Skip to content
This repository has been archived by the owner on Nov 15, 2023. It is now read-only.

Consider a declarative API to describe XCM barrier conditions #4276

Closed
KiChjang opened this issue Nov 13, 2021 · 1 comment · Fixed by #6756
Closed

Consider a declarative API to describe XCM barrier conditions #4276

KiChjang opened this issue Nov 13, 2021 · 1 comment · Fixed by #6756
Labels
T6-XCM This PR/Issue is related to XCM.

Comments

@KiChjang
Copy link
Contributor

KiChjang commented Nov 13, 2021
edited
Loading

Currently, the way we set up XCM barriers is done in a very procedural and imperative manner:

polkadot/xcm/xcm-builder/src/barriers.rs

Lines 53 to 92 in 903c6f2

pub struct AllowTopLevelPaidExecutionFrom<T>(PhantomData<T>);
impl<T: Contains<MultiLocation>> ShouldExecute for AllowTopLevelPaidExecutionFrom<T> {
fn should_execute<Call>(
origin: &MultiLocation,
message: &mut Xcm<Call>,
max_weight: Weight,
_weight_credit: &mut Weight,
) -> Result<(), ()> {
log::trace!(
target: "xcm::barriers",
"AllowTopLevelPaidExecutionFrom origin: {:?}, message: {:?}, max_weight: {:?}, weight_credit: {:?}",
origin, message, max_weight, _weight_credit,
);
ensure!(T::contains(origin), ());
let mut iter = message.0.iter_mut();
let i = iter.next().ok_or(())?;
match i {
ReceiveTeleportedAsset(..) |
WithdrawAsset(..) |
ReserveAssetDeposited(..) |
ClaimAsset { .. } => (),
_ => return Err(()),
}
let mut i = iter.next().ok_or(())?;
while let ClearOrigin = i {
i = iter.next().ok_or(())?;
}
match i {
BuyExecution { weight_limit: Limited(ref mut weight), .. } if *weight >= max_weight => {
*weight = max_weight;
Ok(())
},
BuyExecution { ref mut weight_limit, .. } if weight_limit == &Unlimited => {
*weight_limit = Limited(max_weight);
Ok(())
},
_ => Err(()),
}
}
}

Since we've already have cases where a misconfigured barrier condition has led to privilege escalation attacks, it is therefore prudent to consider whether this should be the way in which we manage the complexity involved in configuring the barrier.

Due to the security implications, we can even begin to think of the barrier as the firewall, the first line of defense against malicious actors, and so barrier conditions should:

  • be easily maintainable and auditable;
  • hide complexity when it is not necessary to be surfaced;
  • simple to use and configure

One of the suggestions made by @apopiak was to have an API that resembles something like the following:

message
	.match_next_inst(|inst| matches!(inst, WithdrawAsset(..))
	.match_while(|inst| matches!(inst, ClearOrigin))
	.match_next_inst( /* ... */ )

Files: xcm/xcm-builder/src/barriers.rs, xcm/src/v3/mod.rs
@KiChjang KiChjang added the T6-XCM This PR/Issue is related to XCM. label Nov 13, 2021
@KiChjang KiChjang mentioned this issue Feb 21, 2023
Merged
@Polkadot-Forum
Copy link

This issue has been mentioned on Polkadot Forum. There might be relevant details there:

https://forum.polkadot.network/t/polkadot-release-analysis-v0-9-40/2468/1

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
T6-XCM This PR/Issue is related to XCM.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Introduce XCM matcher for writing barriers paritytech/polkadot
2 participants
@KiChjang @Polkadot-Forum