fix:add missing fields #64
Conversation
|
Test passed with 745b278 exocored q avs AVSInfo exo1l7m80efn6lfkdcng47rwy2rma6xsqywu6cwe2v --home ~/.tmp-exocored
info:
asset_id:
- "123"
avs_address: exo1l7m80efn6lfkdcng47rwy2rma6xsqywu6cwe2v
avs_owner_address: exo1nkh04qzxed98megzz53xx9a4uju599zg3rw0mj
name: avs01
operator_address:
- exo18cggcpvwspnd5c6ny8wrqxpffj5zmhklprtnph |
There was a problem hiding this comment.
It seems that the register and deregister functions of the AVS can still be called by any address, right?
If the owner address of the AVS is a parameter passed in during registration, then deregistration or updates would require signature verification of the owner address. Implementing such permission verification is relatively complex. Moreover, this PR only adds an owner address parameter initialization and does not address the permission control issues related to AVS operations. The key should be to use the "from" address in the msg call as the owner address. You can refer to the implementation of other similar functionalities for details.
|
Move to further milestone as the owner address needs to be well-designed. |
precompiles/avs/avs.go
Outdated
| bz, err = p.AVSInfoRegisterOrDeregister(ctx, evm.Origin, contract, stateDB, method, args) | ||
| case MethodRegisterOperatorToAVS: |
There was a problem hiding this comment.
So won't you support operator deregister from AVS?
precompiles/avs/tx.go
Outdated
| ) | ||
|
|
||
| const ( | ||
| // AVSRegister defines the ABI method name for the avs | ||
| // related transaction. | ||
| MethodAVSAction = "AVSAction" | ||
| MethodAVSAction = "AVSAction" | ||
| MethodRegisterOperatorToAVS = "registerOperatorToAVS" |
precompiles/avs/tx.go
Outdated
| @@ -33,3 +45,35 @@ func (p Precompile) AVSInfoRegisterOrDeregister( | |||
| } | |||
| return method.Outputs.Pack(true) | |||
| } | |||
|
|
|||
| func (p Precompile) OperatorInfoRegister( | |||
There was a problem hiding this comment.
The name of this function is confused, the operator is registered via the operator module, what you'd do is to register operator to avs, shouldn't this added in operator module?
There was a problem hiding this comment.
Also need to support operator deregister from avs
x/avs/keeper/operator.go
Outdated
| return nil | ||
| } | ||
|
|
||
| func (k *Keeper) GetOperator(ctx sdk.Context, addr string) (operator types.OperatorInfo, err error) { |
There was a problem hiding this comment.
Why not get operator in operator module?
proto/exocore/avs/tx.proto
Outdated
| // registered operator of avs | ||
| repeated string operator_address = 3; | ||
| // slash address of avs | ||
| string slash_addr = 3; | ||
| // the owner who has permission for avs | ||
| string avs_owner_address = 4; |
There was a problem hiding this comment.
Won't there's any case that avs has multiple owners or operators?
precompiles/avs/types.go
Outdated
| } | ||
| avsParams.AssetID = assetID | ||
| avsParams.UnbondingEpochs = unbondingEpochs |
There was a problem hiding this comment.
You defined both unbondingEpochs and Epochs in protobuf struct, why there's only unbondingEpochs set here?
proto/exocore/avs/tx.proto
Outdated
| EpochInfo avs_epoch = 8; | ||
| } | ||
| // The information of OperatorInfo in opt-in avs | ||
| message OperatorInfo { |
There was a problem hiding this comment.
Shouldn't it store the avs meta info within this struct?
| sdk "github.com/cosmos/cosmos-sdk/types" | ||
| ) | ||
|
|
||
| func (k *Keeper) GetAVSSupportedAssets(ctx sdk.Context, avsAddr string) ([]string, error) { |
There was a problem hiding this comment.
Please reuse the function GetAVSInfo to get avs info, and return res.AssetId then
|
|
||
| return ret.AssetId, nil | ||
| } | ||
| func (k *Keeper) GetAVSSlashContract(ctx sdk.Context, avsAddr string) (string, error) { |
|
Please also fix all action errors |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
x/avs/types/types.go
Outdated
| @@ -1 +1,19 @@ | |||
| package types | |||
|
|
|||
| func ContainsString(slice []string, target string) bool { | |||
There was a problem hiding this comment.
No need to re-implement it, just use import slices and slices.Contains()
precompiles/avs/abi.json
Outdated
| "name": "assetID", | ||
| "type": "string" | ||
| "internalType": "uint64", | ||
| "name": "unbondingEpochs", |
There was a problem hiding this comment.
unbondingEpoch: it's better named it unbondingTime or unbondingPeriod
precompiles/avs/avs.sol
Outdated
| uint64 action, | ||
| string memory avsOwnerAddress, | ||
| string memory assetID | ||
| uint64 minimumDelegation, |
There was a problem hiding this comment.
is this minimumSelfDelegation ?
There was a problem hiding this comment.
Minimum stake quantity for Operator
precompiles/avs/avs.sol
Outdated
| string memory avsOwnerAddress, | ||
| string memory assetID | ||
| uint64 minimumDelegation, | ||
| uint64 unbondingEpochs |
There was a problem hiding this comment.
unbondingTime/unbondingPeriod would be better.
precompiles/avs/tx.go
Outdated
|
|
||
| exocmn "github.com/ExocoreNetwork/exocore/precompiles/common" | ||
| util "github.com/ExocoreNetwork/exocore/utils" | ||
| avstypes "github.com/ExocoreNetwork/exocore/x/avs/keeper" |
There was a problem hiding this comment.
this should be avskeeper not avstypes. please change the related places.
precompiles/avs/tx.go
Outdated
| if err != nil { | ||
| return nil, errorsmod.Wrap(err, "parse args error") | ||
| } | ||
| avsAddress, err := util.ProcessAvsAddress(contract.Address().String()) |
precompiles/avs/tx.go
Outdated
| // related transaction. | ||
| MethodAVSAction = "AVSAction" | ||
| MethodAVSAction = "AVSAction" | ||
| MethodOperatorAction = "OperatorOptAction" | ||
| ) | ||
|
|
||
| // AVSInfoRegister register the avs related information and change the state in avs keeper module. | ||
| func (p Precompile) AVSInfoRegisterOrDeregister( |
There was a problem hiding this comment.
AVSInfoRegisterOrDeregister:
Although this function name describes its functionality, it is a bit long and not specific enough. Consider using a more concise and clear name.It is recommended to change it to RegisterOrDeregisterAVSInfo, which better follows the action + object naming convention for functions.
OperatorBindingAvs:
This function name can also be more specific, clearly indicating that it binds an operator to AVS.
It is recommended to change it to BindOperatorToAVS, which more clearly expresses the function's purpose.
x/avs/keeper/avs.go
Outdated
| func (k *Keeper) GetAVSSlashContract(ctx sdk.Context, avsAddr string) (string, error) { | ||
| avsInfo, err := k.GetAVSInfo(ctx, avsAddr) | ||
| if err != nil { | ||
| return "", errorsmod.Wrap(err, fmt.Sprintf("GetAVSSupportedAssets: key is %s", avsAddr)) |
There was a problem hiding this comment.
this function log GetAVSSupportedAssets is not right
x/avs/keeper/avs.go
Outdated
| func (k *Keeper) GetAVSMinimumSelfDelegation(ctx sdk.Context, avsAddr string) (sdkmath.LegacyDec, error) { | ||
| avsInfo, err := k.GetAVSInfo(ctx, avsAddr) | ||
| if err != nil { | ||
| return sdkmath.LegacyNewDec(0), errorsmod.Wrap(err, fmt.Sprintf("GetAVSSupportedAssets: key is %s", avsAddr)) |
There was a problem hiding this comment.
here function log : GetAVSSupportedAssets
x/avs/keeper/keeper.go
Outdated
| SlashAddr: params.SlashContractAddr, | ||
| AvsOwnerAddress: params.AvsOwnerAddress, | ||
| AssetId: params.AssetID, | ||
| AvsUnbondingEpochs: uint32(params.MinimumDelegation), |
There was a problem hiding this comment.
this param has a lot of types in different places: unit32, uint64, int64. please have a check.
this assignment is strange :
AvsUnbondingEpochs: uint32(params.MinimumDelegation),
MinimumDelegation: sdk.NewIntFromUint64(params.UnbondingEpochs),
x/avs/keeper/keeper.go
Outdated
| action := params.Action | ||
|
|
||
| if action == RegisterAction && avsInfo != nil { | ||
| return errorsmod.Wrap(types.ErrAlreadyRegistered, fmt.Sprintf("the error input arg is:%s", params.AvsAddress)) |
There was a problem hiding this comment.
can replace this with specific error " the avsaddress is :%s",
x/avs/keeper/keeper.go
Outdated
| } | ||
|
|
||
| if avsInfo == nil { | ||
| return errorsmod.Wrap(types.ErrUnregisterNonExistent, fmt.Sprintf("the error input arg is:%s", avsInfo)) |
There was a problem hiding this comment.
avsInfo == nil so this line has no meaning print: fmt.Sprintf("the error input arg is:%s", avsInfo)
There was a problem hiding this comment.
unregistration must be done with data available
x/avs/keeper/keeper.go
Outdated
| } | ||
| avsInfo, err := k.GetAVSInfo(ctx, params.AvsAddress) | ||
| if err != nil { | ||
| if err != nil || avsInfo.GetInfo() == nil { |
There was a problem hiding this comment.
there are two lines call avsInfo.GetInfo(), can we call once ?
| return errorsmod.Wrap(err, fmt.Sprintf("error occurred when get avs info %s", avsInfo)) | ||
| } | ||
| if avsInfo.Info.AvsOwnerAddress != params.AvsOwnerAddress { | ||
| return errorsmod.Wrap(err, fmt.Sprintf("not qualified to deregister %s", avsInfo)) | ||
| avs := avsInfo.GetInfo() |
x/avs/keeper/keeper.go
Outdated
| ret.OperatorAddress = append(ret.OperatorAddress, operatorAddress) | ||
| ret.AssetId = append(ret.AssetId, assetID) | ||
|
|
||
| AVSInfo := avs |
There was a problem hiding this comment.
this AVSInfo variable is the same as types.AVSInfo
Description
avs module add missing fields
Fix vulnerability GO-2024-2694 in github.com/cosmos/ibc-go/v7