Headline
CVE-2023-34449: Add support for language level errors (`LangError`) by HCastano · Pull Request #1450 · paritytech/ink
ink! is an embedded domain specific language to write smart contracts in Rust for blockchains built on the Substrate framework. Starting in version 4.0.0 and prior to version 4.2.1, the return value when using delegate call mechanics, either through CallBuilder::delegate or ink_env::invoke_contract_delegate, is decoded incorrectly. This bug was related to the mechanics around decoding a call’s return buffer, which was changed as part of pull request 1450. Since this feature was only released in ink! 4.0.0, no previous versions are affected. Users who have an ink! 4.x series contract should upgrade to 4.2.1 to receive a patch.
Implements the Message related changes of #1207.
The idea here is that every message now returns a Result<Message::Output, LangError>,
where a LangError is a type of error which doesn’t originate from the contract itself,
nor from the underlying execution environment (so the Contracts pallet in this case).
An example of where this would arise is if a caller tries to use a non-existent message
selector for a contract. Previously, the contract would trap and not allow the caller to
do any sort of error handling if it encountered a non-existent selector.
This breaks the ABI in two ways: first, all contract messages now have a Result return
type, and second a new field, lang_err, will be introduced as part of the contract
spec. The second change allows other languages, such as Solang, to use an equivalent
LangError.
If you’re curious, click here for a snippet of the new metadata for the Flipper contract.
"messages": [ { "args": [], “docs": [ " Flips the current value of the Flipper’s boolean.” ], "label": "flip", "mutates": true, "payable": false, "returnType": { "displayName": [ "ink", “MessageResult” ], "type": 1 }, "selector": “0x633aa551” }], "lang_error": { "displayName": [ "ink", “LangError” ], "type": 3 }, { "id": 3, "type": { "def": { "variant": { "variants": [ { "index": 1, "name": “CouldNotReadInput” } ] } }, "path": [ "ink_primitives", “LangError” ] } }
TODO:
- Add new LangError type to metadata
- Add E2E test for demonstrating how to handle LangErrors
- Make CI green
TODOs in Follow-Ups:
- Implement changes for constructors (Handle LangError from instantiate #1512)
- Implement changes for traits (Fix trait message return type metadata #1531)
- Refactor dispatch logic to bubble up specific dispatch error
- Will happen at the expense of always having an extra error variant in LangError
- Make the CallBuilder API not require an explicit Result (Clean up CallBuilder return() type #1525)
cc @xgreenx since you were the original poster for the issue
Related news
### Summary The return value when using delegate call mechanics, either through [`CallBuilder::delegate`](https://docs.rs/ink_env/4.2.0/ink_env/call/struct.CallBuilder.html#method.delegate) or [`ink_env::invoke_contract_delegate`](https://docs.rs/ink_env/4.2.0/ink_env/fn.invoke_contract_delegate.html), is being decoded incorrectly. ### Description Consider this minimal example: ```rust // First contract, this will be performing a delegate call to the `Callee`. #[ink(storage)] pub struct Caller { value: u128, } #[ink(message)] pub fn get_value(&self, callee_code_hash: Hash) -> u128 { let result = build_call::<DefaultEnvironment>() .delegate(callee_code_hash) .exec_input(ExecutionInput::new(Selector::new(ink::selector_bytes!( "get_value" )))) .returns::<u128>() .invoke(); result } // Different contract, using this code hash for the delegate call. #[ink(storage)] pub struct Callee { value: u128, } #[ink(message)] pu...