Skip to content
This repository has been archived by the owner on May 21, 2024. It is now read-only.

Configure Origins for Transact in a secure way #118

Open
hbulgarini opened this issue Jan 17, 2023 · 5 comments
Open

Configure Origins for Transact in a secure way #118

hbulgarini opened this issue Jan 17, 2023 · 5 comments
Assignees
@hbulgarini
Labels
enhancement New feature or request
Milestone
Trappist M2 / XCM v3

Comments

@hbulgarini
Copy link
Contributor

For the sub0 presentation i did a hack for converting the XCM caller into the proper chain Origin:

pub struct ParachainAccountId32Aliases<Network, AccountId>(PhantomData<(Network, AccountId)>);
impl<Network: Get<Option<NetworkId>>, AccountId: From<[u8; 32]> + Into<[u8; 32]> + Clone>
	Convert<MultiLocation, AccountId> for ParachainAccountId32Aliases<Network, AccountId>
{
	fn convert(location: MultiLocation) -> Result<AccountId, MultiLocation> {
		let id = match location {
			MultiLocation { parents: 1, interior: X2(Parachain(_), AccountId32 { id, network: None }) } => id,
			MultiLocation { parents: 1, interior: X2(Parachain(_), AccountId32 { id, network }) }
				if network == Network::get() =>
				id,
			_ => return Err(location),
		};
		Ok(id.into())
	}

	fn reverse(who: AccountId) -> Result<MultiLocation, AccountId> {
		Ok(AccountId32 { id: who.into(), network: Network::get() }.into())
	}
}

https://github.com/paritytech/trappist/blob/sub0_2022/runtime/trappist/src/xcm_config.rs#L73:L91

While i was discussing this implementation with the moonbeam guys, they addressed this configuration might bring some security issues (like sending the call from other parachain than the one expected and pass the Origin convertion anyway).

The point here would be to properly extract which account and which chain the XCM message was sent from so we can properly address the security around this.
@hbulgarini hbulgarini added the enhancement New feature or request label Jan 17, 2023
@stiiifff stiiifff added this to the Trappist M2 / XCM v3 milestone Jan 25, 2023
@hbulgarini
Copy link
Contributor Author

@stiiifff can i take this one?

@stiiifff
Copy link
Contributor

stiiifff commented Feb 28, 2023
edited
Loading

@hbulgarini I'd rather complete M1 first.

@hbulgarini
Copy link
Contributor Author

hbulgarini commented Mar 1, 2023
edited
Loading

@hbulgarini I'd rather complete M1 first.

Yes, the idea is once M1 is completed not now.

@stiiifff
Copy link
Contributor

stiiifff commented May 1, 2023

@hbulgarini can you review this one and amend if needed ?
Ideally, the design need to be fully specified before we can move it to the Ready status.

@hbulgarini
Copy link
Contributor Author

@hbulgarini can you review this one and amend if needed ? Ideally, the design need to be fully specified before we can move it to the Ready status.

It seems that XCM code base has considered this need already with this new PR: paritytech/polkadot#6662

Potentially i will review that feature in order to implement this one.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@hbulgarini hbulgarini

Labels
enhancement New feature or request
Projects
None yet
Milestone
Trappist M2 / XCM v3
Development

No branches or pull requests
2 participants
@stiiifff @hbulgarini