docs(oracle): document auth-after-effect ordering#288
Conversation
Adds an Authorization Check Ordering subsection under Restricted Write Interface, a Rationale entry explaining the design intent, and a Security Considerations section covering the block-gas-budget and trace-interpretation implications for integrators. Refs #287 Generated-by: engineer-agent
TroublorBot
requested review from
RealiCZ,
Troublor,
flyq and
vincent-k2026
as code owners
Troublor
added
api:unchanged
|
Documentation is accurate, well-structured, and follows spec conventions. The Security Considerations section covers both the gas-budget attack surface and the trace-consumer pitfall clearly. The design-intent hint block and rationale entry complement each other without being redundant. One minor phrasing issue flagged inline; otherwise LGTM. |
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
| #### Authorization Check Ordering | ||
|
|
||
| For `setSlot`, `setSlots`, `emitLog`, and `emitLogs`, the function body — including all `SSTORE` operations and `LOG` emissions — MUST execute before the caller authorization check. | ||
| On an unauthorized call, the body MUST run to completion (consuming gas for the iteration and any storage writes), and the call MUST then revert with `NotSystemAddress()`. |
There was a problem hiding this comment.
The phrase "the iteration and any storage writes" doesn't fit setSlot (single SSTORE, no loop) or emitLog/emitLogs (LOG emissions, no SSTORE). Suggest something like:
| On an unauthorized call, the body MUST run to completion (consuming gas for the iteration and any storage writes), and the call MUST then revert with `NotSystemAddress()`. | |
| On an unauthorized call, the body MUST run to completion (consuming gas for all operations it performs — `SSTORE` writes, `LOG` emissions, and any loop iterations), and the call MUST then revert with `NotSystemAddress()`. |
|
Applied the reviewer's suggestion verbatim — replaced "consuming gas for the iteration and any storage writes" with "consuming gas for all operations it performs — |
…ring Replaces "the iteration and any storage writes" with a more precise enumeration covering SSTORE writes, LOG emissions, and loop iterations, so the phrasing correctly describes setSlot and emitLog/emitLogs in addition to the batched variants. Generated-by: engineer-agent
|
Previous phrasing fix was applied correctly. Documentation is accurate, well-structured, and covers all the necessary behavioral, rationale, and security angles. LGTM. |
|
Acknowledged — no further changes needed. |
3 participants
Summary
Documents Oracle auth-after-effect ordering, including block gas consumption and trace-consumer implications.
Fixes #287