feat(world): prevent the World from calling itself

[alvrs]

fixes #1551

The world should never call itself. All operations to internal tables should happen as internal library calls, and all calls to root system should happen as a delegatecall to the system.

If it was possible to make the World call itself, it would be possible to access internal tables that only the World should have access to. It should already not be possible to make the World call itself, but since this is a very important invariant, we decided to make it explicit and revert if msg.sender is address(this) in all World methods.

[changeset-bot]

🦋 Changeset detected

Latest commit: 0ad8bff

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 29 packages

Name	Type
@latticexyz/world	Major
@latticexyz/cli	Major
@latticexyz/dev-tools	Major
@latticexyz/store-sync	Major
@latticexyz/store-indexer	Major
@latticexyz/abi-ts	Major
@latticexyz/block-logs-stream	Major
@latticexyz/common	Major
@latticexyz/config	Major
create-mud	Major
@latticexyz/ecs-browser	Major
@latticexyz/faucet	Major
@latticexyz/gas-report	Major
@latticexyz/network	Major
@latticexyz/noise	Major
@latticexyz/phaserx	Major
@latticexyz/protocol-parser	Major
@latticexyz/react	Major
@latticexyz/recs	Major
@latticexyz/schema-type	Major
@latticexyz/services	Major
@latticexyz/solecs	Major
solhint-config-mud	Major
solhint-plugin-mud	Major
@latticexyz/std-client	Major
@latticexyz/std-contracts	Major
@latticexyz/store-cache	Major
@latticexyz/store	Major
@latticexyz/utils	Major

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[frolic]

chatted IRL about the world calling itself and @alvrs is gonna play with adding some reverts to keep this from happening (if it's behavior we expect not to happen and ideally want to prevent)

[alvrs]

chatted IRL about the world calling itself and @alvrs is gonna play with adding some reverts to keep this from happening (if it's behavior we expect not to happen and ideally want to prevent)

The gas increase is insignificant, so I think it's worth it as an additional line of defence and to make this invariant more explicit

[frolic]

Should fallback have this check too?

[alvrs]

Should fallback have this check too?

good catch, it should!

[frolic]

given that this is internal, do we need this check?

[alvrs]

nope, already checked by installRootModule and installModule, good catch

[alvrs]

the Bool table used setField internally because it only has a single field, but we're trying to test setRecord here

[frolic]

A thing we might consider doing in a follow up is a TS test that parses the World contract, looks at all the public/external non-view/pure functions, and make sure they also use the modifier. (I don't think we can do this in foundry)