Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Validate Wasm on Program deployment? #1096

Open
mixmix opened this issue Oct 2, 2024 · 7 comments
Open

Validate Wasm on Program deployment? #1096

mixmix opened this issue Oct 2, 2024 · 7 comments
Labels
Feature introduces a new feature

Comments

@mixmix
Copy link
Contributor

mixmix commented Oct 2, 2024

Right now you can deploy any old jank as a "wasm binary".
This seems dangerous / wasteful? Yes the person pays for this, but I would rather:

  • if I make a mistake as a user I am told before wasting money
  • we keep the chain lighter by keeping it free from useless clutter/spam?

Me testing CLI right now:

echo "wasm junk - $(date)"  > /tmp/entropy.fake.wasm

entropy program deploy -a naynay  /tmp/entropy.fake.wasm /tmp/configSchema.json /tmp/aucDataSchema.json
@mixmix
Copy link
Contributor Author

mixmix commented Oct 2, 2024

Ideas:

  • magic numbers for wasm?
  • a quick tool-run wasm-objdump faucet_program.wasm --details (wabt)
  • run the wasm with random input once before deploy (confirm you get bool back)

@johnnymatthews
Copy link
Contributor

This sounds like a good idea, but isn't this what the local network and testnet are for? Like, me as a dev should deploy locally and run tests to make sure my Entropy program actually works how it should do. I then deploy it to the testnet to reconfirm everything works. Once that's done, deploy to mainnet.

Reducing the chance of deploying a borked Entropy program to mainnet is a good idea. But I wonder if this is too much hand-holding, and we should direct devs to appropriate tools (like WABL) through good docs.

@ameba23
Copy link
Contributor

ameba23 commented Oct 3, 2024

I think this has come up before and the idea was that that this validation should happen in the tooling for building programs and/or the SDK or other client software, rather than on chain, because on-chain computation is expensive and happens in a restrictive environment where some things cannot be done.

For example, probably the best way to check if a program is valid is to load it into the programs runtime and try to run it. But im not sure if we can do this from within the blockchain runtime.

The program-building template repo provides a way to build and deploy your program giving some guarantee that the program will only deploy if it builds correctly, and the program-metadata-http-service gives some (perhaps not very strong) guarantee that a particular on-chain program corresponds to a particular source code repo.

But yes, at the chain-api level there is nothing to stop you uploading garbage, and currently no plans to do anything about it.

@HCastano HCastano changed the title wasm validation! Validate Wasm on Program deployment? Oct 3, 2024
@HCastano HCastano added the Feature introduces a new feature label Oct 3, 2024
@mixmix
Copy link
Contributor Author

mixmix commented Oct 8, 2024

🤡

cp ~/Music/Killing_in_the_name.mp3 /tmp/Killing_in_the_name.wasm

entropy program deploy -a naynay \
  /tmp/Killing_in_the_name.wasm \
  /tmp/entropy.configSchema.fake.json \
  /tmp/entropy.auxDataSchema.fake.json

How much does it cost for me to host whatever I want on the blockchain forever?

@mixmix
Copy link
Contributor Author

mixmix commented Oct 8, 2024

NOTE: this is me role-playing a cheeky user/ attacker. I'm obviously not advocating doing this.
I'm demonstrating we might need to think about this as an attack / abuse vector. (Maybe we already have). I suppose there is a blob size limit for that wasm?

@HCastano
Copy link
Collaborator

HCastano commented Oct 8, 2024

@mixmix the Program pallet charges a deposit and enforces a maximum program length.

In the runtime we have these limits set to 1MiB max upload.

So yes, you can upload random stuff but you gotta pay for it. Whether or not the deposit costs are actually high enough to deter any spam is unclear, but I'm sure it'll be more clear with time.

@johnnymatthews
Copy link
Contributor

Whether or not the deposit costs are actually high enough to deter any spam is unclear, but I'm sure it'll be more clear with time. -- @HCastano

And this, arguably, is an answer for a crypto-econ person. Lots of funky nerd math to figure out how much is enough.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Feature introduces a new feature
Projects
Status: 📋 Backlog
Development

No branches or pull requests

4 participants