adds system instruction to upgrade legacy nonce versions #25789
Conversation
behzadnouri
force-pushed
the
upgrade-nonce-instruction
branch
from
7d8e88a
to
077e8e2
Compare
behzadnouri
changed the title
behzadnouri
force-pushed
the
upgrade-nonce-instruction
branch
3 times, most recently
from
14419a4
to
1f652f1
Compare
| return Err(InstructionError::InvalidInstructionData); | ||
| } | ||
| instruction_context.check_number_of_instruction_accounts(1)?; | ||
| let mut nonce_account = |
There was a problem hiding this comment.
we need to verify that the account owner is the system program here to avoid account confusion vulnerabilities
Codecov Report
@@ Coverage Diff @@
## master #25789 +/- ##
===========================================
- Coverage 82.1% 75.4% -6.8%
===========================================
Files 628 40 -588
Lines 171471 2345 -169126
Branches 0 338 +338
===========================================
- Hits 140878 1769 -139109
+ Misses 30593 459 -30134
- Partials 0 117 +117 |
behzadnouri
force-pushed
the
upgrade-nonce-instruction
branch
3 times, most recently
from
3ea2f13
to
9c7a7fc
Compare
behzadnouri
force-pushed
the
upgrade-nonce-instruction
branch
from
9c7a7fc
to
9d46737
Compare
cli/src/nonce.rs
Outdated
| ) -> ProcessResult { | ||
| let latest_blockhash = rpc_client.get_latest_blockhash()?; | ||
| let ixs = vec![upgrade_nonce_account(nonce_account)].with_memo(memo); | ||
| // TODO what signers? |
There was a problem hiding this comment.
Is this comment still needed?
There was a problem hiding this comment.
Yeah, this code is still in WIP until #25788 is merged.
cli/src/nonce.rs
Outdated
| // TODO: need signers. | ||
| signers: CliSigners::default(), |
There was a problem hiding this comment.
This is fine because if CliSigners is empty, we fall back to the wallet keypair here:
Line 183 in cbb0f07
| @@ -307,6 +307,13 @@ pub enum SystemInstruction { | |||
| /// Owner to use to derive the funding account address | |||
| from_owner: Pubkey, | |||
| }, | |||
|
|
|||
| /// One-time idempotent upgrade of legacy nonce versions in order to bump | |||
There was a problem hiding this comment.
what does this idempotent refers to? i mean, this instruction impl. errors InstructionError::InvalidArgument if Current nonce account (i.e. already upgraded) is given. So, you cannot invoke UpgradeNonceAccount multiple times successfully, given the same nonce account.
There was a problem hiding this comment.
It refers to the nonce account value.
If the instruction is applied multiple times on the same nonce account, the nonce account will not change beyond the first time.
behzadnouri
force-pushed
the
upgrade-nonce-instruction
branch
2 times, most recently
from
e9f5265
to
2562de1
Compare
behzadnouri
force-pushed
the
upgrade-nonce-instruction
branch
from
2562de1
to
b1b5da1
Compare
| let nonce_versions: nonce::state::Versions = nonce_account.get_state()?; | ||
| match nonce_versions.upgrade() { | ||
| None => Err(InstructionError::InvalidArgument), | ||
| Some(nonce_versions) => nonce_account.set_state(&nonce_versions), | ||
| } |
There was a problem hiding this comment.
🚨 🚨 🚨
The assumptions here are that:
- Any extant system account that has non-zero data and is not a nonce account is invalid.
- Writing to these invalid accounts is fine and won't break anything.
There was a problem hiding this comment.
Maybe I didn't see them but would be good to have a test to exercise these assumptions
There was a problem hiding this comment.
I believe these assumptions come from get_system_account_kind:
https://github.com/solana-labs/solana/blob/b4bdbb27d/runtime/src/system_instruction_processor.rs#L546-L563
behzadnouri
force-pushed
the
upgrade-nonce-instruction
branch
from
b1b5da1
to
ec261e1
Compare
solana-labs#25788 permanently disables durable transactions with legacy nonce versions which are within chain blockhash domain. This commit adds a new system instruction for a one-time idempotent upgrade of legacy nonce accounts in order to bump them out of chain blockhash domain.
behzadnouri
force-pushed
the
upgrade-nonce-instruction
branch
from
ec261e1
to
5cd72ba
Compare
…#25789) #25788 permanently disables durable transactions with legacy nonce versions which are within chain blockhash domain. This commit adds a new system instruction for a one-time idempotent upgrade of legacy nonce accounts in order to bump them out of chain blockhash domain. (cherry picked from commit b419031) # Conflicts: # runtime/src/system_instruction_processor.rs # sdk/program/src/system_instruction.rs # web3.js/src/system-program.ts
…#25789) #25788 permanently disables durable transactions with legacy nonce versions which are within chain blockhash domain. This commit adds a new system instruction for a one-time idempotent upgrade of legacy nonce accounts in order to bump them out of chain blockhash domain. (cherry picked from commit b419031) # Conflicts: # sdk/program/src/system_instruction.rs # web3.js/src/system-program.ts
…5789) (#25890) * feat(nonce): adds system instruction to upgrade legacy nonce versions (#25789) #25788 permanently disables durable transactions with legacy nonce versions which are within chain blockhash domain. This commit adds a new system instruction for a one-time idempotent upgrade of legacy nonce accounts in order to bump them out of chain blockhash domain. (cherry picked from commit b419031) # Conflicts: # runtime/src/system_instruction_processor.rs # sdk/program/src/system_instruction.rs # web3.js/src/system-program.ts * removes mergify merge conflicts * backport UpgradeNonceAccount Co-authored-by: behzad nouri <behzadnouri@gmail.com>
…5789) (#25891) * feat(nonce): adds system instruction to upgrade legacy nonce versions (#25789) #25788 permanently disables durable transactions with legacy nonce versions which are within chain blockhash domain. This commit adds a new system instruction for a one-time idempotent upgrade of legacy nonce accounts in order to bump them out of chain blockhash domain. (cherry picked from commit b419031) # Conflicts: # sdk/program/src/system_instruction.rs # web3.js/src/system-program.ts * removes mergify merge conflicts * backport UpgradeNonceAccount Co-authored-by: behzad nouri <behzadnouri@gmail.com>
| if !separate_nonce_from_blockhash { | ||
| return Err(InstructionError::InvalidInstructionData); | ||
| } | ||
| instruction_context.check_number_of_instruction_accounts(1)?; |
There was a problem hiding this comment.
check_number_of_instruction_accounts is not necessary here as UpgradeNonceAccount is added as a whole. It was only used for older instructions to keep the error priorities the same without a feature gate.
There was a problem hiding this comment.
Though keeping it is consistent with the rest of the instruction processing and might make folks wonder why other places and not here. I would vote to keep it here for consistency with the other instructions and remove them all at once when deemed appropriate.
Problem
#25788
permanently disables durable transactions with legacy nonce versions
which are within chain blockhash domain.
Summary of Changes
This commit adds a new system instruction for a one-time idempotent
upgrade of legacy nonce accounts in order to bump them out of chain
blockhash domain.