feat(generator): polyjuice contract creator allowlist

Cargo.toml

@@ -22,6 +22,7 @@ members = [
   "crates/version",
   "crates/utils",
   "crates/ckb-hardfork",
+  "crates/tx-filter",
 ]
 
 [profile.release]

crates/config/src/config.rs

@@ -48,6 +48,8 @@ pub struct RPCClientConfig {
 pub struct RPCConfig {
     pub allowed_sudt_proxy_creator_account_id: Vec<u32>,
     pub sudt_proxy_code_hashes: Vec<H256>,
+    pub allowed_polyjuice_contract_creator_account_ids: Option<HashSet<u32>>,
+    pub polyjuice_script_code_hash: Option<H256>,
 }
 
 /// Onchain rollup cell config

crates/generator/Cargo.toml

@@ -13,6 +13,7 @@ gw-config = { path = "../config" }
 gw-store = { path = "../store" }
 gw-traits = { path = "../traits" }
 gw-ckb-hardfork = { path = "../ckb-hardfork" }
+gw-tx-filter = { path = "../tx-filter" }
 anyhow = "1.0"
 blake2b-rs = "0.2"
 ckb-vm = { version = "=0.20.0-rc5", features = ["detect-asm"] }

crates/generator/src/erc20_creator_whitelist.rs → crates/generator/src/erc20_creator_allowlist.rs

@@ -2,12 +2,12 @@ use gw_common::H256;
 use gw_types::offchain::RunResult;
 use log::debug;
 
-pub struct SUDTProxyAccountWhitelist {
+pub struct SUDTProxyAccountAllowlist {
     allowed_sudt_proxy_creator_account_id: Vec<u32>,
     sudt_proxy_code_hashes: Vec<H256>,
 }
 
-impl SUDTProxyAccountWhitelist {
+impl SUDTProxyAccountAllowlist {
     pub fn new(
         allowed_sudt_proxy_creator_account_id: Vec<u32>,
         sudt_proxy_code_hashes: Vec<H256>,
@@ -18,7 +18,7 @@ impl SUDTProxyAccountWhitelist {
         }
     }
 
-    /// Only accounts in white list could create sUDT proxy contract.
+    /// Only accounts in allow list could create sUDT proxy contract.
     pub fn validate(&self, run_result: &RunResult, from_id: u32) -> bool {
         if self.allowed_sudt_proxy_creator_account_id.is_empty()
             || self.sudt_proxy_code_hashes.is_empty()
@@ -38,7 +38,7 @@ impl SUDTProxyAccountWhitelist {
 
         for k in run_result.write_data.keys() {
             debug!(
-                "whiltelist: from_id: {:?}, code_hash: {:?}",
+                "allowlist: from_id: {:?}, code_hash: {:?}",
                 &from_id,
                 hex::encode(k.as_slice())
             );
@@ -53,7 +53,7 @@ impl SUDTProxyAccountWhitelist {
     }
 }
 
-impl Default for SUDTProxyAccountWhitelist {
+impl Default for SUDTProxyAccountAllowlist {
     fn default() -> Self {
         Self {
             allowed_sudt_proxy_creator_account_id: vec![],

crates/generator/src/error.rs

@@ -126,6 +126,11 @@ pub enum TransactionError {
     ExceededMaxWriteData { max_bytes: usize, used_bytes: usize },
     #[error("Cannot create sUDT proxy contract from account id: {account_id}.")]
     InvalidSUDTProxyCreatorAccount { account_id: u32 },
+    #[error("Cannot create backend {} contract from account id: {account_id}")]
+    InvalidContractCreatorAccount {
+        backend: &'static str,
+        account_id: u32,
+    },
 }
 
 impl From<VMError> for TransactionError {

crates/generator/src/generator.rs

@@ -4,7 +4,7 @@ use crate::{
     account_lock_manage::AccountLockManage,
     backend_manage::BackendManage,
     constants::{L2TX_MAX_CYCLES, MAX_READ_DATA_BYTES_LIMIT, MAX_WRITE_DATA_BYTES_LIMIT},
-    erc20_creator_whitelist::SUDTProxyAccountWhitelist,
+    erc20_creator_allowlist::SUDTProxyAccountAllowlist,
     error::{BlockError, TransactionValidateError, WithdrawalError},
     vm_cost_model::instruction_cycles,
 };
@@ -30,6 +30,7 @@ use gw_store::{
     transaction::StoreTransaction,
 };
 use gw_traits::{ChainStore, CodeStore};
+use gw_tx_filter::polyjuice_contract_creator_allowlist::PolyjuiceContractCreatorAllowList;
 use gw_types::{
     bytes::Bytes,
     core::{ChallengeTargetType, ScriptHashType},
@@ -93,7 +94,8 @@ pub struct Generator {
     backend_manage: BackendManage,
     account_lock_manage: AccountLockManage,
     rollup_context: RollupContext,
-    sudt_proxy_account_whitelist: SUDTProxyAccountWhitelist,
+    sudt_proxy_account_whitelist: SUDTProxyAccountAllowlist,
+    polyjuice_contract_creator_allowlist: Option<PolyjuiceContractCreatorAllowList>,
 }
 
 impl Generator {
@@ -103,19 +105,24 @@ impl Generator {
         rollup_context: RollupContext,
         rpc_config: RPCConfig,
     ) -> Self {
-        let sudt_proxy_account_whitelist = SUDTProxyAccountWhitelist::new(
+        let polyjuice_contract_creator_allowlist =
+            PolyjuiceContractCreatorAllowList::from_rpc_config(&rpc_config);
+
+        let sudt_proxy_account_whitelist = SUDTProxyAccountAllowlist::new(
             rpc_config.allowed_sudt_proxy_creator_account_id,
             rpc_config
                 .sudt_proxy_code_hashes
                 .into_iter()
                 .map(|hash| hash.0.into())
                 .collect(),
         );
+
         Generator {
             backend_manage,
             account_lock_manage,
             rollup_context,
             sudt_proxy_account_whitelist,
+            polyjuice_contract_creator_allowlist,
         }
     }
 
@@ -635,6 +642,22 @@ impl Generator {
         raw_tx: &RawL2Transaction,
         max_cycles: u64,
     ) -> Result<RunResult, TransactionError> {
+        if let Some(polyjuice_contract_creator_allowlist) =
+            self.polyjuice_contract_creator_allowlist.as_ref()
+        {
+            use gw_tx_filter::polyjuice_contract_creator_allowlist::Error;
+            match polyjuice_contract_creator_allowlist.validate_with_state(state, raw_tx) {
+                Ok(_) => (),
+                Err(Error::Common(err)) => return Err(TransactionError::from(err)),
+                Err(Error::PermissionDenied { account_id }) => {
+                    return Err(TransactionError::InvalidContractCreatorAccount {
+                        backend: "polyjuice",
+                        account_id,
+                    })
+                }
+            }
+        }
+
         let sender_id: u32 = raw_tx.from_id().unpack();
         let nonce_before_execution = state.get_nonce(sender_id)?;
 

crates/generator/src/lib.rs

@@ -5,7 +5,7 @@ pub mod account_lock_manage;
 pub mod backend_manage;
 pub mod constants;
 pub mod dummy_state;
-pub mod erc20_creator_whitelist;
+pub mod erc20_creator_allowlist;
 pub mod error;
 pub mod generator;
 pub mod genesis;

crates/tx-filter/Cargo.toml

@@ -0,0 +1,14 @@
+[package]
+name = "gw-tx-filter"
+version = "0.1.0"
+authors = ["Nervos Network"]
+edition = "2018"
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+[dependencies]
+gw-common = { path = "../common" }
+gw-config = { path = "../config" }
+gw-traits = { path = "../traits" }
+gw-types = { path = "../types" }
+thiserror = "1.0"

crates/tx-filter/src/lib.rs

@@ -0,0 +1 @@
+pub mod polyjuice_contract_creator_allowlist;