Create a versioned KernelStateValue which is only partially accessi…

…ble from user space (#1163)

* Add slot height to context

* Deduplicate state/accessory values using trait

* Deduplicate state/accessory maps with trait

* Deduplicate state/accessory vecs with trait

* Move vec tests into trait

* Minor refactor: reorganize layout

* Revert "Add slot height to context"

This reverts commit 1e8326d.

* Fix tests

* fmt

* clippy

* update lockfiles

* fix test

* lint again

* fix macro test

* fix test; lint again

* fix docs. Lint again

* even more docs and linting

* clippy again

* Fix benches

* Implement versioned kernel values

* Add slot height to context

* protect kernel working set

* lint

* Fix no_std

* Add working_set tests

* fix fuzz target

examples/demo-rollup/stf/src/runtime.rs

@@ -42,12 +42,12 @@ use sov_chain_state::{ChainStateRpcImpl, ChainStateRpcServer};
 #[cfg(feature = "native")]
 #[cfg(feature = "experimental")]
 use sov_evm::{EvmRpcImpl, EvmRpcServer};
-use sov_modules_api::capabilities::{BlobRefOrOwned, BlobSelector};
 #[cfg(feature = "native")]
 pub use sov_modules_api::default_context::DefaultContext;
 use sov_modules_api::macros::DefaultRuntime;
 #[cfg(feature = "native")]
 use sov_modules_api::macros::{expose_rpc, CliWallet};
+use sov_modules_api::runtime::capabilities::{BlobRefOrOwned, BlobSelector};
 #[cfg(feature = "native")]
 use sov_modules_api::Spec;
 use sov_modules_api::{Context, DispatchCall, Genesis, MessageCodec};

examples/simple-nft-module/README.md

@@ -1,6 +1,5 @@
 # How to Create a New Module Using the Module System
 
-
 ### Understanding the Module System
 
 The Sovereign Software Development Kit (SDK) includes a [Module System](../../module-system/README.md),
@@ -14,7 +13,7 @@ These modules are the fundamental building blocks of a rollup and include:
 
 ### Creating a Non-Fungible Token (NFT) Module
 
-**Note**: This tutorial focuses on illustrating the usage of the Sovereign SDK by creating a simple NFT module. 
+**Note**: This tutorial focuses on illustrating the usage of the Sovereign SDK by creating a simple NFT module.
 The focus here is on the module system and not the application logic. For a more complete NFT module, please refer
 to [sov-nft-module](../../module-system/module-implementations/sov-nft-module)
 
@@ -220,7 +219,7 @@ impl<C: sov_modules_api::Context> sov_modules_api::Module for NonFungibleToken<C
     type Context = C;
     type Config = NonFungibleTokenConfig<C>;
     type CallMessage = CallMessage<C>;
-    
+
     fn genesis(
         &self,
         config: &Self::Config,
@@ -420,9 +419,9 @@ Here's an example of setting up a module and calling its methods:
 fn transfer() {
     // Preparation
     let admin = generate_address::<C>("admin");
-    let admin_context = C::new(admin.clone());
+    let admin_context = C::new(admin.clone(), 1);
     let owner1 = generate_address::<C>("owner2");
-    let owner1_context = C::new(owner1.clone());
+    let owner1_context = C::new(owner1.clone(), 1);
     let owner2 = generate_address::<C>("owner2");
     let config: NonFungibleTokenConfig<C> = NonFungibleTokenConfig {
         admin: admin.clone(),

examples/simple-nft-module/tests/nft_test.rs

@@ -38,7 +38,7 @@ fn genesis_and_mint() {
 
     // Mint, anybody can mint
     let mint_message = CallMessage::Mint { id: 1 };
-    let owner2_context = C::new(owner2);
+    let owner2_context = C::new(owner2, 1);
     nft.call(mint_message.clone(), &owner2_context, &mut working_set)
         .expect("Minting failed");
 
@@ -61,9 +61,9 @@ fn genesis_and_mint() {
 fn transfer() {
     // Preparation
     let admin = generate_address("admin");
-    let admin_context = C::new(admin);
+    let admin_context = C::new(admin, 1);
     let owner1 = generate_address("owner2");
-    let owner1_context = C::new(owner1);
+    let owner1_context = C::new(owner1, 1);
     let owner2 = generate_address("owner2");
     let config: NonFungibleTokenConfig<C> = NonFungibleTokenConfig {
         admin,
@@ -117,9 +117,9 @@ fn transfer() {
 fn burn() {
     // Preparation
     let admin = generate_address("admin");
-    let admin_context = C::new(admin);
+    let admin_context = C::new(admin, 1);
     let owner1 = generate_address("owner2");
-    let owner1_context = C::new(owner1);
+    let owner1_context = C::new(owner1, 1);
     let config: NonFungibleTokenConfig<C> = NonFungibleTokenConfig {
         admin,
         owners: vec![(0, owner1)],

full-node/sov-sequencer/src/batch_builder.rs

@@ -138,7 +138,8 @@ where
             {
                 // TODO: Bug(!), because potential discrepancy. Should be resolved by https://github.com/Sovereign-Labs/sovereign-sdk/issues/434
                 let sender_address: C::Address = pooled.tx.pub_key().to_address();
-                let ctx = C::new(sender_address);
+                // FIXME! This should use the correct height
+                let ctx = C::new(sender_address, 0);
 
                 if let Err(error) = self.runtime.dispatch_call(msg, &mut working_set, &ctx) {
                     warn!(%error, tx = hex::encode(&pooled.raw), "Error during transaction dispatch");

fuzz/fuzz_targets/accounts_call.rs

@@ -51,10 +51,10 @@ fuzz_target!(|input: (u16, [u8; 32], Vec<DefaultPrivateKey>)| -> Corpus {
     let mut state: HashMap<_, _> = keys.into_iter().map(|k| (k.default_address(), k)).collect();
     let addresses: Vec<_> = state.keys().copied().collect();
 
-    for _ in 0..iterations {
+    for i in 0..iterations {
         // we use slices for better select performance
         let sender = addresses.choose(rng).unwrap();
-        let context = C::new(*sender);
+        let context = C::new(*sender, i as u64);
 
         // clear previous state
         let previous = state.get(sender).unwrap().as_hex();

fuzz/fuzz_targets/bank_call.rs

@@ -3,6 +3,7 @@
 use libfuzzer_sys::fuzz_target;
 use sov_bank::{Bank, CallMessage};
 use sov_modules_api::default_context::DefaultContext;
+use sov_modules_api::Context;
 use sov_modules_api::{Module, WorkingSet};
 use sov_state::ProverStorage;
 
@@ -13,10 +14,7 @@ fuzz_target!(|input: (&[u8], [u8; 32])| {
     if let Ok(msgs) = serde_json::from_slice::<Vec<CallMessage<C>>>(data) {
         let tmpdir = tempfile::tempdir().unwrap();
         let mut working_set = WorkingSet::new(ProverStorage::with_path(tmpdir.path()).unwrap());
-        let ctx = C {
-            sender: sender.into(),
-        };
-
+        let ctx = C::new(sender.into(), 1);
         let bank = Bank::default();
         for msg in msgs {
             bank.call(msg, &ctx, &mut working_set).ok();

module-system/module-implementations/examples/sov-accessory-state/tests/test.rs

@@ -18,7 +18,7 @@ fn test_accessory_value_setter() {
     let mut working_set_for_check: WorkingSet<DefaultContext> = WorkingSet::new(storage.clone());
 
     let admin = Address::from([1; 32]);
-    let context = DefaultContext::new(admin);
+    let context = DefaultContext::new(admin, 1);
 
     let module = AccessorySetter::<DefaultContext>::default();
 

module-system/module-implementations/examples/sov-value-setter/src/tests.rs

@@ -14,7 +14,7 @@ fn test_value_setter() {
     #[cfg(feature = "native")]
     {
         let config = ValueSetterConfig { admin };
-        let context = DefaultContext::new(admin);
+        let context = DefaultContext::new(admin, 1);
         test_value_setter_helper(context, &config, &mut working_set);
     }
 
@@ -23,7 +23,7 @@ fn test_value_setter() {
     // Test Zk-Context
     {
         let config = ValueSetterConfig { admin };
-        let zk_context = ZkDefaultContext::new(admin);
+        let zk_context = ZkDefaultContext::new(admin, 1);
         let mut zk_working_set = WorkingSet::with_witness(ZkStorage::new(), witness);
         test_value_setter_helper(zk_context, &config, &mut zk_working_set);
     }
@@ -75,7 +75,7 @@ fn test_err_on_sender_is_not_admin() {
         let config = ValueSetterConfig {
             admin: sender_not_admin,
         };
-        let context = DefaultContext::new(sender);
+        let context = DefaultContext::new(sender, 1);
         test_err_on_sender_is_not_admin_helper(context, &config, &mut native_working_set);
     }
     let (_, witness) = native_working_set.checkpoint().freeze();
@@ -86,7 +86,7 @@ fn test_err_on_sender_is_not_admin() {
             admin: sender_not_admin,
         };
         let zk_backing_store = ZkStorage::new();
-        let zk_context = ZkDefaultContext::new(sender);
+        let zk_context = ZkDefaultContext::new(sender, 1);
         let zk_working_set = &mut WorkingSet::with_witness(zk_backing_store, witness);
         test_err_on_sender_is_not_admin_helper(zk_context, &config, zk_working_set);
     }

module-system/module-implementations/examples/sov-vec-setter/tests/tests.rs

@@ -40,7 +40,7 @@ fn test_vec_setter_calls() {
     vec_setter.genesis(&config, &mut working_set).unwrap();
 
     for (sender, call, expected_contents) in test_cases().iter().cloned() {
-        let context = DefaultContext::new(sender);
+        let context = DefaultContext::new(sender, 1);
 
         let call_result = vec_setter.call(call, &context, &mut working_set);
 

module-system/module-implementations/integration-tests/src/chain_state/helpers.rs

@@ -1,7 +1,7 @@
 use sov_chain_state::{ChainState, ChainStateConfig};
-use sov_modules_api::capabilities::{BlobRefOrOwned, BlobSelector};
 use sov_modules_api::hooks::{ApplyBlobHooks, FinalizeHook, SlotHooks, TxHooks};
 use sov_modules_api::macros::DefaultRuntime;
+use sov_modules_api::runtime::capabilities::{BlobRefOrOwned, BlobSelector};
 use sov_modules_api::transaction::Transaction;
 use sov_modules_api::{
     AccessoryWorkingSet, BlobReaderTrait, Context, DaSpec, DispatchCall, Genesis, MessageCodec,

module-system/module-implementations/module-template/tests/value_setter.rs

@@ -18,7 +18,7 @@ fn test_value_setter() {
     #[cfg(feature = "native")]
     {
         let config = ExampleModuleConfig {};
-        let context = DefaultContext::new(admin);
+        let context = DefaultContext::new(admin, 1);
         test_value_setter_helper(context, &config, &mut working_set);
     }
 
@@ -27,7 +27,7 @@ fn test_value_setter() {
     // Test Zk-Context
     {
         let config = ExampleModuleConfig {};
-        let zk_context = ZkDefaultContext::new(admin);
+        let zk_context = ZkDefaultContext::new(admin, 1);
         let mut zk_working_set = WorkingSet::with_witness(ZkStorage::new(), witness);
         test_value_setter_helper(zk_context, &config, &mut zk_working_set);
     }

module-system/module-implementations/sov-accounts/src/tests.rs

@@ -50,7 +50,7 @@ fn test_update_account() {
 
     let sender = priv_key.pub_key();
     let sender_addr = sender.to_address::<<C as Spec>::Address>();
-    let sender_context = C::new(sender_addr);
+    let sender_context = C::new(sender_addr, 1);
 
     // Test new account creation
     {
@@ -111,7 +111,7 @@ fn test_update_account_fails() {
     let accounts = &mut Accounts::<C>::default();
 
     let sender_1 = DefaultPrivateKey::generate().pub_key();
-    let sender_context_1 = C::new(sender_1.to_address());
+    let sender_context_1 = C::new(sender_1.to_address(), 1);
 
     accounts
         .create_default_account(&sender_1, native_working_set)
@@ -143,7 +143,7 @@ fn test_get_account_after_pub_key_update() {
 
     let sender_1 = DefaultPrivateKey::generate().pub_key();
     let sender_1_addr = sender_1.to_address::<<C as Spec>::Address>();
-    let sender_context_1 = C::new(sender_1_addr);
+    let sender_context_1 = C::new(sender_1_addr, 1);
 
     accounts
         .create_default_account(&sender_1, native_working_set)

module-system/module-implementations/sov-attester-incentives/src/call.rs

@@ -315,12 +315,7 @@ where
 
         // Mint tokens and send them
         self.bank
-            .mint_from_eoa(
-                &coins,
-                context.sender(),
-                &C::new(reward_address),
-                working_set,
-            )
+            .mint(&coins, context.sender(), &reward_address, working_set)
             .map_err(|_err| AttesterIncentiveErrors::MintFailure)?;
 
         Ok(CallResponse::default())

module-system/module-implementations/sov-attester-incentives/src/tests/attestation_processing.rs

@@ -1,6 +1,6 @@
 use sov_modules_api::default_context::DefaultContext;
 use sov_modules_api::optimistic::Attestation;
-use sov_modules_api::{StateMapAccessor, WorkingSet};
+use sov_modules_api::{Context, StateMapAccessor, WorkingSet};
 use sov_state::ProverStorage;
 
 use crate::call::AttesterIncentiveErrors;
@@ -33,9 +33,7 @@ fn test_process_valid_attestation() {
     let (mut exec_vars, mut working_set) =
         execution_simulation(3, &module, &storage, attester_address, working_set);
 
-    let context = DefaultContext {
-        sender: attester_address,
-    };
+    let context = DefaultContext::new(attester_address, 1);
 
     let transition_2 = exec_vars.pop().unwrap();
     let transition_1 = exec_vars.pop().unwrap();
@@ -127,9 +125,7 @@ fn test_burn_on_invalid_attestation() {
     let transition_1 = exec_vars.pop().unwrap();
     let initial_transition = exec_vars.pop().unwrap();
 
-    let context = DefaultContext {
-        sender: attester_address,
-    };
+    let context = DefaultContext::new(attester_address, 1);
 
     // Process an invalid proof for genesis: everything is correct except the storage proof.
     // Must simply return an error. Cannot burn the token at this point because we don't know if the

module-system/module-implementations/sov-attester-incentives/src/tests/challenger.rs

@@ -3,7 +3,7 @@ use sov_mock_da::{MockDaSpec, MockValidityCond, MockValidityCondChecker};
 use sov_mock_zkvm::{MockCodeCommitment, MockProof, MockZkvm};
 use sov_modules_api::default_context::DefaultContext;
 use sov_modules_api::prelude::*;
-use sov_modules_api::WorkingSet;
+use sov_modules_api::{Context, WorkingSet};
 use sov_rollup_interface::zk::StateTransition;
 use sov_state::ProverStorage;
 
@@ -58,10 +58,7 @@ fn test_valid_challenge() {
         .bad_transition_pool
         .set(&(INIT_HEIGHT + 1), &BOND_AMOUNT, &mut working_set);
 
-    // Process a correct challenge
-    let context = DefaultContext {
-        sender: challenger_address,
-    };
+    let context = DefaultContext::new(challenger_address, INIT_HEIGHT + 2);
 
     {
         let transition = StateTransition::<MockDaSpec, _, _> {
@@ -191,11 +188,7 @@ fn test_invalid_challenge() {
         .bad_transition_pool
         .set(&(INIT_HEIGHT + 1), &BOND_AMOUNT, &mut working_set);
 
-    // Process a correct challenge but without a bonded attester
-    let context = DefaultContext {
-        sender: challenger_address,
-    };
-
+    let context = DefaultContext::new(challenger_address, INIT_HEIGHT + 2);
     let transition: StateTransition<MockDaSpec, _, _> = StateTransition {
         initial_state_root: initial_transition.state_root,
         slot_hash: [1; 32].into(),

module-system/module-implementations/sov-attester-incentives/src/tests/invariant.rs

@@ -1,7 +1,7 @@
 use sov_modules_api::default_context::DefaultContext;
 use sov_modules_api::optimistic::Attestation;
 use sov_modules_api::prelude::*;
-use sov_modules_api::WorkingSet;
+use sov_modules_api::{Context, WorkingSet};
 use sov_state::ProverStorage;
 
 use crate::call::AttesterIncentiveErrors;
@@ -34,9 +34,7 @@ fn test_transition_invariant() {
     let (exec_vars, mut working_set) =
         execution_simulation(20, &module, &storage, attester_address, working_set);
 
-    let context = DefaultContext {
-        sender: attester_address,
-    };
+    let context = DefaultContext::new(attester_address, INIT_HEIGHT + 2);
 
     const NEW_LIGHT_CLIENT_FINALIZED_HEIGHT: u64 = DEFAULT_ROLLUP_FINALITY + INIT_HEIGHT + 1;
 

module-system/module-implementations/sov-attester-incentives/src/tests/unbonding.rs

@@ -1,7 +1,7 @@
 use sov_modules_api::default_context::DefaultContext;
 use sov_modules_api::optimistic::Attestation;
 use sov_modules_api::prelude::*;
-use sov_modules_api::WorkingSet;
+use sov_modules_api::{Context, WorkingSet};
 use sov_state::ProverStorage;
 
 use crate::call::AttesterIncentiveErrors;
@@ -28,9 +28,7 @@ fn test_two_phase_unbonding() {
         BOND_AMOUNT
     );
 
-    let context = DefaultContext {
-        sender: attester_address,
-    };
+    let context = DefaultContext::new(attester_address, INIT_HEIGHT + 2);
 
     // Try to skip the first phase of the two phase unbonding. Should fail
     {

module-system/module-implementations/sov-bank/tests/burn_test.rs

@@ -22,9 +22,9 @@ fn burn_deployed_tokens() {
     bank.genesis(&empty_bank_config, &mut working_set).unwrap();
 
     let sender_address = generate_address("just_sender");
-    let sender_context = C::new(sender_address);
+    let sender_context = C::new(sender_address, 1);
     let minter_address = generate_address("minter");
-    let minter_context = C::new(minter_address);
+    let minter_context = C::new(minter_address, 1);
 
     let salt = 0;
     let token_name = "Token1".to_owned();
@@ -211,7 +211,7 @@ fn burn_initial_tokens() {
         },
     };
 
-    let context = C::new(sender_address);
+    let context = C::new(sender_address, 1);
     bank.call(burn_message, &context, &mut working_set)
         .expect("Failed to burn token");
     assert!(working_set.events().is_empty());