Merge branch 'develop' into fix/block_replay_unsuccessful

Author: rdeioris

.github/actions/dockerfiles/Dockerfile.alpine-binary

@@ -31,7 +31,7 @@ RUN case "${TAG}" in \
             ;; \
         *) \
             echo "/bin/stacks-node mainnet" > /tmp/command.sh && \
-            rm /bin/blockstack-cli /bin/clarity-cli /bin/stacks-events /bin/stacks-inspect \
+            rm /bin/stacks-cli /bin/clarity-cli /bin/stacks-inspect \
             ;; \
     esac && \
     chmod +x /tmp/command.sh

.github/actions/dockerfiles/Dockerfile.debian-binary

@@ -31,7 +31,7 @@ RUN case "${TAG}" in \
             ;; \
         *) \
             echo "/bin/stacks-node mainnet" > /tmp/command.sh && \
-            rm /bin/blockstack-cli /bin/clarity-cli /bin/stacks-events /bin/stacks-inspect \
+            rm /bin/stacks-cli /bin/clarity-cli /bin/stacks-inspect \
             ;; \
     esac && \
     chmod +x /tmp/command.sh

.github/workflows/github-release.yml

@@ -62,7 +62,7 @@ jobs:
       inputs.node_tag != '' ||
       inputs.signer_tag != ''
     name: Build Binaries
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest-m
     needs:
       - andon-cord
     permissions:

CHANGELOG.md

@@ -7,6 +7,12 @@ and this project adheres to the versioning scheme outlined in the [README.md](RE
 
 ## Unreleased
 
+### Changed
+
+- Renamed Clarity 4's new `block-time` to `stacks-block-time`
+
+## [3.2.0.0.2]
+
 ### Added
 
 - Renamed `clarity-serialization` to `clarity-types`.
@@ -20,7 +26,16 @@ and this project adheres to the versioning scheme outlined in the [README.md](RE
   - `current-contract`
   - `block-time`
   - `to-ascii?`
+  - `restrict-assets?`
+  - `as-contract?`
+  - Special allowance expressions:
+    - `with-stx`
+    - `with-ft`
+    - `with-nft`
+    - `with-stacking`
+    - `with-all-assets-unsafe`
 - Added `contract_cost_limit_percentage` to the miner config file — sets the percentage of a block’s execution cost at which, if a large non-boot contract call would cause a BlockTooBigError, the miner will stop adding further non-boot contract calls and only include STX transfers and boot contract calls for the remainder of the block.
+- Fixed a bug caused by a miner winning a sortition with a block commit that pointed to a previous tip, which would cause the miner to try and reorg itself. [#6481](https://github.com/stacks-network/stacks-core/issues/6481)
 
 ### Changed
 

clarity-types/src/errors/analysis.rs

@@ -307,6 +307,16 @@ pub enum CheckErrors {
 
     // time checker errors
     ExecutionTimeExpired,
+
+    // contract post-conditions
+    ExpectedListOfAllowances(String, i32),
+    AllowanceExprNotAllowed,
+    ExpectedAllowanceExpr(String),
+    WithAllAllowanceNotAllowed,
+    WithAllAllowanceNotAlone,
+    WithNftExpectedListOfIdentifiers,
+    MaxIdentifierLengthExceeded(u32, u32),
+    TooManyAllowances(usize, usize),
 }
 
 #[derive(Debug, PartialEq)]
@@ -605,6 +615,14 @@ impl DiagnosableError for CheckErrors {
             CheckErrors::CostComputationFailed(s) => format!("contract cost computation failed: {s}"),
             CheckErrors::CouldNotDetermineSerializationType => "could not determine the input type for the serialization function".into(),
             CheckErrors::ExecutionTimeExpired => "execution time expired".into(),
+            CheckErrors::ExpectedListOfAllowances(fn_name, arg_num) => format!("{fn_name} expects a list of asset allowances as argument {arg_num}"),
+            CheckErrors::AllowanceExprNotAllowed => "allowance expressions are only allowed in the context of a `restrict-assets?` or `as-contract?`".into(),
+            CheckErrors::ExpectedAllowanceExpr(got_name) => format!("expected an allowance expression, got: {got_name}"),
+            CheckErrors::WithAllAllowanceNotAllowed => "with-all-assets-unsafe is not allowed here, only in the allowance list for `as-contract?`".into(),
+            CheckErrors::WithAllAllowanceNotAlone => "with-all-assets-unsafe must not be used along with other allowances".into(),
+            CheckErrors::WithNftExpectedListOfIdentifiers => "with-nft allowance must include a list of asset identifiers".into(),
+            CheckErrors::MaxIdentifierLengthExceeded(max_len, len) => format!("with-nft allowance identifiers list must not exceed {max_len} elements, got {len}"),
+            CheckErrors::TooManyAllowances(max_allowed, found) => format!("too many allowances specified, the maximum is {max_allowed}, found {found}"),
         }
     }
 

clarity-types/src/types/mod.rs

@@ -1235,6 +1235,16 @@ impl Value {
             Err(InterpreterError::Expect("Expected response".into()).into())
         }
     }
+
+    pub fn expect_string_ascii(self) -> Result<String> {
+        if let Value::Sequence(SequenceData::String(CharType::ASCII(ASCIIData { data }))) = self {
+            Ok(String::from_utf8(data)
+                .map_err(|_| InterpreterError::Expect("Non UTF-8 data in string".into()))?)
+        } else {
+            error!("Value '{self:?}' is not an ASCII string");
+            Err(InterpreterError::Expect("Expected ASCII string".into()).into())
+        }
+    }
 }
 
 impl BuffData {

clarity-types/src/types/signatures.rs

@@ -855,6 +855,8 @@ impl TypeSignature {
     pub const STRING_ASCII_MAX: TypeSignature = Self::type_ascii_const(MAX_VALUE_SIZE);
     /// String ASCII type with length 40.
     pub const STRING_ASCII_40: TypeSignature = Self::type_ascii_const(40);
+    /// String ASCII type with length 128.
+    pub const STRING_ASCII_128: TypeSignature = Self::type_ascii_const(128);
 
     /// String UTF8 type with minimum length (`1`).
     pub const STRING_UTF8_MIN: TypeSignature = Self::type_string_utf8(1);
@@ -908,7 +910,7 @@ impl TypeSignature {
 
     /// Creates a string ASCII type with the specified length.
     /// It may panic if the provided length is invalid.
-    #[cfg(test)]
+    #[cfg(any(test, feature = "testing"))]
     pub const fn new_ascii_type_checked(len: u32) -> Self {
         Self::type_ascii_const(len)
     }

clarity/src/vm/analysis/arithmetic_checker/mod.rs

@@ -143,7 +143,7 @@ impl ArithmeticOnlyChecker<'_> {
             match native_var {
                 ContractCaller | TxSender | TotalLiquidMicroSTX | BlockHeight | BurnBlockHeight
                 | Regtest | TxSponsor | Mainnet | ChainId | StacksBlockHeight | TenureHeight
-                | BlockTime | CurrentContract => Err(Error::VariableForbidden(native_var)),
+                | StacksBlockTime | CurrentContract => Err(Error::VariableForbidden(native_var)),
                 NativeNone | NativeTrue | NativeFalse => Ok(()),
             }
         } else {
@@ -173,9 +173,31 @@ impl ArithmeticOnlyChecker<'_> {
             | ContractCall | StxTransfer | StxTransferMemo | StxBurn | AtBlock | GetStxBalance
             | GetTokenSupply | BurnToken | FromConsensusBuff | ToConsensusBuff | BurnAsset
             | StxGetAccount => Err(Error::FunctionNotPermitted(function)),
-            Append | Concat | AsMaxLen | ContractOf | PrincipalOf | ListCons | Print
-            | AsContract | ElementAt | ElementAtAlias | IndexOf | IndexOfAlias | Map | Filter
-            | Fold | Slice | ReplaceAt | ContractHash => Err(Error::FunctionNotPermitted(function)),
+            Append
+            | Concat
+            | AsMaxLen
+            | ContractOf
+            | PrincipalOf
+            | ListCons
+            | Print
+            | AsContract
+            | ElementAt
+            | ElementAtAlias
+            | IndexOf
+            | IndexOfAlias
+            | Map
+            | Filter
+            | Fold
+            | Slice
+            | ReplaceAt
+            | ContractHash
+            | RestrictAssets
+            | AsContractSafe
+            | AllowanceWithStx
+            | AllowanceWithFt
+            | AllowanceWithNft
+            | AllowanceWithStacking
+            | AllowanceAll => Err(Error::FunctionNotPermitted(function)),
             BuffToIntLe | BuffToUIntLe | BuffToIntBe | BuffToUIntBe => {
                 Err(Error::FunctionNotPermitted(function))
             }

clarity/src/vm/analysis/read_only_checker/mod.rs

@@ -282,20 +282,101 @@ impl<'a, 'b> ReadOnlyChecker<'a, 'b> {
         use crate::vm::functions::NativeFunctions::*;
 
         match function {
-            Add | Subtract | Divide | Multiply | CmpGeq | CmpLeq | CmpLess | CmpGreater
-            | Modulo | Power | Sqrti | Log2 | BitwiseXor | And | Or | Not | Hash160 | Sha256
-            | Keccak256 | Equals | If | Sha512 | Sha512Trunc256 | Secp256k1Recover
-            | Secp256k1Verify | ConsSome | ConsOkay | ConsError | DefaultTo | UnwrapRet
-            | UnwrapErrRet | IsOkay | IsNone | Asserts | Unwrap | UnwrapErr | Match | IsErr
-            | IsSome | TryRet | ToUInt | ToInt | BuffToIntLe | BuffToUIntLe | BuffToIntBe
-            | BuffToUIntBe | IntToAscii | IntToUtf8 | StringToInt | StringToUInt | IsStandard
-            | ToConsensusBuff | PrincipalDestruct | PrincipalConstruct | Append | Concat
-            | AsMaxLen | ContractOf | PrincipalOf | ListCons | GetBlockInfo | GetBurnBlockInfo
-            | GetStacksBlockInfo | GetTenureInfo | TupleGet | TupleMerge | Len | Print
-            | AsContract | Begin | FetchVar | GetStxBalance | StxGetAccount | GetTokenBalance
-            | GetAssetOwner | GetTokenSupply | ElementAt | IndexOf | Slice | ReplaceAt
-            | BitwiseAnd | BitwiseOr | BitwiseNot | BitwiseLShift | BitwiseRShift | BitwiseXor2
-            | ElementAtAlias | IndexOfAlias | ContractHash | ToAscii => {
+            Add
+            | Subtract
+            | Divide
+            | Multiply
+            | CmpGeq
+            | CmpLeq
+            | CmpLess
+            | CmpGreater
+            | Modulo
+            | Power
+            | Sqrti
+            | Log2
+            | BitwiseXor
+            | And
+            | Or
+            | Not
+            | Hash160
+            | Sha256
+            | Keccak256
+            | Equals
+            | If
+            | Sha512
+            | Sha512Trunc256
+            | Secp256k1Recover
+            | Secp256k1Verify
+            | ConsSome
+            | ConsOkay
+            | ConsError
+            | DefaultTo
+            | UnwrapRet
+            | UnwrapErrRet
+            | IsOkay
+            | IsNone
+            | Asserts
+            | Unwrap
+            | UnwrapErr
+            | Match
+            | IsErr
+            | IsSome
+            | TryRet
+            | ToUInt
+            | ToInt
+            | BuffToIntLe
+            | BuffToUIntLe
+            | BuffToIntBe
+            | BuffToUIntBe
+            | IntToAscii
+            | IntToUtf8
+            | StringToInt
+            | StringToUInt
+            | IsStandard
+            | ToConsensusBuff
+            | PrincipalDestruct
+            | PrincipalConstruct
+            | Append
+            | Concat
+            | AsMaxLen
+            | ContractOf
+            | PrincipalOf
+            | ListCons
+            | GetBlockInfo
+            | GetBurnBlockInfo
+            | GetStacksBlockInfo
+            | GetTenureInfo
+            | TupleGet
+            | TupleMerge
+            | Len
+            | Print
+            | AsContract
+            | Begin
+            | FetchVar
+            | GetStxBalance
+            | StxGetAccount
+            | GetTokenBalance
+            | GetAssetOwner
+            | GetTokenSupply
+            | ElementAt
+            | IndexOf
+            | Slice
+            | ReplaceAt
+            | BitwiseAnd
+            | BitwiseOr
+            | BitwiseNot
+            | BitwiseLShift
+            | BitwiseRShift
+            | BitwiseXor2
+            | ElementAtAlias
+            | IndexOfAlias
+            | ContractHash
+            | ToAscii
+            | AllowanceWithStx
+            | AllowanceWithFt
+            | AllowanceWithNft
+            | AllowanceWithStacking
+            | AllowanceAll => {
                 // Check all arguments.
                 self.check_each_expression_is_read_only(args)
             }
@@ -427,6 +508,45 @@ impl<'a, 'b> ReadOnlyChecker<'a, 'b> {
                 self.check_each_expression_is_read_only(&args[2..])
                     .map(|args_read_only| args_read_only && is_function_read_only)
             }
+            RestrictAssets => {
+                check_arguments_at_least(3, args)?;
+
+                // Check the asset owner argument.
+                let asset_owner_read_only = self.check_read_only(&args[0])?;
+
+                // Check the allowances argument.
+                let allowances =
+                    args[1]
+                        .match_list()
+                        .ok_or(CheckErrors::ExpectedListOfAllowances(
+                            "restrict-assets?".into(),
+                            2,
+                        ))?;
+                let allowances_read_only = self.check_each_expression_is_read_only(allowances)?;
+
+                // Check the body expressions.
+                let body_read_only = self.check_each_expression_is_read_only(&args[2..])?;
+
+                Ok(asset_owner_read_only && allowances_read_only && body_read_only)
+            }
+            AsContractSafe => {
+                check_arguments_at_least(2, args)?;
+
+                // Check the allowances argument.
+                let allowances =
+                    args[0]
+                        .match_list()
+                        .ok_or(CheckErrors::ExpectedListOfAllowances(
+                            "as-contract?".into(),
+                            1,
+                        ))?;
+                let allowances_read_only = self.check_each_expression_is_read_only(allowances)?;
+
+                // Check the body expressions.
+                let body_read_only = self.check_each_expression_is_read_only(&args[1..])?;
+
+                Ok(allowances_read_only && body_read_only)
+            }
         }
     }
 

clarity/src/vm/analysis/type_checker/v2_05/mod.rs

@@ -330,9 +330,9 @@ fn type_reserved_variable(variable_name: &str) -> Result<Option<TypeSignature>,
             NativeFalse => TypeSignature::BoolType,
             TotalLiquidMicroSTX => TypeSignature::UIntType,
             Regtest => TypeSignature::BoolType,
-            TxSponsor | Mainnet | ChainId | StacksBlockHeight | TenureHeight | BlockTime | CurrentContract => {
+            TxSponsor | Mainnet | ChainId | StacksBlockHeight | TenureHeight | StacksBlockTime | CurrentContract => {
                 return Err(CheckErrors::Expects(
-                    "tx-sponsor, mainnet, chain-id, stacks-block-height, tenure-height, block-time, and current-contract should not reach here in 2.05".into(),
+                    "tx-sponsor, mainnet, chain-id, stacks-block-height, tenure-height, stacks-block-time, and current-contract should not reach here in 2.05".into(),
                 )
                 .into())
             }