Hard-cap the execution time of custom contract calls. (#4226)

* Reject call requests that allocate too high gas limit. * Lower to 5x

Hard-cap the execution time of custom contract calls. (#4226)
* Reject call requests that allocate too high gas limit. * Lower to 5x
77d0c065 · Tomasz Drwięga · Gavin Wood · a7c04a5b · 77d0c065
Commit 77d0c065 authored 5 years ago by Tomasz Drwięga Committed by Gavin Wood 5 years ago
--- a/substrate/frame/contracts/rpc/src/lib.rs
+++ b/substrate/frame/contracts/rpc/src/lib.rs
@@ -39,7 +39,16 @@ const RUNTIME_ERROR: i64 = 1;
 const CONTRACT_DOESNT_EXIST: i64 = 2;
 const CONTRACT_IS_A_TOMBSTONE: i64 = 3;

-// A private newtype for converting `GetStorageError` into an RPC error.
+/// A rough estimate of how much gas a decent hardware consumes per second,
+/// using native execution.
+/// This value is used to set the upper bound for maximal contract calls to
+/// prevent blocking the RPC for too long.
+///
+/// Based on W3F research spreadsheet:
+/// https://docs.google.com/spreadsheets/d/1h0RqncdqiWI4KgxO0z9JIpZEJESXjX_ZCK6LFX6veDo/view
+const GAS_PER_SECOND: u64 = 1_000_000_000;
+
+/// A private newtype for converting `GetStorageError` into an RPC error.
 struct GetStorageError(runtime_api::GetStorageError);
 impl From<GetStorageError> for Error {
 	fn from(e: GetStorageError) -> Error {
@@ -148,6 +157,19 @@ where
 			data: None,
 		})?;

+		let max_gas_limit = 5 * GAS_PER_SECOND;
+		if gas_limit > max_gas_limit {
+			return Err(Error {
+				code: ErrorCode::InvalidParams,
+				message: format!(
+					"Requested gas limit is greater than maximum allowed: {} > {}",
+					gas_limit,
+					max_gas_limit
+				),
+				data: None,
+			});
+		}
+
 		let exec_result = api
 			.call(&at, origin, dest, value, gas_limit, input_data.to_vec())
 			.map_err(|e| Error {