gno icon indicating copy to clipboard operation
gno copied to clipboard
verified publisher icon gnolang

fix(params): SetBytes should not alter the value bytes

Open tbruyelle opened this issue 1 month ago β€’ 7 comments

SetBytes is used by the IBC contract to store the commitment bytes. Then the relayer submit the proof of existence of those bytes to the counter party chain, but if the value bytes are different, the proof cannot be verified.

This PR updates SetBytes to use directly the store instead of passing by the common set method, preventing the value to be aminoJSON encoded.

Removed GetRaw/SetRaw since GetBytes/SetBytes can be used as a replacement.

Note: I can't use SetRaw from gno code.

EDIT: added an other feature which is the deletion of value when SetBytes is invoked with a nil value. This is also required to remove the traces of packet commitments in IBC.

tbruyelle avatar Nov 21 '25 16:11 tbruyelle

πŸ›  PR Checks Summary

All Automated Checks passed. βœ…

Manual Checks (for Reviewers):
  • [ ] IGNORE the bot requirements for this PR (force green CI check)
Read More

πŸ€– This bot helps streamline PR reviews by verifying automated checks and providing guidance for contributors and reviewers.

βœ… Automated Checks (for Contributors):

🟒 Maintainers must be able to edit this pull request (more info) 🟒 Pending initial approval by a review team member, or review from tech-staff

β˜‘οΈ Contributor Actions:
  1. Fix any issues flagged by automated checks.
  2. Follow the Contributor Checklist to ensure your PR is ready for review.
    • Add new tests, or document why they are unnecessary.
    • Provide clear examples/screenshots, if necessary.
    • Update documentation, if required.
    • Ensure no breaking changes, or include BREAKING CHANGE notes.
    • Link related issues/PRs, where applicable.
β˜‘οΈ Reviewer Actions:
  1. Complete manual checks for the PR, including the guidelines and additional checks if applicable.
πŸ“š Resources:
Debug
Automated Checks
Maintainers must be able to edit this pull request (more info)

If

🟒 Condition met
└── 🟒 And
    β”œβ”€β”€ 🟒 The base branch matches this pattern: ^master$
    └── 🟒 The pull request was created from a fork (head branch repo: tbruyelle/gno)

Then

🟒 Requirement satisfied
└── 🟒 Maintainer can modify this pull request
Pending initial approval by a review team member, or review from tech-staff

If

🟒 Condition met
└── 🟒 And
    β”œβ”€β”€ 🟒 The base branch matches this pattern: ^master$
    └── 🟒 Not (πŸ”΄ Pull request author is a member of the team: tech-staff)

Then

🟒 Requirement satisfied
└── 🟒 If
    β”œβ”€β”€ 🟒 Condition
    β”‚   └── 🟒 Or
    β”‚       β”œβ”€β”€ πŸ”΄ At least one of these user(s) reviewed the pull request: [jefft0 leohhhn n0izn0iz notJoon omarsy x1unix] (with state "APPROVED")
    β”‚       β”œβ”€β”€ 🟒 At least 1 user(s) of the team tech-staff reviewed pull request
    β”‚       └── πŸ”΄ This pull request is a draft
    └── 🟒 Then
        └── 🟒 Not (πŸ”΄ This label is applied to pull request: review/triage-pending)
Manual Checks
**IGNORE** the bot requirements for this PR (force green CI check)

If

🟒 Condition met
└── 🟒 On every pull request

Can be checked by

  • Any user with comment edit permission

Gno2D2 avatar Nov 21 '25 16:11 Gno2D2

Codecov Report

:x: Patch coverage is 77.77778% with 2 lines in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
tm2/pkg/sdk/params/keeper.go 75.00% 2 Missing :warning:

:loudspeaker: Thoughts on this report? Let us know!

codecov[bot] avatar Nov 21 '25 16:11 codecov[bot]

Hi @tbruyelle . Are you able to fix the failed CI checks?

jefft0 avatar Nov 27 '25 09:11 jefft0

Hi @tbruyelle . Are you able to fix the failed CI checks?

Thank you for pointing that out; I hadn't spotted it. I'll take a look.

tbruyelle avatar Nov 27 '25 11:11 tbruyelle

@jefft0 Tests are fixed, ty

tbruyelle avatar Nov 27 '25 13:11 tbruyelle

I opened this PR (#4926) as an alternative that achieves the goal of the original while maintaining the previous API and ensuring consistency with other calls in this library.

moul avatar Nov 28 '25 18:11 moul

I opened this PR (#4926) as an alternative that achieves the goal of the original while maintaining the previous API and ensuring consistency with other calls in this library.

Since GetBytes replaces GetRaw, it sounded more logic to me to stick to GetRaw API rather than the others Get*. The others Get* take a pointer mainly because of the extra amino decoding step, which is now absent from GetBytes. Hence, I'm in favour of keeping my version, but yours also works well for what I need, so up to you.

tbruyelle avatar Nov 29 '25 13:11 tbruyelle

CleanShot 2025-12-15 at 13 27 01

This is the inconsistency I mentioned in your PR. Since you said my PR works as well, I suggest merging mine, which has the highest level of consistency.

moul avatar Dec 15 '25 12:12 moul

CleanShot 2025-12-15 at 13 27 01 This is the inconsistency I mentioned in your PR. Since you said my PR works as well, I suggest merging mine, which has the highest level of consistency.

The inconsistency was already present in master between GetRaw and the others Get*. And this higher level of consistency forces you to declare a byte array before using GetBytes while it is useless. I'm not convinced but feel free to merge your PR and close that one. As along as I can use the parameters to store arbitrary bytes, it's OK for me.

tbruyelle avatar Dec 15 '25 13:12 tbruyelle

GetRaw was an exception. GetString is more similar to other type-based getters. My PR (#4926) implements the necessary changes while maintaining consistency. ~(Edit: currently addressing your comment)~

If you dislike the current API with the needed declaration, we could consider changing it for all types, not just for String as you did here.

moul avatar Dec 15 '25 18:12 moul

GetRaw was an exception. GetString is more similar to other type-based getters. My PR (#4926) implements the necessary changes while maintaining consistency. ~(Edit: currently addressing your comment)~

If you dislike the current API with the needed declaration, we could consider changing it for all types, not just for String as you did here.

You mean GetBytes rather than GetString right ? You can't change the API for the other types, because as mentionned above the pointer is used for the amino unmarshalling. GetBytes becomes the exception just as GetRaw used to be, because it doesn't amino marshal the passed data.

tbruyelle avatar Dec 15 '25 20:12 tbruyelle

The key point is that GetXXX / SetXXX automatically append the XXX type suffix (.string, .int, etc.) to the key.

GetRaw / SetRaw were an exception not only because they skipped Amino marshalling, but because they allowed access to the raw value of any key. You had to manually append the suffix yourself, which made this possible:

SetString("foo", "bar")
GetRaw("foo.string")

GetBytes / SetBytes do append the .bytes suffix, so they are not an exception from that perspective. The only difference is that Amino marshalling is skipped, which is expected and sufficient here. That alone doesn’t justify having a separate or special API IMO.

This PR's approach may simplify a codebase that only ever uses a single type, but it breaks consistency for users who rely on multiple types and expect a uniform API.

moul avatar Dec 16 '25 11:12 moul

Merged #4905 so we can move forward, thank you.

moul avatar Dec 16 '25 11:12 moul

The key point is that GetXXX / SetXXX automatically append the XXX type suffix (.string, .int, etc.) to the key.

GetBytes / SetBytes do append the .bytes suffix

@moul Where does this take place? I've never seen anything like it before. It is potentially problematic because if the key is modified like this, it could compromise the proof verification process.

tbruyelle avatar Dec 17 '25 10:12 tbruyelle