-
Notifications
You must be signed in to change notification settings - Fork 272
Expand file tree
/
Copy pathprocess_proposal.go
More file actions
385 lines (351 loc) · 12.1 KB
/
process_proposal.go
File metadata and controls
385 lines (351 loc) · 12.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
// SPDX-License-Identifier: BUSL-1.1
//
// Copyright (C) 2025, Berachain Foundation. All rights reserved.
// Use of this software is governed by the Business Source License included
// in the LICENSE file of this repository and at www.mariadb.com/bsl11.
//
// ANY USE OF THE LICENSED WORK IN VIOLATION OF THIS LICENSE WILL AUTOMATICALLY
// TERMINATE YOUR RIGHTS UNDER THIS LICENSE FOR THE CURRENT AND ALL OTHER
// VERSIONS OF THE LICENSED WORK.
//
// THIS LICENSE DOES NOT GRANT YOU ANY RIGHT IN ANY TRADEMARK OR LOGO OF
// LICENSOR OR ITS AFFILIATES (PROVIDED THAT YOU MAY USE A TRADEMARK OR LOGO OF
// LICENSOR AS EXPRESSLY REQUIRED BY THIS LICENSE).
//
// TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON
// AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS,
// EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND
// TITLE.
package blockchain
import (
"bytes"
"context"
"fmt"
"time"
payloadtime "github.com/berachain/beacon-kit/beacon/payload-time"
"github.com/berachain/beacon-kit/config/spec"
ctypes "github.com/berachain/beacon-kit/consensus-types/types"
"github.com/berachain/beacon-kit/consensus/cometbft/service/encoding"
"github.com/berachain/beacon-kit/consensus/types"
datypes "github.com/berachain/beacon-kit/da/types"
"github.com/berachain/beacon-kit/errors"
"github.com/berachain/beacon-kit/primitives/common"
"github.com/berachain/beacon-kit/primitives/crypto"
"github.com/berachain/beacon-kit/primitives/eip4844"
"github.com/berachain/beacon-kit/primitives/math"
"github.com/berachain/beacon-kit/primitives/transition"
"github.com/berachain/beacon-kit/primitives/version"
"github.com/berachain/beacon-kit/state-transition/core"
statedb "github.com/berachain/beacon-kit/state-transition/core/state"
cmtabci "github.com/cometbft/cometbft/abci/types"
sdk "github.com/cosmos/cosmos-sdk/types"
)
const (
// BeaconBlockTxIndex represents the index of the beacon block transaction.
// It is the first transaction in the tx list.
BeaconBlockTxIndex uint = iota
// BlobSidecarsTxIndex represents the index of the blob sidecar transaction.
// It follows the beacon block transaction in the tx list.
BlobSidecarsTxIndex
// A Consensus block has at most two transactions (block and blob).
MaxConsensusTxsCount = 2
)
//nolint:funlen // not an issue
func (s *Service) ProcessProposal(
ctx sdk.Context,
req *cmtabci.ProcessProposalRequest,
) error {
if countTx := len(req.Txs); countTx > MaxConsensusTxsCount {
return fmt.Errorf("max expected %d, got %d: %w",
MaxConsensusTxsCount, countTx,
ErrTooManyConsensusTxs,
)
}
cometTime := math.U64(req.GetTime().Unix()) //#nosec: G115
if s.chainSpec.DepositEth1ChainID() != spec.DevnetEth1ChainID {
state := s.storageBackend.StateFromContext(ctx)
lph, err := state.GetLatestExecutionPayloadHeader()
if err != nil {
return err
}
cometTime = lph.GetTimestamp() + math.U64(s.chainSpec.TargetSecondsPerEth1Block())
}
forkVersion := s.chainSpec.ActiveForkVersionForTimestamp(cometTime)
// Decode signed block and sidecars.
signedBlk, sidecars, err := encoding.ExtractBlobsAndBlockFromRequest(
req,
BeaconBlockTxIndex,
BlobSidecarsTxIndex,
forkVersion,
)
if err != nil {
return err
}
if signedBlk == nil {
s.logger.Warn(
"Aborting block verification - beacon block not found in proposal",
)
return ErrNilBlk
}
if sidecars == nil {
s.logger.Warn(
"Aborting block verification - blob sidecars not found in proposal",
)
return ErrNilBlob
}
blk := signedBlk.GetBeaconBlock()
// There are two different timestamps:
// - The "consensus time" is determined by CometBFT consensus and can be retrieved with `req.GetTime()`
// - The "block time" is determined by beacon-kit consensus and can be retrieved with `blk.GetTimestamp()`
// The "consensus time" is what the network agrees the current time is based on CometBFT PBTS.
// This "consensus time" is used to constrain the timestamp set as the "block time" by the
// beacon-kit app, but they are not always equal in value. The "block time" is used by the
// beacon-kit consensus and execution layers to determine the active fork version.
//
// When unmarshaling the BeaconBlock, we do not yet have access to the "block time", so we
// must rely on the "consensus time" as our best estimation of the "block time" needed to
// determine the current fork version. Since the two timestamps could be different, we need to
// ensure that the fork version for these timestamps are the same. This may result in a failed
// proposal or two at the start of the fork.
blkVersion := s.chainSpec.ActiveForkVersionForTimestamp(blk.GetTimestamp())
if !version.Equals(blkVersion, forkVersion) {
return fmt.Errorf("CometBFT version %v, BeaconBlock version %v: %w",
forkVersion, blkVersion,
ErrVersionMismatch,
)
}
// Make sure we have the right number of BlobSidecars
blobKzgCommitments := blk.GetBody().GetBlobKzgCommitments()
numCommitments := len(blobKzgCommitments)
if numCommitments != len(sidecars) {
return fmt.Errorf("expected %d sidecars, got %d: %w",
numCommitments, len(sidecars),
ErrSidecarCommitmentMismatch,
)
}
if uint64(numCommitments) > s.chainSpec.MaxBlobsPerBlock() {
return fmt.Errorf("expected less than %d sidecars, got %d: %w",
s.chainSpec.MaxBlobsPerBlock(), numCommitments,
core.ErrExceedsBlockBlobLimit,
)
}
// Verify the block and sidecar signatures. We can simply verify the block
// signature and then make sure the sidecar signatures match the block.
blkSignature := signedBlk.GetSignature()
for i, sidecar := range sidecars {
sidecarSignature := sidecar.GetSignature()
if !bytes.Equal(blkSignature[:], sidecarSignature[:]) {
return fmt.Errorf("%w, idx: %d", ErrSidecarSignatureMismatch, i)
}
}
err = s.VerifyIncomingBlockSignature(ctx, blk, signedBlk.GetSignature())
if err != nil {
return err
}
if numCommitments > 0 {
// Process the blob sidecars
//
// In theory, swapping the order of verification between the sidecars
// and the incoming block should not introduce any inconsistencies
// in the state on which the sidecar verification depends on (notably
// the currently active fork). ProcessProposal should only
// keep the state changes as candidates (which is what we do in
// VerifyIncomingBlock).
err = s.VerifyIncomingBlobSidecars(ctx, sidecars, blk.GetHeader(), blobKzgCommitments)
if err != nil {
s.logger.Error("failed to verify incoming blob sidecars", "error", err)
return err
}
}
// Process the block.
consensusBlk := types.NewConsensusBlock(
blk,
req.GetProposerAddress(),
cometTime,
)
err = s.VerifyIncomingBlock(
ctx,
consensusBlk.GetBeaconBlock(),
consensusBlk.GetConsensusTime(),
consensusBlk.GetProposerAddress(),
)
if err != nil {
s.logger.Error("failed to verify incoming block", "error", err)
return err
}
return nil
}
func (s *Service) VerifyIncomingBlockSignature(
ctx context.Context,
beaconBlk *ctypes.BeaconBlock,
signature crypto.BLSSignature,
) error {
// Get the sidecar verification function from the state processor
signatureVerifierFn, err := s.stateProcessor.GetSignatureVerifierFn(
s.storageBackend.StateFromContext(ctx),
)
if err != nil {
return errors.New("failed to create block signature verifier")
}
err = signatureVerifierFn(beaconBlk, signature)
if err != nil {
return fmt.Errorf("failed verifying incoming block signature: %w", err)
}
return err
}
// VerifyIncomingBlobSidecars verifies the BlobSidecars of an incoming
// proposal and logs the process.
func (s *Service) VerifyIncomingBlobSidecars(
ctx context.Context,
sidecars datypes.BlobSidecars,
blkHeader *ctypes.BeaconBlockHeader,
kzgCommitments eip4844.KZGCommitments[common.ExecutionHash],
) error {
// Verify the blobs and ensure they match the local state.
err := s.blobProcessor.VerifySidecars(ctx, sidecars, blkHeader, kzgCommitments)
if err != nil {
s.logger.Error(
"Blob sidecars verification failed - rejecting incoming blob sidecars",
"reason", err, "slot", blkHeader.GetSlot(),
)
return err
}
s.logger.Info(
"Blob sidecars verification succeeded - accepting incoming blob sidecars",
"num_blobs", len(sidecars), "slot", blkHeader.GetSlot(),
)
return nil
}
// VerifyIncomingBlock verifies the state root of an incoming block
// and logs the process.
//
//nolint:funlen // not an issue
func (s *Service) VerifyIncomingBlock(
ctx context.Context,
beaconBlk *ctypes.BeaconBlock,
consensusTime math.U64,
proposerAddress []byte,
) error {
// Grab a copy of the state to verify the incoming block.
preState := s.storageBackend.StateFromContext(ctx)
// Force a sync of the startup head if we haven't done so already.
// TODO: Address the need for calling forceStartupSyncOnce in ProcessProposal. On a running
// network (such as mainnet), it should be theoretically impossible to hit the case where
// ProcessProposal is called before FinalizeBlock. It may be the case that new networks run
// into this case during the first block after genesis.
// TODO: Consider panicing here if this fails. If our node cannot successfully run
// forceStartupSync, then we should shut down the node and fix the problem.
s.forceStartupSyncOnce.Do(func() { s.forceSyncUponProcess(ctx, preState) })
s.logger.Info(
"Received incoming beacon block",
"state_root", beaconBlk.GetStateRoot(),
"slot", beaconBlk.GetSlot(),
)
// We purposefully make a copy of the BeaconState in order
// to avoid modifying the underlying state, for the event in which
// we have to rebuild a payload for this slot again, if we do not agree
// with the incoming block.
postState := preState.Copy(ctx)
// verify block slot
stateSlot, err := postState.GetSlot()
if err != nil {
s.logger.Error(
"failed loading state slot to verify block slot",
"reason", err,
)
return err
}
blkSlot := beaconBlk.GetSlot()
if blkSlot != stateSlot+1 {
s.logger.Error(
"Rejecting incoming beacon block ❌ ",
"state slot", stateSlot.Base10(),
"block slot", blkSlot.Base10(),
"reason", ErrUnexpectedBlockSlot.Error(),
)
return ErrUnexpectedBlockSlot
}
// Verify the state root of the incoming block.
err = s.verifyStateRoot(
ctx,
postState,
beaconBlk,
consensusTime,
proposerAddress)
if err != nil {
s.logger.Error(
"Rejecting incoming beacon block ❌ ",
"state_root", beaconBlk.GetStateRoot(),
"reason", err,
)
if s.shouldBuildOptimisticPayloads() {
lph, lphErr := preState.GetLatestExecutionPayloadHeader()
if lphErr != nil {
return errors.Join(
err,
fmt.Errorf("failed getting LatestExecutionPayloadHeader: %w", lphErr),
)
}
go s.handleRebuildPayloadForRejectedBlock(
ctx,
preState,
payloadtime.Next(
consensusTime,
lph.GetTimestamp(),
true, // buildOptimistically
),
)
}
return err
}
s.logger.Info(
"State root verification succeeded - accepting incoming beacon block",
"state_root",
beaconBlk.GetStateRoot(),
)
if s.shouldBuildOptimisticPayloads() {
lph, lphErr := postState.GetLatestExecutionPayloadHeader()
if lphErr != nil {
return fmt.Errorf("failed loading LatestExecutionPayloadHeader: %w", lphErr)
}
go s.handleOptimisticPayloadBuild(
ctx,
postState,
beaconBlk,
payloadtime.Next(
consensusTime,
lph.GetTimestamp(),
true, // buildOptimistically
),
)
}
return nil
}
// verifyStateRoot verifies the state root of an incoming block.
func (s *Service) verifyStateRoot(
ctx context.Context,
st *statedb.StateDB,
blk *ctypes.BeaconBlock,
consensusTime math.U64,
proposerAddress []byte,
) error {
startTime := time.Now()
defer s.metrics.measureStateRootVerificationTime(startTime)
txCtx := transition.NewTransitionCtx(
ctx,
consensusTime,
proposerAddress,
).
WithVerifyPayload(true).
WithVerifyRandao(true).
WithVerifyResult(true).
WithMeterGas(false)
_, err := s.stateProcessor.Transition(txCtx, st, blk)
return err
}
// shouldBuildOptimisticPayloads returns true if optimistic
// payload builds are enabled.
func (s *Service) shouldBuildOptimisticPayloads() bool {
return s.optimisticPayloadBuilds && s.localBuilder.Enabled()
}