ICS5: Integrate Dynamic Capabilities into IBC #5872
Conversation
AdityaSripal
requested review from
alessio,
alexanderbez,
fedekunze,
hschoenburg and
nylira
as code owners
| @@ -33,38 +35,45 @@ func (k Keeper) ChanOpenInit( | |||
| connectionHops []string, | |||
| portID, | |||
| channelID string, | |||
| portCap capability.Capability, | |||
There was a problem hiding this comment.
Passed in by caller as described in spec:
Note: If the host state machine is utilising object capability authentication (see ICS 005), all functions utilising ports take an additional capability parameter.
There was a problem hiding this comment.
Yes, that's correct. Working on updating the spec.
| @@ -33,7 +34,7 @@ func (k Keeper) isBounded(portID string) bool { | |||
| // Ports must be bound statically when the chain starts in `app.go`. | |||
| // The capability must then be passed to a module which will need to pass | |||
| // it as an extra parameter when calling functions on the IBC module. | |||
| func (k *Keeper) BindPort(portID string) sdk.CapabilityKey { | |||
| func (k *Keeper) BindPort(ctx sdk.Context, portID string) capability.Capability { | |||
There was a problem hiding this comment.
Wrote this function gleaning as much as i could from ICS-5 and capability implementation
From my understanding, a module will call this function. IBC will then create a capability and return it to the caller.
The calling module can then call ClaimCapability to own the capability and thus the port associated with the capability.
At this point, both the IBC module and the calling module own the capability and can authenticate it.
Is this the correct behavior?
There was a problem hiding this comment.
See updated spec:
function bindPort(id: Identifier): CapabilityKey {
abortTransactionUnless(validatePortIdentifier(id))
abortTransactionUnless(getCapability(portPath(id)) === null)
capability = newCapability(portPath(id))
return capability
}
|
Thanks @AdityaSripal! Please see the spec updates in cosmos/ibc#400 which should resolve outstanding questions. |
x/ibc/04-channel/handler.go
Outdated
| @@ -8,9 +8,9 @@ import ( | |||
|
|
|||
| // HandleMsgChannelOpenInit defines the sdk.Handler for MsgChannelOpenInit | |||
| func HandleMsgChannelOpenInit(ctx sdk.Context, k keeper.Keeper, msg types.MsgChannelOpenInit) (*sdk.Result, error) { | |||
| err := k.ChanOpenInit( | |||
| _, err := k.ChanOpenInit( | |||
There was a problem hiding this comment.
Not sure what to do with the returned capability here. I see how a module can call the keeper's ChanOpenInit method, claim the returned capability and continue the handshake from there.
However, I don't see how to return the capability to an end user since it's only the same capability if the end user somehow gets the same reference passed to it. For example, I don't see how this would work at all in the current relayer flow since the relayer can't be given the channel capability here and then pass it to the next ChanOpenAck msg
Seems like enforcing capabilities will disallow bare creation of channels? Instead all channel creation would have to be mediated through the modules themselves which can bind ports and then start the channel handshake amongst themselves with users prompting the modules to move forward on the handshake
There was a problem hiding this comment.
Seems like enforcing capabilities will disallow bare creation of channels? Instead all channel creation would have to be mediated through the modules themselves which can bind ports and then start the channel handshake amongst themselves with users prompting the modules to move forward on the handshake
This capability should be passed back to the module which has bound to the port - the module can then call ClaimCapability and use the capability to continue the handshake & send packets later on. The relayer can send the actual transactions; that's fine - the module just needs to claim the capability and fetch it (under some new name) when required.
x/ibc/04-channel/types/msgs.go
Outdated
| Signer sdk.AccAddress `json:"signer"` | ||
| PortID string `json:"port_id"` | ||
| ChannelID string `json:"channel_id"` | ||
| PortCap capability.Capability `json:"port_capability"` |
There was a problem hiding this comment.
Putting capabilities in the user msgs here to make everything build, though I don't think it's possible for an end user outside of the state machine to ever pass in a capability correctly.
Either this functionality needs to be removed or it needs to somehow be routed first through the appropriate module that can inject the capability on behalf of the user
There was a problem hiding this comment.
It needs to be routed through the module, see above comment.
|
This pull request introduces 3 alerts when merging 06e7b80 into 3b48464 - view on LGTM.com new alerts:
|
|
@AdityaSripal Is this superseded by #5888? |
|
Closed in favor of #5888 |
Closes: #5542
Description
Use Dynamic Capability Keeper in IBC in accordance with spec
TODO: Route packets to modules given the portID's they own. Noting that portID != modulename
For contributor use:
docs/) or specification (x/<module>/spec/)godoccomments.Unreleasedsection inCHANGELOG.mdFiles changedin the Github PR explorerFor admin use:
WIP,R4R,docs, etc)