Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Initial work on KMaaS #1

Merged
merged 1 commit into from
Sep 19, 2024
Merged

Initial work on KMaaS #1

merged 1 commit into from
Sep 19, 2024

Conversation

rishibalakrishnan
Copy link
Collaborator

@rishibalakrishnan rishibalakrishnan commented Sep 5, 2024

This PR is largely based on the KMaaS one-pager and API spec. So far the basic functionality in terms of the Account, AccountWithSymKey, and Validator seems to work. I'm still working on adding more tests and want to do so before this PR is merged.

I wasn't able to get sapphire-localnet working on my local setup so the way that I've been testing is having two different accounts for Sapphire testnet, funding both, and setting PRIVATE_KEY_1 and PRIVATE_KEY_2 to each of their respective private keys.

@rishibalakrishnan rishibalakrishnan force-pushed the rishi/initial_work branch 2 times, most recently from 3cc94da to fc416de Compare September 6, 2024 18:37
@CedarMist
Copy link
Member

I wasn't able to get sapphire-localnet working on my local setup so the way that I've been testing is having two different accounts for Sapphire testnet, funding both, and setting PRIVATE_KEY_1 and PRIVATE_KEY_2 to each of their respective private keys.

If you're running on an Apple M chip, you can use.

docker run -it -p8545:8545 -p8546:8546 --platform linux/x86_64 ghcr.io/oasisprotocol/sapphire-localnet

If that doesn't work let me know what the problem was and we can get it working for you.

contracts/Account.sol Outdated Show resolved Hide resolved
_;
}

function grantPermission(address grantee, uint256 expiry) public virtual override authorized {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If I temporarily grant permission to somebody, they can use updateController to permanently take control over the contract, rather than having temporary access (as indicated by the expiry). ?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah. I think only the controller should be able to call updateController.

function clone (address starterOwner)
public virtual override
returns (AccountBase acct) {
AccountBase acc = new Account(starterOwner);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's best to use a lightweight clone factory

e.g. https://github.com/oasisprotocol/demo-authzn/blob/a91f8fd623e8d89f49b0dd56a61792cbc2b7e0fa/backend/contracts/lib/CloneFactory.sol

See: https://eips.ethereum.org/EIPS/eip-1167

This will reduce the cost of clone significantly as the code for Account will only be deployed once, then every time clone is called a proxy contract will be initialized which does DELEGATECALL into the Account contract. This does mean that initialization needs to be moved out of the constructor etc.

contracts/Account.sol Show resolved Hide resolved
contracts/Account.sol Outdated Show resolved Hide resolved
contracts/AccountWithSymKey.sol Outdated Show resolved Hide resolved
@CedarMist
Copy link
Member

CedarMist commented Sep 8, 2024

May I suggest as interesting reading:

_;
}

function grantPermission(address grantee, uint256 expiry) public virtual override authorized {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah. I think only the controller should be able to call updateController.

// Delete a named symmetric key.
function deleteSymKey(string calldata name)
external virtual authorized {
keys[name] = Key.wrap(bytes32(0));
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's a matter of style preferance, but I think delete keys[name] is cleaner.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think because Key is a user defined type the delete operation isn't defined for it

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.9;

contract Sender {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this for testing?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes it is

@rishibalakrishnan
Copy link
Collaborator Author

If that doesn't work let me know what the problem was and we can get it working for you.

I tried that command when trying to set up a local env and the problems were:

  • the Postgres node doesn't start up (I've waited over an hour before)
  • even if it does, specifying the amount to fund accounts either doesn't work, crashes the container, or leaves the funded account with 0 tokens

@CedarMist
Copy link
Member

If that doesn't work let me know what the problem was and we can get it working for you.

I tried that command when trying to set up a local env and the problems were:

* the Postgres node doesn't start up (I've waited over an hour before)

* even if it does, specifying the amount to fund accounts either doesn't work, crashes the container, or leaves the funded account with 0 tokens

Can you provide a console log which includes the command you're running to launch the Docker and the version of OSX + chip/model you're using, so I can file a ticket for this and investigate?

@rishibalakrishnan
Copy link
Collaborator Author

rishibalakrishnan commented Sep 11, 2024

For sure, the console log itself isn't very informative - it looks like this but the Postgres node doesn't start regardless of how long I wait

image

I am running on Apple M3 Pro with Sonoma 14.1.1 - using Docker desktop with Rosetta for x86_64/amd64 emulation enabled. Let me know if there are any other system details you want me to provide. Somehow this wasn't a problem initially which is how I uncovered the issues with funding specific accounts but now I'm not even able to get the container running to surface those secondary issues.

@CedarMist
Copy link
Member

Weird, we're investigating, I've never seen Postgres fail to start, the latest version of sapphire-localnet was 4 days ago and is using sapphire 0.8.2-testnet, but I don't see that as being related.

If you can get a shell inside the localnet container you can head -n 100 /var/logpostgres.log to see what it's doing.
Or do it directly via Docker, e.g. docker exec -ti stoic_wescoff head -n 100 /var/log/postgres.log

@CedarMist
Copy link
Member

Alternatively if you have lots of dockers already running, maybe Docker Desktop is running out of memory.
See: https://stackoverflow.com/questions/44533319/how-to-assign-more-memory-to-docker-container (this is a shot in the dark...)

@rishibalakrishnan
Copy link
Collaborator Author

rishibalakrishnan commented Sep 11, 2024

Yep - I didn't have other containers running but after pulling the latest image and running docker container prune to free up space Postgres was able to start. Now I'm running into the other issues: even if I want to fund the accounts the default amount of 10000 the container errors with this message:
image
Not sure if this is an issue with the amount level (I've tried fairly small and large amounts) but this issue seems related: oasisprotocol/oasis-web3-gateway#585

@CedarMist
Copy link
Member

Ok.

So please run with -test-mnemonic -n 5 to use the same 5 accounts every time, derived from the test test ... junk mnemonic (same as Hardhat). We will soon change this to default behavior.

@rishibalakrishnan rishibalakrishnan force-pushed the rishi/initial_work branch 2 times, most recently from 8fcb214 to ebe4e56 Compare September 12, 2024 19:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants