Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add details on callback cycles reservation in security best practices #2817

Open
andrew-lee-work opened this issue Apr 24, 2024 · 0 comments
Open

Add details on callback cycles reservation in security best practices #2817

andrew-lee-work opened this issue Apr 24, 2024 · 0 comments

Comments

@andrew-lee-work
Copy link
Contributor

andrew-lee-work commented Apr 24, 2024
edited
Loading

This issue is a follow-up from the PR for journaling best practices. There is not enough detail about cycles reservation in one of our recommendations in rust-canister-development-security-best-practices.md:

#### Recommendation

Recall that the responses to inter-canister calls are processed in the corresponding callback. If the callback traps, the cleanup (ic0.call_on_cleanup) is executed. When making an inter-canister call, the ICP reserves sufficiently many cycles to execute the response callback or cleanup (up to the instruction limit). A fixed fraction of the reservation is for the cleanup. Thus, a response or cleanup execution can never “run out of cycles”, but they can run into the instruction limit and trap.

Issue raised by oggy:

Do you actually know which percentage is reserved? This sounds like something we should document, maybe here?
Can you still hit that percentage limit in the call_on_cleanup?

Originally posted by @oggy-dfin in #2356 (comment)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@andrew-lee-work