portal icon indicating copy to clipboard operation
portal copied to clipboard

Published 20 hours ago verified publisher icon dfinity

Add details on callback cycles reservation in security best practices

Open andrew-lee-work opened this issue 10 months ago • 0 comments

This issue is a follow-up from the PR for journaling best practices. There is not enough detail about cycles reservation in one of our recommendations in rust-canister-development-security-best-practices.md:

#### Recommendation

Recall that the responses to inter-canister calls are processed in the corresponding callback. If the callback traps, the cleanup (ic0.call_on_cleanup) is executed. When making an inter-canister call, the ICP reserves sufficiently many cycles to execute the response callback or cleanup (up to the instruction limit). A fixed fraction of the reservation is for the cleanup. Thus, a response or cleanup execution can never “run out of cycles”, but they can run into the instruction limit and trap.

Issue raised by oggy:

Do you actually know which percentage is reserved? This sounds like something we should document, maybe here? Can you still hit that percentage limit in the call_on_cleanup?

Originally posted by @oggy-dfin in https://github.com/dfinity/portal/pull/2356#discussion_r1551400597

andrew-lee-work avatar Apr 24 '24 16:04 andrew-lee-work