await vault account creation before registering proxy

integritee-network · brenzi · Oct 26, 2023 · Oct 11, 2023 · Oct 11, 2023 · Oct 11, 2023
commit b20d978652574db93da1b781da8e855bb6577edd
diff --git a/app-libs/stf/src/trusted_call.rs b/app-libs/stf/src/trusted_call.rs
@@ -254,7 +254,6 @@ where
 					call_hash,
 				)));
 				// todo: the following is a placeholder dummy which will replace the above with #1257
-				// todo: insert correct vault accountid here
 				let vault_pubkey: [u8; 32] = get_storage_by_key_hash(SHARD_VAULT_KEY.into())
 					.ok_or(StfError::Dispatch("shard vault key hasn't been set".to_string()))?;
 				let vault_address = Address::from(AccountId::from(vault_pubkey));

diff --git a/core-primitives/ocall-api/src/lib.rs b/core-primitives/ocall-api/src/lib.rs
@@ -93,6 +93,7 @@ pub trait EnclaveOnChainOCallApi: Clone + Send + Sync {
 		&self,
 		extrinsics: Vec<OpaqueExtrinsic>,
 		parentchain_id: &ParentchainId,
+		await_each_inclusion: bool,
 	) -> SgxResult<()>;
 
 	fn worker_request<V: Encode + Decode>(

diff --git a/core-primitives/test/src/mock/onchain_mock.rs b/core-primitives/test/src/mock/onchain_mock.rs
@@ -180,6 +180,7 @@ impl EnclaveOnChainOCallApi for OnchainMock {
 		&self,
 		_extrinsics: Vec<OpaqueExtrinsic>,
 		_: &ParentchainId,
+		_: bool,
 	) -> SgxResult<()> {
 		Ok(())
 	}

diff --git a/core/parentchain/light-client/src/light_validation.rs b/core/parentchain/light-client/src/light_validation.rs
@@ -164,7 +164,7 @@ where
 {
 	fn send_extrinsics(&mut self, extrinsics: Vec<OpaqueExtrinsic>) -> Result<(), Error> {
 		self.ocall_api
-			.send_to_parentchain(extrinsics, &self.parentchain_id)
+			.send_to_parentchain(extrinsics, &self.parentchain_id, false)
 			.map_err(|e| {
 				Error::Other(
 					format!("[{:?}] Failed to send extrinsics: {}", self.parentchain_id, e).into(),

diff --git a/enclave-runtime/Enclave.edl b/enclave-runtime/Enclave.edl
@@ -250,7 +250,8 @@ enclave {
 
 		sgx_status_t ocall_send_to_parentchain(
 			[in, size = extrinsics_size] uint8_t * extrinsics, uint32_t extrinsics_size,
-			[in, size=parentchain_id_size] uint8_t* parentchain_id, uint32_t parentchain_id_size
+			[in, size=parentchain_id_size] uint8_t* parentchain_id, uint32_t parentchain_id_size,
+			int await_each_inclusion
 		);
 	};
 };
diff --git a/enclave-runtime/src/initialization/mod.rs b/enclave-runtime/src/initialization/mod.rs
@@ -343,7 +343,8 @@ pub(crate) fn init_proxied_shard_vault(shard: ShardIdentifier) -> EnclaveResult<
 	info!("vault funding call: 0x{}", hex::encode(call.0.clone()));
 	let xts = enclave_extrinsics_factory.create_extrinsics(&[call], None)?;
 
-	ocall_api.send_to_parentchain(xts, &ParentchainId::Integritee);
+	//this extrinsic must be included in a block before we can move on. otherwise the next will fail
+	ocall_api.send_to_parentchain(xts, &ParentchainId::Integritee, true);
 
 	let nonce_cache = Arc::new(NonceCache::default());
 	let vault_extrinsics_factory = enclave_extrinsics_factory
@@ -364,7 +365,7 @@ pub(crate) fn init_proxied_shard_vault(shard: ShardIdentifier) -> EnclaveResult<
 	info!("add proxy call: 0x{}", hex::encode(call.0.clone()));
 	let xts = vault_extrinsics_factory.create_extrinsics(&[call], None)?;
 
-	ocall_api.send_to_parentchain(xts, &ParentchainId::Integritee);
+	ocall_api.send_to_parentchain(xts, &ParentchainId::Integritee, false);
 
 	// xt: delegate proxy authority to its own enclave accountid proxy.add_proxy() (panic if fails)
 	// caveat: must send from vault account. how to sign extrinsics with other keypair?

diff --git a/enclave-runtime/src/ocall/ffi.rs b/enclave-runtime/src/ocall/ffi.rs
@@ -113,6 +113,7 @@ extern "C" {
 		extrinsics_size: u32,
 		parentchain_id: *const u8,
 		parentchain_id_size: u32,
+		await_each_inclusion: c_int,
 	) -> sgx_status_t;
 
 	pub fn ocall_read_ipfs(

diff --git a/enclave-runtime/src/ocall/on_chain_ocall.rs b/enclave-runtime/src/ocall/on_chain_ocall.rs
@@ -33,6 +33,7 @@ impl EnclaveOnChainOCallApi for OcallApi {
 		&self,
 		extrinsics: Vec<OpaqueExtrinsic>,
 		parentchain_id: &ParentchainId,
+		await_each_inclusion: bool,
 	) -> SgxResult<()> {
 		let mut rt: sgx_status_t = sgx_status_t::SGX_ERROR_UNEXPECTED;
 		let extrinsics_encoded = extrinsics.encode();
@@ -45,6 +46,7 @@ impl EnclaveOnChainOCallApi for OcallApi {
 				extrinsics_encoded.len() as u32,
 				parentchain_id_encoded.as_ptr(),
 				parentchain_id_encoded.len() as u32,
+				await_each_inclusion.into(),
 			)
 		};
 

diff --git a/enclave-runtime/src/test/mocks/propose_to_import_call_mock.rs b/enclave-runtime/src/test/mocks/propose_to_import_call_mock.rs
@@ -52,6 +52,7 @@ impl EnclaveOnChainOCallApi for ProposeToImportOCallApi {
 		&self,
 		_extrinsics: Vec<OpaqueExtrinsic>,
 		_: &ParentchainId,
+		_: bool,
 	) -> SgxResult<()> {
 		Ok(())
 	}

diff --git a/service/src/ocall_bridge/bridge_api.rs b/service/src/ocall_bridge/bridge_api.rs
@@ -213,6 +213,7 @@ pub trait WorkerOnChainBridge {
 		&self,
 		extrinsics_encoded: Vec<u8>,
 		parentchain_id: Vec<u8>,
+		await_each_inclusion: bool,
 	) -> OCallBridgeResult<()>;
 }
 

diff --git a/service/src/ocall_bridge/ffi/send_to_parentchain.rs b/service/src/ocall_bridge/ffi/send_to_parentchain.rs
@@ -18,7 +18,7 @@
 
 use crate::ocall_bridge::bridge_api::{Bridge, WorkerOnChainBridge};
 use log::*;
-use sgx_types::sgx_status_t;
+use sgx_types::{c_int, sgx_status_t};
 use std::{slice, sync::Arc, vec::Vec};
 
 /// # Safety
@@ -30,12 +30,14 @@ pub unsafe extern "C" fn ocall_send_to_parentchain(
 	extrinsics_encoded_size: u32,
 	parentchain_id: *const u8,
 	parentchain_id_size: u32,
+	await_each_inclusion: c_int,
 ) -> sgx_status_t {
 	send_to_parentchain(
 		extrinsics_encoded,
 		extrinsics_encoded_size,
 		parentchain_id,
 		parentchain_id_size,
+		await_each_inclusion.into(),
 		Bridge::get_oc_api(),
 	)
 }
@@ -45,6 +47,7 @@ fn send_to_parentchain(
 	extrinsics_encoded_size: u32,
 	parentchain_id: *const u8,
 	parentchain_id_size: u32,
+	await_each_inclusion: bool,
 	oc_api: Arc<dyn WorkerOnChainBridge>,
 ) -> sgx_status_t {
 	let extrinsics_encoded_vec: Vec<u8> = unsafe {
@@ -54,7 +57,7 @@ fn send_to_parentchain(
 	let parentchain_id: Vec<u8> =
 		unsafe { Vec::from(slice::from_raw_parts(parentchain_id, parentchain_id_size as usize)) };
 
-	match oc_api.send_to_parentchain(extrinsics_encoded_vec, parentchain_id) {
+	match oc_api.send_to_parentchain(extrinsics_encoded_vec, parentchain_id, await_each_inclusion) {
 		Ok(_) => sgx_status_t::SGX_SUCCESS,
 		Err(e) => {
 			error!("send extrinsics_encoded failed: {:?}", e);

diff --git a/service/src/ocall_bridge/worker_on_chain_ocall.rs b/service/src/ocall_bridge/worker_on_chain_ocall.rs
@@ -24,7 +24,10 @@ use itp_types::{parentchain::ParentchainId, WorkerRequest, WorkerResponse};
 use log::*;
 use sp_runtime::OpaqueExtrinsic;
 use std::{sync::Arc, vec::Vec};
-use substrate_api_client::{ac_primitives::serde_impls::StorageKey, GetStorage, SubmitExtrinsic};
+use substrate_api_client::{
+	ac_primitives::serde_impls::StorageKey, rpc_api::SubmitAndWatchUntilSuccess, GetStorage,
+	SubmitAndWatch, SubmitExtrinsic, XtStatus,
+};
 
 pub struct WorkerOnChainOCall<F> {
 	integritee_api_factory: Arc<F>,
@@ -107,6 +110,7 @@ where
 		&self,
 		extrinsics_encoded: Vec<u8>,
 		parentchain_id: Vec<u8>,
+		await_each_inlcusion: bool,
 	) -> OCallBridgeResult<()> {
 		// TODO: improve error handling, using a mut status is not good design?
 		let mut status: OCallBridgeResult<()> = Ok(());
@@ -131,16 +135,28 @@ where
 			);
 			let api = self.create_api(parentchain_id)?;
 			for call in extrinsics.into_iter() {
-				if let Err(e) = api.submit_opaque_extrinsic(&call.encode().into()) {
-					error!(
-						"Could not send extrinsic to node: {:?}, error: {:?}",
-						serde_json::to_string(&call),
-						e
-					);
+				if await_each_inlcusion {
+					if let Err(e) = api.submit_and_watch_opaque_extrinsic_until(
+						&call.encode().into(),
+						XtStatus::InBlock,
+					) {
+						error!(
+							"Could not send extrinsic to node: {:?}, error: {:?}",
+							serde_json::to_string(&call),
+							e
+						);
+					}
+				} else {
+					if let Err(e) = api.submit_opaque_extrinsic(&call.encode().into()) {
+						error!(
+							"Could not send extrinsic to node: {:?}, error: {:?}",
+							serde_json::to_string(&call),
+							e
+						);
+					}
 				}
 			}
 		}
-
 		status
 	}
 }