe petrowski <[email protected]>
    Co-authored-by: default avatarasynchronous rob <[email protected]>
    Co-authored-by: default avatarParth <[email protected]>
    Co-authored-by: default avatarAndrew Jones <[email protected]>
    Co-authored-by: default avatarJonathan Udd <[email protected]>
    Co-authored-by: default avatarSerban Iorga <[email protected]>
    Co-authored-by: default avatarEgor_P <[email protected]>
    Co-authored-by: default avatarBranislav Kontur <[email protected]>
    Co-authored-by: default avatarEvgeny Snitko <[email protected]>
    Co-authored-by: default avatarJust van Stam <[email protected]>
    Co-authored-by: default avatarFrancisco Aguirre <[email protected]>
    Co-authored-by: default avatargupnik <[email protected]>
    Co-authored-by: default avatardzmitry-lahoda <[email protected]>
    Co-authored-by: default avatarzhiqiangxu <[email protected]>
    Co-authored-by: default avatarNazar Mokrynskyi <[email protected]>
    Co-authored-by: default avatarAnwesh <[email protected]>
    Co-authored-by: default avatarcheme <[email protected]>
    Co-authored-by: default avatarSam Johnson <[email protected]>
    Co-authored-by: default avatarkianenigma <[email protected]>
    Co-authored-by: default avatarJegor Sidorenko <[email protected]>
    Co-authored-by: default avatarMuharem <[email protected]>
    Co-authored-by: default avatarjoepetrowski <[email protected]>
    Co-authored-by: default avatarAlexandru Gheorghe <[email protected]>
    Co-authored-by: default avatarGabriel Facco de Arruda <[email protected]>
    Co-authored-by: default avatarSquirrel <[email protected]>
    Co-authored-by: default avatarAndrei Sandu <[email protected]>
    Co-authored-by: default avatargeorgepisaltu <[email protected]>
    Co-authored-by: command-bot <>
    fd5f9292