Pallet assets: new status LiveAndNoPrivilege and new call revoke_all_privilege#4150
Pallet assets: new status LiveAndNoPrivilege and new call revoke_all_privilege#4150gui1117 wants to merge 66 commits intoparitytech:masterfrom
Conversation
| .saturating_add(T::DbWeight::get().writes(1_u64)) | ||
| } | ||
| fn revoke_all_privileges() -> Weight { | ||
| Weight::zero() |
There was a problem hiding this comment.
| Weight::zero() | |
| Weight::MAX |
Safer default
There was a problem hiding this comment.
yes, I now ran benchmarks on my machine for a better default.
It should be fixed
|
|
||
| /// Check that owner is same as in asset details and that asset status is not | ||
| /// `LiveAndNoPrivileges`. | ||
| pub(super) fn check_owner_right( |
There was a problem hiding this comment.
Or verify_owner. Same for others.
| pub(super) fn check_owner_right( | |
| pub(super) fn check_owner( |
There was a problem hiding this comment.
Indeed, I changed internal API for a safer implementation, tell me what you think
gui1117
changed the title
joepetrowski
added
the
T2-pallets
| Asset::<T, I>::insert(&id, d); | ||
|
|
||
| Self::deposit_event(Event::TeamChanged { asset_id: id.clone(), issuer, admin, freezer }); | ||
| Self::deposit_event(Event::OwnerChanged { asset_id: id, owner }); |
There was a problem hiding this comment.
I added events here. This is unrelated to the PR, Let me know if this is unwanted
gui1117
changed the title
cumulus/parachains/runtimes/assets/asset-hub-rococo/src/weights/pallet_assets_foreign.rs
Show resolved
Hide resolved
...rachains/integration-tests/emulated/tests/assets/asset-hub-rococo/src/tests/burn_at_relay.rs
Outdated
Show resolved
Hide resolved
...rachains/integration-tests/emulated/tests/assets/asset-hub-rococo/src/tests/burn_at_relay.rs
Outdated
Show resolved
Hide resolved
...achains/integration-tests/emulated/tests/assets/asset-hub-westend/src/tests/burn_at_relay.rs
Outdated
Show resolved
Hide resolved
...achains/integration-tests/emulated/tests/assets/asset-hub-westend/src/tests/burn_at_relay.rs
Outdated
Show resolved
Hide resolved
gui1117
force-pushed
the
gui-assets-revoke-through-status
branch
from
a4baa63 to
905f658
Compare
|
The CI pipeline was cancelled due to failure one of the required jobs. |
substrate/frame/assets/Cargo.toml
Outdated
| [package] | ||
| name = "pallet-assets" | ||
| version = "29.1.0" | ||
| version = "30.0.0" |
There was a problem hiding this comment.
I think this will be done when released to avoid multiple version increments
substrate/frame/assets/src/lib.rs
Outdated
| let d = maybe_details.as_mut().ok_or(Error::<T, I>::Unknown)?; | ||
| ensure!(d.status == AssetStatus::Live, Error::<T, I>::AssetNotLive); | ||
| ensure!(origin == d.freezer, Error::<T, I>::NoPermission); | ||
| Self::ensure_live_asset(&d)?; |
There was a problem hiding this comment.
may be something like d.is_live(), etc .., so we could have it more consistent. it is easy to make a mistake with the statuses
There was a problem hiding this comment.
I added the method on asset details: is_live. 6594d94
|
|
||
| /// Reset the team for the asset with the given `id`. | ||
| /// | ||
| /// If the asset status is `LiveAndNoPrivileges` then it is changed to `Live`. |
There was a problem hiding this comment.
Maybe worth mentioning something in ResetTeam trait doc that it is a force reset
There was a problem hiding this comment.
Would you prefer to change the trait to have 2 functions: try_reset_team and force_reset_team instead?
EDIT: keeping the trait with just an additional doc could be fine considering any trait using ResetTeam would know that the owner doesn't exist when the status is LiveAndNoPrivileges
There was a problem hiding this comment.
I only improved the doc: d0a8ab2
I think it is fine to keep the trait as it is, because reset_team is quite authoritative by itself, and caller should know why it can or cannot reset the team.
| } | ||
| match d.try_set_team(&owner, &issuer, &admin, &freezer) { | ||
| Ok(()) => (), | ||
| Err(SetTeamError::AssetStatusLiveAndNoPrivileges) => log::error!( |
There was a problem hiding this comment.
should we still update the status on this failure? we probably wanna exit with this arm from the function
There was a problem hiding this comment.
Yes ok, I added a new error variant: InternalError and abort in case of such internal error. 6594d94
substrate/frame/assets/src/lib.rs
Outdated
|
|
||
| match details.try_set_owner(&owner) { | ||
| Ok(()) => (), | ||
| Err(SetTeamError::AssetStatusLiveAndNoPrivileges) => log::error!( |
substrate/frame/assets/src/lib.rs
Outdated
| ); | ||
| match res { | ||
| Ok(()) => (), | ||
| Err(SetTeamError::AssetStatusLiveAndNoPrivileges) => log::error!( |
There was a problem hiding this comment.
status will change to Live even though we failed to change the team
substrate/frame/assets/src/lib.rs
Outdated
| Err(origin) => Some(ensure_signed(origin)?), | ||
| }; | ||
| let id: T::AssetId = id.into(); | ||
| let mut asset = Asset::<T, I>::get(id.clone()).ok_or(Error::<T, I>::Unknown)?; |
There was a problem hiding this comment.
should work with a reference, no cloned needed
| Metadata::<T, I>::insert(&id, &new_metadata); | ||
|
|
||
| asset.deposit = Zero::zero(); | ||
| asset.status = AssetStatus::LiveAndNoPrivileges; |
There was a problem hiding this comment.
AFAIK we do not have invalid account address for our crypto. not sure how reasonable (probably not) would be to have some valid but random address to be used as a common null address.
There was a problem hiding this comment.
It is indeed a bit safer in case of error in the runtime.
We can copy the logic of pure proxy.
There was a problem hiding this comment.
thinking again, the best would be a special account owned by the asset pallet (same as the treasury account), which doesn't have any action.
I will do it.
There was a problem hiding this comment.
done in 5d30a4e
I copied the pallet proxy logic.
|
@gui1117 thanks for this initiative! Being able to drop privileges easily (and discoverable) is super important! Any chance we can get this over the finish line? |
No idea, I think the PR is ready for review, I don't want to merge master if nobody reviews it. |
11 participants
Some coins don't want to have any privilege role once the distribution is done. We have seen that with $PINK coins which transfered its ownership to a killed proxy account, ensuring nobody can have this privilege.
The issue is that this is not easily discoverable. For instance light client can't get this proof easily.
So this PR introduces:
new asset status: live and no privilege. Under this status all
Owner,Issuer,Freezer,Adminprivilege are null.new call:
revoke_all_privilege. Can be called by owner orForceOrigin, asset must be live. It set the statusLiveAndNoPrivilege, and it also freezes the metadata.new config associated type:
DepositDestinationOnRevocation. When owner revoke its privilege, the deposit goes to this handler. Note that if ForceOrigin callsrevoke_all_privilegethen owner get its deposit back.