feat: multiple epochs in certificate

Author: karlem

fendermint/actors/f3-cert-manager/src/lib.rs

@@ -153,13 +153,13 @@ mod tests {
     use multihash::{Code, MultihashDigest};
 
     /// Helper function to create a mock F3 certificate
-    fn create_test_certificate(instance_id: u64, epoch: i64) -> F3Certificate {
+    fn create_test_certificate(instance_id: u64, finalized_epochs: Vec<i64>) -> F3Certificate {
         // Create a dummy CID for power table
         let power_table_cid = Cid::new_v1(0x55, Code::Blake2b256.digest(b"test_power_table"));
 
         F3Certificate {
             instance_id,
-            epoch,
+            finalized_epochs,
             power_table_cid,
             signature: vec![1, 2, 3, 4],        // Dummy signature
             certificate_data: vec![5, 6, 7, 8], // Dummy certificate data
@@ -224,7 +224,7 @@ mod tests {
     #[test]
     fn test_constructor_with_genesis_data() {
         let power_entries = create_test_power_entries();
-        let genesis_cert = create_test_certificate(1, 100);
+        let genesis_cert = create_test_certificate(1, vec![100, 101, 102]);
 
         let _rt = construct_and_verify(1, power_entries, Some(genesis_cert));
         // Constructor test passed if we get here without panicking
@@ -238,7 +238,7 @@ mod tests {
         rt.set_caller(*SYSTEM_ACTOR_CODE_ID, SYSTEM_ACTOR_ADDR);
         rt.expect_validate_caller_addr(vec![SYSTEM_ACTOR_ADDR]);
 
-        let new_cert = create_test_certificate(1, 200);
+        let new_cert = create_test_certificate(1, vec![200, 201, 202]);
         let update_params = UpdateCertificateParams {
             certificate: new_cert.clone(),
         };
@@ -258,14 +258,14 @@ mod tests {
 
     #[test]
     fn test_update_certificate_non_advancing_height() {
-        let genesis_cert = create_test_certificate(1, 100);
+        let genesis_cert = create_test_certificate(1, vec![100, 101, 102]);
         let rt = construct_and_verify(1, vec![], Some(genesis_cert));
 
         rt.set_caller(*SYSTEM_ACTOR_CODE_ID, SYSTEM_ACTOR_ADDR);
         rt.expect_validate_caller_addr(vec![SYSTEM_ACTOR_ADDR]);
 
-        // Try to update with same or lower height
-        let same_height_cert = create_test_certificate(1, 100); // Same height
+        // Try to update with same or lower height (highest epoch is 102, try with 102 or lower)
+        let same_height_cert = create_test_certificate(1, vec![100, 101, 102]); // Same highest
         let update_params = UpdateCertificateParams {
             certificate: same_height_cert,
         };
@@ -290,7 +290,7 @@ mod tests {
         rt.set_caller(*SYSTEM_ACTOR_CODE_ID, unauthorized_caller);
         rt.expect_validate_caller_addr(vec![SYSTEM_ACTOR_ADDR]);
 
-        let new_cert = create_test_certificate(1, 200);
+        let new_cert = create_test_certificate(1, vec![200, 201, 202]);
         let update_params = UpdateCertificateParams {
             certificate: new_cert,
         };
@@ -325,7 +325,7 @@ mod tests {
 
     #[test]
     fn test_get_certificate_with_data() {
-        let genesis_cert = create_test_certificate(1, 100);
+        let genesis_cert = create_test_certificate(1, vec![100, 101, 102]);
         let rt = construct_and_verify(1, vec![], Some(genesis_cert.clone()));
 
         rt.expect_validate_caller_any();
@@ -337,7 +337,7 @@ mod tests {
 
         let response = result.deserialize::<GetCertificateResponse>().unwrap();
         assert_eq!(response.certificate, Some(genesis_cert));
-        assert_eq!(response.latest_finalized_height, 100);
+        assert_eq!(response.latest_finalized_height, 102); // Highest epoch
     }
 
     #[test]
@@ -366,7 +366,7 @@ mod tests {
         rt.set_caller(*SYSTEM_ACTOR_CODE_ID, SYSTEM_ACTOR_ADDR);
         rt.expect_validate_caller_addr(vec![SYSTEM_ACTOR_ADDR]);
 
-        let cert1 = create_test_certificate(1, 100);
+        let cert1 = create_test_certificate(1, vec![100, 101, 102]);
         let update_params1 = UpdateCertificateParams {
             certificate: cert1.clone(),
         };
@@ -382,7 +382,7 @@ mod tests {
         rt.set_caller(*SYSTEM_ACTOR_CODE_ID, SYSTEM_ACTOR_ADDR);
         rt.expect_validate_caller_addr(vec![SYSTEM_ACTOR_ADDR]);
 
-        let cert2 = create_test_certificate(1, 200);
+        let cert2 = create_test_certificate(1, vec![200, 201, 202]);
         let update_params2 = UpdateCertificateParams {
             certificate: cert2.clone(),
         };
@@ -398,14 +398,14 @@ mod tests {
 
     #[test]
     fn test_instance_id_progression_next_instance() {
-        let genesis_cert = create_test_certificate(100, 50);
+        let genesis_cert = create_test_certificate(100, vec![50, 51, 52]);
         let rt = construct_and_verify(100, vec![], Some(genesis_cert));
 
         rt.set_caller(*SYSTEM_ACTOR_CODE_ID, SYSTEM_ACTOR_ADDR);
         rt.expect_validate_caller_addr(vec![SYSTEM_ACTOR_ADDR]);
 
         // Update to next instance (100 -> 101) should succeed
-        let next_instance_cert = create_test_certificate(101, 10); // Epoch can be any value
+        let next_instance_cert = create_test_certificate(101, vec![10, 11, 12]); // Epoch can be any value
         let update_params = UpdateCertificateParams {
             certificate: next_instance_cert,
         };
@@ -420,14 +420,14 @@ mod tests {
 
     #[test]
     fn test_instance_id_skip_rejected() {
-        let genesis_cert = create_test_certificate(100, 50);
+        let genesis_cert = create_test_certificate(100, vec![50, 51, 52]);
         let rt = construct_and_verify(100, vec![], Some(genesis_cert));
 
         rt.set_caller(*SYSTEM_ACTOR_CODE_ID, SYSTEM_ACTOR_ADDR);
         rt.expect_validate_caller_addr(vec![SYSTEM_ACTOR_ADDR]);
 
         // Try to skip instance (100 -> 102) should fail
-        let skipped_cert = create_test_certificate(102, 100);
+        let skipped_cert = create_test_certificate(102, vec![100, 101, 102]);
         let update_params = UpdateCertificateParams {
             certificate: skipped_cert,
         };
@@ -444,14 +444,14 @@ mod tests {
 
     #[test]
     fn test_instance_id_backward_rejected() {
-        let genesis_cert = create_test_certificate(100, 50);
+        let genesis_cert = create_test_certificate(100, vec![50, 51, 52]);
         let rt = construct_and_verify(100, vec![], Some(genesis_cert));
 
         rt.set_caller(*SYSTEM_ACTOR_CODE_ID, SYSTEM_ACTOR_ADDR);
         rt.expect_validate_caller_addr(vec![SYSTEM_ACTOR_ADDR]);
 
         // Try to go backward (100 -> 99) should fail
-        let backward_cert = create_test_certificate(99, 100);
+        let backward_cert = create_test_certificate(99, vec![100, 101, 102]);
         let update_params = UpdateCertificateParams {
             certificate: backward_cert,
         };
@@ -475,7 +475,7 @@ mod tests {
         rt.expect_validate_caller_addr(vec![SYSTEM_ACTOR_ADDR]);
 
         // First certificate must match genesis_instance_id (50) or be next (51)
-        let matching_cert = create_test_certificate(50, 100);
+        let matching_cert = create_test_certificate(50, vec![100, 101, 102]);
         let update_params = UpdateCertificateParams {
             certificate: matching_cert,
         };
@@ -497,7 +497,7 @@ mod tests {
         rt.expect_validate_caller_addr(vec![SYSTEM_ACTOR_ADDR]);
 
         // First certificate can also be genesis + 1 (51)
-        let next_instance_cert = create_test_certificate(51, 100);
+        let next_instance_cert = create_test_certificate(51, vec![100, 101, 102]);
         let update_params = UpdateCertificateParams {
             certificate: next_instance_cert,
         };
@@ -509,4 +509,83 @@ mod tests {
 
         assert!(result.is_ok());
     }
+
+    #[test]
+    fn test_certificate_with_multiple_epochs() {
+        let rt = construct_and_verify(1, vec![], None);
+
+        rt.set_caller(*SYSTEM_ACTOR_CODE_ID, SYSTEM_ACTOR_ADDR);
+        rt.expect_validate_caller_addr(vec![SYSTEM_ACTOR_ADDR]);
+
+        // Certificate covering epochs 100-110
+        let multi_epoch_cert = create_test_certificate(
+            1,
+            vec![100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110],
+        );
+        let update_params = UpdateCertificateParams {
+            certificate: multi_epoch_cert,
+        };
+
+        let result = rt.call::<F3CertManagerActor>(
+            Method::UpdateCertificate as u64,
+            IpldBlock::serialize_cbor(&update_params).unwrap(),
+        );
+
+        assert!(result.is_ok());
+        rt.reset();
+
+        // Query to verify latest_finalized_height is the highest epoch
+        rt.expect_validate_caller_any();
+        let result = rt
+            .call::<F3CertManagerActor>(Method::GetCertificate as u64, None)
+            .unwrap()
+            .unwrap();
+
+        let response = result.deserialize::<GetCertificateResponse>().unwrap();
+        assert_eq!(response.latest_finalized_height, 110); // Highest epoch
+    }
+
+    #[test]
+    fn test_certificate_empty_epochs_rejected() {
+        let rt = construct_and_verify(1, vec![], None);
+
+        rt.set_caller(*SYSTEM_ACTOR_CODE_ID, SYSTEM_ACTOR_ADDR);
+        rt.expect_validate_caller_addr(vec![SYSTEM_ACTOR_ADDR]);
+
+        // Try to update with empty finalized_epochs
+        let invalid_cert = create_test_certificate(1, vec![]);
+        let update_params = UpdateCertificateParams {
+            certificate: invalid_cert,
+        };
+
+        let result = rt.call::<F3CertManagerActor>(
+            Method::UpdateCertificate as u64,
+            IpldBlock::serialize_cbor(&update_params).unwrap(),
+        );
+
+        assert!(result.is_err());
+        let err = result.unwrap_err();
+        assert_eq!(err.exit_code(), ExitCode::USR_ILLEGAL_ARGUMENT);
+    }
+
+    #[test]
+    fn test_certificate_single_epoch() {
+        let rt = construct_and_verify(1, vec![], None);
+
+        rt.set_caller(*SYSTEM_ACTOR_CODE_ID, SYSTEM_ACTOR_ADDR);
+        rt.expect_validate_caller_addr(vec![SYSTEM_ACTOR_ADDR]);
+
+        // Certificate with only one epoch should work
+        let single_epoch_cert = create_test_certificate(1, vec![100]);
+        let update_params = UpdateCertificateParams {
+            certificate: single_epoch_cert,
+        };
+
+        let result = rt.call::<F3CertManagerActor>(
+            Method::UpdateCertificate as u64,
+            IpldBlock::serialize_cbor(&update_params).unwrap(),
+        );
+
+        assert!(result.is_ok());
+    }
 }

fendermint/actors/f3-cert-manager/src/state.rs

@@ -29,7 +29,7 @@ impl State {
     ) -> Result<State, ActorError> {
         let latest_finalized_height = genesis_certificate
             .as_ref()
-            .map(|cert| cert.epoch)
+            .and_then(|cert| cert.finalized_epochs.iter().max().copied())
             .unwrap_or(0);
 
         let state = State {
@@ -47,6 +47,13 @@ impl State {
         _rt: &impl Runtime,
         certificate: F3Certificate,
     ) -> Result<(), ActorError> {
+        // Validate finalized_epochs is not empty
+        if certificate.finalized_epochs.is_empty() {
+            return Err(ActorError::illegal_argument(
+                "Certificate must have at least one finalized epoch".to_string(),
+            ));
+        }
+
         // Determine current instance ID from latest certificate or genesis
         let current_instance_id = self
             .latest_certificate
@@ -56,11 +63,16 @@ impl State {
 
         // Validate instance progression
         if certificate.instance_id == current_instance_id {
-            // Same instance: epoch must advance
-            if certificate.epoch <= self.latest_finalized_height {
+            // Same instance: highest epoch must advance
+            let new_highest = certificate
+                .finalized_epochs
+                .iter()
+                .max()
+                .expect("finalized_epochs validated as non-empty");
+            if *new_highest <= self.latest_finalized_height {
                 return Err(ActorError::illegal_argument(format!(
-                    "Certificate epoch {} must be greater than current finalized height {}",
-                    certificate.epoch, self.latest_finalized_height
+                    "Certificate highest epoch {} must be greater than current finalized height {}",
+                    new_highest, self.latest_finalized_height
                 )));
             }
         } else if certificate.instance_id == current_instance_id + 1 {
@@ -73,8 +85,12 @@ impl State {
             )));
         }
 
-        // Update state - the transaction will handle persisting this
-        self.latest_finalized_height = certificate.epoch;
+        // Update state - set latest_finalized_height to the highest epoch
+        self.latest_finalized_height = *certificate
+            .finalized_epochs
+            .iter()
+            .max()
+            .expect("finalized_epochs validated as non-empty");
         self.latest_certificate = Some(certificate);
 
         Ok(())
@@ -99,4 +115,13 @@ impl State {
     pub fn get_latest_finalized_height(&self) -> ChainEpoch {
         self.latest_finalized_height
     }
+
+    /// Check if a specific parent epoch has been finalized
+    pub fn is_epoch_finalized(&self, epoch: ChainEpoch) -> bool {
+        if let Some(cert) = &self.latest_certificate {
+            cert.finalized_epochs.contains(&epoch)
+        } else {
+            false
+        }
+    }
 }

fendermint/actors/f3-cert-manager/src/types.rs

@@ -10,13 +10,14 @@ use fvm_shared::clock::ChainEpoch;
 pub struct F3Certificate {
     /// F3 instance ID
     pub instance_id: u64,
-    /// Epoch/height this certificate finalizes
-    pub epoch: ChainEpoch,
+    /// All epochs finalized by this certificate (from ECChain)
+    /// Must contain at least one epoch
+    pub finalized_epochs: Vec<ChainEpoch>,
     /// CID of the power table used for this certificate
     pub power_table_cid: Cid,
     /// Aggregated signature from F3 participants
     pub signature: Vec<u8>,
-    /// Raw certificate data for verification
+    /// Raw certificate data for verification (full Lotus cert with ECChain)
     pub certificate_data: Vec<u8>,
 }