feat(iota-protocol, iota-execution, iota-framework): Update signing verifier constants setting (#5588)

* feat(iota-protocol, iota-execution, iota-framework): allowing verifier constants for limits and metering to be set by the node config instead of being hardcoded into the binary

Author: Dkwcs

Cargo.lock

@@ -33,3 +33,4 @@ iota-genesis-common.workspace = true
 iota-keys.workspace = true
 iota-protocol-config.workspace = true
 iota-types.workspace = true
+move-vm-config.workspace = true

crates/iota-config/Cargo.toml

@@ -21,6 +21,7 @@ pub mod node_config_metrics;
 pub mod object_storage_config;
 pub mod p2p;
 pub mod transaction_deny_config;
+pub mod verifier_signing_config;
 
 use iota_types::multiaddr::Multiaddr;
 pub use node::{ConsensusConfig, ExecutionCacheConfig, NodeConfig};

crates/iota-config/src/lib.rs

@@ -34,7 +34,7 @@ use tracing::info;
 use crate::{
     Config, certificate_deny_config::CertificateDenyConfig, genesis,
     migration_tx_data::MigrationTxData, object_storage_config::ObjectStoreConfig, p2p::P2pConfig,
-    transaction_deny_config::TransactionDenyConfig,
+    transaction_deny_config::TransactionDenyConfig, verifier_signing_config::VerifierSigningConfig,
 };
 
 // Default max number of concurrent requests served
@@ -245,6 +245,9 @@ pub struct NodeConfig {
 
     #[serde(default = "bool_true")]
     pub enable_validator_tx_finalizer: bool,
+
+    #[serde(default)]
+    pub verifier_signing_config: VerifierSigningConfig,
 }
 
 #[derive(Clone, Debug, Deserialize, Serialize, Default)]

crates/iota-config/src/node.rs

@@ -0,0 +1,79 @@
+// Copyright (c) Mysten Labs, Inc.
+// Modifications Copyright (c) 2025 IOTA Stiftung
+// SPDX-License-Identifier: Apache-2.0
+
+use move_vm_config::verifier::MeterConfig;
+use serde::{Deserialize, Serialize};
+
+// Default values for verifier signing config.
+pub const DEFAULT_MAX_PER_FUN_METER_UNITS: usize = 2_200_000;
+pub const DEFAULT_MAX_PER_MOD_METER_UNITS: usize = 2_200_000;
+pub const DEFAULT_MAX_PER_PKG_METER_UNITS: usize = 2_200_000;
+
+pub const DEFAULT_MAX_BACK_EDGES_PER_FUNCTION: usize = 10_000;
+pub const DEFAULT_MAX_BACK_EDGES_PER_MODULE: usize = 10_000;
+
+/// This holds limits that are only set and used by the verifier during signing
+/// _only_. There are additional limits in the `MeterConfig` and
+/// `VerifierConfig` that are used during both signing and execution, however
+/// those limits cannot be set here and must be protocol versioned.
+#[derive(Clone, Debug, Default, Deserialize, Serialize)]
+#[serde(rename_all = "kebab-case")]
+pub struct VerifierSigningConfig {
+    #[serde(default)]
+    max_per_fun_meter_units: Option<usize>,
+    #[serde(default)]
+    max_per_mod_meter_units: Option<usize>,
+    #[serde(default)]
+    max_per_pkg_meter_units: Option<usize>,
+
+    #[serde(default)]
+    max_back_edges_per_function: Option<usize>,
+    #[serde(default)]
+    max_back_edges_per_module: Option<usize>,
+}
+
+impl VerifierSigningConfig {
+    pub fn max_per_fun_meter_units(&self) -> usize {
+        self.max_per_fun_meter_units
+            .unwrap_or(DEFAULT_MAX_PER_FUN_METER_UNITS)
+    }
+
+    pub fn max_per_mod_meter_units(&self) -> usize {
+        self.max_per_mod_meter_units
+            .unwrap_or(DEFAULT_MAX_PER_MOD_METER_UNITS)
+    }
+
+    pub fn max_per_pkg_meter_units(&self) -> usize {
+        self.max_per_pkg_meter_units
+            .unwrap_or(DEFAULT_MAX_PER_PKG_METER_UNITS)
+    }
+
+    pub fn max_back_edges_per_function(&self) -> usize {
+        self.max_back_edges_per_function
+            .unwrap_or(DEFAULT_MAX_BACK_EDGES_PER_FUNCTION)
+    }
+
+    pub fn max_back_edges_per_module(&self) -> usize {
+        self.max_back_edges_per_module
+            .unwrap_or(DEFAULT_MAX_BACK_EDGES_PER_MODULE)
+    }
+
+    /// Return sign-time only limit for back edges for the verifier.
+    pub fn limits_for_signing(&self) -> (usize, usize) {
+        (
+            self.max_back_edges_per_function(),
+            self.max_back_edges_per_module(),
+        )
+    }
+
+    /// MeterConfig for metering packages during signing. It is NOT stable
+    /// between binaries and cannot used during execution.
+    pub fn meter_config_for_signing(&self) -> MeterConfig {
+        MeterConfig {
+            max_per_fun_meter_units: Some(self.max_per_fun_meter_units() as u128),
+            max_per_mod_meter_units: Some(self.max_per_mod_meter_units() as u128),
+            max_per_pkg_meter_units: Some(self.max_per_pkg_meter_units() as u128),
+        }
+    }
+}

crates/iota-config/src/verifier_signing_config.rs

@@ -898,6 +898,7 @@ impl AuthorityState {
                 input_objects,
                 &receiving_objects,
                 &self.metrics.bytecode_verifier_metrics,
+                &self.config.verifier_signing_config,
             )?;
 
         check_coin_deny_list_v1_during_signing(
@@ -1764,6 +1765,7 @@ impl AuthorityState {
                     receiving_objects,
                     gas_object,
                     &self.metrics.bytecode_verifier_metrics,
+                    &self.config.verifier_signing_config,
                 )?,
                 Some(gas_object_id),
             )
@@ -1776,6 +1778,7 @@ impl AuthorityState {
                     input_objects,
                     &receiving_objects,
                     &self.metrics.bytecode_verifier_metrics,
+                    &self.config.verifier_signing_config,
                 )?,
                 None,
             )
@@ -2004,6 +2007,7 @@ impl AuthorityState {
                     receiving_objects,
                     dummy_gas_object,
                     &self.metrics.bytecode_verifier_metrics,
+                    &self.config.verifier_signing_config,
                 )?
             } else {
                 iota_transaction_checks::check_transaction_input(
@@ -2013,6 +2017,7 @@ impl AuthorityState {
                     input_objects,
                     &receiving_objects,
                     &self.metrics.bytecode_verifier_metrics,
+                    &self.config.verifier_signing_config,
                 )?
             }
         };

crates/iota-core/src/authority.rs

@@ -21,6 +21,7 @@ prometheus.workspace = true
 
 # internal dependencies
 iota-adapter = { path = "../../iota-execution/latest/iota-adapter", package = "iota-adapter-latest" }
+iota-config.workspace = true
 iota-framework.workspace = true
 iota-move = { workspace = true, features = ["unit_test"] }
 iota-move-build.workspace = true

crates/iota-framework-tests/Cargo.toml

@@ -9,6 +9,7 @@ use std::{
 };
 
 use iota_adapter::adapter::run_metered_move_bytecode_verifier;
+use iota_config::verifier_signing_config::VerifierSigningConfig;
 use iota_framework::BuiltInFramework;
 use iota_move_build::{CompiledPackage, IotaPackageHooks};
 use iota_protocol_config::ProtocolConfig;
@@ -36,8 +37,10 @@ fn test_metered_move_bytecode_verifier() {
     let compiled_modules: Vec<_> = compiled_package.get_modules().cloned().collect();
 
     let protocol_config = ProtocolConfig::get_for_max_version_UNSAFE();
-    let mut verifier_config = protocol_config.verifier_config(/* for_signing */ true);
-    let mut meter_config = protocol_config.meter_config_for_signing();
+    let signing_config = VerifierSigningConfig::default();
+    let mut verifier_config =
+        protocol_config.verifier_config(Some(signing_config.limits_for_signing()));
+    let mut meter_config = signing_config.meter_config_for_signing();
     let registry = &Registry::new();
     let bytecode_verifier_metrics = Arc::new(BytecodeVerifierMetrics::new(registry));
     let mut meter = IotaVerifierMeter::new(meter_config.clone());
@@ -202,9 +205,11 @@ fn test_metered_move_bytecode_verifier() {
     let package = build(&path).unwrap();
     packages.push(package.get_dependency_sorted_modules(with_unpublished_deps));
 
+    let signing_config = VerifierSigningConfig::default();
     let protocol_config = ProtocolConfig::get_for_max_version_UNSAFE();
-    let verifier_config = protocol_config.verifier_config(/* for_signing */ true);
-    let meter_config = protocol_config.meter_config_for_signing();
+    let verifier_config =
+        protocol_config.verifier_config(Some(signing_config.limits_for_signing()));
+    let meter_config = signing_config.meter_config_for_signing();
 
     // Check if the same meter is indeed used multiple invocations of the verifier
     let mut meter = IotaVerifierMeter::new(meter_config);
@@ -229,9 +234,11 @@ fn test_metered_move_bytecode_verifier() {
 fn test_meter_system_packages() {
     move_package::package_hooks::register_package_hooks(Box::new(IotaPackageHooks));
 
+    let signing_config = VerifierSigningConfig::default();
     let protocol_config = ProtocolConfig::get_for_max_version_UNSAFE();
-    let verifier_config = protocol_config.verifier_config(/* for_signing */ true);
-    let meter_config = protocol_config.meter_config_for_signing();
+    let verifier_config =
+        protocol_config.verifier_config(Some(signing_config.limits_for_signing()));
+    let meter_config = signing_config.meter_config_for_signing();
     let registry = &Registry::new();
     let bytecode_verifier_metrics = Arc::new(BytecodeVerifierMetrics::new(registry));
     let mut meter = IotaVerifierMeter::new(meter_config);
@@ -283,9 +290,11 @@ fn test_meter_system_packages() {
 fn test_build_and_verify_programmability_examples() {
     move_package::package_hooks::register_package_hooks(Box::new(IotaPackageHooks));
 
+    let signing_config = VerifierSigningConfig::default();
     let protocol_config = ProtocolConfig::get_for_max_version_UNSAFE();
-    let verifier_config = protocol_config.verifier_config(/* for_signing */ true);
-    let meter_config = protocol_config.meter_config_for_signing();
+    let verifier_config =
+        protocol_config.verifier_config(Some(signing_config.limits_for_signing()));
+    let meter_config = signing_config.meter_config_for_signing();
     let registry = &Registry::new();
     let bytecode_verifier_metrics = Arc::new(BytecodeVerifierMetrics::new(registry));
     let examples = PathBuf::from(env!("CARGO_MANIFEST_DIR")).join("../../examples");

crates/iota-framework-tests/src/metered_verifier.rs

@@ -9,7 +9,7 @@ use std::{
 
 use clap::*;
 use iota_protocol_config_macros::{ProtocolConfigAccessors, ProtocolConfigFeatureFlagsGetters};
-use move_vm_config::verifier::{MeterConfig, VerifierConfig};
+use move_vm_config::verifier::VerifierConfig;
 use serde::{Deserialize, Serialize};
 use serde_with::skip_serializing_none;
 use tracing::{info, warn};
@@ -1706,11 +1706,15 @@ impl ProtocolConfig {
     // Extract the bytecode verifier config from this protocol config. `for_signing`
     // indicates whether this config is used for verification during signing or
     // execution.
-    pub fn verifier_config(&self, for_signing: bool) -> VerifierConfig {
-        let (max_back_edges_per_function, max_back_edges_per_module) = if for_signing {
+    pub fn verifier_config(&self, signing_limits: Option<(usize, usize)>) -> VerifierConfig {
+        let (max_back_edges_per_function, max_back_edges_per_module) = if let Some((
+            max_back_edges_per_function,
+            max_back_edges_per_module,
+        )) = signing_limits
+        {
             (
-                Some(self.max_back_edges_per_function() as usize),
-                Some(self.max_back_edges_per_module() as usize),
+                Some(max_back_edges_per_function),
+                Some(max_back_edges_per_module),
             )
         } else {
             (None, None)
@@ -1740,16 +1744,6 @@ impl ProtocolConfig {
         }
     }
 
-    /// MeterConfig for metering packages during signing. It is NOT stable
-    /// between binaries and cannot used during execution.
-    pub fn meter_config_for_signing(&self) -> MeterConfig {
-        MeterConfig {
-            max_per_fun_meter_units: Some(2_200_000),
-            max_per_mod_meter_units: Some(2_200_000),
-            max_per_pkg_meter_units: Some(2_200_000),
-        }
-    }
-
     /// Override one or more settings in the config, for testing.
     /// This must be called at the beginning of the test, before
     /// get_for_(min|max)_version is called, since those functions cache

crates/iota-protocol-config/src/lib.rs

@@ -19,6 +19,7 @@ use iota_config::{
         default_end_of_epoch_broadcast_channel_capacity, default_zklogin_oauth_providers,
     },
     p2p::{P2pConfig, SeedPeer, StateSyncConfig},
+    verifier_signing_config::VerifierSigningConfig,
 };
 use iota_types::{
     crypto::{AuthorityKeyPair, AuthorityPublicKeyBytes, IotaKeyPair, NetworkKeyPair},
@@ -223,6 +224,7 @@ impl ValidatorConfigBuilder {
             firewall_config: self.firewall_config,
             execution_cache: ExecutionCacheConfig::default(),
             enable_validator_tx_finalizer: true,
+            verifier_signing_config: VerifierSigningConfig::default(),
         }
     }
 
@@ -515,6 +517,7 @@ impl FullnodeConfigBuilder {
             execution_cache: ExecutionCacheConfig::default(),
             // This is a validator specific feature.
             enable_validator_tx_finalizer: false,
+            verifier_signing_config: VerifierSigningConfig::default(),
         }
     }