From ad87175090f1009b54fef38303a59fdd4d4a62c5 Mon Sep 17 00:00:00 2001 From: Branislav Kontur Date: Tue, 4 Jul 2023 17:18:26 +0200 Subject: [PATCH] BridgeHub subtree update (#2820) * BH subtree master -> polkadot-staging by default * Squashed 'bridges/' changes from c9dd8b9dfc..0417308a48 0417308a48 Update docs (#2242) 1a0d3b55f3 Nits for subtree (#2241) 18fca2e122 Ensure that the origin is signed for submit_parachain_heads and submit_finality_proof calls (#2239) fab51067e7 minor doc fix (#2207) 4feb721d32 backport cumulus changes to polkadot-staging (#2167) 433741942a fix testnet argocd deploy (#2151) (#2152) ff9eadc7dc Updated BHR/W version + codegen (#2148) git-subtree-dir: bridges git-subtree-split: 0417308a489096979ed3e08d0f8caafbfca6e7e9 * Fix deps --- bridges/modules/grandpa/src/lib.rs | 22 +++++++++++++++- bridges/modules/parachains/src/lib.rs | 26 +++++++++++++++++-- .../chain-bridge-hub-cumulus/src/lib.rs | 4 +++ bridges/primitives/header-chain/Cargo.toml | 2 +- bridges/primitives/messages/Cargo.toml | 2 +- bridges/primitives/parachains/Cargo.toml | 2 +- bridges/primitives/polkadot-core/Cargo.toml | 2 +- bridges/primitives/relayers/Cargo.toml | 2 +- bridges/primitives/runtime/Cargo.toml | 2 +- scripts/bridges_update_subtree.sh | 2 +- 10 files changed, 56 insertions(+), 10 deletions(-) diff --git a/bridges/modules/grandpa/src/lib.rs b/bridges/modules/grandpa/src/lib.rs index 10b60878302..f9c3ab68a06 100644 --- a/bridges/modules/grandpa/src/lib.rs +++ b/bridges/modules/grandpa/src/lib.rs @@ -176,11 +176,12 @@ pub mod pallet { justification.votes_ancestries.len().saturated_into(), ))] pub fn submit_finality_proof( - _origin: OriginFor, + origin: OriginFor, finality_target: Box>, justification: GrandpaJustification>, ) -> DispatchResultWithPostInfo { Self::ensure_not_halted().map_err(Error::::BridgeModule)?; + ensure_signed(origin)?; let (hash, number) = (finality_target.hash(), *finality_target.number()); log::trace!( @@ -1414,4 +1415,23 @@ mod tests { fn maybe_headers_to_keep_returns_correct_value() { assert_eq!(MaybeHeadersToKeep::::get(), Some(mock::HeadersToKeep::get())); } + + #[test] + fn submit_finality_proof_requires_signed_origin() { + run_test(|| { + initialize_substrate_bridge(); + + let header = test_header(1); + let justification = make_default_justification(&header); + + assert_noop!( + Pallet::::submit_finality_proof( + RuntimeOrigin::root(), + Box::new(header), + justification, + ), + DispatchError::BadOrigin, + ); + }) + } } diff --git a/bridges/modules/parachains/src/lib.rs b/bridges/modules/parachains/src/lib.rs index b17b52163d8..52b436b8207 100644 --- a/bridges/modules/parachains/src/lib.rs +++ b/bridges/modules/parachains/src/lib.rs @@ -307,12 +307,13 @@ pub mod pallet { parachains.len() as _, ))] pub fn submit_parachain_heads( - _origin: OriginFor, + origin: OriginFor, at_relay_block: (RelayBlockNumber, RelayBlockHash), parachains: Vec<(ParaId, ParaHash)>, parachain_heads_proof: ParaHeadsProof, ) -> DispatchResultWithPostInfo { Self::ensure_not_halted().map_err(Error::::BridgeModule)?; + ensure_signed(origin)?; // we'll need relay chain header to verify that parachains heads are always increasing. let (relay_block_number, relay_block_hash) = at_relay_block; @@ -417,7 +418,7 @@ pub mod pallet { }); // we're refunding weight if update has not happened and if pruning has not happened - let is_update_happened = matches!(update_result, Ok(_)); + let is_update_happened = update_result.is_ok(); if !is_update_happened { actual_weight = actual_weight.saturating_sub( WeightInfoOf::::parachain_head_storage_write_weight( @@ -1579,4 +1580,25 @@ pub(crate) mod tests { Some(mock::TOTAL_PARACHAINS * mock::HeadsToKeep::get()), ); } + + #[test] + fn submit_finality_proof_requires_signed_origin() { + run_test(|| { + let (state_root, proof, parachains) = + prepare_parachain_heads_proof::(vec![(1, head_data(1, 0))]); + + initialize(state_root); + + // `submit_parachain_heads()` should fail when the pallet is halted. + assert_noop!( + Pallet::::submit_parachain_heads( + RuntimeOrigin::root(), + (0, test_relay_header(0, state_root).hash()), + parachains, + proof, + ), + DispatchError::BadOrigin + ); + }) + } } diff --git a/bridges/primitives/chain-bridge-hub-cumulus/src/lib.rs b/bridges/primitives/chain-bridge-hub-cumulus/src/lib.rs index 78a98a42a66..8ff096d077f 100644 --- a/bridges/primitives/chain-bridge-hub-cumulus/src/lib.rs +++ b/bridges/primitives/chain-bridge-hub-cumulus/src/lib.rs @@ -124,9 +124,13 @@ pub type Address = MultiAddress; // `ensure_able_to_receive_confirmation` test. /// Maximal number of unrewarded relayer entries at inbound lane for Cumulus-based parachains. +/// Note: this value is security-relevant, decreasing it should not be done without careful +/// analysis (like the one above). pub const MAX_UNREWARDED_RELAYERS_IN_CONFIRMATION_TX: MessageNonce = 1024; /// Maximal number of unconfirmed messages at inbound lane for Cumulus-based parachains. +/// Note: this value is security-relevant, decreasing it should not be done without careful +/// analysis (like the one above). pub const MAX_UNCONFIRMED_MESSAGES_IN_CONFIRMATION_TX: MessageNonce = 4096; /// Extra signed extension data that is used by all bridge hubs. diff --git a/bridges/primitives/header-chain/Cargo.toml b/bridges/primitives/header-chain/Cargo.toml index 32f81315537..962d262d571 100644 --- a/bridges/primitives/header-chain/Cargo.toml +++ b/bridges/primitives/header-chain/Cargo.toml @@ -9,7 +9,7 @@ license = "GPL-3.0-or-later WITH Classpath-exception-2.0" [dependencies] codec = { package = "parity-scale-codec", version = "3.1.5", default-features = false } finality-grandpa = { version = "0.16.2", default-features = false } -scale-info = { version = "2.6.0", default-features = false, features = ["derive"] } +scale-info = { version = "2.9.0", default-features = false, features = ["derive"] } serde = { version = "1.0", default-features = false, features = ["alloc", "derive"] } # Bridge dependencies diff --git a/bridges/primitives/messages/Cargo.toml b/bridges/primitives/messages/Cargo.toml index cc439a55ae2..ecb0bdc4079 100644 --- a/bridges/primitives/messages/Cargo.toml +++ b/bridges/primitives/messages/Cargo.toml @@ -8,7 +8,7 @@ license = "GPL-3.0-or-later WITH Classpath-exception-2.0" [dependencies] codec = { package = "parity-scale-codec", version = "3.1.5", default-features = false, features = ["derive", "bit-vec"] } -scale-info = { version = "2.6.0", default-features = false, features = ["bit-vec", "derive"] } +scale-info = { version = "2.9.0", default-features = false, features = ["bit-vec", "derive"] } serde = { version = "1.0", default-features = false, features = ["alloc", "derive"] } # Bridge dependencies diff --git a/bridges/primitives/parachains/Cargo.toml b/bridges/primitives/parachains/Cargo.toml index c18c931bd33..6cd138c6224 100644 --- a/bridges/primitives/parachains/Cargo.toml +++ b/bridges/primitives/parachains/Cargo.toml @@ -9,7 +9,7 @@ license = "GPL-3.0-or-later WITH Classpath-exception-2.0" [dependencies] codec = { package = "parity-scale-codec", version = "3.1.5", default-features = false, features = ["derive"] } impl-trait-for-tuples = "0.2" -scale-info = { version = "2.6.0", default-features = false, features = ["derive"] } +scale-info = { version = "2.9.0", default-features = false, features = ["derive"] } # Bridge dependencies diff --git a/bridges/primitives/polkadot-core/Cargo.toml b/bridges/primitives/polkadot-core/Cargo.toml index 56c6de04d41..b7ba4803473 100644 --- a/bridges/primitives/polkadot-core/Cargo.toml +++ b/bridges/primitives/polkadot-core/Cargo.toml @@ -9,7 +9,7 @@ license = "GPL-3.0-or-later WITH Classpath-exception-2.0" [dependencies] codec = { package = "parity-scale-codec", version = "3.1.5", default-features = false, features = ["derive"] } parity-util-mem = { version = "0.12.0", optional = true } -scale-info = { version = "2.6.0", default-features = false, features = ["derive"] } +scale-info = { version = "2.9.0", default-features = false, features = ["derive"] } serde = { version = "1.0", optional = true, features = ["derive"] } # Bridge Dependencies diff --git a/bridges/primitives/relayers/Cargo.toml b/bridges/primitives/relayers/Cargo.toml index b84b0393adf..fd2c9e19f98 100644 --- a/bridges/primitives/relayers/Cargo.toml +++ b/bridges/primitives/relayers/Cargo.toml @@ -8,7 +8,7 @@ license = "GPL-3.0-or-later WITH Classpath-exception-2.0" [dependencies] codec = { package = "parity-scale-codec", version = "3.1.5", default-features = false, features = ["derive", "bit-vec"] } -scale-info = { version = "2.6.0", default-features = false, features = ["bit-vec", "derive"] } +scale-info = { version = "2.9.0", default-features = false, features = ["bit-vec", "derive"] } # Bridge Dependencies diff --git a/bridges/primitives/runtime/Cargo.toml b/bridges/primitives/runtime/Cargo.toml index 3e6a30a061c..dea3c979b86 100644 --- a/bridges/primitives/runtime/Cargo.toml +++ b/bridges/primitives/runtime/Cargo.toml @@ -11,7 +11,7 @@ codec = { package = "parity-scale-codec", version = "3.1.5", default-features = hash-db = { version = "0.16.0", default-features = false } impl-trait-for-tuples = "0.2.2" num-traits = { version = "0.2", default-features = false } -scale-info = { version = "2.6.0", default-features = false, features = ["derive", "serde"] } +scale-info = { version = "2.9.0", default-features = false, features = ["derive"] } serde = { version = "1.0", default-features = false, features = ["alloc", "derive"] } # Substrate Dependencies diff --git a/scripts/bridges_update_subtree.sh b/scripts/bridges_update_subtree.sh index 3928dc23213..5c5c7a322a1 100755 --- a/scripts/bridges_update_subtree.sh +++ b/scripts/bridges_update_subtree.sh @@ -8,7 +8,7 @@ set -e -BRIDGES_BRANCH="${BRANCH:-master}" +BRIDGES_BRANCH="${BRANCH:-polkadot-staging}" BRIDGES_TARGET_DIR="${TARGET_DIR:-bridges}" function fetch() {