Implement multisig example #1581
Conversation
richardpringle
requested review from
iFrostizz,
samliok,
aaronbuchwald and
joshua-kim
as code owners
There was a problem hiding this comment.
It's looking really good, short and sweet!
The double spend test is failing and I haven't seen anything preventing it.
The contract call is probably blocked by #1417, it may also make sense to let the actor specify the max_units. If the call fails, it will revert the transaction.
Finally, the Any option from the Voters enum definitely looks interesting but I'm thinking that there should at least be some kind of vesting or locked stake to avoid anyone to just spam the votes. No strong opinion here and we could leave as-is since it's just an example.
| // TODO: fix this | ||
| // let remaining_fuel = ctx.remaining_fuel(); | ||
| let remaining_fuel = 0; |
There was a problem hiding this comment.
It's my fault, I'll need to push on #1417
| if !voters.contains(actor) || votes_remaining == 0 { | ||
| return None; | ||
| } |
There was a problem hiding this comment.
It's a little weird that the actor check is done after having stored the vote, even though it should not have any security flaw what do you think about having this check before ?
There was a problem hiding this comment.
I'll have to look again, but I think I fixed this ignore this
There was a problem hiding this comment.
Honestly, the reason I did it this way is that it's the voter that's paying for the vote, it's really up to them to ensure whether or not they can vote.
The logic flows like this
- if the voter hasn't voted, cast their vote
- if the vote affects quorum, record the change
- if a quorum is reached, execute the proposal
Doing things in this order is much simpler as you only deal with one piece of state at a time. Otherwise, there's more branching logic that I just don't care to optimize for.
There was a problem hiding this comment.
Makes sense! It's just a code smell, for example if someone wants to extend the code and expects the votes in the Vote state keys to be part of the voters in order to sum the amount of votes then they might get surprised.
You might as well just write
| if !voters.contains(actor) || votes_remaining == 0 { | |
| return None; | |
| } | |
| let actor = ctx.actor(); | |
| let ProposalMeta { | |
| voters, | |
| votes_remaining, | |
| } = ctx | |
| .get(ProposalVoteInfo(proposal_id)) | |
| .expect("failed to deserialize") | |
| .expect("proposal not found"); | |
| if !voters.contains(actor) || votes_remaining == 0 { | |
| return None; | |
| } | |
| ctx.store_by_key(Vote(proposal_id, actor), vote) | |
| .expect("failed to serialize"); | |
| if !vote { | |
| return None; | |
| } |
The suggestion diff is not perfect but essentially just moving the "effects" after the "checks", but no changes are required.
richardpringle
force-pushed
the
multisig
branch
7 times, most recently
from
67ff55e
to
85f4402
Compare
| if !voters.contains(actor) || votes_remaining == 0 { | ||
| return None; | ||
| } |
There was a problem hiding this comment.
Makes sense! It's just a code smell, for example if someone wants to extend the code and expects the votes in the Vote state keys to be part of the voters in order to sum the amount of votes then they might get surprised.
You might as well just write
| if !voters.contains(actor) || votes_remaining == 0 { | |
| return None; | |
| } | |
| let actor = ctx.actor(); | |
| let ProposalMeta { | |
| voters, | |
| votes_remaining, | |
| } = ctx | |
| .get(ProposalVoteInfo(proposal_id)) | |
| .expect("failed to deserialize") | |
| .expect("proposal not found"); | |
| if !voters.contains(actor) || votes_remaining == 0 { | |
| return None; | |
| } | |
| ctx.store_by_key(Vote(proposal_id, actor), vote) | |
| .expect("failed to serialize"); | |
| if !vote { | |
| return None; | |
| } |
The suggestion diff is not perfect but essentially just moving the "effects" after the "checks", but no changes are required.
|
|
||
| pub type ProposalId = usize; | ||
|
|
||
| state_schema! { |
There was a problem hiding this comment.
can we add some comments to these state variables? Makes it easier for a new dev to come to the examples folder and understand how the multisig example is structured
| let remaining_fuel = 1_000_000; | ||
|
|
||
| let result: DeferDeserialization = ctx | ||
| .call_contract(contract_address, &function_name, &args, remaining_fuel, 0) |
There was a problem hiding this comment.
thinking if there could be some re-entrancy attack here. Could an attacker create two smart contracts, one that creates a proposal and another that votes for it, and then continuously call here?
There was a problem hiding this comment.
the gas would run out, but could be a good way to test re-entrancy nonetheless
There was a problem hiding this comment.
Haha, yeah, I guess it would drain the gas of the quorum voter. In practice, I don't think this is a big deal because you would have to hard-code the vote, which would be an immediate red flag (assuming that you would audit the code that you're voting for).
| } | ||
|
|
||
| #[cfg(test)] | ||
| mod tests { |
There was a problem hiding this comment.
unit and integration tests are niceeeee
richardpringle
force-pushed
the
multisig
branch
from
85f4402
to
cb04357
Compare
richardpringle
force-pushed
the
multisig
branch
from
3a0adb4
to
3753065
Compare
richardpringle
force-pushed
the
multisig
branch
from
3753065
to
060c8dc
Compare
richardpringle
force-pushed
the
multisig
branch
from
7630fbe
to
d619f73
Compare
commit fee360f Author: Tsachi Herman <[email protected]> Date: Fri Oct 4 11:23:58 2024 -0400 refactor marshalActions implementation (#1631) commit 2cb5530 Author: aaronbuchwald <[email protected]> Date: Thu Oct 3 18:49:12 2024 -0400 Add block indexing to Indexer API (#1606) commit f1bcc59 Author: aaronbuchwald <[email protected]> Date: Thu Oct 3 18:31:39 2024 -0400 Add JSON marshalling to Result (#1627) commit 2ea784a Author: Richard Pringle <[email protected]> Date: Thu Oct 3 12:54:10 2024 -0400 Implement multisig example (#1581) commit 6bbf236 Author: Richard Pringle <[email protected]> Date: Thu Oct 3 12:43:41 2024 -0400 Update codeowners (#1629) commit 47849d8 Author: aaronbuchwald <[email protected]> Date: Thu Oct 3 08:34:51 2024 -0400 Re-mark pubsub tests as flaky (#1625) commit d847132 Author: aaronbuchwald <[email protected]> Date: Wed Oct 2 14:23:24 2024 -0400 Reduce tests.unit.sh timeout value less than CI job (#1623) commit 404e74f Author: aaronbuchwald <[email protected]> Date: Wed Oct 2 14:07:04 2024 -0400 Add JSON marshalling for fee dimensions (#1622) commit 7e53003 Author: Joshua Kim <[email protected]> Date: Wed Oct 2 12:38:34 2024 -0400 Replace usage of `internal/network` with `p2p` (#1613) Signed-off-by: Joshua Kim <[email protected]> commit 79f363e Author: containerman17 <[email protected]> Date: Wed Oct 2 11:53:59 2024 +0900 Standardize decimals (#1620) commit e191c88 Author: Joshua Kim <[email protected]> Date: Tue Oct 1 20:02:30 2024 -0400 Update to [email protected] (#1614) Signed-off-by: Joshua Kim <[email protected]> commit 59c84d7 Author: aaronbuchwald <[email protected]> Date: Tue Oct 1 17:19:17 2024 -0400 Add ExecutedBlock type (#1601) commit 165a455 Author: Tsachi Herman <[email protected]> Date: Tue Oct 1 09:26:32 2024 -0400 validate buffer length prior to calling Uint64 (#1588) commit c24f0d8 Author: rodrigo <[email protected]> Date: Tue Oct 1 09:25:18 2024 -0400 Fix VM-With-Contracts Unit Tests (#1602) commit 8ab9d83 Author: aaronbuchwald <[email protected]> Date: Mon Sep 30 16:57:29 2024 -0400 Minor nits on pubsub implementation (#1593) commit 592cd7a Author: rodrigo <[email protected]> Date: Mon Sep 30 12:46:35 2024 -0400 Remove `StateKeysMaxChunks()` (#1607) commit 3e358c1 Author: aaronbuchwald <[email protected]> Date: Mon Sep 30 12:46:20 2024 -0400 Update ActionBenchmark to use single ExpectedOutput (#1608) commit e78841e Author: Franfran <[email protected]> Date: Mon Sep 30 16:42:00 2024 +0200 Write FIFO cache unit tests (#1201) * write FIFO cache unit tests * invert expected / actual * add limit parameter and cache fail on 0 size * simplify test table and create new test for empty cache * simpler tests by having a limit of 2 * fix test cases * typos * backout uselesss change * add a "not an LRU" test case * use switch in fifo unit tests commit f1150a1 Author: aaronbuchwald <[email protected]> Date: Fri Sep 27 17:46:28 2024 -0400 Update tx indexer to include tx action outputs (#1597) commit 6a3fd63 Author: Joshua Kim <[email protected]> Date: Thu Sep 26 15:44:56 2024 -0400 Remove usage of mockgen (#1591) Signed-off-by: Joshua Kim <[email protected]> commit 49376bd Author: rodrigo <[email protected]> Date: Thu Sep 26 14:39:59 2024 -0400 Fix benchmarks (#1590) commit 77a73ba Author: Richard Pringle <[email protected]> Date: Tue Sep 24 12:38:27 2024 -0400 Ignore gas on mock-function-call (#1585) commit 1bbab7b Author: containerman17 <[email protected]> Date: Tue Sep 24 23:19:18 2024 +0900 Remove special cases for Bytes, add arrays support (#1587) commit 3410599 Author: aaronbuchwald <[email protected]> Date: Mon Sep 23 12:34:55 2024 -0400 Add spam cmd to morpheus readme (#1577) commit dfefd27 Author: aaronbuchwald <[email protected]> Date: Mon Sep 23 12:34:32 2024 -0400 Improve chain comments (#1579) commit 6c15244 Author: Richard Pringle <[email protected]> Date: Fri Sep 20 16:10:21 2024 -0400 Series of changes that improve development (#1583) commit e0a3324 Author: Richard Pringle <[email protected]> Date: Fri Sep 20 13:12:58 2024 -0400 Use repr(packed) with state-keys (#1580) commit 75c6cfd Author: aaronbuchwald <[email protected]> Date: Thu Sep 19 07:58:39 2024 -0400 Separate proposer monitor from vm into internal package (#1574) Signed-off-by: Joshua Kim <[email protected]>
I still need to fix the gas stuff for the mock