-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve XCM Config #131
Improve XCM Config #131
Conversation
- Remove ParentAsSuperuser from XCM origin converter - Disallow generic XCM execution, do not allow teleport and allow transfer
70a83e7
to
be2b9c6
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Comment enhancement suggestions only. Makes it easier to understand, I hope :)
You tested the xtoken transfer & the HRMP channel, correct? Or should I test this as well?
If it's not too much work (if possible at all), would it be possible to shortly describe in the PR description from where you got your information from? Might come in handy in the future.
Co-authored-by: haerdib <[email protected]>
Co-authored-by: haerdib <[email protected]>
Co-authored-by: haerdib <[email protected]>
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Cool! Thanks for your perseverance on this issue :D
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Cool, thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have one question, but it looks good otherwise. :)
type ExecuteXcmOrigin = EnsureXcmOrigin<Origin, LocalOriginToLocation>; // Allow any local origin in XCM execution. | ||
type XcmExecuteFilter = Nothing; // Disable generic XCM execution. This does not affect Teleport or Reserve Transfer. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just for my understanding, is the combination of these two lines exactly the same as?
type ExecuteXcmOrigin = EnsureXcmOrigin<Origin, ()>; // Allow any local origin in XCM execution.
//^^^ changed the line here
type XcmExecuteFilter = Nothing; // Disable generic XCM execution. This does not affect Teleport or Reserve Transfer.
Or would this also disable Teleport and Reserve Transfer then?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
From https://github.com/paritytech/polkadot/blob/99d6b557c0594a35198be84d03833e5af692d109/xcm/pallet-xcm/src/lib.rs#L86 , i think it would also disable Teleport and Transfer for users of this chain. ExecuteXcmOrigin is called in execute, do_reserve_transfer_assets and do_teleport_assets.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, I see. Thanks!
To undestand the different filter and check how to configure them: see https://blog.quarkslab.com/a-brief-overview-of-auditing-xcmv2.html
Tested: Filter changes still allow to manually open an HRMP channel with Acala's rococo parachain and transfer TEER token.