feat: safe XCM version migration + extend SafeCallFilter #1526
Conversation
wischli
requested review from
mikiquantum,
mustermeiszer,
NunoAlexandre,
lemunozm and
cdamian
as code owners
runtime/altair/src/migrations.rs
Outdated
| impl OnRuntimeUpgrade for SetSafeXcmVersion { | ||
| fn on_runtime_upgrade() -> Weight { | ||
| if VERSION.spec_version > 1030 { | ||
| return Weight::zero(); | ||
| } | ||
|
|
||
| // Unfortunately, SafeXcmVersion storage is not leaked to runtime | ||
| PolkadotXcm::force_default_xcm_version( | ||
| RuntimeOrigin::root(), | ||
| Some(cfg_primitives::SAFE_XCM_VERSION), | ||
| ) | ||
| .unwrap_or_else(|_| log::error!("Failed to set safe XCM version on runtime upgrade, requires manual call via governance")); | ||
|
|
||
| RocksDbWeight::get().reads_writes(1, 1) | ||
| } | ||
| } |
There was a problem hiding this comment.
No before and after?
There was a problem hiding this comment.
See the comment before setting:
Unfortunately, SafeXcmVersion storage is not leaked to runtime
So we can't check this storage in pre and post upgrade unfortunately. Since we have no PolkadotXcm storage at the moment, we can't batch the runtime upgrade with the execution of force_default_xcm_version either unfortunately.
Either we live with the fact it cannot be checked with try-runtime or need to create a post-upgrade referendum to set it. Given that we only do a single write here, I think it is sane to keep the migration. I have tested it locally against centrifuge-local @ 1019.
There was a problem hiding this comment.
Sorry, yeah, thats true. Lets keep it as is
| @@ -87,6 +87,9 @@ impl frame_support::traits::Contains<RuntimeCall> for SafeCallFilter { | |||
| ) | RuntimeCall::XcmpQueue(..) | |||
| | RuntimeCall::DmpQueue(..) | |||
| | RuntimeCall::Proxy(..) | |||
| | RuntimeCall::LiquidityPoolsGateway( | |||
| pallet_liquidity_pools_gateway::Call::process_msg { .. } | |||
There was a problem hiding this comment.
I am not sure what we are filtering here. All these calls will be allowed, right?
- We need to allow
pallet_liquidity_pools_gateway::Call::process_msg { .. } - But I would rather not allow all of the above calls. Only some.
Why do we have them here and why did we choose them? ^^
There was a problem hiding this comment.
These are the allowed calls, exactly. The above ones are mirroring the allowed ones on Polkadot and System parachains which also exist on our parachain(s). We can definitely be more restrictive!
There was a problem hiding this comment.
ok. As we are not a system parachain and do not want to be "controlled" by the relay I think we should revisit that. But lets keep it as is for now.
There was a problem hiding this comment.
I fully agree. In the end, it is much more restrictive than the current setting of allowing everything. I am happy to make another proposal and cut even more. My approach was to make the most open proposal first and then adjust based on your input.
There was a problem hiding this comment.
I still would opt for changing this. I would say remove everything and only add
- calls of
pallet-investments batchandbatch-allofpallet-utility- calls of
pallet-order-book
Do see anything else that would be needed to generate an xcm message that would allow somebody to invest natively from other parachains?
There was a problem hiding this comment.
Makes sense. Then lets just allow the one that are safe, add the order book. But we must add pallet-investments soon in order to allow somebody from asset hub to invest directly.
I still would like to remove the system extrinsics though. Although, the origin is not correct. Not a blocker.
There was a problem hiding this comment.
But we must add pallet-investments soon in order to allow somebody from asset hub to invest directly.
We can do this ones we have reasonable upper PoV bounds, most ideally real benchmarks. Beforehand, we are vulnerable to PoV excess and thus stalling.
There was a problem hiding this comment.
Had to remove the OrderBook call again as its not implemented for Altair or Centrifuge Runtime but marked it as TODO
There was a problem hiding this comment.
We can do this ones we have reasonable upper PoV bounds, most ideally real benchmarks. Beforehand, we are vulnerable to PoV excess and thus stalling.
Yeah, good catch. Thanks for being so thorough!
runtime/altair/src/migrations.rs
Outdated
| if VERSION.spec_version > 1030 { | ||
| return Weight::zero(); | ||
| } |
There was a problem hiding this comment.
Actually, to avoid the annoyance of having to either comment this out or bump the spec_version to test this with try-runtime, and given that this migration is idempotent, I'd say we are better off without this check. It would only be unwise to drop it if setting this xcm safe version was time-sensitive, which it is not.
wischli
changed the title
wischli
changed the title
wischli
added
the
D8-migration
* centrifuge: Enable LP gateway XCM origin converter * centrifuge: Update LP pallet config to use Quantity for BalanceRatio * runtime: Update XCM origin converter, use Quantity in LP message, add OriginRecovery to LP gateway
* wip xcm v3 asset-registry migrations * fix: xcm v3 altair, centrifuge * feat: add defensive SafeCallFilter for transact * clean up asset addition for catalyst & centrifuge * add Altair + Algol migration * Add Liquidity Pools related pallets to centrifuge runtime (#1523) * centrifuge: Add liquidity pools pallets to runtime * centrifuge: Add LP OutboundQueue wrapper to runtime * taplo: Obey * runtime: Move OutboundQueue import * centrifuge: Allow both root and half of council as admin origins for LP pallets * centrifuge: Add Axelar Gateway precompile * centrifuge: Use correct HRMP encoder, update HRMP fee to 1 DOT, use XCM V3 imports * centrifuge: Update error message for InboundQueue * clippy: Fix warnings * centrifuge: Rename outbound queue, fix migration import for orml asset registry * Upgrade1020 LP follow-ups (#1525) * centrifuge: Enable LP gateway XCM origin converter * centrifuge: Update LP pallet config to use Quantity for BalanceRatio * runtime: Update XCM origin converter, use Quantity in LP message, add OriginRecovery to LP gateway * feat: safe XCM version migration + extend SafeCallFilter (#1526) * fix: allow gateway process msg for xcm * feat: add safe xcm version migration * fix: Allow process_msg for xcm transact * refactor: remove spec_version check * refactor: stricter SafeCallFilter * Upgrade1020 LP follow-ups (#1525) * centrifuge: Enable LP gateway XCM origin converter * centrifuge: Update LP pallet config to use Quantity for BalanceRatio * runtime: Update XCM origin converter, use Quantity in LP message, add OriginRecovery to LP gateway * fix: rm OrderBook safe call cause missing * fix: OrderBook missing in both runtimes * fix: clippy --------- Co-authored-by: Cosmin Damian <17934949+cdamian@users.noreply.github.com> * Feat/upgrade1020 misc 1 (#1529) * fix: asset metadata xcm v3 migration cleanup other migrations (#1528) * fix: centrifuge asset migration * Apply suggestions from code review Co-authored-by: Frederik Gartenmeister <mustermeiszer@posteo.de> * chore: append cfg assets to catalyst * fix: asset registry migration improvements * feat: apply asset metadata migration to altair runtime * fix: cleanup altair/algol migrations * fix: less aggressive nuke pre-upgrade * fix: finalize migrations, add context * fix: clippy + cleanup imports * fix: native currency altair, algol * fix: Algol native currency name --------- Co-authored-by: Frederik Gartenmeister <mustermeiszer@posteo.de> * fmt * fixup * Upgrade1020 gateway changes (#1531) * gateway: Use BoundedVec instead of EVMChain enum * gateway: Add Sender type to LP gateway config * gateway: Rename EVM chain size const, emit event when submitting message, adjust gateway sender provider * Feat: upgrade1020 misc 2 (#1532) * feat: account ensuring origin * feat: bumb runtime version develpment * fix: allow council to control gatway on Altair based chains * fix: use EnsureSigned, make use of type and add admin * feat: overestimated weights for lp logic * fix: taplooo * fix: tests and comment * chore: bump weights for 1020 (#1533) * chore: update centrifuge, altair weights * feat: bump and improve dev weights * fix: transfer_allowlist weights * feat: normalize SafeCallFilter across runtimes * fix: native asset key in migration --------- Co-authored-by: William Freudenberger <w.freude@icloud.com> Co-authored-by: Cosmin Damian <17934949+cdamian@users.noreply.github.com> Co-authored-by: Frederik Gartenmeister <mustermeiszer@posteo.de> Co-authored-by: nuno <hi@nunoalexandre.com>
For both the Centrifuge as well as the Altair runtimes adds:
pallet_liquidity_pools_gateway::Call::process_msgtoSafeCallFilterwhich enables this to be executed by xcmtransact