Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Further restrict proxy account ordering #672

Closed
ghost opened this issue Apr 6, 2023 · 1 comment
Closed

Further restrict proxy account ordering #672

ghost opened this issue Apr 6, 2023 · 1 comment

Comments

@ghost
Copy link

ghost commented Apr 6, 2023
edited by eskimor
Loading

As a follow up from #712, further restrict the proxy account through in-pallet state. Limit properties like for which parathread an account can order a core and how often (e.g. once per hour, once per day, unlimited, ..)

This will need to be setup by the user via an extrinsic. Parathread security opt in would look like that:

  1. No security - just use a hot account. Might be fine for some cases or if only holding a small amount of DOT ...
  2. Use proxy account limited to ordering parathread cores - can still be any parathread, but at least no balance transfers or other stuff.
  3. Send extrinsic to parathread assignment provider pallet to restrict access from a given account, restrictions that come to mind are listed above.

Implementation

Provide call/extrinsic to set further restrictions on an account

Something like:

struct AccountRestriction {
  /// Allowed paraids the account can place orders for.
  /// `None` means no restriction.
  allowed_paraIds: Option<Set<ParaId>>,

  /// How many blocks since the last enqueued order must have passed for a new order to be accepted.
  /// `None` means no restriction.
  allowed_frequency: Option<BlockNum>,
}

fn restrict_account(Origin, AccountId, AccountRestriction);

Obvious problem, which account is allowed to place restrictions on another account? Setting restrictions will only be possible for proxy accounts and the restricting account has to be the proxied account.

We need to charge the calling account not only weight based fees, but also need to take some deposit for the storage.

If set_account_restrictions is called with all restrictions set to None we remove the restriction from state all together - see next section.

Enforcing restrictions

We will need to store current restrictions in a map per AccountId, which we then need to look up whenever an order is queued. For the allowed_frequency requirement we will also need to store the block number of the last placed order for that account.
@eskimor eskimor changed the title Further restrict proxy account bidding Further restrict proxy account ordering Apr 7, 2023
@Sophia-Gold Sophia-Gold transferred this issue from paritytech/polkadot Aug 24, 2023
@eskimor eskimor mentioned this issue Sep 11, 2023
Open
@eskimor eskimor removed the status in Parathreads Oct 5, 2023
claravanstaden pushed a commit to Snowfork/polkadot-sdk that referenced this issue Dec 8, 2023
@alistair-singh
updated subxt (paritytech#672)
f719545
@eskimor
Copy link
Member

eskimor commented Jan 30, 2024

With credits, theoretically still useful, but also likely overkill. Closing.

@eskimor eskimor closed this as completed Jan 30, 2024
@github-project-automation github-project-automation bot moved this from Backlog to Completed in parachains team board Jan 30, 2024
helin6 pushed a commit to boolnetwork/polkadot-sdk that referenced this issue Feb 5, 2024
@dependabot
Bump vuepress from 1.7.1 to 1.9.7 in /docs (paritytech#672)
73e93a3 
Bumps [vuepress](https://github.com/vuejs/vuepress/tree/HEAD/packages/vuepress) from 1.7.1 to 1.9.7.
- [Release notes](https://github.com/vuejs/vuepress/releases)
- [Changelog](https://github.com/vuejs/vuepress/blob/master/CHANGELOG.md)
- [Commits](https://github.com/vuejs/vuepress/commits/v1.9.7/packages/vuepress)

---
updated-dependencies:
- dependency-name: vuepress
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
bkchr pushed a commit that referenced this issue Apr 10, 2024
@HCastano @svyatonik @bkchr
Add Unchecked Header Writes to Bridge Pallet (#672)
b921a48 
* Add method for unchecked header imports

* Update docs for importing unchecked headers

* Import unchecked headers in HeaderChain implementation

* Fix Clippy warnings

* Move unchecked header import out of Verifier struct

* Clean up unchecked import tests

* Change HeaderChain API to accept iterator of headers

* Use chains of headers in tests

* Remove unused Result return type when appending finalized headers

* Add test which shows that genesis changes are not enacted

* Use initial header's hash for unchecked authority set changes

* Appease Clippy

* Check ancestry before making unchecked writes

* Fix typo

* Fix Clippy warning

* Add note about `ancestry_proof` structure

* Use best hash storage item directly

Co-authored-by: Svyatoslav Nikolsky <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
parachains team board
Status: Completed
Parathreads
Status: No status
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ghost @eskimor