This addresses the last known deficiency of the eth_getProof
implementation. The previous code would return an error in the event
that the element was not found in the trie. EIP-1186 allows for
'negative' proofs where a proof demonstrates that an element cannot be
in the trie, so this commit updates the logic to support that case.
Co-authored-by: Jason Yellick <jason@enya.ai>
This PR extends the function merged in #7337 to cover the proof
generation paths as well.
The first commit simply migrates the internal proof checking code from
the rpc `eth_getProof` test to be available externally exported under
`turbo/trie`. In the process, it translates the in place testing
assertions to return more normally as errors and adapts to use the
pre-existing trie node types which are defined slightly differently
(although this code is still intended only for testing purposes).
The second commit refactors the existing trie fuzzing tests from the
previous PR and adds new fuzzing tests for the proof generation. In
order to validate the proofs, these fuzzing tests fundamentally do two
things. Firstly, after bootstrapping the test (by seeding, and modifying
the db), for each key we compute the 'naive' proof utilizing the
existing code in `proof.go` and the in memory `trie.Trie` structure. The
`trie.Trie` code actually had a couple small bugs which are fixed in
this PR (not handling value nodes, and not honoring the `NewTestRLPTrie`
contract of pre-RLP encoded nodes in proof generation). Secondly, we
re-compute the same proof for the flatDB production variant, and verify
that it is exactly the same proof as computed by the naive
implementation.
This fuzzing has been run for ~72 hours locally with no errors. Although
this code hasn't identified any new bugs in the proof generation path,
it improves coverage and should help to prevent regressions. Additional
extensions will be provided in a subsequent PR.
---------
Co-authored-by: Jason Yellick <jason@enya.ai>
There are currently a number of bugs in the flat DB trie hash
computation. These bugs are improbable in 'real' scenarios (hence the
ability to sync the assorted large chains), and, the repercussions of
encountering them are low (generally re-computing the hash at a later
block will succeed). Still, they can cause the process to crash, or
deadlock, and a clever adversary could feasibly construct a block or
storage update designed to trigger these bugs. (Or, an unlucky block may
trigger them inadvertently). Based on the tracing in the code, it seems
that some of these bugs may have been witnessed in the wild, but not
reliably reproduced (for instance when `maxlen >= len(curr)`).
1. There is an infinite loop that can occur in
_nextSiblingOfParentInMem. This occurs in the account path when the
c.k[1] entry is 'nil' and the code will continuously retry resolving
this entry indefinitely.
2. When the next trie node is deeper in the trie than the previous, but
is not a descendent of the previous trie node, then the old trie node is
inadvertently left in memory instead of nil-ed. This results in an
incorrect hash being computed.
3. When the last trie node being processed is comprised entirely of 'f'
nibbles, the 'FirstNotCoveredPrefix' returns an empty byte array,
because there is no next nibble sub-tree. This causes keys to
inappropriately be reprocessed triggering either an index out of bounds
panic or incorrect hash results.
4. When the _nextSiblingInDB path is triggered, if the next nibble
subtree contains no trie table entries, then any keys with a prefix in
that subtree will be skipped resulting in incorrect hash results.
The fuzzing seeds included cover all four of these cases (for both
accounts and storage where appropriate). As fuzzing is baked into the
native go 1.18 toolchain, running 'go test' (as the Makefile currently
does) is adequate to cover these failures. To run additional fuzzing the
`-fuzz` flag may be provided as documented in the go test doc.
Co-authored-by: Jason Yellick <jason@enya.ai>
types.NewMessage now expects maxFeePerDataGas param, which will be used
in transaction verification (preCheck). GetPayloadV3 method added to
EngineAPI. Some cosmetic changes applied.
**Problem**
While tracing the block with Parity tracer(`trace_block`) it returns
error for a few blocks.
<details><summary>Example of blocks that couldn't be traced</summary>
These are the example of payloads with the errors occured during tracing
the blocks:
1. `{"method":"trace_block","params":["0x24165bd"],"id":0}` - `first run
for txIndex 32 error: insufficient funds for gas * price + value:
address 0x000005D814d5abD6e0F9345c9b1f37C82Eaf1EBb have
547961731687102852 want 675024999764675175`
2. `{"method":"trace_block","params":["0x2658753"],"id":0}` - `first run
for txIndex 45 error: insufficient funds for gas * price + value:
address 0x000004BeDC012a5D043270AF67de24c20a3b8aeB have
211658993830905595 want 235579381558610848`
3. `{"method":"trace_block","params":["0x258b00c"],"id":0} -first run
for txIndex 274 error: insufficient funds for gas * price + value:
address 0xA3a762006D22806B35895f4C0599bAe3adF1B349 have
342048586356638524 want 386865441635818752`
</details>
After looking through the
[trace_filtering.go](https://github.com/ledgerwatch/erigon/blob/devel/cmd/rpcdaemon/commands/trace_filtering.go#L1006)
and
[trace_adhoc.go](https://github.com/ledgerwatch/erigon/blob/devel/cmd/rpcdaemon/commands/trace_adhoc.go#L1072)
noticed that `doCallMany` called with `gasBailOut = true` in
[one](https://github.com/ledgerwatch/erigon/blob/devel/cmd/rpcdaemon/commands/trace_adhoc.go#L1072)
place and `gasBailOut = false` in
[another](https://github.com/ledgerwatch/erigon/blob/devel/cmd/rpcdaemon/commands/trace_filtering.go#L1006)
(actually the part of the code that is called by `trace_block`.
Changing its value to `true` fixed the problem and traces are successful
with this change.
Attaching the partial result of the successful trace below.
<details><summary>{"method":"trace_block","params":["0x24165bd"],"id":0}</summary>
```json
{
"jsonrpc": "2.0",
"id": 0,
"result": [
{
"action": {
"from": "0x3eaf7de168a79c1d6a1aab8c106e42b6f4e0a7c8",
"callType": "call",
"gas": "0x30464",
"input": "0x0000000100000000000000000000000000000000000000000000000000000001dcbde73f0000000000000000000000000000000000000000000002086b35cd47c9189dc02791bca1f2de4661ed88a30c99a7a9449aa841740d500b1d8e8ef31e21c99d1db9a6444d3adf12700001f4000000000000000000000f490d8e000000000000",
"to": "0x1d36f9688cceafee9d7df45fe8e24884ed0d6730",
"value": "0x0"
},
"blockHash": "0x96f0792349a67b7995dda853df79bd5fa9d2926eb2ac8a07ac46e4df429632af",
"blockNumber": 37840317,
"error": "Reverted",
"result": {
"gasUsed": "0x1d2d",
"output": "0x08c379a0000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000056572723332000000000000000000000000000000000000000000000000000000"
},
"subtraces": 1,
"traceAddress": [],
"transactionHash": "0x1417cab7ae635884117909cc828474df0121d4a2a0ad033f462e6fa84bfab176",
"transactionPosition": 0,
"type": "call"
},
{
"action": {
"from": "0x1d36f9688cceafee9d7df45fe8e24884ed0d6730",
"callType": "staticcall",
"gas": "0x2e9b7",
"input": "0x3850c7bd",
"to": "0xa374094527e1673a86de625aa59517c5de346d32",
"value": "0x0"
},
"blockHash": "0x96f0792349a67b7995dda853df79bd5fa9d2926eb2ac8a07ac46e4df429632af",
"blockNumber": 37840317,
"result": {
"gasUsed": "0xa88",
"output": "0x000000000000000000000000000000000000000000000f49c33e3991750050fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffbc158000000000000000000000000000000000000000000000000000000000000096d00000000000000000000000000000000000000000000000000000000000009c400000000000000000000000000000000000000000000000000000000000009c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"
},
"subtraces": 0,
"traceAddress": [
0
],
.....
},
"blockHash": "0x96f0792349a67b7995dda853df79bd5fa9d2926eb2ac8a07ac46e4df429632af",
"blockNumber": 37840317,
"result": null,
"subtraces": 0,
"traceAddress": [],
"type": "reward"
}
]
}
```
</details>
---------
Co-authored-by: alexqrid <>
According to EIP-1186 the `proof` parts of the response to eth_getProof
should be returned "starting with the stateRoot-Node, following the path
of the SHA3 (address) as key." Currently, the proof is returned in
traversal order, rather than from the root.
Although all of the proof elements are there and correct, this is
contrary to the EIP and will cause problems for some clients. The
existing rpc test uses a map to lookup proof elements by hash, rather
than by index, so this bug was not initially caught.
This commit fixes the behavior, updates the existing test, and adds
additional checks to the rpc test.
Co-authored-by: Jason Yellick <jason@enya.ai>