Add support for soroban authorization framework (#1748)

This PR aims to support Soroban authorization framework: 
-
https://github.com/stellar/stellar-protocol/blob/master/core/cap-0046-11.md
-
https://developers.stellar.org/docs/build/smart-contracts/example-contracts/auth

Here are some keynotes to consider:

1- Unlike Solidity, Soroban performs its auth checks using the host. For
instance, Soroban doesn't have the construct of `if msg.sender == addr`,
however this check is done via a host function `addr.require_auth`.

2- Another function was added `authAsCurrContract`. This is needed for
deeper calls. To understand this, take a look at
https://github.com/stellar/soroban-examples/tree/main/deep_contract_auth.
What I have done here actually is test the auth framework using the
above provided example of nested calls.

---------

Signed-off-by: salaheldinsoliman <salaheldin_sameh@aucegypt.edu>

Author: salaheldinsoliman

Cargo.toml

@@ -71,7 +71,7 @@ forge-fmt = { path = "fmt", optional = true }
 # We don't use ethers-core directly, but need the correct version for the
 # build to work.
 ethers-core = { version = "2.0.10", optional = true }
-soroban-sdk = { version = "22.0.0-rc.3.2", features = ["testutils"], optional = true }
+soroban-sdk = { version = "22.0.7", features = ["testutils"], optional = true }
 
 [dev-dependencies]
 num-derive = "0.4"

integration/soroban/a.sol

@@ -0,0 +1,12 @@
+contract a {
+    function call_b (address b, address c) public returns (uint64) {
+        address addr = address(this);
+        // authorize contract c to be called, with function name "get_num" and "a" as an arg.
+        // get_num calls a.require_auth()
+        auth.authAsCurrContract(c, "get_num", addr);
+        bytes payload = abi.encode("increment", addr, c);
+        (bool suc, bytes returndata) = b.call(payload);
+        uint64 result = abi.decode(returndata, (uint64));
+        return result;
+    }
+}

integration/soroban/a_invalid.sol

@@ -0,0 +1,13 @@
+/// Same as a.sol, but without a call to auth.authAsCurrContract
+contract a_invalid {
+    function call_b (address b, address c) public returns (uint64) {
+        address addr = address(this);
+        // authorize contract c to be called, with function name "get_num" and "a" as an arg.
+        // get_num calls a.require_auth()
+        //auth.authAsCurrContract(c, "get_num", addr);
+        bytes payload = abi.encode("increment", addr, c);
+        (bool suc, bytes returndata) = b.call(payload);
+        uint64 result = abi.decode(returndata, (uint64));
+        return result;
+    }
+}

integration/soroban/auth_framework.spec.js

@@ -0,0 +1,61 @@
+import * as StellarSdk from '@stellar/stellar-sdk';
+import { readFileSync } from 'fs';
+import { expect } from 'chai';
+import path from 'path';
+import { fileURLToPath } from 'url';
+import { call_contract_function, extractLogEvent } from './test_helpers.js';
+import { assert } from 'console';
+
+const __filename = fileURLToPath(import.meta.url);
+const dirname = path.dirname(__filename);
+const server = new StellarSdk.SorobanRpc.Server("https://soroban-testnet.stellar.org:443");
+
+function readContractAddress(filename) {
+  return readFileSync(path.join(dirname, '.soroban', 'contract-ids', filename), 'utf8').trim();
+}
+
+describe('Auth Framework', () => {
+  let keypair, a, b, c, a_invalid;
+
+  before(async () => {
+    console.log('Setting up cross contract tests...');
+
+    keypair = StellarSdk.Keypair.fromSecret(readFileSync('alice.txt', 'utf8').trim());
+    a = new StellarSdk.Contract(readContractAddress('a.txt'));
+    b = new StellarSdk.Contract(readContractAddress('b.txt'));
+    c = new StellarSdk.Contract(readContractAddress('c.txt'));
+    a_invalid = new StellarSdk.Contract(readContractAddress('a_invalid.txt'));
+  });
+
+  it('calls a', async () => {
+
+    
+    let values = [
+        b.address().toScVal(),
+        c.address().toScVal()
+    ];
+
+
+    let res = await call_contract_function("call_b", server, keypair, a, ...values);
+
+
+    expect(res.returnValue().value().toString()).to.equal("22");
+    
+  });
+
+  it ('call falis with invalid `a` contract', async () => {
+    
+    
+    let values = [
+        b.address().toScVal(),
+        c.address().toScVal()
+    ];
+
+    let res = await call_contract_function("call_b", server, keypair, a_invalid, ...values);
+
+    assert(res.toString().includes("recording authorization only] encountered authorization not tied to the root contract invocation for an address. Use `require_auth()` in the top invocation or enable non-root authorization."));
+
+  });
+
+
+});

integration/soroban/b.sol

@@ -0,0 +1,17 @@
+contract b {
+ 
+    uint64 public instance counter = 20;
+
+    function increment(address a, address c) public returns (uint64) {
+
+        a.requireAuth();
+        bytes payload = abi.encode("get_num", a);
+        (bool suc, bytes returndata) = c.call(payload);
+        uint64 result = abi.decode(returndata, (uint64));
+
+        counter = counter + result;
+
+        return counter;
+       
+    }
+} 

integration/soroban/c.sol

@@ -0,0 +1,6 @@
+contract c {
+    function get_num(address a) public returns (uint64) {
+        a.requireAuth();
+        return 2;
+    }
+}

src/codegen/encoding/mod.rs

@@ -11,7 +11,7 @@
 mod borsh_encoding;
 mod buffer_validator;
 pub(super) mod scale_encoding;
-mod soroban_encoding;
+pub mod soroban_encoding;
 
 use crate::codegen::cfg::{ControlFlowGraph, Instr};
 use crate::codegen::encoding::borsh_encoding::BorshEncoding;
@@ -41,7 +41,8 @@ pub(super) fn abi_encode(
     packed: bool,
 ) -> (Expression, Expression) {
     if ns.target == Target::Soroban {
-        return soroban_encode(loc, args, ns, vartab, cfg, packed);
+        let ret = soroban_encode(loc, args, ns, vartab, cfg, packed);
+        return (ret.0, ret.1);
     }
     let mut encoder = create_encoder(ns, packed);
     let size = calculate_size_args(&mut encoder, &args, ns, vartab, cfg);
@@ -1431,7 +1432,7 @@ pub(crate) trait AbiEncoding {
                 self.get_expr_size(arg_no, &loaded, ns, vartab, cfg)
             }
             Type::StorageRef(_, r) => {
-                let var = load_storage(&Codegen, r, expr.clone(), cfg, vartab, None);
+                let var = load_storage(&Codegen, r, expr.clone(), cfg, vartab, None, ns);
                 let size = self.get_expr_size(arg_no, &var, ns, vartab, cfg);
                 self.storage_cache_insert(arg_no, var.clone());
                 size