-
Notifications
You must be signed in to change notification settings - Fork 707
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Staking ledger bonding fixes #3639
Merged
kianenigma
merged 23 commits into
master
from
gpestana/3245ledger_consistency_runtimecheck
Mar 14, 2024
Merged
Changes from 18 commits
Commits
Show all changes
23 commits
Select commit
Hold shift + click to select a range
30b00e3
Add more try runtime checks to staking
gpestana 8b49b43
more changes
gpestana 20a87e2
clean up
gpestana bb837d2
Merge branch 'master' into gpestana/3245ledger_consistency_runtimecheck
gpestana 31cbd74
fixes set controller and batch deprecation when controller is double …
gpestana 6bc85bc
removes unecessary warns
gpestana 16a692e
prevents controller to become a stash
gpestana 47f9e25
warn only try-runtime checks
gpestana 8ed57de
prevents calling bond_extra in inconsistent ledgers
gpestana 410d784
Update substrate/frame/staking/src/mock.rs
gpestana 86b0ad7
adds bad state checks at the staking ledger level; ensures all access…
gpestana 6e16fa4
nit
gpestana 5986a4e
comments nits
gpestana 578a407
add tests for staking ledger fetch in bad state
gpestana 8dd4818
adds prdoc
gpestana 52c648e
fixes prdoc
gpestana e3e9672
Update substrate/frame/staking/src/ledger.rs
gpestana 541037f
Update substrate/frame/staking/src/ledger.rs
gpestana 0c1bff6
replaces btreemap with btreeset in try runtime checks
gpestana 371b0cf
simplifies getter check
gpestana 4670659
check if bonded controller is the expected
gpestana 649bf59
Merge branch 'master' into gpestana/3245ledger_consistency_runtimecheck
gpestana 0dde68a
Empty-Commit
kianenigma File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
title: Prevents staking controllers from becoming stashes of different ledgers; Ensures that no ledger in bad state is mutated. | ||
|
||
doc: | ||
- audience: Runtime User | ||
description: | | ||
This PR introduces a fix to the staking logic which prevents an existing controller from bonding as a stash of another ledger, which | ||
lead to staking ledger inconsistencies down the line. In addition, it adds a few (temporary) gates to prevent ledgers that are already | ||
in a bad state from mutating its state. | ||
|
||
In summary: | ||
* Checks if stash is already a controller when calling `Call::bond` and fails if that's the case; | ||
* Ensures that all fetching ledgers from storage are done through the `StakingLedger` API; | ||
* Ensures that a `Error::BadState` is returned if the ledger bonding is in a bad state. This prevents bad ledgers from mutating (e.g. | ||
`bond_extra`, `set_controller`, etc) its state and avoid further data inconsistencies. | ||
* Prevents stashes which are controllers or another ledger from calling `set_controller`, since that may lead to a bad state. | ||
* Adds further try-state runtime checks that check if there are ledgers in a bad state based on their bonded metadata. | ||
|
||
crates: | ||
- name: pallet-staking |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One issue I feel when reading this function, since it handles both reading by controller and stake, it becomes a little harder to reason about which checks we need for each. What do you think about just splitting these flows.
So internally two functions
get_by_stash
andget_by_controller
that this function calls.Leave that decision to you though. Feel free to merge if you are happy and we probably will do lot more cleanups and refactors once controllers are removed completely.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, I agree with this statement. The idea of this fn was to keep the code refactors to a minimal once the controllers were deprecated. So refactoring the code would basically mean removing the whole
StakingAccount
machinery and change the logic of the getter (and others) but the API would remain almost unchanged. I will keep this as-is for now and we can remove simplify it once the controller logic is completely removed.