diff --git a/bridges/modules/grandpa/src/lib.rs b/bridges/modules/grandpa/src/lib.rs index 10b60878302..f9c3ab68a06 100644 --- a/bridges/modules/grandpa/src/lib.rs +++ b/bridges/modules/grandpa/src/lib.rs @@ -176,11 +176,12 @@ pub mod pallet { justification.votes_ancestries.len().saturated_into(), ))] pub fn submit_finality_proof( - _origin: OriginFor, + origin: OriginFor, finality_target: Box>, justification: GrandpaJustification>, ) -> DispatchResultWithPostInfo { Self::ensure_not_halted().map_err(Error::::BridgeModule)?; + ensure_signed(origin)?; let (hash, number) = (finality_target.hash(), *finality_target.number()); log::trace!( @@ -1414,4 +1415,23 @@ mod tests { fn maybe_headers_to_keep_returns_correct_value() { assert_eq!(MaybeHeadersToKeep::::get(), Some(mock::HeadersToKeep::get())); } + + #[test] + fn submit_finality_proof_requires_signed_origin() { + run_test(|| { + initialize_substrate_bridge(); + + let header = test_header(1); + let justification = make_default_justification(&header); + + assert_noop!( + Pallet::::submit_finality_proof( + RuntimeOrigin::root(), + Box::new(header), + justification, + ), + DispatchError::BadOrigin, + ); + }) + } } diff --git a/bridges/modules/parachains/src/lib.rs b/bridges/modules/parachains/src/lib.rs index b17b52163d8..52b436b8207 100644 --- a/bridges/modules/parachains/src/lib.rs +++ b/bridges/modules/parachains/src/lib.rs @@ -307,12 +307,13 @@ pub mod pallet { parachains.len() as _, ))] pub fn submit_parachain_heads( - _origin: OriginFor, + origin: OriginFor, at_relay_block: (RelayBlockNumber, RelayBlockHash), parachains: Vec<(ParaId, ParaHash)>, parachain_heads_proof: ParaHeadsProof, ) -> DispatchResultWithPostInfo { Self::ensure_not_halted().map_err(Error::::BridgeModule)?; + ensure_signed(origin)?; // we'll need relay chain header to verify that parachains heads are always increasing. let (relay_block_number, relay_block_hash) = at_relay_block; @@ -417,7 +418,7 @@ pub mod pallet { }); // we're refunding weight if update has not happened and if pruning has not happened - let is_update_happened = matches!(update_result, Ok(_)); + let is_update_happened = update_result.is_ok(); if !is_update_happened { actual_weight = actual_weight.saturating_sub( WeightInfoOf::::parachain_head_storage_write_weight( @@ -1579,4 +1580,25 @@ pub(crate) mod tests { Some(mock::TOTAL_PARACHAINS * mock::HeadsToKeep::get()), ); } + + #[test] + fn submit_finality_proof_requires_signed_origin() { + run_test(|| { + let (state_root, proof, parachains) = + prepare_parachain_heads_proof::(vec![(1, head_data(1, 0))]); + + initialize(state_root); + + // `submit_parachain_heads()` should fail when the pallet is halted. + assert_noop!( + Pallet::::submit_parachain_heads( + RuntimeOrigin::root(), + (0, test_relay_header(0, state_root).hash()), + parachains, + proof, + ), + DispatchError::BadOrigin + ); + }) + } } diff --git a/bridges/primitives/chain-bridge-hub-cumulus/src/lib.rs b/bridges/primitives/chain-bridge-hub-cumulus/src/lib.rs index 78a98a42a66..8ff096d077f 100644 --- a/bridges/primitives/chain-bridge-hub-cumulus/src/lib.rs +++ b/bridges/primitives/chain-bridge-hub-cumulus/src/lib.rs @@ -124,9 +124,13 @@ pub type Address = MultiAddress; // `ensure_able_to_receive_confirmation` test. /// Maximal number of unrewarded relayer entries at inbound lane for Cumulus-based parachains. +/// Note: this value is security-relevant, decreasing it should not be done without careful +/// analysis (like the one above). pub const MAX_UNREWARDED_RELAYERS_IN_CONFIRMATION_TX: MessageNonce = 1024; /// Maximal number of unconfirmed messages at inbound lane for Cumulus-based parachains. +/// Note: this value is security-relevant, decreasing it should not be done without careful +/// analysis (like the one above). pub const MAX_UNCONFIRMED_MESSAGES_IN_CONFIRMATION_TX: MessageNonce = 4096; /// Extra signed extension data that is used by all bridge hubs. diff --git a/bridges/primitives/header-chain/Cargo.toml b/bridges/primitives/header-chain/Cargo.toml index 32f81315537..962d262d571 100644 --- a/bridges/primitives/header-chain/Cargo.toml +++ b/bridges/primitives/header-chain/Cargo.toml @@ -9,7 +9,7 @@ license = "GPL-3.0-or-later WITH Classpath-exception-2.0" [dependencies] codec = { package = "parity-scale-codec", version = "3.1.5", default-features = false } finality-grandpa = { version = "0.16.2", default-features = false } -scale-info = { version = "2.6.0", default-features = false, features = ["derive"] } +scale-info = { version = "2.9.0", default-features = false, features = ["derive"] } serde = { version = "1.0", default-features = false, features = ["alloc", "derive"] } # Bridge dependencies diff --git a/bridges/primitives/messages/Cargo.toml b/bridges/primitives/messages/Cargo.toml index cc439a55ae2..ecb0bdc4079 100644 --- a/bridges/primitives/messages/Cargo.toml +++ b/bridges/primitives/messages/Cargo.toml @@ -8,7 +8,7 @@ license = "GPL-3.0-or-later WITH Classpath-exception-2.0" [dependencies] codec = { package = "parity-scale-codec", version = "3.1.5", default-features = false, features = ["derive", "bit-vec"] } -scale-info = { version = "2.6.0", default-features = false, features = ["bit-vec", "derive"] } +scale-info = { version = "2.9.0", default-features = false, features = ["bit-vec", "derive"] } serde = { version = "1.0", default-features = false, features = ["alloc", "derive"] } # Bridge dependencies diff --git a/bridges/primitives/parachains/Cargo.toml b/bridges/primitives/parachains/Cargo.toml index c18c931bd33..6cd138c6224 100644 --- a/bridges/primitives/parachains/Cargo.toml +++ b/bridges/primitives/parachains/Cargo.toml @@ -9,7 +9,7 @@ license = "GPL-3.0-or-later WITH Classpath-exception-2.0" [dependencies] codec = { package = "parity-scale-codec", version = "3.1.5", default-features = false, features = ["derive"] } impl-trait-for-tuples = "0.2" -scale-info = { version = "2.6.0", default-features = false, features = ["derive"] } +scale-info = { version = "2.9.0", default-features = false, features = ["derive"] } # Bridge dependencies diff --git a/bridges/primitives/polkadot-core/Cargo.toml b/bridges/primitives/polkadot-core/Cargo.toml index 56c6de04d41..b7ba4803473 100644 --- a/bridges/primitives/polkadot-core/Cargo.toml +++ b/bridges/primitives/polkadot-core/Cargo.toml @@ -9,7 +9,7 @@ license = "GPL-3.0-or-later WITH Classpath-exception-2.0" [dependencies] codec = { package = "parity-scale-codec", version = "3.1.5", default-features = false, features = ["derive"] } parity-util-mem = { version = "0.12.0", optional = true } -scale-info = { version = "2.6.0", default-features = false, features = ["derive"] } +scale-info = { version = "2.9.0", default-features = false, features = ["derive"] } serde = { version = "1.0", optional = true, features = ["derive"] } # Bridge Dependencies diff --git a/bridges/primitives/relayers/Cargo.toml b/bridges/primitives/relayers/Cargo.toml index b84b0393adf..fd2c9e19f98 100644 --- a/bridges/primitives/relayers/Cargo.toml +++ b/bridges/primitives/relayers/Cargo.toml @@ -8,7 +8,7 @@ license = "GPL-3.0-or-later WITH Classpath-exception-2.0" [dependencies] codec = { package = "parity-scale-codec", version = "3.1.5", default-features = false, features = ["derive", "bit-vec"] } -scale-info = { version = "2.6.0", default-features = false, features = ["bit-vec", "derive"] } +scale-info = { version = "2.9.0", default-features = false, features = ["bit-vec", "derive"] } # Bridge Dependencies diff --git a/bridges/primitives/runtime/Cargo.toml b/bridges/primitives/runtime/Cargo.toml index 3e6a30a061c..dea3c979b86 100644 --- a/bridges/primitives/runtime/Cargo.toml +++ b/bridges/primitives/runtime/Cargo.toml @@ -11,7 +11,7 @@ codec = { package = "parity-scale-codec", version = "3.1.5", default-features = hash-db = { version = "0.16.0", default-features = false } impl-trait-for-tuples = "0.2.2" num-traits = { version = "0.2", default-features = false } -scale-info = { version = "2.6.0", default-features = false, features = ["derive", "serde"] } +scale-info = { version = "2.9.0", default-features = false, features = ["derive"] } serde = { version = "1.0", default-features = false, features = ["alloc", "derive"] } # Substrate Dependencies diff --git a/scripts/bridges_update_subtree.sh b/scripts/bridges_update_subtree.sh index 3928dc23213..5c5c7a322a1 100755 --- a/scripts/bridges_update_subtree.sh +++ b/scripts/bridges_update_subtree.sh @@ -8,7 +8,7 @@ set -e -BRIDGES_BRANCH="${BRANCH:-master}" +BRIDGES_BRANCH="${BRANCH:-polkadot-staging}" BRIDGES_TARGET_DIR="${TARGET_DIR:-bridges}" function fetch() {