seal: Fail instantiate if new contract is below subsistence threshold (#6719)

* seal: Fail instantiate if new contract is below subsistence threshold

We need each contract that exists to be above the subsistence threshold
in order to keep up the guarantuee that we always leave a tombstone behind
with the exception of a contract that called `ext_terminate`.

* Fixup executor test

* Bump runtime

Author: athei

src/exec.rs

@@ -426,7 +426,10 @@ where
 				)?;
 
 			// Error out if insufficient remaining balance.
-			if T::Currency::free_balance(&dest) < nested.config.existential_deposit {
+			// We need each contract that exists to be above the subsistence threshold
+			// in order to keep up the guarantuee that we always leave a tombstone behind
+			// with the exception of a contract that called `ext_terminate`.
+			if T::Currency::free_balance(&dest) < nested.config.subsistence_threshold() {
 				Err("insufficient remaining balance")?
 			}
 
@@ -1016,7 +1019,7 @@ mod tests {
 
 			let mut gas_meter = GasMeter::<Test>::new(GAS_LIMIT);
 
-			let result = ctx.instantiate(1, &mut gas_meter, &code, vec![]);
+			let result = ctx.instantiate(cfg.subsistence_threshold(), &mut gas_meter, &code, vec![]);
 			assert_matches!(result, Ok(_));
 
 			let mut toks = gas_meter.tokens().iter();
@@ -1306,7 +1309,7 @@ mod tests {
 			set_balance(&ALICE, 100);
 
 			let result = ctx.instantiate(
-				1,
+				cfg.subsistence_threshold(),
 				&mut GasMeter::<Test>::new(GAS_LIMIT),
 				&input_data_ch,
 				vec![1, 2, 3, 4],
@@ -1549,7 +1552,7 @@ mod tests {
 				// Instantiate a contract and save it's address in `instantiated_contract_address`.
 				let (address, output) = ctx.ext.instantiate(
 					&dummy_ch,
-					15u64,
+					Config::<Test>::subsistence_threshold_uncached(),
 					ctx.gas_meter,
 					vec![]
 				).unwrap();
@@ -1679,7 +1682,7 @@ mod tests {
 			set_balance(&ALICE, 100);
 
 			let result = ctx.instantiate(
-				1,
+				cfg.subsistence_threshold(),
 				&mut GasMeter::<Test>::new(GAS_LIMIT),
 				&rent_allowance_ch,
 				vec![],

src/lib.rs

@@ -743,15 +743,15 @@ impl<T: Trait> Config<T> {
 	/// than the subsistence threshold in order to guarantee that a tombstone is created.
 	///
 	/// The only way to completely kill a contract without a tombstone is calling `ext_terminate`.
-	fn subsistence_threshold(&self) -> BalanceOf<T> {
+	pub fn subsistence_threshold(&self) -> BalanceOf<T> {
 		self.existential_deposit.saturating_add(self.tombstone_deposit)
 	}
 
 	/// The same as `subsistence_threshold` but without the need for a preloaded instance.
 	///
 	/// This is for cases where this value is needed in rent calculation rather than
 	/// during contract execution.
-	fn subsistence_threshold_uncached() -> BalanceOf<T> {
+	pub fn subsistence_threshold_uncached() -> BalanceOf<T> {
 		T::Currency::minimum_balance().saturating_add(T::TombstoneDeposit::get())
 	}
 }

src/tests.rs

@@ -385,13 +385,14 @@ fn instantiate_and_call_and_deposit_event() {
 		.build()
 		.execute_with(|| {
 			let _ = Balances::deposit_creating(&ALICE, 1_000_000);
+			let subsistence = super::Config::<Test>::subsistence_threshold_uncached();
 
 			assert_ok!(Contracts::put_code(Origin::signed(ALICE), wasm));
 
 			// Check at the end to get hash on error easily
 			let creation = Contracts::instantiate(
 				Origin::signed(ALICE),
-				100,
+				subsistence,
 				GAS_LIMIT,
 				code_hash.into(),
 				vec![],
@@ -421,14 +422,14 @@ fn instantiate_and_call_and_deposit_event() {
 				EventRecord {
 					phase: Phase::Initialization,
 					event: MetaEvent::balances(
-						pallet_balances::RawEvent::Endowed(BOB, 100)
+						pallet_balances::RawEvent::Endowed(BOB, subsistence)
 					),
 					topics: vec![],
 				},
 				EventRecord {
 					phase: Phase::Initialization,
 					event: MetaEvent::balances(
-						pallet_balances::RawEvent::Transfer(ALICE, BOB, 100)
+						pallet_balances::RawEvent::Transfer(ALICE, BOB, subsistence)
 					),
 					topics: vec![],
 				},

src/wasm/runtime.rs

@@ -617,10 +617,12 @@ define_env!(Env, <E: Ext>,
 	// This function creates an account and executes the constructor defined in the code specified
 	// by the code hash. The address of this new account is copied to `address_ptr` and its length
 	// to `address_len_ptr`. The constructors output buffer is copied to `output_ptr` and its
-	// length to `output_len_ptr`.
+	// length to `output_len_ptr`. The copy of the output buffer and address can be skipped by
+	// supplying the sentinel value of `u32::max_value()` to `output_ptr` or `address_ptr`.
 	//
-	// The copy of the output buffer and address can be skipped by supplying the sentinel value
-	// of `u32::max_value()` to `output_ptr` or `address_ptr`.
+	// After running the constructor it is verfied that the contract account holds at
+	// least the subsistence threshold. If that is not the case the instantion fails and
+	// the contract is not created.
 	//
 	// # Parameters
 	//