Merge branch 'master' into testnet

.github/CODEOWNERS

@@ -1 +1 @@
-* @Cashmaney @toml01 @assafmo @liorbond
+* @Cashmaney @toml01 @assafmo @liorbond @valdok

.github/workflows/ci.yaml

@@ -19,17 +19,17 @@ jobs:
           chmod +x "$SDK_BIN"
           echo yes | ./"$SDK_BIN"
       - name: Cache cargo registry
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ~/.cargo/registry
           key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}
       - name: Cache xargo sysroot
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ~/.xargo
           key: ${{ runner.os }}-xargo-sysroot
       - name: Cache build artifacts
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ~/.cache/sccache
           key: ${{ runner.os }}-sccache
@@ -161,6 +161,31 @@ jobs:
           cp libgo_cosmwasm.so ./go-cosmwasm/api/libgo_cosmwasm.so
           cp librust_cosmwasm_enclave.signed.so ./go-cosmwasm/librust_cosmwasm_enclave.signed.so
           find "$(pwd)" -name \*.wasm
+      - name: Install Quote library SDK
+        run: |
+          curl -fsSL https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add -
+          sudo add-apt-repository "deb https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main"
+          DCAP_VERSION=1.17.100.4-focal1
+          PSW_VERSION=2.20.100.4-focal1
+          sudo apt-get update
+          sudo apt-get install -y \
+              libsgx-aesm-launch-plugin=$PSW_VERSION \
+              libsgx-enclave-common=$PSW_VERSION \
+              libsgx-epid=$PSW_VERSION \
+              libsgx-launch=$PSW_VERSION \
+              libsgx-quote-ex=$PSW_VERSION \
+              libsgx-uae-service=$PSW_VERSION \
+              libsgx-qe3-logic=$DCAP_VERSION \
+              libsgx-pce-logic=$DCAP_VERSION \
+              libsgx-aesm-ecdsa-plugin=$PSW_VERSION \
+              libsgx-aesm-pce-plugin=$PSW_VERSION \
+              libsgx-dcap-ql=$DCAP_VERSION \
+              libsgx-dcap-quote-verify=$DCAP_VERSION \
+              libsgx-dcap-default-qpl=$DCAP_VERSION \
+              libsgx-urts=$PSW_VERSION
+          LIB_PATH=/usr/lib/x86_64-linux-gnu
+          sudo ln -s $LIB_PATH/libsgx_dcap_ql.so.1 $LIB_PATH/libsgx_dcap_ql.so
+          sudo ln -s $LIB_PATH/libsgx_dcap_quoteverify.so.1 $LIB_PATH/libsgx_dcap_quoteverify.so
       - name: Test x/registration
         run: |
           source "$HOME/.sgxsdk/sgxsdk/environment"
@@ -193,17 +218,17 @@ jobs:
           chmod +x "$SDK_BIN"
           echo yes | ./"$SDK_BIN"
       - name: Cache cargo registry
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ~/.cargo/registry
           key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}
       - name: Cache xargo sysroot
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ~/.xargo
           key: ${{ runner.os }}-xargo-sysroot
       - name: Cache build artifacts
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ~/.cache/sccache
           key: ${{ runner.os }}-sccache

.github/workflows/release.yaml

@@ -31,7 +31,7 @@ jobs:
           echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
           echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
       - name: Cache build artifacts
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ~/.cache/sccache
           key: ${{ runner.os }}-sccache

SECURITY.md

@@ -12,18 +12,9 @@ If it is something that can be handled by a param change, discuss it on [the for
 
 For a bug that is non-sensitive and/or operational in nature rather than a critical vulnerability, please add it as a GitHub issue.
 
-If it is not triaged in a couple of days, feel free to tag `@reuvenpo`, `@toml01`, `@assafmo` or `@Cashmaney`.
-
 ## Critical bug or security issue
 
-If you're here because you're trying to figure out how to notify us of a security issue, go to [Discord](https://chat.scrt.network) or Telegram, and alert the core engineers:
-
-|        | Telegram      | Discord                    |
-| ------ | ------------- | -------------------------- |
-| Itzik  | `@Cashmaney3` | `Cashmaney#3500`           |
-| Assaf  | `@assafmo`    | `assafmo#9483`             |
-| Tom    | `@toml01`     | `toml#7076`                |
-| Reuven | `@ReuvenPo`   | `Reuven \| SCRT Labs#0732` |
+If you're here because you're trying to figure out how to notify us of a security issue, please email us at [email protected].
 
 Please avoid opening public issues on GitHub that contain information about a potential security vulnerability as this makes it difficult to reduce the impact and harm of valid security issues.
 

app/app.go

@@ -38,6 +38,7 @@ import (
 	v1_11_testnet_shade_hardcoded_admins "github.com/scrtlabs/SecretNetwork/app/upgrades/v1.11-testnet-shade-hardcoded-admins"
 	v1_11_testnet_shade_hardcoded_admins_fix "github.com/scrtlabs/SecretNetwork/app/upgrades/v1.11-testnet-shade-hardcoded-admins-fix"
 	v1_12 "github.com/scrtlabs/SecretNetwork/app/upgrades/v1.12"
+	v1_13 "github.com/scrtlabs/SecretNetwork/app/upgrades/v1.13"
 	v1_3 "github.com/scrtlabs/SecretNetwork/app/upgrades/v1.3"
 	v1_4 "github.com/scrtlabs/SecretNetwork/app/upgrades/v1.4"
 	v1_5 "github.com/scrtlabs/SecretNetwork/app/upgrades/v1.5"
@@ -113,6 +114,7 @@ var (
 		v1_11_testnet_shade_hardcoded_admins_fix.Upgrade,
 		v1_11_testnet_broken_state.Upgrade,
 		v1_12.Upgrade,
+		v1_13.Upgrade,
 	}
 )
 

app/upgrades/v1.13/upgrade.go

@@ -0,0 +1,45 @@
+package v1_13
+
+import (
+	"fmt"
+
+	store "github.com/cosmos/cosmos-sdk/store/types"
+	sdk "github.com/cosmos/cosmos-sdk/types"
+	"github.com/cosmos/cosmos-sdk/types/module"
+	upgradetypes "github.com/cosmos/cosmos-sdk/x/upgrade/types"
+	"github.com/scrtlabs/SecretNetwork/app/keepers"
+	"github.com/scrtlabs/SecretNetwork/app/upgrades"
+	"github.com/scrtlabs/SecretNetwork/go-cosmwasm/api"
+)
+
+const upgradeName = "v1.13"
+
+var Upgrade = upgrades.Upgrade{
+	UpgradeName:          upgradeName,
+	CreateUpgradeHandler: createUpgradeHandler,
+	StoreUpgrades:        store.StoreUpgrades{},
+}
+
+func createUpgradeHandler(mm *module.Manager, _ *keepers.SecretAppKeepers, configurator module.Configurator,
+) upgradetypes.UpgradeHandler {
+	return func(ctx sdk.Context, _ upgradetypes.Plan, vm module.VersionMap) (module.VersionMap, error) {
+		ctx.Logger().Info(` _    _ _____   _____ _____            _____  ______ `)
+		ctx.Logger().Info(`| |  | |  __ \ / ____|  __ \     /\   |  __ \|  ____|`)
+		ctx.Logger().Info(`| |  | | |__) | |  __| |__) |   /  \  | |  | | |__   `)
+		ctx.Logger().Info(`| |  | |  ___/| | |_ |  _  /   / /\ \ | |  | |  __|  `)
+		ctx.Logger().Info(`| |__| | |    | |__| | | \ \  / ____ \| |__| | |____ `)
+		ctx.Logger().Info(` \____/|_|     \_____|_|  \_\/_/    \_\_____/|______|`)
+
+		// WASM Hooks doesn't require any initialization code:
+		// https://github.com/osmosis-labs/osmosis/blob/8b4c62a26/app/upgrades/v14/upgrades.go#L12-L21
+
+		ctx.Logger().Info(fmt.Sprintf("Running module migrations for %s...", upgradeName))
+
+		_, err := api.MigrateSealing()
+		if err != nil {
+			return nil, err
+		}
+
+		return mm.RunMigrations(ctx, configurator, vm)
+	}
+}

check-hw/src/enclave_api.rs

@@ -8,9 +8,9 @@ use enclave_ffi_types::{
 };
 use sgx_types::{
     c_int, sgx_calc_quote_size, sgx_enclave_id_t, sgx_epid_group_id_t, sgx_get_quote,
-    sgx_init_quote, sgx_platform_info_t, sgx_quote_nonce_t, sgx_quote_sign_type_t, sgx_quote_t,
-    sgx_report_attestation_status, sgx_report_t, sgx_spid_t, sgx_status_t, sgx_target_info_t,
-    sgx_update_info_bit_t,
+    sgx_init_quote, sgx_platform_info_t, sgx_ql_qe_report_info_t, sgx_ql_qv_result_t,
+    sgx_quote_nonce_t, sgx_quote_sign_type_t, sgx_quote_t, sgx_report_attestation_status,
+    sgx_report_t, sgx_spid_t, sgx_status_t, sgx_target_info_t, sgx_update_info_bit_t,
 };
 
 // ecalls
@@ -186,3 +186,53 @@ pub extern "C" fn ocall_read_db(
 pub extern "C" fn ocall_allocate(_buffer: *const u8, _length: usize) -> UserSpaceBuffer {
     unimplemented!()
 }
+
+#[no_mangle]
+pub extern "C" fn ocall_get_quote_ecdsa_params(
+    ret_val: *mut sgx_status_t,
+    p_qe_info: *mut sgx_target_info_t,
+    p_quote_size: *mut u32,
+) -> sgx_status_t {
+    unimplemented!()
+}
+#[no_mangle]
+pub extern "C" fn ocall_get_quote_ecdsa(
+    ret_val: *mut sgx_status_t,
+    p_report: *const sgx_report_t,
+    p_quote: *mut u8,
+    n_quote: u32,
+) -> sgx_status_t {
+    unimplemented!()
+}
+
+#[no_mangle]
+pub extern "C" fn ocall_get_quote_ecdsa_collateral(
+    ret_val: *mut sgx_status_t,
+    p_quote: *const u8,
+    n_quote: u32,
+    p_col: *mut u8,
+    n_col: u32,
+    p_col_out: *mut u32,
+) -> sgx_status_t {
+    unimplemented!()
+}
+
+#[no_mangle]
+pub extern "C" fn ocall_verify_quote_ecdsa(
+    ret_val: *mut sgx_status_t,
+    p_quote: *const u8,
+    n_quote: u32,
+    p_col: *const u8,
+    n_col: u32,
+    p_target_info: *const sgx_target_info_t,
+    time_s: i64,
+    p_qve_report_info: *mut sgx_ql_qe_report_info_t,
+    p_supp_data: *mut u8,
+    n_supp_data: u32,
+    p_supp_data_size: *mut u32,
+    p_time_s: *mut i64,
+    p_collateral_expiration_status: *mut u32,
+    p_qv_result: *mut sgx_ql_qv_result_t,
+) -> sgx_status_t {
+    unimplemented!()
+}

client/docs/static/openapi/openapi.yaml

@@ -38971,7 +38971,7 @@ paths:
                         type: string
                         example: "26354"
                       tags:
-                        tyDeprecated: array
+                        type: array
                         items:
                           type: object
                           properties:
@@ -39122,7 +39122,7 @@ paths:
                               type: string
                               example: "26354"
                             tags:
-                              tyDeprecated: array
+                              type: array
                               items:
                                 type: object
                                 properties:
@@ -39232,7 +39232,7 @@ paths:
                       log:
                         type: string
                       tags:
-                        tyDeprecated: array
+                        type: array
                         items:
                           type: object
                           properties:
@@ -39266,7 +39266,7 @@ paths:
                       log:
                         type: string
                       tags:
-                        tyDeprecated: array
+                        type: array
                         items:
                           type: object
                           properties:
@@ -43277,15 +43277,13 @@ paths:
               schema:
                 type: object
                 properties:
-                  type: object
-                  properties:
-                    height:
-                      type: string
-                    result:
-                      type: object
-                      properties:
-                        ioExchPubkey:
-                          type: string
+                  height:
+                    type: string
+                  result:
+                    type: object
+                    properties:
+                      ioExchPubkey:
+                        type: string
         "404":
           description: Not Found
 components:
@@ -69089,7 +69087,7 @@ components:
         log:
           type: string
         tags:
-          tyDeprecated: array
+          type: array
           items:
             type: object
             properties:
@@ -69123,7 +69121,7 @@ components:
         log:
           type: string
         tags:
-          tyDeprecated: array
+          type: array
           items:
             type: object
             properties:
@@ -69160,7 +69158,7 @@ components:
             log:
               type: string
             tags:
-              tyDeprecated: array
+              type: array
               items:
                 type: object
                 properties:
@@ -69194,7 +69192,7 @@ components:
             log:
               type: string
             tags:
-              tyDeprecated: array
+              type: array
               items:
                 type: object
                 properties:
@@ -69313,7 +69311,7 @@ components:
               type: string
               example: "26354"
             tags:
-              tyDeprecated: array
+              type: array
               items:
                 type: object
                 properties:
@@ -69408,7 +69406,7 @@ components:
                     type: string
                     example: "26354"
                   tags:
-                    tyDeprecated: array
+                    type: array
                     items:
                       type: object
                       properties: