Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: merge audit branch #1533

Merged
merged 61 commits into from
Feb 18, 2024
Merged

feat: merge audit branch #1533

merged 61 commits into from
Feb 18, 2024

Conversation

glihm
Copy link
Collaborator

@glihm glihm commented Feb 12, 2024
edited
Loading

The audit branch contains several important changes:

  1. The resource metadata are now manipulated as a model. But a special model that is automatically registered by sozo when the owner of the world deploys it.
  2. The executor is no longer present. Now, the models are deployed to ensure there's no attack vector by executing the library_call syscall.
  3. Add support for Array<felt252> in models.

Tasks:

  • Ensure the address of a model is always tracked by the manifest.
  • Verify how the array is handled into introspect and associated layout. SQL test are failing for this reason.
  • Add a link to the audit PDF on Nethermind public repository of audited codebase.

@glihm
fix: ensure world metadata are handled safely with ACL
f129edf
@glihm
fix: remove unused EXECUTE_ENTRYPOINT
73d7809
@glihm
fix: add support for array for feature parity on metadata uri
5016cfe
@glihm
fix: ensure the new class hash to upgrade to has world() entrypoint
8ff011f
@glihm
wip: metadata rework
787d8c8
@glihm
feat: add expand env var for plugin debug
597c436
@glihm
feat: add support for multiple segment in the storage
f03cce8 
This commit aims at having more flexibility in the dojo storage
engine, to automatically use several storage slots segments depending
on the packed size.

The offset and length fields are not more required for the database to work.
The layout is still exposed for the moment.
@glihm
fix: adjust world entry points based on storage rework
30e79c8
@glihm
fix: remove unused WhereClause
98ed168
@glihm
fix: ensure deployed contracts addresses don't conflict with model names
bfd952b
@glihm
fix: remove TODO with expected behavior for packing
b1e1aa8
@glihm
fix: ensure fpow is never used with base equal to 0 in our case
0c0a4ec
@glihm
fix: remove old boolean enum usage
fdebe59
@glihm
fix: ensure executor address is not zero
c804b77
@glihm
fix: ensure packing max bits max value
29621f5
@glihm
fix: remove unused file
88ccdde
@glihm
fix: remove database/utils not used for now
ec03721
@glihm
fix: remove index related code
e95153c
@glihm
fix: ensure empty data are well retrieved from storage
f548b79
@glihm
fix: remove the length from the storage to be backward compatible
4b5c0f8
@glihm
fix: remove unused variable
9a94a39
@glihm
fix: adjust gas for test
0cd0031
@glihm
feat: add function to verify ownership of tx account
1d65123
@glihm
fix: remove executor and and deploy models instead
479197e 
There were a security issue with the executor, as currently
the library_call is not immutable. Hence, a function called
by library_call may contains other syscall. For this reason,
the executor is removed in favor of deploying the model
to get it's name.
@glihm
fix: keep class hash and contract address for models
04f7ef7
@glihm
feat: update toolchain for new model registration
cc534af
@glihm
fix: revise world documentation and refacto world errors
ef92799
@glihm
fix: remove unused storage variable
c04ffa5
@glihm
fix: ensure the world address is protected against model registration
202d077
@glihm
fix: remove unused variable
572fdc8
@glihm
Copy link
Collaborator Author

glihm commented Feb 14, 2024

I believe it comes from the "cainome" dependency. It's caused by tokio and maybe some other deps - gotta check if tokio is the only one. Tokio won't compile if the feature "full" is used. Only these features are supported on WASM image

Appreciate the feedback on that, will double check cainome and possible sources based on that. Thanks mate. 🙏

tarrencev
tarrencev reviewed Feb 14, 2024
View reviewed changes
Copy link
Contributor

@tarrencev tarrencev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

some minor feedback from a initial pass

bin/sozo/src/commands/model.rs Show resolved Hide resolved
bin/sozo/src/ops/migration/mod.rs Outdated Show resolved Hide resolved
crates/dojo-core/src/base_test.cairo Show resolved Hide resolved
crates/dojo-core/src/base_test.cairo Outdated Show resolved Hide resolved
crates/dojo-core/src/database_test.cairo Outdated Show resolved Hide resolved
@glihm
Copy link
Collaborator Author

glihm commented Feb 14, 2024

@ThePinion and @neotheprogramist if you have a chance I would appreciate a counter review on the core contracts changes. 🙏

@neotheprogramist you had started hard and great work on indexing, however for the audit it was removed as we should reconsider the model for this in a later phase. Appreciate your comprehension on that mate.

@glihm glihm requested a review from kariy February 14, 2024 18:37
@codecov Codecov
Copy link

codecov bot commented Feb 14, 2024
edited
Loading

Codecov Report

Attention: 81 lines in your changes are missing coverage. Please review.

Comparison is base (374f2bf) 70.06% compared to head (082e369) 70.50%.
Report is 37 commits behind head on main.

Files Patch % Lines
crates/dojo-lang/src/inline_macros/array_cap.rs 73.91% 24 Missing ⚠️
crates/torii/grpc/src/server/mod.rs 0.00% 12 Missing ⚠️
crates/dojo-lang/src/introspect.rs 86.66% 10 Missing ⚠️
crates/torii/core/src/processors/register_model.rs 40.00% 9 Missing ⚠️
bin/sozo/src/ops/model.rs 0.00% 7 Missing ⚠️
crates/torii/core/src/model.rs 63.63% 4 Missing ⚠️
crates/dojo-world/src/contracts/model.rs 83.33% 3 Missing ⚠️
crates/dojo-world/src/manifest.rs 86.36% 3 Missing ⚠️
crates/dojo-world/src/migration/mod.rs 0.00% 3 Missing ⚠️
crates/dojo-lang/src/plugin.rs 91.30% 2 Missing ⚠️
... and 4 more
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1533      +/-   ##
==========================================
+ Coverage   70.06%   70.50%   +0.43%     
==========================================
  Files         236      261      +25     
  Lines       22531    25300    +2769     
==========================================
+ Hits        15786    17837    +2051     
- Misses       6745     7463     +718

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

glihm
glihm commented Feb 16, 2024
View reviewed changes
Copy link
Collaborator Author

@glihm glihm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some comments on the sozo capabilities for backward compatibilities.
Thanks guys for the feedback. 👍

bin/sozo/src/commands/migrate.rs Outdated Show resolved Hide resolved
bin/sozo/src/ops/migration/mod.rs Outdated Show resolved Hide resolved
@glihm glihm requested a review from tarrencev February 16, 2024 04:01
kariy
kariy reviewed Feb 17, 2024
View reviewed changes
crates/dojo-lang/src/plugin.rs
Comment on lines +244 to +246
let do_expand: bool =
std::env::var(DOJO_PLUGIN_EXPAND_VAR_ENV).map_or(false, |v| v == "true" || v == "1");

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's the purpose behind this env var? Is there a reason to print out the expanded code ?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Debugging mostly.

While working on dojo-lang to introduce the array, I found that having the compiler rewritten node expanded was very useful.

crates/dojo-world/src/migration/mod.rs Outdated Show resolved Hide resolved
crates/dojo-test-utils/build.rs Show resolved Hide resolved
@glihm glihm merged commit 072a31d into dojoengine:main Feb 18, 2024
12 checks passed
@glihm glihm mentioned this pull request Feb 23, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@broody broody broody left review comments

@gianalarcon gianalarcon gianalarcon left review comments

@kariy kariy kariy left review comments

@tarrencev tarrencev tarrencev approved these changes

@piniom piniom Awaiting requested review from piniom

@neotheprogramist neotheprogramist Awaiting requested review from neotheprogramist

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@glihm @Larkooo @broody @tarrencev @gianalarcon @kariy