paras: do not allow PVF vote submission if disabled

if the PVF pre-checking is disabled the runtime dispatchable will reject any attempts of submission. This is also concern the unsigned tx validation. Right now, the `include_pvf_check_statement` dispatchable is effectively uncallable because of the weight set to the maximum value. If we were to benchmark it, it would become includable in a block, but since there will be no active votes, the dispatchable won't do anything. However, it will execute some code, like signature validation and querying some storage entries. To be completely safe, we can bail out early if the `pvf_checking_enabled` config is disabled. That's what this PR does.
paritytech · Jan 13, 2022 · a654a7c · a654a7c
1 parent bbaf400
commit a654a7c
Show file tree

Hide file tree

Showing 2 changed files with 56 additions and 0 deletions.
diff --git a/runtime/parachains/src/paras/mod.rs b/runtime/parachains/src/paras/mod.rs
@@ -512,6 +512,9 @@ pub mod pallet {
 		PvfCheckDoubleVote,
 		/// The given PVF does not exist at the moment of process a vote.
 		PvfCheckSubjectInvalid,
+		/// The PVF pre-checking statement cannot be included since the PVF pre-checking mechanism
+		/// is disabled.
+		PvfCheckDisabled,
 	}
 
 	/// All currently active PVF pre-checking votes.
@@ -875,6 +878,13 @@ pub mod pallet {
 			signature: ValidatorSignature,
 		) -> DispatchResult {
 			ensure_none(origin)?;
+
+			// Make sure that PVF pre-checking is enabled.
+			ensure!(
+				configuration::Pallet::<T>::config().pvf_checking_enabled,
+				Error::<T>::PvfCheckDisabled,
+			);
+
 			let validators = shared::Pallet::<T>::active_validator_keys();
 			let current_session = shared::Pallet::<T>::session_index();
 			if stmt.session_index < current_session {
@@ -957,6 +967,10 @@ pub mod pallet {
 				_ => return InvalidTransaction::Call.into(),
 			};
 
+			if !configuration::Pallet::<T>::config().pvf_checking_enabled {
+				return InvalidTransaction::Custom(INVALID_TX_PVF_CHECK_DISABLED).into()
+			}
+
 			let current_session = shared::Pallet::<T>::session_index();
 			if stmt.session_index < current_session {
 				return InvalidTransaction::Stale.into()
@@ -1017,6 +1031,7 @@ pub mod pallet {
 const INVALID_TX_BAD_VALIDATOR_IDX: u8 = 1;
 const INVALID_TX_BAD_SUBJECT: u8 = 2;
 const INVALID_TX_DOUBLE_VOTE: u8 = 3;
+const INVALID_TX_PVF_CHECK_DISABLED: u8 = 4;
 
 impl<T: Config> Pallet<T> {
 	/// Called by the initializer to initialize the paras pallet.

diff --git a/runtime/parachains/src/paras/tests.rs b/runtime/parachains/src/paras/tests.rs
@@ -1214,6 +1214,47 @@ fn pvf_check_upgrade_reject() {
 	});
 }
 
+#[test]
+fn pvf_check_submit_vote_while_disabled() {
+	let genesis_config = MockGenesisConfig {
+		configuration: crate::configuration::GenesisConfig {
+			config: HostConfiguration { pvf_checking_enabled: false, ..Default::default() },
+			..Default::default()
+		},
+		..Default::default()
+	};
+
+	new_test_ext(genesis_config).execute_with(|| {
+		// This will set the session index to 1 and seed the validators.
+		run_to_block(1, Some(vec![1]));
+
+		let stmt = PvfCheckStatement {
+			accept: false,
+			subject: ValidationCode(vec![1, 2, 3]).hash(),
+			session_index: 1,
+			validator_index: 1.into(),
+		};
+
+		let signature: ValidatorSignature =
+			Sr25519Keyring::Alice.sign(&stmt.signing_payload()).into();
+
+		let call =
+			Call::include_pvf_check_statement { stmt: stmt.clone(), signature: signature.clone() };
+
+		let validate_unsigned =
+			<Paras as ValidateUnsigned>::validate_unsigned(TransactionSource::InBlock, &call);
+		assert_eq!(
+			validate_unsigned,
+			InvalidTransaction::Custom(INVALID_TX_PVF_CHECK_DISABLED).into()
+		);
+
+		assert_err!(
+			Paras::include_pvf_check_statement(None.into(), stmt.clone(), signature.clone()),
+			Error::<Test>::PvfCheckDisabled
+		);
+	});
+}
+
 #[test]
 fn pvf_check_submit_vote() {
 	let code_a: ValidationCode = vec![3, 2, 1].into();