set_code_hash with contract reconstruction #6985
Conversation
…nto zebedeusz/constracts_code_hash
|
All GitHub workflows were cancelled due to failure one of the required jobs. |
There was a problem hiding this comment.
This is going in the right direction. A few additional remarks:
- When the constructor is trying to set the immutables it will error out because
set_immutable_datawill make sure it is only run inside of a constructor. However, we are executing the constructor in the current contractscallcontext (Frame). This code needs some adoption. Maybe a flag insideFrameto signal when we are insideset_code_hash. This also needs to be checked inget_immutable_datato prevent reading immutables inside the constructor. - The current code will also run into problems when the contract already has some immutable data since we disallow replacing it. Solution: Set
contract_info.immutable_data_lento0refund the deposit usingstorage_meter.charge()before calling the constructor. You also need to delete the current imutables from storage before calling the constuctor. Callingset_code_hashwill always delete the current immutables which is fine and expected. A constructor doesn't have access to them anyways and is expected to write them if there are any. - We need to prevent recursive calls into
set_code_hash. Otherwise you can trivially consume a lot of memory. Since we are not creating a new frame the stack depth limit is not enforced. I would just generally disallow the usage of this API inside a constructor to address this issue. It seems nonsensical to do that. - We also need to error out if the current stack depth is at its maximum when calling this API. This is because we are loading a potentially big chunk of code into memory. We are assuming that there are never more than
CALL_STACK_DEPTH + 1codes in memory. This also means that we need to take into account if we are inset_code_hashwhen doing a sub call. We basically need to adapt this check to add1if we are insideset_code_hash.
| let result = executable | ||
| .execute(self, ExportedFunction::Constructor, current_immutable.to_vec()) | ||
| .map_err(|e| e.error)?; |
There was a problem hiding this comment.
Constructors don't have access to immutables. They set the immutables. Usually by deriving them from the constructor arguments or environment properties (like the caller of the constructor).
So what should be passed here are not immutables but thet arguments to the constructor. In order to do that you need to add a new argument to this function (Vec<u8>) so that the contract calling set_code_hash can provide the chosen constructor with its arguments.
There was a problem hiding this comment.
Those new error codes don't make sense since we don't check any compat with the old immutables (see other comment).
I think we should add a single new error: SetCodeHashConstructorFailed to signal the error happened within the constructor. All other errors are just bubbled up.
|
|
||
| let old_base_deposit = info.storage_base_deposit(); | ||
| let new_base_deposit = info.update_base_deposit(&code_info); | ||
| let deposit = StorageDeposit::Charge(new_base_deposit) | ||
| .saturating_sub(&StorageDeposit::Charge(old_base_deposit)); | ||
|
|
||
| ExecStack::<T, WasmBlob<T>>::increment_refcount(hash)?; | ||
| ExecStack::<T, WasmBlob<T>>::decrement_refcount(prev_hash); | ||
| info.code_hash = hash; |
There was a problem hiding this comment.
This should to be done before calling the constructor. Otherwise it will see the old code hash when querying it.
|
@athei |
|
@athei |
Fixes #6717