Build(deps): Upgrade libsecp256k1 version 0.3.5 => 0.7.0
#515
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
RomanHodulak
force-pushed
the
libsecp256k1-upgrade
branch
from
d8a2683
to
a54362f
Compare
|
Just note that this only fixes it for local precompiles, not whats currently on NEAR. Those too would need to be looked at on nearcore as we use its host function in production. |
|
@joshuajbouw Ok, good to know. Right now I'm dealing with an issue that upgrading |
|
yes the library is non-std, so you would need to disable it in the Cargo.toml. |
|
Yes but I mean even when std feature of the crate is disabled |
RomanHodulak
force-pushed
the
libsecp256k1-upgrade
branch
from
a54362f
to
964fd94
Compare
|
I'm certain that the issue is within One of which is And that is dependent on Looking at the UpdateThe cause of the issue was I've updated |
RomanHodulak
force-pushed
the
libsecp256k1-upgrade
branch
4 times, most recently
from
6f6247c
to
89edd94
Compare
RomanHodulak
added
A-security
RomanHodulak
added
the
C-dependencies
RomanHodulak
force-pushed
the
libsecp256k1-upgrade
branch
2 times, most recently
from
58e7e0b
to
ef2a8e9
Compare
|
Ready for review. |
|
I'm updating the status to being blocked in favour of moving to std lib first. This should be done rather urgently. See: #200 |
birchmd
approved these changes
Jun 7, 2022
|
Needs rebasing |
RomanHodulak
force-pushed
the
libsecp256k1-upgrade
branch
from
ef2a8e9
to
1a9af04
Compare
This resolves security issues with Signature::parse functions See paritytech/libsecp256k1@b525d5d Also upgrades `aurora-blake2` version `0.9.1` => `0.10.4` to avoid using dicontinued `crypto-mac` dependency
RomanHodulak
force-pushed
the
libsecp256k1-upgrade
branch
from
1a9af04
to
56966ea
Compare
joshuajbouw
approved these changes
Jun 8, 2022
birchmd
pushed a commit
that referenced
this pull request
Jun 8, 2022
This resolves security issues with Signature::parse functions See paritytech/libsecp256k1@b525d5d Also upgrades `aurora-blake2` version `0.9.1` => `0.10.4` to avoid using dicontinued `crypto-mac` dependency
Merged
artob
pushed a commit
that referenced
this pull request
Jun 8, 2022
* Feat(Engine): Precompiles for predecessor_account_id and current_account_id (#462) * Fix(precompiles): Allow native precompiles to work in the standalone engine (#473) * Standalone engine improvements (#478) * Fix(Engine): Predecessor id precompile works in view calls (#477) * Feat(standalone): Persist transaction data (#481) * Feat(Engine): Add custom precompile for NEAR prepaid_gas (#479) * Test: Reproduce 8ru7VEAEbyfZdbC1W2PYQv2cY3W92rbTToDEN4yTp8aZ gas failure (#485) * Feat(standalone): Function to get latest/earliest block (#482) * Engine optimization: cache all reads from NEAR state (#488) * Feat(standalone): Handle call to new method of Engine contract (#490) * Feat(engine-types): optional serde integration (#468) * Changed near-blake2 dependency (#484) * Feat(standalone): thread-safety and serde (#496) * Refactor repro tests to have less boilerplate (#497) * Add serde for TraceTransaction (#495) * Fix(standalone): include possible execution errors in the TransactionIncludedOutcome result field (#500) * Reproduce transaction FRcorNvFojoxBrdiVMTy9gRD3H8EYXXKau4feevMZmFV (#498) * Reproduce transaction 5bEgfRQ5TSJfN9XCqYkMr9cgBLToM7JmS1bNzKpDXJhT (#499) * Fix(connector): Return an error when storage cannot be read instead of panicking (#501) * Standalone: forward underlying rocksdb crate features (#502) * Feat(tests): Multisender benchmark (#503) * Feat(test): Reproduce D98vwmi44hAYs8KtX5aLne1zEkj3MUss42e5SkG2a4SC (#504) * Standalone engine storage saves the AccountId of the associated engine deployed on chain (#510) * Fix(precompiles): Fix secp256k1 run not returning empty slice on an incorrect V byte (#513) * Self-contained wasm contract for testing 5bEgfRQ (#514) * Update gas estimation code to use new data from NEAR protocol v53 (#517) * Fix: Legacy transactions must be allowed (#520) * Chore(precompiles): Include blake2 compression only (#528) * Build(deps): Upgrade `libsecp256k1` version 0.3.5 => 0.7.0 (#515) * Bump regex from 1.5.4 to 1.5.6 (#526) * Bump regex from 1.5.4 to 1.5.6 in /etc/ft-receiver (#525) * Bump zeroize_derive from 1.1.0 to 1.3.2 (#523) * Bump crossbeam-deque from 0.8.0 to 0.8.1 (#521) * Bump crossbeam-utils from 0.8.4 to 0.8.8 (#524) * Bump cross-fetch from 2.2.3 to 2.2.6 in /etc/eth-contracts (#508) * Bump simple-get from 2.8.1 to 2.8.2 in /etc/eth-contracts (#507) * Bump follow-redirects from 1.14.0 to 1.15.1 in /etc/eth-contracts (#529) * Bump shelljs from 0.8.4 to 0.8.5 in /etc/eth-contracts * Fix(ecrecover): Set malleability flag to `0` for ecrecover. (#474) Co-authored-by: Evgeny Ukhanov <evgeny.ukhanov@aurora.dev> Co-authored-by: Marcelo Fornet <marcelo.fornet@aurora.dev> Co-authored-by: Michael Birch <michael.birch@aurora.dev> Co-authored-by: Roman Hodulák <roman.hodulak@aurora.dev> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
joshuajbouw
added a commit
that referenced
this pull request
Jul 1, 2022
* Feat(standalone): Add debug tracing of remaining gas values (#391) * Balance type refactoring (#386) * Remove standalone binary (#403) * Eth Address cleanup (#387) * Fix(dep) Pass std feature on to rjson library (#402) * Feat(benchmarks): update gas bounds after wasm cost reduction (#406) * Feat(tests): Mock touching trie nodes (#408) * Fix: Only allow owner to call deploy_upgrade (#410) * Feat(tests): Uniswap multi-hop swap benchmark (#415) * Fix(engine): Return revert error message during contract deploy (#424) * Move engine transactions module to engine-transactions crate (#418) * Avoid using wasmer directly (#420) * Fix compilation after #418 merge * Use default git attributes for Cargo.lock (#421) * Switch to rebranded blake2 (#422) * Remove unused unused (#423) * Chore: make aurora compatible with latest nightlies (#425) * Chore: upgrade to the recent nightly (#426) * chore: upgrade to the latest nearcore version (#427) * chore: move to 2021 edition (#428) * Benchmark contract performing only pure arithmetic and memory operations (#429) * Fix(engine): Require chain_id (#432) * chore: make sure aurora is using the latest cost config (#435) * Fix(test): make uniswap benchmarks reproducible (#437) * Fix(test): lower gas limit on OOG test; this is needed because the solidity compiler got more efficient, not because of a regression in EVM gas metering correctness * Fix(engine): Cache generation values to avoid repeated state reads (#438) * Fix(engine): Optimize is_account_empty (#439) * Fix(test): update uniswap wasm fraction; this is needed because optimizations from #438 and #439 together lowered the fraction of gas spent on IO * Fix(engine): Upgrade to latest SputnikVM (#445) * Fix(engine): Simple cache to stop consecutive duplicate reads (#446) * Version update and change log Co-authored-by: Aleksey Kladov <aleksey@near.org> Co-authored-by: Evgeny Ukhanov <evgeny.ukhanov@aurora.dev> Co-authored-by: Michael Birch <michael.birch@aurora.dev> Release 2.5.0. (#460) * Engine: Upgrade to latest SputnikVM changes (#455) * Engine: further caching optimizations (#456) * Use EthTransactionKind reference to serialize into bytes (#457) * Test: Reproduce GdASJ3KESs8VegpFECTveCwLQp8fxw8yvsauNEmGb6pZ gas failure (#454) * Fix typo: promise_create (#452) * Fix(Engine): Transactions to the zero address are not the same as transactions with empty to field (#458) Co-authored-by: Marcelo Fornet <marcelo.fornet@aurora.dev> Co-authored-by: Michael Birch <michael.birch@aurora.dev> Release 2.5.1. (#470) * Feat(Engine): Precompiles for predecessor_account_id and current_account_id (#462) * Implement a NEAR native version of the Solidity pure arithmetic benchmark to compare EVM execution cost with direct wasm cost (#463) * Fix features related to panic_info_message (#466) * Fix(standalone): set predecessor_account_id appropriately when executing promise callbacks (#467) * Fix(engine): fix bug in checking if an address exists (#469) * Version update * Update unreleased link Co-authored-by: Joshua J. Bouw <joshua.j.bouw@aurora.dev> Release 2.5.2. (#475) * Revert "Feat(Engine): Precompiles for predecessor_account_id and current_account_id (#462)" Release 2.5.3. (#527) * Fix(precompile): ExitToNear ExitToEthereum vulnerability patch Fix vulnerability Include exploit contract * Release 2.5.3 notes * Update solidity version Co-authored-by: Michael Birch <michael.birch@aurora.dev> Release 2.6.0. (#494) * Feat(Engine): Precompiles for predecessor_account_id and current_account_id (#462) * Fix(precompiles): Allow native precompiles to work in the standalone engine (#473) * Standalone engine improvements (#478) * Fix(Engine): Predecessor id precompile works in view calls (#477) * Feat(standalone): Persist transaction data (#481) * Feat(Engine): Add custom precompile for NEAR prepaid_gas (#479) * Test: Reproduce 8ru7VEAEbyfZdbC1W2PYQv2cY3W92rbTToDEN4yTp8aZ gas failure (#485) * Feat(standalone): Function to get latest/earliest block (#482) * Engine optimization: cache all reads from NEAR state (#488) * Feat(standalone): Handle call to new method of Engine contract (#490) * Feat(engine-types): optional serde integration (#468) * Changed near-blake2 dependency (#484) * Feat(standalone): thread-safety and serde (#496) * Refactor repro tests to have less boilerplate (#497) * Add serde for TraceTransaction (#495) * Fix(standalone): include possible execution errors in the TransactionIncludedOutcome result field (#500) * Reproduce transaction FRcorNvFojoxBrdiVMTy9gRD3H8EYXXKau4feevMZmFV (#498) * Reproduce transaction 5bEgfRQ5TSJfN9XCqYkMr9cgBLToM7JmS1bNzKpDXJhT (#499) * Fix(connector): Return an error when storage cannot be read instead of panicking (#501) * Standalone: forward underlying rocksdb crate features (#502) * Feat(tests): Multisender benchmark (#503) * Feat(test): Reproduce D98vwmi44hAYs8KtX5aLne1zEkj3MUss42e5SkG2a4SC (#504) * Standalone engine storage saves the AccountId of the associated engine deployed on chain (#510) * Fix(precompiles): Fix secp256k1 run not returning empty slice on an incorrect V byte (#513) * Self-contained wasm contract for testing 5bEgfRQ (#514) * Update gas estimation code to use new data from NEAR protocol v53 (#517) * Fix: Legacy transactions must be allowed (#520) * Chore(precompiles): Include blake2 compression only (#528) * Build(deps): Upgrade `libsecp256k1` version 0.3.5 => 0.7.0 (#515) * Bump regex from 1.5.4 to 1.5.6 (#526) * Bump regex from 1.5.4 to 1.5.6 in /etc/ft-receiver (#525) * Bump zeroize_derive from 1.1.0 to 1.3.2 (#523) * Bump crossbeam-deque from 0.8.0 to 0.8.1 (#521) * Bump crossbeam-utils from 0.8.4 to 0.8.8 (#524) * Bump cross-fetch from 2.2.3 to 2.2.6 in /etc/eth-contracts (#508) * Bump simple-get from 2.8.1 to 2.8.2 in /etc/eth-contracts (#507) * Bump follow-redirects from 1.14.0 to 1.15.1 in /etc/eth-contracts (#529) * Bump shelljs from 0.8.4 to 0.8.5 in /etc/eth-contracts * Fix(ecrecover): Set malleability flag to `0` for ecrecover. (#474) Co-authored-by: Evgeny Ukhanov <evgeny.ukhanov@aurora.dev> Co-authored-by: Marcelo Fornet <marcelo.fornet@aurora.dev> Co-authored-by: Michael Birch <michael.birch@aurora.dev> Co-authored-by: Roman Hodulák <roman.hodulak@aurora.dev> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Release 2.6.1. (#537) * Fix: Don't allow fee stealing. * Fix: Don't allow bridge receipt forging. * Fix(engine): Correctly account for changes in total supply of ETH on Aurora (#536) Co-authored-by: Michael Birch <michael.birch@aurora.dev>
joshuajbouw
added a commit
that referenced
this pull request
Jul 1, 2022
* Feat(standalone): Add debug tracing of remaining gas values (#391) * Balance type refactoring (#386) * Remove standalone binary (#403) * Eth Address cleanup (#387) * Fix(dep) Pass std feature on to rjson library (#402) * Feat(benchmarks): update gas bounds after wasm cost reduction (#406) * Feat(tests): Mock touching trie nodes (#408) * Fix: Only allow owner to call deploy_upgrade (#410) * Feat(tests): Uniswap multi-hop swap benchmark (#415) * Fix(engine): Return revert error message during contract deploy (#424) * Move engine transactions module to engine-transactions crate (#418) * Avoid using wasmer directly (#420) * Fix compilation after #418 merge * Use default git attributes for Cargo.lock (#421) * Switch to rebranded blake2 (#422) * Remove unused unused (#423) * Chore: make aurora compatible with latest nightlies (#425) * Chore: upgrade to the recent nightly (#426) * chore: upgrade to the latest nearcore version (#427) * chore: move to 2021 edition (#428) * Benchmark contract performing only pure arithmetic and memory operations (#429) * Fix(engine): Require chain_id (#432) * chore: make sure aurora is using the latest cost config (#435) * Fix(test): make uniswap benchmarks reproducible (#437) * Fix(test): lower gas limit on OOG test; this is needed because the solidity compiler got more efficient, not because of a regression in EVM gas metering correctness * Fix(engine): Cache generation values to avoid repeated state reads (#438) * Fix(engine): Optimize is_account_empty (#439) * Fix(test): update uniswap wasm fraction; this is needed because optimizations from #438 and #439 together lowered the fraction of gas spent on IO * Fix(engine): Upgrade to latest SputnikVM (#445) * Fix(engine): Simple cache to stop consecutive duplicate reads (#446) * Version update and change log Co-authored-by: Aleksey Kladov <aleksey@near.org> Co-authored-by: Evgeny Ukhanov <evgeny.ukhanov@aurora.dev> Co-authored-by: Michael Birch <michael.birch@aurora.dev> Release 2.5.0. (#460) * Engine: Upgrade to latest SputnikVM changes (#455) * Engine: further caching optimizations (#456) * Use EthTransactionKind reference to serialize into bytes (#457) * Test: Reproduce GdASJ3KESs8VegpFECTveCwLQp8fxw8yvsauNEmGb6pZ gas failure (#454) * Fix typo: promise_create (#452) * Fix(Engine): Transactions to the zero address are not the same as transactions with empty to field (#458) Co-authored-by: Marcelo Fornet <marcelo.fornet@aurora.dev> Co-authored-by: Michael Birch <michael.birch@aurora.dev> Release 2.5.1. (#470) * Feat(Engine): Precompiles for predecessor_account_id and current_account_id (#462) * Implement a NEAR native version of the Solidity pure arithmetic benchmark to compare EVM execution cost with direct wasm cost (#463) * Fix features related to panic_info_message (#466) * Fix(standalone): set predecessor_account_id appropriately when executing promise callbacks (#467) * Fix(engine): fix bug in checking if an address exists (#469) * Version update * Update unreleased link Co-authored-by: Joshua J. Bouw <joshua.j.bouw@aurora.dev> Release 2.5.2. (#475) * Revert "Feat(Engine): Precompiles for predecessor_account_id and current_account_id (#462)" Release 2.5.3. (#527) * Fix(precompile): ExitToNear ExitToEthereum vulnerability patch Fix vulnerability Include exploit contract * Release 2.5.3 notes * Update solidity version Co-authored-by: Michael Birch <michael.birch@aurora.dev> Release 2.6.0. (#494) * Feat(Engine): Precompiles for predecessor_account_id and current_account_id (#462) * Fix(precompiles): Allow native precompiles to work in the standalone engine (#473) * Standalone engine improvements (#478) * Fix(Engine): Predecessor id precompile works in view calls (#477) * Feat(standalone): Persist transaction data (#481) * Feat(Engine): Add custom precompile for NEAR prepaid_gas (#479) * Test: Reproduce 8ru7VEAEbyfZdbC1W2PYQv2cY3W92rbTToDEN4yTp8aZ gas failure (#485) * Feat(standalone): Function to get latest/earliest block (#482) * Engine optimization: cache all reads from NEAR state (#488) * Feat(standalone): Handle call to new method of Engine contract (#490) * Feat(engine-types): optional serde integration (#468) * Changed near-blake2 dependency (#484) * Feat(standalone): thread-safety and serde (#496) * Refactor repro tests to have less boilerplate (#497) * Add serde for TraceTransaction (#495) * Fix(standalone): include possible execution errors in the TransactionIncludedOutcome result field (#500) * Reproduce transaction FRcorNvFojoxBrdiVMTy9gRD3H8EYXXKau4feevMZmFV (#498) * Reproduce transaction 5bEgfRQ5TSJfN9XCqYkMr9cgBLToM7JmS1bNzKpDXJhT (#499) * Fix(connector): Return an error when storage cannot be read instead of panicking (#501) * Standalone: forward underlying rocksdb crate features (#502) * Feat(tests): Multisender benchmark (#503) * Feat(test): Reproduce D98vwmi44hAYs8KtX5aLne1zEkj3MUss42e5SkG2a4SC (#504) * Standalone engine storage saves the AccountId of the associated engine deployed on chain (#510) * Fix(precompiles): Fix secp256k1 run not returning empty slice on an incorrect V byte (#513) * Self-contained wasm contract for testing 5bEgfRQ (#514) * Update gas estimation code to use new data from NEAR protocol v53 (#517) * Fix: Legacy transactions must be allowed (#520) * Chore(precompiles): Include blake2 compression only (#528) * Build(deps): Upgrade `libsecp256k1` version 0.3.5 => 0.7.0 (#515) * Bump regex from 1.5.4 to 1.5.6 (#526) * Bump regex from 1.5.4 to 1.5.6 in /etc/ft-receiver (#525) * Bump zeroize_derive from 1.1.0 to 1.3.2 (#523) * Bump crossbeam-deque from 0.8.0 to 0.8.1 (#521) * Bump crossbeam-utils from 0.8.4 to 0.8.8 (#524) * Bump cross-fetch from 2.2.3 to 2.2.6 in /etc/eth-contracts (#508) * Bump simple-get from 2.8.1 to 2.8.2 in /etc/eth-contracts (#507) * Bump follow-redirects from 1.14.0 to 1.15.1 in /etc/eth-contracts (#529) * Bump shelljs from 0.8.4 to 0.8.5 in /etc/eth-contracts * Fix(ecrecover): Set malleability flag to `0` for ecrecover. (#474) Co-authored-by: Evgeny Ukhanov <evgeny.ukhanov@aurora.dev> Co-authored-by: Marcelo Fornet <marcelo.fornet@aurora.dev> Co-authored-by: Michael Birch <michael.birch@aurora.dev> Co-authored-by: Roman Hodulák <roman.hodulak@aurora.dev> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Release 2.6.1. (#537) * Fix: Don't allow fee stealing. * Fix: Don't allow bridge receipt forging. * Fix(engine): Correctly account for changes in total supply of ETH on Aurora (#536) Co-authored-by: Michael Birch <michael.birch@aurora.dev> Co-authored-by: Michael Birch <michael.birch@aurora.dev>
joshuajbouw
added a commit
that referenced
this pull request
Aug 18, 2022
* Feat(standalone): Add debug tracing of remaining gas values (#391) * Balance type refactoring (#386) * Remove standalone binary (#403) * Eth Address cleanup (#387) * Fix(dep) Pass std feature on to rjson library (#402) * Feat(benchmarks): update gas bounds after wasm cost reduction (#406) * Feat(tests): Mock touching trie nodes (#408) * Fix: Only allow owner to call deploy_upgrade (#410) * Feat(tests): Uniswap multi-hop swap benchmark (#415) * Fix(engine): Return revert error message during contract deploy (#424) * Move engine transactions module to engine-transactions crate (#418) * Avoid using wasmer directly (#420) * Fix compilation after #418 merge * Use default git attributes for Cargo.lock (#421) * Switch to rebranded blake2 (#422) * Remove unused unused (#423) * Chore: make aurora compatible with latest nightlies (#425) * Chore: upgrade to the recent nightly (#426) * chore: upgrade to the latest nearcore version (#427) * chore: move to 2021 edition (#428) * Benchmark contract performing only pure arithmetic and memory operations (#429) * Fix(engine): Require chain_id (#432) * chore: make sure aurora is using the latest cost config (#435) * Fix(test): make uniswap benchmarks reproducible (#437) * Fix(test): lower gas limit on OOG test; this is needed because the solidity compiler got more efficient, not because of a regression in EVM gas metering correctness * Fix(engine): Cache generation values to avoid repeated state reads (#438) * Fix(engine): Optimize is_account_empty (#439) * Fix(test): update uniswap wasm fraction; this is needed because optimizations from #438 and #439 together lowered the fraction of gas spent on IO * Fix(engine): Upgrade to latest SputnikVM (#445) * Fix(engine): Simple cache to stop consecutive duplicate reads (#446) * Version update and change log Co-authored-by: Aleksey Kladov <aleksey@near.org> Co-authored-by: Evgeny Ukhanov <evgeny.ukhanov@aurora.dev> Co-authored-by: Michael Birch <michael.birch@aurora.dev> Release 2.5.0. (#460) * Engine: Upgrade to latest SputnikVM changes (#455) * Engine: further caching optimizations (#456) * Use EthTransactionKind reference to serialize into bytes (#457) * Test: Reproduce GdASJ3KESs8VegpFECTveCwLQp8fxw8yvsauNEmGb6pZ gas failure (#454) * Fix typo: promise_create (#452) * Fix(Engine): Transactions to the zero address are not the same as transactions with empty to field (#458) Co-authored-by: Marcelo Fornet <marcelo.fornet@aurora.dev> Co-authored-by: Michael Birch <michael.birch@aurora.dev> Release 2.5.1. (#470) * Feat(Engine): Precompiles for predecessor_account_id and current_account_id (#462) * Implement a NEAR native version of the Solidity pure arithmetic benchmark to compare EVM execution cost with direct wasm cost (#463) * Fix features related to panic_info_message (#466) * Fix(standalone): set predecessor_account_id appropriately when executing promise callbacks (#467) * Fix(engine): fix bug in checking if an address exists (#469) * Version update * Update unreleased link Co-authored-by: Joshua J. Bouw <joshua.j.bouw@aurora.dev> Release 2.5.2. (#475) * Revert "Feat(Engine): Precompiles for predecessor_account_id and current_account_id (#462)" Release 2.5.3. (#527) * Fix(precompile): ExitToNear ExitToEthereum vulnerability patch Fix vulnerability Include exploit contract * Release 2.5.3 notes * Update solidity version Co-authored-by: Michael Birch <michael.birch@aurora.dev> Release 2.6.0. (#494) * Feat(Engine): Precompiles for predecessor_account_id and current_account_id (#462) * Fix(precompiles): Allow native precompiles to work in the standalone engine (#473) * Standalone engine improvements (#478) * Fix(Engine): Predecessor id precompile works in view calls (#477) * Feat(standalone): Persist transaction data (#481) * Feat(Engine): Add custom precompile for NEAR prepaid_gas (#479) * Test: Reproduce 8ru7VEAEbyfZdbC1W2PYQv2cY3W92rbTToDEN4yTp8aZ gas failure (#485) * Feat(standalone): Function to get latest/earliest block (#482) * Engine optimization: cache all reads from NEAR state (#488) * Feat(standalone): Handle call to new method of Engine contract (#490) * Feat(engine-types): optional serde integration (#468) * Changed near-blake2 dependency (#484) * Feat(standalone): thread-safety and serde (#496) * Refactor repro tests to have less boilerplate (#497) * Add serde for TraceTransaction (#495) * Fix(standalone): include possible execution errors in the TransactionIncludedOutcome result field (#500) * Reproduce transaction FRcorNvFojoxBrdiVMTy9gRD3H8EYXXKau4feevMZmFV (#498) * Reproduce transaction 5bEgfRQ5TSJfN9XCqYkMr9cgBLToM7JmS1bNzKpDXJhT (#499) * Fix(connector): Return an error when storage cannot be read instead of panicking (#501) * Standalone: forward underlying rocksdb crate features (#502) * Feat(tests): Multisender benchmark (#503) * Feat(test): Reproduce D98vwmi44hAYs8KtX5aLne1zEkj3MUss42e5SkG2a4SC (#504) * Standalone engine storage saves the AccountId of the associated engine deployed on chain (#510) * Fix(precompiles): Fix secp256k1 run not returning empty slice on an incorrect V byte (#513) * Self-contained wasm contract for testing 5bEgfRQ (#514) * Update gas estimation code to use new data from NEAR protocol v53 (#517) * Fix: Legacy transactions must be allowed (#520) * Chore(precompiles): Include blake2 compression only (#528) * Build(deps): Upgrade `libsecp256k1` version 0.3.5 => 0.7.0 (#515) * Bump regex from 1.5.4 to 1.5.6 (#526) * Bump regex from 1.5.4 to 1.5.6 in /etc/ft-receiver (#525) * Bump zeroize_derive from 1.1.0 to 1.3.2 (#523) * Bump crossbeam-deque from 0.8.0 to 0.8.1 (#521) * Bump crossbeam-utils from 0.8.4 to 0.8.8 (#524) * Bump cross-fetch from 2.2.3 to 2.2.6 in /etc/eth-contracts (#508) * Bump simple-get from 2.8.1 to 2.8.2 in /etc/eth-contracts (#507) * Bump follow-redirects from 1.14.0 to 1.15.1 in /etc/eth-contracts (#529) * Bump shelljs from 0.8.4 to 0.8.5 in /etc/eth-contracts * Fix(ecrecover): Set malleability flag to `0` for ecrecover. (#474) Co-authored-by: Evgeny Ukhanov <evgeny.ukhanov@aurora.dev> Co-authored-by: Marcelo Fornet <marcelo.fornet@aurora.dev> Co-authored-by: Michael Birch <michael.birch@aurora.dev> Co-authored-by: Roman Hodulák <roman.hodulak@aurora.dev> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Release 2.6.1. (#537) * Fix: Don't allow fee stealing. * Fix: Don't allow bridge receipt forging. * Fix(engine): Correctly account for changes in total supply of ETH on Aurora (#536) Co-authored-by: Michael Birch <michael.birch@aurora.dev> Co-authored-by: Michael Birch <michael.birch@aurora.dev>
birchmd
added a commit
that referenced
this pull request
Aug 18, 2022
* Feat(standalone): Add debug tracing of remaining gas values (#391) * Balance type refactoring (#386) * Remove standalone binary (#403) * Eth Address cleanup (#387) * Fix(dep) Pass std feature on to rjson library (#402) * Feat(benchmarks): update gas bounds after wasm cost reduction (#406) * Feat(tests): Mock touching trie nodes (#408) * Fix: Only allow owner to call deploy_upgrade (#410) * Feat(tests): Uniswap multi-hop swap benchmark (#415) * Fix(engine): Return revert error message during contract deploy (#424) * Move engine transactions module to engine-transactions crate (#418) * Avoid using wasmer directly (#420) * Fix compilation after #418 merge * Use default git attributes for Cargo.lock (#421) * Switch to rebranded blake2 (#422) * Remove unused unused (#423) * Chore: make aurora compatible with latest nightlies (#425) * Chore: upgrade to the recent nightly (#426) * chore: upgrade to the latest nearcore version (#427) * chore: move to 2021 edition (#428) * Benchmark contract performing only pure arithmetic and memory operations (#429) * Fix(engine): Require chain_id (#432) * chore: make sure aurora is using the latest cost config (#435) * Fix(test): make uniswap benchmarks reproducible (#437) * Fix(test): lower gas limit on OOG test; this is needed because the solidity compiler got more efficient, not because of a regression in EVM gas metering correctness * Fix(engine): Cache generation values to avoid repeated state reads (#438) * Fix(engine): Optimize is_account_empty (#439) * Fix(test): update uniswap wasm fraction; this is needed because optimizations from #438 and #439 together lowered the fraction of gas spent on IO * Fix(engine): Upgrade to latest SputnikVM (#445) * Fix(engine): Simple cache to stop consecutive duplicate reads (#446) * Version update and change log Co-authored-by: Aleksey Kladov <aleksey@near.org> Co-authored-by: Evgeny Ukhanov <evgeny.ukhanov@aurora.dev> Co-authored-by: Michael Birch <michael.birch@aurora.dev> Release 2.5.0. (#460) * Engine: Upgrade to latest SputnikVM changes (#455) * Engine: further caching optimizations (#456) * Use EthTransactionKind reference to serialize into bytes (#457) * Test: Reproduce GdASJ3KESs8VegpFECTveCwLQp8fxw8yvsauNEmGb6pZ gas failure (#454) * Fix typo: promise_create (#452) * Fix(Engine): Transactions to the zero address are not the same as transactions with empty to field (#458) Co-authored-by: Marcelo Fornet <marcelo.fornet@aurora.dev> Co-authored-by: Michael Birch <michael.birch@aurora.dev> Release 2.5.1. (#470) * Feat(Engine): Precompiles for predecessor_account_id and current_account_id (#462) * Implement a NEAR native version of the Solidity pure arithmetic benchmark to compare EVM execution cost with direct wasm cost (#463) * Fix features related to panic_info_message (#466) * Fix(standalone): set predecessor_account_id appropriately when executing promise callbacks (#467) * Fix(engine): fix bug in checking if an address exists (#469) * Version update * Update unreleased link Co-authored-by: Joshua J. Bouw <joshua.j.bouw@aurora.dev> Release 2.5.2. (#475) * Revert "Feat(Engine): Precompiles for predecessor_account_id and current_account_id (#462)" Release 2.5.3. (#527) * Fix(precompile): ExitToNear ExitToEthereum vulnerability patch Fix vulnerability Include exploit contract * Release 2.5.3 notes * Update solidity version Co-authored-by: Michael Birch <michael.birch@aurora.dev> Release 2.6.0. (#494) * Feat(Engine): Precompiles for predecessor_account_id and current_account_id (#462) * Fix(precompiles): Allow native precompiles to work in the standalone engine (#473) * Standalone engine improvements (#478) * Fix(Engine): Predecessor id precompile works in view calls (#477) * Feat(standalone): Persist transaction data (#481) * Feat(Engine): Add custom precompile for NEAR prepaid_gas (#479) * Test: Reproduce 8ru7VEAEbyfZdbC1W2PYQv2cY3W92rbTToDEN4yTp8aZ gas failure (#485) * Feat(standalone): Function to get latest/earliest block (#482) * Engine optimization: cache all reads from NEAR state (#488) * Feat(standalone): Handle call to new method of Engine contract (#490) * Feat(engine-types): optional serde integration (#468) * Changed near-blake2 dependency (#484) * Feat(standalone): thread-safety and serde (#496) * Refactor repro tests to have less boilerplate (#497) * Add serde for TraceTransaction (#495) * Fix(standalone): include possible execution errors in the TransactionIncludedOutcome result field (#500) * Reproduce transaction FRcorNvFojoxBrdiVMTy9gRD3H8EYXXKau4feevMZmFV (#498) * Reproduce transaction 5bEgfRQ5TSJfN9XCqYkMr9cgBLToM7JmS1bNzKpDXJhT (#499) * Fix(connector): Return an error when storage cannot be read instead of panicking (#501) * Standalone: forward underlying rocksdb crate features (#502) * Feat(tests): Multisender benchmark (#503) * Feat(test): Reproduce D98vwmi44hAYs8KtX5aLne1zEkj3MUss42e5SkG2a4SC (#504) * Standalone engine storage saves the AccountId of the associated engine deployed on chain (#510) * Fix(precompiles): Fix secp256k1 run not returning empty slice on an incorrect V byte (#513) * Self-contained wasm contract for testing 5bEgfRQ (#514) * Update gas estimation code to use new data from NEAR protocol v53 (#517) * Fix: Legacy transactions must be allowed (#520) * Chore(precompiles): Include blake2 compression only (#528) * Build(deps): Upgrade `libsecp256k1` version 0.3.5 => 0.7.0 (#515) * Bump regex from 1.5.4 to 1.5.6 (#526) * Bump regex from 1.5.4 to 1.5.6 in /etc/ft-receiver (#525) * Bump zeroize_derive from 1.1.0 to 1.3.2 (#523) * Bump crossbeam-deque from 0.8.0 to 0.8.1 (#521) * Bump crossbeam-utils from 0.8.4 to 0.8.8 (#524) * Bump cross-fetch from 2.2.3 to 2.2.6 in /etc/eth-contracts (#508) * Bump simple-get from 2.8.1 to 2.8.2 in /etc/eth-contracts (#507) * Bump follow-redirects from 1.14.0 to 1.15.1 in /etc/eth-contracts (#529) * Bump shelljs from 0.8.4 to 0.8.5 in /etc/eth-contracts * Fix(ecrecover): Set malleability flag to `0` for ecrecover. (#474) Co-authored-by: Evgeny Ukhanov <evgeny.ukhanov@aurora.dev> Co-authored-by: Marcelo Fornet <marcelo.fornet@aurora.dev> Co-authored-by: Michael Birch <michael.birch@aurora.dev> Co-authored-by: Roman Hodulák <roman.hodulak@aurora.dev> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Release 2.6.1. (#537) * Fix: Don't allow fee stealing. * Fix: Don't allow bridge receipt forging. * Fix(engine): Correctly account for changes in total supply of ETH on Aurora (#536) Co-authored-by: Michael Birch <michael.birch@aurora.dev> Co-authored-by: Michael Birch <michael.birch@aurora.dev>
joshuajbouw
added a commit
that referenced
this pull request
Aug 18, 2022
* Feat(standalone): Add debug tracing of remaining gas values (#391) * Balance type refactoring (#386) * Remove standalone binary (#403) * Eth Address cleanup (#387) * Fix(dep) Pass std feature on to rjson library (#402) * Feat(benchmarks): update gas bounds after wasm cost reduction (#406) * Feat(tests): Mock touching trie nodes (#408) * Fix: Only allow owner to call deploy_upgrade (#410) * Feat(tests): Uniswap multi-hop swap benchmark (#415) * Fix(engine): Return revert error message during contract deploy (#424) * Move engine transactions module to engine-transactions crate (#418) * Avoid using wasmer directly (#420) * Fix compilation after #418 merge * Use default git attributes for Cargo.lock (#421) * Switch to rebranded blake2 (#422) * Remove unused unused (#423) * Chore: make aurora compatible with latest nightlies (#425) * Chore: upgrade to the recent nightly (#426) * chore: upgrade to the latest nearcore version (#427) * chore: move to 2021 edition (#428) * Benchmark contract performing only pure arithmetic and memory operations (#429) * Fix(engine): Require chain_id (#432) * chore: make sure aurora is using the latest cost config (#435) * Fix(test): make uniswap benchmarks reproducible (#437) * Fix(test): lower gas limit on OOG test; this is needed because the solidity compiler got more efficient, not because of a regression in EVM gas metering correctness * Fix(engine): Cache generation values to avoid repeated state reads (#438) * Fix(engine): Optimize is_account_empty (#439) * Fix(test): update uniswap wasm fraction; this is needed because optimizations from #438 and #439 together lowered the fraction of gas spent on IO * Fix(engine): Upgrade to latest SputnikVM (#445) * Fix(engine): Simple cache to stop consecutive duplicate reads (#446) * Version update and change log Co-authored-by: Aleksey Kladov <aleksey@near.org> Co-authored-by: Evgeny Ukhanov <evgeny.ukhanov@aurora.dev> Co-authored-by: Michael Birch <michael.birch@aurora.dev> Release 2.5.0. (#460) * Engine: Upgrade to latest SputnikVM changes (#455) * Engine: further caching optimizations (#456) * Use EthTransactionKind reference to serialize into bytes (#457) * Test: Reproduce GdASJ3KESs8VegpFECTveCwLQp8fxw8yvsauNEmGb6pZ gas failure (#454) * Fix typo: promise_create (#452) * Fix(Engine): Transactions to the zero address are not the same as transactions with empty to field (#458) Co-authored-by: Marcelo Fornet <marcelo.fornet@aurora.dev> Co-authored-by: Michael Birch <michael.birch@aurora.dev> Release 2.5.1. (#470) * Feat(Engine): Precompiles for predecessor_account_id and current_account_id (#462) * Implement a NEAR native version of the Solidity pure arithmetic benchmark to compare EVM execution cost with direct wasm cost (#463) * Fix features related to panic_info_message (#466) * Fix(standalone): set predecessor_account_id appropriately when executing promise callbacks (#467) * Fix(engine): fix bug in checking if an address exists (#469) * Version update * Update unreleased link Co-authored-by: Joshua J. Bouw <joshua.j.bouw@aurora.dev> Release 2.5.2. (#475) * Revert "Feat(Engine): Precompiles for predecessor_account_id and current_account_id (#462)" Release 2.5.3. (#527) * Fix(precompile): ExitToNear ExitToEthereum vulnerability patch Fix vulnerability Include exploit contract * Release 2.5.3 notes * Update solidity version Co-authored-by: Michael Birch <michael.birch@aurora.dev> Release 2.6.0. (#494) * Feat(Engine): Precompiles for predecessor_account_id and current_account_id (#462) * Fix(precompiles): Allow native precompiles to work in the standalone engine (#473) * Standalone engine improvements (#478) * Fix(Engine): Predecessor id precompile works in view calls (#477) * Feat(standalone): Persist transaction data (#481) * Feat(Engine): Add custom precompile for NEAR prepaid_gas (#479) * Test: Reproduce 8ru7VEAEbyfZdbC1W2PYQv2cY3W92rbTToDEN4yTp8aZ gas failure (#485) * Feat(standalone): Function to get latest/earliest block (#482) * Engine optimization: cache all reads from NEAR state (#488) * Feat(standalone): Handle call to new method of Engine contract (#490) * Feat(engine-types): optional serde integration (#468) * Changed near-blake2 dependency (#484) * Feat(standalone): thread-safety and serde (#496) * Refactor repro tests to have less boilerplate (#497) * Add serde for TraceTransaction (#495) * Fix(standalone): include possible execution errors in the TransactionIncludedOutcome result field (#500) * Reproduce transaction FRcorNvFojoxBrdiVMTy9gRD3H8EYXXKau4feevMZmFV (#498) * Reproduce transaction 5bEgfRQ5TSJfN9XCqYkMr9cgBLToM7JmS1bNzKpDXJhT (#499) * Fix(connector): Return an error when storage cannot be read instead of panicking (#501) * Standalone: forward underlying rocksdb crate features (#502) * Feat(tests): Multisender benchmark (#503) * Feat(test): Reproduce D98vwmi44hAYs8KtX5aLne1zEkj3MUss42e5SkG2a4SC (#504) * Standalone engine storage saves the AccountId of the associated engine deployed on chain (#510) * Fix(precompiles): Fix secp256k1 run not returning empty slice on an incorrect V byte (#513) * Self-contained wasm contract for testing 5bEgfRQ (#514) * Update gas estimation code to use new data from NEAR protocol v53 (#517) * Fix: Legacy transactions must be allowed (#520) * Chore(precompiles): Include blake2 compression only (#528) * Build(deps): Upgrade `libsecp256k1` version 0.3.5 => 0.7.0 (#515) * Bump regex from 1.5.4 to 1.5.6 (#526) * Bump regex from 1.5.4 to 1.5.6 in /etc/ft-receiver (#525) * Bump zeroize_derive from 1.1.0 to 1.3.2 (#523) * Bump crossbeam-deque from 0.8.0 to 0.8.1 (#521) * Bump crossbeam-utils from 0.8.4 to 0.8.8 (#524) * Bump cross-fetch from 2.2.3 to 2.2.6 in /etc/eth-contracts (#508) * Bump simple-get from 2.8.1 to 2.8.2 in /etc/eth-contracts (#507) * Bump follow-redirects from 1.14.0 to 1.15.1 in /etc/eth-contracts (#529) * Bump shelljs from 0.8.4 to 0.8.5 in /etc/eth-contracts * Fix(ecrecover): Set malleability flag to `0` for ecrecover. (#474) Co-authored-by: Evgeny Ukhanov <evgeny.ukhanov@aurora.dev> Co-authored-by: Marcelo Fornet <marcelo.fornet@aurora.dev> Co-authored-by: Michael Birch <michael.birch@aurora.dev> Co-authored-by: Roman Hodulák <roman.hodulak@aurora.dev> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Release 2.6.1. (#537) * Fix: Don't allow fee stealing. * Fix: Don't allow bridge receipt forging. * Fix(engine): Correctly account for changes in total supply of ETH on Aurora (#536) Co-authored-by: Michael Birch <michael.birch@aurora.dev> Co-authored-by: Michael Birch <michael.birch@aurora.dev>
joshuajbouw
added a commit
that referenced
this pull request
Aug 19, 2022
Feat(tracing): Implement callTracer (#538) Add docker as a prerequisites (#542) This was found by @mooori while running tests for first time. Update dependencies (#541) Update etc/self-contained-5bEgfRQ Decrease gas usage for some tests Merge: 2.6.1 into `develop` from `master` (#546) * Feat(standalone): Add debug tracing of remaining gas values (#391) * Balance type refactoring (#386) * Remove standalone binary (#403) * Eth Address cleanup (#387) * Fix(dep) Pass std feature on to rjson library (#402) * Feat(benchmarks): update gas bounds after wasm cost reduction (#406) * Feat(tests): Mock touching trie nodes (#408) * Fix: Only allow owner to call deploy_upgrade (#410) * Feat(tests): Uniswap multi-hop swap benchmark (#415) * Fix(engine): Return revert error message during contract deploy (#424) * Move engine transactions module to engine-transactions crate (#418) * Avoid using wasmer directly (#420) * Fix compilation after #418 merge * Use default git attributes for Cargo.lock (#421) * Switch to rebranded blake2 (#422) * Remove unused unused (#423) * Chore: make aurora compatible with latest nightlies (#425) * Chore: upgrade to the recent nightly (#426) * chore: upgrade to the latest nearcore version (#427) * chore: move to 2021 edition (#428) * Benchmark contract performing only pure arithmetic and memory operations (#429) * Fix(engine): Require chain_id (#432) * chore: make sure aurora is using the latest cost config (#435) * Fix(test): make uniswap benchmarks reproducible (#437) * Fix(test): lower gas limit on OOG test; this is needed because the solidity compiler got more efficient, not because of a regression in EVM gas metering correctness * Fix(engine): Cache generation values to avoid repeated state reads (#438) * Fix(engine): Optimize is_account_empty (#439) * Fix(test): update uniswap wasm fraction; this is needed because optimizations from #438 and #439 together lowered the fraction of gas spent on IO * Fix(engine): Upgrade to latest SputnikVM (#445) * Fix(engine): Simple cache to stop consecutive duplicate reads (#446) * Version update and change log Co-authored-by: Aleksey Kladov <aleksey@near.org> Co-authored-by: Evgeny Ukhanov <evgeny.ukhanov@aurora.dev> Co-authored-by: Michael Birch <michael.birch@aurora.dev> Release 2.5.0. (#460) * Engine: Upgrade to latest SputnikVM changes (#455) * Engine: further caching optimizations (#456) * Use EthTransactionKind reference to serialize into bytes (#457) * Test: Reproduce GdASJ3KESs8VegpFECTveCwLQp8fxw8yvsauNEmGb6pZ gas failure (#454) * Fix typo: promise_create (#452) * Fix(Engine): Transactions to the zero address are not the same as transactions with empty to field (#458) Co-authored-by: Marcelo Fornet <marcelo.fornet@aurora.dev> Co-authored-by: Michael Birch <michael.birch@aurora.dev> Release 2.5.1. (#470) * Feat(Engine): Precompiles for predecessor_account_id and current_account_id (#462) * Implement a NEAR native version of the Solidity pure arithmetic benchmark to compare EVM execution cost with direct wasm cost (#463) * Fix features related to panic_info_message (#466) * Fix(standalone): set predecessor_account_id appropriately when executing promise callbacks (#467) * Fix(engine): fix bug in checking if an address exists (#469) * Version update * Update unreleased link Co-authored-by: Joshua J. Bouw <joshua.j.bouw@aurora.dev> Release 2.5.2. (#475) * Revert "Feat(Engine): Precompiles for predecessor_account_id and current_account_id (#462)" Release 2.5.3. (#527) * Fix(precompile): ExitToNear ExitToEthereum vulnerability patch Fix vulnerability Include exploit contract * Release 2.5.3 notes * Update solidity version Co-authored-by: Michael Birch <michael.birch@aurora.dev> Release 2.6.0. (#494) * Feat(Engine): Precompiles for predecessor_account_id and current_account_id (#462) * Fix(precompiles): Allow native precompiles to work in the standalone engine (#473) * Standalone engine improvements (#478) * Fix(Engine): Predecessor id precompile works in view calls (#477) * Feat(standalone): Persist transaction data (#481) * Feat(Engine): Add custom precompile for NEAR prepaid_gas (#479) * Test: Reproduce 8ru7VEAEbyfZdbC1W2PYQv2cY3W92rbTToDEN4yTp8aZ gas failure (#485) * Feat(standalone): Function to get latest/earliest block (#482) * Engine optimization: cache all reads from NEAR state (#488) * Feat(standalone): Handle call to new method of Engine contract (#490) * Feat(engine-types): optional serde integration (#468) * Changed near-blake2 dependency (#484) * Feat(standalone): thread-safety and serde (#496) * Refactor repro tests to have less boilerplate (#497) * Add serde for TraceTransaction (#495) * Fix(standalone): include possible execution errors in the TransactionIncludedOutcome result field (#500) * Reproduce transaction FRcorNvFojoxBrdiVMTy9gRD3H8EYXXKau4feevMZmFV (#498) * Reproduce transaction 5bEgfRQ5TSJfN9XCqYkMr9cgBLToM7JmS1bNzKpDXJhT (#499) * Fix(connector): Return an error when storage cannot be read instead of panicking (#501) * Standalone: forward underlying rocksdb crate features (#502) * Feat(tests): Multisender benchmark (#503) * Feat(test): Reproduce D98vwmi44hAYs8KtX5aLne1zEkj3MUss42e5SkG2a4SC (#504) * Standalone engine storage saves the AccountId of the associated engine deployed on chain (#510) * Fix(precompiles): Fix secp256k1 run not returning empty slice on an incorrect V byte (#513) * Self-contained wasm contract for testing 5bEgfRQ (#514) * Update gas estimation code to use new data from NEAR protocol v53 (#517) * Fix: Legacy transactions must be allowed (#520) * Chore(precompiles): Include blake2 compression only (#528) * Build(deps): Upgrade `libsecp256k1` version 0.3.5 => 0.7.0 (#515) * Bump regex from 1.5.4 to 1.5.6 (#526) * Bump regex from 1.5.4 to 1.5.6 in /etc/ft-receiver (#525) * Bump zeroize_derive from 1.1.0 to 1.3.2 (#523) * Bump crossbeam-deque from 0.8.0 to 0.8.1 (#521) * Bump crossbeam-utils from 0.8.4 to 0.8.8 (#524) * Bump cross-fetch from 2.2.3 to 2.2.6 in /etc/eth-contracts (#508) * Bump simple-get from 2.8.1 to 2.8.2 in /etc/eth-contracts (#507) * Bump follow-redirects from 1.14.0 to 1.15.1 in /etc/eth-contracts (#529) * Bump shelljs from 0.8.4 to 0.8.5 in /etc/eth-contracts * Fix(ecrecover): Set malleability flag to `0` for ecrecover. (#474) Co-authored-by: Evgeny Ukhanov <evgeny.ukhanov@aurora.dev> Co-authored-by: Marcelo Fornet <marcelo.fornet@aurora.dev> Co-authored-by: Michael Birch <michael.birch@aurora.dev> Co-authored-by: Roman Hodulák <roman.hodulak@aurora.dev> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Release 2.6.1. (#537) * Fix: Don't allow fee stealing. * Fix: Don't allow bridge receipt forging. * Fix(engine): Correctly account for changes in total supply of ETH on Aurora (#536) Co-authored-by: Michael Birch <michael.birch@aurora.dev> Co-authored-by: Michael Birch <michael.birch@aurora.dev> Chore: Update js dependencies (#543) # Update JS dependencies A number of the JS dependencies were out of date and require to be updated. While a number of these were used almost exclusively for testing, the EVM ERC 20 contract is obviously used in production. Over the last year, we had carefully monitored to ensure that we have not been allowing security-related vulnerabilities into our production contracts. However updating these contracts is a good thing to do, and should be actively updated going forward as we do see slight performance gains in doing so. As a small bonus, this also introduces a force of updating the docker image used to compile some of the test / benchmark contracts. ## Related Issues There are no known related issues. ## Risk Analysis The EvmErc20 and EvmErc20V2 contracts have been recompiled due to the nature of these changes as the compiler has been updated. However, this is expected and intended. ## Testing None are required. Constant error messages (#535) * Added errors module and changed json errors * Set engine module errors as consts * Set connector module errors as consts * deposit_event const errors * extend const errors msgs chore: Cargo make integration (#378) Make files can be a bit messy and hard to read through the file. Luckily, a rust alternative exists which is quite clean and accomplishes the same goals in a Rust-friendly manner. What this accomplishes is a replace of `make` with `cargo make`. Why this is important is because we are able to get a cleaner make file that can have even better control with the use of profiles. That would make it quite difficult to run the run deployments on the wrong binaries as it'll correctly read the appropriate ENV file. On top of this, I had reworked the Github action workflows and I am getting no failures now. Which is good, less time spent with kickstarting it to work again. This also includes a monthly "sweep" to keep our footprint smaller. In the future, this can be improved by dropping `default_to_workspace = false` and adding a Makefile.toml to every single crate in our workspace. Do note, for whatever reason there was an efficiency being made on the `profile_erc20_get_balance()` test with this compilation which doesn't make itself immediately obvious. I have tried to figure out why this is but can not come up with a reason. I request reviewers to please try to notice why this is. This is low priority, and I have only been working on this while debugging precompiles. Chore: PR template (#548) <!-- Thanks for submitting a pull request! Here are some helpful tips: * Run all the tests locally and ensure that they are passing. * Run `cargo fmt --all` to ensure that the code is formatted. * Small commits and contributions which attempt one single goal is preferable. * If the idea changes or adds anything functional which will affect users an AIP discussion is required first on the Aurora forum: https://forum.aurora.dev/discussions/AIPs%20(Aurora%20Improvement%20Proposals). * Avoid breaking the public API (namely in engine/src/lib.rs) unless required. * If your PR is a WIP, ensure that you enable "draft" mode to ensure that it is not reviewed too early. * Your first PRs won't use the CI automatically unless started by a maintainer. If this is not your first PR, please do NOT abuse the CI resources. Checklist: - [ ] I have performed a self-review of my code - [ ] I have documented my code, particularly in the hard to understand areas - [ ] I have made corresponding changes to the documentation - [ ] I have added tests to prove my fix or new feature is effective and works - [ ] Any dependent changes have been merged - [ ] I have pre-squashed my commits into a single commit and rebased. --> ## Description This adds a PR template to ensure that PRs are of the highest quality by providing guidelines and a helpful checklist. ## How should this be reviewed Ensure that everything that could be said has been said in this template. Do comment below if we should add any more particulars. ## Additional information This is based on a number of other templates that other projects have adopted (mainly Rust projects) but also heavily modified and have included particulars to the project itself. Chore: Delete binaries (#553) Chore(engine): Update to latest version of SputnikVM (#565) Chore(CI): Update checkout to v3 (#566) Chore: Disallow as_conversions (#561) Fix feature gated import in hash precompile Change missed featured `into` to `try_into` birchmd fixes Cleaner usize conversion error Fix missing vec in hash Fix tests Fix V check Fix testnet env EVM account Change hex feature from alloc to std Improve u64 to u8 conversion in JSON Cargo fmt Chore: Update Rust crypto libraries (#568) Revert ripemd160, as the lib is deprecated Fix(engine-transactions): Prevent panic on empty input (#573) Feat(engine): Get promise results precompile (#575) Fix(engine): Return correct value for get_bridge_prover function (#581) Refactor(Tests): Move test contracts to test etc folder (#577) Co-authored-by: Michael Birch <michael.birch@aurora.dev> Chore: Cleanup dead dependencies (#571) Chore(Precompiles): Ripemd160 lib deprecated (#570) Feat(precompiles): Use near host functions for alt_bn128 when compiling wasm artifact (#540) Co-authored-by: Joshua J. Bouw <joshua@aurora.dev> Feat(engine): Cross contract calls (#560) Chore(eth-contracts): Update openzeppelin to 4.7.3 (#584) Fix: Make binaries on push (#585) 2.7.0 release prep
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This resolves security issues with
Signature::parsefunctionsSee paritytech/libsecp256k1@b525d5d
Closes https://app.clickup.com/t/2c7n5yy