Skip to content

Improvments to runtime configuration #265

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
karolk91 merged 65 commits into from
Mar 19, 2026
Merged

Improvments to runtime configuration #265

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
65 commits
Select commit Hold shift + click to select a range
3a9825f
Improvements: simply authorizations, missing xcm configs, test coverage
karolk91 Feb 23, 2026
30ed2a4
Merge remote-tracking branch 'origin/main' into kk-runtime-sec-hardening
karolk91 Feb 23, 2026
9b0a9e7
Adapt benchmarking
karolk91 Feb 23, 2026
130bab4
Remove call level auhtorization consumption
karolk91 Feb 23, 2026
145dcf7
improvements and tests
karolk91 Feb 23, 2026
3ea174c
Merge branch 'main' into kk-improvements
karolk91 Feb 25, 2026
81cf2a1
Pass authorization via custom origin for signed transactions
RafalMirowski1 Feb 26, 2026
3acefec
add test for prepare
RafalMirowski1 Feb 26, 2026
0ed4d86
Apply suggestions from code review
karolk91 Feb 26, 2026
97ab7d0
Update pallets/transaction-storage/src/lib.rs
karolk91 Feb 26, 2026
c871a5d
replacing ipfs-http-client usage (#272)
rosarp Feb 26, 2026
130fdb0
added ValidTransaction tag for check_signed (#269)
rosarp Feb 26, 2026
c39ed43
Minor cleanups: pass scope by ref, remove unused deps, add Dependabot…
bkontur Feb 26, 2026
13d9884
Revert and fix CI
bkontur Feb 26, 2026
cb9fb5f
feat: add /format skill for pre-commit formatting checks (#275)
mudigal Feb 26, 2026
3b0d7ac
Review fixes
karolk91 Feb 26, 2026
9423fa2
Merge remote-tracking branch 'origin/main' into kk-improvements
karolk91 Feb 26, 2026
b17e7ac
Merge remote-tracking branch 'origin/main' into kk-improvements
karolk91 Feb 27, 2026
c6568e7
Improvements
karolk91 Feb 27, 2026
36fa874
Nit
bkontur Feb 27, 2026
8ba1492
Merge branch 'main' into pass-authorization-via-origin
bkontur Mar 2, 2026
8997d5f
Merge branch 'main' into kk-improvements
karolk91 Mar 4, 2026
2ee1d6e
Merge branch 'main' into pass-authorization-via-origin
bkontur Mar 4, 2026
a1f92c8
Add comment explaining ValidTransaction construction logic
bkontur Mar 4, 2026
5ea282b
Replace EnsureAuthorized with fn ensure_authorized
bkontur Mar 4, 2026
16c72ea
Rename
bkontur Mar 4, 2026
54b7134
Rename ValidateSigned -> AllowedSignedCalls, AuthorizeStorageSigned -…
bkontur Mar 4, 2026
550f829
Add benchmarked weights for ValidateStorageCalls extension
bkontur Mar 5, 2026
3b9875d
Fix fmt for CI nightly and update ValidateStorageCalls doc comment
bkontur Mar 5, 2026
bea1ea0
Expand ValidateStorageCalls doc: authorization is consumed in prepare
bkontur Mar 5, 2026
aa47e49
Fresh weights
bkontur Mar 5, 2026
b709802
Merge branch 'main' into pass-authorization-via-origin
karolk91 Mar 5, 2026
2e31904
Merge branch 'main' into kk-improvements
karolk91 Mar 5, 2026
aecdd35
Merge branch 'pass-authorization-via-origin' into kk-improvements
karolk91 Mar 5, 2026
1c0d47f
Apply Karol's comment
bkontur Mar 5, 2026
4195345
Simplify ValidateStorageCalls: pass only signer via Val, not scope
bkontur Mar 6, 2026
1bbe44f
Parameterize validate_store weight by data length
bkontur Mar 6, 2026
c791f2a
Fresh weights from 195.154.91.224
bkontur Mar 6, 2026
fb21a90
Merge remote-tracking branch 'origin/pass-authorization-via-origin' i…
karolk91 Mar 6, 2026
f48ac3e
Move CallInspector to extension file
karolk91 Mar 6, 2026
0364365
Extract common code, remove dead code
karolk91 Mar 6, 2026
36d1925
Clean code improvements
karolk91 Mar 6, 2026
197a70f
Merge remote-tracking branch 'origin/main' into kk-improvements
karolk91 Mar 6, 2026
4376b07
Formatting/clippy
karolk91 Mar 6, 2026
5a0992f
mempool deduplication
karolk91 Mar 6, 2026
fce46f5
Transform origin only for store/renew
karolk91 Mar 6, 2026
9a297f0
Merge remote-tracking branch 'origin/main' into kk-improvements
karolk91 Mar 11, 2026
6d414a9
Code review, tests, deduplication
karolk91 Mar 12, 2026
923c72e
Add logs related to traversal
karolk91 Mar 12, 2026
8c98a67
Add more tests and sync existing ones between solochain and parachain
karolk91 Mar 12, 2026
0418f26
Clippy fix
karolk91 Mar 12, 2026
cdca1f1
Apply suggestions from code review
karolk91 Mar 13, 2026
41c2db3
Adapt to review changes
karolk91 Mar 13, 2026
4a997fb
Move is_storage_mutating_call into CallInspector trait as a provided …
bkontur Mar 13, 2026
3cf022b
Move traverse_storage_calls to the CallInspector
karolk91 Mar 13, 2026
1a3d5de
Fix clippy
karolk91 Mar 14, 2026
121c420
Merge branch 'main' into kk-improvements
bkontur Mar 14, 2026
07a36cd
Missing variables in tests genesis set-up
karolk91 Mar 16, 2026
cc25e92
Merge branch 'main' into kk-improvements
karolk91 Mar 17, 2026
e0626d6
Reject wrapped store/renew, keep management call validation (#332)
bkontur Mar 19, 2026
3a60fbe
Merge branch 'main' into kk-improvements
karolk91 Mar 19, 2026
cd68f79
More tests
karolk91 Mar 19, 2026
a2caa59
Avoid unnecessary clones in extract_signer and ValidateStorageCalls (…
bkontur Mar 19, 2026
863d37b
Code-review improvements
karolk91 Mar 19, 2026
0140d62
Simplify ValidateStorageCalls::prepare by removing redundant branchin…
bkontur Mar 19, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

12 changes: 12 additions & 0 deletions pallets/common/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,17 +17,29 @@ scale-info = { features = ["derive"], workspace = true }
polkadot-sdk-frame = { workspace = true, default-features = false, features = [
"runtime",
] }
pallet-proxy = { workspace = true }
pallet-sudo = { workspace = true }
pallet-utility = { workspace = true }

[features]
default = ["std"]
runtime-benchmarks = [
"pallet-proxy/runtime-benchmarks",
"pallet-sudo/runtime-benchmarks",
"pallet-utility/runtime-benchmarks",
"polkadot-sdk-frame/runtime-benchmarks",
]
std = [
"codec/std",
"pallet-proxy/std",
"pallet-sudo/std",
"pallet-utility/std",
"polkadot-sdk-frame/std",
"scale-info/std",
]
try-runtime = [
"pallet-proxy/try-runtime",
"pallet-sudo/try-runtime",
"pallet-utility/try-runtime",
"polkadot-sdk-frame/try-runtime",
]
96 changes: 96 additions & 0 deletions pallets/common/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,9 @@

#![cfg_attr(not(feature = "std"), no_std)]

extern crate alloc;

use alloc::{vec, vec::Vec};
use codec::{Decode, Encode};
use polkadot_sdk_frame::{
deps::frame_support,
Expand Down Expand Up @@ -324,3 +327,96 @@ impl<AccountId, HoldReason> ReservableCurrency<AccountId> for NoCurrency<Account
Zero::zero()
}
}

/// Inspect a utility call for wrapper semantics: returns the inner calls if the call
/// is a wrapper variant, `None` otherwise.
pub fn inspect_utility_wrapper<T: pallet_utility::Config>(
call: &pallet_utility::Call<T>,
) -> Option<Vec<&<T as pallet_utility::Config>::RuntimeCall>> {
let inner = utility_inner_calls(call);
if inner.is_empty() {
return None;
}
Some(inner)
}

/// Inspect a sudo call for wrapper semantics: returns inner calls.
pub fn inspect_sudo_wrapper<T: pallet_sudo::Config>(
call: &pallet_sudo::Call<T>,
) -> Option<Vec<&<T as pallet_sudo::Config>::RuntimeCall>> {
let inner = sudo_inner_calls(call);
if inner.is_empty() {
return None;
}
Some(inner)
}

/// Inspect a proxy call for wrapper semantics: returns inner calls.
pub fn inspect_proxy_wrapper<T: pallet_proxy::Config>(
call: &pallet_proxy::Call<T>,
) -> Option<Vec<&<T as pallet_proxy::Config>::RuntimeCall>> {
let inner = proxy_inner_calls(call);
if inner.is_empty() {
return None;
}
Some(inner)
}

/// Extract inner calls from a utility call variant.
pub fn utility_inner_calls<T: pallet_utility::Config>(
call: &pallet_utility::Call<T>,
) -> Vec<&<T as pallet_utility::Config>::RuntimeCall> {
match call {
pallet_utility::Call::batch { calls } |
pallet_utility::Call::batch_all { calls } |
pallet_utility::Call::force_batch { calls } => calls.iter().collect(),
pallet_utility::Call::as_derivative { call, .. } |
pallet_utility::Call::dispatch_as { call, .. } |
pallet_utility::Call::with_weight { call, .. } |
pallet_utility::Call::dispatch_as_fallible { call, .. } => vec![call.as_ref()],
// `if_else` executes only ONE branch (fallback runs only if main fails),
// but we return both so that authorization is validated and consumed for
// both paths during prepare. This over-charges by one branch's worth of
// authorization, but is safe — the alternative of only validating `main`
// would leave the `fallback` store unvalidated if it runs.
pallet_utility::Call::if_else { main, fallback, .. } =>

@franciscoaguirre franciscoaguirre Mar 6, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This means we'll "charge" the storage allowance for both main and fallback always. Is that okay?

@karolk91 karolk91 Mar 12, 2026

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think its ok, since we don't know until dispatch which one will execute

vec![main.as_ref(), fallback.as_ref()],
// __Ignore is a phantom variant generated by FRAME (contains Never so is
// unreachable). Listing it explicitly instead of `_` ensures that new
// upstream variants cause a compile error, forcing a conscious decision.
pallet_utility::Call::__Ignore(..) => vec![],
}
}

/// Extract inner calls from a proxy call variant.
pub fn proxy_inner_calls<T: pallet_proxy::Config>(
call: &pallet_proxy::Call<T>,
) -> Vec<&<T as pallet_proxy::Config>::RuntimeCall> {
match call {
pallet_proxy::Call::proxy { call, .. } |
pallet_proxy::Call::proxy_announced { call, .. } => vec![call.as_ref()],
pallet_proxy::Call::add_proxy { .. } |
pallet_proxy::Call::remove_proxy { .. } |
pallet_proxy::Call::remove_proxies { .. } |
pallet_proxy::Call::create_pure { .. } |
pallet_proxy::Call::kill_pure { .. } |
pallet_proxy::Call::announce { .. } |
pallet_proxy::Call::remove_announcement { .. } |
pallet_proxy::Call::reject_announcement { .. } |
pallet_proxy::Call::poke_deposit { .. } => vec![],
pallet_proxy::Call::__Ignore(..) => vec![],
}
}

/// Extract inner calls from a sudo call variant.
pub fn sudo_inner_calls<T: pallet_sudo::Config>(
call: &pallet_sudo::Call<T>,
) -> Vec<&<T as pallet_sudo::Config>::RuntimeCall> {
match call {
pallet_sudo::Call::sudo { call } |
pallet_sudo::Call::sudo_as { call, .. } |
pallet_sudo::Call::sudo_unchecked_weight { call, .. } => vec![call.as_ref()],
pallet_sudo::Call::set_key { .. } | pallet_sudo::Call::remove_key {} => vec![],
pallet_sudo::Call::__Ignore(..) => vec![],
}
}
Loading
Loading