This repository has been archived by the owner on Nov 15, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 2.6k
pallet-treasury
: Ensure we respect max_amount
for spend across batch calls
#13468
Merged
paritytech-processbot
merged 3 commits into
master
from
bkchr-treasury-ensure-max-amount-in-batch
Feb 27, 2023
Merged
pallet-treasury
: Ensure we respect max_amount
for spend across batch calls
#13468
paritytech-processbot
merged 3 commits into
master
from
bkchr-treasury-ensure-max-amount-in-batch
Feb 27, 2023
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…tch calls When calling `spend` the origin defines the `max_amount` of tokens it is allowed to spend. The problem is that someone can send a `batch(spend, spend)` to circumvent this restriction as we don't check across different calls that the `max_amount` is respected. This pull request fixes this behavior by introducing a so-called dispatch context. This dispatch context is created once per outer most `dispatch` call. For more information see the docs in this pr. The treasury then uses this dispatch context to attach information about already spent funds per `max_amount` (we assume that each origin has a different `max_amount` configured). So, a `batch(spend, spend)` is now checked to stay inside the allowed spending bounds. Fixes: #13167
bkchr
added
A0-please_review
Pull request needs code review.
D9-needsaudit 👮
PR contains changes to fund-managing logic that should be properly reviewed and externally audited
B1-note_worthy
Changes should be noted in the release notes
T1-runtime
This PR/Issue is related to the topic “runtime”.
C1-low
PR touches the given topic and has a low impact on builders.
labels
Feb 24, 2023
The CI pipeline was cancelled due to failure one of the required jobs. |
gavofyork
approved these changes
Feb 24, 2023
ggwpez
approved these changes
Feb 24, 2023
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just one idea.
bot merge |
paritytech-processbot
bot
deleted the
bkchr-treasury-ensure-max-amount-in-batch
branch
February 27, 2023 17:49
jakoblell
added
D1-audited 👍
PR contains changes to fund-managing logic that has been properly reviewed and externally audited
and removed
D9-needsaudit 👮
PR contains changes to fund-managing logic that should be properly reviewed and externally audited
labels
Mar 22, 2023
ukint-vs
pushed a commit
to gear-tech/substrate
that referenced
this pull request
Apr 10, 2023
…tch calls (paritytech#13468) * `pallet-treasury`: Ensure we respect `max_amount` for spend across batch calls When calling `spend` the origin defines the `max_amount` of tokens it is allowed to spend. The problem is that someone can send a `batch(spend, spend)` to circumvent this restriction as we don't check across different calls that the `max_amount` is respected. This pull request fixes this behavior by introducing a so-called dispatch context. This dispatch context is created once per outer most `dispatch` call. For more information see the docs in this pr. The treasury then uses this dispatch context to attach information about already spent funds per `max_amount` (we assume that each origin has a different `max_amount` configured). So, a `batch(spend, spend)` is now checked to stay inside the allowed spending bounds. Fixes: paritytech#13167 * Import `Box` for wasm * FMT
15 tasks
nathanwhit
pushed a commit
to nathanwhit/substrate
that referenced
this pull request
Jul 19, 2023
…tch calls (paritytech#13468) * `pallet-treasury`: Ensure we respect `max_amount` for spend across batch calls When calling `spend` the origin defines the `max_amount` of tokens it is allowed to spend. The problem is that someone can send a `batch(spend, spend)` to circumvent this restriction as we don't check across different calls that the `max_amount` is respected. This pull request fixes this behavior by introducing a so-called dispatch context. This dispatch context is created once per outer most `dispatch` call. For more information see the docs in this pr. The treasury then uses this dispatch context to attach information about already spent funds per `max_amount` (we assume that each origin has a different `max_amount` configured). So, a `batch(spend, spend)` is now checked to stay inside the allowed spending bounds. Fixes: paritytech#13167 * Import `Box` for wasm * FMT
Closed
46 tasks
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
A0-please_review
Pull request needs code review.
B1-note_worthy
Changes should be noted in the release notes
C1-low
PR touches the given topic and has a low impact on builders.
D1-audited 👍
PR contains changes to fund-managing logic that has been properly reviewed and externally audited
T1-runtime
This PR/Issue is related to the topic “runtime”.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When calling
spend
the origin defines themax_amount
of tokens it is allowed to spend. The problem is that someone can send abatch(spend, spend)
to circumvent this restriction as we don't check across different calls that themax_amount
is respected. This pull request fixes this behavior by introducing a so-called dispatch context. This dispatch context is created once per outer mostdispatch
call. For more information see the docs in this pr. The treasury then uses this dispatch context to attach information about already spent funds permax_amount
(we assume that each origin has a differentmax_amount
configured). So, abatch(spend, spend)
is now checked to stay inside the allowed spending bounds.Fixes: #13167