Skip to content

[pyth-cosmwasm] sec review update #649

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Mar 3, 2023
Merged

[pyth-cosmwasm] sec review update #649

merged 5 commits into from
Mar 3, 2023

Conversation

@0xfirefist
Copy link
Contributor

@0xfirefist 0xfirefist commented Mar 2, 2023

address the feedback for the initial sec review

following in particular:

  1. all other chain contracts compare publish_time while this one checks for the attestation time before updating. I don't see much impact to this except in the case of an asset that isn't trading anymore, it would be an extra storage call. Might make sense to make it uniform with the other contracts however.
  2. the owner field in the state doesn't seem to be used anywhere,

@0xfirefist 0xfirefist requested review from ali-behjati and jayantk and removed request for jayantk March 2, 2023 08:45
@vercel
Copy link

vercel bot commented Mar 2, 2023
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

2 Ignored Deployments
Name Status Preview Comments Updated
example-oracle-amm ⬜️ Ignored (Inspect) Mar 3, 2023 at 2:00PM (UTC)
xc-admin-frontend ⬜️ Ignored (Inspect) Mar 3, 2023 at 2:00PM (UTC)

@0xfirefist 0xfirefist requested a review from jayantk March 2, 2023 08:45
ali-behjati
ali-behjati reviewed Mar 2, 2023
View reviewed changes
target_chains/cosmwasm/contracts/pyth/src/state.rs Outdated
#[derive(Serialize, Deserialize, Clone, Debug, PartialEq, JsonSchema)]
pub struct ConfigInfo {
pub owner: Addr,
// TODO: ASK do we need to update config key?
Copy link
Collaborator

@ali-behjati ali-behjati Mar 2, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What do you mean here?

Copy link
Contributor Author

@0xfirefist 0xfirefist Mar 2, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Before, the config had owner in it and now it doesn't
Should we update the config key use to store the config?

Intuitively I think it won't matter. As, all the fields required will still be there. But not sure.

Copy link
Collaborator

@ali-behjati ali-behjati Mar 2, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't know to what format Cosmwasm serialized though but I think it will break. We can update the config and have proper migration or rename it to deprecated_owner and keep it. @njk-64 what do you think?

Copy link
Contributor

@jayantk jayantk Mar 2, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah this will probably break.

Actually, this brings up a good question, which is how are we going to manage changes to this config class going forward?

I think we probably want to (1) stick a version number field in ConfigInfo so we can implement hard migration logic, and (2) add #repr[(C)] so we can extend it with fields at the end without having rust be too smart about packing the fields of the struct and potentially reordering things.

Copy link
Collaborator

@ali-behjati ali-behjati Mar 3, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think that Serialize and Deserialize work with the way rust stores data on memory. But anyway migration is not very difficult on the migrate method when we need it.

ali-behjati
ali-behjati reviewed Mar 2, 2023
View reviewed changes
ali-behjati
ali-behjati reviewed Mar 2, 2023
View reviewed changes
@0xfirefist 0xfirefist requested a review from njk-64 March 2, 2023 10:03
jayantk
jayantk approved these changes Mar 2, 2023
View reviewed changes
Copy link
Contributor

@jayantk jayantk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. we should deal with the config issue also. will slack you.

target_chains/cosmwasm/contracts/pyth/src/state.rs Outdated
#[derive(Serialize, Deserialize, Clone, Debug, PartialEq, JsonSchema)]
pub struct ConfigInfo {
pub owner: Addr,
// TODO: ASK do we need to update config key?
Copy link
Contributor

@jayantk jayantk Mar 2, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah this will probably break.

Actually, this brings up a good question, which is how are we going to manage changes to this config class going forward?

I think we probably want to (1) stick a version number field in ConfigInfo so we can implement hard migration logic, and (2) add #repr[(C)] so we can extend it with fields at the end without having rust be too smart about packing the fields of the struct and potentially reordering things.

@0xfirefist 0xfirefist merged commit 16ac585 into main Mar 3, 2023
@0xfirefist 0xfirefist deleted the sec-review-update branch March 3, 2023 14:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ali-behjati ali-behjati ali-behjati left review comments

@jayantk jayantk jayantk approved these changes

@njk-64 njk-64 Awaiting requested review from njk-64

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@0xfirefist @jayantk @ali-behjati