Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Whitelist for Transaction Signers #826

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Whitelist for Transaction Signers #826

wants to merge 2 commits into from

Conversation

l-monninger
Copy link
Collaborator

@l-monninger l-monninger commented Nov 10, 2024
edited
Loading

Summary

  • RFCs: $\emptyset$
  • Categories: protocol-units

Enables a transaction signers whitelist.

  • Adds a whitelist set to the Maptos transaction pipe which will rejected with TooManyTransactions if the signer is not whitelisted.
  • This restriction on mempool ingress with the DA signer permissions Permissioned Blobs #723, prevents transactions from unauthorized signers from reaching the DA. Insofar as you permissioned proposers respect the same whitelist, whitelisting is consistent.
  • Reads whitelist from lines in a file specified by the MAPTOS_INGRESS_ACCOUNT_WHITELIST environment variable or directly in the Maptos Config.

Testing

  1. e2e tested.

Outstanding issues

  1. There is no filtering of signers at the VM itself. It is presumed the whitelist can be appropriately applied at transaction ingress.
  2. This is in memory. It is suited for a small-ish $O(10^6)$ whitelist (0.032 GB). Scale would benefit from a database, i.e., RocksDB set.

mzabaluev
mzabaluev requested changes Nov 11, 2024
View reviewed changes
protocol-units/execution/maptos/opt-executor/src/background/transaction_pipe.rs
@@ -71,6 +75,14 @@ impl TransactionPipe {
mempool_config.sequence_number_ttl_ms,
mempool_config.gc_slot_duration_ms,
),
whitelisted_accounts: mempool_config.whitelisted_accounts()?,
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why does this need to be fallible? Wouldn't it be better to have Config correct on construction and whitelisted_accounts a simple getter?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think your second line of review answers this.

protocol-units/execution/maptos/util/src/config/mempool.rs
Comment on lines +39 to +40
// read the file from memory
let file_string = String::from_utf8(std::fs::read(whitelist_path)?)?;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be done eagerly when config is initialized, not lazily in the getter which may be called multiple times.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ideally, yes, but that requires modifying much more throughout the codebase. The approach here is to assume that the config is only responsible for providing the whitelist file path.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mzabaluev mzabaluev mzabaluev requested changes

@andyjsbell andyjsbell Awaiting requested review from andyjsbell andyjsbell is a code owner

@0xmovses 0xmovses Awaiting requested review from 0xmovses 0xmovses is a code owner

@musitdev musitdev Awaiting requested review from musitdev musitdev is a code owner

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
cicd:suzuka-containers cicd:suzuka-full-node
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@l-monninger @mzabaluev