From cc6b835a8f738572743d78793b0518b7cc1809f9 Mon Sep 17 00:00:00 2001 From: cboh4 Date: Mon, 17 Nov 2025 22:08:17 +0200 Subject: [PATCH 1/4] enable cron --- cosmwasm/enclaves/Cargo.lock | 6 +-- cosmwasm/enclaves/execute/Cargo.toml | 6 +-- cosmwasm/enclaves/execute/Enclave.edl | 4 +- cosmwasm/enclaves/execute/src/ecalls.rs | 4 -- .../enclaves/shared/block-verifier/Cargo.toml | 6 +-- .../src/submit_block_signatures.rs | 50 ------------------- .../block-verifier/src/verify/header.rs | 1 - cosmwasm/enclaves/shared/utils/Cargo.toml | 4 +- cosmwasm/packages/sgx-vm/src/random.rs | 8 +-- deployment/dockerfiles/Dockerfile | 2 +- go-cosmwasm/api/bindings.h | 1 - go-cosmwasm/api/lib.go | 6 +-- go-cosmwasm/api/lib_mock.go | 2 +- go-cosmwasm/src/lib.rs | 9 +--- go.mod | 4 +- go.sum | 8 +-- x/compute/module.go | 47 +++++++++-------- 17 files changed, 48 insertions(+), 120 deletions(-) diff --git a/cosmwasm/enclaves/Cargo.lock b/cosmwasm/enclaves/Cargo.lock index 821004c2b..07a236037 100644 --- a/cosmwasm/enclaves/Cargo.lock +++ b/cosmwasm/enclaves/Cargo.lock @@ -2206,7 +2206,7 @@ dependencies = [ [[package]] name = "tendermint" version = "0.38.0" -source = "git+https://github.com/scrtlabs/tendermint-rs?tag=v0.38.0-secret.6#9067bdcfec84b0fcfa1ef76eba143a73a766e5cf" +source = "git+https://github.com/scrtlabs/tendermint-rs?tag=v0.38.0-secret.7-beta#945e948889ddc56414d081efd56a7b7ca7449aa4" dependencies = [ "bytes 1.7.1", "digest 0.10.7", @@ -2234,7 +2234,7 @@ dependencies = [ [[package]] name = "tendermint-light-client-verifier" version = "0.38.0" -source = "git+https://github.com/scrtlabs/tendermint-rs?tag=v0.38.0-secret.6#9067bdcfec84b0fcfa1ef76eba143a73a766e5cf" +source = "git+https://github.com/scrtlabs/tendermint-rs?tag=v0.38.0-secret.7-beta#945e948889ddc56414d081efd56a7b7ca7449aa4" dependencies = [ "derive_more", "flex-error", @@ -2246,7 +2246,7 @@ dependencies = [ [[package]] name = "tendermint-proto" version = "0.38.0" -source = "git+https://github.com/scrtlabs/tendermint-rs?tag=v0.38.0-secret.6#9067bdcfec84b0fcfa1ef76eba143a73a766e5cf" +source = "git+https://github.com/scrtlabs/tendermint-rs?tag=v0.38.0-secret.7-beta#945e948889ddc56414d081efd56a7b7ca7449aa4" dependencies = [ "bytes 1.7.1", "flex-error", diff --git a/cosmwasm/enclaves/execute/Cargo.toml b/cosmwasm/enclaves/execute/Cargo.toml index 2302c8579..1116e8e5f 100644 --- a/cosmwasm/enclaves/execute/Cargo.toml +++ b/cosmwasm/enclaves/execute/Cargo.toml @@ -91,9 +91,9 @@ block-verifier = { path = "../shared/block-verifier", optional = true } time = "=0.3.17" ed25519-dalek = { version = "1.0", default-features = false } sha2 = "0.10" -tendermint = { git = "https://github.com/scrtlabs/tendermint-rs", tag = "v0.38.0-secret.6", default-features = false, features = ["rust-crypto"] } -tendermint-proto = { git = "https://github.com/scrtlabs/tendermint-rs", tag = "v0.38.0-secret.6", default-features = false } -tendermint-light-client-verifier = { git = "https://github.com/scrtlabs/tendermint-rs", tag = "v0.38.0-secret.6", default-features = false, features = ["rust-crypto"] } +tendermint = { git = "https://github.com/scrtlabs/tendermint-rs", tag = "v0.38.0-secret.7-beta", default-features = false, features = ["rust-crypto"] } +tendermint-proto = { git = "https://github.com/scrtlabs/tendermint-rs", tag = "v0.38.0-secret.7-beta", default-features = false } +tendermint-light-client-verifier = { git = "https://github.com/scrtlabs/tendermint-rs", tag = "v0.38.0-secret.7-beta", default-features = false, features = ["rust-crypto"] } rsa = { version = "0.9", default-features = false, features = ["sha2"] } base64ct = { version = "1.6", default-features = false, features = ["alloc"] } diff --git a/cosmwasm/enclaves/execute/Enclave.edl b/cosmwasm/enclaves/execute/Enclave.edl index e48e04c13..14c88f72f 100644 --- a/cosmwasm/enclaves/execute/Enclave.edl +++ b/cosmwasm/enclaves/execute/Enclave.edl @@ -219,9 +219,7 @@ enclave { [in, count=in_encrypted_random_len] const uint8_t* in_encrypted_random, uintptr_t in_encrypted_random_len, [out, count=32] uint8_t* decrypted, - [out, count=32] uint8_t* next_validator_set_evidence, - [in, count=in_cron_msgs_len] const uint8_t* in_cron_msgs, - uintptr_t in_cron_msgs_len + [out, count=32] uint8_t* next_validator_set_evidence ); }; diff --git a/cosmwasm/enclaves/execute/src/ecalls.rs b/cosmwasm/enclaves/execute/src/ecalls.rs index 146530dcf..be2b33ec2 100644 --- a/cosmwasm/enclaves/execute/src/ecalls.rs +++ b/cosmwasm/enclaves/execute/src/ecalls.rs @@ -17,8 +17,6 @@ pub unsafe extern "C" fn ecall_submit_block_signatures( in_encrypted_random_len: u32, decrypted_random: &mut [u8; 32], next_validator_set_evidence: &mut [u8; 32], - in_cron_msgs: *const u8, - in_cron_msgs_len: u32, ) -> sgx_status_t { #[cfg(feature = "light-client-validation")] { @@ -33,8 +31,6 @@ pub unsafe extern "C" fn ecall_submit_block_signatures( in_encrypted_random_len, decrypted_random, next_validator_set_evidence, - in_cron_msgs, - in_cron_msgs_len, ) } diff --git a/cosmwasm/enclaves/shared/block-verifier/Cargo.toml b/cosmwasm/enclaves/shared/block-verifier/Cargo.toml index a186f7586..889b9d3c2 100644 --- a/cosmwasm/enclaves/shared/block-verifier/Cargo.toml +++ b/cosmwasm/enclaves/shared/block-verifier/Cargo.toml @@ -19,9 +19,9 @@ sgx_types = { rev = "d2d339cbb005f676bb700059bd51dc689c025f6b", git = "https://g [dependencies] sha2 = "0.10" -tendermint = { git = "https://github.com/scrtlabs/tendermint-rs", tag = "v0.38.0-secret.6", default-features = false, features = ["rust-crypto"] } -tendermint-proto = { git = "https://github.com/scrtlabs/tendermint-rs", tag = "v0.38.0-secret.6", default-features = false } -tendermint-light-client-verifier = { git = "https://github.com/scrtlabs/tendermint-rs", tag = "v0.38.0-secret.6", default-features = false, features = ["rust-crypto"] } +tendermint = { git = "https://github.com/scrtlabs/tendermint-rs", tag = "v0.38.0-secret.7-beta", default-features = false, features = ["rust-crypto"] } +tendermint-proto = { git = "https://github.com/scrtlabs/tendermint-rs", tag = "v0.38.0-secret.7-beta", default-features = false } +tendermint-light-client-verifier = { git = "https://github.com/scrtlabs/tendermint-rs", tag = "v0.38.0-secret.7-beta", default-features = false, features = ["rust-crypto"] } lazy_static = "1.4.0" log = "0.4.17" diff --git a/cosmwasm/enclaves/shared/block-verifier/src/submit_block_signatures.rs b/cosmwasm/enclaves/shared/block-verifier/src/submit_block_signatures.rs index 16994ec9f..c0dec456e 100644 --- a/cosmwasm/enclaves/shared/block-verifier/src/submit_block_signatures.rs +++ b/cosmwasm/enclaves/shared/block-verifier/src/submit_block_signatures.rs @@ -37,8 +37,6 @@ pub unsafe fn submit_block_signatures_impl( in_encrypted_random_len: u32, decrypted_random: &mut [u8; 32], next_validator_set_evidence: &mut [u8; 32], - in_cron_msgs: *const u8, - in_cron_msgs_len: u32, ) -> sgx_status_t { if let Err(e) = validate_inputs( in_header, @@ -64,12 +62,6 @@ pub unsafe fn submit_block_signatures_impl( &[] }; - let cron_msgs_slice = if in_cron_msgs_len != 0 && !in_cron_msgs.is_null() { - slice::from_raw_parts(in_cron_msgs, in_cron_msgs_len as usize) - } else { - &[] - }; - let (validator_set, height) = { let extra = KEY_MANAGER.extra_data.lock().unwrap(); let validator_set = match extra.decode_validator_set() { @@ -94,20 +86,6 @@ pub unsafe fn submit_block_signatures_impl( let txs = unwrap_or_return!(crate::verify::txs::validate_txs(txs_slice, &header)); - let cron_msgs = if !cron_msgs_slice.is_empty() { - let msgs = crate::txs::txs_from_bytes(cron_msgs_slice).map_err(|e| { - error!("Error parsing cron msgs from proto: {:?}", e); - sgx_status_t::SGX_ERROR_INVALID_PARAMETER - }); - if msgs.is_err() { - error!("Error parsing cron msgs from proto: {:?}", msgs); - return sgx_status_t::SGX_ERROR_INVALID_PARAMETER; - } - Some(msgs.unwrap()) - } else { - None - }; - let mut message_verifier = VERIFIED_BLOCK_MESSAGES.lock().unwrap(); if message_verifier.remaining() != 0 { @@ -115,34 +93,6 @@ pub unsafe fn submit_block_signatures_impl( message_verifier.clear(); } - if let Some(implicit_hash_val) = header.header.implicit_hash { - let mut hasher = Sha256::new(); - hasher.update(cron_msgs_slice); - let hash_result = hasher.finalize(); - let hash_result: [u8; 32] = hash_result.into(); - - let implicit_hash = tendermint::Hash::Sha256(hash_result); - - if implicit_hash != implicit_hash_val { - error!("Implicit hash does not match header implicit hash"); - return sgx_status_t::SGX_ERROR_INVALID_PARAMETER; - } - } else if !cron_msgs_slice.is_empty() { - error!("Implicit hash not specified, yet implicit msgs provided"); - return sgx_status_t::SGX_ERROR_INVALID_PARAMETER; - } - - if let Some(cron_msgs) = cron_msgs { - for msg in cron_msgs { - let parsed_cron_msg = unwrap_or_return!(tx_from_bytes(msg.as_slice()).map_err(|_| { - error!("Unable to parse tx bytes from proto"); - sgx_status_t::SGX_ERROR_INVALID_PARAMETER - })); - - message_verifier.append_msg_from_tx(parsed_cron_msg); - } - } - for tx in txs.iter() { // doing this a different way makes the code unreadable or requires creating a copy of diff --git a/cosmwasm/enclaves/shared/block-verifier/src/verify/header.rs b/cosmwasm/enclaves/shared/block-verifier/src/verify/header.rs index 7b193a843..85f6be11d 100644 --- a/cosmwasm/enclaves/shared/block-verifier/src/verify/header.rs +++ b/cosmwasm/enclaves/shared/block-verifier/src/verify/header.rs @@ -44,7 +44,6 @@ pub fn validate_block_header( signed_header: &signed_header, validators: validator_set, next_validators: None, - implicit_hash: signed_header.header.implicit_hash, }; let result = verify_block(&untrusted_block); diff --git a/cosmwasm/enclaves/shared/utils/Cargo.toml b/cosmwasm/enclaves/shared/utils/Cargo.toml index 8a6562617..15e479ce0 100644 --- a/cosmwasm/enclaves/shared/utils/Cargo.toml +++ b/cosmwasm/enclaves/shared/utils/Cargo.toml @@ -32,6 +32,6 @@ serde = { git = "https://github.com/mesalock-linux/serde-sgx", features = [ "derive" ] } serde_json = { git = "https://github.com/mesalock-linux/serde-json-sgx" } -tendermint-proto = { git = "https://github.com/scrtlabs/tendermint-rs", tag = "v0.38.0-secret.6", default-features = false } -tendermint = { git = "https://github.com/scrtlabs/tendermint-rs", tag = "v0.38.0-secret.6", default-features = false, features = ["rust-crypto"] } +tendermint-proto = { git = "https://github.com/scrtlabs/tendermint-rs", tag = "v0.38.0-secret.7-beta", default-features = false } +tendermint = { git = "https://github.com/scrtlabs/tendermint-rs", tag = "v0.38.0-secret.7-beta", default-features = false, features = ["rust-crypto"] } enclave_crypto = { path = "../crypto" } diff --git a/cosmwasm/packages/sgx-vm/src/random.rs b/cosmwasm/packages/sgx-vm/src/random.rs index 3a4c9ced4..71ad149e6 100644 --- a/cosmwasm/packages/sgx-vm/src/random.rs +++ b/cosmwasm/packages/sgx-vm/src/random.rs @@ -18,8 +18,6 @@ extern "C" { in_encrypted_random_len: u32, decrypted_random: &mut [u8; 32], next_validator_set_evidence: &mut [u8; 32], - in_cron_msgs: *const u8, - in_cron_msgs_len: u32, ) -> sgx_status_t; } @@ -28,7 +26,6 @@ pub fn untrusted_submit_block_signatures( commit: &[u8], txs: &[u8], encrypted_random: &[u8], - cron_msgs: &[u8], ) -> SgxResult<([u8; 32], [u8; 32])> { debug!("Hello from just before - untrusted_submit_block_signatures"); @@ -39,7 +36,7 @@ pub fn untrusted_submit_block_signatures( // this is here so we can loop { let (retval, decrypted, next_validator_set_evidence, status) = - submit_block_signature_impl(header, commit, txs, encrypted_random, cron_msgs)?; + submit_block_signature_impl(header, commit, txs, encrypted_random)?; if status != sgx_status_t::SGX_SUCCESS { return Err(status); } else if retval != sgx_status_t::SGX_SUCCESS { @@ -69,7 +66,6 @@ fn submit_block_signature_impl( commit: &[u8], txs: &[u8], encrypted_random: &[u8], - cron_msgs: &[u8], ) -> SgxResult<(sgx_status_t, [u8; 32], [u8; 32], sgx_status_t)> { // Bind the token to a local variable to ensure its // destructor runs in the end of the function @@ -102,8 +98,6 @@ fn submit_block_signature_impl( encrypted_random.len() as u32, &mut random_decrypted, &mut next_validator_set_evidence, - cron_msgs.as_ptr(), - cron_msgs.len() as u32, ) }; diff --git a/deployment/dockerfiles/Dockerfile b/deployment/dockerfiles/Dockerfile index 612046b09..e1971f024 100644 --- a/deployment/dockerfiles/Dockerfile +++ b/deployment/dockerfiles/Dockerfile @@ -70,7 +70,7 @@ ENV FEATURES=${FEATURES} ENV FEATURES_U=${FEATURES_U} ENV MITIGATION_CVE_2020_0551=${MITIGATION_CVE_2020_0551} -RUN git clone --branch header-implicit-hash --depth 1 https://github.com/scrtlabs/tm-secret-enclave.git +RUN git clone --branch pass-scheduled-msgs --depth 1 https://github.com/scrtlabs/tm-secret-enclave.git WORKDIR tm-secret-enclave diff --git a/go-cosmwasm/api/bindings.h b/go-cosmwasm/api/bindings.h index 3438fc0e7..154702069 100644 --- a/go-cosmwasm/api/bindings.h +++ b/go-cosmwasm/api/bindings.h @@ -253,7 +253,6 @@ TwoBuffers submit_block_signatures(Buffer header, Buffer commit, Buffer txs, Buffer random, - Buffer cron_msgs, Buffer *err); void submit_validator_set_evidence(Buffer evidence, Buffer *err); diff --git a/go-cosmwasm/api/lib.go b/go-cosmwasm/api/lib.go index defeae218..04626d666 100644 --- a/go-cosmwasm/api/lib.go +++ b/go-cosmwasm/api/lib.go @@ -47,7 +47,7 @@ func HealthCheck() ([]byte, error) { return receiveVector(res), nil } -func SubmitBlockSignatures(header []byte, commit []byte, txs []byte, encRandom []byte, cronMsgs []byte /* valSet []byte, nextValSet []byte */) ([]byte, []byte, error) { +func SubmitBlockSignatures(header []byte, commit []byte, txs []byte, encRandom []byte /* valSet []byte, nextValSet []byte */) ([]byte, []byte, error) { errmsg := C.Buffer{} spidSlice := sendSlice(header) defer freeAfterSend(spidSlice) @@ -57,10 +57,8 @@ func SubmitBlockSignatures(header []byte, commit []byte, txs []byte, encRandom [ defer freeAfterSend(encRandomSlice) txsSlice := sendSlice(txs) defer freeAfterSend(txsSlice) - cronMsgsSlice := sendSlice(cronMsgs) - defer freeAfterSend(cronMsgsSlice) - res, err := C.submit_block_signatures(spidSlice, apiKeySlice, txsSlice, encRandomSlice, cronMsgsSlice /* valSetSlice, nextValSetSlice,*/, &errmsg) + res, err := C.submit_block_signatures(spidSlice, apiKeySlice, txsSlice, encRandomSlice /* valSetSlice, nextValSetSlice,*/, &errmsg) if err != nil { return nil, nil, errorWithMessage(err, errmsg) } diff --git a/go-cosmwasm/api/lib_mock.go b/go-cosmwasm/api/lib_mock.go index f25f6e643..78d8050d0 100644 --- a/go-cosmwasm/api/lib_mock.go +++ b/go-cosmwasm/api/lib_mock.go @@ -39,7 +39,7 @@ func InitBootstrap(spid []byte, apiKey []byte) ([]byte, error) { return nil, nil } -func SubmitBlockSignatures(header []byte, commit []byte, txs []byte, random []byte, cronmsgs []byte /* valSet []byte, nextValSet []byte*/) ([]byte, []byte, error) { +func SubmitBlockSignatures(header []byte, commit []byte, txs []byte, random []byte /* valSet []byte, nextValSet []byte*/) ([]byte, []byte, error) { return nil, nil, nil } diff --git a/go-cosmwasm/src/lib.rs b/go-cosmwasm/src/lib.rs index 1b8641a99..9783fbb00 100644 --- a/go-cosmwasm/src/lib.rs +++ b/go-cosmwasm/src/lib.rs @@ -247,7 +247,6 @@ pub extern "C" fn submit_block_signatures( commit: Buffer, txs: Buffer, random: Buffer, - cron_msgs: Buffer, // val_set: Buffer, // next_val_set: Buffer, err: Option<&mut Buffer>, @@ -286,10 +285,6 @@ pub extern "C" fn submit_block_signatures( Some(r) => r, }; - let cron_msgs_slice = match unsafe { cron_msgs.read() } { - None => &[], - Some(r) => r, - }; // let val_set_slice = match unsafe { val_set.read() } { // None => { // set_error(Error::empty_arg("api_key"), err); @@ -311,8 +306,8 @@ pub extern "C" fn submit_block_signatures( commit_slice, txs_slice, random_slice, - cron_msgs_slice, // val_set_slice, - // next_val_set_slice, + // val_set_slice, + // next_val_set_slice, ) { Err(e) => { set_error(Error::enclave_err(e.to_string()), err); diff --git a/go.mod b/go.mod index efe390012..e673ca9f9 100644 --- a/go.mod +++ b/go.mod @@ -8,8 +8,8 @@ replace ( cosmossdk.io/api => github.com/scrtlabs/cosmos-sdk-api v0.7.6-secret.0 cosmossdk.io/store => github.com/scrtlabs/cosmos-sdk-store v1.1.1-secret.1 cosmossdk.io/x/tx => github.com/scrtlabs/cosmos-sdk-x-tx v0.13.7-secret.0 - github.com/cometbft/cometbft => github.com/scrtlabs/tendermint v0.38.19-secret.0 - github.com/cosmos/cosmos-sdk => github.com/scrtlabs/cosmos-sdk v0.50.14-secret.4 + github.com/cometbft/cometbft => github.com/scrtlabs/tendermint v0.38.19-secret.1 + github.com/cosmos/cosmos-sdk => github.com/scrtlabs/cosmos-sdk v0.50.14-secret.5 github.com/cosmos/iavl => github.com/scrtlabs/iavl v1.2.2-secret.0 github.com/syndtr/goleveldb => github.com/syndtr/goleveldb v1.0.1-0.20210819022825-2ae1ddf74ef7 diff --git a/go.sum b/go.sum index c381967a1..472802219 100644 --- a/go.sum +++ b/go.sum @@ -1609,8 +1609,8 @@ github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWR github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= github.com/sasha-s/go-deadlock v0.3.5 h1:tNCOEEDG6tBqrNDOX35j/7hL5FcFViG6awUGROb2NsU= github.com/sasha-s/go-deadlock v0.3.5/go.mod h1:bugP6EGbdGYObIlx7pUZtWqlvo8k9H6vCBBsiChJQ5U= -github.com/scrtlabs/cosmos-sdk v0.50.14-secret.4 h1:YU8JJIC2LGoZ3Z8+ezgv8WI21XKxVPMOUjsbaPtw+yc= -github.com/scrtlabs/cosmos-sdk v0.50.14-secret.4/go.mod h1:otdpIqWbky7zjfzbcoAOHC0BwHruG9MWemfMx9f+rKk= +github.com/scrtlabs/cosmos-sdk v0.50.14-secret.5 h1:iijErJT8ZbFHsFhhyLH0PywYQeeVT10i+EUsthfQOSg= +github.com/scrtlabs/cosmos-sdk v0.50.14-secret.5/go.mod h1:bTJf+E1t8wKEwwNcTYFBEuAcdEYWLGXv9QlMu089hUo= github.com/scrtlabs/cosmos-sdk-api v0.7.6-secret.0 h1:9IGLySVhC2qSrxT3fZvvqwjKsnXWSSKnywQDzT8y1Gs= github.com/scrtlabs/cosmos-sdk-api v0.7.6-secret.0/go.mod h1:IcxpYS5fMemZGqyYtErK7OqvdM0C8kdW3dq8Q/XIG38= github.com/scrtlabs/cosmos-sdk-store v1.1.1-secret.1 h1:TELtwBkSg0xBrs2ObFE0pVVWF6E31fPCDX2tk8OiJPo= @@ -1619,8 +1619,8 @@ github.com/scrtlabs/cosmos-sdk-x-tx v0.13.7-secret.0 h1:i3k5706sDHKhaCvzokB+n33/ github.com/scrtlabs/cosmos-sdk-x-tx v0.13.7-secret.0/go.mod h1:V6DImnwJMTq5qFjeGWpXNiT/fjgE4HtmclRmTqRVM3w= github.com/scrtlabs/iavl v1.2.2-secret.0 h1:P96PL1Lf8OBSW9pMrlaRxhceZ4z9Hc7jk12g9ShWeHw= github.com/scrtlabs/iavl v1.2.2-secret.0/go.mod h1:GiM43q0pB+uG53mLxLDzimxM9l/5N9UuSY3/D0huuVw= -github.com/scrtlabs/tendermint v0.38.19-secret.0 h1:LwmTBt3Wze8esiyV+EtkMzp5fUINnlovgOIXJbZFBnk= -github.com/scrtlabs/tendermint v0.38.19-secret.0/go.mod h1:dNi/ShIl1T2f3bCYdoDY2tU4cbKGeyFgWIJSFJ9HSBI= +github.com/scrtlabs/tendermint v0.38.19-secret.1 h1:NxZ21CS6INBjL2QCL087/BJLb1NAIeoY07mHasTuqKs= +github.com/scrtlabs/tendermint v0.38.19-secret.1/go.mod h1:CZUJG1djTJUVbpjGS9JmQx9CFfF4goKi3LzYUQtxWO8= github.com/scrtlabs/tm-secret-enclave v1.13.0 h1:a2xH0G96chEM8Ntwlq/Fh36r4dg0ijKWTaOy0oqFsqg= github.com/scrtlabs/tm-secret-enclave v1.13.0/go.mod h1:nxZQtzzAqBNBLOEXSv4cKlUnVA4vRmHOn6ujr3kxVME= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= diff --git a/x/compute/module.go b/x/compute/module.go index 759616674..99b1b0435 100644 --- a/x/compute/module.go +++ b/x/compute/module.go @@ -2,7 +2,6 @@ package compute import ( "context" - "crypto/sha256" "encoding/json" "github.com/grpc-ecosystem/grpc-gateway/runtime" @@ -16,10 +15,13 @@ import ( sdk "github.com/cosmos/cosmos-sdk/types" "github.com/cosmos/cosmos-sdk/types/module" "github.com/scrtlabs/SecretNetwork/go-cosmwasm/api" + wasmtypes "github.com/scrtlabs/SecretNetwork/go-cosmwasm/types" "github.com/scrtlabs/SecretNetwork/x/compute/client/cli" "github.com/scrtlabs/SecretNetwork/x/compute/internal/keeper" "github.com/scrtlabs/SecretNetwork/x/compute/internal/types" tmenclave "github.com/scrtlabs/tm-secret-enclave" + + crontypes "github.com/scrtlabs/SecretNetwork/x/cron/types" ) var ( @@ -159,14 +161,12 @@ func (am AppModule) BeginBlock(c context.Context) error { ctx := c.(sdk.Context) block_header := ctx.BlockHeader() - // execCronMsgs, bytesCronMsgs, err := am.keeper.GetScheduledMsgs(ctx, crontypes.ExecutionStage_EXECUTION_STAGE_BEGIN_BLOCKER) - // if err != nil { - // ctx.Logger().Error("Failed to get scheduled cron msgs") - // return err - // } + execCronMsgs, bytesCronMsgs, err := am.keeper.GetScheduledMsgs(ctx, crontypes.ExecutionStage_EXECUTION_STAGE_BEGIN_BLOCKER) + if err != nil { + ctx.Logger().Error("Failed to get scheduled cron msgs") + return err + } - cron_msgs := tm_type.Data{Txs: [][]byte{}} - cron_data, err := cron_msgs.Marshal() if err != nil { ctx.Logger().Error("Failed to marshal cron_msgs") return err @@ -194,19 +194,19 @@ func (am AppModule) BeginBlock(c context.Context) error { } if block_header.EncryptedRandom != nil { randomAndProof := append(block_header.EncryptedRandom.Random, block_header.EncryptedRandom.Proof...) - random, validator_set_evidence, err := api.SubmitBlockSignatures(header, b_commit, data, randomAndProof, cron_data) + random, validator_set_evidence, err := api.SubmitBlockSignatures(header, b_commit, data, randomAndProof) if err != nil { ctx.Logger().Error("Failed to submit block signatures") return err } - // for idx, msg := range execCronMsgs { - // ctx = ctx.WithTxBytes(bytesCronMsgs[idx]) - // _, err := am.keeper.Execute(ctx, msg.Contract, msg.Sender, msg.Msg, msg.SentFunds, msg.CallbackSig, wasmtypes.HandleTypeExecute) - // if err != nil { - // ctx.Logger().Error("Failed to execute cron message", "error", err) - // } - // } + for idx, msg := range execCronMsgs { + ctx = ctx.WithTxBytes(bytesCronMsgs[idx]) + _, err := am.keeper.Execute(ctx, msg.Contract, msg.Sender, msg.Msg, msg.SentFunds, msg.CallbackSig, wasmtypes.HandleTypeExecute) + if err != nil { + ctx.Logger().Error("Failed to execute cron message", "error", err) + } + } am.keeper.SetRandomSeed(ctx, random, validator_set_evidence) } else { @@ -219,21 +219,20 @@ func (am AppModule) BeginBlock(c context.Context) error { func (am AppModule) EndBlock(c context.Context) error { ctx := c.(sdk.Context) - // _, _, err := am.keeper.GetScheduledMsgs(ctx, crontypes.ExecutionStage_EXECUTION_STAGE_END_BLOCKER) - // if err != nil { - // ctx.Logger().Error("Failed to get scheduled cron msgs") - // return err - // } + _, bytesCronMsgs, err := am.keeper.GetScheduledMsgs(ctx, crontypes.ExecutionStage_EXECUTION_STAGE_END_BLOCKER) + if err != nil { + ctx.Logger().Error("Failed to get scheduled cron msgs") + return err + } - cron_msgs := tm_type.Data{Txs: [][]byte{}} + cron_msgs := tm_type.Data{Txs: bytesCronMsgs} cron_data, err := cron_msgs.Marshal() if err != nil { ctx.Logger().Error("Failed to marshal cron_msgs") return err } - hash := sha256.Sum256(cron_data) - err = tmenclave.SetImplicitHash(hash[:]) + err = tmenclave.SetScheduledTxs(cron_data) if err != nil { ctx.Logger().Error("Failed to set implicit hash %+v", err) return err From e8863ae0f95f94c9f844e2b32775e0da775476d5 Mon Sep 17 00:00:00 2001 From: cboh4 Date: Mon, 24 Nov 2025 23:52:42 +0200 Subject: [PATCH 2/4] bump dependency --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index e673ca9f9..78b5329a8 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ replace ( cosmossdk.io/store => github.com/scrtlabs/cosmos-sdk-store v1.1.1-secret.1 cosmossdk.io/x/tx => github.com/scrtlabs/cosmos-sdk-x-tx v0.13.7-secret.0 github.com/cometbft/cometbft => github.com/scrtlabs/tendermint v0.38.19-secret.1 - github.com/cosmos/cosmos-sdk => github.com/scrtlabs/cosmos-sdk v0.50.14-secret.5 + github.com/cosmos/cosmos-sdk => github.com/scrtlabs/cosmos-sdk v0.50.14-secret.7 github.com/cosmos/iavl => github.com/scrtlabs/iavl v1.2.2-secret.0 github.com/syndtr/goleveldb => github.com/syndtr/goleveldb v1.0.1-0.20210819022825-2ae1ddf74ef7 @@ -76,7 +76,7 @@ require ( github.com/gogo/protobuf v1.3.2 github.com/golang/mock v1.6.0 github.com/hashicorp/go-metrics v0.5.3 - github.com/scrtlabs/tm-secret-enclave v1.13.0 + github.com/scrtlabs/tm-secret-enclave v1.13.1 golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 gopkg.in/yaml.v2 v2.4.0 ) diff --git a/go.sum b/go.sum index 472802219..4f5a20ee0 100644 --- a/go.sum +++ b/go.sum @@ -1609,8 +1609,8 @@ github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWR github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= github.com/sasha-s/go-deadlock v0.3.5 h1:tNCOEEDG6tBqrNDOX35j/7hL5FcFViG6awUGROb2NsU= github.com/sasha-s/go-deadlock v0.3.5/go.mod h1:bugP6EGbdGYObIlx7pUZtWqlvo8k9H6vCBBsiChJQ5U= -github.com/scrtlabs/cosmos-sdk v0.50.14-secret.5 h1:iijErJT8ZbFHsFhhyLH0PywYQeeVT10i+EUsthfQOSg= -github.com/scrtlabs/cosmos-sdk v0.50.14-secret.5/go.mod h1:bTJf+E1t8wKEwwNcTYFBEuAcdEYWLGXv9QlMu089hUo= +github.com/scrtlabs/cosmos-sdk v0.50.14-secret.7 h1:D6KNM8+qfHA9uW3+tru36OpHp2j+Qye2i5tg5/MPCs8= +github.com/scrtlabs/cosmos-sdk v0.50.14-secret.7/go.mod h1:/0g1Kvg6WMZRbI5KfyDEQl/Zy30n6CzAkDa2Fs5B1PU= github.com/scrtlabs/cosmos-sdk-api v0.7.6-secret.0 h1:9IGLySVhC2qSrxT3fZvvqwjKsnXWSSKnywQDzT8y1Gs= github.com/scrtlabs/cosmos-sdk-api v0.7.6-secret.0/go.mod h1:IcxpYS5fMemZGqyYtErK7OqvdM0C8kdW3dq8Q/XIG38= github.com/scrtlabs/cosmos-sdk-store v1.1.1-secret.1 h1:TELtwBkSg0xBrs2ObFE0pVVWF6E31fPCDX2tk8OiJPo= @@ -1621,8 +1621,8 @@ github.com/scrtlabs/iavl v1.2.2-secret.0 h1:P96PL1Lf8OBSW9pMrlaRxhceZ4z9Hc7jk12g github.com/scrtlabs/iavl v1.2.2-secret.0/go.mod h1:GiM43q0pB+uG53mLxLDzimxM9l/5N9UuSY3/D0huuVw= github.com/scrtlabs/tendermint v0.38.19-secret.1 h1:NxZ21CS6INBjL2QCL087/BJLb1NAIeoY07mHasTuqKs= github.com/scrtlabs/tendermint v0.38.19-secret.1/go.mod h1:CZUJG1djTJUVbpjGS9JmQx9CFfF4goKi3LzYUQtxWO8= -github.com/scrtlabs/tm-secret-enclave v1.13.0 h1:a2xH0G96chEM8Ntwlq/Fh36r4dg0ijKWTaOy0oqFsqg= -github.com/scrtlabs/tm-secret-enclave v1.13.0/go.mod h1:nxZQtzzAqBNBLOEXSv4cKlUnVA4vRmHOn6ujr3kxVME= +github.com/scrtlabs/tm-secret-enclave v1.13.1 h1:0mXcBdoWyqEGhQEdbXMjSuTi9LKKMld2BqEj0eNpoxU= +github.com/scrtlabs/tm-secret-enclave v1.13.1/go.mod h1:nxZQtzzAqBNBLOEXSv4cKlUnVA4vRmHOn6ujr3kxVME= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= From 08d8d0ad80bf58ede70a078aa5d087d0c665af64 Mon Sep 17 00:00:00 2001 From: cboh4 Date: Wed, 26 Nov 2025 13:43:26 +0200 Subject: [PATCH 3/4] Add disk space check in CI --- .github/workflows/ci.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 994beee4d..c8e98e45e 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -268,6 +268,13 @@ jobs: Build-LocalSecret: runs-on: ubuntu-22.04 steps: + - name: Check disk space BEFORE cleanup + run: | + df -h + echo "=== Checking large directories ===" + du -sh /usr/share/dotnet 2>/dev/null || echo "dotnet not found" + du -sh /usr/local/lib/android 2>/dev/null || echo "android not found" + du -sh /opt/ghc 2>/dev/null || echo "ghc not found" - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 with: From 33b833143511bbaa62a59f4d0a1d506a8b2c2c69 Mon Sep 17 00:00:00 2001 From: cboh4 Date: Wed, 26 Nov 2025 13:58:37 +0200 Subject: [PATCH 4/4] free disk space --- .github/workflows/ci.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index c8e98e45e..207e337b9 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -268,7 +268,13 @@ jobs: Build-LocalSecret: runs-on: ubuntu-22.04 steps: - - name: Check disk space BEFORE cleanup + - name: Free Disk Space + run: | + sudo rm -rf /usr/share/dotnet + sudo rm -rf /usr/local/lib/android + sudo docker system prune -af + df -h + - name: Check disk space after cleanup run: | df -h echo "=== Checking large directories ==="