Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(sequencer)!: refactor authorization checks for use in mempool logic #1713

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

feat(sequencer)!: refactor authorization checks for use in mempool logic #1713

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d1fba2f
rework with AuthenticationHandler instead of ActionHandler
Lilyjjo Oct 30, 2024
50cddeb
update changelog
Lilyjjo Oct 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions crates/astria-core/src/protocol/abci.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ impl AbciErrorCode {
pub const NONCE_TAKEN: Self = Self(unsafe { NonZeroU32::new_unchecked(15) });
pub const ACCOUNT_SIZE_LIMIT: Self = Self(unsafe { NonZeroU32::new_unchecked(16) });
pub const PARKED_FULL: Self = Self(unsafe { NonZeroU32::new_unchecked(17) });
pub const AUTHORIZATION_FAILED: Self = Self(unsafe { NonZeroU32::new_unchecked(18) });
}

impl AbciErrorCode {
Expand Down Expand Up @@ -64,6 +65,7 @@ impl AbciErrorCode {
"the account has reached the maximum number of parked transactions".into()
}
Self::PARKED_FULL => "the mempool is out of space for more parked transactions".into(),
Self::AUTHORIZATION_FAILED => "the transaction failed authorization checks".into(),
Self(other) => {
format!("invalid error code {other}: should be unreachable (this is a bug)")
}
Expand Down
1 change: 1 addition & 0 deletions crates/astria-sequencer/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@

- Bump penumbra dependencies [#1740](https://github.com/astriaorg/astria/pull/1740).
- Move fee event recording to transaction from block [#1718](https://github.com/astriaorg/astria/pull/1718).
- Mempool now rejects transactions with incorrect authorizations with a new ABCI error code [#1713](https://github.com/astriaorg/astria/pull/1713).

Check failure on line 18 in crates/astria-sequencer/CHANGELOG.md

View workflow job for this annotation

GitHub Actions / markdown

Line length 

crates/astria-sequencer/CHANGELOG.md:18:81 MD013/line-length Line length [Expected: 80; Actual: 147] https://github.com/DavidAnson/markdownlint/blob/v0.29.0/doc/md013.md

## [1.0.0-rc.2] - 2024-10-23

Expand Down
32 changes: 0 additions & 32 deletions crates/astria-sequencer/src/authority/action.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@ use crate::{
StateWriteExt as _,
},
ibc::StateWriteExt as _,
transaction::StateReadExt as _,
};

#[async_trait::async_trait]
Expand All @@ -29,17 +28,6 @@ impl ActionHandler for ValidatorUpdate {
}

async fn check_and_execute<S: StateWrite>(&self, mut state: S) -> Result<()> {
let from = state
.get_transaction_context()
.expect("transaction source must be present in state when executing an action")
.address_bytes();
// ensure signer is the valid `sudo` key in state
let sudo_address = state
.get_sudo_address()
.await
.wrap_err("failed to get sudo address from state")?;
ensure!(sudo_address == from, "signer is not the sudo key");

// ensure that we're not removing the last validator or a validator
// that doesn't exist, these both cause issues in cometBFT
if self.power == 0 {
Expand Down Expand Up @@ -80,20 +68,10 @@ impl ActionHandler for SudoAddressChange {
/// check that the signer of the transaction is the current sudo address,
/// as only that address can change the sudo address
async fn check_and_execute<S: StateWrite>(&self, mut state: S) -> Result<()> {
let from = state
.get_transaction_context()
.expect("transaction source must be present in state when executing an action")
.address_bytes();
state
.ensure_base_prefix(&self.new_address)
.await
.wrap_err("desired new sudo address has an unsupported prefix")?;
// ensure signer is the valid `sudo` key in state
let sudo_address = state
.get_sudo_address()
.await
.wrap_err("failed to get sudo address from state")?;
ensure!(sudo_address == from, "signer is not the sudo key");
state
.put_sudo_address(self.new_address)
.wrap_err("failed to put sudo address in state")?;
Expand All @@ -108,20 +86,10 @@ impl ActionHandler for IbcSudoChange {
}

async fn check_and_execute<S: StateWrite>(&self, mut state: S) -> Result<()> {
let from = state
.get_transaction_context()
.expect("transaction source must be present in state when executing an action")
.address_bytes();
state
.ensure_base_prefix(&self.new_address)
.await
.wrap_err("desired new ibc sudo address has an unsupported prefix")?;
// ensure signer is the valid `sudo` key in state
let sudo_address = state
.get_sudo_address()
.await
.wrap_err("failed to get sudo address from state")?;
ensure!(sudo_address == from, "signer is not the sudo key");
state
.put_ibc_sudo_address(self.new_address)
.wrap_err("failed to put ibc sudo address in state")?;
Expand Down
Loading
Loading