From be67f5e234398b67b13446595a4ffd32dccc6a61 Mon Sep 17 00:00:00 2001 From: Branislav Kontur Date: Fri, 10 Jan 2025 12:43:23 +0100 Subject: [PATCH 1/2] CI: Use `matrix.runtime.uri` for `try-runtime` tests (#530) Some tests gated with the `try-runtime` feature have the ability to configure the node URI using some hard-coded defaults, e.g.: ``` let transport: Transport = var("WS").unwrap_or("wss://rpc.dotters.network/kusama".to_string()).into(); ... let transport: Transport = var("WS").unwrap_or("wss://kusama-rpc.polkadot.io:443".to_string()).into(); ... let transport: Transport = var("WS").unwrap_or("wss://rpc.polkadot.io:443".to_string()).into(); ... let transport: Transport = var("WS").unwrap_or("wss://rpc.dotters.network/polkadot".to_string()).into(); ``` Additionally, we have a dedicated runtime `uri` specified in the `runtimes-matrix.json`, e.g., ``` { "name": "polkadot", "uri": "wss://try-runtime.polkadot.io:443", }, { "name": "kusama", "uri": "wss://try-runtime-kusama.polkadot.io:443", }, ``` so, let's use those dedicated `uri`s instead of the hard-coded ones. --- I came across this issue by accident when Kusama's `remote_tests::next_inflation` failed with `Error while getting storage data` here: https://github.com/polkadot-fellows/runtimes/actions/runs/12526255825/job/34938624858?pr=519. I wasn't sure if it is flaky, missing some keys in the actual block, or just a connection problem, so I also enabled `remote-ext=info` logs (if the logs are too much, we can switch to `remote-ext=warn/error`). ``` remote_tests::next_inflation --- FAILED failures: ---- remote_tests::next_inflation stdout ---- thread 'remote_tests::next_inflation' panicked at relay/kusama/src/lib.rs:3230:14: called `Result::unwrap()` on an `Err` value: "Error while getting storage data" ``` - [x] Does not require a CHANGELOG entry --- .github/workflows/test.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 31fce66445..3f39ff79cf 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -102,6 +102,8 @@ jobs: env: RUSTFLAGS: "-C debug-assertions -D warnings" SKIP_WASM_BUILD: 1 + WS: ${{ matrix.runtime.uri }} + RUST_LOG: "remote-ext=info" - name: Test benchmarks ${{ matrix.runtime.name }} run: | From 859e8d90e2e1ca19f633b6a62ecef887608f6f79 Mon Sep 17 00:00:00 2001 From: Kian Paimani <5588131+kianenigma@users.noreply.github.com> Date: Fri, 10 Jan 2025 18:19:47 +0000 Subject: [PATCH 2/2] Disallow sub identity tweaking with NonTransfer proxy (#518) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit as it can cause free balance to be repatriated from the proxied account without consent. --------- Co-authored-by: Bastian Köcher Co-authored-by: Dónal Murray --- CHANGELOG.md | 4 ++++ system-parachains/people/people-kusama/src/lib.rs | 6 +++++- system-parachains/people/people-polkadot/src/lib.rs | 6 +++++- 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index efc2200872..2ece124d38 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Fix missing Encointer democracy pallet hook needed for enactment ([polkadot-fellows/runtimes/pull/508](https://github.com/polkadot-fellows/runtimes/pull/508)) - Improve benchmark configuration: fix storage whitelist in benchmarks ([polkadot-fellows/runtimes/pull/525](https://github.com/polkadot-fellows/runtimes/pull/525)) +### Fixed + +- Disallow `add_sub` and `set_subs` from `NonTransfer` proxy type in people chain runtimes ([polkadot-fellows/runtimes#518](https://github.com/polkadot-fellows/runtimes/pull/518)) + ### Added - Location conversion tests for relays and parachains ([polkadot-fellows/runtimes#487](https://github.com/polkadot-fellows/runtimes/pull/487)) diff --git a/system-parachains/people/people-kusama/src/lib.rs b/system-parachains/people/people-kusama/src/lib.rs index a7030d67d5..abb6f2c213 100644 --- a/system-parachains/people/people-kusama/src/lib.rs +++ b/system-parachains/people/people-kusama/src/lib.rs @@ -492,7 +492,11 @@ impl InstanceFilter for ProxyType { c, RuntimeCall::Balances { .. } | // `request_judgement` puts up a deposit to transfer to a registrar - RuntimeCall::Identity(pallet_identity::Call::request_judgement { .. }) + RuntimeCall::Identity(pallet_identity::Call::request_judgement { .. }) | + // `set_subs` and `add_sub` will take and repatriate deposits from the proxied + // account, should not be allowed. + RuntimeCall::Identity(pallet_identity::Call::add_sub { .. }) | + RuntimeCall::Identity(pallet_identity::Call::set_subs { .. }) ), ProxyType::CancelProxy => matches!( c, diff --git a/system-parachains/people/people-polkadot/src/lib.rs b/system-parachains/people/people-polkadot/src/lib.rs index 31abacce2b..2274aa3d70 100644 --- a/system-parachains/people/people-polkadot/src/lib.rs +++ b/system-parachains/people/people-polkadot/src/lib.rs @@ -456,7 +456,11 @@ impl InstanceFilter for ProxyType { c, RuntimeCall::Balances { .. } | // `request_judgement` puts up a deposit to transfer to a registrar - RuntimeCall::Identity(pallet_identity::Call::request_judgement { .. }) + RuntimeCall::Identity(pallet_identity::Call::request_judgement { .. }) | + // `set_subs` and `add_sub` will take and repatriate deposits from the proxied + // account, should not be allowed. + RuntimeCall::Identity(pallet_identity::Call::add_sub { .. }) | + RuntimeCall::Identity(pallet_identity::Call::set_subs { .. }) ), ProxyType::CancelProxy => matches!( c,