ilyakooo0/urbit
1
0
Fork 0
mirror of https://github.com/ilyakooo0/urbit.git synced 2024-09-20 23:18:00 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/philip/naive' into naive/aggregator

Browse Source
This commit is contained in:
yosoyubik 2021-07-02 07:03:22 +02:00
commit be79e0653c
2 changed files with 354 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

169
pkg/arvo/lib/naive.hoon
View File

@ -1,28 +1,72 @@
:: L1 contract changes:
:: - Enforce that once spawn proxy is set to deposit address, it can't
:: t Enforce that once spawn proxy is set to deposit address, it can't
:: switched back
:: - Enforce that once spawn proxy is set to deposit address, you can't
:: t Enforce that once spawn proxy is set to deposit address, you can't
:: spawn children
:: - Possibly the same for approveForAll
:: - Enforce that only ownership key can set spawn proxy to rollup.
:: maybe not though
:: - Disallow depositing galaxy to L2
:: - When depositing, clear proxies (maybe require reset)
:: - Maybe require that we're not depositing from a contract?
:: + Possibly the same for approveForAll. No, because we're not going
:: to support approveForAll on L2
:: + Enforce that only ownership key can set spawn proxy to rollup.
:: maybe not though. Yeah, a spawn proxy should be able to set spawn
:: proxy to the rollup
:: t Disallow depositing galaxy to L2
:: + When depositing, clear proxies (maybe require reset). On L1 only,
:: not L2. If we don't do this, we need to make sure they can't keep
:: doing stuff using the proxies. Probably better to clear the
:: proxies explicitly instead of requiring _reset
:: t Maybe require that we're not depositing from a contract? But
:: what if they're depositing from something that's a contract, but the
:: owner is not a contract? Probably best for the only condition to
:: be that the owner is not a contract
:: + disallow spawning to deposit address? maybe, else we need to
:: default the ownership somehow. Or maybe this happens automatically
:: because it uses the safe transfer flow? Yes, _direct will never
:: be true unless we're depositing to ourself, so it'll go to the
:: owner address, which will never be the deposit address. So we're
:: safe.
:: t If either side is on L2, then all sponsorship happens on L2. If
:: both are on L1, sponsorship happens on L1
:: - Maybe should special-case spawning directly to L2? Acceptable
:: right now but not ideal.
::
:: TODO: can an L1 star adopt an L2 planet? It's not obvious how --
:: maybe they need to adopt as an L2 transaction? That sounds right I
:: think. Can an L2 star adopt an L1 planet? I guess, but L1 wouldn't
:: know about it. Should L1 check whether the escape target is on L2
:: for some reason? IMO if either side is on L2, then both sides
:: should operate on L2
:: should operate on L2.
::
:: I think the answer is that if either side is on L2, it's on L2; if
:: both are on L1, then it can be on either. L1 reading sponsorship
:: state cannot know the sponsorship info is correct; only L2 knows.
:: However, you can still use an on-chain multi-sig to control your
:: sponsorship as long as you don't create a proxy that could send
:: stuff on L2.
::
:: TODO: is it possible to spawn directly to the deposit address? if
:: so, should we find its parent's owner to control it?
::
:: TODO: need to find out what happens when you transfer with reset.
:: since the setOwner happens first, it might crash the rollup when the
:: other changes come
::
:: TODO: secp needs to not crash the process when you give it a bad
:: v/recid. See #4797
::
:: TODO: check if spawning is gated on "link"ing
::
:: TODO: make process-set-spawn-proxy work if you're on domain %spawn
::
:: TODO: make sure you can spawn with the spawn proxy after on domain
:: %spawn
::
:: TODO: planet shouldn't be able to set spawn proxy
::
:: TODO: make sure that if we've already been deposited to L2, no
:: further L1 logs count except detach.
::
:: TODO: change sponsorship to reject adoptions from L1 if they don't
:: accord with our local escape state?
::
/+ std
=> => std
:: Laconic bit
@ -35,7 +79,7 @@
::
:: 0x1234567890123456789012345678901234567890
::
++ deposit-address 0x1234.5678.9012.3456.7890.1234.5678.9012.3456.7890
++ deposit-address 0x1111.1111.1111.1111.1111.1111.1111.1111.1111.1111
++ log-names
|%
:: Generated with (keccak-256:keccak:crypto (as-octs:mimes:html name))
@ -512,7 +556,7 @@
^- [=effects new-point=^point]
::
?: =(log-name changed-spawn-proxy:log-names)
?> ?=(%l1 -.point)
?. ?=(%l1 -.point) `point
?> ?=([@ ~] t.t.topics.log)
=* to i.t.t.topics.log
:: Depositing to L2 is represented by a spawn proxy change on L1,
@ -524,10 +568,55 @@
:- [%point ship %spawn-proxy to]~
point(address.spawn-proxy.own to)
::
?: =(log-name escape-accepted:log-names)
?> ?=([@ ~] t.t.topics.log)
=* parent=@ i.t.t.topics.log
=/ parent-point (get-point state parent)
?> ?=(^ parent-point)
?: |(?=(%l2 -.point) ?=(%l2 -.u.parent-point)) `point
:- [%point ship %sponsor `parent]~
point(escape.net ~, sponsor.net [%& parent])
::
?: =(log-name lost-sponsor:log-names)
?> ?=([@ ~] t.t.topics.log)
=* parent=@ i.t.t.topics.log
:: If the sponsor we lost was not our actual sponsor, we didn't
:: actually lose anything.
::
?. =(parent who.sponsor.net.point) `point
::
=/ parent-point (get-point state parent)
?> ?=(^ parent-point)
::
:: We can detach even if the child is on L2, as long as the parent
:: is on L1.
::
?: ?=(%l2 -.u.parent-point) `point
:- [%point ship %sponsor ~]~
point(has.sponsor.net %|)
::
?: =(log-name escape-requested:log-names)
?> ?=([@ ~] t.t.topics.log)
=* parent=@ i.t.t.topics.log
=/ parent-point (get-point state parent)
?> ?=(^ parent-point)
?: |(?=(%l2 -.point) ?=(%l2 -.u.parent-point)) `point
:- [%point ship %escape `parent]~
point(escape.net `parent)
::
?: =(log-name escape-canceled:log-names)
?> ?=([@ ~] t.t.topics.log)
=* parent=@ i.t.t.topics.log
=/ parent-point (get-point state parent)
?> ?=(^ parent-point)
?: |(?=(%l2 -.point) ?=(%l2 -.u.parent-point)) `point
:- [%point ship %escape ~]~
point(escape.net ~)
::
:: The rest can be done by any ship on L1, even if their spawn proxy
:: is set to L2
::
?< ?=(%l2 -.point)
?: ?=(%l2 -.point) `point
::
?: =(log-name broke-continuity:log-names)
?> ?=(~ t.t.topics.log)
@ -546,30 +635,6 @@
:- [%point ship %keys keys]~
point(keys.net keys)
::
?: =(log-name escape-accepted:log-names)
?> ?=([@ ~] t.t.topics.log)
=* parent=@ i.t.t.topics.log
:- [%point ship %sponsor `parent]~
point(escape.net ~, sponsor.net [%& parent])
::
?: =(log-name lost-sponsor:log-names)
?> ?=([@ ~] t.t.topics.log)
=* parent i.t.t.topics.log
:- [%point ship %sponsor ~]~
point(has.sponsor.net %|)
::
?: =(log-name escape-requested:log-names)
?> ?=([@ ~] t.t.topics.log)
=* parent=@ i.t.t.topics.log
:- [%point ship %escape `parent]~
point(escape.net `parent)
::
?: =(log-name escape-canceled:log-names)
?> ?=([@ ~] t.t.topics.log)
=* parent i.t.t.topics.log
:- [%point ship %escape ~]~
point(escape.net ~)
::
?: =(log-name owner-changed:log-names)
?> ?=([@ ~] t.t.topics.log)
=* to i.t.t.topics.log
@ -671,15 +736,15 @@
|^
^- (unit [effects ^state])
?- +<.tx
%spawn (process-spawn +>.tx)
%transfer-point (w-point process-transfer-point ship.from.tx +>.tx)
%configure-keys (w-point process-configure-keys ship.from.tx +>.tx)
%escape (w-point process-escape ship.from.tx +>.tx)
%cancel-escape (w-point process-cancel-escape ship.from.tx +>.tx)
%adopt (w-point process-adopt ship.tx +>.tx)
%reject (w-point process-reject ship.tx +>.tx)
%detach (w-point process-detach ship.tx +>.tx)
%set-spawn-proxy (w-point process-set-spawn-proxy ship.from.tx +>.tx)
%spawn (process-spawn +>.tx)
%transfer-point (w-point process-transfer-point ship.from.tx +>.tx)
%configure-keys (w-point process-configure-keys ship.from.tx +>.tx)
%escape (w-point-esc process-escape ship.from.tx +>.tx)
%cancel-escape (w-point-esc process-cancel-escape ship.from.tx +>.tx)
%adopt (w-point-esc process-adopt ship.tx +>.tx)
%reject (w-point-esc process-reject ship.tx +>.tx)
%detach (w-point-esc process-detach ship.tx +>.tx)
%set-spawn-proxy (w-point process-set-spawn-proxy ship.from.tx +>.tx)
%set-transfer-proxy
(w-point process-set-transfer-proxy ship.from.tx +>.tx)
::
@ -692,7 +757,16 @@
^- (unit [effects ^state])
=/ point (get-point state ship)
?~ point (debug %strange-ship ~)
?. ?=(%l2 -.u.point) (debug %ship-not-on-l2 ~)
=/ res=(unit [=effects new-point=^point]) (fun u.point rest)
?~ res
~
`[effects.u.res state(points (~(put by points.state) ship new-point.u.res))]
::
++ w-point-esc
|* [fun=$-([ship point *] (unit [effects point])) =ship rest=*]
^- (unit [effects ^state])
=/ point (get-point state ship)
?~ point (debug %strange-ship ~)
=/ res=(unit [=effects new-point=^point]) (fun u.point rest)
?~ res
~
@ -881,6 +955,9 @@
?. |(=(%own proxy.from.tx) =(%spawn proxy.from.tx))
(debug %bad-permission ~)
::
?: (gte (ship-rank ship.from.tx) 2)
(debug %spawn-proxy-planet ~)
::
:+ ~ [%point ship.from.tx %spawn-proxy address]~
point(address.spawn-proxy.own address)
::

239
pkg/arvo/tests/lib/naive.hoon
View File

@ -24,6 +24,54 @@
^- [effects:naive ^state:naive]
(n state (owner-changed:l1 ~wes (addr %wes-key-0)))
::
:: ~rut is for "full testing"
:: ~rigrut is L1 star
:: ~larsyx-mapmeg is L1 planet under ~rigrut
:: ~holrut is L1 star w/ L2 spawn proxy
:: ~rabsum-ravtyd is L1 planet under ~holrut
:: ~dovmul-mogryt is L2 planet under ~holrut made w/ %own proxy
:: ~pidted-dacnum is L2 planet under ~holrut made w/ %spawn proxy predeposited
:: TODO: L2 planet ~nacbes-mogmev made with L2 spawn proxy postdeposited (currently doesnt work)
::
:: ~losrut is L2 star
:: ~radres-tinnyl is L1 planet under ~losrut
:: ~pinpun-pilsun is L2 planet under ~losrut made w/ %own proxy
:: ~habtyc-nibpyx is L2 planet under ~losrut made w/ %spawn proxy predeposited
:: ~disryt-nolpet is L2 planet under ~losrut made w/ %spawn proxy postdeposited
::
:: nonces in the end state (0 if not stated):
:: ~holrut %own 1
:: ~losrut %own 2
:: ~losrut %spawn 1
::
++ init-rut-full
|= =^state:naive
^- [effects:naive ^state:naive]
=/ dm-spawn [[~holrut %own] %spawn ~dovmul-mogryt (addr %holrut-dm-key-0)]
=/ pd-spawn [[~holrut %spawn] %spawn ~pidted-dacnum (addr %holrut-pd-key-0)]
=/ pp-spawn [[~losrut %own] %spawn ~pinpun-pilsun (addr %losrut-pp-key-0)]
=/ hn-spawn [[~losrut %spawn] %spawn ~habtyc-nibpyx (addr %losurt-hn-key-0)]
=/ losrut-sproxy [[~losrut %spawn] %set-spawn-proxy (addr %losrut-skey-1)]
=/ dn-spawn [[~losrut %spawn] %spawn ~disryt-nolpet (addr %losrut-dn-key-0)]
=^ f1 state (n state (owner-changed:l1 ~rut (addr %rut-key-0)))
=^ f2 state (n state (owner-changed:l1 ~rigrut (addr %rigrut-key-0)))
=^ f3 state (n state (owner-changed:l1 ~holrut (addr %holrut-key-0)))
=^ f4 state (n state (owner-changed:l1 ~losrut (addr %losrut-key-0)))
=^ f5 state (n state (owner-changed:l1 ~larsyx-mapmeg (addr %rigrut-lm-key-0)))
=^ f6 state (n state (owner-changed:l1 ~rabsum-ravtyd (addr %holrut-rr-key-0)))
=^ f7 state (n state (owner-changed:l1 ~radres-tinnyl (addr %losrut-rt-ket-0)))
=^ f8 state (n state (changed-spawn-proxy:l1 ~holrut (addr %holrut-skey)))
=^ f8 state (n state (changed-spawn-proxy:l1 ~losrut (addr %losrut-skey-0)))
=^ f8 state (n state (changed-spawn-proxy:l1 ~holrut deposit-address:naive))
=^ f9 state (n state %bat q:(gen-tx 0 dm-spawn %holrut-key-0))
=^ f10 state (n state %bat q:(gen-tx 0 pd-spawn %holrut-skey))
=^ f11 state (n state (owner-changed:l1 ~losrut deposit-address:naive))
=^ f12 state (n state %bat q:(gen-tx 0 pp-spawn %losrut-key-0))
=^ f13 state (n state %bat q:(gen-tx 0 hn-spawn %losrut-skey-0))
=^ f14 state (n state %bat q:(gen-tx 1 losrut-sproxy %losrut-skey-0))
=^ f15 state (n state %bat q:(gen-tx 2 dn-spawn %losrut-skey-1))
[:(welp f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 f13 f14 f15) state]
::
:: ~dopbud is for testing L1 ownership with L2 spawn proxy
::
++ init-dopbud
@ -50,7 +98,7 @@
|= =^state:naive
^- [effects:naive ^state:naive]
:: ~bud should already be spawned, though trying to init ~bud again shouldn't matter i think?
:: =^ f1 state (init-bud state)
=^ f1 state (init-bud state)
=^ f2 state (n state (owner-changed:l1 ~litbud (addr %litbud-key-0)))
=^ f3 state (n state (owner-changed:l1 ~litbud deposit-address:naive))
[:(welp f2 f3) state]
@ -64,6 +112,129 @@
=^ f2 state (n state (owner-changed:l1 ~sambud (addr %sambud-key-0)))
[:(welp f1 f2) state]
::
:: generates all possible transactions and maps them to whether they ought to succeed
++ l2-event-gen
|%
+$ rank ?(%galaxy %star %planet)
+$ tx-type ?(%transfer-point %spawn %configure-keys %escape %cancel-escape %adopt %reject %detach %set-management-proxy %set-spawn-proxy %set-transfer-proxy)
+$ event [=rank owner=? nonce=? =dominion:naive =proxy:naive =tx-type]
+$ tx-deck (list event)
+$ succeed (map tx-type ?)
::
++ make-tx-deck ^- tx-deck
=| =tx-deck
=/ rank-i 1
|-
?: (gth rank-i 3)
tx-deck
=/ owner-i 0
|-
?. (lte owner-i 1)
^$(rank-i +(rank-i))
=/ nonce-i 0
|-
?. (lte nonce-i 1)
^$(owner-i +(owner-i))
=/ dominion-i 1
|-
?. (lte dominion-i 3)
^$(nonce-i +(nonce-i))
=/ proxy-i 1
|-
?. (lte proxy-i 5)
^$(dominion-i +(dominion-i))
=/ tx-type-i 1
|-
?. (lte tx-type-i 11)
^$(proxy-i +(proxy-i))
%= $
tx-type-i +(tx-type-i)
tx-deck [(num-to-rank rank-i) (num-to-flag owner-i) (num-to-flag nonce-i) (num-to-dominion dominion-i) (num-to-proxy proxy-i) (num-to-tx-type tx-type-i)]^tx-deck
==
::
++ num-to-flag
|= val=@ud ^- ?
?+ val !!
%0 %.y
%1 %.n
==
::
++ num-to-rank
|= val=@ud ^- rank
?+ val !!
%1 %galaxy
%2 %star
%3 %planet
==
::
++ num-to-dominion
|= val=@ud ^- dominion:naive
?+ val !!
%1 %l1
%2 %l2
%3 %spawn
==
::
++ num-to-proxy
|= val=@ud ^- proxy:naive
?+ val !!
%1 %own
%2 %spawn
%3 %manage
%4 %vote
%5 %transfer
==
::
++ num-to-tx-type
|= val=@ud ^- tx-type
?+ val !!
%1 %transfer-point
%2 %spawn
%3 %configure-keys
%4 %escape
%5 %cancel-escape
%6 %adopt
%7 %reject
%8 %detach
%9 %set-management-proxy
%10 %set-spawn-proxy
%11 %set-transfer-proxy
==
::
:: checks to see if a given proxy+event combo should work, assuming that
:: the pk and nonce are correct
::
++ tx-succeed
|= tx=tx:naive ^- ?
=* prx proxy.from.tx
?: =(prx %own)
%.y
?: =(prx %vote)
%.n
?- +<.tx
?(%spawn %set-spawn-proxy)
?+ prx %.n
%spawn %.y
%manage %.n
%vote %.n
==
?(%transfer-point %set-transfer-proxy)
?+ prx %.n
%spawn %.n
%manage %.n
%transfer %.y
==
:: TODO: how do i make the following two lines?
?(%configure-keys %escape %cancel-escape %adopt %reject %detach %set-management-proxy)
?+ prx %.n
%spawn %.n
%manage %.y
%transfer %.n
==
==
::
--
::
++ l1
|%
::
@ -161,6 +332,9 @@
:: Tests
::
|%
:: new tests
::
:: old tests
++ test-log ^- tang
%+ expect-eq
!>
@ -334,7 +508,7 @@
=^ f state (n state %bat q:(gen-tx 0 marbud-mproxy %marbud-key-0))
management-proxy.own:(~(got by points.state) ~marbud)
::
++ test-l2-spawn-proxy-deposit ^- tang
++ test-l2-dopbud-spawn-proxy-deposit ^- tang
%+ expect-eq
!> %spawn
::
@ -343,6 +517,55 @@
=^ f state (init-dopbud state)
dominion:(~(got by points.state) ~dopbud)
::
++ test-l2-sambud-spawn-proxy-predeposit ^- tang
%+ expect-eq
!> [(addr %sambud-skey) 0]
::
!>
=| =^state:naive
=^ f state (init-sambud state)
=^ f state (n state (changed-spawn-proxy:l1 ~sambud (addr %sambud-skey)))
=^ f state (n state (changed-spawn-proxy:l1 ~sambud deposit-address:naive))
spawn-proxy.own:(~(got by points.state) ~sambud)
::
++ test-l2-sambud-own-spawn-proxy-postdeposit ^- tang
=/ sambud-sproxy [[~sambud %own] %set-spawn-proxy (addr %sambud-skey-0)]
%+ expect-eq
!> [(addr %sambud-skey-0) 0]
::
!>
=| =^state:naive
=^ f state (init-sambud state)
=^ f state (n state (changed-spawn-proxy:l1 ~sambud deposit-address:naive))
=^ f state (n state %bat q:(gen-tx 0 sambud-sproxy %sambud-key-0))
spawn-proxy.own:(~(got by points.state) ~sambud)
::
++ test-l2-sambud-spawn-spawn-proxy-postdeposit ^- tang
=/ sambud-sproxy [[~sambud %spawn] %set-spawn-proxy (addr %sambud-skey-1)]
%+ expect-eq
!> [(addr %sambud-skey-1) 0]
::
!>
=| =^state:naive
=^ f state (init-sambud state)
=^ f state (n state (changed-spawn-proxy:l1 ~sambud (addr %sambud-skey-0)))
=^ f state (n state (changed-spawn-proxy:l1 ~sambud deposit-address:naive))
=^ f state (n state %bat q:(gen-tx 0 sambud-sproxy %sambud-skey-0))
spawn-proxy.own:(~(got by points.state) ~sambud)
::
++ test-l2-sambud-spawn-proxy-predeposit-spawn ^- tang
=/ lf-spawn [[~sambud %spawn] %spawn ~lisdur-fodrys (addr %lf-key-0)]
%+ expect-eq
!> [`@ux`(addr %lf-key-0) 0]
::
!>
=| =^state:naive
=^ f state (init-sambud state)
=^ f state (n state (changed-spawn-proxy:l1 ~sambud (addr %sambud-skey)))
=^ f state (n state (changed-spawn-proxy:l1 ~sambud deposit-address:naive))
=^ f state (n state %bat q:(gen-tx 0 lf-spawn %sambud-skey))
transfer-proxy.own:(~(got by points.state) ~lisdur-fodrys)
::
++ test-marbud-l2-spawn ^- tang
=/ marbud-sproxy [marbud-own %set-spawn-proxy (addr %marbud-skey)]
=/ lt-spawn [%spawn ~linnup-torsyx (addr %lt-key-0)]
@ -412,18 +635,18 @@
:: TODO: make sure nobody else can change these keys
==
::
++ new-test-marbud-l2-change-keys ^- tang
++ test-marbud-l2-change-keys-new ^- tang
=/ new-keys [%configure-keys suit encr auth |]
=| =^state:naive
=^ f state (init-marbud state)
=/ expect-state state
:: not sure why this isn't working, maybe check the +increment-nonce code for an example
=/ marbud-point (~(got by points.state) ~marbud)
=/ new-marbud marbud-point(keys.net [1 suit auth encr], nonce.owner.own 1)
::
%+ expect-eq
!> expect-state
::!> state(keys.net:(~(got by points.state ~marbud)) [1 suit auth encr])
!> state(points (~(put by points.state) ~marbud new-marbud))
::
!>
=^ f state (n state %bat q:(gen-tx 0 [marbud-own new-keys] %marbud-key-1))
=^ f state (n state %bat q:(gen-tx 0 [marbud-own new-keys] %marbud-key-0))
state
::
:: TODO: transfer breach via transfer proxy