Skip to content

Commit

Permalink
Restrict governance messages to governance channel id (#786)
Browse files Browse the repository at this point in the history 
* Restrict governance messages to governance channel id

* Fix tests and add tests

* Unused variable
  • Loading branch information
@tmpolaczyk
tmpolaczyk authored Dec 31, 2024
1 parent f6a021b commit 0b36a52
Show file tree
Hide file tree
Showing 3 changed files with 66 additions and 11 deletions.
7 changes: 6 additions & 1 deletion primitives/bridge/src/symbiotic_message_processor.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@

use frame_support::pallet_prelude::*;
use parity_scale_codec::DecodeAll;
use snowbridge_core::Channel;
use snowbridge_core::{Channel, PRIMARY_GOVERNANCE_CHANNEL};
use snowbridge_router_primitives::inbound::envelope::Envelope;
use snowbridge_router_primitives::inbound::MessageProcessor;
use sp_runtime::DispatchError;
Expand Down Expand Up @@ -84,6 +84,11 @@ where

match message {
Message::V1(InboundCommand::ReceiveValidators { validators }) => {
if envelope.channel_id != PRIMARY_GOVERNANCE_CHANNEL {
return Err(DispatchError::Other(
"Received governance message from invalid channel id",
));
}
pallet_external_validators::Pallet::<T>::set_external_validators(validators)?;
Ok(())
}
Expand Down
10 changes: 4 additions & 6 deletions solo-chains/runtime/dancelight/src/tests/inbound_queue_tests/integration_tests.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ use snowbridge_beacon_primitives::types::deneb;
use snowbridge_beacon_primitives::{ExecutionProof, VersionedExecutionPayloadHeader};
use snowbridge_core::{
inbound::{Log, Message, Proof},
Channel, ChannelId,
Channel, PRIMARY_GOVERNANCE_CHANNEL,
};
use snowbridge_router_primitives::inbound::envelope::OutboundMessageAccepted;
use sp_core::H256;
Expand All @@ -33,14 +33,12 @@ use tp_bridge::symbiotic_message_processor::{
InboundCommand, Message as SymbioticMessage, Payload, MAGIC_BYTES,
};

const MOCK_CHANNEL_ID: [u8; 32] = [0; 32];

#[test]
fn test_inbound_queue_message_passing() {
ExtBuilder::default().build().execute_with(|| {
let current_nonce = 1;

snowbridge_pallet_system::Channels::<Runtime>::set(ChannelId::from(MOCK_CHANNEL_ID), Some(Channel {
snowbridge_pallet_system::Channels::<Runtime>::set(PRIMARY_GOVERNANCE_CHANNEL, Some(Channel {
agent_id: Default::default(),
para_id: Default::default()
}));
Expand Down Expand Up @@ -71,7 +69,7 @@ fn test_inbound_queue_message_passing() {
} };

let event_with_empty_payload = OutboundMessageAccepted {
channel_id: MOCK_CHANNEL_ID.into(),
channel_id: <[u8; 32]>::from(PRIMARY_GOVERNANCE_CHANNEL).into(),
nonce: current_nonce,
message_id: Default::default(),
payload: vec![],
Expand Down Expand Up @@ -102,7 +100,7 @@ fn test_inbound_queue_message_passing() {
};

let event_with_valid_payload = OutboundMessageAccepted {
channel_id: MOCK_CHANNEL_ID.into(),
channel_id: <[u8; 32]>::from(PRIMARY_GOVERNANCE_CHANNEL).into(),
nonce: current_nonce,
message_id: Default::default(),
payload: payload.encode(),
Expand Down
60 changes: 56 additions & 4 deletions solo-chains/runtime/dancelight/src/tests/inbound_queue_tests/message_processor_tests.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ use crate::tests::common::ExtBuilder;
use crate::{ExternalValidators, Runtime};
use frame_support::pallet_prelude::*;
use keyring::AccountKeyring;
use snowbridge_core::Channel;
use snowbridge_core::{Channel, PRIMARY_GOVERNANCE_CHANNEL};
use snowbridge_router_primitives::inbound::envelope::Envelope;
use snowbridge_router_primitives::inbound::MessageProcessor;
use sp_core::{H160, H256};
Expand All @@ -36,7 +36,7 @@ fn test_symbiotic_message_processor() {
};

let envelope_with_invalid_payload = Envelope {
channel_id: H256::default().into(),
channel_id: PRIMARY_GOVERNANCE_CHANNEL,
gateway: H160::default(),
message_id: Default::default(),
nonce: 0,
Expand Down Expand Up @@ -65,7 +65,7 @@ fn test_symbiotic_message_processor() {
}),
};
let envelope = Envelope {
channel_id: H256::default().into(),
channel_id: PRIMARY_GOVERNANCE_CHANNEL,
gateway: H160::default(),
message_id: Default::default(),
nonce: 0,
Expand Down Expand Up @@ -95,7 +95,7 @@ fn test_symbiotic_message_processor() {
}),
};
let envelope = Envelope {
channel_id: H256::default().into(),
channel_id: PRIMARY_GOVERNANCE_CHANNEL,
gateway: H160::default(),
message_id: Default::default(),
nonce: 0,
Expand All @@ -121,3 +121,55 @@ fn test_symbiotic_message_processor() {
assert_eq!(ExternalValidators::validators(), expected_validators);
});
}

#[test]
fn test_symbiotic_message_processor_rejects_invalid_channel_id() {
ExtBuilder::default().build().execute_with(|| {
let default_channel = Channel {
agent_id: H256::default(),
para_id: 0.into(),
};

// No external validators are set right now
assert_eq!(
ExternalValidators::validators(),
ExternalValidators::whitelisted_validators()
);

let payload_validators = vec![
AccountKeyring::Alice.to_account_id(),
AccountKeyring::Charlie.to_account_id(),
AccountKeyring::Bob.to_account_id(),
];

let payload_with_correct_magic_bytes = Payload {
magic_bytes: MAGIC_BYTES,
message: Message::V1(InboundCommand::<Runtime>::ReceiveValidators {
validators: payload_validators.clone(),
}),
};
let envelope = Envelope {
channel_id: H256::default().into(),
gateway: H160::default(),
message_id: Default::default(),
nonce: 0,
payload: payload_with_correct_magic_bytes.encode(),
};
assert_eq!(
SymbioticMessageProcessor::<Runtime>::can_process_message(&default_channel, &envelope),
true
);
assert_eq!(
SymbioticMessageProcessor::<Runtime>::process_message(
default_channel.clone(),
envelope
),
Err(DispatchError::Other(
"Received governance message from invalid channel id"
))
);

let expected_validators = [ExternalValidators::whitelisted_validators()].concat();
assert_eq!(ExternalValidators::validators(), expected_validators);
});
}

0 comments on commit 0b36a52

Please sign in to comment.