6f7498b622
* [WIP] feat: Add nv22 skeleton Addition of Network Version 22 skeleton * update FFI * feat: drand: refactor round verification * feat: sealing: Support nv22 DDO features in the sealing pipeline (#11226) * Initial work supporting DDO pieces in lotus-miner * sealing: Update pipeline input to operate on UniversalPiece * sealing: Update pipeline checks/sealing states to operate on UniversalPiece * sealing: Make pipeline build with UniversalPiece * move PieceDealInfo out of api * make gen * make sealing pipeline unit tests pass * fix itest ensemble build * don't panic in SectorsStatus with deals * stop linter from complaining about checkPieces * fix sector import tests * mod tidy * sealing: Add logic for (pre)committing DDO sectors * sealing: state-types with method defs * DDO non-snap pipeline works(?), DDO Itests * DDO support in snapdeals pipeline * make gen * update actor bundles * update the gst market fix * fix: chain: use PreCommitSectorsBatch2 when setting up genesis * some bug fixes * integration working changes * update actor bundles * Make TestOnboardRawPieceSnap pass * Appease the linter * Make deadlines test pass with v12 actors * Update go-state-types, abstract market DealState * make gen * mod tidy, lint fixes * Fix some more tests * Bump version in master Bump version in master * Make gen Make gen * fix sender * fix: lotus-provider: Fix winning PoSt * fix: sql Scan cannot write to an object * Actually show miner-addrs in info-log Actually show miner-addrs in lotus-provider info-log * [WIP] feat: Add nv22 skeleton Addition of Network Version 22 skeleton * update FFI * ddo is now nv22 * make gen * temp actor bundle with ddo * use working go-state-types * gst with v13 market migration * update bundle, builtin.MethodsMiner.ProveCommitSectors2 -> 3 * actually working v13 migration, v13 migration itest * Address review * sealing: Correct DDO snap pledge math * itests: Mixed ddo itest * pipeline: Fix sectorWeight * sealing: convert market deals into PAMs in mixed sectors * sealing: make market to ddo conversion work * fix lint * update gst * Update actors and GST to lastest integ branch * commit batcher: Update ProveCommitSectors3Params builder logic * make gen * use builtin-actors master * ddo: address review * itests: Add commd assertions to ddo tests * make gen * gst with fixed types * config knobs for RequireActivationSuccess * storage: Drop obsolete flaky tasts --------- Co-authored-by: Jennifer Wang <jiayingw703@gmail.com> Co-authored-by: Aayush <arajasek94@gmail.com> Co-authored-by: Shrenuj Bansal <shrenuj.bansal@protocol.ai> Co-authored-by: Phi <orjan.roren@gmail.com> Co-authored-by: Andrew Jackson (Ajax) <snadrus@gmail.com> Co-authored-by: TippyFlits <james.bluett@protocol.ai> * feat: implement FIP-0063 * chore: deps: update to go-multiaddr v0.12.2 (#11602) * feat: fvm: update the FVM/FFI to v4.1 (#11608) (#11612) This: 1. Adds nv22 support. 2. Updates the message tracing format. Co-authored-by: Steven Allen <steven@stebalien.com> * AggregateProofType nil when doing batch updates Use latest nv22 go-state-types version with matching update * Update to v13.0.0-rc.2 bundle * chore: Upgrade heights and codename Update upgrade heights Co-Authored-By: Steven Allen <steven@stebalien.com> * Update epoch after nv22 DRAND switch Update epoch after nv22 DRAND switch * Update Mango codename to Phoneix Make the codename for the Drand-change inline with Dragon style. * Add UpgradePhoenixHeight to API params * set UpgradePhoenixHeight to be one hour after Dragon * Make gen Make gen and UpgradePhoenixHeight in butterfly and local devnet to be in line with Calibration and Mainnet * Update epoch heights (#11637) Update epoch heights * new: add forest bootstrap nodes (#11636) Signed-off-by: samuelarogbonlo <sbayo971@gmail.com> * Merge pull request #11491 from filecoin-project/fix/remove-decommissioned-pl-bootstrap-nodes Remove PL operated bootstrap nodes from mainnet.pi * feat: api: new verified registry methods to get all allocations and claims (#11631) * new verireg methods * update changelog and add itest * update itest and cli * update new method's support till v9 * remove gateway APIs * fix cli internal var names * chore:: backport #11609 to the feat/nv22 branch (#11644) * feat: api: improve the correctness of Eth's trace_block (#11609) * Improve the correctness of Eth's trace_block - Improve encoding/decoding of parameters and return values: - Encode "native" parameters and return values with Solidity ABI. - Correctly decode parameters to "create" calls. - Use the correct (ish) output for "create" calls. - Handle all forms of "create". - Make robust with respect to reverts: - Use the actor ID/address from the trace instead of looking it up in the state-tree (may not exist in the state-tree due to a revert). - Gracefully handle failed actor/contract creation. - Improve performance: - We avoid looking anything up in the state-tree when translating the trace, which should significantly improve performance. - Improve code readability: - Remove all "backtracking" logic. - Use an "environment" struct to store temporary state instead of attaching it to the trace. - Fix random bugs: - Fix an allocation bug in the "address" logic (need to set the capacity before modifying the slice). - Improved error checking/handling. - Use correct types for `trace_block` action/results (create, call, etc.). - And use the correct types for Result/Action structs instead of reusing the same "Call" action every time. - Improve error messages. * Make gen Make gen --------- Co-authored-by: Steven Allen <steven@stebalien.com> * fix: add UpgradePhoenixHeight to StateGetNetworkParams (#11648) * chore: deps: update to go-state-types v13.0.0-rc.1 * do NOT update the cache when running the real migration * Merge pull request #11632 from hanabi1224/hm/drand-test feat: drand quicknet: allow scheduling drand quicknet upgrade before nv22 on 2k devnet * chore: deps: update to go-state-types v13.0.0-rc.2 chore: deps: update to go-state-types v13.0.0-rc.2 * feat: set migration config UpgradeEpoch for v13 actors upgrade * Built-in actor events first draft * itest for DDO non-market verified data w/ builtin actor events * Tests for builtin actor events API * Clean up DDO+Events tests, add lots of explainer comments * Minor tweaks to events types * Avoid duplicate messages when looking for receipts * Rename internal events modules for clarity * Adjust actor event API after review * s/ActorEvents/Events/g in global config * Manage event sending rate for SubscribeActorEvents * Terminate SubscribeActorEvents chan when at max height * Document future API changes * More clarity in actor event API docs * More post-review changes, lots of tests for SubscribeActorEvents Use BlockDelay as the window for receiving events on the SubscribeActorEvents channel. We expect the user to have received the initial batch of historical events (if any) in one block's time. For real-time events we expect them to not fall behind by roughly one block's time. * Remove duplicate code from actor event type marshalling tests Reduce verbosity and remove duplicate test logic from actor event types JSON marshalling tests. * Rename actor events test to follow go convention Add missing `s` to `actor_events` test file to follow golang convention used across the repo. * Run actor events table tests in deterministic order Refactor `map` usage for actor event table tests to ensure deterministic test execution order, making debugging potential issues easier. If non-determinism is a target, leverage Go's built-in parallel testing capabilities. * Reduce scope for filter removal failure when getting actor events Use a fresh context to remove the temporary filter installed solely to get the actor events. This should reduce chances of failure in a case where the original context may be expired/cancelled. Refactor removal into a `defer` statement for a more readable, concise return statement. * Use fixed RNG seed for actor event tests Improve determinism in actor event tests by using a fixed RNG seed. This makes up a more reproducible test suit. * Use provided libraries to assert eventual conditions Use the functionalities already provided by `testify` to assert eventual conditions, and remove the use of `time.Sleep`. Remove duplicate code in utility functions that are already defined. Refactor assertion helper functions to use consistent terminology: "require" implies fatal error, whereas "assert" implies error where the test may proceed executing. * Update changelog for actor events APIs * Fix concerns and docs identified by review * Update actor bundle to v13.0.0-rc3 Update actor bundle to v13.0.0-rc3 * Prep Lotus v1.26.0-rc1 - For sanity reverting the mainnet upgrade epoch to 99999999, and then only set it when cutting the final release -Update Calibnet CIDs to v13.0.0-rc3 - Add GetActorEvents, SubscribeActorEvents, GetAllClaims and GetAllAllocations methods to the changelog Co-Authored-By: Jiaying Wang <42981373+jennijuju@users.noreply.github.com> * Update CHANGELOG.md Co-authored-by: Masih H. Derkani <m@derkani.org> * Make gen Make gen * fix: beacon: validate drand change at nv16 correctly * bump to v1.26.0-rc2 * test: cleanup ddo verified itest, extract steps to functions also add allocation-removed event case * test: extract verified DDO test to separate file, add more checks * test: add additional actor events checks * Add verification for "deal-activated" actor event * docs(drand): document the meaning of "IsChained" (#11692) * Resolve conflicts I encountered multiple issues when trying to run make gen. And these changes fixed a couple of them: - go mod tidy - Remove RaftState/RaftLeader - Revert `if ts.Height() > claim.TermMax+claim.TermStart || !cctx.IsSet("expired")` to the what is in the release/v1.26.0: `if tsHeight > val.TermMax || !expired` * fixup imports, make jen * Update version Update version in master to v1.27.0-dev * Update node/impl/full/dummy.go Co-authored-by: Łukasz Magiera <magik6k@users.noreply.github.com> * Adjust ListClaimsCmd Adjust ListClaimsCmd according to review --------- Signed-off-by: samuelarogbonlo <sbayo971@gmail.com> Co-authored-by: TippyFlits <james.bluett@protocol.ai> Co-authored-by: Aayush <arajasek94@gmail.com> Co-authored-by: Łukasz Magiera <magik6k@users.noreply.github.com> Co-authored-by: Jennifer Wang <jiayingw703@gmail.com> Co-authored-by: Shrenuj Bansal <shrenuj.bansal@protocol.ai> Co-authored-by: Andrew Jackson (Ajax) <snadrus@gmail.com> Co-authored-by: Steven Allen <steven@stebalien.com> Co-authored-by: Rod Vagg <rod@vagg.org> Co-authored-by: Samuel Arogbonlo <47984109+samuelarogbonlo@users.noreply.github.com> Co-authored-by: LexLuthr <88259624+LexLuthr@users.noreply.github.com> Co-authored-by: tom123222 <160735201+tom123222@users.noreply.github.com> Co-authored-by: Aarsh Shah <aarshkshah1992@gmail.com> Co-authored-by: Masih H. Derkani <m@derkani.org> Co-authored-by: Jiaying Wang <42981373+jennijuju@users.noreply.github.com>
550 lines
17 KiB
Go
550 lines
17 KiB
Go
package filcns
|
|
|
|
import (
|
|
"bytes"
|
|
"context"
|
|
"errors"
|
|
"os"
|
|
"time"
|
|
|
|
"github.com/ipfs/go-cid"
|
|
logging "github.com/ipfs/go-log/v2"
|
|
"go.opencensus.io/trace"
|
|
"golang.org/x/xerrors"
|
|
|
|
"github.com/filecoin-project/go-address"
|
|
"github.com/filecoin-project/go-state-types/abi"
|
|
"github.com/filecoin-project/go-state-types/crypto"
|
|
"github.com/filecoin-project/go-state-types/network"
|
|
"github.com/filecoin-project/specs-actors/v7/actors/runtime/proof"
|
|
|
|
"github.com/filecoin-project/lotus/api"
|
|
"github.com/filecoin-project/lotus/build"
|
|
"github.com/filecoin-project/lotus/chain"
|
|
"github.com/filecoin-project/lotus/chain/actors"
|
|
"github.com/filecoin-project/lotus/chain/actors/builtin"
|
|
"github.com/filecoin-project/lotus/chain/actors/builtin/power"
|
|
"github.com/filecoin-project/lotus/chain/actors/builtin/reward"
|
|
"github.com/filecoin-project/lotus/chain/beacon"
|
|
"github.com/filecoin-project/lotus/chain/consensus"
|
|
"github.com/filecoin-project/lotus/chain/rand"
|
|
"github.com/filecoin-project/lotus/chain/stmgr"
|
|
"github.com/filecoin-project/lotus/chain/store"
|
|
"github.com/filecoin-project/lotus/chain/types"
|
|
"github.com/filecoin-project/lotus/chain/vm"
|
|
"github.com/filecoin-project/lotus/lib/async"
|
|
"github.com/filecoin-project/lotus/lib/sigs"
|
|
"github.com/filecoin-project/lotus/storage/sealer/ffiwrapper"
|
|
"github.com/filecoin-project/lotus/storage/sealer/storiface"
|
|
)
|
|
|
|
var log = logging.Logger("fil-consensus")
|
|
|
|
type FilecoinEC struct {
|
|
// The interface for accessing and putting tipsets into local storage
|
|
store *store.ChainStore
|
|
|
|
// handle to the random beacon for verification
|
|
beacon beacon.Schedule
|
|
|
|
// the state manager handles making state queries
|
|
sm *stmgr.StateManager
|
|
|
|
verifier storiface.Verifier
|
|
|
|
genesis *types.TipSet
|
|
}
|
|
|
|
// Blocks that are more than MaxHeightDrift epochs above
|
|
// the theoretical max height based on systime are quickly rejected
|
|
const MaxHeightDrift = 5
|
|
|
|
var RewardFunc = func(ctx context.Context, vmi vm.Interface, em stmgr.ExecMonitor,
|
|
epoch abi.ChainEpoch, ts *types.TipSet, params *reward.AwardBlockRewardParams) error {
|
|
ser, err := actors.SerializeParams(params)
|
|
if err != nil {
|
|
return xerrors.Errorf("failed to serialize award params: %w", err)
|
|
}
|
|
rwMsg := &types.Message{
|
|
From: builtin.SystemActorAddr,
|
|
To: reward.Address,
|
|
Nonce: uint64(epoch),
|
|
Value: types.NewInt(0),
|
|
GasFeeCap: types.NewInt(0),
|
|
GasPremium: types.NewInt(0),
|
|
GasLimit: 1 << 30,
|
|
Method: reward.Methods.AwardBlockReward,
|
|
Params: ser,
|
|
}
|
|
ret, actErr := vmi.ApplyImplicitMessage(ctx, rwMsg)
|
|
if actErr != nil {
|
|
return xerrors.Errorf("failed to apply reward message: %w", actErr)
|
|
}
|
|
|
|
if !ret.ExitCode.IsSuccess() {
|
|
return xerrors.Errorf("reward actor failed with exit code %d: %w", ret.ExitCode, ret.ActorErr)
|
|
}
|
|
|
|
if em != nil {
|
|
if err := em.MessageApplied(ctx, ts, rwMsg.Cid(), rwMsg, ret, true); err != nil {
|
|
return xerrors.Errorf("callback failed on reward message: %w", err)
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func NewFilecoinExpectedConsensus(sm *stmgr.StateManager, beacon beacon.Schedule, verifier storiface.Verifier, genesis chain.Genesis) consensus.Consensus {
|
|
if build.InsecurePoStValidation {
|
|
log.Warn("*********************************************************************************************")
|
|
log.Warn(" [INSECURE-POST-VALIDATION] Insecure test validation is enabled. If you see this outside of a test, it is a severe bug! ")
|
|
log.Warn("*********************************************************************************************")
|
|
}
|
|
|
|
return &FilecoinEC{
|
|
store: sm.ChainStore(),
|
|
beacon: beacon,
|
|
sm: sm,
|
|
verifier: verifier,
|
|
genesis: genesis,
|
|
}
|
|
}
|
|
|
|
func (filec *FilecoinEC) ValidateBlock(ctx context.Context, b *types.FullBlock) (err error) {
|
|
if err := blockSanityChecks(b.Header); err != nil {
|
|
return xerrors.Errorf("incoming header failed basic sanity checks: %w", err)
|
|
}
|
|
|
|
h := b.Header
|
|
|
|
baseTs, err := filec.store.LoadTipSet(ctx, types.NewTipSetKey(h.Parents...))
|
|
if err != nil {
|
|
return xerrors.Errorf("load parent tipset failed (%s): %w", h.Parents, err)
|
|
}
|
|
|
|
winPoStNv := filec.sm.GetNetworkVersion(ctx, baseTs.Height())
|
|
|
|
lbts, lbst, err := stmgr.GetLookbackTipSetForRound(ctx, filec.sm, baseTs, h.Height)
|
|
if err != nil {
|
|
return xerrors.Errorf("failed to get lookback tipset for block: %w", err)
|
|
}
|
|
|
|
// TODO: Optimization: See https://github.com/filecoin-project/lotus/issues/11597
|
|
prevBeacon, err := filec.store.GetLatestBeaconEntry(ctx, baseTs)
|
|
if err != nil {
|
|
return xerrors.Errorf("failed to get latest beacon entry: %w", err)
|
|
}
|
|
|
|
// fast checks first
|
|
if h.Height <= baseTs.Height() {
|
|
return xerrors.Errorf("block height not greater than parent height: %d != %d", h.Height, baseTs.Height())
|
|
}
|
|
|
|
nulls := h.Height - (baseTs.Height() + 1)
|
|
if tgtTs := baseTs.MinTimestamp() + build.BlockDelaySecs*uint64(nulls+1); h.Timestamp != tgtTs {
|
|
return xerrors.Errorf("block has wrong timestamp: %d != %d", h.Timestamp, tgtTs)
|
|
}
|
|
|
|
now := uint64(build.Clock.Now().Unix())
|
|
if h.Timestamp > now+build.AllowableClockDriftSecs {
|
|
return xerrors.Errorf("block was from the future (now=%d, blk=%d): %w", now, h.Timestamp, consensus.ErrTemporal)
|
|
}
|
|
if h.Timestamp > now {
|
|
log.Warnf("Got block from the future, but within threshold (%d > %d)", h.Timestamp, now)
|
|
}
|
|
|
|
minerCheck := async.Err(func() error {
|
|
if err := filec.minerIsValid(ctx, h.Miner, baseTs); err != nil {
|
|
return xerrors.Errorf("minerIsValid failed: %w", err)
|
|
}
|
|
return nil
|
|
})
|
|
|
|
pweight, err := filec.store.Weight(ctx, baseTs)
|
|
if err != nil {
|
|
return xerrors.Errorf("getting parent weight: %w", err)
|
|
}
|
|
|
|
if types.BigCmp(pweight, b.Header.ParentWeight) != 0 {
|
|
return xerrors.Errorf("parent weight different: %s (header) != %s (computed)",
|
|
b.Header.ParentWeight, pweight)
|
|
}
|
|
|
|
// Stuff that needs worker address
|
|
waddr, err := stmgr.GetMinerWorkerRaw(ctx, filec.sm, lbst, h.Miner)
|
|
if err != nil {
|
|
return xerrors.Errorf("GetMinerWorkerRaw failed: %w", err)
|
|
}
|
|
|
|
winnerCheck := async.Err(func() error {
|
|
if h.ElectionProof.WinCount < 1 {
|
|
return xerrors.Errorf("block is not claiming to be a winner")
|
|
}
|
|
|
|
eligible, err := stmgr.MinerEligibleToMine(ctx, filec.sm, h.Miner, baseTs, lbts)
|
|
if err != nil {
|
|
return xerrors.Errorf("determining if miner has min power failed: %w", err)
|
|
}
|
|
|
|
if !eligible {
|
|
return xerrors.New("block's miner is ineligible to mine")
|
|
}
|
|
|
|
rBeacon := *prevBeacon
|
|
if len(h.BeaconEntries) != 0 {
|
|
rBeacon = h.BeaconEntries[len(h.BeaconEntries)-1]
|
|
}
|
|
buf := new(bytes.Buffer)
|
|
if err := h.Miner.MarshalCBOR(buf); err != nil {
|
|
return xerrors.Errorf("failed to marshal miner address to cbor: %w", err)
|
|
}
|
|
|
|
vrfBase, err := rand.DrawRandomnessFromBase(rBeacon.Data, crypto.DomainSeparationTag_ElectionProofProduction, h.Height, buf.Bytes())
|
|
if err != nil {
|
|
return xerrors.Errorf("could not draw randomness: %w", err)
|
|
}
|
|
|
|
if err := VerifyElectionPoStVRF(ctx, waddr, vrfBase, h.ElectionProof.VRFProof); err != nil {
|
|
return xerrors.Errorf("validating block election proof failed: %w", err)
|
|
}
|
|
|
|
slashed, err := stmgr.GetMinerSlashed(ctx, filec.sm, baseTs, h.Miner)
|
|
if err != nil {
|
|
return xerrors.Errorf("failed to check if block miner was slashed: %w", err)
|
|
}
|
|
|
|
if slashed {
|
|
return xerrors.Errorf("received block was from slashed or invalid miner")
|
|
}
|
|
|
|
mpow, tpow, _, err := stmgr.GetPowerRaw(ctx, filec.sm, lbst, h.Miner)
|
|
if err != nil {
|
|
return xerrors.Errorf("failed getting power: %w", err)
|
|
}
|
|
|
|
j := h.ElectionProof.ComputeWinCount(mpow.QualityAdjPower, tpow.QualityAdjPower)
|
|
if h.ElectionProof.WinCount != j {
|
|
return xerrors.Errorf("miner claims wrong number of wins: miner: %d, computed: %d", h.ElectionProof.WinCount, j)
|
|
}
|
|
|
|
return nil
|
|
})
|
|
|
|
blockSigCheck := async.Err(func() error {
|
|
if err := verifyBlockSignature(ctx, h, waddr); err != nil {
|
|
return xerrors.Errorf("check block signature failed: %w", err)
|
|
}
|
|
return nil
|
|
|
|
})
|
|
|
|
beaconValuesCheck := async.Err(func() error {
|
|
if os.Getenv("LOTUS_IGNORE_DRAND") == "_yes_" {
|
|
return nil
|
|
}
|
|
|
|
nv := filec.sm.GetNetworkVersion(ctx, h.Height)
|
|
if err := beacon.ValidateBlockValues(filec.beacon, nv, h, baseTs.Height(), *prevBeacon); err != nil {
|
|
return xerrors.Errorf("failed to validate blocks random beacon values: %w", err)
|
|
}
|
|
return nil
|
|
})
|
|
|
|
tktsCheck := async.Err(func() error {
|
|
buf := new(bytes.Buffer)
|
|
if err := h.Miner.MarshalCBOR(buf); err != nil {
|
|
return xerrors.Errorf("failed to marshal miner address to cbor: %w", err)
|
|
}
|
|
|
|
if h.Height > build.UpgradeSmokeHeight {
|
|
buf.Write(baseTs.MinTicket().VRFProof)
|
|
}
|
|
|
|
beaconBase := *prevBeacon
|
|
if len(h.BeaconEntries) != 0 {
|
|
beaconBase = h.BeaconEntries[len(h.BeaconEntries)-1]
|
|
}
|
|
|
|
vrfBase, err := rand.DrawRandomnessFromBase(beaconBase.Data, crypto.DomainSeparationTag_TicketProduction, h.Height-build.TicketRandomnessLookback, buf.Bytes())
|
|
if err != nil {
|
|
return xerrors.Errorf("failed to compute vrf base for ticket: %w", err)
|
|
}
|
|
|
|
err = VerifyElectionPoStVRF(ctx, waddr, vrfBase, h.Ticket.VRFProof)
|
|
if err != nil {
|
|
return xerrors.Errorf("validating block tickets failed: %w", err)
|
|
}
|
|
return nil
|
|
})
|
|
|
|
wproofCheck := async.Err(func() error {
|
|
if err := filec.VerifyWinningPoStProof(ctx, winPoStNv, h, *prevBeacon, lbst, waddr); err != nil {
|
|
return xerrors.Errorf("invalid election post: %w", err)
|
|
}
|
|
return nil
|
|
})
|
|
|
|
commonChecks := consensus.CommonBlkChecks(ctx, filec.sm, filec.store, b, baseTs)
|
|
await := append([]async.ErrorFuture{
|
|
minerCheck,
|
|
tktsCheck,
|
|
blockSigCheck,
|
|
beaconValuesCheck,
|
|
wproofCheck,
|
|
winnerCheck,
|
|
}, commonChecks...)
|
|
|
|
return consensus.RunAsyncChecks(ctx, await)
|
|
}
|
|
|
|
func blockSanityChecks(h *types.BlockHeader) error {
|
|
if h.ElectionProof == nil {
|
|
return xerrors.Errorf("block cannot have nil election proof")
|
|
}
|
|
|
|
if h.Ticket == nil {
|
|
return xerrors.Errorf("block cannot have nil ticket")
|
|
}
|
|
|
|
if h.BlockSig == nil {
|
|
return xerrors.Errorf("block had nil signature")
|
|
}
|
|
|
|
if h.BLSAggregate == nil {
|
|
return xerrors.Errorf("block had nil bls aggregate signature")
|
|
}
|
|
|
|
if h.Miner.Protocol() != address.ID {
|
|
return xerrors.Errorf("block had non-ID miner address")
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (filec *FilecoinEC) VerifyWinningPoStProof(ctx context.Context, nv network.Version, h *types.BlockHeader, prevBeacon types.BeaconEntry, lbst cid.Cid, waddr address.Address) error {
|
|
if build.InsecurePoStValidation {
|
|
if len(h.WinPoStProof) == 0 {
|
|
return xerrors.Errorf("[INSECURE-POST-VALIDATION] No winning post proof given")
|
|
}
|
|
|
|
if string(h.WinPoStProof[0].ProofBytes) == "valid proof" {
|
|
return nil
|
|
}
|
|
return xerrors.Errorf("[INSECURE-POST-VALIDATION] winning post was invalid")
|
|
}
|
|
|
|
buf := new(bytes.Buffer)
|
|
if err := h.Miner.MarshalCBOR(buf); err != nil {
|
|
return xerrors.Errorf("failed to marshal miner address: %w", err)
|
|
}
|
|
|
|
rbase := prevBeacon
|
|
if len(h.BeaconEntries) > 0 {
|
|
rbase = h.BeaconEntries[len(h.BeaconEntries)-1]
|
|
}
|
|
|
|
rand, err := rand.DrawRandomnessFromBase(rbase.Data, crypto.DomainSeparationTag_WinningPoStChallengeSeed, h.Height, buf.Bytes())
|
|
if err != nil {
|
|
return xerrors.Errorf("failed to get randomness for verifying winning post proof: %w", err)
|
|
}
|
|
|
|
mid, err := address.IDFromAddress(h.Miner)
|
|
if err != nil {
|
|
return xerrors.Errorf("failed to get ID from miner address %s: %w", h.Miner, err)
|
|
}
|
|
|
|
xsectors, err := stmgr.GetSectorsForWinningPoSt(ctx, nv, filec.verifier, filec.sm, lbst, h.Miner, rand)
|
|
if err != nil {
|
|
return xerrors.Errorf("getting winning post sector set: %w", err)
|
|
}
|
|
|
|
sectors := make([]proof.SectorInfo, len(xsectors))
|
|
for i, xsi := range xsectors {
|
|
sectors[i] = proof.SectorInfo{
|
|
SealProof: xsi.SealProof,
|
|
SectorNumber: xsi.SectorNumber,
|
|
SealedCID: xsi.SealedCID,
|
|
}
|
|
}
|
|
|
|
ok, err := ffiwrapper.ProofVerifier.VerifyWinningPoSt(ctx, proof.WinningPoStVerifyInfo{
|
|
Randomness: rand,
|
|
Proofs: h.WinPoStProof,
|
|
ChallengedSectors: sectors,
|
|
Prover: abi.ActorID(mid),
|
|
})
|
|
if err != nil {
|
|
return xerrors.Errorf("failed to verify election post: %w", err)
|
|
}
|
|
|
|
if !ok {
|
|
log.Errorf("invalid winning post (block: %s, %x; %v)", h.Cid(), rand, sectors)
|
|
return xerrors.Errorf("winning post was invalid")
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (filec *FilecoinEC) IsEpochInConsensusRange(epoch abi.ChainEpoch) bool {
|
|
if filec.genesis == nil {
|
|
return true
|
|
}
|
|
|
|
// Don't try to sync anything before finality. Don't propagate such blocks either.
|
|
//
|
|
// We use _our_ current head, not the expected head, because the network's head can lag on
|
|
// catch-up (after a network outage).
|
|
if epoch < filec.store.GetHeaviestTipSet().Height()-build.Finality {
|
|
return false
|
|
}
|
|
|
|
now := uint64(build.Clock.Now().Unix())
|
|
return epoch <= (abi.ChainEpoch((now-filec.genesis.MinTimestamp())/build.BlockDelaySecs) + MaxHeightDrift)
|
|
}
|
|
|
|
func (filec *FilecoinEC) minerIsValid(ctx context.Context, maddr address.Address, baseTs *types.TipSet) error {
|
|
act, err := filec.sm.LoadActor(ctx, power.Address, baseTs)
|
|
if err != nil {
|
|
return xerrors.Errorf("failed to load power actor: %w", err)
|
|
}
|
|
|
|
powState, err := power.Load(filec.store.ActorStore(ctx), act)
|
|
if err != nil {
|
|
return xerrors.Errorf("failed to load power actor state: %w", err)
|
|
}
|
|
|
|
_, exist, err := powState.MinerPower(maddr)
|
|
if err != nil {
|
|
return xerrors.Errorf("failed to look up miner's claim: %w", err)
|
|
}
|
|
|
|
if !exist {
|
|
return xerrors.New("miner isn't valid")
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func VerifyElectionPoStVRF(ctx context.Context, worker address.Address, rand []byte, evrf []byte) error {
|
|
return VerifyVRF(ctx, worker, rand, evrf)
|
|
}
|
|
|
|
func VerifyVRF(ctx context.Context, worker address.Address, vrfBase, vrfproof []byte) error {
|
|
_, span := trace.StartSpan(ctx, "VerifyVRF")
|
|
defer span.End()
|
|
|
|
sig := &crypto.Signature{
|
|
Type: crypto.SigTypeBLS,
|
|
Data: vrfproof,
|
|
}
|
|
|
|
if err := sigs.Verify(sig, worker, vrfBase); err != nil {
|
|
return xerrors.Errorf("vrf was invalid: %w", err)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
var ErrSoftFailure = errors.New("soft validation failure")
|
|
var ErrInsufficientPower = errors.New("incoming block's miner does not have minimum power")
|
|
|
|
func (filec *FilecoinEC) ValidateBlockHeader(ctx context.Context, b *types.BlockHeader) (rejectReason string, err error) {
|
|
|
|
// we want to ensure that it is a block from a known miner; we reject blocks from unknown miners
|
|
// to prevent spam attacks.
|
|
// the logic works as follows: we lookup the miner in the chain for its key.
|
|
// if we can find it then it's a known miner and we can validate the signature.
|
|
// if we can't find it, we check whether we are (near) synced in the chain.
|
|
// if we are not synced we cannot validate the block and we must ignore it.
|
|
// if we are synced and the miner is unknown, then the block is rejcected.
|
|
key, err := filec.checkPowerAndGetWorkerKey(ctx, b)
|
|
if err != nil {
|
|
if err != ErrSoftFailure && filec.isChainNearSynced() {
|
|
log.Warnf("received block from unknown miner or miner that doesn't meet min power over pubsub; rejecting message")
|
|
return "unknown_miner", err
|
|
}
|
|
|
|
log.Warnf("cannot validate block message; unknown miner or miner that doesn't meet min power in unsynced chain: %s", b.Cid())
|
|
return "", err // ignore
|
|
}
|
|
|
|
if b.ElectionProof.WinCount < 1 {
|
|
log.Errorf("block is not claiming to be winning")
|
|
return "not_winning", xerrors.Errorf("block not winning")
|
|
}
|
|
|
|
err = sigs.CheckBlockSignature(ctx, b, key)
|
|
if err != nil {
|
|
log.Errorf("block signature verification failed: %s", err)
|
|
return "signature_verification_failed", err
|
|
}
|
|
|
|
return "", nil
|
|
}
|
|
|
|
func (filec *FilecoinEC) checkPowerAndGetWorkerKey(ctx context.Context, bh *types.BlockHeader) (address.Address, error) {
|
|
// we check that the miner met the minimum power at the lookback tipset
|
|
|
|
baseTs := filec.store.GetHeaviestTipSet()
|
|
lbts, lbst, err := stmgr.GetLookbackTipSetForRound(ctx, filec.sm, baseTs, bh.Height)
|
|
if err != nil {
|
|
log.Warnf("failed to load lookback tipset for incoming block: %s", err)
|
|
return address.Undef, ErrSoftFailure
|
|
}
|
|
|
|
key, err := stmgr.GetMinerWorkerRaw(ctx, filec.sm, lbst, bh.Miner)
|
|
if err != nil {
|
|
log.Warnf("failed to resolve worker key for miner %s and block height %d: %s", bh.Miner, bh.Height, err)
|
|
return address.Undef, ErrSoftFailure
|
|
}
|
|
|
|
// NOTE: we check to see if the miner was eligible in the lookback
|
|
// tipset - 1 for historical reasons. DO NOT use the lookback state
|
|
// returned by GetLookbackTipSetForRound.
|
|
|
|
eligible, err := stmgr.MinerEligibleToMine(ctx, filec.sm, bh.Miner, baseTs, lbts)
|
|
if err != nil {
|
|
log.Warnf("failed to determine if incoming block's miner has minimum power: %s", err)
|
|
return address.Undef, ErrSoftFailure
|
|
}
|
|
|
|
if !eligible {
|
|
log.Warnf("incoming block's miner is ineligible")
|
|
return address.Undef, ErrInsufficientPower
|
|
}
|
|
|
|
return key, nil
|
|
}
|
|
|
|
func (filec *FilecoinEC) isChainNearSynced() bool {
|
|
ts := filec.store.GetHeaviestTipSet()
|
|
timestamp := ts.MinTimestamp()
|
|
timestampTime := time.Unix(int64(timestamp), 0)
|
|
return build.Clock.Since(timestampTime) < 6*time.Hour
|
|
}
|
|
|
|
func verifyBlockSignature(ctx context.Context, h *types.BlockHeader,
|
|
addr address.Address) error {
|
|
return sigs.CheckBlockSignature(ctx, h, addr)
|
|
}
|
|
|
|
func signBlock(ctx context.Context, w api.Wallet,
|
|
addr address.Address, next *types.BlockHeader) error {
|
|
|
|
nosigbytes, err := next.SigningBytes()
|
|
if err != nil {
|
|
return xerrors.Errorf("failed to get signing bytes for block: %w", err)
|
|
}
|
|
|
|
sig, err := w.WalletSign(ctx, addr, nosigbytes, api.MsgMeta{
|
|
Type: api.MTBlock,
|
|
})
|
|
if err != nil {
|
|
return xerrors.Errorf("failed to sign new block: %w", err)
|
|
}
|
|
next.BlockSig = sig
|
|
return nil
|
|
}
|
|
|
|
var _ consensus.Consensus = &FilecoinEC{}
|