maintenance mode and shard retirement (#1693)

* bump 0.15.13

* mirror L1 state into prefixed L2 state

* revert type argument experiment

* fetching mirrored values still fails

* detecting maintenance mode works

* make multifetch opaque

* mirroring L1 state works

* remove on the fly get_storage_hashes_to_update. only fetch once per parentchain block import

* tame logging

* cleanup warnings

* let all calls fail when in maintenance mode

* add trusted call force_unshield_all

* batch unshield all native if maintenance mode expired

* directly retiring and unshielding all native amounts

* ignore technical accounts when force unshielding. and a cli fix

* implement force unsheilding all assets too

* force unshield assets too

* make unshield_all unpermissioned and fix asset feess

* add shard-management pallet to sgx-runtime to track ShardConfig and trigger shard retirement after N blocks of maintenance mode

* auto retire shard after expired maintenance mode duration

* cleanup

* fix enclave tests

* clippy

* fix evm build

* some cleanup

* Update core-primitives/stf-primitives/src/error.rs

Co-authored-by: clangenb <[email protected]>

* refactor parentchain mirror stuff into own struct of methods

* fmt

* add sticky ShardMode and cli getter for ShardInfo

* fix shard mode and revert to force_unshield_all. tested. works

* fmt

* fix enclave tests

* fmt

* bump 0.16.0

* enclave signer nonce must increase by 1

* fmt

* fix nonce

* cosmetics and docs

* add spam-extrinsics trusted call and some hex cosmetics

* filter dangerous calls in production

* retire accounts in small batches

* tested.works

* fmt

* taplo

* review fixes

* cli docstring fix

* unregister sessionproxies to reduce consumers before retiring account

---------

Co-authored-by: clangenb <[email protected]>

Author: brenzi

Cargo.lock

@@ -2574,7 +2574,7 @@ dependencies = [
 
 [[package]]
 name = "integritee-cli"
-version = "0.15.12"
+version = "0.16.0"
 dependencies = [
  "array-bytes 6.1.0",
  "base58",
@@ -2632,7 +2632,7 @@ dependencies = [
 
 [[package]]
 name = "integritee-service"
-version = "0.15.12"
+version = "0.16.0"
 dependencies = [
  "anyhow",
  "async-trait",
@@ -2839,7 +2839,7 @@ dependencies = [
 name = "ita-parentchain-specs"
 version = "0.1.0"
 dependencies = [
- "hex",
+ "hex-literal 0.4.1",
  "itp-types",
  "log 0.4.22",
 ]
@@ -2861,6 +2861,7 @@ dependencies = [
  "pallet-notes",
  "pallet-parentchain",
  "pallet-session-proxy",
+ "pallet-shard-management",
  "pallet-sudo",
  "pallet-timestamp",
  "pallet-transaction-payment",
@@ -2886,6 +2887,7 @@ dependencies = [
  "itp-hashing",
  "itp-node-api",
  "itp-node-api-metadata",
+ "itp-pallet-storage",
  "itp-randomness",
  "itp-sgx-externalities",
  "itp-sgx-runtime-primitives",
@@ -2895,6 +2897,7 @@ dependencies = [
  "itp-types",
  "itp-utils",
  "log 0.4.22",
+ "pallet-assets",
  "pallet-balances",
  "pallet-notes",
  "pallet-parentchain",
@@ -3370,6 +3373,7 @@ version = "0.9.0"
 dependencies = [
  "derive_more",
  "itp-api-client-types",
+ "itp-types",
  "parity-scale-codec",
  "sp-core",
 ]
@@ -3411,9 +3415,11 @@ dependencies = [
 name = "itp-pallet-storage"
 version = "0.9.0"
 dependencies = [
+ "hex-literal 0.4.1",
  "itp-storage",
  "itp-types",
  "parity-scale-codec",
+ "sp-core",
  "sp-std",
 ]
 
@@ -3519,6 +3525,7 @@ dependencies = [
  "itp-enclave-metrics",
  "itp-node-api",
  "itp-ocall-api",
+ "itp-pallet-storage",
  "itp-sgx-crypto",
  "itp-sgx-externalities",
  "itp-stf-interface",
@@ -5329,6 +5336,23 @@ dependencies = [
  "sp-std",
 ]
 
+[[package]]
+name = "pallet-shard-management"
+version = "0.15.0"
+dependencies = [
+ "enclave-bridge-primitives",
+ "frame-support",
+ "frame-system",
+ "log 0.4.22",
+ "pallet-balances",
+ "parity-scale-codec",
+ "scale-info",
+ "sp-core",
+ "sp-io 7.0.0 (git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42)",
+ "sp-keyring",
+ "sp-runtime",
+]
+
 [[package]]
 name = "pallet-sidechain"
 version = "0.11.0"

Cargo.toml

@@ -10,6 +10,7 @@ members = [
     "app-libs/sgx-runtime/pallets/parentchain",
     "app-libs/sgx-runtime/pallets/guess-the-number",
     "app-libs/sgx-runtime/pallets/session-proxy",
+    "app-libs/sgx-runtime/pallets/shard-management",
     "app-libs/stf",
     "cli",
     "core/direct-rpc-server",

app-libs/assets-map/src/lib.rs

@@ -21,7 +21,7 @@
 #![cfg_attr(not(feature = "std"), no_std)]
 extern crate alloc;
 
-use alloc::sync::Arc;
+use alloc::{sync::Arc, vec, vec::Vec};
 use codec::{Decode, Encode, MaxEncodedLen};
 use hex_literal::hex;
 use ita_parentchain_specs::{
@@ -136,30 +136,30 @@ impl AssetId {
 	}
 
 	pub fn is_shieldable(&self, genesis_hash: Hash) -> bool {
-		let genesis_hash_hex = hex::encode(genesis_hash);
-		match genesis_hash_hex.as_ref() {
-			ASSET_HUB_LOCAL_TEST_GENESIS_HASH_HEX => matches!(
-				self,
-				AssetId::USDT | AssetId::USDC | AssetId::USDC_E | AssetId::WETH | AssetId::ETH
-			),
-			ASSET_HUB_PASEO_GENESIS_HASH_HEX => matches!(
-				self,
-				AssetId::USDT | AssetId::USDC | AssetId::USDC_E | AssetId::WETH | AssetId::ETH
-			),
-			ASSET_HUB_POLKADOT_GENESIS_HASH_HEX => matches!(self, AssetId::USDC_E),
-			_ => false,
+		Self::all_shieldable(genesis_hash).contains(self)
+	}
+
+	/// returns all AssetId variants which are shieldable for a given shielding target genesis hash.
+	/// L2 fee payment will be attempted in order provided here.
+	pub fn all_shieldable(genesis_hash: Hash) -> Vec<Self> {
+		match genesis_hash.into() {
+			ASSET_HUB_LOCAL_TEST_GENESIS_HASH_HEX =>
+				vec![AssetId::USDT, AssetId::USDC, AssetId::USDC_E, AssetId::WETH, AssetId::ETH],
+			ASSET_HUB_PASEO_GENESIS_HASH_HEX =>
+				vec![AssetId::USDT, AssetId::USDC, AssetId::USDC_E, AssetId::WETH, AssetId::ETH],
+			ASSET_HUB_POLKADOT_GENESIS_HASH_HEX => vec![AssetId::USDC_E],
+			_ => vec![],
 		}
 	}
 }
 
 impl AssetTranslation for AssetId {
 	/// into XCM location. Only applies to foreign assets
 	fn into_location(self, genesis_hash: Hash) -> Option<Location> {
-		let genesis_hash_hex = hex::encode(genesis_hash);
 		match self {
 			AssetId::USDC_E =>
 				if matches!(
-					genesis_hash_hex.as_ref(),
+					genesis_hash.into(),
 					ASSET_HUB_POLKADOT_GENESIS_HASH_HEX | ASSET_HUB_LOCAL_TEST_GENESIS_HASH_HEX
 				) {
 					Some(Location {
@@ -174,7 +174,7 @@ impl AssetTranslation for AssetId {
 				},
 			AssetId::WETH =>
 				if matches!(
-					genesis_hash_hex.as_ref(),
+					genesis_hash.into(),
 					ASSET_HUB_PASEO_GENESIS_HASH_HEX | ASSET_HUB_LOCAL_TEST_GENESIS_HASH_HEX
 				) {
 					Some(Location {
@@ -193,11 +193,10 @@ impl AssetTranslation for AssetId {
 
 	/// converts our asset into an Asset Hub asset index only if shielding asset is supported on shielding target
 	fn into_asset_hub_index(self, genesis_hash: Hash) -> Option<ParentchainAssetIdNative> {
-		let genesis_hash_hex = hex::encode(genesis_hash);
 		match self {
 			AssetId::USDT =>
 				if matches!(
-					genesis_hash_hex.as_ref(),
+					genesis_hash.into(),
 					ASSET_HUB_LOCAL_TEST_GENESIS_HASH_HEX | ASSET_HUB_PASEO_GENESIS_HASH_HEX
 				) {
 					Some(USDT_ASSET_HUB_ID)
@@ -206,7 +205,7 @@ impl AssetTranslation for AssetId {
 				},
 			AssetId::USDC =>
 				if matches!(
-					genesis_hash_hex.as_ref(),
+					genesis_hash.into(),
 					ASSET_HUB_LOCAL_TEST_GENESIS_HASH_HEX | ASSET_HUB_PASEO_GENESIS_HASH_HEX
 				) {
 					Some(USDC_ASSET_HUB_ID)
@@ -222,22 +221,21 @@ impl AssetTranslation for AssetId {
 	where
 		Self: Sized,
 	{
-		let genesis_hash_hex = hex::encode(genesis_hash);
 		if location.parents == 2 {
 			if let X2(junctions) = &location.interior {
 				match junctions.as_slice() {
 					[GlobalConsensus(Ethereum { chain_id: ETHEREUM_MAINNET_CHAIN_ID }), AccountKey20 { key: contract, network: None }]
 						if *contract == USDC_E_MAINNET_CONTRACT_ADDRESS
 							&& matches!(
-								genesis_hash_hex.as_ref(),
+								genesis_hash.into(),
 								ASSET_HUB_POLKADOT_GENESIS_HASH_HEX
 									| ASSET_HUB_LOCAL_TEST_GENESIS_HASH_HEX
 							) =>
 						Some(AssetId::USDC_E),
 					[GlobalConsensus(Ethereum { chain_id: ETHEREUM_SEPOLIA_CHAIN_ID }), AccountKey20 { key: contract, network: None }]
 						if *contract == WETH_SEPOLIA_CONTRACT_ADDRESS
 							&& matches!(
-								genesis_hash_hex.as_ref(),
+								genesis_hash.into(),
 								ASSET_HUB_PASEO_GENESIS_HASH_HEX
 									| ASSET_HUB_LOCAL_TEST_GENESIS_HASH_HEX
 							) =>
@@ -254,9 +252,8 @@ impl AssetTranslation for AssetId {
 
 	/// converts the index of a native Asset Hub asset to our local type only if supported for shielding target
 	fn from_asset_hub_index(id: ParentchainAssetIdNative, genesis_hash: Hash) -> Option<Self> {
-		let genesis_hash_hex = hex::encode(genesis_hash);
 		if matches!(
-			genesis_hash_hex.as_ref(),
+			genesis_hash.into(),
 			ASSET_HUB_LOCAL_TEST_GENESIS_HASH_HEX | ASSET_HUB_PASEO_GENESIS_HASH_HEX
 		) {
 			match id {

app-libs/parentchain-specs/Cargo.toml

@@ -5,13 +5,12 @@ authors = ["Integritee AG <[email protected]>"]
 edition = "2021"
 
 [dependencies]
-hex = { version = "0.4.3", default-features = false, features = ["alloc"] }
+hex-literal = "0.4.1"
 itp-types = { path = "../../core-primitives/types", default-features = false }
 log = { version = "0.4", default-features = false }
 
 [features]
 default = ["std"]
 std = [
-    "hex/std",
     "log/std",
 ]

app-libs/parentchain-specs/src/lib.rs

@@ -19,49 +19,53 @@
 
 #![cfg_attr(all(not(target_env = "sgx"), not(feature = "std")), no_std)]
 #![cfg_attr(target_env = "sgx", feature(rustc_private))]
-use itp_types::parentchain::{Balance, Hash};
+
+use hex_literal::hex;
+use itp_types::parentchain::{Balance, BlockNumber, Hash};
 use log::warn;
 
-pub const PASEO_RELAY_GENESIS_HASH_HEX: &str =
-	"77afd6190f1554ad45fd0d31aee62aacc33c6db0ea801129acb813f913e0764f";
-pub const ASSET_HUB_PASEO_GENESIS_HASH_HEX: &str =
-	"d6eec26135305a8ad257a20d003357284c8aa03d0bdb2b357ab0a22371e11ef2";
-pub const INTEGRITEE_PASEO_GENESIS_HASH_HEX: &str =
-	"1b69c462cd7dfea0e855c2008b66490cc8bbe90bc80b297ec0896a1c0941ce15";
-pub const INTEGRITEE_KUSAMA_GENESIS_HASH_HEX: &str =
-	"cdedc8eadbfa209d3f207bba541e57c3c58a667b05a2e1d1e86353c9000758da";
-pub const KUSAMA_RELAY_GENESIS_HASH_HEX: &str =
-	"b0a8d493285c2df73290dfb7e61f870f17b41801197a149ca93654499ea3dafe";
-pub const ASSET_HUB_KUSAMA_GENESIS_HASH_HEX: &str =
-	"48239ef607d7928874027a43a67689209727dfb3d3dc5e5b03a39bdc2eda771a";
-pub const POLKADOT_RELAY_GENESIS_HASH_HEX: &str =
-	"91b171bb158e2d3848fa23a9f1c25182fb8e20313b2c1eb49219da7a70ce90c3";
-pub const ASSET_HUB_POLKADOT_GENESIS_HASH_HEX: &str =
-	"68d56f15f85d3136970ec16946040bc1752654e906147f7e43e9d539d7c3de2f";
+pub const PASEO_RELAY_GENESIS_HASH_HEX: [u8; 32] =
+	hex!("77afd6190f1554ad45fd0d31aee62aacc33c6db0ea801129acb813f913e0764f");
+pub const ASSET_HUB_PASEO_GENESIS_HASH_HEX: [u8; 32] =
+	hex!("d6eec26135305a8ad257a20d003357284c8aa03d0bdb2b357ab0a22371e11ef2");
+pub const INTEGRITEE_PASEO_GENESIS_HASH_HEX: [u8; 32] =
+	hex!("1b69c462cd7dfea0e855c2008b66490cc8bbe90bc80b297ec0896a1c0941ce15");
+pub const INTEGRITEE_KUSAMA_GENESIS_HASH_HEX: [u8; 32] =
+	hex!("cdedc8eadbfa209d3f207bba541e57c3c58a667b05a2e1d1e86353c9000758da");
+pub const INTEGRITEE_POLKADOT_GENESIS_HASH_HEX: [u8; 32] =
+	hex!("e13e7af377c64e83f95e0d70d5e5c3c01d697a84538776c5b9bbe0e7d7b6034c");
+pub const KUSAMA_RELAY_GENESIS_HASH_HEX: [u8; 32] =
+	hex!("b0a8d493285c2df73290dfb7e61f870f17b41801197a149ca93654499ea3dafe");
+pub const ASSET_HUB_KUSAMA_GENESIS_HASH_HEX: [u8; 32] =
+	hex!("48239ef607d7928874027a43a67689209727dfb3d3dc5e5b03a39bdc2eda771a");
+pub const POLKADOT_RELAY_GENESIS_HASH_HEX: [u8; 32] =
+	hex!("91b171bb158e2d3848fa23a9f1c25182fb8e20313b2c1eb49219da7a70ce90c3");
+pub const ASSET_HUB_POLKADOT_GENESIS_HASH_HEX: [u8; 32] =
+	hex!("68d56f15f85d3136970ec16946040bc1752654e906147f7e43e9d539d7c3de2f");
 
 /// modify this for testing if necessary (brittle)
-pub const LOCAL_TEST_GENESIS_HASH_HEX: &str =
-	"6ca6d29ad6c4a200c4af356f74f03d6467dbc8a6e9ef225a2e672a990e1c7ead";
-
+pub const LOCAL_TEST_GENESIS_HASH_HEX: [u8; 32] =
+	hex!("6ca6d29ad6c4a200c4af356f74f03d6467dbc8a6e9ef225a2e672a990e1c7ead");
 /// LOCAL ASSET_HUB_ROCOCO (brittle)
-pub const ASSET_HUB_LOCAL_TEST_GENESIS_HASH_HEX: &str =
-	"af94f065f724b64ec40a7dd7ca3d25b3493d462f1e991b979e7683ae2a5da8d6";
+pub const ASSET_HUB_LOCAL_TEST_GENESIS_HASH_HEX: [u8; 32] =
+	hex!("af94f065f724b64ec40a7dd7ca3d25b3493d462f1e991b979e7683ae2a5da8d6");
 
 pub struct MinimalChainSpec {}
 
 impl MinimalChainSpec {
 	pub fn decimals(genesis_hash: Hash) -> u8 {
-		let genesis_hash_hex = hex::encode(genesis_hash);
-		match genesis_hash_hex.as_ref() {
+		match genesis_hash.into() {
 			PASEO_RELAY_GENESIS_HASH_HEX | ASSET_HUB_PASEO_GENESIS_HASH_HEX => 10,
 			POLKADOT_RELAY_GENESIS_HASH_HEX | ASSET_HUB_POLKADOT_GENESIS_HASH_HEX => 10,
 			KUSAMA_RELAY_GENESIS_HASH_HEX | ASSET_HUB_KUSAMA_GENESIS_HASH_HEX => 12,
-			INTEGRITEE_PASEO_GENESIS_HASH_HEX | INTEGRITEE_KUSAMA_GENESIS_HASH_HEX => 12,
+			INTEGRITEE_PASEO_GENESIS_HASH_HEX
+			| INTEGRITEE_KUSAMA_GENESIS_HASH_HEX
+			| INTEGRITEE_POLKADOT_GENESIS_HASH_HEX => 12,
 			LOCAL_TEST_GENESIS_HASH_HEX | ASSET_HUB_LOCAL_TEST_GENESIS_HASH_HEX => 12,
 			_ => {
 				warn!(
-					"parentchain spec for genesis {} unknown. defaulting to 12 decimals",
-					genesis_hash_hex
+					"parentchain spec for genesis 0x{:#x} unknown. defaulting to 12 decimals",
+					genesis_hash
 				);
 				12
 			},
@@ -70,4 +74,31 @@ impl MinimalChainSpec {
 	pub fn one_unit(genesis_hash: Hash) -> Balance {
 		10u128.pow(Self::decimals(genesis_hash) as u32)
 	}
+
+	/// maintenance mode should be a temporary measure.
+	/// If a problem can't be resolved within the time specified here, the shard should be retired to avoid loss of user funds
+	pub fn maintenance_mode_duration_before_retirement(genesis_hash: Hash) -> BlockNumber {
+		match genesis_hash.into() {
+			PASEO_RELAY_GENESIS_HASH_HEX
+			| ASSET_HUB_PASEO_GENESIS_HASH_HEX
+			| INTEGRITEE_PASEO_GENESIS_HASH_HEX => 300, // 1h at 12s block time
+			POLKADOT_RELAY_GENESIS_HASH_HEX | ASSET_HUB_POLKADOT_GENESIS_HASH_HEX => 216_000, // 30d for all production chains
+			KUSAMA_RELAY_GENESIS_HASH_HEX | ASSET_HUB_KUSAMA_GENESIS_HASH_HEX => 216_000, // 30d for all production chains
+			INTEGRITEE_KUSAMA_GENESIS_HASH_HEX | INTEGRITEE_POLKADOT_GENESIS_HASH_HEX => 216_000, // 30d for all production chains
+			LOCAL_TEST_GENESIS_HASH_HEX | ASSET_HUB_LOCAL_TEST_GENESIS_HASH_HEX => 20, // 10 min at 12s block time
+			_ => 7200, // if undefined, leave 24h to react
+		}
+	}
+
+	pub fn is_known_production_chain(genesis_hash: Hash) -> bool {
+		matches!(
+			genesis_hash.into(),
+			POLKADOT_RELAY_GENESIS_HASH_HEX
+				| ASSET_HUB_POLKADOT_GENESIS_HASH_HEX
+				| KUSAMA_RELAY_GENESIS_HASH_HEX
+				| ASSET_HUB_KUSAMA_GENESIS_HASH_HEX
+				| INTEGRITEE_KUSAMA_GENESIS_HASH_HEX
+				| INTEGRITEE_POLKADOT_GENESIS_HASH_HEX
+		)
+	}
 }

app-libs/sgx-runtime/Cargo.toml

@@ -19,6 +19,7 @@ pallet-guess-the-number = { default-features = false, path = "pallets/guess-the-
 pallet-notes = { default-features = false, path = "pallets/notes" }
 pallet-parentchain = { default-features = false, path = "pallets/parentchain" }
 pallet-session-proxy = { default-features = false, path = "pallets/session-proxy" }
+pallet-shard-management = { default-features = false, path = "pallets/shard-management" }
 
 # Substrate dependencies
 frame-executive = { default-features = false, git = "https://github.com/paritytech/substrate.git", branch = "polkadot-v0.9.42" }
@@ -62,6 +63,7 @@ std = [
     "pallet-parentchain/std",
     "pallet-notes/std",
     "pallet-session-proxy/std",
+    "pallet-shard-management/std",
     "sp-api/std",
     "sp-core/std",
     "sp-runtime/std",

app-libs/sgx-runtime/pallets/notes/src/mock.rs

@@ -16,15 +16,10 @@
 */
 pub use crate as dut;
 
-use frame_support::{
-	ord_parameter_types, parameter_types,
-	traits::{ConstU8, EitherOfDiverse},
-	PalletId,
-};
+use frame_support::{ord_parameter_types, parameter_types};
 use frame_system as system;
-use frame_system::{EnsureRoot, EnsureSignedBy};
-use itp_randomness::MockRandomness;
-use sp_core::{crypto::AccountId32, ConstU32, H256};
+
+use sp_core::{crypto::AccountId32, H256};
 use sp_keyring::AccountKeyring;
 use sp_runtime::{
 	generic,