EACL data size constraint of the container contract #125

New issue

Open

opened 2025-12-28 18:08:36 +00:00 by sami · 3 comments

sami commented

2025-12-28 18:08:36 +00:00

Owner

Originally created by @AnnaShaleva on GitHub (Jan 27, 2023).

The size of Container struct stored in the container contract by nspcc-dev/neofs-contract@dc89137484/container/container_contract.go (L731) is restricted by the stackitem.MaxSize constraint (1MB).

The struct in the serialized representation takes has the following fields:

value (ByteString, 1 byte for stackitem type + len(serialized container bytes))
sig (ByteString, 1 byte for stackitem type + 64 bytes of the signature)
pub (ByteString, 1 byte for the stackitem type + 33 bytes of the compressed key)
token (ByteString, 1 byte for the stackitem type + [0 or len(SessionToken bytes)])

We need to estimate the maximum size of the serialized container representation to ensure it fits the limits.

The same thing should be done for eACL
(estimate the maximum size of serialized eACL representation).

Ref. #304.

Originally created by @AnnaShaleva on GitHub (Jan 27, 2023). The size of `Container` struct stored in the container contract by https://github.com/nspcc-dev/neofs-contract/blob/dc89137484cd042e79378d4745558cc560b6368a/container/container_contract.go#L731 is restricted by the `stackitem.MaxSize` constraint (1MB). The struct in the serialized representation takes has the following fields: - value (ByteString, 1 byte for stackitem type + len(serialized container bytes)) - sig (ByteString, 1 byte for stackitem type + 64 bytes of the signature) - pub (ByteString, 1 byte for the stackitem type + 33 bytes of the compressed key) - token (ByteString, 1 byte for the stackitem type + [0 or len(SessionToken bytes)]) We need to estimate the maximum size of the serialized container representation to ensure it fits the limits. The same thing should be done for [eACL](https://github.com/nspcc-dev/neofs-contract/blob/dc89137484cd042e79378d4745558cc560b6368a/container/container_contract.go#L501) (estimate the maximum size of serialized `eACL` representation). Ref. #304.

sami added the

container

labels

2025-12-28 18:08:36 +00:00

sami commented

2025-12-28 18:08:37 +00:00

Author

Owner

@roman-khimov commented on GitHub (Jan 27, 2023):

I think it's more limited by limits.MaxStorageValueLen. Probably this is not a big problem (maybe more relevant for EACLs).

@roman-khimov commented on GitHub (Jan 27, 2023): I think it's more limited by `limits.MaxStorageValueLen`. Probably this is not a big problem (maybe more relevant for EACLs).

sami commented

2025-12-28 18:08:37 +00:00

Author

Owner

@AnnaShaleva commented on GitHub (Jan 30, 2023):

I think it's more limited by limits.MaxStorageValueLen

Oh, that's definitely the case, I probably forgot to update my notes before the publishing, because I've also considered this case.

@AnnaShaleva commented on GitHub (Jan 30, 2023): > I think it's more limited by limits.MaxStorageValueLen Oh, that's definitely the case, I probably forgot to update my notes before the publishing, because I've also considered this case.

sami commented

2025-12-28 18:08:37 +00:00

Author

Owner

@roman-khimov commented on GitHub (Jul 11, 2025):

It's OK for containers, but https://github.com/nspcc-dev/neofs-s3-gw/issues/1016 and https://github.com/nspcc-dev/neofs-s3-gw/issues/1055 suggest that it's a real problem for EACLs when rules are created automatically. But solving it requires serious EACL rework.

@roman-khimov commented on GitHub (Jul 11, 2025): It's OK for containers, but https://github.com/nspcc-dev/neofs-s3-gw/issues/1016 and https://github.com/nspcc-dev/neofs-s3-gw/issues/1055 suggest that it's a real problem for EACLs when rules are created automatically. But solving it requires serious EACL rework.