search

kadena-io / pact

The Pact Smart Contract Language
https://docs.kadena.io/build/pact
BSD 3-Clause "New" or "Revised" License
579 stars 100 forks source link

Modref equality in capability guards fail equality check #1279

Closed sirlensalot closed 1 year ago

sirlensalot commented 1 year ago

Issue description

Using modrefs in capability guards fails when trying to require the cap because the equality check for the modref value fails.

Steps to reproduce/Expected behavior

The following test should succeed but fails in the success case.

(interface ops
  (defun op1:bool (a:string b:integer))
  (defun op2:bool (c:string d:bool))
  )

(module caller G
  (defcap G () true)
  (defschema dep
      callee:module{ops})
  (deftable deps:{dep})
  (defcap OP1 (a:string b:integer m:module{ops})
    @managed
    true)
  (defcap OP2 (c:string d:bool m:module{ops})
    @managed
    true)
  (defun op1-guard (a:string b:integer m:module{ops})
    (create-capability-guard (OP1 a b m)))
  (defun op2-guard (c:string d:bool m:module{ops})
    (create-capability-guard (OP2 c d m)))
  (defun callees:[module{ops}] ()
     (map (compose (read deps) (at 'callee)) (keys deps)))
  (defun call-op1 (a:string b:integer)
    (map (lambda (m:module{ops})
           (install-capability (OP1 a b m))
           (with-capability (OP1 a b m)
             (m::op1 a b)))
         (callees)))
  (defun call-op2 (c:string d:bool)
    (map (lambda (m:module{ops})
           (install-capability (OP2 c d m))
           (with-capability (OP2 c d m)
             (m::op2 c d)))
         (callees)))
)
(create-table deps)

(module callee-A G
  (defcap G () true)
  (implements ops)
  (defun op1:bool (a:string b:integer)
    (enforce-guard (op1-guard a b callee-A))
    true)
  (defun op2:bool (c:string d:bool)
    (enforce-guard (op2-guard c d callee-A))
    false)

  )

(module callee-B G
  (defcap G () true)
  (implements ops)
  (defun op1:bool (a:string b:integer)
    ;; out-of-band call to callee-A
    (callee-A.op1 a b)
    false)
  (defun op2:bool (c:string d:bool)
    (enforce-guard (op2-guard c d callee-B))
    true)
  )

(insert deps "callee-A" { 'callee: callee-A })
(insert deps "callee-B" { 'callee: callee-B })
(expect-failure
   "out-of-band call fails"
   "Capability not acquired"
   (call-op1 "hello" 2))
(expect
   "normal case succeeds for both callees"
   [false true]
   (call-op2 "goodbye" false))

Debug Information

This is because infos are not being elided from modrefs.

emilypi commented 1 year ago

Fixed in #1287 and #1278 . Could you please double check that the latest release fixes the problem?

jmcardon commented 1 year ago

@emilypi We added the above as a test case, pre and post-fork.