-
Notifications
You must be signed in to change notification settings - Fork 379
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add std.PrevRealm #667
Conversation
I like this. |
That makes sense since we have also But on the other hand, I'm wondering if having all these methods to access to the callers stack is really useful. Why a contract would need to access the nth caller ? Sounds like an open-bar for security breaches no ? |
We do definitely need this kind of stuff. Could add TestSetCaller?? (just like TestSetOrigCaller) https://github.com/gnolang/gno/blob/master/tests/imports.go#L537 |
I get your point, but it's semantically wrong i believe.
It would made sense if the function was @grepsuzette wdyt ? |
This is more complicate than it's look,
Maybe we should consider adding the |
Hmmm.. I think we better leave gno context structure as it as for now, and find ways to spoof or mock the frame with least side effetcs As you said touching context will be super annoying and likely to have more side effects |
I agree; changing context dynamically in the call path makes the contracts hard to audit and opens doors for security issues. In typical use cases, OrigCaller refers to the user account that signs the original message, not a contract on the call path. It equals EOA in Solidity. In the file test, OrigCaller is the main package. It simplifies the testing process since we don't need to sign the message to initiate a call to contract from EOA. TestSetOrigCaller is only used to replace the main package for the admin user for testing purposes. |
Please share your thoughts on PR #683. |
That's an interesting question, can a package be considered as a caller or not ? I had the similar question for #495 for |
Perhaps the name is not very important for now. @albttx I will try to rephrase your use case. There is a user Bob, Bob represents a DAO on GNO, this DAO exists through a realm. Last week the DAO decided to emit GRC20 tokens and to airdrop them to 100 random users of
If that's correct, I'm wondering if we can think of scenarios where |
Hey @grepsuzette, no, here is the current situation See here the grc20 code: The
Some infos:
So now let's say, So, the tx will look like:
This PR adding |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Blocking until we choose the best direction for this in #683.
Personally, I like the name |
|
7eae128
to
a70e880
Compare
a70e880
to
1b628e6
Compare
linked to #634 |
but what's the reason for needing that? first I would get a good use-case that isn't addressed by existing functions, and make sure this use-case is definitely something we want to support, rather than an anti-pattern. |
reading it once more now. |
|
||
// Empty the pkgPath if we return a user | ||
if ctx.OrigCaller == lastCaller { | ||
lastPkgPath = "" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i don't understand why it needs to be empty. what happens without this line?
Maybe it's solved by the if-else chain i suggested above. it seemed like it was unnecessarily setting lastPkgPath before.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
std.Realm
return a Realm{}
type Realm struct {
Addr crypto.Bech32Address
PkgPath string
}
in the case we return a user, we want PkgPath to be empty.
Without this line, we could return a Realm containing a user address and gno.land/r/demo/xxx
which is the "Current realm".
This condition won't be present in the next function std.Realm
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For accounts, it's a good idea to have an empty variable. However, if default realm implementation is desired later, it could change to gno.land/r/moul
. What is the current value before erasing it?
I like using if PkgPath != ""
for distinction, similar to if err != nil
. We can update the method or choose a new variable when accounts have a path.
Waiting for your response, but currently inclined to maintain the current behavior.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @moul I'm not sure i understand your question, but here is a better explanation
user1.gno -> gno.land/r/moul/sayhi
The Frames will be
- gno.land/r/moul/sayhi
- user1.gno
so when we will finish the iteration loop, lastCaller will be user1.gno
, and pkgPath will be gno.land/r/moul/sayhi
, ( frame[i].LastPackage.PkgPath
)
So we use if ctx.OrigCaller == lastCaller
to empty it
Is it more clear ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was asking what was the raw value before erasing it. Checking if it makes sense to be kept somehow.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Really close to final; just have the comments written so far.
If nobody objects to new changes, feel free to merge if all comments are addressed.
Just wanna check
Did I understood correctly? |
It works perfectly fine for actual gno running with However, because
So I'v made little helper #891 |
Co-authored-by: Antonio Navarro Perez <[email protected]> Co-authored-by: Thomas Bruyelle <[email protected]> Co-authored-by: Manfred Touron <[email protected]>
update (missing part of) grc721 package implementation to use `std.PrevRealm()` not `std.GetOrigCaller()` ## related #667 implementation of `std.PrevRealm()` #895 update grc20, 721 to use `std.PrevRealm()` <details><summary>Checklists...</summary> ## Contributors Checklist - [x] Added new tests, or not needed, or not feasible - [ ] Provided an example (e.g. screenshot) to aid review or the PR is self-explanatory - [x] Updated the official documentation or not needed - [x] No breaking changes were made, or a `BREAKING CHANGE: xxx` message was included in the description - [x] Added references to related issues and PRs - [ ] Provided any useful hints for running manual tests - [ ] Added new benchmarks to [generated graphs](https://gnoland.github.io/benchmarks), if any. More info [here](../.benchmarks/README.md). </details> Co-authored-by: Manfred Touron <[email protected]>
update (missing part of) grc721 package implementation to use `std.PrevRealm()` not `std.GetOrigCaller()` ## related gnolang#667 implementation of `std.PrevRealm()` gnolang#895 update grc20, 721 to use `std.PrevRealm()` <details><summary>Checklists...</summary> ## Contributors Checklist - [x] Added new tests, or not needed, or not feasible - [ ] Provided an example (e.g. screenshot) to aid review or the PR is self-explanatory - [x] Updated the official documentation or not needed - [x] No breaking changes were made, or a `BREAKING CHANGE: xxx` message was included in the description - [x] Added references to related issues and PRs - [ ] Provided any useful hints for running manual tests - [ ] Added new benchmarks to [generated graphs](https://gnoland.github.io/benchmarks), if any. More info [here](../.benchmarks/README.md). </details> Co-authored-by: Manfred Touron <[email protected]>
<!-- Please provide a brief summary of your changes in the Title above --> # Description Thanks to @albttx, we now have `std.PrevRealm` #667 However it seems like doesn't work on testcase(that can be run by `gno test` command) as what we expected. > `gno test` uses its own Context which makes few other functions (like GetRealmPath) doesn't work neither. So I made little helper very similar to `std.TestSetOrigCaller` --- ## Discussion Need `std.TestSetOrigCaller` takes single parameter and two different type can be passed 1. If `std.Address` type is passed, -> TestSetPrevRealm will take it as user address => return user address not realm. 2. If `string` type is passed, -> TestSetPrevRealm will take it as pkg_path => return pkg address(using bech32) and pkg_path > Since string parameter is being used without any verification in this pr, How about reusing verification logic from here ??https://github.com/gnolang/gno/blob/408fc68d4b3c189dbc6a608c590a86c661ae232a/tm2/pkg/std/memfile.go#L33-L68 ## Contributors Checklist - [x] Added new tests, or not needed, or not feasible - [ ] Provided an example (e.g. screenshot) to aid review or the PR is self-explanatory - [x] Updated the official documentation or not needed - [x] No breaking changes were made, or a `BREAKING CHANGE: xxx` message was included in the description - [x] Added references to related issues and PRs - [ ] Provided any useful hints for running manual tests ## Maintainers Checklist - [x] Checked that the author followed the guidelines in `CONTRIBUTING.md` - [x] Checked the conventional-commit (especially PR title and verb, presence of `BREAKING CHANGE:` in the body) - [x] Ensured that this PR is not a significant change or confirmed that the review/consideration process was appropriate for the change
<!-- Please provide a brief summary of your changes in the Title above --> # Description Thanks to @albttx, we now have `std.PrevRealm` gnolang#667 However it seems like doesn't work on testcase(that can be run by `gno test` command) as what we expected. > `gno test` uses its own Context which makes few other functions (like GetRealmPath) doesn't work neither. So I made little helper very similar to `std.TestSetOrigCaller` --- ## Discussion Need `std.TestSetOrigCaller` takes single parameter and two different type can be passed 1. If `std.Address` type is passed, -> TestSetPrevRealm will take it as user address => return user address not realm. 2. If `string` type is passed, -> TestSetPrevRealm will take it as pkg_path => return pkg address(using bech32) and pkg_path > Since string parameter is being used without any verification in this pr, How about reusing verification logic from here ??https://github.com/gnolang/gno/blob/408fc68d4b3c189dbc6a608c590a86c661ae232a/tm2/pkg/std/memfile.go#L33-L68 ## Contributors Checklist - [x] Added new tests, or not needed, or not feasible - [ ] Provided an example (e.g. screenshot) to aid review or the PR is self-explanatory - [x] Updated the official documentation or not needed - [x] No breaking changes were made, or a `BREAKING CHANGE: xxx` message was included in the description - [x] Added references to related issues and PRs - [ ] Provided any useful hints for running manual tests ## Maintainers Checklist - [x] Checked that the author followed the guidelines in `CONTRIBUTING.md` - [x] Checked the conventional-commit (especially PR title and verb, presence of `BREAKING CHANGE:` in the body) - [x] Ensured that this PR is not a significant change or confirmed that the review/consideration process was appropriate for the change
<!-- Please provide a brief summary of your changes in the Title above --> # Description Thanks to @albttx, we now have `std.PrevRealm` gnolang#667 However it seems like doesn't work on testcase(that can be run by `gno test` command) as what we expected. > `gno test` uses its own Context which makes few other functions (like GetRealmPath) doesn't work neither. So I made little helper very similar to `std.TestSetOrigCaller` --- ## Discussion Need `std.TestSetOrigCaller` takes single parameter and two different type can be passed 1. If `std.Address` type is passed, -> TestSetPrevRealm will take it as user address => return user address not realm. 2. If `string` type is passed, -> TestSetPrevRealm will take it as pkg_path => return pkg address(using bech32) and pkg_path > Since string parameter is being used without any verification in this pr, How about reusing verification logic from here ??https://github.com/gnolang/gno/blob/408fc68d4b3c189dbc6a608c590a86c661ae232a/tm2/pkg/std/memfile.go#L33-L68 ## Contributors Checklist - [x] Added new tests, or not needed, or not feasible - [ ] Provided an example (e.g. screenshot) to aid review or the PR is self-explanatory - [x] Updated the official documentation or not needed - [x] No breaking changes were made, or a `BREAKING CHANGE: xxx` message was included in the description - [x] Added references to related issues and PRs - [ ] Provided any useful hints for running manual tests ## Maintainers Checklist - [x] Checked that the author followed the guidelines in `CONTRIBUTING.md` - [x] Checked the conventional-commit (especially PR title and verb, presence of `BREAKING CHANGE:` in the body) - [x] Ensured that this PR is not a significant change or confirmed that the review/consideration process was appropriate for the change
Description
Currently the
p/demo/grc/grc20
package andr/demo/foo20
contract usestd.GetOrigCaller
for checking the owner, this could lead to potential security issues (eg: phishing).By using
std.GetCaller
, we fix this situation.NOTE: The changes in the
grc20
packages andfoo20
will be executed on another PR to keep this one smallHow it's works
Add
std.GetCaller
which return the latest caller.This should be mostly used on
grc20
package rather thanstd.GetOrigCaller
How it's works
GetCaller
already return the Caller, When the caller is a Realm, return the realm, if not, return the calling user.Examples
User calm realm, that call realms
User call Realm that call only packages
User call Realm that call packages and realm
Noticed that on
r/bar
the caller isrealm.gno
How has this been tested?
see tests...