From 5d1de9979971a9abbbe85875daa8169846e25cfd Mon Sep 17 00:00:00 2001
From: Branislav Kontur <bkontur@gmail.com>
Date: Tue, 4 Jul 2023 17:18:26 +0200
Subject: [PATCH] BridgeHub subtree update (#2820)
* BH subtree master -> polkadot-staging by default
* Squashed 'bridges/' changes from c9dd8b9dfc..0417308a48
0417308a48 Update docs (#2242)
1a0d3b55f3 Nits for subtree (#2241)
18fca2e122 Ensure that the origin is signed for submit_parachain_heads and submit_finality_proof calls (#2239)
fab51067e7 minor doc fix (#2207)
4feb721d32 backport cumulus changes to polkadot-staging (#2167)
433741942a fix testnet argocd deploy (#2151) (#2152)
ff9eadc7dc Updated BHR/W version + codegen (#2148)
git-subtree-dir: bridges
git-subtree-split: 0417308a489096979ed3e08d0f8caafbfca6e7e9
* Fix deps
---
cumulus/bridges/modules/grandpa/src/lib.rs | 22 +++++++++++++++-
cumulus/bridges/modules/parachains/src/lib.rs | 26 +++++++++++++++++--
.../chain-bridge-hub-cumulus/src/lib.rs | 4 +++
.../primitives/header-chain/Cargo.toml | 2 +-
.../bridges/primitives/messages/Cargo.toml | 2 +-
.../bridges/primitives/parachains/Cargo.toml | 2 +-
.../primitives/polkadot-core/Cargo.toml | 2 +-
.../bridges/primitives/relayers/Cargo.toml | 2 +-
cumulus/bridges/primitives/runtime/Cargo.toml | 2 +-
cumulus/scripts/bridges_update_subtree.sh | 2 +-
10 files changed, 56 insertions(+), 10 deletions(-)
diff --git a/cumulus/bridges/modules/grandpa/src/lib.rs b/cumulus/bridges/modules/grandpa/src/lib.rs
index 10b60878302..f9c3ab68a06 100644
--- a/cumulus/bridges/modules/grandpa/src/lib.rs
+++ b/cumulus/bridges/modules/grandpa/src/lib.rs
@@ -176,11 +176,12 @@ pub mod pallet {
justification.votes_ancestries.len().saturated_into(),
))]
pub fn submit_finality_proof(
- _origin: OriginFor<T>,
+ origin: OriginFor<T>,
finality_target: Box<BridgedHeader<T, I>>,
justification: GrandpaJustification<BridgedHeader<T, I>>,
) -> DispatchResultWithPostInfo {
Self::ensure_not_halted().map_err(Error::<T, I>::BridgeModule)?;
+ ensure_signed(origin)?;
let (hash, number) = (finality_target.hash(), *finality_target.number());
log::trace!(
@@ -1414,4 +1415,23 @@ mod tests {
fn maybe_headers_to_keep_returns_correct_value() {
assert_eq!(MaybeHeadersToKeep::<TestRuntime, ()>::get(), Some(mock::HeadersToKeep::get()));
}
+
+ #[test]
+ fn submit_finality_proof_requires_signed_origin() {
+ run_test(|| {
+ initialize_substrate_bridge();
+
+ let header = test_header(1);
+ let justification = make_default_justification(&header);
+
+ assert_noop!(
+ Pallet::<TestRuntime>::submit_finality_proof(
+ RuntimeOrigin::root(),
+ Box::new(header),
+ justification,
+ ),
+ DispatchError::BadOrigin,
+ );
+ })
+ }
}
diff --git a/cumulus/bridges/modules/parachains/src/lib.rs b/cumulus/bridges/modules/parachains/src/lib.rs
index b17b52163d8..52b436b8207 100644
--- a/cumulus/bridges/modules/parachains/src/lib.rs
+++ b/cumulus/bridges/modules/parachains/src/lib.rs
@@ -307,12 +307,13 @@ pub mod pallet {
parachains.len() as _,
))]
pub fn submit_parachain_heads(
- _origin: OriginFor<T>,
+ origin: OriginFor<T>,
at_relay_block: (RelayBlockNumber, RelayBlockHash),
parachains: Vec<(ParaId, ParaHash)>,
parachain_heads_proof: ParaHeadsProof,
) -> DispatchResultWithPostInfo {
Self::ensure_not_halted().map_err(Error::<T, I>::BridgeModule)?;
+ ensure_signed(origin)?;
// we'll need relay chain header to verify that parachains heads are always increasing.
let (relay_block_number, relay_block_hash) = at_relay_block;
@@ -417,7 +418,7 @@ pub mod pallet {
});
// we're refunding weight if update has not happened and if pruning has not happened
- let is_update_happened = matches!(update_result, Ok(_));
+ let is_update_happened = update_result.is_ok();
if !is_update_happened {
actual_weight = actual_weight.saturating_sub(
WeightInfoOf::<T, I>::parachain_head_storage_write_weight(
@@ -1579,4 +1580,25 @@ pub(crate) mod tests {
Some(mock::TOTAL_PARACHAINS * mock::HeadsToKeep::get()),
);
}
+
+ #[test]
+ fn submit_finality_proof_requires_signed_origin() {
+ run_test(|| {
+ let (state_root, proof, parachains) =
+ prepare_parachain_heads_proof::<RegularParachainHeader>(vec![(1, head_data(1, 0))]);
+
+ initialize(state_root);
+
+ // `submit_parachain_heads()` should fail when the pallet is halted.
+ assert_noop!(
+ Pallet::<TestRuntime>::submit_parachain_heads(
+ RuntimeOrigin::root(),
+ (0, test_relay_header(0, state_root).hash()),
+ parachains,
+ proof,
+ ),
+ DispatchError::BadOrigin
+ );
+ })
+ }
}
diff --git a/cumulus/bridges/primitives/chain-bridge-hub-cumulus/src/lib.rs b/cumulus/bridges/primitives/chain-bridge-hub-cumulus/src/lib.rs
index 78a98a42a66..8ff096d077f 100644
--- a/cumulus/bridges/primitives/chain-bridge-hub-cumulus/src/lib.rs
+++ b/cumulus/bridges/primitives/chain-bridge-hub-cumulus/src/lib.rs
@@ -124,9 +124,13 @@ pub type Address = MultiAddress<AccountId, ()>;
// `ensure_able_to_receive_confirmation` test.
/// Maximal number of unrewarded relayer entries at inbound lane for Cumulus-based parachains.
+/// Note: this value is security-relevant, decreasing it should not be done without careful
+/// analysis (like the one above).
pub const MAX_UNREWARDED_RELAYERS_IN_CONFIRMATION_TX: MessageNonce = 1024;
/// Maximal number of unconfirmed messages at inbound lane for Cumulus-based parachains.
+/// Note: this value is security-relevant, decreasing it should not be done without careful
+/// analysis (like the one above).
pub const MAX_UNCONFIRMED_MESSAGES_IN_CONFIRMATION_TX: MessageNonce = 4096;
/// Extra signed extension data that is used by all bridge hubs.
diff --git a/cumulus/bridges/primitives/header-chain/Cargo.toml b/cumulus/bridges/primitives/header-chain/Cargo.toml
index 32f81315537..962d262d571 100644
--- a/cumulus/bridges/primitives/header-chain/Cargo.toml
+++ b/cumulus/bridges/primitives/header-chain/Cargo.toml
@@ -9,7 +9,7 @@ license = "GPL-3.0-or-later WITH Classpath-exception-2.0"
[dependencies]
codec = { package = "parity-scale-codec", version = "3.1.5", default-features = false }
finality-grandpa = { version = "0.16.2", default-features = false }
-scale-info = { version = "2.6.0", default-features = false, features = ["derive"] }
+scale-info = { version = "2.9.0", default-features = false, features = ["derive"] }
serde = { version = "1.0", default-features = false, features = ["alloc", "derive"] }
# Bridge dependencies
diff --git a/cumulus/bridges/primitives/messages/Cargo.toml b/cumulus/bridges/primitives/messages/Cargo.toml
index cc439a55ae2..ecb0bdc4079 100644
--- a/cumulus/bridges/primitives/messages/Cargo.toml
+++ b/cumulus/bridges/primitives/messages/Cargo.toml
@@ -8,7 +8,7 @@ license = "GPL-3.0-or-later WITH Classpath-exception-2.0"
[dependencies]
codec = { package = "parity-scale-codec", version = "3.1.5", default-features = false, features = ["derive", "bit-vec"] }
-scale-info = { version = "2.6.0", default-features = false, features = ["bit-vec", "derive"] }
+scale-info = { version = "2.9.0", default-features = false, features = ["bit-vec", "derive"] }
serde = { version = "1.0", default-features = false, features = ["alloc", "derive"] }
# Bridge dependencies
diff --git a/cumulus/bridges/primitives/parachains/Cargo.toml b/cumulus/bridges/primitives/parachains/Cargo.toml
index c18c931bd33..6cd138c6224 100644
--- a/cumulus/bridges/primitives/parachains/Cargo.toml
+++ b/cumulus/bridges/primitives/parachains/Cargo.toml
@@ -9,7 +9,7 @@ license = "GPL-3.0-or-later WITH Classpath-exception-2.0"
[dependencies]
codec = { package = "parity-scale-codec", version = "3.1.5", default-features = false, features = ["derive"] }
impl-trait-for-tuples = "0.2"
-scale-info = { version = "2.6.0", default-features = false, features = ["derive"] }
+scale-info = { version = "2.9.0", default-features = false, features = ["derive"] }
# Bridge dependencies
diff --git a/cumulus/bridges/primitives/polkadot-core/Cargo.toml b/cumulus/bridges/primitives/polkadot-core/Cargo.toml
index 56c6de04d41..b7ba4803473 100644
--- a/cumulus/bridges/primitives/polkadot-core/Cargo.toml
+++ b/cumulus/bridges/primitives/polkadot-core/Cargo.toml
@@ -9,7 +9,7 @@ license = "GPL-3.0-or-later WITH Classpath-exception-2.0"
[dependencies]
codec = { package = "parity-scale-codec", version = "3.1.5", default-features = false, features = ["derive"] }
parity-util-mem = { version = "0.12.0", optional = true }
-scale-info = { version = "2.6.0", default-features = false, features = ["derive"] }
+scale-info = { version = "2.9.0", default-features = false, features = ["derive"] }
serde = { version = "1.0", optional = true, features = ["derive"] }
# Bridge Dependencies
diff --git a/cumulus/bridges/primitives/relayers/Cargo.toml b/cumulus/bridges/primitives/relayers/Cargo.toml
index b84b0393adf..fd2c9e19f98 100644
--- a/cumulus/bridges/primitives/relayers/Cargo.toml
+++ b/cumulus/bridges/primitives/relayers/Cargo.toml
@@ -8,7 +8,7 @@ license = "GPL-3.0-or-later WITH Classpath-exception-2.0"
[dependencies]
codec = { package = "parity-scale-codec", version = "3.1.5", default-features = false, features = ["derive", "bit-vec"] }
-scale-info = { version = "2.6.0", default-features = false, features = ["bit-vec", "derive"] }
+scale-info = { version = "2.9.0", default-features = false, features = ["bit-vec", "derive"] }
# Bridge Dependencies
diff --git a/cumulus/bridges/primitives/runtime/Cargo.toml b/cumulus/bridges/primitives/runtime/Cargo.toml
index 3e6a30a061c..dea3c979b86 100644
--- a/cumulus/bridges/primitives/runtime/Cargo.toml
+++ b/cumulus/bridges/primitives/runtime/Cargo.toml
@@ -11,7 +11,7 @@ codec = { package = "parity-scale-codec", version = "3.1.5", default-features =
hash-db = { version = "0.16.0", default-features = false }
impl-trait-for-tuples = "0.2.2"
num-traits = { version = "0.2", default-features = false }
-scale-info = { version = "2.6.0", default-features = false, features = ["derive", "serde"] }
+scale-info = { version = "2.9.0", default-features = false, features = ["derive"] }
serde = { version = "1.0", default-features = false, features = ["alloc", "derive"] }
# Substrate Dependencies
diff --git a/cumulus/scripts/bridges_update_subtree.sh b/cumulus/scripts/bridges_update_subtree.sh
index 3928dc23213..5c5c7a322a1 100755
--- a/cumulus/scripts/bridges_update_subtree.sh
+++ b/cumulus/scripts/bridges_update_subtree.sh
@@ -8,7 +8,7 @@
set -e
-BRIDGES_BRANCH="${BRANCH:-master}"
+BRIDGES_BRANCH="${BRANCH:-polkadot-staging}"
BRIDGES_TARGET_DIR="${TARGET_DIR:-bridges}"
function fetch() {
--
GitLab