Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add 30M gas limit to sudo helper #7527

Merged
merged 12 commits into from
Mar 25, 2024
Merged

Add 30M gas limit to sudo helper #7527

merged 12 commits into from
Mar 25, 2024

Conversation

AlpinYukseloglu
Copy link
Contributor

@AlpinYukseloglu AlpinYukseloglu commented Feb 17, 2024

Closes: #7526

What is the purpose of the change

This PR adds a 30M gas limit to sudo calls that use our helper. This can be tightened in the future by requiring callers to specify a gas limit, but in the meantime should serve as an upperbound to minimize the attack surface from unbounded CW contract calls.

Testing and Verifying

Existing tests related to sudo calls pass, and the implementation uses the same gas limit as Cosmwasm has for queries.

No direct tests for this, as it seems all our CW helpers are not directly tested and setting this up will be a meaningful lift. Happy to table this PR until we complete this if people are concerned. Documented this here: #7528

Documentation and Release Note

  • Does this pull request introduce a new feature or user-facing behavior changes?
  • Changelog entry added to Unreleased section of CHANGELOG.md?

Where is the change documented?

  • Specification (x/{module}/README.md)
  • Osmosis documentation site
  • Code comments?
  • N/A

Summary by CodeRabbit

  • New Features
    • Introduced a gas limit of 30M for CW pool contract calls to ensure efficient execution and prevent unbounded contract operations.
  • Tests
    • Added test cases to validate gas consumption limits for contract executions within the Osmosis blockchain environment, ensuring contracts operate within the specified gas limits.

@AlpinYukseloglu AlpinYukseloglu added the V:state/breaking State machine breaking PR label Feb 17, 2024
@ValarDragon
Copy link
Member

ValarDragon commented Feb 19, 2024

I don't think this is complete. If the child thing out of gas's, you get a panic, no? So we have to catch the panic, and return an error.

This definitely needs tests to ensure we got the flow right

@nicolaslara
Copy link
Contributor

I think the panic gets caught by the top level defer: https://github.com/osmosis-labs/cosmos-sdk/blob/osmo/v0.47.5/baseapp/baseapp.go#L639-L647

@ValarDragon
Copy link
Member

Thats not true for beginblock/endblock code!

And more importantly, CW contracts may appear in things that assume a contract they won't panic. (In swaps, we do catch all panics though)

@nicolaslara
Copy link
Contributor

ahh, I keep forgetting we're calling this in beginblock/endblock. Yeah, prob good to have the same defer here

Copy link
Contributor

This pull request has been automatically marked as stale because it has not had any recent activity. It will be closed if no further activity occurs. Thank you!

@github-actions github-actions bot added the Stale label Mar 16, 2024
@PaddyMc PaddyMc added the A:backport/v24.x backport patches to v24.x branch label Mar 18, 2024
@github-actions github-actions bot removed the Stale label Mar 19, 2024
Copy link
Contributor

coderabbitai bot commented Mar 19, 2024

Warning

Rate Limit Exceeded

@AlpinYukseloglu has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 23 minutes and 6 seconds before requesting another review.

How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.
Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.
Please see our FAQ for further information.

Commits Files that changed from the base of the PR and between 114ca62 and 84abef6.

Walkthrough

The recent update in version v23.0.7-iavl-v1 introduces a significant enhancement to the Osmosis blockchain environment, specifically targeting the osmoutils/cosmwasm package. It establishes a gas limit for contract calls within the CW pool, aiming to mitigate the risk of unbounded gas consumption. This is achieved by introducing a default gas limit constant and modifying the Sudo function to enforce this limit, thereby preventing contracts from running indefinitely. Additionally, new tests validate this functionality, ensuring contracts adhere to the specified gas consumption boundaries.

Changes

File(s) Change Summary
CHANGELOG.md Added a 30M gas limit to CW pool contract calls.
osmoutils/cosmwasm/helpers.go Introduced DefaultContractCallGasLimit and modified Sudo to handle gas limits for contract calls.
osmoutils/cosmwasm/helpers_test.go Added tests for gas consumption limits of contract execution in the Osmosis blockchain environment.

Assessment against linked issues

Objective Addressed Explanation
Add gas limit to osmoutils Sudo helper (#7526)

🎉🐇🎉

In a land where contracts run wild and free,
A rabbit set limits, as wise as can be.
"No more," it declared, with a hop and a skip,
"Shall gas run unbound, on this blockchain trip."
With a code and a test, it set the scene,
Ensuring the blockchain stayed efficient and clean.
🎉🐇🎉

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>.
    • Generate unit-tests for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit tests for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai generate interesting stats about this repository and render them as a table.
    • @coderabbitai show all the console.log statements in this repository.
    • @coderabbitai read src/utils.ts and generate unit tests.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • The JSON schema for the configuration file is available here.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/coderabbit-overrides.v2.json

CodeRabbit Discord Community

Join our Discord Community to get help, request features, and share feedback.

Copy link
Contributor

Important Notice

This PR modifies an in-repo Go module. It is one of:

  • osmomath
  • osmoutils
  • x/ibc-hooks
  • x/epochs

The dependent Go modules, especially the root one, will have to be
updated to reflect the changes. Failing to do so might cause e2e to fail.

Please follow the instructions below:

  1. Open https://github.com/osmosis-labs/osmosis/actions/workflows/go-mod-auto-bump.yml
  2. Provide the current branch name
  3. On success, confirm if an automated commit corretly updated the go.mod and go.sum files

Please let us know if you need any help.

Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review Status

Actionable comments generated: 0

Configuration used: CodeRabbit UI

Commits Files that changed from the base of the PR and between a1613da and e49ea88.
Files selected for processing (3)
  • CHANGELOG.md (1 hunks)
  • osmoutils/cosmwasm/helpers.go (2 hunks)
  • osmoutils/cosmwasm/helpers_test.go (1 hunks)
Additional comments: 5
osmoutils/cosmwasm/helpers_test.go (2)
  • 24-93: The TestSudoGasLimit function provides a good foundation for testing the gas limit functionality of the Sudo method. However, there are a few areas that could be improved for clarity and robustness:
  1. Test Case Descriptions: The test case names like "valid contract that consumes less than limit" and "valid contract that consumes more than limit" are clear, but adding a brief comment explaining the expected behavior or outcome for each case could enhance readability.
  2. Error Handling: The test for the scenario where the contract consumes more gas than the limit correctly expects an error. However, it would be beneficial to also test the specific error message or type to ensure that the error is indeed due to gas exhaustion and not some other issue.
  3. Gas Consumption Comments: The comments regarding gas consumption (lines 54 and 63) are helpful, but it's important to note that actual gas consumption may vary with changes in the contract or the execution environment. It might be useful to clarify that these are approximate values and may need adjustment based on future contract changes or updates to the gas metering logic.

Overall, the test coverage for the new gas limit functionality is a positive step towards ensuring the reliability and security of contract executions within the cosmwasm package.

  • 95-108: The uploadAndInstantiateContract helper function is well-implemented and serves its purpose in the test suite. However, consider the following suggestions for improvement:
  1. Error Messages: When asserting no errors with s.Require().NoError(err), providing a custom error message can help quickly identify the point of failure if the test fails. For example, s.Require().NoError(err, "Failed to read wasm file") for line 100.
  2. Hardcoded Bech32 Prefix: The Bech32 prefix "osmo" is hardcoded in line 105. While this is acceptable for tests specific to the Osmosis project, it's a good practice to avoid hardcoding values that might change or be different in other contexts. If the prefix is configurable or might vary, consider retrieving it from a central configuration or parameter store.

These refinements can enhance the maintainability and clarity of the test code.

osmoutils/cosmwasm/helpers.go (2)
  • 11-11: Introducing the DefaultContractCallGasLimit constant is a good practice for managing magic numbers within the codebase. This approach enhances readability and maintainability by centralizing the value, making it easier to adjust in the future if needed. The choice of a 30M gas limit aligns with the PR's objective to establish a safer operational boundary for contract executions.
  • 124-142: The modifications to the Sudo function, including the deferred function to catch panics and the implementation of a gas limit, are well thought out and address the concerns raised in the PR discussion. A few points to consider:
  1. Panic Handling: The use of a deferred function to catch panics and return a specific error message (line 128) is a robust way to handle out-of-gas scenarios. However, ensure that this approach is consistent with the overall error handling strategy of the application, especially in terms of how panics are logged and reported.
  2. Gas Consumption Tracking: The logic to consume gas used for calling the contract in the parent context (line 141) is crucial for accurate gas accounting. It's important to verify that this approach correctly reflects the gas consumption in scenarios where the contract execution is complex or involves multiple calls.

Overall, these changes significantly improve the security and reliability of contract executions by preventing unbounded gas consumption.

CHANGELOG.md (1)
  • 69-69: The addition of a 30M gas limit to CW pool contract calls is documented clearly, ensuring users are aware of this significant change.

Copy link
Member

@mattverse mattverse left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work! Seems to me Valar's comment has been resolved. Left minor comments

osmoutils/cosmwasm/helpers.go Outdated Show resolved Hide resolved
osmoutils/cosmwasm/helpers_test.go Outdated Show resolved Hide resolved
osmoutils/cosmwasm/helpers_test.go Show resolved Hide resolved
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review Status

Actionable comments generated: 0

Configuration used: CodeRabbit UI

Commits Files that changed from the base of the PR and between e49ea88 and 114ca62.
Files selected for processing (2)
  • osmoutils/cosmwasm/helpers.go (2 hunks)
  • osmoutils/cosmwasm/helpers_test.go (1 hunks)
Files skipped from review as they are similar to previous changes (2)
  • osmoutils/cosmwasm/helpers.go
  • osmoutils/cosmwasm/helpers_test.go

@PaddyMc PaddyMc closed this Mar 25, 2024
@PaddyMc PaddyMc reopened this Mar 25, 2024
@PaddyMc PaddyMc merged commit 1e7132d into main Mar 25, 2024
1 check passed
@PaddyMc PaddyMc deleted the alpo/sudo-gas-limit branch March 25, 2024 10:20
mergify bot pushed a commit that referenced this pull request Mar 25, 2024
* add 30M gas limit to sudo helper

* add changelog

* ensure existing lower limit is not overridden

* using min, which is allowed now that we support go 1.21

* start implementing tests

* catch panics and add tests

* clean up test cases

* change error return to generic default and clean up tests

---------

Co-authored-by: Nicolas Lara <[email protected]>
(cherry picked from commit 1e7132d)
PaddyMc pushed a commit that referenced this pull request Mar 25, 2024
* add 30M gas limit to sudo helper

* add changelog

* ensure existing lower limit is not overridden

* using min, which is allowed now that we support go 1.21

* start implementing tests

* catch panics and add tests

* clean up test cases

* change error return to generic default and clean up tests

---------

Co-authored-by: Nicolas Lara <[email protected]>
(cherry picked from commit 1e7132d)

Co-authored-by: Alpo <[email protected]>
@github-actions github-actions bot mentioned this pull request May 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
A:backport/v24.x backport patches to v24.x branch V:state/breaking State machine breaking PR
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Add gas limit to osmoutils Sudo helper
5 participants