Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[balances] Safeguard against consumer ref underflow #3865

Merged
merged 7 commits into from
Apr 26, 2024

Conversation

ggwpez
Copy link
Member

@ggwpez ggwpez commented Mar 27, 2024

There are some accounts that do not have a consumer ref while having a reserve.
This adds a fail-safe mechanism to trigger in the case that does_consume is true, but the assumption of consumer>0 is not.

This should prevent those accounts from loosing balance and the TI from getting messed up even more, but is not an "ideal" fix. TBH an ideal fix is not possible, since on-chain data is in an invalid state.

Signed-off-by: Oliver Tale-Yazdi <[email protected]>
Signed-off-by: Oliver Tale-Yazdi <[email protected]>
@ggwpez ggwpez added the T2-pallets This PR/Issue is related to a particular pallet. label Mar 27, 2024
@ggwpez ggwpez changed the title [pallet-balances] Safeguard against consumer ref underflow [balances] Safeguard against consumer ref underflow Mar 27, 2024
Signed-off-by: Oliver Tale-Yazdi <[email protected]>
@ggwpez ggwpez marked this pull request as ready for review March 27, 2024 16:08
@ggwpez ggwpez requested a review from a team as a code owner March 27, 2024 16:08
Signed-off-by: Oliver Tale-Yazdi <[email protected]>
);

// normal transfers still work:
hypothetically!({
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh this is a great macro, I always manually used a transactional layer!

@@ -278,6 +279,23 @@ pub fn info_from_weight(w: Weight) -> DispatchInfo {
DispatchInfo { weight: w, ..Default::default() }
}

/// Check that the total-issuance matches the sum of all accounts' total balances.
pub fn ensure_ti_valid() {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we easily inject this at the end of all tests in this crate?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah yes. I though about adding a fn register_cleanup_hook to the TestExternalities.
Then we could set this in the externalities as hook and have it run at the end without any refactoring. Otherwise i think we need to refactor to not directly use the execute_with but wrap it again.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would be curious to also know if it's feasible as a try-state hook

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Otherwise i think we need to refactor to not directly use the execute_with but wrap it again.

Yeah this is what most pallets do, and I generally find it easier.

I would be curious to also know if it's feasible as a try-state hook

Ideally it should be, but yeah iterating all accounts will ruin everything else 🙈 We need to think of a system to separate try-state hooks that we always run in a place like CI vs. those that we want to run every month etc.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would be really interested to bench it. We have a lot of really heavy staking hooks today without much issue, maybe as long as it's O(n) it's OK.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looking forward to adding it :)

Copy link
Member Author

@ggwpez ggwpez Apr 2, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I ran these checks in remote-externalities to find some issues with this: https://github.com/ggwpez/wtfwt
takes like 3-5 secs for one run on Polkadot.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

3-5s is acceptable imo

@@ -278,6 +279,23 @@ pub fn info_from_weight(w: Weight) -> DispatchInfo {
DispatchInfo { weight: w, ..Default::default() }
}

/// Check that the total-issuance matches the sum of all accounts' total balances.
pub fn ensure_ti_valid() {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would be curious to also know if it's feasible as a try-state hook

prdoc/pr_3865.prdoc Outdated Show resolved Hide resolved
prdoc/pr_3865.prdoc Outdated Show resolved Hide resolved
@ggwpez ggwpez added this pull request to the merge queue Apr 26, 2024
Merged via the queue into master with commit e8f7c81 Apr 26, 2024
135 of 137 checks passed
@ggwpez ggwpez deleted the oty-balances-consumer-fix branch April 26, 2024 08:40
Morganamilo pushed a commit that referenced this pull request May 2, 2024
There are some accounts that do not have a consumer ref while having a
reserve.
This adds a fail-safe mechanism to trigger in the case that
`does_consume` is true, but the assumption of `consumer>0` is not.

This should prevent those accounts from loosing balance and the TI from
getting messed up even more, but is not an "ideal" fix. TBH an ideal fix
is not possible, since on-chain data is in an invalid state.

---------

Signed-off-by: Oliver Tale-Yazdi <[email protected]>
ggwpez added a commit that referenced this pull request May 7, 2024
There are some accounts that do not have a consumer ref while having a
reserve.
This adds a fail-safe mechanism to trigger in the case that
`does_consume` is true, but the assumption of `consumer>0` is not.

This should prevent those accounts from loosing balance and the TI from
getting messed up even more, but is not an "ideal" fix. TBH an ideal fix
is not possible, since on-chain data is in an invalid state.

---------

Signed-off-by: Oliver Tale-Yazdi <[email protected]>
ggwpez added a commit that referenced this pull request May 7, 2024
There are some accounts that do not have a consumer ref while having a
reserve.
This adds a fail-safe mechanism to trigger in the case that
`does_consume` is true, but the assumption of `consumer>0` is not.

This should prevent those accounts from loosing balance and the TI from
getting messed up even more, but is not an "ideal" fix. TBH an ideal fix
is not possible, since on-chain data is in an invalid state.

---------

Signed-off-by: Oliver Tale-Yazdi <[email protected]>
ggwpez added a commit that referenced this pull request May 13, 2024
Backporting #3865 to 1.7 crates release for the `pallet-balances`.

---------

Signed-off-by: Oliver Tale-Yazdi <[email protected]>
Co-authored-by: Bastian Köcher <[email protected]>
ggwpez added a commit to polkadot-fellows/runtimes that referenced this pull request May 15, 2024
Bump pallet-balances to include
paritytech/polkadot-sdk#3865 and clean up
CHANGELOG.

- [ ] Does not require a CHANGELOG entry

---------

Signed-off-by: Oliver Tale-Yazdi <[email protected]>
TarekkMA pushed a commit to moonbeam-foundation/polkadot-sdk that referenced this pull request Aug 2, 2024
There are some accounts that do not have a consumer ref while having a
reserve.
This adds a fail-safe mechanism to trigger in the case that
`does_consume` is true, but the assumption of `consumer>0` is not.

This should prevent those accounts from loosing balance and the TI from
getting messed up even more, but is not an "ideal" fix. TBH an ideal fix
is not possible, since on-chain data is in an invalid state.

---------

Signed-off-by: Oliver Tale-Yazdi <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
T2-pallets This PR/Issue is related to a particular pallet.
Projects
Status: Audited
Development

Successfully merging this pull request may close these issues.

3 participants