feat: runtime metadata hash verification (#5467)

* feat: runtime metadata hash verification * feat: metadata hash in extrinsic creation * feat: add metadata-hash features in build commands in config.toml * fix: correct metadatahsh while tx construction * feat: dont do metadata hash verification for state chain client * feat: set metadata-hash feature in coverage check in ci * feat: set metadata-hash feature in coverage check in ci 2 * feat: set metadata-hash feature in coverage check in ci 3 * fix: correctly modify ci command * fix: minor * chore: optional build with metadata-hash * fix: cargo audit * chore: sort dependencies alphabetically --------- Co-authored-by: Daniel <daniel@chainflip.io>
chainflip-io · Dec 11, 2024 · 5a4bc00 · 5a4bc00
1 parent 09292c9
commit 5a4bc00
Show file tree

Hide file tree

Showing 10 changed files with 86 additions and 11 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -89,7 +89,6 @@ ethbloom = { version = "0.13" }
 ethereum = { version = "0.14", default-features = false }
 ethereum-types = { version = "0.14.1", default-features = false }
 ethers = { version = "2.0.8" }
-frame-metadata = { version = "16.0.0" }
 fs_extra = { version = "1.3.0" }
 futures = { version = "0.3.30" }
 futures-core = { version = "0.3.30" }
@@ -178,6 +177,8 @@ pallet-transaction-payment-rpc-runtime-api = { git = "https://github.com/chainfl
 frame-benchmarking = { git = "https://github.com/chainflip-io/polkadot-sdk.git", tag = "chainflip-substrate-1.15.2+2", default-features = false }
 frame-benchmarking-cli = { git = "https://github.com/chainflip-io/polkadot-sdk.git", tag = "chainflip-substrate-1.15.2+2", default-features = false }
 frame-executive = { git = "https://github.com/chainflip-io/polkadot-sdk.git", tag = "chainflip-substrate-1.15.2+2", default-features = false }
+frame-metadata = { version = "16.0.0", default-features = false }
+frame-metadata-hash-extension = { git = "https://github.com/chainflip-io/polkadot-sdk.git", tag = "chainflip-substrate-1.15.2+2", default-features = false }
 frame-support = { git = "https://github.com/chainflip-io/polkadot-sdk.git", tag = "chainflip-substrate-1.15.2+2", default-features = false }
 frame-system = { git = "https://github.com/chainflip-io/polkadot-sdk.git", tag = "chainflip-substrate-1.15.2+2", default-features = false }
 frame-system-benchmarking = { git = "https://github.com/chainflip-io/polkadot-sdk.git", tag = "chainflip-substrate-1.15.2+2", default-features = false }

diff --git a/engine/Cargo.toml b/engine/Cargo.toml
@@ -100,6 +100,10 @@ codec = { workspace = true, default-features = true, features = [
   "derive",
   "full",
 ] }
+frame-metadata = { workspace = true, default-features = true, features = [
+  "current",
+] }
+frame-metadata-hash-extension = { workspace = true }
 frame-support = { workspace = true, default-features = true }
 frame-system = { workspace = true, default-features = true }
 sc-rpc-api = { workspace = true, default-features = true }
@@ -113,9 +117,6 @@ sp-runtime = { workspace = true, default-features = true }
 sp-version = { workspace = true, default-features = true }
 substrate-frame-rpc-system = { workspace = true }
 
-frame-metadata = { workspace = true, default-features = true, features = [
-  "current",
-] }
 serde_bytes = { workspace = true, default-features = true }
 bs58 = { workspace = true, default-features = true }
 base64 = { workspace = true }

diff --git a/engine/src/state_chain_observer/client/extrinsic_api/signed/signer.rs b/engine/src/state_chain_observer/client/extrinsic_api/signed/signer.rs
@@ -58,6 +58,9 @@ where
 			// This is the tx fee tip. Normally this determines transaction priority. We currently
 			// ignore this in the runtime but it needs to be set to some default value.
 			state_chain_runtime::ChargeTransactionPayment::from(0),
+			frame_metadata_hash_extension::CheckMetadataHash::<state_chain_runtime::Runtime>::new(
+				false,
+			),
 		);
 		let additional_signed = (
 			(),
@@ -68,6 +71,7 @@ where
 			(),
 			(),
 			(),
+			None,
 		);
 
 		let signed_payload = state_chain_runtime::SignedPayload::from_raw(

diff --git a/engine/src/state_chain_observer/client/extrinsic_api/signed/submission_watcher.rs b/engine/src/state_chain_observer/client/extrinsic_api/signed/submission_watcher.rs
@@ -547,7 +547,7 @@ impl<'a, 'env, BaseRpcClient: base_rpc_api::BaseRpcApi + Send + Sync + 'static>
 
 				// Find any submissions that are for the nonce of the extrinsic
 				if let Some(submissions) = extrinsic.signature.as_ref().and_then(
-					|(address, _, (.., frame_system::CheckNonce(nonce), _, _))| {
+					|(address, _, (.., frame_system::CheckNonce(nonce), _, _, _))| {
 						// We only care about the extrinsic if it is from our account
 						(*address == MultiAddress::Id(self.signer.account_id.clone()))
 							.then_some(())

diff --git a/state-chain/node/Cargo.toml b/state-chain/node/Cargo.toml
@@ -64,6 +64,9 @@ sp-io = { workspace = true, default-features = true }
 sp-timestamp = { workspace = true, default-features = true }
 sp-inherents = { workspace = true, default-features = true }
 sp-keyring = { workspace = true, default-features = true }
+
+# FRAME dependencies
+frame-metadata-hash-extension = { workspace = true }
 frame-system = { workspace = true, default-features = true }
 pallet-transaction-payment = { workspace = true, default-features = true }
 

diff --git a/state-chain/node/src/benchmarking.rs b/state-chain/node/src/benchmarking.rs
@@ -82,6 +82,7 @@ pub fn create_benchmark_extrinsic(
 		frame_system::CheckNonce::<runtime::Runtime>::from(nonce),
 		frame_system::CheckWeight::<runtime::Runtime>::new(),
 		pallet_transaction_payment::ChargeTransactionPayment::<runtime::Runtime>::from(0),
+		frame_metadata_hash_extension::CheckMetadataHash::<runtime::Runtime>::new(false),
 	);
 
 	let raw_payload = runtime::SignedPayload::from_raw(
@@ -96,6 +97,7 @@ pub fn create_benchmark_extrinsic(
 			(),
 			(),
 			(),
+			None,
 		),
 	);
 	let signature = raw_payload.using_encoded(|e| sender.sign(e));

diff --git a/state-chain/runtime/Cargo.toml b/state-chain/runtime/Cargo.toml
@@ -70,9 +70,11 @@ pallet-session = { workspace = true, features = ["historical"] }
 # Substrate dependencies
 frame-benchmarking = { workspace = true, optional = true }
 frame-executive = { workspace = true }
+frame-metadata-hash-extension = { workspace = true }
 frame-support = { workspace = true }
 frame-system = { workspace = true }
 frame-system-benchmarking = { workspace = true, optional = true }
+frame-try-runtime = { workspace = true, optional = true }
 
 pallet-aura = { workspace = true }
 pallet-grandpa = { workspace = true }
@@ -84,6 +86,7 @@ sp-block-builder = { workspace = true }
 sp-consensus-aura = { workspace = true, features = ["serde"] }
 sp-consensus-grandpa = { workspace = true, features = ["serde"] }
 sp-core = { workspace = true, features = ["serde"] }
+sp-genesis-builder = { workspace = true }
 sp-inherents = { workspace = true }
 sp-offchain = { workspace = true }
 sp-runtime = { workspace = true, features = ["serde"] }
@@ -92,10 +95,6 @@ sp-std = { workspace = true }
 sp-transaction-pool = { workspace = true }
 sp-version = { workspace = true }
 
-sp-genesis-builder = { workspace = true }
-
-frame-try-runtime = { workspace = true, optional = true }
-
 # Used for RPCs
 frame-system-rpc-runtime-api = { workspace = true }
 pallet-transaction-payment-rpc-runtime-api = { workspace = true }
@@ -207,6 +206,7 @@ std = [
   "sp-version/std",
   "dep:cf-test-utilities",
   "dep:substrate-wasm-builder",
+  "frame-metadata-hash-extension/std",
 ]
 try-runtime = [
   "cf-runtime-utilities/try-runtime",
@@ -243,3 +243,4 @@ try-runtime = [
   "pallet-authorship/try-runtime",
   "sp-runtime/try-runtime",
 ]
+metadata-hash = ["substrate-wasm-builder/metadata-hash"]
diff --git a/state-chain/runtime/build.rs b/state-chain/runtime/build.rs
@@ -1,10 +1,20 @@
 fn main() {
-	#[cfg(feature = "std")]
+	#[cfg(all(feature = "std", not(feature = "metadata-hash")))]
 	{
 		substrate_wasm_builder::WasmBuilder::new()
 			.with_current_project()
 			.export_heap_base()
 			.import_memory()
 			.build();
 	}
+
+	#[cfg(all(feature = "std", feature = "metadata-hash"))]
+	{
+		substrate_wasm_builder::WasmBuilder::new()
+			.with_current_project()
+			.export_heap_base()
+			.import_memory()
+			.enable_metadata_hash("FLIP", 18)
+			.build();
+	}
 }
diff --git a/state-chain/runtime/src/lib.rs b/state-chain/runtime/src/lib.rs
@@ -213,7 +213,7 @@ pub const VERSION: RuntimeVersion = RuntimeVersion {
 	spec_version: 180,
 	impl_version: 1,
 	apis: RUNTIME_API_VERSIONS,
-	transaction_version: 12,
+	transaction_version: 13,
 	state_version: 1,
 };
 
@@ -1159,6 +1159,7 @@ pub type SignedExtra = (
 	frame_system::CheckNonce<Runtime>,
 	frame_system::CheckWeight<Runtime>,
 	pallet_transaction_payment::ChargeTransactionPayment<Runtime>,
+	frame_metadata_hash_extension::CheckMetadataHash<Runtime>,
 );
 /// Unchecked extrinsic type as expected by this runtime.
 pub type UncheckedExtrinsic =