FIP-0109: Open up DDO notifications to user contracts #1689
Conversation
|
https://hackmd.io/jpWwEcjRQrGnjyMvRmDNiw, we could just post that and get the ball rolling if you think it's worth it. My concern was mainly that without a |
|
Given how easy this one is I'm all for it even if we unfortunately can't get sector status in. At this point the risks are not significant enough to hold us up (unless you know something I don't) |
|
Posted FIP for this @ filecoin-project/FIPs#1180 |
BigLep
changed the title
|
@ZenGround0 @rvagg : who is owning getting this ready for review? (apologies if this was communicated and I missed it) |
ZenGround0
force-pushed
the
feat/real-ddo
branch
from
18ea456 to
a2909fe
Compare
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #1689 +/- ##
==========================================
+ Coverage 91.20% 91.23% +0.02%
==========================================
Files 151 151
Lines 32014 32006 -8
==========================================
+ Hits 29199 29200 +1
+ Misses 2815 2806 -9
🚀 New features to boost your workflow:
|
ZenGround0
force-pushed
the
feat/real-ddo
branch
from
a2909fe to
b38aefe
Compare
| return getCBORData(ret_acc); | ||
| } | ||
|
|
||
| /* *** CBOR parsing *** */ |
There was a problem hiding this comment.
Given a bit more time I would have externalized these somewhere for reuse, but I'll leave that for the future.
There was a problem hiding this comment.
https://github.com/filecoin-project/filecoin-solidity is where these can live; I mentioned in the FIP that we should put some of this stuff in there eventually.
There was a problem hiding this comment.
https://github.com/filecoin-project/filecoin-solidity/blob/master/contracts/v0.8/cbor/MinerCbor.sol could probably get a SectorContentChanged helper
There was a problem hiding this comment.
https://github.com/filecoin-project/filecoin-solidity is where these can live
Yeah I took a lot of these from there. By externalize I only meant within builtin actor testing context. I'm not thinking we want to set up a proper build environment and checking in full libraries as a dependency in builtin actors. But maybe there is a happy medium where we have a set of small self contained library contracts checked in here that we use in a library fashion in testing contracts.
There was a problem hiding this comment.
proper build environment
agreed, upstreaming stuff from here would be the goal though, we can play it verbose here
| * | ||
| * All notifications are accepted so CBOR true returned for every piece of every notified sector | ||
| */ | ||
| function processSectorContentChanged(bytes memory params) internal returns (bytes memory) { |
There was a problem hiding this comment.
A nice thing about this test is that this is a little reference implementation for how to handle DDO notifications
There was a problem hiding this comment.
we should pull some of this back into the FIP where there's already some example code
|
@ZenGround0 could we try out the "isMinerActor" approach suggested in the FIP @ https://github.com/filecoin-project/FIPs/blob/master/FIPS/fip-0109.md#example-solidity-contract-interface ? It would be great to see if we can verify that actually working in here and if we're going to point people here for the example then it would be good for it to be complete in that way and not steer them wrong to deploy insecure contracts. |
|
Exciting! I can think of lots of permutations of this that would be good to test - multiple sectors, mixed sectors with f05 and other multiple contracts, failures, etc. but the list is pretty long when you stretch it out. I think you said you'd be doing some more unit tests that might cover more of these scenarios so maybe that OK? |
Update status of FIP-0109 Incorporate relevant notes / comments from working through the implementation in filecoin-project/builtin-actors#1689
|
FYI I started filecoin-project/FIPs#1188 as a place to add any FIP updates from doing this work. |
|
Note that validating this work in Lotus will be tracked in filecoin-project/lotus#13286 |
ZenGround0
force-pushed
the
feat/real-ddo
branch
from
e42a276 to
02d418d
Compare
Co-authored-by: Rod Vagg <[email protected]>
| .abi_encode(); | ||
|
|
||
| // Attempt to invoke the contract method from a regular account (not a miner) | ||
| let call_result = v.execute_message( |
There was a problem hiding this comment.
Please note that I compiled the NotificationReciever contract with isMinerActor check disabled and when instantiating evm actor with that hex this test fails. This makes me confident that the failure is actually in the isMinerActor check not somewhere else along the way.
|
|
||
| } | ||
|
|
||
| function isIDAddress(address _a) internal pure returns (bool isID, uint64 id) { |
There was a problem hiding this comment.
this is a clever function, we have no other indicator of id addresses at this point do we, like an initial byte or something? we're banking on nobody being able to stumble across a wallet that resolves to an address that happens to be all leading zeros and whose last bytes collide with an existing miner actor eh? or am I missing some other property of what we have at this point?
There was a problem hiding this comment.
This is a really good point. What the evm actor is doing when it sets msg.sender is:
- tries to resolve an addr to f4 and then use the delegated 20 byte payload to get to eth style
- if that fails then encode the id in the eth payload
The the evm actor's code has no way to differentiate. At least that I can see after staring at fvm precompiles.
Right now we are totally reliant on the fact that getting so many 0s in an eth key is actually computationally infeasible. In the worst case where miner ids are actually 64 bits that's only 96 bits of security. Since collisions are not the problem direct search is this is "fine" for a security model that doesn't include state actors or quantum computers. In practice its better than 128 bits of security because we would need to have ~trillions of actors added to the network to get miner ids this high which is going to run into bottlenecks elsewhere.
But I don't like needing to think all this through. What we need is a simple actor type precompile that uses the fvm runtime's function. Such a precompile would be trivial to add.
| uint64 constant SECTOR_CONTENT_CHANGED = 2034386435; | ||
|
|
||
| /** | ||
| * @dev Get the count of notifications for a specific sector |
There was a problem hiding this comment.
sol! is picking up the javadoc style /** comments and @dev is being thrown into the mix when the macro is expanded; if you just replace all these comments with // then the tests pass I think
There was a problem hiding this comment.
tests in CI that is, see failure there
There was a problem hiding this comment.
Thanks, failure to check AI on my part
github-project-automation
bot
moved this from ⌨️ In Progress
to ✔️ Approved by reviewer
in FilOz
Co-authored-by: Rod Vagg <[email protected]>
Co-authored-by: Rod Vagg <[email protected]>
github-project-automation
bot
moved this from ⌨️ In Progress
to 🎉 Done
in nv27 Track Board
github-project-automation
bot
moved this from ✔️ Approved by reviewer
to 🎉 Done
in FilOz
Draft until we get a FIP draft up