Skip to content
This repository has been archived by the owner on Nov 15, 2023. It is now read-only.

Add XCM Decode Limit #3273

Merged
3 commits merged into from
Jun 17, 2021
Merged

Add XCM Decode Limit #3273

3 commits merged into from
Jun 17, 2021

Conversation

shawntabrizi
Copy link
Member

@shawntabrizi shawntabrizi commented Jun 16, 2021
edited
Loading

This PR adds a maximum XCM decode depth of 8. This prevents deeply nested XCMs which can be complex to decode.

https://github.com/paritytech/srlabs_findings/issues/94

@github-actions github-actions bot added the A0-please_review Pull request needs code review. label Jun 16, 2021
@shawntabrizi shawntabrizi added B0-silent Changes should not be mentioned in any release notes C1-low PR touches the given topic and has a low impact on builders. D9-needsaudit 👮 PR contains changes to fund-managing logic that should be properly reviewed and externally audited. labels Jun 16, 2021
@gavofyork
Copy link
Member

Where did 256 come from? For now I would keep it as small as possible while ensure known needed functionality is covered. I'd suggest 8.

@shawntabrizi
Copy link
Member Author

I chose 256 from the extrinsics depth limit, but conservative is good with me 👍

@stze stze added D1-audited 👍 PR contains changes to critical logic that has been properly reviewed and externally audited. and removed D9-needsaudit 👮 PR contains changes to fund-managing logic that should be properly reviewed and externally audited. labels Jun 17, 2021
@shawntabrizi shawntabrizi changed the title Add XCM Decode Limit of 256 Add XCM Decode Limit Jun 17, 2021
@shawntabrizi
Copy link
Member Author

bot merge

@ghost
Copy link

ghost commented Jun 17, 2021

Trying merge.

@ghost ghost merged commit 9d92e7c into master Jun 17, 2021
@ghost ghost deleted the shawntabrizi-xcm-decode-limit branch June 17, 2021 11:51
ordian added a commit that referenced this pull request Jun 17, 2021
@ordian
Merge branch 'master' into ao-improved-gossip-topology
e59d267 
* master:
  Companion #9019 (max rpc payload override) (#3276)
  Implementers' Guide: Chain Selection (#3262)
  CLI: Add missing feature checking and check if someone passes a file (#3283)
  Export 'TakeRevenue' trait. (#3278)
  Add XCM Decode Limit (#3273)
  Allow Council to Use Scheduler (#3237)
  fix xcm pallet origin (#3272)
  extract determine_new_blocks into a separate utility (#3261)
  Approval checking unit tests (#3252)
  bridges: update finality-grandpa to 0.14.1 (#3266)
  malus - mockable overseer mvp (#3224)
  use safe math (#3249)
  Companion for #8920 (Control Staking) (#3260)
  Companion for #8949 (#3216)
This pull request was closed.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@gavofyork gavofyork gavofyork approved these changes

Assignees
No one assigned
Labels
A0-please_review Pull request needs code review. B0-silent Changes should not be mentioned in any release notes C1-low PR touches the given topic and has a low impact on builders. D1-audited 👍 PR contains changes to critical logic that has been properly reviewed and externally audited.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@shawntabrizi @gavofyork @stze