2020-11-20 18:06:12 +00:00
|
|
|
package kv
|
|
|
|
|
|
|
|
|
|
import (
|
Make Prysm VC compatible with the version `v5.3.0` of the slashing protections interchange tests. (#13232)
* `TestStore_GenesisValidatorsRoot_ReadAndWrite`: Make all test cases independents.
In a test with multiple test cases, each test case should be independents.
(aka: Removing test case `A` should not impact test case `B`)
* `SaveGenesisValidatorsRoot`: Allow to overwrite the genesis validator root if the root is the same.
* `ProposalHistoryForSlot`: Add `signingRootExists`
Currently, it is not possible with `ProposalHistoryForSlot` to know if a
proposal is stored with and `0x00000....` signing root or with an empty
signing root. Both cases result to `proposalExists == true` and
`signingRoot == 0x00000`.
This commit adds a new return boolean: `signingRootExists`.
If a proposal has been saved with a `0x00000...` signing root, then:
- `proposalExists` is set to `true`, and
- `signingRootExists` is set to `true`, and
- `signingRoot` is set to `0x00000...`
If a proposal has been saved with an empty signing root, then:
- `proposalExists` is set to `true`, and
- `signingRootExists` is set to `false`, and
- (`signingRoot` is set to `0x00000...`)
* `ImportStandardProtectionJSON`: When importing EIP-3076 Slashing Protection Interchange Format, do not filter any more slashable keys.
Note: Those keys are still saved into the black-listed public keys list.
There is two reason not to do so:
- The EIP-3076 test cases do not know about Prysm's internal black-listed public keys list.
Tests will expect, without looking into this internal black-listed public keys list,
to deny a further signature. If we filter these keys from the DB (even if we keep them
into the black-listed keys list), then some tests will fail.
- If we import a interchange file containing slashable keys and we filter them, then,
if we re-export the DB, those slashing offences won't appear in the exported interchange
file.
* `transformSignedBlocks`: Store an 0-len byte slice
When importing an EIP-3076 interchange format, and when no
signing root is specified into the file, we currently store a
`0x00000.....` signing root.
In such a case, instead storing `0x00000...`, this commit stores
a 0-len byte array, so we can differentiate real `0x000.....` signing
root and no signing-root at all.
* `slashableProposalCheck`: Manage lack of sign root
Currently, `slashableProposalCheck` does not really make a difference
between a `0x0000.....` signing root and a missing signing root.
(Signing roots can be missing when importing an EIP-3076 interchange
file.)
This commit differentiate, for `slashableProposalCheck`, `0x0000....`
signing root and a missing signing root.
* `AttestationRecord.SigningRoot`: ==> `[]byte`
When importing attestations from EIP-3076 interchange format,
the signing root of an attestation may be missing.
Currently, Prysm consider any missing attestation signing root as
`0x000...`.
However, it may conflict with signing root which really are equal to
`0x000...`.
This commit transforms `AttestationRecord.SigningRoot` from `[32]byte` to
`[]byte`, and change the minimal set of functions (sic) to support this
new type.
* `CheckSlashableAttestation`: Empty signing root
Regarding slashing roots, 2 attestations are slashable, if:
- both signing roots are defined and differs, or
- one attestation exists, but without a signing root
* `filterSlashablePubKeysFromAttestations`: Err sort
Rergarding `CheckSlashableAttestation`, we consider that:
- If slashable == NotSlashable and err != nil, then CheckSlashableAttestation
failed.
- If slashable != NotSlashable, then err contains the reason why the attestation
is slashable.
* `setupEIP3076SpecTests`: Update to `v5.3.0`
This commit:
- Updates the version of EIP-3076 tests to `v.5.2.1`.
- Setups on anti-slashing DB per test case, instead per step.
* `ImportStandardProtectionJSON`: Reduce cycl cmplxt
* `AttestationHistoryForPubKey`: copy signing root
BoltDB documentation specifies:
| Byte slices returned from Bolt are only valid during a transaction.
| Once the transaction has been committed or rolled back then the memory
| they point to can be reused by a new page or can be unmapped
| from virtual memory and you'll see an unexpected fault address panic
| when accessing it.
2023-12-04 17:10:32 +00:00
|
|
|
"bytes"
|
2020-11-20 18:06:12 +00:00
|
|
|
"context"
|
|
|
|
|
"fmt"
|
|
|
|
|
|
|
|
|
|
bolt "go.etcd.io/bbolt"
|
|
|
|
|
)
|
|
|
|
|
|
2022-02-14 13:34:38 +00:00
|
|
|
// SaveGenesisValidatorsRoot saves the genesis validators root to db.
|
2022-06-27 13:34:38 +00:00
|
|
|
func (s *Store) SaveGenesisValidatorsRoot(_ context.Context, genValRoot []byte) error {
|
2020-11-20 18:06:12 +00:00
|
|
|
err := s.db.Update(func(tx *bolt.Tx) error {
|
|
|
|
|
bkt := tx.Bucket(genesisInfoBucket)
|
|
|
|
|
enc := bkt.Get(genesisValidatorsRootKey)
|
Make Prysm VC compatible with the version `v5.3.0` of the slashing protections interchange tests. (#13232)
* `TestStore_GenesisValidatorsRoot_ReadAndWrite`: Make all test cases independents.
In a test with multiple test cases, each test case should be independents.
(aka: Removing test case `A` should not impact test case `B`)
* `SaveGenesisValidatorsRoot`: Allow to overwrite the genesis validator root if the root is the same.
* `ProposalHistoryForSlot`: Add `signingRootExists`
Currently, it is not possible with `ProposalHistoryForSlot` to know if a
proposal is stored with and `0x00000....` signing root or with an empty
signing root. Both cases result to `proposalExists == true` and
`signingRoot == 0x00000`.
This commit adds a new return boolean: `signingRootExists`.
If a proposal has been saved with a `0x00000...` signing root, then:
- `proposalExists` is set to `true`, and
- `signingRootExists` is set to `true`, and
- `signingRoot` is set to `0x00000...`
If a proposal has been saved with an empty signing root, then:
- `proposalExists` is set to `true`, and
- `signingRootExists` is set to `false`, and
- (`signingRoot` is set to `0x00000...`)
* `ImportStandardProtectionJSON`: When importing EIP-3076 Slashing Protection Interchange Format, do not filter any more slashable keys.
Note: Those keys are still saved into the black-listed public keys list.
There is two reason not to do so:
- The EIP-3076 test cases do not know about Prysm's internal black-listed public keys list.
Tests will expect, without looking into this internal black-listed public keys list,
to deny a further signature. If we filter these keys from the DB (even if we keep them
into the black-listed keys list), then some tests will fail.
- If we import a interchange file containing slashable keys and we filter them, then,
if we re-export the DB, those slashing offences won't appear in the exported interchange
file.
* `transformSignedBlocks`: Store an 0-len byte slice
When importing an EIP-3076 interchange format, and when no
signing root is specified into the file, we currently store a
`0x00000.....` signing root.
In such a case, instead storing `0x00000...`, this commit stores
a 0-len byte array, so we can differentiate real `0x000.....` signing
root and no signing-root at all.
* `slashableProposalCheck`: Manage lack of sign root
Currently, `slashableProposalCheck` does not really make a difference
between a `0x0000.....` signing root and a missing signing root.
(Signing roots can be missing when importing an EIP-3076 interchange
file.)
This commit differentiate, for `slashableProposalCheck`, `0x0000....`
signing root and a missing signing root.
* `AttestationRecord.SigningRoot`: ==> `[]byte`
When importing attestations from EIP-3076 interchange format,
the signing root of an attestation may be missing.
Currently, Prysm consider any missing attestation signing root as
`0x000...`.
However, it may conflict with signing root which really are equal to
`0x000...`.
This commit transforms `AttestationRecord.SigningRoot` from `[32]byte` to
`[]byte`, and change the minimal set of functions (sic) to support this
new type.
* `CheckSlashableAttestation`: Empty signing root
Regarding slashing roots, 2 attestations are slashable, if:
- both signing roots are defined and differs, or
- one attestation exists, but without a signing root
* `filterSlashablePubKeysFromAttestations`: Err sort
Rergarding `CheckSlashableAttestation`, we consider that:
- If slashable == NotSlashable and err != nil, then CheckSlashableAttestation
failed.
- If slashable != NotSlashable, then err contains the reason why the attestation
is slashable.
* `setupEIP3076SpecTests`: Update to `v5.3.0`
This commit:
- Updates the version of EIP-3076 tests to `v.5.2.1`.
- Setups on anti-slashing DB per test case, instead per step.
* `ImportStandardProtectionJSON`: Reduce cycl cmplxt
* `AttestationHistoryForPubKey`: copy signing root
BoltDB documentation specifies:
| Byte slices returned from Bolt are only valid during a transaction.
| Once the transaction has been committed or rolled back then the memory
| they point to can be reused by a new page or can be unmapped
| from virtual memory and you'll see an unexpected fault address panic
| when accessing it.
2023-12-04 17:10:32 +00:00
|
|
|
if len(enc) != 0 && !bytes.Equal(enc, genValRoot) {
|
2023-05-11 20:45:43 +00:00
|
|
|
return fmt.Errorf("cannot overwrite existing genesis validators root: %#x", enc)
|
2020-11-20 18:06:12 +00:00
|
|
|
}
|
|
|
|
|
return bkt.Put(genesisValidatorsRootKey, genValRoot)
|
|
|
|
|
})
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2022-02-14 13:34:38 +00:00
|
|
|
// GenesisValidatorsRoot retrieves the genesis validators root from db.
|
2022-06-27 13:34:38 +00:00
|
|
|
func (s *Store) GenesisValidatorsRoot(_ context.Context) ([]byte, error) {
|
2020-11-20 18:06:12 +00:00
|
|
|
var genValRoot []byte
|
|
|
|
|
err := s.db.View(func(tx *bolt.Tx) error {
|
|
|
|
|
bkt := tx.Bucket(genesisInfoBucket)
|
|
|
|
|
enc := bkt.Get(genesisValidatorsRootKey)
|
|
|
|
|
if len(enc) == 0 {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
genValRoot = enc
|
|
|
|
|
return nil
|
|
|
|
|
})
|
|
|
|
|
return genValRoot, err
|
|
|
|
|
}
|