2019-12-06 16:05:11 +01:00
|
|
|
# beacon_chain
|
2022-01-04 09:45:38 +00:00
|
|
|
# Copyright (c) 2019-2022 Status Research & Development GmbH
|
2019-12-06 16:05:11 +01:00
|
|
|
# Licensed and distributed under either of
|
|
|
|
# * MIT license (license terms in the root directory or at http://opensource.org/licenses/MIT).
|
|
|
|
# * Apache v2 license (license terms in the root directory or at http://www.apache.org/licenses/LICENSE-2.0).
|
|
|
|
# at your option. This file may not be copied, modified, or distributed except according to those terms.
|
|
|
|
|
2020-04-24 09:16:11 +02:00
|
|
|
{.push raises: [Defect].}
|
|
|
|
|
2022-03-14 14:05:38 +01:00
|
|
|
# References to `vFuture` refer to the pre-release proposal of the libp2p based
|
|
|
|
# light client sync protocol. Conflicting release versions are not in use.
|
|
|
|
# https://github.com/ethereum/consensus-specs/pull/2802
|
|
|
|
|
2019-12-06 13:05:00 +01:00
|
|
|
import
|
2021-04-02 16:36:43 +02:00
|
|
|
# Status
|
2021-04-26 22:39:44 +02:00
|
|
|
chronicles, chronos, metrics,
|
2021-03-06 08:32:55 +01:00
|
|
|
stew/results,
|
2021-04-02 16:36:43 +02:00
|
|
|
# Internals
|
2022-01-12 14:50:30 +00:00
|
|
|
../spec/datatypes/[phase0, altair, bellatrix],
|
2021-03-05 14:12:00 +01:00
|
|
|
../spec/[
|
2021-08-12 15:08:20 +02:00
|
|
|
beaconstate, state_transition_block, forks, helpers, network, signatures],
|
2021-03-05 14:12:00 +01:00
|
|
|
../consensus_object_pools/[
|
2021-08-28 10:40:01 +00:00
|
|
|
attestation_pool, blockchain_dag, block_quarantine, exit_pool, spec_cache,
|
2022-05-23 14:02:54 +02:00
|
|
|
light_client_pool, sync_committee_msg_pool],
|
2021-10-19 16:09:26 +02:00
|
|
|
".."/[beacon_clock],
|
2021-04-02 16:36:43 +02:00
|
|
|
./batch_validation
|
2019-12-06 13:05:00 +01:00
|
|
|
|
2021-04-12 22:25:09 +02:00
|
|
|
from libp2p/protocols/pubsub/pubsub import ValidationResult
|
2021-07-26 09:51:14 +00:00
|
|
|
|
2021-11-05 16:39:47 +01:00
|
|
|
export results, ValidationResult
|
2021-04-12 22:25:09 +02:00
|
|
|
|
2020-06-16 07:45:04 +02:00
|
|
|
logScope:
|
2021-03-06 08:32:55 +01:00
|
|
|
topics = "gossip_checks"
|
2020-06-10 08:58:12 +02:00
|
|
|
|
2021-04-26 22:39:44 +02:00
|
|
|
declareCounter beacon_attestations_dropped_queue_full,
|
|
|
|
"Number of attestations dropped because queue is full"
|
|
|
|
|
|
|
|
declareCounter beacon_aggregates_dropped_queue_full,
|
|
|
|
"Number of aggregates dropped because queue is full"
|
|
|
|
|
2021-12-09 13:56:54 +01:00
|
|
|
declareCounter beacon_sync_messages_dropped_queue_full,
|
|
|
|
"Number of sync committee messages dropped because queue is full"
|
|
|
|
|
|
|
|
declareCounter beacon_contributions_dropped_queue_full,
|
|
|
|
"Number of sync committee contributions dropped because queue is full"
|
|
|
|
|
2021-11-05 16:39:47 +01:00
|
|
|
# This result is a little messy in that it returns Result.ok for
|
|
|
|
# ValidationResult.Accept and an err for the others - this helps transport
|
|
|
|
# an error message to callers but could arguably be done in an cleaner way.
|
|
|
|
type
|
|
|
|
ValidationError* = (ValidationResult, cstring)
|
|
|
|
|
|
|
|
template errIgnore*(msg: cstring): untyped =
|
2021-08-24 21:49:51 +02:00
|
|
|
err((ValidationResult.Ignore, cstring msg))
|
2021-11-05 16:39:47 +01:00
|
|
|
template errReject*(msg: cstring): untyped =
|
2021-08-24 21:49:51 +02:00
|
|
|
err((ValidationResult.Reject, cstring msg))
|
|
|
|
|
2021-04-02 16:36:43 +02:00
|
|
|
# Internal checks
|
|
|
|
# ----------------------------------------------------------------
|
|
|
|
|
2021-03-01 20:50:43 +01:00
|
|
|
func check_attestation_block(
|
|
|
|
pool: AttestationPool, attestationSlot: Slot, blck: BlockRef):
|
2021-11-05 16:39:47 +01:00
|
|
|
Result[void, ValidationError] =
|
2021-03-01 20:50:43 +01:00
|
|
|
# The voted-for block must be a descendant of the finalized block, thus it
|
|
|
|
# must at least as new than the finalized checkpoint - in theory it could be
|
|
|
|
# equal, but then we're voting for an already-finalized block which is pretty
|
|
|
|
# useless - other blocks that are not rooted in the finalized chain will be
|
|
|
|
# pruned by the chain dag, and thus we can no longer get a BlockRef for them
|
2021-06-01 13:13:40 +02:00
|
|
|
if not (blck.slot > pool.dag.finalizedHead.slot):
|
2021-08-24 21:49:51 +02:00
|
|
|
return errIgnore("Voting for already-finalized block")
|
2020-07-13 16:58:38 +02:00
|
|
|
|
2021-03-01 20:50:43 +01:00
|
|
|
# The attestation shouldn't be voting for a block that didn't exist at the
|
|
|
|
# time - not in spec, but hard to reason about
|
|
|
|
if not (attestationSlot >= blck.slot):
|
2021-08-24 21:49:51 +02:00
|
|
|
return errIgnore("Voting for block that didn't exist at the time")
|
2020-07-13 16:58:38 +02:00
|
|
|
|
2021-03-01 20:50:43 +01:00
|
|
|
# We'll also cap it at 4 epochs which is somewhat arbitrary, but puts an
|
|
|
|
# upper bound on the processing done to validate the attestation
|
|
|
|
# TODO revisit with less arbitrary approach
|
|
|
|
if not ((attestationSlot - blck.slot) <= uint64(4 * SLOTS_PER_EPOCH)):
|
2021-08-24 21:49:51 +02:00
|
|
|
return errIgnore("Voting for very old block")
|
2020-07-13 16:58:38 +02:00
|
|
|
|
2020-08-27 09:34:12 +02:00
|
|
|
ok()
|
2020-07-13 16:58:38 +02:00
|
|
|
|
2020-08-27 09:34:12 +02:00
|
|
|
func check_propagation_slot_range(
|
2022-01-09 00:28:49 +01:00
|
|
|
msgSlot: Slot, wallTime: BeaconTime): Result[Slot, ValidationError] =
|
2020-08-27 09:34:12 +02:00
|
|
|
let
|
|
|
|
futureSlot = (wallTime + MAXIMUM_GOSSIP_CLOCK_DISPARITY).toSlot()
|
2020-07-27 18:04:44 +02:00
|
|
|
|
2021-07-26 09:51:14 +00:00
|
|
|
if not futureSlot.afterGenesis or msgSlot > futureSlot.slot:
|
2021-08-24 21:49:51 +02:00
|
|
|
return errIgnore("Attestation slot in the future")
|
2020-06-10 08:58:12 +02:00
|
|
|
|
2020-08-27 09:34:12 +02:00
|
|
|
let
|
|
|
|
pastSlot = (wallTime - MAXIMUM_GOSSIP_CLOCK_DISPARITY).toSlot()
|
|
|
|
|
2022-05-31 11:15:31 +00:00
|
|
|
# https://github.com/ethereum/consensus-specs/blob/v1.2.0-rc.1/specs/phase0/p2p-interface.md#configuration
|
2020-12-07 12:56:49 +01:00
|
|
|
# The spec value of ATTESTATION_PROPAGATION_SLOT_RANGE is 32, but it can
|
|
|
|
# retransmit attestations on the cusp of being out of spec, and which by
|
|
|
|
# the time they reach their destination might be out of spec.
|
|
|
|
const ATTESTATION_PROPAGATION_SLOT_RANGE = 28
|
|
|
|
|
2020-08-27 09:34:12 +02:00
|
|
|
if pastSlot.afterGenesis and
|
2021-07-26 09:51:14 +00:00
|
|
|
msgSlot + ATTESTATION_PROPAGATION_SLOT_RANGE < pastSlot.slot:
|
2021-08-24 21:49:51 +02:00
|
|
|
return errIgnore("Attestation slot in the past")
|
2020-08-27 09:34:12 +02:00
|
|
|
|
2022-01-09 00:28:49 +01:00
|
|
|
ok(msgSlot)
|
2020-08-27 09:34:12 +02:00
|
|
|
|
2021-03-01 20:50:43 +01:00
|
|
|
func check_beacon_and_target_block(
|
|
|
|
pool: var AttestationPool, data: AttestationData):
|
2022-01-05 19:38:04 +01:00
|
|
|
Result[BlockSlot, ValidationError] =
|
2021-03-01 20:50:43 +01:00
|
|
|
# The block being voted for (data.beacon_block_root) passes validation - by
|
|
|
|
# extension, the target block must at that point also pass validation.
|
|
|
|
# The target block is returned.
|
2020-08-27 09:34:12 +02:00
|
|
|
# We rely on the chain DAG to have been validated, so check for the existence
|
|
|
|
# of the block in the pool.
|
limit by-root requests to non-finalized blocks (#3293)
* limit by-root requests to non-finalized blocks
Presently, we keep a mapping from block root to `BlockRef` in memory -
this has simplified reasoning about the dag, but is not sustainable with
the chain growing.
We can distinguish between two cases where by-root access is useful:
* unfinalized blocks - this is where the beacon chain is operating
generally, by validating incoming data as interesting for future fork
choice decisions - bounded by the length of the unfinalized period
* finalized blocks - historical access in the REST API etc - no bounds,
really
In this PR, we limit the by-root block index to the first use case:
finalized chain data can more efficiently be addressed by slot number.
Future work includes:
* limiting the `BlockRef` horizon in general - each instance is 40
bytes+overhead which adds up - this needs further refactoring to deal
with the tail vs state problem
* persisting the finalized slot-to-hash index - this one also keeps
growing unbounded (albeit slowly)
Anyway, this PR easily shaves ~128mb of memory usage at the time of
writing.
* No longer honor `BeaconBlocksByRoot` requests outside of the
non-finalized period - previously, Nimbus would generously return any
block through this libp2p request - per the spec, finalized blocks
should be fetched via `BeaconBlocksByRange` instead.
* return `Opt[BlockRef]` instead of `nil` when blocks can't be found -
this becomes a lot more common now and thus deserves more attention
* `dag.blocks` -> `dag.forkBlocks` - this index only carries unfinalized
blocks from now - `finalizedBlocks` covers the other `BlockRef`
instances
* in backfill, verify that the last backfilled block leads back to
genesis, or panic
* add backfill timings to log
* fix missing check that `BlockRef` block can be fetched with
`getForkedBlock` reliably
* shortcut doppelganger check when feature is not enabled
* in REST/JSON-RPC, fetch blocks without involving `BlockRef`
* fix dag.blocks ref
2022-01-21 12:33:16 +01:00
|
|
|
let blck = pool.dag.getBlockRef(data.beacon_block_root).valueOr:
|
2021-12-06 10:49:01 +01:00
|
|
|
pool.quarantine[].addMissing(data.beacon_block_root)
|
2021-08-24 21:49:51 +02:00
|
|
|
return errIgnore("Attestation block unknown")
|
2020-08-27 09:34:12 +02:00
|
|
|
|
|
|
|
# Not in spec - check that rewinding to the state is sane
|
2021-03-01 20:50:43 +01:00
|
|
|
? check_attestation_block(pool, data.slot, blck)
|
2020-08-27 09:34:12 +02:00
|
|
|
|
2021-03-01 20:50:43 +01:00
|
|
|
# [REJECT] The attestation's target block is an ancestor of the block named
|
|
|
|
# in the LMD vote -- i.e. get_ancestor(store,
|
|
|
|
# attestation.data.beacon_block_root,
|
|
|
|
# compute_start_slot_at_epoch(attestation.data.target.epoch)) ==
|
|
|
|
# attestation.data.target.root
|
2022-01-05 19:38:04 +01:00
|
|
|
# the sanity of target.epoch has been checked by check_attestation_slot_target
|
2022-07-06 03:33:02 -07:00
|
|
|
let target = blck.atCheckpoint(data.target).valueOr:
|
|
|
|
return errReject("Attestation target is not ancestor of LMD vote block")
|
2021-03-01 20:50:43 +01:00
|
|
|
|
|
|
|
ok(target)
|
2020-08-27 09:34:12 +02:00
|
|
|
|
|
|
|
func check_aggregation_count(
|
2021-11-05 16:39:47 +01:00
|
|
|
attestation: Attestation, singular: bool): Result[void, ValidationError] =
|
2021-04-12 22:25:09 +02:00
|
|
|
|
|
|
|
let ones = attestation.aggregation_bits.countOnes()
|
|
|
|
if singular and ones != 1:
|
2021-08-24 21:49:51 +02:00
|
|
|
return errReject("Attestation must have a single attestation bit set")
|
2021-04-12 22:25:09 +02:00
|
|
|
elif not singular and ones < 1:
|
2021-08-24 21:49:51 +02:00
|
|
|
return errReject("Attestation must have at least one attestation bit set")
|
2020-08-27 09:34:12 +02:00
|
|
|
|
|
|
|
ok()
|
|
|
|
|
|
|
|
func check_attestation_subnet(
|
2022-01-09 00:28:49 +01:00
|
|
|
epochRef: EpochRef, slot: Slot, committee_index: CommitteeIndex,
|
2021-11-05 16:39:47 +01:00
|
|
|
subnet_id: SubnetId): Result[void, ValidationError] =
|
2020-08-27 09:34:12 +02:00
|
|
|
let
|
2021-12-08 17:29:22 +00:00
|
|
|
expectedSubnet = compute_subnet_for_attestation(
|
2022-01-09 00:28:49 +01:00
|
|
|
get_committee_count_per_slot(epochRef), slot, committee_index)
|
2020-08-27 09:34:12 +02:00
|
|
|
|
2021-05-10 09:13:36 +02:00
|
|
|
if expectedSubnet != subnet_id:
|
2021-08-24 21:49:51 +02:00
|
|
|
return errReject("Attestation not on the correct subnet")
|
2020-08-27 09:34:12 +02:00
|
|
|
|
|
|
|
ok()
|
|
|
|
|
2021-04-02 16:36:43 +02:00
|
|
|
# Gossip Validation
|
|
|
|
# ----------------------------------------------------------------
|
|
|
|
|
2021-08-24 21:49:51 +02:00
|
|
|
template checkedReject(msg: cstring): untyped =
|
2021-07-19 11:58:22 +00:00
|
|
|
if verifyFinalization in pool.dag.updateFlags:
|
|
|
|
# This doesn't depend on the wall clock or the exact state of the DAG; it's
|
|
|
|
# an internal consistency/correctness check only, and effectively never has
|
|
|
|
# false positives. These don't, for example, arise from timeouts.
|
2021-08-18 14:30:05 +02:00
|
|
|
raiseAssert $msg
|
2021-09-27 10:38:36 +02:00
|
|
|
errReject(msg)
|
2021-07-19 11:58:22 +00:00
|
|
|
|
2021-11-05 16:39:47 +01:00
|
|
|
template checkedReject(error: ValidationError): untyped =
|
2021-07-19 11:58:22 +00:00
|
|
|
doAssert error[0] == ValidationResult.Reject
|
|
|
|
if verifyFinalization in pool.dag.updateFlags:
|
|
|
|
# This doesn't depend on the wall clock or the exact state of the DAG; it's
|
|
|
|
# an internal consistency/correctness check only, and effectively never has
|
|
|
|
# false positives. These don't, for example, arise from timeouts.
|
2021-08-18 14:30:05 +02:00
|
|
|
raiseAssert $error[1]
|
2021-07-19 11:58:22 +00:00
|
|
|
err(error)
|
|
|
|
|
2022-01-04 09:45:38 +00:00
|
|
|
template validateBeaconBlockBellatrix(
|
2021-12-08 17:29:22 +00:00
|
|
|
signed_beacon_block: phase0.SignedBeaconBlock |
|
limit by-root requests to non-finalized blocks (#3293)
* limit by-root requests to non-finalized blocks
Presently, we keep a mapping from block root to `BlockRef` in memory -
this has simplified reasoning about the dag, but is not sustainable with
the chain growing.
We can distinguish between two cases where by-root access is useful:
* unfinalized blocks - this is where the beacon chain is operating
generally, by validating incoming data as interesting for future fork
choice decisions - bounded by the length of the unfinalized period
* finalized blocks - historical access in the REST API etc - no bounds,
really
In this PR, we limit the by-root block index to the first use case:
finalized chain data can more efficiently be addressed by slot number.
Future work includes:
* limiting the `BlockRef` horizon in general - each instance is 40
bytes+overhead which adds up - this needs further refactoring to deal
with the tail vs state problem
* persisting the finalized slot-to-hash index - this one also keeps
growing unbounded (albeit slowly)
Anyway, this PR easily shaves ~128mb of memory usage at the time of
writing.
* No longer honor `BeaconBlocksByRoot` requests outside of the
non-finalized period - previously, Nimbus would generously return any
block through this libp2p request - per the spec, finalized blocks
should be fetched via `BeaconBlocksByRange` instead.
* return `Opt[BlockRef]` instead of `nil` when blocks can't be found -
this becomes a lot more common now and thus deserves more attention
* `dag.blocks` -> `dag.forkBlocks` - this index only carries unfinalized
blocks from now - `finalizedBlocks` covers the other `BlockRef`
instances
* in backfill, verify that the last backfilled block leads back to
genesis, or panic
* add backfill timings to log
* fix missing check that `BlockRef` block can be fetched with
`getForkedBlock` reliably
* shortcut doppelganger check when feature is not enabled
* in REST/JSON-RPC, fetch blocks without involving `BlockRef`
* fix dag.blocks ref
2022-01-21 12:33:16 +01:00
|
|
|
altair.SignedBeaconBlock,
|
|
|
|
parent: BlockRef): untyped =
|
2021-12-08 17:29:22 +00:00
|
|
|
discard
|
|
|
|
|
2022-01-06 18:35:38 +00:00
|
|
|
# https://github.com/ethereum/consensus-specs/blob/v1.1.7/specs/merge/p2p-interface.md#beacon_block
|
2022-01-04 09:45:38 +00:00
|
|
|
template validateBeaconBlockBellatrix(
|
limit by-root requests to non-finalized blocks (#3293)
* limit by-root requests to non-finalized blocks
Presently, we keep a mapping from block root to `BlockRef` in memory -
this has simplified reasoning about the dag, but is not sustainable with
the chain growing.
We can distinguish between two cases where by-root access is useful:
* unfinalized blocks - this is where the beacon chain is operating
generally, by validating incoming data as interesting for future fork
choice decisions - bounded by the length of the unfinalized period
* finalized blocks - historical access in the REST API etc - no bounds,
really
In this PR, we limit the by-root block index to the first use case:
finalized chain data can more efficiently be addressed by slot number.
Future work includes:
* limiting the `BlockRef` horizon in general - each instance is 40
bytes+overhead which adds up - this needs further refactoring to deal
with the tail vs state problem
* persisting the finalized slot-to-hash index - this one also keeps
growing unbounded (albeit slowly)
Anyway, this PR easily shaves ~128mb of memory usage at the time of
writing.
* No longer honor `BeaconBlocksByRoot` requests outside of the
non-finalized period - previously, Nimbus would generously return any
block through this libp2p request - per the spec, finalized blocks
should be fetched via `BeaconBlocksByRange` instead.
* return `Opt[BlockRef]` instead of `nil` when blocks can't be found -
this becomes a lot more common now and thus deserves more attention
* `dag.blocks` -> `dag.forkBlocks` - this index only carries unfinalized
blocks from now - `finalizedBlocks` covers the other `BlockRef`
instances
* in backfill, verify that the last backfilled block leads back to
genesis, or panic
* add backfill timings to log
* fix missing check that `BlockRef` block can be fetched with
`getForkedBlock` reliably
* shortcut doppelganger check when feature is not enabled
* in REST/JSON-RPC, fetch blocks without involving `BlockRef`
* fix dag.blocks ref
2022-01-21 12:33:16 +01:00
|
|
|
signed_beacon_block: bellatrix.SignedBeaconBlock,
|
|
|
|
parent: BlockRef): untyped =
|
2021-12-08 17:29:22 +00:00
|
|
|
# If the execution is enabled for the block -- i.e.
|
|
|
|
# is_execution_enabled(state, block.body) then validate the following:
|
|
|
|
let executionEnabled =
|
|
|
|
if signed_beacon_block.message.body.execution_payload !=
|
|
|
|
default(ExecutionPayload):
|
|
|
|
true
|
limit by-root requests to non-finalized blocks (#3293)
* limit by-root requests to non-finalized blocks
Presently, we keep a mapping from block root to `BlockRef` in memory -
this has simplified reasoning about the dag, but is not sustainable with
the chain growing.
We can distinguish between two cases where by-root access is useful:
* unfinalized blocks - this is where the beacon chain is operating
generally, by validating incoming data as interesting for future fork
choice decisions - bounded by the length of the unfinalized period
* finalized blocks - historical access in the REST API etc - no bounds,
really
In this PR, we limit the by-root block index to the first use case:
finalized chain data can more efficiently be addressed by slot number.
Future work includes:
* limiting the `BlockRef` horizon in general - each instance is 40
bytes+overhead which adds up - this needs further refactoring to deal
with the tail vs state problem
* persisting the finalized slot-to-hash index - this one also keeps
growing unbounded (albeit slowly)
Anyway, this PR easily shaves ~128mb of memory usage at the time of
writing.
* No longer honor `BeaconBlocksByRoot` requests outside of the
non-finalized period - previously, Nimbus would generously return any
block through this libp2p request - per the spec, finalized blocks
should be fetched via `BeaconBlocksByRange` instead.
* return `Opt[BlockRef]` instead of `nil` when blocks can't be found -
this becomes a lot more common now and thus deserves more attention
* `dag.blocks` -> `dag.forkBlocks` - this index only carries unfinalized
blocks from now - `finalizedBlocks` covers the other `BlockRef`
instances
* in backfill, verify that the last backfilled block leads back to
genesis, or panic
* add backfill timings to log
* fix missing check that `BlockRef` block can be fetched with
`getForkedBlock` reliably
* shortcut doppelganger check when feature is not enabled
* in REST/JSON-RPC, fetch blocks without involving `BlockRef`
* fix dag.blocks ref
2022-01-21 12:33:16 +01:00
|
|
|
elif dag.getEpochRef(parent, parent.slot.epoch, true).expect(
|
2022-01-05 19:38:04 +01:00
|
|
|
"parent EpochRef doesn't fail").merge_transition_complete:
|
|
|
|
# Should usually be inexpensive, but could require cache refilling - the
|
|
|
|
# parent block can be no older than the latest finalized block
|
2021-12-08 17:29:22 +00:00
|
|
|
true
|
|
|
|
else:
|
|
|
|
# Somewhat more expensive fallback, with database I/O, but should be
|
|
|
|
# mostly relevant around merge transition epochs. It's possible that
|
|
|
|
# the previous block is phase 0 or Altair, if this is the transition
|
|
|
|
# block itself.
|
2022-03-11 13:08:17 +01:00
|
|
|
let blockData = dag.getForkedBlock(parent.bid)
|
|
|
|
if blockData.isOk():
|
|
|
|
case blockData.get().kind:
|
|
|
|
of BeaconBlockFork.Phase0:
|
|
|
|
false
|
|
|
|
of BeaconBlockFork.Altair:
|
|
|
|
false
|
|
|
|
of BeaconBlockFork.Bellatrix:
|
2022-05-23 19:30:24 +00:00
|
|
|
# https://github.com/ethereum/consensus-specs/blob/v1.2.0-rc.1/specs/bellatrix/beacon-chain.md#process_execution_payload
|
2022-03-11 13:08:17 +01:00
|
|
|
# shows how this gets folded into the state each block; checking this
|
|
|
|
# is equivalent, without ever requiring state replay or any similarly
|
|
|
|
# expensive computation.
|
|
|
|
blockData.get().bellatrixData.message.body.execution_payload !=
|
|
|
|
default(ExecutionPayload)
|
|
|
|
else:
|
|
|
|
warn "Cannot load block parent, assuming execution is disabled",
|
|
|
|
parent = shortLog(parent)
|
2021-12-08 17:29:22 +00:00
|
|
|
false
|
|
|
|
|
|
|
|
if executionEnabled:
|
|
|
|
# [REJECT] The block's execution payload timestamp is correct with respect
|
|
|
|
# to the slot -- i.e. execution_payload.timestamp ==
|
|
|
|
# compute_timestamp_at_slot(state, block.slot).
|
|
|
|
let timestampAtSlot =
|
2022-03-16 08:20:40 +01:00
|
|
|
withState(dag.headState):
|
2021-12-08 17:29:22 +00:00
|
|
|
compute_timestamp_at_slot(state.data, signed_beacon_block.message.slot)
|
|
|
|
if not (signed_beacon_block.message.body.execution_payload.timestamp ==
|
|
|
|
timestampAtSlot):
|
2022-01-26 13:20:08 +01:00
|
|
|
quarantine[].addUnviable(signed_beacon_block.root)
|
2021-12-08 17:29:22 +00:00
|
|
|
return errReject("BeaconBlock: Mismatched execution payload timestamp")
|
|
|
|
|
2022-01-29 01:05:39 +00:00
|
|
|
# https://github.com/ethereum/consensus-specs/blob/v1.1.9/specs/phase0/p2p-interface.md#beacon_block
|
2022-01-26 17:22:06 +00:00
|
|
|
# https://github.com/ethereum/consensus-specs/blob/v1.1.8/specs/bellatrix/p2p-interface.md#beacon_block
|
2021-11-05 16:39:47 +01:00
|
|
|
proc validateBeaconBlock*(
|
2021-12-06 10:49:01 +01:00
|
|
|
dag: ChainDAGRef, quarantine: ref Quarantine,
|
2021-12-08 17:29:22 +00:00
|
|
|
signed_beacon_block: phase0.SignedBeaconBlock | altair.SignedBeaconBlock |
|
2022-01-12 14:50:30 +00:00
|
|
|
bellatrix.SignedBeaconBlock,
|
2021-11-05 16:39:47 +01:00
|
|
|
wallTime: BeaconTime, flags: UpdateFlags): Result[void, ValidationError] =
|
|
|
|
# In general, checks are ordered from cheap to expensive. Especially, crypto
|
|
|
|
# verification could be quite a bit more expensive than the rest. This is an
|
|
|
|
# externally easy-to-invoke function by tossing network packets at the node.
|
|
|
|
|
|
|
|
# [IGNORE] The block is not from a future slot (with a
|
|
|
|
# MAXIMUM_GOSSIP_CLOCK_DISPARITY allowance) -- i.e. validate that
|
|
|
|
# signed_beacon_block.message.slot <= current_slot (a client MAY queue future
|
|
|
|
# blocks for processing at the appropriate slot).
|
|
|
|
if not (signed_beacon_block.message.slot <=
|
|
|
|
(wallTime + MAXIMUM_GOSSIP_CLOCK_DISPARITY).slotOrZero):
|
|
|
|
return errIgnore("BeaconBlock: slot too high")
|
|
|
|
|
|
|
|
# [IGNORE] The block is from a slot greater than the latest finalized slot --
|
|
|
|
# i.e. validate that signed_beacon_block.message.slot >
|
|
|
|
# compute_start_slot_at_epoch(state.finalized_checkpoint.epoch)
|
|
|
|
if not (signed_beacon_block.message.slot > dag.finalizedHead.slot):
|
|
|
|
return errIgnore("BeaconBlock: slot already finalized")
|
|
|
|
|
|
|
|
# [IGNORE] The block is the first block with valid signature received for the
|
|
|
|
# proposer for the slot, signed_beacon_block.message.slot.
|
|
|
|
#
|
|
|
|
# While this condition is similar to the proposer slashing condition at
|
2022-05-24 08:26:35 +00:00
|
|
|
# https://github.com/ethereum/consensus-specs/blob/v1.2.0-rc.1/specs/phase0/validator.md#proposer-slashing
|
2021-11-05 16:39:47 +01:00
|
|
|
# it's not identical, and this check does not address slashing:
|
|
|
|
#
|
|
|
|
# (1) The beacon blocks must be conflicting, i.e. different, for the same
|
|
|
|
# slot and proposer. This check also catches identical blocks.
|
|
|
|
#
|
|
|
|
# (2) By this point in the function, it's not been checked whether they're
|
|
|
|
# signed yet. As in general, expensive checks should be deferred, this
|
|
|
|
# would add complexity not directly relevant this function.
|
|
|
|
#
|
|
|
|
# (3) As evidenced by point (1), the similarity in the validation condition
|
|
|
|
# and slashing condition, while not coincidental, aren't similar enough
|
|
|
|
# to combine, as one or the other might drift.
|
|
|
|
#
|
|
|
|
# (4) Furthermore, this function, as much as possible, simply returns a yes
|
|
|
|
# or no answer, without modifying other state for p2p network interface
|
|
|
|
# validation. Complicating this interface, for the sake of sharing only
|
|
|
|
# couple lines of code, wouldn't be worthwhile.
|
|
|
|
#
|
|
|
|
# TODO might check unresolved/orphaned blocks too, and this might not see all
|
|
|
|
# blocks at a given slot (though, in theory, those get checked elsewhere), or
|
|
|
|
# adding metrics that count how often these conditions occur.
|
limit by-root requests to non-finalized blocks (#3293)
* limit by-root requests to non-finalized blocks
Presently, we keep a mapping from block root to `BlockRef` in memory -
this has simplified reasoning about the dag, but is not sustainable with
the chain growing.
We can distinguish between two cases where by-root access is useful:
* unfinalized blocks - this is where the beacon chain is operating
generally, by validating incoming data as interesting for future fork
choice decisions - bounded by the length of the unfinalized period
* finalized blocks - historical access in the REST API etc - no bounds,
really
In this PR, we limit the by-root block index to the first use case:
finalized chain data can more efficiently be addressed by slot number.
Future work includes:
* limiting the `BlockRef` horizon in general - each instance is 40
bytes+overhead which adds up - this needs further refactoring to deal
with the tail vs state problem
* persisting the finalized slot-to-hash index - this one also keeps
growing unbounded (albeit slowly)
Anyway, this PR easily shaves ~128mb of memory usage at the time of
writing.
* No longer honor `BeaconBlocksByRoot` requests outside of the
non-finalized period - previously, Nimbus would generously return any
block through this libp2p request - per the spec, finalized blocks
should be fetched via `BeaconBlocksByRange` instead.
* return `Opt[BlockRef]` instead of `nil` when blocks can't be found -
this becomes a lot more common now and thus deserves more attention
* `dag.blocks` -> `dag.forkBlocks` - this index only carries unfinalized
blocks from now - `finalizedBlocks` covers the other `BlockRef`
instances
* in backfill, verify that the last backfilled block leads back to
genesis, or panic
* add backfill timings to log
* fix missing check that `BlockRef` block can be fetched with
`getForkedBlock` reliably
* shortcut doppelganger check when feature is not enabled
* in REST/JSON-RPC, fetch blocks without involving `BlockRef`
* fix dag.blocks ref
2022-01-21 12:33:16 +01:00
|
|
|
if dag.containsForkBlock(signed_beacon_block.root):
|
2021-11-05 16:39:47 +01:00
|
|
|
# The gossip algorithm itself already does one round of hashing to find
|
|
|
|
# already-seen data, but it is fairly aggressive about forgetting about
|
|
|
|
# what it has seen already
|
|
|
|
# "[IGNORE] The block is the first block ..."
|
|
|
|
return errIgnore("BeaconBlock: already seen")
|
|
|
|
|
|
|
|
let
|
Prune `BlockRef` on finalization (#3513)
Up til now, the block dag has been using `BlockRef`, a structure adapted
for a full DAG, to represent all of chain history. This is a correct and
simple design, but does not exploit the linearity of the chain once
parts of it finalize.
By pruning the in-memory `BlockRef` structure at finalization, we save,
at the time of writing, a cool ~250mb (or 25%:ish) chunk of memory
landing us at a steady state of ~750mb normal memory usage for a
validating node.
Above all though, we prevent memory usage from growing proportionally
with the length of the chain, something that would not be sustainable
over time - instead, the steady state memory usage is roughly
determined by the validator set size which grows much more slowly. With
these changes, the core should remain sustainable memory-wise post-merge
all the way to withdrawals (when the validator set is expected to grow).
In-memory indices are still used for the "hot" unfinalized portion of
the chain - this ensure that consensus performance remains unchanged.
What changes is that for historical access, we use a db-based linear
slot index which is cache-and-disk-friendly, keeping the cost for
accessing historical data at a similar level as before, achieving the
savings at no percievable cost to functionality or performance.
A nice collateral benefit is the almost-instant startup since we no
longer load any large indicies at dag init.
The cost of this functionality instead can be found in the complexity of
having to deal with two ways of traversing the chain - by `BlockRef` and
by slot.
* use `BlockId` instead of `BlockRef` where finalized / historical data
may be required
* simplify clearance pre-advancement
* remove dag.finalizedBlocks (~50:ish mb)
* remove `getBlockAtSlot` - use `getBlockIdAtSlot` instead
* `parent` and `atSlot` for `BlockId` now require a `ChainDAGRef`
instance, unlike `BlockRef` traversal
* prune `BlockRef` parents on finality (~200:ish mb)
* speed up ChainDAG init by not loading finalized history index
* mess up light client server error handling - this need revisiting :)
2022-03-17 18:42:56 +01:00
|
|
|
slotBlock = getBlockIdAtSlot(dag, signed_beacon_block.message.slot)
|
2021-11-05 16:39:47 +01:00
|
|
|
|
2022-03-15 09:24:55 +01:00
|
|
|
if slotBlock.isSome() and slotBlock.get().isProposed() and
|
Prune `BlockRef` on finalization (#3513)
Up til now, the block dag has been using `BlockRef`, a structure adapted
for a full DAG, to represent all of chain history. This is a correct and
simple design, but does not exploit the linearity of the chain once
parts of it finalize.
By pruning the in-memory `BlockRef` structure at finalization, we save,
at the time of writing, a cool ~250mb (or 25%:ish) chunk of memory
landing us at a steady state of ~750mb normal memory usage for a
validating node.
Above all though, we prevent memory usage from growing proportionally
with the length of the chain, something that would not be sustainable
over time - instead, the steady state memory usage is roughly
determined by the validator set size which grows much more slowly. With
these changes, the core should remain sustainable memory-wise post-merge
all the way to withdrawals (when the validator set is expected to grow).
In-memory indices are still used for the "hot" unfinalized portion of
the chain - this ensure that consensus performance remains unchanged.
What changes is that for historical access, we use a db-based linear
slot index which is cache-and-disk-friendly, keeping the cost for
accessing historical data at a similar level as before, achieving the
savings at no percievable cost to functionality or performance.
A nice collateral benefit is the almost-instant startup since we no
longer load any large indicies at dag init.
The cost of this functionality instead can be found in the complexity of
having to deal with two ways of traversing the chain - by `BlockRef` and
by slot.
* use `BlockId` instead of `BlockRef` where finalized / historical data
may be required
* simplify clearance pre-advancement
* remove dag.finalizedBlocks (~50:ish mb)
* remove `getBlockAtSlot` - use `getBlockIdAtSlot` instead
* `parent` and `atSlot` for `BlockId` now require a `ChainDAGRef`
instance, unlike `BlockRef` traversal
* prune `BlockRef` parents on finality (~200:ish mb)
* speed up ChainDAG init by not loading finalized history index
* mess up light client server error handling - this need revisiting :)
2022-03-17 18:42:56 +01:00
|
|
|
slotBlock.get().bid.slot == signed_beacon_block.message.slot:
|
|
|
|
let curBlock = dag.getForkedBlock(slotBlock.get().bid)
|
2022-03-11 13:08:17 +01:00
|
|
|
if curBlock.isOk():
|
|
|
|
let data = curBlock.get()
|
|
|
|
if getForkedBlockField(data, proposer_index) ==
|
|
|
|
signed_beacon_block.message.proposer_index and
|
|
|
|
data.signature.toRaw() != signed_beacon_block.signature.toRaw():
|
|
|
|
return errIgnore("BeaconBlock: already proposed in the same slot")
|
2021-11-05 16:39:47 +01:00
|
|
|
|
|
|
|
# [IGNORE] The block's parent (defined by block.parent_root) has been seen
|
|
|
|
# (via both gossip and non-gossip sources) (a client MAY queue blocks for
|
|
|
|
# processing once the parent block is retrieved).
|
|
|
|
#
|
|
|
|
# And implicitly:
|
|
|
|
# [REJECT] The block's parent (defined by block.parent_root) passes validation.
|
limit by-root requests to non-finalized blocks (#3293)
* limit by-root requests to non-finalized blocks
Presently, we keep a mapping from block root to `BlockRef` in memory -
this has simplified reasoning about the dag, but is not sustainable with
the chain growing.
We can distinguish between two cases where by-root access is useful:
* unfinalized blocks - this is where the beacon chain is operating
generally, by validating incoming data as interesting for future fork
choice decisions - bounded by the length of the unfinalized period
* finalized blocks - historical access in the REST API etc - no bounds,
really
In this PR, we limit the by-root block index to the first use case:
finalized chain data can more efficiently be addressed by slot number.
Future work includes:
* limiting the `BlockRef` horizon in general - each instance is 40
bytes+overhead which adds up - this needs further refactoring to deal
with the tail vs state problem
* persisting the finalized slot-to-hash index - this one also keeps
growing unbounded (albeit slowly)
Anyway, this PR easily shaves ~128mb of memory usage at the time of
writing.
* No longer honor `BeaconBlocksByRoot` requests outside of the
non-finalized period - previously, Nimbus would generously return any
block through this libp2p request - per the spec, finalized blocks
should be fetched via `BeaconBlocksByRange` instead.
* return `Opt[BlockRef]` instead of `nil` when blocks can't be found -
this becomes a lot more common now and thus deserves more attention
* `dag.blocks` -> `dag.forkBlocks` - this index only carries unfinalized
blocks from now - `finalizedBlocks` covers the other `BlockRef`
instances
* in backfill, verify that the last backfilled block leads back to
genesis, or panic
* add backfill timings to log
* fix missing check that `BlockRef` block can be fetched with
`getForkedBlock` reliably
* shortcut doppelganger check when feature is not enabled
* in REST/JSON-RPC, fetch blocks without involving `BlockRef`
* fix dag.blocks ref
2022-01-21 12:33:16 +01:00
|
|
|
let parent = dag.getBlockRef(signed_beacon_block.message.parent_root).valueOr:
|
2022-01-26 13:20:08 +01:00
|
|
|
if signed_beacon_block.message.parent_root in quarantine[].unviable:
|
|
|
|
quarantine[].addUnviable(signed_beacon_block.root)
|
|
|
|
return errReject("BeaconBlock: parent from unviable fork")
|
|
|
|
|
2021-12-06 10:49:01 +01:00
|
|
|
# When the parent is missing, we can't validate the block - we'll queue it
|
|
|
|
# in the quarantine for later processing
|
2022-01-26 13:20:08 +01:00
|
|
|
if not quarantine[].addOrphan(
|
|
|
|
dag.finalizedHead.slot,
|
|
|
|
ForkedSignedBeaconBlock.init(signed_beacon_block)):
|
2021-11-05 16:39:47 +01:00
|
|
|
debug "Block quarantine full"
|
limit by-root requests to non-finalized blocks (#3293)
* limit by-root requests to non-finalized blocks
Presently, we keep a mapping from block root to `BlockRef` in memory -
this has simplified reasoning about the dag, but is not sustainable with
the chain growing.
We can distinguish between two cases where by-root access is useful:
* unfinalized blocks - this is where the beacon chain is operating
generally, by validating incoming data as interesting for future fork
choice decisions - bounded by the length of the unfinalized period
* finalized blocks - historical access in the REST API etc - no bounds,
really
In this PR, we limit the by-root block index to the first use case:
finalized chain data can more efficiently be addressed by slot number.
Future work includes:
* limiting the `BlockRef` horizon in general - each instance is 40
bytes+overhead which adds up - this needs further refactoring to deal
with the tail vs state problem
* persisting the finalized slot-to-hash index - this one also keeps
growing unbounded (albeit slowly)
Anyway, this PR easily shaves ~128mb of memory usage at the time of
writing.
* No longer honor `BeaconBlocksByRoot` requests outside of the
non-finalized period - previously, Nimbus would generously return any
block through this libp2p request - per the spec, finalized blocks
should be fetched via `BeaconBlocksByRange` instead.
* return `Opt[BlockRef]` instead of `nil` when blocks can't be found -
this becomes a lot more common now and thus deserves more attention
* `dag.blocks` -> `dag.forkBlocks` - this index only carries unfinalized
blocks from now - `finalizedBlocks` covers the other `BlockRef`
instances
* in backfill, verify that the last backfilled block leads back to
genesis, or panic
* add backfill timings to log
* fix missing check that `BlockRef` block can be fetched with
`getForkedBlock` reliably
* shortcut doppelganger check when feature is not enabled
* in REST/JSON-RPC, fetch blocks without involving `BlockRef`
* fix dag.blocks ref
2022-01-21 12:33:16 +01:00
|
|
|
|
2021-11-05 16:39:47 +01:00
|
|
|
return errIgnore("BeaconBlock: Parent not found")
|
|
|
|
|
2022-01-26 17:22:06 +00:00
|
|
|
# [REJECT] The block is from a higher slot than its parent.
|
|
|
|
if not (signed_beacon_block.message.slot > parent.bid.slot):
|
|
|
|
return errReject("BeaconBlock: block not from higher slot than its parent")
|
|
|
|
|
2021-11-05 16:39:47 +01:00
|
|
|
# [REJECT] The current finalized_checkpoint is an ancestor of block -- i.e.
|
|
|
|
# get_ancestor(store, block.parent_root,
|
|
|
|
# compute_start_slot_at_epoch(store.finalized_checkpoint.epoch)) ==
|
|
|
|
# store.finalized_checkpoint.root
|
|
|
|
let
|
2022-03-16 08:20:40 +01:00
|
|
|
finalized_checkpoint = getStateField(dag.headState, finalized_checkpoint)
|
limit by-root requests to non-finalized blocks (#3293)
* limit by-root requests to non-finalized blocks
Presently, we keep a mapping from block root to `BlockRef` in memory -
this has simplified reasoning about the dag, but is not sustainable with
the chain growing.
We can distinguish between two cases where by-root access is useful:
* unfinalized blocks - this is where the beacon chain is operating
generally, by validating incoming data as interesting for future fork
choice decisions - bounded by the length of the unfinalized period
* finalized blocks - historical access in the REST API etc - no bounds,
really
In this PR, we limit the by-root block index to the first use case:
finalized chain data can more efficiently be addressed by slot number.
Future work includes:
* limiting the `BlockRef` horizon in general - each instance is 40
bytes+overhead which adds up - this needs further refactoring to deal
with the tail vs state problem
* persisting the finalized slot-to-hash index - this one also keeps
growing unbounded (albeit slowly)
Anyway, this PR easily shaves ~128mb of memory usage at the time of
writing.
* No longer honor `BeaconBlocksByRoot` requests outside of the
non-finalized period - previously, Nimbus would generously return any
block through this libp2p request - per the spec, finalized blocks
should be fetched via `BeaconBlocksByRange` instead.
* return `Opt[BlockRef]` instead of `nil` when blocks can't be found -
this becomes a lot more common now and thus deserves more attention
* `dag.blocks` -> `dag.forkBlocks` - this index only carries unfinalized
blocks from now - `finalizedBlocks` covers the other `BlockRef`
instances
* in backfill, verify that the last backfilled block leads back to
genesis, or panic
* add backfill timings to log
* fix missing check that `BlockRef` block can be fetched with
`getForkedBlock` reliably
* shortcut doppelganger check when feature is not enabled
* in REST/JSON-RPC, fetch blocks without involving `BlockRef`
* fix dag.blocks ref
2022-01-21 12:33:16 +01:00
|
|
|
ancestor = get_ancestor(parent, finalized_checkpoint.epoch.start_slot)
|
2021-11-05 16:39:47 +01:00
|
|
|
|
|
|
|
if ancestor.isNil:
|
|
|
|
# This shouldn't happen: we should always be able to trace the parent back
|
|
|
|
# to the finalized checkpoint (else it wouldn't be in the DAG)
|
|
|
|
return errIgnore("BeaconBlock: Can't find ancestor")
|
|
|
|
|
2022-02-14 05:26:19 +00:00
|
|
|
if not (
|
|
|
|
finalized_checkpoint.root == ancestor.root or
|
|
|
|
finalized_checkpoint.root.isZero):
|
2022-01-26 13:20:08 +01:00
|
|
|
quarantine[].addUnviable(signed_beacon_block.root)
|
|
|
|
|
2021-11-05 16:39:47 +01:00
|
|
|
return errReject("BeaconBlock: Finalized checkpoint not an ancestor")
|
|
|
|
|
|
|
|
# [REJECT] The block is proposed by the expected proposer_index for the
|
|
|
|
# block's slot in the context of the current shuffling (defined by
|
|
|
|
# parent_root/slot). If the proposer_index cannot immediately be verified
|
|
|
|
# against the expected shuffling, the block MAY be queued for later
|
|
|
|
# processing while proposers for the block's branch are calculated -- in such
|
|
|
|
# a case do not REJECT, instead IGNORE this message.
|
|
|
|
let
|
limit by-root requests to non-finalized blocks (#3293)
* limit by-root requests to non-finalized blocks
Presently, we keep a mapping from block root to `BlockRef` in memory -
this has simplified reasoning about the dag, but is not sustainable with
the chain growing.
We can distinguish between two cases where by-root access is useful:
* unfinalized blocks - this is where the beacon chain is operating
generally, by validating incoming data as interesting for future fork
choice decisions - bounded by the length of the unfinalized period
* finalized blocks - historical access in the REST API etc - no bounds,
really
In this PR, we limit the by-root block index to the first use case:
finalized chain data can more efficiently be addressed by slot number.
Future work includes:
* limiting the `BlockRef` horizon in general - each instance is 40
bytes+overhead which adds up - this needs further refactoring to deal
with the tail vs state problem
* persisting the finalized slot-to-hash index - this one also keeps
growing unbounded (albeit slowly)
Anyway, this PR easily shaves ~128mb of memory usage at the time of
writing.
* No longer honor `BeaconBlocksByRoot` requests outside of the
non-finalized period - previously, Nimbus would generously return any
block through this libp2p request - per the spec, finalized blocks
should be fetched via `BeaconBlocksByRange` instead.
* return `Opt[BlockRef]` instead of `nil` when blocks can't be found -
this becomes a lot more common now and thus deserves more attention
* `dag.blocks` -> `dag.forkBlocks` - this index only carries unfinalized
blocks from now - `finalizedBlocks` covers the other `BlockRef`
instances
* in backfill, verify that the last backfilled block leads back to
genesis, or panic
* add backfill timings to log
* fix missing check that `BlockRef` block can be fetched with
`getForkedBlock` reliably
* shortcut doppelganger check when feature is not enabled
* in REST/JSON-RPC, fetch blocks without involving `BlockRef`
* fix dag.blocks ref
2022-01-21 12:33:16 +01:00
|
|
|
proposer = getProposer(dag, parent, signed_beacon_block.message.slot)
|
2021-11-05 16:39:47 +01:00
|
|
|
|
|
|
|
if proposer.isNone:
|
|
|
|
warn "cannot compute proposer for message"
|
|
|
|
return errIgnore("BeaconBlock: Cannot compute proposer") # internal issue
|
|
|
|
|
|
|
|
if uint64(proposer.get()) != signed_beacon_block.message.proposer_index:
|
2022-01-26 13:20:08 +01:00
|
|
|
quarantine[].addUnviable(signed_beacon_block.root)
|
|
|
|
|
2021-11-05 16:39:47 +01:00
|
|
|
return errReject("BeaconBlock: Unexpected proposer proposer")
|
|
|
|
|
|
|
|
# [REJECT] The proposer signature, signed_beacon_block.signature, is valid
|
|
|
|
# with respect to the proposer_index pubkey.
|
|
|
|
if not verify_block_signature(
|
|
|
|
dag.forkAtEpoch(signed_beacon_block.message.slot.epoch),
|
2022-03-16 08:20:40 +01:00
|
|
|
getStateField(dag.headState, genesis_validators_root),
|
2021-11-05 16:39:47 +01:00
|
|
|
signed_beacon_block.message.slot,
|
|
|
|
signed_beacon_block.root,
|
|
|
|
dag.validatorKey(proposer.get()).get(),
|
|
|
|
signed_beacon_block.signature):
|
2022-01-26 13:20:08 +01:00
|
|
|
quarantine[].addUnviable(signed_beacon_block.root)
|
|
|
|
|
limit by-root requests to non-finalized blocks (#3293)
* limit by-root requests to non-finalized blocks
Presently, we keep a mapping from block root to `BlockRef` in memory -
this has simplified reasoning about the dag, but is not sustainable with
the chain growing.
We can distinguish between two cases where by-root access is useful:
* unfinalized blocks - this is where the beacon chain is operating
generally, by validating incoming data as interesting for future fork
choice decisions - bounded by the length of the unfinalized period
* finalized blocks - historical access in the REST API etc - no bounds,
really
In this PR, we limit the by-root block index to the first use case:
finalized chain data can more efficiently be addressed by slot number.
Future work includes:
* limiting the `BlockRef` horizon in general - each instance is 40
bytes+overhead which adds up - this needs further refactoring to deal
with the tail vs state problem
* persisting the finalized slot-to-hash index - this one also keeps
growing unbounded (albeit slowly)
Anyway, this PR easily shaves ~128mb of memory usage at the time of
writing.
* No longer honor `BeaconBlocksByRoot` requests outside of the
non-finalized period - previously, Nimbus would generously return any
block through this libp2p request - per the spec, finalized blocks
should be fetched via `BeaconBlocksByRange` instead.
* return `Opt[BlockRef]` instead of `nil` when blocks can't be found -
this becomes a lot more common now and thus deserves more attention
* `dag.blocks` -> `dag.forkBlocks` - this index only carries unfinalized
blocks from now - `finalizedBlocks` covers the other `BlockRef`
instances
* in backfill, verify that the last backfilled block leads back to
genesis, or panic
* add backfill timings to log
* fix missing check that `BlockRef` block can be fetched with
`getForkedBlock` reliably
* shortcut doppelganger check when feature is not enabled
* in REST/JSON-RPC, fetch blocks without involving `BlockRef`
* fix dag.blocks ref
2022-01-21 12:33:16 +01:00
|
|
|
return errReject("BeaconBlock: Invalid proposer signature")
|
2021-11-05 16:39:47 +01:00
|
|
|
|
limit by-root requests to non-finalized blocks (#3293)
* limit by-root requests to non-finalized blocks
Presently, we keep a mapping from block root to `BlockRef` in memory -
this has simplified reasoning about the dag, but is not sustainable with
the chain growing.
We can distinguish between two cases where by-root access is useful:
* unfinalized blocks - this is where the beacon chain is operating
generally, by validating incoming data as interesting for future fork
choice decisions - bounded by the length of the unfinalized period
* finalized blocks - historical access in the REST API etc - no bounds,
really
In this PR, we limit the by-root block index to the first use case:
finalized chain data can more efficiently be addressed by slot number.
Future work includes:
* limiting the `BlockRef` horizon in general - each instance is 40
bytes+overhead which adds up - this needs further refactoring to deal
with the tail vs state problem
* persisting the finalized slot-to-hash index - this one also keeps
growing unbounded (albeit slowly)
Anyway, this PR easily shaves ~128mb of memory usage at the time of
writing.
* No longer honor `BeaconBlocksByRoot` requests outside of the
non-finalized period - previously, Nimbus would generously return any
block through this libp2p request - per the spec, finalized blocks
should be fetched via `BeaconBlocksByRange` instead.
* return `Opt[BlockRef]` instead of `nil` when blocks can't be found -
this becomes a lot more common now and thus deserves more attention
* `dag.blocks` -> `dag.forkBlocks` - this index only carries unfinalized
blocks from now - `finalizedBlocks` covers the other `BlockRef`
instances
* in backfill, verify that the last backfilled block leads back to
genesis, or panic
* add backfill timings to log
* fix missing check that `BlockRef` block can be fetched with
`getForkedBlock` reliably
* shortcut doppelganger check when feature is not enabled
* in REST/JSON-RPC, fetch blocks without involving `BlockRef`
* fix dag.blocks ref
2022-01-21 12:33:16 +01:00
|
|
|
validateBeaconBlockBellatrix(signed_beacon_block, parent)
|
2021-12-08 17:29:22 +00:00
|
|
|
|
2021-11-05 16:39:47 +01:00
|
|
|
ok()
|
|
|
|
|
2022-01-29 01:05:39 +00:00
|
|
|
# https://github.com/ethereum/consensus-specs/blob/v1.1.9/specs/phase0/p2p-interface.md#beacon_attestation_subnet_id
|
2020-08-27 09:34:12 +02:00
|
|
|
proc validateAttestation*(
|
2021-04-02 16:36:43 +02:00
|
|
|
pool: ref AttestationPool,
|
|
|
|
batchCrypto: ref BatchCrypto,
|
|
|
|
attestation: Attestation,
|
|
|
|
wallTime: BeaconTime,
|
2021-05-10 09:13:36 +02:00
|
|
|
subnet_id: SubnetId, checkSignature: bool):
|
2021-11-05 16:39:47 +01:00
|
|
|
Future[Result[
|
|
|
|
tuple[attesting_index: ValidatorIndex, sig: CookedSig],
|
|
|
|
ValidationError]] {.async.} =
|
2021-03-01 20:50:43 +01:00
|
|
|
# Some of the checks below have been reordered compared to the spec, to
|
|
|
|
# perform the cheap checks first - in particular, we want to avoid loading
|
|
|
|
# an `EpochRef` and checking signatures. This reordering might lead to
|
|
|
|
# different IGNORE/REJECT results in turn affecting gossip scores.
|
|
|
|
|
2020-10-19 09:25:06 +00:00
|
|
|
# [REJECT] The attestation's epoch matches its target -- i.e.
|
|
|
|
# attestation.data.target.epoch ==
|
|
|
|
# compute_epoch_at_slot(attestation.data.slot)
|
2022-01-09 00:28:49 +01:00
|
|
|
let slot = block:
|
2020-10-19 09:25:06 +00:00
|
|
|
let v = check_attestation_slot_target(attestation.data)
|
2020-09-18 11:53:09 +00:00
|
|
|
if v.isErr():
|
2021-11-05 16:39:47 +01:00
|
|
|
return errReject(v.error())
|
2022-01-09 00:28:49 +01:00
|
|
|
v.get()
|
2020-08-27 09:34:12 +02:00
|
|
|
|
|
|
|
# attestation.data.slot is within the last ATTESTATION_PROPAGATION_SLOT_RANGE
|
|
|
|
# slots (within a MAXIMUM_GOSSIP_CLOCK_DISPARITY allowance) -- i.e.
|
|
|
|
# attestation.data.slot + ATTESTATION_PROPAGATION_SLOT_RANGE >= current_slot
|
2020-10-19 09:25:06 +00:00
|
|
|
# >= attestation.data.slot (a client MAY queue future attestations for
|
2020-08-27 09:34:12 +02:00
|
|
|
# processing at the appropriate slot).
|
2021-04-02 16:36:43 +02:00
|
|
|
block:
|
2022-01-09 00:28:49 +01:00
|
|
|
let v = check_propagation_slot_range(slot, wallTime) # [IGNORE]
|
2021-04-02 16:36:43 +02:00
|
|
|
if v.isErr():
|
2021-11-05 16:39:47 +01:00
|
|
|
return err(v.error())
|
2020-08-27 09:34:12 +02:00
|
|
|
|
|
|
|
# The attestation is unaggregated -- that is, it has exactly one
|
|
|
|
# participating validator (len([bit for bit in attestation.aggregation_bits
|
|
|
|
# if bit == 0b1]) == 1).
|
2021-04-02 16:36:43 +02:00
|
|
|
block:
|
|
|
|
let v = check_aggregation_count(attestation, singular = true) # [REJECT]
|
|
|
|
if v.isErr():
|
2021-08-24 21:49:51 +02:00
|
|
|
return checkedReject(v.error)
|
2020-08-27 09:34:12 +02:00
|
|
|
|
2021-03-01 20:50:43 +01:00
|
|
|
# The block being voted for (attestation.data.beacon_block_root) has been seen
|
|
|
|
# (via both gossip and non-gossip sources) (a client MAY queue attestations for
|
|
|
|
# processing once block is retrieved).
|
|
|
|
# The block being voted for (attestation.data.beacon_block_root) passes
|
|
|
|
# validation.
|
|
|
|
# [IGNORE] if block is unseen so far and enqueue it in missing blocks
|
2021-04-02 16:36:43 +02:00
|
|
|
let target = block:
|
|
|
|
let v = check_beacon_and_target_block(pool[], attestation.data) # [IGNORE/REJECT]
|
|
|
|
if v.isErr():
|
|
|
|
return err(v.error)
|
|
|
|
v.get()
|
2020-08-03 19:47:42 +00:00
|
|
|
|
2020-08-04 17:52:46 +02:00
|
|
|
# The following rule follows implicitly from that we clear out any
|
|
|
|
# unviable blocks from the chain dag:
|
|
|
|
#
|
2020-08-03 19:47:42 +00:00
|
|
|
# The current finalized_checkpoint is an ancestor of the block defined by
|
|
|
|
# attestation.data.beacon_block_root -- i.e. get_ancestor(store,
|
|
|
|
# attestation.data.beacon_block_root,
|
|
|
|
# compute_start_slot_at_epoch(store.finalized_checkpoint.epoch)) ==
|
|
|
|
# store.finalized_checkpoint.root
|
2021-03-01 20:50:43 +01:00
|
|
|
let
|
2022-01-05 19:38:04 +01:00
|
|
|
epochRef = block:
|
|
|
|
let tmp = pool.dag.getEpochRef(target.blck, target.slot.epoch, false)
|
|
|
|
if isErr(tmp): # shouldn't happen since we verified target
|
|
|
|
warn "No EpochRef for attestation",
|
|
|
|
attestation = shortLog(attestation), target = shortLog(target)
|
|
|
|
return errIgnore("Attestation: no EpochRef")
|
|
|
|
tmp.get()
|
2020-08-06 21:48:47 +02:00
|
|
|
|
2020-10-19 09:25:06 +00:00
|
|
|
# [REJECT] The committee index is within the expected range -- i.e.
|
|
|
|
# data.index < get_committee_count_per_slot(state, data.target.epoch).
|
2022-01-09 00:28:49 +01:00
|
|
|
let committee_index = block:
|
|
|
|
let idx = epochRef.get_committee_index(attestation.data.index)
|
|
|
|
if idx.isErr():
|
|
|
|
return checkedReject("Attestation: committee index not within expected range")
|
|
|
|
idx.get()
|
2020-10-19 09:25:06 +00:00
|
|
|
|
2020-08-06 21:48:47 +02:00
|
|
|
# [REJECT] The attestation is for the correct subnet -- i.e.
|
|
|
|
# compute_subnet_for_attestation(committees_per_slot,
|
|
|
|
# attestation.data.slot, attestation.data.index) == subnet_id, where
|
|
|
|
# committees_per_slot = get_committee_count_per_slot(state,
|
|
|
|
# attestation.data.target.epoch), which may be pre-computed along with the
|
|
|
|
# committee information for the signature check.
|
2021-04-02 16:36:43 +02:00
|
|
|
block:
|
2022-01-09 00:28:49 +01:00
|
|
|
let v = check_attestation_subnet(
|
|
|
|
epochRef, attestation.data.slot, committee_index, subnet_id) # [REJECT]
|
2021-04-02 16:36:43 +02:00
|
|
|
if v.isErr():
|
|
|
|
return err(v.error)
|
2020-08-06 21:48:47 +02:00
|
|
|
|
2020-10-19 09:25:06 +00:00
|
|
|
# [REJECT] The number of aggregation bits matches the committee size -- i.e.
|
|
|
|
# len(attestation.aggregation_bits) == len(get_beacon_committee(state,
|
|
|
|
# data.slot, data.index)).
|
|
|
|
#
|
|
|
|
# This uses the same epochRef as data.target.epoch, because the attestation's
|
|
|
|
# epoch matches its target and attestation.data.target.root is an ancestor of
|
|
|
|
# attestation.data.beacon_block_root.
|
|
|
|
if not (attestation.aggregation_bits.lenu64 == get_beacon_committee_len(
|
2022-01-09 00:28:49 +01:00
|
|
|
epochRef, attestation.data.slot, committee_index)):
|
2021-08-24 21:49:51 +02:00
|
|
|
return checkedReject(
|
|
|
|
"Attestation: number of aggregation bits and committee size mismatch")
|
2020-10-19 09:25:06 +00:00
|
|
|
|
2020-08-06 21:48:47 +02:00
|
|
|
let
|
2021-08-10 22:46:35 +02:00
|
|
|
fork = pool.dag.forkAtEpoch(attestation.data.slot.epoch)
|
2020-08-06 21:48:47 +02:00
|
|
|
genesis_validators_root =
|
2022-03-16 08:20:40 +01:00
|
|
|
getStateField(pool.dag.headState, genesis_validators_root)
|
2021-04-26 22:39:44 +02:00
|
|
|
attesting_index = get_attesting_indices_one(
|
2022-01-09 00:28:49 +01:00
|
|
|
epochRef, slot, committee_index, attestation.aggregation_bits)
|
2020-06-23 10:38:59 +00:00
|
|
|
|
2020-10-19 09:25:06 +00:00
|
|
|
# The number of aggregation bits matches the committee size, which ensures
|
|
|
|
# this condition holds.
|
2021-04-26 22:39:44 +02:00
|
|
|
doAssert attesting_index.isSome(), "We've checked bits length and one count already"
|
|
|
|
let validator_index = attesting_index.get()
|
2020-09-25 19:51:44 +02:00
|
|
|
|
|
|
|
# There has been no other valid attestation seen on an attestation subnet
|
|
|
|
# that has an identical `attestation.data.target.epoch` and participating
|
|
|
|
# validator index.
|
|
|
|
# Slightly modified to allow only newer attestations than were previously
|
|
|
|
# seen (no point in propagating older votes)
|
2021-02-08 08:27:30 +01:00
|
|
|
if (pool.nextAttestationEpoch.lenu64 > validator_index.uint64) and
|
2020-12-14 20:58:32 +00:00
|
|
|
pool.nextAttestationEpoch[validator_index].subnet >
|
|
|
|
attestation.data.target.epoch:
|
2021-08-24 21:49:51 +02:00
|
|
|
return errIgnore("Attestation: Validator has already voted in epoch")
|
2020-09-25 19:51:44 +02:00
|
|
|
|
2021-12-09 13:56:54 +01:00
|
|
|
let pubkey = epochRef.validatorKey(validator_index)
|
|
|
|
if pubkey.isNone():
|
|
|
|
# can't happen, in theory, because we checked the aggregator index above
|
|
|
|
return errIgnore("Attestation: cannot find validator pubkey")
|
2020-06-10 08:58:12 +02:00
|
|
|
|
2021-12-09 13:56:54 +01:00
|
|
|
# In the spec, is_valid_indexed_attestation is used to verify the signature -
|
|
|
|
# here, we do a batch verification instead
|
2021-05-10 09:13:36 +02:00
|
|
|
let sig =
|
|
|
|
if checkSignature:
|
|
|
|
# Attestation signatures are batch-verified
|
|
|
|
let deferredCrypto = batchCrypto
|
2021-12-09 13:56:54 +01:00
|
|
|
.scheduleAttestationCheck(
|
|
|
|
fork, genesis_validators_root, attestation.data,
|
|
|
|
pubkey.get(), attestation.signature)
|
2021-05-25 16:17:47 +02:00
|
|
|
if deferredCrypto.isErr():
|
2021-08-24 21:49:51 +02:00
|
|
|
return checkedReject(deferredCrypto.error)
|
2021-05-10 09:13:36 +02:00
|
|
|
|
2021-12-09 13:56:54 +01:00
|
|
|
let (cryptoFut, sig) = deferredCrypto.get()
|
2021-05-10 09:13:36 +02:00
|
|
|
# Await the crypto check
|
|
|
|
var x = (await cryptoFut)
|
|
|
|
case x
|
|
|
|
of BatchResult.Invalid:
|
2021-08-24 21:49:51 +02:00
|
|
|
return checkedReject("Attestation: invalid signature")
|
2021-05-10 09:13:36 +02:00
|
|
|
of BatchResult.Timeout:
|
|
|
|
beacon_attestations_dropped_queue_full.inc()
|
2021-08-24 21:49:51 +02:00
|
|
|
return errIgnore("Attestation: timeout checking signature")
|
2021-05-10 09:13:36 +02:00
|
|
|
of BatchResult.Valid:
|
|
|
|
sig # keep going only in this case
|
|
|
|
else:
|
|
|
|
let sig = attestation.signature.load()
|
|
|
|
if not sig.isSome():
|
2021-08-24 21:49:51 +02:00
|
|
|
return checkedReject("Attestation: unable to load signature")
|
2021-05-10 09:13:36 +02:00
|
|
|
sig.get()
|
2021-04-02 16:36:43 +02:00
|
|
|
|
2021-02-08 08:27:30 +01:00
|
|
|
# Only valid attestations go in the list, which keeps validator_index
|
|
|
|
# in range
|
|
|
|
if not (pool.nextAttestationEpoch.lenu64 > validator_index.uint64):
|
|
|
|
pool.nextAttestationEpoch.setLen(validator_index.int + 1)
|
2020-12-14 20:58:32 +00:00
|
|
|
pool.nextAttestationEpoch[validator_index].subnet =
|
|
|
|
attestation.data.target.epoch + 1
|
2020-09-25 19:51:44 +02:00
|
|
|
|
2021-04-26 22:39:44 +02:00
|
|
|
return ok((validator_index, sig))
|
2020-07-02 16:15:27 +00:00
|
|
|
|
2022-01-29 01:05:39 +00:00
|
|
|
# https://github.com/ethereum/consensus-specs/blob/v1.1.9/specs/phase0/p2p-interface.md#beacon_aggregate_and_proof
|
2020-08-27 09:34:12 +02:00
|
|
|
proc validateAggregate*(
|
2021-04-02 16:36:43 +02:00
|
|
|
pool: ref AttestationPool,
|
|
|
|
batchCrypto: ref BatchCrypto,
|
|
|
|
signedAggregateAndProof: SignedAggregateAndProof,
|
2022-07-06 18:11:44 +02:00
|
|
|
wallTime: BeaconTime,
|
|
|
|
checkSignature = true, checkCover = true):
|
2021-11-05 16:39:47 +01:00
|
|
|
Future[Result[
|
|
|
|
tuple[attestingIndices: seq[ValidatorIndex], sig: CookedSig],
|
|
|
|
ValidationError]] {.async.} =
|
2021-03-01 20:50:43 +01:00
|
|
|
# Some of the checks below have been reordered compared to the spec, to
|
|
|
|
# perform the cheap checks first - in particular, we want to avoid loading
|
|
|
|
# an `EpochRef` and checking signatures. This reordering might lead to
|
|
|
|
# different IGNORE/REJECT results in turn affecting gossip scores.
|
2020-07-02 16:15:27 +00:00
|
|
|
|
2021-03-01 20:50:43 +01:00
|
|
|
template aggregate_and_proof: untyped = signedAggregateAndProof.message
|
|
|
|
template aggregate: untyped = aggregate_and_proof.aggregate
|
2020-07-02 16:15:27 +00:00
|
|
|
|
2020-11-12 15:29:32 +00:00
|
|
|
# [REJECT] The aggregate attestation's epoch matches its target -- i.e.
|
|
|
|
# `aggregate.data.target.epoch == compute_epoch_at_slot(aggregate.data.slot)`
|
2022-01-09 00:28:49 +01:00
|
|
|
let slot = block:
|
2020-11-12 15:29:32 +00:00
|
|
|
let v = check_attestation_slot_target(aggregate.data)
|
|
|
|
if v.isErr():
|
2021-08-24 21:49:51 +02:00
|
|
|
return checkedReject(v.error)
|
2022-01-09 00:28:49 +01:00
|
|
|
v.get()
|
2020-11-12 15:29:32 +00:00
|
|
|
|
2021-03-01 20:50:43 +01:00
|
|
|
# [IGNORE] aggregate.data.slot is within the last
|
|
|
|
# ATTESTATION_PROPAGATION_SLOT_RANGE slots (with a
|
|
|
|
# MAXIMUM_GOSSIP_CLOCK_DISPARITY allowance) -- i.e. aggregate.data.slot +
|
|
|
|
# ATTESTATION_PROPAGATION_SLOT_RANGE >= current_slot >= aggregate.data.slot
|
2021-04-02 16:36:43 +02:00
|
|
|
block:
|
2022-01-09 00:28:49 +01:00
|
|
|
let v = check_propagation_slot_range(slot, wallTime) # [IGNORE]
|
2021-04-02 16:36:43 +02:00
|
|
|
if v.isErr():
|
2021-11-05 16:39:47 +01:00
|
|
|
return err(v.error())
|
2021-03-01 20:50:43 +01:00
|
|
|
|
2020-07-02 16:15:27 +00:00
|
|
|
# [IGNORE] The aggregate is the first valid aggregate received for the
|
|
|
|
# aggregator with index aggregate_and_proof.aggregator_index for the epoch
|
|
|
|
# aggregate.data.target.epoch.
|
2020-12-14 20:58:32 +00:00
|
|
|
# Slightly modified to allow only newer attestations than were previously
|
|
|
|
# seen (no point in propagating older votes)
|
|
|
|
if (pool.nextAttestationEpoch.lenu64 >
|
|
|
|
aggregate_and_proof.aggregator_index) and
|
|
|
|
pool.nextAttestationEpoch[
|
|
|
|
aggregate_and_proof.aggregator_index].aggregate >
|
|
|
|
aggregate.data.target.epoch:
|
2021-08-24 21:49:51 +02:00
|
|
|
return errIgnore("Aggregate: validator has already aggregated in epoch")
|
2020-07-02 16:15:27 +00:00
|
|
|
|
|
|
|
# [REJECT] The attestation has participants -- that is,
|
|
|
|
# len(get_attesting_indices(state, aggregate.data, aggregate.aggregation_bits)) >= 1.
|
|
|
|
#
|
|
|
|
# get_attesting_indices() is:
|
|
|
|
# committee = get_beacon_committee(state, data.slot, data.index)
|
|
|
|
# return set(index for i, index in enumerate(committee) if bits[i])
|
|
|
|
#
|
|
|
|
# the attestation doesn't have participants is iff either:
|
|
|
|
# (1) the aggregation bits are all 0; or
|
|
|
|
# (2) the non-zero aggregation bits don't overlap with extant committee
|
|
|
|
# members, i.e. they counts don't match.
|
|
|
|
# But (2) would reflect an invalid aggregation in other ways, so reject it
|
|
|
|
# either way.
|
2021-04-02 16:36:43 +02:00
|
|
|
block:
|
|
|
|
let v = check_aggregation_count(aggregate, singular = false) # [REJECT]
|
|
|
|
if v.isErr():
|
|
|
|
return err(v.error)
|
2020-07-02 16:15:27 +00:00
|
|
|
|
2020-08-27 09:34:12 +02:00
|
|
|
# [REJECT] The block being voted for (aggregate.data.beacon_block_root)
|
|
|
|
# passes validation.
|
2021-03-01 20:50:43 +01:00
|
|
|
# [IGNORE] if block is unseen so far and enqueue it in missing blocks
|
2021-04-02 16:36:43 +02:00
|
|
|
let target = block:
|
|
|
|
let v = check_beacon_and_target_block(pool[], aggregate.data) # [IGNORE/REJECT]
|
|
|
|
if v.isErr():
|
|
|
|
return err(v.error)
|
|
|
|
v.get()
|
2020-07-13 16:58:38 +02:00
|
|
|
|
2022-07-06 18:11:44 +02:00
|
|
|
if checkCover and
|
|
|
|
pool[].covers(aggregate.data, aggregate.aggregation_bits):
|
|
|
|
# [IGNORE] A valid aggregate attestation defined by
|
|
|
|
# `hash_tree_root(aggregate.data)` whose `aggregation_bits` is a non-strict
|
|
|
|
# superset has _not_ already been seen.
|
|
|
|
# https://github.com/ethereum/consensus-specs/pull/2847
|
2022-02-25 17:15:39 +01:00
|
|
|
return errIgnore("Aggregate already covered")
|
|
|
|
|
2021-03-01 20:50:43 +01:00
|
|
|
let
|
2022-01-05 19:38:04 +01:00
|
|
|
epochRef = block:
|
|
|
|
let tmp = pool.dag.getEpochRef(target.blck, target.slot.epoch, false)
|
|
|
|
if tmp.isErr: # shouldn't happen since we verified target
|
|
|
|
warn "No EpochRef for attestation - report bug",
|
|
|
|
aggregate = shortLog(aggregate), target = shortLog(target)
|
|
|
|
return errIgnore("Aggregate: no EpochRef")
|
|
|
|
tmp.get()
|
2020-07-02 16:15:27 +00:00
|
|
|
|
2021-08-24 21:49:51 +02:00
|
|
|
# [REJECT] The committee index is within the expected range -- i.e.
|
|
|
|
# data.index < get_committee_count_per_slot(state, data.target.epoch).
|
2022-01-09 00:28:49 +01:00
|
|
|
let committee_index = block:
|
|
|
|
let idx = epochRef.get_committee_index(aggregate.data.index)
|
|
|
|
if idx.isErr():
|
|
|
|
return checkedReject("Attestation: committee index not within expected range")
|
|
|
|
idx.get()
|
2021-08-24 21:49:51 +02:00
|
|
|
|
2022-02-25 17:15:39 +01:00
|
|
|
# [REJECT] aggregate_and_proof.selection_proof selects the validator as an
|
|
|
|
# aggregator for the slot -- i.e. is_aggregator(state, aggregate.data.slot,
|
|
|
|
# aggregate.data.index, aggregate_and_proof.selection_proof) returns True.
|
2020-08-06 21:48:47 +02:00
|
|
|
if not is_aggregator(
|
2022-01-09 00:28:49 +01:00
|
|
|
epochRef, slot, committee_index, aggregate_and_proof.selection_proof):
|
2021-08-24 21:49:51 +02:00
|
|
|
return checkedReject("Aggregate: incorrect aggregator")
|
2020-07-02 16:15:27 +00:00
|
|
|
|
2020-08-06 21:48:47 +02:00
|
|
|
# [REJECT] The aggregator's validator index is within the committee -- i.e.
|
|
|
|
# aggregate_and_proof.aggregator_index in get_beacon_committee(state,
|
|
|
|
# aggregate.data.slot, aggregate.data.index).
|
2022-05-24 01:39:08 +02:00
|
|
|
|
|
|
|
let aggregator_index =
|
|
|
|
ValidatorIndex.init(aggregate_and_proof.aggregator_index).valueOr:
|
|
|
|
return checkedReject("Aggregate: invalid aggregator index")
|
|
|
|
|
|
|
|
if aggregator_index notin
|
2022-01-09 00:28:49 +01:00
|
|
|
get_beacon_committee(epochRef, slot, committee_index):
|
2021-08-24 21:49:51 +02:00
|
|
|
return checkedReject("Aggregate: aggregator's validator index not in committee")
|
2020-07-02 16:15:27 +00:00
|
|
|
|
2021-06-10 09:37:02 +02:00
|
|
|
# 1. [REJECT] The aggregate_and_proof.selection_proof is a valid signature of the
|
|
|
|
# aggregate.data.slot by the validator with index
|
|
|
|
# aggregate_and_proof.aggregator_index.
|
|
|
|
# get_slot_signature(state, aggregate.data.slot, privkey)
|
|
|
|
# 2. [REJECT] The aggregator signature, signed_aggregate_and_proof.signature, is valid.
|
|
|
|
# 3. [REJECT] The signature of aggregate is valid.
|
2021-04-02 16:36:43 +02:00
|
|
|
|
2021-04-09 12:59:24 +00:00
|
|
|
let
|
2021-08-10 22:46:35 +02:00
|
|
|
fork = pool.dag.forkAtEpoch(aggregate.data.slot.epoch)
|
2021-04-09 12:59:24 +00:00
|
|
|
genesis_validators_root =
|
2022-03-16 08:20:40 +01:00
|
|
|
getStateField(pool.dag.headState, genesis_validators_root)
|
2022-01-09 00:28:49 +01:00
|
|
|
attesting_indices = get_attesting_indices(
|
|
|
|
epochRef, slot, committee_index, aggregate.aggregation_bits)
|
2021-12-09 13:56:54 +01:00
|
|
|
|
2021-04-09 12:59:24 +00:00
|
|
|
let
|
2022-07-06 18:11:44 +02:00
|
|
|
sig = if checkSignature:
|
|
|
|
let deferredCrypto = batchCrypto
|
|
|
|
.scheduleAggregateChecks(
|
|
|
|
fork, genesis_validators_root,
|
|
|
|
signedAggregateAndProof, epochRef, attesting_indices
|
|
|
|
)
|
|
|
|
if deferredCrypto.isErr():
|
|
|
|
return checkedReject(deferredCrypto.error)
|
2021-04-02 16:36:43 +02:00
|
|
|
|
2022-07-06 18:11:44 +02:00
|
|
|
let
|
|
|
|
(aggregatorFut, slotFut, aggregateFut, sig) = deferredCrypto.get()
|
|
|
|
|
|
|
|
block:
|
|
|
|
# [REJECT] The aggregator signature, signed_aggregate_and_proof.signature, is valid.
|
|
|
|
var x = await aggregatorFut
|
|
|
|
case x
|
|
|
|
of BatchResult.Invalid:
|
|
|
|
return checkedReject("Aggregate: invalid aggregator signature")
|
|
|
|
of BatchResult.Timeout:
|
|
|
|
beacon_aggregates_dropped_queue_full.inc()
|
|
|
|
return errIgnore("Aggregate: timeout checking aggregator signature")
|
|
|
|
of BatchResult.Valid:
|
|
|
|
discard
|
|
|
|
|
|
|
|
block:
|
|
|
|
# [REJECT] aggregate_and_proof.selection_proof
|
|
|
|
var x = await slotFut
|
|
|
|
case x
|
|
|
|
of BatchResult.Invalid:
|
|
|
|
return checkedReject("Aggregate: invalid slot signature")
|
|
|
|
of BatchResult.Timeout:
|
|
|
|
beacon_aggregates_dropped_queue_full.inc()
|
|
|
|
return errIgnore("Aggregate: timeout checking slot signature")
|
|
|
|
of BatchResult.Valid:
|
|
|
|
discard
|
|
|
|
|
|
|
|
block:
|
|
|
|
# [REJECT] The aggregator signature, signed_aggregate_and_proof.signature, is valid.
|
|
|
|
var x = await aggregateFut
|
|
|
|
case x
|
|
|
|
of BatchResult.Invalid:
|
|
|
|
return checkedReject("Aggregate: invalid aggregate signature")
|
|
|
|
of BatchResult.Timeout:
|
|
|
|
beacon_aggregates_dropped_queue_full.inc()
|
|
|
|
return errIgnore("Aggregate: timeout checking aggregate signature")
|
|
|
|
of BatchResult.Valid:
|
|
|
|
discard
|
|
|
|
sig
|
|
|
|
else:
|
|
|
|
let sig = aggregate.signature.load()
|
|
|
|
if not sig.isSome():
|
|
|
|
return checkedReject("Aggregate: unable to load signature")
|
|
|
|
sig.get()
|
2020-07-02 16:15:27 +00:00
|
|
|
|
2020-08-10 14:49:18 +00:00
|
|
|
# The following rule follows implicitly from that we clear out any
|
|
|
|
# unviable blocks from the chain dag:
|
|
|
|
#
|
|
|
|
# The current finalized_checkpoint is an ancestor of the block defined by
|
|
|
|
# aggregate.data.beacon_block_root -- i.e. get_ancestor(store,
|
|
|
|
# aggregate.data.beacon_block_root,
|
|
|
|
# compute_start_slot_at_epoch(store.finalized_checkpoint.epoch)) ==
|
|
|
|
# store.finalized_checkpoint.root
|
|
|
|
|
2020-12-14 20:58:32 +00:00
|
|
|
# Only valid aggregates go in the list
|
|
|
|
if pool.nextAttestationEpoch.lenu64 <= aggregate_and_proof.aggregator_index:
|
|
|
|
pool.nextAttestationEpoch.setLen(
|
|
|
|
aggregate_and_proof.aggregator_index.int + 1)
|
|
|
|
pool.nextAttestationEpoch[aggregate_and_proof.aggregator_index].aggregate =
|
|
|
|
aggregate.data.target.epoch + 1
|
|
|
|
|
2021-04-09 12:59:24 +00:00
|
|
|
return ok((attesting_indices, sig))
|
2021-04-02 16:36:43 +02:00
|
|
|
|
2022-05-31 11:15:31 +00:00
|
|
|
# https://github.com/ethereum/consensus-specs/blob/v1.2.0-rc.1/specs/phase0/p2p-interface.md#attester_slashing
|
2021-03-06 08:32:55 +01:00
|
|
|
proc validateAttesterSlashing*(
|
2021-11-05 16:39:47 +01:00
|
|
|
pool: ExitPool, attester_slashing: AttesterSlashing):
|
|
|
|
Result[void, ValidationError] =
|
2021-03-06 08:32:55 +01:00
|
|
|
# [IGNORE] At least one index in the intersection of the attesting indices of
|
|
|
|
# each attestation has not yet been seen in any prior attester_slashing (i.e.
|
|
|
|
# attester_slashed_indices = set(attestation_1.attesting_indices).intersection(attestation_2.attesting_indices),
|
|
|
|
# verify if any(attester_slashed_indices.difference(prior_seen_attester_slashed_indices))).
|
|
|
|
# TODO sequtils2 should be able to make this more reasonable, from asSeq on
|
|
|
|
# down, and can sort and just find intersection that way
|
2021-11-05 16:39:47 +01:00
|
|
|
if pool.isSeen(attester_slashing):
|
2021-08-24 21:49:51 +02:00
|
|
|
return errIgnore(
|
|
|
|
"AttesterSlashing: attester-slashed index already attester-slashed")
|
2021-03-06 08:32:55 +01:00
|
|
|
|
|
|
|
# [REJECT] All of the conditions within process_attester_slashing pass
|
|
|
|
# validation.
|
|
|
|
let attester_slashing_validity =
|
2022-03-16 08:20:40 +01:00
|
|
|
check_attester_slashing(pool.dag.headState, attester_slashing, {})
|
2021-03-06 08:32:55 +01:00
|
|
|
if attester_slashing_validity.isErr:
|
|
|
|
return err((ValidationResult.Reject, attester_slashing_validity.error))
|
|
|
|
|
2021-11-05 16:39:47 +01:00
|
|
|
ok()
|
2021-03-06 08:32:55 +01:00
|
|
|
|
2022-05-31 11:15:31 +00:00
|
|
|
# https://github.com/ethereum/consensus-specs/blob/v1.2.0-rc.1/specs/phase0/p2p-interface.md#proposer_slashing
|
2021-03-06 08:32:55 +01:00
|
|
|
proc validateProposerSlashing*(
|
2021-11-05 16:39:47 +01:00
|
|
|
pool: ExitPool, proposer_slashing: ProposerSlashing):
|
|
|
|
Result[void, ValidationError] =
|
2021-03-06 08:32:55 +01:00
|
|
|
# Not from spec; the rest of NBC wouldn't have correctly processed it either.
|
|
|
|
if proposer_slashing.signed_header_1.message.proposer_index > high(int).uint64:
|
2021-08-24 21:49:51 +02:00
|
|
|
return errIgnore("ProposerSlashing: proposer-slashed index too high")
|
2021-03-06 08:32:55 +01:00
|
|
|
|
|
|
|
# [IGNORE] The proposer slashing is the first valid proposer slashing
|
|
|
|
# received for the proposer with index
|
|
|
|
# proposer_slashing.signed_header_1.message.proposer_index.
|
2021-11-05 16:39:47 +01:00
|
|
|
if pool.isSeen(proposer_slashing):
|
2021-08-24 21:49:51 +02:00
|
|
|
return errIgnore(
|
|
|
|
"ProposerSlashing: proposer-slashed index already proposer-slashed")
|
2021-03-06 08:32:55 +01:00
|
|
|
|
|
|
|
# [REJECT] All of the conditions within process_proposer_slashing pass validation.
|
|
|
|
let proposer_slashing_validity =
|
2022-03-16 08:20:40 +01:00
|
|
|
check_proposer_slashing(pool.dag.headState, proposer_slashing, {})
|
2021-03-06 08:32:55 +01:00
|
|
|
if proposer_slashing_validity.isErr:
|
|
|
|
return err((ValidationResult.Reject, proposer_slashing_validity.error))
|
|
|
|
|
2021-11-05 16:39:47 +01:00
|
|
|
ok()
|
2021-03-06 08:32:55 +01:00
|
|
|
|
2022-06-01 15:52:45 +00:00
|
|
|
# https://github.com/ethereum/consensus-specs/blob/v1.2.0-rc.1/specs/phase0/p2p-interface.md#voluntary_exit
|
2021-03-06 08:32:55 +01:00
|
|
|
proc validateVoluntaryExit*(
|
2021-11-05 16:39:47 +01:00
|
|
|
pool: ExitPool, signed_voluntary_exit: SignedVoluntaryExit):
|
|
|
|
Result[void, ValidationError] =
|
2021-03-06 08:32:55 +01:00
|
|
|
# [IGNORE] The voluntary exit is the first valid voluntary exit received for
|
|
|
|
# the validator with index signed_voluntary_exit.message.validator_index.
|
|
|
|
if signed_voluntary_exit.message.validator_index >=
|
2022-03-16 08:20:40 +01:00
|
|
|
getStateField(pool.dag.headState, validators).lenu64:
|
2021-08-24 21:49:51 +02:00
|
|
|
return errIgnore("VoluntaryExit: validator index too high")
|
2021-03-06 08:32:55 +01:00
|
|
|
|
2021-06-01 13:13:40 +02:00
|
|
|
# Given that getStateField(pool.dag.headState, validators) is a seq,
|
2021-03-06 08:32:55 +01:00
|
|
|
# signed_voluntary_exit.message.validator_index.int is already valid, but
|
|
|
|
# check explicitly if one changes that data structure.
|
2021-11-05 16:39:47 +01:00
|
|
|
if pool.isSeen(signed_voluntary_exit):
|
2021-08-24 21:49:51 +02:00
|
|
|
return errIgnore("VoluntaryExit: validator index already voluntarily exited")
|
2021-03-06 08:32:55 +01:00
|
|
|
|
|
|
|
# [REJECT] All of the conditions within process_voluntary_exit pass
|
|
|
|
# validation.
|
|
|
|
let voluntary_exit_validity =
|
Implement split preset/config support (#2710)
* Implement split preset/config support
This is the initial bulk refactor to introduce runtime config values in
a number of places, somewhat replacing the existing mechanism of loading
network metadata.
It still needs more work, this is the initial refactor that introduces
runtime configuration in some of the places that need it.
The PR changes the way presets and constants work, to match the spec. In
particular, a "preset" now refers to the compile-time configuration
while a "cfg" or "RuntimeConfig" is the dynamic part.
A single binary can support either mainnet or minimal, but not both.
Support for other presets has been removed completely (can be readded,
in case there's need).
There's a number of outstanding tasks:
* `SECONDS_PER_SLOT` still needs fixing
* loading custom runtime configs needs redoing
* checking constants against YAML file
* yeerongpilly support
`build/nimbus_beacon_node --network=yeerongpilly --discv5:no --log-level=DEBUG`
* load fork epoch from config
* fix fork digest sent in status
* nicer error string for request failures
* fix tools
* one more
* fixup
* fixup
* fixup
* use "standard" network definition folder in local testnet
Files are loaded from their standard locations, including genesis etc,
to conform to the format used in the `eth2-networks` repo.
* fix launch scripts, allow unknown config values
* fix base config of rest test
* cleanups
* bundle mainnet config using common loader
* fix spec links and names
* only include supported preset in binary
* drop yeerongpilly, add altair-devnet-0, support boot_enr.yaml
2021-07-12 15:01:38 +02:00
|
|
|
check_voluntary_exit(
|
2022-03-16 08:20:40 +01:00
|
|
|
pool.dag.cfg, pool.dag.headState, signed_voluntary_exit, {})
|
2021-03-06 08:32:55 +01:00
|
|
|
if voluntary_exit_validity.isErr:
|
|
|
|
return err((ValidationResult.Reject, voluntary_exit_validity.error))
|
|
|
|
|
2021-09-22 15:17:15 +03:00
|
|
|
# Send notification about new voluntary exit via callback
|
|
|
|
if not(isNil(pool.onVoluntaryExitReceived)):
|
|
|
|
pool.onVoluntaryExitReceived(signed_voluntary_exit)
|
|
|
|
|
2021-03-06 08:32:55 +01:00
|
|
|
ok()
|
2021-08-28 10:40:01 +00:00
|
|
|
|
2022-06-03 09:01:58 +00:00
|
|
|
# https://github.com/ethereum/consensus-specs/blob/v1.2.0-rc.1/specs/altair/p2p-interface.md#sync_committee_subnet_id
|
2021-08-28 10:40:01 +00:00
|
|
|
proc validateSyncCommitteeMessage*(
|
|
|
|
dag: ChainDAGRef,
|
2021-12-09 13:56:54 +01:00
|
|
|
batchCrypto: ref BatchCrypto,
|
2021-12-11 16:39:24 +01:00
|
|
|
syncCommitteeMsgPool: ref SyncCommitteeMsgPool,
|
2021-08-28 10:40:01 +00:00
|
|
|
msg: SyncCommitteeMessage,
|
2021-11-05 16:39:47 +01:00
|
|
|
subcommitteeIdx: SyncSubcommitteeIndex,
|
2021-08-28 10:40:01 +00:00
|
|
|
wallTime: BeaconTime,
|
|
|
|
checkSignature: bool):
|
2021-12-09 13:56:54 +01:00
|
|
|
Future[Result[(seq[uint64], CookedSig), ValidationError]] {.async.} =
|
2021-08-28 10:40:01 +00:00
|
|
|
block:
|
2022-01-13 13:46:08 +00:00
|
|
|
# [IGNORE] The message's slot is for the current slot (with a
|
|
|
|
# `MAXIMUM_GOSSIP_CLOCK_DISPARITY` allowance), i.e.
|
|
|
|
# `sync_committee_message.slot == current_slot`.
|
2021-12-09 13:56:54 +01:00
|
|
|
let v = check_propagation_slot_range(msg.slot, wallTime)
|
|
|
|
if v.isErr():
|
|
|
|
return err(v.error())
|
2021-08-28 10:40:01 +00:00
|
|
|
|
|
|
|
# [REJECT] The subnet_id is valid for the given validator
|
|
|
|
# i.e. subnet_id in compute_subnets_for_sync_committee(state, sync_committee_message.validator_index).
|
|
|
|
# Note this validation implies the validator is part of the broader
|
|
|
|
# current sync committee along with the correct subcommittee.
|
|
|
|
# This check also ensures that the validator index is in range
|
2021-09-28 09:44:20 +02:00
|
|
|
let positionsInSubcommittee = dag.getSubcommitteePositions(
|
2021-11-05 16:39:47 +01:00
|
|
|
msg.slot + 1, subcommitteeIdx, msg.validator_index)
|
2021-08-28 10:40:01 +00:00
|
|
|
|
2021-09-28 09:44:20 +02:00
|
|
|
if positionsInSubcommittee.len == 0:
|
2021-08-28 10:40:01 +00:00
|
|
|
return errReject(
|
|
|
|
"SyncCommitteeMessage: originator not part of sync committee")
|
|
|
|
|
|
|
|
block:
|
2022-01-13 13:46:08 +00:00
|
|
|
# [IGNORE] There has been no other valid sync committee message for the
|
|
|
|
# declared `slot` for the validator referenced by
|
|
|
|
# `sync_committee_message.validator_index`
|
2021-08-28 10:40:01 +00:00
|
|
|
#
|
|
|
|
# Note this validation is per topic so that for a given slot, multiple
|
|
|
|
# messages could be forwarded with the same validator_index as long as
|
|
|
|
# the subnet_ids are distinct.
|
2021-12-11 16:39:24 +01:00
|
|
|
if syncCommitteeMsgPool[].isSeen(msg, subcommitteeIdx):
|
2021-09-27 16:36:28 +02:00
|
|
|
return errIgnore("SyncCommitteeMessage: duplicate message")
|
2021-08-28 10:40:01 +00:00
|
|
|
|
2021-11-05 16:39:47 +01:00
|
|
|
# [REJECT] The signature is valid for the message beacon_block_root for the
|
|
|
|
# validator referenced by validator_index.
|
|
|
|
let
|
|
|
|
epoch = msg.slot.epoch
|
|
|
|
fork = dag.forkAtEpoch(epoch)
|
2022-04-08 18:22:49 +02:00
|
|
|
genesis_validators_root = dag.genesis_validators_root
|
2021-11-05 16:39:47 +01:00
|
|
|
senderPubKey = dag.validatorKey(msg.validator_index)
|
2021-08-28 10:40:01 +00:00
|
|
|
|
2021-11-05 16:39:47 +01:00
|
|
|
if senderPubKey.isNone():
|
|
|
|
return errReject("SyncCommitteeMessage: invalid validator index")
|
|
|
|
|
2021-12-09 13:56:54 +01:00
|
|
|
let sig =
|
|
|
|
if checkSignature:
|
|
|
|
# Attestation signatures are batch-verified
|
|
|
|
let deferredCrypto = batchCrypto
|
|
|
|
.scheduleSyncCommitteeMessageCheck(
|
|
|
|
fork, genesis_validators_root,
|
|
|
|
msg.slot, msg.beacon_block_root,
|
|
|
|
senderPubKey.get(), msg.signature)
|
|
|
|
if deferredCrypto.isErr():
|
|
|
|
return errReject(deferredCrypto.error)
|
|
|
|
|
|
|
|
# Await the crypto check
|
|
|
|
let
|
|
|
|
(cryptoFut, sig) = deferredCrypto.get()
|
2021-11-05 16:39:47 +01:00
|
|
|
|
2021-12-09 13:56:54 +01:00
|
|
|
var x = (await cryptoFut)
|
|
|
|
case x
|
|
|
|
of BatchResult.Invalid:
|
|
|
|
return errReject("SyncCommitteeMessage: invalid signature")
|
|
|
|
of BatchResult.Timeout:
|
|
|
|
beacon_sync_messages_dropped_queue_full.inc()
|
|
|
|
return errIgnore("SyncCommitteeMessage: timeout checking signature")
|
|
|
|
of BatchResult.Valid:
|
|
|
|
sig # keep going only in this case
|
|
|
|
else:
|
|
|
|
let sig = msg.signature.load()
|
|
|
|
if not sig.isSome():
|
|
|
|
return errReject("SyncCommitteeMessage: unable to load signature")
|
|
|
|
sig.get()
|
2021-11-05 16:39:47 +01:00
|
|
|
|
2021-12-09 13:56:54 +01:00
|
|
|
return ok((positionsInSubcommittee, sig))
|
2021-08-28 10:40:01 +00:00
|
|
|
|
2022-03-02 10:00:21 +00:00
|
|
|
# https://github.com/ethereum/consensus-specs/blob/v1.1.10/specs/altair/p2p-interface.md#sync_committee_contribution_and_proof
|
2021-11-25 13:20:36 +01:00
|
|
|
proc validateContribution*(
|
2021-08-28 10:40:01 +00:00
|
|
|
dag: ChainDAGRef,
|
2021-12-09 13:56:54 +01:00
|
|
|
batchCrypto: ref BatchCrypto,
|
|
|
|
syncCommitteeMsgPool: ref SyncCommitteeMsgPool,
|
2021-08-28 10:40:01 +00:00
|
|
|
msg: SignedContributionAndProof,
|
|
|
|
wallTime: BeaconTime,
|
|
|
|
checkSignature: bool):
|
2021-12-20 20:20:31 +01:00
|
|
|
Future[Result[(CookedSig, seq[ValidatorIndex]), ValidationError]] {.async.} =
|
2021-12-09 13:56:54 +01:00
|
|
|
let
|
|
|
|
syncCommitteeSlot = msg.message.contribution.slot
|
2021-08-28 10:40:01 +00:00
|
|
|
|
|
|
|
# [IGNORE] The contribution's slot is for the current slot
|
|
|
|
# (with a MAXIMUM_GOSSIP_CLOCK_DISPARITY allowance)
|
|
|
|
# i.e. contribution.slot == current_slot.
|
2021-12-09 13:56:54 +01:00
|
|
|
block:
|
|
|
|
let v = check_propagation_slot_range(syncCommitteeSlot, wallTime) # [IGNORE]
|
|
|
|
if v.isErr():
|
|
|
|
return err(v.error())
|
2021-08-28 10:40:01 +00:00
|
|
|
|
|
|
|
# [REJECT] The subcommittee index is in the allowed range
|
|
|
|
# i.e. contribution.subcommittee_index < SYNC_COMMITTEE_SUBNET_COUNT.
|
2022-01-09 00:28:49 +01:00
|
|
|
let subcommitteeIdx = block:
|
|
|
|
let v = SyncSubcommitteeIndex.init(msg.message.contribution.subcommittee_index)
|
|
|
|
if v.isErr():
|
|
|
|
return errReject("SignedContributionAndProof: subcommittee index too high")
|
|
|
|
v.get()
|
2021-08-28 10:40:01 +00:00
|
|
|
|
|
|
|
# [REJECT] contribution_and_proof.selection_proof selects the validator as an aggregator for the slot
|
|
|
|
# i.e. is_sync_committee_aggregator(contribution_and_proof.selection_proof) returns True.
|
|
|
|
if not is_sync_committee_aggregator(msg.message.selection_proof):
|
2021-09-27 10:38:36 +02:00
|
|
|
return errReject("SignedContributionAndProof: invalid selection_proof")
|
2021-08-28 10:40:01 +00:00
|
|
|
|
2021-12-09 13:56:54 +01:00
|
|
|
# [IGNORE] The sync committee contribution is the first valid contribution
|
|
|
|
# received for the aggregator with index contribution_and_proof.aggregator_index
|
|
|
|
# for the slot contribution.slot and subcommittee index contribution.subcommittee_index
|
|
|
|
# (this requires maintaining a cache of size SYNC_COMMITTEE_SIZE for this
|
|
|
|
# topic that can be flushed after each slot).
|
|
|
|
if syncCommitteeMsgPool[].isSeen(msg.message):
|
|
|
|
return errIgnore("SignedContributionAndProof: duplicate contribution")
|
2021-08-28 10:40:01 +00:00
|
|
|
|
2021-10-19 17:20:55 +02:00
|
|
|
# [REJECT] The aggregator's validator index is in the declared subcommittee
|
|
|
|
# of the current sync committee.
|
|
|
|
# i.e. state.validators[contribution_and_proof.aggregator_index].pubkey in
|
|
|
|
# get_sync_subcommittee_pubkeys(state, contribution.subcommittee_index).
|
|
|
|
let
|
|
|
|
epoch = msg.message.contribution.slot.epoch
|
|
|
|
fork = dag.forkAtEpoch(epoch)
|
2022-04-08 18:22:49 +02:00
|
|
|
genesis_validators_root = dag.genesis_validators_root
|
2021-08-28 10:40:01 +00:00
|
|
|
|
2021-12-09 13:56:54 +01:00
|
|
|
if msg.message.contribution.aggregation_bits.countOnes() == 0:
|
2021-10-19 17:20:55 +02:00
|
|
|
# [REJECT] The contribution has participants
|
|
|
|
# that is, any(contribution.aggregation_bits).
|
|
|
|
return errReject("SignedContributionAndProof: aggregation bits empty")
|
2021-08-28 10:40:01 +00:00
|
|
|
|
2021-12-20 20:20:31 +01:00
|
|
|
# TODO we take a copy of the participants to avoid the data going stale
|
|
|
|
# between validation and use - nonetheless, a design that avoids it and
|
|
|
|
# stays safe would be nice
|
|
|
|
let participants = dag.syncCommitteeParticipants(
|
|
|
|
msg.message.contribution.slot, subcommitteeIdx)
|
|
|
|
|
2021-12-09 13:56:54 +01:00
|
|
|
let sig = if checkSignature:
|
|
|
|
let deferredCrypto = batchCrypto.scheduleContributionChecks(
|
|
|
|
fork, genesis_validators_root, msg, subcommitteeIdx, dag)
|
|
|
|
if deferredCrypto.isErr():
|
|
|
|
return errReject(deferredCrypto.error)
|
2021-08-28 10:40:01 +00:00
|
|
|
|
2021-12-09 13:56:54 +01:00
|
|
|
let
|
|
|
|
(aggregatorFut, proofFut, contributionFut, sig) = deferredCrypto.get()
|
|
|
|
|
|
|
|
block:
|
|
|
|
# [REJECT] The aggregator signature, signed_contribution_and_proof.signature, is valid
|
|
|
|
var x = await aggregatorFut
|
|
|
|
case x
|
|
|
|
of BatchResult.Invalid:
|
|
|
|
return errReject("SignedContributionAndProof: invalid aggregator signature")
|
|
|
|
of BatchResult.Timeout:
|
|
|
|
beacon_contributions_dropped_queue_full.inc()
|
|
|
|
return errIgnore("SignedContributionAndProof: timeout checking aggregator signature")
|
|
|
|
of BatchResult.Valid:
|
|
|
|
discard
|
2021-08-28 10:40:01 +00:00
|
|
|
|
2021-12-09 13:56:54 +01:00
|
|
|
block:
|
|
|
|
var x = await proofFut
|
|
|
|
case x
|
|
|
|
of BatchResult.Invalid:
|
|
|
|
return errReject("SignedContributionAndProof: invalid proof")
|
|
|
|
of BatchResult.Timeout:
|
|
|
|
beacon_contributions_dropped_queue_full.inc()
|
|
|
|
return errIgnore("SignedContributionAndProof: timeout checking proof")
|
|
|
|
of BatchResult.Valid:
|
|
|
|
discard
|
|
|
|
|
|
|
|
block:
|
|
|
|
# [REJECT] The aggregator signature, signed_aggregate_and_proof.signature, is valid.
|
|
|
|
var x = await contributionFut
|
|
|
|
case x
|
|
|
|
of BatchResult.Invalid:
|
|
|
|
return errReject("SignedContributionAndProof: invalid contribution signature")
|
|
|
|
of BatchResult.Timeout:
|
|
|
|
beacon_contributions_dropped_queue_full.inc()
|
|
|
|
return errIgnore("SignedContributionAndProof: timeout checking contribution signature")
|
|
|
|
of BatchResult.Valid:
|
|
|
|
discard
|
|
|
|
sig
|
|
|
|
else:
|
|
|
|
let sig = msg.message.contribution.signature.load()
|
|
|
|
if not sig.isSome():
|
|
|
|
return errReject("SyncCommitteeMessage: unable to load signature")
|
|
|
|
sig.get()
|
|
|
|
|
2021-12-20 20:20:31 +01:00
|
|
|
return ok((sig, participants))
|
2022-03-14 14:05:38 +01:00
|
|
|
|
2022-05-23 14:02:54 +02:00
|
|
|
# https://github.com/ethereum/consensus-specs/blob/vFuture/specs/altair/sync-protocol.md#light_client_finality_update
|
|
|
|
proc validateLightClientFinalityUpdate*(
|
|
|
|
pool: var LightClientPool, dag: ChainDAGRef,
|
|
|
|
finality_update: altair.LightClientFinalityUpdate,
|
|
|
|
wallTime: BeaconTime): Result[void, ValidationError] =
|
|
|
|
let finalized_slot = finality_update.finalized_header.slot
|
|
|
|
if finalized_slot <= pool.latestForwardedFinalitySlot:
|
|
|
|
# [IGNORE] No other `finality_update` with a lower or equal
|
|
|
|
# `finalized_header.slot` was already forwarded on the network.
|
|
|
|
return errIgnore("LightClientFinalityUpdate: slot already forwarded")
|
2022-03-14 14:05:38 +01:00
|
|
|
|
2022-05-23 14:02:54 +02:00
|
|
|
let
|
|
|
|
signature_slot = finality_update.signature_slot
|
|
|
|
currentTime = wallTime + MAXIMUM_GOSSIP_CLOCK_DISPARITY
|
|
|
|
forwardTime = signature_slot.light_client_finality_update_time
|
|
|
|
if currentTime < forwardTime:
|
|
|
|
# [IGNORE] The `finality_update` is received after the block at
|
|
|
|
# `signature_slot` was given enough time to propagate through the network.
|
|
|
|
return errIgnore("LightClientFinalityUpdate: received too early")
|
|
|
|
|
2022-06-24 16:57:50 +02:00
|
|
|
if finality_update != dag.lcDataStore.cache.latest:
|
2022-05-23 14:02:54 +02:00
|
|
|
# [IGNORE] The received `finality_update` matches the locally computed one
|
|
|
|
# exactly.
|
|
|
|
return errIgnore("LightClientFinalityUpdate: not matching local")
|
|
|
|
|
|
|
|
pool.latestForwardedFinalitySlot = finalized_slot
|
|
|
|
ok()
|
2022-03-14 14:05:38 +01:00
|
|
|
|
2022-05-23 14:02:54 +02:00
|
|
|
# https://github.com/ethereum/consensus-specs/blob/vFuture/specs/altair/sync-protocol.md#light_client_optimistic_update
|
|
|
|
proc validateLightClientOptimisticUpdate*(
|
|
|
|
pool: var LightClientPool, dag: ChainDAGRef,
|
|
|
|
optimistic_update: altair.LightClientOptimisticUpdate,
|
|
|
|
wallTime: BeaconTime): Result[void, ValidationError] =
|
|
|
|
let attested_slot = optimistic_update.attested_header.slot
|
|
|
|
if attested_slot <= pool.latestForwardedOptimisticSlot:
|
|
|
|
# [IGNORE] No other `optimistic_update` with a lower or equal
|
|
|
|
# `attested_header.slot` was already forwarded on the network.
|
|
|
|
return errIgnore("LightClientOptimisticUpdate: slot already forwarded")
|
2022-03-14 14:05:38 +01:00
|
|
|
|
2022-05-23 14:02:54 +02:00
|
|
|
let
|
|
|
|
signature_slot = optimistic_update.signature_slot
|
|
|
|
currentTime = wallTime + MAXIMUM_GOSSIP_CLOCK_DISPARITY
|
|
|
|
forwardTime = signature_slot.light_client_optimistic_update_time
|
|
|
|
if currentTime < forwardTime:
|
|
|
|
# [IGNORE] The `optimistic_update` is received after the block at
|
|
|
|
# `signature_slot` was given enough time to propagate through the network.
|
|
|
|
return errIgnore("LightClientOptimisticUpdate: received too early")
|
|
|
|
|
2022-06-24 16:57:50 +02:00
|
|
|
if not optimistic_update.matches(dag.lcDataStore.cache.latest):
|
2022-05-23 14:02:54 +02:00
|
|
|
# [IGNORE] The received `optimistic_update` matches the locally computed one
|
|
|
|
# exactly.
|
|
|
|
return errIgnore("LightClientOptimisticUpdate: not matching local")
|
|
|
|
|
|
|
|
pool.latestForwardedOptimisticSlot = attested_slot
|
2022-03-14 14:05:38 +01:00
|
|
|
ok()
|