-
Notifications
You must be signed in to change notification settings - Fork 1.6k
Conversation
@@ -1044,6 +1045,9 @@ impl InstanceFilter<RuntimeCall> for ProxyType { | |||
RuntimeCall::FastUnstake(..) | |||
) | |||
}, | |||
ProxyType::NominationPools => { | |||
matches!(c, RuntimeCall::NominationPools(..) | RuntimeCall::Utility(..)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure we should support all utility calls. We should filter here explicitly on what we want to support.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probably he took it for the same reason that Utility
is part of Staking
proxy as well.
Isn't this an issue that now with Staking proxy you can do utility::batch[transfer]
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I tried to test this and the batched calls itself are filtered again. So a proxy can only do utility::batch[some_nomination_call]
if they are only allowed delegation for NominationPools
.
Perhaps there are some utility calls that are unsafe (.i.e. does not pass along the filters)? It looks to me we are already supporting all utility calls in few other proxies as well.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, the batched calls are itself checked again!
Something like aw_derivative is maybe not that good? I would have said that we only allow batching calls.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In either case, this is beyond this PR per se, I suggest we move on and revise including Utility
elsewhere.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure how this can be beyond this pr? This is a security issue if not done correctly.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay, checked the code again as_derivative
is taking the same filters into account. So, it is safe.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we simply always allow Utility because why not? https://github.com/AcalaNetwork/Acala/blob/4844051ecf24c907a21f2dab0145398f50fede4f/runtime/karura/src/lib.rs#L1295
bot rebase |
Rebased |
* master: Companion: wasm-builder support stable Rust (#6967) Fix feature (#6966) configuration: backport async backing parameters from the feature branch (#6961) Histogram support in runtime metrics (#6935) Bump openssl from 0.10.38 to 0.10.48 (#6955) Proxy for Nomination Pools (#6846) Nomination Pools migration v5: RewardPool fix (#6957) bump timestamp script to v0.2 (#6954) Subsystem channel tweaks (#6905) Companion for #13683 (#6944) inherent disputes: remove per block initializer and disputes timeout event (#6937)
…slashing-client * ao-past-session-slashing-runtime: Companion: wasm-builder support stable Rust (#6967) Fix feature (#6966) configuration: backport async backing parameters from the feature branch (#6961) Histogram support in runtime metrics (#6935) Bump openssl from 0.10.38 to 0.10.48 (#6955) Proxy for Nomination Pools (#6846) Nomination Pools migration v5: RewardPool fix (#6957)
closes #6211