-
Notifications
You must be signed in to change notification settings - Fork 443
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make set_contract_storage
fallible
#1740
Conversation
Signed-off-by: xermicus <cyrill@parity.io>
@ascjones @SkymanOne WDYT? |
with #1869 it is now possible for a contract to encode data using a larger buffer size, and then replace its code hash with a smaller buffer size and then fail. This can also pop up during cross-contract execution. So we need the same check for decoding. |
@@ -20,6 +20,8 @@ use ink_primitives::Key; | |||
/// [`scale::Codec`] are storable by default and transferable between contracts. | |||
/// But not each storable type is transferable. | |||
pub trait Storable: Sized { | |||
fn size_hint(&self) -> usize; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
size_estimate
perhaps is a better name?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Look like a good start I would personally add try_set_contract_storage()
to avoid breaking changes and be as close to Rust interface (e.g. from()
and try_from()
) as possible.
I would also like to hear more how this work would lead to the implementation of StorageVec
as you mentioned it as a related issue.
Thanks @SkymanOne for your comments, good points. I'll pick it up again. |
Ah, so the problem this PR solves is more that currently there is no way to probe whether setting the storage will fail because of the encoded data size, |
Closing in favor of #1910 |
Related issue #1682
This is a very naive approach to the problem: If
set_contract_storage
can fail because the data does no longer fit into the encoding buffer, contract authors can account for that possibility. I don't think we need this for decoding because I don't see how something would fit in the buffer while encoding but no longer while decoding it.A less invasive way would be to just add a
try_set
method toLazy
, but I thought this might be useful to have generally available. We also could introducetry_set_contract_storage
into the API instead so we don't break the existing API. WDYT? Was there was an explicit reasonset_contract_storage
does not return aResult
?This is an early WIP. Todo:
Error::Unknown
, might need a new oneResult
we could as well do something about it other than panic