chore: advancer validates settlementAccount address
#10723
Conversation
0xpatrickdev
force-pushed
the
pc/validate-settlement-account
branch
from
d7089f7 to
2ab0286
Compare
Deploying agoric-sdk with
|
| Latest commit: |
e06f12a
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://43cc6152.agoric-sdk.pages.dev |
| Branch Preview URL: | https://pc-validate-settlement-accou.agoric-sdk.pages.dev |
0xpatrickdev
force-pushed
the
pc/validate-settlement-account
branch
from
28bef35 to
0087d71
Compare
0xpatrickdev
force-pushed
the
pc/validate-settlement-account
branch
from
0087d71 to
d52f76d
Compare
0xpatrickdev
force-pushed
the
pc/validate-settlement-account
branch
from
d52f76d to
c8e0529
Compare
| t.is(makeTestAddress(), 'agoric1qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqp7zqht'); | ||
| t.is(makeTestAddress(1), 'agoric1qyqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqc09z0g'); |
There was a problem hiding this comment.
consider making the index human readable in the address and/or allowing the caller to add a string to give meaning to the address. That makes it easier to follow in logs what is happening.
Maybe it's a different function. I could see it coming in a separate PR.
There was a problem hiding this comment.
very open to a "vanity address" that's more readable. A constraint on inserting a readable string is the checksum encodeAddressHook performs.
packages/vats/tools/fake-bridge.js
Outdated
| export const makeFakeLocalchainBridge = ( | ||
| zone, | ||
| onToBridge = () => {}, | ||
| makeAddressFn, |
There was a problem hiding this comment.
| makeAddressFn, | |
| makeAddressFn = index => `${LOCALCHAIN_DEFAULT_ADDRESS}${index || ''}` |
| @@ -233,7 +234,13 @@ test.serial('makes usdc advance', async t => { | |||
| }); | |||
| await eventLoopIteration(); | |||
|
|
|||
| const evidence = MockCctpTxEvidences.AGORIC_PLUS_OSMO(); | |||
| const accountsData = storage.data.get('published.fastUsdc'); | |||
| const { settlementAccount } = JSON.parse(JSON.parse(accountsData!).values[0]); | |||
There was a problem hiding this comment.
I think storage.getDeserialized would help here
There was a problem hiding this comment.
TIL. Not here, but elsewhere in this file it seems we could use something similar for feeConfig.
| const { settlementAccount } = JSON.parse(JSON.parse(accountsData!).values[0]); | ||
| const evidence = MockCctpTxEvidences.AGORIC_PLUS_OSMO( | ||
| encodeAddressHook(settlementAccount, { | ||
| EUD: 'osmo183dejcnmkka5dzcu9xw6mywq0p2m5peks28men', |
| const { recipientAddress } = evidence.aux; | ||
| const decoded = decodeAddressHook(recipientAddress); | ||
| mustMatch(decoded, AddressHookShape); | ||
| if (!settlementAddress?.value) { | ||
| throw Fail`⚠️ No 'settlementAddress'. must call 'publishAddresses' first.`; |
There was a problem hiding this comment.
publishAddresses is outside the concern of this module. It only knows about setSettlementAddress
since handleTransactionEvent will fail if setSettlementAddress hasn't been called, maybe the contract shouldn't start the watcher until it has.
but… why not require settlementAddress when making the exo? It's known at that time. Then you can rely on it being set and not have to handle mutations.
There was a problem hiding this comment.
We only have the account object at the time the exo is created, not the address one. Agree it would be better to require it at make time. If awaiting getAddress() doesn't break the upgrade test, I'm up for it.
There was a problem hiding this comment.
I gave it a try in ac84a97. Let's see how force:integration does with it.
Another reason to make the change is POLA… advancer should not be able to access funds from the settlementAccount.
| @@ -543,7 +549,7 @@ test.serial('STORY01: advancing happy path for 100 USDC', async t => { | |||
| bridges: { snapshot, since }, | |||
| mint, | |||
| } = t.context; | |||
| const cust1 = makeCustomer('Carl', cctp, txPub.publisher, feeConfig); | |||
| const cust1 = makeCustomer('Carl', cctp, txPub.publisher, feeConfig, storage); | |||
There was a problem hiding this comment.
| const cust1 = makeCustomer('Carl', cctp, txPub.publisher, feeConfig, storage); | |
| const cust1 = makeCustomer('Carl', cctp, txPub.publisher, feeConfig); |
all the methods of cust1 already have access to context and thus storage.
t is passed in with every call. That could be refactored but is out of scope
| export const settlementAddress: ChainAddress = harden({ | ||
| chainId: 'agoric-3', | ||
| encoding: 'bech32' as const, | ||
| value: 'agoric16kv2g7snfc4q24vg3pjdlnnqgngtjpwtetd2h689nz09lcklvh5s8u37ek', |
There was a problem hiding this comment.
random? if it's not encoding any data let's put something descriptive in it
There was a problem hiding this comment.
These was extracted from existing code on master. I don't think it's encoding anything - it's supposed to represent an LCA. Maybe better to use makeTestAddress().
There was a problem hiding this comment.
Since this is in a fixtures module I'd propose a fixed value. makeTestAddress values could collide. We might also consider having a global counter so each call produces a unique address. That will help prevent using magic strings: when we need values to match put them in a constant.
- returns valid bech32 address for tests
- instead of `agoric1fakeLCAAddress`, `agoric1fakeLCAAddress1` - to support `encodeAddressHook` which relies on valid bech32
turadg
force-pushed
the
pc/validate-settlement-account
branch
from
ac84a97 to
e06f12a
Compare
| @@ -271,6 +277,7 @@ export const prepareAdvancerKit = ( | |||
| borrowerFacet: M.remotable(), | |||
| poolAccount: M.remotable(), | |||
| intermediateRecipient: M.opt(ChainAddressShape), | |||
| settlementAddress: M.opt(ChainAddressShape), | |||
There was a problem hiding this comment.
minor: should remove M.opt
There was a problem hiding this comment.
Thanks for looking it over again. e49ad00 coming in another PR
closes: #10726
Description
Primary aim is to validate evidence reported to FUSDC contains the expected
settlementAccountaddress. This supports C8 - Contract MUST be able to initialize settlement process when Noble mints USDC.To facilitate this change:
makeTestAddresshelper in@agoric/orchestration/toolsthat returns a valid bech32 addressencodeAddressHookthrows when presentedagoric1FakeLCAAddressVLOCALCHAIN_ALLOCATE_ADDRESSnow returns a valid (mocked) bech32 addressmakeFakeLocalchainBridgeacceptsmakeAddressFnSecurity Considerations
Hardens FUSDC implementation.
Scaling Considerations
None
Documentation Considerations
None
Testing Considerations
Includes new tests (see advancer.test.ts) and updates existing tests
Upgrade Considerations
None, unreleased code