feat: implement voting for RPC providers#3249
Conversation
53c8806 to
af41e1e
Compare
…t-stores-rpc-providers
…c-providers' into 3215-implement-voting-mechanism-for-adding-removing-allowed-rpc-provider
…owed-rpc-provider' of github.com:near/mpc into 3215-implement-voting-mechanism-for-adding-removing-allowed-rpc-provider
Pull request overviewAdds the Changes:
Reviewed changesPer-file summary
FindingsBlocking (must fix before merge):
Non-blocking (nits, follow-ups, suggestions):
|
…emoving-allowed-rpc-provider
kevindeforth
left a comment
There was a problem hiding this comment.
Some comments and questions.
Partial review only, didn't look at the tests yet.
| { | ||
| if routing_name == auth_name { | ||
| return Err(InvalidParameters::MalformedPayload { | ||
| reason: format!( | ||
| "ChainRouting::QueryParam.name collides with AuthScheme::Query.name {:?} for provider_id {:?}", | ||
| auth_name, id.0 | ||
| ), | ||
| } | ||
| .into()); | ||
| } |
There was a problem hiding this comment.
same here, why do we check for this specifically?
There was a problem hiding this comment.
Some RPC providers take chain and auth parameter as query parameter, something like: ?network=ethereum, ?dkey=<TOKEN>. They can't be the same param obviously, it's a trivial sanity check for copy/pasting errors.
There was a problem hiding this comment.
Makes sense, but are these checks exhaustive?
I.e. if a config passes these checks, is that a sufficient condition for the config to be valid?
If not, then the voter will still need to make some manual verification and we might as well remove these.
There was a problem hiding this comment.
It's not exhaustive but I'm not sure that's a good reason for dropping sanity checks entirely. These are checks that can be easily checked, other validity checks can't be easily checked from the contract.
There was a problem hiding this comment.
Interesting. Then, I have two follow-up questions:
- where will the other validity checks take place?
- what guarantees do the validity checks on the contract provide for the data stored on-chain?
There was a problem hiding this comment.
where will the other validity checks take place?
Full validity check will be manual, when we add a new RPC provider we have to manually check how does one construct a query (how is chain specified, how is authentication done), then define a config according to it and do simple probe test. We can add e2e tests where one adds new config for new RPC provider and expected response to validate config of new RPC before proposing it. Although I'd rather do that in separate PR to not bloat this further.
what guarantees do the validity checks on the contract provide for the data stored on-chain?
It's more sanity check than validations. It currently guarantees that you don't make simple copy/paste error e.g. where you pass same query param name for auth and chain, or that you don't have backslash in chain name.
There's no explicit withdraw vote, but you can submit different vote for that chain and it will override your current one. |
…emoving-allowed-rpc-provider Resolve conflict in crates/contract/src/lib.rs by unifying the migration shims: main's placeholder v3_10_state.rs (added in #3280) is replaced with this branch's migration logic that converts the actual 3.10.0 nested-map ForeignChainRpcWhitelist shape to the new IterableMap + Votes shape. The duplicate v3_10_0_state.rs is removed.
…emoving-allowed-rpc-provider
There was a problem hiding this comment.
Thanks for the hard work!
Some things to check before merging:
- error placement seems not consistent with the rest of the crate
- missing unit test for validation method (& its placement)
- we should check if the gas constants improved after merging #3280. They seem pretty high to me.
…emoving-allowed-rpc-provider Resolve conflicts: - crates/contract/src/v3_10_state.rs: combine main's `LegacyPendingRequests` shadow type (added in #3315 when the live field was dropped from `crate::MpcContract`) with this branch's `OldForeignChainRpcWhitelist` + `OldProviderEntry` shadows (needed to decode the 3.10.0 nested-map whitelist shape). The `From` impl now drops `legacy_pending_requests` (no longer a field on `crate::MpcContract`) and default-initializes `foreign_chain_rpc_whitelist` (reshape from this branch). Unified derive shape `Debug, BorshSerialize, BorshDeserialize` on every shadow struct — the derived serializer's per-field reads satisfy `dead_code`, so the prior `#[expect(dead_code)]` markers are gone. - crates/contract/src/snapshots/...borsh_schema...snap: drop the `assertion_line` metadata; tests regenerate it. - crates/near-mpc-contract-interface/Cargo.toml: re-add `thiserror` dep (main's #3314 dropped it; this branch still needs it for `ChainEntryValidationError`).
|
Thanks for the thorough review! |
kevindeforth
left a comment
There was a problem hiding this comment.
Thanks for the changes!
Note: each vote is a full snapshot rather than diff.
Closes: #3215