Skip to content

op-challenger: never load the absolute prestate for permissioned games#21681

Open
pauldowman wants to merge 5 commits into
developfrom
fix/op-challenger-permissioned-prestate-url
Open

op-challenger: never load the absolute prestate for permissioned games#21681
pauldowman wants to merge 5 commits into
developfrom
fix/op-challenger-permissioned-prestate-url

Conversation

@pauldowman

@pauldowman pauldowman commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Fixes #21470.

When a permissioned game (type 1) is configured with --prestates-url, op-challenger fetches the game's absolute prestate from that URL keyed by hash. Permissioned games are often configured with a placeholder prestate that isn't published there, so the fetch fails and op-challenger errors out creating the game player — even though it should still resolve the game. (With --cannon-prestate <file> this doesn't happen because the single-file source ignores the hash, hence the --cannon-prestate=any-string workaround.)

Permissioned games are played only by trusted actors, resolve at the output-root level, and never reach step(), so their VM prestate is never actually used. Per review feedback, the challenger now never loads the prestate for permissioned games at all (rather than only tolerating a failed fetch):

  • The bottom prestate provider for the permissioned game type is an unconditional empty placeholder — no fetch, no cache, no error path. Cannon and other game types still hard-fail on a missing prestate.
  • The prestate flags (--cannon-prestate / --prestates-url) are no longer required when only the permissioned game type is enabled, at both the CLI-flags and config validation layers, mirroring the existing op-program server relaxation. They are still required whenever the cannon game type is enabled.
  • New GameType.IsPermissioned() and CannonFamilyGameTypes in game/types centralize the "permissioned ⇒ never reaches step()" property (already covering the upcoming SuperPermissionedGameType) and the cannon flag-family membership; the validators derive their own requirements from them instead of taking caller-supplied booleans.
  • Tests pin: permissioned games get the placeholder without any load attempt; cannon still errors on a missing prestate; prestate flags are optional for permissioned-only configs but still required when cannon and permissioned are both enabled (config and CLI layers).
  • README documents the behavior.

@pauldowman pauldowman marked this pull request as ready for review July 9, 2026 22:20
@pauldowman pauldowman requested a review from a team as a code owner July 9, 2026 22:20
provider, err := source(ctx, prestateHash)
if errors.Is(err, prestates.ErrPrestateUnavailable) {
logger.Warn("Prestate unavailable, using empty placeholder", "prestateHash", prestateHash, "err", err)
return vm.NewPrestateProvider("", stateConverter), nil

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what do you think about always returning the empty placeholder, rather than only when the prestate is unavailable.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's a good idea. There's no reason to even attempt to fetch it if permissioned. Will do.

@pauldowman pauldowman changed the title op-challenger: tolerate missing prestate for permissioned games with --prestates-url op-challenger: never load the absolute prestate for permissioned games Jul 10, 2026
@pauldowman pauldowman requested a review from Inphi July 13, 2026 21:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

op-challenger: Permissioned games still requiring cannon-prestate in some cases

2 participants