From 9e1afcafb580b77379bebb60bb823f05c9ef8a16 Mon Sep 17 00:00:00 2001 From: Branislav Kontur Date: Thu, 4 May 2023 08:36:58 +0200 Subject: [PATCH] Initial version of bridging pallets as git subtree (#2458) * Initial version of bridges pallet as subtree of https://github.com/paritytech/parity-bridges-common Added `Bridges subtree files` pr review rule * Squashed 'bridges/' content from commit d30927c08 git-subtree-dir: bridges git-subtree-split: d30927c089bd9e73092d1ec1a62895603cb277a3 * Updated REAMDE.md and BRIDGES.md (inspired by original https://github.com/paritytech/polkadot/blob/d22eb62fe40e55e15eb91d375f48cc540d83a47e/BRIDGES.md) * Squashed 'bridges/' changes from d30927c08..d3970944b d3970944b Small simplifications (#2050) git-subtree-dir: bridges git-subtree-split: d3970944b0cfc4ea5226225e1ca07dab234c3556 * Squashed 'bridges/' changes from d3970944b..2180797fb 2180797fb Removed CODEOWNERS (#2051) git-subtree-dir: bridges git-subtree-split: 2180797fbf8a990490c67853dcffd81bc8dd083c * Squashed 'bridges/' changes from 2180797fbf..4850aac8ce 4850aac8ce Removed relayer_account: &AccountId from MessageDispatch (#2080) 8c8adafd54 Revert "Fix max-size messages at test chains (#2064)" (#2077) c01a63efd8 Fixed off-by-one when confirming rewards in messages pallet (#2075) a298be96aa Update subxt dependencies (#2072) c0eef51eab Fix max-size messages at test chains (#2064) 3a658e3697 Messages relay fixes (#2073) 0022b5ab22 Slash relayers for invalid transactions (#2025) 198104007f Bump enumflags2 from 0.7.5 to 0.7.7 9229b257e5 [ci] Fix rules for docker build (#2069) 660d791390 [ci] Update buildah command and version (#2058) e4535c0ca4 fix the way latest_confirmed_nonce_at_source is "calculated" (#2067) dbc2d37590 select nothing if we have already selected nonces to submit or have submitted something (#2065) a7eedd21fe [relay-substrate-client] Bump jsonrpsee (#2066) 8875d5aeae Bump clap from 4.2.2 to 4.2.4 25f9cf55e2 Another use of RangeInclusiveExt::checked_len() (#2060) 4942c12a5f submit lane unblock transactions from relay (#2030) c0325d3c9c Test deployments fixes (#2057) fc7b9b7ed7 Use the new matrix server (#2056) 63bcb5c10b Fixed delivery alert rule (#2052) git-subtree-dir: bridges git-subtree-split: 4850aac8ce6c34e5ca6246b88cd14c873a879cba * Squashed 'bridges/' changes from 4850aac8ce..66aaf0dd23 66aaf0dd23 Nits (#2083) git-subtree-dir: bridges git-subtree-split: 66aaf0dd239dde40b64264061a77c921e2c82568 * Squashed 'bridges/' changes from 66aaf0dd23..557ecbcecc 557ecbcecc Fix sized messages (Follow-up on #2064) (#2103) 54f587a066 Add weight of refund extension post_dispatch to the weights of messages pallet (#2089) 5b1626f8c4 fix pallet param for nightly benchmarks check (#2099) ae44c6b7a1 Add millau specific messages weights (#2097) 6ad0bd1f1e Add integrity tests to rialto parachain runtiime (#2096) 6919556de5 Bump tokio from 1.27.0 to 1.28.0 58795fcb75 Bump clap from 4.2.4 to 4.2.5 01bf31085b Bump scale-info from 2.5.0 to 2.6.0 8fe383240d Bump anyhow from 1.0.70 to 1.0.71 8d94e82ad5 deployments: add new BEEFY metrics and alarms (#2090) e9a4749e7e Bump wasmtime from 6.0.1 to 6.0.2 9d9936c0d9 Bump wasmtime from 6.0.1 to 6.0.2 in /tools/runtime-codegen 5d77cd7bee Add more logs to relayer and message pallets (#2082) 75fbb9d3ef Update comment (#2081) 9904d09cf6 Benchmarks for new relayers pallet calls (#2040) git-subtree-dir: bridges git-subtree-split: 557ecbcecc585547b744a5ac9fb8d7f3b9de4521 * fmt * Squashed 'bridges/' changes from 557ecbcecc..04b3dda6aa 04b3dda6aa Remove from subtree (#2111) f8ff15e7e7 Add `MessagesPalletInstance` for integrity tests (#2107) 92ccef58e6 Use generated runtimes for BHR/BHW (#2106) b33e0a585b Fix comment (#2105) git-subtree-dir: bridges git-subtree-split: 04b3dda6aa38599e612ff637710b6d2cff275ef3 * ".git/.scripts/commands/fmt/fmt.sh" --------- Co-authored-by: parity-processbot <> --- .github/pr-custom-review.yml | 10 +- BRIDGES.md | 88 + Cargo.lock | 333 ++- Cargo.toml | 5 + bridges/.gitignore | 26 + bridges/CODE_OF_CONDUCT.md | 80 + bridges/LICENSE | 675 ++++++ bridges/README.md | 259 ++ bridges/SECURITY.md | 14 + bridges/bin/runtime-common/Cargo.toml | 92 + bridges/bin/runtime-common/src/integrity.rs | 361 +++ bridges/bin/runtime-common/src/lib.rs | 259 ++ bridges/bin/runtime-common/src/messages.rs | 779 ++++++ .../bin/runtime-common/src/messages_api.rs | 66 + .../src/messages_benchmarking.rs | 293 +++ .../runtime-common/src/messages_call_ext.rs | 644 +++++ .../runtime-common/src/messages_generation.rs | 119 + .../src/messages_xcm_extension.rs | 152 ++ bridges/bin/runtime-common/src/mock.rs | 424 ++++ .../src/parachains_benchmarking.rs | 88 + .../runtime-common/src/priority_calculator.rs | 201 ++ .../src/refund_relayer_extension.rs | 1730 +++++++++++++ bridges/docs/complex-relay.html | 85 + bridges/docs/grandpa-finality-relay.html | 47 + bridges/docs/high-level-overview.md | 181 ++ bridges/docs/messages-relay.html | 78 + bridges/docs/parachains-finality-relay.html | 55 + .../docs/polkadot-kusama-bridge-overview.md | 132 + bridges/docs/polkadot-kusama-bridge.html | 67 + bridges/modules/grandpa/Cargo.toml | 63 + bridges/modules/grandpa/README.md | 101 + bridges/modules/grandpa/src/benchmarking.rs | 141 ++ bridges/modules/grandpa/src/call_ext.rs | 311 +++ bridges/modules/grandpa/src/lib.rs | 1427 +++++++++++ bridges/modules/grandpa/src/mock.rs | 151 ++ bridges/modules/grandpa/src/storage_types.rs | 136 ++ bridges/modules/grandpa/src/weights.rs | 167 ++ bridges/modules/messages/Cargo.toml | 56 + bridges/modules/messages/README.md | 242 ++ bridges/modules/messages/src/benchmarking.rs | 460 ++++ bridges/modules/messages/src/inbound_lane.rs | 556 +++++ bridges/modules/messages/src/lib.rs | 2152 +++++++++++++++++ bridges/modules/messages/src/mock.rs | 503 ++++ bridges/modules/messages/src/outbound_lane.rs | 433 ++++ bridges/modules/messages/src/weights.rs | 525 ++++ bridges/modules/messages/src/weights_ext.rs | 487 ++++ bridges/modules/parachains/Cargo.toml | 60 + bridges/modules/parachains/README.md | 90 + .../modules/parachains/src/benchmarking.rs | 116 + bridges/modules/parachains/src/call_ext.rs | 243 ++ bridges/modules/parachains/src/lib.rs | 1609 ++++++++++++ bridges/modules/parachains/src/mock.rs | 349 +++ bridges/modules/parachains/src/weights.rs | 273 +++ bridges/modules/parachains/src/weights_ext.rs | 107 + bridges/modules/relayers/Cargo.toml | 59 + bridges/modules/relayers/README.md | 14 + bridges/modules/relayers/src/benchmarking.rs | 131 + bridges/modules/relayers/src/lib.rs | 880 +++++++ bridges/modules/relayers/src/mock.rs | 185 ++ .../modules/relayers/src/payment_adapter.rs | 158 ++ bridges/modules/relayers/src/stake_adapter.rs | 186 ++ bridges/modules/relayers/src/weights.rs | 259 ++ bridges/modules/relayers/src/weights_ext.rs | 49 + .../chain-bridge-hub-cumulus/Cargo.toml | 37 + .../chain-bridge-hub-cumulus/src/lib.rs | 216 ++ .../chain-bridge-hub-kusama/Cargo.toml | 31 + .../chain-bridge-hub-kusama/src/lib.rs | 84 + .../chain-bridge-hub-polkadot/Cargo.toml | 32 + .../chain-bridge-hub-polkadot/src/lib.rs | 75 + .../chain-bridge-hub-rococo/Cargo.toml | 31 + .../chain-bridge-hub-rococo/src/lib.rs | 82 + .../chain-bridge-hub-wococo/Cargo.toml | 32 + .../chain-bridge-hub-wococo/src/lib.rs | 72 + bridges/primitives/chain-kusama/Cargo.toml | 30 + bridges/primitives/chain-kusama/src/lib.rs | 65 + bridges/primitives/chain-polkadot/Cargo.toml | 30 + bridges/primitives/chain-polkadot/src/lib.rs | 65 + bridges/primitives/chain-rococo/Cargo.toml | 30 + bridges/primitives/chain-rococo/src/lib.rs | 76 + bridges/primitives/chain-wococo/Cargo.toml | 32 + bridges/primitives/chain-wococo/src/lib.rs | 65 + bridges/primitives/header-chain/Cargo.toml | 45 + .../header-chain/src/justification.rs | 390 +++ bridges/primitives/header-chain/src/lib.rs | 227 ++ .../header-chain/src/storage_keys.rs | 104 + .../tests/implementation_match.rs | 418 ++++ .../header-chain/tests/justification.rs | 280 +++ bridges/primitives/messages/Cargo.toml | 38 + bridges/primitives/messages/src/lib.rs | 484 ++++ .../primitives/messages/src/source_chain.rs | 211 ++ .../primitives/messages/src/storage_keys.rs | 128 + .../primitives/messages/src/target_chain.rs | 200 ++ bridges/primitives/parachains/Cargo.toml | 39 + bridges/primitives/parachains/src/lib.rs | 180 ++ bridges/primitives/polkadot-core/Cargo.toml | 45 + bridges/primitives/polkadot-core/src/lib.rs | 292 +++ .../polkadot-core/src/parachains.rs | 98 + bridges/primitives/relayers/Cargo.toml | 36 + bridges/primitives/relayers/src/lib.rs | 206 ++ .../primitives/relayers/src/registration.rs | 121 + bridges/primitives/runtime/Cargo.toml | 49 + bridges/primitives/runtime/src/chain.rs | 375 +++ bridges/primitives/runtime/src/extensions.rs | 144 ++ bridges/primitives/runtime/src/lib.rs | 573 +++++ bridges/primitives/runtime/src/messages.rs | 35 + .../primitives/runtime/src/storage_proof.rs | 272 +++ .../primitives/runtime/src/storage_types.rs | 90 + bridges/primitives/test-utils/Cargo.toml | 29 + bridges/primitives/test-utils/src/keyring.rs | 94 + bridges/primitives/test-utils/src/lib.rs | 302 +++ bridges/rustfmt.toml | 24 + bridges/scripts/verify-pallets-build.sh | 135 ++ client/network/src/lib.rs | 6 +- scripts/bridges_update_subtree.sh | 85 + 114 files changed, 26856 insertions(+), 6 deletions(-) create mode 100644 BRIDGES.md create mode 100644 bridges/.gitignore create mode 100644 bridges/CODE_OF_CONDUCT.md create mode 100644 bridges/LICENSE create mode 100644 bridges/README.md create mode 100644 bridges/SECURITY.md create mode 100644 bridges/bin/runtime-common/Cargo.toml create mode 100644 bridges/bin/runtime-common/src/integrity.rs create mode 100644 bridges/bin/runtime-common/src/lib.rs create mode 100644 bridges/bin/runtime-common/src/messages.rs create mode 100644 bridges/bin/runtime-common/src/messages_api.rs create mode 100644 bridges/bin/runtime-common/src/messages_benchmarking.rs create mode 100644 bridges/bin/runtime-common/src/messages_call_ext.rs create mode 100644 bridges/bin/runtime-common/src/messages_generation.rs create mode 100644 bridges/bin/runtime-common/src/messages_xcm_extension.rs create mode 100644 bridges/bin/runtime-common/src/mock.rs create mode 100644 bridges/bin/runtime-common/src/parachains_benchmarking.rs create mode 100644 bridges/bin/runtime-common/src/priority_calculator.rs create mode 100644 bridges/bin/runtime-common/src/refund_relayer_extension.rs create mode 100644 bridges/docs/complex-relay.html create mode 100644 bridges/docs/grandpa-finality-relay.html create mode 100644 bridges/docs/high-level-overview.md create mode 100644 bridges/docs/messages-relay.html create mode 100644 bridges/docs/parachains-finality-relay.html create mode 100644 bridges/docs/polkadot-kusama-bridge-overview.md create mode 100644 bridges/docs/polkadot-kusama-bridge.html create mode 100644 bridges/modules/grandpa/Cargo.toml create mode 100644 bridges/modules/grandpa/README.md create mode 100644 bridges/modules/grandpa/src/benchmarking.rs create mode 100644 bridges/modules/grandpa/src/call_ext.rs create mode 100644 bridges/modules/grandpa/src/lib.rs create mode 100644 bridges/modules/grandpa/src/mock.rs create mode 100644 bridges/modules/grandpa/src/storage_types.rs create mode 100644 bridges/modules/grandpa/src/weights.rs create mode 100644 bridges/modules/messages/Cargo.toml create mode 100644 bridges/modules/messages/README.md create mode 100644 bridges/modules/messages/src/benchmarking.rs create mode 100644 bridges/modules/messages/src/inbound_lane.rs create mode 100644 bridges/modules/messages/src/lib.rs create mode 100644 bridges/modules/messages/src/mock.rs create mode 100644 bridges/modules/messages/src/outbound_lane.rs create mode 100644 bridges/modules/messages/src/weights.rs create mode 100644 bridges/modules/messages/src/weights_ext.rs create mode 100644 bridges/modules/parachains/Cargo.toml create mode 100644 bridges/modules/parachains/README.md create mode 100644 bridges/modules/parachains/src/benchmarking.rs create mode 100644 bridges/modules/parachains/src/call_ext.rs create mode 100644 bridges/modules/parachains/src/lib.rs create mode 100644 bridges/modules/parachains/src/mock.rs create mode 100644 bridges/modules/parachains/src/weights.rs create mode 100644 bridges/modules/parachains/src/weights_ext.rs create mode 100644 bridges/modules/relayers/Cargo.toml create mode 100644 bridges/modules/relayers/README.md create mode 100644 bridges/modules/relayers/src/benchmarking.rs create mode 100644 bridges/modules/relayers/src/lib.rs create mode 100644 bridges/modules/relayers/src/mock.rs create mode 100644 bridges/modules/relayers/src/payment_adapter.rs create mode 100644 bridges/modules/relayers/src/stake_adapter.rs create mode 100644 bridges/modules/relayers/src/weights.rs create mode 100644 bridges/modules/relayers/src/weights_ext.rs create mode 100644 bridges/primitives/chain-bridge-hub-cumulus/Cargo.toml create mode 100644 bridges/primitives/chain-bridge-hub-cumulus/src/lib.rs create mode 100644 bridges/primitives/chain-bridge-hub-kusama/Cargo.toml create mode 100644 bridges/primitives/chain-bridge-hub-kusama/src/lib.rs create mode 100644 bridges/primitives/chain-bridge-hub-polkadot/Cargo.toml create mode 100644 bridges/primitives/chain-bridge-hub-polkadot/src/lib.rs create mode 100644 bridges/primitives/chain-bridge-hub-rococo/Cargo.toml create mode 100644 bridges/primitives/chain-bridge-hub-rococo/src/lib.rs create mode 100644 bridges/primitives/chain-bridge-hub-wococo/Cargo.toml create mode 100644 bridges/primitives/chain-bridge-hub-wococo/src/lib.rs create mode 100644 bridges/primitives/chain-kusama/Cargo.toml create mode 100644 bridges/primitives/chain-kusama/src/lib.rs create mode 100644 bridges/primitives/chain-polkadot/Cargo.toml create mode 100644 bridges/primitives/chain-polkadot/src/lib.rs create mode 100644 bridges/primitives/chain-rococo/Cargo.toml create mode 100644 bridges/primitives/chain-rococo/src/lib.rs create mode 100644 bridges/primitives/chain-wococo/Cargo.toml create mode 100644 bridges/primitives/chain-wococo/src/lib.rs create mode 100644 bridges/primitives/header-chain/Cargo.toml create mode 100644 bridges/primitives/header-chain/src/justification.rs create mode 100644 bridges/primitives/header-chain/src/lib.rs create mode 100644 bridges/primitives/header-chain/src/storage_keys.rs create mode 100644 bridges/primitives/header-chain/tests/implementation_match.rs create mode 100644 bridges/primitives/header-chain/tests/justification.rs create mode 100644 bridges/primitives/messages/Cargo.toml create mode 100644 bridges/primitives/messages/src/lib.rs create mode 100644 bridges/primitives/messages/src/source_chain.rs create mode 100644 bridges/primitives/messages/src/storage_keys.rs create mode 100644 bridges/primitives/messages/src/target_chain.rs create mode 100644 bridges/primitives/parachains/Cargo.toml create mode 100644 bridges/primitives/parachains/src/lib.rs create mode 100644 bridges/primitives/polkadot-core/Cargo.toml create mode 100644 bridges/primitives/polkadot-core/src/lib.rs create mode 100644 bridges/primitives/polkadot-core/src/parachains.rs create mode 100644 bridges/primitives/relayers/Cargo.toml create mode 100644 bridges/primitives/relayers/src/lib.rs create mode 100644 bridges/primitives/relayers/src/registration.rs create mode 100644 bridges/primitives/runtime/Cargo.toml create mode 100644 bridges/primitives/runtime/src/chain.rs create mode 100644 bridges/primitives/runtime/src/extensions.rs create mode 100644 bridges/primitives/runtime/src/lib.rs create mode 100644 bridges/primitives/runtime/src/messages.rs create mode 100644 bridges/primitives/runtime/src/storage_proof.rs create mode 100644 bridges/primitives/runtime/src/storage_types.rs create mode 100644 bridges/primitives/test-utils/Cargo.toml create mode 100644 bridges/primitives/test-utils/src/keyring.rs create mode 100644 bridges/primitives/test-utils/src/lib.rs create mode 100644 bridges/rustfmt.toml create mode 100755 bridges/scripts/verify-pallets-build.sh create mode 100755 scripts/bridges_update_subtree.sh diff --git a/.github/pr-custom-review.yml b/.github/pr-custom-review.yml index f8c887c5f4a..b833d3a01aa 100644 --- a/.github/pr-custom-review.yml +++ b/.github/pr-custom-review.yml @@ -19,12 +19,20 @@ rules: check_type: changed_files condition: include: .* - # excluding files from 'Runtime files' and 'CI files' rules + # excluding files from 'Runtime files' and 'CI files' rules and `Bridges subtree files` exclude: ^parachains/runtimes/assets/(statemine|statemint)/src/[^/]+\.rs$|^parachains/runtimes/bridge-hubs/(bridge-hub-kusama|bridge-hub-polkadot)/src/[^/]+\.rs$|^parachains/runtimes/collectives/collectives-polkadot/src/[^/]+\.rs$|^parachains/common/src/[^/]+\.rs$|^\.gitlab-ci\.yml|^scripts/ci/.*|^\.github/.* min_approvals: 2 teams: - core-devs + # if there are any changes in the bridges subtree (in case of backport changes back to bridges repo) + - name: Bridges subtree files + check_type: changed_files + condition: ^bridges/.* + min_approvals: 1 + teams: + - bridges-core + - name: CI files check_type: changed_files condition: diff --git a/BRIDGES.md b/BRIDGES.md new file mode 100644 index 00000000000..a9fff624cdc --- /dev/null +++ b/BRIDGES.md @@ -0,0 +1,88 @@ +# Using Parity Bridges Common dependency (`git subtree`). + +In `./bridges` sub-directory you can find a `git subtree` imported version of: +[parity-bridges-common](https://github.com/paritytech/parity-bridges-common/) repository. + +(For regular Cumulus contributor 1. is relevant) \ +(For Cumulus maintainer 1. and 2. are relevant) \ +(For Bridges team 1. and 2. and 3. are relevant) + +# 1. How to fix broken Bridges code? + +To fix Bridges code simply create a commit in current (`Cumulus`) repo. Best if +the commit is isolated to changes in `./bridges` sub-directory, because it makes +it easier to import that change back to upstream repo. + +(Any changes to `bridges` subtree require Bridges team approve and they should manage backport to Bridges repo) + + +# 2. How to pull latest Bridges code to the `bridges` subtree +(in practice) +``` +cd + +# this will update new git branches from bridges repo +# there could be unresolved conflicts, but dont worry, +# lots of them are caused because of removed unneeded files with patch step, +./scripts/bridges_update_subtree.sh fetch + +# so, after fetch and before solving conflicts just run patch, +# this will remove unneeded files and checks if subtree modules compiles +./scripts/bridges_update_subtree.sh patch + +# if there are conflicts, this could help, +# this removes locally deleted files at least (move changes to git stash for commit) +./scripts/bridges_update_subtree.sh merge + +# (optional) when conflicts resolved, you can check build again - should pass +# also important: this updates global Cargo.lock +./scripts/bridges_update_subtree.sh patch + +# add changes to the commit, first command `fetch` starts merge, +# so after all conflicts are solved and patch passes and compiles, +# then we need to finish merge with: +git merge --continue +```` + +# 3. How to pull latest Bridges code or contribute back? +(in theory) + +Note that it's totally fine to ping the **Bridges Team** to do that for you. The point +of adding the code as `git subtree` is to **reduce maintenance cost** for Cumulus/Polkadot +developers. + +If you still would like to either update the code to match latest code from the repo +or create an upstream PR read below. The following commands should be run in the +current (`polkadot`) repo. + +1. Add Bridges repo as a local remote: +``` +$ git remote add -f bridges git@github.com:paritytech/parity-bridges-common.git +``` + +If you plan to contribute back, consider forking the repository on Github and adding +your personal fork as a remote as well. +``` +$ git remote add -f my-bridges git@github.com:tomusdrw/parity-bridges-common.git +``` + +2. To update Bridges: +``` +$ git fetch bridges master +$ git subtree pull --prefix=bridges bridges master --squash +```` + +We use `--squash` to avoid adding individual commits and rather squashing them +all into one. + +3. Clean unneeded files here: +``` +./bridges/scripts/verify-pallets-build.sh --ignore-git-state --no-revert +``` + +4. Contributing back to Bridges (creating upstream PR) +``` +$ git subtree push --prefix=bridges my-bridges master +``` +This command will push changes to your personal fork of Bridges repo, from where +you can simply create a PR to the main repo. diff --git a/Cargo.lock b/Cargo.lock index 7b17274e8b2..390402ce88a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -758,6 +758,125 @@ dependencies = [ "thiserror", ] +[[package]] +name = "bp-header-chain" +version = "0.1.0" +dependencies = [ + "bp-runtime", + "bp-test-utils", + "finality-grandpa", + "frame-support", + "hex", + "hex-literal 0.4.1", + "parity-scale-codec", + "scale-info", + "serde", + "sp-consensus-grandpa", + "sp-core", + "sp-runtime", + "sp-std", +] + +[[package]] +name = "bp-messages" +version = "0.1.0" +dependencies = [ + "bp-runtime", + "frame-support", + "hex", + "hex-literal 0.4.1", + "parity-scale-codec", + "scale-info", + "serde", + "sp-core", + "sp-std", +] + +[[package]] +name = "bp-parachains" +version = "0.1.0" +dependencies = [ + "bp-header-chain", + "bp-polkadot-core", + "bp-runtime", + "frame-support", + "impl-trait-for-tuples", + "parity-scale-codec", + "scale-info", + "sp-core", + "sp-runtime", + "sp-std", +] + +[[package]] +name = "bp-polkadot-core" +version = "0.1.0" +dependencies = [ + "bp-messages", + "bp-runtime", + "frame-support", + "frame-system", + "hex", + "parity-scale-codec", + "parity-util-mem", + "scale-info", + "serde", + "sp-core", + "sp-runtime", + "sp-std", +] + +[[package]] +name = "bp-relayers" +version = "0.1.0" +dependencies = [ + "bp-messages", + "bp-runtime", + "frame-support", + "hex", + "hex-literal 0.4.1", + "parity-scale-codec", + "scale-info", + "sp-runtime", + "sp-std", +] + +[[package]] +name = "bp-runtime" +version = "0.1.0" +dependencies = [ + "frame-support", + "frame-system", + "hash-db", + "hex-literal 0.4.1", + "impl-trait-for-tuples", + "num-traits", + "parity-scale-codec", + "scale-info", + "serde", + "sp-core", + "sp-io", + "sp-runtime", + "sp-state-machine", + "sp-std", + "sp-trie", + "trie-db", +] + +[[package]] +name = "bp-test-utils" +version = "0.1.0" +dependencies = [ + "bp-header-chain", + "ed25519-dalek", + "finality-grandpa", + "parity-scale-codec", + "sp-application-crypto", + "sp-consensus-grandpa", + "sp-runtime", + "sp-std", +] + [[package]] name = "bridge-hub-kusama-runtime" version = "0.1.0" @@ -954,6 +1073,43 @@ dependencies = [ "asset-test-utils", ] +[[package]] +name = "bridge-runtime-common" +version = "0.1.0" +dependencies = [ + "bp-header-chain", + "bp-messages", + "bp-parachains", + "bp-polkadot-core", + "bp-relayers", + "bp-runtime", + "bp-test-utils", + "frame-support", + "frame-system", + "hash-db", + "log", + "pallet-balances", + "pallet-bridge-grandpa", + "pallet-bridge-messages", + "pallet-bridge-parachains", + "pallet-bridge-relayers", + "pallet-transaction-payment", + "pallet-utility", + "pallet-xcm", + "parity-scale-codec", + "scale-info", + "sp-api", + "sp-core", + "sp-io", + "sp-runtime", + "sp-std", + "sp-trie", + "static_assertions", + "xcm", + "xcm-builder", + "xcm-executor", +] + [[package]] name = "bs58" version = "0.4.0" @@ -3223,6 +3379,33 @@ dependencies = [ "libc", ] +[[package]] +name = "ethbloom" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c22d4b5885b6aa2fe5e8b9329fb8d232bf739e434e6b87347c63bdd00c120f60" +dependencies = [ + "crunchy", + "fixed-hash", + "impl-rlp", + "impl-serde", + "tiny-keccak", +] + +[[package]] +name = "ethereum-types" +version = "0.14.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "02d215cbf040552efcbe99a38372fe80ab9d00268e20012b79fcd0f073edd8ee" +dependencies = [ + "ethbloom", + "fixed-hash", + "impl-rlp", + "impl-serde", + "primitive-types", + "uint", +] + [[package]] name = "event-listener" version = "2.5.1" @@ -4389,6 +4572,15 @@ dependencies = [ "parity-scale-codec", ] +[[package]] +name = "impl-rlp" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f28220f89297a075ddc7245cd538076ee98b01f2a9c23a53a4f1105d5a322808" +dependencies = [ + "rlp", +] + [[package]] name = "impl-serde" version = "0.4.0" @@ -6413,6 +6605,94 @@ dependencies = [ "sp-std", ] +[[package]] +name = "pallet-bridge-grandpa" +version = "0.1.0" +dependencies = [ + "bp-header-chain", + "bp-runtime", + "bp-test-utils", + "finality-grandpa", + "frame-benchmarking", + "frame-support", + "frame-system", + "log", + "parity-scale-codec", + "scale-info", + "sp-consensus-grandpa", + "sp-core", + "sp-io", + "sp-runtime", + "sp-std", + "sp-trie", +] + +[[package]] +name = "pallet-bridge-messages" +version = "0.1.0" +dependencies = [ + "bp-messages", + "bp-runtime", + "bp-test-utils", + "frame-benchmarking", + "frame-support", + "frame-system", + "log", + "num-traits", + "pallet-balances", + "parity-scale-codec", + "scale-info", + "sp-core", + "sp-io", + "sp-runtime", + "sp-std", +] + +[[package]] +name = "pallet-bridge-parachains" +version = "0.1.0" +dependencies = [ + "bp-header-chain", + "bp-parachains", + "bp-polkadot-core", + "bp-runtime", + "bp-test-utils", + "frame-benchmarking", + "frame-support", + "frame-system", + "log", + "pallet-bridge-grandpa", + "parity-scale-codec", + "scale-info", + "sp-core", + "sp-io", + "sp-runtime", + "sp-std", + "sp-trie", +] + +[[package]] +name = "pallet-bridge-relayers" +version = "0.1.0" +dependencies = [ + "bp-messages", + "bp-relayers", + "bp-runtime", + "frame-benchmarking", + "frame-support", + "frame-system", + "log", + "pallet-balances", + "pallet-bridge-messages", + "parity-scale-codec", + "scale-info", + "sp-arithmetic", + "sp-core", + "sp-io", + "sp-runtime", + "sp-std", +] + [[package]] name = "pallet-child-bounties" version = "4.0.0-dev" @@ -7557,6 +7837,35 @@ version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "aa9777aa91b8ad9dd5aaa04a9b6bcb02c7f1deb952fca5a66034d5e63afc5c6f" +[[package]] +name = "parity-util-mem" +version = "0.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0d32c34f4f5ca7f9196001c0aba5a1f9a5a12382c8944b8b0f90233282d1e8f8" +dependencies = [ + "cfg-if", + "ethereum-types", + "hashbrown 0.12.3", + "impl-trait-for-tuples", + "lru 0.8.1", + "parity-util-mem-derive", + "parking_lot 0.12.1", + "primitive-types", + "smallvec", + "winapi", +] + +[[package]] +name = "parity-util-mem-derive" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f557c32c6d268a07c921471619c0295f5efad3a0e76d4f97a05c091a51d110b2" +dependencies = [ + "proc-macro2", + "syn 1.0.109", + "synstructure", +] + [[package]] name = "parity-wasm" version = "0.45.0" @@ -9408,6 +9717,7 @@ checksum = "5cfd65aea0c5fa0bfcc7c9e7ca828c921ef778f43d325325ec84bda371bfa75a" dependencies = [ "fixed-hash", "impl-codec", + "impl-rlp", "impl-serde", "scale-info", "uint", @@ -9941,6 +10251,16 @@ dependencies = [ "winapi", ] +[[package]] +name = "rlp" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bb919243f34364b6bd2fc10ef797edbfa75f33c252e7998527479c6d6b47e1ec" +dependencies = [ + "bytes", + "rustc-hex", +] + [[package]] name = "rocksdb" version = "0.20.1" @@ -13436,6 +13756,15 @@ dependencies = [ "zeroize", ] +[[package]] +name = "tiny-keccak" +version = "2.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2c9d3793400a45f954c52e73d068316d76b6f4e36977e3fcebb13a2721e80237" +dependencies = [ + "crunchy", +] + [[package]] name = "tinytemplate" version = "1.2.1" @@ -13726,9 +14055,9 @@ dependencies = [ [[package]] name = "trie-db" -version = "0.27.0" +version = "0.27.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "634d75c77ea43f2ad8ea9d9c58de49dfc9c3995bdef32b503df7883ff054e7f1" +checksum = "767abe6ffed88a1889671a102c2861ae742726f52e0a5a425b92c9fbfa7e9c85" dependencies = [ "hash-db", "hashbrown 0.13.2", diff --git a/Cargo.toml b/Cargo.toml index cdcf4730f72..4ceb8d5c04a 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -2,6 +2,11 @@ resolver = "2" members = [ + "bridges/bin/runtime-common", + "bridges/modules/grandpa", + "bridges/modules/messages", + "bridges/modules/parachains", + "bridges/modules/relayers", "client/cli", "client/consensus/aura", "client/consensus/common", diff --git a/bridges/.gitignore b/bridges/.gitignore new file mode 100644 index 00000000000..5d10cfa41a4 --- /dev/null +++ b/bridges/.gitignore @@ -0,0 +1,26 @@ +**/target/ +**/.env +**/.env2 +**/rust-toolchain +hfuzz_target +hfuzz_workspace +**/Cargo.lock + +**/*.rs.bk + +*.o +*.so +*.rlib +*.dll +.gdb_history + +*.exe + +.DS_Store + +.cargo +.idea +.vscode +*.iml +*.swp +*.swo diff --git a/bridges/CODE_OF_CONDUCT.md b/bridges/CODE_OF_CONDUCT.md new file mode 100644 index 00000000000..70541fb72fa --- /dev/null +++ b/bridges/CODE_OF_CONDUCT.md @@ -0,0 +1,80 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as contributors and maintainers +pledge to making participation in our project and our community a harassment-free experience for +everyone, regardless of age, body size, disability, ethnicity, sex characteristics, gender identity +and expression, level of experience, education, socio-economic status, nationality, personal +appearance, race, religion, or sexual identity and orientation. + +## Our Standards + +Examples of behavior that contributes to creating a positive environment include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behavior by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic address, without explicit + permission +* Other conduct which could reasonably be considered inappropriate in a professional setting + +### Facilitation, Not Strongarming + +We recognise that this software is merely a tool for users to create and maintain their blockchain +of preference. We see that blockchains are naturally community platforms with users being the +ultimate decision makers. We assert that good software will maximise user agency by facilitate +user-expression on the network. As such: + +- This project will strive to give users as much choice as is both reasonable and possible over what + protocol they adhere to; but +- use of the project's technical forums, commenting systems, pull requests and issue trackers as a + means to express individual protocol preferences is forbidden. + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable behavior and are +expected to take appropriate and fair corrective action in response to any instances of unacceptable +behavior. + +Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, +code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or +to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, +threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces when an individual is +representing the project or its community. Examples of representing a project or community include +using an official project e-mail address, posting via an official social media account, or acting as +an appointed representative at an online or offline event. Representation of a project may be +further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting +the project team at admin@parity.io. All complaints will be reviewed and investigated and will +result in a response that is deemed necessary and appropriate to the circumstances. The project team +is obligated to maintain confidentiality with regard to the reporter of an incident. Further +details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good faith may face +temporary or permanent repercussions as determined by other members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at +https://www.contributor-covenant.org/version/1/4/code-of-conduct.html + +[homepage]: https://www.contributor-covenant.org + +For answers to common questions about this code of conduct, see +https://www.contributor-covenant.org/faq diff --git a/bridges/LICENSE b/bridges/LICENSE new file mode 100644 index 00000000000..733c072369c --- /dev/null +++ b/bridges/LICENSE @@ -0,0 +1,675 @@ + GNU GENERAL PUBLIC LICENSE + Version 3, 29 June 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The GNU General Public License is a free, copyleft license for +software and other kinds of works. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +the GNU General Public License is intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. We, the Free Software Foundation, use the +GNU General Public License for most of our software; it applies also to +any other work released this way by its authors. You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + To protect your rights, we need to prevent others from denying you +these rights or asking you to surrender the rights. Therefore, you have +certain responsibilities if you distribute copies of the software, or if +you modify it: responsibilities to respect the freedom of others. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must pass on to the recipients the same +freedoms that you received. You must make sure that they, too, receive +or can get the source code. And you must show them these terms so they +know their rights. + + Developers that use the GNU GPL protect your rights with two steps: +(1) assert copyright on the software, and (2) offer you this License +giving you legal permission to copy, distribute and/or modify it. + + For the developers' and authors' protection, the GPL clearly explains +that there is no warranty for this free software. For both users' and +authors' sake, the GPL requires that modified versions be marked as +changed, so that their problems will not be attributed erroneously to +authors of previous versions. + + Some devices are designed to deny users access to install or run +modified versions of the software inside them, although the manufacturer +can do so. This is fundamentally incompatible with the aim of +protecting users' freedom to change the software. The systematic +pattern of such abuse occurs in the area of products for individuals to +use, which is precisely where it is most unacceptable. Therefore, we +have designed this version of the GPL to prohibit the practice for those +products. If such problems arise substantially in other domains, we +stand ready to extend this provision to those domains in future versions +of the GPL, as needed to protect the freedom of users. + + Finally, every program is threatened constantly by software patents. +States should not allow patents to restrict development and use of +software on general-purpose computers, but in those that do, we wish to +avoid the special danger that patents applied to a free program could +make it effectively proprietary. To prevent this, the GPL assures that +patents cannot be used to render the program non-free. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Use with the GNU Affero General Public License. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU Affero General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the special requirements of the GNU Affero General Public License, +section 13, concerning interaction through a network will apply to the +combination as such. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + {one line to give the program's name and a brief idea of what it does.} + Copyright (C) {year} {name of author} + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + + If the program does terminal interaction, make it output a short +notice like this when it starts in an interactive mode: + + {project} Copyright (C) {year} {fullname} + This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, your program's commands +might be different; for a GUI interface, you would use an "about box". + + You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU GPL, see +. + + The GNU General Public License does not permit incorporating your program +into proprietary programs. If your program is a subroutine library, you +may consider it more useful to permit linking proprietary applications with +the library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. But first, please read +. + diff --git a/bridges/README.md b/bridges/README.md new file mode 100644 index 00000000000..aab6007d2cd --- /dev/null +++ b/bridges/README.md @@ -0,0 +1,259 @@ +# Parity Bridges Common + +This is a collection of components for building bridges. + +These components include Substrate pallets for syncing headers, passing arbitrary messages, as well +as libraries for building relayers to provide cross-chain communication capabilities. + +Three bridge nodes are also available. The nodes can be used to run test networks which bridge other +Substrate chains. + +🚧 The bridges are currently under construction - a hardhat is recommended beyond this point 🚧 + +## Contents + +- [Installation](#installation) +- [High-Level Architecture](#high-level-architecture) +- [Project Layout](#project-layout) +- [Running the Bridge](#running-the-bridge) +- [How to send a message](#how-to-send-a-message) +- [Community](#community) + +## Installation + +To get up and running you need both stable and nightly Rust. Rust nightly is used to build the Web +Assembly (WASM) runtime for the node. You can configure the WASM support as so: + +```bash +rustup install nightly +rustup target add wasm32-unknown-unknown --toolchain nightly +``` + +Once this is configured you can build and test the repo as follows: + +``` +git clone https://github.com/paritytech/parity-bridges-common.git +cd parity-bridges-common +cargo build --all +cargo test --all +``` + +Also you can build the repo with +[Parity CI Docker image](https://github.com/paritytech/scripts/tree/master/dockerfiles/bridges-ci): + +```bash +docker pull paritytech/bridges-ci:production +mkdir ~/cache +chown 1000:1000 ~/cache #processes in the container runs as "nonroot" user with UID 1000 +docker run --rm -it -w /shellhere/parity-bridges-common \ + -v /home/$(whoami)/cache/:/cache/ \ + -v "$(pwd)":/shellhere/parity-bridges-common \ + -e CARGO_HOME=/cache/cargo/ \ + -e SCCACHE_DIR=/cache/sccache/ \ + -e CARGO_TARGET_DIR=/cache/target/ paritytech/bridges-ci:production cargo build --all +#artifacts can be found in ~/cache/target +``` + +If you want to reproduce other steps of CI process you can use the following +[guide](https://github.com/paritytech/scripts#reproduce-ci-locally). + +If you need more information about setting up your development environment [Substrate's +Installation page](https://docs.substrate.io/main-docs/install/) is a good +resource. + +## High-Level Architecture + +This repo has support for bridging foreign chains together using a combination of Substrate pallets +and external processes called relayers. A bridge chain is one that is able to follow the consensus +of a foreign chain independently. For example, consider the case below where we want to bridge two +Substrate based chains. + +``` ++---------------+ +---------------+ +| | | | +| Rialto | | Millau | +| | | | ++-------+-------+ +-------+-------+ + ^ ^ + | +---------------+ | + | | | | + +-----> | Bridge Relay | <-------+ + | | + +---------------+ +``` + +The Millau chain must be able to accept Rialto headers and verify their integrity. It does this by +using a runtime module designed to track GRANDPA finality. Since two blockchains can't interact +directly they need an external service, called a relayer, to communicate. The relayer will subscribe +to new Rialto headers via RPC and submit them to the Millau chain for verification. + +Take a look at [Bridge High Level Documentation](./docs/high-level-overview.md) for more in-depth +description of the bridge interaction. + +## Project Layout + +Here's an overview of how the project is laid out. The main bits are the `bin`, which is the actual +"blockchain", the `modules` which are used to build the blockchain's logic (a.k.a the runtime) and +the `relays` which are used to pass messages between chains. + +``` +├── bin // Node and Runtime for the various Substrate chains +│ └── ... +├── deployments // Useful tools for deploying test networks +│ └── ... +├── modules // Substrate Runtime Modules (a.k.a Pallets) +│ ├── beefy // On-Chain BEEFY Light Client (in progress) +│ ├── grandpa // On-Chain GRANDPA Light Client +│ ├── messages // Cross Chain Message Passing +│ ├── parachains // On-Chain Parachains Light Client +│ ├── relayers // Relayer rewards registry +│ └── ... +├── primitives // Code shared between modules, runtimes, and relays +│ └── ... +├── relays // Application for sending finality proofs and messages between chains +│ └── ... +└── scripts // Useful development and maintenance scripts +``` + +## Running the Bridge + +To run the Bridge you need to be able to connect the bridge relay node to the RPC interface of nodes +on each side of the bridge (source and target chain). + +There are 2 ways to run the bridge, described below: + +- building & running from source: with this option, you'll be able to run the bridge between two standalone +chains that are running GRANDPA finality gadget to achieve finality; + +- running a Docker Compose setup: this is a recommended option, where you'll see bridges with parachains, +complex relays and more. + +### Using the Source + +First you'll need to build the bridge nodes and relay. This can be done as follows: + +```bash +# In `parity-bridges-common` folder +cargo build -p rialto-bridge-node +cargo build -p millau-bridge-node +cargo build -p substrate-relay +``` + +### Running a Dev network + +We will launch a dev network to demonstrate how to relay a message between two Substrate based +chains (named Rialto and Millau). + +To do this we will need two nodes, two relayers which will relay headers, and two relayers which +will relay messages. + +#### Running from local scripts + +To run a simple dev network you can use the scripts located in the +[`deployments/local-scripts` folder](./deployments/local-scripts). + +First, we must run the two Substrate nodes. + +```bash +# In `parity-bridges-common` folder +./deployments/local-scripts/run-rialto-node.sh +./deployments/local-scripts/run-millau-node.sh +``` + +After the nodes are up we can run the header relayers. + +```bash +./deployments/local-scripts/relay-millau-to-rialto.sh +./deployments/local-scripts/relay-rialto-to-millau.sh +``` + +At this point you should see the relayer submitting headers from the Millau Substrate chain to the +Rialto Substrate chain. + +``` +# Header Relayer Logs +[Millau_to_Rialto_Sync] [date] DEBUG bridge Going to submit finality proof of Millau header #147 to Rialto +[...] [date] INFO bridge Synced 147 of 147 headers +[...] [date] DEBUG bridge Going to submit finality proof of Millau header #148 to Rialto +[...] [date] INFO bridge Synced 148 of 149 headers +``` + +Finally, we can run the message relayers. + +```bash +./deployments/local-scripts/relay-messages-millau-to-rialto.sh +./deployments/local-scripts/relay-messages-rialto-to-millau.sh +``` + +You will also see the message lane relayers listening for new messages. + +``` +# Message Relayer Logs +[Millau_to_Rialto_MessageLane_00000000] [date] DEBUG bridge Asking Millau::ReceivingConfirmationsDelivery about best message nonces +[...] [date] INFO bridge Synced Some(2) of Some(3) nonces in Millau::MessagesDelivery -> Rialto::MessagesDelivery race +[...] [date] DEBUG bridge Asking Millau::MessagesDelivery about message nonces +[...] [date] DEBUG bridge Received best nonces from Millau::ReceivingConfirmationsDelivery: TargetClientNonces { latest_nonce: 0, nonces_data: () } +[...] [date] DEBUG bridge Asking Millau::ReceivingConfirmationsDelivery about finalized message nonces +[...] [date] DEBUG bridge Received finalized nonces from Millau::ReceivingConfirmationsDelivery: TargetClientNonces { latest_nonce: 0, nonces_data: () } +[...] [date] DEBUG bridge Received nonces from Millau::MessagesDelivery: SourceClientNonces { new_nonces: {}, confirmed_nonce: Some(0) } +[...] [date] DEBUG bridge Asking Millau node about its state +[...] [date] DEBUG bridge Received state from Millau node: ClientState { best_self: HeaderId(1593, 0xacac***), best_finalized_self: HeaderId(1590, 0x0be81d...), best_finalized_peer_at_best_self: HeaderId(0, 0xdcdd89...) } +``` + +To send a message see the ["How to send a message" section](#how-to-send-a-message). + +### How to send a message + +In this section we'll show you how to quickly send a bridge message. The message is just an encoded XCM +`Trap(43)` message. + +```bash +# In `parity-bridges-common` folder +./scripts/send-message-from-millau-rialto.sh +``` + +After sending a message you will see the following logs showing a message was successfully sent: + +``` +INFO bridge Sending message to Rialto. Size: 11. +TRACE bridge Sent transaction to Millau node: 0x5e68... +``` + +And at the Rialto node logs you'll something like this: + +``` +... runtime::bridge-messages: Received messages: total=1, valid=1. Weight used: Weight(ref_time: 1215065371, proof_size: 48559)/Weight(ref_time: 1215065371, proof_size: 54703). +``` + +It means that the message has been delivered and dispatched. Message may be dispatched with an +error, though - the goal of our test bridge is to ensure that messages are successfully delivered +and all involved components are working. + +## Full Network Docker Compose Setup + +For a more sophisticated deployment which includes bidirectional header sync, message passing, +monitoring dashboards, etc. see the [Deployments README](./deployments/README.md). + +You should note that you can find images for all the bridge components published on +[Docker Hub](https://hub.docker.com/u/paritytech). + +To run a Rialto node for example, you can use the following command: + +```bash +docker run -p 30333:30333 -p 9933:9933 -p 9944:9944 \ + -it paritytech/rialto-bridge-node --dev --tmp \ + --rpc-cors=all --unsafe-rpc-external --unsafe-ws-external +``` + +## Community + +Main hangout for the community is [Element](https://element.io/) (formerly Riot). Element is a chat +server like, for example, Discord. Most discussions around Polkadot and Substrate happen +in various Element "rooms" (channels). So, joining Element might be a good idea, anyway. + +If you are interested in information exchange and development of Polkadot related bridges please +feel free to join the [Polkadot Bridges](https://app.element.io/#/room/#bridges:web3.foundation) +Element channel. + +The [Substrate Technical](https://app.element.io/#/room/#substrate-technical:matrix.org) Element +channel is most suited for discussions regarding Substrate itself. diff --git a/bridges/SECURITY.md b/bridges/SECURITY.md new file mode 100644 index 00000000000..65f2f3bff05 --- /dev/null +++ b/bridges/SECURITY.md @@ -0,0 +1,14 @@ +# Security Policy + +Thanks for helping make the Parity ecosystem more secure. Security is one of our first priorities. + +## Reporting a vulnerability + +If you find something that can be treated as a security vulnerability, please do not use the issue tracker or discuss it in the public forum as it can cause more damage, rather than giving real help to the ecosystem. + +Security vulnerabilities should be reported by the [contact form](https://security-submission.parity.io/). + +If you think that your report might be eligible for the Bug Bounty Program, please mark this during the submission. Please check up-to-date [Parity Bug Bounty Program rules](https://www.parity.io/bug-bounty) to find out the information about our Bug Bounty Program. + +**Warning**: This is an unified SECURITY.md file for Paritytech GitHub Organization. The presence of this file does not mean that this repository is covered by the Bug Bounty program. Please always check the Bug Bounty Program scope for information. + diff --git a/bridges/bin/runtime-common/Cargo.toml b/bridges/bin/runtime-common/Cargo.toml new file mode 100644 index 00000000000..039e323b9b7 --- /dev/null +++ b/bridges/bin/runtime-common/Cargo.toml @@ -0,0 +1,92 @@ +[package] +name = "bridge-runtime-common" +version = "0.1.0" +authors = ["Parity Technologies "] +edition = "2021" +repository = "https://github.com/paritytech/parity-bridges-common/" +license = "GPL-3.0-or-later WITH Classpath-exception-2.0" + +[dependencies] +codec = { package = "parity-scale-codec", version = "3.1.5", default-features = false, features = ["derive"] } +hash-db = { version = "0.16.0", default-features = false } +log = { version = "0.4.17", default-features = false } +scale-info = { version = "2.6.0", default-features = false, features = ["derive"] } +static_assertions = { version = "1.1", optional = true } + +# Bridge dependencies + +bp-header-chain = { path = "../../primitives/header-chain", default-features = false } +bp-messages = { path = "../../primitives/messages", default-features = false } +bp-parachains = { path = "../../primitives/parachains", default-features = false } +bp-polkadot-core = { path = "../../primitives/polkadot-core", default-features = false } +bp-relayers = { path = "../../primitives/relayers", default-features = false } +bp-runtime = { path = "../../primitives/runtime", default-features = false } +pallet-bridge-grandpa = { path = "../../modules/grandpa", default-features = false } +pallet-bridge-messages = { path = "../../modules/messages", default-features = false } +pallet-bridge-parachains = { path = "../../modules/parachains", default-features = false } +pallet-bridge-relayers = { path = "../../modules/relayers", default-features = false } + +# Substrate dependencies + +frame-support = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +frame-system = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +pallet-transaction-payment = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +pallet-utility = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-api = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-core = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-io = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-runtime = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-std = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-trie = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } + +# Polkadot dependencies +pallet-xcm = { git = "https://github.com/paritytech/polkadot", branch = "master", default-features = false } +xcm = { git = "https://github.com/paritytech/polkadot", branch = "master", default-features = false } +xcm-builder = { git = "https://github.com/paritytech/polkadot", branch = "master", default-features = false } +xcm-executor = { git = "https://github.com/paritytech/polkadot", branch = "master", default-features = false } + +[dev-dependencies] +bp-test-utils = { path = "../../primitives/test-utils" } +pallet-balances = { git = "https://github.com/paritytech/substrate", branch = "master" } + +[features] +default = ["std"] +std = [ + "bp-header-chain/std", + "bp-messages/std", + "bp-parachains/std", + "bp-polkadot-core/std", + "bp-runtime/std", + "codec/std", + "frame-support/std", + "frame-system/std", + "hash-db/std", + "log/std", + "pallet-bridge-grandpa/std", + "pallet-bridge-messages/std", + "pallet-bridge-parachains/std", + "pallet-bridge-relayers/std", + "pallet-transaction-payment/std", + "pallet-utility/std", + "pallet-xcm/std", + "scale-info/std", + "sp-api/std", + "sp-core/std", + "sp-io/std", + "sp-runtime/std", + "sp-std/std", + "sp-trie/std", + "xcm/std", + "xcm-builder/std", + "xcm-executor/std", +] +runtime-benchmarks = [ + "pallet-bridge-grandpa/runtime-benchmarks", + "pallet-bridge-messages/runtime-benchmarks", + "pallet-bridge-parachains/runtime-benchmarks", + "pallet-xcm/runtime-benchmarks", + "xcm-builder/runtime-benchmarks", +] +integrity-test = [ + "static_assertions", +] diff --git a/bridges/bin/runtime-common/src/integrity.rs b/bridges/bin/runtime-common/src/integrity.rs new file mode 100644 index 00000000000..aa698b0b95e --- /dev/null +++ b/bridges/bin/runtime-common/src/integrity.rs @@ -0,0 +1,361 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Integrity tests for chain constants and pallets configuration. +//! +//! Most of the tests in this module assume that the bridge is using standard (see `crate::messages` +//! module for details) configuration. + +use crate::{messages, messages::MessageBridge}; + +use bp_messages::{InboundLaneData, MessageNonce}; +use bp_runtime::{Chain, ChainId}; +use codec::Encode; +use frame_support::{storage::generator::StorageValue, traits::Get, weights::Weight}; +use frame_system::limits; +use pallet_bridge_messages::WeightInfoExt as _; +use sp_runtime::traits::SignedExtension; + +/// Macro that ensures that the runtime configuration and chain primitives crate are sharing +/// the same types (index, block number, hash, hasher, account id and header). +#[macro_export] +macro_rules! assert_chain_types( + ( runtime: $r:path, this_chain: $this:path ) => { + { + // if one of asserts fail, then either bridge isn't configured properly (or alternatively - non-standard + // configuration is used), or something has broke existing configuration (meaning that all bridged chains + // and relays will stop functioning) + use frame_system::Config as SystemConfig; + use static_assertions::assert_type_eq_all; + + assert_type_eq_all!(<$r as SystemConfig>::Index, bp_runtime::IndexOf<$this>); + assert_type_eq_all!(<$r as SystemConfig>::BlockNumber, bp_runtime::BlockNumberOf<$this>); + assert_type_eq_all!(<$r as SystemConfig>::Hash, bp_runtime::HashOf<$this>); + assert_type_eq_all!(<$r as SystemConfig>::Hashing, bp_runtime::HasherOf<$this>); + assert_type_eq_all!(<$r as SystemConfig>::AccountId, bp_runtime::AccountIdOf<$this>); + assert_type_eq_all!(<$r as SystemConfig>::Header, bp_runtime::HeaderOf<$this>); + } + } +); + +/// Macro that ensures that the bridge GRANDPA pallet is configured properly to bridge with given +/// chain. +#[macro_export] +macro_rules! assert_bridge_grandpa_pallet_types( + ( runtime: $r:path, with_bridged_chain_grandpa_instance: $i:path, bridged_chain: $bridged:path ) => { + { + // if one of asserts fail, then either bridge isn't configured properly (or alternatively - non-standard + // configuration is used), or something has broke existing configuration (meaning that all bridged chains + // and relays will stop functioning) + use pallet_bridge_grandpa::Config as GrandpaConfig; + use static_assertions::assert_type_eq_all; + + assert_type_eq_all!(<$r as GrandpaConfig<$i>>::BridgedChain, $bridged); + } + } +); + +/// Macro that ensures that the bridge messages pallet is configured properly to bridge using given +/// configuration. +#[macro_export] +macro_rules! assert_bridge_messages_pallet_types( + ( + runtime: $r:path, + with_bridged_chain_messages_instance: $i:path, + bridge: $bridge:path + ) => { + { + // if one of asserts fail, then either bridge isn't configured properly (or alternatively - non-standard + // configuration is used), or something has broke existing configuration (meaning that all bridged chains + // and relays will stop functioning) + use $crate::messages::{ + source::{FromThisChainMessagePayload, TargetHeaderChainAdapter}, + target::{FromBridgedChainMessagePayload, SourceHeaderChainAdapter}, + AccountIdOf, BalanceOf, BridgedChain, ThisChain, + }; + use pallet_bridge_messages::Config as MessagesConfig; + use static_assertions::assert_type_eq_all; + + assert_type_eq_all!(<$r as MessagesConfig<$i>>::OutboundPayload, FromThisChainMessagePayload); + + assert_type_eq_all!(<$r as MessagesConfig<$i>>::InboundRelayer, AccountIdOf>); + + assert_type_eq_all!(<$r as MessagesConfig<$i>>::TargetHeaderChain, TargetHeaderChainAdapter<$bridge>); + assert_type_eq_all!(<$r as MessagesConfig<$i>>::SourceHeaderChain, SourceHeaderChainAdapter<$bridge>); + } + } +); + +/// Macro that combines four other macro calls - `assert_chain_types`, `assert_bridge_types`, +/// `assert_bridge_grandpa_pallet_types` and `assert_bridge_messages_pallet_types`. It may be used +/// at the chain that is implementing complete standard messages bridge (i.e. with bridge GRANDPA +/// and messages pallets deployed). +#[macro_export] +macro_rules! assert_complete_bridge_types( + ( + runtime: $r:path, + with_bridged_chain_grandpa_instance: $gi:path, + with_bridged_chain_messages_instance: $mi:path, + bridge: $bridge:path, + this_chain: $this:path, + bridged_chain: $bridged:path, + ) => { + $crate::assert_chain_types!(runtime: $r, this_chain: $this); + $crate::assert_bridge_grandpa_pallet_types!( + runtime: $r, + with_bridged_chain_grandpa_instance: $gi, + bridged_chain: $bridged + ); + $crate::assert_bridge_messages_pallet_types!( + runtime: $r, + with_bridged_chain_messages_instance: $mi, + bridge: $bridge + ); + } +); + +/// Parameters for asserting chain-related constants. +#[derive(Debug)] +pub struct AssertChainConstants { + /// Block length limits of the chain. + pub block_length: limits::BlockLength, + /// Block weight limits of the chain. + pub block_weights: limits::BlockWeights, +} + +/// Test that our hardcoded, chain-related constants, are matching chain runtime configuration. +/// +/// In particular, this test ensures that: +/// +/// 1) block weight limits are matching; +/// 2) block size limits are matching. +pub fn assert_chain_constants(params: AssertChainConstants) +where + R: frame_system::Config, +{ + // we don't check runtime version here, because in our case we'll be building relay from one + // repo and runtime will live in another repo, along with outdated relay version. To avoid + // unneeded commits, let's not raise an error in case of version mismatch. + + // if one of following assert fails, it means that we may need to upgrade bridged chain and + // relay to use updated constants. If constants are now smaller than before, it may lead to + // undeliverable messages. + + // `BlockLength` struct is not implementing `PartialEq`, so we compare encoded values here. + assert_eq!( + R::BlockLength::get().encode(), + params.block_length.encode(), + "BlockLength from runtime ({:?}) differ from hardcoded: {:?}", + R::BlockLength::get(), + params.block_length, + ); + // `BlockWeights` struct is not implementing `PartialEq`, so we compare encoded values here + assert_eq!( + R::BlockWeights::get().encode(), + params.block_weights.encode(), + "BlockWeights from runtime ({:?}) differ from hardcoded: {:?}", + R::BlockWeights::get(), + params.block_weights, + ); +} + +/// Test that the constants, used in GRANDPA pallet configuration are valid. +pub fn assert_bridge_grandpa_pallet_constants() +where + R: pallet_bridge_grandpa::Config, + GI: 'static, +{ + assert!( + R::HeadersToKeep::get() > 0, + "HeadersToKeep ({}) must be larger than zero", + R::HeadersToKeep::get(), + ); +} + +/// Parameters for asserting messages pallet constants. +#[derive(Debug)] +pub struct AssertBridgeMessagesPalletConstants { + /// Maximal number of unrewarded relayer entries in a confirmation transaction at the bridged + /// chain. + pub max_unrewarded_relayers_in_bridged_confirmation_tx: MessageNonce, + /// Maximal number of unconfirmed messages in a confirmation transaction at the bridged chain. + pub max_unconfirmed_messages_in_bridged_confirmation_tx: MessageNonce, + /// Identifier of the bridged chain. + pub bridged_chain_id: ChainId, +} + +/// Test that the constants, used in messages pallet configuration are valid. +pub fn assert_bridge_messages_pallet_constants(params: AssertBridgeMessagesPalletConstants) +where + R: pallet_bridge_messages::Config, + MI: 'static, +{ + assert!( + !R::ActiveOutboundLanes::get().is_empty(), + "ActiveOutboundLanes ({:?}) must not be empty", + R::ActiveOutboundLanes::get(), + ); + assert!( + R::MaxUnrewardedRelayerEntriesAtInboundLane::get() <= params.max_unrewarded_relayers_in_bridged_confirmation_tx, + "MaxUnrewardedRelayerEntriesAtInboundLane ({}) must be <= than the hardcoded value for bridged chain: {}", + R::MaxUnrewardedRelayerEntriesAtInboundLane::get(), + params.max_unrewarded_relayers_in_bridged_confirmation_tx, + ); + assert!( + R::MaxUnconfirmedMessagesAtInboundLane::get() <= params.max_unconfirmed_messages_in_bridged_confirmation_tx, + "MaxUnrewardedRelayerEntriesAtInboundLane ({}) must be <= than the hardcoded value for bridged chain: {}", + R::MaxUnconfirmedMessagesAtInboundLane::get(), + params.max_unconfirmed_messages_in_bridged_confirmation_tx, + ); + assert_eq!(R::BridgedChainId::get(), params.bridged_chain_id); +} + +/// Parameters for asserting bridge pallet names. +#[derive(Debug)] +pub struct AssertBridgePalletNames<'a> { + /// Name of the messages pallet, deployed at the bridged chain and used to bridge with this + /// chain. + pub with_this_chain_messages_pallet_name: &'a str, + /// Name of the GRANDPA pallet, deployed at this chain and used to bridge with the bridged + /// chain. + pub with_bridged_chain_grandpa_pallet_name: &'a str, + /// Name of the messages pallet, deployed at this chain and used to bridge with the bridged + /// chain. + pub with_bridged_chain_messages_pallet_name: &'a str, +} + +/// Tests that bridge pallet names used in `construct_runtime!()` macro call are matching constants +/// from chain primitives crates. +pub fn assert_bridge_pallet_names(params: AssertBridgePalletNames) +where + B: MessageBridge, + R: pallet_bridge_grandpa::Config + pallet_bridge_messages::Config, + GI: 'static, + MI: 'static, +{ + assert_eq!(B::BRIDGED_MESSAGES_PALLET_NAME, params.with_this_chain_messages_pallet_name); + assert_eq!( + pallet_bridge_grandpa::PalletOwner::::storage_value_final_key().to_vec(), + bp_runtime::storage_value_key(params.with_bridged_chain_grandpa_pallet_name, "PalletOwner",).0, + ); + assert_eq!( + pallet_bridge_messages::PalletOwner::::storage_value_final_key().to_vec(), + bp_runtime::storage_value_key( + params.with_bridged_chain_messages_pallet_name, + "PalletOwner", + ) + .0, + ); +} + +/// Parameters for asserting complete standard messages bridge. +#[derive(Debug)] +pub struct AssertCompleteBridgeConstants<'a> { + /// Parameters to assert this chain constants. + pub this_chain_constants: AssertChainConstants, + /// Parameters to assert messages pallet constants. + pub messages_pallet_constants: AssertBridgeMessagesPalletConstants, + /// Parameters to assert pallet names constants. + pub pallet_names: AssertBridgePalletNames<'a>, +} + +/// All bridge-related constants tests for the complete standard messages bridge (i.e. with bridge +/// GRANDPA and messages pallets deployed). +pub fn assert_complete_bridge_constants(params: AssertCompleteBridgeConstants) +where + R: frame_system::Config + + pallet_bridge_grandpa::Config + + pallet_bridge_messages::Config, + GI: 'static, + MI: 'static, + B: MessageBridge, +{ + assert_chain_constants::(params.this_chain_constants); + assert_bridge_grandpa_pallet_constants::(); + assert_bridge_messages_pallet_constants::(params.messages_pallet_constants); + assert_bridge_pallet_names::(params.pallet_names); +} + +/// Check that the message lane weights are correct. +pub fn check_message_lane_weights< + C: Chain, + T: frame_system::Config + pallet_bridge_messages::Config, + MessagesPalletInstance: 'static, +>( + bridged_chain_extra_storage_proof_size: u32, + this_chain_max_unrewarded_relayers: MessageNonce, + this_chain_max_unconfirmed_messages: MessageNonce, + // whether `RefundBridgedParachainMessages` extension is deployed at runtime and is used for + // refunding this bridge transactions? + // + // in other words: pass true for all known production chains + runtime_includes_refund_extension: bool, +) { + type Weights = >::WeightInfo; + + // check basic weight assumptions + pallet_bridge_messages::ensure_weights_are_correct::>(); + + // check that weights allow us to receive messages + let max_incoming_message_proof_size = bridged_chain_extra_storage_proof_size + .saturating_add(messages::target::maximal_incoming_message_size(C::max_extrinsic_size())); + pallet_bridge_messages::ensure_able_to_receive_message::>( + C::max_extrinsic_size(), + C::max_extrinsic_weight(), + max_incoming_message_proof_size, + messages::target::maximal_incoming_message_dispatch_weight(C::max_extrinsic_weight()), + ); + + // check that weights allow us to receive delivery confirmations + let max_incoming_inbound_lane_data_proof_size = + InboundLaneData::<()>::encoded_size_hint_u32(this_chain_max_unrewarded_relayers as _); + pallet_bridge_messages::ensure_able_to_receive_confirmation::>( + C::max_extrinsic_size(), + C::max_extrinsic_weight(), + max_incoming_inbound_lane_data_proof_size, + this_chain_max_unrewarded_relayers, + this_chain_max_unconfirmed_messages, + ); + + // check that extra weights of delivery/confirmation transactions include the weight + // of `RefundBridgedParachainMessages` operations. This signed extension assumes the worst case + // (i.e. slashing if delivery transaction was invalid) and refunds some weight if + // assumption was wrong (i.e. if we did refund instead of slashing). This check + // ensures the extension will not refund weight when it doesn't need to (i.e. if pallet + // weights do not account weights of refund extension). + if runtime_includes_refund_extension { + assert_ne!( + Weights::::receive_messages_proof_overhead_from_runtime(), + Weight::zero() + ); + assert_ne!( + Weights::::receive_messages_delivery_proof_overhead_from_runtime(), + Weight::zero() + ); + } +} + +/// Check that the `AdditionalSigned` type of a wrapped runtime is the same as the one of the +/// corresponding actual runtime. +/// +/// This method doesn't perform any `assert`. If the condition is not true it will generate a +/// compile-time error. +pub fn check_additional_signed() +where + SignedExt: SignedExtension, + IndirectSignedExt: SignedExtension, +{ +} diff --git a/bridges/bin/runtime-common/src/lib.rs b/bridges/bin/runtime-common/src/lib.rs new file mode 100644 index 00000000000..12b096492cd --- /dev/null +++ b/bridges/bin/runtime-common/src/lib.rs @@ -0,0 +1,259 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Common types/functions that may be used by runtimes of all bridged chains. + +#![cfg_attr(not(feature = "std"), no_std)] + +use crate::messages_call_ext::MessagesCallSubType; +use pallet_bridge_grandpa::CallSubType as GrandpaCallSubType; +use pallet_bridge_parachains::CallSubType as ParachainsCallSubtype; +use sp_runtime::transaction_validity::TransactionValidity; +use xcm::v3::NetworkId; + +pub mod messages; +pub mod messages_api; +pub mod messages_benchmarking; +pub mod messages_call_ext; +pub mod messages_xcm_extension; +pub mod parachains_benchmarking; +pub mod priority_calculator; +pub mod refund_relayer_extension; + +mod messages_generation; +mod mock; + +#[cfg(feature = "integrity-test")] +pub mod integrity; + +const LOG_TARGET_BRIDGE_DISPATCH: &str = "runtime::bridge-dispatch"; + +/// A duplication of the `FilterCall` trait. +/// +/// We need this trait in order to be able to implement it for the messages pallet, +/// since the implementation is done outside of the pallet crate. +pub trait BridgeRuntimeFilterCall { + /// Checks if a runtime call is valid. + fn validate(call: &Call) -> TransactionValidity; +} + +impl BridgeRuntimeFilterCall for pallet_bridge_grandpa::Pallet +where + T: pallet_bridge_grandpa::Config, + T::RuntimeCall: GrandpaCallSubType, +{ + fn validate(call: &T::RuntimeCall) -> TransactionValidity { + GrandpaCallSubType::::check_obsolete_submit_finality_proof(call) + } +} + +impl BridgeRuntimeFilterCall + for pallet_bridge_parachains::Pallet +where + T: pallet_bridge_parachains::Config, + T::RuntimeCall: ParachainsCallSubtype, +{ + fn validate(call: &T::RuntimeCall) -> TransactionValidity { + ParachainsCallSubtype::::check_obsolete_submit_parachain_heads(call) + } +} + +impl, I: 'static> BridgeRuntimeFilterCall + for pallet_bridge_messages::Pallet +where + T::RuntimeCall: MessagesCallSubType, +{ + /// Validate messages in order to avoid "mining" messages delivery and delivery confirmation + /// transactions, that are delivering outdated messages/confirmations. Without this validation, + /// even honest relayers may lose their funds if there are multiple relays running and + /// submitting the same messages/confirmations. + fn validate(call: &T::RuntimeCall) -> TransactionValidity { + call.check_obsolete_call() + } +} + +/// Declares a runtime-specific `BridgeRejectObsoleteHeadersAndMessages` signed extension. +/// +/// ## Example +/// +/// ```nocompile +/// generate_bridge_reject_obsolete_headers_and_messages!{ +/// Call, AccountId +/// BridgeRialtoGrandpa, BridgeWestendGrandpa, +/// BridgeRialtoParachains +/// } +/// ``` +/// +/// The goal of this extension is to avoid "mining" transactions that provide outdated bridged +/// headers and messages. Without that extension, even honest relayers may lose their funds if +/// there are multiple relays running and submitting the same information. +#[macro_export] +macro_rules! generate_bridge_reject_obsolete_headers_and_messages { + ($call:ty, $account_id:ty, $($filter_call:ty),*) => { + #[derive(Clone, codec::Decode, Default, codec::Encode, Eq, PartialEq, frame_support::RuntimeDebug, scale_info::TypeInfo)] + pub struct BridgeRejectObsoleteHeadersAndMessages; + impl sp_runtime::traits::SignedExtension for BridgeRejectObsoleteHeadersAndMessages { + const IDENTIFIER: &'static str = "BridgeRejectObsoleteHeadersAndMessages"; + type AccountId = $account_id; + type Call = $call; + type AdditionalSigned = (); + type Pre = (); + + fn additional_signed(&self) -> sp_std::result::Result< + (), + sp_runtime::transaction_validity::TransactionValidityError, + > { + Ok(()) + } + + fn validate( + &self, + _who: &Self::AccountId, + call: &Self::Call, + _info: &sp_runtime::traits::DispatchInfoOf, + _len: usize, + ) -> sp_runtime::transaction_validity::TransactionValidity { + let valid = sp_runtime::transaction_validity::ValidTransaction::default(); + $( + let valid = valid + .combine_with(<$filter_call as $crate::BridgeRuntimeFilterCall<$call>>::validate(call)?); + )* + Ok(valid) + } + + fn pre_dispatch( + self, + who: &Self::AccountId, + call: &Self::Call, + info: &sp_runtime::traits::DispatchInfoOf, + len: usize, + ) -> Result { + self.validate(who, call, info, len).map(drop) + } + } + }; +} + +/// A mapping over `NetworkId`. +/// Since `NetworkId` doesn't include `Millau`, `Rialto` and `RialtoParachain`, we create some +/// synthetic associations between these chains and `NetworkId` chains. +pub enum CustomNetworkId { + /// The Millau network ID, associated with Kusama. + Millau, + /// The Rialto network ID, associated with Polkadot. + Rialto, + /// The RialtoParachain network ID, associated with Westend. + RialtoParachain, +} + +impl TryFrom for CustomNetworkId { + type Error = (); + + fn try_from(chain: bp_runtime::ChainId) -> Result { + Ok(match chain { + bp_runtime::MILLAU_CHAIN_ID => Self::Millau, + bp_runtime::RIALTO_CHAIN_ID => Self::Rialto, + bp_runtime::RIALTO_PARACHAIN_CHAIN_ID => Self::RialtoParachain, + _ => return Err(()), + }) + } +} + +impl CustomNetworkId { + /// Converts self to XCM' network id. + pub const fn as_network_id(&self) -> NetworkId { + match *self { + CustomNetworkId::Millau => NetworkId::Kusama, + CustomNetworkId::Rialto => NetworkId::Polkadot, + CustomNetworkId::RialtoParachain => NetworkId::Westend, + } + } +} + +#[cfg(test)] +mod tests { + use crate::BridgeRuntimeFilterCall; + use frame_support::{assert_err, assert_ok}; + use sp_runtime::{ + traits::SignedExtension, + transaction_validity::{InvalidTransaction, TransactionValidity, ValidTransaction}, + }; + + pub struct MockCall { + data: u32, + } + + impl sp_runtime::traits::Dispatchable for MockCall { + type RuntimeOrigin = (); + type Config = (); + type Info = (); + type PostInfo = (); + + fn dispatch( + self, + _origin: Self::RuntimeOrigin, + ) -> sp_runtime::DispatchResultWithInfo { + unimplemented!() + } + } + + struct FirstFilterCall; + impl BridgeRuntimeFilterCall for FirstFilterCall { + fn validate(call: &MockCall) -> TransactionValidity { + if call.data <= 1 { + return InvalidTransaction::Custom(1).into() + } + + Ok(ValidTransaction { priority: 1, ..Default::default() }) + } + } + + struct SecondFilterCall; + impl BridgeRuntimeFilterCall for SecondFilterCall { + fn validate(call: &MockCall) -> TransactionValidity { + if call.data <= 2 { + return InvalidTransaction::Custom(2).into() + } + + Ok(ValidTransaction { priority: 2, ..Default::default() }) + } + } + + #[test] + fn test() { + generate_bridge_reject_obsolete_headers_and_messages!( + MockCall, + (), + FirstFilterCall, + SecondFilterCall + ); + + assert_err!( + BridgeRejectObsoleteHeadersAndMessages.validate(&(), &MockCall { data: 1 }, &(), 0), + InvalidTransaction::Custom(1) + ); + + assert_err!( + BridgeRejectObsoleteHeadersAndMessages.validate(&(), &MockCall { data: 2 }, &(), 0), + InvalidTransaction::Custom(2) + ); + + assert_ok!( + BridgeRejectObsoleteHeadersAndMessages.validate(&(), &MockCall { data: 3 }, &(), 0), + ValidTransaction { priority: 3, ..Default::default() } + ) + } +} diff --git a/bridges/bin/runtime-common/src/messages.rs b/bridges/bin/runtime-common/src/messages.rs new file mode 100644 index 00000000000..6f6b1959577 --- /dev/null +++ b/bridges/bin/runtime-common/src/messages.rs @@ -0,0 +1,779 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Types that allow runtime to act as a source/target endpoint of message lanes. +//! +//! Messages are assumed to be encoded `Call`s of the target chain. Call-dispatch +//! pallet is used to dispatch incoming messages. Message identified by a tuple +//! of to elements - message lane id and message nonce. + +pub use bp_runtime::{RangeInclusiveExt, UnderlyingChainOf, UnderlyingChainProvider}; + +use bp_header_chain::{HeaderChain, HeaderChainError}; +use bp_messages::{ + source_chain::{LaneMessageVerifier, TargetHeaderChain}, + target_chain::{ProvedLaneMessages, ProvedMessages, SourceHeaderChain}, + InboundLaneData, LaneId, Message, MessageKey, MessageNonce, MessagePayload, OutboundLaneData, +}; +use bp_runtime::{Chain, RawStorageProof, Size, StorageProofChecker, StorageProofError}; +use codec::{Decode, Encode}; +use frame_support::{traits::Get, weights::Weight, RuntimeDebug}; +use hash_db::Hasher; +use scale_info::TypeInfo; +use sp_std::{convert::TryFrom, fmt::Debug, marker::PhantomData, vec::Vec}; + +/// Bidirectional message bridge. +pub trait MessageBridge { + /// Name of the paired messages pallet instance at the Bridged chain. + /// + /// Should be the name that is used in the `construct_runtime!()` macro. + const BRIDGED_MESSAGES_PALLET_NAME: &'static str; + + /// This chain in context of message bridge. + type ThisChain: ThisChainWithMessages; + /// Bridged chain in context of message bridge. + type BridgedChain: BridgedChainWithMessages; + /// Bridged header chain. + type BridgedHeaderChain: HeaderChain>; +} + +/// This chain that has `pallet-bridge-messages` module. +pub trait ThisChainWithMessages: UnderlyingChainProvider { + /// Call origin on the chain. + type RuntimeOrigin; +} + +/// Bridged chain that has `pallet-bridge-messages` module. +pub trait BridgedChainWithMessages: UnderlyingChainProvider {} + +/// This chain in context of message bridge. +pub type ThisChain = ::ThisChain; +/// Bridged chain in context of message bridge. +pub type BridgedChain = ::BridgedChain; +/// Hash used on the chain. +pub type HashOf = bp_runtime::HashOf<::Chain>; +/// Hasher used on the chain. +pub type HasherOf = bp_runtime::HasherOf>; +/// Account id used on the chain. +pub type AccountIdOf = bp_runtime::AccountIdOf>; +/// Type of balances that is used on the chain. +pub type BalanceOf = bp_runtime::BalanceOf>; +/// Type of origin that is used on the chain. +pub type OriginOf = ::RuntimeOrigin; + +/// Error that happens during message verification. +#[derive(Debug, PartialEq, Eq)] +pub enum Error { + /// The message proof is empty. + EmptyMessageProof, + /// Error returned by the bridged header chain. + HeaderChain(HeaderChainError), + /// Error returned while reading/decoding inbound lane data from the storage proof. + InboundLaneStorage(StorageProofError), + /// The declared message weight is incorrect. + InvalidMessageWeight, + /// Declared messages count doesn't match actual value. + MessagesCountMismatch, + /// Error returned while reading/decoding message data from the storage proof. + MessageStorage(StorageProofError), + /// The message is too large. + MessageTooLarge, + /// Error returned while reading/decoding outbound lane data from the storage proof. + OutboundLaneStorage(StorageProofError), + /// Storage proof related error. + StorageProof(StorageProofError), +} + +/// Sub-module that is declaring types required for processing This -> Bridged chain messages. +pub mod source { + use super::*; + + /// Message payload for This -> Bridged chain messages. + pub type FromThisChainMessagePayload = crate::messages_xcm_extension::XcmAsPlainPayload; + + /// Maximal size of outbound message payload. + pub struct FromThisChainMaximalOutboundPayloadSize(PhantomData); + + impl Get for FromThisChainMaximalOutboundPayloadSize { + fn get() -> u32 { + maximal_message_size::() + } + } + + /// Messages delivery proof from bridged chain: + /// + /// - hash of finalized header; + /// - storage proof of inbound lane state; + /// - lane id. + #[derive(Clone, Decode, Encode, Eq, PartialEq, RuntimeDebug, TypeInfo)] + pub struct FromBridgedChainMessagesDeliveryProof { + /// Hash of the bridge header the proof is for. + pub bridged_header_hash: BridgedHeaderHash, + /// Storage trie proof generated for [`Self::bridged_header_hash`]. + pub storage_proof: RawStorageProof, + /// Lane id of which messages were delivered and the proof is for. + pub lane: LaneId, + } + + impl Size for FromBridgedChainMessagesDeliveryProof { + fn size(&self) -> u32 { + u32::try_from( + self.storage_proof + .iter() + .fold(0usize, |sum, node| sum.saturating_add(node.len())), + ) + .unwrap_or(u32::MAX) + } + } + + /// 'Parsed' message delivery proof - inbound lane id and its state. + pub type ParsedMessagesDeliveryProofFromBridgedChain = + (LaneId, InboundLaneData>>); + + /// Message verifier that is doing all basic checks. + /// + /// This verifier assumes following: + /// + /// - all message lanes are equivalent, so all checks are the same; + /// + /// Following checks are made: + /// + /// - message is rejected if its lane is currently blocked; + /// - message is rejected if there are too many pending (undelivered) messages at the outbound + /// lane; + /// - check that the sender has rights to dispatch the call on target chain using provided + /// dispatch origin; + /// - check that the sender has paid enough funds for both message delivery and dispatch. + #[derive(RuntimeDebug)] + pub struct FromThisChainMessageVerifier(PhantomData); + + impl LaneMessageVerifier>, FromThisChainMessagePayload> + for FromThisChainMessageVerifier + where + B: MessageBridge, + // matches requirements from the `frame_system::Config::Origin` + OriginOf>: Clone + + Into>>, OriginOf>>>, + AccountIdOf>: PartialEq + Clone, + { + type Error = &'static str; + + fn verify_message( + _submitter: &OriginOf>, + _lane: &LaneId, + _lane_outbound_data: &OutboundLaneData, + _payload: &FromThisChainMessagePayload, + ) -> Result<(), Self::Error> { + // IMPORTANT: any error that is returned here is fatal for the bridge, because + // this code is executed at the bridge hub and message sender actually lives + // at some sibling parachain. So we are failing **after** the message has been + // sent and we can't report it back to sender (unless error report mechanism is + // embedded into message and its dispatcher). + + Ok(()) + } + } + + /// Return maximal message size of This -> Bridged chain message. + pub fn maximal_message_size() -> u32 { + super::target::maximal_incoming_message_size( + UnderlyingChainOf::>::max_extrinsic_size(), + ) + } + + /// `TargetHeaderChain` implementation that is using default types and perform default checks. + pub struct TargetHeaderChainAdapter(PhantomData); + + impl TargetHeaderChain>> + for TargetHeaderChainAdapter + { + type Error = Error; + type MessagesDeliveryProof = FromBridgedChainMessagesDeliveryProof>>; + + fn verify_message(payload: &FromThisChainMessagePayload) -> Result<(), Self::Error> { + verify_chain_message::(payload) + } + + fn verify_messages_delivery_proof( + proof: Self::MessagesDeliveryProof, + ) -> Result<(LaneId, InboundLaneData>>), Self::Error> { + verify_messages_delivery_proof::(proof) + } + } + + /// Do basic Bridged-chain specific verification of This -> Bridged chain message. + /// + /// Ok result from this function means that the delivery transaction with this message + /// may be 'mined' by the target chain. But the lane may have its own checks (e.g. fee + /// check) that would reject message (see `FromThisChainMessageVerifier`). + pub fn verify_chain_message( + payload: &FromThisChainMessagePayload, + ) -> Result<(), Error> { + // IMPORTANT: any error that is returned here is fatal for the bridge, because + // this code is executed at the bridge hub and message sender actually lives + // at some sibling parachain. So we are failing **after** the message has been + // sent and we can't report it back to sender (unless error report mechanism is + // embedded into message and its dispatcher). + + // apart from maximal message size check (see below), we should also check the message + // dispatch weight here. But we assume that the bridged chain will just push the message + // to some queue (XCMP, UMP, DMP), so the weight is constant and fits the block. + + // The maximal size of extrinsic at Substrate-based chain depends on the + // `frame_system::Config::MaximumBlockLength` and + // `frame_system::Config::AvailableBlockRatio` constants. This check is here to be sure that + // the lane won't stuck because message is too large to fit into delivery transaction. + // + // **IMPORTANT NOTE**: the delivery transaction contains storage proof of the message, not + // the message itself. The proof is always larger than the message. But unless chain state + // is enormously large, it should be several dozens/hundreds of bytes. The delivery + // transaction also contains signatures and signed extensions. Because of this, we reserve + // 1/3 of the the maximal extrinsic weight for this data. + if payload.len() > maximal_message_size::() as usize { + return Err(Error::MessageTooLarge) + } + + Ok(()) + } + + /// Verify proof of This -> Bridged chain messages delivery. + /// + /// This function is used when Bridged chain is directly using GRANDPA finality. For Bridged + /// parachains, please use the `verify_messages_delivery_proof_from_parachain`. + pub fn verify_messages_delivery_proof( + proof: FromBridgedChainMessagesDeliveryProof>>, + ) -> Result, Error> { + let FromBridgedChainMessagesDeliveryProof { bridged_header_hash, storage_proof, lane } = + proof; + B::BridgedHeaderChain::parse_finalized_storage_proof( + bridged_header_hash, + storage_proof, + |mut storage| { + // Messages delivery proof is just proof of single storage key read => any error + // is fatal. + let storage_inbound_lane_data_key = + bp_messages::storage_keys::inbound_lane_data_key( + B::BRIDGED_MESSAGES_PALLET_NAME, + &lane, + ); + let inbound_lane_data = storage + .read_and_decode_mandatory_value(storage_inbound_lane_data_key.0.as_ref()) + .map_err(Error::InboundLaneStorage)?; + + // check that the storage proof doesn't have any untouched trie nodes + storage.ensure_no_unused_nodes().map_err(Error::StorageProof)?; + + Ok((lane, inbound_lane_data)) + }, + ) + .map_err(Error::HeaderChain)? + } +} + +/// Sub-module that is declaring types required for processing Bridged -> This chain messages. +pub mod target { + use super::*; + + /// Decoded Bridged -> This message payload. + pub type FromBridgedChainMessagePayload = crate::messages_xcm_extension::XcmAsPlainPayload; + + /// Messages proof from bridged chain: + /// + /// - hash of finalized header; + /// - storage proof of messages and (optionally) outbound lane state; + /// - lane id; + /// - nonces (inclusive range) of messages which are included in this proof. + #[derive(Clone, Decode, Encode, Eq, PartialEq, RuntimeDebug, TypeInfo)] + pub struct FromBridgedChainMessagesProof { + /// Hash of the finalized bridged header the proof is for. + pub bridged_header_hash: BridgedHeaderHash, + /// A storage trie proof of messages being delivered. + pub storage_proof: RawStorageProof, + /// Messages in this proof are sent over this lane. + pub lane: LaneId, + /// Nonce of the first message being delivered. + pub nonces_start: MessageNonce, + /// Nonce of the last message being delivered. + pub nonces_end: MessageNonce, + } + + impl Size for FromBridgedChainMessagesProof { + fn size(&self) -> u32 { + u32::try_from( + self.storage_proof + .iter() + .fold(0usize, |sum, node| sum.saturating_add(node.len())), + ) + .unwrap_or(u32::MAX) + } + } + + /// Return maximal dispatch weight of the message we're able to receive. + pub fn maximal_incoming_message_dispatch_weight(maximal_extrinsic_weight: Weight) -> Weight { + maximal_extrinsic_weight / 2 + } + + /// Return maximal message size given maximal extrinsic size. + pub fn maximal_incoming_message_size(maximal_extrinsic_size: u32) -> u32 { + maximal_extrinsic_size / 3 * 2 + } + + /// `SourceHeaderChain` implementation that is using default types and perform default checks. + pub struct SourceHeaderChainAdapter(PhantomData); + + impl SourceHeaderChain for SourceHeaderChainAdapter { + type Error = Error; + type MessagesProof = FromBridgedChainMessagesProof>>; + + fn verify_messages_proof( + proof: Self::MessagesProof, + messages_count: u32, + ) -> Result, Self::Error> { + verify_messages_proof::(proof, messages_count) + } + } + + /// Verify proof of Bridged -> This chain messages. + /// + /// This function is used when Bridged chain is directly using GRANDPA finality. For Bridged + /// parachains, please use the `verify_messages_proof_from_parachain`. + /// + /// The `messages_count` argument verification (sane limits) is supposed to be made + /// outside of this function. This function only verifies that the proof declares exactly + /// `messages_count` messages. + pub fn verify_messages_proof( + proof: FromBridgedChainMessagesProof>>, + messages_count: u32, + ) -> Result, Error> { + let FromBridgedChainMessagesProof { + bridged_header_hash, + storage_proof, + lane, + nonces_start, + nonces_end, + } = proof; + let nonces_range = nonces_start..=nonces_end; + + B::BridgedHeaderChain::parse_finalized_storage_proof( + bridged_header_hash, + storage_proof, + |storage| { + let mut parser = + StorageProofCheckerAdapter::<_, B> { storage, _dummy: Default::default() }; + + // receiving proofs where end < begin is ok (if proof includes outbound lane state) + let messages_in_the_proof = nonces_range.checked_len().unwrap_or(0); + if messages_in_the_proof != MessageNonce::from(messages_count) { + return Err(Error::MessagesCountMismatch) + } + + // Read messages first. All messages that are claimed to be in the proof must + // be in the proof. So any error in `read_value`, or even missing value is fatal. + // + // Mind that we allow proofs with no messages if outbound lane state is proved. + let mut messages = Vec::with_capacity(messages_in_the_proof as _); + for nonce in nonces_range { + let message_key = MessageKey { lane_id: lane, nonce }; + let message_payload = parser.read_and_decode_message_payload(&message_key)?; + messages.push(Message { key: message_key, payload: message_payload }); + } + + // Now let's check if proof contains outbound lane state proof. It is optional, so + // we simply ignore `read_value` errors and missing value. + let proved_lane_messages = ProvedLaneMessages { + lane_state: parser.read_and_decode_outbound_lane_data(&lane)?, + messages, + }; + + // Now we may actually check if the proof is empty or not. + if proved_lane_messages.lane_state.is_none() && + proved_lane_messages.messages.is_empty() + { + return Err(Error::EmptyMessageProof) + } + + // check that the storage proof doesn't have any untouched trie nodes + parser.storage.ensure_no_unused_nodes().map_err(Error::StorageProof)?; + + // We only support single lane messages in this generated_schema + let mut proved_messages = ProvedMessages::new(); + proved_messages.insert(lane, proved_lane_messages); + + Ok(proved_messages) + }, + ) + .map_err(Error::HeaderChain)? + } + + struct StorageProofCheckerAdapter { + storage: StorageProofChecker, + _dummy: sp_std::marker::PhantomData, + } + + impl StorageProofCheckerAdapter { + fn read_and_decode_outbound_lane_data( + &mut self, + lane_id: &LaneId, + ) -> Result, Error> { + let storage_outbound_lane_data_key = bp_messages::storage_keys::outbound_lane_data_key( + B::BRIDGED_MESSAGES_PALLET_NAME, + lane_id, + ); + + self.storage + .read_and_decode_opt_value(storage_outbound_lane_data_key.0.as_ref()) + .map_err(Error::OutboundLaneStorage) + } + + fn read_and_decode_message_payload( + &mut self, + message_key: &MessageKey, + ) -> Result { + let storage_message_key = bp_messages::storage_keys::message_key( + B::BRIDGED_MESSAGES_PALLET_NAME, + &message_key.lane_id, + message_key.nonce, + ); + self.storage + .read_and_decode_mandatory_value(storage_message_key.0.as_ref()) + .map_err(Error::MessageStorage) + } + } +} + +/// The `BridgeMessagesCall` used by a chain. +pub type BridgeMessagesCallOf = bp_messages::BridgeMessagesCall< + bp_runtime::AccountIdOf, + target::FromBridgedChainMessagesProof>, + source::FromBridgedChainMessagesDeliveryProof>, +>; + +#[cfg(test)] +mod tests { + use super::*; + use crate::{ + messages_generation::{ + encode_all_messages, encode_lane_data, prepare_messages_storage_proof, + }, + mock::*, + }; + use bp_header_chain::StoredHeaderDataBuilder; + use bp_runtime::HeaderId; + use codec::Encode; + use sp_core::H256; + use sp_runtime::traits::Header as _; + + #[test] + fn verify_chain_message_rejects_message_with_too_large_declared_weight() { + assert!(source::verify_chain_message::(&vec![ + 42; + BRIDGED_CHAIN_MAX_EXTRINSIC_WEIGHT - + 1 + ]) + .is_err()); + } + + #[test] + fn verify_chain_message_rejects_message_too_large_message() { + assert!(source::verify_chain_message::(&vec![ + 0; + source::maximal_message_size::() + as usize + 1 + ],) + .is_err()); + } + + #[test] + fn verify_chain_message_accepts_maximal_message() { + assert_eq!( + source::verify_chain_message::(&vec![ + 0; + source::maximal_message_size::() + as _ + ],), + Ok(()), + ); + } + + fn using_messages_proof( + nonces_end: MessageNonce, + outbound_lane_data: Option, + encode_message: impl Fn(MessageNonce, &MessagePayload) -> Option>, + encode_outbound_lane_data: impl Fn(&OutboundLaneData) -> Vec, + test: impl Fn(target::FromBridgedChainMessagesProof) -> R, + ) -> R { + let (state_root, storage_proof) = prepare_messages_storage_proof::( + TEST_LANE_ID, + 1..=nonces_end, + outbound_lane_data, + bp_runtime::StorageProofSize::Minimal(0), + vec![42], + encode_message, + encode_outbound_lane_data, + ); + + sp_io::TestExternalities::new(Default::default()).execute_with(move || { + let bridged_header = BridgedChainHeader::new( + 0, + Default::default(), + state_root, + Default::default(), + Default::default(), + ); + let bridged_header_hash = bridged_header.hash(); + + pallet_bridge_grandpa::BestFinalized::::put(HeaderId( + 0, + bridged_header_hash, + )); + pallet_bridge_grandpa::ImportedHeaders::::insert( + bridged_header_hash, + bridged_header.build(), + ); + test(target::FromBridgedChainMessagesProof { + bridged_header_hash, + storage_proof, + lane: TEST_LANE_ID, + nonces_start: 1, + nonces_end, + }) + }) + } + + #[test] + fn messages_proof_is_rejected_if_declared_less_than_actual_number_of_messages() { + assert_eq!( + using_messages_proof(10, None, encode_all_messages, encode_lane_data, |proof| { + target::verify_messages_proof::(proof, 5) + }), + Err(Error::MessagesCountMismatch), + ); + } + + #[test] + fn messages_proof_is_rejected_if_declared_more_than_actual_number_of_messages() { + assert_eq!( + using_messages_proof(10, None, encode_all_messages, encode_lane_data, |proof| { + target::verify_messages_proof::(proof, 15) + }), + Err(Error::MessagesCountMismatch), + ); + } + + #[test] + fn message_proof_is_rejected_if_header_is_missing_from_the_chain() { + assert_eq!( + using_messages_proof(10, None, encode_all_messages, encode_lane_data, |proof| { + let bridged_header_hash = + pallet_bridge_grandpa::BestFinalized::::get().unwrap().1; + pallet_bridge_grandpa::ImportedHeaders::::remove(bridged_header_hash); + target::verify_messages_proof::(proof, 10) + }), + Err(Error::HeaderChain(HeaderChainError::UnknownHeader)), + ); + } + + #[test] + fn message_proof_is_rejected_if_header_state_root_mismatches() { + assert_eq!( + using_messages_proof(10, None, encode_all_messages, encode_lane_data, |proof| { + let bridged_header_hash = + pallet_bridge_grandpa::BestFinalized::::get().unwrap().1; + pallet_bridge_grandpa::ImportedHeaders::::insert( + bridged_header_hash, + BridgedChainHeader::new( + 0, + Default::default(), + Default::default(), + Default::default(), + Default::default(), + ) + .build(), + ); + target::verify_messages_proof::(proof, 10) + }), + Err(Error::HeaderChain(HeaderChainError::StorageProof( + StorageProofError::StorageRootMismatch + ))), + ); + } + + #[test] + fn message_proof_is_rejected_if_it_has_duplicate_trie_nodes() { + assert_eq!( + using_messages_proof(10, None, encode_all_messages, encode_lane_data, |mut proof| { + let node = proof.storage_proof.pop().unwrap(); + proof.storage_proof.push(node.clone()); + proof.storage_proof.push(node); + target::verify_messages_proof::(proof, 10) + },), + Err(Error::HeaderChain(HeaderChainError::StorageProof( + StorageProofError::DuplicateNodesInProof + ))), + ); + } + + #[test] + fn message_proof_is_rejected_if_it_has_unused_trie_nodes() { + assert_eq!( + using_messages_proof(10, None, encode_all_messages, encode_lane_data, |mut proof| { + proof.storage_proof.push(vec![42]); + target::verify_messages_proof::(proof, 10) + },), + Err(Error::StorageProof(StorageProofError::UnusedNodesInTheProof)), + ); + } + + #[test] + fn message_proof_is_rejected_if_required_message_is_missing() { + matches!( + using_messages_proof( + 10, + None, + |n, m| if n != 5 { Some(m.encode()) } else { None }, + encode_lane_data, + |proof| target::verify_messages_proof::(proof, 10) + ), + Err(Error::MessageStorage(StorageProofError::StorageValueEmpty)), + ); + } + + #[test] + fn message_proof_is_rejected_if_message_decode_fails() { + matches!( + using_messages_proof( + 10, + None, + |n, m| { + let mut m = m.encode(); + if n == 5 { + m = vec![42] + } + Some(m) + }, + encode_lane_data, + |proof| target::verify_messages_proof::(proof, 10), + ), + Err(Error::MessageStorage(StorageProofError::StorageValueDecodeFailed(_))), + ); + } + + #[test] + fn message_proof_is_rejected_if_outbound_lane_state_decode_fails() { + matches!( + using_messages_proof( + 10, + Some(OutboundLaneData { + oldest_unpruned_nonce: 1, + latest_received_nonce: 1, + latest_generated_nonce: 1, + }), + encode_all_messages, + |d| { + let mut d = d.encode(); + d.truncate(1); + d + }, + |proof| target::verify_messages_proof::(proof, 10), + ), + Err(Error::OutboundLaneStorage(StorageProofError::StorageValueDecodeFailed(_))), + ); + } + + #[test] + fn message_proof_is_rejected_if_it_is_empty() { + assert_eq!( + using_messages_proof(0, None, encode_all_messages, encode_lane_data, |proof| { + target::verify_messages_proof::(proof, 0) + },), + Err(Error::EmptyMessageProof), + ); + } + + #[test] + fn non_empty_message_proof_without_messages_is_accepted() { + assert_eq!( + using_messages_proof( + 0, + Some(OutboundLaneData { + oldest_unpruned_nonce: 1, + latest_received_nonce: 1, + latest_generated_nonce: 1, + }), + encode_all_messages, + encode_lane_data, + |proof| target::verify_messages_proof::(proof, 0), + ), + Ok(vec![( + TEST_LANE_ID, + ProvedLaneMessages { + lane_state: Some(OutboundLaneData { + oldest_unpruned_nonce: 1, + latest_received_nonce: 1, + latest_generated_nonce: 1, + }), + messages: Vec::new(), + }, + )] + .into_iter() + .collect()), + ); + } + + #[test] + fn non_empty_message_proof_is_accepted() { + assert_eq!( + using_messages_proof( + 1, + Some(OutboundLaneData { + oldest_unpruned_nonce: 1, + latest_received_nonce: 1, + latest_generated_nonce: 1, + }), + encode_all_messages, + encode_lane_data, + |proof| target::verify_messages_proof::(proof, 1), + ), + Ok(vec![( + TEST_LANE_ID, + ProvedLaneMessages { + lane_state: Some(OutboundLaneData { + oldest_unpruned_nonce: 1, + latest_received_nonce: 1, + latest_generated_nonce: 1, + }), + messages: vec![Message { + key: MessageKey { lane_id: TEST_LANE_ID, nonce: 1 }, + payload: vec![42], + }], + }, + )] + .into_iter() + .collect()), + ); + } + + #[test] + fn verify_messages_proof_does_not_panic_if_messages_count_mismatches() { + assert_eq!( + using_messages_proof(1, None, encode_all_messages, encode_lane_data, |mut proof| { + proof.nonces_end = u64::MAX; + target::verify_messages_proof::(proof, u32::MAX) + },), + Err(Error::MessagesCountMismatch), + ); + } +} diff --git a/bridges/bin/runtime-common/src/messages_api.rs b/bridges/bin/runtime-common/src/messages_api.rs new file mode 100644 index 00000000000..199e062fe98 --- /dev/null +++ b/bridges/bin/runtime-common/src/messages_api.rs @@ -0,0 +1,66 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Helpers for implementing various message-related runtime API mthods. + +use bp_messages::{ + InboundMessageDetails, LaneId, MessageNonce, MessagePayload, OutboundMessageDetails, +}; +use sp_std::vec::Vec; + +/// Implementation of the `To*OutboundLaneApi::message_details`. +pub fn outbound_message_details( + lane: LaneId, + begin: MessageNonce, + end: MessageNonce, +) -> Vec +where + Runtime: pallet_bridge_messages::Config, + MessagesPalletInstance: 'static, +{ + (begin..=end) + .filter_map(|nonce| { + let message_data = + pallet_bridge_messages::Pallet::::outbound_message_data(lane, nonce)?; + Some(OutboundMessageDetails { + nonce, + // dispatch message weight is always zero at the source chain, since we're paying for + // dispatch at the target chain + dispatch_weight: frame_support::weights::Weight::zero(), + size: message_data.len() as _, + }) + }) + .collect() +} + +/// Implementation of the `To*InboundLaneApi::message_details`. +pub fn inbound_message_details( + lane: LaneId, + messages: Vec<(MessagePayload, OutboundMessageDetails)>, +) -> Vec +where + Runtime: pallet_bridge_messages::Config, + MessagesPalletInstance: 'static, +{ + messages + .into_iter() + .map(|(payload, details)| { + pallet_bridge_messages::Pallet::::inbound_message_data( + lane, payload, details, + ) + }) + .collect() +} diff --git a/bridges/bin/runtime-common/src/messages_benchmarking.rs b/bridges/bin/runtime-common/src/messages_benchmarking.rs new file mode 100644 index 00000000000..b067523c305 --- /dev/null +++ b/bridges/bin/runtime-common/src/messages_benchmarking.rs @@ -0,0 +1,293 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Everything required to run benchmarks of messages module, based on +//! `bridge_runtime_common::messages` implementation. + +#![cfg(feature = "runtime-benchmarks")] + +use crate::{ + messages::{ + source::FromBridgedChainMessagesDeliveryProof, target::FromBridgedChainMessagesProof, + AccountIdOf, BridgedChain, HashOf, HasherOf, MessageBridge, ThisChain, + }, + messages_generation::{ + encode_all_messages, encode_lane_data, grow_trie_leaf_value, prepare_messages_storage_proof, + }, +}; + +use bp_messages::storage_keys; +use bp_polkadot_core::parachains::ParaHash; +use bp_runtime::{ + record_all_trie_keys, Chain, Parachain, RawStorageProof, StorageProofSize, UnderlyingChainOf, +}; +use codec::Encode; +use frame_support::weights::Weight; +use pallet_bridge_messages::benchmarking::{MessageDeliveryProofParams, MessageProofParams}; +use sp_runtime::traits::{Header, Zero}; +use sp_std::prelude::*; +use sp_trie::{trie_types::TrieDBMutBuilderV1, LayoutV1, MemoryDB, TrieMut}; +use xcm::v3::prelude::*; + +/// Prepare inbound bridge message according to given message proof parameters. +fn prepare_inbound_message( + params: &MessageProofParams, + destination: InteriorMultiLocation, +) -> Vec { + // we only care about **this** message size when message proof needs to be `Minimal` + let expected_size = match params.size { + StorageProofSize::Minimal(size) => size as usize, + _ => 0, + }; + + // if we don't need a correct message, then we may just return some random blob + if !params.is_successful_dispatch_expected { + return vec![0u8; expected_size] + } + + // else let's prepare successful message. For XCM bridge hubs, it is the message that + // will be pushed further to some XCM queue (XCMP/UMP) + let location = xcm::VersionedInteriorMultiLocation::V3(destination); + let location_encoded_size = location.encoded_size(); + + // we don't need to be super-precise with `expected_size` here + let xcm_size = expected_size.saturating_sub(location_encoded_size); + let xcm = xcm::VersionedXcm::<()>::V3(vec![Instruction::ClearOrigin; xcm_size].into()); + + // this is the `BridgeMessage` from polkadot xcm builder, but it has no constructor + // or public fields, so just tuple + // (double encoding, because `.encode()` is called on original Xcm BLOB when it is pushed + // to the storage) + (location, xcm).encode().encode() +} + +/// Prepare proof of messages for the `receive_messages_proof` call. +/// +/// In addition to returning valid messages proof, environment is prepared to verify this message +/// proof. +/// +/// This method is intended to be used when benchmarking pallet, linked to the chain that +/// uses GRANDPA finality. For parachains, please use the `prepare_message_proof_from_parachain` +/// function. +pub fn prepare_message_proof_from_grandpa_chain( + params: MessageProofParams, + message_destination: InteriorMultiLocation, +) -> (FromBridgedChainMessagesProof>>, Weight) +where + R: pallet_bridge_grandpa::Config>>, + FI: 'static, + B: MessageBridge, +{ + // prepare storage proof + let (state_root, storage_proof) = prepare_messages_storage_proof::( + params.lane, + params.message_nonces.clone(), + params.outbound_lane_data.clone(), + params.size, + prepare_inbound_message(¶ms, message_destination), + encode_all_messages, + encode_lane_data, + ); + + // update runtime storage + let (_, bridged_header_hash) = insert_header_to_grandpa_pallet::(state_root); + + ( + FromBridgedChainMessagesProof { + bridged_header_hash, + storage_proof, + lane: params.lane, + nonces_start: *params.message_nonces.start(), + nonces_end: *params.message_nonces.end(), + }, + Weight::MAX / 1000, + ) +} + +/// Prepare proof of messages for the `receive_messages_proof` call. +/// +/// In addition to returning valid messages proof, environment is prepared to verify this message +/// proof. +/// +/// This method is intended to be used when benchmarking pallet, linked to the chain that +/// uses parachain finality. For GRANDPA chains, please use the +/// `prepare_message_proof_from_grandpa_chain` function. +pub fn prepare_message_proof_from_parachain( + params: MessageProofParams, + message_destination: InteriorMultiLocation, +) -> (FromBridgedChainMessagesProof>>, Weight) +where + R: pallet_bridge_parachains::Config, + PI: 'static, + B: MessageBridge, + UnderlyingChainOf>: Chain + Parachain, +{ + // prepare storage proof + let (state_root, storage_proof) = prepare_messages_storage_proof::( + params.lane, + params.message_nonces.clone(), + params.outbound_lane_data.clone(), + params.size, + prepare_inbound_message(¶ms, message_destination), + encode_all_messages, + encode_lane_data, + ); + + // update runtime storage + let (_, bridged_header_hash) = + insert_header_to_parachains_pallet::>>(state_root); + + ( + FromBridgedChainMessagesProof { + bridged_header_hash, + storage_proof, + lane: params.lane, + nonces_start: *params.message_nonces.start(), + nonces_end: *params.message_nonces.end(), + }, + Weight::MAX / 1000, + ) +} + +/// Prepare proof of messages delivery for the `receive_messages_delivery_proof` call. +/// +/// This method is intended to be used when benchmarking pallet, linked to the chain that +/// uses GRANDPA finality. For parachains, please use the +/// `prepare_message_delivery_proof_from_parachain` function. +pub fn prepare_message_delivery_proof_from_grandpa_chain( + params: MessageDeliveryProofParams>>, +) -> FromBridgedChainMessagesDeliveryProof>> +where + R: pallet_bridge_grandpa::Config>>, + FI: 'static, + B: MessageBridge, +{ + // prepare storage proof + let lane = params.lane; + let (state_root, storage_proof) = prepare_message_delivery_proof::(params); + + // update runtime storage + let (_, bridged_header_hash) = insert_header_to_grandpa_pallet::(state_root); + + FromBridgedChainMessagesDeliveryProof { + bridged_header_hash: bridged_header_hash.into(), + storage_proof, + lane, + } +} + +/// Prepare proof of messages delivery for the `receive_messages_delivery_proof` call. +/// +/// This method is intended to be used when benchmarking pallet, linked to the chain that +/// uses parachain finality. For GRANDPA chains, please use the +/// `prepare_message_delivery_proof_from_grandpa_chain` function. +pub fn prepare_message_delivery_proof_from_parachain( + params: MessageDeliveryProofParams>>, +) -> FromBridgedChainMessagesDeliveryProof>> +where + R: pallet_bridge_parachains::Config, + PI: 'static, + B: MessageBridge, + UnderlyingChainOf>: Chain + Parachain, +{ + // prepare storage proof + let lane = params.lane; + let (state_root, storage_proof) = prepare_message_delivery_proof::(params); + + // update runtime storage + let (_, bridged_header_hash) = + insert_header_to_parachains_pallet::>>(state_root); + + FromBridgedChainMessagesDeliveryProof { + bridged_header_hash: bridged_header_hash.into(), + storage_proof, + lane, + } +} + +/// Prepare in-memory message delivery proof, without inserting anything to the runtime storage. +fn prepare_message_delivery_proof( + params: MessageDeliveryProofParams>>, +) -> (HashOf>, RawStorageProof) +where + B: MessageBridge, +{ + // prepare Bridged chain storage with inbound lane state + let storage_key = + storage_keys::inbound_lane_data_key(B::BRIDGED_MESSAGES_PALLET_NAME, ¶ms.lane).0; + let mut root = Default::default(); + let mut mdb = MemoryDB::default(); + { + let mut trie = + TrieDBMutBuilderV1::>>::new(&mut mdb, &mut root).build(); + let inbound_lane_data = + grow_trie_leaf_value(params.inbound_lane_data.encode(), params.size); + trie.insert(&storage_key, &inbound_lane_data) + .map_err(|_| "TrieMut::insert has failed") + .expect("TrieMut::insert should not fail in benchmarks"); + } + + // generate storage proof to be delivered to This chain + let storage_proof = record_all_trie_keys::>>, _>(&mdb, &root) + .map_err(|_| "record_all_trie_keys has failed") + .expect("record_all_trie_keys should not fail in benchmarks"); + + (root, storage_proof) +} + +/// Insert header to the bridge GRANDPA pallet. +pub(crate) fn insert_header_to_grandpa_pallet( + state_root: bp_runtime::HashOf, +) -> (bp_runtime::BlockNumberOf, bp_runtime::HashOf) +where + R: pallet_bridge_grandpa::Config, + GI: 'static, + R::BridgedChain: bp_runtime::Chain, +{ + let bridged_block_number = Zero::zero(); + let bridged_header = bp_runtime::HeaderOf::::new( + bridged_block_number, + Default::default(), + state_root, + Default::default(), + Default::default(), + ); + let bridged_header_hash = bridged_header.hash(); + pallet_bridge_grandpa::initialize_for_benchmarks::(bridged_header); + (bridged_block_number, bridged_header_hash) +} + +/// Insert header to the bridge parachains pallet. +pub(crate) fn insert_header_to_parachains_pallet( + state_root: bp_runtime::HashOf, +) -> (bp_runtime::BlockNumberOf, bp_runtime::HashOf) +where + R: pallet_bridge_parachains::Config, + PI: 'static, + PC: Chain + Parachain, +{ + let bridged_block_number = Zero::zero(); + let bridged_header = bp_runtime::HeaderOf::::new( + bridged_block_number, + Default::default(), + state_root, + Default::default(), + Default::default(), + ); + let bridged_header_hash = bridged_header.hash(); + pallet_bridge_parachains::initialize_for_benchmarks::(bridged_header); + (bridged_block_number, bridged_header_hash) +} diff --git a/bridges/bin/runtime-common/src/messages_call_ext.rs b/bridges/bin/runtime-common/src/messages_call_ext.rs new file mode 100644 index 00000000000..3f48ce583f9 --- /dev/null +++ b/bridges/bin/runtime-common/src/messages_call_ext.rs @@ -0,0 +1,644 @@ +// Copyright 2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +use crate::messages::{ + source::FromBridgedChainMessagesDeliveryProof, target::FromBridgedChainMessagesProof, +}; +use bp_messages::{InboundLaneData, LaneId, MessageNonce}; +use frame_support::{ + dispatch::CallableCallFor, + traits::{Get, IsSubType}, + RuntimeDebug, +}; +use pallet_bridge_messages::{Config, Pallet}; +use sp_runtime::transaction_validity::TransactionValidity; +use sp_std::ops::RangeInclusive; + +/// Generic info about a messages delivery/confirmation proof. +#[derive(PartialEq, RuntimeDebug)] +pub struct BaseMessagesProofInfo { + /// Message lane, used by the call. + pub lane_id: LaneId, + /// Nonces of messages, included in the call. + /// + /// For delivery transaction, it is nonces of bundled messages. For confirmation + /// transaction, it is nonces that are to be confirmed during the call. + pub bundled_range: RangeInclusive, + /// Nonce of the best message, stored by this chain before the call is dispatched. + /// + /// For delivery transaction, it is the nonce of best delivered message before the call. + /// For confirmation transaction, it is the nonce of best confirmed message before the call. + pub best_stored_nonce: MessageNonce, +} + +impl BaseMessagesProofInfo { + /// Returns true if `bundled_range` continues the `0..=best_stored_nonce` range. + fn appends_to_stored_nonce(&self) -> bool { + *self.bundled_range.start() == self.best_stored_nonce + 1 + } +} + +/// Occupation state of the unrewarded relayers vector. +#[derive(PartialEq, RuntimeDebug)] +#[cfg_attr(test, derive(Default))] +pub struct UnrewardedRelayerOccupation { + /// The number of remaining unoccupied entries for new relayers. + pub free_relayer_slots: MessageNonce, + /// The number of messages that we are ready to accept. + pub free_message_slots: MessageNonce, +} + +/// Info about a `ReceiveMessagesProof` call which tries to update a single lane. +#[derive(PartialEq, RuntimeDebug)] +pub struct ReceiveMessagesProofInfo { + /// Base messages proof info + pub base: BaseMessagesProofInfo, + /// State of unrewarded relayers vector. + pub unrewarded_relayers: UnrewardedRelayerOccupation, +} + +impl ReceiveMessagesProofInfo { + /// Returns true if: + /// + /// - either inbound lane is ready to accept bundled messages; + /// + /// - or there are no bundled messages, but the inbound lane is blocked by too many unconfirmed + /// messages and/or unrewarded relayers. + fn is_obsolete(&self) -> bool { + // transactions with zero bundled nonces are not allowed, unless they're message + // delivery transactions, which brings reward confirmations required to unblock + // the lane + if self.base.bundled_range.is_empty() { + let empty_transactions_allowed = + // we allow empty transactions when we can't accept delivery from new relayers + self.unrewarded_relayers.free_relayer_slots == 0 || + // or if we can't accept new messages at all + self.unrewarded_relayers.free_message_slots == 0; + + return !empty_transactions_allowed + } + + // otherwise we require bundled messages to continue stored range + !self.base.appends_to_stored_nonce() + } +} + +/// Info about a `ReceiveMessagesDeliveryProof` call which tries to update a single lane. +#[derive(PartialEq, RuntimeDebug)] +pub struct ReceiveMessagesDeliveryProofInfo(pub BaseMessagesProofInfo); + +impl ReceiveMessagesDeliveryProofInfo { + /// Returns true if outbound lane is ready to accept confirmations of bundled messages. + fn is_obsolete(&self) -> bool { + self.0.bundled_range.is_empty() || !self.0.appends_to_stored_nonce() + } +} + +/// Info about a `ReceiveMessagesProof` or a `ReceiveMessagesDeliveryProof` call +/// which tries to update a single lane. +#[derive(PartialEq, RuntimeDebug)] +pub enum CallInfo { + ReceiveMessagesProof(ReceiveMessagesProofInfo), + ReceiveMessagesDeliveryProof(ReceiveMessagesDeliveryProofInfo), +} + +impl CallInfo { + /// Returns range of messages, bundled with the call. + pub fn bundled_messages(&self) -> RangeInclusive { + match *self { + Self::ReceiveMessagesProof(ref info) => info.base.bundled_range.clone(), + Self::ReceiveMessagesDeliveryProof(ref info) => info.0.bundled_range.clone(), + } + } +} + +/// Helper struct that provides methods for working with a call supported by `CallInfo`. +pub struct CallHelper, I: 'static> { + pub _phantom_data: sp_std::marker::PhantomData<(T, I)>, +} + +impl, I: 'static> CallHelper { + /// Returns true if: + /// + /// - call is `receive_messages_proof` and all messages have been delivered; + /// + /// - call is `receive_messages_delivery_proof` and all messages confirmations have been + /// received. + pub fn was_successful(info: &CallInfo) -> bool { + match info { + CallInfo::ReceiveMessagesProof(info) => { + let inbound_lane_data = + pallet_bridge_messages::InboundLanes::::get(info.base.lane_id); + if info.base.bundled_range.is_empty() { + let post_occupation = + unrewarded_relayers_occupation::(&inbound_lane_data); + // we don't care about `free_relayer_slots` here - it is checked in + // `is_obsolete` and every relayer has delivered at least one message, + // so if relayer slots are released, then message slots are also + // released + return post_occupation.free_message_slots > + info.unrewarded_relayers.free_message_slots + } + + inbound_lane_data.last_delivered_nonce() == *info.base.bundled_range.end() + }, + CallInfo::ReceiveMessagesDeliveryProof(info) => { + let outbound_lane_data = + pallet_bridge_messages::OutboundLanes::::get(info.0.lane_id); + outbound_lane_data.latest_received_nonce == *info.0.bundled_range.end() + }, + } + } +} + +/// Trait representing a call that is a sub type of `pallet_bridge_messages::Call`. +pub trait MessagesCallSubType, I: 'static>: + IsSubType, T>> +{ + /// Create a new instance of `ReceiveMessagesProofInfo` from a `ReceiveMessagesProof` call. + fn receive_messages_proof_info(&self) -> Option; + + /// Create a new instance of `ReceiveMessagesDeliveryProofInfo` from + /// a `ReceiveMessagesDeliveryProof` call. + fn receive_messages_delivery_proof_info(&self) -> Option; + + /// Create a new instance of `CallInfo` from a `ReceiveMessagesProof` + /// or a `ReceiveMessagesDeliveryProof` call. + fn call_info(&self) -> Option; + + /// Create a new instance of `CallInfo` from a `ReceiveMessagesProof` + /// or a `ReceiveMessagesDeliveryProof` call, if the call is for the provided lane. + fn call_info_for(&self, lane_id: LaneId) -> Option; + + /// Check that a `ReceiveMessagesProof` or a `ReceiveMessagesDeliveryProof` call is trying + /// to deliver/confirm at least some messages that are better than the ones we know of. + fn check_obsolete_call(&self) -> TransactionValidity; +} + +impl< + BridgedHeaderHash, + SourceHeaderChain: bp_messages::target_chain::SourceHeaderChain< + MessagesProof = FromBridgedChainMessagesProof, + >, + TargetHeaderChain: bp_messages::source_chain::TargetHeaderChain< + >::OutboundPayload, + ::AccountId, + MessagesDeliveryProof = FromBridgedChainMessagesDeliveryProof, + >, + Call: IsSubType, T>>, + T: frame_system::Config + + Config, + I: 'static, + > MessagesCallSubType for T::RuntimeCall +{ + fn receive_messages_proof_info(&self) -> Option { + if let Some(pallet_bridge_messages::Call::::receive_messages_proof { + ref proof, + .. + }) = self.is_sub_type() + { + let inbound_lane_data = pallet_bridge_messages::InboundLanes::::get(proof.lane); + + return Some(ReceiveMessagesProofInfo { + base: BaseMessagesProofInfo { + lane_id: proof.lane, + // we want all messages in this range to be new for us. Otherwise transaction + // will be considered obsolete. + bundled_range: proof.nonces_start..=proof.nonces_end, + best_stored_nonce: inbound_lane_data.last_delivered_nonce(), + }, + unrewarded_relayers: unrewarded_relayers_occupation::(&inbound_lane_data), + }) + } + + None + } + + fn receive_messages_delivery_proof_info(&self) -> Option { + if let Some(pallet_bridge_messages::Call::::receive_messages_delivery_proof { + ref proof, + ref relayers_state, + .. + }) = self.is_sub_type() + { + let outbound_lane_data = pallet_bridge_messages::OutboundLanes::::get(proof.lane); + + return Some(ReceiveMessagesDeliveryProofInfo(BaseMessagesProofInfo { + lane_id: proof.lane, + // there's a time frame between message delivery, message confirmation and reward + // confirmation. Because of that, we can't assume that our state has been confirmed + // to the bridged chain. So we are accepting any proof that brings new + // confirmations. + bundled_range: outbound_lane_data.latest_received_nonce + 1..= + relayers_state.last_delivered_nonce, + best_stored_nonce: outbound_lane_data.latest_received_nonce, + })) + } + + None + } + + fn call_info(&self) -> Option { + if let Some(info) = self.receive_messages_proof_info() { + return Some(CallInfo::ReceiveMessagesProof(info)) + } + + if let Some(info) = self.receive_messages_delivery_proof_info() { + return Some(CallInfo::ReceiveMessagesDeliveryProof(info)) + } + + None + } + + fn call_info_for(&self, lane_id: LaneId) -> Option { + self.call_info().filter(|info| { + let actual_lane_id = match info { + CallInfo::ReceiveMessagesProof(info) => info.base.lane_id, + CallInfo::ReceiveMessagesDeliveryProof(info) => info.0.lane_id, + }; + actual_lane_id == lane_id + }) + } + + fn check_obsolete_call(&self) -> TransactionValidity { + match self.call_info() { + Some(CallInfo::ReceiveMessagesProof(proof_info)) if proof_info.is_obsolete() => { + log::trace!( + target: pallet_bridge_messages::LOG_TARGET, + "Rejecting obsolete messages delivery transaction: {:?}", + proof_info + ); + + return sp_runtime::transaction_validity::InvalidTransaction::Stale.into() + }, + Some(CallInfo::ReceiveMessagesDeliveryProof(proof_info)) + if proof_info.is_obsolete() => + { + log::trace!( + target: pallet_bridge_messages::LOG_TARGET, + "Rejecting obsolete messages confirmation transaction: {:?}", + proof_info, + ); + + return sp_runtime::transaction_validity::InvalidTransaction::Stale.into() + }, + _ => {}, + } + + Ok(sp_runtime::transaction_validity::ValidTransaction::default()) + } +} + +/// Returns occupation state of unrewarded relayers vector. +fn unrewarded_relayers_occupation, I: 'static>( + inbound_lane_data: &InboundLaneData, +) -> UnrewardedRelayerOccupation { + UnrewardedRelayerOccupation { + free_relayer_slots: T::MaxUnrewardedRelayerEntriesAtInboundLane::get() + .saturating_sub(inbound_lane_data.relayers.len() as MessageNonce), + free_message_slots: { + let unconfirmed_messages = inbound_lane_data + .last_delivered_nonce() + .saturating_sub(inbound_lane_data.last_confirmed_nonce); + T::MaxUnconfirmedMessagesAtInboundLane::get().saturating_sub(unconfirmed_messages) + }, + } +} + +#[cfg(test)] +mod tests { + use super::*; + use crate::{ + messages::{ + source::FromBridgedChainMessagesDeliveryProof, target::FromBridgedChainMessagesProof, + }, + messages_call_ext::MessagesCallSubType, + mock::{ + MaxUnconfirmedMessagesAtInboundLane, MaxUnrewardedRelayerEntriesAtInboundLane, + TestRuntime, ThisChainRuntimeCall, + }, + }; + use bp_messages::{DeliveredMessages, UnrewardedRelayer, UnrewardedRelayersState}; + use sp_std::ops::RangeInclusive; + + fn fill_unrewarded_relayers() { + let mut inbound_lane_state = + pallet_bridge_messages::InboundLanes::::get(LaneId([0, 0, 0, 0])); + for n in 0..MaxUnrewardedRelayerEntriesAtInboundLane::get() { + inbound_lane_state.relayers.push_back(UnrewardedRelayer { + relayer: Default::default(), + messages: DeliveredMessages { begin: n + 1, end: n + 1 }, + }); + } + pallet_bridge_messages::InboundLanes::::insert( + LaneId([0, 0, 0, 0]), + inbound_lane_state, + ); + } + + fn fill_unrewarded_messages() { + let mut inbound_lane_state = + pallet_bridge_messages::InboundLanes::::get(LaneId([0, 0, 0, 0])); + inbound_lane_state.relayers.push_back(UnrewardedRelayer { + relayer: Default::default(), + messages: DeliveredMessages { + begin: 1, + end: MaxUnconfirmedMessagesAtInboundLane::get(), + }, + }); + pallet_bridge_messages::InboundLanes::::insert( + LaneId([0, 0, 0, 0]), + inbound_lane_state, + ); + } + + fn deliver_message_10() { + pallet_bridge_messages::InboundLanes::::insert( + LaneId([0, 0, 0, 0]), + bp_messages::InboundLaneData { relayers: Default::default(), last_confirmed_nonce: 10 }, + ); + } + + fn validate_message_delivery( + nonces_start: bp_messages::MessageNonce, + nonces_end: bp_messages::MessageNonce, + ) -> bool { + ThisChainRuntimeCall::BridgeMessages( + pallet_bridge_messages::Call::::receive_messages_proof { + relayer_id_at_bridged_chain: 42, + messages_count: nonces_end.checked_sub(nonces_start).map(|x| x + 1).unwrap_or(0) + as u32, + dispatch_weight: frame_support::weights::Weight::zero(), + proof: FromBridgedChainMessagesProof { + bridged_header_hash: Default::default(), + storage_proof: vec![], + lane: LaneId([0, 0, 0, 0]), + nonces_start, + nonces_end, + }, + }, + ) + .check_obsolete_call() + .is_ok() + } + + #[test] + fn extension_rejects_obsolete_messages() { + sp_io::TestExternalities::new(Default::default()).execute_with(|| { + // when current best delivered is message#10 and we're trying to deliver messages 8..=9 + // => tx is rejected + deliver_message_10(); + assert!(!validate_message_delivery(8, 9)); + }); + } + + #[test] + fn extension_rejects_same_message() { + sp_io::TestExternalities::new(Default::default()).execute_with(|| { + // when current best delivered is message#10 and we're trying to import messages 10..=10 + // => tx is rejected + deliver_message_10(); + assert!(!validate_message_delivery(8, 10)); + }); + } + + #[test] + fn extension_rejects_call_with_some_obsolete_messages() { + sp_io::TestExternalities::new(Default::default()).execute_with(|| { + // when current best delivered is message#10 and we're trying to deliver messages + // 10..=15 => tx is rejected + deliver_message_10(); + assert!(!validate_message_delivery(10, 15)); + }); + } + + #[test] + fn extension_rejects_call_with_future_messages() { + sp_io::TestExternalities::new(Default::default()).execute_with(|| { + // when current best delivered is message#10 and we're trying to deliver messages + // 13..=15 => tx is rejected + deliver_message_10(); + assert!(!validate_message_delivery(13, 15)); + }); + } + + #[test] + fn extension_rejects_empty_delivery_with_rewards_confirmations_if_there_are_free_relayer_and_message_slots( + ) { + sp_io::TestExternalities::new(Default::default()).execute_with(|| { + deliver_message_10(); + assert!(!validate_message_delivery(10, 9)); + }); + } + + #[test] + fn extension_accepts_empty_delivery_with_rewards_confirmations_if_there_are_no_free_relayer_slots( + ) { + sp_io::TestExternalities::new(Default::default()).execute_with(|| { + deliver_message_10(); + fill_unrewarded_relayers(); + assert!(validate_message_delivery(10, 9)); + }); + } + + #[test] + fn extension_accepts_empty_delivery_with_rewards_confirmations_if_there_are_no_free_message_slots( + ) { + sp_io::TestExternalities::new(Default::default()).execute_with(|| { + fill_unrewarded_messages(); + assert!(validate_message_delivery( + MaxUnconfirmedMessagesAtInboundLane::get(), + MaxUnconfirmedMessagesAtInboundLane::get() - 1 + )); + }); + } + + #[test] + fn extension_accepts_new_messages() { + sp_io::TestExternalities::new(Default::default()).execute_with(|| { + // when current best delivered is message#10 and we're trying to deliver message 11..=15 + // => tx is accepted + deliver_message_10(); + assert!(validate_message_delivery(11, 15)); + }); + } + + fn confirm_message_10() { + pallet_bridge_messages::OutboundLanes::::insert( + LaneId([0, 0, 0, 0]), + bp_messages::OutboundLaneData { + oldest_unpruned_nonce: 0, + latest_received_nonce: 10, + latest_generated_nonce: 10, + }, + ); + } + + fn validate_message_confirmation(last_delivered_nonce: bp_messages::MessageNonce) -> bool { + ThisChainRuntimeCall::BridgeMessages( + pallet_bridge_messages::Call::::receive_messages_delivery_proof { + proof: FromBridgedChainMessagesDeliveryProof { + bridged_header_hash: Default::default(), + storage_proof: Vec::new(), + lane: LaneId([0, 0, 0, 0]), + }, + relayers_state: UnrewardedRelayersState { + last_delivered_nonce, + ..Default::default() + }, + }, + ) + .check_obsolete_call() + .is_ok() + } + + #[test] + fn extension_rejects_obsolete_confirmations() { + sp_io::TestExternalities::new(Default::default()).execute_with(|| { + // when current best confirmed is message#10 and we're trying to confirm message#5 => tx + // is rejected + confirm_message_10(); + assert!(!validate_message_confirmation(5)); + }); + } + + #[test] + fn extension_rejects_same_confirmation() { + sp_io::TestExternalities::new(Default::default()).execute_with(|| { + // when current best confirmed is message#10 and we're trying to confirm message#10 => + // tx is rejected + confirm_message_10(); + assert!(!validate_message_confirmation(10)); + }); + } + + #[test] + fn extension_rejects_empty_confirmation_even_if_there_are_no_free_unrewarded_entries() { + sp_io::TestExternalities::new(Default::default()).execute_with(|| { + confirm_message_10(); + fill_unrewarded_relayers(); + assert!(!validate_message_confirmation(10)); + }); + } + + #[test] + fn extension_accepts_new_confirmation() { + sp_io::TestExternalities::new(Default::default()).execute_with(|| { + // when current best confirmed is message#10 and we're trying to confirm message#15 => + // tx is accepted + confirm_message_10(); + assert!(validate_message_confirmation(15)); + }); + } + + fn was_message_delivery_successful( + bundled_range: RangeInclusive, + is_empty: bool, + ) -> bool { + CallHelper::::was_successful(&CallInfo::ReceiveMessagesProof( + ReceiveMessagesProofInfo { + base: BaseMessagesProofInfo { + lane_id: LaneId([0, 0, 0, 0]), + bundled_range, + best_stored_nonce: 0, // doesn't matter for `was_successful` + }, + unrewarded_relayers: UnrewardedRelayerOccupation { + free_relayer_slots: 0, // doesn't matter for `was_successful` + free_message_slots: if is_empty { + 0 + } else { + MaxUnconfirmedMessagesAtInboundLane::get() + }, + }, + }, + )) + } + + #[test] + #[allow(clippy::reversed_empty_ranges)] + fn was_successful_returns_false_for_failed_reward_confirmation_transaction() { + sp_io::TestExternalities::new(Default::default()).execute_with(|| { + fill_unrewarded_messages(); + assert!(!was_message_delivery_successful(10..=9, true)); + }); + } + + #[test] + #[allow(clippy::reversed_empty_ranges)] + fn was_successful_returns_true_for_successful_reward_confirmation_transaction() { + sp_io::TestExternalities::new(Default::default()).execute_with(|| { + assert!(was_message_delivery_successful(10..=9, true)); + }); + } + + #[test] + fn was_successful_returns_false_for_failed_delivery() { + sp_io::TestExternalities::new(Default::default()).execute_with(|| { + deliver_message_10(); + assert!(!was_message_delivery_successful(10..=12, false)); + }); + } + + #[test] + fn was_successful_returns_false_for_partially_successful_delivery() { + sp_io::TestExternalities::new(Default::default()).execute_with(|| { + deliver_message_10(); + assert!(!was_message_delivery_successful(9..=12, false)); + }); + } + + #[test] + fn was_successful_returns_true_for_successful_delivery() { + sp_io::TestExternalities::new(Default::default()).execute_with(|| { + deliver_message_10(); + assert!(was_message_delivery_successful(9..=10, false)); + }); + } + + fn was_message_confirmation_successful(bundled_range: RangeInclusive) -> bool { + CallHelper::::was_successful(&CallInfo::ReceiveMessagesDeliveryProof( + ReceiveMessagesDeliveryProofInfo(BaseMessagesProofInfo { + lane_id: LaneId([0, 0, 0, 0]), + bundled_range, + best_stored_nonce: 0, // doesn't matter for `was_successful` + }), + )) + } + + #[test] + fn was_successful_returns_false_for_failed_confirmation() { + sp_io::TestExternalities::new(Default::default()).execute_with(|| { + confirm_message_10(); + assert!(!was_message_confirmation_successful(10..=12)); + }); + } + + #[test] + fn was_successful_returns_false_for_partially_successful_confirmation() { + sp_io::TestExternalities::new(Default::default()).execute_with(|| { + confirm_message_10(); + assert!(!was_message_confirmation_successful(9..=12)); + }); + } + + #[test] + fn was_successful_returns_true_for_successful_confirmation() { + sp_io::TestExternalities::new(Default::default()).execute_with(|| { + confirm_message_10(); + assert!(was_message_confirmation_successful(9..=10)); + }); + } +} diff --git a/bridges/bin/runtime-common/src/messages_generation.rs b/bridges/bin/runtime-common/src/messages_generation.rs new file mode 100644 index 00000000000..29a869a5c87 --- /dev/null +++ b/bridges/bin/runtime-common/src/messages_generation.rs @@ -0,0 +1,119 @@ +// Copyright 2019-2022 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Helpers for generating message storage proofs, that are used by tests and by benchmarks. + +#![cfg(any(feature = "runtime-benchmarks", test))] + +use crate::messages::{BridgedChain, HashOf, HasherOf, MessageBridge}; + +use bp_messages::{ + storage_keys, LaneId, MessageKey, MessageNonce, MessagePayload, OutboundLaneData, +}; +use bp_runtime::{record_all_trie_keys, RawStorageProof, StorageProofSize}; +use codec::Encode; +use sp_std::{ops::RangeInclusive, prelude::*}; +use sp_trie::{trie_types::TrieDBMutBuilderV1, LayoutV1, MemoryDB, TrieMut}; + +/// Simple and correct message data encode function. +pub(crate) fn encode_all_messages(_: MessageNonce, m: &MessagePayload) -> Option> { + Some(m.encode()) +} + +/// Simple and correct outbound lane data encode function. +pub(crate) fn encode_lane_data(d: &OutboundLaneData) -> Vec { + d.encode() +} + +/// Prepare storage proof of given messages. +/// +/// Returns state trie root and nodes with prepared messages. +pub(crate) fn prepare_messages_storage_proof( + lane: LaneId, + message_nonces: RangeInclusive, + outbound_lane_data: Option, + size: StorageProofSize, + message_payload: MessagePayload, + encode_message: impl Fn(MessageNonce, &MessagePayload) -> Option>, + encode_outbound_lane_data: impl Fn(&OutboundLaneData) -> Vec, +) -> (HashOf>, RawStorageProof) +where + B: MessageBridge, + HashOf>: Copy + Default, +{ + // prepare Bridged chain storage with messages and (optionally) outbound lane state + let message_count = message_nonces.end().saturating_sub(*message_nonces.start()) + 1; + let mut storage_keys = Vec::with_capacity(message_count as usize + 1); + let mut root = Default::default(); + let mut mdb = MemoryDB::default(); + { + let mut trie = + TrieDBMutBuilderV1::>>::new(&mut mdb, &mut root).build(); + + // insert messages + for (i, nonce) in message_nonces.into_iter().enumerate() { + let message_key = MessageKey { lane_id: lane, nonce }; + let message_payload = match encode_message(nonce, &message_payload) { + Some(message_payload) => + if i == 0 { + grow_trie_leaf_value(message_payload, size) + } else { + message_payload + }, + None => continue, + }; + let storage_key = storage_keys::message_key( + B::BRIDGED_MESSAGES_PALLET_NAME, + &message_key.lane_id, + message_key.nonce, + ) + .0; + trie.insert(&storage_key, &message_payload) + .map_err(|_| "TrieMut::insert has failed") + .expect("TrieMut::insert should not fail in benchmarks"); + storage_keys.push(storage_key); + } + + // insert outbound lane state + if let Some(outbound_lane_data) = outbound_lane_data.as_ref().map(encode_outbound_lane_data) + { + let storage_key = + storage_keys::outbound_lane_data_key(B::BRIDGED_MESSAGES_PALLET_NAME, &lane).0; + trie.insert(&storage_key, &outbound_lane_data) + .map_err(|_| "TrieMut::insert has failed") + .expect("TrieMut::insert should not fail in benchmarks"); + storage_keys.push(storage_key); + } + } + + // generate storage proof to be delivered to This chain + let storage_proof = record_all_trie_keys::>>, _>(&mdb, &root) + .map_err(|_| "record_all_trie_keys has failed") + .expect("record_all_trie_keys should not fail in benchmarks"); + (root, storage_proof) +} + +/// Add extra data to the trie leaf value so that it'll be of given size. +pub fn grow_trie_leaf_value(mut value: Vec, size: StorageProofSize) -> Vec { + match size { + StorageProofSize::Minimal(_) => (), + StorageProofSize::HasLargeLeaf(size) if size as usize > value.len() => { + value.extend(sp_std::iter::repeat(42u8).take(size as usize - value.len())); + }, + StorageProofSize::HasLargeLeaf(_) => (), + } + value +} diff --git a/bridges/bin/runtime-common/src/messages_xcm_extension.rs b/bridges/bin/runtime-common/src/messages_xcm_extension.rs new file mode 100644 index 00000000000..96fdf1d5018 --- /dev/null +++ b/bridges/bin/runtime-common/src/messages_xcm_extension.rs @@ -0,0 +1,152 @@ +// Copyright 2023 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Module provides utilities for easier XCM handling, e.g: +//! `XcmExecutor` -> `MessageSender` -> `OutboundMessageQueue` +//! | +//! `Relayer` +//! | +//! `XcmRouter` <- `MessageDispatch` <- `InboundMessageQueue` + +use bp_messages::{ + source_chain::MessagesBridge, + target_chain::{DispatchMessage, MessageDispatch}, + LaneId, +}; +use bp_runtime::messages::MessageDispatchResult; +use codec::{Decode, Encode}; +use frame_support::{dispatch::Weight, CloneNoBound, EqNoBound, PartialEqNoBound}; +use pallet_bridge_messages::WeightInfoExt as MessagesPalletWeights; +use scale_info::TypeInfo; +use sp_runtime::SaturatedConversion; +use xcm_builder::{DispatchBlob, DispatchBlobError, HaulBlob, HaulBlobError}; + +/// Plain "XCM" payload, which we transfer through bridge +pub type XcmAsPlainPayload = sp_std::prelude::Vec; + +/// Message dispatch result type for single message +#[derive(CloneNoBound, EqNoBound, PartialEqNoBound, Encode, Decode, Debug, TypeInfo)] +pub enum XcmBlobMessageDispatchResult { + InvalidPayload, + Dispatched, + NotDispatched(#[codec(skip)] Option), +} + +/// [`XcmBlobMessageDispatch`] is responsible for dispatching received messages +pub struct XcmBlobMessageDispatch { + _marker: sp_std::marker::PhantomData<(DispatchBlob, Weights)>, +} + +impl MessageDispatch + for XcmBlobMessageDispatch +{ + type DispatchPayload = XcmAsPlainPayload; + type DispatchLevelResult = XcmBlobMessageDispatchResult; + + fn dispatch_weight(message: &mut DispatchMessage) -> Weight { + match message.data.payload { + Ok(ref payload) => { + let payload_size = payload.encoded_size().saturated_into(); + Weights::message_dispatch_weight(payload_size) + }, + Err(_) => Weight::zero(), + } + } + + fn dispatch( + message: DispatchMessage, + ) -> MessageDispatchResult { + let payload = match message.data.payload { + Ok(payload) => payload, + Err(e) => { + log::error!( + target: crate::LOG_TARGET_BRIDGE_DISPATCH, + "[XcmBlobMessageDispatch] payload error: {:?} - message_nonce: {:?}", + e, + message.key.nonce + ); + return MessageDispatchResult { + unspent_weight: Weight::zero(), + dispatch_level_result: XcmBlobMessageDispatchResult::InvalidPayload, + } + }, + }; + let dispatch_level_result = match BlobDispatcher::dispatch_blob(payload) { + Ok(_) => { + log::debug!( + target: crate::LOG_TARGET_BRIDGE_DISPATCH, + "[XcmBlobMessageDispatch] DispatchBlob::dispatch_blob was ok - message_nonce: {:?}", + message.key.nonce + ); + XcmBlobMessageDispatchResult::Dispatched + }, + Err(e) => { + log::error!( + target: crate::LOG_TARGET_BRIDGE_DISPATCH, + "[XcmBlobMessageDispatch] DispatchBlob::dispatch_blob failed, error: {:?} - message_nonce: {:?}", + e, message.key.nonce + ); + XcmBlobMessageDispatchResult::NotDispatched(Some(e)) + }, + }; + MessageDispatchResult { unspent_weight: Weight::zero(), dispatch_level_result } + } +} + +/// [`XcmBlobHauler`] is responsible for sending messages to the bridge "point-to-point link" from +/// one side, where on the other it can be dispatched by [`XcmBlobMessageDispatch`]. +pub trait XcmBlobHauler { + /// Runtime message sender adapter. + type MessageSender: MessagesBridge; + + /// Runtime message sender origin, which is used by [`Self::MessageSender`]. + type MessageSenderOrigin; + /// Our location within the Consensus Universe. + fn message_sender_origin() -> Self::MessageSenderOrigin; + + /// Return message lane (as "point-to-point link") used to deliver XCM messages. + fn xcm_lane() -> LaneId; +} + +/// XCM bridge adapter which connects [`XcmBlobHauler`] with [`XcmBlobHauler::MessageSender`] and +/// makes sure that XCM blob is sent to the [`pallet_bridge_messages`] queue to be relayed. +pub struct XcmBlobHaulerAdapter(sp_std::marker::PhantomData); +impl> HaulBlob + for XcmBlobHaulerAdapter +{ + fn haul_blob(blob: sp_std::prelude::Vec) -> Result<(), HaulBlobError> { + let lane = H::xcm_lane(); + H::MessageSender::send_message(H::message_sender_origin(), lane, blob) + .map(|artifacts| (lane, artifacts.nonce).using_encoded(sp_io::hashing::blake2_256)) + .map(|result| { + log::info!( + target: crate::LOG_TARGET_BRIDGE_DISPATCH, + "haul_blob result - ok: {:?} on lane: {:?}", + result, + lane + ) + }) + .map_err(|error| { + log::error!( + target: crate::LOG_TARGET_BRIDGE_DISPATCH, + "haul_blob result - error: {:?} on lane: {:?}", + error, + lane + ); + HaulBlobError::Transport("MessageSenderError") + }) + } +} diff --git a/bridges/bin/runtime-common/src/mock.rs b/bridges/bin/runtime-common/src/mock.rs new file mode 100644 index 00000000000..c1767199676 --- /dev/null +++ b/bridges/bin/runtime-common/src/mock.rs @@ -0,0 +1,424 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! A mock runtime for testing different stuff in the crate. We've been using Millau +//! runtime for that before, but it has two drawbacks: +//! +//! - circular dependencies between this crate and Millau runtime; +//! +//! - we can't use (e.g. as git subtree or by copying) this crate in repo without Millau. + +#![cfg(test)] + +use crate::messages::{ + source::{ + FromThisChainMaximalOutboundPayloadSize, FromThisChainMessagePayload, + FromThisChainMessageVerifier, TargetHeaderChainAdapter, + }, + target::{FromBridgedChainMessagePayload, SourceHeaderChainAdapter}, + BridgedChainWithMessages, HashOf, MessageBridge, ThisChainWithMessages, +}; + +use bp_header_chain::{ChainWithGrandpa, HeaderChain}; +use bp_messages::{target_chain::ForbidInboundMessages, LaneId, MessageNonce}; +use bp_parachains::SingleParaStoredHeaderDataBuilder; +use bp_relayers::PayRewardFromAccount; +use bp_runtime::{Chain, ChainId, Parachain, UnderlyingChainProvider}; +use codec::{Decode, Encode}; +use frame_support::{ + parameter_types, + weights::{ConstantMultiplier, IdentityFee, RuntimeDbWeight, Weight}, +}; +use pallet_transaction_payment::Multiplier; +use sp_runtime::{ + testing::H256, + traits::{BlakeTwo256, ConstU32, ConstU64, ConstU8, IdentityLookup}, + FixedPointNumber, Perquintill, +}; + +/// Account identifier at `ThisChain`. +pub type ThisChainAccountId = u64; +/// Balance at `ThisChain`. +pub type ThisChainBalance = u64; +/// Block number at `ThisChain`. +pub type ThisChainBlockNumber = u32; +/// Hash at `ThisChain`. +pub type ThisChainHash = H256; +/// Hasher at `ThisChain`. +pub type ThisChainHasher = BlakeTwo256; +/// Runtime call at `ThisChain`. +pub type ThisChainRuntimeCall = RuntimeCall; +/// Runtime call origin at `ThisChain`. +pub type ThisChainCallOrigin = RuntimeOrigin; +/// Header of `ThisChain`. +pub type ThisChainHeader = sp_runtime::generic::Header; +/// Block of `ThisChain`. +pub type ThisChainBlock = frame_system::mocking::MockBlock; +/// Unchecked extrinsic of `ThisChain`. +pub type ThisChainUncheckedExtrinsic = frame_system::mocking::MockUncheckedExtrinsic; + +/// Account identifier at the `BridgedChain`. +pub type BridgedChainAccountId = u128; +/// Balance at the `BridgedChain`. +pub type BridgedChainBalance = u128; +/// Block number at the `BridgedChain`. +pub type BridgedChainBlockNumber = u32; +/// Hash at the `BridgedChain`. +pub type BridgedChainHash = H256; +/// Hasher at the `BridgedChain`. +pub type BridgedChainHasher = BlakeTwo256; +/// Header of the `BridgedChain`. +pub type BridgedChainHeader = + sp_runtime::generic::Header; + +/// Rewards payment procedure. +pub type TestPaymentProcedure = PayRewardFromAccount; +/// Stake that we are using in tests. +pub type TestStake = ConstU64<5_000>; +/// Stake and slash mechanism to use in tests. +pub type TestStakeAndSlash = pallet_bridge_relayers::StakeAndSlashNamed< + ThisChainAccountId, + ThisChainBlockNumber, + Balances, + ReserveId, + TestStake, + ConstU32<8>, +>; + +/// Message lane used in tests. +pub const TEST_LANE_ID: LaneId = LaneId([0, 0, 0, 0]); +/// Bridged chain id used in tests. +pub const TEST_BRIDGED_CHAIN_ID: ChainId = *b"brdg"; +/// Maximal extrinsic weight at the `BridgedChain`. +pub const BRIDGED_CHAIN_MAX_EXTRINSIC_WEIGHT: usize = 2048; +/// Maximal extrinsic size at the `BridgedChain`. +pub const BRIDGED_CHAIN_MAX_EXTRINSIC_SIZE: u32 = 1024; + +frame_support::construct_runtime! { + pub enum TestRuntime where + Block = ThisChainBlock, + NodeBlock = ThisChainBlock, + UncheckedExtrinsic = ThisChainUncheckedExtrinsic, + { + System: frame_system::{Pallet, Call, Config, Storage, Event}, + Utility: pallet_utility, + Balances: pallet_balances::{Pallet, Call, Storage, Config, Event}, + TransactionPayment: pallet_transaction_payment::{Pallet, Storage, Event}, + BridgeRelayers: pallet_bridge_relayers::{Pallet, Call, Storage, Event}, + BridgeGrandpa: pallet_bridge_grandpa::{Pallet, Call, Storage, Event}, + BridgeParachains: pallet_bridge_parachains::{Pallet, Call, Storage, Event}, + BridgeMessages: pallet_bridge_messages::{Pallet, Call, Storage, Event, Config}, + } +} + +crate::generate_bridge_reject_obsolete_headers_and_messages! { + ThisChainRuntimeCall, ThisChainAccountId, + BridgeGrandpa, BridgeParachains, BridgeMessages +} + +parameter_types! { + pub const ActiveOutboundLanes: &'static [LaneId] = &[TEST_LANE_ID]; + pub const BridgedChainId: ChainId = TEST_BRIDGED_CHAIN_ID; + pub const BridgedParasPalletName: &'static str = "Paras"; + pub const ExistentialDeposit: ThisChainBalance = 500; + pub const DbWeight: RuntimeDbWeight = RuntimeDbWeight { read: 1, write: 2 }; + pub const TargetBlockFullness: Perquintill = Perquintill::from_percent(25); + pub const TransactionBaseFee: ThisChainBalance = 0; + pub const TransactionByteFee: ThisChainBalance = 1; + pub AdjustmentVariable: Multiplier = Multiplier::saturating_from_rational(3, 100_000); + pub MinimumMultiplier: Multiplier = Multiplier::saturating_from_rational(1, 1_000_000u128); + pub MaximumMultiplier: Multiplier = sp_runtime::traits::Bounded::max_value(); + pub const MaxUnrewardedRelayerEntriesAtInboundLane: MessageNonce = 16; + pub const MaxUnconfirmedMessagesAtInboundLane: MessageNonce = 1_000; + pub const ReserveId: [u8; 8] = *b"brdgrlrs"; +} + +impl frame_system::Config for TestRuntime { + type RuntimeOrigin = RuntimeOrigin; + type Index = u64; + type RuntimeCall = RuntimeCall; + type BlockNumber = ThisChainBlockNumber; + type Hash = ThisChainHash; + type Hashing = ThisChainHasher; + type AccountId = ThisChainAccountId; + type Lookup = IdentityLookup; + type Header = ThisChainHeader; + type RuntimeEvent = RuntimeEvent; + type BlockHashCount = ConstU32<250>; + type Version = (); + type PalletInfo = PalletInfo; + type AccountData = pallet_balances::AccountData; + type OnNewAccount = (); + type OnKilledAccount = (); + type BaseCallFilter = frame_support::traits::Everything; + type SystemWeightInfo = (); + type BlockWeights = (); + type BlockLength = (); + type DbWeight = DbWeight; + type SS58Prefix = (); + type OnSetCode = (); + type MaxConsumers = frame_support::traits::ConstU32<16>; +} + +impl pallet_utility::Config for TestRuntime { + type RuntimeEvent = RuntimeEvent; + type RuntimeCall = RuntimeCall; + type PalletsOrigin = OriginCaller; + type WeightInfo = (); +} + +impl pallet_balances::Config for TestRuntime { + type Balance = ThisChainBalance; + type RuntimeEvent = RuntimeEvent; + type DustRemoval = (); + type ExistentialDeposit = ExistentialDeposit; + type AccountStore = System; + type WeightInfo = (); + type MaxLocks = ConstU32<50>; + type MaxReserves = ConstU32<50>; + type ReserveIdentifier = [u8; 8]; + type HoldIdentifier = (); + type FreezeIdentifier = (); + type MaxHolds = ConstU32<0>; + type MaxFreezes = ConstU32<0>; +} + +impl pallet_transaction_payment::Config for TestRuntime { + type OnChargeTransaction = pallet_transaction_payment::CurrencyAdapter; + type OperationalFeeMultiplier = ConstU8<5>; + type WeightToFee = IdentityFee; + type LengthToFee = ConstantMultiplier; + type FeeMultiplierUpdate = pallet_transaction_payment::TargetedFeeAdjustment< + TestRuntime, + TargetBlockFullness, + AdjustmentVariable, + MinimumMultiplier, + MaximumMultiplier, + >; + type RuntimeEvent = RuntimeEvent; +} + +impl pallet_bridge_grandpa::Config for TestRuntime { + type RuntimeEvent = RuntimeEvent; + type BridgedChain = BridgedUnderlyingChain; + type MaxFreeMandatoryHeadersPerBlock = ConstU32<4>; + type HeadersToKeep = ConstU32<8>; + type WeightInfo = pallet_bridge_grandpa::weights::BridgeWeight; +} + +impl pallet_bridge_parachains::Config for TestRuntime { + type RuntimeEvent = RuntimeEvent; + type BridgesGrandpaPalletInstance = (); + type ParasPalletName = BridgedParasPalletName; + type ParaStoredHeaderDataBuilder = + SingleParaStoredHeaderDataBuilder; + type HeadsToKeep = ConstU32<8>; + type MaxParaHeadDataSize = ConstU32<1024>; + type WeightInfo = pallet_bridge_parachains::weights::BridgeWeight; +} + +impl pallet_bridge_messages::Config for TestRuntime { + type RuntimeEvent = RuntimeEvent; + type WeightInfo = pallet_bridge_messages::weights::BridgeWeight; + type ActiveOutboundLanes = ActiveOutboundLanes; + type MaxUnrewardedRelayerEntriesAtInboundLane = MaxUnrewardedRelayerEntriesAtInboundLane; + type MaxUnconfirmedMessagesAtInboundLane = MaxUnconfirmedMessagesAtInboundLane; + + type MaximalOutboundPayloadSize = FromThisChainMaximalOutboundPayloadSize; + type OutboundPayload = FromThisChainMessagePayload; + + type InboundPayload = FromBridgedChainMessagePayload; + type InboundRelayer = BridgedChainAccountId; + type DeliveryPayments = (); + + type TargetHeaderChain = TargetHeaderChainAdapter; + type LaneMessageVerifier = FromThisChainMessageVerifier; + type DeliveryConfirmationPayments = pallet_bridge_relayers::DeliveryConfirmationPaymentsAdapter< + TestRuntime, + (), + ConstU64<100_000>, + >; + + type SourceHeaderChain = SourceHeaderChainAdapter; + type MessageDispatch = ForbidInboundMessages<(), FromBridgedChainMessagePayload>; + type BridgedChainId = BridgedChainId; +} + +impl pallet_bridge_relayers::Config for TestRuntime { + type RuntimeEvent = RuntimeEvent; + type Reward = ThisChainBalance; + type PaymentProcedure = TestPaymentProcedure; + type StakeAndSlash = TestStakeAndSlash; + type WeightInfo = (); +} + +/// Bridge that is deployed on `ThisChain` and allows sending/receiving messages to/from +/// `BridgedChain`. +#[derive(Debug, PartialEq, Eq)] +pub struct OnThisChainBridge; + +impl MessageBridge for OnThisChainBridge { + const BRIDGED_MESSAGES_PALLET_NAME: &'static str = ""; + + type ThisChain = ThisChain; + type BridgedChain = BridgedChain; + type BridgedHeaderChain = pallet_bridge_grandpa::GrandpaChainHeaders; +} + +/// Bridge that is deployed on `BridgedChain` and allows sending/receiving messages to/from +/// `ThisChain`. +#[derive(Debug, PartialEq, Eq)] +pub struct OnBridgedChainBridge; + +impl MessageBridge for OnBridgedChainBridge { + const BRIDGED_MESSAGES_PALLET_NAME: &'static str = ""; + + type ThisChain = BridgedChain; + type BridgedChain = ThisChain; + type BridgedHeaderChain = ThisHeaderChain; +} + +/// Dummy implementation of `HeaderChain` for `ThisChain` at the `BridgedChain`. +pub struct ThisHeaderChain; + +impl HeaderChain for ThisHeaderChain { + fn finalized_header_state_root(_hash: HashOf) -> Option> { + unreachable!() + } +} + +/// Call origin at `BridgedChain`. +#[derive(Clone, Debug)] +pub struct BridgedChainOrigin; + +impl From + for Result, BridgedChainOrigin> +{ + fn from( + _origin: BridgedChainOrigin, + ) -> Result, BridgedChainOrigin> { + unreachable!() + } +} + +/// Underlying chain of `ThisChain`. +pub struct ThisUnderlyingChain; + +impl Chain for ThisUnderlyingChain { + type BlockNumber = ThisChainBlockNumber; + type Hash = ThisChainHash; + type Hasher = ThisChainHasher; + type Header = ThisChainHeader; + type AccountId = ThisChainAccountId; + type Balance = ThisChainBalance; + type Index = u32; + type Signature = sp_runtime::MultiSignature; + + fn max_extrinsic_size() -> u32 { + BRIDGED_CHAIN_MAX_EXTRINSIC_SIZE + } + + fn max_extrinsic_weight() -> Weight { + Weight::zero() + } +} + +/// The chain where we are in tests. +pub struct ThisChain; + +impl UnderlyingChainProvider for ThisChain { + type Chain = ThisUnderlyingChain; +} + +impl ThisChainWithMessages for ThisChain { + type RuntimeOrigin = ThisChainCallOrigin; +} + +impl BridgedChainWithMessages for ThisChain {} + +/// Underlying chain of `BridgedChain`. +pub struct BridgedUnderlyingChain; +/// Some parachain under `BridgedChain` consensus. +pub struct BridgedUnderlyingParachain; +/// Runtime call of the `BridgedChain`. +#[derive(Decode, Encode)] +pub struct BridgedChainCall; + +impl Chain for BridgedUnderlyingChain { + type BlockNumber = BridgedChainBlockNumber; + type Hash = BridgedChainHash; + type Hasher = BridgedChainHasher; + type Header = BridgedChainHeader; + type AccountId = BridgedChainAccountId; + type Balance = BridgedChainBalance; + type Index = u32; + type Signature = sp_runtime::MultiSignature; + + fn max_extrinsic_size() -> u32 { + BRIDGED_CHAIN_MAX_EXTRINSIC_SIZE + } + fn max_extrinsic_weight() -> Weight { + Weight::zero() + } +} + +impl ChainWithGrandpa for BridgedUnderlyingChain { + const WITH_CHAIN_GRANDPA_PALLET_NAME: &'static str = ""; + const MAX_AUTHORITIES_COUNT: u32 = 16; + const REASONABLE_HEADERS_IN_JUSTIFICATON_ANCESTRY: u32 = 8; + const MAX_HEADER_SIZE: u32 = 256; + const AVERAGE_HEADER_SIZE_IN_JUSTIFICATION: u32 = 64; +} + +impl Chain for BridgedUnderlyingParachain { + type BlockNumber = BridgedChainBlockNumber; + type Hash = BridgedChainHash; + type Hasher = BridgedChainHasher; + type Header = BridgedChainHeader; + type AccountId = BridgedChainAccountId; + type Balance = BridgedChainBalance; + type Index = u32; + type Signature = sp_runtime::MultiSignature; + + fn max_extrinsic_size() -> u32 { + BRIDGED_CHAIN_MAX_EXTRINSIC_SIZE + } + fn max_extrinsic_weight() -> Weight { + Weight::zero() + } +} + +impl Parachain for BridgedUnderlyingParachain { + const PARACHAIN_ID: u32 = 42; +} + +/// The other, bridged chain, used in tests. +pub struct BridgedChain; + +impl UnderlyingChainProvider for BridgedChain { + type Chain = BridgedUnderlyingChain; +} + +impl ThisChainWithMessages for BridgedChain { + type RuntimeOrigin = BridgedChainOrigin; +} + +impl BridgedChainWithMessages for BridgedChain {} + +/// Run test within test externalities. +pub fn run_test(test: impl FnOnce()) { + sp_io::TestExternalities::new(Default::default()).execute_with(test) +} diff --git a/bridges/bin/runtime-common/src/parachains_benchmarking.rs b/bridges/bin/runtime-common/src/parachains_benchmarking.rs new file mode 100644 index 00000000000..aad53673c3a --- /dev/null +++ b/bridges/bin/runtime-common/src/parachains_benchmarking.rs @@ -0,0 +1,88 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Everything required to run benchmarks of parachains finality module. + +#![cfg(feature = "runtime-benchmarks")] + +use crate::{ + messages_benchmarking::insert_header_to_grandpa_pallet, + messages_generation::grow_trie_leaf_value, +}; + +use bp_parachains::parachain_head_storage_key_at_source; +use bp_polkadot_core::parachains::{ParaHash, ParaHead, ParaHeadsProof, ParaId}; +use bp_runtime::{record_all_trie_keys, StorageProofSize}; +use codec::Encode; +use frame_support::traits::Get; +use pallet_bridge_parachains::{RelayBlockHash, RelayBlockHasher, RelayBlockNumber}; +use sp_std::prelude::*; +use sp_trie::{trie_types::TrieDBMutBuilderV1, LayoutV1, MemoryDB, TrieMut}; + +/// Prepare proof of messages for the `receive_messages_proof` call. +/// +/// In addition to returning valid messages proof, environment is prepared to verify this message +/// proof. +pub fn prepare_parachain_heads_proof( + parachains: &[ParaId], + parachain_head_size: u32, + size: StorageProofSize, +) -> (RelayBlockNumber, RelayBlockHash, ParaHeadsProof, Vec<(ParaId, ParaHash)>) +where + R: pallet_bridge_parachains::Config + + pallet_bridge_grandpa::Config, + PI: 'static, + >::BridgedChain: + bp_runtime::Chain, +{ + let parachain_head = ParaHead(vec![0u8; parachain_head_size as usize]); + + // insert all heads to the trie + let mut parachain_heads = Vec::with_capacity(parachains.len()); + let mut storage_keys = Vec::with_capacity(parachains.len()); + let mut state_root = Default::default(); + let mut mdb = MemoryDB::default(); + { + let mut trie = + TrieDBMutBuilderV1::::new(&mut mdb, &mut state_root).build(); + + // insert parachain heads + for (i, parachain) in parachains.into_iter().enumerate() { + let storage_key = + parachain_head_storage_key_at_source(R::ParasPalletName::get(), *parachain); + let leaf_data = if i == 0 { + grow_trie_leaf_value(parachain_head.encode(), size) + } else { + parachain_head.encode() + }; + trie.insert(&storage_key.0, &leaf_data) + .map_err(|_| "TrieMut::insert has failed") + .expect("TrieMut::insert should not fail in benchmarks"); + storage_keys.push(storage_key); + parachain_heads.push((*parachain, parachain_head.hash())) + } + } + + // generate heads storage proof + let proof = record_all_trie_keys::, _>(&mdb, &state_root) + .map_err(|_| "record_all_trie_keys has failed") + .expect("record_all_trie_keys should not fail in benchmarks"); + + let (relay_block_number, relay_block_hash) = + insert_header_to_grandpa_pallet::(state_root); + + (relay_block_number, relay_block_hash, ParaHeadsProof(proof), parachain_heads) +} diff --git a/bridges/bin/runtime-common/src/priority_calculator.rs b/bridges/bin/runtime-common/src/priority_calculator.rs new file mode 100644 index 00000000000..590de05fb1c --- /dev/null +++ b/bridges/bin/runtime-common/src/priority_calculator.rs @@ -0,0 +1,201 @@ +// Copyright 2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Bridge transaction priority calculator. +//! +//! We want to prioritize message delivery transactions with more messages over +//! transactions with less messages. That's because we reject delivery transactions +//! if it contains already delivered message. And if some transaction delivers +//! single message with nonce `N`, then the transaction with nonces `N..=N+100` will +//! be rejected. This can lower bridge throughput down to one message per block. + +use bp_messages::MessageNonce; +use frame_support::traits::Get; +use sp_runtime::transaction_validity::TransactionPriority; + +// reexport everything from `integrity_tests` module +pub use integrity_tests::*; + +/// Compute priority boost for message delivery transaction that delivers +/// given number of messages. +pub fn compute_priority_boost( + messages: MessageNonce, +) -> TransactionPriority +where + PriorityBoostPerMessage: Get, +{ + // we don't want any boost for transaction with single message => minus one + PriorityBoostPerMessage::get().saturating_mul(messages - 1) +} + +#[cfg(not(feature = "integrity-test"))] +mod integrity_tests {} + +#[cfg(feature = "integrity-test")] +mod integrity_tests { + use super::compute_priority_boost; + + use bp_messages::MessageNonce; + use bp_runtime::PreComputedSize; + use frame_support::{ + dispatch::{DispatchClass, DispatchInfo, Dispatchable, Pays, PostDispatchInfo}, + traits::Get, + }; + use pallet_bridge_messages::WeightInfoExt; + use pallet_transaction_payment::OnChargeTransaction; + use sp_runtime::{ + traits::{UniqueSaturatedInto, Zero}, + transaction_validity::TransactionPriority, + FixedPointOperand, SaturatedConversion, Saturating, + }; + + type BalanceOf = + <::OnChargeTransaction as OnChargeTransaction< + T, + >>::Balance; + + /// Ensures that the value of `PriorityBoostPerMessage` matches the value of + /// `tip_boost_per_message`. + /// + /// We want two transactions, `TX1` with `N` messages and `TX2` with `N+1` messages, have almost + /// the same priority if we'll add `tip_boost_per_message` tip to the `TX1`. We want to be sure + /// that if we add plain `PriorityBoostPerMessage` priority to `TX1`, the priority will be close + /// to `TX2` as well. + pub fn ensure_priority_boost_is_sane( + tip_boost_per_message: BalanceOf, + ) where + Runtime: + pallet_transaction_payment::Config + pallet_bridge_messages::Config, + MessagesInstance: 'static, + PriorityBoostPerMessage: Get, + Runtime::RuntimeCall: Dispatchable, + BalanceOf: Send + Sync + FixedPointOperand, + { + let priority_boost_per_message = PriorityBoostPerMessage::get(); + let maximal_messages_in_delivery_transaction = + Runtime::MaxUnconfirmedMessagesAtInboundLane::get(); + for messages in 1..=maximal_messages_in_delivery_transaction { + let base_priority = estimate_message_delivery_transaction_priority::< + Runtime, + MessagesInstance, + >(messages, Zero::zero()); + let priority_boost = compute_priority_boost::(messages); + let priority_with_boost = base_priority + priority_boost; + + let tip = tip_boost_per_message.saturating_mul((messages - 1).unique_saturated_into()); + let priority_with_tip = + estimate_message_delivery_transaction_priority::(1, tip); + + const ERROR_MARGIN: TransactionPriority = 5; // 5% + if priority_with_boost.abs_diff(priority_with_tip).saturating_mul(100) / + priority_with_tip > + ERROR_MARGIN + { + panic!( + "The PriorityBoostPerMessage value ({}) must be fixed to: {}", + priority_boost_per_message, + compute_priority_boost_per_message::( + tip_boost_per_message + ), + ); + } + } + } + + /// Compute priority boost that we give to message delivery transaction for additional message. + #[cfg(feature = "integrity-test")] + fn compute_priority_boost_per_message( + tip_boost_per_message: BalanceOf, + ) -> TransactionPriority + where + Runtime: + pallet_transaction_payment::Config + pallet_bridge_messages::Config, + MessagesInstance: 'static, + Runtime::RuntimeCall: Dispatchable, + BalanceOf: Send + Sync + FixedPointOperand, + { + // esimate priority of transaction that delivers one message and has large tip + let maximal_messages_in_delivery_transaction = + Runtime::MaxUnconfirmedMessagesAtInboundLane::get(); + let small_with_tip_priority = + estimate_message_delivery_transaction_priority::( + 1, + tip_boost_per_message + .saturating_mul(maximal_messages_in_delivery_transaction.saturated_into()), + ); + // estimate priority of transaction that delivers maximal number of messages, but has no tip + let large_without_tip_priority = estimate_message_delivery_transaction_priority::< + Runtime, + MessagesInstance, + >(maximal_messages_in_delivery_transaction, Zero::zero()); + + small_with_tip_priority + .saturating_sub(large_without_tip_priority) + .saturating_div(maximal_messages_in_delivery_transaction - 1) + } + + /// Estimate message delivery transaction priority. + #[cfg(feature = "integrity-test")] + fn estimate_message_delivery_transaction_priority( + messages: MessageNonce, + tip: BalanceOf, + ) -> TransactionPriority + where + Runtime: + pallet_transaction_payment::Config + pallet_bridge_messages::Config, + MessagesInstance: 'static, + Runtime::RuntimeCall: Dispatchable, + BalanceOf: Send + Sync + FixedPointOperand, + { + // just an estimation of extra transaction bytes that are added to every transaction + // (including signature, signed extensions extra and etc + in our case it includes + // all call arguments extept the proof itself) + let base_tx_size = 512; + // let's say we are relaying similar small messages and for every message we add more trie + // nodes to the proof (x0.5 because we expect some nodes to be reused) + let estimated_message_size = 512; + // let's say all our messages have the same dispatch weight + let estimated_message_dispatch_weight = + Runtime::WeightInfo::message_dispatch_weight(estimated_message_size); + // messages proof argument size is (for every message) messages size + some additional + // trie nodes. Some of them are reused by different messages, so let's take 2/3 of default + // "overhead" constant + let messages_proof_size = Runtime::WeightInfo::expected_extra_storage_proof_size() + .saturating_mul(2) + .saturating_div(3) + .saturating_add(estimated_message_size) + .saturating_mul(messages as _); + + // finally we are able to estimate transaction size and weight + let transaction_size = base_tx_size.saturating_add(messages_proof_size); + let transaction_weight = Runtime::WeightInfo::receive_messages_proof_weight( + &PreComputedSize(transaction_size as _), + messages as _, + estimated_message_dispatch_weight.saturating_mul(messages), + ); + + pallet_transaction_payment::ChargeTransactionPayment::::get_priority( + &DispatchInfo { + weight: transaction_weight, + class: DispatchClass::Normal, + pays_fee: Pays::Yes, + }, + transaction_size as _, + tip, + Zero::zero(), + ) + } +} diff --git a/bridges/bin/runtime-common/src/refund_relayer_extension.rs b/bridges/bin/runtime-common/src/refund_relayer_extension.rs new file mode 100644 index 00000000000..00ea70aa04e --- /dev/null +++ b/bridges/bin/runtime-common/src/refund_relayer_extension.rs @@ -0,0 +1,1730 @@ +// Copyright 2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Signed extension that refunds relayer if he has delivered some new messages. +//! It also refunds transaction cost if the transaction is an `utility.batchAll()` +//! with calls that are: delivering new messsage and all necessary underlying headers +//! (parachain or relay chain). + +use crate::messages_call_ext::{ + CallHelper as MessagesCallHelper, CallInfo as MessagesCallInfo, MessagesCallSubType, +}; +use bp_messages::{LaneId, MessageNonce}; +use bp_relayers::{RewardsAccountOwner, RewardsAccountParams}; +use bp_runtime::{RangeInclusiveExt, StaticStrProvider}; +use codec::{Decode, Encode}; +use frame_support::{ + dispatch::{CallableCallFor, DispatchInfo, Dispatchable, PostDispatchInfo}, + traits::IsSubType, + weights::Weight, + CloneNoBound, DefaultNoBound, EqNoBound, PartialEqNoBound, RuntimeDebug, RuntimeDebugNoBound, +}; +use pallet_bridge_grandpa::{ + CallSubType as GrandpaCallSubType, SubmitFinalityProofHelper, SubmitFinalityProofInfo, +}; +use pallet_bridge_messages::Config as MessagesConfig; +use pallet_bridge_parachains::{ + BoundedBridgeGrandpaConfig, CallSubType as ParachainsCallSubType, Config as ParachainsConfig, + RelayBlockNumber, SubmitParachainHeadsHelper, SubmitParachainHeadsInfo, +}; +use pallet_bridge_relayers::{ + Config as RelayersConfig, Pallet as RelayersPallet, WeightInfoExt as _, +}; +use pallet_transaction_payment::{Config as TransactionPaymentConfig, OnChargeTransaction}; +use pallet_utility::{Call as UtilityCall, Config as UtilityConfig, Pallet as UtilityPallet}; +use scale_info::TypeInfo; +use sp_runtime::{ + traits::{DispatchInfoOf, Get, PostDispatchInfoOf, SignedExtension, Zero}, + transaction_validity::{ + TransactionPriority, TransactionValidity, TransactionValidityError, ValidTransactionBuilder, + }, + DispatchResult, FixedPointOperand, +}; +use sp_std::{marker::PhantomData, vec, vec::Vec}; + +type AccountIdOf = ::AccountId; +// without this typedef rustfmt fails with internal err +type BalanceOf = + <::OnChargeTransaction as OnChargeTransaction>::Balance; +type CallOf = ::RuntimeCall; + +/// Trait identifying a bridged parachain. A relayer might be refunded for delivering messages +/// coming from this parachain. +pub trait RefundableParachainId { + /// The instance of the bridge parachains pallet. + type Instance; + /// The parachain Id. + type Id: Get; +} + +/// Default implementation of `RefundableParachainId`. +pub struct RefundableParachain(PhantomData<(Instance, Id)>); + +impl RefundableParachainId for RefundableParachain +where + Id: Get, +{ + type Instance = Instance; + type Id = Id; +} + +/// Trait identifying a bridged messages lane. A relayer might be refunded for delivering messages +/// coming from this lane. +pub trait RefundableMessagesLaneId { + /// The instance of the bridge messages pallet. + type Instance; + /// The messages lane id. + type Id: Get; +} + +/// Default implementation of `RefundableMessagesLaneId`. +pub struct RefundableMessagesLane(PhantomData<(Instance, Id)>); + +impl RefundableMessagesLaneId for RefundableMessagesLane +where + Id: Get, +{ + type Instance = Instance; + type Id = Id; +} + +/// Refund calculator. +pub trait RefundCalculator { + // The underlying integer type in which the refund is calculated. + type Balance; + + /// Compute refund for given transaction. + fn compute_refund( + info: &DispatchInfo, + post_info: &PostDispatchInfo, + len: usize, + tip: Self::Balance, + ) -> Self::Balance; +} + +/// `RefundCalculator` implementation which refunds the actual transaction fee. +pub struct ActualFeeRefund(PhantomData); + +impl RefundCalculator for ActualFeeRefund +where + R: TransactionPaymentConfig, + CallOf: Dispatchable, + BalanceOf: FixedPointOperand, +{ + type Balance = BalanceOf; + + fn compute_refund( + info: &DispatchInfo, + post_info: &PostDispatchInfo, + len: usize, + tip: BalanceOf, + ) -> BalanceOf { + pallet_transaction_payment::Pallet::::compute_actual_fee(len as _, info, post_info, tip) + } +} + +/// Data that is crafted in `pre_dispatch` method and used at `post_dispatch`. +#[cfg_attr(test, derive(Debug, PartialEq))] +pub struct PreDispatchData { + /// Transaction submitter (relayer) account. + relayer: AccountId, + /// Type of the call. + call_info: CallInfo, +} + +/// Type of the call that the extension recognizes. +#[derive(RuntimeDebugNoBound, PartialEq)] +pub enum CallInfo { + /// Relay chain finality + parachain finality + message delivery/confirmation calls. + AllFinalityAndMsgs( + SubmitFinalityProofInfo, + SubmitParachainHeadsInfo, + MessagesCallInfo, + ), + /// Parachain finality + message delivery/confirmation calls. + ParachainFinalityAndMsgs(SubmitParachainHeadsInfo, MessagesCallInfo), + /// Standalone message delivery/confirmation call. + Msgs(MessagesCallInfo), +} + +impl CallInfo { + /// Returns true if call is a message delivery call (with optional finality calls). + fn is_receive_messages_proof_call(&self) -> bool { + match self.messages_call_info() { + MessagesCallInfo::ReceiveMessagesProof(_) => true, + MessagesCallInfo::ReceiveMessagesDeliveryProof(_) => false, + } + } + + /// Returns the pre-dispatch `finality_target` sent to the `SubmitFinalityProof` call. + fn submit_finality_proof_info(&self) -> Option> { + match *self { + Self::AllFinalityAndMsgs(info, _, _) => Some(info), + _ => None, + } + } + + /// Returns the pre-dispatch `SubmitParachainHeadsInfo`. + fn submit_parachain_heads_info(&self) -> Option<&SubmitParachainHeadsInfo> { + match self { + Self::AllFinalityAndMsgs(_, info, _) => Some(info), + Self::ParachainFinalityAndMsgs(info, _) => Some(info), + _ => None, + } + } + + /// Returns the pre-dispatch `ReceiveMessagesProofInfo`. + fn messages_call_info(&self) -> &MessagesCallInfo { + match self { + Self::AllFinalityAndMsgs(_, _, info) => info, + Self::ParachainFinalityAndMsgs(_, info) => info, + Self::Msgs(info) => info, + } + } +} + +/// The actions on relayer account that need to be performed because of his actions. +#[derive(RuntimeDebug, PartialEq)] +enum RelayerAccountAction { + /// Do nothing with relayer account. + None, + /// Reward the relayer. + Reward(AccountId, RewardsAccountParams, Reward), + /// Slash the relayer. + Slash(AccountId, RewardsAccountParams), +} + +/// Signed extension that refunds a relayer for new messages coming from a parachain. +/// +/// Also refunds relayer for successful finality delivery if it comes in batch (`utility.batchAll`) +/// with message delivery transaction. Batch may deliver either both relay chain header and +/// parachain head, or just parachain head. Corresponding headers must be used in messages +/// proof verification. +/// +/// Extension does not refund transaction tip due to security reasons. +#[derive( + DefaultNoBound, + CloneNoBound, + Decode, + Encode, + EqNoBound, + PartialEqNoBound, + RuntimeDebugNoBound, + TypeInfo, +)] +#[scale_info(skip_type_params(Runtime, Para, Msgs, Refund, Priority, Id))] +pub struct RefundBridgedParachainMessages( + PhantomData<( + // runtime with `frame-utility`, `pallet-bridge-grandpa`, `pallet-bridge-parachains`, + // `pallet-bridge-messages` and `pallet-bridge-relayers` pallets deployed + Runtime, + // implementation of `RefundableParachainId` trait, which specifies the instance of + // the used `pallet-bridge-parachains` pallet and the bridged parachain id + Para, + // implementation of `RefundableMessagesLaneId` trait, which specifies the instance of + // the used `pallet-bridge-messages` pallet and the lane within this pallet + Msgs, + // implementation of the `RefundCalculator` trait, that is used to compute refund that + // we give to relayer for his transaction + Refund, + // getter for per-message `TransactionPriority` boost that we give to message + // delivery transactions + Priority, + // the runtime-unique identifier of this signed extension + Id, + )>, +); + +impl + RefundBridgedParachainMessages +where + Self: 'static + Send + Sync, + Runtime: UtilityConfig> + + BoundedBridgeGrandpaConfig + + ParachainsConfig + + MessagesConfig + + RelayersConfig, + Para: RefundableParachainId, + Msgs: RefundableMessagesLaneId, + Refund: RefundCalculator, + Priority: Get, + Id: StaticStrProvider, + CallOf: Dispatchable + + IsSubType, Runtime>> + + GrandpaCallSubType + + ParachainsCallSubType + + MessagesCallSubType, +{ + fn expand_call<'a>(&self, call: &'a CallOf) -> Vec<&'a CallOf> { + match call.is_sub_type() { + Some(UtilityCall::::batch_all { ref calls }) if calls.len() <= 3 => + calls.iter().collect(), + Some(_) => vec![], + None => vec![call], + } + } + + fn parse_and_check_for_obsolete_call( + &self, + call: &CallOf, + ) -> Result, TransactionValidityError> { + let calls = self.expand_call(call); + let total_calls = calls.len(); + let mut calls = calls.into_iter().map(Self::check_obsolete_call).rev(); + + let msgs_call = calls.next().transpose()?.and_then(|c| c.call_info_for(Msgs::Id::get())); + let para_finality_call = calls + .next() + .transpose()? + .and_then(|c| c.submit_parachain_heads_info_for(Para::Id::get())); + let relay_finality_call = + calls.next().transpose()?.and_then(|c| c.submit_finality_proof_info()); + + Ok(match (total_calls, relay_finality_call, para_finality_call, msgs_call) { + (3, Some(relay_finality_call), Some(para_finality_call), Some(msgs_call)) => Some( + CallInfo::AllFinalityAndMsgs(relay_finality_call, para_finality_call, msgs_call), + ), + (2, None, Some(para_finality_call), Some(msgs_call)) => + Some(CallInfo::ParachainFinalityAndMsgs(para_finality_call, msgs_call)), + (1, None, None, Some(msgs_call)) => Some(CallInfo::Msgs(msgs_call)), + _ => None, + }) + } + + fn check_obsolete_call( + call: &CallOf, + ) -> Result<&CallOf, TransactionValidityError> { + call.check_obsolete_submit_finality_proof()?; + call.check_obsolete_submit_parachain_heads()?; + call.check_obsolete_call()?; + Ok(call) + } + + /// Given post-dispatch information, analyze the outcome of relayer call and return + /// actions that need to be performed on relayer account. + fn analyze_call_result( + pre: Option>>, + info: &DispatchInfo, + post_info: &PostDispatchInfo, + len: usize, + result: &DispatchResult, + ) -> RelayerAccountAction, Runtime::Reward> { + let mut extra_weight = Weight::zero(); + let mut extra_size = 0; + + // We don't refund anything for transactions that we don't support. + let (relayer, call_info) = match pre { + Some(Some(pre)) => (pre.relayer, pre.call_info), + _ => return RelayerAccountAction::None, + }; + + // now we know that the relayer either needs to be rewarded, or slashed + // => let's prepare the correspondent account that pays reward/receives slashed amount + let reward_account_params = RewardsAccountParams::new( + Msgs::Id::get(), + Runtime::BridgedChainId::get(), + if call_info.is_receive_messages_proof_call() { + RewardsAccountOwner::ThisChain + } else { + RewardsAccountOwner::BridgedChain + }, + ); + + // prepare return value for the case if the call has failed or it has not caused + // expected side effects (e.g. not all messages have been accepted) + // + // we are not checking if relayer is registered here - it happens during the slash attempt + // + // there are couple of edge cases here: + // + // - when the relayer becomes registered during message dispatch: this is unlikely + relayer + // should be ready for slashing after registration; + // + // - when relayer is registered after `validate` is called and priority is not boosted: + // relayer should be ready for slashing after registration. + let may_slash_relayer = + Self::bundled_messages_for_priority_boost(Some(&call_info)).is_some(); + let slash_relayer_if_delivery_result = may_slash_relayer + .then(|| RelayerAccountAction::Slash(relayer.clone(), reward_account_params)) + .unwrap_or(RelayerAccountAction::None); + + // We don't refund anything if the transaction has failed. + if let Err(e) = result { + log::trace!( + target: "runtime::bridge", + "{} from parachain {} via {:?}: relayer {:?} has submitted invalid messages transaction: {:?}", + Self::IDENTIFIER, + Para::Id::get(), + Msgs::Id::get(), + relayer, + e, + ); + return slash_relayer_if_delivery_result + } + + // check if relay chain state has been updated + if let Some(finality_proof_info) = call_info.submit_finality_proof_info() { + if !SubmitFinalityProofHelper::::was_successful( + finality_proof_info.block_number, + ) { + // we only refund relayer if all calls have updated chain state + log::trace!( + target: "runtime::bridge", + "{} from parachain {} via {:?}: relayer {:?} has submitted invalid relay chain finality proof", + Self::IDENTIFIER, + Para::Id::get(), + Msgs::Id::get(), + relayer, + ); + return slash_relayer_if_delivery_result; + } + + // there's a conflict between how bridge GRANDPA pallet works and a `utility.batchAll` + // transaction. If relay chain header is mandatory, the GRANDPA pallet returns + // `Pays::No`, because such transaction is mandatory for operating the bridge. But + // `utility.batchAll` transaction always requires payment. But in both cases we'll + // refund relayer - either explicitly here, or using `Pays::No` if he's choosing + // to submit dedicated transaction. + + // submitter has means to include extra weight/bytes in the `submit_finality_proof` + // call, so let's subtract extra weight/size to avoid refunding for this extra stuff + extra_weight = finality_proof_info.extra_weight; + extra_size = finality_proof_info.extra_size; + } + + // check if parachain state has been updated + if let Some(para_proof_info) = call_info.submit_parachain_heads_info() { + if !SubmitParachainHeadsHelper::::was_successful( + para_proof_info, + ) { + // we only refund relayer if all calls have updated chain state + log::trace!( + target: "runtime::bridge", + "{} from parachain {} via {:?}: relayer {:?} has submitted invalid parachain finality proof", + Self::IDENTIFIER, + Para::Id::get(), + Msgs::Id::get(), + relayer, + ); + return slash_relayer_if_delivery_result + } + } + + // Check if the `ReceiveMessagesProof` call delivered at least some of the messages that + // it contained. If this happens, we consider the transaction "helpful" and refund it. + let msgs_call_info = call_info.messages_call_info(); + if !MessagesCallHelper::::was_successful(msgs_call_info) { + log::trace!( + target: "runtime::bridge", + "{} from parachain {} via {:?}: relayer {:?} has submitted invalid messages call", + Self::IDENTIFIER, + Para::Id::get(), + Msgs::Id::get(), + relayer, + ); + return slash_relayer_if_delivery_result + } + + // regarding the tip - refund that happens here (at this side of the bridge) isn't the whole + // relayer compensation. He'll receive some amount at the other side of the bridge. It shall + // (in theory) cover the tip there. Otherwise, if we'll be compensating tip here, some + // malicious relayer may use huge tips, effectively depleting account that pay rewards. The + // cost of this attack is nothing. Hence we use zero as tip here. + let tip = Zero::zero(); + + // decrease post-dispatch weight/size using extra weight/size that we know now + let post_info_len = len.saturating_sub(extra_size as usize); + let mut post_info_weight = + post_info.actual_weight.unwrap_or(info.weight).saturating_sub(extra_weight); + + // let's also replace the weight of slashing relayer with the weight of rewarding relayer + if call_info.is_receive_messages_proof_call() { + post_info_weight = post_info_weight.saturating_sub( + ::WeightInfo::extra_weight_of_successful_receive_messages_proof_call(), + ); + } + + // compute the relayer refund + let mut post_info = *post_info; + post_info.actual_weight = Some(post_info_weight); + let refund = Refund::compute_refund(info, &post_info, post_info_len, tip); + + // we can finally reward relayer + RelayerAccountAction::Reward(relayer, reward_account_params, refund) + } + + /// Returns number of bundled messages `Some(_)`, if the given call info is a: + /// + /// - message delivery transaction; + /// + /// - with reasonable bundled messages that may be accepted by the messages pallet. + /// + /// This function is used to check whether the transaction priority should be + /// virtually boosted. The relayer registration (we only boost priority for registered + /// relayer transactions) must be checked outside. + fn bundled_messages_for_priority_boost(call_info: Option<&CallInfo>) -> Option { + // we only boost priority of message delivery transactions + let parsed_call = match call_info { + Some(parsed_call) if parsed_call.is_receive_messages_proof_call() => parsed_call, + _ => return None, + }; + + // compute total number of messages in transaction + let bundled_messages = + parsed_call.messages_call_info().bundled_messages().checked_len().unwrap_or(0); + + // a quick check to avoid invalid high-priority transactions + if bundled_messages > Runtime::MaxUnconfirmedMessagesAtInboundLane::get() { + return None + } + + Some(bundled_messages) + } +} + +impl SignedExtension + for RefundBridgedParachainMessages +where + Self: 'static + Send + Sync, + Runtime: UtilityConfig> + + BoundedBridgeGrandpaConfig + + ParachainsConfig + + MessagesConfig + + RelayersConfig, + Para: RefundableParachainId, + Msgs: RefundableMessagesLaneId, + Refund: RefundCalculator, + Priority: Get, + Id: StaticStrProvider, + CallOf: Dispatchable + + IsSubType, Runtime>> + + GrandpaCallSubType + + ParachainsCallSubType + + MessagesCallSubType, +{ + const IDENTIFIER: &'static str = Id::STR; + type AccountId = Runtime::AccountId; + type Call = CallOf; + type AdditionalSigned = (); + type Pre = Option>; + + fn additional_signed(&self) -> Result<(), TransactionValidityError> { + Ok(()) + } + + fn validate( + &self, + who: &Self::AccountId, + call: &Self::Call, + _info: &DispatchInfoOf, + _len: usize, + ) -> TransactionValidity { + // this is the only relevant line of code for the `pre_dispatch` + // + // we're not calling `validate` from `pre_dispatch` directly because of performance + // reasons, so if you're adding some code that may fail here, please check if it needs + // to be added to the `pre_dispatch` as well + let parsed_call = self.parse_and_check_for_obsolete_call(call)?; + + // the following code just plays with transaction priority and never returns an error + + // we only boost priority of presumably correct message delivery transactions + let bundled_messages = match Self::bundled_messages_for_priority_boost(parsed_call.as_ref()) + { + Some(bundled_messages) => bundled_messages, + None => return Ok(Default::default()), + }; + + // we only boost priority if relayer has staked required balance + if !RelayersPallet::::is_registration_active(who) { + return Ok(Default::default()) + } + + // compute priority boost + let priority_boost = + crate::priority_calculator::compute_priority_boost::(bundled_messages); + let valid_transaction = ValidTransactionBuilder::default().priority(priority_boost); + + log::trace!( + target: "runtime::bridge", + "{} from parachain {} via {:?} has boosted priority of message delivery transaction \ + of relayer {:?}: {} messages -> {} priority", + Self::IDENTIFIER, + Para::Id::get(), + Msgs::Id::get(), + who, + bundled_messages, + priority_boost, + ); + + valid_transaction.build() + } + + fn pre_dispatch( + self, + who: &Self::AccountId, + call: &Self::Call, + _info: &DispatchInfoOf, + _len: usize, + ) -> Result { + // this is a relevant piece of `validate` that we need here (in `pre_dispatch`) + let parsed_call = self.parse_and_check_for_obsolete_call(call)?; + + Ok(parsed_call.map(|call_info| { + log::trace!( + target: "runtime::bridge", + "{} from parachain {} via {:?} parsed bridge transaction in pre-dispatch: {:?}", + Self::IDENTIFIER, + Para::Id::get(), + Msgs::Id::get(), + call_info, + ); + PreDispatchData { relayer: who.clone(), call_info } + })) + } + + fn post_dispatch( + pre: Option, + info: &DispatchInfoOf, + post_info: &PostDispatchInfoOf, + len: usize, + result: &DispatchResult, + ) -> Result<(), TransactionValidityError> { + let call_result = Self::analyze_call_result(pre, info, post_info, len, result); + + match call_result { + RelayerAccountAction::None => (), + RelayerAccountAction::Reward(relayer, reward_account, reward) => { + RelayersPallet::::register_relayer_reward( + reward_account, + &relayer, + reward, + ); + + log::trace!( + target: "runtime::bridge", + "{} from parachain {} via {:?} has registered reward: {:?} for {:?}", + Self::IDENTIFIER, + Para::Id::get(), + Msgs::Id::get(), + reward, + relayer, + ); + }, + RelayerAccountAction::Slash(relayer, slash_account) => + RelayersPallet::::slash_and_deregister(&relayer, slash_account), + } + + Ok(()) + } +} + +#[cfg(test)] +mod tests { + use super::*; + use crate::{ + messages::{ + source::FromBridgedChainMessagesDeliveryProof, target::FromBridgedChainMessagesProof, + }, + messages_call_ext::{ + BaseMessagesProofInfo, ReceiveMessagesDeliveryProofInfo, ReceiveMessagesProofInfo, + UnrewardedRelayerOccupation, + }, + mock::*, + }; + use bp_messages::{InboundLaneData, MessageNonce, OutboundLaneData, UnrewardedRelayersState}; + use bp_parachains::{BestParaHeadHash, ParaInfo}; + use bp_polkadot_core::parachains::{ParaHeadsProof, ParaId}; + use bp_runtime::HeaderId; + use bp_test_utils::{make_default_justification, test_keyring}; + use frame_support::{ + assert_storage_noop, parameter_types, + traits::{fungible::Mutate, ReservableCurrency}, + weights::Weight, + }; + use pallet_bridge_grandpa::{Call as GrandpaCall, StoredAuthoritySet}; + use pallet_bridge_messages::Call as MessagesCall; + use pallet_bridge_parachains::{Call as ParachainsCall, RelayBlockHash}; + use sp_runtime::{ + traits::{ConstU64, Header as HeaderT}, + transaction_validity::{InvalidTransaction, ValidTransaction}, + DispatchError, + }; + + parameter_types! { + TestParachain: u32 = 1000; + pub TestLaneId: LaneId = TEST_LANE_ID; + pub MsgProofsRewardsAccount: RewardsAccountParams = RewardsAccountParams::new( + TEST_LANE_ID, + TEST_BRIDGED_CHAIN_ID, + RewardsAccountOwner::ThisChain, + ); + pub MsgDeliveryProofsRewardsAccount: RewardsAccountParams = RewardsAccountParams::new( + TEST_LANE_ID, + TEST_BRIDGED_CHAIN_ID, + RewardsAccountOwner::BridgedChain, + ); + } + + bp_runtime::generate_static_str_provider!(TestExtension); + type TestExtension = RefundBridgedParachainMessages< + TestRuntime, + RefundableParachain<(), TestParachain>, + RefundableMessagesLane<(), TestLaneId>, + ActualFeeRefund, + ConstU64<1>, + StrTestExtension, + >; + + fn initial_balance_of_relayer_account_at_this_chain() -> ThisChainBalance { + let test_stake: ThisChainBalance = TestStake::get(); + ExistentialDeposit::get().saturating_add(test_stake * 100) + } + + // in tests, the following accounts are equal (because of how `into_sub_account_truncating` + // works) + + fn delivery_rewards_account() -> ThisChainAccountId { + TestPaymentProcedure::rewards_account(MsgProofsRewardsAccount::get()) + } + + fn confirmation_rewards_account() -> ThisChainAccountId { + TestPaymentProcedure::rewards_account(MsgDeliveryProofsRewardsAccount::get()) + } + + fn relayer_account_at_this_chain() -> ThisChainAccountId { + 0 + } + + fn relayer_account_at_bridged_chain() -> BridgedChainAccountId { + 0 + } + + fn initialize_environment( + best_relay_header_number: RelayBlockNumber, + parachain_head_at_relay_header_number: RelayBlockNumber, + best_message: MessageNonce, + ) { + let authorities = test_keyring().into_iter().map(|(a, w)| (a.into(), w)).collect(); + let best_relay_header = HeaderId(best_relay_header_number, RelayBlockHash::default()); + pallet_bridge_grandpa::CurrentAuthoritySet::::put( + StoredAuthoritySet::try_new(authorities, 0).unwrap(), + ); + pallet_bridge_grandpa::BestFinalized::::put(best_relay_header); + + let para_id = ParaId(TestParachain::get()); + let para_info = ParaInfo { + best_head_hash: BestParaHeadHash { + at_relay_block_number: parachain_head_at_relay_header_number, + head_hash: [parachain_head_at_relay_header_number as u8; 32].into(), + }, + next_imported_hash_position: 0, + }; + pallet_bridge_parachains::ParasInfo::::insert(para_id, para_info); + + let lane_id = TestLaneId::get(); + let in_lane_data = + InboundLaneData { last_confirmed_nonce: best_message, ..Default::default() }; + pallet_bridge_messages::InboundLanes::::insert(lane_id, in_lane_data); + + let out_lane_data = + OutboundLaneData { latest_received_nonce: best_message, ..Default::default() }; + pallet_bridge_messages::OutboundLanes::::insert(lane_id, out_lane_data); + + Balances::mint_into(&delivery_rewards_account(), ExistentialDeposit::get()).unwrap(); + Balances::mint_into(&confirmation_rewards_account(), ExistentialDeposit::get()).unwrap(); + Balances::mint_into( + &relayer_account_at_this_chain(), + initial_balance_of_relayer_account_at_this_chain(), + ) + .unwrap(); + } + + fn submit_relay_header_call(relay_header_number: RelayBlockNumber) -> RuntimeCall { + let relay_header = BridgedChainHeader::new( + relay_header_number, + Default::default(), + Default::default(), + Default::default(), + Default::default(), + ); + let relay_justification = make_default_justification(&relay_header); + + RuntimeCall::BridgeGrandpa(GrandpaCall::submit_finality_proof { + finality_target: Box::new(relay_header), + justification: relay_justification, + }) + } + + fn submit_parachain_head_call( + parachain_head_at_relay_header_number: RelayBlockNumber, + ) -> RuntimeCall { + RuntimeCall::BridgeParachains(ParachainsCall::submit_parachain_heads { + at_relay_block: (parachain_head_at_relay_header_number, RelayBlockHash::default()), + parachains: vec![( + ParaId(TestParachain::get()), + [parachain_head_at_relay_header_number as u8; 32].into(), + )], + parachain_heads_proof: ParaHeadsProof(vec![]), + }) + } + + fn message_delivery_call(best_message: MessageNonce) -> RuntimeCall { + RuntimeCall::BridgeMessages(MessagesCall::receive_messages_proof { + relayer_id_at_bridged_chain: relayer_account_at_bridged_chain(), + proof: FromBridgedChainMessagesProof { + bridged_header_hash: Default::default(), + storage_proof: vec![], + lane: TestLaneId::get(), + nonces_start: pallet_bridge_messages::InboundLanes::::get( + TEST_LANE_ID, + ) + .last_delivered_nonce() + + 1, + nonces_end: best_message, + }, + messages_count: 1, + dispatch_weight: Weight::zero(), + }) + } + + fn message_confirmation_call(best_message: MessageNonce) -> RuntimeCall { + RuntimeCall::BridgeMessages(MessagesCall::receive_messages_delivery_proof { + proof: FromBridgedChainMessagesDeliveryProof { + bridged_header_hash: Default::default(), + storage_proof: vec![], + lane: TestLaneId::get(), + }, + relayers_state: UnrewardedRelayersState { + last_delivered_nonce: best_message, + ..Default::default() + }, + }) + } + + fn parachain_finality_and_delivery_batch_call( + parachain_head_at_relay_header_number: RelayBlockNumber, + best_message: MessageNonce, + ) -> RuntimeCall { + RuntimeCall::Utility(UtilityCall::batch_all { + calls: vec![ + submit_parachain_head_call(parachain_head_at_relay_header_number), + message_delivery_call(best_message), + ], + }) + } + + fn parachain_finality_and_confirmation_batch_call( + parachain_head_at_relay_header_number: RelayBlockNumber, + best_message: MessageNonce, + ) -> RuntimeCall { + RuntimeCall::Utility(UtilityCall::batch_all { + calls: vec![ + submit_parachain_head_call(parachain_head_at_relay_header_number), + message_confirmation_call(best_message), + ], + }) + } + + fn all_finality_and_delivery_batch_call( + relay_header_number: RelayBlockNumber, + parachain_head_at_relay_header_number: RelayBlockNumber, + best_message: MessageNonce, + ) -> RuntimeCall { + RuntimeCall::Utility(UtilityCall::batch_all { + calls: vec![ + submit_relay_header_call(relay_header_number), + submit_parachain_head_call(parachain_head_at_relay_header_number), + message_delivery_call(best_message), + ], + }) + } + + fn all_finality_and_confirmation_batch_call( + relay_header_number: RelayBlockNumber, + parachain_head_at_relay_header_number: RelayBlockNumber, + best_message: MessageNonce, + ) -> RuntimeCall { + RuntimeCall::Utility(UtilityCall::batch_all { + calls: vec![ + submit_relay_header_call(relay_header_number), + submit_parachain_head_call(parachain_head_at_relay_header_number), + message_confirmation_call(best_message), + ], + }) + } + + fn all_finality_pre_dispatch_data() -> PreDispatchData { + PreDispatchData { + relayer: relayer_account_at_this_chain(), + call_info: CallInfo::AllFinalityAndMsgs( + SubmitFinalityProofInfo { + block_number: 200, + extra_weight: Weight::zero(), + extra_size: 0, + }, + SubmitParachainHeadsInfo { + at_relay_block_number: 200, + para_id: ParaId(TestParachain::get()), + para_head_hash: [200u8; 32].into(), + }, + MessagesCallInfo::ReceiveMessagesProof(ReceiveMessagesProofInfo { + base: BaseMessagesProofInfo { + lane_id: TEST_LANE_ID, + bundled_range: 101..=200, + best_stored_nonce: 100, + }, + unrewarded_relayers: UnrewardedRelayerOccupation { + free_relayer_slots: MaxUnrewardedRelayerEntriesAtInboundLane::get(), + free_message_slots: MaxUnconfirmedMessagesAtInboundLane::get(), + }, + }), + ), + } + } + + fn all_finality_confirmation_pre_dispatch_data() -> PreDispatchData { + PreDispatchData { + relayer: relayer_account_at_this_chain(), + call_info: CallInfo::AllFinalityAndMsgs( + SubmitFinalityProofInfo { + block_number: 200, + extra_weight: Weight::zero(), + extra_size: 0, + }, + SubmitParachainHeadsInfo { + at_relay_block_number: 200, + para_id: ParaId(TestParachain::get()), + para_head_hash: [200u8; 32].into(), + }, + MessagesCallInfo::ReceiveMessagesDeliveryProof(ReceiveMessagesDeliveryProofInfo( + BaseMessagesProofInfo { + lane_id: TEST_LANE_ID, + bundled_range: 101..=200, + best_stored_nonce: 100, + }, + )), + ), + } + } + + fn parachain_finality_pre_dispatch_data() -> PreDispatchData { + PreDispatchData { + relayer: relayer_account_at_this_chain(), + call_info: CallInfo::ParachainFinalityAndMsgs( + SubmitParachainHeadsInfo { + at_relay_block_number: 200, + para_id: ParaId(TestParachain::get()), + para_head_hash: [200u8; 32].into(), + }, + MessagesCallInfo::ReceiveMessagesProof(ReceiveMessagesProofInfo { + base: BaseMessagesProofInfo { + lane_id: TEST_LANE_ID, + bundled_range: 101..=200, + best_stored_nonce: 100, + }, + unrewarded_relayers: UnrewardedRelayerOccupation { + free_relayer_slots: MaxUnrewardedRelayerEntriesAtInboundLane::get(), + free_message_slots: MaxUnconfirmedMessagesAtInboundLane::get(), + }, + }), + ), + } + } + + fn parachain_finality_confirmation_pre_dispatch_data() -> PreDispatchData { + PreDispatchData { + relayer: relayer_account_at_this_chain(), + call_info: CallInfo::ParachainFinalityAndMsgs( + SubmitParachainHeadsInfo { + at_relay_block_number: 200, + para_id: ParaId(TestParachain::get()), + para_head_hash: [200u8; 32].into(), + }, + MessagesCallInfo::ReceiveMessagesDeliveryProof(ReceiveMessagesDeliveryProofInfo( + BaseMessagesProofInfo { + lane_id: TEST_LANE_ID, + bundled_range: 101..=200, + best_stored_nonce: 100, + }, + )), + ), + } + } + + fn delivery_pre_dispatch_data() -> PreDispatchData { + PreDispatchData { + relayer: relayer_account_at_this_chain(), + call_info: CallInfo::Msgs(MessagesCallInfo::ReceiveMessagesProof( + ReceiveMessagesProofInfo { + base: BaseMessagesProofInfo { + lane_id: TEST_LANE_ID, + bundled_range: 101..=200, + best_stored_nonce: 100, + }, + unrewarded_relayers: UnrewardedRelayerOccupation { + free_relayer_slots: MaxUnrewardedRelayerEntriesAtInboundLane::get(), + free_message_slots: MaxUnconfirmedMessagesAtInboundLane::get(), + }, + }, + )), + } + } + + fn confirmation_pre_dispatch_data() -> PreDispatchData { + PreDispatchData { + relayer: relayer_account_at_this_chain(), + call_info: CallInfo::Msgs(MessagesCallInfo::ReceiveMessagesDeliveryProof( + ReceiveMessagesDeliveryProofInfo(BaseMessagesProofInfo { + lane_id: TEST_LANE_ID, + bundled_range: 101..=200, + best_stored_nonce: 100, + }), + )), + } + } + + fn set_bundled_range_end( + mut pre_dispatch_data: PreDispatchData, + end: MessageNonce, + ) -> PreDispatchData { + let msg_info = match pre_dispatch_data.call_info { + CallInfo::AllFinalityAndMsgs(_, _, ref mut info) => info, + CallInfo::ParachainFinalityAndMsgs(_, ref mut info) => info, + CallInfo::Msgs(ref mut info) => info, + }; + + if let MessagesCallInfo::ReceiveMessagesProof(ref mut msg_info) = msg_info { + msg_info.base.bundled_range = *msg_info.base.bundled_range.start()..=end + } + + pre_dispatch_data + } + + fn run_validate(call: RuntimeCall) -> TransactionValidity { + let extension: TestExtension = RefundBridgedParachainMessages(PhantomData); + extension.validate(&relayer_account_at_this_chain(), &call, &DispatchInfo::default(), 0) + } + + fn run_validate_ignore_priority(call: RuntimeCall) -> TransactionValidity { + run_validate(call).map(|mut tx| { + tx.priority = 0; + tx + }) + } + + fn run_pre_dispatch( + call: RuntimeCall, + ) -> Result>, TransactionValidityError> { + let extension: TestExtension = RefundBridgedParachainMessages(PhantomData); + extension.pre_dispatch(&relayer_account_at_this_chain(), &call, &DispatchInfo::default(), 0) + } + + fn dispatch_info() -> DispatchInfo { + DispatchInfo { + weight: Weight::from_parts( + frame_support::weights::constants::WEIGHT_REF_TIME_PER_SECOND, + 0, + ), + class: frame_support::dispatch::DispatchClass::Normal, + pays_fee: frame_support::dispatch::Pays::Yes, + } + } + + fn post_dispatch_info() -> PostDispatchInfo { + PostDispatchInfo { actual_weight: None, pays_fee: frame_support::dispatch::Pays::Yes } + } + + fn run_post_dispatch( + pre_dispatch_data: Option>, + dispatch_result: DispatchResult, + ) { + let post_dispatch_result = TestExtension::post_dispatch( + Some(pre_dispatch_data), + &dispatch_info(), + &post_dispatch_info(), + 1024, + &dispatch_result, + ); + assert_eq!(post_dispatch_result, Ok(())); + } + + fn expected_delivery_reward() -> ThisChainBalance { + let mut post_dispatch_info = post_dispatch_info(); + let extra_weight = ::WeightInfo::extra_weight_of_successful_receive_messages_proof_call(); + post_dispatch_info.actual_weight = + Some(dispatch_info().weight.saturating_sub(extra_weight)); + pallet_transaction_payment::Pallet::::compute_actual_fee( + 1024, + &dispatch_info(), + &post_dispatch_info, + Zero::zero(), + ) + } + + fn expected_confirmation_reward() -> ThisChainBalance { + pallet_transaction_payment::Pallet::::compute_actual_fee( + 1024, + &dispatch_info(), + &post_dispatch_info(), + Zero::zero(), + ) + } + + #[test] + fn validate_doesnt_boost_transaction_priority_if_relayer_is_not_registered() { + run_test(|| { + initialize_environment(100, 100, 100); + Balances::set_balance(&relayer_account_at_this_chain(), ExistentialDeposit::get()); + + // message delivery is failing + assert_eq!(run_validate(message_delivery_call(200)), Ok(Default::default()),); + assert_eq!( + run_validate(parachain_finality_and_delivery_batch_call(200, 200)), + Ok(Default::default()), + ); + assert_eq!( + run_validate(all_finality_and_delivery_batch_call(200, 200, 200)), + Ok(Default::default()), + ); + // message confirmation validation is passing + assert_eq!( + run_validate_ignore_priority(message_confirmation_call(200)), + Ok(Default::default()), + ); + assert_eq!( + run_validate_ignore_priority(parachain_finality_and_confirmation_batch_call( + 200, 200 + )), + Ok(Default::default()), + ); + assert_eq!( + run_validate_ignore_priority(all_finality_and_confirmation_batch_call( + 200, 200, 200 + )), + Ok(Default::default()), + ); + }); + } + + #[test] + fn validate_boosts_priority_of_message_delivery_transactons() { + run_test(|| { + initialize_environment(100, 100, 100); + + BridgeRelayers::register(RuntimeOrigin::signed(relayer_account_at_this_chain()), 1000) + .unwrap(); + + let priority_of_100_messages_delivery = + run_validate(message_delivery_call(200)).unwrap().priority; + let priority_of_200_messages_delivery = + run_validate(message_delivery_call(300)).unwrap().priority; + assert!( + priority_of_200_messages_delivery > priority_of_100_messages_delivery, + "Invalid priorities: {} for 200 messages vs {} for 100 messages", + priority_of_200_messages_delivery, + priority_of_100_messages_delivery, + ); + + let priority_of_100_messages_confirmation = + run_validate(message_confirmation_call(200)).unwrap().priority; + let priority_of_200_messages_confirmation = + run_validate(message_confirmation_call(300)).unwrap().priority; + assert_eq!( + priority_of_100_messages_confirmation, + priority_of_200_messages_confirmation + ); + }); + } + + #[test] + fn validate_does_not_boost_priority_of_message_delivery_transactons_with_too_many_messages() { + run_test(|| { + initialize_environment(100, 100, 100); + + BridgeRelayers::register(RuntimeOrigin::signed(relayer_account_at_this_chain()), 1000) + .unwrap(); + + let priority_of_max_messages_delivery = run_validate(message_delivery_call( + 100 + MaxUnconfirmedMessagesAtInboundLane::get(), + )) + .unwrap() + .priority; + let priority_of_more_than_max_messages_delivery = run_validate(message_delivery_call( + 100 + MaxUnconfirmedMessagesAtInboundLane::get() + 1, + )) + .unwrap() + .priority; + + assert!( + priority_of_max_messages_delivery > priority_of_more_than_max_messages_delivery, + "Invalid priorities: {} for MAX messages vs {} for MAX+1 messages", + priority_of_max_messages_delivery, + priority_of_more_than_max_messages_delivery, + ); + }); + } + + #[test] + fn validate_allows_non_obsolete_transactions() { + run_test(|| { + initialize_environment(100, 100, 100); + + assert_eq!( + run_validate_ignore_priority(message_delivery_call(200)), + Ok(ValidTransaction::default()), + ); + assert_eq!( + run_validate_ignore_priority(message_confirmation_call(200)), + Ok(ValidTransaction::default()), + ); + + assert_eq!( + run_validate_ignore_priority(parachain_finality_and_delivery_batch_call(200, 200)), + Ok(ValidTransaction::default()), + ); + assert_eq!( + run_validate_ignore_priority(parachain_finality_and_confirmation_batch_call( + 200, 200 + )), + Ok(ValidTransaction::default()), + ); + + assert_eq!( + run_validate_ignore_priority(all_finality_and_delivery_batch_call(200, 200, 200)), + Ok(ValidTransaction::default()), + ); + assert_eq!( + run_validate_ignore_priority(all_finality_and_confirmation_batch_call( + 200, 200, 200 + )), + Ok(ValidTransaction::default()), + ); + }); + } + + #[test] + fn ext_rejects_batch_with_obsolete_relay_chain_header() { + run_test(|| { + initialize_environment(100, 100, 100); + + assert_eq!( + run_pre_dispatch(all_finality_and_delivery_batch_call(100, 200, 200)), + Err(TransactionValidityError::Invalid(InvalidTransaction::Stale)), + ); + + assert_eq!( + run_validate(all_finality_and_delivery_batch_call(100, 200, 200)), + Err(TransactionValidityError::Invalid(InvalidTransaction::Stale)), + ); + }); + } + + #[test] + fn ext_rejects_batch_with_obsolete_parachain_head() { + run_test(|| { + initialize_environment(100, 100, 100); + + assert_eq!( + run_pre_dispatch(all_finality_and_delivery_batch_call(101, 100, 200)), + Err(TransactionValidityError::Invalid(InvalidTransaction::Stale)), + ); + assert_eq!( + run_validate(all_finality_and_delivery_batch_call(101, 100, 200)), + Err(TransactionValidityError::Invalid(InvalidTransaction::Stale)), + ); + + assert_eq!( + run_pre_dispatch(parachain_finality_and_delivery_batch_call(100, 200)), + Err(TransactionValidityError::Invalid(InvalidTransaction::Stale)), + ); + assert_eq!( + run_validate(parachain_finality_and_delivery_batch_call(100, 200)), + Err(TransactionValidityError::Invalid(InvalidTransaction::Stale)), + ); + }); + } + + #[test] + fn ext_rejects_batch_with_obsolete_messages() { + run_test(|| { + initialize_environment(100, 100, 100); + + assert_eq!( + run_pre_dispatch(all_finality_and_delivery_batch_call(200, 200, 100)), + Err(TransactionValidityError::Invalid(InvalidTransaction::Stale)), + ); + assert_eq!( + run_pre_dispatch(all_finality_and_confirmation_batch_call(200, 200, 100)), + Err(TransactionValidityError::Invalid(InvalidTransaction::Stale)), + ); + + assert_eq!( + run_validate(all_finality_and_delivery_batch_call(200, 200, 100)), + Err(TransactionValidityError::Invalid(InvalidTransaction::Stale)), + ); + assert_eq!( + run_validate(all_finality_and_confirmation_batch_call(200, 200, 100)), + Err(TransactionValidityError::Invalid(InvalidTransaction::Stale)), + ); + + assert_eq!( + run_pre_dispatch(parachain_finality_and_delivery_batch_call(200, 100)), + Err(TransactionValidityError::Invalid(InvalidTransaction::Stale)), + ); + assert_eq!( + run_pre_dispatch(parachain_finality_and_confirmation_batch_call(200, 100)), + Err(TransactionValidityError::Invalid(InvalidTransaction::Stale)), + ); + + assert_eq!( + run_validate(parachain_finality_and_delivery_batch_call(200, 100)), + Err(TransactionValidityError::Invalid(InvalidTransaction::Stale)), + ); + assert_eq!( + run_validate(parachain_finality_and_confirmation_batch_call(200, 100)), + Err(TransactionValidityError::Invalid(InvalidTransaction::Stale)), + ); + }); + } + + #[test] + fn pre_dispatch_parses_batch_with_relay_chain_and_parachain_headers() { + run_test(|| { + initialize_environment(100, 100, 100); + + assert_eq!( + run_pre_dispatch(all_finality_and_delivery_batch_call(200, 200, 200)), + Ok(Some(all_finality_pre_dispatch_data())), + ); + assert_eq!( + run_pre_dispatch(all_finality_and_confirmation_batch_call(200, 200, 200)), + Ok(Some(all_finality_confirmation_pre_dispatch_data())), + ); + }); + } + + #[test] + fn pre_dispatch_parses_batch_with_parachain_header() { + run_test(|| { + initialize_environment(100, 100, 100); + + assert_eq!( + run_pre_dispatch(parachain_finality_and_delivery_batch_call(200, 200)), + Ok(Some(parachain_finality_pre_dispatch_data())), + ); + assert_eq!( + run_pre_dispatch(parachain_finality_and_confirmation_batch_call(200, 200)), + Ok(Some(parachain_finality_confirmation_pre_dispatch_data())), + ); + }); + } + + #[test] + fn pre_dispatch_fails_to_parse_batch_with_multiple_parachain_headers() { + run_test(|| { + initialize_environment(100, 100, 100); + + let call = RuntimeCall::Utility(UtilityCall::batch_all { + calls: vec![ + RuntimeCall::BridgeParachains(ParachainsCall::submit_parachain_heads { + at_relay_block: (100, RelayBlockHash::default()), + parachains: vec![ + (ParaId(TestParachain::get()), [1u8; 32].into()), + (ParaId(TestParachain::get() + 1), [1u8; 32].into()), + ], + parachain_heads_proof: ParaHeadsProof(vec![]), + }), + message_delivery_call(200), + ], + }); + + assert_eq!(run_pre_dispatch(call), Ok(None),); + }); + } + + #[test] + fn pre_dispatch_parses_message_transaction() { + run_test(|| { + initialize_environment(100, 100, 100); + + assert_eq!( + run_pre_dispatch(message_delivery_call(200)), + Ok(Some(delivery_pre_dispatch_data())), + ); + assert_eq!( + run_pre_dispatch(message_confirmation_call(200)), + Ok(Some(confirmation_pre_dispatch_data())), + ); + }); + } + + #[test] + fn post_dispatch_ignores_unknown_transaction() { + run_test(|| { + assert_storage_noop!(run_post_dispatch(None, Ok(()))); + }); + } + + #[test] + fn post_dispatch_ignores_failed_transaction() { + run_test(|| { + assert_storage_noop!(run_post_dispatch( + Some(all_finality_pre_dispatch_data()), + Err(DispatchError::BadOrigin) + )); + }); + } + + #[test] + fn post_dispatch_ignores_transaction_that_has_not_updated_relay_chain_state() { + run_test(|| { + initialize_environment(100, 200, 200); + + assert_storage_noop!(run_post_dispatch(Some(all_finality_pre_dispatch_data()), Ok(()))); + }); + } + + #[test] + fn post_dispatch_ignores_transaction_that_has_not_updated_parachain_state() { + run_test(|| { + initialize_environment(200, 100, 200); + + assert_storage_noop!(run_post_dispatch(Some(all_finality_pre_dispatch_data()), Ok(()))); + assert_storage_noop!(run_post_dispatch( + Some(parachain_finality_pre_dispatch_data()), + Ok(()) + )); + }); + } + + #[test] + fn post_dispatch_ignores_transaction_that_has_not_delivered_any_messages() { + run_test(|| { + initialize_environment(200, 200, 100); + + assert_storage_noop!(run_post_dispatch(Some(all_finality_pre_dispatch_data()), Ok(()))); + assert_storage_noop!(run_post_dispatch( + Some(parachain_finality_pre_dispatch_data()), + Ok(()) + )); + assert_storage_noop!(run_post_dispatch(Some(delivery_pre_dispatch_data()), Ok(()))); + + assert_storage_noop!(run_post_dispatch( + Some(all_finality_confirmation_pre_dispatch_data()), + Ok(()) + )); + assert_storage_noop!(run_post_dispatch( + Some(parachain_finality_confirmation_pre_dispatch_data()), + Ok(()) + )); + assert_storage_noop!(run_post_dispatch(Some(confirmation_pre_dispatch_data()), Ok(()))); + }); + } + + #[test] + fn post_dispatch_ignores_transaction_that_has_not_delivered_all_messages() { + run_test(|| { + initialize_environment(200, 200, 150); + + assert_storage_noop!(run_post_dispatch(Some(all_finality_pre_dispatch_data()), Ok(()))); + assert_storage_noop!(run_post_dispatch( + Some(parachain_finality_pre_dispatch_data()), + Ok(()) + )); + assert_storage_noop!(run_post_dispatch(Some(delivery_pre_dispatch_data()), Ok(()))); + + assert_storage_noop!(run_post_dispatch( + Some(all_finality_confirmation_pre_dispatch_data()), + Ok(()) + )); + assert_storage_noop!(run_post_dispatch( + Some(parachain_finality_confirmation_pre_dispatch_data()), + Ok(()) + )); + assert_storage_noop!(run_post_dispatch(Some(confirmation_pre_dispatch_data()), Ok(()))); + }); + } + + #[test] + fn post_dispatch_refunds_relayer_in_all_finality_batch_with_extra_weight() { + run_test(|| { + initialize_environment(200, 200, 200); + + let mut dispatch_info = dispatch_info(); + dispatch_info.weight = Weight::from_parts( + frame_support::weights::constants::WEIGHT_REF_TIME_PER_SECOND * 2, + 0, + ); + + // without any size/weight refund: we expect regular reward + let pre_dispatch_data = all_finality_pre_dispatch_data(); + let regular_reward = expected_delivery_reward(); + run_post_dispatch(Some(pre_dispatch_data), Ok(())); + assert_eq!( + RelayersPallet::::relayer_reward( + relayer_account_at_this_chain(), + MsgProofsRewardsAccount::get() + ), + Some(regular_reward), + ); + + // now repeat the same with size+weight refund: we expect smaller reward + let mut pre_dispatch_data = all_finality_pre_dispatch_data(); + match pre_dispatch_data.call_info { + CallInfo::AllFinalityAndMsgs(ref mut info, ..) => { + info.extra_weight.set_ref_time( + frame_support::weights::constants::WEIGHT_REF_TIME_PER_SECOND, + ); + info.extra_size = 32; + }, + _ => unreachable!(), + } + run_post_dispatch(Some(pre_dispatch_data), Ok(())); + let reward_after_two_calls = RelayersPallet::::relayer_reward( + relayer_account_at_this_chain(), + MsgProofsRewardsAccount::get(), + ) + .unwrap(); + assert!( + reward_after_two_calls < 2 * regular_reward, + "{} must be < 2 * {}", + reward_after_two_calls, + 2 * regular_reward, + ); + }); + } + + #[test] + fn post_dispatch_refunds_relayer_in_all_finality_batch() { + run_test(|| { + initialize_environment(200, 200, 200); + + run_post_dispatch(Some(all_finality_pre_dispatch_data()), Ok(())); + assert_eq!( + RelayersPallet::::relayer_reward( + relayer_account_at_this_chain(), + MsgProofsRewardsAccount::get() + ), + Some(expected_delivery_reward()), + ); + + run_post_dispatch(Some(all_finality_confirmation_pre_dispatch_data()), Ok(())); + assert_eq!( + RelayersPallet::::relayer_reward( + relayer_account_at_this_chain(), + MsgDeliveryProofsRewardsAccount::get() + ), + Some(expected_confirmation_reward()), + ); + }); + } + + #[test] + fn post_dispatch_refunds_relayer_in_parachain_finality_batch() { + run_test(|| { + initialize_environment(200, 200, 200); + + run_post_dispatch(Some(parachain_finality_pre_dispatch_data()), Ok(())); + assert_eq!( + RelayersPallet::::relayer_reward( + relayer_account_at_this_chain(), + MsgProofsRewardsAccount::get() + ), + Some(expected_delivery_reward()), + ); + + run_post_dispatch(Some(parachain_finality_confirmation_pre_dispatch_data()), Ok(())); + assert_eq!( + RelayersPallet::::relayer_reward( + relayer_account_at_this_chain(), + MsgDeliveryProofsRewardsAccount::get() + ), + Some(expected_confirmation_reward()), + ); + }); + } + + #[test] + fn post_dispatch_refunds_relayer_in_message_transaction() { + run_test(|| { + initialize_environment(200, 200, 200); + + run_post_dispatch(Some(delivery_pre_dispatch_data()), Ok(())); + assert_eq!( + RelayersPallet::::relayer_reward( + relayer_account_at_this_chain(), + MsgProofsRewardsAccount::get() + ), + Some(expected_delivery_reward()), + ); + + run_post_dispatch(Some(confirmation_pre_dispatch_data()), Ok(())); + assert_eq!( + RelayersPallet::::relayer_reward( + relayer_account_at_this_chain(), + MsgDeliveryProofsRewardsAccount::get() + ), + Some(expected_confirmation_reward()), + ); + }); + } + + #[test] + fn post_dispatch_slashing_relayer_stake() { + run_test(|| { + initialize_environment(200, 200, 100); + + let delivery_rewards_account_balance = + Balances::free_balance(delivery_rewards_account()); + + let test_stake: ThisChainBalance = TestStake::get(); + Balances::set_balance( + &relayer_account_at_this_chain(), + ExistentialDeposit::get() + test_stake * 10, + ); + + // slashing works for message delivery calls + BridgeRelayers::register(RuntimeOrigin::signed(relayer_account_at_this_chain()), 1000) + .unwrap(); + assert_eq!(Balances::reserved_balance(relayer_account_at_this_chain()), test_stake); + run_post_dispatch(Some(delivery_pre_dispatch_data()), Ok(())); + assert_eq!(Balances::reserved_balance(relayer_account_at_this_chain()), 0); + assert_eq!( + delivery_rewards_account_balance + test_stake, + Balances::free_balance(delivery_rewards_account()) + ); + + BridgeRelayers::register(RuntimeOrigin::signed(relayer_account_at_this_chain()), 1000) + .unwrap(); + assert_eq!(Balances::reserved_balance(relayer_account_at_this_chain()), test_stake); + run_post_dispatch(Some(parachain_finality_pre_dispatch_data()), Ok(())); + assert_eq!(Balances::reserved_balance(relayer_account_at_this_chain()), 0); + assert_eq!( + delivery_rewards_account_balance + test_stake * 2, + Balances::free_balance(delivery_rewards_account()) + ); + + BridgeRelayers::register(RuntimeOrigin::signed(relayer_account_at_this_chain()), 1000) + .unwrap(); + assert_eq!(Balances::reserved_balance(relayer_account_at_this_chain()), test_stake); + run_post_dispatch(Some(all_finality_pre_dispatch_data()), Ok(())); + assert_eq!(Balances::reserved_balance(relayer_account_at_this_chain()), 0); + assert_eq!( + delivery_rewards_account_balance + test_stake * 3, + Balances::free_balance(delivery_rewards_account()) + ); + + // reserve doesn't work for message confirmation calls + let confirmation_rewards_account_balance = + Balances::free_balance(confirmation_rewards_account()); + + Balances::reserve(&relayer_account_at_this_chain(), test_stake).unwrap(); + assert_eq!(Balances::reserved_balance(relayer_account_at_this_chain()), test_stake); + + assert_eq!( + confirmation_rewards_account_balance, + Balances::free_balance(confirmation_rewards_account()) + ); + run_post_dispatch(Some(confirmation_pre_dispatch_data()), Ok(())); + assert_eq!(Balances::reserved_balance(relayer_account_at_this_chain()), test_stake); + + run_post_dispatch(Some(parachain_finality_confirmation_pre_dispatch_data()), Ok(())); + assert_eq!(Balances::reserved_balance(relayer_account_at_this_chain()), test_stake); + + run_post_dispatch(Some(all_finality_confirmation_pre_dispatch_data()), Ok(())); + assert_eq!(Balances::reserved_balance(relayer_account_at_this_chain()), test_stake); + + // check that unreserve has happened, not slashing + assert_eq!( + delivery_rewards_account_balance + test_stake * 3, + Balances::free_balance(delivery_rewards_account()) + ); + assert_eq!( + confirmation_rewards_account_balance, + Balances::free_balance(confirmation_rewards_account()) + ); + }); + } + + fn run_analyze_call_result( + pre_dispatch_data: PreDispatchData, + dispatch_result: DispatchResult, + ) -> RelayerAccountAction { + TestExtension::analyze_call_result( + Some(Some(pre_dispatch_data)), + &dispatch_info(), + &post_dispatch_info(), + 1024, + &dispatch_result, + ) + } + + #[test] + fn analyze_call_result_shall_not_slash_for_transactions_with_too_many_messages() { + run_test(|| { + initialize_environment(100, 100, 100); + + // the `analyze_call_result` should return slash if number of bundled messages is + // within reasonable limits + assert_eq!( + run_analyze_call_result(all_finality_pre_dispatch_data(), Ok(())), + RelayerAccountAction::Slash( + relayer_account_at_this_chain(), + MsgProofsRewardsAccount::get() + ), + ); + assert_eq!( + run_analyze_call_result(parachain_finality_pre_dispatch_data(), Ok(())), + RelayerAccountAction::Slash( + relayer_account_at_this_chain(), + MsgProofsRewardsAccount::get() + ), + ); + assert_eq!( + run_analyze_call_result(delivery_pre_dispatch_data(), Ok(())), + RelayerAccountAction::Slash( + relayer_account_at_this_chain(), + MsgProofsRewardsAccount::get() + ), + ); + + // the `analyze_call_result` should not return slash if number of bundled messages is + // larger than the + assert_eq!( + run_analyze_call_result( + set_bundled_range_end(all_finality_pre_dispatch_data(), 1_000_000), + Ok(()) + ), + RelayerAccountAction::None, + ); + assert_eq!( + run_analyze_call_result( + set_bundled_range_end(parachain_finality_pre_dispatch_data(), 1_000_000), + Ok(()) + ), + RelayerAccountAction::None, + ); + assert_eq!( + run_analyze_call_result( + set_bundled_range_end(delivery_pre_dispatch_data(), 1_000_000), + Ok(()) + ), + RelayerAccountAction::None, + ); + }); + } +} diff --git a/bridges/docs/complex-relay.html b/bridges/docs/complex-relay.html new file mode 100644 index 00000000000..21524bfd049 --- /dev/null +++ b/bridges/docs/complex-relay.html @@ -0,0 +1,85 @@ + + + + + + Complex Relay + + +

Complex Relay

+

+ Both Source Chain and Target Chains have Bridge Messages pallets deployed. They also have required + finality pallets deployed - we don't care about finality type here - they can be either Bridge GRANDPA, + or Bridge Parachains finality pallets, or any combination of those.
+

+

+ There are 4-6 relayer subprocesses inside the Complex Relayer. They include two message relayers, + serving the lane in both directions and 2-4 Complex Relayers (depending on the finality type of Source + and Target Chains).
+

+

+ The following diagram shows the way the complex relayer serves the lane in single direction. Everything + below may be applied to the opposite direction if you'll swap the Source and Target Chains. +

+
+ sequenceDiagram + participant Source Chain + participant Complex Relayer + participant Target Chain + + Note right of Source Chain: Finalized: 480, Target Finalized: 50, Sent Messages: 42, Confirmed Messages: 42 + Note left of Target Chain: Finalized: 60, Source Finalized: 420, Received Messages: 42 + + Source Chain ->> Source Chain: someone Sends Message 43 + Source Chain ->> Source Chain: Import and Finalize Block 481 + + Source Chain ->> Complex Relayer: notes new outbound message 43 at Source Chain Block 481 + Note right of Complex Relayer: can't deliver message 43, Source Chain Block 481 is not relayed + Complex Relayer ->> Complex Relayer: asks on-demand Finality Relayer to relay Source Chain Block 481 + + Source Chain ->> Complex Relayer: Read Finality Proof of Block 481 + Complex Relayer ->> Target Chain: Submit Finality Proof of Block 481 + Target Chain ->> Target Chain: Import and Finalize Block 61 + Note left of Target Chain: Finalized: 61, Source Finalized: 481, Received Messages: 42 + + Source Chain ->> Complex Relayer: Read Proof of Message 43 at Block 481 + Complex Relayer ->> Target Chain: Submit Proof of Message 43 at Block 481 + Target Chain ->> Target Chain: Import and Finalize Block 62 + Note left of Target Chain: Finalized: 62, Source Finalized: 481, Received Messages: { rewarded: 42, messages-relayer-account: [43] } + + Target Chain ->> Complex Relayer: notes new unrewarded relayer at Target Chain Block 62 + Note right of Complex Relayer: can't relay delivery confirmations because Target Chain Block 62 is not relayed + Complex Relayer ->> Complex Relayer: asks on-demand Finality Relayer to relay Target Chain Block 62 + + Target Chain ->> Complex Relayer: Read Finality Proof of Block 62 + Complex Relayer ->> Source Chain: Submit Finality Proof of Block 62 + Source Chain ->> Source Chain: Import and Finalize Block 482 + Note right of Source Chain: Finalized: 482, Target Finalized: 62, Confirmed Messages: 42 + + Target Chain ->> Complex Relayer: Read Proof of Message 43 Delivery at Block 62 + Complex Relayer ->> Source Chain: Submit Proof of Message 43 Delivery at Block 612 + Source Chain ->> Source Chain: rewards messages-relayer-account for delivering message [43] + Source Chain ->> Source Chain: prune delivered message 43 from runtime storage + Note right of Source Chain: Finalized: 482, Target Finalized: 61, Confirmed Messages: 43 + + Source Chain ->> Source Chain: someone Sends Message 44 + Source Chain ->> Source Chain: Import and Finalize Block 483 + + Source Chain ->> Complex Relayer: notes new outbound message 44 at Source Chain Block 483 and new confirmed message 43 + Note right of Complex Relayer: can't deliver message 44, Source Chain Block 483 is not relayed + Complex Relayer ->> Complex Relayer: asks on-demand Finality Relayer to relay Source Chain Block 483 + + Source Chain ->> Complex Relayer: Read Finality Proof of Block 483 + Complex Relayer ->> Target Chain: Submit Finality Proof of Block 483 + Target Chain ->> Target Chain: Import and Finalize Block 63 + Note left of Target Chain: Finalized: 63, Source Finalized: 483, Received Messages: { rewarded: 42, messages-relayer-account: [43] } + + Source Chain ->> Complex Relayer: Read Proof of Message 44 and Proof of Message 43 reward at Block 483 + Complex Relayer ->> Target Chain: Submit Proof of Message 44 and Proof of Message 43 reward at Block 483 + Target Chain ->> Target Chain: Import and Finalize Block 64 + Note left of Target Chain: Finalized: 64, Source Finalized: 483, Received Messages: { rewarded: 43, messages-relayer-account: [44] }--> +
+ + + + diff --git a/bridges/docs/grandpa-finality-relay.html b/bridges/docs/grandpa-finality-relay.html new file mode 100644 index 00000000000..4136621b1a4 --- /dev/null +++ b/bridges/docs/grandpa-finality-relay.html @@ -0,0 +1,47 @@ + + + + + + GRANDPA Finality Relay + + +

GRANDPA Finality Relay

+

+ Source Chain is running GRANDPA Finality Gadget. Bridge GRANDPA finality pallet is deployed at + Target Chain runtime. Relayer is configured to relay Source Chain finality to Target Chain. +

+
+ sequenceDiagram + participant Source Chain + participant Relayer + participant Target Chain + Note left of Source Chain: Best: 500, Finalized: 480, Authorities Set Index: 42 + Note right of Target Chain: Uninitialized + + Source Chain ->> Relayer: Read Initialization Data + Relayer ->> Target Chain: Initialize Bridge GRANDPA Finality Pallet + Note right of Target Chain: Finalized: 480, Authorities Set Index: 42 + + Source Chain ->> Source Chain: Import Block 501 + Source Chain ->> Source Chain: Import Block 502 + Source Chain ->> Source Chain: Finalize Block 495 + Source Chain ->> Relayer: Read Finality Proof of Block 495 + Relayer ->> Target Chain: Finality Proof of Block 495 + Note right of Target Chain: Finalized: 495, Authorities Set Index: 42 + + Source Chain ->> Source Chain: Import Block 503 that changes Authorities Set to 43 + Source Chain ->> Source Chain: Finalize Block 500 + Note left of Relayer: Relayer Misses Finality Notification for Block 500 + + Source Chain ->> Source Chain: Import Block 504 + Source Chain ->> Source Chain: Finalize Mandatory Block 503 + Source Chain ->> Source Chain: Finalize Block 504 + Source Chain ->> Relayer: Read Finality Proof of Mandatory Block 503 + Relayer ->> Target Chain: Finality Proof of Block 503 + Note right of Target Chain: Finalized: 503, Authorities Set Index: 43 +
+ + + + diff --git a/bridges/docs/high-level-overview.md b/bridges/docs/high-level-overview.md new file mode 100644 index 00000000000..449224124af --- /dev/null +++ b/bridges/docs/high-level-overview.md @@ -0,0 +1,181 @@ +# High-Level Bridge Documentation + +This document gives a brief, abstract description of main components that may be found in this repository. +If you want to see how we're using them to build Rococo <> Wococo (Kusama <> Polkadot) bridge, please +refer to the [Polkadot <> Kusama Bridge](./polkadot-kusama-bridge-overview.md). + +## Purpose + +This repo contains all components required to build a trustless connection between standalone Substrate chains, +that are using GRANDPA finality, their parachains or any combination of those. On top of this connection, we +offer a messaging pallet that provides means to organize messages exchange. + +On top of that layered infrastructure, anyone may build their own bridge applications - e.g. [XCM messaging](./polkadot-kusama-bridge-overview.md), +[encoded calls messaging](https://github.com/paritytech/parity-bridges-common/releases/tag/encoded-calls-messaging) and so on. + +## Terminology + +Even though we support (and require) two-way bridging, the documentation will generally talk about +a one-sided interaction. That's to say, we will only talk about syncing finality proofs and messages +from a _source_ chain to a _target_ chain. This is because the two-sided interaction is really just the +one-sided interaction with the source and target chains switched. + +The bridge has both on-chain (pallets) and offchain (relayers) components. + +## On-chain components + +On-chain bridge components are pallets that are deployed at the chain runtime. Finality pallets require +deployment at the target chain, while messages pallet needs to be deployed at both, source +and target chains. + +### Bridge GRANDPA Finality Pallet + +A GRANDPA light client of the source chain built into the target chain's runtime. It provides a "source of truth" +about the source chain headers which have been finalized. This is useful for higher level applications. + +The pallet tracks current GRANDPA authorities set and only accepts finality proofs (GRANDPA justifications), +generated by the current authorities set. The GRANDPA protocol itself requires current authorities set to +generate explicit justification for the header that enacts next authorities set. Such headers and their finality +proofs are called mandatory in the pallet and relayer pays no fee for such headers submission. + +The pallet does not require all headers to be imported or provided. The relayer itself chooses which headers +he wants to submit (with the exception of mandatory headers). + +More: [pallet level documentation and code](../modules/grandpa/). + +### Bridge Parachains Finality Pallet + +Parachains are not supposed to have their own finality, so we can't use bridge GRANDPA pallet to verify their +finality proofs. Instead, they rely on their relay chain finality. The parachain header is considered final, +when it is accepted by the [`paras` pallet](https://github.com/paritytech/polkadot/tree/1a034bd6de0e76721d19aed02a538bcef0787260/runtime/parachains/src/paras) +at its relay chain. Obviously, the relay chain block, where it is accepted, must also be finalized by the relay +chain GRANDPA gadget. + +That said, the bridge parachains pallet accepts storage proof of one or several parachain heads, inserted to the +[`Heads`](https://github.com/paritytech/polkadot/blob/1a034bd6de0e76721d19aed02a538bcef0787260/runtime/parachains/src/paras/mod.rs#L642) +map of the [`paras` pallet](https://github.com/paritytech/polkadot/tree/1a034bd6de0e76721d19aed02a538bcef0787260/runtime/parachains/src/paras). +To verify this storage proof, the pallet uses relay chain header, imported earlier by the bridge GRANDPA pallet. + +The pallet may track multiple parachains at once and those parachains may use different primitives. So the +parachain header decoding never happens at the pallet level. For maintaining the headers order, the pallet +uses relay chain header number. + +More: [pallet level documentation and code](../modules/parachains/). + +### Bridge Messages Pallet + +The pallet is responsible for queuing messages at the source chain and receiving the messages proofs at the +target chain. The messages are sent to the particular _lane_, where they are guaranteed to be received in the +same order they are sent. The pallet supports many lanes. + +The lane has two ends. Outbound lane end is storing number of messages that have been sent and the number of +messages that have been received. Inbound lane end stores the number of messages that have been received and +also a map that maps messages to relayers that have delivered those messages to the target chain. + +The pallet has three main entrypoints: +- the `send_message` may be used by the other runtime pallets to send the messages; +- the `receive_messages_proof` is responsible for parsing the messages proof and handing messages over to the +dispatch code; +- the `receive_messages_delivery_proof` is responsible for parsing the messages delivery proof and rewarding +relayers that have delivered the message. + +Many things are abstracted by the pallet: +- the message itself may mean anything, the pallet doesn't care about its content; +- the message dispatch happens during delivery, but it is decoupled from the pallet code; +- the messages proof and messages delivery proof are verified outside of the pallet; +- the relayers incentivization scheme is defined outside of the pallet. + +Outside of the messaging pallet, we have a set of adapters, where messages and delivery proofs are regular +storage proofs. The proofs are generated at the bridged chain and require bridged chain finality. So messages +pallet, in this case, depends on one of the finality pallets. The messages are XCM messages and we are using +XCM executor to dispatch them on receival. You may find more info in [Polkadot <> Kusama Bridge](./polkadot-kusama-bridge-overview.md) +document. + +More: [pallet level documentation and code](../modules/messages/). + +### Bridge Relayers Pallet + +The pallet is quite simple. It just registers relayer rewards and has an entrypoint to collect them. When +the rewards are registered and the reward amount is configured outside of the pallet. + +More: [pallet level documentation and code](../modules/relayers/). + +## Offchain Components + +Offchain bridge components are separate processes, called relayers. Relayers are connected both to the +source chain and target chain nodes. Relayers are reading state of the source chain, compare it to the +state of the target chain and, if state at target chain needs to be updated, submits target chain +transaction. + +### GRANDPA Finality Relay + +The task of relay is to submit source chain GRANDPA justifications and their corresponding headers to +the Bridge GRANDPA Finality Pallet, deployed at the target chain. For that, the relay subscribes to +the source chain GRANDPA justifications stream and submits every new justification it sees to the +target chain GRANDPA light client. In addition, relay is searching for mandatory headers and +submits their justifications - without that the pallet will be unable to move forward. + +More: [GRANDPA Finality Relay Sequence Diagram](./grandpa-finality-relay.html), [pallet level documentation and code](../relays/finality/). + +### Parachains Finality Relay + +The relay connects to the source _relay_ chain and the target chain nodes. It doesn't need to connect to the +tracked parachain nodes. The relay looks at the [`Heads`](https://github.com/paritytech/polkadot/blob/1a034bd6de0e76721d19aed02a538bcef0787260/runtime/parachains/src/paras/mod.rs#L642) +map of the [`paras` pallet](https://github.com/paritytech/polkadot/tree/1a034bd6de0e76721d19aed02a538bcef0787260/runtime/parachains/src/paras) +in source chain, and compares the value with the best parachain head, stored in the bridge parachains pallet at +the target chain. If new parachain head appears at the relay chain block `B`, the relay process **waits** +until header `B` or one of its ancestors appears at the target chain. Once it is available, the storage +proof of the map entry is generated and is submitted to the target chain. + +As its on-chain component (which requires bridge GRANDPA pallet to be deployed nearby), the parachains +finality relay requires GRANDPA finality relay to be running in parallel. Without it, the header `B` or +any of its children's finality at source won't be relayed at target, and target chain +won't be able to verify generated storage proof. + +More: [Parachains Finality Relay Sequence Diagram](./parachains-finality-relay.html), [code](../relays/parachains/). + +### Messages Relay + +Messages relay is actually two relays that are running in a single process: messages delivery relay and +delivery confirmation relay. Even though they are more complex and have many caveats, the overall algorithm +is the same as in other relays. + +Message delivery relay connects to the source chain and looks at the outbound lane end, waiting until new +messages are queued there. Once they appear at the source block `B`, the relay start waiting for the block +`B` or its descendant appear at the target chain. Then the messages storage proof is generated and submitted +to the bridge messages pallet at the target chain. In addition, the transaction may include the storage proof +of the outbound lane state - that proves that relayer rewards have been paid and this data (map of relay +accounts to the delivered messages) may be pruned from the inbound lane state at the target chain. + +Delivery confirmation relay connects to the target chain and starts watching the inbound lane end. When new +messages are delivered to the target chain, the corresponding _source chain account_ is inserted to the +map in the inbound lane data. Relay detects that, say, at the target chain block `B` and waits until that +block or its descendant appears at the source chain. Once that happens, the relay crafts a storage proof of +that data and sends it to the messages pallet, deployed at the source chain. + +As you can see, the messages relay also requires finality relay to be operating in parallel. Since messages +relay submits transactions to both source and target chains, it requires both _source-to-target_ and +_target-to-source_ finality relays. They can be GRANDPA finality relays or GRANDPA+parachains finality relays, +depending on the type of connected chain. + +More: [Messages Relay Sequence Diagram](./messages-relay.html), [pallet level documentation and code](../relays/messages/). + +### Complex Relay + +Every relay transaction has its cost. The only transaction, that is "free" to relayer is when the mandatory +GRANDPA header is submitted. The relay that feeds the bridge with every relay chain and/or parachain head it +sees, will have to pay a (quite large) cost. And if no messages are sent through the bridge, that is just +waste of money. + +We have a special relay mode, called _complex relay_, where relay mostly sleeps and only submits transactions +that are required for the messages/confirmations delivery. This mode starts two message relays (in both +directions). All required finality relays are also started in a special _on-demand_ mode. In this mode they +do not submit any headers without special request. As always, the only exception is when GRANDPA finality +relay sees the mandatory header - it is submitted without such request. + +The message relays are watching their lanes and when, at some block `B`, they see new messages/confirmations +to be delivered, they are asking on-demand relays to relay this block `B`. On-demand relays does that and +then message relay may perform its job. If on-demand relay is a parachain finality relay, it also runs its +own on-demand GRANDPA relay, which is used to relay required relay chain headers. + +More: [Complex Relay Sequence Diagram](./complex-relay.html), [code](../relays/bin-substrate/src/cli/relay_headers_and_messages/). diff --git a/bridges/docs/messages-relay.html b/bridges/docs/messages-relay.html new file mode 100644 index 00000000000..c4dab9901e0 --- /dev/null +++ b/bridges/docs/messages-relay.html @@ -0,0 +1,78 @@ + + + + + + Messages Relay + + +

Messages Relay

+

+ Both Source Chain and Target Chains have Bridge Messages pallets deployed. They also have required + finality pallets deployed - we don't care about finality type here - they can be either Bridge GRANDPA, + or Bridge Parachains finality pallets, or any combination of those. +

+

+ Finality Relayer represents two actual relayers - one relays Source Chain Finality to Target Chain. + And another one relays Target Chain Finality to Source Chain. +

+
+ sequenceDiagram + participant Source Chain + participant Finality Relayer + participant Messages Relayer + participant Target Chain + + Note right of Source Chain: Finalized: 480, Target Finalized: 50, Sent Messages: 42, Confirmed Messages: 42 + Note left of Target Chain: Finalized: 60, Source Finalized: 420, Received Messages: 42 + + Source Chain ->> Source Chain: someone Sends Message 43 + Source Chain ->> Source Chain: Import and Finalize Block 481 + + Source Chain ->> Messages Relayer: notes new outbound message 43 at Source Chain Block 481 + Note right of Messages Relayer: can't deliver message 43, Source Chain Block 481 is not relayed + + Source Chain ->> Finality Relayer: Read Finality Proof of Block 481 + Finality Relayer ->> Target Chain: Submit Finality Proof of Block 481 + Target Chain ->> Target Chain: Import and Finalize Block 61 + Note left of Target Chain: Finalized: 61, Source Finalized: 481, Received Messages: 42 + + Source Chain ->> Messages Relayer: Read Proof of Message 43 at Block 481 + Messages Relayer ->> Target Chain: Submit Proof of Message 43 at Block 481 + Target Chain ->> Target Chain: Import and Finalize Block 62 + Note left of Target Chain: Finalized: 62, Source Finalized: 481, Received Messages: { rewarded: 42, messages-relayer-account: [43] } + + Target Chain ->> Messages Relayer: notes new unrewarded relayer at Target Chain Block 62 + Note right of Messages Relayer: can't relay delivery confirmations because Target Chain Block 62 is not relayed + + Target Chain ->> Finality Relayer: Read Finality Proof of Block 62 + Finality Relayer ->> Source Chain: Submit Finality Proof of Block 62 + Source Chain ->> Source Chain: Import and Finalize Block 482 + Note right of Source Chain: Finalized: 482, Target Finalized: 62, Confirmed Messages: 42 + + Target Chain ->> Messages Relayer: Read Proof of Message 43 Delivery at Block 62 + Messages Relayer ->> Source Chain: Submit Proof of Message 43 Delivery at Block 612 + Source Chain ->> Source Chain: rewards messages-relayer-account for delivering message [43] + Source Chain ->> Source Chain: prune delivered message 43 from runtime storage + Note right of Source Chain: Finalized: 482, Target Finalized: 61, Confirmed Messages: 43 + + Source Chain ->> Source Chain: someone Sends Message 44 + Source Chain ->> Source Chain: Import and Finalize Block 483 + + Source Chain ->> Messages Relayer: notes new outbound message 44 at Source Chain Block 483 and new confirmed message 43 + Note right of Messages Relayer: can't deliver message 44, Source Chain Block 483 is not relayed + + Source Chain ->> Finality Relayer: Read Finality Proof of Block 483 + Finality Relayer ->> Target Chain: Submit Finality Proof of Block 483 + Target Chain ->> Target Chain: Import and Finalize Block 63 + Note left of Target Chain: Finalized: 63, Source Finalized: 483, Received Messages: { rewarded: 42, messages-relayer-account: [43] } + + Source Chain ->> Messages Relayer: Read Proof of Message 44 and Proof of Message 43 reward at Block 483 + Messages Relayer ->> Target Chain: Submit Proof of Message 44 and Proof of Message 43 reward at Block 483 + Target Chain ->> Target Chain: Import and Finalize Block 64 + Note left of Target Chain: Finalized: 64, Source Finalized: 483, Received Messages: { rewarded: 43, messages-relayer-account: [44] } +
+ + + + diff --git a/bridges/docs/parachains-finality-relay.html b/bridges/docs/parachains-finality-relay.html new file mode 100644 index 00000000000..4fc1392b87d --- /dev/null +++ b/bridges/docs/parachains-finality-relay.html @@ -0,0 +1,55 @@ + + + + + + Parachains Finality Relay + + +

Parachains Finality Relay

+

+ Source Relay Chain is running GRANDPA Finality Gadget. Source Parachain is a parachain of the Source + Relay Chain. Bridge GRANDPA finality pallet is deployed at Target Chain runtime and is "connected" + to the Source Relay Chain. Bridge Parachains finality pallet is deployed at Target Chain and is + configured to track the Source Parachain. GRANDPA Relayer is configured to relay Source Relay Chain + finality to Target Chain. Parachains Relayer is configured to relay Source Parachain headers finality + to Target Chain. +

+
+ sequenceDiagram + participant Source Parachain + participant Source Relay Chain + participant GRANDPA Relayer + participant Parachains Relayer + participant Target Chain + + Note left of Source Parachain: Best: 125 + Note left of Source Relay Chain: Finalized: 500, Best Parachain at Finalized: 120 + Note right of Target Chain: Best Relay: 480, Best Parachain: 110 + + Source Parachain ->> Source Parachain: Import Block 126 + Source Parachain ->> Source Relay Chain: Receives the Parachain block 126 + + Source Relay Chain ->> Source Relay Chain: Import block 501 + Source Relay Chain ->> Source Relay Chain: Finalize block 501 + Note left of Source Relay Chain: Finalized: 501, Best Parachain at Finalized: 126 + + Source Relay Chain ->> Parachains Relayer: notes new Source Parachain Block 126 + Note left of Parachains Relayer: can't relay Source Parachain Block 126, because it requires at least Source Relay Block 501 at Target Chain + + Source Relay Chain ->> Source Relay Chain: Import block 502 + Source Relay Chain ->> Source Relay Chain: Finalize block 502 + + Source Relay Chain ->> GRANDPA Relayer: read GRANDPA Finality Proof of Block 502 + GRANDPA Relayer ->> Target Chain: submit GRANDPA Finality Proof of Block 502 + Note right of Target Chain: Best Relay: 502, Best Parachain: 110 + + Target Chain ->> Parachains Relayer: notes finalized Source Relay Block 502 at Target Chain + Source Relay Chain ->> Parachains Relayer: read Parachain Finality Proof at Relay Block 502 + Parachains Relayer ->> Target Chain: submit Parachain Finality Proof at Relay Block 502 + Note right of Target Chain: Best Relay: 502, Best Parachain: 126 +
+ + + + diff --git a/bridges/docs/polkadot-kusama-bridge-overview.md b/bridges/docs/polkadot-kusama-bridge-overview.md new file mode 100644 index 00000000000..9f407b6ba00 --- /dev/null +++ b/bridges/docs/polkadot-kusama-bridge-overview.md @@ -0,0 +1,132 @@ +# Polkadot <> Kusama Bridge Overview + +This document describes how we use all components, described in the [High-Level Bridge Documentation](./high-level-overview.md), +to build the XCM bridge between Kusama and Polkadot. In this case, our components merely work as a XCM transport +(like XCMP/UMP/HRMP), between chains that are not a part of the same consensus system. + +The overall architecture may be seen in [this diagram](./polkadot-kusama-bridge.html). + +## Bridge Hubs + +All operations at relay chain are expensive. Ideally all non-mandatory transactions must happen on parachains. +That's why we are planning to have two parachains - Polkadot Bridge Hub under Polkadot consensus and Kusama +Bridge Hub under Kusama consensus. + +The Bridge Hub will have all required bridge pallets in its runtime. We hope that later, other teams will be able to +use our bridge hubs too and have their pallets there. + +The Bridge Hub will use the base token of the ecosystem - KSM at Kusama Bridge Hub and DOT at Polkadot Bridge Hub. +The runtime will have minimal set of non-bridge pallets, so there's not much you can do directly on bridge hubs. + +## Connecting Parachains + +You won't be able to directly use bridge hub transactions to send XCM messages over the bridge. Instead, you'll need +to use other parachains transactions, which will use HRMP to deliver messages to the Bridge Hub. The Bridge Hub will +just queue these messages in its outbound lane, which is dedicated to deliver messages between two parachains. + +Our first planned bridge will connect the Polkadot' Statemint and Kusama' Statemine. Bridge between those two +parachains would allow Statemint accounts to hold wrapped KSM tokens and Statemine accounts to hold wrapped DOT +tokens. + +For that bridge (pair of parachains under different consensus systems) we'll be using the lane 00000000. Later, +when other parachains will join the bridge, they will be using other lanes for their messages. + +## Running Relayers + +We are planning to run our own complex relayer for the lane 00000000. The relayer will relay Kusama/Polkadot GRANDPA +justifications to the bridge hubs at the other side. It'll also relay finalized Kusama Bridge Hub and Polkadot Bridge +Hub heads. This will only happen when messages will be queued at hubs. So most of time relayer will be idle. + +There's no any active relayer sets, or something like that. Anyone may start its own relayer and relay queued messages. +We are not against that and, as always, appreciate any community efforts. Of course, running relayer has the cost. +Apart from paying for the CPU and network, the relayer pays for transactions at both sides of the bridge. We have +a mechanism for rewarding relayers. + +### Compensating the Cost of Message Delivery Transactions + +One part of our rewarding scheme is that the cost of message delivery, for honest relayer, is zero. The honest relayer +is the relayer, which is following our rules: + +- we do not reward relayers for submitting GRANDPA finality transactions. The only exception is submitting mandatory + headers (headers which are changing the GRANDPA authorities set) - the cost of such transaction is zero. The relayer + will pay the full cost for submitting all other headers; + +- we do not reward relayers for submitting parachain finality transactions. The relayer will pay the full cost for + submitting parachain finality transactions; + +- we compensate the cost of message delivery transactions that have actually delivered the messages. So if your + transaction has claimed to deliver messages `[42, 43, 44]`, but, because of some reasons, has actually delivered + messages `[42, 43]`, the transaction will be free for relayer. If it has not delivered any messages, then + the relayer pays the full cost of the transaction; + +- we compensate the cost of message delivery and all required finality calls, if they are part of the same + [`frame_utility::batch_all`](https://github.com/paritytech/substrate/blob/891d6a5c870ab88521183facafc811a203bb6541/frame/utility/src/lib.rs#L326) + transaction. Of course, the calls inside the batch must be linked - e.g. the submitted parachain head must be used + to prove messages. Relay header must be used to prove parachain head finality. If one of calls fails, or if they + are not linked together, the relayer pays the full transaction cost. + +Please keep in mind that the fee of "zero-cost" transactions is still withdrawn from the relayer account. But the +compensation is registered in the `pallet_bridge_relayers::RelayerRewards` map at the target bridge hub. The relayer +may later claim all its rewards later, using the `pallet_bridge_relayers::claim_rewards` call. + +*A side note*: why we don't simply set the cost of useful transactions to zero? That's because the bridge has its cost. +If we won't take any fees, it would mean that the sender is not obliged to pay for its messages. And Bridge Hub +collators (and, maybe, "treasury") are not receiving any payment for including transactions. More about this later, +in the [Who is Rewarding Relayers](#who-is-rewarding-relayers) section. + +### Message Delivery Confirmation Rewards + +In addition to the "zero-cost" message delivery transactions, the relayer is also rewarded for: + +- delivering every message. The reward is registered during delivery confirmation transaction at the Source Bridge + Hub.; + +- submitting delivery confirmation transaction. The relayer may submit delivery confirmation that e.g. confirms + delivery of four messages, of which the only one (or zero) messages is actually delivered by this relayer. It + receives some fee for confirming messages, delivered by other relayers. + +Both rewards may be claimed using the `pallet_bridge_relayers::claim_rewards` call at the Source Bridge Hub. + +### Who is Rewarding Relayers + +Obviously, there should be someone who is paying relayer rewards. We want bridge transactions to have a cost, so we +can't use fees for rewards. Instead, the parachains using the bridge, use sovereign accounts on both sides +of the bridge to cover relayer rewards. + +Bridged Parachains will have sovereign accounts at bridge hubs. For example, the Statemine (Kusama Parachain) will +have an account at the Polkadot Bridge Hub. The Statemint (Polkadot Parachain) will have an account at the Kusama +Bridge Hub. The sovereign accounts are used as a source of funds when the relayer is calling the +`pallet_bridge_relayers::claim_rewards`. + +Since messages lane is only used by the pair of parachains, there's no collision between different bridges. E.g. +Statemine will only reward relayers that are delivering messages from Statemine. The Statemine sovereign account +is not used to cover rewards of bridging with some other Polkadot Parachain. + +### Multiple Relayers and Rewards + +Our goal is to incentivize running honest relayers. But we have no relayers sets, so at any time anyone may submit +message delivery transaction, hoping that the cost of this transaction will be compensated. So what if some message is +currently queued and two relayers are submitting two identical message delivery transactions at once? Without any +special means, the cost of first included transaction will be compensated and the cost of the other one won't. A honest, +but unlucky relayer will lose some money. In addition, we'll waste some portion of block size and weight, which +may be used by other useful transactions. + +To solve the problem, we have two signed extensions ([generate_bridge_reject_obsolete_headers_and_messages! {}](../bin/runtime-common/src/lib.rs) +and [RefundRelayerForMessagesFromParachain](../bin/runtime-common/src/refund_relayer_extension.rs)), that are +preventing bridge transactions with obsolete data from including into the block. We are rejecting following +transactions: + +- transactions, that are submitting the GRANDPA justification for the best finalized header, or one of its ancestors; + +- transactions, that are submitting the proof of the current best parachain head, or one of its ancestors; + +- transactions, that are delivering already delivered messages. If at least one of messages is not yet delivered, + the transaction is not rejected; + +- transactions, that are confirming delivery of already confirmed messages. If at least one of confirmations is new, + the transaction is not rejected; + +- [`frame_utility::batch_all`](https://github.com/paritytech/substrate/blob/891d6a5c870ab88521183facafc811a203bb6541/frame/utility/src/lib.rs#L326) + transactions, that have both finality and message delivery calls. All restrictions from the + [Compensating the Cost of Message Delivery Transactions](#compensating-the-cost-of-message-delivery-transactions) + are applied. diff --git a/bridges/docs/polkadot-kusama-bridge.html b/bridges/docs/polkadot-kusama-bridge.html new file mode 100644 index 00000000000..dcbae0e7b17 --- /dev/null +++ b/bridges/docs/polkadot-kusama-bridge.html @@ -0,0 +1,67 @@ + + + + + + Polkadot <> Kusama Bridge + + +

Polkadot <> Kusama Bridge

+

+ Our bridge connects two parachains - Kusama Bridge Hub and Polkadot Bridge Hub. Messages that + are sent over bridge have XCM format and we are using existing architecture to dispatch them. + Since both Polkadot, Kusama and their parachains already have means to exchange XCM messages + within the same consensus system (HRMP, VMP, ...), it means that we are able to connect all those + chains with our bridge. +

+

+ In our architecture, the lane that is used to relay messages over the bridge is determined by + the XCM source and destinations. So e.g. bridge between Statemint and Statemine (and opposite direction) + will use the lane 00000000, bridge between some other Polkadot Parachain and some other Kusama Parachain + will use the lane 00000001 and so on. +

+
+ flowchart LR + subgraph Polkadot Consensus + polkadot(((Polkadot))) + statemint(((Statemint))) + polkadot_bh(((Polkadot Bridge Hub))) + + polkadot---statemint + polkadot---polkadot_bh + + statemint-->|Send Message Using HRMP|polkadot_bh + + polkadot_bh-->|Send Message Using HRMP|statemint + statemint-->|Dispatch the Message|statemint + end + subgraph Kusama Consensus + kusama_bh(((Kusama Bridge Hub))) + statemine(((Statemine))) + kusama(((Kusama))) + + kusama---statemine + kusama---kusama_bh + + kusama_bh-->|Send Message Using HRMP|statemine + statemine-->|Dispatch the Message|statemine + + statemine-->|Send Message Using HRMP|kusama_bh + end + + polkadot_bh<===>|Message is relayed to the Bridged Chain using lane 00000000|kusama_bh + + linkStyle 2 stroke:red + linkStyle 7 stroke:red + linkStyle 8 stroke:red + + linkStyle 3 stroke:green + linkStyle 4 stroke:green + linkStyle 9 stroke:green +
+ + + \ No newline at end of file diff --git a/bridges/modules/grandpa/Cargo.toml b/bridges/modules/grandpa/Cargo.toml new file mode 100644 index 00000000000..9b97b518fc5 --- /dev/null +++ b/bridges/modules/grandpa/Cargo.toml @@ -0,0 +1,63 @@ +[package] +name = "pallet-bridge-grandpa" +version = "0.1.0" +authors = ["Parity Technologies "] +edition = "2021" +license = "GPL-3.0-or-later WITH Classpath-exception-2.0" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +codec = { package = "parity-scale-codec", version = "3.1.5", default-features = false } +finality-grandpa = { version = "0.16.2", default-features = false } +log = { version = "0.4.17", default-features = false } +scale-info = { version = "2.6.0", default-features = false, features = ["derive"] } + +# Bridge Dependencies + +bp-runtime = { path = "../../primitives/runtime", default-features = false } +bp-header-chain = { path = "../../primitives/header-chain", default-features = false } + +# Substrate Dependencies + +frame-support = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +frame-system = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-consensus-grandpa = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-runtime = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-std = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-trie = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } + +# Optional Benchmarking Dependencies +bp-test-utils = { path = "../../primitives/test-utils", default-features = false, optional = true } +frame-benchmarking = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false, optional = true } + +[dev-dependencies] +sp-core = { git = "https://github.com/paritytech/substrate", branch = "master" } +sp-io = { git = "https://github.com/paritytech/substrate", branch = "master" } + +[features] +default = ["std"] +std = [ + "bp-header-chain/std", + "bp-runtime/std", + "bp-test-utils/std", + "codec/std", + "finality-grandpa/std", + "frame-support/std", + "frame-system/std", + "frame-benchmarking/std", + "log/std", + "scale-info/std", + "sp-consensus-grandpa/std", + "sp-runtime/std", + "sp-std/std", + "sp-trie/std", +] +runtime-benchmarks = [ + "bp-test-utils", + "frame-benchmarking/runtime-benchmarks", +] +try-runtime = [ + "frame-support/try-runtime", + "frame-system/try-runtime", +] diff --git a/bridges/modules/grandpa/README.md b/bridges/modules/grandpa/README.md new file mode 100644 index 00000000000..27b4d2389c4 --- /dev/null +++ b/bridges/modules/grandpa/README.md @@ -0,0 +1,101 @@ +# Bridge GRANDPA Pallet + +The bridge GRANDPA pallet is a light client for the GRANDPA finality gadget, running at the bridged chain. +It may import headers and their GRANDPA finality proofs (justifications) of the bridged chain. Imported +headers then may be used to verify storage proofs by other pallets. This makes the bridge GRANDPA pallet +a basic pallet of all bridges with Substrate-based chains. It is used by all bridge types (bridge between +standalone chains, between parachains and any combination of those) and is used by other bridge pallets. +It is used by the parachains light client (bridge parachains pallet) and by messages pallet. + +## A Brief Introduction into GRANDPA Finality + +You can find detailed information on GRANDPA, by exploring its [repository](https://github.com/paritytech/finality-grandpa). +Here is the minimal reqiuired GRANDPA information to understand how pallet works. + +Any Substrate chain may use different block authorship algorithms (like BABE or Aura) to determine block producers and +generate blocks. This has nothing common with finality, though - the task of block authorship is to coordinate +blocks generation. Any block may be reverted (if there's a fork) if it is not finalized. The finality solution +for (standalone) Substrate-based chains is the GRANDPA finality gadget. If some block is finalized by the gadget, it +can't be reverted. + +In GRANDPA, there are validators, identified by their public keys. They select some generated block and produce +signatures on this block hash. If there are enough (more than `2 / 3 * N`, where `N` is number of validators) +signatures, then the block is considered finalized. The set of signatures for the block is called justification. +Anyone who knows the public keys of validators is able to verify GRANDPA justification and that it is generated +for provided header. + +There are two main things in GRANDPA that help building light clients: + +- there's no need to import all headers of the bridged chain. Light client may import finalized headers or just + some of finalized headders that it consider useful. While the validators set stays the same, the client may + import any header that is finalized by this set; + +- when validators set changes, the GRANDPA gadget adds next set to the header. So light client doesn't need to + verify storage proofs when this happens - it only needs to look at the header and see if it changes the set. + Once set is changed, all following justifications are generated by the new set. Header that is changing the + set is called "mandatory" in the pallet. As the name says, the light client need to import all such headers + to be able to operate properly. + +## Pallet Operations + +The main entrypoint of the pallet is the `submit_finality_proof` call. It has two arguments - the finalized +headers and associated GRANDPA justification. The call simply verifies the justification using current +validators set and checks if header is better than the previous best header. If both checks are passed, the +header (only its useful fields) is inserted into the runtime storage and may be used by other pallets to verify +storage proofs. + +The submitter pays regular fee for submitting all headers, except for the mandatory header. Since it is +required for the pallet operations, submitting such header is free. So if you're ok with session-length +lags (meaning that there's exactly 1 mandatory header per session), the cost of pallet calls is zero. + +When the pallet sees mandatory header, it updates the validators set with the set from the header. All +following justifications (until next mandatory header) must be generated by this new set. + +## Pallet Initialization + +As the previous section states, there are two things that are mandatory for pallet operations: best finalized +header and the current validators set. Without it the pallet can't import any headers. But how to provide +initial values for these fields? There are two options. + +First option, while it is easier, doesn't work in all cases. It is to start chain with initial header and +validators set specified in the chain specification. This won't work, however, if we want to add bridge +to already started chain. + +For the latter case we have the `initialize` call. It accepts the initial header and initial validators set. +The call may be called by the governance, root or by the pallet owner (if it is set). + +## Non-Essential Functionality + +There may be a special account in every runtime where the bridge GRANDPA module is deployed. This +account, named 'module owner', is like a module-level sudo account - he's able to halt and +resume all module operations without requiring runtime upgrade. Calls that are related to this +account are: + +- `fn set_owner()`: current module owner may call it to transfer "ownership" to another account; + +- `fn set_operating_mode()`: the module owner (or sudo account) may call this function to stop all + module operations. After this call, all finality proofs will be rejected until further `set_operating_mode` call'. + This call may be used when something extraordinary happens with the bridge; + +- `fn initialize()`: module owner may call this function to initialize the bridge. + +If pallet owner is not defined, the governance may be used to make those calls. + +## Signed Extension to Reject Obsolete Headers + +It'd be better for anyone (for chain and for submitters) to reject all transactions that are submitting +already known headers to the pallet. This way, we leave block space to other useful transactions and +we don't charge concurrent submitters for their honest actions. + +To deal with that, we have a [signed extension](./src/call_ext) that may be added to the runtime. +It does exactly what is required - rejects all transactions with already known headers. The submitter +pays nothing for such transactions - they're simply removed from the transaction pool, when the block +is built. + +You may also take a look at the [`generate_bridge_reject_obsolete_headers_and_messages`](../../bin/runtime-common/src/lib.rs) +macro that bundles several similar signed extensions in a single one. + +## GRANDPA Finality Relay + +We have an offchain actor, who is watching for GRANDPA justifications and submits them to the bridged chain. +It is the finality relay - you may look at the [crate level documentation and the code](../../relays/finality/). diff --git a/bridges/modules/grandpa/src/benchmarking.rs b/bridges/modules/grandpa/src/benchmarking.rs new file mode 100644 index 00000000000..aa222d6e4de --- /dev/null +++ b/bridges/modules/grandpa/src/benchmarking.rs @@ -0,0 +1,141 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Benchmarks for the GRANDPA Pallet. +//! +//! The main dispatchable for the GRANDPA pallet is `submit_finality_proof`, so these benchmarks are +//! based around that. There are to main factors which affect finality proof verification: +//! +//! 1. The number of `votes-ancestries` in the justification +//! 2. The number of `pre-commits` in the justification +//! +//! Vote ancestries are the headers between (`finality_target`, `head_of_chain`], where +//! `header_of_chain` is a descendant of `finality_target`. +//! +//! Pre-commits are messages which are signed by validators at the head of the chain they think is +//! the best. +//! +//! Consider the following: +//! +//! / B <- C' +//! A <- B <- C +//! +//! The common ancestor of both forks is block A, so this is what GRANDPA will finalize. In order to +//! verify this we will have vote ancestries of `[B, C, B', C']` and pre-commits `[C, C']`. +//! +//! Note that the worst case scenario here would be a justification where each validator has it's +//! own fork which is `SESSION_LENGTH` blocks long. + +use crate::*; + +use bp_header_chain::justification::required_justification_precommits; +use bp_runtime::BasicOperatingMode; +use bp_test_utils::{ + accounts, make_justification_for_header, JustificationGeneratorParams, TEST_GRANDPA_ROUND, + TEST_GRANDPA_SET_ID, +}; +use frame_benchmarking::{benchmarks_instance_pallet, whitelisted_caller}; +use frame_system::RawOrigin; +use sp_consensus_grandpa::AuthorityId; +use sp_runtime::traits::{One, Zero}; +use sp_std::vec::Vec; + +/// The maximum number of vote ancestries to include in a justification. +/// +/// In practice this would be limited by the session length (number of blocks a single authority set +/// can produce) of a given chain. +const MAX_VOTE_ANCESTRIES: u32 = 1000; + +// `1..MAX_VOTE_ANCESTRIES` is too large && benchmarks are running for almost 40m (steps=50, +// repeat=20) on a decent laptop, which is too much. Since we're building linear function here, +// let's just select some limited subrange for benchmarking. +const MAX_VOTE_ANCESTRIES_RANGE_BEGIN: u32 = MAX_VOTE_ANCESTRIES / 20; +const MAX_VOTE_ANCESTRIES_RANGE_END: u32 = + MAX_VOTE_ANCESTRIES_RANGE_BEGIN + MAX_VOTE_ANCESTRIES_RANGE_BEGIN; + +// the same with validators - if there are too much validators, let's run benchmarks on subrange +fn precommits_range_end, I: 'static>() -> u32 { + let max_bridged_authorities = T::BridgedChain::MAX_AUTHORITIES_COUNT; + if max_bridged_authorities > 128 { + sp_std::cmp::max(128, max_bridged_authorities / 5) + } else { + max_bridged_authorities + }; + required_justification_precommits(max_bridged_authorities) +} + +/// Prepare header and its justification to submit using `submit_finality_proof`. +fn prepare_benchmark_data, I: 'static>( + precommits: u32, + ancestors: u32, +) -> (BridgedHeader, GrandpaJustification>) { + // going from precommits to total authorities count + let total_authorities_count = (3 * precommits - 1) / 2; + + let authority_list = accounts(total_authorities_count as u16) + .iter() + .map(|id| (AuthorityId::from(*id), 1)) + .collect::>(); + + let genesis_header: BridgedHeader = bp_test_utils::test_header(Zero::zero()); + let genesis_hash = genesis_header.hash(); + let init_data = InitializationData { + header: Box::new(genesis_header), + authority_list, + set_id: TEST_GRANDPA_SET_ID, + operating_mode: BasicOperatingMode::Normal, + }; + + bootstrap_bridge::(init_data); + assert!(>::contains_key(genesis_hash)); + + let header: BridgedHeader = bp_test_utils::test_header(One::one()); + let params = JustificationGeneratorParams { + header: header.clone(), + round: TEST_GRANDPA_ROUND, + set_id: TEST_GRANDPA_SET_ID, + authorities: accounts(precommits as u16).iter().map(|k| (*k, 1)).collect::>(), + ancestors, + forks: 1, + }; + let justification = make_justification_for_header(params); + (header, justification) +} + +benchmarks_instance_pallet! { + // This is the "gold standard" benchmark for this extrinsic, and it's what should be used to + // annotate the weight in the pallet. + submit_finality_proof { + let p in 1 .. precommits_range_end::(); + let v in MAX_VOTE_ANCESTRIES_RANGE_BEGIN..MAX_VOTE_ANCESTRIES_RANGE_END; + let caller: T::AccountId = whitelisted_caller(); + let (header, justification) = prepare_benchmark_data::(p, v); + }: submit_finality_proof(RawOrigin::Signed(caller), Box::new(header), justification) + verify { + let genesis_header: BridgedHeader = bp_test_utils::test_header(Zero::zero()); + let header: BridgedHeader = bp_test_utils::test_header(One::one()); + let expected_hash = header.hash(); + + // check that the header#1 has been inserted + assert_eq!(>::get().unwrap().1, expected_hash); + assert!(>::contains_key(expected_hash)); + + // check that the header#0 has been pruned + assert!(!>::contains_key(genesis_header.hash())); + } + + impl_benchmark_test_suite!(Pallet, crate::mock::new_test_ext(), crate::mock::TestRuntime) +} diff --git a/bridges/modules/grandpa/src/call_ext.rs b/bridges/modules/grandpa/src/call_ext.rs new file mode 100644 index 00000000000..b57aebb1ac1 --- /dev/null +++ b/bridges/modules/grandpa/src/call_ext.rs @@ -0,0 +1,311 @@ +// Copyright 2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +use crate::{weights::WeightInfo, BridgedBlockNumber, BridgedHeader, Config, Error, Pallet}; +use bp_header_chain::{justification::GrandpaJustification, ChainWithGrandpa}; +use bp_runtime::BlockNumberOf; +use codec::Encode; +use frame_support::{dispatch::CallableCallFor, traits::IsSubType, weights::Weight, RuntimeDebug}; +use sp_runtime::{ + traits::{Header, Zero}, + transaction_validity::{InvalidTransaction, TransactionValidity, ValidTransaction}, + SaturatedConversion, +}; + +/// Info about a `SubmitParachainHeads` call which tries to update a single parachain. +#[derive(Copy, Clone, PartialEq, RuntimeDebug)] +pub struct SubmitFinalityProofInfo { + /// Number of the finality target. + pub block_number: N, + /// Extra weight that we assume is included in the call. + /// + /// We have some assumptions about headers and justifications of the bridged chain. + /// We know that if our assumptions are correct, then the call must not have the + /// weight above some limit. The fee paid for weight above that limit, is never refunded. + pub extra_weight: Weight, + /// Extra size (in bytes) that we assume are included in the call. + /// + /// We have some assumptions about headers and justifications of the bridged chain. + /// We know that if our assumptions are correct, then the call must not have the + /// weight above some limit. The fee paid for bytes above that limit, is never refunded. + pub extra_size: u32, +} + +impl SubmitFinalityProofInfo { + /// Returns `true` if call size/weight is below our estimations for regular calls. + pub fn fits_limits(&self) -> bool { + self.extra_weight.is_zero() && self.extra_size.is_zero() + } +} + +/// Helper struct that provides methods for working with the `SubmitFinalityProof` call. +pub struct SubmitFinalityProofHelper, I: 'static> { + _phantom_data: sp_std::marker::PhantomData<(T, I)>, +} + +impl, I: 'static> SubmitFinalityProofHelper { + /// Check that the GRANDPA head provided by the `SubmitFinalityProof` is better than the best + /// one we know. + pub fn check_obsolete( + finality_target: BlockNumberOf, + ) -> Result<(), Error> { + let best_finalized = crate::BestFinalized::::get().ok_or_else(|| { + log::trace!( + target: crate::LOG_TARGET, + "Cannot finalize header {:?} because pallet is not yet initialized", + finality_target, + ); + >::NotInitialized + })?; + + if best_finalized.number() >= finality_target { + log::trace!( + target: crate::LOG_TARGET, + "Cannot finalize obsolete header: bundled {:?}, best {:?}", + finality_target, + best_finalized, + ); + + return Err(Error::::OldHeader) + } + + Ok(()) + } + + /// Check if the `SubmitFinalityProof` was successfully executed. + pub fn was_successful(finality_target: BlockNumberOf) -> bool { + match crate::BestFinalized::::get() { + Some(best_finalized) => best_finalized.number() == finality_target, + None => false, + } + } +} + +/// Trait representing a call that is a sub type of this pallet's call. +pub trait CallSubType, I: 'static>: + IsSubType, T>> +{ + /// Extract finality proof info from a runtime call. + fn submit_finality_proof_info( + &self, + ) -> Option>> { + if let Some(crate::Call::::submit_finality_proof { finality_target, justification }) = + self.is_sub_type() + { + return Some(submit_finality_proof_info_from_args::( + finality_target, + justification, + )) + } + + None + } + + /// Validate Grandpa headers in order to avoid "mining" transactions that provide outdated + /// bridged chain headers. Without this validation, even honest relayers may lose their funds + /// if there are multiple relays running and submitting the same information. + fn check_obsolete_submit_finality_proof(&self) -> TransactionValidity + where + Self: Sized, + { + let finality_target = match self.submit_finality_proof_info() { + Some(finality_proof) => finality_proof, + _ => return Ok(ValidTransaction::default()), + }; + + match SubmitFinalityProofHelper::::check_obsolete(finality_target.block_number) { + Ok(_) => Ok(ValidTransaction::default()), + Err(Error::::OldHeader) => InvalidTransaction::Stale.into(), + Err(_) => InvalidTransaction::Call.into(), + } + } +} + +impl, I: 'static> CallSubType for T::RuntimeCall where + T::RuntimeCall: IsSubType, T>> +{ +} + +/// Extract finality proof info from the submitted header and justification. +pub(crate) fn submit_finality_proof_info_from_args, I: 'static>( + finality_target: &BridgedHeader, + justification: &GrandpaJustification>, +) -> SubmitFinalityProofInfo> { + let block_number = *finality_target.number(); + + // the `submit_finality_proof` call will reject justifications with invalid, duplicate, + // unknown and extra signatures. It'll also reject justifications with less than necessary + // signatures. So we do not care about extra weight because of additional signatures here. + let precommits_len = justification.commit.precommits.len().saturated_into(); + let required_precommits = precommits_len; + + // We do care about extra weight because of more-than-expected headers in the votes + // ancestries. But we have problems computing extra weight for additional headers (weight of + // additional header is too small, so that our benchmarks aren't detecting that). So if there + // are more than expected headers in votes ancestries, we will treat the whole call weight + // as an extra weight. + let votes_ancestries_len = justification.votes_ancestries.len().saturated_into(); + let extra_weight = + if votes_ancestries_len > T::BridgedChain::REASONABLE_HEADERS_IN_JUSTIFICATON_ANCESTRY { + T::WeightInfo::submit_finality_proof(precommits_len, votes_ancestries_len) + } else { + Weight::zero() + }; + + // we can estimate extra call size easily, without any additional significant overhead + let actual_call_size: u32 = finality_target + .encoded_size() + .saturating_add(justification.encoded_size()) + .saturated_into(); + let max_expected_call_size = max_expected_call_size::(required_precommits); + let extra_size = actual_call_size.saturating_sub(max_expected_call_size); + + SubmitFinalityProofInfo { block_number, extra_weight, extra_size } +} + +/// Returns maximal expected size of `submit_finality_proof` call arguments. +fn max_expected_call_size, I: 'static>(required_precommits: u32) -> u32 { + let max_expected_justification_size = + GrandpaJustification::max_reasonable_size::(required_precommits); + + // call arguments are header and justification + T::BridgedChain::MAX_HEADER_SIZE.saturating_add(max_expected_justification_size) +} + +#[cfg(test)] +mod tests { + use crate::{ + call_ext::CallSubType, + mock::{run_test, test_header, RuntimeCall, TestBridgedChain, TestNumber, TestRuntime}, + BestFinalized, Config, WeightInfo, + }; + use bp_header_chain::ChainWithGrandpa; + use bp_runtime::HeaderId; + use bp_test_utils::{ + make_default_justification, make_justification_for_header, JustificationGeneratorParams, + }; + use frame_support::weights::Weight; + use sp_runtime::{testing::DigestItem, traits::Header as _, SaturatedConversion}; + + fn validate_block_submit(num: TestNumber) -> bool { + let bridge_grandpa_call = crate::Call::::submit_finality_proof { + finality_target: Box::new(test_header(num)), + justification: make_default_justification(&test_header(num)), + }; + RuntimeCall::check_obsolete_submit_finality_proof(&RuntimeCall::Grandpa( + bridge_grandpa_call, + )) + .is_ok() + } + + fn sync_to_header_10() { + let header10_hash = sp_core::H256::default(); + BestFinalized::::put(HeaderId(10, header10_hash)); + } + + #[test] + fn extension_rejects_obsolete_header() { + run_test(|| { + // when current best finalized is #10 and we're trying to import header#5 => tx is + // rejected + sync_to_header_10(); + assert!(!validate_block_submit(5)); + }); + } + + #[test] + fn extension_rejects_same_header() { + run_test(|| { + // when current best finalized is #10 and we're trying to import header#10 => tx is + // rejected + sync_to_header_10(); + assert!(!validate_block_submit(10)); + }); + } + + #[test] + fn extension_accepts_new_header() { + run_test(|| { + // when current best finalized is #10 and we're trying to import header#15 => tx is + // accepted + sync_to_header_10(); + assert!(validate_block_submit(15)); + }); + } + + #[test] + fn extension_returns_correct_extra_size_if_call_arguments_are_too_large() { + // when call arguments are below our limit => no refund + let small_finality_target = test_header(1); + let justification_params = JustificationGeneratorParams { + header: small_finality_target.clone(), + ..Default::default() + }; + let small_justification = make_justification_for_header(justification_params); + let small_call = RuntimeCall::Grandpa(crate::Call::submit_finality_proof { + finality_target: Box::new(small_finality_target), + justification: small_justification, + }); + assert_eq!(small_call.submit_finality_proof_info().unwrap().extra_size, 0); + + // when call arguments are too large => partial refund + let mut large_finality_target = test_header(1); + large_finality_target + .digest_mut() + .push(DigestItem::Other(vec![42u8; 1024 * 1024])); + let justification_params = JustificationGeneratorParams { + header: large_finality_target.clone(), + ..Default::default() + }; + let large_justification = make_justification_for_header(justification_params); + let large_call = RuntimeCall::Grandpa(crate::Call::submit_finality_proof { + finality_target: Box::new(large_finality_target), + justification: large_justification, + }); + assert_ne!(large_call.submit_finality_proof_info().unwrap().extra_size, 0); + } + + #[test] + fn extension_returns_correct_extra_weight_if_there_are_too_many_headers_in_votes_ancestry() { + let finality_target = test_header(1); + let mut justification_params = JustificationGeneratorParams { + header: finality_target.clone(), + ancestors: TestBridgedChain::REASONABLE_HEADERS_IN_JUSTIFICATON_ANCESTRY, + ..Default::default() + }; + + // when there are `REASONABLE_HEADERS_IN_JUSTIFICATON_ANCESTRY` headers => no refund + let justification = make_justification_for_header(justification_params.clone()); + let call = RuntimeCall::Grandpa(crate::Call::submit_finality_proof { + finality_target: Box::new(finality_target.clone()), + justification, + }); + assert_eq!(call.submit_finality_proof_info().unwrap().extra_weight, Weight::zero()); + + // when there are `REASONABLE_HEADERS_IN_JUSTIFICATON_ANCESTRY + 1` headers => full refund + justification_params.ancestors += 1; + let justification = make_justification_for_header(justification_params); + let call_weight = ::WeightInfo::submit_finality_proof( + justification.commit.precommits.len().saturated_into(), + justification.votes_ancestries.len().saturated_into(), + ); + let call = RuntimeCall::Grandpa(crate::Call::submit_finality_proof { + finality_target: Box::new(finality_target), + justification, + }); + assert_eq!(call.submit_finality_proof_info().unwrap().extra_weight, call_weight); + } +} diff --git a/bridges/modules/grandpa/src/lib.rs b/bridges/modules/grandpa/src/lib.rs new file mode 100644 index 00000000000..329e4c21136 --- /dev/null +++ b/bridges/modules/grandpa/src/lib.rs @@ -0,0 +1,1427 @@ +// Copyright 2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Substrate GRANDPA Pallet +//! +//! This pallet is an on-chain GRANDPA light client for Substrate based chains. +//! +//! This pallet achieves this by trustlessly verifying GRANDPA finality proofs on-chain. Once +//! verified, finalized headers are stored in the pallet, thereby creating a sparse header chain. +//! This sparse header chain can be used as a source of truth for other higher-level applications. +//! +//! The pallet is responsible for tracking GRANDPA validator set hand-offs. We only import headers +//! with justifications signed by the current validator set we know of. The header is inspected for +//! a `ScheduledChanges` digest item, which is then used to update to next validator set. +//! +//! Since this pallet only tracks finalized headers it does not deal with forks. Forks can only +//! occur if the GRANDPA validator set on the bridged chain is either colluding or there is a severe +//! bug causing resulting in an equivocation. Such events are outside the scope of this pallet. +//! Shall the fork occur on the bridged chain governance intervention will be required to +//! re-initialize the bridge and track the right fork. + +#![cfg_attr(not(feature = "std"), no_std)] +// Runtime-generated enums +#![allow(clippy::large_enum_variant)] + +pub use storage_types::StoredAuthoritySet; + +use bp_header_chain::{ + justification::GrandpaJustification, ChainWithGrandpa, HeaderChain, InitializationData, + StoredHeaderData, StoredHeaderDataBuilder, +}; +use bp_runtime::{BlockNumberOf, HashOf, HasherOf, HeaderId, HeaderOf, OwnedBridgeModule}; +use finality_grandpa::voter_set::VoterSet; +use frame_support::{dispatch::PostDispatchInfo, ensure}; +use sp_consensus_grandpa::{ConsensusLog, GRANDPA_ENGINE_ID}; +use sp_runtime::{ + traits::{Header as HeaderT, Zero}, + SaturatedConversion, +}; +use sp_std::{boxed::Box, convert::TryInto}; + +mod call_ext; +#[cfg(test)] +mod mock; +mod storage_types; + +/// Module, containing weights for this pallet. +pub mod weights; + +#[cfg(feature = "runtime-benchmarks")] +pub mod benchmarking; + +// Re-export in crate namespace for `construct_runtime!` +pub use call_ext::*; +pub use pallet::*; +pub use weights::WeightInfo; + +/// The target that will be used when publishing logs related to this pallet. +pub const LOG_TARGET: &str = "runtime::bridge-grandpa"; + +/// Bridged chain from the pallet configuration. +pub type BridgedChain = >::BridgedChain; +/// Block number of the bridged chain. +pub type BridgedBlockNumber = BlockNumberOf<>::BridgedChain>; +/// Block hash of the bridged chain. +pub type BridgedBlockHash = HashOf<>::BridgedChain>; +/// Block id of the bridged chain. +pub type BridgedBlockId = HeaderId, BridgedBlockNumber>; +/// Hasher of the bridged chain. +pub type BridgedBlockHasher = HasherOf<>::BridgedChain>; +/// Header of the bridged chain. +pub type BridgedHeader = HeaderOf<>::BridgedChain>; +/// Header data of the bridged chain that is stored at this chain by this pallet. +pub type BridgedStoredHeaderData = + StoredHeaderData, BridgedBlockHash>; + +#[frame_support::pallet] +pub mod pallet { + use super::*; + use bp_runtime::BasicOperatingMode; + use frame_support::pallet_prelude::*; + use frame_system::pallet_prelude::*; + + #[pallet::config] + pub trait Config: frame_system::Config { + /// The overarching event type. + type RuntimeEvent: From> + + IsType<::RuntimeEvent>; + + /// The chain we are bridging to here. + type BridgedChain: ChainWithGrandpa; + + /// Maximal number of "free" mandatory header transactions per block. + /// + /// To be able to track the bridged chain, the pallet requires all headers that are + /// changing GRANDPA authorities set at the bridged chain (we call them mandatory). + /// So it is a common good deed to submit mandatory headers to the pallet. However, if the + /// bridged chain gets compromised, its validators may generate as many mandatory headers + /// as they want. And they may fill the whole block (at this chain) for free. This constants + /// limits number of calls that we may refund in a single block. All calls above this + /// limit are accepted, but are not refunded. + #[pallet::constant] + type MaxFreeMandatoryHeadersPerBlock: Get; + + /// Maximal number of finalized headers to keep in the storage. + /// + /// The setting is there to prevent growing the on-chain state indefinitely. Note + /// the setting does not relate to block numbers - we will simply keep as much items + /// in the storage, so it doesn't guarantee any fixed timeframe for finality headers. + /// + /// Incautious change of this constant may lead to orphan entries in the runtime storage. + #[pallet::constant] + type HeadersToKeep: Get; + + /// Weights gathered through benchmarking. + type WeightInfo: WeightInfo; + } + + #[pallet::pallet] + pub struct Pallet(PhantomData<(T, I)>); + + #[pallet::hooks] + impl, I: 'static> Hooks> for Pallet { + fn on_initialize(_n: BlockNumberFor) -> Weight { + FreeMandatoryHeadersRemaining::::put(T::MaxFreeMandatoryHeadersPerBlock::get()); + Weight::zero() + } + + fn on_finalize(_n: BlockNumberFor) { + FreeMandatoryHeadersRemaining::::kill(); + } + } + + impl, I: 'static> OwnedBridgeModule for Pallet { + const LOG_TARGET: &'static str = LOG_TARGET; + type OwnerStorage = PalletOwner; + type OperatingMode = BasicOperatingMode; + type OperatingModeStorage = PalletOperatingMode; + } + + #[pallet::call] + impl, I: 'static> Pallet { + /// Verify a target header is finalized according to the given finality proof. + /// + /// It will use the underlying storage pallet to fetch information about the current + /// authorities and best finalized header in order to verify that the header is finalized. + /// + /// If successful in verification, it will write the target header to the underlying storage + /// pallet. + /// + /// The call fails if: + /// + /// - the pallet is halted; + /// + /// - the pallet knows better header than the `finality_target`; + /// + /// - verification is not optimized or invalid; + /// + /// - header contains forced authorities set change or change with non-zero delay. + #[pallet::call_index(0)] + #[pallet::weight(::submit_finality_proof( + justification.commit.precommits.len().saturated_into(), + justification.votes_ancestries.len().saturated_into(), + ))] + pub fn submit_finality_proof( + _origin: OriginFor, + finality_target: Box>, + justification: GrandpaJustification>, + ) -> DispatchResultWithPostInfo { + Self::ensure_not_halted().map_err(Error::::BridgeModule)?; + + let (hash, number) = (finality_target.hash(), *finality_target.number()); + log::trace!( + target: LOG_TARGET, + "Going to try and finalize header {:?}", + finality_target + ); + + SubmitFinalityProofHelper::::check_obsolete(number)?; + + let authority_set = >::get(); + let unused_proof_size = authority_set.unused_proof_size(); + let set_id = authority_set.set_id; + verify_justification::(&justification, hash, number, authority_set.into())?; + + let is_authorities_change_enacted = + try_enact_authority_change::(&finality_target, set_id)?; + let may_refund_call_fee = is_authorities_change_enacted && + // if we have seen too many mandatory headers in this block, we don't want to refund + Self::free_mandatory_headers_remaining() > 0 && + // if arguments out of expected bounds, we don't want to refund + submit_finality_proof_info_from_args::(&finality_target, &justification) + .fits_limits(); + if may_refund_call_fee { + FreeMandatoryHeadersRemaining::::mutate(|count| { + *count = count.saturating_sub(1) + }); + } + insert_header::(*finality_target, hash); + log::info!( + target: LOG_TARGET, + "Successfully imported finalized header with hash {:?}!", + hash + ); + + // mandatory header is a header that changes authorities set. The pallet can't go + // further without importing this header. So every bridge MUST import mandatory headers. + // + // We don't want to charge extra costs for mandatory operations. So relayer is not + // paying fee for mandatory headers import transactions. + // + // If size/weight of the call is exceeds our estimated limits, the relayer still needs + // to pay for the transaction. + let pays_fee = if may_refund_call_fee { Pays::No } else { Pays::Yes }; + + // the proof size component of the call weight assumes that there are + // `MaxBridgedAuthorities` in the `CurrentAuthoritySet` (we use `MaxEncodedLen` + // estimation). But if their number is lower, then we may "refund" some `proof_size`, + // making proof smaller and leaving block space to other useful transactions + let pre_dispatch_weight = T::WeightInfo::submit_finality_proof( + justification.commit.precommits.len().saturated_into(), + justification.votes_ancestries.len().saturated_into(), + ); + let actual_weight = pre_dispatch_weight + .set_proof_size(pre_dispatch_weight.proof_size().saturating_sub(unused_proof_size)); + + Self::deposit_event(Event::UpdatedBestFinalizedHeader { number, hash }); + + Ok(PostDispatchInfo { actual_weight: Some(actual_weight), pays_fee }) + } + + /// Bootstrap the bridge pallet with an initial header and authority set from which to sync. + /// + /// The initial configuration provided does not need to be the genesis header of the bridged + /// chain, it can be any arbitrary header. You can also provide the next scheduled set + /// change if it is already know. + /// + /// This function is only allowed to be called from a trusted origin and writes to storage + /// with practically no checks in terms of the validity of the data. It is important that + /// you ensure that valid data is being passed in. + #[pallet::call_index(1)] + #[pallet::weight((T::DbWeight::get().reads_writes(2, 5), DispatchClass::Operational))] + pub fn initialize( + origin: OriginFor, + init_data: super::InitializationData>, + ) -> DispatchResultWithPostInfo { + Self::ensure_owner_or_root(origin)?; + + let init_allowed = !>::exists(); + ensure!(init_allowed, >::AlreadyInitialized); + initialize_bridge::(init_data.clone())?; + + log::info!( + target: LOG_TARGET, + "Pallet has been initialized with the following parameters: {:?}", + init_data + ); + + Ok(().into()) + } + + /// Change `PalletOwner`. + /// + /// May only be called either by root, or by `PalletOwner`. + #[pallet::call_index(2)] + #[pallet::weight((T::DbWeight::get().reads_writes(1, 1), DispatchClass::Operational))] + pub fn set_owner(origin: OriginFor, new_owner: Option) -> DispatchResult { + >::set_owner(origin, new_owner) + } + + /// Halt or resume all pallet operations. + /// + /// May only be called either by root, or by `PalletOwner`. + #[pallet::call_index(3)] + #[pallet::weight((T::DbWeight::get().reads_writes(1, 1), DispatchClass::Operational))] + pub fn set_operating_mode( + origin: OriginFor, + operating_mode: BasicOperatingMode, + ) -> DispatchResult { + >::set_operating_mode(origin, operating_mode) + } + } + + /// Number mandatory headers that we may accept in the current block for free (returning + /// `Pays::No`). + /// + /// If the `FreeMandatoryHeadersRemaining` hits zero, all following mandatory headers in the + /// current block are accepted with fee (`Pays::Yes` is returned). + /// + /// The `FreeMandatoryHeadersRemaining` is an ephemeral value that is set to + /// `MaxFreeMandatoryHeadersPerBlock` at each block initialization and is killed on block + /// finalization. So it never ends up in the storage trie. + #[pallet::storage] + #[pallet::whitelist_storage] + #[pallet::getter(fn free_mandatory_headers_remaining)] + pub(super) type FreeMandatoryHeadersRemaining, I: 'static = ()> = + StorageValue<_, u32, ValueQuery>; + + /// Hash of the header used to bootstrap the pallet. + #[pallet::storage] + pub(super) type InitialHash, I: 'static = ()> = + StorageValue<_, BridgedBlockHash, ValueQuery>; + + /// Hash of the best finalized header. + #[pallet::storage] + #[pallet::getter(fn best_finalized)] + pub type BestFinalized, I: 'static = ()> = + StorageValue<_, BridgedBlockId, OptionQuery>; + + /// A ring buffer of imported hashes. Ordered by the insertion time. + #[pallet::storage] + pub(super) type ImportedHashes, I: 'static = ()> = StorageMap< + Hasher = Identity, + Key = u32, + Value = BridgedBlockHash, + QueryKind = OptionQuery, + OnEmpty = GetDefault, + MaxValues = MaybeHeadersToKeep, + >; + + /// Current ring buffer position. + #[pallet::storage] + pub(super) type ImportedHashesPointer, I: 'static = ()> = + StorageValue<_, u32, ValueQuery>; + + /// Relevant fields of imported headers. + #[pallet::storage] + pub type ImportedHeaders, I: 'static = ()> = StorageMap< + Hasher = Identity, + Key = BridgedBlockHash, + Value = BridgedStoredHeaderData, + QueryKind = OptionQuery, + OnEmpty = GetDefault, + MaxValues = MaybeHeadersToKeep, + >; + + /// The current GRANDPA Authority set. + #[pallet::storage] + pub type CurrentAuthoritySet, I: 'static = ()> = + StorageValue<_, StoredAuthoritySet, ValueQuery>; + + /// Optional pallet owner. + /// + /// Pallet owner has a right to halt all pallet operations and then resume it. If it is + /// `None`, then there are no direct ways to halt/resume pallet operations, but other + /// runtime methods may still be used to do that (i.e. democracy::referendum to update halt + /// flag directly or call the `halt_operations`). + #[pallet::storage] + pub type PalletOwner, I: 'static = ()> = + StorageValue<_, T::AccountId, OptionQuery>; + + /// The current operating mode of the pallet. + /// + /// Depending on the mode either all, or no transactions will be allowed. + #[pallet::storage] + pub type PalletOperatingMode, I: 'static = ()> = + StorageValue<_, BasicOperatingMode, ValueQuery>; + + #[pallet::genesis_config] + pub struct GenesisConfig, I: 'static = ()> { + /// Optional module owner account. + pub owner: Option, + /// Optional module initialization data. + pub init_data: Option>>, + } + + #[cfg(feature = "std")] + impl, I: 'static> Default for GenesisConfig { + fn default() -> Self { + Self { owner: None, init_data: None } + } + } + + #[pallet::genesis_build] + impl, I: 'static> GenesisBuild for GenesisConfig { + fn build(&self) { + if let Some(ref owner) = self.owner { + >::put(owner); + } + + if let Some(init_data) = self.init_data.clone() { + initialize_bridge::(init_data).expect("genesis config is correct; qed"); + } else { + // Since the bridge hasn't been initialized we shouldn't allow anyone to perform + // transactions. + >::put(BasicOperatingMode::Halted); + } + } + } + + #[pallet::event] + #[pallet::generate_deposit(pub(super) fn deposit_event)] + pub enum Event, I: 'static = ()> { + /// Best finalized chain header has been updated to the header with given number and hash. + UpdatedBestFinalizedHeader { + number: BridgedBlockNumber, + hash: BridgedBlockHash, + }, + } + + #[pallet::error] + pub enum Error { + /// The given justification is invalid for the given header. + InvalidJustification, + /// The authority set from the underlying header chain is invalid. + InvalidAuthoritySet, + /// The header being imported is older than the best finalized header known to the pallet. + OldHeader, + /// The scheduled authority set change found in the header is unsupported by the pallet. + /// + /// This is the case for non-standard (e.g forced) authority set changes. + UnsupportedScheduledChange, + /// The pallet is not yet initialized. + NotInitialized, + /// The pallet has already been initialized. + AlreadyInitialized, + /// Too many authorities in the set. + TooManyAuthoritiesInSet, + /// Error generated by the `OwnedBridgeModule` trait. + BridgeModule(bp_runtime::OwnedBridgeModuleError), + } + + /// Check the given header for a GRANDPA scheduled authority set change. If a change + /// is found it will be enacted immediately. + /// + /// This function does not support forced changes, or scheduled changes with delays + /// since these types of changes are indicative of abnormal behavior from GRANDPA. + /// + /// Returned value will indicate if a change was enacted or not. + pub(crate) fn try_enact_authority_change, I: 'static>( + header: &BridgedHeader, + current_set_id: sp_consensus_grandpa::SetId, + ) -> Result { + let mut change_enacted = false; + + // We don't support forced changes - at that point governance intervention is required. + ensure!( + super::find_forced_change(header).is_none(), + >::UnsupportedScheduledChange + ); + + if let Some(change) = super::find_scheduled_change(header) { + // GRANDPA only includes a `delay` for forced changes, so this isn't valid. + ensure!(change.delay == Zero::zero(), >::UnsupportedScheduledChange); + + // TODO [#788]: Stop manually increasing the `set_id` here. + let next_authorities = StoredAuthoritySet:: { + authorities: change + .next_authorities + .try_into() + .map_err(|_| Error::::TooManyAuthoritiesInSet)?, + set_id: current_set_id + 1, + }; + + // Since our header schedules a change and we know the delay is 0, it must also enact + // the change. + >::put(&next_authorities); + change_enacted = true; + + log::info!( + target: LOG_TARGET, + "Transitioned from authority set {} to {}! New authorities are: {:?}", + current_set_id, + current_set_id + 1, + next_authorities, + ); + }; + + Ok(change_enacted) + } + + /// Verify a GRANDPA justification (finality proof) for a given header. + /// + /// Will use the GRANDPA current authorities known to the pallet. + /// + /// If successful it returns the decoded GRANDPA justification so we can refund any weight which + /// was overcharged in the initial call. + pub(crate) fn verify_justification, I: 'static>( + justification: &GrandpaJustification>, + hash: BridgedBlockHash, + number: BridgedBlockNumber, + authority_set: bp_header_chain::AuthoritySet, + ) -> Result<(), sp_runtime::DispatchError> { + use bp_header_chain::justification::verify_justification; + + let voter_set = + VoterSet::new(authority_set.authorities).ok_or(>::InvalidAuthoritySet)?; + let set_id = authority_set.set_id; + + Ok(verify_justification::>( + (hash, number), + set_id, + &voter_set, + justification, + ) + .map_err(|e| { + log::error!( + target: LOG_TARGET, + "Received invalid justification for {:?}: {:?}", + hash, + e, + ); + >::InvalidJustification + })?) + } + + /// Import a previously verified header to the storage. + /// + /// Note this function solely takes care of updating the storage and pruning old entries, + /// but does not verify the validity of such import. + pub(crate) fn insert_header, I: 'static>( + header: BridgedHeader, + hash: BridgedBlockHash, + ) { + let index = >::get(); + let pruning = >::try_get(index); + >::put(HeaderId(*header.number(), hash)); + >::insert(hash, header.build()); + >::insert(index, hash); + + // Update ring buffer pointer and remove old header. + >::put((index + 1) % T::HeadersToKeep::get()); + if let Ok(hash) = pruning { + log::debug!(target: LOG_TARGET, "Pruning old header: {:?}.", hash); + >::remove(hash); + } + } + + /// Since this writes to storage with no real checks this should only be used in functions that + /// were called by a trusted origin. + pub(crate) fn initialize_bridge, I: 'static>( + init_params: super::InitializationData>, + ) -> Result<(), Error> { + let super::InitializationData { header, authority_list, set_id, operating_mode } = + init_params; + let authority_set_length = authority_list.len(); + let authority_set = StoredAuthoritySet::::try_new(authority_list, set_id) + .map_err(|e| { + log::error!( + target: LOG_TARGET, + "Failed to initialize bridge. Number of authorities in the set {} is larger than the configured value {}", + authority_set_length, + T::BridgedChain::MAX_AUTHORITIES_COUNT, + ); + + e + })?; + let initial_hash = header.hash(); + + >::put(initial_hash); + >::put(0); + insert_header::(*header, initial_hash); + + >::put(authority_set); + + >::put(operating_mode); + + Ok(()) + } + + /// Adapter for using `Config::HeadersToKeep` as `MaxValues` bound in our storage maps. + pub struct MaybeHeadersToKeep(PhantomData<(T, I)>); + + // this implementation is required to use the struct as `MaxValues` + impl, I: 'static> Get> for MaybeHeadersToKeep { + fn get() -> Option { + Some(T::HeadersToKeep::get()) + } + } + + /// Initialize pallet so that it is ready for inserting new header. + /// + /// The function makes sure that the new insertion will cause the pruning of some old header. + /// + /// Returns parent header for the new header. + #[cfg(feature = "runtime-benchmarks")] + pub(crate) fn bootstrap_bridge, I: 'static>( + init_params: super::InitializationData>, + ) -> BridgedHeader { + let start_header = init_params.header.clone(); + initialize_bridge::(init_params).expect("benchmarks are correct"); + + // the most obvious way to cause pruning during next insertion would be to insert + // `HeadersToKeep` headers. But it'll make our benchmarks slow. So we will just play with + // our pruning ring-buffer. + assert_eq!(ImportedHashesPointer::::get(), 1); + ImportedHashesPointer::::put(0); + + *start_header + } +} + +impl, I: 'static> Pallet { + /// Get the best finalized block number. + pub fn best_finalized_number() -> Option> { + BestFinalized::::get().map(|id| id.number()) + } +} + +/// Bridge GRANDPA pallet as header chain. +pub type GrandpaChainHeaders = Pallet; + +impl, I: 'static> HeaderChain> for GrandpaChainHeaders { + fn finalized_header_state_root( + header_hash: HashOf>, + ) -> Option>> { + ImportedHeaders::::get(header_hash).map(|h| h.state_root) + } +} + +pub(crate) fn find_scheduled_change( + header: &H, +) -> Option> { + use sp_runtime::generic::OpaqueDigestItemId; + + let id = OpaqueDigestItemId::Consensus(&GRANDPA_ENGINE_ID); + + let filter_log = |log: ConsensusLog| match log { + ConsensusLog::ScheduledChange(change) => Some(change), + _ => None, + }; + + // find the first consensus digest with the right ID which converts to + // the right kind of consensus log. + header.digest().convert_first(|l| l.try_to(id).and_then(filter_log)) +} + +/// Checks the given header for a consensus digest signaling a **forced** scheduled change and +/// extracts it. +pub(crate) fn find_forced_change( + header: &H, +) -> Option<(H::Number, sp_consensus_grandpa::ScheduledChange)> { + use sp_runtime::generic::OpaqueDigestItemId; + + let id = OpaqueDigestItemId::Consensus(&GRANDPA_ENGINE_ID); + + let filter_log = |log: ConsensusLog| match log { + ConsensusLog::ForcedChange(delay, change) => Some((delay, change)), + _ => None, + }; + + // find the first consensus digest with the right ID which converts to + // the right kind of consensus log. + header.digest().convert_first(|l| l.try_to(id).and_then(filter_log)) +} + +/// (Re)initialize bridge with given header for using it in `pallet-bridge-messages` benchmarks. +#[cfg(feature = "runtime-benchmarks")] +pub fn initialize_for_benchmarks, I: 'static>(header: BridgedHeader) { + initialize_bridge::(InitializationData { + header: Box::new(header), + authority_list: sp_std::vec::Vec::new(), /* we don't verify any proofs in external + * benchmarks */ + set_id: 0, + operating_mode: bp_runtime::BasicOperatingMode::Normal, + }) + .expect("only used from benchmarks; benchmarks are correct; qed"); +} + +#[cfg(test)] +mod tests { + use super::*; + use crate::mock::{ + run_test, test_header, RuntimeEvent as TestEvent, RuntimeOrigin, System, TestBridgedChain, + TestHeader, TestNumber, TestRuntime, MAX_BRIDGED_AUTHORITIES, + }; + use bp_header_chain::BridgeGrandpaCall; + use bp_runtime::BasicOperatingMode; + use bp_test_utils::{ + authority_list, generate_owned_bridge_module_tests, make_default_justification, + make_justification_for_header, JustificationGeneratorParams, ALICE, BOB, + }; + use codec::Encode; + use frame_support::{ + assert_err, assert_noop, assert_ok, + dispatch::{Pays, PostDispatchInfo}, + storage::generator::StorageValue, + }; + use frame_system::{EventRecord, Phase}; + use sp_core::Get; + use sp_runtime::{Digest, DigestItem, DispatchError}; + + fn initialize_substrate_bridge() { + System::set_block_number(1); + System::reset_events(); + + assert_ok!(init_with_origin(RuntimeOrigin::root())); + } + + fn init_with_origin( + origin: RuntimeOrigin, + ) -> Result< + InitializationData, + sp_runtime::DispatchErrorWithPostInfo, + > { + let genesis = test_header(0); + + let init_data = InitializationData { + header: Box::new(genesis), + authority_list: authority_list(), + set_id: 1, + operating_mode: BasicOperatingMode::Normal, + }; + + Pallet::::initialize(origin, init_data.clone()).map(|_| init_data) + } + + fn submit_finality_proof(header: u8) -> frame_support::dispatch::DispatchResultWithPostInfo { + let header = test_header(header.into()); + let justification = make_default_justification(&header); + + Pallet::::submit_finality_proof( + RuntimeOrigin::signed(1), + Box::new(header), + justification, + ) + } + + fn submit_finality_proof_with_set_id( + header: u8, + set_id: u64, + ) -> frame_support::dispatch::DispatchResultWithPostInfo { + let header = test_header(header.into()); + let justification = make_justification_for_header(JustificationGeneratorParams { + header: header.clone(), + set_id, + ..Default::default() + }); + + Pallet::::submit_finality_proof( + RuntimeOrigin::signed(1), + Box::new(header), + justification, + ) + } + + fn submit_mandatory_finality_proof( + number: u8, + set_id: u64, + ) -> frame_support::dispatch::DispatchResultWithPostInfo { + let mut header = test_header(number.into()); + // to ease tests that are using `submit_mandatory_finality_proof`, we'll be using the + // same set for all sessions + let consensus_log = + ConsensusLog::::ScheduledChange(sp_consensus_grandpa::ScheduledChange { + next_authorities: authority_list(), + delay: 0, + }); + header.digest = + Digest { logs: vec![DigestItem::Consensus(GRANDPA_ENGINE_ID, consensus_log.encode())] }; + let justification = make_justification_for_header(JustificationGeneratorParams { + header: header.clone(), + set_id, + ..Default::default() + }); + + Pallet::::submit_finality_proof( + RuntimeOrigin::signed(1), + Box::new(header), + justification, + ) + } + + fn next_block() { + use frame_support::traits::OnInitialize; + + let current_number = frame_system::Pallet::::block_number(); + frame_system::Pallet::::set_block_number(current_number + 1); + let _ = Pallet::::on_initialize(current_number); + } + + fn change_log(delay: u64) -> Digest { + let consensus_log = + ConsensusLog::::ScheduledChange(sp_consensus_grandpa::ScheduledChange { + next_authorities: vec![(ALICE.into(), 1), (BOB.into(), 1)], + delay, + }); + + Digest { logs: vec![DigestItem::Consensus(GRANDPA_ENGINE_ID, consensus_log.encode())] } + } + + fn forced_change_log(delay: u64) -> Digest { + let consensus_log = ConsensusLog::::ForcedChange( + delay, + sp_consensus_grandpa::ScheduledChange { + next_authorities: vec![(ALICE.into(), 1), (BOB.into(), 1)], + delay, + }, + ); + + Digest { logs: vec![DigestItem::Consensus(GRANDPA_ENGINE_ID, consensus_log.encode())] } + } + + fn many_authorities_log() -> Digest { + let consensus_log = + ConsensusLog::::ScheduledChange(sp_consensus_grandpa::ScheduledChange { + next_authorities: std::iter::repeat((ALICE.into(), 1)) + .take(MAX_BRIDGED_AUTHORITIES as usize + 1) + .collect(), + delay: 0, + }); + + Digest { logs: vec![DigestItem::Consensus(GRANDPA_ENGINE_ID, consensus_log.encode())] } + } + + #[test] + fn init_root_or_owner_origin_can_initialize_pallet() { + run_test(|| { + assert_noop!(init_with_origin(RuntimeOrigin::signed(1)), DispatchError::BadOrigin); + assert_ok!(init_with_origin(RuntimeOrigin::root())); + + // Reset storage so we can initialize the pallet again + BestFinalized::::kill(); + PalletOwner::::put(2); + assert_ok!(init_with_origin(RuntimeOrigin::signed(2))); + }) + } + + #[test] + fn init_storage_entries_are_correctly_initialized() { + run_test(|| { + assert_eq!(BestFinalized::::get(), None,); + assert_eq!(Pallet::::best_finalized(), None); + assert_eq!(PalletOperatingMode::::try_get(), Err(())); + + let init_data = init_with_origin(RuntimeOrigin::root()).unwrap(); + + assert!(>::contains_key(init_data.header.hash())); + assert_eq!(BestFinalized::::get().unwrap().1, init_data.header.hash()); + assert_eq!( + CurrentAuthoritySet::::get().authorities, + init_data.authority_list + ); + assert_eq!( + PalletOperatingMode::::try_get(), + Ok(BasicOperatingMode::Normal) + ); + }) + } + + #[test] + fn init_can_only_initialize_pallet_once() { + run_test(|| { + initialize_substrate_bridge(); + assert_noop!( + init_with_origin(RuntimeOrigin::root()), + >::AlreadyInitialized + ); + }) + } + + #[test] + fn init_fails_if_there_are_too_many_authorities_in_the_set() { + run_test(|| { + let genesis = test_header(0); + let init_data = InitializationData { + header: Box::new(genesis), + authority_list: std::iter::repeat(authority_list().remove(0)) + .take(MAX_BRIDGED_AUTHORITIES as usize + 1) + .collect(), + set_id: 1, + operating_mode: BasicOperatingMode::Normal, + }; + + assert_noop!( + Pallet::::initialize(RuntimeOrigin::root(), init_data), + Error::::TooManyAuthoritiesInSet, + ); + }); + } + + #[test] + fn pallet_rejects_transactions_if_halted() { + run_test(|| { + initialize_substrate_bridge(); + + assert_ok!(Pallet::::set_operating_mode( + RuntimeOrigin::root(), + BasicOperatingMode::Halted + )); + assert_noop!( + submit_finality_proof(1), + Error::::BridgeModule(bp_runtime::OwnedBridgeModuleError::Halted) + ); + + assert_ok!(Pallet::::set_operating_mode( + RuntimeOrigin::root(), + BasicOperatingMode::Normal + )); + assert_ok!(submit_finality_proof(1)); + }) + } + + #[test] + fn pallet_rejects_header_if_not_initialized_yet() { + run_test(|| { + assert_noop!(submit_finality_proof(1), Error::::NotInitialized); + }); + } + + #[test] + fn succesfully_imports_header_with_valid_finality() { + run_test(|| { + initialize_substrate_bridge(); + + let header_number = 1; + let header = test_header(header_number.into()); + let justification = make_default_justification(&header); + + let pre_dispatch_weight = ::WeightInfo::submit_finality_proof( + justification.commit.precommits.len().try_into().unwrap_or(u32::MAX), + justification.votes_ancestries.len().try_into().unwrap_or(u32::MAX), + ); + + let result = submit_finality_proof(header_number); + assert_ok!(result); + assert_eq!(result.unwrap().pays_fee, frame_support::dispatch::Pays::Yes); + // our test config assumes 2048 max authorities and we are just using couple + let pre_dispatch_proof_size = pre_dispatch_weight.proof_size(); + let actual_proof_size = result.unwrap().actual_weight.unwrap().proof_size(); + assert!(actual_proof_size > 0); + assert!( + actual_proof_size < pre_dispatch_proof_size, + "Actual proof size {actual_proof_size} must be less than the pre-dispatch {pre_dispatch_proof_size}", + ); + + let header = test_header(1); + assert_eq!(>::get().unwrap().1, header.hash()); + assert!(>::contains_key(header.hash())); + + assert_eq!( + System::events(), + vec![EventRecord { + phase: Phase::Initialization, + event: TestEvent::Grandpa(Event::UpdatedBestFinalizedHeader { + number: *header.number(), + hash: header.hash(), + }), + topics: vec![], + }], + ); + }) + } + + #[test] + fn rejects_justification_that_skips_authority_set_transition() { + run_test(|| { + initialize_substrate_bridge(); + + let header = test_header(1); + + let params = + JustificationGeneratorParams:: { set_id: 2, ..Default::default() }; + let justification = make_justification_for_header(params); + + assert_err!( + Pallet::::submit_finality_proof( + RuntimeOrigin::signed(1), + Box::new(header), + justification, + ), + >::InvalidJustification + ); + }) + } + + #[test] + fn does_not_import_header_with_invalid_finality_proof() { + run_test(|| { + initialize_substrate_bridge(); + + let header = test_header(1); + let mut justification = make_default_justification(&header); + justification.round = 42; + + assert_err!( + Pallet::::submit_finality_proof( + RuntimeOrigin::signed(1), + Box::new(header), + justification, + ), + >::InvalidJustification + ); + }) + } + + #[test] + fn disallows_invalid_authority_set() { + run_test(|| { + let genesis = test_header(0); + + let invalid_authority_list = vec![(ALICE.into(), u64::MAX), (BOB.into(), u64::MAX)]; + let init_data = InitializationData { + header: Box::new(genesis), + authority_list: invalid_authority_list, + set_id: 1, + operating_mode: BasicOperatingMode::Normal, + }; + + assert_ok!(Pallet::::initialize(RuntimeOrigin::root(), init_data)); + + let header = test_header(1); + let justification = make_default_justification(&header); + + assert_err!( + Pallet::::submit_finality_proof( + RuntimeOrigin::signed(1), + Box::new(header), + justification, + ), + >::InvalidAuthoritySet + ); + }) + } + + #[test] + fn importing_header_ensures_that_chain_is_extended() { + run_test(|| { + initialize_substrate_bridge(); + + assert_ok!(submit_finality_proof(4)); + assert_err!(submit_finality_proof(3), Error::::OldHeader); + assert_ok!(submit_finality_proof(5)); + }) + } + + #[test] + fn importing_header_enacts_new_authority_set() { + run_test(|| { + initialize_substrate_bridge(); + + let next_set_id = 2; + let next_authorities = vec![(ALICE.into(), 1), (BOB.into(), 1)]; + + // Need to update the header digest to indicate that our header signals an authority set + // change. The change will be enacted when we import our header. + let mut header = test_header(2); + header.digest = change_log(0); + + // Create a valid justification for the header + let justification = make_default_justification(&header); + + // Let's import our test header + let result = Pallet::::submit_finality_proof( + RuntimeOrigin::signed(1), + Box::new(header.clone()), + justification, + ); + assert_ok!(result); + assert_eq!(result.unwrap().pays_fee, frame_support::dispatch::Pays::No); + + // Make sure that our header is the best finalized + assert_eq!(>::get().unwrap().1, header.hash()); + assert!(>::contains_key(header.hash())); + + // Make sure that the authority set actually changed upon importing our header + assert_eq!( + >::get(), + StoredAuthoritySet::::try_new(next_authorities, next_set_id) + .unwrap(), + ); + }) + } + + #[test] + fn relayer_pays_tx_fee_when_submitting_huge_mandatory_header() { + run_test(|| { + initialize_substrate_bridge(); + + // let's prepare a huge authorities change header, which is definitely above size limits + let mut header = test_header(2); + header.digest = change_log(0); + header.digest.push(DigestItem::Other(vec![42u8; 1024 * 1024])); + let justification = make_default_justification(&header); + + // without large digest item ^^^ the relayer would have paid zero transaction fee + // (`Pays::No`) + let result = Pallet::::submit_finality_proof( + RuntimeOrigin::signed(1), + Box::new(header.clone()), + justification, + ); + assert_ok!(result); + assert_eq!(result.unwrap().pays_fee, frame_support::dispatch::Pays::Yes); + + // Make sure that our header is the best finalized + assert_eq!(>::get().unwrap().1, header.hash()); + assert!(>::contains_key(header.hash())); + }) + } + + #[test] + fn relayer_pays_tx_fee_when_submitting_justification_with_long_ancestry_votes() { + run_test(|| { + initialize_substrate_bridge(); + + // let's prepare a huge authorities change header, which is definitely above weight + // limits + let mut header = test_header(2); + header.digest = change_log(0); + let justification = make_justification_for_header(JustificationGeneratorParams { + header: header.clone(), + ancestors: TestBridgedChain::REASONABLE_HEADERS_IN_JUSTIFICATON_ANCESTRY + 1, + ..Default::default() + }); + + // without many headers in votes ancestries ^^^ the relayer would have paid zero + // transaction fee (`Pays::No`) + let result = Pallet::::submit_finality_proof( + RuntimeOrigin::signed(1), + Box::new(header.clone()), + justification, + ); + assert_ok!(result); + assert_eq!(result.unwrap().pays_fee, frame_support::dispatch::Pays::Yes); + + // Make sure that our header is the best finalized + assert_eq!(>::get().unwrap().1, header.hash()); + assert!(>::contains_key(header.hash())); + }) + } + + #[test] + fn importing_header_rejects_header_with_scheduled_change_delay() { + run_test(|| { + initialize_substrate_bridge(); + + // Need to update the header digest to indicate that our header signals an authority set + // change. However, the change doesn't happen until the next block. + let mut header = test_header(2); + header.digest = change_log(1); + + // Create a valid justification for the header + let justification = make_default_justification(&header); + + // Should not be allowed to import this header + assert_err!( + Pallet::::submit_finality_proof( + RuntimeOrigin::signed(1), + Box::new(header), + justification + ), + >::UnsupportedScheduledChange + ); + }) + } + + #[test] + fn importing_header_rejects_header_with_forced_changes() { + run_test(|| { + initialize_substrate_bridge(); + + // Need to update the header digest to indicate that it signals a forced authority set + // change. + let mut header = test_header(2); + header.digest = forced_change_log(0); + + // Create a valid justification for the header + let justification = make_default_justification(&header); + + // Should not be allowed to import this header + assert_err!( + Pallet::::submit_finality_proof( + RuntimeOrigin::signed(1), + Box::new(header), + justification + ), + >::UnsupportedScheduledChange + ); + }) + } + + #[test] + fn importing_header_rejects_header_with_too_many_authorities() { + run_test(|| { + initialize_substrate_bridge(); + + // Need to update the header digest to indicate that our header signals an authority set + // change. However, the change doesn't happen until the next block. + let mut header = test_header(2); + header.digest = many_authorities_log(); + + // Create a valid justification for the header + let justification = make_default_justification(&header); + + // Should not be allowed to import this header + assert_err!( + Pallet::::submit_finality_proof( + RuntimeOrigin::signed(1), + Box::new(header), + justification + ), + >::TooManyAuthoritiesInSet + ); + }); + } + + #[test] + fn parse_finalized_storage_proof_rejects_proof_on_unknown_header() { + run_test(|| { + assert_noop!( + Pallet::::parse_finalized_storage_proof( + Default::default(), + vec![], + |_| (), + ), + bp_header_chain::HeaderChainError::UnknownHeader, + ); + }); + } + + #[test] + fn parse_finalized_storage_accepts_valid_proof() { + run_test(|| { + let (state_root, storage_proof) = bp_runtime::craft_valid_storage_proof(); + + let mut header = test_header(2); + header.set_state_root(state_root); + + let hash = header.hash(); + >::put(HeaderId(2, hash)); + >::insert(hash, header.build()); + + assert_ok!( + Pallet::::parse_finalized_storage_proof(hash, storage_proof, |_| (),), + (), + ); + }); + } + + #[test] + fn rate_limiter_disallows_free_imports_once_limit_is_hit_in_single_block() { + run_test(|| { + initialize_substrate_bridge(); + + let result = submit_mandatory_finality_proof(1, 1); + assert_eq!(result.expect("call failed").pays_fee, Pays::No); + + let result = submit_mandatory_finality_proof(2, 2); + assert_eq!(result.expect("call failed").pays_fee, Pays::No); + + let result = submit_mandatory_finality_proof(3, 3); + assert_eq!(result.expect("call failed").pays_fee, Pays::Yes); + }) + } + + #[test] + fn rate_limiter_invalid_requests_do_not_count_towards_request_count() { + run_test(|| { + let submit_invalid_request = || { + let mut header = test_header(1); + header.digest = change_log(0); + let mut invalid_justification = make_default_justification(&header); + invalid_justification.round = 42; + + Pallet::::submit_finality_proof( + RuntimeOrigin::signed(1), + Box::new(header), + invalid_justification, + ) + }; + + initialize_substrate_bridge(); + + for _ in 0..::MaxFreeMandatoryHeadersPerBlock::get() + 1 { + assert_err!(submit_invalid_request(), >::InvalidJustification); + } + + // Can still submit free mandatory headers afterwards + let result = submit_mandatory_finality_proof(1, 1); + assert_eq!(result.expect("call failed").pays_fee, Pays::No); + + let result = submit_mandatory_finality_proof(2, 2); + assert_eq!(result.expect("call failed").pays_fee, Pays::No); + + let result = submit_mandatory_finality_proof(3, 3); + assert_eq!(result.expect("call failed").pays_fee, Pays::Yes); + }) + } + + #[test] + fn rate_limiter_allows_request_after_new_block_has_started() { + run_test(|| { + initialize_substrate_bridge(); + + let result = submit_mandatory_finality_proof(1, 1); + assert_eq!(result.expect("call failed").pays_fee, Pays::No); + + let result = submit_mandatory_finality_proof(2, 2); + assert_eq!(result.expect("call failed").pays_fee, Pays::No); + + let result = submit_mandatory_finality_proof(3, 3); + assert_eq!(result.expect("call failed").pays_fee, Pays::Yes); + + next_block(); + + let result = submit_mandatory_finality_proof(4, 4); + assert_eq!(result.expect("call failed").pays_fee, Pays::No); + + let result = submit_mandatory_finality_proof(5, 5); + assert_eq!(result.expect("call failed").pays_fee, Pays::No); + + let result = submit_mandatory_finality_proof(6, 6); + assert_eq!(result.expect("call failed").pays_fee, Pays::Yes); + }) + } + + #[test] + fn rate_limiter_ignores_non_mandatory_headers() { + run_test(|| { + initialize_substrate_bridge(); + + let result = submit_finality_proof(1); + assert_eq!(result.expect("call failed").pays_fee, Pays::Yes); + + let result = submit_mandatory_finality_proof(2, 1); + assert_eq!(result.expect("call failed").pays_fee, Pays::No); + + let result = submit_finality_proof_with_set_id(3, 2); + assert_eq!(result.expect("call failed").pays_fee, Pays::Yes); + + let result = submit_mandatory_finality_proof(4, 2); + assert_eq!(result.expect("call failed").pays_fee, Pays::No); + + let result = submit_finality_proof_with_set_id(5, 3); + assert_eq!(result.expect("call failed").pays_fee, Pays::Yes); + + let result = submit_mandatory_finality_proof(6, 3); + assert_eq!(result.expect("call failed").pays_fee, Pays::Yes); + }) + } + + #[test] + fn should_prune_headers_over_headers_to_keep_parameter() { + run_test(|| { + initialize_substrate_bridge(); + assert_ok!(submit_finality_proof(1)); + let first_header_hash = Pallet::::best_finalized().unwrap().hash(); + next_block(); + + assert_ok!(submit_finality_proof(2)); + next_block(); + assert_ok!(submit_finality_proof(3)); + next_block(); + assert_ok!(submit_finality_proof(4)); + next_block(); + assert_ok!(submit_finality_proof(5)); + next_block(); + + assert_ok!(submit_finality_proof(6)); + + assert!( + !ImportedHeaders::::contains_key(first_header_hash), + "First header should be pruned.", + ); + }) + } + + #[test] + fn storage_keys_computed_properly() { + assert_eq!( + PalletOperatingMode::::storage_value_final_key().to_vec(), + bp_header_chain::storage_keys::pallet_operating_mode_key("Grandpa").0, + ); + + assert_eq!( + CurrentAuthoritySet::::storage_value_final_key().to_vec(), + bp_header_chain::storage_keys::current_authority_set_key("Grandpa").0, + ); + + assert_eq!( + BestFinalized::::storage_value_final_key().to_vec(), + bp_header_chain::storage_keys::best_finalized_key("Grandpa").0, + ); + } + + #[test] + fn test_bridge_grandpa_call_is_correctly_defined() { + let header = test_header(0); + let init_data = InitializationData { + header: Box::new(header.clone()), + authority_list: authority_list(), + set_id: 1, + operating_mode: BasicOperatingMode::Normal, + }; + let justification = make_default_justification(&header); + + let direct_initialize_call = + Call::::initialize { init_data: init_data.clone() }; + let indirect_initialize_call = BridgeGrandpaCall::::initialize { init_data }; + assert_eq!(direct_initialize_call.encode(), indirect_initialize_call.encode()); + + let direct_submit_finality_proof_call = Call::::submit_finality_proof { + finality_target: Box::new(header.clone()), + justification: justification.clone(), + }; + let indirect_submit_finality_proof_call = + BridgeGrandpaCall::::submit_finality_proof { + finality_target: Box::new(header), + justification, + }; + assert_eq!( + direct_submit_finality_proof_call.encode(), + indirect_submit_finality_proof_call.encode() + ); + } + + generate_owned_bridge_module_tests!(BasicOperatingMode::Normal, BasicOperatingMode::Halted); + + #[test] + fn maybe_headers_to_keep_returns_correct_value() { + assert_eq!(MaybeHeadersToKeep::::get(), Some(mock::HeadersToKeep::get())); + } +} diff --git a/bridges/modules/grandpa/src/mock.rs b/bridges/modules/grandpa/src/mock.rs new file mode 100644 index 00000000000..0ebbc0bccbb --- /dev/null +++ b/bridges/modules/grandpa/src/mock.rs @@ -0,0 +1,151 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +// From construct_runtime macro +#![allow(clippy::from_over_into)] + +use bp_header_chain::ChainWithGrandpa; +use bp_runtime::Chain; +use frame_support::{ + construct_runtime, parameter_types, + traits::{ConstU32, ConstU64, Hooks}, + weights::Weight, +}; +use sp_core::sr25519::Signature; +use sp_runtime::{ + testing::{Header, H256}, + traits::{BlakeTwo256, IdentityLookup}, + Perbill, +}; + +pub type AccountId = u64; +pub type TestHeader = crate::BridgedHeader; +pub type TestNumber = crate::BridgedBlockNumber; + +type Block = frame_system::mocking::MockBlock; +type UncheckedExtrinsic = frame_system::mocking::MockUncheckedExtrinsic; + +pub const MAX_BRIDGED_AUTHORITIES: u32 = 5; + +use crate as grandpa; + +construct_runtime! { + pub enum TestRuntime where + Block = Block, + NodeBlock = Block, + UncheckedExtrinsic = UncheckedExtrinsic, + { + System: frame_system::{Pallet, Call, Config, Storage, Event}, + Grandpa: grandpa::{Pallet, Call, Event}, + } +} + +parameter_types! { + pub const MaximumBlockWeight: Weight = Weight::from_parts(1024, 0); + pub const MaximumBlockLength: u32 = 2 * 1024; + pub const AvailableBlockRatio: Perbill = Perbill::one(); +} + +impl frame_system::Config for TestRuntime { + type RuntimeOrigin = RuntimeOrigin; + type Index = u64; + type RuntimeCall = RuntimeCall; + type BlockNumber = u64; + type Hash = H256; + type Hashing = BlakeTwo256; + type AccountId = AccountId; + type Lookup = IdentityLookup; + type Header = Header; + type RuntimeEvent = RuntimeEvent; + type BlockHashCount = ConstU64<250>; + type Version = (); + type PalletInfo = PalletInfo; + type AccountData = (); + type OnNewAccount = (); + type OnKilledAccount = (); + type BaseCallFilter = frame_support::traits::Everything; + type SystemWeightInfo = (); + type DbWeight = (); + type BlockWeights = (); + type BlockLength = (); + type SS58Prefix = (); + type OnSetCode = (); + type MaxConsumers = ConstU32<16>; +} + +parameter_types! { + pub const MaxFreeMandatoryHeadersPerBlock: u32 = 2; + pub const HeadersToKeep: u32 = 5; + pub const SessionLength: u64 = 5; + pub const NumValidators: u32 = 5; +} + +impl grandpa::Config for TestRuntime { + type RuntimeEvent = RuntimeEvent; + type BridgedChain = TestBridgedChain; + type MaxFreeMandatoryHeadersPerBlock = MaxFreeMandatoryHeadersPerBlock; + type HeadersToKeep = HeadersToKeep; + type WeightInfo = (); +} + +#[derive(Debug)] +pub struct TestBridgedChain; + +impl Chain for TestBridgedChain { + type BlockNumber = ::BlockNumber; + type Hash = ::Hash; + type Hasher = ::Hashing; + type Header = ::Header; + + type AccountId = AccountId; + type Balance = u64; + type Index = u64; + type Signature = Signature; + + fn max_extrinsic_size() -> u32 { + unreachable!() + } + fn max_extrinsic_weight() -> Weight { + unreachable!() + } +} + +impl ChainWithGrandpa for TestBridgedChain { + const WITH_CHAIN_GRANDPA_PALLET_NAME: &'static str = ""; + const MAX_AUTHORITIES_COUNT: u32 = MAX_BRIDGED_AUTHORITIES; + const REASONABLE_HEADERS_IN_JUSTIFICATON_ANCESTRY: u32 = 8; + const MAX_HEADER_SIZE: u32 = 256; + const AVERAGE_HEADER_SIZE_IN_JUSTIFICATION: u32 = 64; +} + +/// Return test externalities to use in tests. +pub fn new_test_ext() -> sp_io::TestExternalities { + sp_io::TestExternalities::new(Default::default()) +} + +/// Return test within default test externalities context. +pub fn run_test(test: impl FnOnce() -> T) -> T { + new_test_ext().execute_with(|| { + let _ = Grandpa::on_initialize(0); + test() + }) +} + +/// Return test header with given number. +pub fn test_header(num: TestNumber) -> TestHeader { + // We wrap the call to avoid explicit type annotations in our tests + bp_test_utils::test_header(num) +} diff --git a/bridges/modules/grandpa/src/storage_types.rs b/bridges/modules/grandpa/src/storage_types.rs new file mode 100644 index 00000000000..70448286335 --- /dev/null +++ b/bridges/modules/grandpa/src/storage_types.rs @@ -0,0 +1,136 @@ +// Copyright 2022 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Wrappers for public types that are implementing `MaxEncodedLen` + +use crate::{Config, Error}; + +use bp_header_chain::{AuthoritySet, ChainWithGrandpa}; +use codec::{Decode, Encode, MaxEncodedLen}; +use frame_support::{traits::Get, BoundedVec, RuntimeDebugNoBound}; +use scale_info::TypeInfo; +use sp_consensus_grandpa::{AuthorityId, AuthorityList, AuthorityWeight, SetId}; +use sp_std::marker::PhantomData; + +/// A bounded list of Grandpa authorities with associated weights. +pub type StoredAuthorityList = + BoundedVec<(AuthorityId, AuthorityWeight), MaxBridgedAuthorities>; + +/// Adapter for using `T::BridgedChain::MAX_BRIDGED_AUTHORITIES` in `BoundedVec`. +pub struct StoredAuthorityListLimit(PhantomData<(T, I)>); + +impl, I: 'static> Get for StoredAuthorityListLimit { + fn get() -> u32 { + T::BridgedChain::MAX_AUTHORITIES_COUNT + } +} + +/// A bounded GRANDPA Authority List and ID. +#[derive(Clone, Decode, Encode, Eq, TypeInfo, MaxEncodedLen, RuntimeDebugNoBound)] +#[scale_info(skip_type_params(T, I))] +pub struct StoredAuthoritySet, I: 'static> { + /// List of GRANDPA authorities for the current round. + pub authorities: StoredAuthorityList>, + /// Monotonic identifier of the current GRANDPA authority set. + pub set_id: SetId, +} + +impl, I: 'static> StoredAuthoritySet { + /// Try to create a new bounded GRANDPA Authority Set from unbounded list. + /// + /// Returns error if number of authorities in the provided list is too large. + pub fn try_new(authorities: AuthorityList, set_id: SetId) -> Result> { + Ok(Self { + authorities: TryFrom::try_from(authorities) + .map_err(|_| Error::TooManyAuthoritiesInSet)?, + set_id, + }) + } + + /// Returns number of bytes that may be subtracted from the PoV component of + /// `submit_finality_proof` call, because the actual authorities set is smaller than the maximal + /// configured. + /// + /// Maximal authorities set size is configured by the `MaxBridgedAuthorities` constant from + /// the pallet configuration. The PoV of the call includes the size of maximal authorities + /// count. If the actual size is smaller, we may subtract extra bytes from this component. + pub fn unused_proof_size(&self) -> u64 { + // we can only safely estimate bytes that are occupied by the authority data itself. We have + // no means here to compute PoV bytes, occupied by extra trie nodes or extra bytes in the + // whole set encoding + let single_authority_max_encoded_len = + <(AuthorityId, AuthorityWeight)>::max_encoded_len() as u64; + let extra_authorities = + T::BridgedChain::MAX_AUTHORITIES_COUNT.saturating_sub(self.authorities.len() as _); + single_authority_max_encoded_len.saturating_mul(extra_authorities as u64) + } +} + +impl, I: 'static> PartialEq for StoredAuthoritySet { + fn eq(&self, other: &Self) -> bool { + self.set_id == other.set_id && self.authorities == other.authorities + } +} + +impl, I: 'static> Default for StoredAuthoritySet { + fn default() -> Self { + StoredAuthoritySet { authorities: BoundedVec::default(), set_id: 0 } + } +} + +impl, I: 'static> From> for AuthoritySet { + fn from(t: StoredAuthoritySet) -> Self { + AuthoritySet { authorities: t.authorities.into(), set_id: t.set_id } + } +} + +#[cfg(test)] +mod tests { + use crate::mock::{TestRuntime, MAX_BRIDGED_AUTHORITIES}; + use bp_test_utils::authority_list; + + type StoredAuthoritySet = super::StoredAuthoritySet; + + #[test] + fn unused_proof_size_works() { + let authority_entry = authority_list().pop().unwrap(); + + // when we have exactly `MaxBridgedAuthorities` authorities + assert_eq!( + StoredAuthoritySet::try_new( + vec![authority_entry.clone(); MAX_BRIDGED_AUTHORITIES as usize], + 0, + ) + .unwrap() + .unused_proof_size(), + 0, + ); + + // when we have less than `MaxBridgedAuthorities` authorities + assert_eq!( + StoredAuthoritySet::try_new( + vec![authority_entry; MAX_BRIDGED_AUTHORITIES as usize - 1], + 0, + ) + .unwrap() + .unused_proof_size(), + 40, + ); + + // and we can't have more than `MaxBridgedAuthorities` authorities in the bounded vec, so + // no test for this case + } +} diff --git a/bridges/modules/grandpa/src/weights.rs b/bridges/modules/grandpa/src/weights.rs new file mode 100644 index 00000000000..4b94f7adfe7 --- /dev/null +++ b/bridges/modules/grandpa/src/weights.rs @@ -0,0 +1,167 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Autogenerated weights for pallet_bridge_grandpa +//! +//! THIS FILE WAS AUTO-GENERATED USING THE SUBSTRATE BENCHMARK CLI VERSION 4.0.0-dev +//! DATE: 2023-03-02, STEPS: `50`, REPEAT: `20`, LOW RANGE: `[]`, HIGH RANGE: `[]` +//! WORST CASE MAP SIZE: `1000000` +//! HOSTNAME: `covid`, CPU: `11th Gen Intel(R) Core(TM) i7-11800H @ 2.30GHz` +//! EXECUTION: Some(Wasm), WASM-EXECUTION: Compiled, CHAIN: Some("dev"), DB CACHE: 1024 + +// Executed Command: +// target/release/millau-bridge-node +// benchmark +// pallet +// --chain=dev +// --steps=50 +// --repeat=20 +// --pallet=pallet_bridge_grandpa +// --extrinsic=* +// --execution=wasm +// --wasm-execution=Compiled +// --heap-pages=4096 +// --output=./modules/grandpa/src/weights.rs +// --template=./.maintain/bridge-weight-template.hbs + +#![allow(clippy::all)] +#![allow(unused_parens)] +#![allow(unused_imports)] +#![allow(missing_docs)] + +use frame_support::{ + traits::Get, + weights::{constants::RocksDbWeight, Weight}, +}; +use sp_std::marker::PhantomData; + +/// Weight functions needed for pallet_bridge_grandpa. +pub trait WeightInfo { + fn submit_finality_proof(p: u32, v: u32) -> Weight; +} + +/// Weights for `pallet_bridge_grandpa` that are generated using one of the Bridge testnets. +/// +/// Those weights are test only and must never be used in production. +pub struct BridgeWeight(PhantomData); +impl WeightInfo for BridgeWeight { + /// Storage: BridgeRialtoGrandpa PalletOperatingMode (r:1 w:0) + /// + /// Proof: BridgeRialtoGrandpa PalletOperatingMode (max_values: Some(1), max_size: Some(1), + /// added: 496, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoGrandpa RequestCount (r:1 w:1) + /// + /// Proof: BridgeRialtoGrandpa RequestCount (max_values: Some(1), max_size: Some(4), added: 499, + /// mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoGrandpa BestFinalized (r:1 w:1) + /// + /// Proof: BridgeRialtoGrandpa BestFinalized (max_values: Some(1), max_size: Some(36), added: + /// 531, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoGrandpa CurrentAuthoritySet (r:1 w:0) + /// + /// Proof: BridgeRialtoGrandpa CurrentAuthoritySet (max_values: Some(1), max_size: Some(209), + /// added: 704, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoGrandpa ImportedHashesPointer (r:1 w:1) + /// + /// Proof: BridgeRialtoGrandpa ImportedHashesPointer (max_values: Some(1), max_size: Some(4), + /// added: 499, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoGrandpa ImportedHashes (r:1 w:1) + /// + /// Proof: BridgeRialtoGrandpa ImportedHashes (max_values: Some(14400), max_size: Some(36), + /// added: 2016, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoGrandpa ImportedHeaders (r:0 w:2) + /// + /// Proof: BridgeRialtoGrandpa ImportedHeaders (max_values: Some(14400), max_size: Some(68), + /// added: 2048, mode: MaxEncodedLen) + /// + /// The range of component `p` is `[1, 4]`. + /// + /// The range of component `v` is `[50, 100]`. + fn submit_finality_proof(p: u32, v: u32) -> Weight { + // Proof Size summary in bytes: + // Measured: `394 + p * (60 ±0)` + // Estimated: `4745` + // Minimum execution time: 228_072 nanoseconds. + Weight::from_parts(57_853_228, 4745) + // Standard Error: 149_421 + .saturating_add(Weight::from_parts(36_708_702, 0).saturating_mul(p.into())) + // Standard Error: 10_625 + .saturating_add(Weight::from_parts(1_469_032, 0).saturating_mul(v.into())) + .saturating_add(T::DbWeight::get().reads(6_u64)) + .saturating_add(T::DbWeight::get().writes(6_u64)) + } +} + +// For backwards compatibility and tests +impl WeightInfo for () { + /// Storage: BridgeRialtoGrandpa PalletOperatingMode (r:1 w:0) + /// + /// Proof: BridgeRialtoGrandpa PalletOperatingMode (max_values: Some(1), max_size: Some(1), + /// added: 496, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoGrandpa RequestCount (r:1 w:1) + /// + /// Proof: BridgeRialtoGrandpa RequestCount (max_values: Some(1), max_size: Some(4), added: 499, + /// mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoGrandpa BestFinalized (r:1 w:1) + /// + /// Proof: BridgeRialtoGrandpa BestFinalized (max_values: Some(1), max_size: Some(36), added: + /// 531, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoGrandpa CurrentAuthoritySet (r:1 w:0) + /// + /// Proof: BridgeRialtoGrandpa CurrentAuthoritySet (max_values: Some(1), max_size: Some(209), + /// added: 704, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoGrandpa ImportedHashesPointer (r:1 w:1) + /// + /// Proof: BridgeRialtoGrandpa ImportedHashesPointer (max_values: Some(1), max_size: Some(4), + /// added: 499, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoGrandpa ImportedHashes (r:1 w:1) + /// + /// Proof: BridgeRialtoGrandpa ImportedHashes (max_values: Some(14400), max_size: Some(36), + /// added: 2016, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoGrandpa ImportedHeaders (r:0 w:2) + /// + /// Proof: BridgeRialtoGrandpa ImportedHeaders (max_values: Some(14400), max_size: Some(68), + /// added: 2048, mode: MaxEncodedLen) + /// + /// The range of component `p` is `[1, 4]`. + /// + /// The range of component `v` is `[50, 100]`. + fn submit_finality_proof(p: u32, v: u32) -> Weight { + // Proof Size summary in bytes: + // Measured: `394 + p * (60 ±0)` + // Estimated: `4745` + // Minimum execution time: 228_072 nanoseconds. + Weight::from_parts(57_853_228, 4745) + // Standard Error: 149_421 + .saturating_add(Weight::from_parts(36_708_702, 0).saturating_mul(p.into())) + // Standard Error: 10_625 + .saturating_add(Weight::from_parts(1_469_032, 0).saturating_mul(v.into())) + .saturating_add(RocksDbWeight::get().reads(6_u64)) + .saturating_add(RocksDbWeight::get().writes(6_u64)) + } +} diff --git a/bridges/modules/messages/Cargo.toml b/bridges/modules/messages/Cargo.toml new file mode 100644 index 00000000000..639ac9dc23c --- /dev/null +++ b/bridges/modules/messages/Cargo.toml @@ -0,0 +1,56 @@ +[package] +name = "pallet-bridge-messages" +description = "Module that allows bridged chains to exchange messages using lane concept." +version = "0.1.0" +authors = ["Parity Technologies "] +edition = "2021" +license = "GPL-3.0-or-later WITH Classpath-exception-2.0" + +[dependencies] +codec = { package = "parity-scale-codec", version = "3.1.5", default-features = false } +log = { version = "0.4.17", default-features = false } +num-traits = { version = "0.2", default-features = false } +scale-info = { version = "2.6.0", default-features = false, features = ["derive"] } + +# Bridge dependencies + +bp-messages = { path = "../../primitives/messages", default-features = false } +bp-runtime = { path = "../../primitives/runtime", default-features = false } + +# Substrate Dependencies + +frame-benchmarking = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false, optional = true } +frame-support = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +frame-system = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-core = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-runtime = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-std = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } + +[dev-dependencies] +bp-test-utils = { path = "../../primitives/test-utils" } +pallet-balances = { git = "https://github.com/paritytech/substrate", branch = "master" } +sp-io = { git = "https://github.com/paritytech/substrate", branch = "master" } + +[features] +default = ["std"] +std = [ + "bp-messages/std", + "bp-runtime/std", + "codec/std", + "frame-support/std", + "frame-system/std", + "frame-benchmarking/std", + "log/std", + "num-traits/std", + "scale-info/std", + "sp-core/std", + "sp-runtime/std", + "sp-std/std", +] +runtime-benchmarks = [ + "frame-benchmarking/runtime-benchmarks", +] +try-runtime = [ + "frame-support/try-runtime", + "frame-system/try-runtime", +] diff --git a/bridges/modules/messages/README.md b/bridges/modules/messages/README.md new file mode 100644 index 00000000000..b717db6ad62 --- /dev/null +++ b/bridges/modules/messages/README.md @@ -0,0 +1,242 @@ +# Bridge Messages Pallet + +The messages pallet is used to deliver messages from source chain to target chain. Message is +(almost) opaque to the module and the final goal is to hand message to the message dispatch +mechanism. + +## Contents + +- [Overview](#overview) +- [Message Workflow](#message-workflow) +- [Integrating Message Lane Module into Runtime](#integrating-messages-module-into-runtime) +- [Non-Essential Functionality](#non-essential-functionality) +- [Weights of Module Extrinsics](#weights-of-module-extrinsics) + +## Overview + +Message lane is an unidirectional channel, where messages are sent from source chain to the target +chain. At the same time, a single instance of messages module supports both outbound lanes and +inbound lanes. So the chain where the module is deployed (this chain), may act as a source chain for +outbound messages (heading to a bridged chain) and as a target chain for inbound messages (coming +from a bridged chain). + +Messages module supports multiple message lanes. Every message lane is identified with a 4-byte +identifier. Messages sent through the lane are assigned unique (for this lane) increasing integer +value that is known as nonce ("number that can only be used once"). Messages that are sent over the +same lane are guaranteed to be delivered to the target chain in the same order they're sent from +the source chain. In other words, message with nonce `N` will be delivered right before delivering a +message with nonce `N+1`. + +Single message lane may be seen as a transport channel for single application (onchain, offchain or +mixed). At the same time the module itself never dictates any lane or message rules. In the end, it +is the runtime developer who defines what message lane and message mean for this runtime. + +In our [Kusama<>Polkadot bridge](../../docs/polkadot-kusama-bridge-overview.md) we are using lane +as a channel of communication between two parachains of different relay chains. For example, lane +`[0, 0, 0, 0]` is used for Statemint <> Statemine communications. Other lanes may be used to bridge +another parachains. + +## Message Workflow + +The pallet is not intended to be used by end users and provides no public calls to send the message. +Instead, it provides runtime-internal method that allows other pallets (or other runtime code) to queue +outbound messages. + +The message "appears" when some runtime code calls the `send_message()` method of the pallet. +The submitter specifies the lane that they're willing to use and the message itself. If some fee must +be paid for sending the message, it must be paid outside of the pallet. If a message passes all checks +(that include, for example, message size check, disabled lane check, ...), the nonce is assigned and +the message is stored in the module storage. The message is in an "undelivered" state now. + +We assume that there are external, offchain actors, called relayers, that are submitting module +related transactions to both target and source chains. The pallet itself has no assumptions about +relayers incentivization scheme, but it has some callbacks for paying rewards. See +[Integrating Messages Module into runtime](#Integrating-Messages-Module-into-runtime) +for details. + +Eventually, some relayer would notice this message in the "undelivered" state and it would decide to +deliver this message. Relayer then crafts `receive_messages_proof()` transaction (aka delivery +transaction) for the messages module instance, deployed at the target chain. Relayer provides +its account id at the source chain, the proof of message (or several messages), the number of +messages in the transaction and their cumulative dispatch weight. Once a transaction is mined, the +message is considered "delivered". + +Once a message is delivered, the relayer may want to confirm delivery back to the source chain. +There are two reasons why it would want to do that. The first is that we intentionally limit number +of "delivered", but not yet "confirmed" messages at inbound lanes +(see [What about other Constants in the Messages Module Configuration Trait](#What-about-other-Constants-in-the-Messages-Module-Configuration-Trait) for explanation). +So at some point, the target chain may stop accepting new messages until relayers confirm some of +these. The second is that if the relayer wants to be rewarded for delivery, it must prove the fact +that it has actually delivered the message. And this proof may only be generated after the delivery +transaction is mined. So relayer crafts the `receive_messages_delivery_proof()` transaction (aka +confirmation transaction) for the messages module instance, deployed at the source chain. Once +this transaction is mined, the message is considered "confirmed". + +The "confirmed" state is the final state of the message. But there's one last thing related to the +message - the fact that it is now "confirmed" and reward has been paid to the relayer (or at least +callback for this has been called), must be confirmed to the target chain. Otherwise, we may reach +the limit of "unconfirmed" messages at the target chain and it will stop accepting new messages. So +relayer sometimes includes a nonce of the latest "confirmed" message in the next +`receive_messages_proof()` transaction, proving that some messages have been confirmed. + +## Integrating Messages Module into Runtime + +As it has been said above, the messages module supports both outbound and inbound message lanes. +So if we will integrate a module in some runtime, it may act as the source chain runtime for +outbound messages and as the target chain runtime for inbound messages. In this section, we'll +sometimes refer to the chain we're currently integrating with, as "this chain" and the other +chain as "bridged chain". + +Messages module doesn't simply accept transactions that are claiming that the bridged chain has +some updated data for us. Instead of this, the module assumes that the bridged chain is able to +prove that updated data in some way. The proof is abstracted from the module and may be of any kind. +In our Substrate-to-Substrate bridge we're using runtime storage proofs. Other bridges may use +transaction proofs, Substrate header digests or anything else that may be proved. + +**IMPORTANT NOTE**: everything below in this chapter describes details of the messages module +configuration. But if you're interested in well-probed and relatively easy integration of two +Substrate-based chains, you may want to look at the +[bridge-runtime-common](../../bin/runtime-common/) crate. This crate is providing a lot of +helpers for integration, which may be directly used from within your runtime. Then if you'll decide +to change something in this scheme, get back here for detailed information. + +### General Information + +The messages module supports instances. Every module instance is supposed to bridge this chain +and some bridged chain. To bridge with another chain, using another instance is suggested (this +isn't forced anywhere in the code, though). Keep in mind, that the pallet may be used to build +virtual channels between multiple chains, as we do in our [Polkadot <> Kusama bridge](../../docs/polkadot-kusama-bridge-overview.md). +There, the pallet actually bridges only two parachains - Kusama Bridge Hub and Polkadot +Bridge Hub. However, other Kusama and Polkadot parachains are able to send (XCM) messages to their +Bridge Hubs. The messages will be delivered to the other side of the bridge and routed to the proper +destination parachain within the bridged chain consensus. + +Message submitters may track message progress by inspecting module events. When Message is accepted, +the `MessageAccepted` event is emitted. The event contains both message lane identifier and nonce that +has been assigned to the message. When a message is delivered to the target chain, the `MessagesDelivered` +event is emitted from the `receive_messages_delivery_proof()` transaction. The `MessagesDelivered` contains +the message lane identifier and inclusive range of delivered message nonces. + +The pallet provides no means to get the result of message dispatch at the target chain. If that is +required, it must be done outside of the pallet. For example, XCM messages, when dispatched, have +special instructions to send some data back to the sender. Other dispatchers may use similar +mechanism for that. +### How to plug-in Messages Module to Send Messages to the Bridged Chain? + +The `pallet_bridge_messages::Config` trait has 3 main associated types that are used to work with +outbound messages. The `pallet_bridge_messages::Config::TargetHeaderChain` defines how we see the +bridged chain as the target for our outbound messages. It must be able to check that the bridged +chain may accept our message - like that the message has size below maximal possible transaction +size of the chain and so on. And when the relayer sends us a confirmation transaction, this +implementation must be able to parse and verify the proof of messages delivery. Normally, you would +reuse the same (configurable) type on all chains that are sending messages to the same bridged +chain. + +The `pallet_bridge_messages::Config::LaneMessageVerifier` defines a single callback to verify outbound +messages. The simplest callback may just accept all messages. But in this case you'll need to answer +many questions first. Who will pay for the delivery and confirmation transaction? Are we sure that +someone will ever deliver this message to the bridged chain? Are we sure that we don't bloat our +runtime storage by accepting this message? What if the message is improperly encoded or has some +fields set to invalid values? Answering all those (and similar) questions would lead to correct +implementation. + +There's another thing to consider when implementing type for use in +`pallet_bridge_messages::Config::LaneMessageVerifier`. It is whether we treat all message lanes +identically, or they'll have different sets of verification rules? For example, you may reserve +lane#1 for messages coming from some 'wrapped-token' pallet - then you may verify in your +implementation that the origin is associated with this pallet. Lane#2 may be reserved for 'system' +messages and you may charge zero fee for such messages. You may have some rate limiting for messages +sent over the lane#3. Or you may just verify the same rules set for all outbound messages - it is +all up to the `pallet_bridge_messages::Config::LaneMessageVerifier` implementation. + +The last type is the `pallet_bridge_messages::Config::DeliveryConfirmationPayments`. When confirmation +transaction is received, we call the `pay_reward()` method, passing the range of delivered messages. +You may use the [`pallet-bridge-relayers`](../relayers/) pallet and its +[`DeliveryConfirmationPaymentsAdapter`](../relayers/src/payment_adapter.rs) adapter as a possible +implementation. It allows you to pay fixed reward for relaying the message and some of its portion +for confirming delivery. + +### I have a Messages Module in my Runtime, but I Want to Reject all Outbound Messages. What shall I do? + +You should be looking at the `bp_messages::source_chain::ForbidOutboundMessages` structure +[`bp_messages::source_chain`](../../primitives/messages/src/source_chain.rs). It implements +all required traits and will simply reject all transactions, related to outbound messages. + +### How to plug-in Messages Module to Receive Messages from the Bridged Chain? + +The `pallet_bridge_messages::Config` trait has 2 main associated types that are used to work with +inbound messages. The `pallet_bridge_messages::Config::SourceHeaderChain` defines how we see the +bridged chain as the source of our inbound messages. When relayer sends us a delivery transaction, +this implementation must be able to parse and verify the proof of messages wrapped in this +transaction. Normally, you would reuse the same (configurable) type on all chains that are sending +messages to the same bridged chain. + +The `pallet_bridge_messages::Config::MessageDispatch` defines a way on how to dispatch delivered +messages. Apart from actually dispatching the message, the implementation must return the correct +dispatch weight of the message before dispatch is called. + +### I have a Messages Module in my Runtime, but I Want to Reject all Inbound Messages. What shall I do? + +You should be looking at the `bp_messages::target_chain::ForbidInboundMessages` structure from +the [`bp_messages::target_chain`](../../primitives/messages/src/target_chain.rs) module. It +implements all required traits and will simply reject all transactions, related to inbound messages. + +### What about other Constants in the Messages Module Configuration Trait? + +Two settings that are used to check messages in the `send_message()` function. The +`pallet_bridge_messages::Config::ActiveOutboundLanes` is an array of all message lanes, that +may be used to send messages. All messages sent using other lanes are rejected. All messages that have +size above `pallet_bridge_messages::Config::MaximalOutboundPayloadSize` will also be rejected. + +To be able to reward the relayer for delivering messages, we store a map of message nonces range => +identifier of the relayer that has delivered this range at the target chain runtime storage. If a +relayer delivers multiple consequent ranges, they're merged into single entry. So there may be more +than one entry for the same relayer. Eventually, this whole map must be delivered back to the source +chain to confirm delivery and pay rewards. So to make sure we are able to craft this confirmation +transaction, we need to: (1) keep the size of this map below a certain limit and (2) make sure that +the weight of processing this map is below a certain limit. Both size and processing weight mostly +depend on the number of entries. The number of entries is limited with the +`pallet_bridge_messages::ConfigMaxUnrewardedRelayerEntriesAtInboundLane` parameter. Processing weight +also depends on the total number of messages that are being confirmed, because every confirmed +message needs to be read. So there's another +`pallet_bridge_messages::Config::MaxUnconfirmedMessagesAtInboundLane` parameter for that. + +When choosing values for these parameters, you must also keep in mind that if proof in your scheme +is based on finality of headers (and it is the most obvious option for Substrate-based chains with +finality notion), then choosing too small values for these parameters may cause significant delays +in message delivery. That's because there are too many actors involved in this scheme: 1) authorities +that are finalizing headers of the target chain need to finalize header with non-empty map; 2) the +headers relayer then needs to submit this header and its finality proof to the source chain; 3) the +messages relayer must then send confirmation transaction (storage proof of this map) to the source +chain; 4) when the confirmation transaction will be mined at some header, source chain authorities +must finalize this header; 5) the headers relay then needs to submit this header and its finality +proof to the target chain; 6) only now the messages relayer may submit new messages from the source +to target chain and prune the entry from the map. + +Delivery transaction requires the relayer to provide both number of entries and total number of +messages in the map. This means that the module never charges an extra cost for delivering a map - +the relayer would need to pay exactly for the number of entries+messages it has delivered. So the +best guess for values of these parameters would be the pair that would occupy `N` percent of the +maximal transaction size and weight of the source chain. The `N` should be large enough to process +large maps, at the same time keeping reserve for future source chain upgrades. + +## Non-Essential Functionality + +There may be a special account in every runtime where the messages module is deployed. This +account, named 'module owner', is like a module-level sudo account - he's able to halt and +resume all module operations without requiring runtime upgrade. Calls that are related to this +account are: +- `fn set_owner()`: current module owner may call it to transfer "ownership" to another account; +- `fn halt_operations()`: the module owner (or sudo account) may call this function to stop all + module operations. After this call, all message-related transactions will be rejected until + further `resume_operations` call'. This call may be used when something extraordinary happens with + the bridge; +- `fn resume_operations()`: module owner may call this function to resume bridge operations. The + module will resume its regular operations after this call. + +If pallet owner is not defined, the governance may be used to make those calls. + +## Messages Relay + +We have an offchain actor, who is watching for new messages and submits them to the bridged chain. +It is the messages relay - you may look at the [crate level documentation and the code](../../relays/messages/). diff --git a/bridges/modules/messages/src/benchmarking.rs b/bridges/modules/messages/src/benchmarking.rs new file mode 100644 index 00000000000..aab8855a729 --- /dev/null +++ b/bridges/modules/messages/src/benchmarking.rs @@ -0,0 +1,460 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Messages pallet benchmarking. + +use crate::{ + inbound_lane::InboundLaneStorage, inbound_lane_storage, outbound_lane, + weights_ext::EXPECTED_DEFAULT_MESSAGE_LENGTH, Call, OutboundLanes, +}; + +use bp_messages::{ + source_chain::TargetHeaderChain, target_chain::SourceHeaderChain, DeliveredMessages, + InboundLaneData, LaneId, MessageNonce, OutboundLaneData, UnrewardedRelayer, + UnrewardedRelayersState, +}; +use bp_runtime::StorageProofSize; +use codec::Decode; +use frame_benchmarking::{account, benchmarks_instance_pallet}; +use frame_support::weights::Weight; +use frame_system::RawOrigin; +use sp_runtime::traits::TrailingZeroInput; +use sp_std::{ops::RangeInclusive, prelude::*}; + +const SEED: u32 = 0; + +/// Pallet we're benchmarking here. +pub struct Pallet, I: 'static = ()>(crate::Pallet); + +/// Benchmark-specific message proof parameters. +#[derive(Debug)] +pub struct MessageProofParams { + /// Id of the lane. + pub lane: LaneId, + /// Range of messages to include in the proof. + pub message_nonces: RangeInclusive, + /// If `Some`, the proof needs to include this outbound lane data. + pub outbound_lane_data: Option, + /// If `true`, the caller expects that the proof will contain correct messages that will + /// be successfully dispatched. This is only called from the "optional" + /// `receive_single_message_proof_with_dispatch` benchmark. If you don't need it, just + /// return `true` from the `is_message_successfully_dispatched`. + pub is_successful_dispatch_expected: bool, + /// Proof size requirements. + pub size: StorageProofSize, +} + +/// Benchmark-specific message delivery proof parameters. +#[derive(Debug)] +pub struct MessageDeliveryProofParams { + /// Id of the lane. + pub lane: LaneId, + /// The proof needs to include this inbound lane data. + pub inbound_lane_data: InboundLaneData, + /// Proof size requirements. + pub size: StorageProofSize, +} + +/// Trait that must be implemented by runtime. +pub trait Config: crate::Config { + /// Lane id to use in benchmarks. + /// + /// By default, lane 00000000 is used. + fn bench_lane_id() -> LaneId { + LaneId([0, 0, 0, 0]) + } + + /// Return id of relayer account at the bridged chain. + /// + /// By default, zero account is returned. + fn bridged_relayer_id() -> Self::InboundRelayer { + Self::InboundRelayer::decode(&mut TrailingZeroInput::zeroes()).unwrap() + } + + /// Create given account and give it enough balance for test purposes. Used to create + /// relayer account at the target chain. Is strictly necessary when your rewards scheme + /// assumes that the relayer account must exist. + /// + /// Does nothing by default. + fn endow_account(_account: &Self::AccountId) {} + + /// Prepare messages proof to receive by the module. + fn prepare_message_proof( + params: MessageProofParams, + ) -> (::MessagesProof, Weight); + /// Prepare messages delivery proof to receive by the module. + fn prepare_message_delivery_proof( + params: MessageDeliveryProofParams, + ) -> >::MessagesDeliveryProof; + + /// Returns true if message has been successfully dispatched or not. + fn is_message_successfully_dispatched(_nonce: MessageNonce) -> bool { + true + } + + /// Returns true if given relayer has been rewarded for some of its actions. + fn is_relayer_rewarded(relayer: &Self::AccountId) -> bool; +} + +benchmarks_instance_pallet! { + // + // Benchmarks that are used directly by the runtime calls weight formulae. + // + + // Benchmark `receive_messages_proof` extrinsic with single minimal-weight message and following conditions: + // * proof does not include outbound lane state proof; + // * inbound lane already has state, so it needs to be read and decoded; + // * message is dispatched (reminder: dispatch weight should be minimal); + // * message requires all heavy checks done by dispatcher. + // + // This is base benchmark for all other message delivery benchmarks. + receive_single_message_proof { + let relayer_id_on_source = T::bridged_relayer_id(); + let relayer_id_on_target = account("relayer", 0, SEED); + T::endow_account(&relayer_id_on_target); + + // mark messages 1..=20 as delivered + receive_messages::(20); + + let (proof, dispatch_weight) = T::prepare_message_proof(MessageProofParams { + lane: T::bench_lane_id(), + message_nonces: 21..=21, + outbound_lane_data: None, + is_successful_dispatch_expected: false, + size: StorageProofSize::Minimal(EXPECTED_DEFAULT_MESSAGE_LENGTH), + }); + }: receive_messages_proof(RawOrigin::Signed(relayer_id_on_target), relayer_id_on_source, proof, 1, dispatch_weight) + verify { + assert_eq!( + crate::InboundLanes::::get(&T::bench_lane_id()).last_delivered_nonce(), + 21, + ); + } + + // Benchmark `receive_messages_proof` extrinsic with two minimal-weight messages and following conditions: + // * proof does not include outbound lane state proof; + // * inbound lane already has state, so it needs to be read and decoded; + // * message is dispatched (reminder: dispatch weight should be minimal); + // * message requires all heavy checks done by dispatcher. + // + // The weight of single message delivery could be approximated as + // `weight(receive_two_messages_proof) - weight(receive_single_message_proof)`. + // This won't be super-accurate if message has non-zero dispatch weight, but estimation should + // be close enough to real weight. + receive_two_messages_proof { + let relayer_id_on_source = T::bridged_relayer_id(); + let relayer_id_on_target = account("relayer", 0, SEED); + T::endow_account(&relayer_id_on_target); + + // mark messages 1..=20 as delivered + receive_messages::(20); + + let (proof, dispatch_weight) = T::prepare_message_proof(MessageProofParams { + lane: T::bench_lane_id(), + message_nonces: 21..=22, + outbound_lane_data: None, + is_successful_dispatch_expected: false, + size: StorageProofSize::Minimal(EXPECTED_DEFAULT_MESSAGE_LENGTH), + }); + }: receive_messages_proof(RawOrigin::Signed(relayer_id_on_target), relayer_id_on_source, proof, 2, dispatch_weight) + verify { + assert_eq!( + crate::InboundLanes::::get(&T::bench_lane_id()).last_delivered_nonce(), + 22, + ); + } + + // Benchmark `receive_messages_proof` extrinsic with single minimal-weight message and following conditions: + // * proof includes outbound lane state proof; + // * inbound lane already has state, so it needs to be read and decoded; + // * message is successfully dispatched (reminder: dispatch weight should be minimal); + // * message requires all heavy checks done by dispatcher. + // + // The weight of outbound lane state delivery would be + // `weight(receive_single_message_proof_with_outbound_lane_state) - weight(receive_single_message_proof)`. + // This won't be super-accurate if message has non-zero dispatch weight, but estimation should + // be close enough to real weight. + receive_single_message_proof_with_outbound_lane_state { + let relayer_id_on_source = T::bridged_relayer_id(); + let relayer_id_on_target = account("relayer", 0, SEED); + T::endow_account(&relayer_id_on_target); + + // mark messages 1..=20 as delivered + receive_messages::(20); + + let (proof, dispatch_weight) = T::prepare_message_proof(MessageProofParams { + lane: T::bench_lane_id(), + message_nonces: 21..=21, + outbound_lane_data: Some(OutboundLaneData { + oldest_unpruned_nonce: 21, + latest_received_nonce: 20, + latest_generated_nonce: 21, + }), + is_successful_dispatch_expected: false, + size: StorageProofSize::Minimal(EXPECTED_DEFAULT_MESSAGE_LENGTH), + }); + }: receive_messages_proof(RawOrigin::Signed(relayer_id_on_target), relayer_id_on_source, proof, 1, dispatch_weight) + verify { + let lane_state = crate::InboundLanes::::get(&T::bench_lane_id()); + assert_eq!(lane_state.last_delivered_nonce(), 21); + assert_eq!(lane_state.last_confirmed_nonce, 20); + } + + // Benchmark `receive_messages_proof` extrinsic with single minimal-weight message and following conditions: + // * the proof has large leaf with total size of approximately 1KB; + // * proof does not include outbound lane state proof; + // * inbound lane already has state, so it needs to be read and decoded; + // * message is dispatched (reminder: dispatch weight should be minimal); + // * message requires all heavy checks done by dispatcher. + // + // With single KB of messages proof, the weight of the call is increased (roughly) by + // `(receive_single_message_proof_16KB - receive_single_message_proof_1_kb) / 15`. + receive_single_message_proof_1_kb { + let relayer_id_on_source = T::bridged_relayer_id(); + let relayer_id_on_target = account("relayer", 0, SEED); + T::endow_account(&relayer_id_on_target); + + // mark messages 1..=20 as delivered + receive_messages::(20); + + let (proof, dispatch_weight) = T::prepare_message_proof(MessageProofParams { + lane: T::bench_lane_id(), + message_nonces: 21..=21, + outbound_lane_data: None, + is_successful_dispatch_expected: false, + size: StorageProofSize::HasLargeLeaf(1024), + }); + }: receive_messages_proof(RawOrigin::Signed(relayer_id_on_target), relayer_id_on_source, proof, 1, dispatch_weight) + verify { + assert_eq!( + crate::InboundLanes::::get(&T::bench_lane_id()).last_delivered_nonce(), + 21, + ); + } + + // Benchmark `receive_messages_proof` extrinsic with single minimal-weight message and following conditions: + // * the proof has large leaf with total size of approximately 16KB; + // * proof does not include outbound lane state proof; + // * inbound lane already has state, so it needs to be read and decoded; + // * message is dispatched (reminder: dispatch weight should be minimal); + // * message requires all heavy checks done by dispatcher. + // + // Size of proof grows because it contains extra trie nodes in it. + // + // With single KB of messages proof, the weight of the call is increased (roughly) by + // `(receive_single_message_proof_16KB - receive_single_message_proof) / 15`. + receive_single_message_proof_16_kb { + let relayer_id_on_source = T::bridged_relayer_id(); + let relayer_id_on_target = account("relayer", 0, SEED); + T::endow_account(&relayer_id_on_target); + + // mark messages 1..=20 as delivered + receive_messages::(20); + + let (proof, dispatch_weight) = T::prepare_message_proof(MessageProofParams { + lane: T::bench_lane_id(), + message_nonces: 21..=21, + outbound_lane_data: None, + is_successful_dispatch_expected: false, + size: StorageProofSize::HasLargeLeaf(16 * 1024), + }); + }: receive_messages_proof(RawOrigin::Signed(relayer_id_on_target), relayer_id_on_source, proof, 1, dispatch_weight) + verify { + assert_eq!( + crate::InboundLanes::::get(&T::bench_lane_id()).last_delivered_nonce(), + 21, + ); + } + + // Benchmark `receive_messages_delivery_proof` extrinsic with following conditions: + // * single relayer is rewarded for relaying single message; + // * relayer account does not exist (in practice it needs to exist in production environment). + // + // This is base benchmark for all other confirmations delivery benchmarks. + receive_delivery_proof_for_single_message { + let relayer_id: T::AccountId = account("relayer", 0, SEED); + + // send message that we're going to confirm + send_regular_message::(); + + let relayers_state = UnrewardedRelayersState { + unrewarded_relayer_entries: 1, + messages_in_oldest_entry: 1, + total_messages: 1, + last_delivered_nonce: 1, + }; + let proof = T::prepare_message_delivery_proof(MessageDeliveryProofParams { + lane: T::bench_lane_id(), + inbound_lane_data: InboundLaneData { + relayers: vec![UnrewardedRelayer { + relayer: relayer_id.clone(), + messages: DeliveredMessages::new(1), + }].into_iter().collect(), + last_confirmed_nonce: 0, + }, + size: StorageProofSize::Minimal(0), + }); + }: receive_messages_delivery_proof(RawOrigin::Signed(relayer_id.clone()), proof, relayers_state) + verify { + assert_eq!(OutboundLanes::::get(T::bench_lane_id()).latest_received_nonce, 1); + assert!(T::is_relayer_rewarded(&relayer_id)); + } + + // Benchmark `receive_messages_delivery_proof` extrinsic with following conditions: + // * single relayer is rewarded for relaying two messages; + // * relayer account does not exist (in practice it needs to exist in production environment). + // + // Additional weight for paying single-message reward to the same relayer could be computed + // as `weight(receive_delivery_proof_for_two_messages_by_single_relayer) + // - weight(receive_delivery_proof_for_single_message)`. + receive_delivery_proof_for_two_messages_by_single_relayer { + let relayer_id: T::AccountId = account("relayer", 0, SEED); + + // send message that we're going to confirm + send_regular_message::(); + send_regular_message::(); + + let relayers_state = UnrewardedRelayersState { + unrewarded_relayer_entries: 1, + messages_in_oldest_entry: 2, + total_messages: 2, + last_delivered_nonce: 2, + }; + let mut delivered_messages = DeliveredMessages::new(1); + delivered_messages.note_dispatched_message(); + let proof = T::prepare_message_delivery_proof(MessageDeliveryProofParams { + lane: T::bench_lane_id(), + inbound_lane_data: InboundLaneData { + relayers: vec![UnrewardedRelayer { + relayer: relayer_id.clone(), + messages: delivered_messages, + }].into_iter().collect(), + last_confirmed_nonce: 0, + }, + size: StorageProofSize::Minimal(0), + }); + }: receive_messages_delivery_proof(RawOrigin::Signed(relayer_id.clone()), proof, relayers_state) + verify { + assert_eq!(OutboundLanes::::get(T::bench_lane_id()).latest_received_nonce, 2); + assert!(T::is_relayer_rewarded(&relayer_id)); + } + + // Benchmark `receive_messages_delivery_proof` extrinsic with following conditions: + // * two relayers are rewarded for relaying single message each; + // * relayer account does not exist (in practice it needs to exist in production environment). + // + // Additional weight for paying reward to the next relayer could be computed + // as `weight(receive_delivery_proof_for_two_messages_by_two_relayers) + // - weight(receive_delivery_proof_for_two_messages_by_single_relayer)`. + receive_delivery_proof_for_two_messages_by_two_relayers { + let relayer1_id: T::AccountId = account("relayer1", 1, SEED); + let relayer2_id: T::AccountId = account("relayer2", 2, SEED); + + // send message that we're going to confirm + send_regular_message::(); + send_regular_message::(); + + let relayers_state = UnrewardedRelayersState { + unrewarded_relayer_entries: 2, + messages_in_oldest_entry: 1, + total_messages: 2, + last_delivered_nonce: 2, + }; + let proof = T::prepare_message_delivery_proof(MessageDeliveryProofParams { + lane: T::bench_lane_id(), + inbound_lane_data: InboundLaneData { + relayers: vec![ + UnrewardedRelayer { + relayer: relayer1_id.clone(), + messages: DeliveredMessages::new(1), + }, + UnrewardedRelayer { + relayer: relayer2_id.clone(), + messages: DeliveredMessages::new(2), + }, + ].into_iter().collect(), + last_confirmed_nonce: 0, + }, + size: StorageProofSize::Minimal(0), + }); + }: receive_messages_delivery_proof(RawOrigin::Signed(relayer1_id.clone()), proof, relayers_state) + verify { + assert_eq!(OutboundLanes::::get(T::bench_lane_id()).latest_received_nonce, 2); + assert!(T::is_relayer_rewarded(&relayer1_id)); + assert!(T::is_relayer_rewarded(&relayer2_id)); + } + + // + // Benchmarks that the runtime developers may use for proper pallet configuration. + // + + // This benchmark is optional and may be used when runtime developer need a way to compute + // message dispatch weight. In this case, he needs to provide messages that can go the whole + // dispatch + // + // Benchmark `receive_messages_proof` extrinsic with single message and following conditions: + // + // * proof does not include outbound lane state proof; + // * inbound lane already has state, so it needs to be read and decoded; + // * message is **SUCCESSFULLY** dispatched; + // * message requires all heavy checks done by dispatcher. + receive_single_message_proof_with_dispatch { + // maybe dispatch weight relies on the message size too? + let i in EXPECTED_DEFAULT_MESSAGE_LENGTH .. EXPECTED_DEFAULT_MESSAGE_LENGTH * 16; + + let relayer_id_on_source = T::bridged_relayer_id(); + let relayer_id_on_target = account("relayer", 0, SEED); + T::endow_account(&relayer_id_on_target); + + // mark messages 1..=20 as delivered + receive_messages::(20); + + let (proof, dispatch_weight) = T::prepare_message_proof(MessageProofParams { + lane: T::bench_lane_id(), + message_nonces: 21..=21, + outbound_lane_data: None, + is_successful_dispatch_expected: true, + size: StorageProofSize::Minimal(i), + }); + }: receive_messages_proof(RawOrigin::Signed(relayer_id_on_target), relayer_id_on_source, proof, 1, dispatch_weight) + verify { + assert_eq!( + crate::InboundLanes::::get(&T::bench_lane_id()).last_delivered_nonce(), + 21, + ); + assert!(T::is_message_successfully_dispatched(21)); + } + + impl_benchmark_test_suite!(Pallet, crate::mock::new_test_ext(), crate::mock::TestRuntime) +} + +fn send_regular_message, I: 'static>() { + let mut outbound_lane = outbound_lane::(T::bench_lane_id()); + outbound_lane.send_message(vec![]); +} + +fn receive_messages, I: 'static>(nonce: MessageNonce) { + let mut inbound_lane_storage = inbound_lane_storage::(T::bench_lane_id()); + inbound_lane_storage.set_data(InboundLaneData { + relayers: vec![UnrewardedRelayer { + relayer: T::bridged_relayer_id(), + messages: DeliveredMessages::new(nonce), + }] + .into_iter() + .collect(), + last_confirmed_nonce: 0, + }); +} diff --git a/bridges/modules/messages/src/inbound_lane.rs b/bridges/modules/messages/src/inbound_lane.rs new file mode 100644 index 00000000000..5ec4444dbdf --- /dev/null +++ b/bridges/modules/messages/src/inbound_lane.rs @@ -0,0 +1,556 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Everything about incoming messages receival. + +use crate::Config; + +use bp_messages::{ + target_chain::{DispatchMessage, DispatchMessageData, MessageDispatch}, + DeliveredMessages, InboundLaneData, LaneId, MessageKey, MessageNonce, OutboundLaneData, + ReceivalResult, UnrewardedRelayer, +}; +use codec::{Decode, Encode, EncodeLike, MaxEncodedLen}; +use frame_support::{traits::Get, RuntimeDebug}; +use scale_info::{Type, TypeInfo}; +use sp_std::prelude::PartialEq; + +/// Inbound lane storage. +pub trait InboundLaneStorage { + /// Id of relayer on source chain. + type Relayer: Clone + PartialEq; + + /// Lane id. + fn id(&self) -> LaneId; + /// Return maximal number of unrewarded relayer entries in inbound lane. + fn max_unrewarded_relayer_entries(&self) -> MessageNonce; + /// Return maximal number of unconfirmed messages in inbound lane. + fn max_unconfirmed_messages(&self) -> MessageNonce; + /// Get lane data from the storage. + fn data(&self) -> InboundLaneData; + /// Update lane data in the storage. + fn set_data(&mut self, data: InboundLaneData); +} + +/// Inbound lane data wrapper that implements `MaxEncodedLen`. +/// +/// We have already had `MaxEncodedLen`-like functionality before, but its usage has +/// been localized and we haven't been passing bounds (maximal count of unrewarded relayer entries, +/// maximal count of unconfirmed messages) everywhere. This wrapper allows us to avoid passing +/// these generic bounds all over the code. +/// +/// The encoding of this type matches encoding of the corresponding `MessageData`. +#[derive(Encode, Decode, Clone, RuntimeDebug, PartialEq, Eq)] +pub struct StoredInboundLaneData, I: 'static>(pub InboundLaneData); + +impl, I: 'static> sp_std::ops::Deref for StoredInboundLaneData { + type Target = InboundLaneData; + + fn deref(&self) -> &Self::Target { + &self.0 + } +} + +impl, I: 'static> sp_std::ops::DerefMut for StoredInboundLaneData { + fn deref_mut(&mut self) -> &mut Self::Target { + &mut self.0 + } +} + +impl, I: 'static> Default for StoredInboundLaneData { + fn default() -> Self { + StoredInboundLaneData(Default::default()) + } +} + +impl, I: 'static> From> + for InboundLaneData +{ + fn from(data: StoredInboundLaneData) -> Self { + data.0 + } +} + +impl, I: 'static> EncodeLike> + for InboundLaneData +{ +} + +impl, I: 'static> TypeInfo for StoredInboundLaneData { + type Identity = Self; + + fn type_info() -> Type { + InboundLaneData::::type_info() + } +} + +impl, I: 'static> MaxEncodedLen for StoredInboundLaneData { + fn max_encoded_len() -> usize { + InboundLaneData::::encoded_size_hint( + T::MaxUnrewardedRelayerEntriesAtInboundLane::get() as usize, + ) + .unwrap_or(usize::MAX) + } +} + +/// Inbound messages lane. +pub struct InboundLane { + storage: S, +} + +impl InboundLane { + /// Create new inbound lane backed by given storage. + pub fn new(storage: S) -> Self { + InboundLane { storage } + } + + /// Returns storage reference. + pub fn storage(&self) -> &S { + &self.storage + } + + /// Receive state of the corresponding outbound lane. + pub fn receive_state_update( + &mut self, + outbound_lane_data: OutboundLaneData, + ) -> Option { + let mut data = self.storage.data(); + let last_delivered_nonce = data.last_delivered_nonce(); + + if outbound_lane_data.latest_received_nonce > last_delivered_nonce { + // this is something that should never happen if proofs are correct + return None + } + if outbound_lane_data.latest_received_nonce <= data.last_confirmed_nonce { + return None + } + + let new_confirmed_nonce = outbound_lane_data.latest_received_nonce; + data.last_confirmed_nonce = new_confirmed_nonce; + // Firstly, remove all of the records where higher nonce <= new confirmed nonce + while data + .relayers + .front() + .map(|entry| entry.messages.end <= new_confirmed_nonce) + .unwrap_or(false) + { + data.relayers.pop_front(); + } + // Secondly, update the next record with lower nonce equal to new confirmed nonce if needed. + // Note: There will be max. 1 record to update as we don't allow messages from relayers to + // overlap. + match data.relayers.front_mut() { + Some(entry) if entry.messages.begin <= new_confirmed_nonce => { + entry.messages.begin = new_confirmed_nonce + 1; + }, + _ => {}, + } + + self.storage.set_data(data); + Some(outbound_lane_data.latest_received_nonce) + } + + /// Receive new message. + pub fn receive_message( + &mut self, + relayer_at_bridged_chain: &S::Relayer, + nonce: MessageNonce, + message_data: DispatchMessageData, + ) -> ReceivalResult { + let mut data = self.storage.data(); + let is_correct_message = nonce == data.last_delivered_nonce() + 1; + if !is_correct_message { + return ReceivalResult::InvalidNonce + } + + // if there are more unrewarded relayer entries than we may accept, reject this message + if data.relayers.len() as MessageNonce >= self.storage.max_unrewarded_relayer_entries() { + return ReceivalResult::TooManyUnrewardedRelayers + } + + // if there are more unconfirmed messages than we may accept, reject this message + let unconfirmed_messages_count = nonce.saturating_sub(data.last_confirmed_nonce); + if unconfirmed_messages_count > self.storage.max_unconfirmed_messages() { + return ReceivalResult::TooManyUnconfirmedMessages + } + + // then, dispatch message + let dispatch_result = Dispatch::dispatch(DispatchMessage { + key: MessageKey { lane_id: self.storage.id(), nonce }, + data: message_data, + }); + + // now let's update inbound lane storage + match data.relayers.back_mut() { + Some(entry) if entry.relayer == *relayer_at_bridged_chain => { + entry.messages.note_dispatched_message(); + }, + _ => { + data.relayers.push_back(UnrewardedRelayer { + relayer: relayer_at_bridged_chain.clone(), + messages: DeliveredMessages::new(nonce), + }); + }, + }; + self.storage.set_data(data); + + ReceivalResult::Dispatched(dispatch_result) + } +} + +#[cfg(test)] +mod tests { + use super::*; + use crate::{ + inbound_lane, + mock::{ + dispatch_result, inbound_message_data, inbound_unrewarded_relayers_state, run_test, + unrewarded_relayer, TestMessageDispatch, TestRuntime, REGULAR_PAYLOAD, TEST_LANE_ID, + TEST_RELAYER_A, TEST_RELAYER_B, TEST_RELAYER_C, + }, + RuntimeInboundLaneStorage, + }; + use bp_messages::UnrewardedRelayersState; + + fn receive_regular_message( + lane: &mut InboundLane>, + nonce: MessageNonce, + ) { + assert_eq!( + lane.receive_message::( + &TEST_RELAYER_A, + nonce, + inbound_message_data(REGULAR_PAYLOAD) + ), + ReceivalResult::Dispatched(dispatch_result(0)) + ); + } + + #[test] + fn receive_status_update_ignores_status_from_the_future() { + run_test(|| { + let mut lane = inbound_lane::(TEST_LANE_ID); + receive_regular_message(&mut lane, 1); + assert_eq!( + lane.receive_state_update(OutboundLaneData { + latest_received_nonce: 10, + ..Default::default() + }), + None, + ); + + assert_eq!(lane.storage.data().last_confirmed_nonce, 0); + }); + } + + #[test] + fn receive_status_update_ignores_obsolete_status() { + run_test(|| { + let mut lane = inbound_lane::(TEST_LANE_ID); + receive_regular_message(&mut lane, 1); + receive_regular_message(&mut lane, 2); + receive_regular_message(&mut lane, 3); + assert_eq!( + lane.receive_state_update(OutboundLaneData { + latest_received_nonce: 3, + ..Default::default() + }), + Some(3), + ); + assert_eq!(lane.storage.data().last_confirmed_nonce, 3); + + assert_eq!( + lane.receive_state_update(OutboundLaneData { + latest_received_nonce: 3, + ..Default::default() + }), + None, + ); + assert_eq!(lane.storage.data().last_confirmed_nonce, 3); + }); + } + + #[test] + fn receive_status_update_works() { + run_test(|| { + let mut lane = inbound_lane::(TEST_LANE_ID); + receive_regular_message(&mut lane, 1); + receive_regular_message(&mut lane, 2); + receive_regular_message(&mut lane, 3); + assert_eq!(lane.storage.data().last_confirmed_nonce, 0); + assert_eq!( + lane.storage.data().relayers, + vec![unrewarded_relayer(1, 3, TEST_RELAYER_A)] + ); + + assert_eq!( + lane.receive_state_update(OutboundLaneData { + latest_received_nonce: 2, + ..Default::default() + }), + Some(2), + ); + assert_eq!(lane.storage.data().last_confirmed_nonce, 2); + assert_eq!( + lane.storage.data().relayers, + vec![unrewarded_relayer(3, 3, TEST_RELAYER_A)] + ); + + assert_eq!( + lane.receive_state_update(OutboundLaneData { + latest_received_nonce: 3, + ..Default::default() + }), + Some(3), + ); + assert_eq!(lane.storage.data().last_confirmed_nonce, 3); + assert_eq!(lane.storage.data().relayers, vec![]); + }); + } + + #[test] + fn receive_status_update_works_with_batches_from_relayers() { + run_test(|| { + let mut lane = inbound_lane::(TEST_LANE_ID); + let mut seed_storage_data = lane.storage.data(); + // Prepare data + seed_storage_data.last_confirmed_nonce = 0; + seed_storage_data.relayers.push_back(unrewarded_relayer(1, 1, TEST_RELAYER_A)); + // Simulate messages batch (2, 3, 4) from relayer #2 + seed_storage_data.relayers.push_back(unrewarded_relayer(2, 4, TEST_RELAYER_B)); + seed_storage_data.relayers.push_back(unrewarded_relayer(5, 5, TEST_RELAYER_C)); + lane.storage.set_data(seed_storage_data); + // Check + assert_eq!( + lane.receive_state_update(OutboundLaneData { + latest_received_nonce: 3, + ..Default::default() + }), + Some(3), + ); + assert_eq!(lane.storage.data().last_confirmed_nonce, 3); + assert_eq!( + lane.storage.data().relayers, + vec![ + unrewarded_relayer(4, 4, TEST_RELAYER_B), + unrewarded_relayer(5, 5, TEST_RELAYER_C) + ] + ); + }); + } + + #[test] + fn fails_to_receive_message_with_incorrect_nonce() { + run_test(|| { + let mut lane = inbound_lane::(TEST_LANE_ID); + assert_eq!( + lane.receive_message::( + &TEST_RELAYER_A, + 10, + inbound_message_data(REGULAR_PAYLOAD) + ), + ReceivalResult::InvalidNonce + ); + assert_eq!(lane.storage.data().last_delivered_nonce(), 0); + }); + } + + #[test] + fn fails_to_receive_messages_above_unrewarded_relayer_entries_limit_per_lane() { + run_test(|| { + let mut lane = inbound_lane::(TEST_LANE_ID); + let max_nonce = + ::MaxUnrewardedRelayerEntriesAtInboundLane::get(); + for current_nonce in 1..max_nonce + 1 { + assert_eq!( + lane.receive_message::( + &(TEST_RELAYER_A + current_nonce), + current_nonce, + inbound_message_data(REGULAR_PAYLOAD) + ), + ReceivalResult::Dispatched(dispatch_result(0)) + ); + } + // Fails to dispatch new message from different than latest relayer. + assert_eq!( + lane.receive_message::( + &(TEST_RELAYER_A + max_nonce + 1), + max_nonce + 1, + inbound_message_data(REGULAR_PAYLOAD) + ), + ReceivalResult::TooManyUnrewardedRelayers, + ); + // Fails to dispatch new messages from latest relayer. Prevents griefing attacks. + assert_eq!( + lane.receive_message::( + &(TEST_RELAYER_A + max_nonce), + max_nonce + 1, + inbound_message_data(REGULAR_PAYLOAD) + ), + ReceivalResult::TooManyUnrewardedRelayers, + ); + }); + } + + #[test] + fn fails_to_receive_messages_above_unconfirmed_messages_limit_per_lane() { + run_test(|| { + let mut lane = inbound_lane::(TEST_LANE_ID); + let max_nonce = ::MaxUnconfirmedMessagesAtInboundLane::get(); + for current_nonce in 1..=max_nonce { + assert_eq!( + lane.receive_message::( + &TEST_RELAYER_A, + current_nonce, + inbound_message_data(REGULAR_PAYLOAD) + ), + ReceivalResult::Dispatched(dispatch_result(0)) + ); + } + // Fails to dispatch new message from different than latest relayer. + assert_eq!( + lane.receive_message::( + &TEST_RELAYER_B, + max_nonce + 1, + inbound_message_data(REGULAR_PAYLOAD) + ), + ReceivalResult::TooManyUnconfirmedMessages, + ); + // Fails to dispatch new messages from latest relayer. + assert_eq!( + lane.receive_message::( + &TEST_RELAYER_A, + max_nonce + 1, + inbound_message_data(REGULAR_PAYLOAD) + ), + ReceivalResult::TooManyUnconfirmedMessages, + ); + }); + } + + #[test] + fn correctly_receives_following_messages_from_two_relayers_alternately() { + run_test(|| { + let mut lane = inbound_lane::(TEST_LANE_ID); + assert_eq!( + lane.receive_message::( + &TEST_RELAYER_A, + 1, + inbound_message_data(REGULAR_PAYLOAD) + ), + ReceivalResult::Dispatched(dispatch_result(0)) + ); + assert_eq!( + lane.receive_message::( + &TEST_RELAYER_B, + 2, + inbound_message_data(REGULAR_PAYLOAD) + ), + ReceivalResult::Dispatched(dispatch_result(0)) + ); + assert_eq!( + lane.receive_message::( + &TEST_RELAYER_A, + 3, + inbound_message_data(REGULAR_PAYLOAD) + ), + ReceivalResult::Dispatched(dispatch_result(0)) + ); + assert_eq!( + lane.storage.data().relayers, + vec![ + unrewarded_relayer(1, 1, TEST_RELAYER_A), + unrewarded_relayer(2, 2, TEST_RELAYER_B), + unrewarded_relayer(3, 3, TEST_RELAYER_A) + ] + ); + }); + } + + #[test] + fn rejects_same_message_from_two_different_relayers() { + run_test(|| { + let mut lane = inbound_lane::(TEST_LANE_ID); + assert_eq!( + lane.receive_message::( + &TEST_RELAYER_A, + 1, + inbound_message_data(REGULAR_PAYLOAD) + ), + ReceivalResult::Dispatched(dispatch_result(0)) + ); + assert_eq!( + lane.receive_message::( + &TEST_RELAYER_B, + 1, + inbound_message_data(REGULAR_PAYLOAD) + ), + ReceivalResult::InvalidNonce, + ); + }); + } + + #[test] + fn correct_message_is_processed_instantly() { + run_test(|| { + let mut lane = inbound_lane::(TEST_LANE_ID); + receive_regular_message(&mut lane, 1); + assert_eq!(lane.storage.data().last_delivered_nonce(), 1); + }); + } + + #[test] + fn unspent_weight_is_returned_by_receive_message() { + run_test(|| { + let mut lane = inbound_lane::(TEST_LANE_ID); + let mut payload = REGULAR_PAYLOAD; + *payload.dispatch_result.unspent_weight.ref_time_mut() = 1; + assert_eq!( + lane.receive_message::( + &TEST_RELAYER_A, + 1, + inbound_message_data(payload) + ), + ReceivalResult::Dispatched(dispatch_result(1)) + ); + }); + } + + #[test] + fn first_message_is_confirmed_correctly() { + run_test(|| { + let mut lane = inbound_lane::(TEST_LANE_ID); + receive_regular_message(&mut lane, 1); + receive_regular_message(&mut lane, 2); + assert_eq!( + lane.receive_state_update(OutboundLaneData { + latest_received_nonce: 1, + ..Default::default() + }), + Some(1), + ); + assert_eq!( + inbound_unrewarded_relayers_state(TEST_LANE_ID), + UnrewardedRelayersState { + unrewarded_relayer_entries: 1, + messages_in_oldest_entry: 1, + total_messages: 1, + last_delivered_nonce: 2, + }, + ); + }); + } +} diff --git a/bridges/modules/messages/src/lib.rs b/bridges/modules/messages/src/lib.rs new file mode 100644 index 00000000000..045015b7751 --- /dev/null +++ b/bridges/modules/messages/src/lib.rs @@ -0,0 +1,2152 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Runtime module that allows sending and receiving messages using lane concept: +//! +//! 1) the message is sent using `send_message()` call; +//! 2) every outbound message is assigned nonce; +//! 3) the messages are stored in the storage; +//! 4) external component (relay) delivers messages to bridged chain; +//! 5) messages are processed in order (ordered by assigned nonce); +//! 6) relay may send proof-of-delivery back to this chain. +//! +//! Once message is sent, its progress can be tracked by looking at module events. +//! The assigned nonce is reported using `MessageAccepted` event. When message is +//! delivered to the the bridged chain, it is reported using `MessagesDelivered` event. +//! +//! **IMPORTANT NOTE**: after generating weights (custom `WeighInfo` implementation) for +//! your runtime (where this module is plugged to), please add test for these weights. +//! The test should call the `ensure_weights_are_correct` function from this module. +//! If this test fails with your weights, then either weights are computed incorrectly, +//! or some benchmarks assumptions are broken for your runtime. + +#![cfg_attr(not(feature = "std"), no_std)] +// Generated by `decl_event!` +#![allow(clippy::unused_unit)] + +pub use inbound_lane::StoredInboundLaneData; +pub use outbound_lane::StoredMessagePayload; +pub use weights::WeightInfo; +pub use weights_ext::{ + ensure_able_to_receive_confirmation, ensure_able_to_receive_message, + ensure_weights_are_correct, WeightInfoExt, EXPECTED_DEFAULT_MESSAGE_LENGTH, + EXTRA_STORAGE_PROOF_SIZE, +}; + +use crate::{ + inbound_lane::{InboundLane, InboundLaneStorage}, + outbound_lane::{OutboundLane, OutboundLaneStorage, ReceivalConfirmationResult}, +}; + +use bp_messages::{ + source_chain::{ + DeliveryConfirmationPayments, LaneMessageVerifier, SendMessageArtifacts, TargetHeaderChain, + }, + target_chain::{ + DeliveryPayments, DispatchMessage, MessageDispatch, ProvedLaneMessages, ProvedMessages, + SourceHeaderChain, + }, + total_unrewarded_messages, DeliveredMessages, InboundLaneData, InboundMessageDetails, LaneId, + MessageKey, MessageNonce, MessagePayload, MessagesOperatingMode, OutboundLaneData, + OutboundMessageDetails, UnrewardedRelayersState, +}; +use bp_runtime::{BasicOperatingMode, ChainId, OwnedBridgeModule, PreComputedSize, Size}; +use codec::{Decode, Encode, MaxEncodedLen}; +use frame_support::{dispatch::PostDispatchInfo, ensure, fail, traits::Get}; +use sp_runtime::traits::UniqueSaturatedFrom; +use sp_std::{cell::RefCell, marker::PhantomData, prelude::*}; + +mod inbound_lane; +mod outbound_lane; +mod weights_ext; + +pub mod weights; + +#[cfg(feature = "runtime-benchmarks")] +pub mod benchmarking; + +#[cfg(test)] +mod mock; + +pub use pallet::*; + +/// The target that will be used when publishing logs related to this pallet. +pub const LOG_TARGET: &str = "runtime::bridge-messages"; + +#[frame_support::pallet] +pub mod pallet { + use super::*; + use bp_messages::{ReceivalResult, ReceivedMessages}; + use bp_runtime::RangeInclusiveExt; + use frame_support::pallet_prelude::*; + use frame_system::pallet_prelude::*; + + #[pallet::config] + pub trait Config: frame_system::Config { + // General types + + /// The overarching event type. + type RuntimeEvent: From> + + IsType<::RuntimeEvent>; + /// Benchmarks results from runtime we're plugged into. + type WeightInfo: WeightInfoExt; + + /// Gets the chain id value from the instance. + #[pallet::constant] + type BridgedChainId: Get; + + /// Get all active outbound lanes that the message pallet is serving. + type ActiveOutboundLanes: Get<&'static [LaneId]>; + /// Maximal number of unrewarded relayer entries at inbound lane. Unrewarded means that the + /// relayer has delivered messages, but either confirmations haven't been delivered back to + /// the source chain, or we haven't received reward confirmations yet. + /// + /// This constant limits maximal number of entries in the `InboundLaneData::relayers`. Keep + /// in mind that the same relayer account may take several (non-consecutive) entries in this + /// set. + type MaxUnrewardedRelayerEntriesAtInboundLane: Get; + /// Maximal number of unconfirmed messages at inbound lane. Unconfirmed means that the + /// message has been delivered, but either confirmations haven't been delivered back to the + /// source chain, or we haven't received reward confirmations for these messages yet. + /// + /// This constant limits difference between last message from last entry of the + /// `InboundLaneData::relayers` and first message at the first entry. + /// + /// There is no point of making this parameter lesser than + /// MaxUnrewardedRelayerEntriesAtInboundLane, because then maximal number of relayer entries + /// will be limited by maximal number of messages. + /// + /// This value also represents maximal number of messages in single delivery transaction. + /// Transaction that is declaring more messages than this value, will be rejected. Even if + /// these messages are from different lanes. + type MaxUnconfirmedMessagesAtInboundLane: Get; + + /// Maximal encoded size of the outbound payload. + #[pallet::constant] + type MaximalOutboundPayloadSize: Get; + /// Payload type of outbound messages. This payload is dispatched on the bridged chain. + type OutboundPayload: Parameter + Size; + + /// Payload type of inbound messages. This payload is dispatched on this chain. + type InboundPayload: Decode; + /// Identifier of relayer that deliver messages to this chain. Relayer reward is paid on the + /// bridged chain. + type InboundRelayer: Parameter + MaxEncodedLen; + /// Delivery payments. + type DeliveryPayments: DeliveryPayments; + + // Types that are used by outbound_lane (on source chain). + + /// Target header chain. + type TargetHeaderChain: TargetHeaderChain; + /// Message payload verifier. + type LaneMessageVerifier: LaneMessageVerifier; + /// Delivery confirmation payments. + type DeliveryConfirmationPayments: DeliveryConfirmationPayments; + + // Types that are used by inbound_lane (on target chain). + + /// Source header chain, as it is represented on target chain. + type SourceHeaderChain: SourceHeaderChain; + /// Message dispatch. + type MessageDispatch: MessageDispatch; + } + + /// Shortcut to messages proof type for Config. + pub type MessagesProofOf = + <>::SourceHeaderChain as SourceHeaderChain>::MessagesProof; + /// Shortcut to messages delivery proof type for Config. + pub type MessagesDeliveryProofOf = + <>::TargetHeaderChain as TargetHeaderChain< + >::OutboundPayload, + ::AccountId, + >>::MessagesDeliveryProof; + + #[pallet::pallet] + pub struct Pallet(PhantomData<(T, I)>); + + impl, I: 'static> OwnedBridgeModule for Pallet { + const LOG_TARGET: &'static str = LOG_TARGET; + type OwnerStorage = PalletOwner; + type OperatingMode = MessagesOperatingMode; + type OperatingModeStorage = PalletOperatingMode; + } + + #[pallet::hooks] + impl, I: 'static> Hooks> for Pallet + where + u32: TryFrom<::BlockNumber>, + { + fn on_idle(_block: T::BlockNumber, remaining_weight: Weight) -> Weight { + // we'll need at least to read outbound lane state, kill a message and update lane state + let db_weight = T::DbWeight::get(); + if !remaining_weight.all_gte(db_weight.reads_writes(1, 2)) { + return Weight::zero() + } + + // messages from lane with index `i` in `ActiveOutboundLanes` are pruned when + // `System::block_number() % lanes.len() == i`. Otherwise we need to read lane states on + // every block, wasting the whole `remaining_weight` for nothing and causing starvation + // of the last lane pruning + let active_lanes = T::ActiveOutboundLanes::get(); + let active_lanes_len = (active_lanes.len() as u32).into(); + let active_lane_index = u32::unique_saturated_from( + frame_system::Pallet::::block_number() % active_lanes_len, + ); + let active_lane_id = active_lanes[active_lane_index as usize]; + + // first db read - outbound lane state + let mut active_lane = outbound_lane::(active_lane_id); + let mut used_weight = db_weight.reads(1); + // and here we'll have writes + used_weight += active_lane.prune_messages(db_weight, remaining_weight - used_weight); + + // we already checked we have enough `remaining_weight` to cover this `used_weight` + used_weight + } + } + + #[pallet::call] + impl, I: 'static> Pallet { + /// Change `PalletOwner`. + /// + /// May only be called either by root, or by `PalletOwner`. + #[pallet::call_index(0)] + #[pallet::weight((T::DbWeight::get().reads_writes(1, 1), DispatchClass::Operational))] + pub fn set_owner(origin: OriginFor, new_owner: Option) -> DispatchResult { + >::set_owner(origin, new_owner) + } + + /// Halt or resume all/some pallet operations. + /// + /// May only be called either by root, or by `PalletOwner`. + #[pallet::call_index(1)] + #[pallet::weight((T::DbWeight::get().reads_writes(1, 1), DispatchClass::Operational))] + pub fn set_operating_mode( + origin: OriginFor, + operating_mode: MessagesOperatingMode, + ) -> DispatchResult { + >::set_operating_mode(origin, operating_mode) + } + + /// Receive messages proof from bridged chain. + /// + /// The weight of the call assumes that the transaction always brings outbound lane + /// state update. Because of that, the submitter (relayer) has no benefit of not including + /// this data in the transaction, so reward confirmations lags should be minimal. + /// + /// The call fails if: + /// + /// - the pallet is halted; + /// + /// - the call origin is not `Signed(_)`; + /// + /// - there are too many messages in the proof; + /// + /// - the proof verification procedure returns an error - e.g. because header used to craft + /// proof is not imported by the associated finality pallet; + /// + /// - the `dispatch_weight` argument is not sufficient to dispatch all bundled messages. + /// + /// The call may succeed, but some messages may not be delivered e.g. if they are not fit + /// into the unrewarded relayers vector. + #[pallet::call_index(2)] + #[pallet::weight(T::WeightInfo::receive_messages_proof_weight(proof, *messages_count, *dispatch_weight))] + pub fn receive_messages_proof( + origin: OriginFor, + relayer_id_at_bridged_chain: T::InboundRelayer, + proof: MessagesProofOf, + messages_count: u32, + dispatch_weight: Weight, + ) -> DispatchResultWithPostInfo { + Self::ensure_not_halted().map_err(Error::::BridgeModule)?; + let relayer_id_at_this_chain = ensure_signed(origin)?; + + // reject transactions that are declaring too many messages + ensure!( + MessageNonce::from(messages_count) <= T::MaxUnconfirmedMessagesAtInboundLane::get(), + Error::::TooManyMessagesInTheProof + ); + + // why do we need to know the weight of this (`receive_messages_proof`) call? Because + // we may want to return some funds for not-dispatching (or partially dispatching) some + // messages to the call origin (relayer). And this is done by returning actual weight + // from the call. But we only know dispatch weight of every messages. So to refund + // relayer because we have not dispatched Message, we need to: + // + // ActualWeight = DeclaredWeight - Message.DispatchWeight + // + // The DeclaredWeight is exactly what's computed here. Unfortunately it is impossible + // to get pre-computed value (and it has been already computed by the executive). + let declared_weight = T::WeightInfo::receive_messages_proof_weight( + &proof, + messages_count, + dispatch_weight, + ); + let mut actual_weight = declared_weight; + + // verify messages proof && convert proof into messages + let messages = verify_and_decode_messages_proof::< + T::SourceHeaderChain, + T::InboundPayload, + >(proof, messages_count) + .map_err(|err| { + log::trace!(target: LOG_TARGET, "Rejecting invalid messages proof: {:?}", err,); + + Error::::InvalidMessagesProof + })?; + + // dispatch messages and (optionally) update lane(s) state(s) + let mut total_messages = 0; + let mut valid_messages = 0; + let mut messages_received_status = Vec::with_capacity(messages.len()); + let mut dispatch_weight_left = dispatch_weight; + for (lane_id, lane_data) in messages { + let mut lane = inbound_lane::(lane_id); + + // subtract extra storage proof bytes from the actual PoV size - there may be + // less unrewarded relayers than the maximal configured value + let lane_extra_proof_size_bytes = lane.storage().extra_proof_size_bytes(); + actual_weight = actual_weight.set_proof_size( + actual_weight.proof_size().saturating_sub(lane_extra_proof_size_bytes), + ); + + if let Some(lane_state) = lane_data.lane_state { + let updated_latest_confirmed_nonce = lane.receive_state_update(lane_state); + if let Some(updated_latest_confirmed_nonce) = updated_latest_confirmed_nonce { + log::trace!( + target: LOG_TARGET, + "Received lane {:?} state update: latest_confirmed_nonce={}. Unrewarded relayers: {:?}", + lane_id, + updated_latest_confirmed_nonce, + UnrewardedRelayersState::from(&lane.storage().data()), + ); + } + } + + let mut lane_messages_received_status = + ReceivedMessages::new(lane_id, Vec::with_capacity(lane_data.messages.len())); + for mut message in lane_data.messages { + debug_assert_eq!(message.key.lane_id, lane_id); + total_messages += 1; + + // ensure that relayer has declared enough weight for dispatching next message + // on this lane. We can't dispatch lane messages out-of-order, so if declared + // weight is not enough, let's move to next lane + let message_dispatch_weight = T::MessageDispatch::dispatch_weight(&mut message); + if message_dispatch_weight.any_gt(dispatch_weight_left) { + log::trace!( + target: LOG_TARGET, + "Cannot dispatch any more messages on lane {:?}. Weight: declared={}, left={}", + lane_id, + message_dispatch_weight, + dispatch_weight_left, + ); + + fail!(Error::::InsufficientDispatchWeight); + } + + let receival_result = lane.receive_message::( + &relayer_id_at_bridged_chain, + message.key.nonce, + message.data, + ); + + // note that we're returning unspent weight to relayer even if message has been + // rejected by the lane. This allows relayers to submit spam transactions with + // e.g. the same set of already delivered messages over and over again, without + // losing funds for messages dispatch. But keep in mind that relayer pays base + // delivery transaction cost anyway. And base cost covers everything except + // dispatch, so we have a balance here. + let unspent_weight = match &receival_result { + ReceivalResult::Dispatched(dispatch_result) => { + valid_messages += 1; + dispatch_result.unspent_weight + }, + ReceivalResult::InvalidNonce | + ReceivalResult::TooManyUnrewardedRelayers | + ReceivalResult::TooManyUnconfirmedMessages => message_dispatch_weight, + }; + lane_messages_received_status.push(message.key.nonce, receival_result); + + let unspent_weight = unspent_weight.min(message_dispatch_weight); + dispatch_weight_left -= message_dispatch_weight - unspent_weight; + actual_weight = actual_weight.saturating_sub(unspent_weight); + } + + messages_received_status.push(lane_messages_received_status); + } + + // let's now deal with relayer payments + T::DeliveryPayments::pay_reward( + relayer_id_at_this_chain, + total_messages, + valid_messages, + actual_weight, + ); + + log::debug!( + target: LOG_TARGET, + "Received messages: total={}, valid={}. Weight used: {}/{}.", + total_messages, + valid_messages, + actual_weight, + declared_weight, + ); + + Self::deposit_event(Event::MessagesReceived(messages_received_status)); + + Ok(PostDispatchInfo { actual_weight: Some(actual_weight), pays_fee: Pays::Yes }) + } + + /// Receive messages delivery proof from bridged chain. + #[pallet::call_index(3)] + #[pallet::weight(T::WeightInfo::receive_messages_delivery_proof_weight( + proof, + relayers_state, + ))] + pub fn receive_messages_delivery_proof( + origin: OriginFor, + proof: MessagesDeliveryProofOf, + mut relayers_state: UnrewardedRelayersState, + ) -> DispatchResultWithPostInfo { + Self::ensure_not_halted().map_err(Error::::BridgeModule)?; + + let proof_size = proof.size(); + let confirmation_relayer = ensure_signed(origin)?; + let (lane_id, lane_data) = T::TargetHeaderChain::verify_messages_delivery_proof(proof) + .map_err(|err| { + log::trace!( + target: LOG_TARGET, + "Rejecting invalid messages delivery proof: {:?}", + err, + ); + + Error::::InvalidMessagesDeliveryProof + })?; + + // verify that the relayer has declared correct `lane_data::relayers` state + // (we only care about total number of entries and messages, because this affects call + // weight) + ensure!( + total_unrewarded_messages(&lane_data.relayers).unwrap_or(MessageNonce::MAX) == + relayers_state.total_messages && + lane_data.relayers.len() as MessageNonce == + relayers_state.unrewarded_relayer_entries, + Error::::InvalidUnrewardedRelayersState + ); + // the `last_delivered_nonce` field may also be used by the signed extension. Even + // though providing wrong value isn't critical, let's also check it here. + ensure!( + lane_data.last_delivered_nonce() == relayers_state.last_delivered_nonce, + Error::::InvalidUnrewardedRelayersState + ); + + // mark messages as delivered + let mut lane = outbound_lane::(lane_id); + let last_delivered_nonce = lane_data.last_delivered_nonce(); + let confirmed_messages = match lane.confirm_delivery( + relayers_state.total_messages, + last_delivered_nonce, + &lane_data.relayers, + ) { + ReceivalConfirmationResult::ConfirmedMessages(confirmed_messages) => + Some(confirmed_messages), + ReceivalConfirmationResult::NoNewConfirmations => None, + ReceivalConfirmationResult::TryingToConfirmMoreMessagesThanExpected( + to_confirm_messages_count, + ) => { + log::trace!( + target: LOG_TARGET, + "Messages delivery proof contains too many messages to confirm: {} vs declared {}", + to_confirm_messages_count, + relayers_state.total_messages, + ); + + fail!(Error::::TryingToConfirmMoreMessagesThanExpected); + }, + error => { + log::trace!( + target: LOG_TARGET, + "Messages delivery proof contains invalid unrewarded relayers vec: {:?}", + error, + ); + + fail!(Error::::InvalidUnrewardedRelayers); + }, + }; + + if let Some(confirmed_messages) = confirmed_messages { + // emit 'delivered' event + let received_range = confirmed_messages.begin..=confirmed_messages.end; + Self::deposit_event(Event::MessagesDelivered { + lane_id, + messages: confirmed_messages, + }); + + // if some new messages have been confirmed, reward relayers + let actually_rewarded_relayers = T::DeliveryConfirmationPayments::pay_reward( + lane_id, + lane_data.relayers, + &confirmation_relayer, + &received_range, + ); + + // update relayers state with actual numbers to compute actual weight below + relayers_state.unrewarded_relayer_entries = sp_std::cmp::min( + relayers_state.unrewarded_relayer_entries, + actually_rewarded_relayers, + ); + relayers_state.total_messages = sp_std::cmp::min( + relayers_state.total_messages, + received_range.checked_len().unwrap_or(MessageNonce::MAX), + ); + }; + + log::trace!( + target: LOG_TARGET, + "Received messages delivery proof up to (and including) {} at lane {:?}", + last_delivered_nonce, + lane_id, + ); + + // because of lags, the inbound lane state (`lane_data`) may have entries for + // already rewarded relayers and messages (if all entries are duplicated, then + // this transaction must be filtered out by our signed extension) + let actual_weight = T::WeightInfo::receive_messages_delivery_proof_weight( + &PreComputedSize(proof_size as usize), + &relayers_state, + ); + + Ok(PostDispatchInfo { actual_weight: Some(actual_weight), pays_fee: Pays::Yes }) + } + } + + #[pallet::event] + #[pallet::generate_deposit(pub(super) fn deposit_event)] + pub enum Event, I: 'static = ()> { + /// Message has been accepted and is waiting to be delivered. + MessageAccepted { lane_id: LaneId, nonce: MessageNonce }, + /// Messages have been received from the bridged chain. + MessagesReceived( + Vec::DispatchLevelResult>>, + ), + /// Messages in the inclusive range have been delivered to the bridged chain. + MessagesDelivered { lane_id: LaneId, messages: DeliveredMessages }, + } + + #[pallet::error] + pub enum Error { + /// Pallet is not in Normal operating mode. + NotOperatingNormally, + /// The outbound lane is inactive. + InactiveOutboundLane, + /// The message is too large to be sent over the bridge. + MessageIsTooLarge, + /// Message has been treated as invalid by chain verifier. + MessageRejectedByChainVerifier, + /// Message has been treated as invalid by lane verifier. + MessageRejectedByLaneVerifier, + /// Submitter has failed to pay fee for delivering and dispatching messages. + FailedToWithdrawMessageFee, + /// The transaction brings too many messages. + TooManyMessagesInTheProof, + /// Invalid messages has been submitted. + InvalidMessagesProof, + /// Invalid messages delivery proof has been submitted. + InvalidMessagesDeliveryProof, + /// The bridged chain has invalid `UnrewardedRelayers` in its storage (fatal for the lane). + InvalidUnrewardedRelayers, + /// The relayer has declared invalid unrewarded relayers state in the + /// `receive_messages_delivery_proof` call. + InvalidUnrewardedRelayersState, + /// The cumulative dispatch weight, passed by relayer is not enough to cover dispatch + /// of all bundled messages. + InsufficientDispatchWeight, + /// The message someone is trying to work with (i.e. increase fee) is not yet sent. + MessageIsNotYetSent, + /// The number of actually confirmed messages is going to be larger than the number of + /// messages in the proof. This may mean that this or bridged chain storage is corrupted. + TryingToConfirmMoreMessagesThanExpected, + /// Error generated by the `OwnedBridgeModule` trait. + BridgeModule(bp_runtime::OwnedBridgeModuleError), + } + + /// Optional pallet owner. + /// + /// Pallet owner has a right to halt all pallet operations and then resume it. If it is + /// `None`, then there are no direct ways to halt/resume pallet operations, but other + /// runtime methods may still be used to do that (i.e. democracy::referendum to update halt + /// flag directly or call the `halt_operations`). + #[pallet::storage] + #[pallet::getter(fn module_owner)] + pub type PalletOwner, I: 'static = ()> = StorageValue<_, T::AccountId>; + + /// The current operating mode of the pallet. + /// + /// Depending on the mode either all, some, or no transactions will be allowed. + #[pallet::storage] + #[pallet::getter(fn operating_mode)] + pub type PalletOperatingMode, I: 'static = ()> = + StorageValue<_, MessagesOperatingMode, ValueQuery>; + + /// Map of lane id => inbound lane data. + #[pallet::storage] + pub type InboundLanes, I: 'static = ()> = + StorageMap<_, Blake2_128Concat, LaneId, StoredInboundLaneData, ValueQuery>; + + /// Map of lane id => outbound lane data. + #[pallet::storage] + pub type OutboundLanes, I: 'static = ()> = StorageMap< + Hasher = Blake2_128Concat, + Key = LaneId, + Value = OutboundLaneData, + QueryKind = ValueQuery, + OnEmpty = GetDefault, + MaxValues = MaybeOutboundLanesCount, + >; + + /// All queued outbound messages. + #[pallet::storage] + pub type OutboundMessages, I: 'static = ()> = + StorageMap<_, Blake2_128Concat, MessageKey, StoredMessagePayload>; + + #[pallet::genesis_config] + pub struct GenesisConfig, I: 'static = ()> { + /// Initial pallet operating mode. + pub operating_mode: MessagesOperatingMode, + /// Initial pallet owner. + pub owner: Option, + /// Dummy marker. + pub phantom: sp_std::marker::PhantomData, + } + + #[cfg(feature = "std")] + impl, I: 'static> Default for GenesisConfig { + fn default() -> Self { + Self { + operating_mode: Default::default(), + owner: Default::default(), + phantom: Default::default(), + } + } + } + + #[pallet::genesis_build] + impl, I: 'static> GenesisBuild for GenesisConfig { + fn build(&self) { + PalletOperatingMode::::put(self.operating_mode); + if let Some(ref owner) = self.owner { + PalletOwner::::put(owner); + } + } + } + + impl, I: 'static> Pallet { + /// Get stored data of the outbound message with given nonce. + pub fn outbound_message_data(lane: LaneId, nonce: MessageNonce) -> Option { + OutboundMessages::::get(MessageKey { lane_id: lane, nonce }).map(Into::into) + } + + /// Prepare data, related to given inbound message. + pub fn inbound_message_data( + lane: LaneId, + payload: MessagePayload, + outbound_details: OutboundMessageDetails, + ) -> InboundMessageDetails { + let mut dispatch_message = DispatchMessage { + key: MessageKey { lane_id: lane, nonce: outbound_details.nonce }, + data: payload.into(), + }; + InboundMessageDetails { + dispatch_weight: T::MessageDispatch::dispatch_weight(&mut dispatch_message), + } + } + + /// Return inbound lane data. + pub fn inbound_lane_data(lane: LaneId) -> InboundLaneData { + InboundLanes::::get(lane).0 + } + } + + /// Get-parameter that returns number of active outbound lanes that the pallet maintains. + pub struct MaybeOutboundLanesCount(PhantomData<(T, I)>); + + impl, I: 'static> Get> for MaybeOutboundLanesCount { + fn get() -> Option { + Some(T::ActiveOutboundLanes::get().len() as u32) + } + } +} + +impl bp_messages::source_chain::MessagesBridge + for Pallet +where + T: Config, + I: 'static, +{ + type Error = sp_runtime::DispatchErrorWithPostInfo; + + fn send_message( + sender: T::RuntimeOrigin, + lane: LaneId, + message: T::OutboundPayload, + ) -> Result { + crate::send_message::(sender, lane, message) + } +} + +/// Function that actually sends message. +fn send_message, I: 'static>( + submitter: T::RuntimeOrigin, + lane_id: LaneId, + payload: T::OutboundPayload, +) -> sp_std::result::Result< + SendMessageArtifacts, + sp_runtime::DispatchErrorWithPostInfo, +> { + ensure_normal_operating_mode::()?; + + // let's check if outbound lane is active + ensure!(T::ActiveOutboundLanes::get().contains(&lane_id), Error::::InactiveOutboundLane,); + + // let's first check if message can be delivered to target chain + T::TargetHeaderChain::verify_message(&payload).map_err(|err| { + log::trace!( + target: LOG_TARGET, + "Message to lane {:?} is rejected by target chain: {:?}", + lane_id, + err, + ); + + Error::::MessageRejectedByChainVerifier + })?; + + // now let's enforce any additional lane rules + let mut lane = outbound_lane::(lane_id); + T::LaneMessageVerifier::verify_message(&submitter, &lane_id, &lane.data(), &payload).map_err( + |err| { + log::trace!( + target: LOG_TARGET, + "Message to lane {:?} is rejected by lane verifier: {:?}", + lane_id, + err, + ); + + Error::::MessageRejectedByLaneVerifier + }, + )?; + + // finally, save message in outbound storage and emit event + let encoded_payload = payload.encode(); + let encoded_payload_len = encoded_payload.len(); + ensure!( + encoded_payload_len <= T::MaximalOutboundPayloadSize::get() as usize, + Error::::MessageIsTooLarge + ); + let nonce = lane.send_message(encoded_payload); + + log::trace!( + target: LOG_TARGET, + "Accepted message {} to lane {:?}. Message size: {:?}", + nonce, + lane_id, + encoded_payload_len, + ); + + Pallet::::deposit_event(Event::MessageAccepted { lane_id, nonce }); + + Ok(SendMessageArtifacts { nonce }) +} + +/// Ensure that the pallet is in normal operational mode. +fn ensure_normal_operating_mode, I: 'static>() -> Result<(), Error> { + if PalletOperatingMode::::get() == + MessagesOperatingMode::Basic(BasicOperatingMode::Normal) + { + return Ok(()) + } + + Err(Error::::NotOperatingNormally) +} + +/// Creates new inbound lane object, backed by runtime storage. +fn inbound_lane, I: 'static>( + lane_id: LaneId, +) -> InboundLane> { + InboundLane::new(inbound_lane_storage::(lane_id)) +} + +/// Creates new runtime inbound lane storage. +fn inbound_lane_storage, I: 'static>( + lane_id: LaneId, +) -> RuntimeInboundLaneStorage { + RuntimeInboundLaneStorage { + lane_id, + cached_data: RefCell::new(None), + _phantom: Default::default(), + } +} + +/// Creates new outbound lane object, backed by runtime storage. +fn outbound_lane, I: 'static>( + lane_id: LaneId, +) -> OutboundLane> { + OutboundLane::new(RuntimeOutboundLaneStorage { lane_id, _phantom: Default::default() }) +} + +/// Runtime inbound lane storage. +struct RuntimeInboundLaneStorage, I: 'static = ()> { + lane_id: LaneId, + cached_data: RefCell>>, + _phantom: PhantomData, +} + +impl, I: 'static> RuntimeInboundLaneStorage { + /// Returns number of bytes that may be subtracted from the PoV component of + /// `receive_messages_proof` call, because the actual inbound lane state is smaller than the + /// maximal configured. + /// + /// Maximal inbound lane state set size is configured by the + /// `MaxUnrewardedRelayerEntriesAtInboundLane` constant from the pallet configuration. The PoV + /// of the call includes the maximal size of inbound lane state. If the actual size is smaller, + /// we may subtract extra bytes from this component. + pub fn extra_proof_size_bytes(&self) -> u64 { + let max_encoded_len = StoredInboundLaneData::::max_encoded_len(); + let relayers_count = self.data().relayers.len(); + let actual_encoded_len = + InboundLaneData::::encoded_size_hint(relayers_count) + .unwrap_or(usize::MAX); + max_encoded_len.saturating_sub(actual_encoded_len) as _ + } +} + +impl, I: 'static> InboundLaneStorage for RuntimeInboundLaneStorage { + type Relayer = T::InboundRelayer; + + fn id(&self) -> LaneId { + self.lane_id + } + + fn max_unrewarded_relayer_entries(&self) -> MessageNonce { + T::MaxUnrewardedRelayerEntriesAtInboundLane::get() + } + + fn max_unconfirmed_messages(&self) -> MessageNonce { + T::MaxUnconfirmedMessagesAtInboundLane::get() + } + + fn data(&self) -> InboundLaneData { + match self.cached_data.clone().into_inner() { + Some(data) => data, + None => { + let data: InboundLaneData = + InboundLanes::::get(self.lane_id).into(); + *self.cached_data.try_borrow_mut().expect( + "we're in the single-threaded environment;\ + we have no recursive borrows; qed", + ) = Some(data.clone()); + data + }, + } + } + + fn set_data(&mut self, data: InboundLaneData) { + *self.cached_data.try_borrow_mut().expect( + "we're in the single-threaded environment;\ + we have no recursive borrows; qed", + ) = Some(data.clone()); + InboundLanes::::insert(self.lane_id, StoredInboundLaneData::(data)) + } +} + +/// Runtime outbound lane storage. +struct RuntimeOutboundLaneStorage { + lane_id: LaneId, + _phantom: PhantomData<(T, I)>, +} + +impl, I: 'static> OutboundLaneStorage for RuntimeOutboundLaneStorage { + fn id(&self) -> LaneId { + self.lane_id + } + + fn data(&self) -> OutboundLaneData { + OutboundLanes::::get(self.lane_id) + } + + fn set_data(&mut self, data: OutboundLaneData) { + OutboundLanes::::insert(self.lane_id, data) + } + + #[cfg(test)] + fn message(&self, nonce: &MessageNonce) -> Option { + OutboundMessages::::get(MessageKey { lane_id: self.lane_id, nonce: *nonce }) + .map(Into::into) + } + + fn save_message(&mut self, nonce: MessageNonce, message_payload: MessagePayload) { + OutboundMessages::::insert( + MessageKey { lane_id: self.lane_id, nonce }, + StoredMessagePayload::::try_from(message_payload).expect( + "save_message is called after all checks in send_message; \ + send_message checks message size; \ + qed", + ), + ); + } + + fn remove_message(&mut self, nonce: &MessageNonce) { + OutboundMessages::::remove(MessageKey { lane_id: self.lane_id, nonce: *nonce }); + } +} + +/// Verify messages proof and return proved messages with decoded payload. +fn verify_and_decode_messages_proof( + proof: Chain::MessagesProof, + messages_count: u32, +) -> Result>, Chain::Error> { + // `receive_messages_proof` weight formula and `MaxUnconfirmedMessagesAtInboundLane` check + // guarantees that the `message_count` is sane and Vec may be allocated. + // (tx with too many messages will either be rejected from the pool, or will fail earlier) + Chain::verify_messages_proof(proof, messages_count).map(|messages_by_lane| { + messages_by_lane + .into_iter() + .map(|(lane, lane_data)| { + ( + lane, + ProvedLaneMessages { + lane_state: lane_data.lane_state, + messages: lane_data.messages.into_iter().map(Into::into).collect(), + }, + ) + }) + .collect() + }) +} + +#[cfg(test)] +mod tests { + use super::*; + use crate::mock::{ + inbound_unrewarded_relayers_state, message, message_payload, run_test, unrewarded_relayer, + AccountId, DbWeight, RuntimeEvent as TestEvent, RuntimeOrigin, + TestDeliveryConfirmationPayments, TestDeliveryPayments, TestMessagesDeliveryProof, + TestMessagesProof, TestRelayer, TestRuntime, TestWeightInfo, MAX_OUTBOUND_PAYLOAD_SIZE, + PAYLOAD_REJECTED_BY_TARGET_CHAIN, REGULAR_PAYLOAD, TEST_LANE_ID, TEST_LANE_ID_2, + TEST_LANE_ID_3, TEST_RELAYER_A, TEST_RELAYER_B, + }; + use bp_messages::{BridgeMessagesCall, UnrewardedRelayer, UnrewardedRelayersState}; + use bp_test_utils::generate_owned_bridge_module_tests; + use frame_support::{ + assert_noop, assert_ok, + dispatch::Pays, + storage::generator::{StorageMap, StorageValue}, + traits::Hooks, + weights::Weight, + }; + use frame_system::{EventRecord, Pallet as System, Phase}; + use sp_runtime::DispatchError; + + fn get_ready_for_events() { + System::::set_block_number(1); + System::::reset_events(); + } + + fn send_regular_message() { + get_ready_for_events(); + + let message_nonce = + outbound_lane::(TEST_LANE_ID).data().latest_generated_nonce + 1; + send_message::(RuntimeOrigin::signed(1), TEST_LANE_ID, REGULAR_PAYLOAD) + .expect("send_message has failed"); + + // check event with assigned nonce + assert_eq!( + System::::events(), + vec![EventRecord { + phase: Phase::Initialization, + event: TestEvent::Messages(Event::MessageAccepted { + lane_id: TEST_LANE_ID, + nonce: message_nonce + }), + topics: vec![], + }], + ); + } + + fn receive_messages_delivery_proof() { + System::::set_block_number(1); + System::::reset_events(); + + assert_ok!(Pallet::::receive_messages_delivery_proof( + RuntimeOrigin::signed(1), + TestMessagesDeliveryProof(Ok(( + TEST_LANE_ID, + InboundLaneData { + last_confirmed_nonce: 1, + relayers: vec![UnrewardedRelayer { + relayer: 0, + messages: DeliveredMessages::new(1), + }] + .into_iter() + .collect(), + }, + ))), + UnrewardedRelayersState { + unrewarded_relayer_entries: 1, + total_messages: 1, + last_delivered_nonce: 1, + ..Default::default() + }, + )); + + assert_eq!( + System::::events(), + vec![EventRecord { + phase: Phase::Initialization, + event: TestEvent::Messages(Event::MessagesDelivered { + lane_id: TEST_LANE_ID, + messages: DeliveredMessages::new(1), + }), + topics: vec![], + }], + ); + } + + #[test] + fn pallet_rejects_transactions_if_halted() { + run_test(|| { + // send message first to be able to check that delivery_proof fails later + send_regular_message(); + + PalletOperatingMode::::put(MessagesOperatingMode::Basic( + BasicOperatingMode::Halted, + )); + + assert_noop!( + send_message::( + RuntimeOrigin::signed(1), + TEST_LANE_ID, + REGULAR_PAYLOAD, + ), + Error::::NotOperatingNormally, + ); + + assert_noop!( + Pallet::::receive_messages_proof( + RuntimeOrigin::signed(1), + TEST_RELAYER_A, + Ok(vec![message(2, REGULAR_PAYLOAD)]).into(), + 1, + REGULAR_PAYLOAD.declared_weight, + ), + Error::::BridgeModule(bp_runtime::OwnedBridgeModuleError::Halted), + ); + + assert_noop!( + Pallet::::receive_messages_delivery_proof( + RuntimeOrigin::signed(1), + TestMessagesDeliveryProof(Ok(( + TEST_LANE_ID, + InboundLaneData { + last_confirmed_nonce: 1, + relayers: vec![unrewarded_relayer(1, 1, TEST_RELAYER_A)] + .into_iter() + .collect(), + }, + ))), + UnrewardedRelayersState { + unrewarded_relayer_entries: 1, + messages_in_oldest_entry: 1, + total_messages: 1, + last_delivered_nonce: 1, + }, + ), + Error::::BridgeModule(bp_runtime::OwnedBridgeModuleError::Halted), + ); + }); + } + + #[test] + fn pallet_rejects_new_messages_in_rejecting_outbound_messages_operating_mode() { + run_test(|| { + // send message first to be able to check that delivery_proof fails later + send_regular_message(); + + PalletOperatingMode::::put( + MessagesOperatingMode::RejectingOutboundMessages, + ); + + assert_noop!( + send_message::( + RuntimeOrigin::signed(1), + TEST_LANE_ID, + REGULAR_PAYLOAD, + ), + Error::::NotOperatingNormally, + ); + + assert_ok!(Pallet::::receive_messages_proof( + RuntimeOrigin::signed(1), + TEST_RELAYER_A, + Ok(vec![message(1, REGULAR_PAYLOAD)]).into(), + 1, + REGULAR_PAYLOAD.declared_weight, + ),); + + assert_ok!(Pallet::::receive_messages_delivery_proof( + RuntimeOrigin::signed(1), + TestMessagesDeliveryProof(Ok(( + TEST_LANE_ID, + InboundLaneData { + last_confirmed_nonce: 1, + relayers: vec![unrewarded_relayer(1, 1, TEST_RELAYER_A)] + .into_iter() + .collect(), + }, + ))), + UnrewardedRelayersState { + unrewarded_relayer_entries: 1, + messages_in_oldest_entry: 1, + total_messages: 1, + last_delivered_nonce: 1, + }, + )); + }); + } + + #[test] + fn send_message_works() { + run_test(|| { + send_regular_message(); + }); + } + + #[test] + fn send_message_rejects_too_large_message() { + run_test(|| { + let mut message_payload = message_payload(1, 0); + // the payload isn't simply extra, so it'll definitely overflow + // `MAX_OUTBOUND_PAYLOAD_SIZE` if we add `MAX_OUTBOUND_PAYLOAD_SIZE` bytes to extra + message_payload + .extra + .extend_from_slice(&[0u8; MAX_OUTBOUND_PAYLOAD_SIZE as usize]); + assert_noop!( + send_message::( + RuntimeOrigin::signed(1), + TEST_LANE_ID, + message_payload.clone(), + ), + Error::::MessageIsTooLarge, + ); + + // let's check that we're able to send `MAX_OUTBOUND_PAYLOAD_SIZE` messages + while message_payload.encoded_size() as u32 > MAX_OUTBOUND_PAYLOAD_SIZE { + message_payload.extra.pop(); + } + assert_eq!(message_payload.encoded_size() as u32, MAX_OUTBOUND_PAYLOAD_SIZE); + assert_ok!(send_message::( + RuntimeOrigin::signed(1), + TEST_LANE_ID, + message_payload, + ),); + }) + } + + #[test] + fn chain_verifier_rejects_invalid_message_in_send_message() { + run_test(|| { + // messages with this payload are rejected by target chain verifier + assert_noop!( + send_message::( + RuntimeOrigin::signed(1), + TEST_LANE_ID, + PAYLOAD_REJECTED_BY_TARGET_CHAIN, + ), + Error::::MessageRejectedByChainVerifier, + ); + }); + } + + #[test] + fn lane_verifier_rejects_invalid_message_in_send_message() { + run_test(|| { + // messages with zero fee are rejected by lane verifier + let mut message = REGULAR_PAYLOAD; + message.reject_by_lane_verifier = true; + assert_noop!( + send_message::(RuntimeOrigin::signed(1), TEST_LANE_ID, message,), + Error::::MessageRejectedByLaneVerifier, + ); + }); + } + + #[test] + fn receive_messages_proof_works() { + run_test(|| { + assert_ok!(Pallet::::receive_messages_proof( + RuntimeOrigin::signed(1), + TEST_RELAYER_A, + Ok(vec![message(1, REGULAR_PAYLOAD)]).into(), + 1, + REGULAR_PAYLOAD.declared_weight, + )); + + assert_eq!(InboundLanes::::get(TEST_LANE_ID).0.last_delivered_nonce(), 1); + + assert!(TestDeliveryPayments::is_reward_paid(1)); + }); + } + + #[test] + fn receive_messages_proof_updates_confirmed_message_nonce() { + run_test(|| { + // say we have received 10 messages && last confirmed message is 8 + InboundLanes::::insert( + TEST_LANE_ID, + InboundLaneData { + last_confirmed_nonce: 8, + relayers: vec![ + unrewarded_relayer(9, 9, TEST_RELAYER_A), + unrewarded_relayer(10, 10, TEST_RELAYER_B), + ] + .into_iter() + .collect(), + }, + ); + assert_eq!( + inbound_unrewarded_relayers_state(TEST_LANE_ID), + UnrewardedRelayersState { + unrewarded_relayer_entries: 2, + messages_in_oldest_entry: 1, + total_messages: 2, + last_delivered_nonce: 10, + }, + ); + + // message proof includes outbound lane state with latest confirmed message updated to 9 + let mut message_proof: TestMessagesProof = + Ok(vec![message(11, REGULAR_PAYLOAD)]).into(); + message_proof.result.as_mut().unwrap()[0].1.lane_state = + Some(OutboundLaneData { latest_received_nonce: 9, ..Default::default() }); + + assert_ok!(Pallet::::receive_messages_proof( + RuntimeOrigin::signed(1), + TEST_RELAYER_A, + message_proof, + 1, + REGULAR_PAYLOAD.declared_weight, + )); + + assert_eq!( + InboundLanes::::get(TEST_LANE_ID).0, + InboundLaneData { + last_confirmed_nonce: 9, + relayers: vec![ + unrewarded_relayer(10, 10, TEST_RELAYER_B), + unrewarded_relayer(11, 11, TEST_RELAYER_A) + ] + .into_iter() + .collect(), + }, + ); + assert_eq!( + inbound_unrewarded_relayers_state(TEST_LANE_ID), + UnrewardedRelayersState { + unrewarded_relayer_entries: 2, + messages_in_oldest_entry: 1, + total_messages: 2, + last_delivered_nonce: 11, + }, + ); + }); + } + + #[test] + fn receive_messages_proof_does_not_accept_message_if_dispatch_weight_is_not_enough() { + run_test(|| { + let mut declared_weight = REGULAR_PAYLOAD.declared_weight; + *declared_weight.ref_time_mut() -= 1; + assert_noop!( + Pallet::::receive_messages_proof( + RuntimeOrigin::signed(1), + TEST_RELAYER_A, + Ok(vec![message(1, REGULAR_PAYLOAD)]).into(), + 1, + declared_weight, + ), + Error::::InsufficientDispatchWeight + ); + assert_eq!(InboundLanes::::get(TEST_LANE_ID).last_delivered_nonce(), 0); + }); + } + + #[test] + fn receive_messages_proof_rejects_invalid_proof() { + run_test(|| { + assert_noop!( + Pallet::::receive_messages_proof( + RuntimeOrigin::signed(1), + TEST_RELAYER_A, + Err(()).into(), + 1, + Weight::zero(), + ), + Error::::InvalidMessagesProof, + ); + }); + } + + #[test] + fn receive_messages_proof_rejects_proof_with_too_many_messages() { + run_test(|| { + assert_noop!( + Pallet::::receive_messages_proof( + RuntimeOrigin::signed(1), + TEST_RELAYER_A, + Ok(vec![message(1, REGULAR_PAYLOAD)]).into(), + u32::MAX, + Weight::zero(), + ), + Error::::TooManyMessagesInTheProof, + ); + }); + } + + #[test] + fn receive_messages_delivery_proof_works() { + run_test(|| { + send_regular_message(); + receive_messages_delivery_proof(); + + assert_eq!( + OutboundLanes::::get(TEST_LANE_ID).latest_received_nonce, + 1, + ); + }); + } + + #[test] + fn receive_messages_delivery_proof_rewards_relayers() { + run_test(|| { + assert_ok!(send_message::( + RuntimeOrigin::signed(1), + TEST_LANE_ID, + REGULAR_PAYLOAD, + )); + assert_ok!(send_message::( + RuntimeOrigin::signed(1), + TEST_LANE_ID, + REGULAR_PAYLOAD, + )); + + // this reports delivery of message 1 => reward is paid to TEST_RELAYER_A + let single_message_delivery_proof = TestMessagesDeliveryProof(Ok(( + TEST_LANE_ID, + InboundLaneData { + relayers: vec![unrewarded_relayer(1, 1, TEST_RELAYER_A)].into_iter().collect(), + ..Default::default() + }, + ))); + let single_message_delivery_proof_size = single_message_delivery_proof.size(); + let result = Pallet::::receive_messages_delivery_proof( + RuntimeOrigin::signed(1), + single_message_delivery_proof, + UnrewardedRelayersState { + unrewarded_relayer_entries: 1, + total_messages: 1, + last_delivered_nonce: 1, + ..Default::default() + }, + ); + assert_ok!(result); + assert_eq!( + result.unwrap().actual_weight.unwrap(), + TestWeightInfo::receive_messages_delivery_proof_weight( + &PreComputedSize(single_message_delivery_proof_size as _), + &UnrewardedRelayersState { + unrewarded_relayer_entries: 1, + total_messages: 1, + ..Default::default() + }, + ) + ); + assert!(TestDeliveryConfirmationPayments::is_reward_paid(TEST_RELAYER_A, 1)); + assert!(!TestDeliveryConfirmationPayments::is_reward_paid(TEST_RELAYER_B, 1)); + + // this reports delivery of both message 1 and message 2 => reward is paid only to + // TEST_RELAYER_B + let two_messages_delivery_proof = TestMessagesDeliveryProof(Ok(( + TEST_LANE_ID, + InboundLaneData { + relayers: vec![ + unrewarded_relayer(1, 1, TEST_RELAYER_A), + unrewarded_relayer(2, 2, TEST_RELAYER_B), + ] + .into_iter() + .collect(), + ..Default::default() + }, + ))); + let two_messages_delivery_proof_size = two_messages_delivery_proof.size(); + let result = Pallet::::receive_messages_delivery_proof( + RuntimeOrigin::signed(1), + two_messages_delivery_proof, + UnrewardedRelayersState { + unrewarded_relayer_entries: 2, + total_messages: 2, + last_delivered_nonce: 2, + ..Default::default() + }, + ); + assert_ok!(result); + // even though the pre-dispatch weight was for two messages, the actual weight is + // for single message only + assert_eq!( + result.unwrap().actual_weight.unwrap(), + TestWeightInfo::receive_messages_delivery_proof_weight( + &PreComputedSize(two_messages_delivery_proof_size as _), + &UnrewardedRelayersState { + unrewarded_relayer_entries: 1, + total_messages: 1, + ..Default::default() + }, + ) + ); + assert!(!TestDeliveryConfirmationPayments::is_reward_paid(TEST_RELAYER_A, 1)); + assert!(TestDeliveryConfirmationPayments::is_reward_paid(TEST_RELAYER_B, 1)); + }); + } + + #[test] + fn receive_messages_delivery_proof_rejects_invalid_proof() { + run_test(|| { + assert_noop!( + Pallet::::receive_messages_delivery_proof( + RuntimeOrigin::signed(1), + TestMessagesDeliveryProof(Err(())), + Default::default(), + ), + Error::::InvalidMessagesDeliveryProof, + ); + }); + } + + #[test] + fn receive_messages_delivery_proof_rejects_proof_if_declared_relayers_state_is_invalid() { + run_test(|| { + // when number of relayers entries is invalid + assert_noop!( + Pallet::::receive_messages_delivery_proof( + RuntimeOrigin::signed(1), + TestMessagesDeliveryProof(Ok(( + TEST_LANE_ID, + InboundLaneData { + relayers: vec![ + unrewarded_relayer(1, 1, TEST_RELAYER_A), + unrewarded_relayer(2, 2, TEST_RELAYER_B) + ] + .into_iter() + .collect(), + ..Default::default() + } + ))), + UnrewardedRelayersState { + unrewarded_relayer_entries: 1, + total_messages: 2, + last_delivered_nonce: 2, + ..Default::default() + }, + ), + Error::::InvalidUnrewardedRelayersState, + ); + + // when number of messages is invalid + assert_noop!( + Pallet::::receive_messages_delivery_proof( + RuntimeOrigin::signed(1), + TestMessagesDeliveryProof(Ok(( + TEST_LANE_ID, + InboundLaneData { + relayers: vec![ + unrewarded_relayer(1, 1, TEST_RELAYER_A), + unrewarded_relayer(2, 2, TEST_RELAYER_B) + ] + .into_iter() + .collect(), + ..Default::default() + } + ))), + UnrewardedRelayersState { + unrewarded_relayer_entries: 2, + total_messages: 1, + last_delivered_nonce: 2, + ..Default::default() + }, + ), + Error::::InvalidUnrewardedRelayersState, + ); + + // when last delivered nonce is invalid + assert_noop!( + Pallet::::receive_messages_delivery_proof( + RuntimeOrigin::signed(1), + TestMessagesDeliveryProof(Ok(( + TEST_LANE_ID, + InboundLaneData { + relayers: vec![ + unrewarded_relayer(1, 1, TEST_RELAYER_A), + unrewarded_relayer(2, 2, TEST_RELAYER_B) + ] + .into_iter() + .collect(), + ..Default::default() + } + ))), + UnrewardedRelayersState { + unrewarded_relayer_entries: 2, + total_messages: 2, + last_delivered_nonce: 8, + ..Default::default() + }, + ), + Error::::InvalidUnrewardedRelayersState, + ); + }); + } + + #[test] + fn receive_messages_accepts_single_message_with_invalid_payload() { + run_test(|| { + let mut invalid_message = message(1, REGULAR_PAYLOAD); + invalid_message.payload = Vec::new(); + + assert_ok!(Pallet::::receive_messages_proof( + RuntimeOrigin::signed(1), + TEST_RELAYER_A, + Ok(vec![invalid_message]).into(), + 1, + Weight::zero(), /* weight may be zero in this case (all messages are + * improperly encoded) */ + ),); + + assert_eq!(InboundLanes::::get(TEST_LANE_ID).last_delivered_nonce(), 1,); + }); + } + + #[test] + fn receive_messages_accepts_batch_with_message_with_invalid_payload() { + run_test(|| { + let mut invalid_message = message(2, REGULAR_PAYLOAD); + invalid_message.payload = Vec::new(); + + assert_ok!(Pallet::::receive_messages_proof( + RuntimeOrigin::signed(1), + TEST_RELAYER_A, + Ok( + vec![message(1, REGULAR_PAYLOAD), invalid_message, message(3, REGULAR_PAYLOAD),] + ) + .into(), + 3, + REGULAR_PAYLOAD.declared_weight + REGULAR_PAYLOAD.declared_weight, + ),); + + assert_eq!(InboundLanes::::get(TEST_LANE_ID).last_delivered_nonce(), 3,); + }); + } + + #[test] + fn actual_dispatch_weight_does_not_overlow() { + run_test(|| { + let message1 = message(1, message_payload(0, u64::MAX / 2)); + let message2 = message(2, message_payload(0, u64::MAX / 2)); + let message3 = message(3, message_payload(0, u64::MAX / 2)); + + assert_noop!( + Pallet::::receive_messages_proof( + RuntimeOrigin::signed(1), + TEST_RELAYER_A, + // this may cause overflow if source chain storage is invalid + Ok(vec![message1, message2, message3]).into(), + 3, + Weight::MAX, + ), + Error::::InsufficientDispatchWeight + ); + assert_eq!(InboundLanes::::get(TEST_LANE_ID).last_delivered_nonce(), 0); + }); + } + + #[test] + fn ref_time_refund_from_receive_messages_proof_works() { + run_test(|| { + fn submit_with_unspent_weight( + nonce: MessageNonce, + unspent_weight: u64, + ) -> (Weight, Weight) { + let mut payload = REGULAR_PAYLOAD; + *payload.dispatch_result.unspent_weight.ref_time_mut() = unspent_weight; + let proof = Ok(vec![message(nonce, payload)]).into(); + let messages_count = 1; + let pre_dispatch_weight = + ::WeightInfo::receive_messages_proof_weight( + &proof, + messages_count, + REGULAR_PAYLOAD.declared_weight, + ); + let result = Pallet::::receive_messages_proof( + RuntimeOrigin::signed(1), + TEST_RELAYER_A, + proof, + messages_count, + REGULAR_PAYLOAD.declared_weight, + ) + .expect("delivery has failed"); + let post_dispatch_weight = + result.actual_weight.expect("receive_messages_proof always returns Some"); + + // message delivery transactions are never free + assert_eq!(result.pays_fee, Pays::Yes); + + (pre_dispatch_weight, post_dispatch_weight) + } + + // when dispatch is returning `unspent_weight < declared_weight` + let (pre, post) = submit_with_unspent_weight(1, 1); + assert_eq!(post.ref_time(), pre.ref_time() - 1); + + // when dispatch is returning `unspent_weight = declared_weight` + let (pre, post) = + submit_with_unspent_weight(2, REGULAR_PAYLOAD.declared_weight.ref_time()); + assert_eq!( + post.ref_time(), + pre.ref_time() - REGULAR_PAYLOAD.declared_weight.ref_time() + ); + + // when dispatch is returning `unspent_weight > declared_weight` + let (pre, post) = + submit_with_unspent_weight(3, REGULAR_PAYLOAD.declared_weight.ref_time() + 1); + assert_eq!( + post.ref_time(), + pre.ref_time() - REGULAR_PAYLOAD.declared_weight.ref_time() + ); + + // when there's no unspent weight + let (pre, post) = submit_with_unspent_weight(4, 0); + assert_eq!(post.ref_time(), pre.ref_time()); + + // when dispatch is returning `unspent_weight < declared_weight` + let (pre, post) = submit_with_unspent_weight(5, 1); + assert_eq!(post.ref_time(), pre.ref_time() - 1); + }); + } + + #[test] + fn proof_size_refund_from_receive_messages_proof_works() { + run_test(|| { + let max_entries = crate::mock::MaxUnrewardedRelayerEntriesAtInboundLane::get() as usize; + + // if there's maximal number of unrewarded relayer entries at the inbound lane, then + // `proof_size` is unchanged in post-dispatch weight + let proof: TestMessagesProof = Ok(vec![message(101, REGULAR_PAYLOAD)]).into(); + let messages_count = 1; + let pre_dispatch_weight = + ::WeightInfo::receive_messages_proof_weight( + &proof, + messages_count, + REGULAR_PAYLOAD.declared_weight, + ); + InboundLanes::::insert( + TEST_LANE_ID, + StoredInboundLaneData(InboundLaneData { + relayers: vec![ + UnrewardedRelayer { + relayer: 42, + messages: DeliveredMessages { begin: 0, end: 100 } + }; + max_entries + ] + .into_iter() + .collect(), + last_confirmed_nonce: 0, + }), + ); + let post_dispatch_weight = Pallet::::receive_messages_proof( + RuntimeOrigin::signed(1), + TEST_RELAYER_A, + proof.clone(), + messages_count, + REGULAR_PAYLOAD.declared_weight, + ) + .unwrap() + .actual_weight + .unwrap(); + assert_eq!(post_dispatch_weight.proof_size(), pre_dispatch_weight.proof_size()); + + // if count of unrewarded relayer entries is less than maximal, then some `proof_size` + // must be refunded + InboundLanes::::insert( + TEST_LANE_ID, + StoredInboundLaneData(InboundLaneData { + relayers: vec![ + UnrewardedRelayer { + relayer: 42, + messages: DeliveredMessages { begin: 0, end: 100 } + }; + max_entries - 1 + ] + .into_iter() + .collect(), + last_confirmed_nonce: 0, + }), + ); + let post_dispatch_weight = Pallet::::receive_messages_proof( + RuntimeOrigin::signed(1), + TEST_RELAYER_A, + proof, + messages_count, + REGULAR_PAYLOAD.declared_weight, + ) + .unwrap() + .actual_weight + .unwrap(); + assert!( + post_dispatch_weight.proof_size() < pre_dispatch_weight.proof_size(), + "Expected post-dispatch PoV {} to be less than pre-dispatch PoV {}", + post_dispatch_weight.proof_size(), + pre_dispatch_weight.proof_size(), + ); + }); + } + + #[test] + fn messages_delivered_callbacks_are_called() { + run_test(|| { + send_regular_message(); + send_regular_message(); + send_regular_message(); + + // messages 1+2 are confirmed in 1 tx, message 3 in a separate tx + // dispatch of message 2 has failed + let mut delivered_messages_1_and_2 = DeliveredMessages::new(1); + delivered_messages_1_and_2.note_dispatched_message(); + let messages_1_and_2_proof = Ok(( + TEST_LANE_ID, + InboundLaneData { + last_confirmed_nonce: 0, + relayers: vec![UnrewardedRelayer { + relayer: 0, + messages: delivered_messages_1_and_2.clone(), + }] + .into_iter() + .collect(), + }, + )); + let delivered_message_3 = DeliveredMessages::new(3); + let messages_3_proof = Ok(( + TEST_LANE_ID, + InboundLaneData { + last_confirmed_nonce: 0, + relayers: vec![UnrewardedRelayer { relayer: 0, messages: delivered_message_3 }] + .into_iter() + .collect(), + }, + )); + + // first tx with messages 1+2 + assert_ok!(Pallet::::receive_messages_delivery_proof( + RuntimeOrigin::signed(1), + TestMessagesDeliveryProof(messages_1_and_2_proof), + UnrewardedRelayersState { + unrewarded_relayer_entries: 1, + total_messages: 2, + last_delivered_nonce: 2, + ..Default::default() + }, + )); + // second tx with message 3 + assert_ok!(Pallet::::receive_messages_delivery_proof( + RuntimeOrigin::signed(1), + TestMessagesDeliveryProof(messages_3_proof), + UnrewardedRelayersState { + unrewarded_relayer_entries: 1, + total_messages: 1, + last_delivered_nonce: 3, + ..Default::default() + }, + )); + }); + } + + #[test] + fn receive_messages_delivery_proof_rejects_proof_if_trying_to_confirm_more_messages_than_expected( + ) { + run_test(|| { + // send message first to be able to check that delivery_proof fails later + send_regular_message(); + + // 1) InboundLaneData declares that the `last_confirmed_nonce` is 1; + // 2) InboundLaneData has no entries => `InboundLaneData::last_delivered_nonce()` + // returns `last_confirmed_nonce`; + // 3) it means that we're going to confirm delivery of messages 1..=1; + // 4) so the number of declared messages (see `UnrewardedRelayersState`) is `0` and + // numer of actually confirmed messages is `1`. + assert_noop!( + Pallet::::receive_messages_delivery_proof( + RuntimeOrigin::signed(1), + TestMessagesDeliveryProof(Ok(( + TEST_LANE_ID, + InboundLaneData { last_confirmed_nonce: 1, relayers: Default::default() }, + ))), + UnrewardedRelayersState { last_delivered_nonce: 1, ..Default::default() }, + ), + Error::::TryingToConfirmMoreMessagesThanExpected, + ); + }); + } + + #[test] + fn storage_keys_computed_properly() { + assert_eq!( + PalletOperatingMode::::storage_value_final_key().to_vec(), + bp_messages::storage_keys::operating_mode_key("Messages").0, + ); + + assert_eq!( + OutboundMessages::::storage_map_final_key(MessageKey { + lane_id: TEST_LANE_ID, + nonce: 42 + }), + bp_messages::storage_keys::message_key("Messages", &TEST_LANE_ID, 42).0, + ); + + assert_eq!( + OutboundLanes::::storage_map_final_key(TEST_LANE_ID), + bp_messages::storage_keys::outbound_lane_data_key("Messages", &TEST_LANE_ID).0, + ); + + assert_eq!( + InboundLanes::::storage_map_final_key(TEST_LANE_ID), + bp_messages::storage_keys::inbound_lane_data_key("Messages", &TEST_LANE_ID).0, + ); + } + + #[test] + fn inbound_message_details_works() { + run_test(|| { + assert_eq!( + Pallet::::inbound_message_data( + TEST_LANE_ID, + REGULAR_PAYLOAD.encode(), + OutboundMessageDetails { nonce: 0, dispatch_weight: Weight::zero(), size: 0 }, + ), + InboundMessageDetails { dispatch_weight: REGULAR_PAYLOAD.declared_weight }, + ); + }); + } + + #[test] + fn on_idle_callback_respects_remaining_weight() { + run_test(|| { + send_regular_message(); + send_regular_message(); + send_regular_message(); + send_regular_message(); + + assert_ok!(Pallet::::receive_messages_delivery_proof( + RuntimeOrigin::signed(1), + TestMessagesDeliveryProof(Ok(( + TEST_LANE_ID, + InboundLaneData { + last_confirmed_nonce: 4, + relayers: vec![unrewarded_relayer(1, 4, TEST_RELAYER_A)] + .into_iter() + .collect(), + }, + ))), + UnrewardedRelayersState { + unrewarded_relayer_entries: 1, + messages_in_oldest_entry: 4, + total_messages: 4, + last_delivered_nonce: 4, + }, + )); + + // all 4 messages may be pruned now + assert_eq!( + outbound_lane::(TEST_LANE_ID).data().latest_received_nonce, + 4 + ); + assert_eq!( + outbound_lane::(TEST_LANE_ID).data().oldest_unpruned_nonce, + 1 + ); + System::::set_block_number(2); + + // if passed wight is too low to do anything + let dbw = DbWeight::get(); + assert_eq!( + Pallet::::on_idle(0, dbw.reads_writes(1, 1)), + Weight::zero(), + ); + assert_eq!( + outbound_lane::(TEST_LANE_ID).data().oldest_unpruned_nonce, + 1 + ); + + // if passed wight is enough to prune single message + assert_eq!( + Pallet::::on_idle(0, dbw.reads_writes(1, 2)), + dbw.reads_writes(1, 2), + ); + assert_eq!( + outbound_lane::(TEST_LANE_ID).data().oldest_unpruned_nonce, + 2 + ); + + // if passed wight is enough to prune two more messages + assert_eq!( + Pallet::::on_idle(0, dbw.reads_writes(1, 3)), + dbw.reads_writes(1, 3), + ); + assert_eq!( + outbound_lane::(TEST_LANE_ID).data().oldest_unpruned_nonce, + 4 + ); + + // if passed wight is enough to prune many messages + assert_eq!( + Pallet::::on_idle(0, dbw.reads_writes(100, 100)), + dbw.reads_writes(1, 2), + ); + assert_eq!( + outbound_lane::(TEST_LANE_ID).data().oldest_unpruned_nonce, + 5 + ); + }); + } + + #[test] + fn on_idle_callback_is_rotating_lanes_to_prune() { + run_test(|| { + // send + receive confirmation for lane 1 + send_regular_message(); + receive_messages_delivery_proof(); + // send + receive confirmation for lane 2 + assert_ok!(send_message::( + RuntimeOrigin::signed(1), + TEST_LANE_ID_2, + REGULAR_PAYLOAD, + )); + assert_ok!(Pallet::::receive_messages_delivery_proof( + RuntimeOrigin::signed(1), + TestMessagesDeliveryProof(Ok(( + TEST_LANE_ID_2, + InboundLaneData { + last_confirmed_nonce: 1, + relayers: vec![unrewarded_relayer(1, 1, TEST_RELAYER_A)] + .into_iter() + .collect(), + }, + ))), + UnrewardedRelayersState { + unrewarded_relayer_entries: 1, + messages_in_oldest_entry: 1, + total_messages: 1, + last_delivered_nonce: 1, + }, + )); + + // nothing is pruned yet + assert_eq!( + outbound_lane::(TEST_LANE_ID).data().latest_received_nonce, + 1 + ); + assert_eq!( + outbound_lane::(TEST_LANE_ID).data().oldest_unpruned_nonce, + 1 + ); + assert_eq!( + outbound_lane::(TEST_LANE_ID_2).data().latest_received_nonce, + 1 + ); + assert_eq!( + outbound_lane::(TEST_LANE_ID_2).data().oldest_unpruned_nonce, + 1 + ); + + // in block#2.on_idle lane messages of lane 1 are pruned + let dbw = DbWeight::get(); + System::::set_block_number(2); + assert_eq!( + Pallet::::on_idle(0, dbw.reads_writes(100, 100)), + dbw.reads_writes(1, 2), + ); + assert_eq!( + outbound_lane::(TEST_LANE_ID).data().oldest_unpruned_nonce, + 2 + ); + assert_eq!( + outbound_lane::(TEST_LANE_ID_2).data().oldest_unpruned_nonce, + 1 + ); + + // in block#3.on_idle lane messages of lane 2 are pruned + System::::set_block_number(3); + + assert_eq!( + Pallet::::on_idle(0, dbw.reads_writes(100, 100)), + dbw.reads_writes(1, 2), + ); + assert_eq!( + outbound_lane::(TEST_LANE_ID).data().oldest_unpruned_nonce, + 2 + ); + assert_eq!( + outbound_lane::(TEST_LANE_ID_2).data().oldest_unpruned_nonce, + 2 + ); + }); + } + + #[test] + fn outbound_message_from_unconfigured_lane_is_rejected() { + run_test(|| { + assert_noop!( + send_message::( + RuntimeOrigin::signed(1), + TEST_LANE_ID_3, + REGULAR_PAYLOAD, + ), + Error::::InactiveOutboundLane, + ); + }); + } + + #[test] + fn test_bridge_messages_call_is_correctly_defined() { + let account_id = 1; + let message_proof: TestMessagesProof = Ok(vec![message(1, REGULAR_PAYLOAD)]).into(); + let message_delivery_proof = TestMessagesDeliveryProof(Ok(( + TEST_LANE_ID, + InboundLaneData { + last_confirmed_nonce: 1, + relayers: vec![UnrewardedRelayer { + relayer: 0, + messages: DeliveredMessages::new(1), + }] + .into_iter() + .collect(), + }, + ))); + let unrewarded_relayer_state = UnrewardedRelayersState { + unrewarded_relayer_entries: 1, + total_messages: 1, + last_delivered_nonce: 1, + ..Default::default() + }; + + let direct_receive_messages_proof_call = Call::::receive_messages_proof { + relayer_id_at_bridged_chain: account_id, + proof: message_proof.clone(), + messages_count: 1, + dispatch_weight: REGULAR_PAYLOAD.declared_weight, + }; + let indirect_receive_messages_proof_call = BridgeMessagesCall::< + AccountId, + TestMessagesProof, + TestMessagesDeliveryProof, + >::receive_messages_proof { + relayer_id_at_bridged_chain: account_id, + proof: message_proof, + messages_count: 1, + dispatch_weight: REGULAR_PAYLOAD.declared_weight, + }; + assert_eq!( + direct_receive_messages_proof_call.encode(), + indirect_receive_messages_proof_call.encode() + ); + + let direct_receive_messages_delivery_proof_call = + Call::::receive_messages_delivery_proof { + proof: message_delivery_proof.clone(), + relayers_state: unrewarded_relayer_state.clone(), + }; + let indirect_receive_messages_delivery_proof_call = BridgeMessagesCall::< + AccountId, + TestMessagesProof, + TestMessagesDeliveryProof, + >::receive_messages_delivery_proof { + proof: message_delivery_proof, + relayers_state: unrewarded_relayer_state, + }; + assert_eq!( + direct_receive_messages_delivery_proof_call.encode(), + indirect_receive_messages_delivery_proof_call.encode() + ); + } + + generate_owned_bridge_module_tests!( + MessagesOperatingMode::Basic(BasicOperatingMode::Normal), + MessagesOperatingMode::Basic(BasicOperatingMode::Halted) + ); + + #[test] + fn inbound_storage_extra_proof_size_bytes_works() { + fn relayer_entry() -> UnrewardedRelayer { + UnrewardedRelayer { relayer: 42u64, messages: DeliveredMessages { begin: 0, end: 100 } } + } + + fn storage(relayer_entries: usize) -> RuntimeInboundLaneStorage { + RuntimeInboundLaneStorage { + lane_id: Default::default(), + cached_data: RefCell::new(Some(InboundLaneData { + relayers: vec![relayer_entry(); relayer_entries].into_iter().collect(), + last_confirmed_nonce: 0, + })), + _phantom: Default::default(), + } + } + + let max_entries = crate::mock::MaxUnrewardedRelayerEntriesAtInboundLane::get() as usize; + + // when we have exactly `MaxUnrewardedRelayerEntriesAtInboundLane` unrewarded relayers + assert_eq!(storage(max_entries).extra_proof_size_bytes(), 0); + + // when we have less than `MaxUnrewardedRelayerEntriesAtInboundLane` unrewarded relayers + assert_eq!( + storage(max_entries - 1).extra_proof_size_bytes(), + relayer_entry().encode().len() as u64 + ); + assert_eq!( + storage(max_entries - 2).extra_proof_size_bytes(), + 2 * relayer_entry().encode().len() as u64 + ); + + // when we have more than `MaxUnrewardedRelayerEntriesAtInboundLane` unrewarded relayers + // (shall not happen in practice) + assert_eq!(storage(max_entries + 1).extra_proof_size_bytes(), 0); + } + + #[test] + fn maybe_outbound_lanes_count_returns_correct_value() { + assert_eq!( + MaybeOutboundLanesCount::::get(), + Some(mock::ActiveOutboundLanes::get().len() as u32) + ); + } +} diff --git a/bridges/modules/messages/src/mock.rs b/bridges/modules/messages/src/mock.rs new file mode 100644 index 00000000000..2e45d5b601f --- /dev/null +++ b/bridges/modules/messages/src/mock.rs @@ -0,0 +1,503 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +// From construct_runtime macro +#![allow(clippy::from_over_into)] + +use crate::Config; + +use bp_messages::{ + calc_relayers_rewards, + source_chain::{DeliveryConfirmationPayments, LaneMessageVerifier, TargetHeaderChain}, + target_chain::{ + DeliveryPayments, DispatchMessage, DispatchMessageData, MessageDispatch, + ProvedLaneMessages, ProvedMessages, SourceHeaderChain, + }, + DeliveredMessages, InboundLaneData, LaneId, Message, MessageKey, MessageNonce, MessagePayload, + OutboundLaneData, UnrewardedRelayer, UnrewardedRelayersState, +}; +use bp_runtime::{messages::MessageDispatchResult, Size}; +use codec::{Decode, Encode}; +use frame_support::{ + parameter_types, + traits::ConstU64, + weights::{constants::RocksDbWeight, Weight}, +}; +use scale_info::TypeInfo; +use sp_core::H256; +use sp_runtime::{ + testing::Header as SubstrateHeader, + traits::{BlakeTwo256, ConstU32, IdentityLookup}, + Perbill, +}; +use std::{ + collections::{BTreeMap, VecDeque}, + ops::RangeInclusive, +}; + +pub type AccountId = u64; +pub type Balance = u64; +#[derive(Decode, Encode, Clone, Debug, PartialEq, Eq, TypeInfo)] +pub struct TestPayload { + /// Field that may be used to identify messages. + pub id: u64, + /// Reject this message by lane verifier? + pub reject_by_lane_verifier: bool, + /// Dispatch weight that is declared by the message sender. + pub declared_weight: Weight, + /// Message dispatch result. + /// + /// Note: in correct code `dispatch_result.unspent_weight` will always be <= `declared_weight`, + /// but for test purposes we'll be making it larger than `declared_weight` sometimes. + pub dispatch_result: MessageDispatchResult, + /// Extra bytes that affect payload size. + pub extra: Vec, +} +pub type TestMessageFee = u64; +pub type TestRelayer = u64; +pub type TestDispatchLevelResult = (); + +type Block = frame_system::mocking::MockBlock; +type UncheckedExtrinsic = frame_system::mocking::MockUncheckedExtrinsic; + +use crate as pallet_bridge_messages; + +frame_support::construct_runtime! { + pub enum TestRuntime where + Block = Block, + NodeBlock = Block, + UncheckedExtrinsic = UncheckedExtrinsic, + { + System: frame_system::{Pallet, Call, Config, Storage, Event}, + Balances: pallet_balances::{Pallet, Call, Event}, + Messages: pallet_bridge_messages::{Pallet, Call, Event}, + } +} + +parameter_types! { + pub const BlockHashCount: u64 = 250; + pub const MaximumBlockWeight: Weight = Weight::from_parts(1024, 0); + pub const MaximumBlockLength: u32 = 2 * 1024; + pub const AvailableBlockRatio: Perbill = Perbill::one(); +} + +pub type DbWeight = RocksDbWeight; + +impl frame_system::Config for TestRuntime { + type RuntimeOrigin = RuntimeOrigin; + type Index = u64; + type RuntimeCall = RuntimeCall; + type BlockNumber = u64; + type Hash = H256; + type Hashing = BlakeTwo256; + type AccountId = AccountId; + type Lookup = IdentityLookup; + type Header = SubstrateHeader; + type RuntimeEvent = RuntimeEvent; + type BlockHashCount = ConstU64<250>; + type Version = (); + type PalletInfo = PalletInfo; + type AccountData = pallet_balances::AccountData; + type OnNewAccount = (); + type OnKilledAccount = (); + type BaseCallFilter = frame_support::traits::Everything; + type SystemWeightInfo = (); + type BlockWeights = (); + type BlockLength = (); + type DbWeight = DbWeight; + type SS58Prefix = (); + type OnSetCode = (); + type MaxConsumers = frame_support::traits::ConstU32<16>; +} + +impl pallet_balances::Config for TestRuntime { + type MaxLocks = (); + type Balance = Balance; + type DustRemoval = (); + type RuntimeEvent = RuntimeEvent; + type ExistentialDeposit = ConstU64<1>; + type AccountStore = frame_system::Pallet; + type WeightInfo = (); + type MaxReserves = (); + type ReserveIdentifier = (); + type HoldIdentifier = (); + type FreezeIdentifier = (); + type MaxHolds = ConstU32<0>; + type MaxFreezes = ConstU32<0>; +} + +parameter_types! { + pub const MaxMessagesToPruneAtOnce: u64 = 10; + pub const MaxUnrewardedRelayerEntriesAtInboundLane: u64 = 16; + pub const MaxUnconfirmedMessagesAtInboundLane: u64 = 128; + pub const TestBridgedChainId: bp_runtime::ChainId = *b"test"; + pub const ActiveOutboundLanes: &'static [LaneId] = &[TEST_LANE_ID, TEST_LANE_ID_2]; +} + +/// weights of messages pallet calls we use in tests. +pub type TestWeightInfo = (); + +impl Config for TestRuntime { + type RuntimeEvent = RuntimeEvent; + type WeightInfo = TestWeightInfo; + type ActiveOutboundLanes = ActiveOutboundLanes; + type MaxUnrewardedRelayerEntriesAtInboundLane = MaxUnrewardedRelayerEntriesAtInboundLane; + type MaxUnconfirmedMessagesAtInboundLane = MaxUnconfirmedMessagesAtInboundLane; + + type MaximalOutboundPayloadSize = frame_support::traits::ConstU32; + type OutboundPayload = TestPayload; + + type InboundPayload = TestPayload; + type InboundRelayer = TestRelayer; + type DeliveryPayments = TestDeliveryPayments; + + type TargetHeaderChain = TestTargetHeaderChain; + type LaneMessageVerifier = TestLaneMessageVerifier; + type DeliveryConfirmationPayments = TestDeliveryConfirmationPayments; + + type SourceHeaderChain = TestSourceHeaderChain; + type MessageDispatch = TestMessageDispatch; + type BridgedChainId = TestBridgedChainId; +} + +#[cfg(feature = "runtime-benchmarks")] +impl crate::benchmarking::Config<()> for TestRuntime { + fn bench_lane_id() -> LaneId { + TEST_LANE_ID + } + + fn prepare_message_proof( + params: crate::benchmarking::MessageProofParams, + ) -> (TestMessagesProof, Weight) { + // in mock run we only care about benchmarks correctness, not the benchmark results + // => ignore size related arguments + let (messages, total_dispatch_weight) = + params.message_nonces.into_iter().map(|n| message(n, REGULAR_PAYLOAD)).fold( + (Vec::new(), Weight::zero()), + |(mut messages, total_dispatch_weight), message| { + let weight = REGULAR_PAYLOAD.declared_weight; + messages.push(message); + (messages, total_dispatch_weight.saturating_add(weight)) + }, + ); + let mut proof: TestMessagesProof = Ok(messages).into(); + proof.result.as_mut().unwrap().get_mut(0).unwrap().1.lane_state = params.outbound_lane_data; + (proof, total_dispatch_weight) + } + + fn prepare_message_delivery_proof( + params: crate::benchmarking::MessageDeliveryProofParams, + ) -> TestMessagesDeliveryProof { + // in mock run we only care about benchmarks correctness, not the benchmark results + // => ignore size related arguments + TestMessagesDeliveryProof(Ok((params.lane, params.inbound_lane_data))) + } + + fn is_relayer_rewarded(_relayer: &AccountId) -> bool { + true + } +} + +impl Size for TestPayload { + fn size(&self) -> u32 { + 16 + self.extra.len() as u32 + } +} + +/// Maximal outbound payload size. +pub const MAX_OUTBOUND_PAYLOAD_SIZE: u32 = 4096; + +/// Account that has balance to use in tests. +pub const ENDOWED_ACCOUNT: AccountId = 0xDEAD; + +/// Account id of test relayer. +pub const TEST_RELAYER_A: AccountId = 100; + +/// Account id of additional test relayer - B. +pub const TEST_RELAYER_B: AccountId = 101; + +/// Account id of additional test relayer - C. +pub const TEST_RELAYER_C: AccountId = 102; + +/// Error that is returned by all test implementations. +pub const TEST_ERROR: &str = "Test error"; + +/// Lane that we're using in tests. +pub const TEST_LANE_ID: LaneId = LaneId([0, 0, 0, 1]); + +/// Secondary lane that we're using in tests. +pub const TEST_LANE_ID_2: LaneId = LaneId([0, 0, 0, 2]); + +/// Inactive outbound lane. +pub const TEST_LANE_ID_3: LaneId = LaneId([0, 0, 0, 3]); + +/// Regular message payload. +pub const REGULAR_PAYLOAD: TestPayload = message_payload(0, 50); + +/// Payload that is rejected by `TestTargetHeaderChain`. +pub const PAYLOAD_REJECTED_BY_TARGET_CHAIN: TestPayload = message_payload(1, 50); + +/// Vec of proved messages, grouped by lane. +pub type MessagesByLaneVec = Vec<(LaneId, ProvedLaneMessages)>; + +/// Test messages proof. +#[derive(Debug, Encode, Decode, Clone, PartialEq, Eq, TypeInfo)] +pub struct TestMessagesProof { + pub result: Result, +} + +impl Size for TestMessagesProof { + fn size(&self) -> u32 { + 0 + } +} + +impl From, ()>> for TestMessagesProof { + fn from(result: Result, ()>) -> Self { + Self { + result: result.map(|messages| { + let mut messages_by_lane: BTreeMap> = + BTreeMap::new(); + for message in messages { + messages_by_lane.entry(message.key.lane_id).or_default().messages.push(message); + } + messages_by_lane.into_iter().collect() + }), + } + } +} + +/// Messages delivery proof used in tests. +#[derive(Debug, Encode, Decode, Eq, Clone, PartialEq, TypeInfo)] +pub struct TestMessagesDeliveryProof(pub Result<(LaneId, InboundLaneData), ()>); + +impl Size for TestMessagesDeliveryProof { + fn size(&self) -> u32 { + 0 + } +} + +/// Target header chain that is used in tests. +#[derive(Debug, Default)] +pub struct TestTargetHeaderChain; + +impl TargetHeaderChain for TestTargetHeaderChain { + type Error = &'static str; + + type MessagesDeliveryProof = TestMessagesDeliveryProof; + + fn verify_message(payload: &TestPayload) -> Result<(), Self::Error> { + if *payload == PAYLOAD_REJECTED_BY_TARGET_CHAIN { + Err(TEST_ERROR) + } else { + Ok(()) + } + } + + fn verify_messages_delivery_proof( + proof: Self::MessagesDeliveryProof, + ) -> Result<(LaneId, InboundLaneData), Self::Error> { + proof.0.map_err(|_| TEST_ERROR) + } +} + +/// Lane message verifier that is used in tests. +#[derive(Debug, Default)] +pub struct TestLaneMessageVerifier; + +impl LaneMessageVerifier for TestLaneMessageVerifier { + type Error = &'static str; + + fn verify_message( + _submitter: &RuntimeOrigin, + _lane: &LaneId, + _lane_outbound_data: &OutboundLaneData, + payload: &TestPayload, + ) -> Result<(), Self::Error> { + if !payload.reject_by_lane_verifier { + Ok(()) + } else { + Err(TEST_ERROR) + } + } +} + +/// Reward payments at the target chain during delivery transaction. +#[derive(Debug, Default)] +pub struct TestDeliveryPayments; + +impl TestDeliveryPayments { + /// Returns true if given relayer has been rewarded with given balance. The reward-paid flag is + /// cleared after the call. + pub fn is_reward_paid(relayer: AccountId) -> bool { + let key = (b":delivery-relayer-reward:", relayer).encode(); + frame_support::storage::unhashed::take::(&key).is_some() + } +} + +impl DeliveryPayments for TestDeliveryPayments { + type Error = &'static str; + + fn pay_reward( + relayer: AccountId, + _total_messages: MessageNonce, + _valid_messages: MessageNonce, + _actual_weight: Weight, + ) { + let key = (b":delivery-relayer-reward:", relayer).encode(); + frame_support::storage::unhashed::put(&key, &true); + } +} + +/// Reward payments at the source chain during delivery confirmation transaction. +#[derive(Debug, Default)] +pub struct TestDeliveryConfirmationPayments; + +impl TestDeliveryConfirmationPayments { + /// Returns true if given relayer has been rewarded with given balance. The reward-paid flag is + /// cleared after the call. + pub fn is_reward_paid(relayer: AccountId, fee: TestMessageFee) -> bool { + let key = (b":relayer-reward:", relayer, fee).encode(); + frame_support::storage::unhashed::take::(&key).is_some() + } +} + +impl DeliveryConfirmationPayments for TestDeliveryConfirmationPayments { + type Error = &'static str; + + fn pay_reward( + _lane_id: LaneId, + messages_relayers: VecDeque>, + _confirmation_relayer: &AccountId, + received_range: &RangeInclusive, + ) -> MessageNonce { + let relayers_rewards = calc_relayers_rewards(messages_relayers, received_range); + let rewarded_relayers = relayers_rewards.len(); + for (relayer, reward) in &relayers_rewards { + let key = (b":relayer-reward:", relayer, reward).encode(); + frame_support::storage::unhashed::put(&key, &true); + } + + rewarded_relayers as _ + } +} + +/// Source header chain that is used in tests. +#[derive(Debug)] +pub struct TestSourceHeaderChain; + +impl SourceHeaderChain for TestSourceHeaderChain { + type Error = &'static str; + + type MessagesProof = TestMessagesProof; + + fn verify_messages_proof( + proof: Self::MessagesProof, + _messages_count: u32, + ) -> Result, Self::Error> { + proof.result.map(|proof| proof.into_iter().collect()).map_err(|_| TEST_ERROR) + } +} + +/// Source header chain that is used in tests. +#[derive(Debug)] +pub struct TestMessageDispatch; + +impl MessageDispatch for TestMessageDispatch { + type DispatchPayload = TestPayload; + type DispatchLevelResult = TestDispatchLevelResult; + + fn dispatch_weight(message: &mut DispatchMessage) -> Weight { + match message.data.payload.as_ref() { + Ok(payload) => payload.declared_weight, + Err(_) => Weight::zero(), + } + } + + fn dispatch( + message: DispatchMessage, + ) -> MessageDispatchResult { + match message.data.payload.as_ref() { + Ok(payload) => payload.dispatch_result.clone(), + Err(_) => dispatch_result(0), + } + } +} + +/// Return test lane message with given nonce and payload. +pub fn message(nonce: MessageNonce, payload: TestPayload) -> Message { + Message { key: MessageKey { lane_id: TEST_LANE_ID, nonce }, payload: payload.encode() } +} + +/// Return valid outbound message data, constructed from given payload. +pub fn outbound_message_data(payload: TestPayload) -> MessagePayload { + payload.encode() +} + +/// Return valid inbound (dispatch) message data, constructed from given payload. +pub fn inbound_message_data(payload: TestPayload) -> DispatchMessageData { + DispatchMessageData { payload: Ok(payload) } +} + +/// Constructs message payload using given arguments and zero unspent weight. +pub const fn message_payload(id: u64, declared_weight: u64) -> TestPayload { + TestPayload { + id, + reject_by_lane_verifier: false, + declared_weight: Weight::from_parts(declared_weight, 0), + dispatch_result: dispatch_result(0), + extra: Vec::new(), + } +} + +/// Returns message dispatch result with given unspent weight. +pub const fn dispatch_result( + unspent_weight: u64, +) -> MessageDispatchResult { + MessageDispatchResult { + unspent_weight: Weight::from_parts(unspent_weight, 0), + dispatch_level_result: (), + } +} + +/// Constructs unrewarded relayer entry from nonces range and relayer id. +pub fn unrewarded_relayer( + begin: MessageNonce, + end: MessageNonce, + relayer: TestRelayer, +) -> UnrewardedRelayer { + UnrewardedRelayer { relayer, messages: DeliveredMessages { begin, end } } +} + +/// Returns unrewarded relayers state at given lane. +pub fn inbound_unrewarded_relayers_state(lane: bp_messages::LaneId) -> UnrewardedRelayersState { + let inbound_lane_data = crate::InboundLanes::::get(lane).0; + UnrewardedRelayersState::from(&inbound_lane_data) +} + +/// Return test externalities to use in tests. +pub fn new_test_ext() -> sp_io::TestExternalities { + let mut t = frame_system::GenesisConfig::default().build_storage::().unwrap(); + pallet_balances::GenesisConfig:: { balances: vec![(ENDOWED_ACCOUNT, 1_000_000)] } + .assimilate_storage(&mut t) + .unwrap(); + sp_io::TestExternalities::new(t) +} + +/// Run pallet test. +pub fn run_test(test: impl FnOnce() -> T) -> T { + new_test_ext().execute_with(test) +} diff --git a/bridges/modules/messages/src/outbound_lane.rs b/bridges/modules/messages/src/outbound_lane.rs new file mode 100644 index 00000000000..3d0d4de966a --- /dev/null +++ b/bridges/modules/messages/src/outbound_lane.rs @@ -0,0 +1,433 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Everything about outgoing messages sending. + +use crate::Config; + +use bp_messages::{ + DeliveredMessages, LaneId, MessageNonce, MessagePayload, OutboundLaneData, UnrewardedRelayer, +}; +use frame_support::{ + weights::{RuntimeDbWeight, Weight}, + BoundedVec, RuntimeDebug, +}; +use num_traits::Zero; +use sp_std::collections::vec_deque::VecDeque; + +/// Outbound lane storage. +pub trait OutboundLaneStorage { + /// Lane id. + fn id(&self) -> LaneId; + /// Get lane data from the storage. + fn data(&self) -> OutboundLaneData; + /// Update lane data in the storage. + fn set_data(&mut self, data: OutboundLaneData); + /// Returns saved outbound message payload. + #[cfg(test)] + fn message(&self, nonce: &MessageNonce) -> Option; + /// Save outbound message in the storage. + fn save_message(&mut self, nonce: MessageNonce, message_payload: MessagePayload); + /// Remove outbound message from the storage. + fn remove_message(&mut self, nonce: &MessageNonce); +} + +/// Outbound message data wrapper that implements `MaxEncodedLen`. +pub type StoredMessagePayload = BoundedVec>::MaximalOutboundPayloadSize>; + +/// Result of messages receival confirmation. +#[derive(RuntimeDebug, PartialEq, Eq)] +pub enum ReceivalConfirmationResult { + /// New messages have been confirmed by the confirmation transaction. + ConfirmedMessages(DeliveredMessages), + /// Confirmation transaction brings no new confirmation. This may be a result of relayer + /// error or several relayers running. + NoNewConfirmations, + /// Bridged chain is trying to confirm more messages than we have generated. May be a result + /// of invalid bridged chain storage. + FailedToConfirmFutureMessages, + /// The unrewarded relayers vec contains an empty entry. May be a result of invalid bridged + /// chain storage. + EmptyUnrewardedRelayerEntry, + /// The unrewarded relayers vec contains non-consecutive entries. May be a result of invalid + /// bridged chain storage. + NonConsecutiveUnrewardedRelayerEntries, + /// The chain has more messages that need to be confirmed than there is in the proof. + TryingToConfirmMoreMessagesThanExpected(MessageNonce), +} + +/// Outbound messages lane. +pub struct OutboundLane { + storage: S, +} + +impl OutboundLane { + /// Create new outbound lane backed by given storage. + pub fn new(storage: S) -> Self { + OutboundLane { storage } + } + + /// Get this lane data. + pub fn data(&self) -> OutboundLaneData { + self.storage.data() + } + + /// Send message over lane. + /// + /// Returns new message nonce. + pub fn send_message(&mut self, message_payload: MessagePayload) -> MessageNonce { + let mut data = self.storage.data(); + let nonce = data.latest_generated_nonce + 1; + data.latest_generated_nonce = nonce; + + self.storage.save_message(nonce, message_payload); + self.storage.set_data(data); + + nonce + } + + /// Confirm messages delivery. + pub fn confirm_delivery( + &mut self, + max_allowed_messages: MessageNonce, + latest_delivered_nonce: MessageNonce, + relayers: &VecDeque>, + ) -> ReceivalConfirmationResult { + let mut data = self.storage.data(); + if latest_delivered_nonce <= data.latest_received_nonce { + return ReceivalConfirmationResult::NoNewConfirmations + } + if latest_delivered_nonce > data.latest_generated_nonce { + return ReceivalConfirmationResult::FailedToConfirmFutureMessages + } + if latest_delivered_nonce - data.latest_received_nonce > max_allowed_messages { + // that the relayer has declared correct number of messages that the proof contains (it + // is checked outside of the function). But it may happen (but only if this/bridged + // chain storage is corrupted, though) that the actual number of confirmed messages if + // larger than declared. This would mean that 'reward loop' will take more time than the + // weight formula accounts, so we can't allow that. + return ReceivalConfirmationResult::TryingToConfirmMoreMessagesThanExpected( + latest_delivered_nonce - data.latest_received_nonce, + ) + } + + if let Err(e) = ensure_unrewarded_relayers_are_correct(latest_delivered_nonce, relayers) { + return e + } + + let prev_latest_received_nonce = data.latest_received_nonce; + data.latest_received_nonce = latest_delivered_nonce; + self.storage.set_data(data); + + ReceivalConfirmationResult::ConfirmedMessages(DeliveredMessages { + begin: prev_latest_received_nonce + 1, + end: latest_delivered_nonce, + }) + } + + /// Prune at most `max_messages_to_prune` already received messages. + /// + /// Returns weight, consumed by messages pruning and lane state update. + pub fn prune_messages( + &mut self, + db_weight: RuntimeDbWeight, + mut remaining_weight: Weight, + ) -> Weight { + let write_weight = db_weight.writes(1); + let two_writes_weight = write_weight + write_weight; + let mut spent_weight = Weight::zero(); + let mut data = self.storage.data(); + while remaining_weight.all_gte(two_writes_weight) && + data.oldest_unpruned_nonce <= data.latest_received_nonce + { + self.storage.remove_message(&data.oldest_unpruned_nonce); + + spent_weight += write_weight; + remaining_weight -= write_weight; + data.oldest_unpruned_nonce += 1; + } + + if !spent_weight.is_zero() { + spent_weight += write_weight; + self.storage.set_data(data); + } + + spent_weight + } +} + +/// Verifies unrewarded relayers vec. +/// +/// Returns `Err(_)` if unrewarded relayers vec contains invalid data, meaning that the bridged +/// chain has invalid runtime storage. +fn ensure_unrewarded_relayers_are_correct( + latest_received_nonce: MessageNonce, + relayers: &VecDeque>, +) -> Result<(), ReceivalConfirmationResult> { + let mut last_entry_end: Option = None; + for entry in relayers { + // unrewarded relayer entry must have at least 1 unconfirmed message + // (guaranteed by the `InboundLane::receive_message()`) + if entry.messages.end < entry.messages.begin { + return Err(ReceivalConfirmationResult::EmptyUnrewardedRelayerEntry) + } + // every entry must confirm range of messages that follows previous entry range + // (guaranteed by the `InboundLane::receive_message()`) + if let Some(last_entry_end) = last_entry_end { + let expected_entry_begin = last_entry_end.checked_add(1); + if expected_entry_begin != Some(entry.messages.begin) { + return Err(ReceivalConfirmationResult::NonConsecutiveUnrewardedRelayerEntries) + } + } + last_entry_end = Some(entry.messages.end); + // entry can't confirm messages larger than `inbound_lane_data.latest_received_nonce()` + // (guaranteed by the `InboundLane::receive_message()`) + if entry.messages.end > latest_received_nonce { + return Err(ReceivalConfirmationResult::FailedToConfirmFutureMessages) + } + } + + Ok(()) +} + +#[cfg(test)] +mod tests { + use super::*; + use crate::{ + mock::{ + outbound_message_data, run_test, unrewarded_relayer, TestRelayer, TestRuntime, + REGULAR_PAYLOAD, TEST_LANE_ID, + }, + outbound_lane, + }; + use frame_support::weights::constants::RocksDbWeight; + use sp_std::ops::RangeInclusive; + + fn unrewarded_relayers( + nonces: RangeInclusive, + ) -> VecDeque> { + vec![unrewarded_relayer(*nonces.start(), *nonces.end(), 0)] + .into_iter() + .collect() + } + + fn delivered_messages(nonces: RangeInclusive) -> DeliveredMessages { + DeliveredMessages { begin: *nonces.start(), end: *nonces.end() } + } + + fn assert_3_messages_confirmation_fails( + latest_received_nonce: MessageNonce, + relayers: &VecDeque>, + ) -> ReceivalConfirmationResult { + run_test(|| { + let mut lane = outbound_lane::(TEST_LANE_ID); + lane.send_message(outbound_message_data(REGULAR_PAYLOAD)); + lane.send_message(outbound_message_data(REGULAR_PAYLOAD)); + lane.send_message(outbound_message_data(REGULAR_PAYLOAD)); + assert_eq!(lane.storage.data().latest_generated_nonce, 3); + assert_eq!(lane.storage.data().latest_received_nonce, 0); + let result = lane.confirm_delivery(3, latest_received_nonce, relayers); + assert_eq!(lane.storage.data().latest_generated_nonce, 3); + assert_eq!(lane.storage.data().latest_received_nonce, 0); + result + }) + } + + #[test] + fn send_message_works() { + run_test(|| { + let mut lane = outbound_lane::(TEST_LANE_ID); + assert_eq!(lane.storage.data().latest_generated_nonce, 0); + assert_eq!(lane.send_message(outbound_message_data(REGULAR_PAYLOAD)), 1); + assert!(lane.storage.message(&1).is_some()); + assert_eq!(lane.storage.data().latest_generated_nonce, 1); + }); + } + + #[test] + fn confirm_delivery_works() { + run_test(|| { + let mut lane = outbound_lane::(TEST_LANE_ID); + assert_eq!(lane.send_message(outbound_message_data(REGULAR_PAYLOAD)), 1); + assert_eq!(lane.send_message(outbound_message_data(REGULAR_PAYLOAD)), 2); + assert_eq!(lane.send_message(outbound_message_data(REGULAR_PAYLOAD)), 3); + assert_eq!(lane.storage.data().latest_generated_nonce, 3); + assert_eq!(lane.storage.data().latest_received_nonce, 0); + assert_eq!( + lane.confirm_delivery(3, 3, &unrewarded_relayers(1..=3)), + ReceivalConfirmationResult::ConfirmedMessages(delivered_messages(1..=3)), + ); + assert_eq!(lane.storage.data().latest_generated_nonce, 3); + assert_eq!(lane.storage.data().latest_received_nonce, 3); + }); + } + + #[test] + fn confirm_delivery_rejects_nonce_lesser_than_latest_received() { + run_test(|| { + let mut lane = outbound_lane::(TEST_LANE_ID); + lane.send_message(outbound_message_data(REGULAR_PAYLOAD)); + lane.send_message(outbound_message_data(REGULAR_PAYLOAD)); + lane.send_message(outbound_message_data(REGULAR_PAYLOAD)); + assert_eq!(lane.storage.data().latest_generated_nonce, 3); + assert_eq!(lane.storage.data().latest_received_nonce, 0); + assert_eq!( + lane.confirm_delivery(3, 3, &unrewarded_relayers(1..=3)), + ReceivalConfirmationResult::ConfirmedMessages(delivered_messages(1..=3)), + ); + assert_eq!( + lane.confirm_delivery(3, 3, &unrewarded_relayers(1..=3)), + ReceivalConfirmationResult::NoNewConfirmations, + ); + assert_eq!(lane.storage.data().latest_generated_nonce, 3); + assert_eq!(lane.storage.data().latest_received_nonce, 3); + + assert_eq!( + lane.confirm_delivery(1, 2, &unrewarded_relayers(1..=1)), + ReceivalConfirmationResult::NoNewConfirmations, + ); + assert_eq!(lane.storage.data().latest_generated_nonce, 3); + assert_eq!(lane.storage.data().latest_received_nonce, 3); + }); + } + + #[test] + fn confirm_delivery_rejects_nonce_larger_than_last_generated() { + assert_eq!( + assert_3_messages_confirmation_fails(10, &unrewarded_relayers(1..=10),), + ReceivalConfirmationResult::FailedToConfirmFutureMessages, + ); + } + + #[test] + fn confirm_delivery_fails_if_entry_confirms_future_messages() { + assert_eq!( + assert_3_messages_confirmation_fails( + 3, + &unrewarded_relayers(1..=1) + .into_iter() + .chain(unrewarded_relayers(2..=30).into_iter()) + .chain(unrewarded_relayers(3..=3).into_iter()) + .collect(), + ), + ReceivalConfirmationResult::FailedToConfirmFutureMessages, + ); + } + + #[test] + #[allow(clippy::reversed_empty_ranges)] + fn confirm_delivery_fails_if_entry_is_empty() { + assert_eq!( + assert_3_messages_confirmation_fails( + 3, + &unrewarded_relayers(1..=1) + .into_iter() + .chain(unrewarded_relayers(2..=1).into_iter()) + .chain(unrewarded_relayers(2..=3).into_iter()) + .collect(), + ), + ReceivalConfirmationResult::EmptyUnrewardedRelayerEntry, + ); + } + + #[test] + fn confirm_delivery_fails_if_entries_are_non_consecutive() { + assert_eq!( + assert_3_messages_confirmation_fails( + 3, + &unrewarded_relayers(1..=1) + .into_iter() + .chain(unrewarded_relayers(3..=3).into_iter()) + .chain(unrewarded_relayers(2..=2).into_iter()) + .collect(), + ), + ReceivalConfirmationResult::NonConsecutiveUnrewardedRelayerEntries, + ); + } + + #[test] + fn prune_messages_works() { + run_test(|| { + let mut lane = outbound_lane::(TEST_LANE_ID); + // when lane is empty, nothing is pruned + assert_eq!( + lane.prune_messages(RocksDbWeight::get(), RocksDbWeight::get().writes(101)), + Weight::zero() + ); + assert_eq!(lane.storage.data().oldest_unpruned_nonce, 1); + // when nothing is confirmed, nothing is pruned + lane.send_message(outbound_message_data(REGULAR_PAYLOAD)); + lane.send_message(outbound_message_data(REGULAR_PAYLOAD)); + lane.send_message(outbound_message_data(REGULAR_PAYLOAD)); + assert!(lane.storage.message(&1).is_some()); + assert!(lane.storage.message(&2).is_some()); + assert!(lane.storage.message(&3).is_some()); + assert_eq!( + lane.prune_messages(RocksDbWeight::get(), RocksDbWeight::get().writes(101)), + Weight::zero() + ); + assert_eq!(lane.storage.data().oldest_unpruned_nonce, 1); + // after confirmation, some messages are received + assert_eq!( + lane.confirm_delivery(2, 2, &unrewarded_relayers(1..=2)), + ReceivalConfirmationResult::ConfirmedMessages(delivered_messages(1..=2)), + ); + assert_eq!( + lane.prune_messages(RocksDbWeight::get(), RocksDbWeight::get().writes(101)), + RocksDbWeight::get().writes(3), + ); + assert!(lane.storage.message(&1).is_none()); + assert!(lane.storage.message(&2).is_none()); + assert!(lane.storage.message(&3).is_some()); + assert_eq!(lane.storage.data().oldest_unpruned_nonce, 3); + // after last message is confirmed, everything is pruned + assert_eq!( + lane.confirm_delivery(1, 3, &unrewarded_relayers(3..=3)), + ReceivalConfirmationResult::ConfirmedMessages(delivered_messages(3..=3)), + ); + assert_eq!( + lane.prune_messages(RocksDbWeight::get(), RocksDbWeight::get().writes(101)), + RocksDbWeight::get().writes(2), + ); + assert!(lane.storage.message(&1).is_none()); + assert!(lane.storage.message(&2).is_none()); + assert!(lane.storage.message(&3).is_none()); + assert_eq!(lane.storage.data().oldest_unpruned_nonce, 4); + }); + } + + #[test] + fn confirm_delivery_detects_when_more_than_expected_messages_are_confirmed() { + run_test(|| { + let mut lane = outbound_lane::(TEST_LANE_ID); + lane.send_message(outbound_message_data(REGULAR_PAYLOAD)); + lane.send_message(outbound_message_data(REGULAR_PAYLOAD)); + lane.send_message(outbound_message_data(REGULAR_PAYLOAD)); + assert_eq!( + lane.confirm_delivery(0, 3, &unrewarded_relayers(1..=3)), + ReceivalConfirmationResult::TryingToConfirmMoreMessagesThanExpected(3), + ); + assert_eq!( + lane.confirm_delivery(2, 3, &unrewarded_relayers(1..=3)), + ReceivalConfirmationResult::TryingToConfirmMoreMessagesThanExpected(3), + ); + assert_eq!( + lane.confirm_delivery(3, 3, &unrewarded_relayers(1..=3)), + ReceivalConfirmationResult::ConfirmedMessages(delivered_messages(1..=3)), + ); + }); + } +} diff --git a/bridges/modules/messages/src/weights.rs b/bridges/modules/messages/src/weights.rs new file mode 100644 index 00000000000..9880f1dd1ea --- /dev/null +++ b/bridges/modules/messages/src/weights.rs @@ -0,0 +1,525 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Autogenerated weights for RialtoMessages +//! +//! THIS FILE WAS AUTO-GENERATED USING THE SUBSTRATE BENCHMARK CLI VERSION 4.0.0-dev +//! DATE: 2023-03-23, STEPS: `50`, REPEAT: `20`, LOW RANGE: `[]`, HIGH RANGE: `[]` +//! WORST CASE MAP SIZE: `1000000` +//! HOSTNAME: `covid`, CPU: `11th Gen Intel(R) Core(TM) i7-11800H @ 2.30GHz` +//! EXECUTION: Some(Wasm), WASM-EXECUTION: Compiled, CHAIN: Some("dev"), DB CACHE: 1024 + +// Executed Command: +// target/release/millau-bridge-node +// benchmark +// pallet +// --chain=dev +// --steps=50 +// --repeat=20 +// --pallet=RialtoMessages +// --extrinsic=* +// --execution=wasm +// --wasm-execution=Compiled +// --heap-pages=4096 +// --output=./modules/messages/src/weights.rs +// --template=./.maintain/bridge-weight-template.hbs + +#![allow(clippy::all)] +#![allow(unused_parens)] +#![allow(unused_imports)] +#![allow(missing_docs)] + +use frame_support::{ + traits::Get, + weights::{constants::RocksDbWeight, Weight}, +}; +use sp_std::marker::PhantomData; + +/// Weight functions needed for RialtoMessages. +pub trait WeightInfo { + fn receive_single_message_proof() -> Weight; + fn receive_two_messages_proof() -> Weight; + fn receive_single_message_proof_with_outbound_lane_state() -> Weight; + fn receive_single_message_proof_1_kb() -> Weight; + fn receive_single_message_proof_16_kb() -> Weight; + fn receive_delivery_proof_for_single_message() -> Weight; + fn receive_delivery_proof_for_two_messages_by_single_relayer() -> Weight; + fn receive_delivery_proof_for_two_messages_by_two_relayers() -> Weight; + fn receive_single_message_proof_with_dispatch(i: u32) -> Weight; +} + +/// Weights for `RialtoMessages` that are generated using one of the Bridge testnets. +/// +/// Those weights are test only and must never be used in production. +pub struct BridgeWeight(PhantomData); +impl WeightInfo for BridgeWeight { + /// Storage: BridgeRialtoMessages PalletOperatingMode (r:1 w:0) + /// + /// Proof: BridgeRialtoMessages PalletOperatingMode (max_values: Some(1), max_size: Some(2), + /// added: 497, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoGrandpa ImportedHeaders (r:1 w:0) + /// + /// Proof: BridgeRialtoGrandpa ImportedHeaders (max_values: Some(14400), max_size: Some(68), + /// added: 2048, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoMessages InboundLanes (r:1 w:1) + /// + /// Proof: BridgeRialtoMessages InboundLanes (max_values: None, max_size: Some(49180), added: + /// 51655, mode: MaxEncodedLen) + fn receive_single_message_proof() -> Weight { + // Proof Size summary in bytes: + // Measured: `618` + // Estimated: `57170` + // Minimum execution time: 52_321 nanoseconds. + Weight::from_parts(54_478_000, 57170) + .saturating_add(T::DbWeight::get().reads(3_u64)) + .saturating_add(T::DbWeight::get().writes(1_u64)) + } + /// Storage: BridgeRialtoMessages PalletOperatingMode (r:1 w:0) + /// + /// Proof: BridgeRialtoMessages PalletOperatingMode (max_values: Some(1), max_size: Some(2), + /// added: 497, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoGrandpa ImportedHeaders (r:1 w:0) + /// + /// Proof: BridgeRialtoGrandpa ImportedHeaders (max_values: Some(14400), max_size: Some(68), + /// added: 2048, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoMessages InboundLanes (r:1 w:1) + /// + /// Proof: BridgeRialtoMessages InboundLanes (max_values: None, max_size: Some(49180), added: + /// 51655, mode: MaxEncodedLen) + fn receive_two_messages_proof() -> Weight { + // Proof Size summary in bytes: + // Measured: `618` + // Estimated: `57170` + // Minimum execution time: 64_597 nanoseconds. + Weight::from_parts(69_267_000, 57170) + .saturating_add(T::DbWeight::get().reads(3_u64)) + .saturating_add(T::DbWeight::get().writes(1_u64)) + } + /// Storage: BridgeRialtoMessages PalletOperatingMode (r:1 w:0) + /// + /// Proof: BridgeRialtoMessages PalletOperatingMode (max_values: Some(1), max_size: Some(2), + /// added: 497, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoGrandpa ImportedHeaders (r:1 w:0) + /// + /// Proof: BridgeRialtoGrandpa ImportedHeaders (max_values: Some(14400), max_size: Some(68), + /// added: 2048, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoMessages InboundLanes (r:1 w:1) + /// + /// Proof: BridgeRialtoMessages InboundLanes (max_values: None, max_size: Some(49180), added: + /// 51655, mode: MaxEncodedLen) + fn receive_single_message_proof_with_outbound_lane_state() -> Weight { + // Proof Size summary in bytes: + // Measured: `618` + // Estimated: `57170` + // Minimum execution time: 64_079 nanoseconds. + Weight::from_parts(65_905_000, 57170) + .saturating_add(T::DbWeight::get().reads(3_u64)) + .saturating_add(T::DbWeight::get().writes(1_u64)) + } + /// Storage: BridgeRialtoMessages PalletOperatingMode (r:1 w:0) + /// + /// Proof: BridgeRialtoMessages PalletOperatingMode (max_values: Some(1), max_size: Some(2), + /// added: 497, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoGrandpa ImportedHeaders (r:1 w:0) + /// + /// Proof: BridgeRialtoGrandpa ImportedHeaders (max_values: Some(14400), max_size: Some(68), + /// added: 2048, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoMessages InboundLanes (r:1 w:1) + /// + /// Proof: BridgeRialtoMessages InboundLanes (max_values: None, max_size: Some(49180), added: + /// 51655, mode: MaxEncodedLen) + fn receive_single_message_proof_1_kb() -> Weight { + // Proof Size summary in bytes: + // Measured: `618` + // Estimated: `57170` + // Minimum execution time: 50_588 nanoseconds. + Weight::from_parts(53_544_000, 57170) + .saturating_add(T::DbWeight::get().reads(3_u64)) + .saturating_add(T::DbWeight::get().writes(1_u64)) + } + /// Storage: BridgeRialtoMessages PalletOperatingMode (r:1 w:0) + /// + /// Proof: BridgeRialtoMessages PalletOperatingMode (max_values: Some(1), max_size: Some(2), + /// added: 497, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoGrandpa ImportedHeaders (r:1 w:0) + /// + /// Proof: BridgeRialtoGrandpa ImportedHeaders (max_values: Some(14400), max_size: Some(68), + /// added: 2048, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoMessages InboundLanes (r:1 w:1) + /// + /// Proof: BridgeRialtoMessages InboundLanes (max_values: None, max_size: Some(49180), added: + /// 51655, mode: MaxEncodedLen) + fn receive_single_message_proof_16_kb() -> Weight { + // Proof Size summary in bytes: + // Measured: `618` + // Estimated: `57170` + // Minimum execution time: 78_269 nanoseconds. + Weight::from_parts(81_748_000, 57170) + .saturating_add(T::DbWeight::get().reads(3_u64)) + .saturating_add(T::DbWeight::get().writes(1_u64)) + } + /// Storage: BridgeRialtoMessages PalletOperatingMode (r:1 w:0) + /// + /// Proof: BridgeRialtoMessages PalletOperatingMode (max_values: Some(1), max_size: Some(2), + /// added: 497, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoGrandpa ImportedHeaders (r:1 w:0) + /// + /// Proof: BridgeRialtoGrandpa ImportedHeaders (max_values: Some(14400), max_size: Some(68), + /// added: 2048, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoMessages OutboundLanes (r:1 w:1) + /// + /// Proof: BridgeRialtoMessages OutboundLanes (max_values: Some(1), max_size: Some(44), added: + /// 539, mode: MaxEncodedLen) + /// + /// Storage: BridgeRelayers RelayerRewards (r:1 w:1) + /// + /// Proof: BridgeRelayers RelayerRewards (max_values: None, max_size: Some(65), added: 2540, + /// mode: MaxEncodedLen) + fn receive_delivery_proof_for_single_message() -> Weight { + // Proof Size summary in bytes: + // Measured: `579` + // Estimated: `9584` + // Minimum execution time: 45_786 nanoseconds. + Weight::from_parts(47_382_000, 9584) + .saturating_add(T::DbWeight::get().reads(4_u64)) + .saturating_add(T::DbWeight::get().writes(2_u64)) + } + /// Storage: BridgeRialtoMessages PalletOperatingMode (r:1 w:0) + /// + /// Proof: BridgeRialtoMessages PalletOperatingMode (max_values: Some(1), max_size: Some(2), + /// added: 497, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoGrandpa ImportedHeaders (r:1 w:0) + /// + /// Proof: BridgeRialtoGrandpa ImportedHeaders (max_values: Some(14400), max_size: Some(68), + /// added: 2048, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoMessages OutboundLanes (r:1 w:1) + /// + /// Proof: BridgeRialtoMessages OutboundLanes (max_values: Some(1), max_size: Some(44), added: + /// 539, mode: MaxEncodedLen) + /// + /// Storage: BridgeRelayers RelayerRewards (r:1 w:1) + /// + /// Proof: BridgeRelayers RelayerRewards (max_values: None, max_size: Some(65), added: 2540, + /// mode: MaxEncodedLen) + fn receive_delivery_proof_for_two_messages_by_single_relayer() -> Weight { + // Proof Size summary in bytes: + // Measured: `596` + // Estimated: `9584` + // Minimum execution time: 44_544 nanoseconds. + Weight::from_parts(45_451_000, 9584) + .saturating_add(T::DbWeight::get().reads(4_u64)) + .saturating_add(T::DbWeight::get().writes(2_u64)) + } + /// Storage: BridgeRialtoMessages PalletOperatingMode (r:1 w:0) + /// + /// Proof: BridgeRialtoMessages PalletOperatingMode (max_values: Some(1), max_size: Some(2), + /// added: 497, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoGrandpa ImportedHeaders (r:1 w:0) + /// + /// Proof: BridgeRialtoGrandpa ImportedHeaders (max_values: Some(14400), max_size: Some(68), + /// added: 2048, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoMessages OutboundLanes (r:1 w:1) + /// + /// Proof: BridgeRialtoMessages OutboundLanes (max_values: Some(1), max_size: Some(44), added: + /// 539, mode: MaxEncodedLen) + /// + /// Storage: BridgeRelayers RelayerRewards (r:2 w:2) + /// + /// Proof: BridgeRelayers RelayerRewards (max_values: None, max_size: Some(65), added: 2540, + /// mode: MaxEncodedLen) + fn receive_delivery_proof_for_two_messages_by_two_relayers() -> Weight { + // Proof Size summary in bytes: + // Measured: `596` + // Estimated: `12124` + // Minimum execution time: 47_344 nanoseconds. + Weight::from_parts(48_311_000, 12124) + .saturating_add(T::DbWeight::get().reads(5_u64)) + .saturating_add(T::DbWeight::get().writes(3_u64)) + } + /// Storage: BridgeRialtoMessages PalletOperatingMode (r:1 w:0) + /// + /// Proof: BridgeRialtoMessages PalletOperatingMode (max_values: Some(1), max_size: Some(2), + /// added: 497, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoGrandpa ImportedHeaders (r:1 w:0) + /// + /// Proof: BridgeRialtoGrandpa ImportedHeaders (max_values: Some(14400), max_size: Some(68), + /// added: 2048, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoMessages InboundLanes (r:1 w:1) + /// + /// Proof: BridgeRialtoMessages InboundLanes (max_values: None, max_size: Some(49180), added: + /// 51655, mode: MaxEncodedLen) + /// + /// The range of component `i` is `[128, 2048]`. + fn receive_single_message_proof_with_dispatch(i: u32) -> Weight { + // Proof Size summary in bytes: + // Measured: `618` + // Estimated: `57170` + // Minimum execution time: 52_385 nanoseconds. + Weight::from_parts(54_919_468, 57170) + // Standard Error: 108 + .saturating_add(Weight::from_parts(3_286, 0).saturating_mul(i.into())) + .saturating_add(T::DbWeight::get().reads(3_u64)) + .saturating_add(T::DbWeight::get().writes(1_u64)) + } +} + +// For backwards compatibility and tests +impl WeightInfo for () { + /// Storage: BridgeRialtoMessages PalletOperatingMode (r:1 w:0) + /// + /// Proof: BridgeRialtoMessages PalletOperatingMode (max_values: Some(1), max_size: Some(2), + /// added: 497, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoGrandpa ImportedHeaders (r:1 w:0) + /// + /// Proof: BridgeRialtoGrandpa ImportedHeaders (max_values: Some(14400), max_size: Some(68), + /// added: 2048, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoMessages InboundLanes (r:1 w:1) + /// + /// Proof: BridgeRialtoMessages InboundLanes (max_values: None, max_size: Some(49180), added: + /// 51655, mode: MaxEncodedLen) + fn receive_single_message_proof() -> Weight { + // Proof Size summary in bytes: + // Measured: `618` + // Estimated: `57170` + // Minimum execution time: 52_321 nanoseconds. + Weight::from_parts(54_478_000, 57170) + .saturating_add(RocksDbWeight::get().reads(3_u64)) + .saturating_add(RocksDbWeight::get().writes(1_u64)) + } + /// Storage: BridgeRialtoMessages PalletOperatingMode (r:1 w:0) + /// + /// Proof: BridgeRialtoMessages PalletOperatingMode (max_values: Some(1), max_size: Some(2), + /// added: 497, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoGrandpa ImportedHeaders (r:1 w:0) + /// + /// Proof: BridgeRialtoGrandpa ImportedHeaders (max_values: Some(14400), max_size: Some(68), + /// added: 2048, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoMessages InboundLanes (r:1 w:1) + /// + /// Proof: BridgeRialtoMessages InboundLanes (max_values: None, max_size: Some(49180), added: + /// 51655, mode: MaxEncodedLen) + fn receive_two_messages_proof() -> Weight { + // Proof Size summary in bytes: + // Measured: `618` + // Estimated: `57170` + // Minimum execution time: 64_597 nanoseconds. + Weight::from_parts(69_267_000, 57170) + .saturating_add(RocksDbWeight::get().reads(3_u64)) + .saturating_add(RocksDbWeight::get().writes(1_u64)) + } + /// Storage: BridgeRialtoMessages PalletOperatingMode (r:1 w:0) + /// + /// Proof: BridgeRialtoMessages PalletOperatingMode (max_values: Some(1), max_size: Some(2), + /// added: 497, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoGrandpa ImportedHeaders (r:1 w:0) + /// + /// Proof: BridgeRialtoGrandpa ImportedHeaders (max_values: Some(14400), max_size: Some(68), + /// added: 2048, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoMessages InboundLanes (r:1 w:1) + /// + /// Proof: BridgeRialtoMessages InboundLanes (max_values: None, max_size: Some(49180), added: + /// 51655, mode: MaxEncodedLen) + fn receive_single_message_proof_with_outbound_lane_state() -> Weight { + // Proof Size summary in bytes: + // Measured: `618` + // Estimated: `57170` + // Minimum execution time: 64_079 nanoseconds. + Weight::from_parts(65_905_000, 57170) + .saturating_add(RocksDbWeight::get().reads(3_u64)) + .saturating_add(RocksDbWeight::get().writes(1_u64)) + } + /// Storage: BridgeRialtoMessages PalletOperatingMode (r:1 w:0) + /// + /// Proof: BridgeRialtoMessages PalletOperatingMode (max_values: Some(1), max_size: Some(2), + /// added: 497, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoGrandpa ImportedHeaders (r:1 w:0) + /// + /// Proof: BridgeRialtoGrandpa ImportedHeaders (max_values: Some(14400), max_size: Some(68), + /// added: 2048, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoMessages InboundLanes (r:1 w:1) + /// + /// Proof: BridgeRialtoMessages InboundLanes (max_values: None, max_size: Some(49180), added: + /// 51655, mode: MaxEncodedLen) + fn receive_single_message_proof_1_kb() -> Weight { + // Proof Size summary in bytes: + // Measured: `618` + // Estimated: `57170` + // Minimum execution time: 50_588 nanoseconds. + Weight::from_parts(53_544_000, 57170) + .saturating_add(RocksDbWeight::get().reads(3_u64)) + .saturating_add(RocksDbWeight::get().writes(1_u64)) + } + /// Storage: BridgeRialtoMessages PalletOperatingMode (r:1 w:0) + /// + /// Proof: BridgeRialtoMessages PalletOperatingMode (max_values: Some(1), max_size: Some(2), + /// added: 497, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoGrandpa ImportedHeaders (r:1 w:0) + /// + /// Proof: BridgeRialtoGrandpa ImportedHeaders (max_values: Some(14400), max_size: Some(68), + /// added: 2048, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoMessages InboundLanes (r:1 w:1) + /// + /// Proof: BridgeRialtoMessages InboundLanes (max_values: None, max_size: Some(49180), added: + /// 51655, mode: MaxEncodedLen) + fn receive_single_message_proof_16_kb() -> Weight { + // Proof Size summary in bytes: + // Measured: `618` + // Estimated: `57170` + // Minimum execution time: 78_269 nanoseconds. + Weight::from_parts(81_748_000, 57170) + .saturating_add(RocksDbWeight::get().reads(3_u64)) + .saturating_add(RocksDbWeight::get().writes(1_u64)) + } + /// Storage: BridgeRialtoMessages PalletOperatingMode (r:1 w:0) + /// + /// Proof: BridgeRialtoMessages PalletOperatingMode (max_values: Some(1), max_size: Some(2), + /// added: 497, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoGrandpa ImportedHeaders (r:1 w:0) + /// + /// Proof: BridgeRialtoGrandpa ImportedHeaders (max_values: Some(14400), max_size: Some(68), + /// added: 2048, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoMessages OutboundLanes (r:1 w:1) + /// + /// Proof: BridgeRialtoMessages OutboundLanes (max_values: Some(1), max_size: Some(44), added: + /// 539, mode: MaxEncodedLen) + /// + /// Storage: BridgeRelayers RelayerRewards (r:1 w:1) + /// + /// Proof: BridgeRelayers RelayerRewards (max_values: None, max_size: Some(65), added: 2540, + /// mode: MaxEncodedLen) + fn receive_delivery_proof_for_single_message() -> Weight { + // Proof Size summary in bytes: + // Measured: `579` + // Estimated: `9584` + // Minimum execution time: 45_786 nanoseconds. + Weight::from_parts(47_382_000, 9584) + .saturating_add(RocksDbWeight::get().reads(4_u64)) + .saturating_add(RocksDbWeight::get().writes(2_u64)) + } + /// Storage: BridgeRialtoMessages PalletOperatingMode (r:1 w:0) + /// + /// Proof: BridgeRialtoMessages PalletOperatingMode (max_values: Some(1), max_size: Some(2), + /// added: 497, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoGrandpa ImportedHeaders (r:1 w:0) + /// + /// Proof: BridgeRialtoGrandpa ImportedHeaders (max_values: Some(14400), max_size: Some(68), + /// added: 2048, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoMessages OutboundLanes (r:1 w:1) + /// + /// Proof: BridgeRialtoMessages OutboundLanes (max_values: Some(1), max_size: Some(44), added: + /// 539, mode: MaxEncodedLen) + /// + /// Storage: BridgeRelayers RelayerRewards (r:1 w:1) + /// + /// Proof: BridgeRelayers RelayerRewards (max_values: None, max_size: Some(65), added: 2540, + /// mode: MaxEncodedLen) + fn receive_delivery_proof_for_two_messages_by_single_relayer() -> Weight { + // Proof Size summary in bytes: + // Measured: `596` + // Estimated: `9584` + // Minimum execution time: 44_544 nanoseconds. + Weight::from_parts(45_451_000, 9584) + .saturating_add(RocksDbWeight::get().reads(4_u64)) + .saturating_add(RocksDbWeight::get().writes(2_u64)) + } + /// Storage: BridgeRialtoMessages PalletOperatingMode (r:1 w:0) + /// + /// Proof: BridgeRialtoMessages PalletOperatingMode (max_values: Some(1), max_size: Some(2), + /// added: 497, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoGrandpa ImportedHeaders (r:1 w:0) + /// + /// Proof: BridgeRialtoGrandpa ImportedHeaders (max_values: Some(14400), max_size: Some(68), + /// added: 2048, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoMessages OutboundLanes (r:1 w:1) + /// + /// Proof: BridgeRialtoMessages OutboundLanes (max_values: Some(1), max_size: Some(44), added: + /// 539, mode: MaxEncodedLen) + /// + /// Storage: BridgeRelayers RelayerRewards (r:2 w:2) + /// + /// Proof: BridgeRelayers RelayerRewards (max_values: None, max_size: Some(65), added: 2540, + /// mode: MaxEncodedLen) + fn receive_delivery_proof_for_two_messages_by_two_relayers() -> Weight { + // Proof Size summary in bytes: + // Measured: `596` + // Estimated: `12124` + // Minimum execution time: 47_344 nanoseconds. + Weight::from_parts(48_311_000, 12124) + .saturating_add(RocksDbWeight::get().reads(5_u64)) + .saturating_add(RocksDbWeight::get().writes(3_u64)) + } + /// Storage: BridgeRialtoMessages PalletOperatingMode (r:1 w:0) + /// + /// Proof: BridgeRialtoMessages PalletOperatingMode (max_values: Some(1), max_size: Some(2), + /// added: 497, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoGrandpa ImportedHeaders (r:1 w:0) + /// + /// Proof: BridgeRialtoGrandpa ImportedHeaders (max_values: Some(14400), max_size: Some(68), + /// added: 2048, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoMessages InboundLanes (r:1 w:1) + /// + /// Proof: BridgeRialtoMessages InboundLanes (max_values: None, max_size: Some(49180), added: + /// 51655, mode: MaxEncodedLen) + /// + /// The range of component `i` is `[128, 2048]`. + fn receive_single_message_proof_with_dispatch(i: u32) -> Weight { + // Proof Size summary in bytes: + // Measured: `618` + // Estimated: `57170` + // Minimum execution time: 52_385 nanoseconds. + Weight::from_parts(54_919_468, 57170) + // Standard Error: 108 + .saturating_add(Weight::from_parts(3_286, 0).saturating_mul(i.into())) + .saturating_add(RocksDbWeight::get().reads(3_u64)) + .saturating_add(RocksDbWeight::get().writes(1_u64)) + } +} diff --git a/bridges/modules/messages/src/weights_ext.rs b/bridges/modules/messages/src/weights_ext.rs new file mode 100644 index 00000000000..3aefd6be7ca --- /dev/null +++ b/bridges/modules/messages/src/weights_ext.rs @@ -0,0 +1,487 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Weight-related utilities. + +use crate::weights::WeightInfo; + +use bp_messages::{MessageNonce, UnrewardedRelayersState}; +use bp_runtime::{PreComputedSize, Size}; +use frame_support::weights::Weight; + +/// Size of the message being delivered in benchmarks. +pub const EXPECTED_DEFAULT_MESSAGE_LENGTH: u32 = 128; + +/// We assume that size of signed extensions on all our chains and size of all 'small' arguments of +/// calls we're checking here would fit 1KB. +const SIGNED_EXTENSIONS_SIZE: u32 = 1024; + +/// Number of extra bytes (excluding size of storage value itself) of storage proof, built at +/// Rialto chain. This mostly depends on number of entries (and their density) in the storage trie. +/// Some reserve is reserved to account future chain growth. +pub const EXTRA_STORAGE_PROOF_SIZE: u32 = 1024; + +/// Ensure that weights from `WeightInfoExt` implementation are looking correct. +pub fn ensure_weights_are_correct() { + // all components of weight formulae must have zero `proof_size`, because the `proof_size` is + // benchmarked using `MaxEncodedLen` approach and there are no components that cause additional + // db reads + + // verify `receive_messages_proof` weight components + assert_ne!(W::receive_messages_proof_overhead().ref_time(), 0); + assert_ne!(W::receive_messages_proof_overhead().proof_size(), 0); + // W::receive_messages_proof_messages_overhead(1).ref_time() may be zero because: + // the message processing code (`InboundLane::receive_message`) is minimal and may not be + // accounted by our benchmarks + assert_eq!(W::receive_messages_proof_messages_overhead(1).proof_size(), 0); + // W::receive_messages_proof_outbound_lane_state_overhead().ref_time() may be zero because: + // the outbound lane state processing code (`InboundLane::receive_state_update`) is minimal and + // may not be accounted by our benchmarks + assert_eq!(W::receive_messages_proof_outbound_lane_state_overhead().proof_size(), 0); + assert_ne!(W::storage_proof_size_overhead(1).ref_time(), 0); + assert_eq!(W::storage_proof_size_overhead(1).proof_size(), 0); + + // verify `receive_messages_delivery_proof` weight components + assert_ne!(W::receive_messages_delivery_proof_overhead().ref_time(), 0); + assert_ne!(W::receive_messages_delivery_proof_overhead().proof_size(), 0); + // W::receive_messages_delivery_proof_messages_overhead(1).ref_time() may be zero because: + // there's no code that iterates over confirmed messages in confirmation transaction + assert_eq!(W::receive_messages_delivery_proof_messages_overhead(1).proof_size(), 0); + assert_ne!(W::receive_messages_delivery_proof_relayers_overhead(1).ref_time(), 0); + // W::receive_messages_delivery_proof_relayers_overhead(1).proof_size() is an exception + // it may or may not cause additional db reads, so proof size may vary + assert_ne!(W::storage_proof_size_overhead(1).ref_time(), 0); + assert_eq!(W::storage_proof_size_overhead(1).proof_size(), 0); + + // verify `receive_message_proof` weight + let receive_messages_proof_weight = + W::receive_messages_proof_weight(&PreComputedSize(1), 10, Weight::zero()); + assert_ne!(receive_messages_proof_weight.ref_time(), 0); + assert_ne!(receive_messages_proof_weight.proof_size(), 0); + messages_proof_size_does_not_affect_proof_size::(); + messages_count_does_not_affect_proof_size::(); + + // verify `receive_message_proof` weight + let receive_messages_delivery_proof_weight = W::receive_messages_delivery_proof_weight( + &PreComputedSize(1), + &UnrewardedRelayersState::default(), + ); + assert_ne!(receive_messages_delivery_proof_weight.ref_time(), 0); + assert_ne!(receive_messages_delivery_proof_weight.proof_size(), 0); + messages_delivery_proof_size_does_not_affect_proof_size::(); + total_messages_in_delivery_proof_does_not_affect_proof_size::(); +} + +/// Ensure that we're able to receive maximal (by-size and by-weight) message from other chain. +pub fn ensure_able_to_receive_message( + max_extrinsic_size: u32, + max_extrinsic_weight: Weight, + max_incoming_message_proof_size: u32, + max_incoming_message_dispatch_weight: Weight, +) { + // verify that we're able to receive proof of maximal-size message + let max_delivery_transaction_size = + max_incoming_message_proof_size.saturating_add(SIGNED_EXTENSIONS_SIZE); + assert!( + max_delivery_transaction_size <= max_extrinsic_size, + "Size of maximal message delivery transaction {max_incoming_message_proof_size} + {SIGNED_EXTENSIONS_SIZE} is larger than maximal possible transaction size {max_extrinsic_size}", + ); + + // verify that we're able to receive proof of maximal-size message with maximal dispatch weight + let max_delivery_transaction_dispatch_weight = W::receive_messages_proof_weight( + &PreComputedSize( + (max_incoming_message_proof_size + W::expected_extra_storage_proof_size()) as usize, + ), + 1, + max_incoming_message_dispatch_weight, + ); + assert!( + max_delivery_transaction_dispatch_weight.all_lte(max_extrinsic_weight), + "Weight of maximal message delivery transaction + {max_delivery_transaction_dispatch_weight} is larger than maximal possible transaction weight {max_extrinsic_weight}", + ); +} + +/// Ensure that we're able to receive maximal confirmation from other chain. +pub fn ensure_able_to_receive_confirmation( + max_extrinsic_size: u32, + max_extrinsic_weight: Weight, + max_inbound_lane_data_proof_size_from_peer_chain: u32, + max_unrewarded_relayer_entries_at_peer_inbound_lane: MessageNonce, + max_unconfirmed_messages_at_inbound_lane: MessageNonce, +) { + // verify that we're able to receive confirmation of maximal-size + let max_confirmation_transaction_size = + max_inbound_lane_data_proof_size_from_peer_chain.saturating_add(SIGNED_EXTENSIONS_SIZE); + assert!( + max_confirmation_transaction_size <= max_extrinsic_size, + "Size of maximal message delivery confirmation transaction {max_inbound_lane_data_proof_size_from_peer_chain} + {SIGNED_EXTENSIONS_SIZE} is larger than maximal possible transaction size {max_extrinsic_size}", + ); + + // verify that we're able to reward maximal number of relayers that have delivered maximal + // number of messages + let max_confirmation_transaction_dispatch_weight = W::receive_messages_delivery_proof_weight( + &PreComputedSize(max_inbound_lane_data_proof_size_from_peer_chain as usize), + &UnrewardedRelayersState { + unrewarded_relayer_entries: max_unrewarded_relayer_entries_at_peer_inbound_lane, + total_messages: max_unconfirmed_messages_at_inbound_lane, + ..Default::default() + }, + ); + assert!( + max_confirmation_transaction_dispatch_weight.all_lte(max_extrinsic_weight), + "Weight of maximal confirmation transaction {max_confirmation_transaction_dispatch_weight} is larger than maximal possible transaction weight {max_extrinsic_weight}", + ); +} + +/// Panics if `proof_size` of message delivery call depends on the message proof size. +fn messages_proof_size_does_not_affect_proof_size() { + let dispatch_weight = Weight::zero(); + let weight_when_proof_size_is_8k = + W::receive_messages_proof_weight(&PreComputedSize(8 * 1024), 1, dispatch_weight); + let weight_when_proof_size_is_16k = + W::receive_messages_proof_weight(&PreComputedSize(16 * 1024), 1, dispatch_weight); + + ensure_weight_components_are_not_zero(weight_when_proof_size_is_8k); + ensure_weight_components_are_not_zero(weight_when_proof_size_is_16k); + ensure_proof_size_is_the_same( + weight_when_proof_size_is_8k, + weight_when_proof_size_is_16k, + "Messages proof size does not affect values that we read from our storage", + ); +} + +/// Panics if `proof_size` of message delivery call depends on the messages count. +/// +/// In practice, it will depend on the messages count, because most probably every +/// message will read something from db during dispatch. But this must be accounted +/// by the `dispatch_weight`. +fn messages_count_does_not_affect_proof_size() { + let messages_proof_size = PreComputedSize(8 * 1024); + let dispatch_weight = Weight::zero(); + let weight_of_one_incoming_message = + W::receive_messages_proof_weight(&messages_proof_size, 1, dispatch_weight); + let weight_of_two_incoming_messages = + W::receive_messages_proof_weight(&messages_proof_size, 2, dispatch_weight); + + ensure_weight_components_are_not_zero(weight_of_one_incoming_message); + ensure_weight_components_are_not_zero(weight_of_two_incoming_messages); + ensure_proof_size_is_the_same( + weight_of_one_incoming_message, + weight_of_two_incoming_messages, + "Number of same-lane incoming messages does not affect values that we read from our storage", + ); +} + +/// Panics if `proof_size` of delivery confirmation call depends on the delivery proof size. +fn messages_delivery_proof_size_does_not_affect_proof_size() { + let relayers_state = UnrewardedRelayersState { + unrewarded_relayer_entries: 1, + messages_in_oldest_entry: 1, + total_messages: 1, + last_delivered_nonce: 1, + }; + let weight_when_proof_size_is_8k = + W::receive_messages_delivery_proof_weight(&PreComputedSize(8 * 1024), &relayers_state); + let weight_when_proof_size_is_16k = + W::receive_messages_delivery_proof_weight(&PreComputedSize(16 * 1024), &relayers_state); + + ensure_weight_components_are_not_zero(weight_when_proof_size_is_8k); + ensure_weight_components_are_not_zero(weight_when_proof_size_is_16k); + ensure_proof_size_is_the_same( + weight_when_proof_size_is_8k, + weight_when_proof_size_is_16k, + "Messages delivery proof size does not affect values that we read from our storage", + ); +} + +/// Panics if `proof_size` of delivery confirmation call depends on the number of confirmed +/// messages. +fn total_messages_in_delivery_proof_does_not_affect_proof_size() { + let proof_size = PreComputedSize(8 * 1024); + let weight_when_1k_messages_confirmed = W::receive_messages_delivery_proof_weight( + &proof_size, + &UnrewardedRelayersState { + unrewarded_relayer_entries: 1, + messages_in_oldest_entry: 1, + total_messages: 1024, + last_delivered_nonce: 1, + }, + ); + let weight_when_2k_messages_confirmed = W::receive_messages_delivery_proof_weight( + &proof_size, + &UnrewardedRelayersState { + unrewarded_relayer_entries: 1, + messages_in_oldest_entry: 1, + total_messages: 2048, + last_delivered_nonce: 1, + }, + ); + + ensure_weight_components_are_not_zero(weight_when_1k_messages_confirmed); + ensure_weight_components_are_not_zero(weight_when_2k_messages_confirmed); + ensure_proof_size_is_the_same( + weight_when_1k_messages_confirmed, + weight_when_2k_messages_confirmed, + "More messages in delivery proof does not affect values that we read from our storage", + ); +} + +/// Panics if either Weight' `proof_size` or `ref_time` are zero. +fn ensure_weight_components_are_not_zero(weight: Weight) { + assert_ne!(weight.ref_time(), 0); + assert_ne!(weight.proof_size(), 0); +} + +/// Panics if `proof_size` of `weight1` is not equal to `proof_size` of `weight2`. +fn ensure_proof_size_is_the_same(weight1: Weight, weight2: Weight, msg: &str) { + assert_eq!( + weight1.proof_size(), + weight2.proof_size(), + "{msg}: {} must be equal to {}", + weight1.proof_size(), + weight2.proof_size(), + ); +} + +/// Extended weight info. +pub trait WeightInfoExt: WeightInfo { + /// Size of proof that is already included in the single message delivery weight. + /// + /// The message submitter (at source chain) has already covered this cost. But there are two + /// factors that may increase proof size: (1) the message size may be larger than predefined + /// and (2) relayer may add extra trie nodes to the proof. So if proof size is larger than + /// this value, we're going to charge relayer for that. + fn expected_extra_storage_proof_size() -> u32; + + // Our configuration assumes that the runtime has special signed extensions used to: + // + // 1) reject obsolete delivery and confirmation transactions; + // + // 2) refund transaction cost to relayer and register his rewards. + // + // The checks in (1) are trivial, so its computation weight may be ignored. And we only touch + // storage values that are read during the call. So we may ignore the weight of this check. + // + // However, during (2) we read and update storage values of other pallets + // (`pallet-bridge-relayers` and balances/assets pallet). So we need to add this weight to the + // weight of our call. Hence two following methods. + + /// Extra weight that is added to the `receive_messages_proof` call weight by signed extensions + /// that are declared at runtime level. + fn receive_messages_proof_overhead_from_runtime() -> Weight; + + /// Extra weight that is added to the `receive_messages_delivery_proof` call weight by signed + /// extensions that are declared at runtime level. + fn receive_messages_delivery_proof_overhead_from_runtime() -> Weight; + + // Functions that are directly mapped to extrinsics weights. + + /// Weight of message delivery extrinsic. + fn receive_messages_proof_weight( + proof: &impl Size, + messages_count: u32, + dispatch_weight: Weight, + ) -> Weight { + // basic components of extrinsic weight + let transaction_overhead = Self::receive_messages_proof_overhead(); + let transaction_overhead_from_runtime = + Self::receive_messages_proof_overhead_from_runtime(); + let outbound_state_delivery_weight = + Self::receive_messages_proof_outbound_lane_state_overhead(); + let messages_delivery_weight = + Self::receive_messages_proof_messages_overhead(MessageNonce::from(messages_count)); + let messages_dispatch_weight = dispatch_weight; + + // proof size overhead weight + let expected_proof_size = EXPECTED_DEFAULT_MESSAGE_LENGTH + .saturating_mul(messages_count.saturating_sub(1)) + .saturating_add(Self::expected_extra_storage_proof_size()); + let actual_proof_size = proof.size(); + let proof_size_overhead = Self::storage_proof_size_overhead( + actual_proof_size.saturating_sub(expected_proof_size), + ); + + transaction_overhead + .saturating_add(transaction_overhead_from_runtime) + .saturating_add(outbound_state_delivery_weight) + .saturating_add(messages_delivery_weight) + .saturating_add(messages_dispatch_weight) + .saturating_add(proof_size_overhead) + } + + /// Weight of confirmation delivery extrinsic. + fn receive_messages_delivery_proof_weight( + proof: &impl Size, + relayers_state: &UnrewardedRelayersState, + ) -> Weight { + // basic components of extrinsic weight + let transaction_overhead = Self::receive_messages_delivery_proof_overhead(); + let transaction_overhead_from_runtime = + Self::receive_messages_delivery_proof_overhead_from_runtime(); + let messages_overhead = + Self::receive_messages_delivery_proof_messages_overhead(relayers_state.total_messages); + let relayers_overhead = Self::receive_messages_delivery_proof_relayers_overhead( + relayers_state.unrewarded_relayer_entries, + ); + + // proof size overhead weight + let expected_proof_size = Self::expected_extra_storage_proof_size(); + let actual_proof_size = proof.size(); + let proof_size_overhead = Self::storage_proof_size_overhead( + actual_proof_size.saturating_sub(expected_proof_size), + ); + + transaction_overhead + .saturating_add(transaction_overhead_from_runtime) + .saturating_add(messages_overhead) + .saturating_add(relayers_overhead) + .saturating_add(proof_size_overhead) + } + + // Functions that are used by extrinsics weights formulas. + + /// Returns weight overhead of message delivery transaction (`receive_messages_proof`). + fn receive_messages_proof_overhead() -> Weight { + let weight_of_two_messages_and_two_tx_overheads = + Self::receive_single_message_proof().saturating_mul(2); + let weight_of_two_messages_and_single_tx_overhead = Self::receive_two_messages_proof(); + weight_of_two_messages_and_two_tx_overheads + .saturating_sub(weight_of_two_messages_and_single_tx_overhead) + } + + /// Returns weight that needs to be accounted when receiving given a number of messages with + /// message delivery transaction (`receive_messages_proof`). + fn receive_messages_proof_messages_overhead(messages: MessageNonce) -> Weight { + let weight_of_two_messages_and_single_tx_overhead = Self::receive_two_messages_proof(); + let weight_of_single_message_and_single_tx_overhead = Self::receive_single_message_proof(); + weight_of_two_messages_and_single_tx_overhead + .saturating_sub(weight_of_single_message_and_single_tx_overhead) + .saturating_mul(messages as _) + } + + /// Returns weight that needs to be accounted when message delivery transaction + /// (`receive_messages_proof`) is carrying outbound lane state proof. + fn receive_messages_proof_outbound_lane_state_overhead() -> Weight { + let weight_of_single_message_and_lane_state = + Self::receive_single_message_proof_with_outbound_lane_state(); + let weight_of_single_message = Self::receive_single_message_proof(); + weight_of_single_message_and_lane_state.saturating_sub(weight_of_single_message) + } + + /// Returns weight overhead of delivery confirmation transaction + /// (`receive_messages_delivery_proof`). + fn receive_messages_delivery_proof_overhead() -> Weight { + let weight_of_two_messages_and_two_tx_overheads = + Self::receive_delivery_proof_for_single_message().saturating_mul(2); + let weight_of_two_messages_and_single_tx_overhead = + Self::receive_delivery_proof_for_two_messages_by_single_relayer(); + weight_of_two_messages_and_two_tx_overheads + .saturating_sub(weight_of_two_messages_and_single_tx_overhead) + } + + /// Returns weight that needs to be accounted when receiving confirmations for given a number of + /// messages with delivery confirmation transaction (`receive_messages_delivery_proof`). + fn receive_messages_delivery_proof_messages_overhead(messages: MessageNonce) -> Weight { + let weight_of_two_messages = + Self::receive_delivery_proof_for_two_messages_by_single_relayer(); + let weight_of_single_message = Self::receive_delivery_proof_for_single_message(); + weight_of_two_messages + .saturating_sub(weight_of_single_message) + .saturating_mul(messages as _) + } + + /// Returns weight that needs to be accounted when receiving confirmations for given a number of + /// relayers entries with delivery confirmation transaction (`receive_messages_delivery_proof`). + fn receive_messages_delivery_proof_relayers_overhead(relayers: MessageNonce) -> Weight { + let weight_of_two_messages_by_two_relayers = + Self::receive_delivery_proof_for_two_messages_by_two_relayers(); + let weight_of_two_messages_by_single_relayer = + Self::receive_delivery_proof_for_two_messages_by_single_relayer(); + weight_of_two_messages_by_two_relayers + .saturating_sub(weight_of_two_messages_by_single_relayer) + .saturating_mul(relayers as _) + } + + /// Returns weight that needs to be accounted when storage proof of given size is received + /// (either in `receive_messages_proof` or `receive_messages_delivery_proof`). + /// + /// **IMPORTANT**: this overhead is already included in the 'base' transaction cost - e.g. proof + /// size depends on messages count or number of entries in the unrewarded relayers set. So this + /// shouldn't be added to cost of transaction, but instead should act as a minimal cost that the + /// relayer must pay when it relays proof of given size (even if cost based on other parameters + /// is less than that cost). + fn storage_proof_size_overhead(proof_size: u32) -> Weight { + let proof_size_in_bytes = proof_size; + let byte_weight = (Self::receive_single_message_proof_16_kb() - + Self::receive_single_message_proof_1_kb()) / + (15 * 1024); + proof_size_in_bytes * byte_weight + } + + // Functions that may be used by runtime developers. + + /// Returns dispatch weight of message of given size. + /// + /// This function would return correct value only if your runtime is configured to run + /// `receive_single_message_proof_with_dispatch` benchmark. See its requirements for + /// details. + fn message_dispatch_weight(message_size: u32) -> Weight { + // There may be a tiny overweight/underweight here, because we don't account how message + // size affects all steps before dispatch. But the effect should be small enough and we + // may ignore it. + Self::receive_single_message_proof_with_dispatch(message_size) + .saturating_sub(Self::receive_single_message_proof()) + } +} + +impl WeightInfoExt for () { + fn expected_extra_storage_proof_size() -> u32 { + EXTRA_STORAGE_PROOF_SIZE + } + + fn receive_messages_proof_overhead_from_runtime() -> Weight { + Weight::zero() + } + + fn receive_messages_delivery_proof_overhead_from_runtime() -> Weight { + Weight::zero() + } +} + +impl WeightInfoExt for crate::weights::BridgeWeight { + fn expected_extra_storage_proof_size() -> u32 { + EXTRA_STORAGE_PROOF_SIZE + } + + fn receive_messages_proof_overhead_from_runtime() -> Weight { + Weight::zero() + } + + fn receive_messages_delivery_proof_overhead_from_runtime() -> Weight { + Weight::zero() + } +} + +#[cfg(test)] +mod tests { + use super::*; + use crate::{mock::TestRuntime, weights::BridgeWeight}; + + #[test] + fn ensure_default_weights_are_correct() { + ensure_weights_are_correct::>(); + } +} diff --git a/bridges/modules/parachains/Cargo.toml b/bridges/modules/parachains/Cargo.toml new file mode 100644 index 00000000000..d8c89b79991 --- /dev/null +++ b/bridges/modules/parachains/Cargo.toml @@ -0,0 +1,60 @@ +[package] +name = "pallet-bridge-parachains" +version = "0.1.0" +authors = ["Parity Technologies "] +edition = "2021" +license = "GPL-3.0-or-later WITH Classpath-exception-2.0" + +[dependencies] +codec = { package = "parity-scale-codec", version = "3.1.5", default-features = false } +log = { version = "0.4.17", default-features = false } +scale-info = { version = "2.6.0", default-features = false, features = ["derive"] } + +# Bridge Dependencies + +bp-header-chain = { path = "../../primitives/header-chain", default-features = false } +bp-parachains = { path = "../../primitives/parachains", default-features = false } +bp-polkadot-core = { path = "../../primitives/polkadot-core", default-features = false } +bp-runtime = { path = "../../primitives/runtime", default-features = false } +pallet-bridge-grandpa = { path = "../grandpa", default-features = false } + +# Substrate Dependencies + +frame-benchmarking = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false, optional = true } +frame-support = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +frame-system = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-runtime = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-std = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-trie = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } + +[dev-dependencies] +bp-header-chain = { path = "../../primitives/header-chain" } +bp-test-utils = { path = "../../primitives/test-utils" } +sp-core = { git = "https://github.com/paritytech/substrate", branch = "master" } +sp-io = { git = "https://github.com/paritytech/substrate", branch = "master" } + +[features] +default = ["std"] +std = [ + "bp-header-chain/std", + "bp-parachains/std", + "bp-polkadot-core/std", + "bp-runtime/std", + "codec/std", + "frame-support/std", + "frame-system/std", + "frame-benchmarking/std", + "log/std", + "pallet-bridge-grandpa/std", + "scale-info/std", + "sp-runtime/std", + "sp-std/std", + "sp-trie/std", +] +runtime-benchmarks = [ + "frame-benchmarking/runtime-benchmarks", +] +try-runtime = [ + "frame-support/try-runtime", + "frame-system/try-runtime", +] diff --git a/bridges/modules/parachains/README.md b/bridges/modules/parachains/README.md new file mode 100644 index 00000000000..5982c65ad31 --- /dev/null +++ b/bridges/modules/parachains/README.md @@ -0,0 +1,90 @@ +# Bridge Parachains Pallet + +The bridge parachains pallet is a light client for one or several parachains of the bridged relay chain. +It serves as a source of finalized parachain headers and is used when you need to build a bridge with +a parachain. + +The pallet requires [bridge GRANDPA pallet](../grandpa/) to be deployed at the same chain - it is used +to verify storage proofs, generated at the bridged relay chain. + +## A Brief Introduction into Parachains Finality + +You can find detailed information on parachains finality in the [Polkadot](https://github.com/paritytech/polkadot) +and [Cumulus](https://github.com/paritytech/cumulus) repositories. This section gives a brief overview of how +the parachain finality works and how to build a light client for a parachain. + +The main thing there is that the parachain generates blocks on its own, but it can't achieve finality without +help of its relay chain. Instead, the parachain collators create a block and hand it over to the relay chain +validators. Validators validate the block and register the new parachain head in the +[`Heads` map](https://github.com/paritytech/polkadot/blob/88013730166ba90745ae7c9eb3e0c1be1513c7cc/runtime/parachains/src/paras/mod.rs#L645) +of the [`paras`](https://github.com/paritytech/polkadot/tree/master/runtime/parachains/src/paras) pallet, +deployed at the relay chain. Keep in mind that this pallet, deployed at a relay chain, is **NOT** a bridge pallet, +even though the names are similar. + +And what the bridge parachains pallet does, is simply verifying storage proofs of parachain heads within that +`Heads` map. It does that using relay chain header, that has been previously imported by the +[bridge GRANDPA pallet](../grandpa/). Once the proof is verified, the pallet knows that the given parachain +header has been finalized by the relay chain. The parachain header fields may then be used to verify storage +proofs, coming from the parachain. This allows the pallet to be used e.g. as a source of finality for the messages +pallet. + +## Pallet Operations + +The main entrypoint of the pallet is the `submit_parachain_heads` call. It has three arguments: + +- storage proof of parachain heads from the `Heads` map; + +- parachain identifiers and hashes of their heads from the storage proof; + +- the relay block, at which the storage proof has been generated. + +The pallet may track multiple parachains. And the parachains may use different primitives - one may use 128-bit block +numbers, other - 32-bit. To avoid extra decode operations, the pallet is using relay chain block number to order +parachain headers. Any finalized descendant of finalized relay block `RB`, which has parachain block `PB` in +its `Heads` map, is guaranteed to have either `PB`, or its descendant. So parachain block number grows with relay +block number. + +The pallet may reject parachain head if it already knows better (or the same) head. In addition, pallet rejects +heads of untracked parachains. + +The pallet doesn't track anything behind parachain heads. So it requires no initialization - it is ready to accept +headers right after deployment. + +## Non-Essential Functionality + +There may be a special account in every runtime where the bridge parachains module is deployed. This +account, named 'module owner', is like a module-level sudo account - he's able to halt and +resume all module operations without requiring runtime upgrade. Calls that are related to this +account are: + +- `fn set_owner()`: current module owner may call it to transfer "ownership" to another account; + +- `fn set_operating_mode()`: the module owner (or sudo account) may call this function to stop all + module operations. After this call, all finality proofs will be rejected until further `set_operating_mode` call'. + This call may be used when something extraordinary happens with the bridge. + +If pallet owner is not defined, the governance may be used to make those calls. + +## Signed Extension to Reject Obsolete Headers + +It'd be better for anyone (for chain and for submitters) to reject all transactions that are submitting +already known parachain heads to the pallet. This way, we leave block space to other useful transactions and +we don't charge concurrent submitters for their honest actions. + +To deal with that, we have a [signed extension](./src/call_ext) that may be added to the runtime. +It does exactly what is required - rejects all transactions with already known heads. The submitter +pays nothing for such transactions - they're simply removed from the transaction pool, when the block +is built. + +The signed extension, however, is a bit limited - it only works with transactions that provide single +parachain head. So it won't work with multiple parachain heads transactions. This fits our needs +for [Kusama <> Polkadot bridge](../../docs/polkadot-kusama-bridge-overview.md). If you need to deal +with other transaction formats, you may implement similar extension for your runtime. + +You may also take a look at the [`generate_bridge_reject_obsolete_headers_and_messages`](../../bin/runtime-common/src/lib.rs) +macro that bundles several similar signed extensions in a single one. + +## Parachains Finality Relay + +We have an offchain actor, who is watching for new parachain heads and submits them to the bridged chain. +It is the parachains relay - you may look at the [crate level documentation and the code](../../relays/parachains/). diff --git a/bridges/modules/parachains/src/benchmarking.rs b/bridges/modules/parachains/src/benchmarking.rs new file mode 100644 index 00000000000..59c4642cde9 --- /dev/null +++ b/bridges/modules/parachains/src/benchmarking.rs @@ -0,0 +1,116 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Parachains finality pallet benchmarking. + +use crate::{ + weights_ext::DEFAULT_PARACHAIN_HEAD_SIZE, Call, RelayBlockHash, RelayBlockHasher, + RelayBlockNumber, +}; + +use bp_polkadot_core::parachains::{ParaHash, ParaHeadsProof, ParaId}; +use bp_runtime::StorageProofSize; +use frame_benchmarking::{account, benchmarks_instance_pallet}; +use frame_system::RawOrigin; +use sp_std::prelude::*; + +/// Pallet we're benchmarking here. +pub struct Pallet, I: 'static = ()>(crate::Pallet); + +/// Trait that must be implemented by runtime to benchmark the parachains finality pallet. +pub trait Config: crate::Config { + /// Returns vector of supported parachains. + fn parachains() -> Vec; + /// Generate parachain heads proof and prepare environment for verifying this proof. + fn prepare_parachain_heads_proof( + parachains: &[ParaId], + parachain_head_size: u32, + proof_size: StorageProofSize, + ) -> (RelayBlockNumber, RelayBlockHash, ParaHeadsProof, Vec<(ParaId, ParaHash)>); +} + +benchmarks_instance_pallet! { + where_clause { + where + >::BridgedChain: + bp_runtime::Chain< + BlockNumber = RelayBlockNumber, + Hash = RelayBlockHash, + Hasher = RelayBlockHasher, + >, + } + + // Benchmark `submit_parachain_heads` extrinsic with different number of parachains. + submit_parachain_heads_with_n_parachains { + let p in 1..(T::parachains().len() + 1) as u32; + + let sender = account("sender", 0, 0); + let mut parachains = T::parachains(); + let _ = if p <= parachains.len() as u32 { + parachains.split_off(p as usize) + } else { + Default::default() + }; + log::trace!(target: crate::LOG_TARGET, "=== {:?}", parachains.len()); + let (relay_block_number, relay_block_hash, parachain_heads_proof, parachains_heads) = T::prepare_parachain_heads_proof( + ¶chains, + DEFAULT_PARACHAIN_HEAD_SIZE, + StorageProofSize::Minimal(0), + ); + let at_relay_block = (relay_block_number, relay_block_hash); + }: submit_parachain_heads(RawOrigin::Signed(sender), at_relay_block, parachains_heads, parachain_heads_proof) + verify { + for parachain in parachains { + assert!(crate::Pallet::::best_parachain_head(parachain).is_some()); + } + } + + // Benchmark `submit_parachain_heads` extrinsic with 1kb proof size. + submit_parachain_heads_with_1kb_proof { + let sender = account("sender", 0, 0); + let parachains = vec![T::parachains()[0]]; + let (relay_block_number, relay_block_hash, parachain_heads_proof, parachains_heads) = T::prepare_parachain_heads_proof( + ¶chains, + DEFAULT_PARACHAIN_HEAD_SIZE, + StorageProofSize::HasLargeLeaf(1024), + ); + let at_relay_block = (relay_block_number, relay_block_hash); + }: submit_parachain_heads(RawOrigin::Signed(sender), at_relay_block, parachains_heads, parachain_heads_proof) + verify { + for parachain in parachains { + assert!(crate::Pallet::::best_parachain_head(parachain).is_some()); + } + } + + // Benchmark `submit_parachain_heads` extrinsic with 16kb proof size. + submit_parachain_heads_with_16kb_proof { + let sender = account("sender", 0, 0); + let parachains = vec![T::parachains()[0]]; + let (relay_block_number, relay_block_hash, parachain_heads_proof, parachains_heads) = T::prepare_parachain_heads_proof( + ¶chains, + DEFAULT_PARACHAIN_HEAD_SIZE, + StorageProofSize::HasLargeLeaf(16 * 1024), + ); + let at_relay_block = (relay_block_number, relay_block_hash); + }: submit_parachain_heads(RawOrigin::Signed(sender), at_relay_block, parachains_heads, parachain_heads_proof) + verify { + for parachain in parachains { + assert!(crate::Pallet::::best_parachain_head(parachain).is_some()); + } + } + + impl_benchmark_test_suite!(Pallet, crate::mock::new_test_ext(), crate::mock::TestRuntime) +} diff --git a/bridges/modules/parachains/src/call_ext.rs b/bridges/modules/parachains/src/call_ext.rs new file mode 100644 index 00000000000..ee3770146c2 --- /dev/null +++ b/bridges/modules/parachains/src/call_ext.rs @@ -0,0 +1,243 @@ +// Copyright 2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +use crate::{Config, Pallet, RelayBlockNumber}; +use bp_parachains::BestParaHeadHash; +use bp_polkadot_core::parachains::{ParaHash, ParaId}; +use frame_support::{dispatch::CallableCallFor, traits::IsSubType, RuntimeDebug}; +use sp_runtime::transaction_validity::{InvalidTransaction, TransactionValidity, ValidTransaction}; + +/// Info about a `SubmitParachainHeads` call which tries to update a single parachain. +#[derive(PartialEq, RuntimeDebug)] +pub struct SubmitParachainHeadsInfo { + /// Number of the finalized relay block that has been used to prove parachain finality. + pub at_relay_block_number: RelayBlockNumber, + /// Parachain identifier. + pub para_id: ParaId, + /// Hash of the bundled parachain head. + pub para_head_hash: ParaHash, +} + +/// Helper struct that provides methods for working with the `SubmitParachainHeads` call. +pub struct SubmitParachainHeadsHelper, I: 'static> { + _phantom_data: sp_std::marker::PhantomData<(T, I)>, +} + +impl, I: 'static> SubmitParachainHeadsHelper { + /// Check if the para head provided by the `SubmitParachainHeads` is better than the best one + /// we know. + pub fn is_obsolete(update: &SubmitParachainHeadsInfo) -> bool { + let stored_best_head = match crate::ParasInfo::::get(update.para_id) { + Some(stored_best_head) => stored_best_head, + None => return false, + }; + + if stored_best_head.best_head_hash.at_relay_block_number >= update.at_relay_block_number { + log::trace!( + target: crate::LOG_TARGET, + "The parachain head can't be updated. The parachain head for {:?} \ + was already updated at better relay chain block {} >= {}.", + update.para_id, + stored_best_head.best_head_hash.at_relay_block_number, + update.at_relay_block_number + ); + return true + } + + if stored_best_head.best_head_hash.head_hash == update.para_head_hash { + log::trace!( + target: crate::LOG_TARGET, + "The parachain head can't be updated. The parachain head hash for {:?} \ + was already updated to {} at block {} < {}.", + update.para_id, + update.para_head_hash, + stored_best_head.best_head_hash.at_relay_block_number, + update.at_relay_block_number + ); + return true + } + + false + } + + /// Check if the `SubmitParachainHeads` was successfully executed. + pub fn was_successful(update: &SubmitParachainHeadsInfo) -> bool { + match crate::ParasInfo::::get(update.para_id) { + Some(stored_best_head) => + stored_best_head.best_head_hash == + BestParaHeadHash { + at_relay_block_number: update.at_relay_block_number, + head_hash: update.para_head_hash, + }, + None => false, + } + } +} + +/// Trait representing a call that is a sub type of this pallet's call. +pub trait CallSubType, I: 'static>: + IsSubType, T>> +{ + /// Create a new instance of `SubmitParachainHeadsInfo` from a `SubmitParachainHeads` call with + /// one single parachain entry. + fn one_entry_submit_parachain_heads_info(&self) -> Option { + if let Some(crate::Call::::submit_parachain_heads { + ref at_relay_block, + ref parachains, + .. + }) = self.is_sub_type() + { + if let &[(para_id, para_head_hash)] = parachains.as_slice() { + return Some(SubmitParachainHeadsInfo { + at_relay_block_number: at_relay_block.0, + para_id, + para_head_hash, + }) + } + } + + None + } + + /// Create a new instance of `SubmitParachainHeadsInfo` from a `SubmitParachainHeads` call with + /// one single parachain entry, if the entry is for the provided parachain id. + fn submit_parachain_heads_info_for(&self, para_id: u32) -> Option { + self.one_entry_submit_parachain_heads_info() + .filter(|update| update.para_id.0 == para_id) + } + + /// Validate parachain heads in order to avoid "mining" transactions that provide + /// outdated bridged parachain heads. Without this validation, even honest relayers + /// may lose their funds if there are multiple relays running and submitting the + /// same information. + /// + /// This validation only works with transactions that are updating single parachain + /// head. We can't use unbounded validation - it may take too long and either break + /// block production, or "eat" significant portion of block production time literally + /// for nothing. In addition, the single-parachain-head-per-transaction is how the + /// pallet will be used in our environment. + fn check_obsolete_submit_parachain_heads(&self) -> TransactionValidity + where + Self: Sized, + { + let update = match self.one_entry_submit_parachain_heads_info() { + Some(update) => update, + None => return Ok(ValidTransaction::default()), + }; + + if SubmitParachainHeadsHelper::::is_obsolete(&update) { + return InvalidTransaction::Stale.into() + } + + Ok(ValidTransaction::default()) + } +} + +impl CallSubType for T::RuntimeCall +where + T: Config, + T::RuntimeCall: IsSubType, T>>, +{ +} + +#[cfg(test)] +mod tests { + use crate::{ + mock::{run_test, RuntimeCall, TestRuntime}, + CallSubType, ParaInfo, ParasInfo, RelayBlockNumber, + }; + use bp_parachains::BestParaHeadHash; + use bp_polkadot_core::parachains::{ParaHash, ParaHeadsProof, ParaId}; + + fn validate_submit_parachain_heads( + num: RelayBlockNumber, + parachains: Vec<(ParaId, ParaHash)>, + ) -> bool { + RuntimeCall::Parachains(crate::Call::::submit_parachain_heads { + at_relay_block: (num, Default::default()), + parachains, + parachain_heads_proof: ParaHeadsProof(Vec::new()), + }) + .check_obsolete_submit_parachain_heads() + .is_ok() + } + + fn sync_to_relay_header_10() { + ParasInfo::::insert( + ParaId(1), + ParaInfo { + best_head_hash: BestParaHeadHash { + at_relay_block_number: 10, + head_hash: [1u8; 32].into(), + }, + next_imported_hash_position: 0, + }, + ); + } + + #[test] + fn extension_rejects_header_from_the_obsolete_relay_block() { + run_test(|| { + // when current best finalized is #10 and we're trying to import header#5 => tx is + // rejected + sync_to_relay_header_10(); + assert!(!validate_submit_parachain_heads(5, vec![(ParaId(1), [1u8; 32].into())])); + }); + } + + #[test] + fn extension_rejects_header_from_the_same_relay_block() { + run_test(|| { + // when current best finalized is #10 and we're trying to import header#10 => tx is + // rejected + sync_to_relay_header_10(); + assert!(!validate_submit_parachain_heads(10, vec![(ParaId(1), [1u8; 32].into())])); + }); + } + + #[test] + fn extension_rejects_header_from_new_relay_block_with_same_hash() { + run_test(|| { + // when current best finalized is #10 and we're trying to import header#10 => tx is + // rejected + sync_to_relay_header_10(); + assert!(!validate_submit_parachain_heads(20, vec![(ParaId(1), [1u8; 32].into())])); + }); + } + + #[test] + fn extension_accepts_new_header() { + run_test(|| { + // when current best finalized is #10 and we're trying to import header#15 => tx is + // accepted + sync_to_relay_header_10(); + assert!(validate_submit_parachain_heads(15, vec![(ParaId(1), [2u8; 32].into())])); + }); + } + + #[test] + fn extension_accepts_if_more_than_one_parachain_is_submitted() { + run_test(|| { + // when current best finalized is #10 and we're trying to import header#5, but another + // parachain head is also supplied => tx is accepted + sync_to_relay_header_10(); + assert!(validate_submit_parachain_heads( + 5, + vec![(ParaId(1), [1u8; 32].into()), (ParaId(2), [1u8; 32].into())] + )); + }); + } +} diff --git a/bridges/modules/parachains/src/lib.rs b/bridges/modules/parachains/src/lib.rs new file mode 100644 index 00000000000..6c89b09513c --- /dev/null +++ b/bridges/modules/parachains/src/lib.rs @@ -0,0 +1,1609 @@ +// Copyright 2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Parachains finality module. +//! +//! This module needs to be deployed with GRANDPA module, which is syncing relay +//! chain blocks. The main entry point of this module is `submit_parachain_heads`, which +//! accepts storage proof of some parachain `Heads` entries from bridged relay chain. +//! It requires corresponding relay headers to be already synced. + +#![cfg_attr(not(feature = "std"), no_std)] + +pub use weights::WeightInfo; +pub use weights_ext::WeightInfoExt; + +use bp_header_chain::{HeaderChain, HeaderChainError}; +use bp_parachains::{parachain_head_storage_key_at_source, ParaInfo, ParaStoredHeaderData}; +use bp_polkadot_core::parachains::{ParaHash, ParaHead, ParaHeadsProof, ParaId}; +use bp_runtime::{Chain, HashOf, HeaderId, HeaderIdOf, Parachain, StorageProofError}; +use frame_support::dispatch::PostDispatchInfo; +use sp_std::{marker::PhantomData, vec::Vec}; + +#[cfg(feature = "runtime-benchmarks")] +use bp_parachains::ParaStoredHeaderDataBuilder; +#[cfg(feature = "runtime-benchmarks")] +use bp_runtime::HeaderOf; +#[cfg(feature = "runtime-benchmarks")] +use codec::Encode; + +// Re-export in crate namespace for `construct_runtime!`. +pub use call_ext::*; +pub use pallet::*; + +pub mod weights; +pub mod weights_ext; + +#[cfg(feature = "runtime-benchmarks")] +pub mod benchmarking; + +mod call_ext; +#[cfg(test)] +mod mock; + +/// The target that will be used when publishing logs related to this pallet. +pub const LOG_TARGET: &str = "runtime::bridge-parachains"; + +/// Block hash of the bridged relay chain. +pub type RelayBlockHash = bp_polkadot_core::Hash; +/// Block number of the bridged relay chain. +pub type RelayBlockNumber = bp_polkadot_core::BlockNumber; +/// Hasher of the bridged relay chain. +pub type RelayBlockHasher = bp_polkadot_core::Hasher; + +/// Artifacts of the parachains head update. +struct UpdateParachainHeadArtifacts { + /// New best head of the parachain. + pub best_head: ParaInfo, + /// If `true`, some old parachain head has been pruned during update. + pub prune_happened: bool, +} + +#[frame_support::pallet] +pub mod pallet { + use super::*; + use bp_parachains::{ + BestParaHeadHash, ImportedParaHeadsKeyProvider, ParaStoredHeaderDataBuilder, + ParasInfoKeyProvider, + }; + use bp_runtime::{ + BasicOperatingMode, BoundedStorageValue, OwnedBridgeModule, StorageDoubleMapKeyProvider, + StorageMapKeyProvider, + }; + use frame_support::pallet_prelude::*; + use frame_system::pallet_prelude::*; + + /// Stored parachain head data of given parachains pallet. + pub type StoredParaHeadDataOf = + BoundedStorageValue<>::MaxParaHeadDataSize, ParaStoredHeaderData>; + /// Weight info of the given parachains pallet. + pub type WeightInfoOf = >::WeightInfo; + + #[pallet::event] + #[pallet::generate_deposit(pub(super) fn deposit_event)] + pub enum Event, I: 'static = ()> { + /// The caller has provided head of parachain that the pallet is not configured to track. + UntrackedParachainRejected { parachain: ParaId }, + /// The caller has declared that he has provided given parachain head, but it is missing + /// from the storage proof. + MissingParachainHead { parachain: ParaId }, + /// The caller has provided parachain head hash that is not matching the hash read from the + /// storage proof. + IncorrectParachainHeadHash { + parachain: ParaId, + parachain_head_hash: ParaHash, + actual_parachain_head_hash: ParaHash, + }, + /// The caller has provided obsolete parachain head, which is already known to the pallet. + RejectedObsoleteParachainHead { parachain: ParaId, parachain_head_hash: ParaHash }, + /// The caller has provided parachain head that exceeds the maximal configured head size. + RejectedLargeParachainHead { + parachain: ParaId, + parachain_head_hash: ParaHash, + parachain_head_size: u32, + }, + /// Parachain head has been updated. + UpdatedParachainHead { parachain: ParaId, parachain_head_hash: ParaHash }, + } + + #[pallet::error] + pub enum Error { + /// Relay chain block hash is unknown to us. + UnknownRelayChainBlock, + /// The number of stored relay block is different from what the relayer has provided. + InvalidRelayChainBlockNumber, + /// Error generated by a method defined in `bp-header-chain`. + HeaderChain(HeaderChainError), + /// Given parachain head is unknown. + UnknownParaHead, + /// The storage proof doesn't contains storage root. So it is invalid for given header. + StorageRootMismatch, + /// Failed to extract state root from given parachain head. + FailedToExtractStateRoot, + /// Error generated by the `OwnedBridgeModule` trait. + BridgeModule(bp_runtime::OwnedBridgeModuleError), + } + + /// Convenience trait for defining `BridgedChain` bounds. + pub trait BoundedBridgeGrandpaConfig: + pallet_bridge_grandpa::Config + { + type BridgedRelayChain: Chain< + BlockNumber = RelayBlockNumber, + Hash = RelayBlockHash, + Hasher = RelayBlockHasher, + >; + } + + impl BoundedBridgeGrandpaConfig for T + where + T: pallet_bridge_grandpa::Config, + T::BridgedChain: + Chain, + { + type BridgedRelayChain = T::BridgedChain; + } + + #[pallet::config] + #[pallet::disable_frame_system_supertrait_check] + pub trait Config: + BoundedBridgeGrandpaConfig + { + /// The overarching event type. + type RuntimeEvent: From> + + IsType<::RuntimeEvent>; + /// Benchmarks results from runtime we're plugged into. + type WeightInfo: WeightInfoExt; + + /// Instance of bridges GRANDPA pallet (within this runtime) that this pallet is linked to. + /// + /// The GRANDPA pallet instance must be configured to import headers of relay chain that + /// we're interested in. + type BridgesGrandpaPalletInstance: 'static; + + /// Name of the original `paras` pallet in the `construct_runtime!()` call at the bridged + /// chain. + /// + /// Please keep in mind that this should be the name of the `runtime_parachains::paras` + /// pallet from polkadot repository, not the `pallet-bridge-parachains`. + #[pallet::constant] + type ParasPalletName: Get<&'static str>; + + /// Parachain head data builder. + /// + /// We never store parachain heads here, since they may be too big (e.g. because of large + /// digest items). Instead we're using the same approach as `pallet-bridge-grandpa` + /// pallet - we are only storing `bp_messages::StoredHeaderData` (number and state root), + /// which is enough for our applications. However, we work with different parachains here + /// and they can use different primitives (for block numbers and hash). So we can't store + /// it directly. Instead, we're storing `bp_messages::StoredHeaderData` in SCALE-encoded + /// form, wrapping it into `bp_parachains::ParaStoredHeaderData`. + /// + /// This builder helps to convert from `HeadData` to `bp_parachains::ParaStoredHeaderData`. + type ParaStoredHeaderDataBuilder: ParaStoredHeaderDataBuilder; + + /// Maximal number of single parachain heads to keep in the storage. + /// + /// The setting is there to prevent growing the on-chain state indefinitely. Note + /// the setting does not relate to parachain block numbers - we will simply keep as much + /// items in the storage, so it doesn't guarantee any fixed timeframe for heads. + /// + /// Incautious change of this constant may lead to orphan entries in the runtime storage. + #[pallet::constant] + type HeadsToKeep: Get; + + /// Maximal size (in bytes) of the SCALE-encoded parachain head data + /// (`bp_parachains::ParaStoredHeaderData`). + /// + /// Keep in mind that the size of any tracked parachain header data must not exceed this + /// value. So if you're going to track multiple parachains, one of which is using large + /// hashes, you shall choose this maximal value. + /// + /// There's no mandatory headers in this pallet, so it can't stall if there's some header + /// that exceeds this bound. + #[pallet::constant] + type MaxParaHeadDataSize: Get; + } + + /// Optional pallet owner. + /// + /// Pallet owner has a right to halt all pallet operations and then resume them. If it is + /// `None`, then there are no direct ways to halt/resume pallet operations, but other + /// runtime methods may still be used to do that (i.e. democracy::referendum to update halt + /// flag directly or call the `halt_operations`). + #[pallet::storage] + pub type PalletOwner, I: 'static = ()> = + StorageValue<_, T::AccountId, OptionQuery>; + + /// The current operating mode of the pallet. + /// + /// Depending on the mode either all, or no transactions will be allowed. + #[pallet::storage] + pub type PalletOperatingMode, I: 'static = ()> = + StorageValue<_, BasicOperatingMode, ValueQuery>; + + /// Parachains info. + /// + /// Contains the following info: + /// - best parachain head hash + /// - the head of the `ImportedParaHashes` ring buffer + #[pallet::storage] + pub type ParasInfo, I: 'static = ()> = StorageMap< + Hasher = ::Hasher, + Key = ::Key, + Value = ::Value, + QueryKind = OptionQuery, + OnEmpty = GetDefault, + MaxValues = MaybeMaxParachains, + >; + + /// State roots of parachain heads which have been imported into the pallet. + #[pallet::storage] + pub type ImportedParaHeads, I: 'static = ()> = StorageDoubleMap< + Hasher1 = ::Hasher1, + Key1 = ::Key1, + Hasher2 = ::Hasher2, + Key2 = ::Key2, + Value = StoredParaHeadDataOf, + QueryKind = OptionQuery, + OnEmpty = GetDefault, + MaxValues = MaybeMaxTotalParachainHashes, + >; + + /// A ring buffer of imported parachain head hashes. Ordered by the insertion time. + #[pallet::storage] + pub(super) type ImportedParaHashes, I: 'static = ()> = StorageDoubleMap< + Hasher1 = Blake2_128Concat, + Key1 = ParaId, + Hasher2 = Twox64Concat, + Key2 = u32, + Value = ParaHash, + QueryKind = OptionQuery, + OnEmpty = GetDefault, + MaxValues = MaybeMaxTotalParachainHashes, + >; + + #[pallet::pallet] + pub struct Pallet(PhantomData<(T, I)>); + + impl, I: 'static> OwnedBridgeModule for Pallet { + const LOG_TARGET: &'static str = LOG_TARGET; + type OwnerStorage = PalletOwner; + type OperatingMode = BasicOperatingMode; + type OperatingModeStorage = PalletOperatingMode; + } + + #[pallet::call] + impl, I: 'static> Pallet { + /// Submit proof of one or several parachain heads. + /// + /// The proof is supposed to be proof of some `Heads` entries from the + /// `polkadot-runtime-parachains::paras` pallet instance, deployed at the bridged chain. + /// The proof is supposed to be crafted at the `relay_header_hash` that must already be + /// imported by corresponding GRANDPA pallet at this chain. + /// + /// The call fails if: + /// + /// - the pallet is halted; + /// + /// - the relay chain block `at_relay_block` is not imported by the associated bridge + /// GRANDPA pallet. + /// + /// The call may succeed, but some heads may not be updated e.g. because pallet knows + /// better head or it isn't tracked by the pallet. + #[pallet::call_index(0)] + #[pallet::weight(WeightInfoOf::::submit_parachain_heads_weight( + T::DbWeight::get(), + parachain_heads_proof, + parachains.len() as _, + ))] + pub fn submit_parachain_heads( + _origin: OriginFor, + at_relay_block: (RelayBlockNumber, RelayBlockHash), + parachains: Vec<(ParaId, ParaHash)>, + parachain_heads_proof: ParaHeadsProof, + ) -> DispatchResultWithPostInfo { + Self::ensure_not_halted().map_err(Error::::BridgeModule)?; + + // we'll need relay chain header to verify that parachains heads are always increasing. + let (relay_block_number, relay_block_hash) = at_relay_block; + let relay_block = pallet_bridge_grandpa::ImportedHeaders::< + T, + T::BridgesGrandpaPalletInstance, + >::get(relay_block_hash) + .ok_or(Error::::UnknownRelayChainBlock)?; + ensure!( + relay_block.number == relay_block_number, + Error::::InvalidRelayChainBlockNumber, + ); + + // now parse storage proof and read parachain heads + let mut actual_weight = WeightInfoOf::::submit_parachain_heads_weight( + T::DbWeight::get(), + ¶chain_heads_proof, + parachains.len() as _, + ); + + pallet_bridge_grandpa::Pallet::::parse_finalized_storage_proof( + relay_block_hash, + parachain_heads_proof.0, + move |mut storage| { + for (parachain, parachain_head_hash) in parachains { + let parachain_head = match Pallet::::read_parachain_head(&mut storage, parachain) { + Ok(Some(parachain_head)) => parachain_head, + Ok(None) => { + log::trace!( + target: LOG_TARGET, + "The head of parachain {:?} is None. {}", + parachain, + if ParasInfo::::contains_key(parachain) { + "Looks like it is not yet registered at the source relay chain" + } else { + "Looks like it has been deregistered from the source relay chain" + }, + ); + Self::deposit_event(Event::MissingParachainHead { parachain }); + continue; + }, + Err(e) => { + log::trace!( + target: LOG_TARGET, + "The read of head of parachain {:?} has failed: {:?}", + parachain, + e, + ); + Self::deposit_event(Event::MissingParachainHead { parachain }); + continue; + }, + }; + + // if relayer has specified invalid parachain head hash, ignore the head + // (this isn't strictly necessary, but better safe than sorry) + let actual_parachain_head_hash = parachain_head.hash(); + if parachain_head_hash != actual_parachain_head_hash { + log::trace!( + target: LOG_TARGET, + "The submitter has specified invalid parachain {:?} head hash: {:?} vs {:?}", + parachain, + parachain_head_hash, + actual_parachain_head_hash, + ); + Self::deposit_event(Event::IncorrectParachainHeadHash { + parachain, + parachain_head_hash, + actual_parachain_head_hash, + }); + continue; + } + + // convert from parachain head into stored parachain head data + let parachain_head_data = match T::ParaStoredHeaderDataBuilder::try_build( + parachain, + ¶chain_head, + ) { + Some(parachain_head_data) => parachain_head_data, + None => { + log::trace!( + target: LOG_TARGET, + "The head of parachain {:?} has been provided, but it is not tracked by the pallet", + parachain, + ); + Self::deposit_event(Event::UntrackedParachainRejected { parachain }); + continue; + }, + }; + + let update_result: Result<_, ()> = ParasInfo::::try_mutate(parachain, |stored_best_head| { + let artifacts = Pallet::::update_parachain_head( + parachain, + stored_best_head.take(), + relay_block_number, + parachain_head_data, + parachain_head_hash, + )?; + *stored_best_head = Some(artifacts.best_head); + Ok(artifacts.prune_happened) + }); + + // we're refunding weight if update has not happened and if pruning has not happened + let is_update_happened = matches!(update_result, Ok(_)); + if !is_update_happened { + actual_weight = actual_weight + .saturating_sub(WeightInfoOf::::parachain_head_storage_write_weight(T::DbWeight::get())); + } + let is_prune_happened = matches!(update_result, Ok(true)); + if !is_prune_happened { + actual_weight = actual_weight + .saturating_sub(WeightInfoOf::::parachain_head_pruning_weight(T::DbWeight::get())); + } + } + + // even though we may have accepted some parachain heads, we can't allow relayers to submit + // proof with unused trie nodes + // => treat this as an error + // + // (we can throw error here, because now all our calls are transactional) + storage.ensure_no_unused_nodes() + }, + ) + .and_then(|r| r.map_err(HeaderChainError::StorageProof)) + .map_err(|e| { + log::trace!(target: LOG_TARGET, "Parachain heads storage proof is invalid: {:?}", e); + Error::::HeaderChain(e) + })?; + + Ok(PostDispatchInfo { actual_weight: Some(actual_weight), pays_fee: Pays::Yes }) + } + + /// Change `PalletOwner`. + /// + /// May only be called either by root, or by `PalletOwner`. + #[pallet::call_index(1)] + #[pallet::weight((T::DbWeight::get().reads_writes(1, 1), DispatchClass::Operational))] + pub fn set_owner(origin: OriginFor, new_owner: Option) -> DispatchResult { + >::set_owner(origin, new_owner) + } + + /// Halt or resume all pallet operations. + /// + /// May only be called either by root, or by `PalletOwner`. + #[pallet::call_index(2)] + #[pallet::weight((T::DbWeight::get().reads_writes(1, 1), DispatchClass::Operational))] + pub fn set_operating_mode( + origin: OriginFor, + operating_mode: BasicOperatingMode, + ) -> DispatchResult { + >::set_operating_mode(origin, operating_mode) + } + } + + impl, I: 'static> Pallet { + /// Get stored parachain info. + pub fn best_parachain_info(parachain: ParaId) -> Option { + ParasInfo::::get(parachain) + } + + /// Get best finalized head data of the given parachain. + pub fn best_parachain_head(parachain: ParaId) -> Option { + let best_para_head_hash = ParasInfo::::get(parachain)?.best_head_hash.head_hash; + ImportedParaHeads::::get(parachain, best_para_head_hash).map(|h| h.into_inner()) + } + + /// Get best finalized head hash of the given parachain. + pub fn best_parachain_head_hash(parachain: ParaId) -> Option { + Some(ParasInfo::::get(parachain)?.best_head_hash.head_hash) + } + + /// Get best finalized head id of the given parachain. + pub fn best_parachain_head_id + Parachain>( + ) -> Result>, codec::Error> { + let parachain = ParaId(C::PARACHAIN_ID); + let best_head_hash = match Self::best_parachain_head_hash(parachain) { + Some(best_head_hash) => best_head_hash, + None => return Ok(None), + }; + let encoded_head = match Self::parachain_head(parachain, best_head_hash) { + Some(encoded_head) => encoded_head, + None => return Ok(None), + }; + encoded_head + .decode_parachain_head_data::() + .map(|data| Some(HeaderId(data.number, best_head_hash))) + } + + /// Get parachain head data with given hash. + pub fn parachain_head(parachain: ParaId, hash: ParaHash) -> Option { + ImportedParaHeads::::get(parachain, hash).map(|h| h.into_inner()) + } + + /// Read parachain head from storage proof. + fn read_parachain_head( + storage: &mut bp_runtime::StorageProofChecker, + parachain: ParaId, + ) -> Result, StorageProofError> { + let parachain_head_key = + parachain_head_storage_key_at_source(T::ParasPalletName::get(), parachain); + storage.read_and_decode_value(parachain_head_key.0.as_ref()) + } + + /// Try to update parachain head. + pub(super) fn update_parachain_head( + parachain: ParaId, + stored_best_head: Option, + new_at_relay_block_number: RelayBlockNumber, + new_head_data: ParaStoredHeaderData, + new_head_hash: ParaHash, + ) -> Result { + // check if head has been already updated at better relay chain block. Without this + // check, we may import heads in random order + let update = SubmitParachainHeadsInfo { + at_relay_block_number: new_at_relay_block_number, + para_id: parachain, + para_head_hash: new_head_hash, + }; + if SubmitParachainHeadsHelper::::is_obsolete(&update) { + Self::deposit_event(Event::RejectedObsoleteParachainHead { + parachain, + parachain_head_hash: new_head_hash, + }); + return Err(()) + } + + // verify that the parachain head data size is <= `MaxParaHeadDataSize` + let updated_head_data = + match StoredParaHeadDataOf::::try_from_inner(new_head_data) { + Ok(updated_head_data) => updated_head_data, + Err(e) => { + log::trace!( + target: LOG_TARGET, + "The parachain head can't be updated. The parachain head data size \ + for {:?} is {}. It exceeds maximal configured size {}.", + parachain, + e.value_size, + e.maximal_size, + ); + + Self::deposit_event(Event::RejectedLargeParachainHead { + parachain, + parachain_head_hash: new_head_hash, + parachain_head_size: e.value_size as _, + }); + + return Err(()) + }, + }; + + let next_imported_hash_position = stored_best_head + .map_or(0, |stored_best_head| stored_best_head.next_imported_hash_position); + + // insert updated best parachain head + let head_hash_to_prune = + ImportedParaHashes::::try_get(parachain, next_imported_hash_position); + let updated_best_para_head = ParaInfo { + best_head_hash: BestParaHeadHash { + at_relay_block_number: new_at_relay_block_number, + head_hash: new_head_hash, + }, + next_imported_hash_position: (next_imported_hash_position + 1) % + T::HeadsToKeep::get(), + }; + ImportedParaHashes::::insert( + parachain, + next_imported_hash_position, + new_head_hash, + ); + ImportedParaHeads::::insert(parachain, new_head_hash, updated_head_data); + log::trace!( + target: LOG_TARGET, + "Updated head of parachain {:?} to {}", + parachain, + new_head_hash, + ); + + // remove old head + let prune_happened = head_hash_to_prune.is_ok(); + if let Ok(head_hash_to_prune) = head_hash_to_prune { + log::trace!( + target: LOG_TARGET, + "Pruning old head of parachain {:?}: {}", + parachain, + head_hash_to_prune, + ); + ImportedParaHeads::::remove(parachain, head_hash_to_prune); + } + Self::deposit_event(Event::UpdatedParachainHead { + parachain, + parachain_head_hash: new_head_hash, + }); + + Ok(UpdateParachainHeadArtifacts { best_head: updated_best_para_head, prune_happened }) + } + } + + #[pallet::genesis_config] + pub struct GenesisConfig, I: 'static = ()> { + /// Initial pallet operating mode. + pub operating_mode: BasicOperatingMode, + /// Initial pallet owner. + pub owner: Option, + /// Dummy marker. + pub phantom: sp_std::marker::PhantomData, + } + + #[cfg(feature = "std")] + impl, I: 'static> Default for GenesisConfig { + fn default() -> Self { + Self { + operating_mode: Default::default(), + owner: Default::default(), + phantom: Default::default(), + } + } + } + + #[pallet::genesis_build] + impl, I: 'static> GenesisBuild for GenesisConfig { + fn build(&self) { + PalletOperatingMode::::put(self.operating_mode); + if let Some(ref owner) = self.owner { + PalletOwner::::put(owner); + } + } + } + + /// Returns maximal number of parachains, supported by the pallet. + pub struct MaybeMaxParachains(PhantomData<(T, I)>); + + impl, I: 'static> Get> for MaybeMaxParachains { + fn get() -> Option { + Some(T::ParaStoredHeaderDataBuilder::supported_parachains()) + } + } + + /// Returns total number of all parachains hashes/heads, stored by the pallet. + pub struct MaybeMaxTotalParachainHashes(PhantomData<(T, I)>); + + impl, I: 'static> Get> for MaybeMaxTotalParachainHashes { + fn get() -> Option { + Some( + T::ParaStoredHeaderDataBuilder::supported_parachains() + .saturating_mul(T::HeadsToKeep::get()), + ) + } + } +} + +/// Single parachain header chain adapter. +pub struct ParachainHeaders(PhantomData<(T, I, C)>); + +impl, I: 'static, C: Parachain> HeaderChain + for ParachainHeaders +{ + fn finalized_header_state_root(hash: HashOf) -> Option> { + Pallet::::parachain_head(ParaId(C::PARACHAIN_ID), hash) + .and_then(|head| head.decode_parachain_head_data::().ok()) + .map(|h| h.state_root) + } +} + +/// (Re)initialize pallet with given header for using it in `pallet-bridge-messages` benchmarks. +#[cfg(feature = "runtime-benchmarks")] +pub fn initialize_for_benchmarks, I: 'static, PC: Parachain>( + header: HeaderOf, +) { + let parachain = ParaId(PC::PARACHAIN_ID); + let parachain_head = ParaHead(header.encode()); + let updated_head_data = T::ParaStoredHeaderDataBuilder::try_build(parachain, ¶chain_head) + .expect("failed to build stored parachain head in benchmarks"); + Pallet::::update_parachain_head( + parachain, + None, + 0, + updated_head_data, + parachain_head.hash(), + ) + .expect("failed to insert parachain head in benchmarks"); +} + +#[cfg(test)] +pub(crate) mod tests { + use super::*; + use crate::mock::{ + run_test, test_relay_header, BigParachainHeader, RegularParachainHasher, + RegularParachainHeader, RuntimeEvent as TestEvent, RuntimeOrigin, TestRuntime, + PARAS_PALLET_NAME, UNTRACKED_PARACHAIN_ID, + }; + use codec::Encode; + + use bp_parachains::{ + BestParaHeadHash, BridgeParachainCall, ImportedParaHeadsKeyProvider, ParasInfoKeyProvider, + }; + use bp_runtime::{ + record_all_trie_keys, BasicOperatingMode, OwnedBridgeModuleError, + StorageDoubleMapKeyProvider, StorageMapKeyProvider, + }; + use bp_test_utils::{ + authority_list, generate_owned_bridge_module_tests, make_default_justification, + }; + use frame_support::{ + assert_noop, assert_ok, + dispatch::DispatchResultWithPostInfo, + storage::generator::{StorageDoubleMap, StorageMap}, + traits::{Get, OnInitialize}, + weights::Weight, + }; + use frame_system::{EventRecord, Pallet as System, Phase}; + use sp_core::Hasher; + use sp_runtime::{traits::Header as HeaderT, DispatchError}; + use sp_trie::{trie_types::TrieDBMutBuilderV1, LayoutV1, MemoryDB, TrieMut}; + + type BridgesGrandpaPalletInstance = pallet_bridge_grandpa::Instance1; + type WeightInfo = ::WeightInfo; + type DbWeight = ::DbWeight; + + pub(crate) fn initialize(state_root: RelayBlockHash) -> RelayBlockHash { + pallet_bridge_grandpa::Pallet::::initialize( + RuntimeOrigin::root(), + bp_header_chain::InitializationData { + header: Box::new(test_relay_header(0, state_root)), + authority_list: authority_list(), + set_id: 1, + operating_mode: BasicOperatingMode::Normal, + }, + ) + .unwrap(); + + System::::set_block_number(1); + System::::reset_events(); + + test_relay_header(0, state_root).hash() + } + + fn proceed(num: RelayBlockNumber, state_root: RelayBlockHash) -> ParaHash { + pallet_bridge_grandpa::Pallet::::on_initialize( + 0, + ); + + let header = test_relay_header(num, state_root); + let hash = header.hash(); + let justification = make_default_justification(&header); + assert_ok!( + pallet_bridge_grandpa::Pallet::::submit_finality_proof( + RuntimeOrigin::signed(1), + Box::new(header), + justification, + ) + ); + + hash + } + + pub(crate) fn prepare_parachain_heads_proof( + heads: Vec<(u32, ParaHead)>, + ) -> (RelayBlockHash, ParaHeadsProof, Vec<(ParaId, ParaHash)>) { + let mut parachains = Vec::with_capacity(heads.len()); + let mut root = Default::default(); + let mut mdb = MemoryDB::default(); + { + let mut trie = TrieDBMutBuilderV1::::new(&mut mdb, &mut root).build(); + for (parachain, head) in heads { + let storage_key = + parachain_head_storage_key_at_source(PARAS_PALLET_NAME, ParaId(parachain)); + trie.insert(&storage_key.0, &head.encode()) + .map_err(|_| "TrieMut::insert has failed") + .expect("TrieMut::insert should not fail in tests"); + parachains.push((ParaId(parachain), head.hash())); + } + } + + // generate storage proof to be delivered to This chain + let storage_proof = record_all_trie_keys::, _>(&mdb, &root) + .map_err(|_| "record_all_trie_keys has failed") + .expect("record_all_trie_keys should not fail in benchmarks"); + + (root, ParaHeadsProof(storage_proof), parachains) + } + + fn initial_best_head(parachain: u32) -> ParaInfo { + ParaInfo { + best_head_hash: BestParaHeadHash { + at_relay_block_number: 0, + head_hash: head_data(parachain, 0).hash(), + }, + next_imported_hash_position: 1, + } + } + + pub(crate) fn head_data(parachain: u32, head_number: u32) -> ParaHead { + ParaHead( + RegularParachainHeader::new( + head_number as _, + Default::default(), + RegularParachainHasher::hash(&(parachain, head_number).encode()), + Default::default(), + Default::default(), + ) + .encode(), + ) + } + + fn stored_head_data(parachain: u32, head_number: u32) -> ParaStoredHeaderData { + ParaStoredHeaderData( + (head_number as u64, RegularParachainHasher::hash(&(parachain, head_number).encode())) + .encode(), + ) + } + + fn big_head_data(parachain: u32, head_number: u32) -> ParaHead { + ParaHead( + BigParachainHeader::new( + head_number as _, + Default::default(), + RegularParachainHasher::hash(&(parachain, head_number).encode()), + Default::default(), + Default::default(), + ) + .encode(), + ) + } + + fn big_stored_head_data(parachain: u32, head_number: u32) -> ParaStoredHeaderData { + ParaStoredHeaderData( + (head_number as u128, RegularParachainHasher::hash(&(parachain, head_number).encode())) + .encode(), + ) + } + + fn head_hash(parachain: u32, head_number: u32) -> ParaHash { + head_data(parachain, head_number).hash() + } + + fn import_parachain_1_head( + relay_chain_block: RelayBlockNumber, + relay_state_root: RelayBlockHash, + parachains: Vec<(ParaId, ParaHash)>, + proof: ParaHeadsProof, + ) -> DispatchResultWithPostInfo { + Pallet::::submit_parachain_heads( + RuntimeOrigin::signed(1), + (relay_chain_block, test_relay_header(relay_chain_block, relay_state_root).hash()), + parachains, + proof, + ) + } + + fn weight_of_import_parachain_1_head(proof: &ParaHeadsProof, prune_expected: bool) -> Weight { + let db_weight = ::DbWeight::get(); + WeightInfoOf::::submit_parachain_heads_weight(db_weight, proof, 1) + .saturating_sub(if prune_expected { + Weight::zero() + } else { + WeightInfoOf::::parachain_head_pruning_weight(db_weight) + }) + } + + #[test] + fn submit_parachain_heads_checks_operating_mode() { + let (state_root, proof, parachains) = + prepare_parachain_heads_proof(vec![(1, head_data(1, 0))]); + + run_test(|| { + initialize(state_root); + + // `submit_parachain_heads()` should fail when the pallet is halted. + PalletOperatingMode::::put(BasicOperatingMode::Halted); + assert_noop!( + Pallet::::submit_parachain_heads( + RuntimeOrigin::signed(1), + (0, test_relay_header(0, state_root).hash()), + parachains.clone(), + proof.clone(), + ), + Error::::BridgeModule(OwnedBridgeModuleError::Halted) + ); + + // `submit_parachain_heads()` should succeed now that the pallet is resumed. + PalletOperatingMode::::put(BasicOperatingMode::Normal); + assert_ok!(Pallet::::submit_parachain_heads( + RuntimeOrigin::signed(1), + (0, test_relay_header(0, state_root).hash()), + parachains, + proof, + ),); + }); + } + + #[test] + fn imports_initial_parachain_heads() { + let (state_root, proof, parachains) = + prepare_parachain_heads_proof(vec![(1, head_data(1, 0)), (3, head_data(3, 10))]); + run_test(|| { + initialize(state_root); + + // we're trying to update heads of parachains 1, 2 and 3 + let expected_weight = + WeightInfo::submit_parachain_heads_weight(DbWeight::get(), &proof, 2); + let result = Pallet::::submit_parachain_heads( + RuntimeOrigin::signed(1), + (0, test_relay_header(0, state_root).hash()), + parachains, + proof, + ); + assert_ok!(result); + assert_eq!(result.expect("checked above").actual_weight, Some(expected_weight)); + + // but only 1 and 2 are updated, because proof is missing head of parachain#2 + assert_eq!(ParasInfo::::get(ParaId(1)), Some(initial_best_head(1))); + assert_eq!(ParasInfo::::get(ParaId(2)), None); + assert_eq!( + ParasInfo::::get(ParaId(3)), + Some(ParaInfo { + best_head_hash: BestParaHeadHash { + at_relay_block_number: 0, + head_hash: head_data(3, 10).hash() + }, + next_imported_hash_position: 1, + }) + ); + + assert_eq!( + ImportedParaHeads::::get( + ParaId(1), + initial_best_head(1).best_head_hash.head_hash + ) + .map(|h| h.into_inner()), + Some(stored_head_data(1, 0)) + ); + assert_eq!( + ImportedParaHeads::::get( + ParaId(2), + initial_best_head(2).best_head_hash.head_hash + ) + .map(|h| h.into_inner()), + None + ); + assert_eq!( + ImportedParaHeads::::get(ParaId(3), head_hash(3, 10)) + .map(|h| h.into_inner()), + Some(stored_head_data(3, 10)) + ); + + assert_eq!( + System::::events(), + vec![ + EventRecord { + phase: Phase::Initialization, + event: TestEvent::Parachains(Event::UpdatedParachainHead { + parachain: ParaId(1), + parachain_head_hash: initial_best_head(1).best_head_hash.head_hash, + }), + topics: vec![], + }, + EventRecord { + phase: Phase::Initialization, + event: TestEvent::Parachains(Event::UpdatedParachainHead { + parachain: ParaId(3), + parachain_head_hash: head_data(3, 10).hash(), + }), + topics: vec![], + } + ], + ); + }); + } + + #[test] + fn imports_parachain_heads_is_able_to_progress() { + let (state_root_5, proof_5, parachains_5) = + prepare_parachain_heads_proof(vec![(1, head_data(1, 5))]); + let (state_root_10, proof_10, parachains_10) = + prepare_parachain_heads_proof(vec![(1, head_data(1, 10))]); + run_test(|| { + // start with relay block #0 and import head#5 of parachain#1 + initialize(state_root_5); + assert_ok!(import_parachain_1_head(0, state_root_5, parachains_5, proof_5)); + assert_eq!( + ParasInfo::::get(ParaId(1)), + Some(ParaInfo { + best_head_hash: BestParaHeadHash { + at_relay_block_number: 0, + head_hash: head_data(1, 5).hash() + }, + next_imported_hash_position: 1, + }) + ); + assert_eq!( + ImportedParaHeads::::get(ParaId(1), head_data(1, 5).hash()) + .map(|h| h.into_inner()), + Some(stored_head_data(1, 5)) + ); + assert_eq!( + ImportedParaHeads::::get(ParaId(1), head_data(1, 10).hash()) + .map(|h| h.into_inner()), + None + ); + assert_eq!( + System::::events(), + vec![EventRecord { + phase: Phase::Initialization, + event: TestEvent::Parachains(Event::UpdatedParachainHead { + parachain: ParaId(1), + parachain_head_hash: head_data(1, 5).hash(), + }), + topics: vec![], + }], + ); + + // import head#10 of parachain#1 at relay block #1 + let relay_1_hash = proceed(1, state_root_10); + assert_ok!(import_parachain_1_head(1, state_root_10, parachains_10, proof_10)); + assert_eq!( + ParasInfo::::get(ParaId(1)), + Some(ParaInfo { + best_head_hash: BestParaHeadHash { + at_relay_block_number: 1, + head_hash: head_data(1, 10).hash() + }, + next_imported_hash_position: 2, + }) + ); + assert_eq!( + ImportedParaHeads::::get(ParaId(1), head_data(1, 5).hash()) + .map(|h| h.into_inner()), + Some(stored_head_data(1, 5)) + ); + assert_eq!( + ImportedParaHeads::::get(ParaId(1), head_data(1, 10).hash()) + .map(|h| h.into_inner()), + Some(stored_head_data(1, 10)) + ); + assert_eq!( + System::::events(), + vec![ + EventRecord { + phase: Phase::Initialization, + event: TestEvent::Parachains(Event::UpdatedParachainHead { + parachain: ParaId(1), + parachain_head_hash: head_data(1, 5).hash(), + }), + topics: vec![], + }, + EventRecord { + phase: Phase::Initialization, + event: TestEvent::Grandpa1( + pallet_bridge_grandpa::Event::UpdatedBestFinalizedHeader { + number: 1, + hash: relay_1_hash, + } + ), + topics: vec![], + }, + EventRecord { + phase: Phase::Initialization, + event: TestEvent::Parachains(Event::UpdatedParachainHead { + parachain: ParaId(1), + parachain_head_hash: head_data(1, 10).hash(), + }), + topics: vec![], + } + ], + ); + }); + } + + #[test] + fn ignores_untracked_parachain() { + let (state_root, proof, parachains) = prepare_parachain_heads_proof(vec![ + (1, head_data(1, 5)), + (UNTRACKED_PARACHAIN_ID, head_data(1, 5)), + (2, head_data(1, 5)), + ]); + run_test(|| { + // start with relay block #0 and try to import head#5 of parachain#1 and untracked + // parachain + let expected_weight = + WeightInfo::submit_parachain_heads_weight(DbWeight::get(), &proof, 3) + .saturating_sub(WeightInfo::parachain_head_storage_write_weight( + DbWeight::get(), + )); + initialize(state_root); + let result = Pallet::::submit_parachain_heads( + RuntimeOrigin::signed(1), + (0, test_relay_header(0, state_root).hash()), + parachains, + proof, + ); + assert_ok!(result); + assert_eq!(result.expect("checked above").actual_weight, Some(expected_weight)); + assert_eq!( + ParasInfo::::get(ParaId(1)), + Some(ParaInfo { + best_head_hash: BestParaHeadHash { + at_relay_block_number: 0, + head_hash: head_data(1, 5).hash() + }, + next_imported_hash_position: 1, + }) + ); + assert_eq!(ParasInfo::::get(ParaId(UNTRACKED_PARACHAIN_ID)), None,); + assert_eq!( + ParasInfo::::get(ParaId(2)), + Some(ParaInfo { + best_head_hash: BestParaHeadHash { + at_relay_block_number: 0, + head_hash: head_data(1, 5).hash() + }, + next_imported_hash_position: 1, + }) + ); + assert_eq!( + System::::events(), + vec![ + EventRecord { + phase: Phase::Initialization, + event: TestEvent::Parachains(Event::UpdatedParachainHead { + parachain: ParaId(1), + parachain_head_hash: head_data(1, 5).hash(), + }), + topics: vec![], + }, + EventRecord { + phase: Phase::Initialization, + event: TestEvent::Parachains(Event::UntrackedParachainRejected { + parachain: ParaId(UNTRACKED_PARACHAIN_ID), + }), + topics: vec![], + }, + EventRecord { + phase: Phase::Initialization, + event: TestEvent::Parachains(Event::UpdatedParachainHead { + parachain: ParaId(2), + parachain_head_hash: head_data(1, 5).hash(), + }), + topics: vec![], + } + ], + ); + }); + } + + #[test] + fn does_nothing_when_already_imported_this_head_at_previous_relay_header() { + let (state_root, proof, parachains) = + prepare_parachain_heads_proof(vec![(1, head_data(1, 0))]); + run_test(|| { + // import head#0 of parachain#1 at relay block#0 + initialize(state_root); + assert_ok!(import_parachain_1_head(0, state_root, parachains.clone(), proof.clone())); + assert_eq!(ParasInfo::::get(ParaId(1)), Some(initial_best_head(1))); + assert_eq!( + System::::events(), + vec![EventRecord { + phase: Phase::Initialization, + event: TestEvent::Parachains(Event::UpdatedParachainHead { + parachain: ParaId(1), + parachain_head_hash: initial_best_head(1).best_head_hash.head_hash, + }), + topics: vec![], + }], + ); + + // try to import head#0 of parachain#1 at relay block#1 + // => call succeeds, but nothing is changed + let relay_1_hash = proceed(1, state_root); + assert_ok!(import_parachain_1_head(1, state_root, parachains, proof)); + assert_eq!(ParasInfo::::get(ParaId(1)), Some(initial_best_head(1))); + assert_eq!( + System::::events(), + vec![ + EventRecord { + phase: Phase::Initialization, + event: TestEvent::Parachains(Event::UpdatedParachainHead { + parachain: ParaId(1), + parachain_head_hash: initial_best_head(1).best_head_hash.head_hash, + }), + topics: vec![], + }, + EventRecord { + phase: Phase::Initialization, + event: TestEvent::Grandpa1( + pallet_bridge_grandpa::Event::UpdatedBestFinalizedHeader { + number: 1, + hash: relay_1_hash, + } + ), + topics: vec![], + }, + EventRecord { + phase: Phase::Initialization, + event: TestEvent::Parachains(Event::RejectedObsoleteParachainHead { + parachain: ParaId(1), + parachain_head_hash: initial_best_head(1).best_head_hash.head_hash, + }), + topics: vec![], + } + ], + ); + }); + } + + #[test] + fn does_nothing_when_already_imported_head_at_better_relay_header() { + let (state_root_5, proof_5, parachains_5) = + prepare_parachain_heads_proof(vec![(1, head_data(1, 5))]); + let (state_root_10, proof_10, parachains_10) = + prepare_parachain_heads_proof(vec![(1, head_data(1, 10))]); + run_test(|| { + // start with relay block #0 + initialize(state_root_5); + + // head#10 of parachain#1 at relay block#1 + let relay_1_hash = proceed(1, state_root_10); + assert_ok!(import_parachain_1_head(1, state_root_10, parachains_10, proof_10)); + assert_eq!( + ParasInfo::::get(ParaId(1)), + Some(ParaInfo { + best_head_hash: BestParaHeadHash { + at_relay_block_number: 1, + head_hash: head_data(1, 10).hash() + }, + next_imported_hash_position: 1, + }) + ); + assert_eq!( + System::::events(), + vec![ + EventRecord { + phase: Phase::Initialization, + event: TestEvent::Grandpa1( + pallet_bridge_grandpa::Event::UpdatedBestFinalizedHeader { + number: 1, + hash: relay_1_hash, + } + ), + topics: vec![], + }, + EventRecord { + phase: Phase::Initialization, + event: TestEvent::Parachains(Event::UpdatedParachainHead { + parachain: ParaId(1), + parachain_head_hash: head_data(1, 10).hash(), + }), + topics: vec![], + } + ], + ); + + // now try to import head#5 at relay block#0 + // => nothing is changed, because better head has already been imported + assert_ok!(import_parachain_1_head(0, state_root_5, parachains_5, proof_5)); + assert_eq!( + ParasInfo::::get(ParaId(1)), + Some(ParaInfo { + best_head_hash: BestParaHeadHash { + at_relay_block_number: 1, + head_hash: head_data(1, 10).hash() + }, + next_imported_hash_position: 1, + }) + ); + assert_eq!( + System::::events(), + vec![ + EventRecord { + phase: Phase::Initialization, + event: TestEvent::Grandpa1( + pallet_bridge_grandpa::Event::UpdatedBestFinalizedHeader { + number: 1, + hash: relay_1_hash, + } + ), + topics: vec![], + }, + EventRecord { + phase: Phase::Initialization, + event: TestEvent::Parachains(Event::UpdatedParachainHead { + parachain: ParaId(1), + parachain_head_hash: head_data(1, 10).hash(), + }), + topics: vec![], + }, + EventRecord { + phase: Phase::Initialization, + event: TestEvent::Parachains(Event::RejectedObsoleteParachainHead { + parachain: ParaId(1), + parachain_head_hash: head_data(1, 5).hash(), + }), + topics: vec![], + } + ], + ); + }); + } + + #[test] + fn does_nothing_when_parachain_head_is_too_large() { + let (state_root, proof, parachains) = + prepare_parachain_heads_proof(vec![(1, head_data(1, 5)), (4, big_head_data(1, 5))]); + run_test(|| { + // start with relay block #0 and try to import head#5 of parachain#1 and big parachain + initialize(state_root); + let result = Pallet::::submit_parachain_heads( + RuntimeOrigin::signed(1), + (0, test_relay_header(0, state_root).hash()), + parachains, + proof, + ); + assert_ok!(result); + assert_eq!( + ParasInfo::::get(ParaId(1)), + Some(ParaInfo { + best_head_hash: BestParaHeadHash { + at_relay_block_number: 0, + head_hash: head_data(1, 5).hash() + }, + next_imported_hash_position: 1, + }) + ); + assert_eq!(ParasInfo::::get(ParaId(4)), None); + assert_eq!( + System::::events(), + vec![ + EventRecord { + phase: Phase::Initialization, + event: TestEvent::Parachains(Event::UpdatedParachainHead { + parachain: ParaId(1), + parachain_head_hash: head_data(1, 5).hash(), + }), + topics: vec![], + }, + EventRecord { + phase: Phase::Initialization, + event: TestEvent::Parachains(Event::RejectedLargeParachainHead { + parachain: ParaId(4), + parachain_head_hash: big_head_data(1, 5).hash(), + parachain_head_size: big_stored_head_data(1, 5).encoded_size() as u32, + }), + topics: vec![], + }, + ], + ); + }); + } + + #[test] + fn prunes_old_heads() { + run_test(|| { + let heads_to_keep = crate::mock::HeadsToKeep::get(); + + // import exactly `HeadsToKeep` headers + for i in 0..heads_to_keep { + let (state_root, proof, parachains) = + prepare_parachain_heads_proof(vec![(1, head_data(1, i))]); + if i == 0 { + initialize(state_root); + } else { + proceed(i, state_root); + } + + let expected_weight = weight_of_import_parachain_1_head(&proof, false); + let result = import_parachain_1_head(i, state_root, parachains, proof); + assert_ok!(result); + assert_eq!(result.expect("checked above").actual_weight, Some(expected_weight)); + } + + // nothing is pruned yet + for i in 0..heads_to_keep { + assert!(ImportedParaHeads::::get(ParaId(1), head_data(1, i).hash()) + .is_some()); + } + + // import next relay chain header and next parachain head + let (state_root, proof, parachains) = + prepare_parachain_heads_proof(vec![(1, head_data(1, heads_to_keep))]); + proceed(heads_to_keep, state_root); + let expected_weight = weight_of_import_parachain_1_head(&proof, true); + let result = import_parachain_1_head(heads_to_keep, state_root, parachains, proof); + assert_ok!(result); + assert_eq!(result.expect("checked above").actual_weight, Some(expected_weight)); + + // and the head#0 is pruned + assert!( + ImportedParaHeads::::get(ParaId(1), head_data(1, 0).hash()).is_none() + ); + for i in 1..=heads_to_keep { + assert!(ImportedParaHeads::::get(ParaId(1), head_data(1, i).hash()) + .is_some()); + } + }); + } + + #[test] + fn fails_on_unknown_relay_chain_block() { + let (state_root, proof, parachains) = + prepare_parachain_heads_proof(vec![(1, head_data(1, 5))]); + run_test(|| { + // start with relay block #0 + initialize(state_root); + + // try to import head#5 of parachain#1 at unknown relay chain block #1 + assert_noop!( + import_parachain_1_head(1, state_root, parachains, proof), + Error::::UnknownRelayChainBlock + ); + }); + } + + #[test] + fn fails_on_invalid_storage_proof() { + let (_state_root, proof, parachains) = + prepare_parachain_heads_proof(vec![(1, head_data(1, 5))]); + run_test(|| { + // start with relay block #0 + initialize(Default::default()); + + // try to import head#5 of parachain#1 at relay chain block #0 + assert_noop!( + import_parachain_1_head(0, Default::default(), parachains, proof), + Error::::HeaderChain(HeaderChainError::StorageProof( + StorageProofError::StorageRootMismatch + )) + ); + }); + } + + #[test] + fn is_not_rewriting_existing_head_if_failed_to_read_updated_head() { + let (state_root_5, proof_5, parachains_5) = + prepare_parachain_heads_proof(vec![(1, head_data(1, 5))]); + let (state_root_10_at_20, proof_10_at_20, parachains_10_at_20) = + prepare_parachain_heads_proof(vec![(2, head_data(2, 10))]); + let (state_root_10_at_30, proof_10_at_30, parachains_10_at_30) = + prepare_parachain_heads_proof(vec![(1, head_data(1, 10))]); + run_test(|| { + // we've already imported head#5 of parachain#1 at relay block#10 + initialize(state_root_5); + import_parachain_1_head(0, state_root_5, parachains_5, proof_5).expect("ok"); + assert_eq!( + Pallet::::best_parachain_head(ParaId(1)), + Some(stored_head_data(1, 5)) + ); + + // then if someone is pretending to provide updated head#10 of parachain#1 at relay + // block#20, but fails to do that + // + // => we'll leave previous value + proceed(20, state_root_10_at_20); + assert_ok!(Pallet::::submit_parachain_heads( + RuntimeOrigin::signed(1), + (20, test_relay_header(20, state_root_10_at_20).hash()), + parachains_10_at_20, + proof_10_at_20, + ),); + assert_eq!( + Pallet::::best_parachain_head(ParaId(1)), + Some(stored_head_data(1, 5)) + ); + + // then if someone is pretending to provide updated head#10 of parachain#1 at relay + // block#30, and actualy provides it + // + // => we'll update value + proceed(30, state_root_10_at_30); + assert_ok!(Pallet::::submit_parachain_heads( + RuntimeOrigin::signed(1), + (30, test_relay_header(30, state_root_10_at_30).hash()), + parachains_10_at_30, + proof_10_at_30, + ),); + assert_eq!( + Pallet::::best_parachain_head(ParaId(1)), + Some(stored_head_data(1, 10)) + ); + }); + } + + #[test] + fn storage_keys_computed_properly() { + assert_eq!( + ParasInfo::::storage_map_final_key(ParaId(42)).to_vec(), + ParasInfoKeyProvider::final_key("Parachains", &ParaId(42)).0 + ); + + assert_eq!( + ImportedParaHeads::::storage_double_map_final_key( + ParaId(42), + ParaHash::from([21u8; 32]) + ) + .to_vec(), + ImportedParaHeadsKeyProvider::final_key( + "Parachains", + &ParaId(42), + &ParaHash::from([21u8; 32]) + ) + .0, + ); + } + + #[test] + fn ignores_parachain_head_if_it_is_missing_from_storage_proof() { + let (state_root, proof, _) = prepare_parachain_heads_proof(vec![]); + let parachains = vec![(ParaId(2), Default::default())]; + run_test(|| { + initialize(state_root); + assert_ok!(Pallet::::submit_parachain_heads( + RuntimeOrigin::signed(1), + (0, test_relay_header(0, state_root).hash()), + parachains, + proof, + )); + assert_eq!( + System::::events(), + vec![EventRecord { + phase: Phase::Initialization, + event: TestEvent::Parachains(Event::MissingParachainHead { + parachain: ParaId(2), + }), + topics: vec![], + }], + ); + }); + } + + #[test] + fn ignores_parachain_head_if_parachain_head_hash_is_wrong() { + let (state_root, proof, _) = prepare_parachain_heads_proof(vec![(1, head_data(1, 0))]); + let parachains = vec![(ParaId(1), head_data(1, 10).hash())]; + run_test(|| { + initialize(state_root); + assert_ok!(Pallet::::submit_parachain_heads( + RuntimeOrigin::signed(1), + (0, test_relay_header(0, state_root).hash()), + parachains, + proof, + )); + assert_eq!( + System::::events(), + vec![EventRecord { + phase: Phase::Initialization, + event: TestEvent::Parachains(Event::IncorrectParachainHeadHash { + parachain: ParaId(1), + parachain_head_hash: head_data(1, 10).hash(), + actual_parachain_head_hash: head_data(1, 0).hash(), + }), + topics: vec![], + }], + ); + }); + } + + #[test] + fn test_bridge_parachain_call_is_correctly_defined() { + let (state_root, proof, _) = prepare_parachain_heads_proof(vec![(1, head_data(1, 0))]); + let parachains = vec![(ParaId(2), Default::default())]; + let relay_header_id = (0, test_relay_header(0, state_root).hash()); + + let direct_submit_parachain_heads_call = Call::::submit_parachain_heads { + at_relay_block: relay_header_id, + parachains: parachains.clone(), + parachain_heads_proof: proof.clone(), + }; + let indirect_submit_parachain_heads_call = BridgeParachainCall::submit_parachain_heads { + at_relay_block: relay_header_id, + parachains, + parachain_heads_proof: proof, + }; + assert_eq!( + direct_submit_parachain_heads_call.encode(), + indirect_submit_parachain_heads_call.encode() + ); + } + + generate_owned_bridge_module_tests!(BasicOperatingMode::Normal, BasicOperatingMode::Halted); + + #[test] + fn maybe_max_parachains_returns_correct_value() { + assert_eq!(MaybeMaxParachains::::get(), Some(mock::TOTAL_PARACHAINS)); + } + + #[test] + fn maybe_max_total_parachain_hashes_returns_correct_value() { + assert_eq!( + MaybeMaxTotalParachainHashes::::get(), + Some(mock::TOTAL_PARACHAINS * mock::HeadsToKeep::get()), + ); + } +} diff --git a/bridges/modules/parachains/src/mock.rs b/bridges/modules/parachains/src/mock.rs new file mode 100644 index 00000000000..3086adc1cc2 --- /dev/null +++ b/bridges/modules/parachains/src/mock.rs @@ -0,0 +1,349 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +use bp_header_chain::ChainWithGrandpa; +use bp_polkadot_core::parachains::ParaId; +use bp_runtime::{Chain, Parachain}; +use frame_support::{construct_runtime, parameter_types, traits::ConstU32, weights::Weight}; +use sp_runtime::{ + testing::{Header, H256}, + traits::{BlakeTwo256, Header as HeaderT, IdentityLookup}, + MultiSignature, Perbill, +}; + +use crate as pallet_bridge_parachains; + +pub type AccountId = u64; +pub type TestNumber = u64; + +pub type RelayBlockHeader = + sp_runtime::generic::Header; + +type Block = frame_system::mocking::MockBlock; +type UncheckedExtrinsic = frame_system::mocking::MockUncheckedExtrinsic; + +pub const PARAS_PALLET_NAME: &str = "Paras"; +pub const UNTRACKED_PARACHAIN_ID: u32 = 10; +// use exact expected encoded size: `vec_len_size + header_number_size + state_root_hash_size` +pub const MAXIMAL_PARACHAIN_HEAD_DATA_SIZE: u32 = 1 + 8 + 32; +// total parachains that we use in tests +pub const TOTAL_PARACHAINS: u32 = 4; + +pub type RegularParachainHeader = sp_runtime::testing::Header; +pub type RegularParachainHasher = BlakeTwo256; +pub type BigParachainHeader = sp_runtime::generic::Header; + +pub struct Parachain1; + +impl Chain for Parachain1 { + type BlockNumber = u64; + type Hash = H256; + type Hasher = RegularParachainHasher; + type Header = RegularParachainHeader; + type AccountId = u64; + type Balance = u64; + type Index = u64; + type Signature = MultiSignature; + + fn max_extrinsic_size() -> u32 { + 0 + } + fn max_extrinsic_weight() -> Weight { + Weight::zero() + } +} + +impl Parachain for Parachain1 { + const PARACHAIN_ID: u32 = 1; +} + +pub struct Parachain2; + +impl Chain for Parachain2 { + type BlockNumber = u64; + type Hash = H256; + type Hasher = RegularParachainHasher; + type Header = RegularParachainHeader; + type AccountId = u64; + type Balance = u64; + type Index = u64; + type Signature = MultiSignature; + + fn max_extrinsic_size() -> u32 { + 0 + } + fn max_extrinsic_weight() -> Weight { + Weight::zero() + } +} + +impl Parachain for Parachain2 { + const PARACHAIN_ID: u32 = 2; +} + +pub struct Parachain3; + +impl Chain for Parachain3 { + type BlockNumber = u64; + type Hash = H256; + type Hasher = RegularParachainHasher; + type Header = RegularParachainHeader; + type AccountId = u64; + type Balance = u64; + type Index = u64; + type Signature = MultiSignature; + + fn max_extrinsic_size() -> u32 { + 0 + } + fn max_extrinsic_weight() -> Weight { + Weight::zero() + } +} + +impl Parachain for Parachain3 { + const PARACHAIN_ID: u32 = 3; +} + +// this parachain is using u128 as block number and stored head data size exceeds limit +pub struct BigParachain; + +impl Chain for BigParachain { + type BlockNumber = u128; + type Hash = H256; + type Hasher = RegularParachainHasher; + type Header = BigParachainHeader; + type AccountId = u64; + type Balance = u64; + type Index = u64; + type Signature = MultiSignature; + + fn max_extrinsic_size() -> u32 { + 0 + } + fn max_extrinsic_weight() -> Weight { + Weight::zero() + } +} + +impl Parachain for BigParachain { + const PARACHAIN_ID: u32 = 4; +} + +construct_runtime! { + pub enum TestRuntime where + Block = Block, + NodeBlock = Block, + UncheckedExtrinsic = UncheckedExtrinsic, + { + System: frame_system::{Pallet, Call, Config, Storage, Event}, + Grandpa1: pallet_bridge_grandpa::::{Pallet, Event}, + Grandpa2: pallet_bridge_grandpa::::{Pallet, Event}, + Parachains: pallet_bridge_parachains::{Call, Pallet, Event}, + } +} + +parameter_types! { + pub const BlockHashCount: TestNumber = 250; + pub const MaximumBlockWeight: Weight = Weight::from_parts(1024, 0); + pub const MaximumBlockLength: u32 = 2 * 1024; + pub const AvailableBlockRatio: Perbill = Perbill::one(); +} + +impl frame_system::Config for TestRuntime { + type RuntimeOrigin = RuntimeOrigin; + type Index = u64; + type RuntimeCall = RuntimeCall; + type BlockNumber = TestNumber; + type Hash = H256; + type Hashing = RegularParachainHasher; + type AccountId = AccountId; + type Lookup = IdentityLookup; + type Header = Header; + type RuntimeEvent = RuntimeEvent; + type BlockHashCount = BlockHashCount; + type Version = (); + type PalletInfo = PalletInfo; + type AccountData = (); + type OnNewAccount = (); + type OnKilledAccount = (); + type BaseCallFilter = frame_support::traits::Everything; + type SystemWeightInfo = (); + type DbWeight = (); + type BlockWeights = (); + type BlockLength = (); + type SS58Prefix = (); + type OnSetCode = (); + type MaxConsumers = ConstU32<16>; +} + +parameter_types! { + pub const SessionLength: u64 = 5; + pub const NumValidators: u32 = 5; + pub const HeadersToKeep: u32 = 5; +} + +impl pallet_bridge_grandpa::Config for TestRuntime { + type RuntimeEvent = RuntimeEvent; + type BridgedChain = TestBridgedChain; + type MaxFreeMandatoryHeadersPerBlock = ConstU32<2>; + type HeadersToKeep = HeadersToKeep; + type WeightInfo = (); +} + +impl pallet_bridge_grandpa::Config for TestRuntime { + type RuntimeEvent = RuntimeEvent; + type BridgedChain = TestBridgedChain; + type MaxFreeMandatoryHeadersPerBlock = ConstU32<2>; + type HeadersToKeep = HeadersToKeep; + type WeightInfo = (); +} + +parameter_types! { + pub const HeadsToKeep: u32 = 4; + pub const ParasPalletName: &'static str = PARAS_PALLET_NAME; + pub GetTenFirstParachains: Vec = (0..10).map(ParaId).collect(); +} + +impl pallet_bridge_parachains::Config for TestRuntime { + type RuntimeEvent = RuntimeEvent; + type WeightInfo = (); + type BridgesGrandpaPalletInstance = pallet_bridge_grandpa::Instance1; + type ParasPalletName = ParasPalletName; + type ParaStoredHeaderDataBuilder = (Parachain1, Parachain2, Parachain3, BigParachain); + type HeadsToKeep = HeadsToKeep; + type MaxParaHeadDataSize = ConstU32; +} + +#[cfg(feature = "runtime-benchmarks")] +impl pallet_bridge_parachains::benchmarking::Config<()> for TestRuntime { + fn parachains() -> Vec { + vec![ + ParaId(Parachain1::PARACHAIN_ID), + ParaId(Parachain2::PARACHAIN_ID), + ParaId(Parachain3::PARACHAIN_ID), + ] + } + + fn prepare_parachain_heads_proof( + parachains: &[ParaId], + _parachain_head_size: u32, + _proof_size: bp_runtime::StorageProofSize, + ) -> ( + crate::RelayBlockNumber, + crate::RelayBlockHash, + bp_polkadot_core::parachains::ParaHeadsProof, + Vec<(ParaId, bp_polkadot_core::parachains::ParaHash)>, + ) { + // in mock run we only care about benchmarks correctness, not the benchmark results + // => ignore size related arguments + let (state_root, proof, parachains) = crate::tests::prepare_parachain_heads_proof( + parachains.iter().map(|p| (p.0, crate::tests::head_data(p.0, 1))).collect(), + ); + let relay_genesis_hash = crate::tests::initialize(state_root); + (0, relay_genesis_hash, proof, parachains) + } +} + +#[derive(Debug)] +pub struct TestBridgedChain; + +impl Chain for TestBridgedChain { + type BlockNumber = crate::RelayBlockNumber; + type Hash = crate::RelayBlockHash; + type Hasher = crate::RelayBlockHasher; + type Header = RelayBlockHeader; + + type AccountId = AccountId; + type Balance = u32; + type Index = u32; + type Signature = sp_runtime::testing::TestSignature; + + fn max_extrinsic_size() -> u32 { + unreachable!() + } + + fn max_extrinsic_weight() -> Weight { + unreachable!() + } +} + +impl ChainWithGrandpa for TestBridgedChain { + const WITH_CHAIN_GRANDPA_PALLET_NAME: &'static str = ""; + const MAX_AUTHORITIES_COUNT: u32 = 16; + const REASONABLE_HEADERS_IN_JUSTIFICATON_ANCESTRY: u32 = 8; + const MAX_HEADER_SIZE: u32 = 256; + const AVERAGE_HEADER_SIZE_IN_JUSTIFICATION: u32 = 64; +} + +#[derive(Debug)] +pub struct OtherBridgedChain; + +impl Chain for OtherBridgedChain { + type BlockNumber = u64; + type Hash = crate::RelayBlockHash; + type Hasher = crate::RelayBlockHasher; + type Header = sp_runtime::generic::Header; + + type AccountId = AccountId; + type Balance = u32; + type Index = u32; + type Signature = sp_runtime::testing::TestSignature; + + fn max_extrinsic_size() -> u32 { + unreachable!() + } + + fn max_extrinsic_weight() -> Weight { + unreachable!() + } +} + +impl ChainWithGrandpa for OtherBridgedChain { + const WITH_CHAIN_GRANDPA_PALLET_NAME: &'static str = ""; + const MAX_AUTHORITIES_COUNT: u32 = 16; + const REASONABLE_HEADERS_IN_JUSTIFICATON_ANCESTRY: u32 = 8; + const MAX_HEADER_SIZE: u32 = 256; + const AVERAGE_HEADER_SIZE_IN_JUSTIFICATION: u32 = 64; +} + +/// Return test externalities to use in tests. +pub fn new_test_ext() -> sp_io::TestExternalities { + sp_io::TestExternalities::new(Default::default()) +} + +/// Run pallet test. +pub fn run_test(test: impl FnOnce() -> T) -> T { + new_test_ext().execute_with(|| { + System::set_block_number(1); + System::reset_events(); + test() + }) +} + +/// Return test relay chain header with given number. +pub fn test_relay_header( + num: crate::RelayBlockNumber, + state_root: crate::RelayBlockHash, +) -> RelayBlockHeader { + RelayBlockHeader::new( + num, + Default::default(), + state_root, + Default::default(), + Default::default(), + ) +} diff --git a/bridges/modules/parachains/src/weights.rs b/bridges/modules/parachains/src/weights.rs new file mode 100644 index 00000000000..1e81dba72fe --- /dev/null +++ b/bridges/modules/parachains/src/weights.rs @@ -0,0 +1,273 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Autogenerated weights for pallet_bridge_parachains +//! +//! THIS FILE WAS AUTO-GENERATED USING THE SUBSTRATE BENCHMARK CLI VERSION 4.0.0-dev +//! DATE: 2023-03-02, STEPS: `50`, REPEAT: `20`, LOW RANGE: `[]`, HIGH RANGE: `[]` +//! WORST CASE MAP SIZE: `1000000` +//! HOSTNAME: `covid`, CPU: `11th Gen Intel(R) Core(TM) i7-11800H @ 2.30GHz` +//! EXECUTION: Some(Wasm), WASM-EXECUTION: Compiled, CHAIN: Some("dev"), DB CACHE: 1024 + +// Executed Command: +// target/release/millau-bridge-node +// benchmark +// pallet +// --chain=dev +// --steps=50 +// --repeat=20 +// --pallet=pallet_bridge_parachains +// --extrinsic=* +// --execution=wasm +// --wasm-execution=Compiled +// --heap-pages=4096 +// --output=./modules/parachains/src/weights.rs +// --template=./.maintain/bridge-weight-template.hbs + +#![allow(clippy::all)] +#![allow(unused_parens)] +#![allow(unused_imports)] +#![allow(missing_docs)] + +use frame_support::{ + traits::Get, + weights::{constants::RocksDbWeight, Weight}, +}; +use sp_std::marker::PhantomData; + +/// Weight functions needed for pallet_bridge_parachains. +pub trait WeightInfo { + fn submit_parachain_heads_with_n_parachains(p: u32) -> Weight; + fn submit_parachain_heads_with_1kb_proof() -> Weight; + fn submit_parachain_heads_with_16kb_proof() -> Weight; +} + +/// Weights for `pallet_bridge_parachains` that are generated using one of the Bridge testnets. +/// +/// Those weights are test only and must never be used in production. +pub struct BridgeWeight(PhantomData); +impl WeightInfo for BridgeWeight { + /// Storage: BridgeRialtoParachains PalletOperatingMode (r:1 w:0) + /// + /// Proof: BridgeRialtoParachains PalletOperatingMode (max_values: Some(1), max_size: Some(1), + /// added: 496, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoGrandpa ImportedHeaders (r:1 w:0) + /// + /// Proof: BridgeRialtoGrandpa ImportedHeaders (max_values: Some(14400), max_size: Some(68), + /// added: 2048, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoParachains ParasInfo (r:1 w:1) + /// + /// Proof: BridgeRialtoParachains ParasInfo (max_values: Some(1), max_size: Some(60), added: + /// 555, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoParachains ImportedParaHashes (r:1 w:1) + /// + /// Proof: BridgeRialtoParachains ImportedParaHashes (max_values: Some(1024), max_size: + /// Some(64), added: 1549, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoParachains ImportedParaHeads (r:0 w:1) + /// + /// Proof: BridgeRialtoParachains ImportedParaHeads (max_values: Some(1024), max_size: + /// Some(196), added: 1681, mode: MaxEncodedLen) + /// + /// The range of component `p` is `[1, 2]`. + fn submit_parachain_heads_with_n_parachains(p: u32) -> Weight { + // Proof Size summary in bytes: + // Measured: `366` + // Estimated: `4648` + // Minimum execution time: 36_701 nanoseconds. + Weight::from_parts(38_597_828, 4648) + // Standard Error: 190_859 + .saturating_add(Weight::from_parts(60_685, 0).saturating_mul(p.into())) + .saturating_add(T::DbWeight::get().reads(4_u64)) + .saturating_add(T::DbWeight::get().writes(3_u64)) + } + /// Storage: BridgeRialtoParachains PalletOperatingMode (r:1 w:0) + /// + /// Proof: BridgeRialtoParachains PalletOperatingMode (max_values: Some(1), max_size: Some(1), + /// added: 496, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoGrandpa ImportedHeaders (r:1 w:0) + /// + /// Proof: BridgeRialtoGrandpa ImportedHeaders (max_values: Some(14400), max_size: Some(68), + /// added: 2048, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoParachains ParasInfo (r:1 w:1) + /// + /// Proof: BridgeRialtoParachains ParasInfo (max_values: Some(1), max_size: Some(60), added: + /// 555, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoParachains ImportedParaHashes (r:1 w:1) + /// + /// Proof: BridgeRialtoParachains ImportedParaHashes (max_values: Some(1024), max_size: + /// Some(64), added: 1549, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoParachains ImportedParaHeads (r:0 w:1) + /// + /// Proof: BridgeRialtoParachains ImportedParaHeads (max_values: Some(1024), max_size: + /// Some(196), added: 1681, mode: MaxEncodedLen) + fn submit_parachain_heads_with_1kb_proof() -> Weight { + // Proof Size summary in bytes: + // Measured: `366` + // Estimated: `4648` + // Minimum execution time: 38_189 nanoseconds. + Weight::from_parts(39_252_000, 4648) + .saturating_add(T::DbWeight::get().reads(4_u64)) + .saturating_add(T::DbWeight::get().writes(3_u64)) + } + /// Storage: BridgeRialtoParachains PalletOperatingMode (r:1 w:0) + /// + /// Proof: BridgeRialtoParachains PalletOperatingMode (max_values: Some(1), max_size: Some(1), + /// added: 496, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoGrandpa ImportedHeaders (r:1 w:0) + /// + /// Proof: BridgeRialtoGrandpa ImportedHeaders (max_values: Some(14400), max_size: Some(68), + /// added: 2048, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoParachains ParasInfo (r:1 w:1) + /// + /// Proof: BridgeRialtoParachains ParasInfo (max_values: Some(1), max_size: Some(60), added: + /// 555, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoParachains ImportedParaHashes (r:1 w:1) + /// + /// Proof: BridgeRialtoParachains ImportedParaHashes (max_values: Some(1024), max_size: + /// Some(64), added: 1549, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoParachains ImportedParaHeads (r:0 w:1) + /// + /// Proof: BridgeRialtoParachains ImportedParaHeads (max_values: Some(1024), max_size: + /// Some(196), added: 1681, mode: MaxEncodedLen) + fn submit_parachain_heads_with_16kb_proof() -> Weight { + // Proof Size summary in bytes: + // Measured: `366` + // Estimated: `4648` + // Minimum execution time: 62_868 nanoseconds. + Weight::from_parts(63_581_000, 4648) + .saturating_add(T::DbWeight::get().reads(4_u64)) + .saturating_add(T::DbWeight::get().writes(3_u64)) + } +} + +// For backwards compatibility and tests +impl WeightInfo for () { + /// Storage: BridgeRialtoParachains PalletOperatingMode (r:1 w:0) + /// + /// Proof: BridgeRialtoParachains PalletOperatingMode (max_values: Some(1), max_size: Some(1), + /// added: 496, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoGrandpa ImportedHeaders (r:1 w:0) + /// + /// Proof: BridgeRialtoGrandpa ImportedHeaders (max_values: Some(14400), max_size: Some(68), + /// added: 2048, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoParachains ParasInfo (r:1 w:1) + /// + /// Proof: BridgeRialtoParachains ParasInfo (max_values: Some(1), max_size: Some(60), added: + /// 555, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoParachains ImportedParaHashes (r:1 w:1) + /// + /// Proof: BridgeRialtoParachains ImportedParaHashes (max_values: Some(1024), max_size: + /// Some(64), added: 1549, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoParachains ImportedParaHeads (r:0 w:1) + /// + /// Proof: BridgeRialtoParachains ImportedParaHeads (max_values: Some(1024), max_size: + /// Some(196), added: 1681, mode: MaxEncodedLen) + /// + /// The range of component `p` is `[1, 2]`. + fn submit_parachain_heads_with_n_parachains(p: u32) -> Weight { + // Proof Size summary in bytes: + // Measured: `366` + // Estimated: `4648` + // Minimum execution time: 36_701 nanoseconds. + Weight::from_parts(38_597_828, 4648) + // Standard Error: 190_859 + .saturating_add(Weight::from_parts(60_685, 0).saturating_mul(p.into())) + .saturating_add(RocksDbWeight::get().reads(4_u64)) + .saturating_add(RocksDbWeight::get().writes(3_u64)) + } + /// Storage: BridgeRialtoParachains PalletOperatingMode (r:1 w:0) + /// + /// Proof: BridgeRialtoParachains PalletOperatingMode (max_values: Some(1), max_size: Some(1), + /// added: 496, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoGrandpa ImportedHeaders (r:1 w:0) + /// + /// Proof: BridgeRialtoGrandpa ImportedHeaders (max_values: Some(14400), max_size: Some(68), + /// added: 2048, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoParachains ParasInfo (r:1 w:1) + /// + /// Proof: BridgeRialtoParachains ParasInfo (max_values: Some(1), max_size: Some(60), added: + /// 555, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoParachains ImportedParaHashes (r:1 w:1) + /// + /// Proof: BridgeRialtoParachains ImportedParaHashes (max_values: Some(1024), max_size: + /// Some(64), added: 1549, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoParachains ImportedParaHeads (r:0 w:1) + /// + /// Proof: BridgeRialtoParachains ImportedParaHeads (max_values: Some(1024), max_size: + /// Some(196), added: 1681, mode: MaxEncodedLen) + fn submit_parachain_heads_with_1kb_proof() -> Weight { + // Proof Size summary in bytes: + // Measured: `366` + // Estimated: `4648` + // Minimum execution time: 38_189 nanoseconds. + Weight::from_parts(39_252_000, 4648) + .saturating_add(RocksDbWeight::get().reads(4_u64)) + .saturating_add(RocksDbWeight::get().writes(3_u64)) + } + /// Storage: BridgeRialtoParachains PalletOperatingMode (r:1 w:0) + /// + /// Proof: BridgeRialtoParachains PalletOperatingMode (max_values: Some(1), max_size: Some(1), + /// added: 496, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoGrandpa ImportedHeaders (r:1 w:0) + /// + /// Proof: BridgeRialtoGrandpa ImportedHeaders (max_values: Some(14400), max_size: Some(68), + /// added: 2048, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoParachains ParasInfo (r:1 w:1) + /// + /// Proof: BridgeRialtoParachains ParasInfo (max_values: Some(1), max_size: Some(60), added: + /// 555, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoParachains ImportedParaHashes (r:1 w:1) + /// + /// Proof: BridgeRialtoParachains ImportedParaHashes (max_values: Some(1024), max_size: + /// Some(64), added: 1549, mode: MaxEncodedLen) + /// + /// Storage: BridgeRialtoParachains ImportedParaHeads (r:0 w:1) + /// + /// Proof: BridgeRialtoParachains ImportedParaHeads (max_values: Some(1024), max_size: + /// Some(196), added: 1681, mode: MaxEncodedLen) + fn submit_parachain_heads_with_16kb_proof() -> Weight { + // Proof Size summary in bytes: + // Measured: `366` + // Estimated: `4648` + // Minimum execution time: 62_868 nanoseconds. + Weight::from_parts(63_581_000, 4648) + .saturating_add(RocksDbWeight::get().reads(4_u64)) + .saturating_add(RocksDbWeight::get().writes(3_u64)) + } +} diff --git a/bridges/modules/parachains/src/weights_ext.rs b/bridges/modules/parachains/src/weights_ext.rs new file mode 100644 index 00000000000..eecdfe90359 --- /dev/null +++ b/bridges/modules/parachains/src/weights_ext.rs @@ -0,0 +1,107 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Weight-related utilities. + +use crate::weights::{BridgeWeight, WeightInfo}; + +use bp_runtime::Size; +use frame_support::weights::{RuntimeDbWeight, Weight}; + +/// Size of the regular parachain head. +/// +/// It's not that we are expecting all parachain heads to share the same size or that we would +/// reject all heads that have larger/lesser size. It is about head size that we use in benchmarks. +/// Relayer would need to pay additional fee for extra bytes. +/// +/// 384 is a bit larger (1.3 times) than the size of the randomly chosen Polkadot block. +pub const DEFAULT_PARACHAIN_HEAD_SIZE: u32 = 384; + +/// Number of extra bytes (excluding size of storage value itself) of storage proof, built at +/// the Rialto chain. +pub const EXTRA_STORAGE_PROOF_SIZE: u32 = 1024; + +/// Extended weight info. +pub trait WeightInfoExt: WeightInfo { + /// Storage proof overhead, that is included in every storage proof. + /// + /// The relayer would pay some extra fee for additional proof bytes, since they mean + /// more hashing operations. + fn expected_extra_storage_proof_size() -> u32; + + /// Weight of the parachain heads delivery extrinsic. + fn submit_parachain_heads_weight( + db_weight: RuntimeDbWeight, + proof: &impl Size, + parachains_count: u32, + ) -> Weight { + // weight of the `submit_parachain_heads` with exactly `parachains_count` parachain + // heads of the default size (`DEFAULT_PARACHAIN_HEAD_SIZE`) + let base_weight = Self::submit_parachain_heads_with_n_parachains(parachains_count); + + // overhead because of extra storage proof bytes + let expected_proof_size = parachains_count + .saturating_mul(DEFAULT_PARACHAIN_HEAD_SIZE) + .saturating_add(Self::expected_extra_storage_proof_size()); + let actual_proof_size = proof.size(); + let proof_size_overhead = Self::storage_proof_size_overhead( + actual_proof_size.saturating_sub(expected_proof_size), + ); + + // potential pruning weight (refunded if hasn't happened) + let pruning_weight = + Self::parachain_head_pruning_weight(db_weight).saturating_mul(parachains_count as u64); + + base_weight.saturating_add(proof_size_overhead).saturating_add(pruning_weight) + } + + /// Returns weight of single parachain head storage update. + /// + /// This weight only includes db write operations that happens if parachain head is actually + /// updated. All extra weights (weight of storage proof validation, additional checks, ...) is + /// not included. + fn parachain_head_storage_write_weight(db_weight: RuntimeDbWeight) -> Weight { + // it's just a couple of operations - we need to write the hash (`ImportedParaHashes`) and + // the head itself (`ImportedParaHeads`. Pruning is not included here + db_weight.writes(2) + } + + /// Returns weight of single parachain head pruning. + fn parachain_head_pruning_weight(db_weight: RuntimeDbWeight) -> Weight { + // it's just one write operation, we don't want any benchmarks for that + db_weight.writes(1) + } + + /// Returns weight that needs to be accounted when storage proof of given size is received. + fn storage_proof_size_overhead(extra_proof_bytes: u32) -> Weight { + let extra_byte_weight = (Self::submit_parachain_heads_with_16kb_proof() - + Self::submit_parachain_heads_with_1kb_proof()) / + (15 * 1024); + extra_byte_weight.saturating_mul(extra_proof_bytes as u64) + } +} + +impl WeightInfoExt for () { + fn expected_extra_storage_proof_size() -> u32 { + EXTRA_STORAGE_PROOF_SIZE + } +} + +impl WeightInfoExt for BridgeWeight { + fn expected_extra_storage_proof_size() -> u32 { + EXTRA_STORAGE_PROOF_SIZE + } +} diff --git a/bridges/modules/relayers/Cargo.toml b/bridges/modules/relayers/Cargo.toml new file mode 100644 index 00000000000..857d47cc65a --- /dev/null +++ b/bridges/modules/relayers/Cargo.toml @@ -0,0 +1,59 @@ +[package] +name = "pallet-bridge-relayers" +description = "Module used to store relayer rewards and coordinate relayers set." +version = "0.1.0" +authors = ["Parity Technologies "] +edition = "2021" +license = "GPL-3.0-or-later WITH Classpath-exception-2.0" + +[dependencies] +codec = { package = "parity-scale-codec", version = "3.1.5", default-features = false } +log = { version = "0.4.17", default-features = false } +scale-info = { version = "2.6.0", default-features = false, features = ["derive"] } + +# Bridge dependencies + +bp-messages = { path = "../../primitives/messages", default-features = false } +bp-relayers = { path = "../../primitives/relayers", default-features = false } +bp-runtime = { path = "../../primitives/runtime", default-features = false } +pallet-bridge-messages = { path = "../messages", default-features = false } + +# Substrate Dependencies + +frame-benchmarking = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false, optional = true } +frame-support = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +frame-system = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-arithmetic = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-runtime = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-std = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } + +[dev-dependencies] +bp-runtime = { path = "../../primitives/runtime" } +pallet-balances = { git = "https://github.com/paritytech/substrate", branch = "master" } +sp-core = { git = "https://github.com/paritytech/substrate", branch = "master" } +sp-io = { git = "https://github.com/paritytech/substrate", branch = "master" } +sp-runtime = { git = "https://github.com/paritytech/substrate", branch = "master" } + +[features] +default = ["std"] +std = [ + "bp-messages/std", + "bp-relayers/std", + "bp-runtime/std", + "codec/std", + "frame-benchmarking/std", + "frame-support/std", + "frame-system/std", + "log/std", + "scale-info/std", + "sp-arithmetic/std", + "sp-runtime/std", + "sp-std/std", +] +runtime-benchmarks = [ + "frame-benchmarking/runtime-benchmarks", +] +try-runtime = [ + "frame-support/try-runtime", + "frame-system/try-runtime", +] diff --git a/bridges/modules/relayers/README.md b/bridges/modules/relayers/README.md new file mode 100644 index 00000000000..656200f4486 --- /dev/null +++ b/bridges/modules/relayers/README.md @@ -0,0 +1,14 @@ +# Bridge Relayers Pallet + +The pallet serves as a storage for pending bridge relayer rewards. Any runtime component may register reward +to some relayer for doing some useful job at some messages lane. Later, the relayer may claim its rewards +using the `claim_rewards` call. + +The reward payment procedure is abstracted from the pallet code. One of possible implementations, is the +[`PayLaneRewardFromAccount`](../../primitives/relayers/src/lib.rs), which just does a `Currency::transfer` +call to relayer account from the relayer-rewards account, determined by the message lane id. + +We have two examples of how this pallet is used in production. Rewards are registered at the target chain to +compensate fees of message delivery transactions (and linked finality delivery calls). At the source chain, rewards +are registered during delivery confirmation transactions. You may find more information about that in the +[Kusama <> Polkadot bridge](../../docs/polkadot-kusama-bridge-overview.md) documentation. diff --git a/bridges/modules/relayers/src/benchmarking.rs b/bridges/modules/relayers/src/benchmarking.rs new file mode 100644 index 00000000000..d66a11ff06d --- /dev/null +++ b/bridges/modules/relayers/src/benchmarking.rs @@ -0,0 +1,131 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Benchmarks for the relayers Pallet. + +#![cfg(feature = "runtime-benchmarks")] + +use crate::*; + +use bp_messages::LaneId; +use bp_relayers::RewardsAccountOwner; +use frame_benchmarking::{benchmarks, whitelisted_caller}; +use frame_system::RawOrigin; +use sp_runtime::traits::One; + +/// Reward amount that is (hopefully) is larger than existential deposit across all chains. +const REWARD_AMOUNT: u32 = u32::MAX; + +/// Pallet we're benchmarking here. +pub struct Pallet(crate::Pallet); + +/// Trait that must be implemented by runtime. +pub trait Config: crate::Config { + /// Prepare environment for paying given reward for serving given lane. + fn prepare_rewards_account(account_params: RewardsAccountParams, reward: Self::Reward); + /// Give enough balance to given account. + fn deposit_account(account: Self::AccountId, balance: Self::Reward); +} + +benchmarks! { + // Benchmark `claim_rewards` call. + claim_rewards { + let lane = LaneId([0, 0, 0, 0]); + let account_params = + RewardsAccountParams::new(lane, *b"test", RewardsAccountOwner::ThisChain); + let relayer: T::AccountId = whitelisted_caller(); + let reward = T::Reward::from(REWARD_AMOUNT); + + T::prepare_rewards_account(account_params, reward); + RelayerRewards::::insert(&relayer, account_params, reward); + }: _(RawOrigin::Signed(relayer), account_params) + verify { + // we can't check anything here, because `PaymentProcedure` is responsible for + // payment logic, so we assume that if call has succeeded, the procedure has + // also completed successfully + } + + // Benchmark `register` call. + register { + let relayer: T::AccountId = whitelisted_caller(); + let valid_till = frame_system::Pallet::::block_number() + .saturating_add(crate::Pallet::::required_registration_lease()) + .saturating_add(One::one()) + .saturating_add(One::one()); + + T::deposit_account(relayer.clone(), crate::Pallet::::required_stake()); + }: _(RawOrigin::Signed(relayer.clone()), valid_till) + verify { + assert!(crate::Pallet::::is_registration_active(&relayer)); + } + + // Benchmark `deregister` call. + deregister { + let relayer: T::AccountId = whitelisted_caller(); + let valid_till = frame_system::Pallet::::block_number() + .saturating_add(crate::Pallet::::required_registration_lease()) + .saturating_add(One::one()) + .saturating_add(One::one()); + T::deposit_account(relayer.clone(), crate::Pallet::::required_stake()); + crate::Pallet::::register(RawOrigin::Signed(relayer.clone()).into(), valid_till).unwrap(); + + frame_system::Pallet::::set_block_number(valid_till.saturating_add(One::one())); + }: _(RawOrigin::Signed(relayer.clone())) + verify { + assert!(!crate::Pallet::::is_registration_active(&relayer)); + } + + // Benchmark `slash_and_deregister` method of the pallet. We are adding this weight to + // the weight of message delivery call if `RefundBridgedParachainMessages` signed extension + // is deployed at runtime level. + slash_and_deregister { + // prepare and register relayer account + let relayer: T::AccountId = whitelisted_caller(); + let valid_till = frame_system::Pallet::::block_number() + .saturating_add(crate::Pallet::::required_registration_lease()) + .saturating_add(One::one()) + .saturating_add(One::one()); + T::deposit_account(relayer.clone(), crate::Pallet::::required_stake()); + crate::Pallet::::register(RawOrigin::Signed(relayer.clone()).into(), valid_till).unwrap(); + + // create slash destination account + let lane = LaneId([0, 0, 0, 0]); + let slash_destination = RewardsAccountParams::new(lane, *b"test", RewardsAccountOwner::ThisChain); + T::prepare_rewards_account(slash_destination.clone(), Zero::zero()); + }: { + crate::Pallet::::slash_and_deregister(&relayer, slash_destination) + } + verify { + assert!(!crate::Pallet::::is_registration_active(&relayer)); + } + + // Benchmark `register_relayer_reward` method of the pallet. We are adding this weight to + // the weight of message delivery call if `RefundBridgedParachainMessages` signed extension + // is deployed at runtime level. + register_relayer_reward { + let lane = LaneId([0, 0, 0, 0]); + let relayer: T::AccountId = whitelisted_caller(); + let account_params = + RewardsAccountParams::new(lane, *b"test", RewardsAccountOwner::ThisChain); + }: { + crate::Pallet::::register_relayer_reward(account_params.clone(), &relayer, One::one()); + } + verify { + assert_eq!(RelayerRewards::::get(relayer, &account_params), Some(One::one())); + } + + impl_benchmark_test_suite!(Pallet, crate::mock::new_test_ext(), crate::mock::TestRuntime) +} diff --git a/bridges/modules/relayers/src/lib.rs b/bridges/modules/relayers/src/lib.rs new file mode 100644 index 00000000000..54b888cf29d --- /dev/null +++ b/bridges/modules/relayers/src/lib.rs @@ -0,0 +1,880 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Runtime module that is used to store relayer rewards and (in the future) to +//! coordinate relations between relayers. + +#![cfg_attr(not(feature = "std"), no_std)] +#![warn(missing_docs)] + +use bp_relayers::{ + PaymentProcedure, Registration, RelayerRewardsKeyProvider, RewardsAccountParams, StakeAndSlash, +}; +use bp_runtime::StorageDoubleMapKeyProvider; +use frame_support::fail; +use sp_arithmetic::traits::{AtLeast32BitUnsigned, Zero}; +use sp_runtime::{traits::CheckedSub, Saturating}; +use sp_std::marker::PhantomData; + +pub use pallet::*; +pub use payment_adapter::DeliveryConfirmationPaymentsAdapter; +pub use stake_adapter::StakeAndSlashNamed; +pub use weights::WeightInfo; +pub use weights_ext::WeightInfoExt; + +pub mod benchmarking; + +mod mock; +mod payment_adapter; +mod stake_adapter; +mod weights_ext; + +pub mod weights; + +/// The target that will be used when publishing logs related to this pallet. +pub const LOG_TARGET: &str = "runtime::bridge-relayers"; + +#[frame_support::pallet] +pub mod pallet { + use super::*; + use frame_support::pallet_prelude::*; + use frame_system::pallet_prelude::*; + + /// `RelayerRewardsKeyProvider` for given configuration. + type RelayerRewardsKeyProviderOf = + RelayerRewardsKeyProvider<::AccountId, ::Reward>; + + #[pallet::config] + pub trait Config: frame_system::Config { + /// The overarching event type. + type RuntimeEvent: From> + IsType<::RuntimeEvent>; + /// Type of relayer reward. + type Reward: AtLeast32BitUnsigned + Copy + Parameter + MaxEncodedLen; + /// Pay rewards scheme. + type PaymentProcedure: PaymentProcedure; + /// Stake and slash scheme. + type StakeAndSlash: StakeAndSlash; + /// Pallet call weights. + type WeightInfo: WeightInfoExt; + } + + #[pallet::pallet] + pub struct Pallet(PhantomData); + + #[pallet::call] + impl Pallet { + /// Claim accumulated rewards. + #[pallet::call_index(0)] + #[pallet::weight(T::WeightInfo::claim_rewards())] + pub fn claim_rewards( + origin: OriginFor, + rewards_account_params: RewardsAccountParams, + ) -> DispatchResult { + let relayer = ensure_signed(origin)?; + + RelayerRewards::::try_mutate_exists( + &relayer, + rewards_account_params, + |maybe_reward| -> DispatchResult { + let reward = maybe_reward.take().ok_or(Error::::NoRewardForRelayer)?; + T::PaymentProcedure::pay_reward(&relayer, rewards_account_params, reward) + .map_err(|e| { + log::trace!( + target: LOG_TARGET, + "Failed to pay {:?} rewards to {:?}: {:?}", + rewards_account_params, + relayer, + e, + ); + Error::::FailedToPayReward + })?; + + Self::deposit_event(Event::::RewardPaid { + relayer: relayer.clone(), + rewards_account_params, + reward, + }); + Ok(()) + }, + ) + } + + /// Register relayer or update its registration. + /// + /// Registration allows relayer to get priority boost for its message delivery transactions. + #[pallet::call_index(1)] + #[pallet::weight(T::WeightInfo::register())] + pub fn register(origin: OriginFor, valid_till: T::BlockNumber) -> DispatchResult { + let relayer = ensure_signed(origin)?; + + // valid till must be larger than the current block number and the lease must be larger + // than the `RequiredRegistrationLease` + let lease = valid_till.saturating_sub(frame_system::Pallet::::block_number()); + ensure!( + lease > Pallet::::required_registration_lease(), + Error::::InvalidRegistrationLease + ); + + RegisteredRelayers::::try_mutate(&relayer, |maybe_registration| -> DispatchResult { + let mut registration = maybe_registration + .unwrap_or_else(|| Registration { valid_till, stake: Zero::zero() }); + + // new `valid_till` must be larger (or equal) than the old one + ensure!( + valid_till >= registration.valid_till, + Error::::CannotReduceRegistrationLease, + ); + registration.valid_till = valid_till; + + // regarding stake, there are three options: + // - if relayer stake is larger than required stake, we may do unreserve + // - if relayer stake equals to required stake, we do nothing + // - if relayer stake is smaller than required stake, we do additional reserve + let required_stake = Pallet::::required_stake(); + if let Some(to_unreserve) = registration.stake.checked_sub(&required_stake) { + Self::do_unreserve(&relayer, to_unreserve)?; + } else if let Some(to_reserve) = required_stake.checked_sub(®istration.stake) { + T::StakeAndSlash::reserve(&relayer, to_reserve).map_err(|e| { + log::trace!( + target: LOG_TARGET, + "Failed to reserve {:?} on relayer {:?} account: {:?}", + to_reserve, + relayer, + e, + ); + + Error::::FailedToReserve + })?; + } + registration.stake = required_stake; + + log::trace!(target: LOG_TARGET, "Successfully registered relayer: {:?}", relayer); + Self::deposit_event(Event::::RegistrationUpdated { + relayer: relayer.clone(), + registration, + }); + + *maybe_registration = Some(registration); + + Ok(()) + }) + } + + /// `Deregister` relayer. + /// + /// After this call, message delivery transactions of the relayer won't get any priority + /// boost. + #[pallet::call_index(2)] + #[pallet::weight(T::WeightInfo::deregister())] + pub fn deregister(origin: OriginFor) -> DispatchResult { + let relayer = ensure_signed(origin)?; + + RegisteredRelayers::::try_mutate(&relayer, |maybe_registration| -> DispatchResult { + let registration = match maybe_registration.take() { + Some(registration) => registration, + None => fail!(Error::::NotRegistered), + }; + + // we can't deregister until `valid_till + 1` + ensure!( + registration.valid_till < frame_system::Pallet::::block_number(), + Error::::RegistrationIsStillActive, + ); + + // if stake is non-zero, we should do unreserve + if !registration.stake.is_zero() { + Self::do_unreserve(&relayer, registration.stake)?; + } + + log::trace!(target: LOG_TARGET, "Successfully deregistered relayer: {:?}", relayer); + Self::deposit_event(Event::::Deregistered { relayer: relayer.clone() }); + + *maybe_registration = None; + + Ok(()) + }) + } + } + + impl Pallet { + /// Returns true if given relayer registration is active at current block. + /// + /// This call respects both `RequiredStake` and `RequiredRegistrationLease`, meaning that + /// it'll return false if registered stake is lower than required or if remaining lease + /// is less than `RequiredRegistrationLease`. + pub fn is_registration_active(relayer: &T::AccountId) -> bool { + let registration = match Self::registered_relayer(relayer) { + Some(registration) => registration, + None => return false, + }; + + // registration is inactive if relayer stake is less than required + if registration.stake < Self::required_stake() { + return false + } + + // registration is inactive if it ends soon + let remaining_lease = registration + .valid_till + .saturating_sub(frame_system::Pallet::::block_number()); + if remaining_lease <= Self::required_registration_lease() { + return false + } + + true + } + + /// Slash and `deregister` relayer. This function slashes all staked balance. + /// + /// It may fail inside, but error is swallowed and we only log it. + pub fn slash_and_deregister( + relayer: &T::AccountId, + slash_destination: RewardsAccountParams, + ) { + let registration = match RegisteredRelayers::::take(relayer) { + Some(registration) => registration, + None => { + log::trace!( + target: crate::LOG_TARGET, + "Cannot slash unregistered relayer {:?}", + relayer, + ); + + return + }, + }; + + match T::StakeAndSlash::repatriate_reserved( + relayer, + slash_destination, + registration.stake, + ) { + Ok(failed_to_slash) if failed_to_slash.is_zero() => { + log::trace!( + target: crate::LOG_TARGET, + "Relayer account {:?} has been slashed for {:?}. Funds were deposited to {:?}", + relayer, + registration.stake, + slash_destination, + ); + }, + Ok(failed_to_slash) => { + log::trace!( + target: crate::LOG_TARGET, + "Relayer account {:?} has been partially slashed for {:?}. Funds were deposited to {:?}. \ + Failed to slash: {:?}", + relayer, + registration.stake, + slash_destination, + failed_to_slash, + ); + }, + Err(e) => { + // TODO: document this. Where? + + // it may fail if there's no beneficiary account. For us it means that this + // account must exists before we'll deploy the bridge + log::debug!( + target: crate::LOG_TARGET, + "Failed to slash relayer account {:?}: {:?}. Maybe beneficiary account doesn't exist? \ + Beneficiary: {:?}, amount: {:?}, failed to slash: {:?}", + relayer, + e, + slash_destination, + registration.stake, + registration.stake, + ); + }, + } + } + + /// Register reward for given relayer. + pub fn register_relayer_reward( + rewards_account_params: RewardsAccountParams, + relayer: &T::AccountId, + reward: T::Reward, + ) { + if reward.is_zero() { + return + } + + RelayerRewards::::mutate( + relayer, + rewards_account_params, + |old_reward: &mut Option| { + let new_reward = old_reward.unwrap_or_else(Zero::zero).saturating_add(reward); + *old_reward = Some(new_reward); + + log::trace!( + target: crate::LOG_TARGET, + "Relayer {:?} can now claim reward for serving payer {:?}: {:?}", + relayer, + rewards_account_params, + new_reward, + ); + }, + ); + } + + /// Return required registration lease. + pub(crate) fn required_registration_lease() -> T::BlockNumber { + >::RequiredRegistrationLease::get() + } + + /// Return required stake. + pub(crate) fn required_stake() -> T::Reward { + >::RequiredStake::get() + } + + /// `Unreserve` given amount on relayer account. + fn do_unreserve(relayer: &T::AccountId, amount: T::Reward) -> DispatchResult { + let failed_to_unreserve = T::StakeAndSlash::unreserve(relayer, amount); + if !failed_to_unreserve.is_zero() { + log::trace!( + target: LOG_TARGET, + "Failed to unreserve {:?}/{:?} on relayer {:?} account", + failed_to_unreserve, + amount, + relayer, + ); + + fail!(Error::::FailedToUnreserve) + } + + Ok(()) + } + } + + #[pallet::event] + #[pallet::generate_deposit(pub(super) fn deposit_event)] + pub enum Event { + /// Reward has been paid to the relayer. + RewardPaid { + /// Relayer account that has been rewarded. + relayer: T::AccountId, + /// Relayer has received reward from this account. + rewards_account_params: RewardsAccountParams, + /// Reward amount. + reward: T::Reward, + }, + /// Relayer registration has been added or updated. + RegistrationUpdated { + /// Relayer account that has been registered. + relayer: T::AccountId, + /// Relayer registration. + registration: Registration, + }, + /// Relayer has been `deregistered`. + Deregistered { + /// Relayer account that has been `deregistered`. + relayer: T::AccountId, + }, + /// Relayer has been slashed and `deregistered`. + SlashedAndDeregistered { + /// Relayer account that has been `deregistered`. + relayer: T::AccountId, + /// Registration that was removed. + registration: Registration, + }, + } + + #[pallet::error] + pub enum Error { + /// No reward can be claimed by given relayer. + NoRewardForRelayer, + /// Reward payment procedure has failed. + FailedToPayReward, + /// The relayer has tried to register for past block or registration lease + /// is too short. + InvalidRegistrationLease, + /// New registration lease is less than the previous one. + CannotReduceRegistrationLease, + /// Failed to reserve enough funds on relayer account. + FailedToReserve, + /// Failed to `unreserve` enough funds on relayer account. + FailedToUnreserve, + /// Cannot `deregister` if not registered. + NotRegistered, + /// Failed to `deregister` relayer, because lease is still active. + RegistrationIsStillActive, + } + + /// Map of the relayer => accumulated reward. + #[pallet::storage] + #[pallet::getter(fn relayer_reward)] + pub type RelayerRewards = StorageDoubleMap< + _, + as StorageDoubleMapKeyProvider>::Hasher1, + as StorageDoubleMapKeyProvider>::Key1, + as StorageDoubleMapKeyProvider>::Hasher2, + as StorageDoubleMapKeyProvider>::Key2, + as StorageDoubleMapKeyProvider>::Value, + OptionQuery, + >; + + /// Relayers that have reserved some of their balance to get free priority boost + /// for their message delivery transactions. + /// + /// Other relayers may submit transactions as well, but they will have default + /// priority and will be rejected (without significant tip) in case if registered + /// relayer is present. + #[pallet::storage] + #[pallet::getter(fn registered_relayer)] + pub type RegisteredRelayers = StorageMap< + _, + Blake2_128Concat, + T::AccountId, + Registration, + OptionQuery, + >; +} + +#[cfg(test)] +mod tests { + use super::*; + use mock::{RuntimeEvent as TestEvent, *}; + + use crate::Event::RewardPaid; + use bp_messages::LaneId; + use bp_relayers::RewardsAccountOwner; + use frame_support::{ + assert_noop, assert_ok, + traits::fungible::{Inspect, Mutate}, + }; + use frame_system::{EventRecord, Pallet as System, Phase}; + use sp_runtime::DispatchError; + + fn get_ready_for_events() { + System::::set_block_number(1); + System::::reset_events(); + } + + #[test] + fn root_cant_claim_anything() { + run_test(|| { + assert_noop!( + Pallet::::claim_rewards( + RuntimeOrigin::root(), + TEST_REWARDS_ACCOUNT_PARAMS + ), + DispatchError::BadOrigin, + ); + }); + } + + #[test] + fn relayer_cant_claim_if_no_reward_exists() { + run_test(|| { + assert_noop!( + Pallet::::claim_rewards( + RuntimeOrigin::signed(REGULAR_RELAYER), + TEST_REWARDS_ACCOUNT_PARAMS + ), + Error::::NoRewardForRelayer, + ); + }); + } + + #[test] + fn relayer_cant_claim_if_payment_procedure_fails() { + run_test(|| { + RelayerRewards::::insert( + FAILING_RELAYER, + TEST_REWARDS_ACCOUNT_PARAMS, + 100, + ); + assert_noop!( + Pallet::::claim_rewards( + RuntimeOrigin::signed(FAILING_RELAYER), + TEST_REWARDS_ACCOUNT_PARAMS + ), + Error::::FailedToPayReward, + ); + }); + } + + #[test] + fn relayer_can_claim_reward() { + run_test(|| { + get_ready_for_events(); + + RelayerRewards::::insert( + REGULAR_RELAYER, + TEST_REWARDS_ACCOUNT_PARAMS, + 100, + ); + assert_ok!(Pallet::::claim_rewards( + RuntimeOrigin::signed(REGULAR_RELAYER), + TEST_REWARDS_ACCOUNT_PARAMS + )); + assert_eq!( + RelayerRewards::::get(REGULAR_RELAYER, TEST_REWARDS_ACCOUNT_PARAMS), + None + ); + + // Check if the `RewardPaid` event was emitted. + assert_eq!( + System::::events().last(), + Some(&EventRecord { + phase: Phase::Initialization, + event: TestEvent::Relayers(RewardPaid { + relayer: REGULAR_RELAYER, + rewards_account_params: TEST_REWARDS_ACCOUNT_PARAMS, + reward: 100 + }), + topics: vec![], + }), + ); + }); + } + + #[test] + fn pay_reward_from_account_actually_pays_reward() { + type Balances = pallet_balances::Pallet; + type PayLaneRewardFromAccount = bp_relayers::PayRewardFromAccount; + + run_test(|| { + let in_lane_0 = RewardsAccountParams::new( + LaneId([0, 0, 0, 0]), + *b"test", + RewardsAccountOwner::ThisChain, + ); + let out_lane_1 = RewardsAccountParams::new( + LaneId([0, 0, 0, 1]), + *b"test", + RewardsAccountOwner::BridgedChain, + ); + + let in_lane0_rewards_account = PayLaneRewardFromAccount::rewards_account(in_lane_0); + let out_lane1_rewards_account = PayLaneRewardFromAccount::rewards_account(out_lane_1); + + Balances::mint_into(&in_lane0_rewards_account, 100).unwrap(); + Balances::mint_into(&out_lane1_rewards_account, 100).unwrap(); + assert_eq!(Balances::balance(&in_lane0_rewards_account), 100); + assert_eq!(Balances::balance(&out_lane1_rewards_account), 100); + assert_eq!(Balances::balance(&1), 0); + + PayLaneRewardFromAccount::pay_reward(&1, in_lane_0, 100).unwrap(); + assert_eq!(Balances::balance(&in_lane0_rewards_account), 0); + assert_eq!(Balances::balance(&out_lane1_rewards_account), 100); + assert_eq!(Balances::balance(&1), 100); + + PayLaneRewardFromAccount::pay_reward(&1, out_lane_1, 100).unwrap(); + assert_eq!(Balances::balance(&in_lane0_rewards_account), 0); + assert_eq!(Balances::balance(&out_lane1_rewards_account), 0); + assert_eq!(Balances::balance(&1), 200); + }); + } + + #[test] + fn register_fails_if_valid_till_is_a_past_block() { + run_test(|| { + System::::set_block_number(100); + + assert_noop!( + Pallet::::register(RuntimeOrigin::signed(REGISTER_RELAYER), 50), + Error::::InvalidRegistrationLease, + ); + }); + } + + #[test] + fn register_fails_if_valid_till_lease_is_less_than_required() { + run_test(|| { + System::::set_block_number(100); + + assert_noop!( + Pallet::::register( + RuntimeOrigin::signed(REGISTER_RELAYER), + 99 + Lease::get() + ), + Error::::InvalidRegistrationLease, + ); + }); + } + + #[test] + fn register_works() { + run_test(|| { + get_ready_for_events(); + + assert_ok!(Pallet::::register( + RuntimeOrigin::signed(REGISTER_RELAYER), + 150 + )); + assert_eq!(Balances::reserved_balance(REGISTER_RELAYER), Stake::get()); + assert_eq!( + Pallet::::registered_relayer(REGISTER_RELAYER), + Some(Registration { valid_till: 150, stake: Stake::get() }), + ); + + assert_eq!( + System::::events().last(), + Some(&EventRecord { + phase: Phase::Initialization, + event: TestEvent::Relayers(Event::RegistrationUpdated { + relayer: REGISTER_RELAYER, + registration: Registration { valid_till: 150, stake: Stake::get() }, + }), + topics: vec![], + }), + ); + }); + } + + #[test] + fn register_fails_if_new_valid_till_is_lesser_than_previous() { + run_test(|| { + assert_ok!(Pallet::::register( + RuntimeOrigin::signed(REGISTER_RELAYER), + 150 + )); + + assert_noop!( + Pallet::::register(RuntimeOrigin::signed(REGISTER_RELAYER), 125), + Error::::CannotReduceRegistrationLease, + ); + }); + } + + #[test] + fn register_fails_if_it_cant_unreserve_some_balance_if_required_stake_decreases() { + run_test(|| { + RegisteredRelayers::::insert( + REGISTER_RELAYER, + Registration { valid_till: 150, stake: Stake::get() + 1 }, + ); + + assert_noop!( + Pallet::::register(RuntimeOrigin::signed(REGISTER_RELAYER), 150), + Error::::FailedToUnreserve, + ); + }); + } + + #[test] + fn register_unreserves_some_balance_if_required_stake_decreases() { + run_test(|| { + get_ready_for_events(); + + RegisteredRelayers::::insert( + REGISTER_RELAYER, + Registration { valid_till: 150, stake: Stake::get() + 1 }, + ); + TestStakeAndSlash::reserve(®ISTER_RELAYER, Stake::get() + 1).unwrap(); + assert_eq!(Balances::reserved_balance(REGISTER_RELAYER), Stake::get() + 1); + let free_balance = Balances::free_balance(REGISTER_RELAYER); + + assert_ok!(Pallet::::register( + RuntimeOrigin::signed(REGISTER_RELAYER), + 150 + )); + assert_eq!(Balances::reserved_balance(REGISTER_RELAYER), Stake::get()); + assert_eq!(Balances::free_balance(REGISTER_RELAYER), free_balance + 1); + assert_eq!( + Pallet::::registered_relayer(REGISTER_RELAYER), + Some(Registration { valid_till: 150, stake: Stake::get() }), + ); + + assert_eq!( + System::::events().last(), + Some(&EventRecord { + phase: Phase::Initialization, + event: TestEvent::Relayers(Event::RegistrationUpdated { + relayer: REGISTER_RELAYER, + registration: Registration { valid_till: 150, stake: Stake::get() } + }), + topics: vec![], + }), + ); + }); + } + + #[test] + fn register_fails_if_it_cant_reserve_some_balance() { + run_test(|| { + Balances::set_balance(®ISTER_RELAYER, 0); + assert_noop!( + Pallet::::register(RuntimeOrigin::signed(REGISTER_RELAYER), 150), + Error::::FailedToReserve, + ); + }); + } + + #[test] + fn register_fails_if_it_cant_reserve_some_balance_if_required_stake_increases() { + run_test(|| { + RegisteredRelayers::::insert( + REGISTER_RELAYER, + Registration { valid_till: 150, stake: Stake::get() - 1 }, + ); + Balances::set_balance(®ISTER_RELAYER, 0); + + assert_noop!( + Pallet::::register(RuntimeOrigin::signed(REGISTER_RELAYER), 150), + Error::::FailedToReserve, + ); + }); + } + + #[test] + fn register_reserves_some_balance_if_required_stake_increases() { + run_test(|| { + get_ready_for_events(); + + RegisteredRelayers::::insert( + REGISTER_RELAYER, + Registration { valid_till: 150, stake: Stake::get() - 1 }, + ); + TestStakeAndSlash::reserve(®ISTER_RELAYER, Stake::get() - 1).unwrap(); + + let free_balance = Balances::free_balance(REGISTER_RELAYER); + assert_ok!(Pallet::::register( + RuntimeOrigin::signed(REGISTER_RELAYER), + 150 + )); + assert_eq!(Balances::reserved_balance(REGISTER_RELAYER), Stake::get()); + assert_eq!(Balances::free_balance(REGISTER_RELAYER), free_balance - 1); + assert_eq!( + Pallet::::registered_relayer(REGISTER_RELAYER), + Some(Registration { valid_till: 150, stake: Stake::get() }), + ); + + assert_eq!( + System::::events().last(), + Some(&EventRecord { + phase: Phase::Initialization, + event: TestEvent::Relayers(Event::RegistrationUpdated { + relayer: REGISTER_RELAYER, + registration: Registration { valid_till: 150, stake: Stake::get() } + }), + topics: vec![], + }), + ); + }); + } + + #[test] + fn deregister_fails_if_not_registered() { + run_test(|| { + assert_noop!( + Pallet::::deregister(RuntimeOrigin::signed(REGISTER_RELAYER)), + Error::::NotRegistered, + ); + }); + } + + #[test] + fn deregister_fails_if_registration_is_still_active() { + run_test(|| { + assert_ok!(Pallet::::register( + RuntimeOrigin::signed(REGISTER_RELAYER), + 150 + )); + + System::::set_block_number(100); + + assert_noop!( + Pallet::::deregister(RuntimeOrigin::signed(REGISTER_RELAYER)), + Error::::RegistrationIsStillActive, + ); + }); + } + + #[test] + fn deregister_works() { + run_test(|| { + get_ready_for_events(); + + assert_ok!(Pallet::::register( + RuntimeOrigin::signed(REGISTER_RELAYER), + 150 + )); + + System::::set_block_number(151); + + let reserved_balance = Balances::reserved_balance(REGISTER_RELAYER); + let free_balance = Balances::free_balance(REGISTER_RELAYER); + assert_ok!(Pallet::::deregister(RuntimeOrigin::signed(REGISTER_RELAYER))); + assert_eq!( + Balances::reserved_balance(REGISTER_RELAYER), + reserved_balance - Stake::get() + ); + assert_eq!(Balances::free_balance(REGISTER_RELAYER), free_balance + Stake::get()); + + assert_eq!( + System::::events().last(), + Some(&EventRecord { + phase: Phase::Initialization, + event: TestEvent::Relayers(Event::Deregistered { relayer: REGISTER_RELAYER }), + topics: vec![], + }), + ); + }); + } + + #[test] + fn is_registration_active_is_false_for_unregistered_relayer() { + run_test(|| { + assert!(!Pallet::::is_registration_active(®ISTER_RELAYER)); + }); + } + + #[test] + fn is_registration_active_is_false_when_stake_is_too_low() { + run_test(|| { + RegisteredRelayers::::insert( + REGISTER_RELAYER, + Registration { valid_till: 150, stake: Stake::get() - 1 }, + ); + assert!(!Pallet::::is_registration_active(®ISTER_RELAYER)); + }); + } + + #[test] + fn is_registration_active_is_false_when_remaining_lease_is_too_low() { + run_test(|| { + System::::set_block_number(150 - Lease::get()); + + RegisteredRelayers::::insert( + REGISTER_RELAYER, + Registration { valid_till: 150, stake: Stake::get() }, + ); + assert!(!Pallet::::is_registration_active(®ISTER_RELAYER)); + }); + } + + #[test] + fn is_registration_active_is_true_when_relayer_is_properly_registeered() { + run_test(|| { + System::::set_block_number(150 - Lease::get()); + + RegisteredRelayers::::insert( + REGISTER_RELAYER, + Registration { valid_till: 151, stake: Stake::get() }, + ); + assert!(Pallet::::is_registration_active(®ISTER_RELAYER)); + }); + } +} diff --git a/bridges/modules/relayers/src/mock.rs b/bridges/modules/relayers/src/mock.rs new file mode 100644 index 00000000000..69d8418a024 --- /dev/null +++ b/bridges/modules/relayers/src/mock.rs @@ -0,0 +1,185 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +#![cfg(test)] + +use crate as pallet_bridge_relayers; + +use bp_messages::LaneId; +use bp_relayers::{ + PayRewardFromAccount, PaymentProcedure, RewardsAccountOwner, RewardsAccountParams, +}; +use frame_support::{parameter_types, traits::fungible::Mutate, weights::RuntimeDbWeight}; +use sp_core::H256; +use sp_runtime::{ + testing::Header as SubstrateHeader, + traits::{BlakeTwo256, ConstU32, IdentityLookup}, +}; + +pub type AccountId = u64; +pub type Balance = u64; +pub type BlockNumber = u64; + +pub type TestStakeAndSlash = pallet_bridge_relayers::StakeAndSlashNamed< + AccountId, + BlockNumber, + Balances, + ReserveId, + Stake, + Lease, +>; + +type Block = frame_system::mocking::MockBlock; +type UncheckedExtrinsic = frame_system::mocking::MockUncheckedExtrinsic; + +frame_support::construct_runtime! { + pub enum TestRuntime where + Block = Block, + NodeBlock = Block, + UncheckedExtrinsic = UncheckedExtrinsic, + { + System: frame_system::{Pallet, Call, Config, Storage, Event}, + Balances: pallet_balances::{Pallet, Event}, + Relayers: pallet_bridge_relayers::{Pallet, Call, Event}, + } +} + +parameter_types! { + pub const DbWeight: RuntimeDbWeight = RuntimeDbWeight { read: 1, write: 2 }; + pub const ExistentialDeposit: Balance = 1; + pub const ReserveId: [u8; 8] = *b"brdgrlrs"; + pub const Stake: Balance = 1_000; + pub const Lease: BlockNumber = 8; +} + +impl frame_system::Config for TestRuntime { + type RuntimeOrigin = RuntimeOrigin; + type Index = u64; + type RuntimeCall = RuntimeCall; + type BlockNumber = BlockNumber; + type Hash = H256; + type Hashing = BlakeTwo256; + type AccountId = AccountId; + type Lookup = IdentityLookup; + type Header = SubstrateHeader; + type RuntimeEvent = RuntimeEvent; + type BlockHashCount = frame_support::traits::ConstU64<250>; + type Version = (); + type PalletInfo = PalletInfo; + type AccountData = pallet_balances::AccountData; + type OnNewAccount = (); + type OnKilledAccount = (); + type BaseCallFilter = frame_support::traits::Everything; + type SystemWeightInfo = (); + type BlockWeights = (); + type BlockLength = (); + type DbWeight = DbWeight; + type SS58Prefix = (); + type OnSetCode = (); + type MaxConsumers = frame_support::traits::ConstU32<16>; +} + +impl pallet_balances::Config for TestRuntime { + type MaxLocks = (); + type Balance = Balance; + type DustRemoval = (); + type RuntimeEvent = RuntimeEvent; + type ExistentialDeposit = ExistentialDeposit; + type AccountStore = frame_system::Pallet; + type WeightInfo = (); + type MaxReserves = ConstU32<1>; + type ReserveIdentifier = [u8; 8]; + type HoldIdentifier = (); + type FreezeIdentifier = (); + type MaxHolds = ConstU32<0>; + type MaxFreezes = ConstU32<0>; +} + +impl pallet_bridge_relayers::Config for TestRuntime { + type RuntimeEvent = RuntimeEvent; + type Reward = Balance; + type PaymentProcedure = TestPaymentProcedure; + type StakeAndSlash = TestStakeAndSlash; + type WeightInfo = (); +} + +#[cfg(feature = "runtime-benchmarks")] +impl pallet_bridge_relayers::benchmarking::Config for TestRuntime { + fn prepare_rewards_account(account_params: RewardsAccountParams, reward: Balance) { + let rewards_account = + bp_relayers::PayRewardFromAccount::::rewards_account( + account_params, + ); + Self::deposit_account(rewards_account, reward); + } + + fn deposit_account(account: Self::AccountId, balance: Self::Reward) { + Balances::mint_into(&account, balance.saturating_add(ExistentialDeposit::get())).unwrap(); + } +} + +/// Message lane that we're using in tests. +pub const TEST_REWARDS_ACCOUNT_PARAMS: RewardsAccountParams = + RewardsAccountParams::new(LaneId([0, 0, 0, 0]), *b"test", RewardsAccountOwner::ThisChain); + +/// Regular relayer that may receive rewards. +pub const REGULAR_RELAYER: AccountId = 1; + +/// Relayer that can't receive rewards. +pub const FAILING_RELAYER: AccountId = 2; + +/// Relayer that is able to register. +pub const REGISTER_RELAYER: AccountId = 42; + +/// Payment procedure that rejects payments to the `FAILING_RELAYER`. +pub struct TestPaymentProcedure; + +impl TestPaymentProcedure { + pub fn rewards_account(params: RewardsAccountParams) -> AccountId { + PayRewardFromAccount::<(), AccountId>::rewards_account(params) + } +} + +impl PaymentProcedure for TestPaymentProcedure { + type Error = (); + + fn pay_reward( + relayer: &AccountId, + _lane_id: RewardsAccountParams, + _reward: Balance, + ) -> Result<(), Self::Error> { + match *relayer { + FAILING_RELAYER => Err(()), + _ => Ok(()), + } + } +} + +/// Return test externalities to use in tests. +pub fn new_test_ext() -> sp_io::TestExternalities { + let t = frame_system::GenesisConfig::default().build_storage::().unwrap(); + sp_io::TestExternalities::new(t) +} + +/// Run pallet test. +pub fn run_test(test: impl FnOnce() -> T) -> T { + new_test_ext().execute_with(|| { + Balances::mint_into(®ISTER_RELAYER, ExistentialDeposit::get() + 10 * Stake::get()) + .unwrap(); + + test() + }) +} diff --git a/bridges/modules/relayers/src/payment_adapter.rs b/bridges/modules/relayers/src/payment_adapter.rs new file mode 100644 index 00000000000..a9536cfc027 --- /dev/null +++ b/bridges/modules/relayers/src/payment_adapter.rs @@ -0,0 +1,158 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Code that allows relayers pallet to be used as a payment mechanism for the messages pallet. + +use crate::{Config, Pallet}; + +use bp_messages::{ + source_chain::{DeliveryConfirmationPayments, RelayersRewards}, + LaneId, MessageNonce, +}; +use bp_relayers::{RewardsAccountOwner, RewardsAccountParams}; +use frame_support::{sp_runtime::SaturatedConversion, traits::Get}; +use sp_arithmetic::traits::{Saturating, Zero}; +use sp_std::{collections::vec_deque::VecDeque, marker::PhantomData, ops::RangeInclusive}; + +/// Adapter that allows relayers pallet to be used as a delivery+dispatch payment mechanism +/// for the messages pallet. +pub struct DeliveryConfirmationPaymentsAdapter( + PhantomData<(T, MI, DeliveryReward)>, +); + +impl DeliveryConfirmationPayments + for DeliveryConfirmationPaymentsAdapter +where + T: Config + pallet_bridge_messages::Config, + MI: 'static, + DeliveryReward: Get, +{ + type Error = &'static str; + + fn pay_reward( + lane_id: LaneId, + messages_relayers: VecDeque>, + confirmation_relayer: &T::AccountId, + received_range: &RangeInclusive, + ) -> MessageNonce { + let relayers_rewards = + bp_messages::calc_relayers_rewards::(messages_relayers, received_range); + let rewarded_relayers = relayers_rewards.len(); + + register_relayers_rewards::( + confirmation_relayer, + relayers_rewards, + RewardsAccountParams::new( + lane_id, + T::BridgedChainId::get(), + RewardsAccountOwner::BridgedChain, + ), + DeliveryReward::get(), + ); + + rewarded_relayers as _ + } +} + +// Update rewards to given relayers, optionally rewarding confirmation relayer. +fn register_relayers_rewards( + confirmation_relayer: &T::AccountId, + relayers_rewards: RelayersRewards, + lane_id: RewardsAccountParams, + delivery_fee: T::Reward, +) { + // reward every relayer except `confirmation_relayer` + let mut confirmation_relayer_reward = T::Reward::zero(); + for (relayer, messages) in relayers_rewards { + // sane runtime configurations guarantee that the number of messages will be below + // `u32::MAX` + let relayer_reward = T::Reward::saturated_from(messages).saturating_mul(delivery_fee); + + if relayer != *confirmation_relayer { + Pallet::::register_relayer_reward(lane_id, &relayer, relayer_reward); + } else { + confirmation_relayer_reward = + confirmation_relayer_reward.saturating_add(relayer_reward); + } + } + + // finally - pay reward to confirmation relayer + Pallet::::register_relayer_reward( + lane_id, + confirmation_relayer, + confirmation_relayer_reward, + ); +} + +#[cfg(test)] +mod tests { + use super::*; + use crate::{mock::*, RelayerRewards}; + + const RELAYER_1: AccountId = 1; + const RELAYER_2: AccountId = 2; + const RELAYER_3: AccountId = 3; + + fn relayers_rewards() -> RelayersRewards { + vec![(RELAYER_1, 2), (RELAYER_2, 3)].into_iter().collect() + } + + #[test] + fn confirmation_relayer_is_rewarded_if_it_has_also_delivered_messages() { + run_test(|| { + register_relayers_rewards::( + &RELAYER_2, + relayers_rewards(), + TEST_REWARDS_ACCOUNT_PARAMS, + 50, + ); + + assert_eq!( + RelayerRewards::::get(RELAYER_1, TEST_REWARDS_ACCOUNT_PARAMS), + Some(100) + ); + assert_eq!( + RelayerRewards::::get(RELAYER_2, TEST_REWARDS_ACCOUNT_PARAMS), + Some(150) + ); + }); + } + + #[test] + fn confirmation_relayer_is_not_rewarded_if_it_has_not_delivered_any_messages() { + run_test(|| { + register_relayers_rewards::( + &RELAYER_3, + relayers_rewards(), + TEST_REWARDS_ACCOUNT_PARAMS, + 50, + ); + + assert_eq!( + RelayerRewards::::get(RELAYER_1, TEST_REWARDS_ACCOUNT_PARAMS), + Some(100) + ); + assert_eq!( + RelayerRewards::::get(RELAYER_2, TEST_REWARDS_ACCOUNT_PARAMS), + Some(150) + ); + assert_eq!( + RelayerRewards::::get(RELAYER_3, TEST_REWARDS_ACCOUNT_PARAMS), + None + ); + }); + } +} diff --git a/bridges/modules/relayers/src/stake_adapter.rs b/bridges/modules/relayers/src/stake_adapter.rs new file mode 100644 index 00000000000..055b6a111ec --- /dev/null +++ b/bridges/modules/relayers/src/stake_adapter.rs @@ -0,0 +1,186 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Code that allows `NamedReservableCurrency` to be used as a `StakeAndSlash` +//! mechanism of the relayers pallet. + +use bp_relayers::{PayRewardFromAccount, RewardsAccountParams, StakeAndSlash}; +use codec::Codec; +use frame_support::traits::{tokens::BalanceStatus, NamedReservableCurrency}; +use sp_runtime::{traits::Get, DispatchError, DispatchResult}; +use sp_std::{fmt::Debug, marker::PhantomData}; + +/// `StakeAndSlash` that works with `NamedReservableCurrency` and uses named +/// reservations. +/// +/// **WARNING**: this implementation assumes that the relayers pallet is configured to +/// use the [`bp_relayers::PayRewardFromAccount`] as its relayers payment scheme. +pub struct StakeAndSlashNamed( + PhantomData<(AccountId, BlockNumber, Currency, ReserveId, Stake, Lease)>, +); + +impl + StakeAndSlash + for StakeAndSlashNamed +where + AccountId: Codec + Debug, + Currency: NamedReservableCurrency, + ReserveId: Get, + Stake: Get, + Lease: Get, +{ + type RequiredStake = Stake; + type RequiredRegistrationLease = Lease; + + fn reserve(relayer: &AccountId, amount: Currency::Balance) -> DispatchResult { + Currency::reserve_named(&ReserveId::get(), relayer, amount) + } + + fn unreserve(relayer: &AccountId, amount: Currency::Balance) -> Currency::Balance { + Currency::unreserve_named(&ReserveId::get(), relayer, amount) + } + + fn repatriate_reserved( + relayer: &AccountId, + beneficiary: RewardsAccountParams, + amount: Currency::Balance, + ) -> Result { + let beneficiary_account = + PayRewardFromAccount::<(), AccountId>::rewards_account(beneficiary); + Currency::repatriate_reserved_named( + &ReserveId::get(), + relayer, + &beneficiary_account, + amount, + BalanceStatus::Free, + ) + } +} + +#[cfg(test)] +mod tests { + use super::*; + use crate::mock::*; + + use frame_support::traits::fungible::Mutate; + + fn test_stake() -> Balance { + Stake::get() + } + + #[test] + fn reserve_works() { + run_test(|| { + assert!(TestStakeAndSlash::reserve(&1, test_stake()).is_err()); + assert_eq!(Balances::free_balance(1), 0); + assert_eq!(Balances::reserved_balance(1), 0); + + Balances::mint_into(&2, test_stake() - 1).unwrap(); + assert!(TestStakeAndSlash::reserve(&2, test_stake()).is_err()); + assert_eq!(Balances::free_balance(2), test_stake() - 1); + assert_eq!(Balances::reserved_balance(2), 0); + + Balances::mint_into(&3, test_stake() * 2).unwrap(); + assert_eq!(TestStakeAndSlash::reserve(&3, test_stake()), Ok(())); + assert_eq!(Balances::free_balance(3), test_stake()); + assert_eq!(Balances::reserved_balance(3), test_stake()); + }) + } + + #[test] + fn unreserve_works() { + run_test(|| { + assert_eq!(TestStakeAndSlash::unreserve(&1, test_stake()), test_stake()); + assert_eq!(Balances::free_balance(1), 0); + assert_eq!(Balances::reserved_balance(1), 0); + + Balances::mint_into(&2, test_stake() * 2).unwrap(); + TestStakeAndSlash::reserve(&2, test_stake() / 3).unwrap(); + assert_eq!( + TestStakeAndSlash::unreserve(&2, test_stake()), + test_stake() - test_stake() / 3 + ); + assert_eq!(Balances::free_balance(2), test_stake() * 2); + assert_eq!(Balances::reserved_balance(2), 0); + + Balances::mint_into(&3, test_stake() * 2).unwrap(); + TestStakeAndSlash::reserve(&3, test_stake()).unwrap(); + assert_eq!(TestStakeAndSlash::unreserve(&3, test_stake()), 0); + assert_eq!(Balances::free_balance(3), test_stake() * 2); + assert_eq!(Balances::reserved_balance(3), 0); + }) + } + + #[test] + fn repatriate_reserved_works() { + run_test(|| { + let beneficiary = TEST_REWARDS_ACCOUNT_PARAMS; + let beneficiary_account = TestPaymentProcedure::rewards_account(beneficiary); + + let mut expected_balance = ExistentialDeposit::get(); + Balances::mint_into(&beneficiary_account, expected_balance).unwrap(); + + assert_eq!( + TestStakeAndSlash::repatriate_reserved(&1, beneficiary, test_stake()), + Ok(test_stake()) + ); + assert_eq!(Balances::free_balance(1), 0); + assert_eq!(Balances::reserved_balance(1), 0); + assert_eq!(Balances::free_balance(beneficiary_account), expected_balance); + assert_eq!(Balances::reserved_balance(beneficiary_account), 0); + + expected_balance += test_stake() / 3; + Balances::mint_into(&2, test_stake() * 2).unwrap(); + TestStakeAndSlash::reserve(&2, test_stake() / 3).unwrap(); + assert_eq!( + TestStakeAndSlash::repatriate_reserved(&2, beneficiary, test_stake()), + Ok(test_stake() - test_stake() / 3) + ); + assert_eq!(Balances::free_balance(2), test_stake() * 2 - test_stake() / 3); + assert_eq!(Balances::reserved_balance(2), 0); + assert_eq!(Balances::free_balance(beneficiary_account), expected_balance); + assert_eq!(Balances::reserved_balance(beneficiary_account), 0); + + expected_balance += test_stake(); + Balances::mint_into(&3, test_stake() * 2).unwrap(); + TestStakeAndSlash::reserve(&3, test_stake()).unwrap(); + assert_eq!( + TestStakeAndSlash::repatriate_reserved(&3, beneficiary, test_stake()), + Ok(0) + ); + assert_eq!(Balances::free_balance(3), test_stake()); + assert_eq!(Balances::reserved_balance(3), 0); + assert_eq!(Balances::free_balance(beneficiary_account), expected_balance); + assert_eq!(Balances::reserved_balance(beneficiary_account), 0); + }) + } + + #[test] + fn repatriate_reserved_doesnt_work_when_beneficiary_account_is_missing() { + run_test(|| { + let beneficiary = TEST_REWARDS_ACCOUNT_PARAMS; + let beneficiary_account = TestPaymentProcedure::rewards_account(beneficiary); + + Balances::mint_into(&3, test_stake() * 2).unwrap(); + TestStakeAndSlash::reserve(&3, test_stake()).unwrap(); + assert!(TestStakeAndSlash::repatriate_reserved(&3, beneficiary, test_stake()).is_err()); + assert_eq!(Balances::free_balance(3), test_stake()); + assert_eq!(Balances::reserved_balance(3), test_stake()); + assert_eq!(Balances::free_balance(beneficiary_account), 0); + assert_eq!(Balances::reserved_balance(beneficiary_account), 0); + }); + } +} diff --git a/bridges/modules/relayers/src/weights.rs b/bridges/modules/relayers/src/weights.rs new file mode 100644 index 00000000000..1bc195a5424 --- /dev/null +++ b/bridges/modules/relayers/src/weights.rs @@ -0,0 +1,259 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Autogenerated weights for pallet_bridge_relayers +//! +//! THIS FILE WAS AUTO-GENERATED USING THE SUBSTRATE BENCHMARK CLI VERSION 4.0.0-dev +//! DATE: 2023-04-28, STEPS: `50`, REPEAT: `20`, LOW RANGE: `[]`, HIGH RANGE: `[]` +//! WORST CASE MAP SIZE: `1000000` +//! HOSTNAME: `covid`, CPU: `11th Gen Intel(R) Core(TM) i7-11800H @ 2.30GHz` +//! EXECUTION: Some(Wasm), WASM-EXECUTION: Compiled, CHAIN: Some("dev"), DB CACHE: 1024 + +// Executed Command: +// target/release/millau-bridge-node +// benchmark +// pallet +// --chain=dev +// --steps=50 +// --repeat=20 +// --pallet=pallet_bridge_relayers +// --extrinsic=* +// --execution=wasm +// --wasm-execution=Compiled +// --heap-pages=4096 +// --output=./modules/relayers/src/weights.rs +// --template=./.maintain/bridge-weight-template.hbs + +#![allow(clippy::all)] +#![allow(unused_parens)] +#![allow(unused_imports)] +#![allow(missing_docs)] + +use frame_support::{ + traits::Get, + weights::{constants::RocksDbWeight, Weight}, +}; +use sp_std::marker::PhantomData; + +/// Weight functions needed for pallet_bridge_relayers. +pub trait WeightInfo { + fn claim_rewards() -> Weight; + fn register() -> Weight; + fn deregister() -> Weight; + fn slash_and_deregister() -> Weight; + fn register_relayer_reward() -> Weight; +} + +/// Weights for `pallet_bridge_relayers` that are generated using one of the Bridge testnets. +/// +/// Those weights are test only and must never be used in production. +pub struct BridgeWeight(PhantomData); +impl WeightInfo for BridgeWeight { + /// Storage: BridgeRelayers RelayerRewards (r:1 w:1) + /// + /// Proof: BridgeRelayers RelayerRewards (max_values: None, max_size: Some(65), added: 2540, + /// mode: MaxEncodedLen) + /// + /// Storage: Balances TotalIssuance (r:1 w:0) + /// + /// Proof: Balances TotalIssuance (max_values: Some(1), max_size: Some(8), added: 503, mode: + /// MaxEncodedLen) + /// + /// Storage: System Account (r:1 w:1) + /// + /// Proof: System Account (max_values: None, max_size: Some(104), added: 2579, mode: + /// MaxEncodedLen) + fn claim_rewards() -> Weight { + // Proof Size summary in bytes: + // Measured: `294` + // Estimated: `8592` + // Minimum execution time: 77_614 nanoseconds. + Weight::from_parts(79_987_000, 8592) + .saturating_add(T::DbWeight::get().reads(3_u64)) + .saturating_add(T::DbWeight::get().writes(2_u64)) + } + /// Storage: BridgeRelayers RegisteredRelayers (r:1 w:1) + /// + /// Proof: BridgeRelayers RegisteredRelayers (max_values: None, max_size: Some(64), added: 2539, + /// mode: MaxEncodedLen) + /// + /// Storage: Balances Reserves (r:1 w:1) + /// + /// Proof: Balances Reserves (max_values: None, max_size: Some(849), added: 3324, mode: + /// MaxEncodedLen) + fn register() -> Weight { + // Proof Size summary in bytes: + // Measured: `87` + // Estimated: `7843` + // Minimum execution time: 39_590 nanoseconds. + Weight::from_parts(40_546_000, 7843) + .saturating_add(T::DbWeight::get().reads(2_u64)) + .saturating_add(T::DbWeight::get().writes(2_u64)) + } + /// Storage: BridgeRelayers RegisteredRelayers (r:1 w:1) + /// + /// Proof: BridgeRelayers RegisteredRelayers (max_values: None, max_size: Some(64), added: 2539, + /// mode: MaxEncodedLen) + /// + /// Storage: Balances Reserves (r:1 w:1) + /// + /// Proof: Balances Reserves (max_values: None, max_size: Some(849), added: 3324, mode: + /// MaxEncodedLen) + fn deregister() -> Weight { + // Proof Size summary in bytes: + // Measured: `264` + // Estimated: `7843` + // Minimum execution time: 43_332 nanoseconds. + Weight::from_parts(45_087_000, 7843) + .saturating_add(T::DbWeight::get().reads(2_u64)) + .saturating_add(T::DbWeight::get().writes(2_u64)) + } + /// Storage: BridgeRelayers RegisteredRelayers (r:1 w:1) + /// + /// Proof: BridgeRelayers RegisteredRelayers (max_values: None, max_size: Some(64), added: 2539, + /// mode: MaxEncodedLen) + /// + /// Storage: Balances Reserves (r:1 w:1) + /// + /// Proof: Balances Reserves (max_values: None, max_size: Some(849), added: 3324, mode: + /// MaxEncodedLen) + /// + /// Storage: System Account (r:1 w:1) + /// + /// Proof: System Account (max_values: None, max_size: Some(104), added: 2579, mode: + /// MaxEncodedLen) + fn slash_and_deregister() -> Weight { + // Proof Size summary in bytes: + // Measured: `380` + // Estimated: `11412` + // Minimum execution time: 42_358 nanoseconds. + Weight::from_parts(43_539_000, 11412) + .saturating_add(T::DbWeight::get().reads(3_u64)) + .saturating_add(T::DbWeight::get().writes(3_u64)) + } + /// Storage: BridgeRelayers RelayerRewards (r:1 w:1) + /// + /// Proof: BridgeRelayers RelayerRewards (max_values: None, max_size: Some(65), added: 2540, + /// mode: MaxEncodedLen) + fn register_relayer_reward() -> Weight { + // Proof Size summary in bytes: + // Measured: `12` + // Estimated: `3530` + // Minimum execution time: 6_338 nanoseconds. + Weight::from_parts(6_526_000, 3530) + .saturating_add(T::DbWeight::get().reads(1_u64)) + .saturating_add(T::DbWeight::get().writes(1_u64)) + } +} + +// For backwards compatibility and tests +impl WeightInfo for () { + /// Storage: BridgeRelayers RelayerRewards (r:1 w:1) + /// + /// Proof: BridgeRelayers RelayerRewards (max_values: None, max_size: Some(65), added: 2540, + /// mode: MaxEncodedLen) + /// + /// Storage: Balances TotalIssuance (r:1 w:0) + /// + /// Proof: Balances TotalIssuance (max_values: Some(1), max_size: Some(8), added: 503, mode: + /// MaxEncodedLen) + /// + /// Storage: System Account (r:1 w:1) + /// + /// Proof: System Account (max_values: None, max_size: Some(104), added: 2579, mode: + /// MaxEncodedLen) + fn claim_rewards() -> Weight { + // Proof Size summary in bytes: + // Measured: `294` + // Estimated: `8592` + // Minimum execution time: 77_614 nanoseconds. + Weight::from_parts(79_987_000, 8592) + .saturating_add(RocksDbWeight::get().reads(3_u64)) + .saturating_add(RocksDbWeight::get().writes(2_u64)) + } + /// Storage: BridgeRelayers RegisteredRelayers (r:1 w:1) + /// + /// Proof: BridgeRelayers RegisteredRelayers (max_values: None, max_size: Some(64), added: 2539, + /// mode: MaxEncodedLen) + /// + /// Storage: Balances Reserves (r:1 w:1) + /// + /// Proof: Balances Reserves (max_values: None, max_size: Some(849), added: 3324, mode: + /// MaxEncodedLen) + fn register() -> Weight { + // Proof Size summary in bytes: + // Measured: `87` + // Estimated: `7843` + // Minimum execution time: 39_590 nanoseconds. + Weight::from_parts(40_546_000, 7843) + .saturating_add(RocksDbWeight::get().reads(2_u64)) + .saturating_add(RocksDbWeight::get().writes(2_u64)) + } + /// Storage: BridgeRelayers RegisteredRelayers (r:1 w:1) + /// + /// Proof: BridgeRelayers RegisteredRelayers (max_values: None, max_size: Some(64), added: 2539, + /// mode: MaxEncodedLen) + /// + /// Storage: Balances Reserves (r:1 w:1) + /// + /// Proof: Balances Reserves (max_values: None, max_size: Some(849), added: 3324, mode: + /// MaxEncodedLen) + fn deregister() -> Weight { + // Proof Size summary in bytes: + // Measured: `264` + // Estimated: `7843` + // Minimum execution time: 43_332 nanoseconds. + Weight::from_parts(45_087_000, 7843) + .saturating_add(RocksDbWeight::get().reads(2_u64)) + .saturating_add(RocksDbWeight::get().writes(2_u64)) + } + /// Storage: BridgeRelayers RegisteredRelayers (r:1 w:1) + /// + /// Proof: BridgeRelayers RegisteredRelayers (max_values: None, max_size: Some(64), added: 2539, + /// mode: MaxEncodedLen) + /// + /// Storage: Balances Reserves (r:1 w:1) + /// + /// Proof: Balances Reserves (max_values: None, max_size: Some(849), added: 3324, mode: + /// MaxEncodedLen) + /// + /// Storage: System Account (r:1 w:1) + /// + /// Proof: System Account (max_values: None, max_size: Some(104), added: 2579, mode: + /// MaxEncodedLen) + fn slash_and_deregister() -> Weight { + // Proof Size summary in bytes: + // Measured: `380` + // Estimated: `11412` + // Minimum execution time: 42_358 nanoseconds. + Weight::from_parts(43_539_000, 11412) + .saturating_add(RocksDbWeight::get().reads(3_u64)) + .saturating_add(RocksDbWeight::get().writes(3_u64)) + } + /// Storage: BridgeRelayers RelayerRewards (r:1 w:1) + /// + /// Proof: BridgeRelayers RelayerRewards (max_values: None, max_size: Some(65), added: 2540, + /// mode: MaxEncodedLen) + fn register_relayer_reward() -> Weight { + // Proof Size summary in bytes: + // Measured: `12` + // Estimated: `3530` + // Minimum execution time: 6_338 nanoseconds. + Weight::from_parts(6_526_000, 3530) + .saturating_add(RocksDbWeight::get().reads(1_u64)) + .saturating_add(RocksDbWeight::get().writes(1_u64)) + } +} diff --git a/bridges/modules/relayers/src/weights_ext.rs b/bridges/modules/relayers/src/weights_ext.rs new file mode 100644 index 00000000000..d459b0686bd --- /dev/null +++ b/bridges/modules/relayers/src/weights_ext.rs @@ -0,0 +1,49 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Weight-related utilities. + +use crate::weights::WeightInfo; + +use frame_support::pallet_prelude::Weight; + +/// Extended weight info. +pub trait WeightInfoExt: WeightInfo { + /// Returns weight, that needs to be added to the pre-dispatch weight of message delivery call, + /// if `RefundBridgedParachainMessages` signed extension is deployed at runtime level. + fn receive_messages_proof_overhead_from_runtime() -> Weight { + Self::slash_and_deregister().max(Self::register_relayer_reward()) + } + + /// Returns weight, that needs to be added to the pre-dispatch weight of message delivery + /// confirmation call, if `RefundBridgedParachainMessages` signed extension is deployed at + /// runtime level. + fn receive_messages_delivery_proof_overhead_from_runtime() -> Weight { + Self::register_relayer_reward() + } + + /// Returns weight that we need to deduct from the message delivery call weight that has + /// completed successfully. + /// + /// Usually, the weight of `slash_and_deregister` is larger than the weight of the + /// `register_relayer_reward`. So if relayer has been rewarded, we want to deduct the difference + /// to get the actual post-dispatch weight. + fn extra_weight_of_successful_receive_messages_proof_call() -> Weight { + Self::slash_and_deregister().saturating_sub(Self::register_relayer_reward()) + } +} + +impl WeightInfoExt for T {} diff --git a/bridges/primitives/chain-bridge-hub-cumulus/Cargo.toml b/bridges/primitives/chain-bridge-hub-cumulus/Cargo.toml new file mode 100644 index 00000000000..2bbe3d029a3 --- /dev/null +++ b/bridges/primitives/chain-bridge-hub-cumulus/Cargo.toml @@ -0,0 +1,37 @@ +[package] +name = "bp-bridge-hub-cumulus" +description = "Primitives of BridgeHubRococo parachain runtime." +version = "0.1.0" +authors = ["Parity Technologies "] +edition = "2021" +license = "GPL-3.0-or-later WITH Classpath-exception-2.0" + +[dependencies] +# Bridge Dependencies + +bp-polkadot-core = { path = "../../primitives/polkadot-core", default-features = false } +bp-messages = { path = "../../primitives/messages", default-features = false } +bp-runtime = { path = "../../primitives/runtime", default-features = false } + +# Substrate Based Dependencies + +frame-system = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +frame-support = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-api = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-std = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } + +# Polkadot Dependencies +polkadot-primitives = { git = "https://github.com/paritytech/polkadot", branch = "master", default-features = false } + +[features] +default = ["std"] +std = [ + "bp-polkadot-core/std", + "bp-messages/std", + "bp-runtime/std", + "frame-system/std", + "frame-support/std", + "sp-api/std", + "sp-std/std", + "polkadot-primitives/std", +] diff --git a/bridges/primitives/chain-bridge-hub-cumulus/src/lib.rs b/bridges/primitives/chain-bridge-hub-cumulus/src/lib.rs new file mode 100644 index 00000000000..4c9f9e20468 --- /dev/null +++ b/bridges/primitives/chain-bridge-hub-cumulus/src/lib.rs @@ -0,0 +1,216 @@ +// Copyright 2022 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +#![cfg_attr(not(feature = "std"), no_std)] + +pub use bp_polkadot_core::{ + AccountId, AccountInfoStorageMapKeyProvider, AccountPublic, Balance, BlockNumber, Hash, Hasher, + Hashing, Header, Index, Nonce, Perbill, Signature, SignedBlock, UncheckedExtrinsic, + EXTRA_STORAGE_PROOF_SIZE, TX_EXTRA_BYTES, +}; + +use bp_messages::*; +use bp_runtime::extensions::{ + BridgeRejectObsoleteHeadersAndMessages, ChargeTransactionPayment, CheckEra, CheckGenesis, + CheckNonZeroSender, CheckNonce, CheckSpecVersion, CheckTxVersion, CheckWeight, + GenericSignedExtension, RefundBridgedParachainMessagesSchema, +}; +use frame_support::{ + dispatch::DispatchClass, + parameter_types, + sp_runtime::{MultiAddress, MultiSigner}, + weights::constants, +}; +use frame_system::limits; +use sp_std::time::Duration; + +/// Average block interval in Cumulus-based parachains. +/// +/// Corresponds to the `MILLISECS_PER_BLOCK` from `parachains_common` crate. +pub const AVERAGE_BLOCK_INTERVAL: Duration = Duration::from_secs(12); + +/// All cumulus bridge hubs allow normal extrinsics to fill block up to 75 percent. +/// +/// This is a copy-paste from the cumulus repo's `parachains-common` crate. +pub const NORMAL_DISPATCH_RATIO: Perbill = Perbill::from_percent(75); + +/// All cumulus bridge hubs chains allow for 0.5 seconds of compute with a 6-second average block +/// time. +/// +/// This is a copy-paste from the cumulus repo's `parachains-common` crate. +const MAXIMUM_BLOCK_WEIGHT: Weight = Weight::from_parts(constants::WEIGHT_REF_TIME_PER_SECOND, 0) + .saturating_div(2) + .set_proof_size(polkadot_primitives::v4::MAX_POV_SIZE as u64); + +/// All cumulus bridge hubs assume that about 5 percent of the block weight is consumed by +/// `on_initialize` handlers. This is used to limit the maximal weight of a single extrinsic. +/// +/// This is a copy-paste from the cumulus repo's `parachains-common` crate. +pub const AVERAGE_ON_INITIALIZE_RATIO: Perbill = Perbill::from_percent(5); + +parameter_types! { + pub BlockLength: limits::BlockLength = limits::BlockLength::max_with_normal_ratio( + 5 * 1024 * 1024, + NORMAL_DISPATCH_RATIO, + ); + + /// Importing a block with 0 Extrinsics. + pub const BlockExecutionWeight: Weight = Weight::from_parts(constants::WEIGHT_REF_TIME_PER_NANOS, 0) + .saturating_mul(5_000_000); + /// Executing a NO-OP `System::remarks` Extrinsic. + pub const ExtrinsicBaseWeight: Weight = Weight::from_parts(constants::WEIGHT_REF_TIME_PER_NANOS, 0) + .saturating_mul(125_000); + + pub BlockWeights: limits::BlockWeights = limits::BlockWeights::builder() + .base_block(BlockExecutionWeight::get()) + .for_class(DispatchClass::all(), |weights| { + weights.base_extrinsic = ExtrinsicBaseWeight::get(); + }) + .for_class(DispatchClass::Normal, |weights| { + weights.max_total = Some(NORMAL_DISPATCH_RATIO * MAXIMUM_BLOCK_WEIGHT); + }) + .for_class(DispatchClass::Operational, |weights| { + weights.max_total = Some(MAXIMUM_BLOCK_WEIGHT); + // Operational transactions have an extra reserved space, so that they + // are included even if block reached `MAXIMUM_BLOCK_WEIGHT`. + weights.reserved = Some( + MAXIMUM_BLOCK_WEIGHT - NORMAL_DISPATCH_RATIO * MAXIMUM_BLOCK_WEIGHT, + ); + }) + .avg_block_initialization(AVERAGE_ON_INITIALIZE_RATIO) + .build_or_panic(); +} + +/// Public key of the chain account that may be used to verify signatures. +pub type AccountSigner = MultiSigner; + +/// The address format for describing accounts. +pub type Address = MultiAddress; + +// Note about selecting values of two following constants: +// +// Normal transactions have limit of 75% of 1/2 second weight for Cumulus parachains. Let's keep +// some reserve for the rest of stuff there => let's select values that fit in 50% of maximal limit. +// +// Using current constants, the limit would be: +// +// `75% * WEIGHT_REF_TIME_PER_SECOND * 1 / 2 * 50% = 0.75 * 1_000_000_000_000 / 2 * 0.5 = +// 187_500_000_000` +// +// According to (preliminary) weights of messages pallet, cost of additional message is zero and the +// cost of additional relayer is `8_000_000 + db read + db write`. Let's say we want no more than +// 4096 unconfirmed messages (no any scientific justification for that - it just looks large +// enough). And then we can't have more than 4096 relayers. E.g. for 1024 relayers is (using +// `RocksDbWeight`): +// +// `1024 * (8_000_000 + db read + db write) = 1024 * (8_000_000 + 25_000_000 + 100_000_000) = +// 136_192_000_000` +// +// So 1024 looks like good approximation for the number of relayers. If something is wrong in those +// assumptions, or something will change, it shall be caught by the +// `ensure_able_to_receive_confirmation` test. + +/// Maximal number of unrewarded relayer entries at inbound lane for Cumulus-based parachains. +pub const MAX_UNREWARDED_RELAYERS_IN_CONFIRMATION_TX: MessageNonce = 1024; + +/// Maximal number of unconfirmed messages at inbound lane for Cumulus-based parachains. +pub const MAX_UNCONFIRMED_MESSAGES_IN_CONFIRMATION_TX: MessageNonce = 4096; + +/// Extra signed extension data that is used by all bridge hubs. +pub type SignedExtra = ( + CheckNonZeroSender, + CheckSpecVersion, + CheckTxVersion, + CheckGenesis, + CheckEra, + CheckNonce, + CheckWeight, + ChargeTransactionPayment, + BridgeRejectObsoleteHeadersAndMessages, + RefundBridgedParachainMessagesSchema, +); + +/// Signed extension that is used by all bridge hubs. +pub type SignedExtension = GenericSignedExtension; + +/// Helper trait to define some extra methods on bridge hubs signed extension (and +/// overcome Rust limitations). +pub trait BridgeHubSignedExtension { + /// Create signed extension from its components. + fn from_params( + spec_version: u32, + transaction_version: u32, + era: bp_runtime::TransactionEra, + genesis_hash: Hash, + nonce: Index, + tip: Balance, + ) -> Self; + + /// Return transaction nonce. + fn nonce(&self) -> Index; + + /// Return transaction tip. + fn tip(&self) -> Balance; +} + +impl BridgeHubSignedExtension for SignedExtension { + /// Create signed extension from its components. + fn from_params( + spec_version: u32, + transaction_version: u32, + era: bp_runtime::TransactionEra, + genesis_hash: Hash, + nonce: Index, + tip: Balance, + ) -> Self { + GenericSignedExtension::new( + ( + (), // non-zero sender + (), // spec version + (), // tx version + (), // genesis + era.frame_era(), // era + nonce.into(), // nonce (compact encoding) + (), // Check weight + tip.into(), // transaction payment / tip (compact encoding) + (), // bridge reject obsolete headers and msgs + (), // bridge reward to relayer for message passing + ), + Some(( + (), + spec_version, + transaction_version, + genesis_hash, + era.signed_payload(genesis_hash), + (), + (), + (), + (), + (), + )), + ) + } + + /// Return transaction nonce. + fn nonce(&self) -> Index { + self.payload.5 .0 + } + + /// Return transaction tip. + fn tip(&self) -> Balance { + self.payload.7 .0 + } +} diff --git a/bridges/primitives/chain-bridge-hub-kusama/Cargo.toml b/bridges/primitives/chain-bridge-hub-kusama/Cargo.toml new file mode 100644 index 00000000000..6d4334eaa57 --- /dev/null +++ b/bridges/primitives/chain-bridge-hub-kusama/Cargo.toml @@ -0,0 +1,31 @@ +[package] +name = "bp-bridge-hub-kusama" +description = "Primitives of BridgeHubRococo parachain runtime." +version = "0.1.0" +authors = ["Parity Technologies "] +edition = "2021" +license = "GPL-3.0-or-later WITH Classpath-exception-2.0" + +[dependencies] +# Bridge Dependencies + +bp-bridge-hub-cumulus = { path = "../chain-bridge-hub-cumulus", default-features = false } +bp-runtime = { path = "../../primitives/runtime", default-features = false } +bp-messages = { path = "../../primitives/messages", default-features = false } + +# Substrate Based Dependencies + +frame-support = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-api = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-std = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } + +[features] +default = ["std"] +std = [ + "bp-bridge-hub-cumulus/std", + "bp-messages/std", + "bp-runtime/std", + "frame-support/std", + "sp-api/std", + "sp-std/std", +] diff --git a/bridges/primitives/chain-bridge-hub-kusama/src/lib.rs b/bridges/primitives/chain-bridge-hub-kusama/src/lib.rs new file mode 100644 index 00000000000..6ca2cd047fb --- /dev/null +++ b/bridges/primitives/chain-bridge-hub-kusama/src/lib.rs @@ -0,0 +1,84 @@ +// Copyright 2022 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Module with configuration which reflects BridgeHubKusama runtime setup (AccountId, Headers, +//! Hashes...) + +#![cfg_attr(not(feature = "std"), no_std)] + +pub use bp_bridge_hub_cumulus::*; +use bp_messages::*; +use bp_runtime::{ + decl_bridge_finality_runtime_apis, decl_bridge_messages_runtime_apis, Chain, Parachain, +}; +use frame_support::{ + dispatch::DispatchClass, + sp_runtime::{MultiAddress, MultiSigner}, + RuntimeDebug, +}; +use sp_std::prelude::*; + +/// BridgeHubKusama parachain. +#[derive(RuntimeDebug)] +pub struct BridgeHubKusama; + +impl Chain for BridgeHubKusama { + type BlockNumber = BlockNumber; + type Hash = Hash; + type Hasher = Hasher; + type Header = Header; + + type AccountId = AccountId; + type Balance = Balance; + type Index = Index; + type Signature = Signature; + + fn max_extrinsic_size() -> u32 { + *BlockLength::get().max.get(DispatchClass::Normal) + } + + fn max_extrinsic_weight() -> Weight { + BlockWeights::get() + .get(DispatchClass::Normal) + .max_extrinsic + .unwrap_or(Weight::MAX) + } +} + +impl Parachain for BridgeHubKusama { + const PARACHAIN_ID: u32 = BRIDGE_HUB_KUSAMA_PARACHAIN_ID; +} + +/// Public key of the chain account that may be used to verify signatures. +pub type AccountSigner = MultiSigner; + +/// The address format for describing accounts. +pub type Address = MultiAddress; + +/// Identifier of BridgeHubKusama in the Kusama relay chain. +pub const BRIDGE_HUB_KUSAMA_PARACHAIN_ID: u32 = 1002; + +/// Name of the With-BridgeHubKusama messages pallet instance that is deployed at bridged chains. +// TODO: check me (https://github.com/paritytech/parity-bridges-common/issues/1945) +pub const WITH_BRIDGE_HUB_KUSAMA_MESSAGES_PALLET_NAME: &str = "BridgeKusamaMessages"; + +/// Name of the With-BridgeHubKusama bridge-relayers pallet instance that is deployed at bridged +/// chains. +// TODO: check me (https://github.com/paritytech/parity-bridges-common/issues/1945) +pub const WITH_BRIDGE_HUB_KUSAMA_RELAYERS_PALLET_NAME: &str = "BridgeRelayers"; + +decl_bridge_finality_runtime_apis!(bridge_hub_kusama); +decl_bridge_messages_runtime_apis!(bridge_hub_kusama); diff --git a/bridges/primitives/chain-bridge-hub-polkadot/Cargo.toml b/bridges/primitives/chain-bridge-hub-polkadot/Cargo.toml new file mode 100644 index 00000000000..2a0ab3213c8 --- /dev/null +++ b/bridges/primitives/chain-bridge-hub-polkadot/Cargo.toml @@ -0,0 +1,32 @@ +[package] +name = "bp-bridge-hub-polkadot" +description = "Primitives of BridgeHubWococo parachain runtime." +version = "0.1.0" +authors = ["Parity Technologies "] +edition = "2021" +license = "GPL-3.0-or-later WITH Classpath-exception-2.0" + +[dependencies] + +# Bridge Dependencies + +bp-bridge-hub-cumulus = { path = "../chain-bridge-hub-cumulus", default-features = false } +bp-runtime = { path = "../../primitives/runtime", default-features = false } +bp-messages = { path = "../../primitives/messages", default-features = false } + +# Substrate Based Dependencies + +frame-support = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-api = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-std = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } + +[features] +default = ["std"] +std = [ + "bp-bridge-hub-cumulus/std", + "bp-runtime/std", + "bp-messages/std", + "frame-support/std", + "sp-api/std", + "sp-std/std", +] diff --git a/bridges/primitives/chain-bridge-hub-polkadot/src/lib.rs b/bridges/primitives/chain-bridge-hub-polkadot/src/lib.rs new file mode 100644 index 00000000000..646fb0a6e41 --- /dev/null +++ b/bridges/primitives/chain-bridge-hub-polkadot/src/lib.rs @@ -0,0 +1,75 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Module with configuration which reflects BridgeHubPolkadot runtime setup +//! (AccountId, Headers, Hashes...) + +#![cfg_attr(not(feature = "std"), no_std)] + +pub use bp_bridge_hub_cumulus::*; +use bp_messages::*; +use bp_runtime::{ + decl_bridge_finality_runtime_apis, decl_bridge_messages_runtime_apis, Chain, Parachain, +}; +use frame_support::{dispatch::DispatchClass, RuntimeDebug}; +use sp_std::prelude::*; + +/// BridgeHubPolkadot parachain. +#[derive(RuntimeDebug)] +pub struct BridgeHubPolkadot; + +impl Chain for BridgeHubPolkadot { + type BlockNumber = BlockNumber; + type Hash = Hash; + type Hasher = Hasher; + type Header = Header; + + type AccountId = AccountId; + type Balance = Balance; + type Index = Index; + type Signature = Signature; + + fn max_extrinsic_size() -> u32 { + *BlockLength::get().max.get(DispatchClass::Normal) + } + + fn max_extrinsic_weight() -> Weight { + BlockWeights::get() + .get(DispatchClass::Normal) + .max_extrinsic + .unwrap_or(Weight::MAX) + } +} + +impl Parachain for BridgeHubPolkadot { + const PARACHAIN_ID: u32 = BRIDGE_HUB_POLKADOT_PARACHAIN_ID; +} + +/// Identifier of BridgeHubPolkadot in the Polkadot relay chain. +// TODO: check me (https://github.com/paritytech/parity-bridges-common/issues/1945) +pub const BRIDGE_HUB_POLKADOT_PARACHAIN_ID: u32 = 1002; + +/// Name of the With-BridgeHubPolkadot messages pallet instance that is deployed at bridged chains. +// TODO: check me (https://github.com/paritytech/parity-bridges-common/issues/1945) +pub const WITH_BRIDGE_HUB_POLKADOT_MESSAGES_PALLET_NAME: &str = "BridgePolkadotMessages"; + +/// Name of the With-BridgeHubPolkadot bridge-relayers pallet instance that is deployed at bridged +/// chains. +// TODO: check me (https://github.com/paritytech/parity-bridges-common/issues/1945) +pub const WITH_BRIDGE_HUB_POLKADOT_RELAYERS_PALLET_NAME: &str = "BridgeRelayers"; + +decl_bridge_finality_runtime_apis!(bridge_hub_polkadot); +decl_bridge_messages_runtime_apis!(bridge_hub_polkadot); diff --git a/bridges/primitives/chain-bridge-hub-rococo/Cargo.toml b/bridges/primitives/chain-bridge-hub-rococo/Cargo.toml new file mode 100644 index 00000000000..85c4225ab55 --- /dev/null +++ b/bridges/primitives/chain-bridge-hub-rococo/Cargo.toml @@ -0,0 +1,31 @@ +[package] +name = "bp-bridge-hub-rococo" +description = "Primitives of BridgeHubRococo parachain runtime." +version = "0.1.0" +authors = ["Parity Technologies "] +edition = "2021" +license = "GPL-3.0-or-later WITH Classpath-exception-2.0" + +[dependencies] +# Bridge Dependencies + +bp-bridge-hub-cumulus = { path = "../chain-bridge-hub-cumulus", default-features = false } +bp-runtime = { path = "../../primitives/runtime", default-features = false } +bp-messages = { path = "../../primitives/messages", default-features = false } + +# Substrate Based Dependencies + +frame-support = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-api = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-std = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } + +[features] +default = ["std"] +std = [ + "bp-bridge-hub-cumulus/std", + "bp-messages/std", + "bp-runtime/std", + "frame-support/std", + "sp-api/std", + "sp-std/std", +] diff --git a/bridges/primitives/chain-bridge-hub-rococo/src/lib.rs b/bridges/primitives/chain-bridge-hub-rococo/src/lib.rs new file mode 100644 index 00000000000..936e4d1beb7 --- /dev/null +++ b/bridges/primitives/chain-bridge-hub-rococo/src/lib.rs @@ -0,0 +1,82 @@ +// Copyright 2022 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Module with configuration which reflects BridgeHubRococo runtime setup (AccountId, Headers, +//! Hashes...) + +#![cfg_attr(not(feature = "std"), no_std)] + +pub use bp_bridge_hub_cumulus::*; +use bp_messages::*; +use bp_runtime::{ + decl_bridge_finality_runtime_apis, decl_bridge_messages_runtime_apis, Chain, Parachain, +}; +use frame_support::{ + dispatch::DispatchClass, + sp_runtime::{MultiAddress, MultiSigner}, + RuntimeDebug, +}; +use sp_std::prelude::*; + +/// BridgeHubRococo parachain. +#[derive(RuntimeDebug)] +pub struct BridgeHubRococo; + +impl Chain for BridgeHubRococo { + type BlockNumber = BlockNumber; + type Hash = Hash; + type Hasher = Hasher; + type Header = Header; + + type AccountId = AccountId; + type Balance = Balance; + type Index = Index; + type Signature = Signature; + + fn max_extrinsic_size() -> u32 { + *BlockLength::get().max.get(DispatchClass::Normal) + } + + fn max_extrinsic_weight() -> Weight { + BlockWeights::get() + .get(DispatchClass::Normal) + .max_extrinsic + .unwrap_or(Weight::MAX) + } +} + +impl Parachain for BridgeHubRococo { + const PARACHAIN_ID: u32 = BRIDGE_HUB_ROCOCO_PARACHAIN_ID; +} + +/// Public key of the chain account that may be used to verify signatures. +pub type AccountSigner = MultiSigner; + +/// The address format for describing accounts. +pub type Address = MultiAddress; + +/// Identifier of BridgeHubRococo in the Rococo relay chain. +pub const BRIDGE_HUB_ROCOCO_PARACHAIN_ID: u32 = 1013; + +/// Name of the With-BridgeHubRococo messages pallet instance that is deployed at bridged chains. +pub const WITH_BRIDGE_HUB_ROCOCO_MESSAGES_PALLET_NAME: &str = "BridgeRococoMessages"; + +/// Name of the With-BridgeHubRococo bridge-relayers pallet instance that is deployed at bridged +/// chains. +pub const WITH_BRIDGE_HUB_ROCOCO_RELAYERS_PALLET_NAME: &str = "BridgeRelayers"; + +decl_bridge_finality_runtime_apis!(bridge_hub_rococo); +decl_bridge_messages_runtime_apis!(bridge_hub_rococo); diff --git a/bridges/primitives/chain-bridge-hub-wococo/Cargo.toml b/bridges/primitives/chain-bridge-hub-wococo/Cargo.toml new file mode 100644 index 00000000000..24ecdb7adbc --- /dev/null +++ b/bridges/primitives/chain-bridge-hub-wococo/Cargo.toml @@ -0,0 +1,32 @@ +[package] +name = "bp-bridge-hub-wococo" +description = "Primitives of BridgeHubWococo parachain runtime." +version = "0.1.0" +authors = ["Parity Technologies "] +edition = "2021" +license = "GPL-3.0-or-later WITH Classpath-exception-2.0" + +[dependencies] + +# Bridge Dependencies + +bp-bridge-hub-cumulus = { path = "../chain-bridge-hub-cumulus", default-features = false } +bp-runtime = { path = "../../primitives/runtime", default-features = false } +bp-messages = { path = "../../primitives/messages", default-features = false } + +# Substrate Based Dependencies + +frame-support = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-api = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-std = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } + +[features] +default = ["std"] +std = [ + "bp-bridge-hub-cumulus/std", + "bp-runtime/std", + "bp-messages/std", + "frame-support/std", + "sp-api/std", + "sp-std/std", +] diff --git a/bridges/primitives/chain-bridge-hub-wococo/src/lib.rs b/bridges/primitives/chain-bridge-hub-wococo/src/lib.rs new file mode 100644 index 00000000000..00704995c5e --- /dev/null +++ b/bridges/primitives/chain-bridge-hub-wococo/src/lib.rs @@ -0,0 +1,72 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Module with configuration which reflects BridgeHubWococo runtime setup +//! (AccountId, Headers, Hashes...) + +#![cfg_attr(not(feature = "std"), no_std)] + +pub use bp_bridge_hub_cumulus::*; +use bp_messages::*; +use bp_runtime::{ + decl_bridge_finality_runtime_apis, decl_bridge_messages_runtime_apis, Chain, Parachain, +}; +use frame_support::{dispatch::DispatchClass, RuntimeDebug}; +use sp_std::prelude::*; + +/// BridgeHubWococo parachain. +#[derive(RuntimeDebug)] +pub struct BridgeHubWococo; + +impl Chain for BridgeHubWococo { + type BlockNumber = BlockNumber; + type Hash = Hash; + type Hasher = Hasher; + type Header = Header; + + type AccountId = AccountId; + type Balance = Balance; + type Index = Index; + type Signature = Signature; + + fn max_extrinsic_size() -> u32 { + *BlockLength::get().max.get(DispatchClass::Normal) + } + + fn max_extrinsic_weight() -> Weight { + BlockWeights::get() + .get(DispatchClass::Normal) + .max_extrinsic + .unwrap_or(Weight::MAX) + } +} + +impl Parachain for BridgeHubWococo { + const PARACHAIN_ID: u32 = BRIDGE_HUB_WOCOCO_PARACHAIN_ID; +} + +/// Identifier of BridgeHubWococo in the Wococo relay chain. +pub const BRIDGE_HUB_WOCOCO_PARACHAIN_ID: u32 = 1014; + +/// Name of the With-BridgeHubWococo messages pallet instance that is deployed at bridged chains. +pub const WITH_BRIDGE_HUB_WOCOCO_MESSAGES_PALLET_NAME: &str = "BridgeWococoMessages"; + +/// Name of the With-BridgeHubWococo bridge-relayers pallet instance that is deployed at bridged +/// chains. +pub const WITH_BRIDGE_HUB_WOCOCO_RELAYERS_PALLET_NAME: &str = "BridgeRelayers"; + +decl_bridge_finality_runtime_apis!(bridge_hub_wococo); +decl_bridge_messages_runtime_apis!(bridge_hub_wococo); diff --git a/bridges/primitives/chain-kusama/Cargo.toml b/bridges/primitives/chain-kusama/Cargo.toml new file mode 100644 index 00000000000..7f48ded1a37 --- /dev/null +++ b/bridges/primitives/chain-kusama/Cargo.toml @@ -0,0 +1,30 @@ +[package] +name = "bp-kusama" +description = "Primitives of Kusama runtime." +version = "0.1.0" +authors = ["Parity Technologies "] +edition = "2021" +license = "GPL-3.0-or-later WITH Classpath-exception-2.0" + +[dependencies] + +# Bridge Dependencies + +bp-header-chain = { path = "../header-chain", default-features = false } +bp-polkadot-core = { path = "../polkadot-core", default-features = false } +bp-runtime = { path = "../runtime", default-features = false } + +# Substrate Based Dependencies + +frame-support = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-api = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } + +[features] +default = ["std"] +std = [ + "bp-header-chain/std", + "bp-polkadot-core/std", + "bp-runtime/std", + "frame-support/std", + "sp-api/std", +] diff --git a/bridges/primitives/chain-kusama/src/lib.rs b/bridges/primitives/chain-kusama/src/lib.rs new file mode 100644 index 00000000000..8e5aec8afda --- /dev/null +++ b/bridges/primitives/chain-kusama/src/lib.rs @@ -0,0 +1,65 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +#![cfg_attr(not(feature = "std"), no_std)] +// RuntimeApi generated functions +#![allow(clippy::too_many_arguments)] + +pub use bp_polkadot_core::*; + +use bp_header_chain::ChainWithGrandpa; +use bp_runtime::{decl_bridge_finality_runtime_apis, Chain}; +use frame_support::weights::Weight; + +/// Kusama Chain +pub struct Kusama; + +impl Chain for Kusama { + type BlockNumber = ::BlockNumber; + type Hash = ::Hash; + type Hasher = ::Hasher; + type Header = ::Header; + + type AccountId = ::AccountId; + type Balance = ::Balance; + type Index = ::Index; + type Signature = ::Signature; + + fn max_extrinsic_size() -> u32 { + PolkadotLike::max_extrinsic_size() + } + + fn max_extrinsic_weight() -> Weight { + PolkadotLike::max_extrinsic_weight() + } +} + +impl ChainWithGrandpa for Kusama { + const WITH_CHAIN_GRANDPA_PALLET_NAME: &'static str = WITH_KUSAMA_GRANDPA_PALLET_NAME; + const MAX_AUTHORITIES_COUNT: u32 = MAX_AUTHORITIES_COUNT; + const REASONABLE_HEADERS_IN_JUSTIFICATON_ANCESTRY: u32 = + REASONABLE_HEADERS_IN_JUSTIFICATON_ANCESTRY; + const MAX_HEADER_SIZE: u32 = MAX_HEADER_SIZE; + const AVERAGE_HEADER_SIZE_IN_JUSTIFICATION: u32 = AVERAGE_HEADER_SIZE_IN_JUSTIFICATION; +} + +/// Name of the parachains pallet in the Kusama runtime. +pub const PARAS_PALLET_NAME: &str = "Paras"; + +/// Name of the With-Kusama GRANDPA pallet instance that is deployed at bridged chains. +pub const WITH_KUSAMA_GRANDPA_PALLET_NAME: &str = "BridgeKusamaGrandpa"; + +decl_bridge_finality_runtime_apis!(kusama); diff --git a/bridges/primitives/chain-polkadot/Cargo.toml b/bridges/primitives/chain-polkadot/Cargo.toml new file mode 100644 index 00000000000..def26bdda1c --- /dev/null +++ b/bridges/primitives/chain-polkadot/Cargo.toml @@ -0,0 +1,30 @@ +[package] +name = "bp-polkadot" +description = "Primitives of Polkadot runtime." +version = "0.1.0" +authors = ["Parity Technologies "] +edition = "2021" +license = "GPL-3.0-or-later WITH Classpath-exception-2.0" + +[dependencies] + +# Bridge Dependencies + +bp-header-chain = { path = "../header-chain", default-features = false } +bp-polkadot-core = { path = "../polkadot-core", default-features = false } +bp-runtime = { path = "../runtime", default-features = false } + +# Substrate Based Dependencies + +frame-support = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-api = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } + +[features] +default = ["std"] +std = [ + "bp-header-chain/std", + "bp-polkadot-core/std", + "bp-runtime/std", + "frame-support/std", + "sp-api/std", +] diff --git a/bridges/primitives/chain-polkadot/src/lib.rs b/bridges/primitives/chain-polkadot/src/lib.rs new file mode 100644 index 00000000000..92995601698 --- /dev/null +++ b/bridges/primitives/chain-polkadot/src/lib.rs @@ -0,0 +1,65 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +#![cfg_attr(not(feature = "std"), no_std)] +// RuntimeApi generated functions +#![allow(clippy::too_many_arguments)] + +pub use bp_polkadot_core::*; + +use bp_header_chain::ChainWithGrandpa; +use bp_runtime::{decl_bridge_finality_runtime_apis, Chain}; +use frame_support::weights::Weight; + +/// Polkadot Chain +pub struct Polkadot; + +impl Chain for Polkadot { + type BlockNumber = ::BlockNumber; + type Hash = ::Hash; + type Hasher = ::Hasher; + type Header = ::Header; + + type AccountId = ::AccountId; + type Balance = ::Balance; + type Index = ::Index; + type Signature = ::Signature; + + fn max_extrinsic_size() -> u32 { + PolkadotLike::max_extrinsic_size() + } + + fn max_extrinsic_weight() -> Weight { + PolkadotLike::max_extrinsic_weight() + } +} + +impl ChainWithGrandpa for Polkadot { + const WITH_CHAIN_GRANDPA_PALLET_NAME: &'static str = WITH_POLKADOT_GRANDPA_PALLET_NAME; + const MAX_AUTHORITIES_COUNT: u32 = MAX_AUTHORITIES_COUNT; + const REASONABLE_HEADERS_IN_JUSTIFICATON_ANCESTRY: u32 = + REASONABLE_HEADERS_IN_JUSTIFICATON_ANCESTRY; + const MAX_HEADER_SIZE: u32 = MAX_HEADER_SIZE; + const AVERAGE_HEADER_SIZE_IN_JUSTIFICATION: u32 = AVERAGE_HEADER_SIZE_IN_JUSTIFICATION; +} + +/// Name of the parachains pallet in the Polkadot runtime. +pub const PARAS_PALLET_NAME: &str = "Paras"; + +/// Name of the With-Polkadot GRANDPA pallet instance that is deployed at bridged chains. +pub const WITH_POLKADOT_GRANDPA_PALLET_NAME: &str = "BridgePolkadotGrandpa"; + +decl_bridge_finality_runtime_apis!(polkadot); diff --git a/bridges/primitives/chain-rococo/Cargo.toml b/bridges/primitives/chain-rococo/Cargo.toml new file mode 100644 index 00000000000..4e21bd38b7a --- /dev/null +++ b/bridges/primitives/chain-rococo/Cargo.toml @@ -0,0 +1,30 @@ +[package] +name = "bp-rococo" +description = "Primitives of Rococo runtime." +version = "0.1.0" +authors = ["Parity Technologies "] +edition = "2021" +license = "GPL-3.0-or-later WITH Classpath-exception-2.0" + +[dependencies] + +# Bridge Dependencies + +bp-header-chain = { path = "../header-chain", default-features = false } +bp-polkadot-core = { path = "../polkadot-core", default-features = false } +bp-runtime = { path = "../runtime", default-features = false } + +# Substrate Based Dependencies + +sp-api = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +frame-support = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } + +[features] +default = ["std"] +std = [ + "bp-header-chain/std", + "bp-polkadot-core/std", + "bp-runtime/std", + "frame-support/std", + "sp-api/std", +] diff --git a/bridges/primitives/chain-rococo/src/lib.rs b/bridges/primitives/chain-rococo/src/lib.rs new file mode 100644 index 00000000000..0cb0b1d41e6 --- /dev/null +++ b/bridges/primitives/chain-rococo/src/lib.rs @@ -0,0 +1,76 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +#![cfg_attr(not(feature = "std"), no_std)] +// RuntimeApi generated functions +#![allow(clippy::too_many_arguments)] + +pub use bp_polkadot_core::*; + +use bp_header_chain::ChainWithGrandpa; +use bp_runtime::{decl_bridge_finality_runtime_apis, Chain}; +use frame_support::{parameter_types, weights::Weight}; + +/// Rococo Chain +pub struct Rococo; + +impl Chain for Rococo { + type BlockNumber = ::BlockNumber; + type Hash = ::Hash; + type Hasher = ::Hasher; + type Header = ::Header; + + type AccountId = ::AccountId; + type Balance = ::Balance; + type Index = ::Index; + type Signature = ::Signature; + + fn max_extrinsic_size() -> u32 { + PolkadotLike::max_extrinsic_size() + } + + fn max_extrinsic_weight() -> Weight { + PolkadotLike::max_extrinsic_weight() + } +} + +impl ChainWithGrandpa for Rococo { + const WITH_CHAIN_GRANDPA_PALLET_NAME: &'static str = WITH_ROCOCO_GRANDPA_PALLET_NAME; + const MAX_AUTHORITIES_COUNT: u32 = MAX_AUTHORITIES_COUNT; + const REASONABLE_HEADERS_IN_JUSTIFICATON_ANCESTRY: u32 = + REASONABLE_HEADERS_IN_JUSTIFICATON_ANCESTRY; + const MAX_HEADER_SIZE: u32 = MAX_HEADER_SIZE; + const AVERAGE_HEADER_SIZE_IN_JUSTIFICATION: u32 = AVERAGE_HEADER_SIZE_IN_JUSTIFICATION; +} + +parameter_types! { + pub const SS58Prefix: u8 = 42; +} + +/// Name of the parachains pallet in the Rococo runtime. +pub const PARAS_PALLET_NAME: &str = "Paras"; + +/// Name of the With-Rococo GRANDPA pallet instance that is deployed at bridged chains. +pub const WITH_ROCOCO_GRANDPA_PALLET_NAME: &str = "BridgeRococoGrandpa"; + +/// Maximal size of encoded `bp_parachains::ParaStoredHeaderData` structure among all Rococo +/// parachains. +/// +/// It includes the block number and state root, so it shall be near 40 bytes, but let's have some +/// reserve. +pub const MAX_NESTED_PARACHAIN_HEAD_DATA_SIZE: u32 = 128; + +decl_bridge_finality_runtime_apis!(rococo); diff --git a/bridges/primitives/chain-wococo/Cargo.toml b/bridges/primitives/chain-wococo/Cargo.toml new file mode 100644 index 00000000000..25fd7b9fd94 --- /dev/null +++ b/bridges/primitives/chain-wococo/Cargo.toml @@ -0,0 +1,32 @@ +[package] +name = "bp-wococo" +description = "Primitives of Wococo runtime." +version = "0.1.0" +authors = ["Parity Technologies "] +edition = "2021" +license = "GPL-3.0-or-later WITH Classpath-exception-2.0" + +[dependencies] + +# Bridge Dependencies + +bp-header-chain = { path = "../header-chain", default-features = false } +bp-polkadot-core = { path = "../polkadot-core", default-features = false } +bp-runtime = { path = "../runtime", default-features = false } +bp-rococo = { path = "../chain-rococo", default-features = false } + +# Substrate Based Dependencies + +frame-support = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-api = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } + +[features] +default = ["std"] +std = [ + "bp-header-chain/std", + "bp-polkadot-core/std", + "bp-runtime/std", + "bp-rococo/std", + "frame-support/std", + "sp-api/std", +] diff --git a/bridges/primitives/chain-wococo/src/lib.rs b/bridges/primitives/chain-wococo/src/lib.rs new file mode 100644 index 00000000000..2df019496ab --- /dev/null +++ b/bridges/primitives/chain-wococo/src/lib.rs @@ -0,0 +1,65 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +#![cfg_attr(not(feature = "std"), no_std)] +// RuntimeApi generated functions +#![allow(clippy::too_many_arguments)] + +pub use bp_polkadot_core::*; +pub use bp_rococo::{ + SS58Prefix, MAX_AUTHORITIES_COUNT, MAX_NESTED_PARACHAIN_HEAD_DATA_SIZE, PARAS_PALLET_NAME, +}; + +use bp_header_chain::ChainWithGrandpa; +use bp_runtime::{decl_bridge_finality_runtime_apis, Chain}; +use frame_support::weights::Weight; + +/// Wococo Chain +pub struct Wococo; + +impl Chain for Wococo { + type BlockNumber = ::BlockNumber; + type Hash = ::Hash; + type Hasher = ::Hasher; + type Header = ::Header; + + type AccountId = ::AccountId; + type Balance = ::Balance; + type Index = ::Index; + type Signature = ::Signature; + + fn max_extrinsic_size() -> u32 { + PolkadotLike::max_extrinsic_size() + } + + fn max_extrinsic_weight() -> Weight { + PolkadotLike::max_extrinsic_weight() + } +} + +impl ChainWithGrandpa for Wococo { + const WITH_CHAIN_GRANDPA_PALLET_NAME: &'static str = WITH_WOCOCO_GRANDPA_PALLET_NAME; + const MAX_AUTHORITIES_COUNT: u32 = MAX_AUTHORITIES_COUNT; + const REASONABLE_HEADERS_IN_JUSTIFICATON_ANCESTRY: u32 = + REASONABLE_HEADERS_IN_JUSTIFICATON_ANCESTRY; + const MAX_HEADER_SIZE: u32 = MAX_HEADER_SIZE; + const AVERAGE_HEADER_SIZE_IN_JUSTIFICATION: u32 = AVERAGE_HEADER_SIZE_IN_JUSTIFICATION; +} + +/// Name of the With-Wococo GRANDPA pallet instance that is deployed at bridged chains. +pub const WITH_WOCOCO_GRANDPA_PALLET_NAME: &str = "BridgeWococoGrandpa"; + +decl_bridge_finality_runtime_apis!(wococo); diff --git a/bridges/primitives/header-chain/Cargo.toml b/bridges/primitives/header-chain/Cargo.toml new file mode 100644 index 00000000000..e0349ebc9b9 --- /dev/null +++ b/bridges/primitives/header-chain/Cargo.toml @@ -0,0 +1,45 @@ +[package] +name = "bp-header-chain" +description = "A common interface for describing what a bridge pallet should be able to do." +version = "0.1.0" +authors = ["Parity Technologies "] +edition = "2021" +license = "GPL-3.0-or-later WITH Classpath-exception-2.0" + +[dependencies] +codec = { package = "parity-scale-codec", version = "3.1.5", default-features = false } +finality-grandpa = { version = "0.16.2", default-features = false } +scale-info = { version = "2.6.0", default-features = false, features = ["derive"] } +serde = { version = "1.0", optional = true } + +# Bridge dependencies + +bp-runtime = { path = "../runtime", default-features = false } + +# Substrate Dependencies + +frame-support = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-core = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-consensus-grandpa = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-runtime = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-std = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } + +[dev-dependencies] +bp-test-utils = { path = "../test-utils" } +hex = "0.4" +hex-literal = "0.4" + +[features] +default = ["std"] +std = [ + "bp-runtime/std", + "codec/std", + "finality-grandpa/std", + "serde/std", + "frame-support/std", + "scale-info/std", + "sp-core/std", + "sp-consensus-grandpa/std", + "sp-runtime/std", + "sp-std/std", +] diff --git a/bridges/primitives/header-chain/src/justification.rs b/bridges/primitives/header-chain/src/justification.rs new file mode 100644 index 00000000000..06ed782763d --- /dev/null +++ b/bridges/primitives/header-chain/src/justification.rs @@ -0,0 +1,390 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Pallet for checking GRANDPA Finality Proofs. +//! +//! Adapted copy of substrate/client/finality-grandpa/src/justification.rs. If origin +//! will ever be moved to the sp_consensus_grandpa, we should reuse that implementation. + +use crate::ChainWithGrandpa; + +use bp_runtime::{BlockNumberOf, Chain, HashOf}; +use codec::{Decode, Encode, MaxEncodedLen}; +use finality_grandpa::voter_set::VoterSet; +use frame_support::RuntimeDebug; +use scale_info::TypeInfo; +use sp_consensus_grandpa::{AuthorityId, AuthoritySignature, SetId}; +use sp_runtime::{traits::Header as HeaderT, SaturatedConversion}; +use sp_std::{ + collections::{btree_map::BTreeMap, btree_set::BTreeSet}, + prelude::*, +}; + +/// A GRANDPA Justification is a proof that a given header was finalized +/// at a certain height and with a certain set of authorities. +/// +/// This particular proof is used to prove that headers on a bridged chain +/// (so not our chain) have been finalized correctly. +#[derive(Encode, Decode, RuntimeDebug, Clone, PartialEq, Eq, TypeInfo)] +pub struct GrandpaJustification { + /// The round (voting period) this justification is valid for. + pub round: u64, + /// The set of votes for the chain which is to be finalized. + pub commit: + finality_grandpa::Commit, + /// A proof that the chain of blocks in the commit are related to each other. + pub votes_ancestries: Vec
, +} + +impl GrandpaJustification { + /// Returns reasonable size of justification using constants from the provided chain. + /// + /// An imprecise analogue of `MaxEncodedLen` implementation. We don't use it for + /// any precise calculations - that's just an estimation. + pub fn max_reasonable_size(required_precommits: u32) -> u32 + where + C: Chain
+ ChainWithGrandpa, + { + // we don't need precise results here - just estimations, so some details + // are removed from computations (e.g. bytes required to encode vector length) + + // structures in `finality_grandpa` crate are not implementing `MaxEncodedLength`, so + // here's our estimation for the `finality_grandpa::Commit` struct size + // + // precommit is: hash + number + // signed precommit is: precommit + signature (64b) + authority id + // commit is: hash + number + vec of signed precommits + let signed_precommit_size: u32 = BlockNumberOf::::max_encoded_len() + .saturating_add(HashOf::::max_encoded_len().saturated_into()) + .saturating_add(64) + .saturating_add(AuthorityId::max_encoded_len().saturated_into()) + .saturated_into(); + let max_expected_signed_commit_size = signed_precommit_size + .saturating_mul(required_precommits) + .saturating_add(BlockNumberOf::::max_encoded_len().saturated_into()) + .saturating_add(HashOf::::max_encoded_len().saturated_into()); + + // justification is a signed GRANDPA commit, `votes_ancestries` vector and round number + let max_expected_votes_ancestries_size = C::REASONABLE_HEADERS_IN_JUSTIFICATON_ANCESTRY + .saturating_mul(C::AVERAGE_HEADER_SIZE_IN_JUSTIFICATION); + + 8u32.saturating_add(max_expected_signed_commit_size) + .saturating_add(max_expected_votes_ancestries_size) + } +} + +impl crate::FinalityProof for GrandpaJustification { + fn target_header_number(&self) -> H::Number { + self.commit.target_number + } +} + +/// Justification verification error. +#[derive(Eq, RuntimeDebug, PartialEq)] +pub enum Error { + /// Failed to decode justification. + JustificationDecode, + /// Justification is finalizing unexpected header. + InvalidJustificationTarget, + /// Justification contains redundant votes. + RedundantVotesInJustification, + /// Justification contains unknown authority precommit. + UnknownAuthorityVote, + /// Justification contains duplicate authority precommit. + DuplicateAuthorityVote, + /// The authority has provided an invalid signature. + InvalidAuthoritySignature, + /// The justification contains precommit for header that is not a descendant of the commit + /// header. + PrecommitIsNotCommitDescendant, + /// The cumulative weight of all votes in the justification is not enough to justify commit + /// header finalization. + TooLowCumulativeWeight, + /// The justification contains extra (unused) headers in its `votes_ancestries` field. + ExtraHeadersInVotesAncestries, +} + +/// Given GRANDPA authorities set size, return number of valid authorities votes that the +/// justification must have to be valid. +/// +/// This function assumes that all authorities have the same vote weight. +pub fn required_justification_precommits(authorities_set_length: u32) -> u32 { + authorities_set_length - authorities_set_length.saturating_sub(1) / 3 +} + +/// Decode justification target. +pub fn decode_justification_target( + raw_justification: &[u8], +) -> Result<(Header::Hash, Header::Number), Error> { + GrandpaJustification::
::decode(&mut &*raw_justification) + .map(|justification| (justification.commit.target_hash, justification.commit.target_number)) + .map_err(|_| Error::JustificationDecode) +} + +/// Verify and optimize given justification by removing unknown and duplicate votes. +pub fn verify_and_optimize_justification( + finalized_target: (Header::Hash, Header::Number), + authorities_set_id: SetId, + authorities_set: &VoterSet, + justification: GrandpaJustification
, +) -> Result, Error> +where + Header::Number: finality_grandpa::BlockNumberOps, +{ + let mut optimizer = OptimizationCallbacks(Vec::new()); + verify_justification_with_callbacks( + finalized_target, + authorities_set_id, + authorities_set, + &justification, + &mut optimizer, + )?; + Ok(optimizer.optimize(justification)) +} + +/// Verify that justification, that is generated by given authority set, finalizes given header. +pub fn verify_justification( + finalized_target: (Header::Hash, Header::Number), + authorities_set_id: SetId, + authorities_set: &VoterSet, + justification: &GrandpaJustification
, +) -> Result<(), Error> +where + Header::Number: finality_grandpa::BlockNumberOps, +{ + verify_justification_with_callbacks( + finalized_target, + authorities_set_id, + authorities_set, + justification, + &mut StrictVerificationCallbacks, + ) +} + +/// Verification callbacks. +trait VerificationCallbacks { + /// Called when we see a precommit from unknown authority. + fn on_unkown_authority(&mut self, precommit_idx: usize) -> Result<(), Error>; + /// Called when we see a precommit with duplicate vote from known authority. + fn on_duplicate_authority_vote(&mut self, precommit_idx: usize) -> Result<(), Error>; + /// Called when we see a precommit after we've collected enough votes from authorities. + fn on_redundant_authority_vote(&mut self, precommit_idx: usize) -> Result<(), Error>; +} + +/// Verification callbacks that reject all unknown, duplicate or redundant votes. +struct StrictVerificationCallbacks; + +impl VerificationCallbacks for StrictVerificationCallbacks { + fn on_unkown_authority(&mut self, _precommit_idx: usize) -> Result<(), Error> { + Err(Error::UnknownAuthorityVote) + } + + fn on_duplicate_authority_vote(&mut self, _precommit_idx: usize) -> Result<(), Error> { + Err(Error::DuplicateAuthorityVote) + } + + fn on_redundant_authority_vote(&mut self, _precommit_idx: usize) -> Result<(), Error> { + Err(Error::RedundantVotesInJustification) + } +} + +/// Verification callbacks for justification optimization. +struct OptimizationCallbacks(Vec); + +impl OptimizationCallbacks { + fn optimize( + self, + mut justification: GrandpaJustification
, + ) -> GrandpaJustification
{ + for invalid_precommit_idx in self.0.into_iter().rev() { + justification.commit.precommits.remove(invalid_precommit_idx); + } + justification + } +} + +impl VerificationCallbacks for OptimizationCallbacks { + fn on_unkown_authority(&mut self, precommit_idx: usize) -> Result<(), Error> { + self.0.push(precommit_idx); + Ok(()) + } + + fn on_duplicate_authority_vote(&mut self, precommit_idx: usize) -> Result<(), Error> { + self.0.push(precommit_idx); + Ok(()) + } + + fn on_redundant_authority_vote(&mut self, precommit_idx: usize) -> Result<(), Error> { + self.0.push(precommit_idx); + Ok(()) + } +} + +/// Verify that justification, that is generated by given authority set, finalizes given header. +fn verify_justification_with_callbacks( + finalized_target: (Header::Hash, Header::Number), + authorities_set_id: SetId, + authorities_set: &VoterSet, + justification: &GrandpaJustification
, + callbacks: &mut C, +) -> Result<(), Error> +where + Header::Number: finality_grandpa::BlockNumberOps, +{ + // ensure that it is justification for the expected header + if (justification.commit.target_hash, justification.commit.target_number) != finalized_target { + return Err(Error::InvalidJustificationTarget) + } + + let threshold = authorities_set.threshold().0.into(); + let mut chain = AncestryChain::new(&justification.votes_ancestries); + let mut signature_buffer = Vec::new(); + let mut votes = BTreeSet::new(); + let mut cumulative_weight = 0u64; + + for (precommit_idx, signed) in justification.commit.precommits.iter().enumerate() { + // if we have collected enough precommits, we probabably want to fail/remove extra + // precommits + if cumulative_weight >= threshold { + callbacks.on_redundant_authority_vote(precommit_idx)?; + continue + } + + // authority must be in the set + let authority_info = match authorities_set.get(&signed.id) { + Some(authority_info) => authority_info, + None => { + callbacks.on_unkown_authority(precommit_idx)?; + continue + }, + }; + + // check if authority has already voted in the same round. + // + // there's a lot of code in `validate_commit` and `import_precommit` functions inside + // `finality-grandpa` crate (mostly related to reporting equivocations). But the only thing + // that we care about is that only first vote from the authority is accepted + if !votes.insert(signed.id.clone()) { + callbacks.on_duplicate_authority_vote(precommit_idx)?; + continue + } + + // everything below this line can't just `continue`, because state is already altered + + // precommits aren't allowed for block lower than the target + if signed.precommit.target_number < justification.commit.target_number { + return Err(Error::PrecommitIsNotCommitDescendant) + } + // all precommits must be descendants of target block + chain = chain + .ensure_descendant(&justification.commit.target_hash, &signed.precommit.target_hash)?; + // since we know now that the precommit target is the descendant of the justification + // target, we may increase 'weight' of the justification target + // + // there's a lot of code in the `VoteGraph::insert` method inside `finality-grandpa` crate, + // but in the end it is only used to find GHOST, which we don't care about. The only thing + // that we care about is that the justification target has enough weight + cumulative_weight = cumulative_weight.checked_add(authority_info.weight().0.into()).expect( + "sum of weights of ALL authorities is expected not to overflow - this is guaranteed by\ + existence of VoterSet;\ + the order of loop conditions guarantees that we can account vote from same authority\ + multiple times;\ + thus we'll never overflow the u64::MAX;\ + qed", + ); + + // verify authority signature + if !sp_consensus_grandpa::check_message_signature_with_buffer( + &finality_grandpa::Message::Precommit(signed.precommit.clone()), + &signed.id, + &signed.signature, + justification.round, + authorities_set_id, + &mut signature_buffer, + ) { + return Err(Error::InvalidAuthoritySignature) + } + } + + // check that there are no extra headers in the justification + if !chain.unvisited.is_empty() { + return Err(Error::ExtraHeadersInVotesAncestries) + } + + // check that the cumulative weight of validators voted for the justification target (or one + // of its descendents) is larger than required threshold. + if cumulative_weight >= threshold { + Ok(()) + } else { + Err(Error::TooLowCumulativeWeight) + } +} + +/// Votes ancestries with useful methods. +#[derive(RuntimeDebug)] +pub struct AncestryChain { + /// Header hash => parent header hash mapping. + pub parents: BTreeMap, + /// Hashes of headers that were not visited by `is_ancestor` method. + pub unvisited: BTreeSet, +} + +impl AncestryChain
{ + /// Create new ancestry chain. + pub fn new(ancestry: &[Header]) -> AncestryChain
{ + let mut parents = BTreeMap::new(); + let mut unvisited = BTreeSet::new(); + for ancestor in ancestry { + let hash = ancestor.hash(); + let parent_hash = *ancestor.parent_hash(); + parents.insert(hash, parent_hash); + unvisited.insert(hash); + } + AncestryChain { parents, unvisited } + } + + /// Returns `Ok(_)` if `precommit_target` is a descendant of the `commit_target` block and + /// `Err(_)` otherwise. + pub fn ensure_descendant( + mut self, + commit_target: &Header::Hash, + precommit_target: &Header::Hash, + ) -> Result { + let mut current_hash = *precommit_target; + loop { + if current_hash == *commit_target { + break + } + + let is_visited_before = !self.unvisited.remove(¤t_hash); + current_hash = match self.parents.get(¤t_hash) { + Some(parent_hash) => { + if is_visited_before { + // `Some(parent_hash)` means that the `current_hash` is in the `parents` + // container `is_visited_before` means that it has been visited before in + // some of previous calls => since we assume that previous call has finished + // with `true`, this also will be finished with `true` + return Ok(self) + } + + *parent_hash + }, + None => return Err(Error::PrecommitIsNotCommitDescendant), + }; + } + Ok(self) + } +} diff --git a/bridges/primitives/header-chain/src/lib.rs b/bridges/primitives/header-chain/src/lib.rs new file mode 100644 index 00000000000..5e2bbad242e --- /dev/null +++ b/bridges/primitives/header-chain/src/lib.rs @@ -0,0 +1,227 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Defines traits which represent a common interface for Substrate pallets which want to +//! incorporate bridge functionality. + +#![cfg_attr(not(feature = "std"), no_std)] + +use bp_runtime::{ + BasicOperatingMode, Chain, HashOf, HasherOf, HeaderOf, RawStorageProof, StorageProofChecker, + StorageProofError, +}; +use codec::{Codec, Decode, Encode, EncodeLike, MaxEncodedLen}; +use core::{clone::Clone, cmp::Eq, default::Default, fmt::Debug}; +use frame_support::PalletError; +use scale_info::TypeInfo; +#[cfg(feature = "std")] +use serde::{Deserialize, Serialize}; +use sp_consensus_grandpa::{AuthorityList, ConsensusLog, SetId, GRANDPA_ENGINE_ID}; +use sp_runtime::{traits::Header as HeaderT, Digest, RuntimeDebug}; +use sp_std::boxed::Box; + +pub mod justification; +pub mod storage_keys; + +/// Header chain error. +#[derive(Clone, Decode, Encode, Eq, PartialEq, PalletError, Debug, TypeInfo)] +pub enum HeaderChainError { + /// Header with given hash is missing from the chain. + UnknownHeader, + /// Storage proof related error. + StorageProof(StorageProofError), +} + +/// Header data that we're storing on-chain. +/// +/// Even though we may store full header, our applications (XCM) only use couple of header +/// fields. Extracting those values makes on-chain storage and PoV smaller, which is good. +#[derive(Clone, Decode, Encode, Eq, MaxEncodedLen, PartialEq, RuntimeDebug, TypeInfo)] +pub struct StoredHeaderData { + /// Header number. + pub number: Number, + /// Header state root. + pub state_root: Hash, +} + +/// Stored header data builder. +pub trait StoredHeaderDataBuilder { + /// Build header data from self. + fn build(&self) -> StoredHeaderData; +} + +impl StoredHeaderDataBuilder for H { + fn build(&self) -> StoredHeaderData { + StoredHeaderData { number: *self.number(), state_root: *self.state_root() } + } +} + +/// Substrate header chain, abstracted from the way it is stored. +pub trait HeaderChain { + /// Returns state (storage) root of given finalized header. + fn finalized_header_state_root(header_hash: HashOf) -> Option>; + /// Parse storage proof using finalized header. + fn parse_finalized_storage_proof( + header_hash: HashOf, + storage_proof: RawStorageProof, + parse: impl FnOnce(StorageProofChecker>) -> R, + ) -> Result { + let state_root = Self::finalized_header_state_root(header_hash) + .ok_or(HeaderChainError::UnknownHeader)?; + let storage_proof_checker = bp_runtime::StorageProofChecker::new(state_root, storage_proof) + .map_err(HeaderChainError::StorageProof)?; + + Ok(parse(storage_proof_checker)) + } +} + +/// A type that can be used as a parameter in a dispatchable function. +/// +/// When using `decl_module` all arguments for call functions must implement this trait. +pub trait Parameter: Codec + EncodeLike + Clone + Eq + Debug + TypeInfo {} +impl Parameter for T where T: Codec + EncodeLike + Clone + Eq + Debug + TypeInfo {} + +/// A GRANDPA Authority List and ID. +#[derive(Default, Encode, Eq, Decode, RuntimeDebug, PartialEq, Clone, TypeInfo)] +#[cfg_attr(feature = "std", derive(Serialize, Deserialize))] +pub struct AuthoritySet { + /// List of GRANDPA authorities for the current round. + pub authorities: AuthorityList, + /// Monotonic identifier of the current GRANDPA authority set. + pub set_id: SetId, +} + +impl AuthoritySet { + /// Create a new GRANDPA Authority Set. + pub fn new(authorities: AuthorityList, set_id: SetId) -> Self { + Self { authorities, set_id } + } +} + +/// Data required for initializing the GRANDPA bridge pallet. +/// +/// The bridge needs to know where to start its sync from, and this provides that initial context. +#[derive(Default, Encode, Decode, RuntimeDebug, PartialEq, Eq, Clone, TypeInfo)] +#[cfg_attr(feature = "std", derive(Serialize, Deserialize))] +pub struct InitializationData { + /// The header from which we should start syncing. + pub header: Box, + /// The initial authorities of the pallet. + pub authority_list: AuthorityList, + /// The ID of the initial authority set. + pub set_id: SetId, + /// Pallet operating mode. + pub operating_mode: BasicOperatingMode, +} + +/// Abstract finality proof that is justifying block finality. +pub trait FinalityProof: Clone + Send + Sync + Debug { + /// Return number of header that this proof is generated for. + fn target_header_number(&self) -> Number; +} + +/// A trait that provides helper methods for querying the consensus log. +pub trait ConsensusLogReader { + /// Returns true if digest contains item that schedules authorities set change. + fn schedules_authorities_change(digest: &Digest) -> bool; +} + +/// A struct that provides helper methods for querying the GRANDPA consensus log. +pub struct GrandpaConsensusLogReader(sp_std::marker::PhantomData); + +impl GrandpaConsensusLogReader { + pub fn find_authorities_change( + digest: &Digest, + ) -> Option> { + // find the first consensus digest with the right ID which converts to + // the right kind of consensus log. + digest + .convert_first(|log| log.consensus_try_to(&GRANDPA_ENGINE_ID)) + .and_then(|log| match log { + ConsensusLog::ScheduledChange(change) => Some(change), + _ => None, + }) + } +} + +impl ConsensusLogReader for GrandpaConsensusLogReader { + fn schedules_authorities_change(digest: &Digest) -> bool { + GrandpaConsensusLogReader::::find_authorities_change(digest).is_some() + } +} + +/// A minimized version of `pallet-bridge-grandpa::Call` that can be used without a runtime. +#[derive(Encode, Decode, Debug, PartialEq, Eq, Clone, TypeInfo)] +#[allow(non_camel_case_types)] +pub enum BridgeGrandpaCall { + /// `pallet-bridge-grandpa::Call::submit_finality_proof` + #[codec(index = 0)] + submit_finality_proof { + finality_target: Box
, + justification: justification::GrandpaJustification
, + }, + /// `pallet-bridge-grandpa::Call::initialize` + #[codec(index = 1)] + initialize { init_data: InitializationData
}, +} + +/// The `BridgeGrandpaCall` used by a chain. +pub type BridgeGrandpaCallOf = BridgeGrandpaCall>; + +/// Substrate-based chain that is using direct GRANDPA finality. +/// +/// Keep in mind that parachains are relying on relay chain GRANDPA, so they should not implement +/// this trait. +pub trait ChainWithGrandpa: Chain { + /// Name of the bridge GRANDPA pallet (used in `construct_runtime` macro call) that is deployed + /// at some other chain to bridge with this `ChainWithGrandpa`. + /// + /// We assume that all chains that are bridging with this `ChainWithGrandpa` are using + /// the same name. + const WITH_CHAIN_GRANDPA_PALLET_NAME: &'static str; + + /// Max number of GRANDPA authorities at the chain. + /// + /// This is a strict constant. If bridged chain will have more authorities than that, + /// the GRANDPA bridge pallet may halt. + const MAX_AUTHORITIES_COUNT: u32; + + /// Max reasonable number of headers in `votes_ancestries` vector of the GRANDPA justification. + /// + /// This isn't a strict limit. The relay may submit justifications with more headers in its + /// ancestry and the pallet will accept such justification. The limit is only used to compute + /// maximal refund amount and submitting justifications which exceed the limit, may be costly + /// to submitter. + const REASONABLE_HEADERS_IN_JUSTIFICATON_ANCESTRY: u32; + + /// Maximal size of the chain header. The header may be the header that enacts new GRANDPA + /// authorities set (so it has large digest inside). + /// + /// This isn't a strict limit. The relay may submit larger headers and the pallet will accept + /// the call. The limit is only used to compute maximal refund amount and doing calls which + /// exceed the limit, may be costly to submitter. + const MAX_HEADER_SIZE: u32; + + /// Average size of the chain header from justification ancestry. We don't expect to see there + /// headers that change GRANDPA authorities set (GRANDPA will probably be able to finalize at + /// least one additional header per session on non test chains), so this is average size of + /// headers that aren't changing the set. + /// + /// This isn't a strict limit. The relay may submit justifications with larger headers in its + /// ancestry and the pallet will accept the call. The limit is only used to compute maximal + /// refund amount and doing calls which exceed the limit, may be costly to submitter. + const AVERAGE_HEADER_SIZE_IN_JUSTIFICATION: u32; +} diff --git a/bridges/primitives/header-chain/src/storage_keys.rs b/bridges/primitives/header-chain/src/storage_keys.rs new file mode 100644 index 00000000000..c4dbe53bd9a --- /dev/null +++ b/bridges/primitives/header-chain/src/storage_keys.rs @@ -0,0 +1,104 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Storage keys of bridge GRANDPA pallet. + +/// Name of the `IsHalted` storage value. +pub const PALLET_OPERATING_MODE_VALUE_NAME: &str = "PalletOperatingMode"; +/// Name of the `BestFinalized` storage value. +pub const BEST_FINALIZED_VALUE_NAME: &str = "BestFinalized"; +/// Name of the `CurrentAuthoritySet` storage value. +pub const CURRENT_AUTHORITY_SET_VALUE_NAME: &str = "CurrentAuthoritySet"; + +use sp_core::storage::StorageKey; + +/// Storage key of the `PalletOperatingMode` variable in the runtime storage. +pub fn pallet_operating_mode_key(pallet_prefix: &str) -> StorageKey { + StorageKey( + bp_runtime::storage_value_final_key( + pallet_prefix.as_bytes(), + PALLET_OPERATING_MODE_VALUE_NAME.as_bytes(), + ) + .to_vec(), + ) +} + +/// Storage key of the `CurrentAuthoritySet` variable in the runtime storage. +pub fn current_authority_set_key(pallet_prefix: &str) -> StorageKey { + StorageKey( + bp_runtime::storage_value_final_key( + pallet_prefix.as_bytes(), + CURRENT_AUTHORITY_SET_VALUE_NAME.as_bytes(), + ) + .to_vec(), + ) +} + +/// Storage key of the best finalized header number and hash value in the runtime storage. +pub fn best_finalized_key(pallet_prefix: &str) -> StorageKey { + StorageKey( + bp_runtime::storage_value_final_key( + pallet_prefix.as_bytes(), + BEST_FINALIZED_VALUE_NAME.as_bytes(), + ) + .to_vec(), + ) +} + +#[cfg(test)] +mod tests { + use super::*; + use hex_literal::hex; + + #[test] + fn pallet_operating_mode_key_computed_properly() { + // If this test fails, then something has been changed in module storage that is breaking + // compatibility with previous pallet. + let storage_key = pallet_operating_mode_key("BridgeGrandpa").0; + assert_eq!( + storage_key, + hex!("0b06f475eddb98cf933a12262e0388de0f4cf0917788d791142ff6c1f216e7b3").to_vec(), + "Unexpected storage key: {}", + hex::encode(&storage_key), + ); + } + + #[test] + fn current_authority_set_key_computed_properly() { + // If this test fails, then something has been changed in module storage that is breaking + // compatibility with previous pallet. + let storage_key = current_authority_set_key("BridgeGrandpa").0; + assert_eq!( + storage_key, + hex!("0b06f475eddb98cf933a12262e0388de24a7b8b5717ea33346fa595a66ccbcb0").to_vec(), + "Unexpected storage key: {}", + hex::encode(&storage_key), + ); + } + + #[test] + fn best_finalized_key_computed_properly() { + // If this test fails, then something has been changed in module storage that is breaking + // compatibility with previous pallet. + let storage_key = best_finalized_key("BridgeGrandpa").0; + assert_eq!( + storage_key, + hex!("0b06f475eddb98cf933a12262e0388dea4ebafdd473c549fdb24c5c991c5591c").to_vec(), + "Unexpected storage key: {}", + hex::encode(&storage_key), + ); + } +} diff --git a/bridges/primitives/header-chain/tests/implementation_match.rs b/bridges/primitives/header-chain/tests/implementation_match.rs new file mode 100644 index 00000000000..c70683b173d --- /dev/null +++ b/bridges/primitives/header-chain/tests/implementation_match.rs @@ -0,0 +1,418 @@ +// Copyright 2020-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Tests inside this module are made to ensure that our custom justification verification +//! implementation works similar to the [`finality_grandpa::validate_commit`] and explicitly +//! show where we behave different. +//! +//! Some of tests in this module may partially duplicate tests from `justification.rs`, +//! but their purpose is different. + +use bp_header_chain::justification::{verify_justification, Error, GrandpaJustification}; +use bp_test_utils::{ + header_id, make_justification_for_header, signed_precommit, test_header, Account, + JustificationGeneratorParams, ALICE, BOB, CHARLIE, DAVE, EVE, FERDIE, TEST_GRANDPA_SET_ID, +}; +use finality_grandpa::voter_set::VoterSet; +use sp_consensus_grandpa::{AuthorityId, AuthorityWeight}; +use sp_runtime::traits::Header as HeaderT; + +type TestHeader = sp_runtime::testing::Header; +type TestHash = ::Hash; +type TestNumber = ::Number; + +/// Implementation of `finality_grandpa::Chain` that is used in tests. +struct AncestryChain(bp_header_chain::justification::AncestryChain); + +impl AncestryChain { + fn new(ancestry: &[TestHeader]) -> Self { + Self(bp_header_chain::justification::AncestryChain::new(ancestry)) + } +} + +impl finality_grandpa::Chain for AncestryChain { + fn ancestry( + &self, + base: TestHash, + block: TestHash, + ) -> Result, finality_grandpa::Error> { + let mut route = Vec::new(); + let mut current_hash = block; + loop { + if current_hash == base { + break + } + match self.0.parents.get(¤t_hash).cloned() { + Some(parent_hash) => { + current_hash = parent_hash; + route.push(current_hash); + }, + _ => return Err(finality_grandpa::Error::NotDescendent), + } + } + route.pop(); // remove the base + + Ok(route) + } +} + +/// Get a full set of accounts. +fn full_accounts_set() -> Vec<(Account, AuthorityWeight)> { + vec![(ALICE, 1), (BOB, 1), (CHARLIE, 1), (DAVE, 1), (EVE, 1)] +} + +/// Get a full set of GRANDPA authorities. +fn full_voter_set() -> VoterSet { + VoterSet::new(full_accounts_set().iter().map(|(id, w)| (AuthorityId::from(*id), *w))).unwrap() +} + +/// Get a minimal set of accounts. +fn minimal_accounts_set() -> Vec<(Account, AuthorityWeight)> { + // there are 5 accounts in the full set => we need 2/3 + 1 accounts, which results in 4 accounts + vec![(ALICE, 1), (BOB, 1), (CHARLIE, 1), (DAVE, 1)] +} + +/// Get a minimal subset of GRANDPA authorities that have enough cumulative vote weight to justify a +/// header finality. +pub fn minimal_voter_set() -> VoterSet { + VoterSet::new(minimal_accounts_set().iter().map(|(id, w)| (AuthorityId::from(*id), *w))) + .unwrap() +} + +/// Make a valid GRANDPA justification with sensible defaults. +pub fn make_default_justification(header: &TestHeader) -> GrandpaJustification { + make_justification_for_header(JustificationGeneratorParams { + header: header.clone(), + authorities: minimal_accounts_set(), + ..Default::default() + }) +} + +// the `finality_grandpa::validate_commit` function has two ways to report an unsuccessful +// commit validation: +// +// 1) to return `Err()` (which only may happen if `finality_grandpa::Chain` implementation +// returns an error); +// 2) to return `Ok(validation_result)` if `validation_result.is_valid()` is false. +// +// Our implementation would just return error in both cases. + +#[test] +fn same_result_when_precommit_target_has_lower_number_than_commit_target() { + let mut justification = make_default_justification(&test_header(1)); + // the number of header in precommit (0) is lower than number of header in commit (1) + justification.commit.precommits[0].precommit.target_number = 0; + + // our implementation returns an error + assert_eq!( + verify_justification::( + header_id::(1), + TEST_GRANDPA_SET_ID, + &full_voter_set(), + &justification, + ), + Err(Error::PrecommitIsNotCommitDescendant), + ); + + // original implementation returns `Ok(validation_result)` + // with `validation_result.is_valid() == false`. + let result = finality_grandpa::validate_commit( + &justification.commit, + &full_voter_set(), + &AncestryChain::new(&justification.votes_ancestries), + ) + .unwrap(); + + assert!(!result.is_valid()); +} + +#[test] +fn same_result_when_precommit_target_is_not_descendant_of_commit_target() { + let not_descendant = test_header::(10); + let mut justification = make_default_justification(&test_header(1)); + // the route from header of commit (1) to header of precommit (10) is missing from + // the votes ancestries + justification.commit.precommits[0].precommit.target_number = *not_descendant.number(); + justification.commit.precommits[0].precommit.target_hash = not_descendant.hash(); + justification.votes_ancestries.push(not_descendant); + + // our implementation returns an error + assert_eq!( + verify_justification::( + header_id::(1), + TEST_GRANDPA_SET_ID, + &full_voter_set(), + &justification, + ), + Err(Error::PrecommitIsNotCommitDescendant), + ); + + // original implementation returns `Ok(validation_result)` + // with `validation_result.is_valid() == false`. + let result = finality_grandpa::validate_commit( + &justification.commit, + &full_voter_set(), + &AncestryChain::new(&justification.votes_ancestries), + ) + .unwrap(); + + assert!(!result.is_valid()); +} + +#[test] +fn same_result_when_there_are_not_enough_cumulative_weight_to_finalize_commit_target() { + // just remove one authority from the minimal set and we shall not reach the threshold + let mut authorities_set = minimal_accounts_set(); + authorities_set.pop(); + let justification = make_justification_for_header(JustificationGeneratorParams { + header: test_header(1), + authorities: authorities_set, + ..Default::default() + }); + + // our implementation returns an error + assert_eq!( + verify_justification::( + header_id::(1), + TEST_GRANDPA_SET_ID, + &full_voter_set(), + &justification, + ), + Err(Error::TooLowCumulativeWeight), + ); + // original implementation returns `Ok(validation_result)` + // with `validation_result.is_valid() == false`. + let result = finality_grandpa::validate_commit( + &justification.commit, + &full_voter_set(), + &AncestryChain::new(&justification.votes_ancestries), + ) + .unwrap(); + + assert!(!result.is_valid()); +} + +// tests below are our differences with the original implementation + +#[test] +fn different_result_when_justification_contains_duplicate_vote() { + let mut justification = make_justification_for_header(JustificationGeneratorParams { + header: test_header(1), + authorities: minimal_accounts_set(), + ancestors: 0, + ..Default::default() + }); + // the justification may contain exactly the same vote (i.e. same precommit and same signature) + // multiple times && it isn't treated as an error by original implementation + let last_precommit = justification.commit.precommits.pop().unwrap(); + justification.commit.precommits.push(justification.commit.precommits[0].clone()); + justification.commit.precommits.push(last_precommit); + + // our implementation fails + assert_eq!( + verify_justification::( + header_id::(1), + TEST_GRANDPA_SET_ID, + &full_voter_set(), + &justification, + ), + Err(Error::DuplicateAuthorityVote), + ); + // original implementation returns `Ok(validation_result)` + // with `validation_result.is_valid() == true`. + let result = finality_grandpa::validate_commit( + &justification.commit, + &full_voter_set(), + &AncestryChain::new(&justification.votes_ancestries), + ) + .unwrap(); + + assert!(result.is_valid()); +} + +#[test] +fn different_results_when_authority_equivocates_once_in_a_round() { + let mut justification = make_justification_for_header(JustificationGeneratorParams { + header: test_header(1), + authorities: minimal_accounts_set(), + ancestors: 0, + ..Default::default() + }); + // the justification original implementation allows authority to submit two different + // votes in a single round, of which only first is 'accepted' + let last_precommit = justification.commit.precommits.pop().unwrap(); + justification.commit.precommits.push(signed_precommit::( + &ALICE, + header_id::(1), + justification.round, + TEST_GRANDPA_SET_ID, + )); + justification.commit.precommits.push(last_precommit); + + // our implementation fails + assert_eq!( + verify_justification::( + header_id::(1), + TEST_GRANDPA_SET_ID, + &full_voter_set(), + &justification, + ), + Err(Error::DuplicateAuthorityVote), + ); + // original implementation returns `Ok(validation_result)` + // with `validation_result.is_valid() == true`. + let result = finality_grandpa::validate_commit( + &justification.commit, + &full_voter_set(), + &AncestryChain::new(&justification.votes_ancestries), + ) + .unwrap(); + + assert!(result.is_valid()); +} + +#[test] +fn different_results_when_authority_equivocates_twice_in_a_round() { + let mut justification = make_justification_for_header(JustificationGeneratorParams { + header: test_header(1), + authorities: minimal_accounts_set(), + ancestors: 0, + ..Default::default() + }); + // there's some code in the original implementation that should return an error when + // same authority submits more than two different votes in a single round: + // https://github.com/paritytech/finality-grandpa/blob/6aeea2d1159d0f418f0b86e70739f2130629ca09/src/lib.rs#L473 + // but there's also a code that prevents this from happening: + // https://github.com/paritytech/finality-grandpa/blob/6aeea2d1159d0f418f0b86e70739f2130629ca09/src/round.rs#L287 + // => so now we are also just ignoring all votes from the same authority, except the first one + let last_precommit = justification.commit.precommits.pop().unwrap(); + let prev_last_precommit = justification.commit.precommits.pop().unwrap(); + justification.commit.precommits.push(signed_precommit::( + &ALICE, + header_id::(1), + justification.round, + TEST_GRANDPA_SET_ID, + )); + justification.commit.precommits.push(signed_precommit::( + &ALICE, + header_id::(1), + justification.round, + TEST_GRANDPA_SET_ID, + )); + justification.commit.precommits.push(last_precommit); + justification.commit.precommits.push(prev_last_precommit); + + // our implementation fails + assert_eq!( + verify_justification::( + header_id::(1), + TEST_GRANDPA_SET_ID, + &full_voter_set(), + &justification, + ), + Err(Error::DuplicateAuthorityVote), + ); + // original implementation returns `Ok(validation_result)` + // with `validation_result.is_valid() == true`. + let result = finality_grandpa::validate_commit( + &justification.commit, + &full_voter_set(), + &AncestryChain::new(&justification.votes_ancestries), + ) + .unwrap(); + + assert!(result.is_valid()); +} + +#[test] +fn different_results_when_there_are_more_than_enough_votes() { + let mut justification = make_justification_for_header(JustificationGeneratorParams { + header: test_header(1), + authorities: minimal_accounts_set(), + ancestors: 0, + ..Default::default() + }); + // the reference implementation just keep verifying signatures even if we have + // collected enough votes. We are not + justification.commit.precommits.push(signed_precommit::( + &EVE, + header_id::(1), + justification.round, + TEST_GRANDPA_SET_ID, + )); + + // our implementation fails + assert_eq!( + verify_justification::( + header_id::(1), + TEST_GRANDPA_SET_ID, + &full_voter_set(), + &justification, + ), + Err(Error::RedundantVotesInJustification), + ); + // original implementation returns `Ok(validation_result)` + // with `validation_result.is_valid() == true`. + let result = finality_grandpa::validate_commit( + &justification.commit, + &full_voter_set(), + &AncestryChain::new(&justification.votes_ancestries), + ) + .unwrap(); + + assert!(result.is_valid()); +} + +#[test] +fn different_results_when_there_is_a_vote_of_unknown_authority() { + let mut justification = make_justification_for_header(JustificationGeneratorParams { + header: test_header(1), + authorities: minimal_accounts_set(), + ancestors: 0, + ..Default::default() + }); + // the reference implementation just keep verifying signatures even if we have + // collected enough votes. We are not + let last_precommit = justification.commit.precommits.pop().unwrap(); + justification.commit.precommits.push(signed_precommit::( + &FERDIE, + header_id::(1), + justification.round, + TEST_GRANDPA_SET_ID, + )); + justification.commit.precommits.push(last_precommit); + + // our implementation fails + assert_eq!( + verify_justification::( + header_id::(1), + TEST_GRANDPA_SET_ID, + &full_voter_set(), + &justification, + ), + Err(Error::UnknownAuthorityVote), + ); + // original implementation returns `Ok(validation_result)` + // with `validation_result.is_valid() == true`. + let result = finality_grandpa::validate_commit( + &justification.commit, + &full_voter_set(), + &AncestryChain::new(&justification.votes_ancestries), + ) + .unwrap(); + + assert!(result.is_valid()); +} diff --git a/bridges/primitives/header-chain/tests/justification.rs b/bridges/primitives/header-chain/tests/justification.rs new file mode 100644 index 00000000000..3cd63b935d0 --- /dev/null +++ b/bridges/primitives/header-chain/tests/justification.rs @@ -0,0 +1,280 @@ +// Copyright 2020-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Tests for Grandpa Justification code. + +use bp_header_chain::justification::{ + required_justification_precommits, verify_and_optimize_justification, verify_justification, + Error, +}; +use bp_test_utils::*; + +type TestHeader = sp_runtime::testing::Header; + +#[test] +fn valid_justification_accepted() { + let authorities = vec![(ALICE, 1), (BOB, 1), (CHARLIE, 1)]; + let params = JustificationGeneratorParams { + header: test_header(1), + round: TEST_GRANDPA_ROUND, + set_id: TEST_GRANDPA_SET_ID, + authorities: authorities.clone(), + ancestors: 7, + forks: 3, + }; + + let justification = make_justification_for_header::(params.clone()); + assert_eq!( + verify_justification::( + header_id::(1), + TEST_GRANDPA_SET_ID, + &voter_set(), + &justification, + ), + Ok(()), + ); + + assert_eq!(justification.commit.precommits.len(), authorities.len()); + assert_eq!(justification.votes_ancestries.len(), params.ancestors as usize); +} + +#[test] +fn valid_justification_accepted_with_single_fork() { + let params = JustificationGeneratorParams { + header: test_header(1), + round: TEST_GRANDPA_ROUND, + set_id: TEST_GRANDPA_SET_ID, + authorities: vec![(ALICE, 1), (BOB, 1), (CHARLIE, 1)], + ancestors: 5, + forks: 1, + }; + + assert_eq!( + verify_justification::( + header_id::(1), + TEST_GRANDPA_SET_ID, + &voter_set(), + &make_justification_for_header::(params) + ), + Ok(()), + ); +} + +#[test] +fn valid_justification_accepted_with_arbitrary_number_of_authorities() { + use finality_grandpa::voter_set::VoterSet; + use sp_consensus_grandpa::AuthorityId; + + let n = 15; + let required_signatures = required_justification_precommits(n as _); + let authorities = accounts(n).iter().map(|k| (*k, 1)).collect::>(); + + let params = JustificationGeneratorParams { + header: test_header(1), + round: TEST_GRANDPA_ROUND, + set_id: TEST_GRANDPA_SET_ID, + authorities: authorities.clone().into_iter().take(required_signatures as _).collect(), + ancestors: n.into(), + forks: required_signatures, + }; + + let authorities = authorities + .iter() + .map(|(id, w)| (AuthorityId::from(*id), *w)) + .collect::>(); + let voter_set = VoterSet::new(authorities).unwrap(); + + assert_eq!( + verify_justification::( + header_id::(1), + TEST_GRANDPA_SET_ID, + &voter_set, + &make_justification_for_header::(params) + ), + Ok(()), + ); +} + +#[test] +fn justification_with_invalid_target_rejected() { + assert_eq!( + verify_justification::( + header_id::(2), + TEST_GRANDPA_SET_ID, + &voter_set(), + &make_default_justification::(&test_header(1)), + ), + Err(Error::InvalidJustificationTarget), + ); +} + +#[test] +fn justification_with_invalid_commit_rejected() { + let mut justification = make_default_justification::(&test_header(1)); + justification.commit.precommits.clear(); + + assert_eq!( + verify_justification::( + header_id::(1), + TEST_GRANDPA_SET_ID, + &voter_set(), + &justification, + ), + Err(Error::ExtraHeadersInVotesAncestries), + ); +} + +#[test] +fn justification_with_invalid_authority_signature_rejected() { + let mut justification = make_default_justification::(&test_header(1)); + justification.commit.precommits[0].signature = + sp_core::crypto::UncheckedFrom::unchecked_from([1u8; 64]); + + assert_eq!( + verify_justification::( + header_id::(1), + TEST_GRANDPA_SET_ID, + &voter_set(), + &justification, + ), + Err(Error::InvalidAuthoritySignature), + ); +} + +#[test] +fn justification_with_invalid_precommit_ancestry() { + let mut justification = make_default_justification::(&test_header(1)); + justification.votes_ancestries.push(test_header(10)); + + assert_eq!( + verify_justification::( + header_id::(1), + TEST_GRANDPA_SET_ID, + &voter_set(), + &justification, + ), + Err(Error::ExtraHeadersInVotesAncestries), + ); +} + +#[test] +fn justification_is_invalid_if_we_dont_meet_threshold() { + // Need at least three authorities to sign off or else the voter set threshold can't be reached + let authorities = vec![(ALICE, 1), (BOB, 1)]; + + let params = JustificationGeneratorParams { + header: test_header(1), + round: TEST_GRANDPA_ROUND, + set_id: TEST_GRANDPA_SET_ID, + authorities: authorities.clone(), + ancestors: 2 * authorities.len() as u32, + forks: 2, + }; + + assert_eq!( + verify_justification::( + header_id::(1), + TEST_GRANDPA_SET_ID, + &voter_set(), + &make_justification_for_header::(params) + ), + Err(Error::TooLowCumulativeWeight), + ); +} + +#[test] +fn optimizer_does_noting_with_minimal_justification() { + let justification = make_default_justification::(&test_header(1)); + + let num_precommits_before = justification.commit.precommits.len(); + let justification = verify_and_optimize_justification::( + header_id::(1), + TEST_GRANDPA_SET_ID, + &voter_set(), + justification, + ) + .unwrap(); + let num_precommits_after = justification.commit.precommits.len(); + + assert_eq!(num_precommits_before, num_precommits_after); +} + +#[test] +fn unknown_authority_votes_are_removed_by_optimizer() { + let mut justification = make_default_justification::(&test_header(1)); + justification.commit.precommits.push(signed_precommit::( + &bp_test_utils::Account(42), + header_id::(1), + justification.round, + TEST_GRANDPA_SET_ID, + )); + + let num_precommits_before = justification.commit.precommits.len(); + let justification = verify_and_optimize_justification::( + header_id::(1), + TEST_GRANDPA_SET_ID, + &voter_set(), + justification, + ) + .unwrap(); + let num_precommits_after = justification.commit.precommits.len(); + + assert_eq!(num_precommits_before - 1, num_precommits_after); +} + +#[test] +fn duplicate_authority_votes_are_removed_by_optimizer() { + let mut justification = make_default_justification::(&test_header(1)); + justification + .commit + .precommits + .push(justification.commit.precommits.first().cloned().unwrap()); + + let num_precommits_before = justification.commit.precommits.len(); + let justification = verify_and_optimize_justification::( + header_id::(1), + TEST_GRANDPA_SET_ID, + &voter_set(), + justification, + ) + .unwrap(); + let num_precommits_after = justification.commit.precommits.len(); + + assert_eq!(num_precommits_before - 1, num_precommits_after); +} + +#[test] +fn redundant_authority_votes_are_removed_by_optimizer() { + let mut justification = make_default_justification::(&test_header(1)); + justification.commit.precommits.push(signed_precommit::( + &EVE, + header_id::(1), + justification.round, + TEST_GRANDPA_SET_ID, + )); + + let num_precommits_before = justification.commit.precommits.len(); + let justification = verify_and_optimize_justification::( + header_id::(1), + TEST_GRANDPA_SET_ID, + &voter_set(), + justification, + ) + .unwrap(); + let num_precommits_after = justification.commit.precommits.len(); + + assert_eq!(num_precommits_before - 1, num_precommits_after); +} diff --git a/bridges/primitives/messages/Cargo.toml b/bridges/primitives/messages/Cargo.toml new file mode 100644 index 00000000000..32a89f6cf78 --- /dev/null +++ b/bridges/primitives/messages/Cargo.toml @@ -0,0 +1,38 @@ +[package] +name = "bp-messages" +description = "Primitives of messages module." +version = "0.1.0" +authors = ["Parity Technologies "] +edition = "2021" +license = "GPL-3.0-or-later WITH Classpath-exception-2.0" + +[dependencies] +codec = { package = "parity-scale-codec", version = "3.1.5", default-features = false, features = ["derive", "bit-vec"] } +scale-info = { version = "2.6.0", default-features = false, features = ["bit-vec", "derive"] } +serde = { version = "1.0", optional = true, features = ["derive"] } + +# Bridge dependencies + +bp-runtime = { path = "../runtime", default-features = false } + +# Substrate Dependencies + +frame-support = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-core = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-std = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } + +[dev-dependencies] +hex = "0.4" +hex-literal = "0.4" + +[features] +default = ["std"] +std = [ + "bp-runtime/std", + "codec/std", + "frame-support/std", + "scale-info/std", + "serde", + "sp-core/std", + "sp-std/std" +] diff --git a/bridges/primitives/messages/src/lib.rs b/bridges/primitives/messages/src/lib.rs new file mode 100644 index 00000000000..e485aa2f801 --- /dev/null +++ b/bridges/primitives/messages/src/lib.rs @@ -0,0 +1,484 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Primitives of messages module. + +#![cfg_attr(not(feature = "std"), no_std)] +// RuntimeApi generated functions +#![allow(clippy::too_many_arguments)] + +use bp_runtime::{BasicOperatingMode, OperatingMode, RangeInclusiveExt}; +use codec::{Decode, Encode, MaxEncodedLen}; +use frame_support::RuntimeDebug; +use scale_info::TypeInfo; +use source_chain::RelayersRewards; +use sp_core::TypeId; +use sp_std::{collections::vec_deque::VecDeque, ops::RangeInclusive, prelude::*}; + +pub mod source_chain; +pub mod storage_keys; +pub mod target_chain; + +use bp_runtime::messages::MessageDispatchResult; +// Weight is reexported to avoid additional frame-support dependencies in related crates. +pub use frame_support::weights::Weight; + +/// Messages pallet operating mode. +#[derive(Encode, Decode, Clone, Copy, PartialEq, Eq, RuntimeDebug, TypeInfo, MaxEncodedLen)] +#[cfg_attr(feature = "std", derive(serde::Serialize, serde::Deserialize))] +pub enum MessagesOperatingMode { + /// Basic operating mode (Normal/Halted) + Basic(BasicOperatingMode), + /// The pallet is not accepting outbound messages. Inbound messages and receiving proofs + /// are still accepted. + /// + /// This mode may be used e.g. when bridged chain expects upgrade. Then to avoid dispatch + /// failures, the pallet owner may stop accepting new messages, while continuing to deliver + /// queued messages to the bridged chain. Once upgrade is completed, the mode may be switched + /// back to `Normal`. + RejectingOutboundMessages, +} + +impl Default for MessagesOperatingMode { + fn default() -> Self { + MessagesOperatingMode::Basic(BasicOperatingMode::Normal) + } +} + +impl OperatingMode for MessagesOperatingMode { + fn is_halted(&self) -> bool { + match self { + Self::Basic(operating_mode) => operating_mode.is_halted(), + _ => false, + } + } +} + +/// Lane id which implements `TypeId`. +#[derive( + Clone, Copy, Decode, Default, Encode, Eq, Ord, PartialOrd, PartialEq, TypeInfo, MaxEncodedLen, +)] +pub struct LaneId(pub [u8; 4]); + +impl core::fmt::Debug for LaneId { + fn fmt(&self, fmt: &mut core::fmt::Formatter) -> core::fmt::Result { + self.0.fmt(fmt) + } +} + +impl AsRef<[u8]> for LaneId { + fn as_ref(&self) -> &[u8] { + &self.0 + } +} + +impl TypeId for LaneId { + const TYPE_ID: [u8; 4] = *b"blan"; +} + +/// Message nonce. Valid messages will never have 0 nonce. +pub type MessageNonce = u64; + +/// Message id as a tuple. +pub type BridgeMessageId = (LaneId, MessageNonce); + +/// Opaque message payload. We only decode this payload when it is dispatched. +pub type MessagePayload = Vec; + +/// Message key (unique message identifier) as it is stored in the storage. +#[derive(Encode, Decode, Clone, PartialEq, Eq, RuntimeDebug, TypeInfo, MaxEncodedLen)] +pub struct MessageKey { + /// ID of the message lane. + pub lane_id: LaneId, + /// Message nonce. + pub nonce: MessageNonce, +} + +/// Message as it is stored in the storage. +#[derive(Encode, Decode, Clone, PartialEq, Eq, RuntimeDebug, TypeInfo)] +pub struct Message { + /// Message key. + pub key: MessageKey, + /// Message payload. + pub payload: MessagePayload, +} + +/// Inbound lane data. +#[derive(Encode, Decode, Clone, RuntimeDebug, PartialEq, Eq, TypeInfo)] +pub struct InboundLaneData { + /// Identifiers of relayers and messages that they have delivered to this lane (ordered by + /// message nonce). + /// + /// This serves as a helper storage item, to allow the source chain to easily pay rewards + /// to the relayers who successfully delivered messages to the target chain (inbound lane). + /// + /// It is guaranteed to have at most N entries, where N is configured at the module level. + /// If there are N entries in this vec, then: + /// 1) all incoming messages are rejected if they're missing corresponding + /// `proof-of(outbound-lane.state)`; 2) all incoming messages are rejected if + /// `proof-of(outbound-lane.state).last_delivered_nonce` is equal to + /// `self.last_confirmed_nonce`. Given what is said above, all nonces in this queue are in + /// range: `(self.last_confirmed_nonce; self.last_delivered_nonce()]`. + /// + /// When a relayer sends a single message, both of MessageNonces are the same. + /// When relayer sends messages in a batch, the first arg is the lowest nonce, second arg the + /// highest nonce. Multiple dispatches from the same relayer are allowed. + pub relayers: VecDeque>, + + /// Nonce of the last message that + /// a) has been delivered to the target (this) chain and + /// b) the delivery has been confirmed on the source chain + /// + /// that the target chain knows of. + /// + /// This value is updated indirectly when an `OutboundLane` state of the source + /// chain is received alongside with new messages delivery. + pub last_confirmed_nonce: MessageNonce, +} + +impl Default for InboundLaneData { + fn default() -> Self { + InboundLaneData { relayers: VecDeque::new(), last_confirmed_nonce: 0 } + } +} + +impl InboundLaneData { + /// Returns approximate size of the struct, given a number of entries in the `relayers` set and + /// size of each entry. + /// + /// Returns `None` if size overflows `usize` limits. + pub fn encoded_size_hint(relayers_entries: usize) -> Option + where + RelayerId: MaxEncodedLen, + { + relayers_entries + .checked_mul(UnrewardedRelayer::::max_encoded_len())? + .checked_add(MessageNonce::max_encoded_len()) + } + + /// Returns the approximate size of the struct as u32, given a number of entries in the + /// `relayers` set and the size of each entry. + /// + /// Returns `u32::MAX` if size overflows `u32` limits. + pub fn encoded_size_hint_u32(relayers_entries: usize) -> u32 + where + RelayerId: MaxEncodedLen, + { + Self::encoded_size_hint(relayers_entries) + .and_then(|x| u32::try_from(x).ok()) + .unwrap_or(u32::MAX) + } + + /// Nonce of the last message that has been delivered to this (target) chain. + pub fn last_delivered_nonce(&self) -> MessageNonce { + self.relayers + .back() + .map(|entry| entry.messages.end) + .unwrap_or(self.last_confirmed_nonce) + } +} + +/// Outbound message details, returned by runtime APIs. +#[derive(Clone, Encode, Decode, RuntimeDebug, PartialEq, Eq, TypeInfo)] +pub struct OutboundMessageDetails { + /// Nonce assigned to the message. + pub nonce: MessageNonce, + /// Message dispatch weight. + /// + /// Depending on messages pallet configuration, it may be declared by the message submitter, + /// computed automatically or just be zero if dispatch fee is paid at the target chain. + pub dispatch_weight: Weight, + /// Size of the encoded message. + pub size: u32, +} + +/// Inbound message details, returned by runtime APIs. +#[derive(Clone, Encode, Decode, RuntimeDebug, PartialEq, Eq, TypeInfo)] +pub struct InboundMessageDetails { + /// Computed message dispatch weight. + /// + /// Runtime API guarantees that it will match the value, returned by + /// `target_chain::MessageDispatch::dispatch_weight`. This means that if the runtime + /// has failed to decode the message, it will be zero - that's because `undecodable` + /// message cannot be dispatched. + pub dispatch_weight: Weight, +} + +/// Unrewarded relayer entry stored in the inbound lane data. +/// +/// This struct represents a continuous range of messages that have been delivered by the same +/// relayer and whose confirmations are still pending. +#[derive(Encode, Decode, Clone, RuntimeDebug, PartialEq, Eq, TypeInfo, MaxEncodedLen)] +pub struct UnrewardedRelayer { + /// Identifier of the relayer. + pub relayer: RelayerId, + /// Messages range, delivered by this relayer. + pub messages: DeliveredMessages, +} + +/// Received messages with their dispatch result. +#[derive(Clone, Default, Encode, Decode, RuntimeDebug, PartialEq, Eq, TypeInfo)] +pub struct ReceivedMessages { + /// Id of the lane which is receiving messages. + pub lane: LaneId, + /// Result of messages which we tried to dispatch + pub receive_results: Vec<(MessageNonce, ReceivalResult)>, +} + +impl ReceivedMessages { + pub fn new( + lane: LaneId, + receive_results: Vec<(MessageNonce, ReceivalResult)>, + ) -> Self { + ReceivedMessages { lane, receive_results } + } + + pub fn push(&mut self, message: MessageNonce, result: ReceivalResult) { + self.receive_results.push((message, result)); + } +} + +/// Result of single message receival. +#[derive(RuntimeDebug, Encode, Decode, PartialEq, Eq, Clone, TypeInfo)] +pub enum ReceivalResult { + /// Message has been received and dispatched. Note that we don't care whether dispatch has + /// been successful or not - in both case message falls into this category. + /// + /// The message dispatch result is also returned. + Dispatched(MessageDispatchResult), + /// Message has invalid nonce and lane has rejected to accept this message. + InvalidNonce, + /// There are too many unrewarded relayer entries at the lane. + TooManyUnrewardedRelayers, + /// There are too many unconfirmed messages at the lane. + TooManyUnconfirmedMessages, +} + +/// Delivered messages with their dispatch result. +#[derive(Clone, Default, Encode, Decode, RuntimeDebug, PartialEq, Eq, TypeInfo, MaxEncodedLen)] +pub struct DeliveredMessages { + /// Nonce of the first message that has been delivered (inclusive). + pub begin: MessageNonce, + /// Nonce of the last message that has been delivered (inclusive). + pub end: MessageNonce, +} + +impl DeliveredMessages { + /// Create new `DeliveredMessages` struct that confirms delivery of single nonce with given + /// dispatch result. + pub fn new(nonce: MessageNonce) -> Self { + DeliveredMessages { begin: nonce, end: nonce } + } + + /// Return total count of delivered messages. + pub fn total_messages(&self) -> MessageNonce { + (self.begin..=self.end).checked_len().unwrap_or(0) + } + + /// Note new dispatched message. + pub fn note_dispatched_message(&mut self) { + self.end += 1; + } + + /// Returns true if delivered messages contain message with given nonce. + pub fn contains_message(&self, nonce: MessageNonce) -> bool { + (self.begin..=self.end).contains(&nonce) + } +} + +/// Gist of `InboundLaneData::relayers` field used by runtime APIs. +#[derive(Clone, Default, Encode, Decode, RuntimeDebug, PartialEq, Eq, TypeInfo)] +pub struct UnrewardedRelayersState { + /// Number of entries in the `InboundLaneData::relayers` set. + pub unrewarded_relayer_entries: MessageNonce, + /// Number of messages in the oldest entry of `InboundLaneData::relayers`. This is the + /// minimal number of reward proofs required to push out this entry from the set. + pub messages_in_oldest_entry: MessageNonce, + /// Total number of messages in the relayers vector. + pub total_messages: MessageNonce, + /// Nonce of the latest message that has been delivered to the target chain. + /// + /// This corresponds to the result of the `InboundLaneData::last_delivered_nonce` call + /// at the bridged chain. + pub last_delivered_nonce: MessageNonce, +} + +impl From<&InboundLaneData> for UnrewardedRelayersState { + fn from(lane: &InboundLaneData) -> UnrewardedRelayersState { + UnrewardedRelayersState { + unrewarded_relayer_entries: lane.relayers.len() as _, + messages_in_oldest_entry: lane + .relayers + .front() + .and_then(|entry| (entry.messages.begin..=entry.messages.end).checked_len()) + .unwrap_or(0), + total_messages: total_unrewarded_messages(&lane.relayers).unwrap_or(MessageNonce::MAX), + last_delivered_nonce: lane.last_delivered_nonce(), + } + } +} + +/// Outbound lane data. +#[derive(Encode, Decode, Clone, RuntimeDebug, PartialEq, Eq, TypeInfo, MaxEncodedLen)] +pub struct OutboundLaneData { + /// Nonce of the oldest message that we haven't yet pruned. May point to not-yet-generated + /// message if all sent messages are already pruned. + pub oldest_unpruned_nonce: MessageNonce, + /// Nonce of the latest message, received by bridged chain. + pub latest_received_nonce: MessageNonce, + /// Nonce of the latest message, generated by us. + pub latest_generated_nonce: MessageNonce, +} + +impl Default for OutboundLaneData { + fn default() -> Self { + OutboundLaneData { + // it is 1 because we're pruning everything in [oldest_unpruned_nonce; + // latest_received_nonce] + oldest_unpruned_nonce: 1, + latest_received_nonce: 0, + latest_generated_nonce: 0, + } + } +} + +/// Returns total number of messages in the `InboundLaneData::relayers` vector. +/// +/// Returns `None` if there are more messages that `MessageNonce` may fit (i.e. `MessageNonce + 1`). +pub fn total_unrewarded_messages( + relayers: &VecDeque>, +) -> Option { + match (relayers.front(), relayers.back()) { + (Some(front), Some(back)) => { + if let Some(difference) = back.messages.end.checked_sub(front.messages.begin) { + difference.checked_add(1) + } else { + Some(0) + } + }, + _ => Some(0), + } +} + +/// Calculate the number of messages that the relayers have delivered. +pub fn calc_relayers_rewards( + messages_relayers: VecDeque>, + received_range: &RangeInclusive, +) -> RelayersRewards +where + AccountId: sp_std::cmp::Ord, +{ + // remember to reward relayers that have delivered messages + // this loop is bounded by `T::MaxUnrewardedRelayerEntriesAtInboundLane` on the bridged chain + let mut relayers_rewards = RelayersRewards::new(); + for entry in messages_relayers { + let nonce_begin = sp_std::cmp::max(entry.messages.begin, *received_range.start()); + let nonce_end = sp_std::cmp::min(entry.messages.end, *received_range.end()); + if nonce_end >= nonce_begin { + *relayers_rewards.entry(entry.relayer).or_default() += nonce_end - nonce_begin + 1; + } + } + relayers_rewards +} + +/// A minimized version of `pallet-bridge-messages::Call` that can be used without a runtime. +#[derive(Encode, Decode, Debug, PartialEq, Eq, Clone, TypeInfo)] +#[allow(non_camel_case_types)] +pub enum BridgeMessagesCall { + /// `pallet-bridge-messages::Call::receive_messages_proof` + #[codec(index = 2)] + receive_messages_proof { + relayer_id_at_bridged_chain: AccountId, + proof: MessagesProof, + messages_count: u32, + dispatch_weight: Weight, + }, + /// `pallet-bridge-messages::Call::receive_messages_delivery_proof` + #[codec(index = 3)] + receive_messages_delivery_proof { + proof: MessagesDeliveryProof, + relayers_state: UnrewardedRelayersState, + }, +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn total_unrewarded_messages_does_not_overflow() { + assert_eq!( + total_unrewarded_messages( + &vec![ + UnrewardedRelayer { relayer: 1, messages: DeliveredMessages::new(0) }, + UnrewardedRelayer { + relayer: 2, + messages: DeliveredMessages::new(MessageNonce::MAX) + }, + ] + .into_iter() + .collect() + ), + None, + ); + } + + #[test] + fn inbound_lane_data_returns_correct_hint() { + let test_cases = vec![ + // single relayer, multiple messages + (1, 128u8), + // multiple relayers, single message per relayer + (128u8, 128u8), + // several messages per relayer + (13u8, 128u8), + ]; + for (relayer_entries, messages_count) in test_cases { + let expected_size = InboundLaneData::::encoded_size_hint(relayer_entries as _); + let actual_size = InboundLaneData { + relayers: (1u8..=relayer_entries) + .map(|i| UnrewardedRelayer { + relayer: i, + messages: DeliveredMessages::new(i as _), + }) + .collect(), + last_confirmed_nonce: messages_count as _, + } + .encode() + .len(); + let difference = (expected_size.unwrap() as f64 - actual_size as f64).abs(); + assert!( + difference / (std::cmp::min(actual_size, expected_size.unwrap()) as f64) < 0.1, + "Too large difference between actual ({actual_size}) and expected ({expected_size:?}) inbound lane data size. Test case: {relayer_entries}+{messages_count}", + ); + } + } + + #[test] + fn contains_result_works() { + let delivered_messages = DeliveredMessages { begin: 100, end: 150 }; + + assert!(!delivered_messages.contains_message(99)); + assert!(delivered_messages.contains_message(100)); + assert!(delivered_messages.contains_message(150)); + assert!(!delivered_messages.contains_message(151)); + } + + #[test] + fn lane_id_debug_format_matches_inner_array_format() { + assert_eq!(format!("{:?}", LaneId([0, 0, 0, 0])), format!("{:?}", [0, 0, 0, 0]),); + } +} diff --git a/bridges/primitives/messages/src/source_chain.rs b/bridges/primitives/messages/src/source_chain.rs new file mode 100644 index 00000000000..394a934171f --- /dev/null +++ b/bridges/primitives/messages/src/source_chain.rs @@ -0,0 +1,211 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Primitives of messages module, that are used on the source chain. + +use crate::{InboundLaneData, LaneId, MessageNonce, OutboundLaneData}; + +use crate::UnrewardedRelayer; +use bp_runtime::Size; +use frame_support::{Parameter, RuntimeDebug}; +use sp_std::{ + collections::{btree_map::BTreeMap, vec_deque::VecDeque}, + fmt::Debug, + ops::RangeInclusive, +}; + +/// Number of messages, delivered by relayers. +pub type RelayersRewards = BTreeMap; + +/// Target chain API. Used by source chain to verify target chain proofs. +/// +/// All implementations of this trait should only work with finalized data that +/// can't change. Wrong implementation may lead to invalid lane states (i.e. lane +/// that's stuck) and/or processing messages without paying fees. +/// +/// The `Payload` type here means the payload of the message that is sent from the +/// source chain to the target chain. The `AccountId` type here means the account +/// type used by the source chain. +pub trait TargetHeaderChain { + /// Error type. + type Error: Debug; + + /// Proof that messages have been received by target chain. + type MessagesDeliveryProof: Parameter + Size; + + /// Verify message payload before we accept it. + /// + /// **CAUTION**: this is very important function. Incorrect implementation may lead + /// to stuck lanes and/or relayers loses. + /// + /// The proper implementation must ensure that the delivery-transaction with this + /// payload would (at least) be accepted into target chain transaction pool AND + /// eventually will be successfully mined. The most obvious incorrect implementation + /// example would be implementation for BTC chain that accepts payloads larger than + /// 1MB. BTC nodes aren't accepting transactions that are larger than 1MB, so relayer + /// will be unable to craft valid transaction => this (and all subsequent) messages will + /// never be delivered. + fn verify_message(payload: &Payload) -> Result<(), Self::Error>; + + /// Verify messages delivery proof and return lane && nonce of the latest received message. + fn verify_messages_delivery_proof( + proof: Self::MessagesDeliveryProof, + ) -> Result<(LaneId, InboundLaneData), Self::Error>; +} + +/// Lane message verifier. +/// +/// Runtime developer may implement any additional validation logic over message-lane mechanism. +/// E.g. if lanes should have some security (e.g. you can only accept Lane1 messages from +/// Submitter1, Lane2 messages for those who has submitted first message to this lane, disable +/// Lane3 until some block, ...), then it may be built using this verifier. +/// +/// Any fee requirements should also be enforced here. +pub trait LaneMessageVerifier { + /// Error type. + type Error: Debug + Into<&'static str>; + + /// Verify message payload and return Ok(()) if message is valid and allowed to be sent over the + /// lane. + fn verify_message( + submitter: &SenderOrigin, + lane: &LaneId, + outbound_data: &OutboundLaneData, + payload: &Payload, + ) -> Result<(), Self::Error>; +} + +/// Manages payments that are happening at the source chain during delivery confirmation +/// transaction. +pub trait DeliveryConfirmationPayments { + /// Error type. + type Error: Debug + Into<&'static str>; + + /// Pay rewards for delivering messages to the given relayers. + /// + /// The implementation may also choose to pay reward to the `confirmation_relayer`, which is + /// a relayer that has submitted delivery confirmation transaction. + /// + /// Returns number of actually rewarded relayers. + fn pay_reward( + lane_id: LaneId, + messages_relayers: VecDeque>, + confirmation_relayer: &AccountId, + received_range: &RangeInclusive, + ) -> MessageNonce; +} + +impl DeliveryConfirmationPayments for () { + type Error = &'static str; + + fn pay_reward( + _lane_id: LaneId, + _messages_relayers: VecDeque>, + _confirmation_relayer: &AccountId, + _received_range: &RangeInclusive, + ) -> MessageNonce { + // this implementation is not rewarding relayers at all + 0 + } +} + +/// Send message artifacts. +#[derive(Eq, RuntimeDebug, PartialEq)] +pub struct SendMessageArtifacts { + /// Nonce of the message. + pub nonce: MessageNonce, +} + +/// Messages bridge API to be used from other pallets. +pub trait MessagesBridge { + /// Error type. + type Error: Debug; + + /// Send message over the bridge. + /// + /// Returns unique message nonce or error if send has failed. + fn send_message( + sender: SenderOrigin, + lane: LaneId, + message: Payload, + ) -> Result; +} + +/// Bridge that does nothing when message is being sent. +#[derive(Eq, RuntimeDebug, PartialEq)] +pub struct NoopMessagesBridge; + +impl MessagesBridge for NoopMessagesBridge { + type Error = &'static str; + + fn send_message( + _sender: SenderOrigin, + _lane: LaneId, + _message: Payload, + ) -> Result { + Ok(SendMessageArtifacts { nonce: 0 }) + } +} + +/// Structure that may be used in place of `TargetHeaderChain`, `LaneMessageVerifier` and +/// `MessageDeliveryAndDispatchPayment` on chains, where outbound messages are forbidden. +pub struct ForbidOutboundMessages; + +/// Error message that is used in `ForbidOutboundMessages` implementation. +const ALL_OUTBOUND_MESSAGES_REJECTED: &str = + "This chain is configured to reject all outbound messages"; + +impl TargetHeaderChain for ForbidOutboundMessages { + type Error = &'static str; + + type MessagesDeliveryProof = (); + + fn verify_message(_payload: &Payload) -> Result<(), Self::Error> { + Err(ALL_OUTBOUND_MESSAGES_REJECTED) + } + + fn verify_messages_delivery_proof( + _proof: Self::MessagesDeliveryProof, + ) -> Result<(LaneId, InboundLaneData), Self::Error> { + Err(ALL_OUTBOUND_MESSAGES_REJECTED) + } +} + +impl LaneMessageVerifier for ForbidOutboundMessages { + type Error = &'static str; + + fn verify_message( + _submitter: &SenderOrigin, + _lane: &LaneId, + _outbound_data: &OutboundLaneData, + _payload: &Payload, + ) -> Result<(), Self::Error> { + Err(ALL_OUTBOUND_MESSAGES_REJECTED) + } +} + +impl DeliveryConfirmationPayments for ForbidOutboundMessages { + type Error = &'static str; + + fn pay_reward( + _lane_id: LaneId, + _messages_relayers: VecDeque>, + _confirmation_relayer: &AccountId, + _received_range: &RangeInclusive, + ) -> MessageNonce { + 0 + } +} diff --git a/bridges/primitives/messages/src/storage_keys.rs b/bridges/primitives/messages/src/storage_keys.rs new file mode 100644 index 00000000000..4edf9828cfd --- /dev/null +++ b/bridges/primitives/messages/src/storage_keys.rs @@ -0,0 +1,128 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Storage keys of bridge messages pallet. + +/// Name of the `OPERATING_MODE_VALUE_NAME` storage value. +pub const OPERATING_MODE_VALUE_NAME: &str = "PalletOperatingMode"; +/// Name of the `OutboundMessages` storage map. +pub const OUTBOUND_MESSAGES_MAP_NAME: &str = "OutboundMessages"; +/// Name of the `OutboundLanes` storage map. +pub const OUTBOUND_LANES_MAP_NAME: &str = "OutboundLanes"; +/// Name of the `InboundLanes` storage map. +pub const INBOUND_LANES_MAP_NAME: &str = "InboundLanes"; + +use crate::{LaneId, MessageKey, MessageNonce}; + +use codec::Encode; +use frame_support::Blake2_128Concat; +use sp_core::storage::StorageKey; + +/// Storage key of the `PalletOperatingMode` value in the runtime storage. +pub fn operating_mode_key(pallet_prefix: &str) -> StorageKey { + StorageKey( + bp_runtime::storage_value_final_key( + pallet_prefix.as_bytes(), + OPERATING_MODE_VALUE_NAME.as_bytes(), + ) + .to_vec(), + ) +} + +/// Storage key of the outbound message in the runtime storage. +pub fn message_key(pallet_prefix: &str, lane: &LaneId, nonce: MessageNonce) -> StorageKey { + bp_runtime::storage_map_final_key::( + pallet_prefix, + OUTBOUND_MESSAGES_MAP_NAME, + &MessageKey { lane_id: *lane, nonce }.encode(), + ) +} + +/// Storage key of the outbound message lane state in the runtime storage. +pub fn outbound_lane_data_key(pallet_prefix: &str, lane: &LaneId) -> StorageKey { + bp_runtime::storage_map_final_key::( + pallet_prefix, + OUTBOUND_LANES_MAP_NAME, + &lane.encode(), + ) +} + +/// Storage key of the inbound message lane state in the runtime storage. +pub fn inbound_lane_data_key(pallet_prefix: &str, lane: &LaneId) -> StorageKey { + bp_runtime::storage_map_final_key::( + pallet_prefix, + INBOUND_LANES_MAP_NAME, + &lane.encode(), + ) +} + +#[cfg(test)] +mod tests { + use super::*; + use hex_literal::hex; + + #[test] + fn operating_mode_key_computed_properly() { + // If this test fails, then something has been changed in module storage that is possibly + // breaking all existing message relays. + let storage_key = operating_mode_key("BridgeMessages").0; + assert_eq!( + storage_key, + hex!("dd16c784ebd3390a9bc0357c7511ed010f4cf0917788d791142ff6c1f216e7b3").to_vec(), + "Unexpected storage key: {}", + hex::encode(&storage_key), + ); + } + + #[test] + fn storage_message_key_computed_properly() { + // If this test fails, then something has been changed in module storage that is breaking + // all previously crafted messages proofs. + let storage_key = message_key("BridgeMessages", &LaneId(*b"test"), 42).0; + assert_eq!( + storage_key, + hex!("dd16c784ebd3390a9bc0357c7511ed018a395e6242c6813b196ca31ed0547ea79446af0e09063bd4a7874aef8a997cec746573742a00000000000000").to_vec(), + "Unexpected storage key: {}", + hex::encode(&storage_key), + ); + } + + #[test] + fn outbound_lane_data_key_computed_properly() { + // If this test fails, then something has been changed in module storage that is breaking + // all previously crafted outbound lane state proofs. + let storage_key = outbound_lane_data_key("BridgeMessages", &LaneId(*b"test")).0; + assert_eq!( + storage_key, + hex!("dd16c784ebd3390a9bc0357c7511ed0196c246acb9b55077390e3ca723a0ca1f44a8995dd50b6657a037a7839304535b74657374").to_vec(), + "Unexpected storage key: {}", + hex::encode(&storage_key), + ); + } + + #[test] + fn inbound_lane_data_key_computed_properly() { + // If this test fails, then something has been changed in module storage that is breaking + // all previously crafted inbound lane state proofs. + let storage_key = inbound_lane_data_key("BridgeMessages", &LaneId(*b"test")).0; + assert_eq!( + storage_key, + hex!("dd16c784ebd3390a9bc0357c7511ed01e5f83cf83f2127eb47afdc35d6e43fab44a8995dd50b6657a037a7839304535b74657374").to_vec(), + "Unexpected storage key: {}", + hex::encode(&storage_key), + ); + } +} diff --git a/bridges/primitives/messages/src/target_chain.rs b/bridges/primitives/messages/src/target_chain.rs new file mode 100644 index 00000000000..3c2e8cf0cb0 --- /dev/null +++ b/bridges/primitives/messages/src/target_chain.rs @@ -0,0 +1,200 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Primitives of messages module, that are used on the target chain. + +use crate::{LaneId, Message, MessageKey, MessageNonce, MessagePayload, OutboundLaneData}; + +use bp_runtime::{messages::MessageDispatchResult, Size}; +use codec::{Decode, Encode, Error as CodecError}; +use frame_support::{weights::Weight, Parameter, RuntimeDebug}; +use scale_info::TypeInfo; +use sp_std::{collections::btree_map::BTreeMap, fmt::Debug, marker::PhantomData, prelude::*}; + +/// Proved messages from the source chain. +pub type ProvedMessages = BTreeMap>; + +/// Proved messages from single lane of the source chain. +#[derive(RuntimeDebug, Encode, Decode, Clone, PartialEq, Eq, TypeInfo)] +pub struct ProvedLaneMessages { + /// Optional outbound lane state. + pub lane_state: Option, + /// Messages sent through this lane. + pub messages: Vec, +} + +/// Message data with decoded dispatch payload. +#[derive(RuntimeDebug)] +pub struct DispatchMessageData { + /// Result of dispatch payload decoding. + pub payload: Result, +} + +/// Message with decoded dispatch payload. +#[derive(RuntimeDebug)] +pub struct DispatchMessage { + /// Message key. + pub key: MessageKey, + /// Message data with decoded dispatch payload. + pub data: DispatchMessageData, +} + +/// Source chain API. Used by target chain, to verify source chain proofs. +/// +/// All implementations of this trait should only work with finalized data that +/// can't change. Wrong implementation may lead to invalid lane states (i.e. lane +/// that's stuck) and/or processing messages without paying fees. +pub trait SourceHeaderChain { + /// Error type. + type Error: Debug; + + /// Proof that messages are sent from source chain. This may also include proof + /// of corresponding outbound lane states. + type MessagesProof: Parameter + Size; + + /// Verify messages proof and return proved messages. + /// + /// Returns error if either proof is incorrect, or the number of messages in the proof + /// is not matching the `messages_count`. + /// + /// Messages vector is required to be sorted by nonce within each lane. Out-of-order + /// messages will be rejected. + /// + /// The `messages_count` argument verification (sane limits) is supposed to be made + /// outside this function. This function only verifies that the proof declares exactly + /// `messages_count` messages. + fn verify_messages_proof( + proof: Self::MessagesProof, + messages_count: u32, + ) -> Result, Self::Error>; +} + +/// Called when inbound message is received. +pub trait MessageDispatch { + /// Decoded message payload type. Valid message may contain invalid payload. In this case + /// message is delivered, but dispatch fails. Therefore, two separate types of payload + /// (opaque `MessagePayload` used in delivery and this `DispatchPayload` used in dispatch). + type DispatchPayload: Decode; + + /// Fine-grained result of single message dispatch (for better diagnostic purposes) + type DispatchLevelResult: Clone + sp_std::fmt::Debug + Eq; + + /// Estimate dispatch weight. + /// + /// This function must return correct upper bound of dispatch weight. The return value + /// of this function is expected to match return value of the corresponding + /// `FromInboundLaneApi::message_details().dispatch_weight` call. + fn dispatch_weight(message: &mut DispatchMessage) -> Weight; + + /// Called when inbound message is received. + /// + /// It is up to the implementers of this trait to determine whether the message + /// is invalid (i.e. improperly encoded, has too large weight, ...) or not. + fn dispatch( + message: DispatchMessage, + ) -> MessageDispatchResult; +} + +/// Manages payments that are happening at the target chain during message delivery transaction. +pub trait DeliveryPayments { + /// Error type. + type Error: Debug + Into<&'static str>; + + /// Pay rewards for delivering messages to the given relayer. + /// + /// This method is called during message delivery transaction which has been submitted + /// by the `relayer`. The transaction brings `total_messages` messages but only + /// `valid_messages` have been accepted. The post-dispatch transaction weight is the + /// `actual_weight`. + fn pay_reward( + relayer: AccountId, + total_messages: MessageNonce, + valid_messages: MessageNonce, + actual_weight: Weight, + ); +} + +impl Default for ProvedLaneMessages { + fn default() -> Self { + ProvedLaneMessages { lane_state: None, messages: Vec::new() } + } +} + +impl From for DispatchMessage { + fn from(message: Message) -> Self { + DispatchMessage { key: message.key, data: message.payload.into() } + } +} + +impl From for DispatchMessageData { + fn from(payload: MessagePayload) -> Self { + DispatchMessageData { payload: DispatchPayload::decode(&mut &payload[..]) } + } +} + +impl DeliveryPayments for () { + type Error = &'static str; + + fn pay_reward( + _relayer: AccountId, + _total_messages: MessageNonce, + _valid_messages: MessageNonce, + _actual_weight: Weight, + ) { + // this implementation is not rewarding relayer at all + } +} + +/// Structure that may be used in place of `SourceHeaderChain` and `MessageDispatch` on chains, +/// where inbound messages are forbidden. +pub struct ForbidInboundMessages( + PhantomData<(MessagesProof, DispatchPayload)>, +); + +/// Error message that is used in `ForbidOutboundMessages` implementation. +const ALL_INBOUND_MESSAGES_REJECTED: &str = + "This chain is configured to reject all inbound messages"; + +impl SourceHeaderChain + for ForbidInboundMessages +{ + type Error = &'static str; + type MessagesProof = MessagesProof; + + fn verify_messages_proof( + _proof: Self::MessagesProof, + _messages_count: u32, + ) -> Result, Self::Error> { + Err(ALL_INBOUND_MESSAGES_REJECTED) + } +} + +impl MessageDispatch + for ForbidInboundMessages +{ + type DispatchPayload = DispatchPayload; + type DispatchLevelResult = (); + + fn dispatch_weight(_message: &mut DispatchMessage) -> Weight { + Weight::MAX + } + + fn dispatch( + _: DispatchMessage, + ) -> MessageDispatchResult { + MessageDispatchResult { unspent_weight: Weight::zero(), dispatch_level_result: () } + } +} diff --git a/bridges/primitives/parachains/Cargo.toml b/bridges/primitives/parachains/Cargo.toml new file mode 100644 index 00000000000..426597a2508 --- /dev/null +++ b/bridges/primitives/parachains/Cargo.toml @@ -0,0 +1,39 @@ +[package] +name = "bp-parachains" +description = "Primitives of parachains module." +version = "0.1.0" +authors = ["Parity Technologies "] +edition = "2018" +license = "GPL-3.0-or-later WITH Classpath-exception-2.0" + +[dependencies] +codec = { package = "parity-scale-codec", version = "3.1.5", default-features = false, features = ["derive"] } +impl-trait-for-tuples = "0.2" +scale-info = { version = "2.6.0", default-features = false, features = ["derive"] } + +# Bridge dependencies + +bp-header-chain = { path = "../header-chain", default-features = false } +bp-polkadot-core = { path = "../polkadot-core", default-features = false } +bp-runtime = { path = "../runtime", default-features = false } + +# Substrate dependencies + +frame-support = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-core = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-runtime = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-std = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } + +[features] +default = ["std"] +std = [ + "bp-header-chain/std", + "bp-polkadot-core/std", + "bp-runtime/std", + "codec/std", + "frame-support/std", + "scale-info/std", + "sp-core/std", + "sp-runtime/std", + "sp-std/std", +] diff --git a/bridges/primitives/parachains/src/lib.rs b/bridges/primitives/parachains/src/lib.rs new file mode 100644 index 00000000000..e619fc7b641 --- /dev/null +++ b/bridges/primitives/parachains/src/lib.rs @@ -0,0 +1,180 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Primitives of parachains module. + +#![cfg_attr(not(feature = "std"), no_std)] + +pub use bp_header_chain::StoredHeaderData; + +use bp_polkadot_core::{ + parachains::{ParaHash, ParaHead, ParaHeadsProof, ParaId}, + BlockNumber as RelayBlockNumber, Hash as RelayBlockHash, +}; +use bp_runtime::{ + BlockNumberOf, Chain, HashOf, HeaderOf, Parachain, StorageDoubleMapKeyProvider, + StorageMapKeyProvider, +}; +use codec::{Decode, Encode, MaxEncodedLen}; +use frame_support::{Blake2_128Concat, RuntimeDebug, Twox64Concat}; +use scale_info::TypeInfo; +use sp_core::storage::StorageKey; +use sp_runtime::traits::Header as HeaderT; +use sp_std::{marker::PhantomData, prelude::*}; + +/// Best known parachain head hash. +#[derive(Clone, Decode, Encode, MaxEncodedLen, PartialEq, RuntimeDebug, TypeInfo)] +pub struct BestParaHeadHash { + /// Number of relay block where this head has been read. + /// + /// Parachain head is opaque to relay chain. So we can't simply decode it as a header of + /// parachains and call `block_number()` on it. Instead, we're using the fact that parachain + /// head is always built on top of previous head (because it is blockchain) and relay chain + /// always imports parachain heads in order. What it means for us is that at any given + /// **finalized** relay block `B`, head of parachain will be ancestor (or the same) of all + /// parachain heads available at descendants of `B`. + pub at_relay_block_number: RelayBlockNumber, + /// Hash of parachain head. + pub head_hash: ParaHash, +} + +/// Best known parachain head as it is stored in the runtime storage. +#[derive(Decode, Encode, MaxEncodedLen, PartialEq, RuntimeDebug, TypeInfo)] +pub struct ParaInfo { + /// Best known parachain head hash. + pub best_head_hash: BestParaHeadHash, + /// Current ring buffer position for this parachain. + pub next_imported_hash_position: u32, +} + +/// Returns runtime storage key of given parachain head at the source chain. +/// +/// The head is stored by the `paras` pallet in the `Heads` map. +pub fn parachain_head_storage_key_at_source( + paras_pallet_name: &str, + para_id: ParaId, +) -> StorageKey { + bp_runtime::storage_map_final_key::(paras_pallet_name, "Heads", ¶_id.encode()) +} + +/// Can be use to access the runtime storage key of the parachains info at the target chain. +/// +/// The info is stored by the `pallet-bridge-parachains` pallet in the `ParasInfo` map. +pub struct ParasInfoKeyProvider; +impl StorageMapKeyProvider for ParasInfoKeyProvider { + const MAP_NAME: &'static str = "ParasInfo"; + + type Hasher = Blake2_128Concat; + type Key = ParaId; + type Value = ParaInfo; +} + +/// Can be use to access the runtime storage key of the parachain head at the target chain. +/// +/// The head is stored by the `pallet-bridge-parachains` pallet in the `ImportedParaHeads` map. +pub struct ImportedParaHeadsKeyProvider; +impl StorageDoubleMapKeyProvider for ImportedParaHeadsKeyProvider { + const MAP_NAME: &'static str = "ImportedParaHeads"; + + type Hasher1 = Blake2_128Concat; + type Key1 = ParaId; + type Hasher2 = Blake2_128Concat; + type Key2 = ParaHash; + type Value = ParaStoredHeaderData; +} + +/// Stored data of the parachain head. It is encoded version of the +/// `bp_runtime::StoredHeaderData` structure. +/// +/// We do not know exact structure of the parachain head, so we always store encoded version +/// of the `bp_runtime::StoredHeaderData`. It is only decoded when we talk about specific parachain. +#[derive(Clone, Decode, Encode, PartialEq, RuntimeDebug, TypeInfo)] +pub struct ParaStoredHeaderData(pub Vec); + +impl ParaStoredHeaderData { + /// Decode stored parachain head data. + pub fn decode_parachain_head_data( + &self, + ) -> Result, HashOf>, codec::Error> { + StoredHeaderData::, HashOf>::decode(&mut &self.0[..]) + } +} + +/// Stored parachain head data builder. +pub trait ParaStoredHeaderDataBuilder { + /// Return number of parachains that are supported by this builder. + fn supported_parachains() -> u32; + + /// Try to build head data from encoded head of parachain with given id. + fn try_build(para_id: ParaId, para_head: &ParaHead) -> Option; +} + +/// Helper for using single parachain as `ParaStoredHeaderDataBuilder`. +pub struct SingleParaStoredHeaderDataBuilder(PhantomData); + +impl ParaStoredHeaderDataBuilder for SingleParaStoredHeaderDataBuilder { + fn supported_parachains() -> u32 { + 1 + } + + fn try_build(para_id: ParaId, para_head: &ParaHead) -> Option { + if para_id == ParaId(C::PARACHAIN_ID) { + let header = HeaderOf::::decode(&mut ¶_head.0[..]).ok()?; + return Some(ParaStoredHeaderData( + StoredHeaderData { number: *header.number(), state_root: *header.state_root() } + .encode(), + )) + } + None + } +} + +// Tries to build header data from each tuple member, short-circuiting on first successful one. +#[impl_trait_for_tuples::impl_for_tuples(1, 30)] +#[tuple_types_custom_trait_bound(Parachain)] +impl ParaStoredHeaderDataBuilder for C { + fn supported_parachains() -> u32 { + let mut result = 0; + for_tuples!( #( + result += SingleParaStoredHeaderDataBuilder::::supported_parachains(); + )* ); + result + } + + fn try_build(para_id: ParaId, para_head: &ParaHead) -> Option { + for_tuples!( #( + let maybe_para_head = SingleParaStoredHeaderDataBuilder::::try_build(para_id, para_head); + if let Some(maybe_para_head) = maybe_para_head { + return Some(maybe_para_head); + } + )* ); + + None + } +} + +/// A minimized version of `pallet-bridge-parachains::Call` that can be used without a runtime. +#[derive(Encode, Decode, Debug, PartialEq, Eq, Clone, TypeInfo)] +#[allow(non_camel_case_types)] +pub enum BridgeParachainCall { + /// `pallet-bridge-parachains::Call::submit_parachain_heads` + #[codec(index = 0)] + submit_parachain_heads { + at_relay_block: (RelayBlockNumber, RelayBlockHash), + parachains: Vec<(ParaId, ParaHash)>, + parachain_heads_proof: ParaHeadsProof, + }, +} diff --git a/bridges/primitives/polkadot-core/Cargo.toml b/bridges/primitives/polkadot-core/Cargo.toml new file mode 100644 index 00000000000..56c6de04d41 --- /dev/null +++ b/bridges/primitives/polkadot-core/Cargo.toml @@ -0,0 +1,45 @@ +[package] +name = "bp-polkadot-core" +description = "Primitives of Polkadot-like runtime." +version = "0.1.0" +authors = ["Parity Technologies "] +edition = "2021" +license = "GPL-3.0-or-later WITH Classpath-exception-2.0" + +[dependencies] +codec = { package = "parity-scale-codec", version = "3.1.5", default-features = false, features = ["derive"] } +parity-util-mem = { version = "0.12.0", optional = true } +scale-info = { version = "2.6.0", default-features = false, features = ["derive"] } +serde = { version = "1.0", optional = true, features = ["derive"] } + +# Bridge Dependencies + +bp-messages = { path = "../messages", default-features = false } +bp-runtime = { path = "../runtime", default-features = false } + +# Substrate Based Dependencies + +frame-support = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +frame-system = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-core = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-runtime = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-std = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } + +[dev-dependencies] +hex = "0.4" + +[features] +default = ["std"] +std = [ + "bp-messages/std", + "bp-runtime/std", + "frame-support/std", + "frame-system/std", + "codec/std", + "parity-util-mem", + "scale-info/std", + "serde", + "sp-core/std", + "sp-runtime/std", + "sp-std/std", +] diff --git a/bridges/primitives/polkadot-core/src/lib.rs b/bridges/primitives/polkadot-core/src/lib.rs new file mode 100644 index 00000000000..3774d283fc4 --- /dev/null +++ b/bridges/primitives/polkadot-core/src/lib.rs @@ -0,0 +1,292 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +#![cfg_attr(not(feature = "std"), no_std)] + +use bp_messages::MessageNonce; +use bp_runtime::{Chain, EncodedOrDecodedCall, StorageMapKeyProvider}; +use frame_support::{ + dispatch::DispatchClass, + parameter_types, + weights::{ + constants::{BlockExecutionWeight, WEIGHT_REF_TIME_PER_SECOND}, + Weight, + }, + Blake2_128Concat, RuntimeDebug, +}; +use frame_system::limits; +use sp_core::{storage::StorageKey, Hasher as HasherT}; +use sp_runtime::{ + generic, + traits::{BlakeTwo256, IdentifyAccount, Verify}, + MultiAddress, MultiSignature, OpaqueExtrinsic, +}; +use sp_std::prelude::Vec; + +// Re-export's to avoid extra substrate dependencies in chain-specific crates. +pub use frame_support::{weights::constants::ExtrinsicBaseWeight, Parameter}; +pub use sp_runtime::{traits::Convert, Perbill}; + +pub mod parachains; + +/// Maximal number of GRANDPA authorities at Polkadot-like chains. +/// +/// Ideally, we would set it to the value of `MaxAuthorities` constant from bridged runtime +/// configurations. But right now it is set to the `100_000`, which makes PoV size for +/// our bridge hub parachains huge. So let's stick to the real-world value here. +/// +/// Right now both Kusama and Polkadot aim to have around 1000 validators. Let's be safe here and +/// take a bit more here. +pub const MAX_AUTHORITIES_COUNT: u32 = 1_256; + +/// Reasonable number of headers in the `votes_ancestries` on Polkadot-like chains. +/// +/// See [`bp-header-chain::ChainWithGrandpa`] for more details. +/// +/// This value comes from recent (February, 2023) Kusama and Polkadot headers. There are no +/// justifications with any additional headers in votes ancestry, so reasonable headers may +/// be set to zero. But we assume that there may be small GRANDPA lags, so we're leaving some +/// reserve here. +pub const REASONABLE_HEADERS_IN_JUSTIFICATON_ANCESTRY: u32 = 2; + +/// Approximate average header size in `votes_ancestries` field of justification on Polkadot-like +/// chains. +/// +/// See [`bp-header-chain::ChainWithGrandpa`] for more details. +/// +/// This value comes from recent (February, 2023) Kusama headers. Average is `336` there, but some +/// non-mandatory headers has size `40kb` (they contain the BABE epoch descriptor with all +/// authorities - just like our mandatory header). Since we assume `2` headers in justification +/// votes ancestry, let's set average header to `40kb / 2`. +pub const AVERAGE_HEADER_SIZE_IN_JUSTIFICATION: u32 = 20 * 1024; + +/// Approximate maximal header size on Polkadot-like chains. +/// +/// See [`bp-header-chain::ChainWithGrandpa`] for more details. +/// +/// This value comes from recent (February, 2023) Kusama headers. Maximal header is a mandatory +/// header. In its SCALE-encoded form it is `80348` bytes. Let's have some reserve here. +pub const MAX_HEADER_SIZE: u32 = 90_000; + +/// Number of extra bytes (excluding size of storage value itself) of storage proof, built at +/// Polkadot-like chain. This mostly depends on number of entries in the storage trie. +/// Some reserve is reserved to account future chain growth. +/// +/// To compute this value, we've synced Kusama chain blocks [0; 6545733] to see if there were +/// any significant changes of the storage proof size (NO): +/// +/// - at block 3072 the storage proof size overhead was 579 bytes; +/// - at block 2479616 it was 578 bytes; +/// - at block 4118528 it was 711 bytes; +/// - at block 6540800 it was 779 bytes. +/// +/// The number of storage entries at the block 6546170 was 351207 and number of trie nodes in +/// the storage proof was 5 (log(16, 351207) ~ 4.6). +/// +/// So the assumption is that the storage proof size overhead won't be larger than 1024 in the +/// nearest future. If it'll ever break this barrier, then we'll need to update this constant +/// at next runtime upgrade. +pub const EXTRA_STORAGE_PROOF_SIZE: u32 = 1024; + +/// All Polkadot-like chains allow normal extrinsics to fill block up to 75 percent. +/// +/// This is a copy-paste from the Polkadot repo's `polkadot-runtime-common` crate. +const NORMAL_DISPATCH_RATIO: Perbill = Perbill::from_percent(75); + +/// All Polkadot-like chains allow 2 seconds of compute with a 6-second average block time. +/// +/// This is a copy-paste from the Polkadot repo's `polkadot-runtime-common` crate. +pub const MAXIMUM_BLOCK_WEIGHT: Weight = + Weight::from_parts(WEIGHT_REF_TIME_PER_SECOND.saturating_mul(2), u64::MAX); + +/// All Polkadot-like chains assume that an on-initialize consumes 1 percent of the weight on +/// average, hence a single extrinsic will not be allowed to consume more than +/// `AvailableBlockRatio - 1 percent`. +/// +/// This is a copy-paste from the Polkadot repo's `polkadot-runtime-common` crate. +pub const AVERAGE_ON_INITIALIZE_RATIO: Perbill = Perbill::from_percent(1); + +parameter_types! { + /// All Polkadot-like chains have maximal block size set to 5MB. + /// + /// This is a copy-paste from the Polkadot repo's `polkadot-runtime-common` crate. + pub BlockLength: limits::BlockLength = limits::BlockLength::max_with_normal_ratio( + 5 * 1024 * 1024, + NORMAL_DISPATCH_RATIO, + ); + /// All Polkadot-like chains have the same block weights. + /// + /// This is a copy-paste from the Polkadot repo's `polkadot-runtime-common` crate. + pub BlockWeights: limits::BlockWeights = limits::BlockWeights::builder() + .base_block(BlockExecutionWeight::get()) + .for_class(DispatchClass::all(), |weights| { + weights.base_extrinsic = ExtrinsicBaseWeight::get(); + }) + .for_class(DispatchClass::Normal, |weights| { + weights.max_total = Some(NORMAL_DISPATCH_RATIO * MAXIMUM_BLOCK_WEIGHT); + }) + .for_class(DispatchClass::Operational, |weights| { + weights.max_total = Some(MAXIMUM_BLOCK_WEIGHT); + // Operational transactions have an extra reserved space, so that they + // are included even if block reached `MAXIMUM_BLOCK_WEIGHT`. + weights.reserved = Some( + MAXIMUM_BLOCK_WEIGHT - NORMAL_DISPATCH_RATIO * MAXIMUM_BLOCK_WEIGHT, + ); + }) + .avg_block_initialization(AVERAGE_ON_INITIALIZE_RATIO) + .build_or_panic(); +} + +// TODO [#78] may need to be updated after https://github.com/paritytech/parity-bridges-common/issues/78 +/// Maximal number of messages in single delivery transaction. +pub const MAX_MESSAGES_IN_DELIVERY_TRANSACTION: MessageNonce = 128; + +/// Maximal number of bytes, included in the signed Polkadot-like transaction apart from the encoded +/// call itself. +/// +/// Can be computed by subtracting encoded call size from raw transaction size. +pub const TX_EXTRA_BYTES: u32 = 256; + +/// Re-export `time_units` to make usage easier. +pub use time_units::*; + +/// Human readable time units defined in terms of number of blocks. +pub mod time_units { + use super::BlockNumber; + + pub const MILLISECS_PER_BLOCK: u64 = 6000; + pub const SLOT_DURATION: u64 = MILLISECS_PER_BLOCK; + + pub const MINUTES: BlockNumber = 60_000 / (MILLISECS_PER_BLOCK as BlockNumber); + pub const HOURS: BlockNumber = MINUTES * 60; + pub const DAYS: BlockNumber = HOURS * 24; +} + +/// Block number type used in Polkadot-like chains. +pub type BlockNumber = u32; + +/// Hash type used in Polkadot-like chains. +pub type Hash = ::Out; + +/// Account Index (a.k.a. nonce). +pub type Index = u32; + +/// Hashing type. +pub type Hashing = BlakeTwo256; + +/// The type of object that can produce hashes on Polkadot-like chains. +pub type Hasher = BlakeTwo256; + +/// The header type used by Polkadot-like chains. +pub type Header = generic::Header; + +/// Signature type used by Polkadot-like chains. +pub type Signature = MultiSignature; + +/// Public key of account on Polkadot-like chains. +pub type AccountPublic = ::Signer; + +/// Id of account on Polkadot-like chains. +pub type AccountId = ::AccountId; + +/// Address of account on Polkadot-like chains. +pub type AccountAddress = MultiAddress; + +/// Index of a transaction on the Polkadot-like chains. +pub type Nonce = u32; + +/// Block type of Polkadot-like chains. +pub type Block = generic::Block; + +/// Polkadot-like block signed with a Justification. +pub type SignedBlock = generic::SignedBlock; + +/// The balance of an account on Polkadot-like chain. +pub type Balance = u128; + +/// Unchecked Extrinsic type. +pub type UncheckedExtrinsic = + generic::UncheckedExtrinsic, Signature, SignedExt>; + +/// Account address, used by the Polkadot-like chain. +pub type Address = MultiAddress; + +/// Polkadot-like chain. +#[derive(RuntimeDebug)] +pub struct PolkadotLike; + +impl Chain for PolkadotLike { + type BlockNumber = BlockNumber; + type Hash = Hash; + type Hasher = Hasher; + type Header = Header; + + type AccountId = AccountId; + type Balance = Balance; + type Index = Index; + type Signature = Signature; + + fn max_extrinsic_size() -> u32 { + *BlockLength::get().max.get(DispatchClass::Normal) + } + + fn max_extrinsic_weight() -> Weight { + BlockWeights::get() + .get(DispatchClass::Normal) + .max_extrinsic + .unwrap_or(Weight::MAX) + } +} + +/// Provides a storage key for account data. +/// +/// We need to use this approach when we don't have access to the runtime. +/// The equivalent command to invoke in case full `Runtime` is known is this: +/// `let key = frame_system::Account::::storage_map_final_key(&account_id);` +pub struct AccountInfoStorageMapKeyProvider; + +impl StorageMapKeyProvider for AccountInfoStorageMapKeyProvider { + const MAP_NAME: &'static str = "Account"; + type Hasher = Blake2_128Concat; + type Key = AccountId; + // This should actually be `AccountInfo`, but we don't use this property in order to decode the + // data. So we use `Vec` as if we would work with encoded data. + type Value = Vec; +} + +impl AccountInfoStorageMapKeyProvider { + const PALLET_NAME: &'static str = "System"; + + pub fn final_key(id: &AccountId) -> StorageKey { + ::final_key(Self::PALLET_NAME, id) + } +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn should_generate_storage_key() { + let acc = [ + 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, + 25, 26, 27, 28, 29, 30, 31, 32, + ] + .into(); + let key = AccountInfoStorageMapKeyProvider::final_key(&acc); + assert_eq!(hex::encode(key), "26aa394eea5630e07c48ae0c9558cef7b99d880ec681799c0cf30e8886371da92dccd599abfe1920a1cff8a7358231430102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20"); + } +} diff --git a/bridges/primitives/polkadot-core/src/parachains.rs b/bridges/primitives/polkadot-core/src/parachains.rs new file mode 100644 index 00000000000..0b410dff49f --- /dev/null +++ b/bridges/primitives/polkadot-core/src/parachains.rs @@ -0,0 +1,98 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Primitives of polkadot-like chains, that are related to parachains functionality. +//! +//! Even though this (bridges) repository references polkadot repository, we can't +//! reference polkadot crates from pallets. That's because bridges repository is +//! included in the polkadot repository and included pallets are used by polkadot +//! chains. Having pallets that are referencing polkadot, would mean that there may +//! be two versions of polkadot crates included in the runtime. Which is bad. + +use bp_runtime::{RawStorageProof, Size}; +use codec::{CompactAs, Decode, Encode, MaxEncodedLen}; +use frame_support::RuntimeDebug; +use scale_info::TypeInfo; +use sp_core::Hasher; +use sp_std::vec::Vec; + +#[cfg(feature = "std")] +use serde::{Deserialize, Serialize}; + +#[cfg(feature = "std")] +use parity_util_mem::MallocSizeOf; + +/// Parachain id. +/// +/// This is an equivalent of the `polkadot_parachain::Id`, which is a compact-encoded `u32`. +#[derive( + Clone, + CompactAs, + Copy, + Decode, + Default, + Encode, + Eq, + Hash, + MaxEncodedLen, + Ord, + PartialEq, + PartialOrd, + RuntimeDebug, + TypeInfo, +)] +pub struct ParaId(pub u32); + +impl From for ParaId { + fn from(id: u32) -> Self { + ParaId(id) + } +} + +/// Parachain head. +/// +/// This is an equivalent of the `polkadot_parachain::HeadData`. +/// +/// The parachain head means (at least in Cumulus) a SCALE-encoded parachain header. +#[derive( + PartialEq, Eq, Clone, PartialOrd, Ord, Encode, Decode, RuntimeDebug, TypeInfo, Default, +)] +#[cfg_attr(feature = "std", derive(Serialize, Deserialize, Hash, MallocSizeOf))] +pub struct ParaHead(pub Vec); + +impl ParaHead { + /// Returns the hash of this head data. + pub fn hash(&self) -> crate::Hash { + sp_runtime::traits::BlakeTwo256::hash(&self.0) + } +} + +/// Parachain head hash. +pub type ParaHash = crate::Hash; + +/// Parachain head hasher. +pub type ParaHasher = crate::Hasher; + +/// Raw storage proof of parachain heads, stored in polkadot-like chain runtime. +#[derive(Clone, Decode, Encode, Eq, PartialEq, RuntimeDebug, TypeInfo)] +pub struct ParaHeadsProof(pub RawStorageProof); + +impl Size for ParaHeadsProof { + fn size(&self) -> u32 { + u32::try_from(self.0.iter().fold(0usize, |sum, node| sum.saturating_add(node.len()))) + .unwrap_or(u32::MAX) + } +} diff --git a/bridges/primitives/relayers/Cargo.toml b/bridges/primitives/relayers/Cargo.toml new file mode 100644 index 00000000000..b84b0393adf --- /dev/null +++ b/bridges/primitives/relayers/Cargo.toml @@ -0,0 +1,36 @@ +[package] +name = "bp-relayers" +description = "Primitives of relayers module." +version = "0.1.0" +authors = ["Parity Technologies "] +edition = "2021" +license = "GPL-3.0-or-later WITH Classpath-exception-2.0" + +[dependencies] +codec = { package = "parity-scale-codec", version = "3.1.5", default-features = false, features = ["derive", "bit-vec"] } +scale-info = { version = "2.6.0", default-features = false, features = ["bit-vec", "derive"] } + +# Bridge Dependencies + +bp-messages = { path = "../messages", default-features = false } +bp-runtime = { path = "../runtime", default-features = false } + +# Substrate Dependencies + +frame-support = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-runtime = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-std = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } + +[dev-dependencies] +hex = "0.4" +hex-literal = "0.4" + +[features] +default = ["std"] +std = [ + "bp-messages/std", + "bp-runtime/std", + "frame-support/std", + "sp-runtime/std", + "sp-std/std", +] diff --git a/bridges/primitives/relayers/src/lib.rs b/bridges/primitives/relayers/src/lib.rs new file mode 100644 index 00000000000..21f66a2ffa1 --- /dev/null +++ b/bridges/primitives/relayers/src/lib.rs @@ -0,0 +1,206 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Primitives of messages module. + +#![warn(missing_docs)] +#![cfg_attr(not(feature = "std"), no_std)] + +pub use registration::{Registration, StakeAndSlash}; + +use bp_messages::LaneId; +use bp_runtime::{ChainId, StorageDoubleMapKeyProvider}; +use frame_support::{traits::tokens::Preservation, Blake2_128Concat, Identity}; +use scale_info::TypeInfo; +use sp_runtime::{ + codec::{Codec, Decode, Encode, EncodeLike, MaxEncodedLen}, + traits::AccountIdConversion, + TypeId, +}; +use sp_std::{fmt::Debug, marker::PhantomData}; + +mod registration; + +/// The owner of the sovereign account that should pay the rewards. +/// +/// Each of the 2 final points connected by a bridge owns a sovereign account at each end of the +/// bridge. So here, at this end of the bridge there can be 2 sovereign accounts that pay rewards. +#[derive(Copy, Clone, Debug, Decode, Encode, Eq, PartialEq, TypeInfo, MaxEncodedLen)] +pub enum RewardsAccountOwner { + /// The sovereign account of the final chain on this end of the bridge. + ThisChain, + /// The sovereign account of the final chain on the other end of the bridge. + BridgedChain, +} + +/// Structure used to identify the account that pays a reward to the relayer. +/// +/// A bridge connects 2 bridge ends. Each one is located on a separate relay chain. The bridge ends +/// can be the final destinations of the bridge, or they can be intermediary points +/// (e.g. a bridge hub) used to forward messages between pairs of parachains on the bridged relay +/// chains. A pair of such parachains is connected using a bridge lane. Each of the 2 final +/// destinations of a bridge lane must have a sovereign account at each end of the bridge and each +/// of the sovereign accounts will pay rewards for different operations. So we need multiple +/// parameters to identify the account that pays a reward to the relayer. +#[derive(Copy, Clone, Debug, Decode, Encode, Eq, PartialEq, TypeInfo, MaxEncodedLen)] +pub struct RewardsAccountParams { + lane_id: LaneId, + bridged_chain_id: ChainId, + owner: RewardsAccountOwner, +} + +impl RewardsAccountParams { + /// Create a new instance of `RewardsAccountParams`. + pub const fn new( + lane_id: LaneId, + bridged_chain_id: ChainId, + owner: RewardsAccountOwner, + ) -> Self { + Self { lane_id, bridged_chain_id, owner } + } +} + +impl TypeId for RewardsAccountParams { + const TYPE_ID: [u8; 4] = *b"brap"; +} + +/// Reward payment procedure. +pub trait PaymentProcedure { + /// Error that may be returned by the procedure. + type Error: Debug; + + /// Pay reward to the relayer from the account with provided params. + fn pay_reward( + relayer: &Relayer, + rewards_account_params: RewardsAccountParams, + reward: Reward, + ) -> Result<(), Self::Error>; +} + +impl PaymentProcedure for () { + type Error = &'static str; + + fn pay_reward(_: &Relayer, _: RewardsAccountParams, _: Reward) -> Result<(), Self::Error> { + Ok(()) + } +} + +/// Reward payment procedure that does `balances::transfer` call from the account, derived from +/// given params. +pub struct PayRewardFromAccount(PhantomData<(T, Relayer)>); + +impl PayRewardFromAccount +where + Relayer: Decode + Encode, +{ + /// Return account that pays rewards based on the provided parameters. + pub fn rewards_account(params: RewardsAccountParams) -> Relayer { + params.into_sub_account_truncating(b"rewards-account") + } +} + +impl PaymentProcedure for PayRewardFromAccount +where + T: frame_support::traits::fungible::Mutate, + Relayer: Decode + Encode, +{ + type Error = sp_runtime::DispatchError; + + fn pay_reward( + relayer: &Relayer, + rewards_account_params: RewardsAccountParams, + reward: T::Balance, + ) -> Result<(), Self::Error> { + T::transfer( + &Self::rewards_account(rewards_account_params), + relayer, + reward, + Preservation::Expendable, + ) + .map(drop) + } +} + +/// Can be use to access the runtime storage key within the `RelayerRewards` map of the relayers +/// pallet. +pub struct RelayerRewardsKeyProvider(PhantomData<(AccountId, Reward)>); + +impl StorageDoubleMapKeyProvider for RelayerRewardsKeyProvider +where + AccountId: Codec + EncodeLike, + Reward: Codec + EncodeLike, +{ + const MAP_NAME: &'static str = "RelayerRewards"; + + type Hasher1 = Blake2_128Concat; + type Key1 = AccountId; + type Hasher2 = Identity; + type Key2 = RewardsAccountParams; + type Value = Reward; +} + +#[cfg(test)] +mod tests { + use super::*; + use bp_messages::LaneId; + use sp_runtime::testing::H256; + + #[test] + fn different_lanes_are_using_different_accounts() { + assert_eq!( + PayRewardFromAccount::<(), H256>::rewards_account(RewardsAccountParams::new( + LaneId([0, 0, 0, 0]), + *b"test", + RewardsAccountOwner::ThisChain + )), + hex_literal::hex!("62726170000000007465737400726577617264732d6163636f756e7400000000") + .into(), + ); + + assert_eq!( + PayRewardFromAccount::<(), H256>::rewards_account(RewardsAccountParams::new( + LaneId([0, 0, 0, 1]), + *b"test", + RewardsAccountOwner::ThisChain + )), + hex_literal::hex!("62726170000000017465737400726577617264732d6163636f756e7400000000") + .into(), + ); + } + + #[test] + fn different_directions_are_using_different_accounts() { + assert_eq!( + PayRewardFromAccount::<(), H256>::rewards_account(RewardsAccountParams::new( + LaneId([0, 0, 0, 0]), + *b"test", + RewardsAccountOwner::ThisChain + )), + hex_literal::hex!("62726170000000007465737400726577617264732d6163636f756e7400000000") + .into(), + ); + + assert_eq!( + PayRewardFromAccount::<(), H256>::rewards_account(RewardsAccountParams::new( + LaneId([0, 0, 0, 0]), + *b"test", + RewardsAccountOwner::BridgedChain + )), + hex_literal::hex!("62726170000000007465737401726577617264732d6163636f756e7400000000") + .into(), + ); + } +} diff --git a/bridges/primitives/relayers/src/registration.rs b/bridges/primitives/relayers/src/registration.rs new file mode 100644 index 00000000000..7ab20844bdf --- /dev/null +++ b/bridges/primitives/relayers/src/registration.rs @@ -0,0 +1,121 @@ +// Copyright 2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Bridge relayers registration and slashing scheme. +//! +//! There is an option to add a refund-relayer signed extension that will compensate +//! relayer costs of the message delivery and confirmation transactions (as well as +//! required finality proofs). This extension boosts priority of message delivery +//! transactions, based on the number of bundled messages. So transaction with more +//! messages has larger priority than the transaction with less messages. +//! See `bridge_runtime_common::priority_calculator` for details; +//! +//! This encourages relayers to include more messages to their delivery transactions. +//! At the same time, we are not verifying storage proofs before boosting +//! priority. Instead, we simply trust relayer, when it says that transaction delivers +//! `N` messages. +//! +//! This allows relayers to submit transactions which declare large number of bundled +//! transactions to receive priority boost for free, potentially pushing actual delivery +//! transactions from the block (or even transaction queue). Such transactions are +//! not free, but their cost is relatively small. +//! +//! To alleviate that, we only boost transactions of relayers that have some stake +//! that guarantees that their transactions are valid. Such relayers get priority +//! for free, but they risk to lose their stake. + +use crate::RewardsAccountParams; + +use codec::{Decode, Encode, MaxEncodedLen}; +use scale_info::TypeInfo; +use sp_runtime::{ + traits::{Get, Zero}, + DispatchError, DispatchResult, +}; + +/// Relayer registration. +#[derive(Copy, Clone, Debug, Decode, Encode, Eq, PartialEq, TypeInfo, MaxEncodedLen)] +pub struct Registration { + /// The last block number, where this registration is considered active. + /// + /// Relayer has an option to renew his registration (this may be done before it + /// is spoiled as well). Starting from block `valid_till + 1`, relayer may `deregister` + /// himself and get his stake back. + /// + /// Please keep in mind that priority boost stops working some blocks before the + /// registration ends (see [`StakeAndSlash::RequiredRegistrationLease`]). + pub valid_till: BlockNumber, + /// Active relayer stake, which is mapped to the relayer reserved balance. + /// + /// If `stake` is less than the [`StakeAndSlash::RequiredStake`], the registration + /// is considered inactive even if `valid_till + 1` is not yet reached. + pub stake: Balance, +} + +/// Relayer stake-and-slash mechanism. +pub trait StakeAndSlash { + /// The stake that the relayer must have to have its transactions boosted. + type RequiredStake: Get; + /// Required **remaining** registration lease to be able to get transaction priority boost. + /// + /// If the difference between registration's `valid_till` and the current block number + /// is less than the `RequiredRegistrationLease`, it becomes inactive and relayer transaction + /// won't get priority boost. This period exists, because priority is calculated when + /// transaction is placed to the queue (and it is reevaluated periodically) and then some time + /// may pass before transaction will be included into the block. + type RequiredRegistrationLease: Get; + + /// Reserve the given amount at relayer account. + fn reserve(relayer: &AccountId, amount: Balance) -> DispatchResult; + /// `Unreserve` the given amount from relayer account. + /// + /// Returns amount that we have failed to `unreserve`. + fn unreserve(relayer: &AccountId, amount: Balance) -> Balance; + /// Slash up to `amount` from reserved balance of account `relayer` and send funds to given + /// `beneficiary`. + /// + /// Returns `Ok(_)` with non-zero balance if we have failed to repatriate some portion of stake. + fn repatriate_reserved( + relayer: &AccountId, + beneficiary: RewardsAccountParams, + amount: Balance, + ) -> Result; +} + +impl StakeAndSlash for () +where + Balance: Default + Zero, + BlockNumber: Default, +{ + type RequiredStake = (); + type RequiredRegistrationLease = (); + + fn reserve(_relayer: &AccountId, _amount: Balance) -> DispatchResult { + Ok(()) + } + + fn unreserve(_relayer: &AccountId, _amount: Balance) -> Balance { + Zero::zero() + } + + fn repatriate_reserved( + _relayer: &AccountId, + _beneficiary: RewardsAccountParams, + _amount: Balance, + ) -> Result { + Ok(Zero::zero()) + } +} diff --git a/bridges/primitives/runtime/Cargo.toml b/bridges/primitives/runtime/Cargo.toml new file mode 100644 index 00000000000..694ff4e1aa6 --- /dev/null +++ b/bridges/primitives/runtime/Cargo.toml @@ -0,0 +1,49 @@ +[package] +name = "bp-runtime" +description = "Primitives that may be used at (bridges) runtime level." +version = "0.1.0" +authors = ["Parity Technologies "] +edition = "2021" +license = "GPL-3.0-or-later WITH Classpath-exception-2.0" + +[dependencies] +codec = { package = "parity-scale-codec", version = "3.1.5", default-features = false } +hash-db = { version = "0.16.0", default-features = false } +impl-trait-for-tuples = "0.2.2" +num-traits = { version = "0.2", default-features = false } +scale-info = { version = "2.6.0", default-features = false, features = ["derive"] } +serde = { version = "1.0", optional = true, features = ["derive"] } + +# Substrate Dependencies + +frame-support = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +frame-system = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-core = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-io = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-runtime = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-state-machine = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-std = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-trie = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +trie-db = { version = "0.27.1", default-features = false } + +[dev-dependencies] +hex-literal = "0.4" + +[features] +default = ["std"] +std = [ + "codec/std", + "frame-support/std", + "frame-system/std", + "hash-db/std", + "num-traits/std", + "scale-info/std", + "serde", + "sp-core/std", + "sp-io/std", + "sp-runtime/std", + "sp-std/std", + "sp-state-machine/std", + "sp-trie/std", + "trie-db/std", +] diff --git a/bridges/primitives/runtime/src/chain.rs b/bridges/primitives/runtime/src/chain.rs new file mode 100644 index 00000000000..94b3a193c58 --- /dev/null +++ b/bridges/primitives/runtime/src/chain.rs @@ -0,0 +1,375 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +use crate::HeaderIdProvider; +use codec::{Decode, Encode, MaxEncodedLen}; +use frame_support::{weights::Weight, Parameter}; +use num_traits::{AsPrimitive, Bounded, CheckedSub, Saturating, SaturatingAdd, Zero}; +use sp_runtime::{ + traits::{ + AtLeast32Bit, AtLeast32BitUnsigned, Hash as HashT, Header as HeaderT, MaybeDisplay, + MaybeSerialize, MaybeSerializeDeserialize, Member, SimpleBitOps, Verify, + }, + FixedPointOperand, +}; +use sp_std::{convert::TryFrom, fmt::Debug, hash::Hash, str::FromStr, vec, vec::Vec}; + +/// Chain call, that is either SCALE-encoded, or decoded. +#[derive(Debug, Clone, PartialEq)] +pub enum EncodedOrDecodedCall { + /// The call that is SCALE-encoded. + /// + /// This variant is used when we the chain runtime is not bundled with the relay, but + /// we still need the represent call in some RPC calls or transactions. + Encoded(Vec), + /// The decoded call. + Decoded(ChainCall), +} + +impl EncodedOrDecodedCall { + /// Returns decoded call. + pub fn to_decoded(&self) -> Result { + match self { + Self::Encoded(ref encoded_call) => + ChainCall::decode(&mut &encoded_call[..]).map_err(Into::into), + Self::Decoded(ref decoded_call) => Ok(decoded_call.clone()), + } + } + + /// Converts self to decoded call. + pub fn into_decoded(self) -> Result { + match self { + Self::Encoded(encoded_call) => + ChainCall::decode(&mut &encoded_call[..]).map_err(Into::into), + Self::Decoded(decoded_call) => Ok(decoded_call), + } + } +} + +impl From for EncodedOrDecodedCall { + fn from(call: ChainCall) -> EncodedOrDecodedCall { + EncodedOrDecodedCall::Decoded(call) + } +} + +impl Decode for EncodedOrDecodedCall { + fn decode(input: &mut I) -> Result { + // having encoded version is better than decoded, because decoding isn't required + // everywhere and for mocked calls it may lead to **unneeded** errors + match input.remaining_len()? { + Some(remaining_len) => { + let mut encoded_call = vec![0u8; remaining_len]; + input.read(&mut encoded_call)?; + Ok(EncodedOrDecodedCall::Encoded(encoded_call)) + }, + None => Ok(EncodedOrDecodedCall::Decoded(ChainCall::decode(input)?)), + } + } +} + +impl Encode for EncodedOrDecodedCall { + fn encode(&self) -> Vec { + match *self { + Self::Encoded(ref encoded_call) => encoded_call.clone(), + Self::Decoded(ref decoded_call) => decoded_call.encode(), + } + } +} + +/// Minimal Substrate-based chain representation that may be used from no_std environment. +pub trait Chain: Send + Sync + 'static { + /// A type that fulfills the abstract idea of what a Substrate block number is. + // Constraits come from the associated Number type of `sp_runtime::traits::Header` + // See here for more info: + // https://crates.parity.io/sp_runtime/traits/trait.Header.html#associatedtype.Number + // + // Note that the `AsPrimitive` trait is required by the GRANDPA justification + // verifier, and is not usually part of a Substrate Header's Number type. + type BlockNumber: Parameter + + Member + + MaybeSerializeDeserialize + + Hash + + Copy + + Default + + MaybeDisplay + + AtLeast32BitUnsigned + + FromStr + + AsPrimitive + + Default + + Saturating + + MaxEncodedLen; + + /// A type that fulfills the abstract idea of what a Substrate hash is. + // Constraits come from the associated Hash type of `sp_runtime::traits::Header` + // See here for more info: + // https://crates.parity.io/sp_runtime/traits/trait.Header.html#associatedtype.Hash + type Hash: Parameter + + Member + + MaybeSerializeDeserialize + + Hash + + Ord + + Copy + + MaybeDisplay + + Default + + SimpleBitOps + + AsRef<[u8]> + + AsMut<[u8]> + + MaxEncodedLen; + + /// A type that fulfills the abstract idea of what a Substrate hasher (a type + /// that produces hashes) is. + // Constraits come from the associated Hashing type of `sp_runtime::traits::Header` + // See here for more info: + // https://crates.parity.io/sp_runtime/traits/trait.Header.html#associatedtype.Hashing + type Hasher: HashT; + + /// A type that fulfills the abstract idea of what a Substrate header is. + // See here for more info: + // https://crates.parity.io/sp_runtime/traits/trait.Header.html + type Header: Parameter + + HeaderT + + HeaderIdProvider + + MaybeSerializeDeserialize; + + /// The user account identifier type for the runtime. + type AccountId: Parameter + + Member + + MaybeSerializeDeserialize + + Debug + + MaybeDisplay + + Ord + + MaxEncodedLen; + /// Balance of an account in native tokens. + /// + /// The chain may support multiple tokens, but this particular type is for token that is used + /// to pay for transaction dispatch, to reward different relayers (headers, messages), etc. + type Balance: AtLeast32BitUnsigned + + FixedPointOperand + + Parameter + + Member + + MaybeSerializeDeserialize + + Clone + + Copy + + Bounded + + CheckedSub + + PartialOrd + + SaturatingAdd + + Zero + + TryFrom + + MaxEncodedLen; + /// Index of a transaction used by the chain. + type Index: Parameter + + Member + + MaybeSerialize + + Debug + + Default + + MaybeDisplay + + MaybeSerializeDeserialize + + AtLeast32Bit + + Copy + + MaxEncodedLen; + /// Signature type, used on this chain. + type Signature: Parameter + Verify; + + /// Get the maximum size (in bytes) of a Normal extrinsic at this chain. + fn max_extrinsic_size() -> u32; + /// Get the maximum weight (compute time) that a Normal extrinsic at this chain can use. + fn max_extrinsic_weight() -> Weight; +} + +/// A trait that provides the type of the underlying chain. +pub trait UnderlyingChainProvider { + /// Underlying chain type. + type Chain: Chain; +} + +impl Chain for T +where + T: Send + Sync + 'static + UnderlyingChainProvider, +{ + type BlockNumber = ::BlockNumber; + type Hash = ::Hash; + type Hasher = ::Hasher; + type Header = ::Header; + type AccountId = ::AccountId; + type Balance = ::Balance; + type Index = ::Index; + type Signature = ::Signature; + + fn max_extrinsic_size() -> u32 { + ::max_extrinsic_size() + } + + fn max_extrinsic_weight() -> Weight { + ::max_extrinsic_weight() + } +} + +/// Minimal parachain representation that may be used from no_std environment. +pub trait Parachain: Chain { + /// Parachain identifier. + const PARACHAIN_ID: u32; +} + +impl Parachain for T +where + T: Chain + UnderlyingChainProvider, + ::Chain: Parachain, +{ + const PARACHAIN_ID: u32 = <::Chain as Parachain>::PARACHAIN_ID; +} + +/// Underlying chain type. +pub type UnderlyingChainOf = ::Chain; + +/// Block number used by the chain. +pub type BlockNumberOf = ::BlockNumber; + +/// Hash type used by the chain. +pub type HashOf = ::Hash; + +/// Hasher type used by the chain. +pub type HasherOf = ::Hasher; + +/// Header type used by the chain. +pub type HeaderOf = ::Header; + +/// Account id type used by the chain. +pub type AccountIdOf = ::AccountId; + +/// Balance type used by the chain. +pub type BalanceOf = ::Balance; + +/// Transaction index type used by the chain. +pub type IndexOf = ::Index; + +/// Signature type used by the chain. +pub type SignatureOf = ::Signature; + +/// Account public type used by the chain. +pub type AccountPublicOf = as Verify>::Signer; + +/// Transaction era used by the chain. +pub type TransactionEraOf = crate::TransactionEra, HashOf>; + +/// Convenience macro that declares bridge finality runtime apis and related constants for a chain. +/// This includes: +/// - chain-specific bridge runtime APIs: +/// - `FinalityApi` +/// - constants that are stringified names of runtime API methods: +/// - `BEST_FINALIZED__HEADER_METHOD` +/// The name of the chain has to be specified in snake case (e.g. `rialto_parachain`). +#[macro_export] +macro_rules! decl_bridge_finality_runtime_apis { + ($chain: ident) => { + bp_runtime::paste::item! { + mod [<$chain _finality_api>] { + use super::*; + + /// Name of the `FinalityApi::best_finalized` runtime method. + pub const []: &str = + stringify!([<$chain:camel FinalityApi_best_finalized>]); + + sp_api::decl_runtime_apis! { + /// API for querying information about the finalized chain headers. + /// + /// This API is implemented by runtimes that are receiving messages from this chain, not by this + /// chain's runtime itself. + pub trait [<$chain:camel FinalityApi>] { + /// Returns number and hash of the best finalized header known to the bridge module. + fn best_finalized() -> Option>; + } + } + } + + pub use [<$chain _finality_api>]::*; + } + }; +} + +/// Convenience macro that declares bridge messages runtime apis and related constants for a chain. +/// This includes: +/// - chain-specific bridge runtime APIs: +/// - `ToOutboundLaneApi` +/// - `FromInboundLaneApi` +/// - constants that are stringified names of runtime API methods: +/// - `FROM__MESSAGE_DETAILS_METHOD`, +/// The name of the chain has to be specified in snake case (e.g. `rialto_parachain`). +#[macro_export] +macro_rules! decl_bridge_messages_runtime_apis { + ($chain: ident) => { + bp_runtime::paste::item! { + mod [<$chain _messages_api>] { + use super::*; + + /// Name of the `ToOutboundLaneApi::message_details` runtime method. + pub const []: &str = + stringify!([]); + + /// Name of the `FromInboundLaneApi::message_details` runtime method. + pub const []: &str = + stringify!([]); + + sp_api::decl_runtime_apis! { + /// Outbound message lane API for messages that are sent to this chain. + /// + /// This API is implemented by runtimes that are receiving messages from this chain, not by this + /// chain's runtime itself. + pub trait [] { + /// Returns dispatch weight, encoded payload size and delivery+dispatch fee of all + /// messages in given inclusive range. + /// + /// If some (or all) messages are missing from the storage, they'll also will + /// be missing from the resulting vector. The vector is ordered by the nonce. + fn message_details( + lane: LaneId, + begin: MessageNonce, + end: MessageNonce, + ) -> Vec; + } + + /// Inbound message lane API for messages sent by this chain. + /// + /// This API is implemented by runtimes that are receiving messages from this chain, not by this + /// chain's runtime itself. + /// + /// Entries of the resulting vector are matching entries of the `messages` vector. Entries of the + /// `messages` vector may (and need to) be read using `ToOutboundLaneApi::message_details`. + pub trait [] { + /// Return details of given inbound messages. + fn message_details( + lane: LaneId, + messages: Vec<(MessagePayload, OutboundMessageDetails)>, + ) -> Vec; + } + } + } + + pub use [<$chain _messages_api>]::*; + } + }; +} + +/// Convenience macro that declares bridge finality runtime apis, bridge messages runtime apis +/// and related constants for a chain. +/// The name of the chain has to be specified in snake case (e.g. `rialto_parachain`). +#[macro_export] +macro_rules! decl_bridge_runtime_apis { + ($chain: ident) => { + bp_runtime::decl_bridge_finality_runtime_apis!($chain); + bp_runtime::decl_bridge_messages_runtime_apis!($chain); + }; +} diff --git a/bridges/primitives/runtime/src/extensions.rs b/bridges/primitives/runtime/src/extensions.rs new file mode 100644 index 00000000000..96ee9d1e6ec --- /dev/null +++ b/bridges/primitives/runtime/src/extensions.rs @@ -0,0 +1,144 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Primitives that may be used for creating signed extensions for indirect runtimes. + +use codec::{Compact, Decode, Encode}; +use impl_trait_for_tuples::impl_for_tuples; +use scale_info::{StaticTypeInfo, TypeInfo}; +use sp_runtime::{ + traits::{DispatchInfoOf, SignedExtension}, + transaction_validity::TransactionValidityError, +}; +use sp_std::{fmt::Debug, marker::PhantomData}; + +/// Trait that describes some properties of a `SignedExtension` that are needed in order to send a +/// transaction to the chain. +pub trait SignedExtensionSchema: Encode + Decode + Debug + Eq + Clone + StaticTypeInfo { + /// A type of the data encoded as part of the transaction. + type Payload: Encode + Decode + Debug + Eq + Clone + StaticTypeInfo; + /// Parameters which are part of the payload used to produce transaction signature, + /// but don't end up in the transaction itself (i.e. inherent part of the runtime). + type AdditionalSigned: Encode + Debug + Eq + Clone + StaticTypeInfo; +} + +// An implementation of `SignedExtensionSchema` using generic params. +#[derive(Encode, Decode, Clone, Debug, PartialEq, Eq, TypeInfo)] +pub struct GenericSignedExtensionSchema(PhantomData<(P, S)>); + +impl SignedExtensionSchema for GenericSignedExtensionSchema +where + P: Encode + Decode + Debug + Eq + Clone + StaticTypeInfo, + S: Encode + Debug + Eq + Clone + StaticTypeInfo, +{ + type Payload = P; + type AdditionalSigned = S; +} + +/// The `SignedExtensionSchema` for `frame_system::CheckNonZeroSender`. +pub type CheckNonZeroSender = GenericSignedExtensionSchema<(), ()>; + +/// The `SignedExtensionSchema` for `frame_system::CheckSpecVersion`. +pub type CheckSpecVersion = GenericSignedExtensionSchema<(), u32>; + +/// The `SignedExtensionSchema` for `frame_system::CheckTxVersion`. +pub type CheckTxVersion = GenericSignedExtensionSchema<(), u32>; + +/// The `SignedExtensionSchema` for `frame_system::CheckGenesis`. +pub type CheckGenesis = GenericSignedExtensionSchema<(), Hash>; + +/// The `SignedExtensionSchema` for `frame_system::CheckEra`. +pub type CheckEra = GenericSignedExtensionSchema; + +/// The `SignedExtensionSchema` for `frame_system::CheckNonce`. +pub type CheckNonce = GenericSignedExtensionSchema, ()>; + +/// The `SignedExtensionSchema` for `frame_system::CheckWeight`. +pub type CheckWeight = GenericSignedExtensionSchema<(), ()>; + +/// The `SignedExtensionSchema` for `pallet_transaction_payment::ChargeTransactionPayment`. +pub type ChargeTransactionPayment = GenericSignedExtensionSchema, ()>; + +/// The `SignedExtensionSchema` for `BridgeRejectObsoleteHeadersAndMessages`. +pub type BridgeRejectObsoleteHeadersAndMessages = GenericSignedExtensionSchema<(), ()>; + +/// The `SignedExtensionSchema` for `RefundBridgedParachainMessages`. +/// This schema is dedicated for `RefundBridgedParachainMessages` signed extension as +/// wildcard/placeholder, which relies on the scale encoding for `()` or `((), ())`, or `((), (), +/// ())` is the same. So runtime can contains any kind of tuple: +/// `(BridgeRefundBridgeHubRococoMessages)` +/// `(BridgeRefundBridgeHubRococoMessages, BridgeRefundBridgeHubWococoMessages)` +/// `(BridgeRefundParachainMessages1, ..., BridgeRefundParachainMessagesN)` +pub type RefundBridgedParachainMessagesSchema = GenericSignedExtensionSchema<(), ()>; + +#[impl_for_tuples(1, 12)] +impl SignedExtensionSchema for Tuple { + for_tuples!( type Payload = ( #( Tuple::Payload ),* ); ); + for_tuples!( type AdditionalSigned = ( #( Tuple::AdditionalSigned ),* ); ); +} + +/// A simplified version of signed extensions meant for producing signed transactions +/// and signed payloads in the client code. +#[derive(Encode, Decode, Debug, PartialEq, Eq, Clone, TypeInfo)] +pub struct GenericSignedExtension { + pub payload: S::Payload, + #[codec(skip)] + // It may be set to `None` if extensions are decoded. We are never reconstructing transactions + // (and it makes no sense to do that) => decoded version of `SignedExtensions` is only used to + // read fields of the `payload`. And when resigning transaction, we're reconstructing + // `SignedExtensions` from the scratch. + additional_signed: Option, +} + +impl GenericSignedExtension { + pub fn new(payload: S::Payload, additional_signed: Option) -> Self { + Self { payload, additional_signed } + } +} + +impl SignedExtension for GenericSignedExtension +where + S: SignedExtensionSchema, + S::Payload: Send + Sync, + S::AdditionalSigned: Send + Sync, +{ + const IDENTIFIER: &'static str = "Not needed."; + type AccountId = (); + type Call = (); + type AdditionalSigned = S::AdditionalSigned; + type Pre = (); + + fn additional_signed(&self) -> Result { + // we shall not ever see this error in relay, because we are never signing decoded + // transactions. Instead we're constructing and signing new transactions. So the error code + // is kinda random here + self.additional_signed.clone().ok_or( + frame_support::unsigned::TransactionValidityError::Unknown( + frame_support::unsigned::UnknownTransaction::Custom(0xFF), + ), + ) + } + + fn pre_dispatch( + self, + _who: &Self::AccountId, + _call: &Self::Call, + _info: &DispatchInfoOf, + _len: usize, + ) -> Result { + Ok(()) + } +} diff --git a/bridges/primitives/runtime/src/lib.rs b/bridges/primitives/runtime/src/lib.rs new file mode 100644 index 00000000000..df77745bc02 --- /dev/null +++ b/bridges/primitives/runtime/src/lib.rs @@ -0,0 +1,573 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Primitives that may be used at (bridges) runtime level. + +#![cfg_attr(not(feature = "std"), no_std)] + +use codec::{Decode, Encode, FullCodec, MaxEncodedLen}; +use frame_support::{ + log, pallet_prelude::DispatchResult, weights::Weight, PalletError, RuntimeDebug, StorageHasher, + StorageValue, +}; +use frame_system::RawOrigin; +use scale_info::TypeInfo; +use sp_core::storage::StorageKey; +use sp_runtime::traits::{BadOrigin, Header as HeaderT, UniqueSaturatedInto}; +use sp_std::{convert::TryFrom, fmt::Debug, ops::RangeInclusive, vec, vec::Vec}; + +pub use chain::{ + AccountIdOf, AccountPublicOf, BalanceOf, BlockNumberOf, Chain, EncodedOrDecodedCall, HashOf, + HasherOf, HeaderOf, IndexOf, Parachain, SignatureOf, TransactionEraOf, UnderlyingChainOf, + UnderlyingChainProvider, +}; +pub use frame_support::storage::storage_prefix as storage_value_final_key; +use num_traits::{CheckedAdd, CheckedSub, One}; +pub use storage_proof::{ + record_all_keys as record_all_trie_keys, Error as StorageProofError, + ProofSize as StorageProofSize, RawStorageProof, StorageProofChecker, +}; +pub use storage_types::BoundedStorageValue; + +#[cfg(feature = "std")] +pub use storage_proof::craft_valid_storage_proof; + +pub mod extensions; +pub mod messages; + +mod chain; +mod storage_proof; +mod storage_types; + +// Re-export macro to aviod include paste dependency everywhere +pub use sp_runtime::paste; + +/// Use this when something must be shared among all instances. +pub const NO_INSTANCE_ID: ChainId = [0, 0, 0, 0]; + +/// Rialto chain id. +pub const RIALTO_CHAIN_ID: ChainId = *b"rlto"; + +/// RialtoParachain chain id. +pub const RIALTO_PARACHAIN_CHAIN_ID: ChainId = *b"rlpa"; + +/// Millau chain id. +pub const MILLAU_CHAIN_ID: ChainId = *b"mlau"; + +/// Polkadot chain id. +pub const POLKADOT_CHAIN_ID: ChainId = *b"pdot"; + +/// Kusama chain id. +pub const KUSAMA_CHAIN_ID: ChainId = *b"ksma"; + +/// Westend chain id. +pub const WESTEND_CHAIN_ID: ChainId = *b"wend"; + +/// Westend chain id. +pub const WESTMINT_CHAIN_ID: ChainId = *b"wmnt"; + +/// Rococo chain id. +pub const ROCOCO_CHAIN_ID: ChainId = *b"roco"; + +/// Wococo chain id. +pub const WOCOCO_CHAIN_ID: ChainId = *b"woco"; + +/// BridgeHubRococo chain id. +pub const BRIDGE_HUB_ROCOCO_CHAIN_ID: ChainId = *b"bhro"; + +/// BridgeHubWococo chain id. +pub const BRIDGE_HUB_WOCOCO_CHAIN_ID: ChainId = *b"bhwo"; + +/// BridgeHubKusama chain id. +pub const BRIDGE_HUB_KUSAMA_CHAIN_ID: ChainId = *b"bhks"; + +/// BridgeHubPolkadot chain id. +pub const BRIDGE_HUB_POLKADOT_CHAIN_ID: ChainId = *b"bhwo"; + +/// Generic header Id. +#[derive( + RuntimeDebug, + Default, + Clone, + Encode, + Decode, + Copy, + Eq, + Hash, + MaxEncodedLen, + PartialEq, + PartialOrd, + Ord, + TypeInfo, +)] +pub struct HeaderId(pub Number, pub Hash); + +impl HeaderId { + /// Return header number. + pub fn number(&self) -> Number { + self.0 + } + + /// Return header hash. + pub fn hash(&self) -> Hash { + self.1 + } +} + +/// Header id used by the chain. +pub type HeaderIdOf = HeaderId, BlockNumberOf>; + +/// Generic header id provider. +pub trait HeaderIdProvider { + // Get the header id. + fn id(&self) -> HeaderId; + + // Get the header id for the parent block. + fn parent_id(&self) -> Option>; +} + +impl HeaderIdProvider
for Header { + fn id(&self) -> HeaderId { + HeaderId(*self.number(), self.hash()) + } + + fn parent_id(&self) -> Option> { + self.number() + .checked_sub(&One::one()) + .map(|parent_number| HeaderId(parent_number, *self.parent_hash())) + } +} + +/// Unique identifier of the chain. +/// +/// In addition to its main function (identifying the chain), this type may also be used to +/// identify module instance. We have a bunch of pallets that may be used in different bridges. E.g. +/// messages pallet may be deployed twice in the same runtime to bridge ThisChain with Chain1 and +/// Chain2. Sometimes we need to be able to identify deployed instance dynamically. This type may be +/// used for that. +pub type ChainId = [u8; 4]; + +/// Anything that has size. +pub trait Size { + /// Return size of this object (in bytes). + fn size(&self) -> u32; +} + +impl Size for () { + fn size(&self) -> u32 { + 0 + } +} + +impl Size for Vec { + fn size(&self) -> u32 { + self.len() as _ + } +} + +/// Pre-computed size. +pub struct PreComputedSize(pub usize); + +impl Size for PreComputedSize { + fn size(&self) -> u32 { + u32::try_from(self.0).unwrap_or(u32::MAX) + } +} + +/// Era of specific transaction. +#[derive(RuntimeDebug, Clone, Copy, PartialEq)] +pub enum TransactionEra { + /// Transaction is immortal. + Immortal, + /// Transaction is valid for a given number of blocks, starting from given block. + Mortal(HeaderId, u32), +} + +impl, BlockHash: Copy> + TransactionEra +{ + /// Prepare transaction era, based on mortality period and current best block number. + pub fn new( + best_block_id: HeaderId, + mortality_period: Option, + ) -> Self { + mortality_period + .map(|mortality_period| TransactionEra::Mortal(best_block_id, mortality_period)) + .unwrap_or(TransactionEra::Immortal) + } + + /// Create new immortal transaction era. + pub fn immortal() -> Self { + TransactionEra::Immortal + } + + /// Returns mortality period if transaction is mortal. + pub fn mortality_period(&self) -> Option { + match *self { + TransactionEra::Immortal => None, + TransactionEra::Mortal(_, period) => Some(period), + } + } + + /// Returns era that is used by FRAME-based runtimes. + pub fn frame_era(&self) -> sp_runtime::generic::Era { + match *self { + TransactionEra::Immortal => sp_runtime::generic::Era::immortal(), + // `unique_saturated_into` is fine here - mortality `u64::MAX` is not something we + // expect to see on any chain + TransactionEra::Mortal(header_id, period) => + sp_runtime::generic::Era::mortal(period as _, header_id.0.unique_saturated_into()), + } + } + + /// Returns header hash that needs to be included in the signature payload. + pub fn signed_payload(&self, genesis_hash: BlockHash) -> BlockHash { + match *self { + TransactionEra::Immortal => genesis_hash, + TransactionEra::Mortal(header_id, _) => header_id.1, + } + } +} + +/// This is a copy of the +/// `frame_support::storage::generator::StorageMap::storage_map_final_key` for maps based +/// on selected hasher. +/// +/// We're using it because to call `storage_map_final_key` directly, we need access to the runtime +/// and pallet instance, which (sometimes) is impossible. +pub fn storage_map_final_key( + pallet_prefix: &str, + map_name: &str, + key: &[u8], +) -> StorageKey { + let key_hashed = H::hash(key); + let pallet_prefix_hashed = frame_support::Twox128::hash(pallet_prefix.as_bytes()); + let storage_prefix_hashed = frame_support::Twox128::hash(map_name.as_bytes()); + + let mut final_key = Vec::with_capacity( + pallet_prefix_hashed.len() + storage_prefix_hashed.len() + key_hashed.as_ref().len(), + ); + + final_key.extend_from_slice(&pallet_prefix_hashed[..]); + final_key.extend_from_slice(&storage_prefix_hashed[..]); + final_key.extend_from_slice(key_hashed.as_ref()); + + StorageKey(final_key) +} + +/// This is how a storage key of storage parameter (`parameter_types! { storage Param: bool = false; +/// }`) is computed. +/// +/// Copied from `frame_support::parameter_types` macro. +pub fn storage_parameter_key(parameter_name: &str) -> StorageKey { + let mut buffer = Vec::with_capacity(1 + parameter_name.len() + 1); + buffer.push(b':'); + buffer.extend_from_slice(parameter_name.as_bytes()); + buffer.push(b':'); + StorageKey(sp_io::hashing::twox_128(&buffer).to_vec()) +} + +/// This is how a storage key of storage value is computed. +/// +/// Copied from `frame_support::storage::storage_prefix`. +pub fn storage_value_key(pallet_prefix: &str, value_name: &str) -> StorageKey { + let pallet_hash = sp_io::hashing::twox_128(pallet_prefix.as_bytes()); + let storage_hash = sp_io::hashing::twox_128(value_name.as_bytes()); + + let mut final_key = vec![0u8; 32]; + final_key[..16].copy_from_slice(&pallet_hash); + final_key[16..].copy_from_slice(&storage_hash); + + StorageKey(final_key) +} + +/// Can be use to access the runtime storage key of a `StorageMap`. +pub trait StorageMapKeyProvider { + /// The name of the variable that holds the `StorageMap`. + const MAP_NAME: &'static str; + + /// The same as `StorageMap::Hasher1`. + type Hasher: StorageHasher; + /// The same as `StorageMap::Key1`. + type Key: FullCodec; + /// The same as `StorageMap::Value`. + type Value: FullCodec; + + /// This is a copy of the + /// `frame_support::storage::generator::StorageMap::storage_map_final_key`. + /// + /// We're using it because to call `storage_map_final_key` directly, we need access + /// to the runtime and pallet instance, which (sometimes) is impossible. + fn final_key(pallet_prefix: &str, key: &Self::Key) -> StorageKey { + storage_map_final_key::(pallet_prefix, Self::MAP_NAME, &key.encode()) + } +} + +/// Can be use to access the runtime storage key of a `StorageDoubleMap`. +pub trait StorageDoubleMapKeyProvider { + /// The name of the variable that holds the `StorageDoubleMap`. + const MAP_NAME: &'static str; + + /// The same as `StorageDoubleMap::Hasher1`. + type Hasher1: StorageHasher; + /// The same as `StorageDoubleMap::Key1`. + type Key1: FullCodec; + /// The same as `StorageDoubleMap::Hasher2`. + type Hasher2: StorageHasher; + /// The same as `StorageDoubleMap::Key2`. + type Key2: FullCodec; + /// The same as `StorageDoubleMap::Value`. + type Value: FullCodec; + + /// This is a copy of the + /// `frame_support::storage::generator::StorageDoubleMap::storage_double_map_final_key`. + /// + /// We're using it because to call `storage_double_map_final_key` directly, we need access + /// to the runtime and pallet instance, which (sometimes) is impossible. + fn final_key(pallet_prefix: &str, key1: &Self::Key1, key2: &Self::Key2) -> StorageKey { + let key1_hashed = Self::Hasher1::hash(&key1.encode()); + let key2_hashed = Self::Hasher2::hash(&key2.encode()); + let pallet_prefix_hashed = frame_support::Twox128::hash(pallet_prefix.as_bytes()); + let storage_prefix_hashed = frame_support::Twox128::hash(Self::MAP_NAME.as_bytes()); + + let mut final_key = Vec::with_capacity( + pallet_prefix_hashed.len() + + storage_prefix_hashed.len() + + key1_hashed.as_ref().len() + + key2_hashed.as_ref().len(), + ); + + final_key.extend_from_slice(&pallet_prefix_hashed[..]); + final_key.extend_from_slice(&storage_prefix_hashed[..]); + final_key.extend_from_slice(key1_hashed.as_ref()); + final_key.extend_from_slice(key2_hashed.as_ref()); + + StorageKey(final_key) + } +} + +/// Error generated by the `OwnedBridgeModule` trait. +#[derive(Encode, Decode, TypeInfo, PalletError)] +pub enum OwnedBridgeModuleError { + /// All pallet operations are halted. + Halted, +} + +/// Operating mode for a bridge module. +pub trait OperatingMode: Send + Copy + Debug + FullCodec { + // Returns true if the bridge module is halted. + fn is_halted(&self) -> bool; +} + +/// Basic operating modes for a bridges module (Normal/Halted). +#[derive(Encode, Decode, Clone, Copy, PartialEq, Eq, RuntimeDebug, TypeInfo, MaxEncodedLen)] +#[cfg_attr(feature = "std", derive(serde::Serialize, serde::Deserialize))] +pub enum BasicOperatingMode { + /// Normal mode, when all operations are allowed. + Normal, + /// The pallet is halted. All operations (except operating mode change) are prohibited. + Halted, +} + +impl Default for BasicOperatingMode { + fn default() -> Self { + Self::Normal + } +} + +impl OperatingMode for BasicOperatingMode { + fn is_halted(&self) -> bool { + *self == BasicOperatingMode::Halted + } +} + +/// Bridge module that has owner and operating mode +pub trait OwnedBridgeModule { + /// The target that will be used when publishing logs related to this module. + const LOG_TARGET: &'static str; + + type OwnerStorage: StorageValue>; + type OperatingMode: OperatingMode; + type OperatingModeStorage: StorageValue; + + /// Check if the module is halted. + fn is_halted() -> bool { + Self::OperatingModeStorage::get().is_halted() + } + + /// Ensure that the origin is either root, or `PalletOwner`. + fn ensure_owner_or_root(origin: T::RuntimeOrigin) -> Result<(), BadOrigin> { + match origin.into() { + Ok(RawOrigin::Root) => Ok(()), + Ok(RawOrigin::Signed(ref signer)) + if Self::OwnerStorage::get().as_ref() == Some(signer) => + Ok(()), + _ => Err(BadOrigin), + } + } + + /// Ensure that the module is not halted. + fn ensure_not_halted() -> Result<(), OwnedBridgeModuleError> { + match Self::is_halted() { + true => Err(OwnedBridgeModuleError::Halted), + false => Ok(()), + } + } + + /// Change the owner of the module. + fn set_owner(origin: T::RuntimeOrigin, maybe_owner: Option) -> DispatchResult { + Self::ensure_owner_or_root(origin)?; + match maybe_owner { + Some(owner) => { + Self::OwnerStorage::put(&owner); + log::info!(target: Self::LOG_TARGET, "Setting pallet Owner to: {:?}", owner); + }, + None => { + Self::OwnerStorage::kill(); + log::info!(target: Self::LOG_TARGET, "Removed Owner of pallet."); + }, + } + + Ok(()) + } + + /// Halt or resume all/some module operations. + fn set_operating_mode( + origin: T::RuntimeOrigin, + operating_mode: Self::OperatingMode, + ) -> DispatchResult { + Self::ensure_owner_or_root(origin)?; + Self::OperatingModeStorage::put(operating_mode); + log::info!(target: Self::LOG_TARGET, "Setting operating mode to {:?}.", operating_mode); + Ok(()) + } +} + +/// All extra operations with weights that we need in bridges. +pub trait WeightExtraOps { + /// Checked division of individual components of two weights. + /// + /// Divides components and returns minimal division result. Returns `None` if one + /// of `other` weight components is zero. + fn min_components_checked_div(&self, other: Weight) -> Option; +} + +impl WeightExtraOps for Weight { + fn min_components_checked_div(&self, other: Weight) -> Option { + Some(sp_std::cmp::min( + self.ref_time().checked_div(other.ref_time())?, + self.proof_size().checked_div(other.proof_size())?, + )) + } +} + +/// Trait that provides a static `str`. +pub trait StaticStrProvider { + const STR: &'static str; +} + +#[macro_export] +macro_rules! generate_static_str_provider { + ($str:expr) => { + $crate::paste::item! { + pub struct []; + + impl $crate::StaticStrProvider for [] { + const STR: &'static str = stringify!($str); + } + } + }; +} + +#[derive(Encode, Decode, Clone, Eq, PartialEq, PalletError, TypeInfo)] +#[scale_info(skip_type_params(T))] +pub struct StrippableError { + _phantom_data: sp_std::marker::PhantomData, + #[codec(skip)] + #[cfg(feature = "std")] + message: String, +} + +impl From for StrippableError { + fn from(_err: T) -> Self { + Self { + _phantom_data: Default::default(), + #[cfg(feature = "std")] + message: format!("{:?}", _err), + } + } +} + +impl Debug for StrippableError { + #[cfg(feature = "std")] + fn fmt(&self, f: &mut sp_std::fmt::Formatter<'_>) -> sp_std::fmt::Result { + f.write_str(&self.message) + } + + #[cfg(not(feature = "std"))] + fn fmt(&self, f: &mut sp_std::fmt::Formatter<'_>) -> sp_std::fmt::Result { + f.write_str("Stripped error") + } +} + +/// A trait defining helper methods for `RangeInclusive` (start..=end) +pub trait RangeInclusiveExt { + /// Computes the length of the `RangeInclusive`, checking for underflow and overflow. + fn checked_len(&self) -> Option; +} + +impl RangeInclusiveExt for RangeInclusive +where + Idx: CheckedSub + CheckedAdd + One, +{ + fn checked_len(&self) -> Option { + self.end() + .checked_sub(self.start()) + .and_then(|len| len.checked_add(&Idx::one())) + } +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn storage_parameter_key_works() { + assert_eq!( + storage_parameter_key("MillauToRialtoConversionRate"), + StorageKey(hex_literal::hex!("58942375551bb0af1682f72786b59d04").to_vec()), + ); + } + + #[test] + fn storage_value_key_works() { + assert_eq!( + storage_value_key("PalletTransactionPayment", "NextFeeMultiplier"), + StorageKey( + hex_literal::hex!( + "f0e954dfcca51a255ab12c60c789256a3f2edf3bdf381debe331ab7446addfdc" + ) + .to_vec() + ), + ); + } + + #[test] + fn generate_static_str_provider_works() { + generate_static_str_provider!(Test); + assert_eq!(StrTest::STR, "Test"); + } +} diff --git a/bridges/primitives/runtime/src/messages.rs b/bridges/primitives/runtime/src/messages.rs new file mode 100644 index 00000000000..9f7c8ab5ca4 --- /dev/null +++ b/bridges/primitives/runtime/src/messages.rs @@ -0,0 +1,35 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Primitives that may be used by different message delivery and dispatch mechanisms. + +use codec::{Decode, Encode}; +use frame_support::{weights::Weight, RuntimeDebug}; +use scale_info::TypeInfo; + +/// Message dispatch result. +#[derive(Encode, Decode, RuntimeDebug, Clone, PartialEq, Eq, TypeInfo)] +pub struct MessageDispatchResult { + /// Unspent dispatch weight. This weight that will be deducted from total delivery transaction + /// weight, thus reducing the transaction cost. This shall not be zero in (at least) two cases: + /// + /// 1) if message has been dispatched successfully, but post-dispatch weight is less than + /// the weight, declared by the message sender; + /// 2) if message has not been dispatched at all. + pub unspent_weight: Weight, + /// Fine-grained result of single message dispatch (for better diagnostic purposes) + pub dispatch_level_result: DispatchLevelResult, +} diff --git a/bridges/primitives/runtime/src/storage_proof.rs b/bridges/primitives/runtime/src/storage_proof.rs new file mode 100644 index 00000000000..09641376666 --- /dev/null +++ b/bridges/primitives/runtime/src/storage_proof.rs @@ -0,0 +1,272 @@ +// Copyright 2019-2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Logic for checking Substrate storage proofs. + +use crate::StrippableError; +use codec::{Decode, Encode}; +use frame_support::PalletError; +use hash_db::{HashDB, Hasher, EMPTY_PREFIX}; +use scale_info::TypeInfo; +use sp_std::{boxed::Box, collections::btree_set::BTreeSet, vec::Vec}; +use sp_trie::{ + read_trie_value, LayoutV1, MemoryDB, Recorder, StorageProof, Trie, TrieConfiguration, + TrieDBBuilder, TrieError, TrieHash, +}; + +/// Raw storage proof type (just raw trie nodes). +pub type RawStorageProof = Vec>; + +/// Storage proof size requirements. +/// +/// This is currently used by benchmarks when generating storage proofs. +#[derive(Clone, Copy, Debug)] +pub enum ProofSize { + /// The proof is expected to be minimal. If value size may be changed, then it is expected to + /// have given size. + Minimal(u32), + /// The proof is expected to have at least given size and grow by increasing value that is + /// stored in the trie. + HasLargeLeaf(u32), +} + +/// This struct is used to read storage values from a subset of a Merklized database. The "proof" +/// is a subset of the nodes in the Merkle structure of the database, so that it provides +/// authentication against a known Merkle root as well as the values in the +/// database themselves. +pub struct StorageProofChecker +where + H: Hasher, +{ + proof_nodes_count: usize, + root: H::Out, + db: MemoryDB, + recorder: Recorder>, +} + +impl StorageProofChecker +where + H: Hasher, +{ + /// Constructs a new storage proof checker. + /// + /// This returns an error if the given proof is invalid with respect to the given root. + pub fn new(root: H::Out, proof: RawStorageProof) -> Result { + // 1. we don't want extra items in the storage proof + // 2. `StorageProof` is storing all trie nodes in the `BTreeSet` + // + // => someone could simply add duplicate items to the proof and we won't be + // able to detect that by just using `StorageProof` + // + // => let's check it when we are converting our "raw proof" into `StorageProof` + let proof_nodes_count = proof.len(); + let proof = StorageProof::new(proof); + if proof_nodes_count != proof.iter_nodes().count() { + return Err(Error::DuplicateNodesInProof) + } + + let db = proof.into_memory_db(); + if !db.contains(&root, EMPTY_PREFIX) { + return Err(Error::StorageRootMismatch) + } + + let recorder = Recorder::default(); + let checker = StorageProofChecker { proof_nodes_count, root, db, recorder }; + Ok(checker) + } + + /// Returns error if the proof has some nodes that are left intact by previous `read_value` + /// calls. + pub fn ensure_no_unused_nodes(mut self) -> Result<(), Error> { + let visited_nodes = self + .recorder + .drain() + .into_iter() + .map(|record| record.data) + .collect::>(); + let visited_nodes_count = visited_nodes.len(); + if self.proof_nodes_count == visited_nodes_count { + Ok(()) + } else { + Err(Error::UnusedNodesInTheProof) + } + } + + /// Reads a value from the available subset of storage. If the value cannot be read due to an + /// incomplete or otherwise invalid proof, this function returns an error. + pub fn read_value(&mut self, key: &[u8]) -> Result>, Error> { + // LayoutV1 or LayoutV0 is identical for proof that only read values. + read_trie_value::, _>(&self.db, &self.root, key, Some(&mut self.recorder), None) + .map_err(|_| Error::StorageValueUnavailable) + } + + /// Reads and decodes a value from the available subset of storage. If the value cannot be read + /// due to an incomplete or otherwise invalid proof, this function returns an error. If value is + /// read, but decoding fails, this function returns an error. + pub fn read_and_decode_value(&mut self, key: &[u8]) -> Result, Error> { + self.read_value(key).and_then(|v| { + v.map(|v| T::decode(&mut &v[..]).map_err(|e| Error::StorageValueDecodeFailed(e.into()))) + .transpose() + }) + } + + /// Reads and decodes a value from the available subset of storage. If the value cannot be read + /// due to an incomplete or otherwise invalid proof, or if the value is `None`, this function + /// returns an error. If value is read, but decoding fails, this function returns an error. + pub fn read_and_decode_mandatory_value(&mut self, key: &[u8]) -> Result { + self.read_and_decode_value(key)?.ok_or(Error::StorageValueEmpty) + } + + /// Reads and decodes a value from the available subset of storage. If the value cannot be read + /// due to an incomplete or otherwise invalid proof, this function returns `Ok(None)`. + /// If value is read, but decoding fails, this function returns an error. + pub fn read_and_decode_opt_value(&mut self, key: &[u8]) -> Result, Error> { + match self.read_and_decode_value(key) { + Ok(outbound_lane_data) => Ok(outbound_lane_data), + Err(Error::StorageValueUnavailable) => Ok(None), + Err(e) => Err(e), + } + } +} + +/// Storage proof related errors. +#[derive(Encode, Decode, Clone, Eq, PartialEq, PalletError, Debug, TypeInfo)] +pub enum Error { + /// Duplicate trie nodes are found in the proof. + DuplicateNodesInProof, + /// Unused trie nodes are found in the proof. + UnusedNodesInTheProof, + /// Expected storage root is missing from the proof. + StorageRootMismatch, + /// Unable to reach expected storage value using provided trie nodes. + StorageValueUnavailable, + /// The storage value is `None`. + StorageValueEmpty, + /// Failed to decode storage value. + StorageValueDecodeFailed(StrippableError), +} + +/// Return valid storage proof and state root. +/// +/// NOTE: This should only be used for **testing**. +#[cfg(feature = "std")] +pub fn craft_valid_storage_proof() -> (sp_core::H256, RawStorageProof) { + use sp_state_machine::{backend::Backend, prove_read, InMemoryBackend}; + + let state_version = sp_runtime::StateVersion::default(); + + // construct storage proof + let backend = >::from(( + vec![ + (None, vec![(b"key1".to_vec(), Some(b"value1".to_vec()))]), + (None, vec![(b"key2".to_vec(), Some(b"value2".to_vec()))]), + (None, vec![(b"key3".to_vec(), Some(b"value3".to_vec()))]), + (None, vec![(b"key4".to_vec(), Some((42u64, 42u32, 42u16, 42u8).encode()))]), + // Value is too big to fit in a branch node + (None, vec![(b"key11".to_vec(), Some(vec![0u8; 32]))]), + ], + state_version, + )); + let root = backend.storage_root(std::iter::empty(), state_version).0; + let proof = + prove_read(backend, &[&b"key1"[..], &b"key2"[..], &b"key4"[..], &b"key22"[..]]).unwrap(); + + (root, proof.into_nodes().into_iter().collect()) +} + +/// Record all keys for a given root. +pub fn record_all_keys( + db: &DB, + root: &TrieHash, +) -> Result>> +where + DB: hash_db::HashDBRef, +{ + let mut recorder = Recorder::::new(); + let trie = TrieDBBuilder::::new(db, root).with_recorder(&mut recorder).build(); + for x in trie.iter()? { + let (key, _) = x?; + trie.get(&key)?; + } + + // recorder may record the same trie node multiple times and we don't want duplicate nodes + // in our proofs => let's deduplicate it by collecting to the BTreeSet first + Ok(recorder + .drain() + .into_iter() + .map(|n| n.data.to_vec()) + .collect::>() + .into_iter() + .collect()) +} + +#[cfg(test)] +pub mod tests { + use super::*; + use codec::Encode; + + #[test] + fn storage_proof_check() { + let (root, proof) = craft_valid_storage_proof(); + + // check proof in runtime + let mut checker = + >::new(root, proof.clone()).unwrap(); + assert_eq!(checker.read_value(b"key1"), Ok(Some(b"value1".to_vec()))); + assert_eq!(checker.read_value(b"key2"), Ok(Some(b"value2".to_vec()))); + assert_eq!(checker.read_value(b"key4"), Ok(Some((42u64, 42u32, 42u16, 42u8).encode()))); + assert_eq!(checker.read_value(b"key11111"), Err(Error::StorageValueUnavailable)); + assert_eq!(checker.read_value(b"key22"), Ok(None)); + assert_eq!(checker.read_and_decode_value(b"key4"), Ok(Some((42u64, 42u32, 42u16, 42u8))),); + assert!(matches!( + checker.read_and_decode_value::<[u8; 64]>(b"key4"), + Err(Error::StorageValueDecodeFailed(_)), + )); + + // checking proof against invalid commitment fails + assert_eq!( + >::new(sp_core::H256::random(), proof).err(), + Some(Error::StorageRootMismatch) + ); + } + + #[test] + fn proof_with_duplicate_items_is_rejected() { + let (root, mut proof) = craft_valid_storage_proof(); + proof.push(proof.first().unwrap().clone()); + + assert_eq!( + StorageProofChecker::::new(root, proof).map(drop), + Err(Error::DuplicateNodesInProof), + ); + } + + #[test] + fn proof_with_unused_items_is_rejected() { + let (root, proof) = craft_valid_storage_proof(); + + let mut checker = + StorageProofChecker::::new(root, proof.clone()).unwrap(); + checker.read_value(b"key1").unwrap(); + checker.read_value(b"key2").unwrap(); + checker.read_value(b"key4").unwrap(); + checker.read_value(b"key22").unwrap(); + assert_eq!(checker.ensure_no_unused_nodes(), Ok(())); + + let checker = StorageProofChecker::::new(root, proof).unwrap(); + assert_eq!(checker.ensure_no_unused_nodes(), Err(Error::UnusedNodesInTheProof)); + } +} diff --git a/bridges/primitives/runtime/src/storage_types.rs b/bridges/primitives/runtime/src/storage_types.rs new file mode 100644 index 00000000000..b37f779d00b --- /dev/null +++ b/bridges/primitives/runtime/src/storage_types.rs @@ -0,0 +1,90 @@ +// Copyright 2022 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Wrapper for a runtime storage value that checks if value exceeds given maximum +//! during conversion. + +use codec::{Decode, Encode, MaxEncodedLen}; +use frame_support::{traits::Get, RuntimeDebug}; +use scale_info::{Type, TypeInfo}; +use sp_std::{marker::PhantomData, ops::Deref}; + +/// Error that is returned when the value size exceeds maximal configured size. +#[derive(RuntimeDebug)] +pub struct MaximalSizeExceededError { + /// Size of the value. + pub value_size: usize, + /// Maximal configured size. + pub maximal_size: usize, +} + +/// A bounded runtime storage value. +#[derive(Clone, Decode, Encode, Eq, PartialEq)] +pub struct BoundedStorageValue { + value: V, + _phantom: PhantomData, +} + +impl sp_std::fmt::Debug for BoundedStorageValue { + fn fmt(&self, fmt: &mut sp_std::fmt::Formatter) -> sp_std::fmt::Result { + self.value.fmt(fmt) + } +} + +impl, V: Encode> BoundedStorageValue { + /// Construct `BoundedStorageValue` from the underlying `value` with all required checks. + /// + /// Returns error if value size exceeds given bounds. + pub fn try_from_inner(value: V) -> Result { + // this conversion is heavy (since we do encoding here), so we may want to optimize it later + // (e.g. by introducing custom Encode implementation, and turning `BoundedStorageValue` into + // `enum BoundedStorageValue { Decoded(V), Encoded(Vec) }`) + let value_size = value.encoded_size(); + let maximal_size = B::get() as usize; + if value_size > maximal_size { + Err(MaximalSizeExceededError { value_size, maximal_size }) + } else { + Ok(BoundedStorageValue { value, _phantom: Default::default() }) + } + } + + /// Convert into the inner type + pub fn into_inner(self) -> V { + self.value + } +} + +impl Deref for BoundedStorageValue { + type Target = V; + + fn deref(&self) -> &Self::Target { + &self.value + } +} + +impl TypeInfo for BoundedStorageValue { + type Identity = Self; + + fn type_info() -> Type { + V::type_info() + } +} + +impl, V: Encode> MaxEncodedLen for BoundedStorageValue { + fn max_encoded_len() -> usize { + B::get() as usize + } +} diff --git a/bridges/primitives/test-utils/Cargo.toml b/bridges/primitives/test-utils/Cargo.toml new file mode 100644 index 00000000000..5ed835857d1 --- /dev/null +++ b/bridges/primitives/test-utils/Cargo.toml @@ -0,0 +1,29 @@ +[package] +name = "bp-test-utils" +version = "0.1.0" +authors = ["Parity Technologies "] +edition = "2021" +license = "GPL-3.0-or-later WITH Classpath-exception-2.0" + +[dependencies] +bp-header-chain = { path = "../header-chain", default-features = false } +codec = { package = "parity-scale-codec", version = "3.1.5", default-features = false } +ed25519-dalek = { version = "1.0", default-features = false, features = ["u64_backend"] } +finality-grandpa = { version = "0.16.2", default-features = false } +sp-application-crypto = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-consensus-grandpa = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-runtime = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } +sp-std = { git = "https://github.com/paritytech/substrate", branch = "master", default-features = false } + +[features] +default = ["std"] +std = [ + "bp-header-chain/std", + "codec/std", + "ed25519-dalek/std", + "finality-grandpa/std", + "sp-application-crypto/std", + "sp-consensus-grandpa/std", + "sp-runtime/std", + "sp-std/std", +] diff --git a/bridges/primitives/test-utils/src/keyring.rs b/bridges/primitives/test-utils/src/keyring.rs new file mode 100644 index 00000000000..b1782109668 --- /dev/null +++ b/bridges/primitives/test-utils/src/keyring.rs @@ -0,0 +1,94 @@ +// Copyright 2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Utilities for working with test accounts. + +use codec::Encode; +use ed25519_dalek::{Keypair, PublicKey, SecretKey, Signature}; +use finality_grandpa::voter_set::VoterSet; +use sp_consensus_grandpa::{AuthorityId, AuthorityList, AuthorityWeight}; +use sp_runtime::RuntimeDebug; +use sp_std::prelude::*; + +/// Set of test accounts with friendly names. +pub const ALICE: Account = Account(0); +pub const BOB: Account = Account(1); +pub const CHARLIE: Account = Account(2); +pub const DAVE: Account = Account(3); +pub const EVE: Account = Account(4); +pub const FERDIE: Account = Account(5); + +/// A test account which can be used to sign messages. +#[derive(RuntimeDebug, Clone, Copy)] +pub struct Account(pub u16); + +impl Account { + pub fn public(&self) -> PublicKey { + (&self.secret()).into() + } + + pub fn secret(&self) -> SecretKey { + let data = self.0.encode(); + let mut bytes = [0_u8; 32]; + bytes[0..data.len()].copy_from_slice(&data); + SecretKey::from_bytes(&bytes) + .expect("A static array of the correct length is a known good.") + } + + pub fn pair(&self) -> Keypair { + let mut pair: [u8; 64] = [0; 64]; + + let secret = self.secret(); + pair[..32].copy_from_slice(&secret.to_bytes()); + + let public = self.public(); + pair[32..].copy_from_slice(&public.to_bytes()); + + Keypair::from_bytes(&pair) + .expect("We expect the SecretKey to be good, so this must also be good.") + } + + pub fn sign(&self, msg: &[u8]) -> Signature { + use ed25519_dalek::Signer; + self.pair().sign(msg) + } +} + +impl From for AuthorityId { + fn from(p: Account) -> Self { + sp_application_crypto::UncheckedFrom::unchecked_from(p.public().to_bytes()) + } +} + +/// Get a valid set of voters for a Grandpa round. +pub fn voter_set() -> VoterSet { + VoterSet::new(authority_list()).unwrap() +} + +/// Convenience function to get a list of Grandpa authorities. +pub fn authority_list() -> AuthorityList { + test_keyring().iter().map(|(id, w)| (AuthorityId::from(*id), *w)).collect() +} + +/// Get the corresponding identities from the keyring for the "standard" authority set. +pub fn test_keyring() -> Vec<(Account, AuthorityWeight)> { + vec![(ALICE, 1), (BOB, 1), (CHARLIE, 1)] +} + +/// Get a list of "unique" accounts. +pub fn accounts(len: u16) -> Vec { + (0..len).map(Account).collect() +} diff --git a/bridges/primitives/test-utils/src/lib.rs b/bridges/primitives/test-utils/src/lib.rs new file mode 100644 index 00000000000..6bb4adbf450 --- /dev/null +++ b/bridges/primitives/test-utils/src/lib.rs @@ -0,0 +1,302 @@ +// Copyright 2021 Parity Technologies (UK) Ltd. +// This file is part of Parity Bridges Common. + +// Parity Bridges Common is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. + +// Parity Bridges Common is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. + +// You should have received a copy of the GNU General Public License +// along with Parity Bridges Common. If not, see . + +//! Utilities for testing runtime code. + +#![cfg_attr(not(feature = "std"), no_std)] + +use bp_header_chain::justification::{required_justification_precommits, GrandpaJustification}; +use codec::Encode; +use sp_consensus_grandpa::{AuthorityId, AuthoritySignature, AuthorityWeight, SetId}; +use sp_runtime::traits::{Header as HeaderT, One, Zero}; +use sp_std::prelude::*; + +// Re-export all our test account utilities +pub use keyring::*; + +mod keyring; + +pub const TEST_GRANDPA_ROUND: u64 = 1; +pub const TEST_GRANDPA_SET_ID: SetId = 1; + +/// Configuration parameters when generating test GRANDPA justifications. +#[derive(Clone)] +pub struct JustificationGeneratorParams { + /// The header which we want to finalize. + pub header: H, + /// The GRANDPA round number for the current authority set. + pub round: u64, + /// The current authority set ID. + pub set_id: SetId, + /// The current GRANDPA authority set. + /// + /// The size of the set will determine the number of pre-commits in our justification. + pub authorities: Vec<(Account, AuthorityWeight)>, + /// The total number of precommit ancestors in the `votes_ancestries` field our justification. + /// + /// These may be distributed among many forks. + pub ancestors: u32, + /// The number of forks. + /// + /// Useful for creating a "worst-case" scenario in which each authority is on its own fork. + pub forks: u32, +} + +impl Default for JustificationGeneratorParams { + fn default() -> Self { + let required_signatures = required_justification_precommits(test_keyring().len() as _); + Self { + header: test_header(One::one()), + round: TEST_GRANDPA_ROUND, + set_id: TEST_GRANDPA_SET_ID, + authorities: test_keyring().into_iter().take(required_signatures as _).collect(), + ancestors: 2, + forks: 1, + } + } +} + +/// Make a valid GRANDPA justification with sensible defaults +pub fn make_default_justification(header: &H) -> GrandpaJustification { + let params = JustificationGeneratorParams:: { header: header.clone(), ..Default::default() }; + + make_justification_for_header(params) +} + +/// Generate justifications in a way where we are able to tune the number of pre-commits +/// and vote ancestries which are included in the justification. +/// +/// This is useful for benchmarkings where we want to generate valid justifications with +/// a specific number of pre-commits (tuned with the number of "authorities") and/or a specific +/// number of vote ancestries (tuned with the "votes" parameter). +/// +/// Note: This needs at least three authorities or else the verifier will complain about +/// being given an invalid commit. +pub fn make_justification_for_header( + params: JustificationGeneratorParams, +) -> GrandpaJustification { + let JustificationGeneratorParams { header, round, set_id, authorities, mut ancestors, forks } = + params; + let (target_hash, target_number) = (header.hash(), *header.number()); + let mut votes_ancestries = vec![]; + let mut precommits = vec![]; + + assert!(forks != 0, "Need at least one fork to have a chain.."); + assert!( + forks as usize <= authorities.len(), + "If we have more forks than authorities we can't create valid pre-commits for all the forks." + ); + + // Roughly, how many vote ancestries do we want per fork + let target_depth = (ancestors + forks - 1) / forks; + + let mut unsigned_precommits = vec![]; + for i in 0..forks { + let depth = if ancestors >= target_depth { + ancestors -= target_depth; + target_depth + } else { + ancestors + }; + + // Note: Adding 1 to account for the target header + let chain = generate_chain(i, depth + 1, &header); + + // We don't include our finality target header in the vote ancestries + for child in &chain[1..] { + votes_ancestries.push(child.clone()); + } + + // The header we need to use when pre-commiting is the one at the highest height + // on our chain. + let precommit_candidate = chain.last().map(|h| (h.hash(), *h.number())).unwrap(); + unsigned_precommits.push(precommit_candidate); + } + + for (i, (id, _weight)) in authorities.iter().enumerate() { + // Assign authorities to sign pre-commits in a round-robin fashion + let target = unsigned_precommits[i % forks as usize]; + let precommit = signed_precommit::(id, target, round, set_id); + + precommits.push(precommit); + } + + GrandpaJustification { + round, + commit: finality_grandpa::Commit { target_hash, target_number, precommits }, + votes_ancestries, + } +} + +fn generate_chain(fork_id: u32, depth: u32, ancestor: &H) -> Vec { + let mut headers = vec![ancestor.clone()]; + + for i in 1..depth { + let parent = &headers[(i - 1) as usize]; + let (hash, num) = (parent.hash(), *parent.number()); + + let mut header = test_header::(num + One::one()); + header.set_parent_hash(hash); + + // Modifying the digest so headers at the same height but in different forks have different + // hashes + header.digest_mut().logs.push(sp_runtime::DigestItem::Other(fork_id.encode())); + + headers.push(header); + } + + headers +} + +/// Create signed precommit with given target. +pub fn signed_precommit( + signer: &Account, + target: (H::Hash, H::Number), + round: u64, + set_id: SetId, +) -> finality_grandpa::SignedPrecommit { + let precommit = finality_grandpa::Precommit { target_hash: target.0, target_number: target.1 }; + + let encoded = sp_consensus_grandpa::localized_payload( + round, + set_id, + &finality_grandpa::Message::Precommit(precommit.clone()), + ); + + let signature = signer.sign(&encoded); + let raw_signature: Vec = signature.to_bytes().into(); + + // Need to wrap our signature and id types that they match what our `SignedPrecommit` is + // expecting + let signature = AuthoritySignature::try_from(raw_signature).expect( + "We know our Keypair is good, + so our signature must also be good.", + ); + let id = (*signer).into(); + + finality_grandpa::SignedPrecommit { precommit, signature, id } +} + +/// Get a header for testing. +/// +/// The correct parent hash will be used if given a non-zero header. +pub fn test_header(number: H::Number) -> H { + let default = |num| { + H::new(num, Default::default(), Default::default(), Default::default(), Default::default()) + }; + + let mut header = default(number); + if number != Zero::zero() { + let parent_hash = default(number - One::one()).hash(); + header.set_parent_hash(parent_hash); + } + + header +} + +/// Convenience function for generating a Header ID at a given block number. +pub fn header_id(index: u8) -> (H::Hash, H::Number) { + (test_header::(index.into()).hash(), index.into()) +} + +#[macro_export] +/// Adds methods for testing the `set_owner()` and `set_operating_mode()` for a pallet. +/// Some values are hardcoded like: +/// - `run_test()` +/// - `Pallet::` +/// - `PalletOwner::` +/// - `PalletOperatingMode::` +/// While this is not ideal, all the pallets use the same names, so it works for the moment. +/// We can revisit this in the future if anything changes. +macro_rules! generate_owned_bridge_module_tests { + ($normal_operating_mode: expr, $halted_operating_mode: expr) => { + #[test] + fn test_set_owner() { + run_test(|| { + PalletOwner::::put(1); + + // The root should be able to change the owner. + assert_ok!(Pallet::::set_owner(RuntimeOrigin::root(), Some(2))); + assert_eq!(PalletOwner::::get(), Some(2)); + + // The owner should be able to change the owner. + assert_ok!(Pallet::::set_owner(RuntimeOrigin::signed(2), Some(3))); + assert_eq!(PalletOwner::::get(), Some(3)); + + // Other users shouldn't be able to change the owner. + assert_noop!( + Pallet::::set_owner(RuntimeOrigin::signed(1), Some(4)), + DispatchError::BadOrigin + ); + assert_eq!(PalletOwner::::get(), Some(3)); + }); + } + + #[test] + fn test_set_operating_mode() { + run_test(|| { + PalletOwner::::put(1); + PalletOperatingMode::::put($normal_operating_mode); + + // The root should be able to halt the pallet. + assert_ok!(Pallet::::set_operating_mode( + RuntimeOrigin::root(), + $halted_operating_mode + )); + assert_eq!(PalletOperatingMode::::get(), $halted_operating_mode); + // The root should be able to resume the pallet. + assert_ok!(Pallet::::set_operating_mode( + RuntimeOrigin::root(), + $normal_operating_mode + )); + assert_eq!(PalletOperatingMode::::get(), $normal_operating_mode); + + // The owner should be able to halt the pallet. + assert_ok!(Pallet::::set_operating_mode( + RuntimeOrigin::signed(1), + $halted_operating_mode + )); + assert_eq!(PalletOperatingMode::::get(), $halted_operating_mode); + // The owner should be able to resume the pallet. + assert_ok!(Pallet::::set_operating_mode( + RuntimeOrigin::signed(1), + $normal_operating_mode + )); + assert_eq!(PalletOperatingMode::::get(), $normal_operating_mode); + + // Other users shouldn't be able to halt the pallet. + assert_noop!( + Pallet::::set_operating_mode( + RuntimeOrigin::signed(2), + $halted_operating_mode + ), + DispatchError::BadOrigin + ); + assert_eq!(PalletOperatingMode::::get(), $normal_operating_mode); + // Other users shouldn't be able to resume the pallet. + PalletOperatingMode::::put($halted_operating_mode); + assert_noop!( + Pallet::::set_operating_mode( + RuntimeOrigin::signed(2), + $normal_operating_mode + ), + DispatchError::BadOrigin + ); + assert_eq!(PalletOperatingMode::::get(), $halted_operating_mode); + }); + } + }; +} diff --git a/bridges/rustfmt.toml b/bridges/rustfmt.toml new file mode 100644 index 00000000000..082150daf04 --- /dev/null +++ b/bridges/rustfmt.toml @@ -0,0 +1,24 @@ +# Basic +hard_tabs = true +max_width = 100 +use_small_heuristics = "Max" +# Imports +imports_granularity = "Crate" +reorder_imports = true +# Consistency +newline_style = "Unix" +# Format comments +comment_width = 100 +wrap_comments = true +# Misc +chain_width = 80 +spaces_around_ranges = false +binop_separator = "Back" +reorder_impl_items = false +match_arm_leading_pipes = "Preserve" +match_arm_blocks = false +match_block_trailing_comma = true +trailing_comma = "Vertical" +trailing_semicolon = false +use_field_init_shorthand = true + diff --git a/bridges/scripts/verify-pallets-build.sh b/bridges/scripts/verify-pallets-build.sh new file mode 100755 index 00000000000..dfee5341673 --- /dev/null +++ b/bridges/scripts/verify-pallets-build.sh @@ -0,0 +1,135 @@ +#!/bin/bash + +# A script to remove everything from bridges repository/subtree, except: +# +# - modules/grandpa; +# - modules/messages; +# - modules/parachains; +# - modules/relayers; +# - everything required from primitives folder. + +set -eux + +# show CLI help +function show_help() { + set +x + echo " " + echo Error: $1 + echo "Usage:" + echo " ./scripts/verify-pallets-build.sh Exit with code 0 if pallets code is well decoupled from the other code in the repo" + echo "Options:" + echo " --no-revert Leaves only runtime code on exit" + echo " --ignore-git-state Ignores git actual state" + exit 1 +} + +# parse CLI args +NO_REVERT= +IGNORE_GIT_STATE= +for i in "$@" +do + case $i in + --no-revert) + NO_REVERT=true + shift + ;; + --ignore-git-state) + IGNORE_GIT_STATE=true + shift + ;; + *) + show_help "Unknown option: $i" + ;; + esac +done + +# the script is able to work only on clean git copy, unless we want to ignore this check +[[ ! -z "${IGNORE_GIT_STATE}" ]] || [[ -z "$(git status --porcelain)" ]] || { echo >&2 "The git copy must be clean"; exit 1; } + +# let's avoid any restrictions on where this script can be called for - bridges repo may be +# plugged into any other repo folder. So the script (and other stuff that needs to be removed) +# may be located either in call dir, or one of it subdirs. +BRIDGES_FOLDER="$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )/.." + +# let's leave repository/subtree in its original (clean) state if something fails below +function revert_to_clean_state { + [[ ! -z "${NO_REVERT}" ]] || { echo "Reverting to clean state..."; git checkout .; } +} +trap revert_to_clean_state EXIT + +# remove everything we think is not required for our needs +rm -rf $BRIDGES_FOLDER/.config +rm -rf $BRIDGES_FOLDER/.github +rm -rf $BRIDGES_FOLDER/.maintain +rm -rf $BRIDGES_FOLDER/bin/millau +rm -rf $BRIDGES_FOLDER/bin/rialto +rm -rf $BRIDGES_FOLDER/bin/rialto-parachain +rm -rf $BRIDGES_FOLDER/bin/.keep +rm -rf $BRIDGES_FOLDER/deployments +rm -f $BRIDGES_FOLDER/docs/dockerhub-* +rm -rf $BRIDGES_FOLDER/fuzz +rm -rf $BRIDGES_FOLDER/modules/beefy +rm -rf $BRIDGES_FOLDER/modules/shift-session-manager +rm -rf $BRIDGES_FOLDER/primitives/beefy +rm -rf $BRIDGES_FOLDER/primitives/chain-millau +rm -rf $BRIDGES_FOLDER/primitives/chain-rialto +rm -rf $BRIDGES_FOLDER/primitives/chain-rialto-parachain +rm -rf $BRIDGES_FOLDER/primitives/chain-westend +rm -rf $BRIDGES_FOLDER/relays +rm -rf $BRIDGES_FOLDER/scripts/add_license.sh +rm -rf $BRIDGES_FOLDER/scripts/build-containers.sh +rm -rf $BRIDGES_FOLDER/scripts/ci-cache.sh +rm -rf $BRIDGES_FOLDER/scripts/dump-logs.sh +rm -rf $BRIDGES_FOLDER/scripts/license_header +rm -rf $BRIDGES_FOLDER/scripts/regenerate_runtimes.sh +rm -rf $BRIDGES_FOLDER/scripts/send-message-from-millau-rialto.sh +rm -rf $BRIDGES_FOLDER/scripts/send-message-from-rialto-millau.sh +rm -rf $BRIDGES_FOLDER/scripts/update-weights.sh +rm -rf $BRIDGES_FOLDER/scripts/update-weights-setup.sh +rm -rf $BRIDGES_FOLDER/scripts/update_substrate.sh +rm -rf $BRIDGES_FOLDER/tools +rm -f $BRIDGES_FOLDER/.dockerignore +rm -f $BRIDGES_FOLDER/deny.toml +rm -f $BRIDGES_FOLDER/.gitlab-ci.yml +rm -f $BRIDGES_FOLDER/.editorconfig +rm -f $BRIDGES_FOLDER/Cargo.toml +rm -f $BRIDGES_FOLDER/ci.Dockerfile +rm -f $BRIDGES_FOLDER/CODEOWNERS +rm -f $BRIDGES_FOLDER/Dockerfile + +# let's fix Cargo.toml a bit (it'll be helpful if we are in the bridges repo) +if [[ ! -f "Cargo.toml" ]]; then + cat > Cargo.toml <<-CARGO_TOML + [workspace] + resolver = "2" + + members = [ + "bin/runtime-common", + "modules/*", + "primitives/*", + ] + CARGO_TOML +fi + +# let's test if everything we need compiles + +cargo check -p pallet-bridge-grandpa +cargo check -p pallet-bridge-grandpa --features runtime-benchmarks +cargo check -p pallet-bridge-grandpa --features try-runtime +cargo check -p pallet-bridge-messages +cargo check -p pallet-bridge-messages --features runtime-benchmarks +cargo check -p pallet-bridge-messages --features try-runtime +cargo check -p pallet-bridge-parachains +cargo check -p pallet-bridge-parachains --features runtime-benchmarks +cargo check -p pallet-bridge-parachains --features try-runtime +cargo check -p pallet-bridge-relayers +cargo check -p pallet-bridge-relayers --features runtime-benchmarks +cargo check -p pallet-bridge-relayers --features try-runtime +cargo check -p bridge-runtime-common +cargo check -p bridge-runtime-common --features runtime-benchmarks + +# we're removing lock file after all chechs are done. Otherwise we may use different +# Substrate/Polkadot/Cumulus commits and our checks will fail +rm -f $BRIDGES_FOLDER/Cargo.lock + +echo "OK" diff --git a/client/network/src/lib.rs b/client/network/src/lib.rs index 5a2043ab5f7..0c15ab3add5 100644 --- a/client/network/src/lib.rs +++ b/client/network/src/lib.rs @@ -303,9 +303,9 @@ where Ok(Validation::Success { is_new_best: true }) } else if block_number >= known_best_number { tracing::debug!( - target: LOG_TARGET, - "Validation failed because a justification is needed if the block at the top of the chain." - ); + target: LOG_TARGET, + "Validation failed because a justification is needed if the block at the top of the chain." + ); Ok(Validation::Failure { disconnect: false }) } else { diff --git a/scripts/bridges_update_subtree.sh b/scripts/bridges_update_subtree.sh new file mode 100755 index 00000000000..bd9161b601f --- /dev/null +++ b/scripts/bridges_update_subtree.sh @@ -0,0 +1,85 @@ +#!/bin/bash + +# A script to udpate bridges repo as subtree to Cumulus +# Usage: +# ./scripts/bridges_update_subtree.sh fetch +# ./scripts/bridges_update_subtree.sh patch +# ./scripts/bridges_update_subtree.sh merge + +set -e + +BRIDGES_BRANCH="${BRANCH:-master}" +BRIDGES_TARGET_DIR="${TARGET_DIR:-bridges}" + +function fetch() { + # the script is able to work only on clean git copy + [[ -z "$(git status --porcelain)" ]] || { + echo >&2 "The git copy must be clean (stash all your changes):"; + git status --porcelain + exit 1; + } + + local bridges_remote=$(git remote -v | grep "parity-bridges-common.git (fetch)" | head -n1 | awk '{print $1;}') + if [ -z "$bridges_remote" ]; then + echo "" + echo "Adding new remote: 'bridges' repo..." + echo "" + echo "... check your YubiKey ..." + git remote add -f bridges git@github.com:paritytech/parity-bridges-common.git + bridges_remote="bridges" + else + echo "" + echo "Fetching remote: '${bridges_remote}' repo..." + echo "" + echo "... check your YubiKey ..." + git fetch ${bridges_remote} --prune + fi + + echo "" + echo "Syncing/updating subtree with remote branch '${bridges_remote}/$BRIDGES_BRANCH' to target directory: '$BRIDGES_TARGET_DIR'" + echo "" + echo "... check your YubiKey ..." + git subtree pull --prefix=$BRIDGES_TARGET_DIR ${bridges_remote} $BRIDGES_BRANCH --squash +} + +function patch() { + echo "" + echo "Patching/removing unneeded stuff from subtree in target directory: '$BRIDGES_TARGET_DIR'" + $BRIDGES_TARGET_DIR/scripts/verify-pallets-build.sh --ignore-git-state --no-revert +} + +function merge() { + echo "" + echo "Merging stuff from subtree in target directory: '$BRIDGES_TARGET_DIR'" + + # stage all removed by patch: DU, MD, D, AD - only from subtree directory + git status -s | awk '$1 == "DU" || $1 == "D" || $1 == "MD" || $1 == "AD" {print $2}' | grep "^$BRIDGES_TARGET_DIR/" | xargs git rm -q --ignore-unmatch + + echo "" + echo "When all conflicts are resolved, do 'git merge --continue'" +} + +function amend() { + echo "" + echo "Amend stuff from subtree in target directory: '$BRIDGES_TARGET_DIR'" + git commit --amend -S -m "updating bridges subtree + remove extra folders" +} + +case "$1" in + fetch) + fetch + ;; + patch) + patch + ;; + merge) + merge + ;; + amend) + amend + ;; + all) + fetch + patch + ;; +esac \ No newline at end of file