diff --git a/.github/workflows/review-trigger.yml b/.github/workflows/review-trigger.yml index 0edbc7c9a9..2f241c9171 100644 --- a/.github/workflows/review-trigger.yml +++ b/.github/workflows/review-trigger.yml @@ -13,9 +13,50 @@ on: jobs: trigger-review-bot: + # (It is not a draft) && (it is not a review || it is an approving review) + if: ${{ github.event.pull_request.draft != true && (github.event_name != 'pull_request_review' || (github.event.review && github.event.review.state == 'APPROVED')) }} runs-on: ubuntu-latest name: trigger review bot steps: + - name: Get PR data + id: comments + run: | + echo "bodies=$(gh pr view ${{ github.event.pull_request.number }} --repo ${{ github.repository }} --json comments --jq '[.comments[].body]')" >> "$GITHUB_OUTPUT" + echo "reviews=$(gh api repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/reviews --jq '[.[].state]')" >> "$GITHUB_OUTPUT" + env: + GH_TOKEN: ${{ github.token }} + - name: Get the GitHub handle of the fellows + uses: paritytech/get-fellows-action@v1.1.2 + id: fellows + # Require new reviews when the author is pushing and he is not a fellow + - name: Fail when author pushes new code + # if (contains approved reviews && it's a synchronize event && was triggered by the author (who is not a fellow)) + if: | + contains(fromJson(steps.comments.outputs.reviews), 'APPROVED') && + github.event_name == 'pull_request_target' && + github.event.action == 'synchronize' && + github.event.sender.login == github.event.pull_request.user.login && + contains(steps.fellows.outputs.github-handles, github.event.pull_request.user.login) + run: | + # We get the list of reviewers who approved the PR + REVIEWERS=$(gh api repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/reviews \ + --jq '{reviewers: [.[] | select(.state == "APPROVED") | .user.login]}') + + # We request them to review again + echo $REVIEWERS | gh api --method POST repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/requested_reviewers --input - + + echo "::error::Project needs to be reviewed again" + exit 1 + env: + GH_TOKEN: ${{ github.token }} + - name: Comment requirements + # If the previous step failed and github-actions hasn't commented yet we comment instructions + if: failure() && !contains(fromJson(steps.comments.outputs.bodies), 'Review required! Latest push from author must always be reviewed') + run: | + gh pr comment ${{ github.event.pull_request.number }} --repo ${{ github.repository }} --body "Review required! Latest push from author must always be reviewed" + env: + GH_TOKEN: ${{ github.token }} + COMMENTS: ${{ steps.comments.outputs.users }} - name: Get PR number env: PR_NUMBER: ${{ github.event.pull_request.number }} @@ -23,7 +64,7 @@ jobs: echo "Saving PR number: $PR_NUMBER" mkdir -p ./pr echo $PR_NUMBER > ./pr/pr_number - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@v4 name: Save PR number with: name: pr_number diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 8603f84553..a2a1a53d8a 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -84,7 +84,7 @@ jobs: shared-key: "fellowship-cache-tests" - name: Test ${{ matrix.runtime.name }} - run: cargo test -p ${{ matrix.runtime.package }} --release --locked -q --features=try-runtime + run: cargo test -p ${{ matrix.runtime.package }} --release --locked -q env: RUSTFLAGS: "-C debug-assertions -D warnings" diff --git a/.github/workflows/up-to-date.yml b/.github/workflows/up-to-date.yml index fa0a65f460..ccf3277aca 100644 --- a/.github/workflows/up-to-date.yml +++ b/.github/workflows/up-to-date.yml @@ -4,6 +4,9 @@ on: push: branches: - main + workflow_run: + workflows: [Auto Merge Bot] + types: [completed] jobs: updatePullRequests: @@ -13,11 +16,11 @@ jobs: steps: - name: Generate token id: generate_token - uses: tibdex/github-app-token@v1 + uses: actions/create-github-app-token@v1.9.3 with: - app_id: ${{ secrets.MERGE_APP_ID }} - private_key: ${{ secrets.MERGE_APP_KEY }} + app-id: ${{ secrets.MERGE_APP_ID }} + private-key: ${{ secrets.MERGE_APP_KEY }} - name: Update all the PRs - uses: paritytech/up-to-date-action@v0.2.0 + uses: paritytech/up-to-date-action@v0.2.1 with: GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} diff --git a/CHANGELOG.md b/CHANGELOG.md index 93f392a7bb..db032c4027 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,9 +6,26 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## [Unreleased] +### Changed + +- Kusama chains: allow arbitrary XCM execution ([polkadot-fellows/runtimes#261](https://github.com/polkadot-fellows/runtimes/pull/261)) +- Allow everything through XCM SafeCallFilter ([polkadot-fellows/runtimes#285](https://github.com/polkadot-fellows/runtimes/pull/285)) + +### Added + - Add `pallet-vesting` to Asset Hubs ([polkadot-fellows/runtimes#269](https://github.com/polkadot-fellows/runtimes/pull/269)) +- Add Pay Salary Collectives test ([polkadot-fellows/runtimes#260](https://github.com/polkadot-fellows/runtimes/pull/260)) + +### Removed + +- Remove one-shot migrations from Kusama Coretime ([polkadot-fellows/runtimes#300](https://github.com/polkadot-fellows/runtimes/pull/300)) - Remove DMP queue and allow `system::authorize_upgrade` in XCM's call filter ([polkadot-fellows/runtimes#280](https://github.com/polkadot-fellows/runtimes/pull/280)) +### Fixed + +- Include patch to release stuck collator bonds ([polkadot-fellows/runtimes#289](https://github.com/polkadot-fellows/runtimes/pull/289)) +- Safeguard pallet-balances against consumer ref underflow ([polkadot-fellows/runtimes#309](https://github.com/polkadot-fellows/runtimes/pull/309)) + ## [1.2.3] 29.04.2024 ### Added diff --git a/Cargo.lock b/Cargo.lock index ac20eb810a..ef1ade44eb 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2243,6 +2243,7 @@ dependencies = [ "asset-hub-polkadot-runtime", "asset-test-utils", "collectives-polkadot-runtime", + "collectives-polkadot-runtime-constants", "cumulus-pallet-parachain-system", "cumulus-pallet-xcmp-queue", "emulated-integration-tests-common", @@ -2261,6 +2262,7 @@ dependencies = [ "polkadot-runtime-common", "polkadot-runtime-constants", "polkadot-system-emulated-network", + "sp-core", "sp-runtime", "staging-xcm", "staging-xcm-executor", @@ -7111,9 +7113,9 @@ dependencies = [ [[package]] name = "pallet-balances" -version = "29.0.1" +version = "29.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e27946a57494d7c6231ae8909275bbd3cb5460ee3d27b7a5774a8b8e64d3ab92" +checksum = "a9a54b5d0c7c4c3731883d6b1ac18aff44db20c3d0a3470c8861001a17afdc85" dependencies = [ "docify", "frame-benchmarking", @@ -7316,15 +7318,16 @@ dependencies = [ [[package]] name = "pallet-collator-selection" -version = "10.0.0" +version = "10.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "59b5ad46601c613396e92292a24c5b5d76e904c456ece9deb10913f6ea2e2999" +checksum = "49d1157d9a4b7966040158a7b4f1fb29f0cefa8deb6eb9b3452df7ce4161a31c" dependencies = [ "frame-benchmarking", "frame-support", "frame-system", "log", "pallet-authorship", + "pallet-balances", "pallet-session", "parity-scale-codec", "rand", diff --git a/Cargo.toml b/Cargo.toml index 88f7f83653..902f741c2d 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -70,7 +70,7 @@ pallet-bridge-parachains = { version = "0.8.0", default-features = false } pallet-bridge-relayers = { version = "0.8.0", default-features = false } pallet-broker = { version = "0.7.1", default-features = false } pallet-child-bounties = { version = "28.0.0", default-features = false } -pallet-collator-selection = { version = "10.0.0", default-features = false } +pallet-collator-selection = { version = "10.0.2", default-features = false } pallet-collective = { version = "29.0.0", default-features = false } pallet-conviction-voting = { version = "29.0.0", default-features = false } pallet-core-fellowship = { version = "13.0.0", default-features = false } diff --git a/integration-tests/emulated/tests/collectives/collectives-polkadot/Cargo.toml b/integration-tests/emulated/tests/collectives/collectives-polkadot/Cargo.toml index e77f724c84..4f72f1c4ae 100644 --- a/integration-tests/emulated/tests/collectives/collectives-polkadot/Cargo.toml +++ b/integration-tests/emulated/tests/collectives/collectives-polkadot/Cargo.toml @@ -12,6 +12,7 @@ codec = { package = "parity-scale-codec", version = "3.6.9" } assert_matches = { workspace = true } # Substrate +sp-core ={ workspace = true, default-features = true } sp-runtime = { workspace = true, default-features = true } frame-support = { workspace = true, default-features = true } pallet-balances = { workspace = true, default-features = true } @@ -37,6 +38,7 @@ cumulus-pallet-parachain-system = { features = ["parameterized-consensus-hook"], # Local asset-hub-polkadot-runtime = { path = "../../../../../system-parachains/asset-hubs/asset-hub-polkadot" } collectives-polkadot-runtime = { path = "../../../../../system-parachains/collectives/collectives-polkadot" } +collectives-polkadot-runtime-constants = { path = "../../../../../system-parachains/collectives/collectives-polkadot/constants" } integration-tests-helpers = { path = "../../../helpers" } polkadot-runtime = { path = "../../../../../relay/polkadot" } polkadot-runtime-constants = { path = "../../../../../relay/polkadot/constants" } diff --git a/integration-tests/emulated/tests/collectives/collectives-polkadot/src/lib.rs b/integration-tests/emulated/tests/collectives/collectives-polkadot/src/lib.rs index 605d817598..d42039ccc4 100644 --- a/integration-tests/emulated/tests/collectives/collectives-polkadot/src/lib.rs +++ b/integration-tests/emulated/tests/collectives/collectives-polkadot/src/lib.rs @@ -17,8 +17,9 @@ pub use xcm::{prelude::*, v3}; // Cumulus -pub use emulated_integration_tests_common::xcm_emulator::{ - assert_expected_events, bx, Chain, RelayChain as Relay, TestExt, +pub use emulated_integration_tests_common::{ + accounts::ALICE, + xcm_emulator::{assert_expected_events, bx, Chain, Parachain, RelayChain as Relay, TestExt}, }; pub use polkadot_system_emulated_network::{ asset_hub_polkadot_emulated_chain::AssetHubPolkadotParaPallet as AssetHubPolkadotPallet, diff --git a/integration-tests/emulated/tests/collectives/collectives-polkadot/src/tests/fellowship_salary.rs b/integration-tests/emulated/tests/collectives/collectives-polkadot/src/tests/fellowship_salary.rs new file mode 100644 index 0000000000..d4ab5a83d6 --- /dev/null +++ b/integration-tests/emulated/tests/collectives/collectives-polkadot/src/tests/fellowship_salary.rs @@ -0,0 +1,77 @@ +// Copyright (C) Parity Technologies (UK) Ltd. +// SPDX-License-Identifier: Apache-2.0 + +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +use crate::*; +use asset_hub_polkadot_runtime::xcm_config::LocationToAccountId; +use collectives_polkadot_runtime::fellowship::FellowshipSalaryPaymaster; +use frame_support::{ + assert_ok, + traits::{ + fungibles::{Create, Mutate}, + tokens::Pay, + }, +}; +use xcm_executor::traits::ConvertLocation; + +const FELLOWSHIP_SALARY_PALLET_ID: u8 = + collectives_polkadot_runtime_constants::FELLOWSHIP_SALARY_PALLET_INDEX; + +#[test] +fn pay_salary() { + let asset_id: u32 = 1984; + let fellowship_salary = ( + Parent, + Parachain(CollectivesPolkadot::para_id().into()), + PalletInstance(FELLOWSHIP_SALARY_PALLET_ID), + ); + let pay_from = LocationToAccountId::convert_location(&fellowship_salary.into()).unwrap(); + let pay_to = Polkadot::account_id_of(ALICE); + let pay_amount = 9000; + + AssetHubPolkadot::execute_with(|| { + type AssetHubAssets = ::Assets; + + assert_ok!(>::create( + asset_id, + pay_to.clone(), + true, + pay_amount / 2 + )); + assert_ok!(>::mint_into(asset_id, &pay_from, pay_amount * 2)); + }); + + CollectivesPolkadot::execute_with(|| { + type RuntimeEvent = ::RuntimeEvent; + + assert_ok!(FellowshipSalaryPaymaster::pay(&pay_to, (), pay_amount)); + assert_expected_events!( + CollectivesPolkadot, + vec![ + RuntimeEvent::XcmpQueue(cumulus_pallet_xcmp_queue::Event::XcmpMessageSent { .. }) => {}, + ] + ); + }); + + AssetHubPolkadot::execute_with(|| { + type RuntimeEvent = ::RuntimeEvent; + assert_expected_events!( + AssetHubPolkadot, + vec![ + RuntimeEvent::Assets(pallet_assets::Event::Transferred { .. }) => {}, + RuntimeEvent::MessageQueue(pallet_message_queue::Event::Processed { success: true ,.. }) => {}, + ] + ); + }); +} diff --git a/integration-tests/emulated/tests/collectives/collectives-polkadot/src/tests/mod.rs b/integration-tests/emulated/tests/collectives/collectives-polkadot/src/tests/mod.rs index a9f65df34b..63173eaf94 100644 --- a/integration-tests/emulated/tests/collectives/collectives-polkadot/src/tests/mod.rs +++ b/integration-tests/emulated/tests/collectives/collectives-polkadot/src/tests/mod.rs @@ -13,4 +13,5 @@ // See the License for the specific language governing permissions and // limitations under the License. +mod fellowship_salary; mod fellowship_treasury; diff --git a/system-parachains/asset-hubs/asset-hub-kusama/src/lib.rs b/system-parachains/asset-hubs/asset-hub-kusama/src/lib.rs index 8646f6a30e..1e4afc6a7d 100644 --- a/system-parachains/asset-hubs/asset-hub-kusama/src/lib.rs +++ b/system-parachains/asset-hubs/asset-hub-kusama/src/lib.rs @@ -1019,6 +1019,7 @@ parameter_types! { /// Migrations to apply on runtime upgrade. pub type Migrations = ( frame_support::migrations::RemovePallet, + pallet_collator_selection::migration::v2::MigrationToV2, // permanent pallet_xcm::migration::MigrateToLatestXcmVersion, ); diff --git a/system-parachains/asset-hubs/asset-hub-kusama/src/xcm_config.rs b/system-parachains/asset-hubs/asset-hub-kusama/src/xcm_config.rs index b1c10cda6e..22928d7405 100644 --- a/system-parachains/asset-hubs/asset-hub-kusama/src/xcm_config.rs +++ b/system-parachains/asset-hubs/asset-hub-kusama/src/xcm_config.rs @@ -57,10 +57,7 @@ use xcm_builder::{ WeightInfoBounds, WithComputedOrigin, WithUniqueTopic, XcmFeeManagerFromComponents, XcmFeeToAccount, }; -use xcm_executor::{ - traits::{ConvertLocation, WithOriginFilter}, - XcmExecutor, -}; +use xcm_executor::{traits::ConvertLocation, XcmExecutor}; parameter_types! { pub const KsmLocation: Location = Location::parent(); @@ -240,229 +237,6 @@ impl Contains for ParentOrParentsPlurality { } } -/// A call filter for the XCM Transact instruction. This is a temporary measure until we properly -/// account for proof size weights. -/// -/// Calls that are allowed through this filter must: -/// 1. Have a fixed weight; -/// 2. Cannot lead to another call being made; -/// 3. Have a defined proof size weight, e.g. no unbounded vecs in call parameters. -pub struct SafeCallFilter; -impl Contains for SafeCallFilter { - fn contains(call: &RuntimeCall) -> bool { - #[cfg(feature = "runtime-benchmarks")] - { - if matches!(call, RuntimeCall::System(frame_system::Call::remark_with_event { .. })) { - return true - } - } - - // Allow to change dedicated storage items (called by governance-like) - match call { - RuntimeCall::System(frame_system::Call::set_storage { items }) - if items.iter().all(|(k, _)| { - k.eq(&bridging::XcmBridgeHubRouterByteFee::key()) || - k.eq(&bridging::XcmBridgeHubRouterBaseFee::key()) || - k.eq(&bridging::to_ethereum::BridgeHubEthereumBaseFee::key()) - }) => - return true, - _ => (), - }; - - matches!( - call, - RuntimeCall::PolkadotXcm( - pallet_xcm::Call::force_xcm_version { .. } | - pallet_xcm::Call::force_default_xcm_version { .. } - ) | RuntimeCall::System( - frame_system::Call::set_heap_pages { .. } | - frame_system::Call::set_code { .. } | - frame_system::Call::set_code_without_checks { .. } | - frame_system::Call::authorize_upgrade { .. } | - frame_system::Call::authorize_upgrade_without_checks { .. } | - frame_system::Call::kill_prefix { .. }, - ) | RuntimeCall::ParachainSystem(..) | - RuntimeCall::Timestamp(..) | - RuntimeCall::Balances(..) | - RuntimeCall::CollatorSelection( - pallet_collator_selection::Call::set_desired_candidates { .. } | - pallet_collator_selection::Call::set_candidacy_bond { .. } | - pallet_collator_selection::Call::register_as_candidate { .. } | - pallet_collator_selection::Call::leave_intent { .. } | - pallet_collator_selection::Call::set_invulnerables { .. } | - pallet_collator_selection::Call::add_invulnerable { .. } | - pallet_collator_selection::Call::remove_invulnerable { .. }, - ) | RuntimeCall::Session(pallet_session::Call::purge_keys { .. }) | - RuntimeCall::XcmpQueue(..) | - RuntimeCall::Assets( - pallet_assets::Call::create { .. } | - pallet_assets::Call::force_create { .. } | - pallet_assets::Call::start_destroy { .. } | - pallet_assets::Call::destroy_accounts { .. } | - pallet_assets::Call::destroy_approvals { .. } | - pallet_assets::Call::finish_destroy { .. } | - pallet_assets::Call::block { .. } | - pallet_assets::Call::mint { .. } | - pallet_assets::Call::burn { .. } | - pallet_assets::Call::transfer { .. } | - pallet_assets::Call::transfer_keep_alive { .. } | - pallet_assets::Call::force_transfer { .. } | - pallet_assets::Call::freeze { .. } | - pallet_assets::Call::thaw { .. } | - pallet_assets::Call::freeze_asset { .. } | - pallet_assets::Call::thaw_asset { .. } | - pallet_assets::Call::transfer_ownership { .. } | - pallet_assets::Call::set_team { .. } | - pallet_assets::Call::set_metadata { .. } | - pallet_assets::Call::clear_metadata { .. } | - pallet_assets::Call::force_set_metadata { .. } | - pallet_assets::Call::force_clear_metadata { .. } | - pallet_assets::Call::force_asset_status { .. } | - pallet_assets::Call::approve_transfer { .. } | - pallet_assets::Call::cancel_approval { .. } | - pallet_assets::Call::force_cancel_approval { .. } | - pallet_assets::Call::transfer_approved { .. } | - pallet_assets::Call::touch { .. } | - pallet_assets::Call::touch_other { .. } | - pallet_assets::Call::refund { .. } | - pallet_assets::Call::refund_other { .. }, - ) | RuntimeCall::ForeignAssets( - pallet_assets::Call::create { .. } | - pallet_assets::Call::force_create { .. } | - pallet_assets::Call::start_destroy { .. } | - pallet_assets::Call::destroy_accounts { .. } | - pallet_assets::Call::destroy_approvals { .. } | - pallet_assets::Call::finish_destroy { .. } | - pallet_assets::Call::block { .. } | - pallet_assets::Call::mint { .. } | - pallet_assets::Call::burn { .. } | - pallet_assets::Call::transfer { .. } | - pallet_assets::Call::transfer_keep_alive { .. } | - pallet_assets::Call::force_transfer { .. } | - pallet_assets::Call::freeze { .. } | - pallet_assets::Call::thaw { .. } | - pallet_assets::Call::freeze_asset { .. } | - pallet_assets::Call::thaw_asset { .. } | - pallet_assets::Call::transfer_ownership { .. } | - pallet_assets::Call::set_team { .. } | - pallet_assets::Call::set_metadata { .. } | - pallet_assets::Call::clear_metadata { .. } | - pallet_assets::Call::force_set_metadata { .. } | - pallet_assets::Call::force_clear_metadata { .. } | - pallet_assets::Call::force_asset_status { .. } | - pallet_assets::Call::approve_transfer { .. } | - pallet_assets::Call::cancel_approval { .. } | - pallet_assets::Call::force_cancel_approval { .. } | - pallet_assets::Call::transfer_approved { .. } | - pallet_assets::Call::touch { .. } | - pallet_assets::Call::touch_other { .. } | - pallet_assets::Call::refund { .. } | - pallet_assets::Call::refund_other { .. }, - ) | RuntimeCall::PoolAssets( - pallet_assets::Call::force_create { .. } | - pallet_assets::Call::block { .. } | - pallet_assets::Call::burn { .. } | - pallet_assets::Call::transfer { .. } | - pallet_assets::Call::transfer_keep_alive { .. } | - pallet_assets::Call::force_transfer { .. } | - pallet_assets::Call::freeze { .. } | - pallet_assets::Call::thaw { .. } | - pallet_assets::Call::freeze_asset { .. } | - pallet_assets::Call::thaw_asset { .. } | - pallet_assets::Call::transfer_ownership { .. } | - pallet_assets::Call::set_team { .. } | - pallet_assets::Call::set_metadata { .. } | - pallet_assets::Call::clear_metadata { .. } | - pallet_assets::Call::force_set_metadata { .. } | - pallet_assets::Call::force_clear_metadata { .. } | - pallet_assets::Call::force_asset_status { .. } | - pallet_assets::Call::approve_transfer { .. } | - pallet_assets::Call::cancel_approval { .. } | - pallet_assets::Call::force_cancel_approval { .. } | - pallet_assets::Call::transfer_approved { .. } | - pallet_assets::Call::touch { .. } | - pallet_assets::Call::touch_other { .. } | - pallet_assets::Call::refund { .. } | - pallet_assets::Call::refund_other { .. }, - ) | RuntimeCall::AssetConversion( - pallet_asset_conversion::Call::create_pool { .. } | - pallet_asset_conversion::Call::add_liquidity { .. } | - pallet_asset_conversion::Call::remove_liquidity { .. } | - pallet_asset_conversion::Call::swap_tokens_for_exact_tokens { .. } | - pallet_asset_conversion::Call::swap_exact_tokens_for_tokens { .. }, - ) | RuntimeCall::NftFractionalization( - pallet_nft_fractionalization::Call::fractionalize { .. } | - pallet_nft_fractionalization::Call::unify { .. }, - ) | RuntimeCall::Nfts( - pallet_nfts::Call::create { .. } | - pallet_nfts::Call::force_create { .. } | - pallet_nfts::Call::destroy { .. } | - pallet_nfts::Call::mint { .. } | - pallet_nfts::Call::force_mint { .. } | - pallet_nfts::Call::burn { .. } | - pallet_nfts::Call::transfer { .. } | - pallet_nfts::Call::lock_item_transfer { .. } | - pallet_nfts::Call::unlock_item_transfer { .. } | - pallet_nfts::Call::lock_collection { .. } | - pallet_nfts::Call::transfer_ownership { .. } | - pallet_nfts::Call::set_team { .. } | - pallet_nfts::Call::force_collection_owner { .. } | - pallet_nfts::Call::force_collection_config { .. } | - pallet_nfts::Call::approve_transfer { .. } | - pallet_nfts::Call::cancel_approval { .. } | - pallet_nfts::Call::clear_all_transfer_approvals { .. } | - pallet_nfts::Call::lock_item_properties { .. } | - pallet_nfts::Call::set_attribute { .. } | - pallet_nfts::Call::force_set_attribute { .. } | - pallet_nfts::Call::clear_attribute { .. } | - pallet_nfts::Call::approve_item_attributes { .. } | - pallet_nfts::Call::cancel_item_attributes_approval { .. } | - pallet_nfts::Call::set_metadata { .. } | - pallet_nfts::Call::clear_metadata { .. } | - pallet_nfts::Call::set_collection_metadata { .. } | - pallet_nfts::Call::clear_collection_metadata { .. } | - pallet_nfts::Call::set_accept_ownership { .. } | - pallet_nfts::Call::set_collection_max_supply { .. } | - pallet_nfts::Call::update_mint_settings { .. } | - pallet_nfts::Call::set_price { .. } | - pallet_nfts::Call::buy_item { .. } | - pallet_nfts::Call::pay_tips { .. } | - pallet_nfts::Call::create_swap { .. } | - pallet_nfts::Call::cancel_swap { .. } | - pallet_nfts::Call::claim_swap { .. }, - ) | RuntimeCall::Uniques( - pallet_uniques::Call::create { .. } | - pallet_uniques::Call::force_create { .. } | - pallet_uniques::Call::destroy { .. } | - pallet_uniques::Call::mint { .. } | - pallet_uniques::Call::burn { .. } | - pallet_uniques::Call::transfer { .. } | - pallet_uniques::Call::freeze { .. } | - pallet_uniques::Call::thaw { .. } | - pallet_uniques::Call::freeze_collection { .. } | - pallet_uniques::Call::thaw_collection { .. } | - pallet_uniques::Call::transfer_ownership { .. } | - pallet_uniques::Call::set_team { .. } | - pallet_uniques::Call::approve_transfer { .. } | - pallet_uniques::Call::cancel_approval { .. } | - pallet_uniques::Call::force_item_status { .. } | - pallet_uniques::Call::set_attribute { .. } | - pallet_uniques::Call::clear_attribute { .. } | - pallet_uniques::Call::set_metadata { .. } | - pallet_uniques::Call::clear_metadata { .. } | - pallet_uniques::Call::set_collection_metadata { .. } | - pallet_uniques::Call::clear_collection_metadata { .. } | - pallet_uniques::Call::set_accept_ownership { .. } | - pallet_uniques::Call::set_collection_max_supply { .. } | - pallet_uniques::Call::set_price { .. } | - pallet_uniques::Call::buy_item { .. } - ) | RuntimeCall::ToPolkadotXcmRouter( - pallet_xcm_bridge_hub_router::Call::report_bridge_status { .. } - ) - ) - } -} - pub type Barrier = TrailingSetTopicAsId< DenyThenTry< DenyReserveTransferToRelayChain, @@ -606,8 +380,8 @@ impl xcm_executor::Config for XcmConfig { type MessageExporter = (); type UniversalAliases = (bridging::to_polkadot::UniversalAliases, bridging::to_ethereum::UniversalAliases); - type CallDispatcher = WithOriginFilter; - type SafeCallFilter = SafeCallFilter; + type CallDispatcher = RuntimeCall; + type SafeCallFilter = Everything; type Aliasers = Nothing; type TransactionalProcessor = FrameTransactionalProcessor; } @@ -647,11 +421,9 @@ impl pallet_xcm::Config for Runtime { // We want to disallow users sending (arbitrary) XCMs from this chain. type SendXcmOrigin = EnsureXcmOrigin; type XcmRouter = XcmRouter; - // We support local origins dispatching XCM executions in principle... + // Anyone can execute XCM messages locally. type ExecuteXcmOrigin = EnsureXcmOrigin; - // ... but disallow generic XCM execution. As a result only teleports and reserve transfers are - // allowed. - type XcmExecuteFilter = Nothing; + type XcmExecuteFilter = Everything; type XcmExecutor = XcmExecutor; type XcmTeleportFilter = Everything; type XcmReserveTransferFilter = Everything; diff --git a/system-parachains/asset-hubs/asset-hub-polkadot/src/lib.rs b/system-parachains/asset-hubs/asset-hub-polkadot/src/lib.rs index f80885c5e5..d0bdc2edb1 100644 --- a/system-parachains/asset-hubs/asset-hub-polkadot/src/lib.rs +++ b/system-parachains/asset-hubs/asset-hub-polkadot/src/lib.rs @@ -1006,6 +1006,7 @@ pub type Migrations = ( // unreleased frame_support::migrations::RemovePallet, cumulus_pallet_xcmp_queue::migration::v4::MigrationToV4, + pallet_collator_selection::migration::v2::MigrationToV2, // permanent pallet_xcm::migration::MigrateToLatestXcmVersion, ); diff --git a/system-parachains/asset-hubs/asset-hub-polkadot/src/xcm_config.rs b/system-parachains/asset-hubs/asset-hub-polkadot/src/xcm_config.rs index 7e371ca9ed..9d56a5477b 100644 --- a/system-parachains/asset-hubs/asset-hub-polkadot/src/xcm_config.rs +++ b/system-parachains/asset-hubs/asset-hub-polkadot/src/xcm_config.rs @@ -58,10 +58,7 @@ use xcm_builder::{ WeightInfoBounds, WithComputedOrigin, WithUniqueTopic, XcmFeeManagerFromComponents, XcmFeeToAccount, }; -use xcm_executor::{ - traits::{ConvertLocation, WithOriginFilter}, - XcmExecutor, -}; +use xcm_executor::{traits::ConvertLocation, XcmExecutor}; parameter_types! { pub const DotLocation: Location = Location::parent(); @@ -271,189 +268,6 @@ impl Contains for ParentOrParentsPlurality { } } -/// A call filter for the XCM Transact instruction. This is a temporary measure until we properly -/// account for proof size weights. -/// -/// Calls that are allowed through this filter must: -/// 1. Have a fixed weight; -/// 2. Cannot lead to another call being made; -/// 3. Have a defined proof size weight, e.g. no unbounded vecs in call parameters. -pub struct SafeCallFilter; -impl Contains for SafeCallFilter { - fn contains(call: &RuntimeCall) -> bool { - #[cfg(feature = "runtime-benchmarks")] - { - if matches!(call, RuntimeCall::System(frame_system::Call::remark_with_event { .. })) { - return true - } - } - - // Allow to change dedicated storage items (called by governance-like) - match call { - RuntimeCall::System(frame_system::Call::set_storage { items }) - if items.iter().all(|(k, _)| { - k.eq(&bridging::XcmBridgeHubRouterByteFee::key()) || - k.eq(&bridging::XcmBridgeHubRouterBaseFee::key()) || - k.eq(&bridging::to_ethereum::BridgeHubEthereumBaseFee::key()) - }) => - return true, - _ => (), - }; - - matches!( - call, - RuntimeCall::PolkadotXcm( - pallet_xcm::Call::force_xcm_version { .. } | - pallet_xcm::Call::force_default_xcm_version { .. } - ) | RuntimeCall::System( - frame_system::Call::set_heap_pages { .. } | - frame_system::Call::set_code { .. } | - frame_system::Call::set_code_without_checks { .. } | - frame_system::Call::authorize_upgrade { .. } | - frame_system::Call::authorize_upgrade_without_checks { .. } | - frame_system::Call::kill_prefix { .. }, - ) | RuntimeCall::ParachainSystem(..) | - RuntimeCall::Timestamp(..) | - RuntimeCall::Balances(..) | - RuntimeCall::CollatorSelection( - pallet_collator_selection::Call::set_desired_candidates { .. } | - pallet_collator_selection::Call::set_candidacy_bond { .. } | - pallet_collator_selection::Call::register_as_candidate { .. } | - pallet_collator_selection::Call::leave_intent { .. } | - pallet_collator_selection::Call::set_invulnerables { .. } | - pallet_collator_selection::Call::add_invulnerable { .. } | - pallet_collator_selection::Call::remove_invulnerable { .. }, - ) | RuntimeCall::Session(pallet_session::Call::purge_keys { .. }) | - RuntimeCall::XcmpQueue(..) | - RuntimeCall::Assets( - pallet_assets::Call::create { .. } | - pallet_assets::Call::force_create { .. } | - pallet_assets::Call::start_destroy { .. } | - pallet_assets::Call::destroy_accounts { .. } | - pallet_assets::Call::destroy_approvals { .. } | - pallet_assets::Call::finish_destroy { .. } | - pallet_assets::Call::mint { .. } | - pallet_assets::Call::burn { .. } | - pallet_assets::Call::transfer { .. } | - pallet_assets::Call::transfer_keep_alive { .. } | - pallet_assets::Call::force_transfer { .. } | - pallet_assets::Call::freeze { .. } | - pallet_assets::Call::thaw { .. } | - pallet_assets::Call::freeze_asset { .. } | - pallet_assets::Call::thaw_asset { .. } | - pallet_assets::Call::transfer_ownership { .. } | - pallet_assets::Call::set_team { .. } | - pallet_assets::Call::set_metadata { .. } | - pallet_assets::Call::clear_metadata { .. } | - pallet_assets::Call::force_set_metadata { .. } | - pallet_assets::Call::force_clear_metadata { .. } | - pallet_assets::Call::force_asset_status { .. } | - pallet_assets::Call::approve_transfer { .. } | - pallet_assets::Call::cancel_approval { .. } | - pallet_assets::Call::force_cancel_approval { .. } | - pallet_assets::Call::transfer_approved { .. } | - pallet_assets::Call::touch { .. } | - pallet_assets::Call::refund { .. }, - ) | RuntimeCall::ForeignAssets( - pallet_assets::Call::create { .. } | - pallet_assets::Call::force_create { .. } | - pallet_assets::Call::start_destroy { .. } | - pallet_assets::Call::destroy_accounts { .. } | - pallet_assets::Call::destroy_approvals { .. } | - pallet_assets::Call::finish_destroy { .. } | - pallet_assets::Call::mint { .. } | - pallet_assets::Call::burn { .. } | - pallet_assets::Call::transfer { .. } | - pallet_assets::Call::transfer_keep_alive { .. } | - pallet_assets::Call::force_transfer { .. } | - pallet_assets::Call::freeze { .. } | - pallet_assets::Call::thaw { .. } | - pallet_assets::Call::freeze_asset { .. } | - pallet_assets::Call::thaw_asset { .. } | - pallet_assets::Call::transfer_ownership { .. } | - pallet_assets::Call::set_team { .. } | - pallet_assets::Call::set_metadata { .. } | - pallet_assets::Call::clear_metadata { .. } | - pallet_assets::Call::force_set_metadata { .. } | - pallet_assets::Call::force_clear_metadata { .. } | - pallet_assets::Call::force_asset_status { .. } | - pallet_assets::Call::approve_transfer { .. } | - pallet_assets::Call::cancel_approval { .. } | - pallet_assets::Call::force_cancel_approval { .. } | - pallet_assets::Call::transfer_approved { .. } | - pallet_assets::Call::touch { .. } | - pallet_assets::Call::refund { .. }, - ) | RuntimeCall::Nfts( - pallet_nfts::Call::create { .. } | - pallet_nfts::Call::force_create { .. } | - pallet_nfts::Call::destroy { .. } | - pallet_nfts::Call::mint { .. } | - pallet_nfts::Call::force_mint { .. } | - pallet_nfts::Call::burn { .. } | - pallet_nfts::Call::transfer { .. } | - pallet_nfts::Call::lock_item_transfer { .. } | - pallet_nfts::Call::unlock_item_transfer { .. } | - pallet_nfts::Call::lock_collection { .. } | - pallet_nfts::Call::transfer_ownership { .. } | - pallet_nfts::Call::set_team { .. } | - pallet_nfts::Call::force_collection_owner { .. } | - pallet_nfts::Call::force_collection_config { .. } | - pallet_nfts::Call::approve_transfer { .. } | - pallet_nfts::Call::cancel_approval { .. } | - pallet_nfts::Call::clear_all_transfer_approvals { .. } | - pallet_nfts::Call::lock_item_properties { .. } | - pallet_nfts::Call::set_attribute { .. } | - pallet_nfts::Call::force_set_attribute { .. } | - pallet_nfts::Call::clear_attribute { .. } | - pallet_nfts::Call::approve_item_attributes { .. } | - pallet_nfts::Call::cancel_item_attributes_approval { .. } | - pallet_nfts::Call::set_metadata { .. } | - pallet_nfts::Call::clear_metadata { .. } | - pallet_nfts::Call::set_collection_metadata { .. } | - pallet_nfts::Call::clear_collection_metadata { .. } | - pallet_nfts::Call::set_accept_ownership { .. } | - pallet_nfts::Call::set_collection_max_supply { .. } | - pallet_nfts::Call::update_mint_settings { .. } | - pallet_nfts::Call::set_price { .. } | - pallet_nfts::Call::buy_item { .. } | - pallet_nfts::Call::pay_tips { .. } | - pallet_nfts::Call::create_swap { .. } | - pallet_nfts::Call::cancel_swap { .. } | - pallet_nfts::Call::claim_swap { .. }, - ) | RuntimeCall::Uniques( - pallet_uniques::Call::create { .. } | - pallet_uniques::Call::force_create { .. } | - pallet_uniques::Call::destroy { .. } | - pallet_uniques::Call::mint { .. } | - pallet_uniques::Call::burn { .. } | - pallet_uniques::Call::transfer { .. } | - pallet_uniques::Call::freeze { .. } | - pallet_uniques::Call::thaw { .. } | - pallet_uniques::Call::freeze_collection { .. } | - pallet_uniques::Call::thaw_collection { .. } | - pallet_uniques::Call::transfer_ownership { .. } | - pallet_uniques::Call::set_team { .. } | - pallet_uniques::Call::approve_transfer { .. } | - pallet_uniques::Call::cancel_approval { .. } | - pallet_uniques::Call::force_item_status { .. } | - pallet_uniques::Call::set_attribute { .. } | - pallet_uniques::Call::clear_attribute { .. } | - pallet_uniques::Call::set_metadata { .. } | - pallet_uniques::Call::clear_metadata { .. } | - pallet_uniques::Call::set_collection_metadata { .. } | - pallet_uniques::Call::clear_collection_metadata { .. } | - pallet_uniques::Call::set_accept_ownership { .. } | - pallet_uniques::Call::set_collection_max_supply { .. } | - pallet_uniques::Call::set_price { .. } | - pallet_uniques::Call::buy_item { .. } - ) | RuntimeCall::ToKusamaXcmRouter( - pallet_xcm_bridge_hub_router::Call::report_bridge_status { .. } - ) | RuntimeCall::PoolAssets(..) | - RuntimeCall::AssetConversion(..) - ) - } -} - pub type Barrier = TrailingSetTopicAsId< DenyThenTry< DenyReserveTransferToRelayChain, @@ -600,8 +414,8 @@ impl xcm_executor::Config for XcmConfig { type MessageExporter = (); type UniversalAliases = (bridging::to_kusama::UniversalAliases, bridging::to_ethereum::UniversalAliases); - type CallDispatcher = WithOriginFilter; - type SafeCallFilter = SafeCallFilter; + type CallDispatcher = RuntimeCall; + type SafeCallFilter = Everything; type Aliasers = Nothing; type TransactionalProcessor = FrameTransactionalProcessor; } diff --git a/system-parachains/bridge-hubs/bridge-hub-kusama/src/lib.rs b/system-parachains/bridge-hubs/bridge-hub-kusama/src/lib.rs index 6ac399787b..371739ebb7 100644 --- a/system-parachains/bridge-hubs/bridge-hub-kusama/src/lib.rs +++ b/system-parachains/bridge-hubs/bridge-hub-kusama/src/lib.rs @@ -138,6 +138,7 @@ parameter_types! { /// Migrations to apply on runtime upgrade. pub type Migrations = ( frame_support::migrations::RemovePallet, + pallet_collator_selection::migration::v2::MigrationToV2, // permanent pallet_xcm::migration::MigrateToLatestXcmVersion, ); diff --git a/system-parachains/bridge-hubs/bridge-hub-kusama/src/xcm_config.rs b/system-parachains/bridge-hubs/bridge-hub-kusama/src/xcm_config.rs index 11d9710fed..5a7f15bd38 100644 --- a/system-parachains/bridge-hubs/bridge-hub-kusama/src/xcm_config.rs +++ b/system-parachains/bridge-hubs/bridge-hub-kusama/src/xcm_config.rs @@ -15,17 +15,14 @@ // along with Cumulus. If not, see . use super::{ - bridge_to_ethereum_config::{EthereumGatewayAddress, EthereumNetwork}, - bridge_to_polkadot_config::{ - DeliveryRewardInBalance, RequiredStakeForStakeAndSlash, ToBridgeHubPolkadotHaulBlobExporter, - }, - AccountId, AllPalletsWithSystem, Balances, ParachainInfo, ParachainSystem, PolkadotXcm, + bridge_to_ethereum_config::EthereumNetwork, + bridge_to_polkadot_config::ToBridgeHubPolkadotHaulBlobExporter, AccountId, + AllPalletsWithSystem, Balances, ParachainInfo, ParachainSystem, PolkadotXcm, PriceForParentDelivery, Runtime, RuntimeCall, RuntimeEvent, RuntimeOrigin, WeightToFee, XcmpQueue, }; use frame_support::{ parameter_types, - storage::generator::StorageValue, traits::{ConstU32, Contains, Equals, Everything, Nothing}, }; use frame_system::EnsureRoot; @@ -54,7 +51,7 @@ use xcm_builder::{ XcmFeeToAccount, }; use xcm_executor::{ - traits::{ConvertLocation, FeeManager, FeeReason, FeeReason::Export, WithOriginFilter}, + traits::{ConvertLocation, FeeManager, FeeReason, FeeReason::Export}, XcmExecutor, }; @@ -136,99 +133,6 @@ impl Contains for ParentOrParentsPlurality { } } -/// A call filter for the XCM Transact instruction. This is a temporary measure until we properly -/// account for proof size weights. -/// -/// Calls that are allowed through this filter must: -/// 1. Have a fixed weight; -/// 2. Cannot lead to another call being made; -/// 3. Have a defined proof size weight, e.g. no unbounded vecs in call parameters. -pub struct SafeCallFilter; -impl Contains for SafeCallFilter { - fn contains(call: &RuntimeCall) -> bool { - #[cfg(feature = "runtime-benchmarks")] - { - if matches!(call, RuntimeCall::System(frame_system::Call::remark_with_event { .. })) { - return true - } - } - - // Allow to change dedicated storage items (called by governance-like) - match call { - RuntimeCall::System(frame_system::Call::set_storage { items }) - if items.iter().all(|(k, _)| { - k.eq(&DeliveryRewardInBalance::key()) || - k.eq(&RequiredStakeForStakeAndSlash::key()) || - k.eq(&EthereumGatewayAddress::key()) || - k.eq(&pallet_bridge_grandpa::CurrentAuthoritySet::< - Runtime, - crate::bridge_to_polkadot_config::BridgeGrandpaPolkadotInstance, - >::storage_value_final_key()) - }) => - return true, - _ => (), - }; - - matches!( - call, - RuntimeCall::PolkadotXcm( - pallet_xcm::Call::force_xcm_version { .. } | - pallet_xcm::Call::force_default_xcm_version { .. } - ) | RuntimeCall::System( - frame_system::Call::set_heap_pages { .. } | - frame_system::Call::set_code { .. } | - frame_system::Call::set_code_without_checks { .. } | - frame_system::Call::authorize_upgrade { .. } | - frame_system::Call::authorize_upgrade_without_checks { .. } | - frame_system::Call::kill_prefix { .. }, - ) | RuntimeCall::ParachainSystem(..) | - RuntimeCall::Timestamp(..) | - RuntimeCall::Balances(..) | - RuntimeCall::CollatorSelection( - pallet_collator_selection::Call::set_desired_candidates { .. } | - pallet_collator_selection::Call::set_candidacy_bond { .. } | - pallet_collator_selection::Call::register_as_candidate { .. } | - pallet_collator_selection::Call::leave_intent { .. } | - pallet_collator_selection::Call::set_invulnerables { .. } | - pallet_collator_selection::Call::add_invulnerable { .. } | - pallet_collator_selection::Call::remove_invulnerable { .. }, - ) | RuntimeCall::Session(pallet_session::Call::purge_keys { .. }) | - RuntimeCall::XcmpQueue(..) | - RuntimeCall::BridgePolkadotGrandpa(pallet_bridge_grandpa::Call::< - Runtime, - crate::bridge_to_polkadot_config::BridgeGrandpaPolkadotInstance, - >::initialize { .. }) | - RuntimeCall::BridgePolkadotGrandpa(pallet_bridge_grandpa::Call::< - Runtime, - crate::bridge_to_polkadot_config::BridgeGrandpaPolkadotInstance, - >::set_operating_mode { .. }) | - RuntimeCall::BridgePolkadotParachains(pallet_bridge_parachains::Call::< - Runtime, - crate::bridge_to_polkadot_config::BridgeParachainPolkadotInstance, - >::set_operating_mode { .. }) | - RuntimeCall::BridgePolkadotMessages(pallet_bridge_messages::Call::< - Runtime, - crate::bridge_to_polkadot_config::WithBridgeHubPolkadotMessagesInstance, - >::set_operating_mode { .. }) | - RuntimeCall::EthereumBeaconClient( - snowbridge_pallet_ethereum_client::Call::force_checkpoint { .. } | - snowbridge_pallet_ethereum_client::Call::set_operating_mode { .. }, - ) | RuntimeCall::EthereumInboundQueue( - snowbridge_pallet_inbound_queue::Call::set_operating_mode { .. }, - ) | RuntimeCall::EthereumOutboundQueue( - snowbridge_pallet_outbound_queue::Call::set_operating_mode { .. }, - ) | RuntimeCall::EthereumSystem( - snowbridge_pallet_system::Call::upgrade { .. } | - snowbridge_pallet_system::Call::set_operating_mode { .. } | - snowbridge_pallet_system::Call::set_pricing_parameters { .. } | - snowbridge_pallet_system::Call::force_update_channel { .. } | - snowbridge_pallet_system::Call::force_transfer_native_from_agent { .. } | - snowbridge_pallet_system::Call::set_token_transfer_fees { .. }, - ) - ) - } -} - pub type Barrier = TrailingSetTopicAsId< DenyThenTry< DenyReserveTransferToRelayChain, @@ -314,8 +218,8 @@ impl xcm_executor::Config for XcmConfig { type MessageExporter = (ToBridgeHubPolkadotHaulBlobExporter, crate::bridge_to_ethereum_config::SnowbridgeExporter); type UniversalAliases = Nothing; - type CallDispatcher = WithOriginFilter; - type SafeCallFilter = SafeCallFilter; + type CallDispatcher = RuntimeCall; + type SafeCallFilter = Everything; type Aliasers = Nothing; type TransactionalProcessor = FrameTransactionalProcessor; } @@ -338,10 +242,9 @@ impl pallet_xcm::Config for Runtime { // We want to disallow users sending (arbitrary) XCMs from this chain. type SendXcmOrigin = EnsureXcmOrigin; type XcmRouter = XcmRouter; - // We support local origins dispatching XCM executions in principle... + // Anyone can execute XCM messages locally. type ExecuteXcmOrigin = EnsureXcmOrigin; - // ... but disallow generic XCM execution. As a result only teleports are allowed. - type XcmExecuteFilter = Nothing; + type XcmExecuteFilter = Everything; type XcmExecutor = XcmExecutor; type XcmTeleportFilter = Everything; type XcmReserveTransferFilter = Nothing; // This parachain is not meant as a reserve location. diff --git a/system-parachains/bridge-hubs/bridge-hub-polkadot/src/lib.rs b/system-parachains/bridge-hubs/bridge-hub-polkadot/src/lib.rs index 4000114461..37d537ba48 100644 --- a/system-parachains/bridge-hubs/bridge-hub-polkadot/src/lib.rs +++ b/system-parachains/bridge-hubs/bridge-hub-polkadot/src/lib.rs @@ -149,6 +149,7 @@ pub type Migrations = ( ConstU32, >, bridge_to_kusama_unstuck::BridgeToKusamaUnstuck, + pallet_collator_selection::migration::v2::MigrationToV2, // permanent pallet_xcm::migration::MigrateToLatestXcmVersion, ); diff --git a/system-parachains/bridge-hubs/bridge-hub-polkadot/src/xcm_config.rs b/system-parachains/bridge-hubs/bridge-hub-polkadot/src/xcm_config.rs index 6e2e96d2ac..e3d3778aac 100644 --- a/system-parachains/bridge-hubs/bridge-hub-polkadot/src/xcm_config.rs +++ b/system-parachains/bridge-hubs/bridge-hub-polkadot/src/xcm_config.rs @@ -15,17 +15,13 @@ // along with Cumulus. If not, see . use super::{ - bridge_to_ethereum_config::{EthereumGatewayAddress, EthereumNetwork}, - bridge_to_kusama_config::{ - DeliveryRewardInBalance, RequiredStakeForStakeAndSlash, ToBridgeHubKusamaHaulBlobExporter, - }, - AccountId, AllPalletsWithSystem, Balances, ParachainInfo, ParachainSystem, PolkadotXcm, - PriceForParentDelivery, Runtime, RuntimeCall, RuntimeEvent, RuntimeOrigin, WeightToFee, - XcmpQueue, + bridge_to_ethereum_config::EthereumNetwork, + bridge_to_kusama_config::ToBridgeHubKusamaHaulBlobExporter, AccountId, AllPalletsWithSystem, + Balances, ParachainInfo, ParachainSystem, PolkadotXcm, PriceForParentDelivery, Runtime, + RuntimeCall, RuntimeEvent, RuntimeOrigin, WeightToFee, XcmpQueue, }; use frame_support::{ parameter_types, - storage::generator::StorageValue, traits::{ConstU32, Contains, Equals, Everything, Nothing}, }; use frame_system::EnsureRoot; @@ -55,7 +51,7 @@ use xcm_builder::{ XcmFeeToAccount, }; use xcm_executor::{ - traits::{ConvertLocation, FeeManager, FeeReason, FeeReason::Export, WithOriginFilter}, + traits::{ConvertLocation, FeeManager, FeeReason, FeeReason::Export}, XcmExecutor, }; @@ -153,99 +149,6 @@ impl Contains for FellowsPlurality { } } -/// A call filter for the XCM Transact instruction. This is a temporary measure until we properly -/// account for proof size weights. -/// -/// Calls that are allowed through this filter must: -/// 1. Have a fixed weight; -/// 2. Cannot lead to another call being made; -/// 3. Have a defined proof size weight, e.g. no unbounded vecs in call parameters. -pub struct SafeCallFilter; -impl Contains for SafeCallFilter { - fn contains(call: &RuntimeCall) -> bool { - #[cfg(feature = "runtime-benchmarks")] - { - if matches!(call, RuntimeCall::System(frame_system::Call::remark_with_event { .. })) { - return true - } - } - - // Allow to change dedicated storage items (called by governance-like) - match call { - RuntimeCall::System(frame_system::Call::set_storage { items }) - if items.iter().all(|(k, _)| { - k.eq(&DeliveryRewardInBalance::key()) || - k.eq(&RequiredStakeForStakeAndSlash::key()) || - k.eq(&EthereumGatewayAddress::key()) || - k.eq(&pallet_bridge_grandpa::CurrentAuthoritySet::< - Runtime, - crate::bridge_to_kusama_config::BridgeGrandpaKusamaInstance, - >::storage_value_final_key()) - }) => - return true, - _ => (), - }; - - matches!( - call, - RuntimeCall::PolkadotXcm( - pallet_xcm::Call::force_xcm_version { .. } | - pallet_xcm::Call::force_default_xcm_version { .. } - ) | RuntimeCall::System( - frame_system::Call::set_heap_pages { .. } | - frame_system::Call::set_code { .. } | - frame_system::Call::set_code_without_checks { .. } | - frame_system::Call::authorize_upgrade { .. } | - frame_system::Call::authorize_upgrade_without_checks { .. } | - frame_system::Call::kill_prefix { .. }, - ) | RuntimeCall::ParachainSystem(..) | - RuntimeCall::Timestamp(..) | - RuntimeCall::Balances(..) | - RuntimeCall::CollatorSelection( - pallet_collator_selection::Call::set_desired_candidates { .. } | - pallet_collator_selection::Call::set_candidacy_bond { .. } | - pallet_collator_selection::Call::register_as_candidate { .. } | - pallet_collator_selection::Call::leave_intent { .. } | - pallet_collator_selection::Call::set_invulnerables { .. } | - pallet_collator_selection::Call::add_invulnerable { .. } | - pallet_collator_selection::Call::remove_invulnerable { .. }, - ) | RuntimeCall::Session(pallet_session::Call::purge_keys { .. }) | - RuntimeCall::XcmpQueue(..) | - RuntimeCall::BridgeKusamaGrandpa(pallet_bridge_grandpa::Call::< - Runtime, - crate::bridge_to_kusama_config::BridgeGrandpaKusamaInstance, - >::initialize { .. }) | - RuntimeCall::BridgeKusamaGrandpa(pallet_bridge_grandpa::Call::< - Runtime, - crate::bridge_to_kusama_config::BridgeGrandpaKusamaInstance, - >::set_operating_mode { .. }) | - RuntimeCall::BridgeKusamaParachains(pallet_bridge_parachains::Call::< - Runtime, - crate::bridge_to_kusama_config::BridgeParachainKusamaInstance, - >::set_operating_mode { .. }) | - RuntimeCall::BridgeKusamaMessages(pallet_bridge_messages::Call::< - Runtime, - crate::bridge_to_kusama_config::WithBridgeHubKusamaMessagesInstance, - >::set_operating_mode { .. }) | - RuntimeCall::EthereumBeaconClient( - snowbridge_pallet_ethereum_client::Call::force_checkpoint { .. } | - snowbridge_pallet_ethereum_client::Call::set_operating_mode { .. }, - ) | RuntimeCall::EthereumInboundQueue( - snowbridge_pallet_inbound_queue::Call::set_operating_mode { .. }, - ) | RuntimeCall::EthereumOutboundQueue( - snowbridge_pallet_outbound_queue::Call::set_operating_mode { .. }, - ) | RuntimeCall::EthereumSystem( - snowbridge_pallet_system::Call::upgrade { .. } | - snowbridge_pallet_system::Call::set_operating_mode { .. } | - snowbridge_pallet_system::Call::set_pricing_parameters { .. } | - snowbridge_pallet_system::Call::force_update_channel { .. } | - snowbridge_pallet_system::Call::force_transfer_native_from_agent { .. } | - snowbridge_pallet_system::Call::set_token_transfer_fees { .. }, - ) - ) - } -} - pub type Barrier = TrailingSetTopicAsId< DenyThenTry< DenyReserveTransferToRelayChain, @@ -333,8 +236,8 @@ impl xcm_executor::Config for XcmConfig { type MessageExporter = (ToBridgeHubKusamaHaulBlobExporter, crate::bridge_to_ethereum_config::SnowbridgeExporter); type UniversalAliases = Nothing; - type CallDispatcher = WithOriginFilter; - type SafeCallFilter = SafeCallFilter; + type CallDispatcher = RuntimeCall; + type SafeCallFilter = Everything; type Aliasers = Nothing; type TransactionalProcessor = FrameTransactionalProcessor; } diff --git a/system-parachains/collectives/collectives-polkadot/src/lib.rs b/system-parachains/collectives/collectives-polkadot/src/lib.rs index 154542de25..4dccfe6c52 100644 --- a/system-parachains/collectives/collectives-polkadot/src/lib.rs +++ b/system-parachains/collectives/collectives-polkadot/src/lib.rs @@ -715,6 +715,7 @@ type Migrations = ( // unreleased frame_support::migrations::RemovePallet, cumulus_pallet_xcmp_queue::migration::v4::MigrationToV4, + pallet_collator_selection::migration::v2::MigrationToV2, // permanent pallet_xcm::migration::MigrateToLatestXcmVersion, ); diff --git a/system-parachains/collectives/collectives-polkadot/src/xcm_config.rs b/system-parachains/collectives/collectives-polkadot/src/xcm_config.rs index 2353ea1b2a..f61112defa 100644 --- a/system-parachains/collectives/collectives-polkadot/src/xcm_config.rs +++ b/system-parachains/collectives/collectives-polkadot/src/xcm_config.rs @@ -46,10 +46,7 @@ use xcm_builder::{ UsingComponents, WithComputedOrigin, WithUniqueTopic, XcmFeeManagerFromComponents, XcmFeeToAccount, }; -use xcm_executor::{ - traits::{ConvertLocation, WithOriginFilter}, - XcmExecutor, -}; +use xcm_executor::{traits::ConvertLocation, XcmExecutor}; parameter_types! { pub const RootLocation: Location = Location::here(); @@ -150,89 +147,6 @@ impl Contains for LocalPlurality { } } -/// A call filter for the XCM Transact instruction. This is a temporary measure until we properly -/// account for proof size weights. -/// -/// Calls that are allowed through this filter must: -/// 1. Have a fixed weight; -/// 2. Cannot lead to another call being made; -/// 3. Have a defined proof size weight, e.g. no unbounded vecs in call parameters. -pub struct SafeCallFilter; -impl Contains for SafeCallFilter { - fn contains(call: &RuntimeCall) -> bool { - #[cfg(feature = "runtime-benchmarks")] - { - if matches!(call, RuntimeCall::System(frame_system::Call::remark_with_event { .. })) { - return true - } - } - - matches!( - call, - RuntimeCall::System( - frame_system::Call::set_heap_pages { .. } | - frame_system::Call::set_code { .. } | - frame_system::Call::set_code_without_checks { .. } | - frame_system::Call::authorize_upgrade { .. } | - frame_system::Call::authorize_upgrade_without_checks { .. } | - frame_system::Call::kill_prefix { .. }, - ) | RuntimeCall::ParachainSystem(..) | - RuntimeCall::Timestamp(..) | - RuntimeCall::Balances(..) | - RuntimeCall::CollatorSelection( - pallet_collator_selection::Call::set_desired_candidates { .. } | - pallet_collator_selection::Call::set_candidacy_bond { .. } | - pallet_collator_selection::Call::register_as_candidate { .. } | - pallet_collator_selection::Call::leave_intent { .. } | - pallet_collator_selection::Call::set_invulnerables { .. } | - pallet_collator_selection::Call::add_invulnerable { .. } | - pallet_collator_selection::Call::remove_invulnerable { .. }, - ) | RuntimeCall::Session(pallet_session::Call::purge_keys { .. }) | - RuntimeCall::PolkadotXcm( - pallet_xcm::Call::force_xcm_version { .. } | - pallet_xcm::Call::force_default_xcm_version { .. } - ) | RuntimeCall::XcmpQueue(..) | - RuntimeCall::Alliance( - // `init_members` accepts unbounded vecs as arguments, - // but the call can be initiated only by root origin. - pallet_alliance::Call::init_members { .. } | - pallet_alliance::Call::vote { .. } | - pallet_alliance::Call::disband { .. } | - pallet_alliance::Call::set_rule { .. } | - pallet_alliance::Call::announce { .. } | - pallet_alliance::Call::remove_announcement { .. } | - pallet_alliance::Call::join_alliance { .. } | - pallet_alliance::Call::nominate_ally { .. } | - pallet_alliance::Call::elevate_ally { .. } | - pallet_alliance::Call::give_retirement_notice { .. } | - pallet_alliance::Call::retire { .. } | - pallet_alliance::Call::kick_member { .. } | - pallet_alliance::Call::close { .. } | - pallet_alliance::Call::abdicate_fellow_status { .. }, - ) | RuntimeCall::AllianceMotion( - pallet_collective::Call::vote { .. } | - pallet_collective::Call::disapprove_proposal { .. } | - pallet_collective::Call::close { .. }, - ) | RuntimeCall::FellowshipCollective( - pallet_ranked_collective::Call::add_member { .. } | - pallet_ranked_collective::Call::promote_member { .. } | - pallet_ranked_collective::Call::demote_member { .. } | - pallet_ranked_collective::Call::remove_member { .. }, - ) | RuntimeCall::FellowshipCore( - pallet_core_fellowship::Call::bump { .. } | - pallet_core_fellowship::Call::set_params { .. } | - pallet_core_fellowship::Call::set_active { .. } | - pallet_core_fellowship::Call::approve { .. } | - pallet_core_fellowship::Call::induct { .. } | - pallet_core_fellowship::Call::promote { .. } | - pallet_core_fellowship::Call::offboard { .. } | - pallet_core_fellowship::Call::submit_evidence { .. } | - pallet_core_fellowship::Call::import { .. }, - ) - ) - } -} - pub type Barrier = TrailingSetTopicAsId< DenyThenTry< DenyReserveTransferToRelayChain, @@ -306,8 +220,8 @@ impl xcm_executor::Config for XcmConfig { >; type MessageExporter = (); type UniversalAliases = Nothing; - type CallDispatcher = WithOriginFilter; - type SafeCallFilter = SafeCallFilter; + type CallDispatcher = RuntimeCall; + type SafeCallFilter = Everything; type Aliasers = Nothing; type TransactionalProcessor = FrameTransactionalProcessor; } diff --git a/system-parachains/coretime/coretime-kusama/src/lib.rs b/system-parachains/coretime/coretime-kusama/src/lib.rs index 47715b2370..a0871ce399 100644 --- a/system-parachains/coretime/coretime-kusama/src/lib.rs +++ b/system-parachains/coretime/coretime-kusama/src/lib.rs @@ -23,7 +23,6 @@ include!(concat!(env!("OUT_DIR"), "/wasm_binary.rs")); mod coretime; -mod migrations; #[cfg(test)] mod tests; mod weights; @@ -109,8 +108,7 @@ pub type UncheckedExtrinsic = /// Migrations to apply on runtime upgrade. pub type Migrations = ( pallet_xcm::migration::MigrateToLatestXcmVersion, - migrations::bootstrapping::RemoveOutdatedPoolAssignment, - migrations::bootstrapping::OnboardPeople, + pallet_collator_selection::migration::v2::MigrationToV2, ); /// Executive: handles dispatch to the various modules. diff --git a/system-parachains/coretime/coretime-kusama/src/migrations.rs b/system-parachains/coretime/coretime-kusama/src/migrations.rs deleted file mode 100644 index 5caa111580..0000000000 --- a/system-parachains/coretime/coretime-kusama/src/migrations.rs +++ /dev/null @@ -1,263 +0,0 @@ -// Copyright (C) Parity Technologies and the various Polkadot contributors, see Contributions.md -// for a list of specific contributors. -// SPDX-License-Identifier: Apache-2.0 - -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -/// The Kusama Coretime chain had some launch issues. These migrations clean up state and enable -/// immediate onboarding of system parachains. -/// -/// None of these migrations affect storage structure, only values. -pub mod bootstrapping { - use crate::{weights, Runtime, RuntimeOrigin}; - use frame_support::{pallet_prelude::*, traits::OnRuntimeUpgrade}; - #[cfg(feature = "try-runtime")] - use pallet_broker::StatusRecord; - use pallet_broker::{ - AllowedRenewals, - CoreAssignment::{Pool, Task}, - CoreIndex, CoreMask, Leases, Reservations, SaleInfo, Schedule, ScheduleItem, Status, - Timeslice, WeightInfo, Workplan, - }; - #[cfg(feature = "try-runtime")] - use sp_runtime::TryRuntimeError; - use sp_std::vec::Vec; - - /// The log target. - const TARGET: &str = "runtime::bootstrapping::onboard-people"; - - // The key in Workplan with the outdated assignment. - const WORKPLAN_KEY: (Timeslice, CoreIndex) = (289960, 4); - - // Alias to the broker weights for this runtime. - type BrokerWeights = weights::pallet_broker::WeightInfo; - type RuntimeDbWeight = ::DbWeight; - - /// This migration cleans up an outdated pool assignment in state from the update to Kusama - /// Coretime 1002002. - pub struct RemoveOutdatedPoolAssignment; - - impl OnRuntimeUpgrade for RemoveOutdatedPoolAssignment { - fn on_runtime_upgrade() -> Weight { - let schedule_pool = Schedule::truncate_from(Vec::from([ScheduleItem { - mask: CoreMask::complete(), - assignment: Pool, - }])); - if Workplan::::get(WORKPLAN_KEY) != Some(schedule_pool) { - // Erroneous pool core assignment is not in state. Bailing. - log::error!(target: TARGET, "This migration includes hardcoded values not relevant to this runtime. Bailing."); - return RuntimeDbWeight::get().reads(1); - } - - // Overwrite outdated pool core assignment to keep parachain 2000 on core. - let schedule_2000 = Schedule::truncate_from(Vec::from([ScheduleItem { - mask: CoreMask::complete(), - assignment: Task(2000), - }])); - Workplan::::insert(WORKPLAN_KEY, schedule_2000); - - log::info!(target: TARGET, "Outdated Workplan entry has been overwritten."); - - RuntimeDbWeight::get().reads(1).saturating_add(RuntimeDbWeight::get().writes(1)) - } - - #[cfg(feature = "try-runtime")] - fn pre_upgrade() -> Result, TryRuntimeError> { - let schedule_pool = Schedule::truncate_from(Vec::from([ScheduleItem { - mask: CoreMask::complete(), - assignment: Pool, - }])); - if Workplan::::get(WORKPLAN_KEY) != Some(schedule_pool) { - return Ok(Vec::new()) - } - let sale_info = SaleInfo::::get().unwrap(); - Ok(sale_info.encode()) - } - - #[cfg(feature = "try-runtime")] - fn post_upgrade(state: Vec) -> Result<(), TryRuntimeError> { - if state.is_empty() { - return Ok(()) - } - log::info!(target: TARGET, "Checking migration."); - - // Check that cores 0-4 are now all reassigned to themselves at the end of the original - // period 0 before sales were restarted. - let expected_assignments = [Task(1000), Task(1001), Task(1002), Task(1005), Task(2000)]; - for (core, assignment) in expected_assignments.into_iter().enumerate() { - assert_eq!( - Workplan::::get((289960, core as u16)), - Some(Schedule::truncate_from(Vec::from([ScheduleItem { - mask: CoreMask::complete(), - assignment - }]))) - ); - } - - // There are no more surprise entries in the Workplan - the only cores which have - // reassignments before start sales kicks in are the five checked above. - assert_eq!( - Workplan::::iter_keys() - .filter(|(timeslice, _)| *timeslice != 290808) - .count(), - 5 - ); - - Ok(()) - } - } - - /// The People Chain should be onboarded ASAP to Kusama, however the reserve extrinsic - /// takes two sale period boundaries to actually put new reservations on core. This - /// migration adds the People Chain immediately. - /// - /// This is achieved in three steps: - /// 1. Reserve a core for People (from period 2) - /// 2. Add People Chain to the workplan for period 1 - /// 3. Add People Chain to the workplan for the remainder of period 0 - pub struct OnboardPeople; - - impl OnRuntimeUpgrade for OnboardPeople { - fn on_runtime_upgrade() -> Weight { - // Make sure People Chain is not already reserved. - let schedule_people = Schedule::truncate_from(Vec::from([ScheduleItem { - mask: CoreMask::complete(), - assignment: Task(1004), - }])); - if Reservations::::get().iter().any(|res| *res == schedule_people) { - log::error!(target: TARGET, "The people chain is already reserved. Bailing."); - return RuntimeDbWeight::get().reads(1); - } - - let next_period = SaleInfo::::get() - .map(|sale_info| sale_info.region_begin) - .expect("Sales have started on Kusama."); - - // Request an extra core for the People Chain. - let core_count = Reservations::::decode_len().unwrap_or(0) as u16 + - Leases::::decode_len().unwrap_or(0) as u16 + - AllowedRenewals::::iter_keys() - .filter(|renewal| renewal.when >= next_period) - .count() as u16 + 4; - - match pallet_broker::Pallet::::request_core_count( - RuntimeOrigin::root(), - core_count, - ) { - Ok(_) => log::info!(target: TARGET, "Request for 56 cores sent."), - Err(_) => log::error!(target: TARGET, "Request for 56 cores failed to send."), - } - - // People core should be assigned the new core to avoid clashes with the cores sold in - // period 0. - let people_core = core_count.saturating_sub(1); - - // 1. Schedule People Chain for period 2 and beyond. - let schedule_people = Schedule::truncate_from(Vec::from([ScheduleItem { - mask: CoreMask::complete(), - assignment: Task(1004), - }])); - match pallet_broker::Pallet::::reserve( - RuntimeOrigin::root(), - schedule_people.clone(), - ) { - Ok(_) => log::info!(target: TARGET, "People Chain reserved"), - Err(_) => log::error!(target: TARGET, "People Chain reservation failed!"), - } - - // 2. Schedule People Chain for period 1. - Workplan::::insert((next_period, people_core), schedule_people.clone()); - - // 3. Schedule People for the rest of period 0. Take the timeslice after the next tick - // so we the core definitely gets processed. - let now_ish = Status::::get() - .map(|status| status.last_committed_timeslice.saturating_add(2)) - .expect("Sales have started on Kusama."); - Workplan::::insert((now_ish, people_core), schedule_people); - - BrokerWeights::reserve() - .saturating_add(BrokerWeights::request_core_count(56)) - .saturating_add(RuntimeDbWeight::get().reads(6)) - .saturating_add(RuntimeDbWeight::get().writes(2)) - } - - #[cfg(feature = "try-runtime")] - fn pre_upgrade() -> Result, sp_runtime::TryRuntimeError> { - let schedule_people = Schedule::truncate_from(Vec::from([ScheduleItem { - mask: CoreMask::complete(), - assignment: Task(1004), - }])); - if Reservations::::get().iter().any(|res| *res == schedule_people) { - return Ok(Vec::new()) - } - let status = Status::::get().unwrap(); - Ok(status.encode()) - } - - #[cfg(feature = "try-runtime")] - fn post_upgrade(state: Vec) -> Result<(), TryRuntimeError> { - if state.is_empty() { - return Ok(()) - } - log::info!(target: TARGET, "Checking migration."); - - let prev_status = ::decode(&mut &state[..]).unwrap(); - - // People Chain is reserved exactly once. - let schedule_people = Schedule::truncate_from(Vec::from([ScheduleItem { - mask: CoreMask::complete(), - assignment: Task(1004), - }])); - assert_eq!( - Reservations::::get() - .iter() - .filter(|&res| *res == schedule_people.clone()) - .count(), - 1 - ); - - // And is in the Workplan for periods 0 and 1. - assert_eq!( - Workplan::::get((prev_status.last_committed_timeslice + 2, 55)), - Some(schedule_people.clone()) - ); - - let next_period = - SaleInfo::::get().map(|sale_info| sale_info.region_begin).unwrap(); - - assert_eq!(Workplan::::get((next_period, 55)), Some(schedule_people.clone())); - - // Ensure we have requested the correct number of cores. - assert!(frame_system::Pallet::::read_events_no_consensus().any(|e| { - match e.event { - crate::RuntimeEvent::Broker( - pallet_broker::Event::::CoreCountRequested { core_count }, - ) => { - log::info!(target: TARGET, "Reserved {core_count:?} cores."); - - // Ensure that both of these are correct as a sanity check since we hardcode - // core 55 elsewhere. - core_count == prev_status.core_count + 1 && core_count == 56 - }, - _ => false, - } - })); - - // And ensure this core isn't overwritten at any stage, it should only have the two - // entries in the workload that we just checked. - assert_eq!(Workplan::::iter_keys().filter(|(_, core)| *core == 55).count(), 2); - - Ok(()) - } - } -} diff --git a/system-parachains/coretime/coretime-kusama/src/xcm_config.rs b/system-parachains/coretime/coretime-kusama/src/xcm_config.rs index 787a7224be..14961f0166 100644 --- a/system-parachains/coretime/coretime-kusama/src/xcm_config.rs +++ b/system-parachains/coretime/coretime-kusama/src/xcm_config.rs @@ -48,10 +48,7 @@ use xcm_builder::{ UsingComponents, WeightInfoBounds, WithComputedOrigin, WithUniqueTopic, XcmFeeManagerFromComponents, XcmFeeToAccount, }; -use xcm_executor::{ - traits::{ConvertLocation, WithOriginFilter}, - XcmExecutor, -}; +use xcm_executor::{traits::ConvertLocation, XcmExecutor}; parameter_types! { pub const KsmRelayLocation: Location = Location::parent(); @@ -146,46 +143,6 @@ impl Contains for ParentOrParentsPlurality { } } -/// A call filter for the XCM Transact instruction. This is a temporary measure until we properly -/// account for proof size weights. -/// -/// Calls that are allowed through this filter must: -/// 1. Have a fixed weight; -/// 2. Cannot lead to another call being made; -/// 3. Have a defined proof size weight, e.g. no unbounded vecs in call parameters. -pub struct SafeCallFilter; -impl Contains for SafeCallFilter { - fn contains(call: &RuntimeCall) -> bool { - #[cfg(feature = "runtime-benchmarks")] - { - if matches!(call, RuntimeCall::System(frame_system::Call::remark_with_event { .. })) { - return true; - } - } - - matches!( - call, - RuntimeCall::PolkadotXcm( - pallet_xcm::Call::force_xcm_version { .. } | - pallet_xcm::Call::force_default_xcm_version { .. } - ) | RuntimeCall::System( - frame_system::Call::set_heap_pages { .. } | - frame_system::Call::set_code { .. } | - frame_system::Call::set_code_without_checks { .. } | - frame_system::Call::authorize_upgrade { .. } | - frame_system::Call::authorize_upgrade_without_checks { .. } | - frame_system::Call::kill_prefix { .. } - ) | RuntimeCall::ParachainSystem(..) | - RuntimeCall::Timestamp(..) | - RuntimeCall::Balances(..) | - RuntimeCall::CollatorSelection(..) | - RuntimeCall::Session(pallet_session::Call::purge_keys { .. }) | - RuntimeCall::XcmpQueue(..) | - RuntimeCall::Broker(..) - ) - } -} - pub type Barrier = TrailingSetTopicAsId< DenyThenTry< DenyReserveTransferToRelayChain, @@ -262,8 +219,8 @@ impl xcm_executor::Config for XcmConfig { >; type MessageExporter = (); type UniversalAliases = Nothing; - type CallDispatcher = WithOriginFilter; - type SafeCallFilter = SafeCallFilter; + type CallDispatcher = RuntimeCall; + type SafeCallFilter = Everything; type Aliasers = Nothing; type TransactionalProcessor = FrameTransactionalProcessor; } @@ -286,10 +243,9 @@ impl pallet_xcm::Config for Runtime { // We want to disallow users sending (arbitrary) XCM programs from this chain. type SendXcmOrigin = EnsureXcmOrigin; type XcmRouter = XcmRouter; - // We support local origins dispatching XCM executions in principle... + // Anyone can execute XCM messages locally. type ExecuteXcmOrigin = EnsureXcmOrigin; - // ... but disallow generic XCM execution. As a result only teleports are allowed. - type XcmExecuteFilter = Nothing; + type XcmExecuteFilter = Everything; type XcmExecutor = XcmExecutor; type XcmTeleportFilter = Everything; type XcmReserveTransferFilter = Nothing; // This parachain is not meant as a reserve location. diff --git a/system-parachains/encointer/src/xcm_config.rs b/system-parachains/encointer/src/xcm_config.rs index e845a6bce8..6639eecfb3 100644 --- a/system-parachains/encointer/src/xcm_config.rs +++ b/system-parachains/encointer/src/xcm_config.rs @@ -143,15 +143,6 @@ pub type Barrier = TrailingSetTopicAsId< >, >; -pub struct SafeCallFilter; -impl frame_support::traits::Contains for SafeCallFilter { - fn contains(_call: &RuntimeCall) -> bool { - // This is safe, as we prevent arbitrary xcm-transact executions. - // For rationale, see:https://github.com/paritytech/polkadot/blob/19fdd197aff085f7f66e54942999fd536e7df475/runtime/kusama/src/xcm_config.rs#L171 - true - } -} - parameter_types! { pub const MaxAssetsIntoHolding: u32 = 64; pub const KsmRelayLocation: Location = Location::parent(); @@ -187,7 +178,7 @@ impl xcm_executor::Config for XcmConfig { type MessageExporter = (); type UniversalAliases = Nothing; type CallDispatcher = RuntimeCall; - type SafeCallFilter = SafeCallFilter; + type SafeCallFilter = Everything; type Aliasers = Nothing; type TransactionalProcessor = FrameTransactionalProcessor; } @@ -215,11 +206,9 @@ impl pallet_xcm::Config for Runtime { // We want to disallow users sending (arbitrary) XCMs from this chain. type SendXcmOrigin = EnsureXcmOrigin; type XcmRouter = XcmRouter; - // We support local origins dispatching XCM executions in principle... + // Anyone can execute XCM messages locally. type ExecuteXcmOrigin = EnsureXcmOrigin; - // ... but disallow generic XCM execution. As a result only teleports and reserve transfers are - // allowed. - type XcmExecuteFilter = Nothing; + type XcmExecuteFilter = Everything; type XcmExecutor = XcmExecutor; type XcmTeleportFilter = Everything; type XcmReserveTransferFilter = Everything; diff --git a/system-parachains/people/people-kusama/src/lib.rs b/system-parachains/people/people-kusama/src/lib.rs index 2965b2295b..420f8e099f 100644 --- a/system-parachains/people/people-kusama/src/lib.rs +++ b/system-parachains/people/people-kusama/src/lib.rs @@ -103,6 +103,7 @@ pub type UncheckedExtrinsic = /// Migrations to apply on runtime upgrade. pub type Migrations = ( + pallet_collator_selection::migration::v2::MigrationToV2, // permanent pallet_xcm::migration::MigrateToLatestXcmVersion, ); diff --git a/system-parachains/people/people-kusama/src/xcm_config.rs b/system-parachains/people/people-kusama/src/xcm_config.rs index bf61061d34..f76ed06b7e 100644 --- a/system-parachains/people/people-kusama/src/xcm_config.rs +++ b/system-parachains/people/people-kusama/src/xcm_config.rs @@ -45,10 +45,7 @@ use xcm_builder::{ TrailingSetTopicAsId, UsingComponents, WeightInfoBounds, WithComputedOrigin, WithUniqueTopic, XcmFeeManagerFromComponents, XcmFeeToAccount, }; -use xcm_executor::{ - traits::{ConvertLocation, WithOriginFilter}, - XcmExecutor, -}; +use xcm_executor::{traits::ConvertLocation, XcmExecutor}; parameter_types! { pub const RootLocation: Location = Location::here(); @@ -155,55 +152,6 @@ impl Contains for ParentOrParentsPlurality { } } -/// A call filter for the XCM Transact instruction. This is a temporary measure until we properly -/// account for proof size weights. -/// -/// Calls that are allowed through this filter must: -/// 1. Have a fixed weight; -/// 2. Cannot lead to another call being made; -/// 3. Have a defined proof size weight, e.g. no unbounded vecs in call parameters. -pub struct SafeCallFilter; -impl Contains for SafeCallFilter { - fn contains(call: &RuntimeCall) -> bool { - #[cfg(feature = "runtime-benchmarks")] - { - if matches!(call, RuntimeCall::System(frame_system::Call::remark_with_event { .. })) { - return true - } - } - - matches!( - call, - RuntimeCall::PolkadotXcm( - pallet_xcm::Call::force_xcm_version { .. } | - pallet_xcm::Call::force_default_xcm_version { .. } - ) | RuntimeCall::System( - frame_system::Call::set_heap_pages { .. } | - frame_system::Call::set_code { .. } | - frame_system::Call::set_code_without_checks { .. } | - frame_system::Call::authorize_upgrade { .. } | - frame_system::Call::authorize_upgrade_without_checks { .. } | - frame_system::Call::kill_prefix { .. }, - ) | RuntimeCall::ParachainSystem(..) | - RuntimeCall::Timestamp(..) | - RuntimeCall::Balances(..) | - RuntimeCall::CollatorSelection( - pallet_collator_selection::Call::set_desired_candidates { .. } | - pallet_collator_selection::Call::set_candidacy_bond { .. } | - pallet_collator_selection::Call::register_as_candidate { .. } | - pallet_collator_selection::Call::leave_intent { .. } | - pallet_collator_selection::Call::set_invulnerables { .. } | - pallet_collator_selection::Call::add_invulnerable { .. } | - pallet_collator_selection::Call::remove_invulnerable { .. }, - ) | RuntimeCall::Session(pallet_session::Call::purge_keys { .. }) | - RuntimeCall::XcmpQueue(..) | - RuntimeCall::MessageQueue(..) | - RuntimeCall::Identity(..) | - RuntimeCall::IdentityMigrator(..) - ) - } -} - pub type Barrier = TrailingSetTopicAsId< DenyThenTry< DenyReserveTransferToRelayChain, @@ -272,8 +220,8 @@ impl xcm_executor::Config for XcmConfig { >; type MessageExporter = (); type UniversalAliases = Nothing; - type CallDispatcher = WithOriginFilter; - type SafeCallFilter = SafeCallFilter; + type CallDispatcher = RuntimeCall; + type SafeCallFilter = Everything; type Aliasers = Nothing; type TransactionalProcessor = FrameTransactionalProcessor; } @@ -296,10 +244,9 @@ impl pallet_xcm::Config for Runtime { // We want to disallow users sending (arbitrary) XCM programs from this chain. type SendXcmOrigin = EnsureXcmOrigin; type XcmRouter = XcmRouter; - // We support local origins dispatching XCM executions in principle... + // Anyone can execute XCM messages locally. type ExecuteXcmOrigin = EnsureXcmOrigin; - // ... but disallow generic XCM execution. As a result only teleports are allowed. - type XcmExecuteFilter = Nothing; + type XcmExecuteFilter = Everything; type XcmExecutor = XcmExecutor; type XcmTeleportFilter = Everything; type XcmReserveTransferFilter = Nothing; // This parachain is not meant as a reserve location.