oasis-sdk icon indicating copy to clipboard operation
oasis-sdk copied to clipboard

Published 20 hours ago verified publisher icon oasisprotocol

runtime-sdk: add RNG

Open nhynes opened this issue 3 years ago • 3 comments

Open questions:

  • should clients provide additional pers strings? it might be more secure if used properly, but will people know (how) to use it?

TODOs:

  • [ ] tests

nhynes avatar Jul 06 '22 11:07 nhynes

Codecov Report

Merging #1037 (a7680f3) into main (04944cb) will decrease coverage by 0.60%. The diff coverage is 48.09%.

@@            Coverage Diff             @@
##             main    #1037      +/-   ##
==========================================
- Coverage   65.18%   64.58%   -0.61%     
==========================================
  Files         134      135       +1     
  Lines       12309    12356      +47     
==========================================
- Hits         8024     7980      -44     
- Misses       4253     4344      +91     
  Partials       32       32
Impacted Files Coverage Δ
client-sdk/go/modules/contracts/types.go 15.38% <ø> (ø)
contract-sdk-macros/src/error_derive.rs 86.07% <ø> (ø)
contract-sdk-macros/src/event_derive.rs 88.67% <ø> (ø)
contract-sdk/src/abi/env.rs 0.00% <ø> (ø)
contract-sdk/src/testing.rs 10.66% <0.00%> (-0.93%) :arrow_down:
runtime-sdk-macros/src/error_derive.rs 83.33% <ø> (ø)
runtime-sdk-macros/src/method_handler_derive.rs 93.82% <ø> (ø)
runtime-sdk/modules/contracts/src/lib.rs 66.18% <ø> (ø)
runtime-sdk/modules/evm/src/backend.rs 58.53% <0.00%> (-4.63%) :arrow_down:
runtime-sdk/src/crypto/random.rs 0.00% <0.00%> (ø)
... and 23 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

codecov[bot] avatar Jul 06 '22 11:07 codecov[bot]

As a side note:

Do we want to expose a VRF construct somewhere so that it would be easy to make a chainlink VRF knockoff?

I think to do it "correctly", you would need prove, verify, and proof to hash (roughly speaking the chainlink design is a 2-step process: commit to alpha in one step, retrieve pi/beta in another step). This is done so that properly coded applications can prevent users/executors/etc from fishing for an alpha value (because it is committed), to get a beta that produces a desired result.

Yawning avatar Jul 10 '22 11:07 Yawning

should clients provide additional pers strings? it might be more secure if used properly, but will people know (how) to use it?

I like having an integrated way to do domain-separation. The case when nothing is provided should (still) be secure if this is done correctly.

Yawning avatar Sep 27 '22 08:09 Yawning