feat(world): prevent the World from calling itself
#1563
Conversation
🦋 Changeset detectedLatest commit: 0ad8bff The changes in this PR will be included in the next version bump. This PR includes changesets to release 29 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
|
chatted IRL about the world calling itself and @alvrs is gonna play with adding some reverts to keep this from happening (if it's behavior we expect not to happen and ideally want to prevent) |
The gas increase is insignificant, so I think it's worth it as an additional line of defence and to make this invariant more explicit |
alvrs
changed the title
address(this)World from calling itself
good catch, it should! |
packages/world/src/World.sol
Outdated
| AccessControl.requireOwner(ROOT_NAMESPACE_ID, msg.sender); | ||
| _installRootModule(module, args); | ||
| } | ||
|
|
||
| function _installRootModule(IModule module, bytes memory args) internal { | ||
| function _installRootModule(IModule module, bytes memory args) internal requireNoCallback { |
There was a problem hiding this comment.
given that this is internal, do we need this check?
There was a problem hiding this comment.
nope, already checked by installRootModule and installModule, good catch
packages/world/src/modules/keyswithvalue/KeysWithValueModule.sol
Outdated
Show resolved
Hide resolved
| Bool.getFieldLayout(), | ||
| defaultKeySchema, | ||
| Bool.getValueSchema(), | ||
| new string[](1), | ||
| new string[](1) | ||
| TwoFields.getFieldLayout(), | ||
| TwoFields.getKeySchema(), | ||
| TwoFields.getValueSchema(), | ||
| new string[](0), | ||
| new string[](2) |
There was a problem hiding this comment.
the Bool table used setField internally because it only has a single field, but we're trying to test setRecord here
fixes #1551
The world should never call itself. All operations to internal tables should happen as internal library calls, and all calls to root system should happen as a delegatecall to the system.
If it was possible to make the
Worldcall itself, it would be possible to access internal tables that only theWorldshould have access to. It should already not be possible to make theWorldcall itself, but since this is a very important invariant, we decided to make it explicit and revert ifmsg.senderisaddress(this)in allWorldmethods.