pallet-revive: disable host functions not in revive recompiler (paritytech#6844)

davidk-pt · DavidK · dudo50 · commit 55d8f92861bb · 2025-01-05T00:42:05.000+01:00
Resolves paritytech#6720 List of used host functions in PolkaVM recompiler is here https://github.com/paritytech/revive/blob/main/crates/runtime-api/src/polkavm_imports.c#L65 --------- Co-authored-by: DavidK <davidk@parity.io>
diff --git a/prdoc/pr_6844.prdoc b/prdoc/pr_6844.prdoc
@@ -0,0 +1,8 @@
+title: 'pallet-revive: disable host functions unused in solidity PolkaVM compiler'
+doc:
+- audience: Runtime Dev
+  description: Disables host functions in contracts that are not enabled
+    in solidity PolkaVM compiler to reduce surface of possible attack vectors.
+crates:
+- name: pallet-revive
+  bump: major
diff --git a/substrate/frame/revive/src/wasm/runtime.rs b/substrate/frame/revive/src/wasm/runtime.rs
@@ -1148,7 +1148,6 @@ pub mod env {
 
 	/// Clear the value at the given key in the contract storage.
 	/// See [`pallet_revive_uapi::HostFn::clear_storage`]
-	#[stable]
 	#[mutating]
 	fn clear_storage(
 		&mut self,
@@ -1177,7 +1176,6 @@ pub mod env {
 
 	/// Checks whether there is a value stored under the given key.
 	/// See [`pallet_revive_uapi::HostFn::contains_storage`]
-	#[stable]
 	fn contains_storage(
 		&mut self,
 		memory: &mut M,
@@ -1190,7 +1188,6 @@ pub mod env {
 
 	/// Retrieve and remove the value under the given key from storage.
 	/// See [`pallet_revive_uapi::HostFn::take_storage`]
-	#[stable]
 	#[mutating]
 	fn take_storage(
 		&mut self,
@@ -1301,7 +1298,6 @@ pub mod env {
 
 	/// Remove the calling account and transfer remaining **free** balance.
 	/// See [`pallet_revive_uapi::HostFn::terminate`].
-	#[stable]
 	#[mutating]
 	fn terminate(&mut self, memory: &mut M, beneficiary_ptr: u32) -> Result<(), TrapReason> {
 		self.terminate(memory, beneficiary_ptr)
@@ -1399,7 +1395,6 @@ pub mod env {
 
 	/// Checks whether a specified address belongs to a contract.
 	/// See [`pallet_revive_uapi::HostFn::is_contract`].
-	#[stable]
 	fn is_contract(&mut self, memory: &mut M, account_ptr: u32) -> Result<u32, TrapReason> {
 		self.charge_gas(RuntimeCosts::IsContract)?;
 		let address = memory.read_h160(account_ptr)?;
@@ -1438,7 +1433,6 @@ pub mod env {
 
 	/// Retrieve the code hash of the currently executing contract.
 	/// See [`pallet_revive_uapi::HostFn::own_code_hash`].
-	#[stable]
 	fn own_code_hash(&mut self, memory: &mut M, out_ptr: u32) -> Result<(), TrapReason> {
 		self.charge_gas(RuntimeCosts::OwnCodeHash)?;
 		let code_hash = *self.ext.own_code_hash();
@@ -1453,15 +1447,13 @@ pub mod env {
 
 	/// Checks whether the caller of the current contract is the origin of the whole call stack.
 	/// See [`pallet_revive_uapi::HostFn::caller_is_origin`].
-	#[stable]
 	fn caller_is_origin(&mut self, _memory: &mut M) -> Result<u32, TrapReason> {
 		self.charge_gas(RuntimeCosts::CallerIsOrigin)?;
 		Ok(self.ext.caller_is_origin() as u32)
 	}
 
 	/// Checks whether the caller of the current contract is root.
 	/// See [`pallet_revive_uapi::HostFn::caller_is_root`].
-	#[stable]
 	fn caller_is_root(&mut self, _memory: &mut M) -> Result<u32, TrapReason> {
 		self.charge_gas(RuntimeCosts::CallerIsRoot)?;
 		Ok(self.ext.caller_is_root() as u32)
@@ -1505,7 +1497,6 @@ pub mod env {
 
 	/// Stores the amount of weight left into the supplied buffer.
 	/// See [`pallet_revive_uapi::HostFn::weight_left`].
-	#[stable]
 	fn weight_left(
 		&mut self,
 		memory: &mut M,
@@ -1631,7 +1622,6 @@ pub mod env {
 
 	/// Stores the minimum balance (a.k.a. existential deposit) into the supplied buffer.
 	/// See [`pallet_revive_uapi::HostFn::minimum_balance`].
-	#[stable]
 	fn minimum_balance(&mut self, memory: &mut M, out_ptr: u32) -> Result<(), TrapReason> {
 		self.charge_gas(RuntimeCosts::MinimumBalance)?;
 		Ok(self.write_fixed_sandbox_output(
@@ -1720,7 +1710,6 @@ pub mod env {
 
 	/// Computes the SHA2 256-bit hash on the given input buffer.
 	/// See [`pallet_revive_uapi::HostFn::hash_sha2_256`].
-	#[stable]
 	fn hash_sha2_256(
 		&mut self,
 		memory: &mut M,
@@ -1752,7 +1741,6 @@ pub mod env {
 
 	/// Computes the BLAKE2 256-bit hash on the given input buffer.
 	/// See [`pallet_revive_uapi::HostFn::hash_blake2_256`].
-	#[stable]
 	fn hash_blake2_256(
 		&mut self,
 		memory: &mut M,
@@ -1768,7 +1756,6 @@ pub mod env {
 
 	/// Computes the BLAKE2 128-bit hash on the given input buffer.
 	/// See [`pallet_revive_uapi::HostFn::hash_blake2_128`].
-	#[stable]
 	fn hash_blake2_128(
 		&mut self,
 		memory: &mut M,
@@ -1814,7 +1801,6 @@ pub mod env {
 
 	/// Emit a custom debug message.
 	/// See [`pallet_revive_uapi::HostFn::debug_message`].
-	#[stable]
 	fn debug_message(
 		&mut self,
 		memory: &mut M,
@@ -1932,7 +1918,6 @@ pub mod env {
 
 	/// Recovers the ECDSA public key from the given message hash and signature.
 	/// See [`pallet_revive_uapi::HostFn::ecdsa_recover`].
-	#[stable]
 	fn ecdsa_recover(
 		&mut self,
 		memory: &mut M,
@@ -1963,7 +1948,6 @@ pub mod env {
 
 	/// Verify a sr25519 signature
 	/// See [`pallet_revive_uapi::HostFn::sr25519_verify`].
-	#[stable]
 	fn sr25519_verify(
 		&mut self,
 		memory: &mut M,
@@ -2004,7 +1988,6 @@ pub mod env {
 
 	/// Calculates Ethereum address from the ECDSA compressed public key and stores
 	/// See [`pallet_revive_uapi::HostFn::ecdsa_to_eth_address`].
-	#[stable]
 	fn ecdsa_to_eth_address(
 		&mut self,
 		memory: &mut M,
@@ -2026,7 +2009,6 @@ pub mod env {
 
 	/// Adds a new delegate dependency to the contract.
 	/// See [`pallet_revive_uapi::HostFn::lock_delegate_dependency`].
-	#[stable]
 	#[mutating]
 	fn lock_delegate_dependency(
 		&mut self,
@@ -2041,7 +2023,6 @@ pub mod env {
 
 	/// Removes the delegate dependency from the contract.
 	/// see [`pallet_revive_uapi::HostFn::unlock_delegate_dependency`].
-	#[stable]
 	#[mutating]
 	fn unlock_delegate_dependency(
 		&mut self,
