Merged
Conversation
…o be executed on the local chain (#7200) Resolves (partially): #7148 Depends on: #7169 # Description This PR addresses partially #7148 (Problem 2) and ensures the proper checking of nested local instructions. It introduces a new barrier - `DenyRecursively` - to provide more refined control over instruction denial. The main change is the replacement of `DenyThenTry<Deny, Allow>` with `DenyThenTry<DenyRecursively<Deny>, Allow>` which handles both top-level and nested local instructions by applying allow condition after denial. For context and additional information, please refer to [_Problem 2 - Barrier vs nested XCM validation_](#7148). # TODO - [x] Evaluate PoC, more details at #7351: - **DenyNestedXcmInstructions**: Keep it as it is and be explicit: 1. Name the Deny barriers for the top level. 2. Name the Deny barrier for nested with `DenyInstructionsWithXcm`. - **DenyThenTry<DenyInstructionsWithXcm<Deny>, Allow>**: Alternatively, hard-code those three instructions in `DenyThenTry`, so we wouldn’t need `DenyInstructionsWithXcm`. However, this approach wouldn’t be as general. - **DenyInstructionsWithXcmFor**: Another possibility is to check `DenyInstructionsWithXcm::Inner` for the actual `message`, so we don’t need duplication for top-level and nested (not sure, maybe be explicit is good thing) - see _Problem2 - example_. Instead of this: ``` DenyThenTry< ( // Deny for top level XCM program DenyReserveTransferToRelayChain, // Dedicated barrier for nested XCM programs DenyInstructionsWithXcmFor< // Repeat all Deny filters here DenyReserveTransferToRelayChain, > ), ``` we could just use: ``` DenyThenTry< ( // Dedicated barrier for XCM programs DenyInstructionsWithXcmFor< // Add all `Deny` filters here DenyReserveTransferToRelayChain, ... > ), ``` - [POC Evaluation](#7200 (comment)) - [x] Consider better name `DenyInstructionsWithXcm` => `DenyRecursively`, more details at [here](#7200 (comment)) - [x] Clean-up and docs - [x] Merge #7169 or rebase this branch on the top of `yrong:fix-for-deny-then-try` - [x] Set for the runtimes where we use `DenyThenTry<Deny, Allow>` => `DenyThenTry<DenyRecursively<Deny>, Allow>` - [ ] Schedule sec.audit --------- Co-authored-by: Raymond Cheung <178801527+raymondkfcheung@users.noreply.github.com> Co-authored-by: cmd[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: ron <yrong1997@gmail.com> Co-authored-by: Francisco Aguirre <franciscoaguirreperez@gmail.com> Co-authored-by: Clara van Staden <claravanstaden64@gmail.com> Co-authored-by: Adrian Catangiu <adrian@parity.io> (cherry picked from commit bd7cf11)
paritytech-cmd-bot-polkadot-sdk
bot
requested a review
from a team
as a code owner
6 tasks
github-actions
bot
added
the
A3-backport
bkontur
approved these changes
Mar 3, 2025
Contributor
|
This pull request is amending an existing release. Please proceed with extreme caution,
Emergency Bypass
If you really need to bypass this check: add |
|
All GitHub workflows were cancelled due to failure one of the required jobs. |
raymondkfcheung
approved these changes
Mar 3, 2025
raymondkfcheung
moved this to SDK Released - Needs Integration
in fellowship/runtimes integrations queue
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Backport #7200 into
stable2503from bkontur.See the documentation on how to use this bot.