Open arthur19q3 opened 4 months ago
Thank you for your questions here. This logic is actually closely related to our new dispatchable token standard. You may see the justification logic in the doc if you need complete context.
To answer your question shortly, if your code don't use dynamic dispatch as introduced in the dispatchable token standard, you shouldn't be affected by those checks, as we statically enforce move modules dependencies to be acyclic on chain.
This re-entrant rule is indeed a bit overly restricted at the moment but we believe it's crucial to maintain the core safety properties of Move on chain, i.e: reference safety and re-entrancy safety. You can look into the AIP and there should be very detailed discussion here. To me, I'm fine with the constraint as is because solana also have similar constraints on module level re-entrancy. It could bring some challenges to module developers tho because now the module developer will need to think about what are the modules that would locate in the lower level of stack that is not re-enterable.
Feel free to send me messages if you have more question here! Really appreciate raising this issue here and looking forward to your feedbacks.
This issue is stale because it has been open 45 days with no activity. Remove the stale
label or comment - otherwise this will be closed in 15 days.
🐛 Bug?
I'm currently delving into the set_new_call_frame function within the MoveVM codebase and have identified a section that raises some questions for me regarding the handling of module re-entrancy. The code snippet below is designed to prevent re-entrancy by checking if a module ID is already present in the active_modules collection:
My inquiry pertains to distinguishing between actual re-entrancy and legitimate cross-module function invocations. Could the current mechanism be considered overly restrictive, and if so, how might we refine it to better accommodate legitimate cross-module interactions without compromising security?
I'm seeking industry insights or recommendations on how to achieve a balanced approach in our VM's access control logic.
Thank you for your expertise and suggestions.