A simple check to reject obviously wrong validation code binaries (#1989)

* A simple check to reject obviously wrong validation code binaries

* Use wasm-magic constants in the tests.

* tabs not spaces

* move WASM_MAGIC into lib.rs

polkadot/runtime/common/src/paras_sudo_wrapper.rs

@@ -16,6 +16,7 @@
 
 //! A simple wrapper allowing `Sudo` to call into `paras` routines.
 
+use crate::WASM_MAGIC;
 use sp_std::prelude::*;
 use frame_support::{
 	decl_error, decl_module, ensure,
@@ -41,6 +42,8 @@ decl_error! {
 		/// A DMP message couldn't be sent because it exceeds the maximum size allowed for a downward
 		/// message.
 		ExceedsMaxMessageSize,
+		/// The validation code provided doesn't start with the Wasm file magic string.
+		DefinitelyNotWasm,
 	}
 }
 
@@ -57,6 +60,7 @@ decl_module! {
 			genesis: ParaGenesisArgs,
 		) -> DispatchResult {
 			ensure_root(origin)?;
+			ensure!(genesis.validation_code.0.starts_with(WASM_MAGIC), Error::<T>::DefinitelyNotWasm);
 			runtime_parachains::schedule_para_initialize::<T>(id, genesis);
 			Ok(())
 		}