Skip to content

feat: only authorized relayers can invoke handlers with commitment proof verification #240

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Jan 31, 2025
Merged

feat: only authorized relayers can invoke handlers with commitment proof verification #240

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
14a8ec6
feat: only relayer can invoke handlers containing proof verificaiton
Farhad-Shabani Jan 29, 2025
fcdf10b
chore: update tests + only allow auth relayer to register client
Farhad-Shabani Jan 29, 2025
dd0bb5c
fix: not needed for send_packet
Farhad-Shabani Jan 29, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 9 additions & 1 deletion cairo-contracts/packages/apps/src/transfer/components/transfer.cairo
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -184,6 +184,8 @@ pub mod TokenTransferComponent {
version_proposal: AppVersion,
ordering: ChannelOrdering
) -> AppVersion {
self.assert_owner();

assert(port_id_on_a == TRANSFER_PORT_ID(), TransferErrors::INVALID_PORT_ID);

if version_proposal.is_non_zero() {
Expand All @@ -204,6 +206,8 @@ pub mod TokenTransferComponent {
version_on_a: AppVersion,
ordering: ChannelOrdering
) -> AppVersion {
self.assert_owner();

assert(version_on_a == VERSION(), TransferErrors::INVALID_APP_VERSION);

VERSION()
Expand All @@ -215,12 +219,16 @@ pub mod TokenTransferComponent {
chan_id_on_a: ChannelId,
version_on_b: AppVersion
) {
self.assert_owner();

assert(version_on_b == VERSION(), TransferErrors::INVALID_APP_VERSION);
}

fn on_chan_open_confirm(
ref self: ComponentState<TContractState>, port_id_on_b: PortId, chan_id_on_b: ChannelId
) {}
) {
self.assert_owner();
}

fn on_recv_packet(
ref self: ComponentState<TContractState>, packet: Packet
Expand Down
4 changes: 1 addition & 3 deletions cairo-contracts/packages/contracts/src/tests/channel.cairo
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ use starknet_ibc_testkit::configs::{
};
use starknet_ibc_testkit::dummies::{
HEIGHT, TIMESTAMP, COSMOS, STARKNET, CLIENT_ID, CONNECTION_ID, CHANNEL_ID, PORT_ID, SUPPLY,
PACKET_COMMITMENT_ON_SN, RELAYER, SN_USER, CS_USER
PACKET_COMMITMENT_ON_SN, SN_USER, CS_USER
};
use starknet_ibc_testkit::event_spy::{TransferEventSpyExt, ChannelEventSpyExt};
use starknet_ibc_testkit::handles::{CoreHandle, AppHandle, ERC20Handle};
Expand Down Expand Up @@ -466,8 +466,6 @@ fn try_timeout_packet(timeout_height: Height, timeout_timestamp: Timestamp) {

start_cheat_caller_address(ics20.address, core.address);

core.register_relayer(RELAYER());
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same here.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#240 (comment)


let msg = comet_cfg
.dummy_msg_update_client(
CLIENT_ID(), comet_cfg.latest_height, updating_height.clone(), updating_timestamp,
Expand Down
4 changes: 1 addition & 3 deletions cairo-contracts/packages/contracts/src/tests/client.cairo
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
use snforge_std::spy_events;
use starknet_ibc_core::client::{UpdateResponse, StatusTrait, ClientContractTrait};
use starknet_ibc_testkit::configs::CometClientConfigTrait;
use starknet_ibc_testkit::dummies::{HEIGHT, RELAYER};
use starknet_ibc_testkit::dummies::HEIGHT;
use starknet_ibc_testkit::event_spy::ClientEventSpyExt;
use starknet_ibc_testkit::handles::CoreHandle;
use starknet_ibc_testkit::setup::SetupImpl;
Expand Down Expand Up @@ -58,8 +58,6 @@ fn test_update_comet_client_ok() {
// Update Client
// -----------------------------------------------------------

core.register_relayer(RELAYER());

// Update the client to a new height and time.
let updating_height = cfg.latest_height.clone() + HEIGHT(1);
let updating_time = cfg.latest_timestamp.clone() + 1;
Expand Down
24 changes: 22 additions & 2 deletions cairo-contracts/packages/core/src/channel/components/handler.cairo
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,15 +9,17 @@ pub mod ChannelHandlerComponent {
Map, StorageMapReadAccess, StorageMapWriteAccess, StoragePointerReadAccess,
StoragePointerWriteAccess
};
use starknet::{get_block_timestamp, get_block_number};
use starknet::{get_block_timestamp, get_block_number, get_caller_address};
use starknet_ibc_core::channel::ChannelHandlerComponent::ClientHandlerComponent::ClientReaderTrait;
use starknet_ibc_core::channel::{
ChannelEventEmitterComponent, IChannelHandler, IChannelQuery, MsgChanOpenInit,
MsgChanOpenTry, MsgChanOpenAck, MsgChanOpenConfirm, MsgRecvPacket, MsgAckPacket,
MsgTimeoutPacket, ChannelEnd, ChannelEndTrait, ChannelErrors, PacketTrait, ChannelOrdering,
AppVersion, Receipt, ReceiptTrait, Packet, Acknowledgement
};
use starknet_ibc_core::client::{
ClientHandlerComponent, ClientContract, ClientContractTrait, Height, HeightImpl
ClientHandlerComponent, ClientContract, ClientContractTrait, Height, HeightImpl,
ClientErrors
};
use starknet_ibc_core::commitment::{
StateProof, Commitment, CommitmentZero, compute_packet_commitment, compute_ack_commitment
Expand Down Expand Up @@ -56,6 +58,9 @@ pub mod ChannelHandlerComponent {
// IChannelHandler
// -----------------------------------------------------------

// NOTE: Authorized relayer check is temporary and will be removed once
// commitment proof verification is implemented.

#[embeddable_as(CoreChannelHandler)]
impl CoreChannelHandlerImpl<
TContractState,
Expand All @@ -77,18 +82,21 @@ pub mod ChannelHandlerComponent {
fn chan_open_try(
ref self: ComponentState<TContractState>, msg: MsgChanOpenTry
) -> ChannelId {
self.assert_authorized_relayer();
let channel_sequence = self.read_next_channel_sequence();
self.chan_open_try_validate(channel_sequence, msg.clone());
self.chan_open_try_execute(channel_sequence, msg)
}

fn chan_open_ack(ref self: ComponentState<TContractState>, msg: MsgChanOpenAck) {
self.assert_authorized_relayer();
let chan_end_on_a = self.read_channel_end(@msg.port_id_on_a, @msg.chan_id_on_a);
self.chan_open_ack_validate(chan_end_on_a.clone(), msg.clone());
self.chan_open_ack_execute(chan_end_on_a, msg);
}

fn chan_open_confirm(ref self: ComponentState<TContractState>, msg: MsgChanOpenConfirm) {
self.assert_authorized_relayer();
let chan_end_on_b = self.read_channel_end(@msg.port_id_on_b, @msg.chan_id_on_b);
self.chan_open_confirm_validate(chan_end_on_b.clone(), msg.clone());
self.chan_open_confirm_execute(chan_end_on_b, msg);
Expand All @@ -101,20 +109,23 @@ pub mod ChannelHandlerComponent {
}

fn recv_packet(ref self: ComponentState<TContractState>, msg: MsgRecvPacket) {
self.assert_authorized_relayer();
let chan_end_on_b = self
.read_channel_end(@msg.packet.port_id_on_b, @msg.packet.chan_id_on_b);
self.recv_packet_validate(msg.clone(), chan_end_on_b.clone());
self.recv_packet_execute(msg, chan_end_on_b);
}

fn ack_packet(ref self: ComponentState<TContractState>, msg: MsgAckPacket) {
self.assert_authorized_relayer();
let chan_end_on_a = self
.read_channel_end(@msg.packet.port_id_on_a, @msg.packet.chan_id_on_b);
self.ack_packet_validate(msg.clone(), chan_end_on_a.clone());
self.ack_packet_execute(msg, chan_end_on_a);
}

fn timeout_packet(ref self: ComponentState<TContractState>, msg: MsgTimeoutPacket) {
self.assert_authorized_relayer();
let chan_end_on_a = self
.read_channel_end(@msg.packet.port_id_on_a, @msg.packet.chan_id_on_a);
self.timeout_packet_validate(msg.clone(), chan_end_on_a.clone());
Expand Down Expand Up @@ -1078,6 +1089,15 @@ pub mod ChannelHandlerComponent {
root_on_b
);
}

fn assert_authorized_relayer(self: @ComponentState<TContractState>) {
let client_comp = get_dep_component!(self, ClientHandler);

assert(
client_comp.in_allowed_relayers(get_caller_address()),
ClientErrors::UNAUTHORIZED_RELAYER
);
}
}

// -----------------------------------------------------------
Expand Down
4 changes: 4 additions & 0 deletions cairo-contracts/packages/core/src/client/components/handler.cairo
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -118,6 +118,10 @@ pub mod ClientHandlerComponent {
client_type: felt252,
client_address: ContractAddress
) {
assert(
self.in_allowed_relayers(get_caller_address()), ClientErrors::UNAUTHORIZED_RELAYER
);

self.write_supported_client(client_type, client_address);
}
}
Expand Down
10 changes: 7 additions & 3 deletions cairo-contracts/packages/testkit/src/setup.cairo
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,10 +68,12 @@ pub impl SetupImpl of SetupTrait {

let mut comet = setup.deploy_client(client_contract_name);

core.register_client(CLIENT_TYPE(), comet.address);
core.register_relayer(RELAYER());

start_cheat_caller_address(core.address, RELAYER());

core.register_client(CLIENT_TYPE(), comet.address);

(core, comet)
}

Expand Down Expand Up @@ -109,6 +111,10 @@ pub impl SetupImpl of SetupTrait {

let comet = setup.deploy_client(client_contract_name);

core.register_relayer(RELAYER());

start_cheat_caller_address(core.address, RELAYER());

core.register_client(CLIENT_TYPE(), comet.address);

let mut erc20 = setup.deploy_erc20();
Expand All @@ -117,8 +123,6 @@ pub impl SetupImpl of SetupTrait {

core.register_app(TRANSFER_PORT_ID(), ics20.address);

start_cheat_caller_address(core.address, RELAYER());

(core, ics20, erc20)
}
}
Expand Down
Loading