Queue malice reports#107
Conversation
afck
left a comment
afck
left a comment
There was a problem hiding this comment.
Still looks good to me, once we've found a way to properly test it.
And ideally we should test both ways to submit a report:
- Including it in a block we're authoring.
- Sending it to a peer as a transaction.
|
Yes, but possibly #101 will have to be extended to test both cases. |
|
We also need to test the case where a node submits a block, even though they are not a validator. |
|
I'm going to test this after I make some high priority tasks (describing the contracts in README, Whitepaper, and commenting contracts' code to help auditors understand the contracts easily - I think it may take 1-2 weeks). |
This is a squash of 18 commits: Queue failed reports for later insertion into blocks If we fail to send a transaction that reports a validator as malicious, store it on a stack. When we next seal a block, included the failed transactions. Insert our reports every time we prepare a block Implement queued reporting Prioritize the `emitInitiateChange` call Fix warnings These warnings cluttered build output, and made it hard to see actual warnings in new code. Implement (partial) cache purging. Once an entry that cannot be purged is found, further entries are skipped. Finish report queuing Use the correct reporting address Drop reports beyond MAX_QUEUED_REPORTS This helps prevent denial-of-service attacks. Drop queued report limits We now only keep 500 reports that have not been confirmed, or 100 reports that have been. Lower limits on queued reports Add a script to generate ABI files and use it to fix compilation error due to incomplete ABI json. Remove old validator reports Reports over 100 blocks old are useless anyway. Fix an unused variable warning in the test client Show a better error when the validator set contract is bad Fix backwards comparison between bad and current block numbers Drop reports for block numbers ahead of the current one Fix review comments from Andreas Remove a commented-out constant, and use the standard library `VecDeque::retain()` method instead of (inefficiently) reimplementing it ourselves.
Having created a transaction doesn't guarantee that it will be included in a block. We should queue the transaction anyway. Also remove some unnecessary closures and match statements.
|
I squashed, rebased and added another commit. |
| let result = client.call_contract(BlockId::Latest, self.contract_address, data) | ||
| .expect("this is a bug in the genesis block; either the validator set contract is missing, or it is invalid; this is a fatal error in the configuration of Parity, so we cannot recover; qed"); | ||
| decoder.decode(&result[..]) | ||
| .expect("this is a bug in the genesis block; either the validator set contract is missing, or it is invalid; this is a fatal error in the configuration of Parity, so we cannot recover; qed") |
There was a problem hiding this comment.
This error message should differ from the one just above.
There was a problem hiding this comment.
I agree; I'm not even convinced we should panic here: The network could still continue without a malice report queue, and just print a warning. Or is that too dangerous?
There was a problem hiding this comment.
A common solution is returning an Err. This is the only occurrence of a panic in such a case as far as I can see.
| if current_block_number > 100 && current_block_number - 100 > block { | ||
| return false // Report is too old and cannot be used | ||
| } | ||
| let (data, decoder) = validator_set::functions::malice_reported_for_block::call( |
There was a problem hiding this comment.
We should include this method in the test validator contract.
There was a problem hiding this comment.
Ah, sorry, me too! I would have already pushed it, if it hadn't caused the tests to fail in new, original and unexpected ways!
test engines::validator_set::contract::tests::reports_validators ... test engines::validator_set::contract::tests::reports_validators has been running for over 60 seconds
There was a problem hiding this comment.
I suspect this is actually a problem with the queue implementation; why else would the test get stuck?
I'll add my contract change to the other PR first, then get back to this issue…
There was a problem hiding this comment.
And that shows that we really need to get #129 merged before we can continue with this one.
There was a problem hiding this comment.
And not only reports_validators:
test engines::validator_set::contract::tests::reports_validators ... test engines::validator_set::contract::tests::reports_validators has been running for over 60 seconds
test ethereum::ethash::tests::can_do_proof_of_work_unordered_verification_fail ... test ethereum::ethash::tests::can_do_proof_of_work_unordered_verification_fail has been running for over 60 seconds
test ethereum::ethash::tests::can_do_seal256_verification_fail ... test ethereum::ethash::tests::can_do_seal256_verification_fail has been running for over 60 seconds
|
Can I start to test this with |
Do you mean this? parity-ethereum/ethcore/src/engines/validator_set/safe_contract.rs Lines 344 to 362 in 74fea45 |
|
Yes, exactly. But I think I already have a solution. Will push it to #129. |
|
Done in #129. |
4 participants
This is #98, reopened.