feat: add optional additional scopes to wallet transaction API#20487
feat: add optional additional scopes to wallet transaction API#20487nchamo wants to merge 4 commits intomerge-train/fairiesfrom
Conversation
nchamo
changed the title
|
|
||
| #[external("private")] | ||
| fn test_recursively_create_notes(owner: AztecAddress, how_many_recursions: u64) { | ||
| fn test_recursively_create_notes(recipients: [AztecAddress; 10], how_many_recursions: u64) { |
There was a problem hiding this comment.
We had to make these changes when we introduced scopes, because there was no way to inject multiple scopes. Since now there is, we can revert the change we made
nchamo
added
the
ci-no-fail-fast
…move unnecessary scopes
…ivate token transfer
|
|
||
| isStaticCall = isStaticCall || this.callContext.isStaticCall; | ||
|
|
||
| // When scopes are set and the target contract is a registered account (has keys in the keyStore), |
| // When `from` is the zero address (e.g. when deploying a new account contract), we use only the | ||
| // additionalScopes if any, or an empty list which acts as deny-all: no notes are visible and | ||
| // no keys are accessible. Otherwise, we combine `from` with any additionalScopes, deduplicating. | ||
| protected scopesFor(from: AztecAddress, additionalScopes: AztecAddress[] = []): AztecAddress[] { |
There was a problem hiding this comment.
I find this name doesn't make match sense, maybe scopesFrom would make more sense.
And the comments are just a natural language description of the imperative steps the function does, which personally distracted me more than just reading the code. I would just remove the comment.
mverzilli
left a comment
mverzilli
left a comment
There was a problem hiding this comment.
Looks good! I think it's missing migration notes, and some documentation in general
|
|
||
| const batch = new BatchCall(wallet, calls); | ||
| const opts = await this.getSendMethodOpts(batch); | ||
| const additionalScopes = isStandardTokenContract(token) ? undefined : [token.address]; |
There was a problem hiding this comment.
Why does the non standard token need additional scopes?
| const tx = await bobsDeployMethod.send({ from: AztecAddress.ZERO, wait: { returnReceipt: true } }); | ||
| const tx = await bobsDeployMethod.send({ | ||
| from: AztecAddress.ZERO, | ||
| additionalScopes: [bobsAddress], |
There was a problem hiding this comment.
This is the only thing that worries me. It makes 100% total sense that account contract self-deployments need this, but for such a common operation it's getting very verbose. Maybe we should consider this a higher level abstraction and provide some sane defaults
Thunkar
left a comment
Thunkar
left a comment
There was a problem hiding this comment.
I'm fine with merging this as-is, but two important things remain:
- Modify the capabilities manifest so simulations and transactions declare extra scopes might be required. Take into account the case where these scopes are not known in advance by the app, but are the same ones requested by the getAccounts capability
- Talk about account contract self-deployments and how to add defaults (and the problems this caused in the past.
benesjan
left a comment
benesjan
left a comment
There was a problem hiding this comment.
I am repeating myself in some of the comments but think it would be useful to put everywhere a comment on why the scopes are getting expanded
| /** The fee options for the transaction. */ | ||
| fee?: InteractionFeeOptions; | ||
| /** | ||
| * Additional addresses whose private state should be accessible during execution, |
There was a problem hiding this comment.
| * Additional addresses whose private state should be accessible during execution, | |
| * Additional addresses whose private state and keys should be accessible during execution, |
| fee?: InteractionFeeOptions; | ||
| /** | ||
| * Additional addresses whose private state should be accessible during execution, | ||
| * beyond the sender's |
There was a problem hiding this comment.
Think it would be useful to have here an example of why you would want this.
| skipInstancePublication: !publicDeploy, | ||
| skipInitialization, | ||
| from, | ||
| additionalScopes: [address], |
There was a problem hiding this comment.
Would put here a comment regarding why we need to add the additional scope
| await newAccountDeployMethod.send({ from: prefundedAccount.address }); | ||
| await newAccountDeployMethod.send({ | ||
| from: prefundedAccount.address, | ||
| additionalScopes: [newAccountManager.address], |
There was a problem hiding this comment.
Would put here a comment regarding why we need to add the additional scope
| accountManagers.map(async x => { | ||
| const deployMethod = await x.getDeployMethod(); | ||
| await deployMethod.send({ from: fundedAccount }); | ||
| await deployMethod.send({ from: fundedAccount, additionalScopes: [x.address] }); |
There was a problem hiding this comment.
Would put here a comment regarding why we need to add the additional scope
4 participants
Summary
Previously,
PrivateExecutionOracleautomatically expanded scopes when making nested private calls to registered account contracts. This behavior was pretty hidden and made it hard to reason about which addresses' private state was accessible during execution.This PR removes the auto-expansion and instead introduces an explicit
additionalScopesoption onsend(),simulate(), anddeploy(). Callers now declare upfront which additional addresses' private state they need access to beyond the sender's.