feat: improved MoveAuthenticator::validity_check implementation

Author: valeriyr

crates/iota-types/src/move_authenticator.rs

@@ -8,7 +8,6 @@ use std::{
 
 use fastcrypto::{error::FastCryptoError, traits::ToFromBytes};
 use iota_protocol_config::ProtocolConfig;
-use move_core_types::language_storage::TypeTag;
 use once_cell::sync::OnceCell;
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
@@ -23,6 +22,7 @@ use crate::{
     signature::{AuthenticatorTrait, VerifyParams},
     signature_verification::VerifiedDigestCache,
     transaction::{CallArg, InputObjectKind, ObjectArg, SharedInputObject},
+    type_input::TypeInput,
 };
 
 /// MoveAuthenticator is a GenericSignature variant that enables a new
@@ -35,7 +35,7 @@ pub struct MoveAuthenticator {
     call_args: Vec<CallArg>,
     /// Type arguments for the Move authenticate function
     #[schemars(with = "String")]
-    type_arguments: Vec<TypeTag>, // TypeInput???
+    type_arguments: Vec<TypeInput>,
     /// The object that is authenticated. Represents the account being the
     /// sender of the transaction.
     object_to_authenticate: CallArg,
@@ -56,7 +56,7 @@ impl Hash for MoveAuthenticator {
 impl MoveAuthenticator {
     pub fn new_for_testing(
         call_args: Vec<CallArg>,
-        type_arguments: Vec<TypeTag>,
+        type_arguments: Vec<TypeInput>,
         object_to_authenticate: CallArg,
     ) -> Self {
         Self {
@@ -80,7 +80,7 @@ impl MoveAuthenticator {
         &self.call_args
     }
 
-    pub fn type_arguments(&self) -> &Vec<TypeTag> {
+    pub fn type_arguments(&self) -> &Vec<TypeInput> {
         &self.type_arguments
     }
 
@@ -142,30 +142,51 @@ impl MoveAuthenticator {
             .collect()
     }
 
-    /// Validity check for the MoveAuthenticator.
+    /// Validity check for MoveAuthenticator.
     pub fn validity_check(&self, config: &ProtocolConfig) -> UserInputResult {
         // Check that the object to authenticate is valid.
         self.object_to_authenticate_components()?;
 
         // Inputs validity check.
-
+        //
         // `validity_check` is not called for `object_to_authenticate` because it is
         // already validated with a dedicated function.
 
+        // `ProtocolConfig::max_arguments` is used to check the call arguments because
+        // MoveAuthenticator is considered as a simple programmable Move call.
+        fp_ensure!(
+            self.call_args().len() < (config.max_arguments() as usize),
+            UserInputError::SizeLimitExceeded {
+                limit: "maximum arguments in MoveAuthenticator".to_string(),
+                value: config.max_arguments().to_string()
+            }
+        );
+
+        // TODO: should we handle duplicate inputs somehow?
+
         self.call_args()
             .iter()
             .try_for_each(|obj| obj.validity_check(config))?;
 
-        if self.receiving_objects().len() > 0 {
-            return Err(UserInputError::Unsupported(
+        fp_ensure!(
+            self.receiving_objects().is_empty(),
+            UserInputError::Unsupported(
                 "MoveAuthenticator cannot have receiving objects as input".to_string(),
             )
-            .into());
-        }
+        );
 
-        // TODO: check max arguments amount.
-        // TODO: should we handle duplicate inputs somehow?
-        // TODO: TypeTag -> TypeInput and validate.
+        // Type arguments validity check.
+        //
+        // Each type argument is checked for validity in the same way as it is done for
+        // `ProgrammableMoveCall`.
+        let mut type_arguments_count = 0;
+        self.type_arguments().iter().try_for_each(|type_arg| {
+            crate::transaction::type_input_validity_check(
+                type_arg,
+                config,
+                &mut type_arguments_count,
+            )
+        })?;
 
         Ok(())
     }

crates/iota-types/src/transaction.rs

@@ -123,7 +123,7 @@ pub enum ObjectArg {
     Receiving(ObjectRef),
 }
 
-fn type_input_validity_check(
+pub fn type_input_validity_check(
     tag: &TypeInput,
     config: &ProtocolConfig,
     starting_count: &mut usize,
@@ -2638,32 +2638,35 @@ impl SenderSignedData {
         // Additional checks when `MoveAuthenticators` are present.
         let authenticators_num = self.move_authenticators().len();
         if authenticators_num > 0 {
-            if !tx_data.kind().is_programmable_transaction() {
-                return Err(UserInputError::Unsupported(
+            fp_ensure!(
+                tx_data.kind().is_programmable_transaction(),
+                UserInputError::Unsupported(
                     "SenderSignedData with MoveAuthenticator must be a programmable transaction"
                         .to_string(),
                 )
-                .into());
-            }
+                .into()
+            );
 
             // TODO(https://github.com/iotaledger/iota/issues/8966): The following
             // restrictions are temporary added until we implement `MoveAuthenticator`
             // support for sponsors.
 
-            if authenticators_num > 1 {
-                return Err(UserInputError::Unsupported(
+            fp_ensure!(
+                authenticators_num == 1,
+                UserInputError::Unsupported(
                     "SenderSignedData with more than one MoveAuthenticator is not supported"
                         .to_string(),
                 )
-                .into());
-            }
+                .into()
+            );
 
-            if self.sender_move_authenticator().is_none() {
-                return Err(UserInputError::Unsupported(
+            fp_ensure!(
+                self.sender_move_authenticator().is_some(),
+                UserInputError::Unsupported(
                     "SenderSignedData can have MoveAuthenticator only for the sender".to_string(),
                 )
-                .into());
-            }
+                .into()
+            );
         }
 
         Ok(())

iota-execution/latest/iota-adapter/src/execution_engine.rs

@@ -1890,13 +1890,26 @@ mod checked {
         let mut args = vec![authenticator.object_to_authenticate().to_owned()];
         args.extend(authenticator.call_args().to_owned());
 
+        let type_arguments = authenticator
+            .type_arguments()
+            .iter()
+            .map(|t| {
+                t.as_type_tag().map_err(|err| {
+                    ExecutionError::new_with_source(
+                        ExecutionErrorKind::VMInvariantViolation,
+                        err.to_string(),
+                    )
+                })
+            })
+            .collect::<Result<Vec<_>, _>>()?;
+
         let res = builder.move_call(
             authenticator_info.package,
             Identifier::new(authenticator_info.module.clone())
                 .expect("`AuthenticatorInfoV1::module` is expected to be a valid `Identifier`"),
             Identifier::new(authenticator_info.function.clone())
                 .expect("`AuthenticatorInfoV1::function` is expected to be a valid `Identifier`"),
-            authenticator.type_arguments().to_owned(),
+            type_arguments,
             args,
         );