Skip to content
This repository has been archived by the owner on Nov 15, 2023. It is now read-only.

contracts: Prevent PoV attack vector with minimal viable solution #11372

Merged
merged 2 commits into from
May 9, 2022

Conversation

athei
Copy link
Member

@athei athei commented May 6, 2022

Fixes #11272 #10301

The amount that is charged from the gas meter is configurable via a new ContractAccessWeight type in the Config trait. A DefaultContractAccessWeight is added to help with a sensible implementation. Please note that this could be too conservative. We would need some benchmarking using smart-bench (cc @ascjones) to determine the impact on throughput.

cumulus companion: paritytech/cumulus#1242

@athei athei added A0-please_review Pull request needs code review. B7-runtimenoteworthy C1-low PR touches the given topic and has a low impact on builders. D2-notlive 💤 PR contains changes in a runtime directory that is not deployed to a chain that requires an audit. labels May 6, 2022
@athei athei requested review from ascjones, cmichi and agryaznov May 6, 2022 15:13
Copy link
Contributor

@cmichi cmichi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would be great if you could add this new Config field to the (soon to be renamed) canvas runtime in cumulus.

frame/contracts/src/lib.rs Outdated Show resolved Hide resolved
frame/contracts/src/lib.rs Outdated Show resolved Hide resolved
Co-authored-by: Michael Müller <michi@parity.io>
@athei
Copy link
Member Author

athei commented May 6, 2022

Would be great if you could add this new Config field to the (soon to be renamed) canvas runtime in cumulus.

CI would check for this anyways. Companion added.

Copy link
Contributor

@ascjones ascjones left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@athei
Copy link
Member Author

athei commented May 9, 2022

bot merge

@paritytech-processbot paritytech-processbot bot merged commit 6e5ee51 into master May 9, 2022
@paritytech-processbot paritytech-processbot bot deleted the at-contracts-dos-fix branch May 9, 2022 09:25
godcodehunter pushed a commit to sensoriumxr/substrate that referenced this pull request Jun 22, 2022
…ritytech#11372)

* Add ContractAccessWeight

* Apply suggestions from code review

Co-authored-by: Michael Müller <michi@parity.io>

Co-authored-by: Michael Müller <michi@parity.io>
DaviRain-Su pushed a commit to octopus-network/substrate that referenced this pull request Aug 23, 2022
…ritytech#11372)

* Add ContractAccessWeight

* Apply suggestions from code review

Co-authored-by: Michael Müller <michi@parity.io>

Co-authored-by: Michael Müller <michi@parity.io>
ark0f pushed a commit to gear-tech/substrate that referenced this pull request Feb 27, 2023
…ritytech#11372)

* Add ContractAccessWeight

* Apply suggestions from code review

Co-authored-by: Michael Müller <michi@parity.io>

Co-authored-by: Michael Müller <michi@parity.io>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
A0-please_review Pull request needs code review. C1-low PR touches the given topic and has a low impact on builders. D2-notlive 💤 PR contains changes in a runtime directory that is not deployed to a chain that requires an audit.
Projects
Status: No status
Development

Successfully merging this pull request may close these issues.

Prevent PoV attack vector with minimal viable solution
3 participants