-
Notifications
You must be signed in to change notification settings - Fork 238
New issue
Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? # to your account
More explicit support for getVerifiedWarpMessage
as Anycast vs. Explicit Destination
#868
Comments
This is an interesting idea, though my initial feeling that it is best to make as few assumptions as possible on how messages will be used by developers. For instance, it's imaginable that a project would want to be able to receive warp messages sent to a specific chain that is neither their own chain ID or the anycast chain ID. It could be used for reporting messages sent or other uses cases aside from "anycasting". It'd be odd to have to use 100% agree that it needs to be very clear that the |
Trying to think how else an additional guard rail around the One option could be to add an This may make it more clear what the parameter is used for rather than having two different precompile methods. |
I think (but don't know) that in most cases, if you (the smart-contract) already know the index of the message you're looking for, you should know the If we think that arbitrarily reading warp messages is a use-case we want to support (as we do now), I recommend the following interface: // only returns messages with `chainID` == this.getBlockchainID()
function getVerifiedWarpMessage(uint32 index)
external view
returns (WarpMessage calldata message, bool valid);
// only returns messages with `chainID` == `blockchainID`
function getVerifiedWarpMessage(uint32 index, bytes32 blockchainID)
external view
returns (WarpMessage calldata message, bool valid);
// exact same functionality as the current `getVerifiedWarpMessage`
// return any message without validating the `chainID`
function getAnyVerifiedWarpMessage(uint32 index)
external view
returns (WarpMessage calldata message, bool valid); |
I agree that smart contracts should know the expected The interface you suggested seems totally reasonable to me. I think it's important to support possible use cases for receiving messages with arbitrary |
Discussing an alternative to this of removing the |
The Warp precompile currently supports
getVerifiedWarpMessage
, which will verify that a warp message was signed by a threshold of the source blockchainID's validator set. The address-to-address payload type specifies adestinationChainID
as well, and the current implementation does not require that thedestinationChainID
matches the actualblockchainID
of the blockchain receiving this message.The motivation for this was to support Anycast messages in a lightweight way and defer verification of the
destinationChainID
to the caller.This ticket is a feature request to support a more explicit "safe" version of
getVerifiedWarpMessage
that does this check for you and separates the Anycast and explicit destination handler functions.Specifically, this proposes that we break it down into two functions:
getVerifiedWarpMessage
which verifies thedestinationChainID
matches the receiving chain'sblockchainID
getAnyCastVerifiedWarpMessage
which verifies thedestinationChainID
is exactly theAnycastChainID
defined in AvalancheGo (or alternatively keeps the current behavior of deferring to the caller to allow anyblockchainID
is specified for thedestinationChainID
The text was updated successfully, but these errors were encountered: