Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Checking program bytecode when submitting it for storage #608

Open
ameba23 opened this issue Jan 29, 2024 · 5 comments
Open

Checking program bytecode when submitting it for storage #608

ameba23 opened this issue Jan 29, 2024 · 5 comments
Labels
Feature introduces a new feature

Comments

@ameba23
Copy link
Contributor

ameba23 commented Jan 29, 2024

Currently it is possible to store a program (using the programs pallet's set_program) even if it's bytecode is invalid, or it has a configuration interface which is not compatible with the program. When registering there is also no check that the provided program pointer points to valid bytecode.

This is maybe rather an issue for the programs repo - as that should provide us with a way of checking validity of bytecode etc. But relevant here is where that would get called from in entropy-core.
@JesseAbram
Copy link
Member

so ya I think this should look like something like

fn validate_program_input(bytecode, messge, aux_data,  config_data) -> bool {
    // simulate return bool
}

// same idea here 
fn validate_hashing_algo

and it can live in two places. One would be core where you send the data over to a TSS and have it send back the result. However I think that is a worse option then having this compile down to wasm and run it client side (wasm for in the browser could be rust for program devs, however, I do believe there is already a way for program devs to test this in the programs repo, by compiling it to wasm and running their tests against this)

TLDR: I think in the programs repo, compiled to wasm, pushed to npm, pulled in by the sdk is the move

@ameba23
Copy link
Contributor Author

ameba23 commented Jan 29, 2024

doing it on the client side seems good - as long as there isn't a reason why someone would want to intentionally publish some garbage programs. i can't think why they would want to, but just putting the idea out there.

@JesseAbram
Copy link
Member

doing it on the client side seems good - as long as there isn't a reason why someone would want to intentionally publish some garbage programs. i can't think why they would want to, but just putting the idea out there.

I mean possible but the idea is to charge for state rent so that isn't an attack vector

@HCastano HCastano added the Feature introduces a new feature label May 17, 2024
@HCastano HCastano moved this to 📋 Backlog in Entropy Core May 17, 2024
@mixmix
Copy link
Contributor

mixmix commented Nov 12, 2024

This seems related to the "Dry Run" conversation @ameba23 . Maybe we could group all those related issue into a "Milestone"

Aside: when we were discussing "dry run" we were meaning "check content is valid/ functional before committing things to chain". When I said "dry run" to someone on my team they thought about --dry-run in some tools where the system mocks the actions and shows output, but doesn't actually mutate anything. => perhaps we need a different name ... e.g. "pre-flight-checks" ?

@ameba23
Copy link
Contributor Author

ameba23 commented Nov 13, 2024

Linking to the associated issue in the programs repo: entropyxyz/programs#95

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature introduces a new feature
Projects
Entropy Core
Status: 📋 Backlog
Milestone
No milestone
Development

No branches or pull requests
5 participants
@mixmix @jakehemmerle @ameba23 @HCastano @JesseAbram