-
Notifications
You must be signed in to change notification settings - Fork 206
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: contract for single smart wallet #5701
Conversation
fd1b8c0
to
9a0dd4a
Compare
9a0dd4a
to
1ea0719
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
heading to a meeting; got thru lib-chainStorage.js
not sure about the CORS stuff. hm.
packages/agoric-cli/src/start.js
Outdated
}); | ||
const newAppToml = finishCosmosApp({ | ||
appToml, | ||
portNum, | ||
enableCors: true, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I suspect this CORS stuff is left-over from some tangentially related work. Unless you're clear on why it belongs, perhaps take it out?
"walletManager": { | ||
"sourceSpec": "@agoric/vats/src/vat-walletManager.js" | ||
}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this config probably needs the same smart-wallet.js
contract bundle as decntral-core-config.json
.
1ea0719
to
74945ea
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
good stuff, but I think changing provide
from async to sync has to be rolled back or otherwise fixed.
@@ -15,7 +15,7 @@ import { | |||
import centralSupplyBundle from '@agoric/vats/bundles/bundle-centralSupply.js'; | |||
import { | |||
bridgeCoreEval, | |||
makeClientManager, | |||
setupClientManager, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why rename it? the function does make a (new) client manager.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ah. it doesn't return the thing that it creates.
@@ -67,17 +68,6 @@ export const reserveThenDeposit = async ( | |||
console.info('confirmed deposit for', debugName); | |||
}; | |||
|
|||
/** @type {<T>(store: any, key: string, make: () => T) => Promise<T>} */ | |||
const provide = async (store, key, make) => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the provide
from @agoric/store
is not async
. I don't see how it can work here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
store: any
was lazy (on my part)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks. coding too fast. thankfully the typechecker caught it too.
/** @type {SubscriptionRecord<PropertyMakers>} */ | ||
/** @type {SubscriptionRecord<PropertyMaker[]>} */ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
odd... I wonder why that wasn't caught before.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
PropertyMakers
was PropertyMaker[]
. I changed it around to have PropertyMaker
be named.
agd query vstorage keys 'published.wallet' | ||
# confirm it has a key like `published.wallet.agoric1nqxg4pye30n3trct0hf7dclcwfxz8au84hr3ht` | ||
agoric follow :published.wallet.agoric1nqxg4pye30n3trct0hf7dclcwfxz8au84hr3ht | ||
# confirm it has JSON data |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the format here is actually Justin. minor detail.
569520a
to
3e005d7
Compare
d217901
to
80f642b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
good stuff!
const STORAGE_PATH = 'wallet'; | ||
|
||
const storageNode = await getChildNode(chainStorage, STORAGE_PATH); | ||
const marshaller = E(board).getPublishingMarshaller(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
post-script: wallets have state that shouldn't be published, so using the publishing marshaller was probably not a good idea. even using the read-only marshaller would be iffy: purses shouldn't be exposed to the board vat at all.
cc @warner
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The marshaller privileges and what is published are independent, no?
The latter is defined here https://github.com/Agoric/agoric-sdk/pull/5701/files#diff-b1c2b2b7ded05977f142adcd00946c70016bae3a5178a46af30ef444422e3332R60-R70
Which of those shouldn't be published? purses
?
Are you saying there should be separate streams for what goes to off-chain storage and what goes to the creator?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The marshaller privileges and what is published are independent, no?
Yes.
And indeed, purses must not be published. Nor payments. Probably not offers either. Publishing issuers and dapps is probably harmless. contacts is iffy...
But not only should we not publish purses, we shouldn't use the board's readOnlyMarshaller, since that involves exposing the purses to the board and trusting the board not to publish them.
For reference, https://gist.github.com/dckc/3192a5264524635bd7261277b1fb707e has the output of |
closes: #5356
Description
Smart contract for smart wallet, forked from #5594
Names this version of the contract
singleWallet
so it can co-exist with the multitenantwalletFactory
coming in #5721 for #4484Security Considerations
Wallet now works on-chain.
Documentation Considerations
Adds a basic README to document the difference between "solo" wallet, smart/chain wallet with a singleton contract and the multitenant factory.
Testing Considerations
CI doesn't cover everything. Ideally we test the on-chain
home.wallet
in CI but that's a big chunk of work and for now we can do it manually.