Merge commit 'd9c24f650a7533c13777cab9ede9761919af3ea5' into v1.28.0-rc2

CHANGELOG.md

@@ -12,16 +12,18 @@
 
 ## Improvements
 
-# v1.28.0-rc1 / 2024-07-01
+# v1.28.0-rc2 / 2024-07-04
 
-This is the first release candidate of the upcoming MANDATORY Lotus v1.28.0 release, which will deliver the Filecoin network version 23, codenamed Waffle 🧇.
+This is the second release candidate of the upcoming MANDATORY Lotus v1.28.0 release, which will deliver the Filecoin network version 23, codenamed Waffle 🧇.
 
-**This release canidate does NOT set a calibration network upgrade epoch, it will be added in the second release candidate, expected to be released July 4th. This release candidate does NOT set the mainnet upgrade epoch yet, which will be updated in the final release.**
+**This release candidate sets the calibration network to upgrade at epoch 1779094, corresponding to 2024-07-11T12:00:00Z.** This release does NOT set the mainnet upgrade epoch yet, in which will be updated in the final release.
 
 ☢️ Upgrade Warnings ☢️
 
 If you are running the `v1.26.0` or an earlier version of Lotus, please go through the `Upgrade Warnings` section for the `v1.27.*` releases, before upgrading to this RC.
 
+- This upgrade includes an additional migration to the events database. Node operators running Lotus with events turned on (off by default) may experience some delay in initial start-up of Lotus as a minor database migration takes place. See [filecoin-project/lotus#12080](https://github.com/filecoin-project/lotus/pull/12080) for full details.
+
 ## The Filecoin network version 23 delivers the following FIPs:
 
 - [FIP-0065: Ignore built-in market locked balance in circulating supply calculation](https://github.com/filecoin-project/FIPs/blob/master/FIPS/fip-0065.md)
@@ -63,7 +65,15 @@ verifiedregistry  bafk2bzaceczw2kp6gjjdcjbso7mewp7guik7gr525pal6dotdja2lrct6ok3c
 ```
 
 ## Migration
-The NV23 upgrade migration is expected to be extremely light as only FIP-0085 requires a migration. We don't expect null tipsets after the upgrade epoch or heavy block validation times. We will updated this sections once we have run the final benchmarks.
+
+All node operators, including storage providers, should be aware that ONE pre-migration is being scheduled 120 epochs before the network upgrade. The migration for the NV23 upgrade is expected to be light with no heavy pre-migrations, here are some expected timings and resource consumption numbers:
+
+- Pre-Migration is expected to take less then 1 minute
+- The migration is expected to take less then 30 seconds on a node with a NVMe-drive and a newer CPU. For nodes running on slower disks/CPU, it is still expected to take less then 1 minute.
+
+We recommend node operators (who haven't enabled splitstore discard mode) that do not care about historical chain states, to prune the chain blockstore by syncing from a snapshot 1-2 days before the upgrade.
+
+For certain node operators, such as full archival nodes or systems that need to keep large amounts of state (RPC providers), we recommend skipping the pre-migration and run the non-cached migration (i.e., just running the migration at the network upgrade epoch), and schedule for some additional downtime. Operators of such nodes can read the [How to disable premigration in network upgrade tutorial.](https://lotus.filecoin.io/kb/disable-premigration/)
 
 ## Dependencies
 - github.com/filecoin-project/go-state-types (`v0.14.0-dev` -> `v0.14.0-rc5`)

build/openrpc/full.json

@@ -2,7 +2,7 @@
     "openrpc": "1.2.6",
     "info": {
         "title": "Lotus RPC API",
-        "version": "1.28.0-rc1"
+        "version": "1.28.0-rc2"
     },
     "methods": [
         {

build/openrpc/gateway.json

@@ -2,7 +2,7 @@
     "openrpc": "1.2.6",
     "info": {
         "title": "Lotus RPC API",
-        "version": "1.28.0-rc1"
+        "version": "1.28.0-rc2"
     },
     "methods": [
         {

build/openrpc/miner.json

@@ -2,7 +2,7 @@
     "openrpc": "1.2.6",
     "info": {
         "title": "Lotus RPC API",
-        "version": "1.28.0-rc1"
+        "version": "1.28.0-rc2"
     },
     "methods": [
         {

build/openrpc/worker.json

@@ -2,7 +2,7 @@
     "openrpc": "1.2.6",
     "info": {
         "title": "Lotus RPC API",
-        "version": "1.28.0-rc1"
+        "version": "1.28.0-rc2"
     },
     "methods": [
         {

build/params_2k.go

@@ -83,8 +83,7 @@ const UpgradeWatermelonFix2Height = -101
 const UpgradeCalibrationDragonFixHeight = -102
 
 var DrandSchedule = map[abi.ChainEpoch]DrandEnum{
-	0:                    DrandMainnet,
-	UpgradePhoenixHeight: DrandQuicknet,
+	0: DrandQuicknet,
 }
 
 var SupportedProofTypes = []abi.RegisteredSealProof{
@@ -160,8 +159,7 @@ func init() {
 
 	UpgradePhoenixHeight = getUpgradeHeight("LOTUS_PHOENIX_HEIGHT", UpgradePhoenixHeight)
 	DrandSchedule = map[abi.ChainEpoch]DrandEnum{
-		0:                    DrandMainnet,
-		UpgradePhoenixHeight: DrandQuicknet,
+		0: DrandQuicknet,
 	}
 
 	BuildType |= Build2k
@@ -191,5 +189,5 @@ const Eip155ChainId = 31415926
 
 var WhitelistedBlock = cid.Undef
 
-const F3Enabled = true
+const f3Enabled = true
 const F3BootstrapEpoch abi.ChainEpoch = 100

build/params_butterfly.go

@@ -16,8 +16,7 @@ import (
 )
 
 var DrandSchedule = map[abi.ChainEpoch]DrandEnum{
-	0:                    DrandMainnet,
-	UpgradePhoenixHeight: DrandQuicknet,
+	0: DrandQuicknet,
 }
 
 const GenesisNetworkVersion = network.Version22
@@ -107,5 +106,5 @@ const Eip155ChainId = 3141592
 
 var WhitelistedBlock = cid.Undef
 
-const F3Enabled = true
+const f3Enabled = true
 const F3BootstrapEpoch abi.ChainEpoch = 200

build/params_calibnet.go

@@ -98,8 +98,8 @@ const UpgradePhoenixHeight = UpgradeDragonHeight + 120
 // 2024-04-03T11:00:00Z
 const UpgradeCalibrationDragonFixHeight = 1493854
 
-// ?????
-const UpgradeWaffleHeight = 999999999999999
+// 2024-07-11T12:00:00Z
+const UpgradeWaffleHeight = 1779094
 
 var SupportedProofTypes = []abi.RegisteredSealProof{
 	abi.RegisteredSealProof_StackedDrg32GiBV1,
@@ -152,5 +152,5 @@ const Eip155ChainId = 314159
 
 var WhitelistedBlock = cid.Undef
 
-const F3Enabled = false
-const F3BootstrapEpoch abi.ChainEpoch = -1
+const f3Enabled = true
+const F3BootstrapEpoch abi.ChainEpoch = UpgradeWaffleHeight + 100

build/params_interop.go

@@ -69,8 +69,7 @@ const UpgradeWatermelonFix2Height = -2
 const UpgradeCalibrationDragonFixHeight = -3
 
 var DrandSchedule = map[abi.ChainEpoch]DrandEnum{
-	0:                    DrandMainnet,
-	UpgradePhoenixHeight: DrandQuicknet,
+	0: DrandQuicknet,
 }
 
 var SupportedProofTypes = []abi.RegisteredSealProof{
@@ -146,5 +145,5 @@ const Eip155ChainId = 3141592
 
 var WhitelistedBlock = cid.Undef
 
-const F3Enabled = true
+const f3Enabled = true
 const F3BootstrapEpoch abi.ChainEpoch = 1000

build/params_mainnet.go

@@ -169,5 +169,5 @@ const Eip155ChainId = 314
 // WhitelistedBlock skips checks on message validity in this block to sidestep the zero-bls signature
 var WhitelistedBlock = MustParseCid("bafy2bzaceapyg2uyzk7vueh3xccxkuwbz3nxewjyguoxvhx77malc2lzn2ybi")
 
-const F3Enabled = false
+const f3Enabled = false
 const F3BootstrapEpoch abi.ChainEpoch = -1

build/params_shared_funcs.go

@@ -1,6 +1,8 @@
 package build
 
 import (
+	"os"
+
 	"github.com/ipfs/go-cid"
 	"github.com/libp2p/go-libp2p/core/protocol"
 
@@ -49,3 +51,8 @@ func MustParseCid(c string) cid.Cid {
 
 	return ret
 }
+
+func IsF3Enabled() bool {
+	const F3DisableEnvKey = "LOTUS_DISABLE_F3"
+	return f3Enabled && len(os.Getenv(F3DisableEnvKey)) == 0
+}

build/version.go

@@ -39,7 +39,7 @@ func BuildTypeString() string {
 }
 
 // NodeBuildVersion is the local build version of the Lotus daemon
-const NodeBuildVersion string = "1.28.0-rc1"
+const NodeBuildVersion string = "1.28.0-rc2"
 
 func NodeUserVersion() BuildVersion {
 	if os.Getenv("LOTUS_VERSION_IGNORE_COMMIT") == "1" {
@@ -50,7 +50,7 @@ func NodeUserVersion() BuildVersion {
 }
 
 // MinerBuildVersion is the local build version of the Lotus miner
-const MinerBuildVersion = "1.28.0-rc1"
+const MinerBuildVersion = "1.28.0-rc2"
 
 func MinerUserVersion() BuildVersion {
 	if os.Getenv("LOTUS_VERSION_IGNORE_COMMIT") == "1" {

documentation/en/cli-lotus-miner.md

@@ -7,7 +7,7 @@ USAGE:
    lotus-miner [global options] command [command options] [arguments...]
 
 VERSION:
-   1.28.0-rc1
+   1.28.0-rc2
 
 COMMANDS:
    init          Initialize a lotus miner repo

documentation/en/cli-lotus-worker.md

@@ -7,7 +7,7 @@ USAGE:
    lotus-worker [global options] command [command options] [arguments...]
 
 VERSION:
-   1.28.0-rc1
+   1.28.0-rc2
 
 COMMANDS:
    run        Start lotus worker

documentation/en/cli-lotus.md

@@ -7,7 +7,7 @@ USAGE:
    lotus [global options] command [command options] [arguments...]
 
 VERSION:
-   1.28.0-rc1
+   1.28.0-rc2
 
 COMMANDS:
    daemon   Start a lotus daemon process

itests/mempool_test.go

@@ -8,6 +8,7 @@ import (
 
 	"github.com/stretchr/testify/require"
 
+	"github.com/filecoin-project/go-address"
 	"github.com/filecoin-project/go-state-types/big"
 
 	"github.com/filecoin-project/lotus/api"
@@ -18,6 +19,33 @@ import (
 const mPoolThrottle = time.Millisecond * 100
 const mPoolTimeout = time.Second * 10
 
+func TestMemPoolPushOutgoingInvalidDelegated(t *testing.T) {
+	//stm: @CHAIN_MEMPOOL_PENDING_001, @CHAIN_STATE_WAIT_MSG_001, @CHAIN_MEMPOOL_CAP_GAS_FEE_001
+	//stm: @CHAIN_MEMPOOL_PUSH_002
+	ctx := context.Background()
+	firstNode, _, _, ens := kit.EnsembleTwoOne(t, kit.MockProofs())
+	ens.InterconnectAll()
+	kit.QuietMiningLogs()
+
+	sender := firstNode.DefaultKey.Address
+	badTo, err := address.NewFromString("f410f74aaaaaaaaaaaaaaaaaaaaaaaaac5sh2bf3lgta")
+	require.NoError(t, err)
+
+	bal, err := firstNode.WalletBalance(ctx, sender)
+	require.NoError(t, err)
+	toSend := big.Div(bal, big.NewInt(10))
+
+	msg := &types.Message{
+		From:  sender,
+		Value: toSend,
+		To:    badTo,
+	}
+
+	_, err = firstNode.MpoolPushMessage(ctx, msg, nil)
+	require.Error(t, err)
+	require.Contains(t, err.Error(), "is a delegated address but not a valid Eth Address")
+}
+
 func TestMemPoolPushSingleNode(t *testing.T) {
 	//stm: @CHAIN_MEMPOOL_CREATE_MSG_CHAINS_001, @CHAIN_MEMPOOL_SELECT_001
 	//stm: @CHAIN_MEMPOOL_PENDING_001, @CHAIN_STATE_WAIT_MSG_001, @CHAIN_MEMPOOL_CAP_GAS_FEE_001

node/builder_chain.go

@@ -151,7 +151,7 @@ var ChainNode = Options(
 		Override(HandleIncomingBlocksKey, modules.HandleIncomingBlocks),
 	),
 
-	If(build.F3Enabled, Override(new(*lf3.F3), lf3.New)),
+	If(build.IsF3Enabled(), Override(new(*lf3.F3), lf3.New)),
 )
 
 func ConfigFullNode(c interface{}) Option {

node/builder_miner.go

@@ -141,7 +141,7 @@ func ConfigStorageMiner(c interface{}) Option {
 		Override(new(config.HarmonyDB), cfg.HarmonyDB),
 		Override(new(harmonydb.ITestID), harmonydb.ITestID("")),
 		Override(new(*ctladdr.AddressSelector), modules.AddressSelector(&cfg.Addresses)),
-		If(build.F3Enabled, Override(F3Participation, modules.F3Participation)),
+		If(build.IsF3Enabled(), Override(F3Participation, modules.F3Participation)),
 	)
 }
 

node/impl/full/eth.go

@@ -734,6 +734,7 @@ func (a *EthModule) EthFeeHistory(ctx context.Context, p jsonrpc.RawParams) (eth
 	)
 
 	for blocksIncluded < int(params.BlkCount) && ts.Height() > 0 {
+		basefee = ts.Blocks()[0].ParentBaseFee
 		_, msgs, rcpts, err := executeTipset(ctx, ts, a.Chain, a.StateAPI)
 		if err != nil {
 			return ethtypes.EthFeeHistory{}, xerrors.Errorf("failed to retrieve messages and receipts for height %d: %w", ts.Height(), err)

node/impl/full/mpool.go

@@ -16,6 +16,7 @@ import (
 	"github.com/filecoin-project/lotus/chain/messagepool"
 	"github.com/filecoin-project/lotus/chain/messagesigner"
 	"github.com/filecoin-project/lotus/chain/types"
+	"github.com/filecoin-project/lotus/chain/types/ethtypes"
 	"github.com/filecoin-project/lotus/node/modules/dtypes"
 )
 
@@ -131,14 +132,24 @@ func (a *MpoolAPI) MpoolClear(ctx context.Context, local bool) error {
 }
 
 func (m *MpoolModule) MpoolPush(ctx context.Context, smsg *types.SignedMessage) (cid.Cid, error) {
+	if err := sanityCheckOutgoingMessage(&smsg.Message); err != nil {
+		return cid.Undef, xerrors.Errorf("message %s from %s with nonce %d failed sanity check: %w", smsg.Cid(), smsg.Message.From, smsg.Message.Nonce, err)
+	}
 	return m.Mpool.Push(ctx, smsg, true)
 }
 
 func (a *MpoolAPI) MpoolPushUntrusted(ctx context.Context, smsg *types.SignedMessage) (cid.Cid, error) {
+	if err := sanityCheckOutgoingMessage(&smsg.Message); err != nil {
+		return cid.Undef, xerrors.Errorf("message %s from %s with nonce %d failed sanity check: %w", smsg.Cid(), smsg.Message.From, smsg.Message.Nonce, err)
+	}
 	return a.Mpool.PushUntrusted(ctx, smsg)
 }
 
 func (a *MpoolAPI) MpoolPushMessage(ctx context.Context, msg *types.Message, spec *api.MessageSendSpec) (*types.SignedMessage, error) {
+	if err := sanityCheckOutgoingMessage(msg); err != nil {
+		return nil, xerrors.Errorf("message from %s failed sanity check: %w", msg.From, err)
+	}
+
 	cp := *msg
 	msg = &cp
 	inMsg := *msg
@@ -223,6 +234,11 @@ func (a *MpoolAPI) MpoolPushMessage(ctx context.Context, msg *types.Message, spe
 }
 
 func (a *MpoolAPI) MpoolBatchPush(ctx context.Context, smsgs []*types.SignedMessage) ([]cid.Cid, error) {
+	for _, msg := range smsgs {
+		if err := sanityCheckOutgoingMessage(&msg.Message); err != nil {
+			return nil, xerrors.Errorf("message %s from %s with nonce %d failed sanity check: %w", msg.Cid(), msg.Message.From, msg.Message.Nonce, err)
+		}
+	}
 	var messageCids []cid.Cid
 	for _, smsg := range smsgs {
 		smsgCid, err := a.Mpool.Push(ctx, smsg, true)
@@ -235,6 +251,11 @@ func (a *MpoolAPI) MpoolBatchPush(ctx context.Context, smsgs []*types.SignedMess
 }
 
 func (a *MpoolAPI) MpoolBatchPushUntrusted(ctx context.Context, smsgs []*types.SignedMessage) ([]cid.Cid, error) {
+	for _, msg := range smsgs {
+		if err := sanityCheckOutgoingMessage(&msg.Message); err != nil {
+			return nil, xerrors.Errorf("message %s from %s with nonce %d failed sanity check: %w", msg.Cid(), msg.Message.From, msg.Message.Nonce, err)
+		}
+	}
 	var messageCids []cid.Cid
 	for _, smsg := range smsgs {
 		smsgCid, err := a.Mpool.PushUntrusted(ctx, smsg)
@@ -247,6 +268,11 @@ func (a *MpoolAPI) MpoolBatchPushUntrusted(ctx context.Context, smsgs []*types.S
 }
 
 func (a *MpoolAPI) MpoolBatchPushMessage(ctx context.Context, msgs []*types.Message, spec *api.MessageSendSpec) ([]*types.SignedMessage, error) {
+	for i, msg := range msgs {
+		if err := sanityCheckOutgoingMessage(msg); err != nil {
+			return nil, xerrors.Errorf("message #%d from %s with failed sanity check: %w", i, msg.From, err)
+		}
+	}
 	var smsgs []*types.SignedMessage
 	for _, msg := range msgs {
 		smsg, err := a.MpoolPushMessage(ctx, msg, spec)
@@ -277,3 +303,19 @@ func (a *MpoolAPI) MpoolGetNonce(ctx context.Context, addr address.Address) (uin
 func (a *MpoolAPI) MpoolSub(ctx context.Context) (<-chan api.MpoolUpdate, error) {
 	return a.Mpool.Updates(ctx)
 }
+
+func sanityCheckOutgoingMessage(msg *types.Message) error {
+	// Check that the message's TO address is a _valid_ Eth address if it's a delegated address.
+	//
+	// It's legal (from a consensus perspective) to send funds to any 0xf410f address as long as
+	// the payload is at most 54 bytes, but the vast majority of this address space is
+	// essentially a black-hole. Unfortunately, the conversion from 0x addresses to Filecoin
+	// native addresses has a few pitfalls (especially with respect to masked ID addresses), so
+	// we've added this check to the API to avoid accidentally (and avoidably) sending messages
+	// to these black-hole addresses.
+	if msg.To.Protocol() == address.Delegated && !ethtypes.IsEthAddress(msg.To) {
+		return xerrors.Errorf("message recipient %s is a delegated address but not a valid Eth Address", msg.To)
+	}
+
+	return nil
+}

node/impl/full/mpool_test.go

@@ -0,0 +1,67 @@
+package full
+
+import (
+	"context"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+
+	"github.com/filecoin-project/go-address"
+	"github.com/filecoin-project/go-state-types/crypto"
+
+	"github.com/filecoin-project/lotus/chain/types"
+)
+
+func TestSanityCheckOutgoingMessage(t *testing.T) {
+	// fails for invalid delegated address
+	badTo, err := address.NewFromString("f410f74aaaaaaaaaaaaaaaaaaaaaaaaac5sh2bf3lgta")
+	require.NoError(t, err)
+	msg := &types.Message{
+		To: badTo,
+	}
+
+	err = sanityCheckOutgoingMessage(msg)
+	require.Error(t, err)
+	require.Contains(t, err.Error(), "is a delegated address but not a valid Eth Address")
+
+	// works for valid delegated address
+	goodTo, err := address.NewFromString("f410faxfebiima2gp4lduo2k3vt2iuqapuk3logeftky")
+	require.NoError(t, err)
+	msg = &types.Message{
+		To: goodTo,
+	}
+	err = sanityCheckOutgoingMessage(msg)
+	require.NoError(t, err)
+
+	// works for valid non-delegated address
+	goodTo, err = address.NewFromString("f1z762skeib2v6zlkvhywmjxbv3dxoiv4hmb6gs4y")
+	require.NoError(t, err)
+	msg = &types.Message{
+		To: goodTo,
+	}
+	err = sanityCheckOutgoingMessage(msg)
+	require.NoError(t, err)
+}
+
+func TestMpoolPushInvalidDelegatedAddressFails(t *testing.T) {
+	badTo, err := address.NewFromString("f410f74aaaaaaaaaaaaaaaaaaaaaaaaac5sh2bf3lgta")
+	require.NoError(t, err)
+	module := &MpoolModule{}
+	m := &MpoolAPI{
+		MpoolModuleAPI: module,
+	}
+	smsg := &types.SignedMessage{
+		Message: types.Message{
+			From: badTo,
+			To:   badTo,
+		},
+		Signature: crypto.Signature{
+			Type: crypto.SigTypeSecp256k1,
+			Data: []byte("signature"),
+		},
+	}
+	_, err = m.MpoolPush(context.Background(), smsg)
+	require.Error(t, err)
+
+	require.Contains(t, err.Error(), "is a delegated address but not a valid Eth Address")
+}

node/modules/lp2p/pubsub.go

@@ -381,7 +381,7 @@ func GossipSub(in GossipIn) (service *pubsub.PubSub, err error) {
 		build.IndexerIngestTopic(in.Nn),
 	}
 
-	if build.F3Enabled {
+	if build.IsF3Enabled() {
 		allowTopics = append(allowTopics, gpbft.NetworkName(in.Nn).PubSubTopic())
 	}