Merge pull request #348 from oasisprotocol/kostko/feature/rofl

contracts: Add ROFL subcall rofl.IsAuthorizedOrigin

contracts/contracts/Subcall.sol

@@ -16,11 +16,16 @@ enum SubcallReceiptKind {
  * @notice Interact with Oasis Runtime SDK modules from Sapphire.
  */
 library Subcall {
+    // Consensus
     string private constant CONSENSUS_DELEGATE = "consensus.Delegate";
     string private constant CONSENSUS_UNDELEGATE = "consensus.Undelegate";
     string private constant CONSENSUS_WITHDRAW = "consensus.Withdraw";
     string private constant CONSENSUS_TAKE_RECEIPT = "consensus.TakeReceipt";
+    // Accounts
     string private constant ACCOUNTS_TRANSFER = "accounts.Transfer";
+    // ROFL
+    string private constant ROFL_IS_AUTHORIZED_ORIGIN =
+        "rofl.IsAuthorizedOrigin";
 
     /// Address of the SUBCALL precompile
     address internal constant SUBCALL =
@@ -42,6 +47,9 @@ library Subcall {
 
     error AccountsTransferError(uint64 status, string data);
 
+    /// The origin is not authorized for the given ROFL app
+    error RoflOriginNotAuthorizedForApp();
+
     /// Name of token cannot be CBOR encoded with current functions
     error TokenNameTooLong();
 
@@ -578,4 +586,22 @@ library Subcall {
             revert AccountsTransferError(status, string(data));
         }
     }
+
+    /**
+     * @notice Verify whether the origin transaction is signed by an authorized
+     * ROFL instance for the given application.
+     * @param appId ROFL app identifier
+     */
+    function roflEnsureAuthorizedOrigin(bytes21 appId) internal {
+        (uint64 status, bytes memory data) = subcall(
+            ROFL_IS_AUTHORIZED_ORIGIN,
+            abi.encodePacked(hex"55", appId) // CBOR byte string, 21 bytes.
+        );
+
+        // The result should be a CBOR-encoded boolean with the value true indicating
+        // that the origin is authorized for the given ROFL app.
+        if (status != 0 || data.length != 1 || data[0] != 0xf5) {
+            revert RoflOriginNotAuthorizedForApp();
+        }
+    }
 }

contracts/contracts/tests/SubcallTests.sol

@@ -109,6 +109,10 @@ contract SubcallTests {
         Subcall.consensusWithdraw(to, value);
     }
 
+    function testRoflEnsureAuthorizedOrigin(bytes21 appId) external {
+        Subcall.roflEnsureAuthorizedOrigin(appId);
+    }
+
     function testParseCBORUint(bytes memory result, uint256 offset)
         external
         pure

contracts/package.json

@@ -19,7 +19,7 @@
     "format::prettier": "prettier --write --plugin-search-dir=. '*.json' '**/*.ts' '**/*.sol'",
     "format": "npm-run-all format:**",
     "build": "hardhat compile",
-    "test": "hardhat test --network sapphire-localnet"
+    "test": "hardhat test --network sapphire-localnet --verbose"
   },
   "files": [
     "contracts"

contracts/test/subcall.ts

@@ -370,6 +370,26 @@ describe('Subcall', () => {
     }
   });
 
+  /// Verifies that the 'rofl.IsAuthorizedOrigin' operation can be executed
+  /// Currently it should always revert as there is no way to mock a ROFL app in tests.
+  it('rofl.IsAuthorizedOrigin', async () => {
+    const appId = getBytes(zeroPadValue(ownerAddr, 21));
+
+    // First test the raw subcall.
+    const msg = cborg.encode(appId);
+    let tx = await contract.testSubcall('rofl.IsAuthorizedOrigin', msg);
+    let receipt = await tx.wait();
+
+    if (!receipt) throw new Error('tx failed');
+    const event = decodeResult(receipt);
+    expect(event.status).eq(0n); // rofl.IsAuthorizedOrigin response status, 0 = success
+    expect(event.data).eq(false); // Boolean false to indicate failure.
+
+    // Also test the Subcall.roflEnsureAuthorizedOrigin wrapper.
+    tx = await contract.testRoflEnsureAuthorizedOrigin(appId);
+    await expect(tx).to.be.reverted;
+  });
+
   describe('Should successfully parse CBOR uint/s', () => {
     it('Should successfully parse CBOR uint8', async () => {
       const MAX_SAFE_UINT8 = 255n;