Skip to content

Commit 4c113df

Browse files
gregdhillgregdhill
authored
Merge pull request #1150 from sander2/fix/allow-xcm-send
feat: allow polkadotXcm.send
2 parents 1064f97 + b5f0458 commit 4c113df

2 files changed

Lines changed: 14 additions & 6 deletions

File tree

parachain/runtime/interlay/src/lib.rs

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -197,11 +197,15 @@ impl Contains<RuntimeCall> for BaseCallFilter {
197197
) {
198198
// always allow core calls
199199
true
200-
} else if let RuntimeCall::PolkadotXcm(_) = call {
201-
// For security reasons, disallow usage of the xcm package by users. Sudo and
200+
} else if let RuntimeCall::PolkadotXcm(polkadot_xcm_call) = call {
201+
// For security reasons, disallow most usage of the xcm package by users. Sudo and
202202
// governance are still able to call these (sudo is explicitly white-listed, while
203203
// governance bypasses this call filter).
204-
false
204+
205+
// We do allow PolkadotXcm.send - it's needed for e.g. wormhole interactions on
206+
// moonbeam/moonriver. We could probably also allow other functions, but this way
207+
// we don't need to worry about security implications of these functions
208+
matches!(polkadot_xcm_call, pallet_xcm::Call::<Runtime>::send { .. })
205209
} else if let RuntimeCall::EVM(_) = call {
206210
// disable non-root EVM access
207211
false

parachain/runtime/kintsugi/src/lib.rs

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -196,11 +196,15 @@ impl Contains<RuntimeCall> for BaseCallFilter {
196196
) {
197197
// always allow core calls
198198
true
199-
} else if let RuntimeCall::PolkadotXcm(_) = call {
200-
// For security reasons, disallow usage of the xcm package by users. Sudo and
199+
} else if let RuntimeCall::PolkadotXcm(polkadot_xcm_call) = call {
200+
// For security reasons, disallow most usage of the xcm package by users. Sudo and
201201
// governance are still able to call these (sudo is explicitly white-listed, while
202202
// governance bypasses this call filter).
203-
false
203+
204+
// We do allow PolkadotXcm.send - it's needed for e.g. wormhole interactions on
205+
// moonbeam/moonriver. We could probably also allow other functions, but this way
206+
// we don't need to worry about security implications of these functions
207+
matches!(polkadot_xcm_call, pallet_xcm::Call::<Runtime>::send { .. })
204208
} else if let RuntimeCall::EVM(_) = call {
205209
// disable non-root EVM access
206210
false

0 commit comments

Comments
 (0)