Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Proof integration merged #1576

Open
wants to merge 58 commits into
base: master
Choose a base branch
from
Open
Changes from 4 commits
Commits
Show all changes
58 commits
Select commit Hold shift + click to select a range
120921c
Implement accessing store directly through the iavl in cGet
toml01 Apr 17, 2023
2473772
Add block_height to wasm3 context
toml01 Apr 18, 2023
c7492c0
Add block_height to read_db ocall
toml01 Apr 18, 2023
445a78f
Update the read_db api on go-cosmwasm
toml01 Apr 18, 2023
330ba59
Try to fix the cgo interface
toml01 Apr 18, 2023
49815a7
Fix the ocall interface
toml01 Apr 18, 2023
c5b2953
Fixed passing the height to the query
Cashmaney Apr 24, 2023
e457e4b
Fix querying directly from iavl for prefix store
toml01 May 18, 2023
d1c5cb1
Return proof all the way to the enclave
toml01 May 18, 2023
e2c41da
Better errors in go-cosmwasm
toml01 May 18, 2023
4e43271
Clippy it's not you it's me
toml01 May 18, 2023
223abfc
demo of getting module hashes
toml01 Jun 13, 2023
534c94a
Return the full prefixed key with the ocall as well + fix a bug in oc…
toml01 Jun 18, 2023
fcaa722
demo of getting module hashes
toml01 Jun 13, 2023
8cada85
Implement storesRootsFromMultiStore()
toml01 Jun 14, 2023
bda2c52
Fix storesRootsFromMultiStore (hash value of store hash)
toml01 Jun 14, 2023
5d28c26
Some plumbing
toml01 Jun 15, 2023
3276cd4
Construct app hash
toml01 Jun 15, 2023
2442ad9
send the compute root as well
toml01 Jun 18, 2023
bf4de89
READ_PROOFER static struct
toml01 Jun 18, 2023
bd46e69
Verify input to ecall_submit_store_roots and populate READ_PROOFER
toml01 Jun 18, 2023
4833c86
Add verification in ecall_submit_block_signatures()
toml01 Jun 18, 2023
f181e08
clippy
toml01 Jun 18, 2023
2a0f39d
don't verify apphash for the first block
toml01 Jun 19, 2023
f42fd72
Verifying merkle proofs for every read. Still buggy for queries
toml01 Jun 20, 2023
399689c
Return the full prefixed key with the ocall as well + fix a bug in oc…
toml01 Jun 18, 2023
c0102a2
Implement storesRootsFromMultiStore()
toml01 Jun 14, 2023
8536106
Fix storesRootsFromMultiStore (hash value of store hash)
toml01 Jun 14, 2023
da858d3
Some plumbing
toml01 Jun 15, 2023
f6a3468
Construct app hash
toml01 Jun 15, 2023
b69816c
send the compute root as well
toml01 Jun 18, 2023
fd689b2
refactor merkle proofs to be on it's own crate + add a feature flag
toml01 Jun 28, 2023
add04bb
app.go cleanup
toml01 Jul 2, 2023
81596e8
Fixed read db tests without feature
Cashmaney Jul 25, 2023
77480d0
Add merging of multiple kv-caches for the same contract
Cashmaney Jul 26, 2023
da2c772
Add merging of multiple kv-caches for the same contract
Cashmaney Jul 26, 2023
45f9911
fixed clippy warnings
Cashmaney Jul 26, 2023
b0849cd
Fixed tests (remove from cache missing in remove_db because the branc…
Cashmaney Jul 26, 2023
2e0ef3c
Merge remote-tracking branch 'origin/master' into HEAD
Cashmaney Jul 26, 2023
855b0b6
Merged proofs branch with master (does it work?)
Cashmaney Jul 26, 2023
406a303
Merged proofs branch with master (does it work?)
Cashmaney Jul 26, 2023
fa4c10a
Merge remote-tracking branch 'origin/merge-proofs-master' into HEAD
Cashmaney Jul 30, 2023
5696bcb
Merge master with the cache changes
Cashmaney Jul 30, 2023
a18dd5f
Update go-lint.yml
Cashmaney Jul 31, 2023
b1d8448
Update .golangci.yml
Cashmaney Jul 31, 2023
3349a07
Update .golangci.yml
Cashmaney Jul 31, 2023
7b2b85d
fumpt
Cashmaney Jul 31, 2023
2060e15
Update Dockerfile
Cashmaney Aug 1, 2023
556b9a1
Merge pull request #1495 from scrtlabs/cache-with-master
Cashmaney Aug 2, 2023
71d4e2e
Merge branch 'master' into store-merkle-proofs
toml01 Oct 30, 2023
2927ae8
Merge branch 'store-merkle-proofs' into compute-root-validation
toml01 Oct 30, 2023
ee397ab
Merge remote-tracking branch 'origin/store-merkle-proofs' into comput…
toml01 Oct 30, 2023
7bc88bf
Add dependencies for merkle proofs
toml01 Oct 30, 2023
df929f2
compilation and clippy
toml01 Oct 30, 2023
c3fa20c
Merge remote-tracking branch 'origin/compute-root-validation' into pr…
Cashmaney Oct 31, 2023
cf60e62
Fix all the stuff I broke :(
Cashmaney Oct 31, 2023
6168193
Fix all the stuff I broke :(
Cashmaney Nov 1, 2023
72b87f7
Fix all the stuff I broke :(
Cashmaney Nov 1, 2023
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions .github/workflows/ci.yaml
Original file line number Diff line number Diff line change
@@ -276,7 +276,7 @@ jobs:
build-args: |
SECRET_NODE_TYPE=BOOTSTRAP
CHAIN_ID=secretdev-1
FEATURES=debug-print
FEATURES=debug-print,random
SGX_MODE=SW
target: build-localsecret
cache-from: type=gha
@@ -336,8 +336,8 @@ jobs:
run: |
cd integration-tests
yarn
docker compose -f ../deployment/dockerfiles/ibc/docker-compose.yml up -d
yarn test
docker compose -f ../deployment/dockerfiles/ibc/docker-compose.yml up -d > docker-compose.log 2>&1
yarn test || { cat docker-compose.log; exit 1; }
make kill-localsecret # next step needs the localsecret ports
- name: Run secret.js tests
run: |
@@ -346,6 +346,6 @@ jobs:
# Use the docker images that we built just a few steps above
perl -i -pe 's/localsecret:.+?"/localsecret:v0.0.0"/' ./test/docker-compose.yml
yarn
docker compose -f ./test/docker-compose.yml up -d
yarn test-ci
docker compose -f ./test/docker-compose.yml up -d > docker-compose.log 2>&1
yarn test-ci || { cat docker-compose.log; exit 1; }
make kill-localsecret
7 changes: 3 additions & 4 deletions .github/workflows/go-lint.yml
Original file line number Diff line number Diff line change
@@ -2,10 +2,9 @@ name: golangci-lint
on:
push:
tags:
- v*
- "*"
branches:
- master
- main
- "*"
pull_request:
permissions:
contents: read
@@ -24,4 +23,4 @@ jobs:
uses: golangci/golangci-lint-action@v3
with:
# Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version
version: v1.51.2
version: v1.53.2
10 changes: 7 additions & 3 deletions .github/workflows/release.yaml
Original file line number Diff line number Diff line change
@@ -58,6 +58,7 @@ jobs:
CGO_LDFLAGS=${{ env.DOCKER_CGO_LDFLAGS }}
BUILD_VERSION=${{ steps.get_version.outputs.VERSION }}
SGX_MODE=HW
FEATURES="verify-validator-whitelist,light-client-validation,random"
target: build-deb
- name: Run .deb Package Image
run: |
@@ -105,7 +106,7 @@ jobs:
API_KEY=${{ secrets.API_KEY_MAINNET }}
SPID=${{ secrets.SPID_MAINNET }}
build-args: |
FEATURES=production
FEATURES=verify-validator-whitelist,light-client-validation,random,production
FEATURES_U=production
SECRET_NODE_TYPE=NODE
DB_BACKEND=${{ matrix.db_backend }}
@@ -128,7 +129,7 @@ jobs:
API_KEY=${{ secrets.API_KEY_MAINNET }}
SPID=${{ secrets.SPID_MAINNET }}
build-args: |
FEATURES=production
FEATURES=verify-validator-whitelist,light-client-validation,random,production
FEATURES_U=production
SECRET_NODE_TYPE=NODE
DB_BACKEND=${{ matrix.db_backend }}
@@ -265,11 +266,14 @@ jobs:
- uses: actions/checkout@v3
- uses: ./.github/actions/check-objdump
name: Check Mitigation flags in Cosmwasm Enclave
with:
version: "v1.9.0"
- uses: ./.github/actions/check-objdump
name: Check Mitigation flags in TM Enclave
with:
filename: "tendermint_enclave.signed.so"
min-fence: "10"
min-fence: "1000"
version: "v1.9.0"

Release:
needs:
1 change: 0 additions & 1 deletion .golangci.yml
Original file line number Diff line number Diff line change
@@ -6,7 +6,6 @@ run:
linters:
disable-all: true
enable:
- depguard
- dogsled
- exportloopref
- errcheck
5 changes: 3 additions & 2 deletions .vscode/settings.json
Original file line number Diff line number Diff line change
@@ -13,7 +13,8 @@
"integration-tests/contract-v1/Cargo.toml",
"integration-tests/contract-v0.10/Cargo.toml",
"go-cosmwasm/Cargo.toml",
"integration-tests/contract-v0.10/Cargo.toml",
"cosmwasm/enclaves/shared/cosmos-proto/Cargo.toml",
"cosmwasm/enclaves/shared/contract-engine/Cargo.toml",
"check-hw/Cargo.toml",
"./cosmwasm/enclaves/shared/block-verifier/Cargo.toml"
],
@@ -23,11 +24,11 @@
"unresolved-macro-call",
"unresolved-proc-macro"
],
"rust-analyzer.cargo.features": "all",
"[rust]": {
"editor.formatOnSave": true,
"editor.defaultFormatter": "rust-lang.rust-analyzer"
},

"go.testEnvVars": {
"SGX_MODE": "SW",
"RUST_BACKTRACE": "1"
58 changes: 57 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,13 +1,69 @@
# CHANGELOG

# Unreleased
# 1.10.0 (Unreleased - WIP)

- Added ibc-hooks middleware by Osmosis.
- WASM Hooks: allows ICS-20 token transfers to initiate contract calls, serving various use cases.
- Example: Sending tokens to Secret and immediately wrapping them as SNIP-20 token. For example, `ATOM on Hub -> ATOM on Secret -> sATOMS on Secret` (2 transactions on 2 chains) now becomes `ATOM on Hub -> sATOM on Secret` (1 transaction).
- Example: Cross-chain swaps. Using IBC Hooks, an AMM on Secret can atomically swap tokens that originated on a different chain and are headed to Secret. The AMM can also send those tokens back to the originating chain.
- [Axelar GMP](https://docs.axelar.dev/dev/general-message-passing/overview): Using IBC Hooks, a contract on Ethereum can call a contract on Secret and get a response back.
- Ack callbacks: allow non-IBC contracts that send an `IbcMsg::Transfer` to listen for the ack/timeout of the token transfer. This allows these contracts to definitively know whether the transfer was successful or not and act accordingly (refund if failed, continue if succeeded). See usage example [here](https://github.com/scrtlabs/secret.js/blob/4293219/test/ibc-hooks-contract/src/contract.rs#L47-L91).
- Added and optional `memo` field to `IbcMsg::Transfer`, to ease to use of the IBC Hooks ack callbacks feature. See usage example [here](https://github.com/scrtlabs/secret.js/blob/4293219/test/ibc-hooks-contract/src/contract.rs#L60-L63).

# 1.9.3

- Bump ibc-go from v4.3.0 to v4.3.1 ([Huckleberry](https://forum.cosmos.network/t/ibc-security-advisory-huckleberry/10731/1) security patch)

# 1.9.2

- Fix the v1.9.0 upgrade

# 1.9.1

- An atempt to fix the v1.9.0 upgrade

# 1.9.0

- New Feature: Randomness injection for secret contracts.
- Eliminates the need for contracts to bootstrap their own entropy pool.
- Unique for every contract call.
- Useful in lotteries, gaming, secure authentication protocols, protocols where unpredictable outcomes are essential for fairness and security, and much more.
For more infomation on how to use this feature, see the documentation
- New Feature: FinalizeTx.
- Contracts can force the transaction to finalize at a certain point, otherwise revert.
- Example: protect against sandwich attacks and potential transaction rollbacks.
- Example: protect against cheating in gaming applications, where a malicious player could try to rollback a transaction in which they lost.
- IBC: Updated ibc-go from v3.4.0 to v4.3.0.
- New IBC Feature: Added packet-forward-middleware by Strangelove.
- Other chains would be able to more easily route SCRT in the interchain. For example, sending SCRT from Osmosis to Hub now becomes a single transaction from `Osmosis -> Secret` rather than a transaction from `Osmosis -> Secret`, then a transaction from `Secret -> Hub`.
- New IBC Feature: Added IBC fee middleware.
- Creates a fee market for relaying IBC packets.
- New IBC Feature: Added IBC panic button.
- Quickly shut down IBC in case of an emergency.
- New Feature: Evaporate & Check Gas APIs
The new Check Gas and Evaporate APIs allow contract developers to create contracts that consume a constant amount of gas, independently of their code path. This helps harden contracts against information leakage from the amount of gas consumed by a contract.
- Bug Fix: Fixed an issue where nodes would sometimes stop if failing to enter SGX enclave
- Bug Fix: Fixed a bug where stopping and restarting a node would often cause the node to apphash
- Bug Fix: Fixed an issue where storing and deleting a key from storage in the same msg would cause it not to be deleted

# 1.8.0

Fixed a critical bug in 1.7.0 that prevented new nodes from joining the network and existing nodes from restarting their secretd process.

# 1.7.0

- Added the ability to rotate consensus seed during a network upgrade
- this will be executed during this upgrade
- Added expedited gov proposals
- Initial params (can be amended with a param change proposal):
- Minimum deposit: 750 SCRT
- Voting time: 24 hours
- Voting treshhold: 2/3 yes to pass
- If an expedited proposal fails to meet the threshold within the scope of shorter voting duration, the expedited proposal is then converted to a regular proposal and restarts voting under regular voting conditions.
- Added auto-restaking - an opt-in feature that enables automatic compounding of staking rewards
- Added light-client validation for blocks
- Protects against leaking private data using an offline fork attack
- Enables trusted block heights and block time to be relied on by contracts

# 1.6.0

18 changes: 10 additions & 8 deletions Makefile
Original file line number Diff line number Diff line change
@@ -229,7 +229,7 @@ clean:
-rm -rf /tmp/SecretNetwork
-rm -f ./secretcli*
-rm -f ./secretd*
-find -name '*.so' -delete
-find -name '*.so' -not -path './third_party/*' -delete
-rm -f ./enigma-blockchain*.deb
-rm -f ./SHA256SUMS*
-rm -rf ./third_party/vendor/
@@ -244,7 +244,7 @@ clean:

localsecret:
DOCKER_BUILDKIT=1 docker build \
--build-arg FEATURES="${FEATURES},light-client-validation,debug-print" \
--build-arg FEATURES="${FEATURES},debug-print,random" \
--build-arg FEATURES_U=${FEATURES_U} \
--secret id=API_KEY,src=.env.local \
--secret id=SPID,src=.env.local \
@@ -281,7 +281,7 @@ build-testnet:
--secret id=SPID,src=spid.txt \
--build-arg BUILD_VERSION=${VERSION} \
--build-arg SGX_MODE=HW \
--build-arg FEATURES="verify-validator-whitelist,light-client-validation,${FEATURES}" \
--build-arg FEATURES="verify-validator-whitelist,light-client-validation,random,${FEATURES}" \
$(DOCKER_BUILD_ARGS) \
--build-arg DB_BACKEND=${DB_BACKEND} \
--build-arg SECRET_NODE_TYPE=NODE \
@@ -294,7 +294,7 @@ build-testnet:
--secret id=SPID,src=spid.txt \
--build-arg BUILD_VERSION=${VERSION} \
--build-arg SGX_MODE=HW \
--build-arg FEATURES="verify-validator-whitelist,light-client-validation,${FEATURES}" \
--build-arg FEATURES="verify-validator-whitelist,light-client-validation,random,${FEATURES}" \
$(DOCKER_BUILD_ARGS) \
--build-arg CGO_LDFLAGS=${DOCKER_CGO_LDFLAGS} \
--build-arg DB_BACKEND=${DB_BACKEND} \
@@ -333,7 +333,7 @@ build-mainnet-upgrade:
docker run -e VERSION=${VERSION} -v $(CUR_DIR)/build:/build deb_build
build-mainnet:
@mkdir build 2>&3 || true
DOCKER_BUILDKIT=1 docker build --build-arg FEATURES="verify-validator-whitelist,light-client-validation,production, ${FEATURES}" \
DOCKER_BUILDKIT=1 docker build --build-arg FEATURES="verify-validator-whitelist,light-client-validation,production,random, ${FEATURES}" \
--build-arg FEATURES_U=${FEATURES_U} \
--build-arg BUILDKIT_INLINE_CACHE=1 \
--secret id=API_KEY,src=api_key.txt \
@@ -347,7 +347,7 @@ build-mainnet:
-f deployment/dockerfiles/Dockerfile \
-t ghcr.io/scrtlabs/secret-network-node:v$(VERSION) \
--target release-image .
DOCKER_BUILDKIT=1 docker build --build-arg FEATURES="verify-validator-whitelist,light-client-validation,production, ${FEATURES}" \
DOCKER_BUILDKIT=1 docker build --build-arg FEATURES="verify-validator-whitelist,light-client-validation,production,random, ${FEATURES}" \
--build-arg FEATURES_U=${FEATURES_U} \
--build-arg BUILDKIT_INLINE_CACHE=1 \
--secret id=API_KEY,src=api_key.txt \
@@ -431,14 +431,16 @@ prep-go-tests: build-test-contract bin-data-sw
# empty BUILD_PROFILE means debug mode which compiles faster
SGX_MODE=SW $(MAKE) build-linux
cp ./$(EXECUTE_ENCLAVE_PATH)/librust_cosmwasm_enclave.signed.so ./x/compute/internal/keeper
cp ./$(EXECUTE_ENCLAVE_PATH)/librust_cosmwasm_enclave.signed.so .

go-tests: build-test-contract bin-data-sw
SGX_MODE=SW $(MAKE) build-linux-with-query
SGX_MODE=SW $(MAKE) build-linux
cp ./$(EXECUTE_ENCLAVE_PATH)/librust_cosmwasm_enclave.signed.so ./x/compute/internal/keeper
cp ./$(EXECUTE_ENCLAVE_PATH)/librust_cosmwasm_enclave.signed.so .
#cp ./$(QUERY_ENCLAVE_PATH)/librust_cosmwasm_query_enclave.signed.so ./x/compute/internal/keeper
rm -rf ./x/compute/internal/keeper/.sgx_secrets
mkdir -p ./x/compute/internal/keeper/.sgx_secrets
GOMAXPROCS=8 SGX_MODE=SW SCRT_SGX_STORAGE='./' go test -failfast -timeout 90m -v ./x/compute/internal/... $(GO_TEST_ARGS)
GOMAXPROCS=8 SGX_MODE=SW SCRT_SGX_STORAGE='./' go test -count 1 -failfast -timeout 90m -v ./x/compute/internal/... $(GO_TEST_ARGS)

go-tests-hw: build-test-contract bin-data
# empty BUILD_PROFILE means debug mode which compiles faster
2 changes: 1 addition & 1 deletion app/ante.go
Original file line number Diff line number Diff line change
@@ -4,7 +4,7 @@ import (
sdk "github.com/cosmos/cosmos-sdk/types"
sdkerrors "github.com/cosmos/cosmos-sdk/types/errors"
"github.com/cosmos/cosmos-sdk/x/auth/ante"
"github.com/cosmos/ibc-go/v3/modules/core/keeper"
"github.com/cosmos/ibc-go/v4/modules/core/keeper"

"github.com/scrtlabs/SecretNetwork/x/compute"
)
Loading