From cec9094e54fbfae21f00a5fdb2d6b1a7b3716540 Mon Sep 17 00:00:00 2001 From: Tao Zhu Date: Thu, 5 Jun 2025 13:03:40 -0500 Subject: [PATCH 01/12] draft --- proposals/029x-relax-invalid-nonce.md | 77 +++++++++++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100644 proposals/029x-relax-invalid-nonce.md diff --git a/proposals/029x-relax-invalid-nonce.md b/proposals/029x-relax-invalid-nonce.md new file mode 100644 index 000000000..54d06afc2 --- /dev/null +++ b/proposals/029x-relax-invalid-nonce.md @@ -0,0 +1,77 @@ +--- +simd: '029X' +title: Relax Invalid Nonce Transactions Constraint +authors: Tao Zhu (Anza) +category: Standard +type: Core +status: Review +created: 2025-06-05 +feature: +--- + +## Summary + +This proposal relaxes the handling of invalid durable nonce transactions during +block replay. Instead of rejecting the entire block when an invalid nonce is +encountered, the transaction should be marked as failed, skipped for state +modifications, but still committed to the block and charged a transaction fee. + +## Motivation + +The current consensus behavior specifies that invalid durable nonce transactions +should result in block failure during replay. This behavior hinders forward +compatibility with asynchronous block execution. The goal is to align invalid +nonce handling with the treatment of other soft transaction failures (e.g., +relax fee payer, relax ALT, etc). + +## New Terminology + +None + +## Detailed Design + +### Current Behavior + +A transaction using a durable nonce fails block replay (causing the entire +block to be rejected) if any of the following occurs: + +- The nonce account is not a statically included account. +- The nonce account does not exist. +- The nonce account is not properly initialized. +- The stored nonce does not match the transaction's recent blockhash. +- The transaction fails to advance the nonce. + + +### Proposed Change + +Update the replay logic to treat invalid nonce transactions as +**non-state-modifying, fee-charging failures**, as follows: + +- The transaction is **not executed** (no instructions invoked). +- The transaction is **charged compute and fees**. +- The transaction is **recorded in the block** (marked as failed). +- **No account state is modified**, including the nonce account (i.e., nonce is + not advanced). +- **The block is not rejected** as long as all other transactions replay + successfully. + +## Alternatives Considered + +- Only relax a subset of errors (e.g., missing nonce account but not mismatched + blockhash). Adds complexity and partial gains. + +## Impact + +- Invalid nonced transactions will be included in blocks and will be charged + fees. + +## Security Considerations + +The relaxed model still prevents nonce reuse and enforces single-use semantics, +as the transaction does not advance the nonce if it fails. There is no impact +on replay safety, and the ledger remains consistent across nodes. + +## Backward Compatibility + +This change is **not backward compatible** with current validator behavior. It +must be activated via a feature gate and coordinated with a network upgrade. From 347bcaf73ef29db13103459fd2e72021cac1363a Mon Sep 17 00:00:00 2001 From: Tao Zhu Date: Thu, 5 Jun 2025 13:06:58 -0500 Subject: [PATCH 02/12] simd number --- ...29x-relax-invalid-nonce.md => 0297-relax-invalid-nonce.md} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename proposals/{029x-relax-invalid-nonce.md => 0297-relax-invalid-nonce.md} (97%) diff --git a/proposals/029x-relax-invalid-nonce.md b/proposals/0297-relax-invalid-nonce.md similarity index 97% rename from proposals/029x-relax-invalid-nonce.md rename to proposals/0297-relax-invalid-nonce.md index 54d06afc2..486e4cb02 100644 --- a/proposals/029x-relax-invalid-nonce.md +++ b/proposals/0297-relax-invalid-nonce.md @@ -1,6 +1,6 @@ --- -simd: '029X' -title: Relax Invalid Nonce Transactions Constraint +simd: '0297' +title: Relax Invalid Nonced Transactions Constraint authors: Tao Zhu (Anza) category: Standard type: Core From f1f0b3a5b297bbd60487fd9e209ed6be30acda92 Mon Sep 17 00:00:00 2001 From: Tao Zhu Date: Fri, 6 Jun 2025 10:56:01 -0500 Subject: [PATCH 03/12] do not charge fee on skipped nonce transaction --- proposals/0297-relax-invalid-nonce.md | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/proposals/0297-relax-invalid-nonce.md b/proposals/0297-relax-invalid-nonce.md index 486e4cb02..b86d0d13b 100644 --- a/proposals/0297-relax-invalid-nonce.md +++ b/proposals/0297-relax-invalid-nonce.md @@ -14,7 +14,8 @@ feature: This proposal relaxes the handling of invalid durable nonce transactions during block replay. Instead of rejecting the entire block when an invalid nonce is encountered, the transaction should be marked as failed, skipped for state -modifications, but still committed to the block and charged a transaction fee. +modifications, but still committed to the block without charging a transaction +fee. ## Motivation @@ -45,14 +46,15 @@ block to be rejected) if any of the following occurs: ### Proposed Change Update the replay logic to treat invalid nonce transactions as -**non-state-modifying, fee-charging failures**, as follows: +non-state-modifying, non-fee-charging failures, as follows: -- The transaction is **not executed** (no instructions invoked). -- The transaction is **charged compute and fees**. -- The transaction is **recorded in the block** (marked as failed). -- **No account state is modified**, including the nonce account (i.e., nonce is +- The transaction is not executed. +- The transaction is metered by CU limits. +- The transaction is not charged with fee. +- The transaction is recorded in the block (marked as failed). +- No account state is modified, including the nonce account (i.e., nonce is not advanced). -- **The block is not rejected** as long as all other transactions replay +- The block is not rejected as long as all other transactions replay successfully. ## Alternatives Considered From abb487202097b9c9513ed62555cf83d54e68c24f Mon Sep 17 00:00:00 2001 From: Tao Zhu Date: Fri, 6 Jun 2025 21:49:28 -0500 Subject: [PATCH 04/12] fix --- proposals/0297-relax-invalid-nonce.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proposals/0297-relax-invalid-nonce.md b/proposals/0297-relax-invalid-nonce.md index b86d0d13b..ee4ce0ef5 100644 --- a/proposals/0297-relax-invalid-nonce.md +++ b/proposals/0297-relax-invalid-nonce.md @@ -64,7 +64,7 @@ non-state-modifying, non-fee-charging failures, as follows: ## Impact -- Invalid nonced transactions will be included in blocks and will be charged +- Invalid nonced transactions will be included in blocks but will not be charged fees. ## Security Considerations From f6d0d6b3e526d4e97ec4404b74c6b1909dcc845f Mon Sep 17 00:00:00 2001 From: Tao Zhu Date: Mon, 21 Jul 2025 16:06:34 -0500 Subject: [PATCH 05/12] address feedbacks --- proposals/0297-relax-invalid-nonce.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/proposals/0297-relax-invalid-nonce.md b/proposals/0297-relax-invalid-nonce.md index ee4ce0ef5..e4ed069a6 100644 --- a/proposals/0297-relax-invalid-nonce.md +++ b/proposals/0297-relax-invalid-nonce.md @@ -45,11 +45,11 @@ block to be rejected) if any of the following occurs: ### Proposed Change -Update the replay logic to treat invalid nonce transactions as -non-state-modifying, non-fee-charging failures, as follows: +Update replay logic to treat invalid nonce transactions — those failing the +checks above — as non-state-modifying and non-fee-charging failures, as follows: - The transaction is not executed. -- The transaction is metered by CU limits. +- The transaction’s CU cost still applies to the block limit. - The transaction is not charged with fee. - The transaction is recorded in the block (marked as failed). - No account state is modified, including the nonce account (i.e., nonce is From c613fef1138ab7be123db75817224337478d2db4 Mon Sep 17 00:00:00 2001 From: Tao Zhu Date: Wed, 24 Sep 2025 13:30:17 -0500 Subject: [PATCH 06/12] add spec of not including failed tx in status cache --- proposals/0297-relax-invalid-nonce.md | 1 + 1 file changed, 1 insertion(+) diff --git a/proposals/0297-relax-invalid-nonce.md b/proposals/0297-relax-invalid-nonce.md index e4ed069a6..ff6b8174e 100644 --- a/proposals/0297-relax-invalid-nonce.md +++ b/proposals/0297-relax-invalid-nonce.md @@ -49,6 +49,7 @@ Update replay logic to treat invalid nonce transactions — those failing the checks above — as non-state-modifying and non-fee-charging failures, as follows: - The transaction is not executed. +- The transaction is not included in status cache. - The transaction’s CU cost still applies to the block limit. - The transaction is not charged with fee. - The transaction is recorded in the block (marked as failed). From 184854e85789d49b3157bea9ada9539df059f5ed Mon Sep 17 00:00:00 2001 From: Tao Zhu Date: Fri, 26 Sep 2025 11:25:50 -0500 Subject: [PATCH 07/12] combine not-charged-fee with no-accounts-modified --- proposals/0297-relax-invalid-nonce.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/proposals/0297-relax-invalid-nonce.md b/proposals/0297-relax-invalid-nonce.md index ff6b8174e..d1365ec3c 100644 --- a/proposals/0297-relax-invalid-nonce.md +++ b/proposals/0297-relax-invalid-nonce.md @@ -51,10 +51,10 @@ checks above — as non-state-modifying and non-fee-charging failures, as follow - The transaction is not executed. - The transaction is not included in status cache. - The transaction’s CU cost still applies to the block limit. -- The transaction is not charged with fee. - The transaction is recorded in the block (marked as failed). - No account state is modified, including the nonce account (i.e., nonce is - not advanced). + not advanced) and fee payer account (it is not charged with the transaction's + fee). - The block is not rejected as long as all other transactions replay successfully. From 110d4200466c022d67cc12ca914a3f15c06156d1 Mon Sep 17 00:00:00 2001 From: Tao Zhu Date: Fri, 26 Sep 2025 11:30:09 -0500 Subject: [PATCH 08/12] clarify what part of CU to apply to block limits --- proposals/0297-relax-invalid-nonce.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/proposals/0297-relax-invalid-nonce.md b/proposals/0297-relax-invalid-nonce.md index d1365ec3c..c1f206496 100644 --- a/proposals/0297-relax-invalid-nonce.md +++ b/proposals/0297-relax-invalid-nonce.md @@ -50,7 +50,8 @@ checks above — as non-state-modifying and non-fee-charging failures, as follow - The transaction is not executed. - The transaction is not included in status cache. -- The transaction’s CU cost still applies to the block limit. +- The transaction’s non-execution CU cost (i.e., transaction's static CUs, plus + CUs for loading accounts) still applies to the block limit. - The transaction is recorded in the block (marked as failed). - No account state is modified, including the nonce account (i.e., nonce is not advanced) and fee payer account (it is not charged with the transaction's From d5304940f470a34034393d58dc06f3ba96f6cd6e Mon Sep 17 00:00:00 2001 From: Tao Zhu <82401714+tao-stones@users.noreply.github.com> Date: Tue, 7 Oct 2025 11:23:30 -0500 Subject: [PATCH 09/12] Update proposals/0297-relax-invalid-nonce.md --- proposals/0297-relax-invalid-nonce.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proposals/0297-relax-invalid-nonce.md b/proposals/0297-relax-invalid-nonce.md index c1f206496..9da6a5e14 100644 --- a/proposals/0297-relax-invalid-nonce.md +++ b/proposals/0297-relax-invalid-nonce.md @@ -51,7 +51,7 @@ checks above — as non-state-modifying and non-fee-charging failures, as follow - The transaction is not executed. - The transaction is not included in status cache. - The transaction’s non-execution CU cost (i.e., transaction's static CUs, plus - CUs for loading accounts) still applies to the block limit. + actual CUs for loading accounts) still applies to the block limit. - The transaction is recorded in the block (marked as failed). - No account state is modified, including the nonce account (i.e., nonce is not advanced) and fee payer account (it is not charged with the transaction's From 3ae6737d21bee572c4608dc0b16051f7501a4aeb Mon Sep 17 00:00:00 2001 From: Tao Zhu Date: Tue, 7 Oct 2025 11:43:05 -0500 Subject: [PATCH 10/12] excluding stateless failure from being relaxed --- proposals/0297-relax-invalid-nonce.md | 45 ++++++++++++++++++--------- 1 file changed, 30 insertions(+), 15 deletions(-) diff --git a/proposals/0297-relax-invalid-nonce.md b/proposals/0297-relax-invalid-nonce.md index 9da6a5e14..1dfc88df4 100644 --- a/proposals/0297-relax-invalid-nonce.md +++ b/proposals/0297-relax-invalid-nonce.md @@ -45,24 +45,39 @@ block to be rejected) if any of the following occurs: ### Proposed Change -Update replay logic to treat invalid nonce transactions — those failing the -checks above — as non-state-modifying and non-fee-charging failures, as follows: - -- The transaction is not executed. -- The transaction is not included in status cache. -- The transaction’s non-execution CU cost (i.e., transaction's static CUs, plus - actual CUs for loading accounts) still applies to the block limit. -- The transaction is recorded in the block (marked as failed). -- No account state is modified, including the nonce account (i.e., nonce is - not advanced) and fee payer account (it is not charged with the transaction's - fee). -- The block is not rejected as long as all other transactions replay - successfully. +Update replay logic to handle invalid nonce transactions differently: + +1. For failure that can be checked without accessing account state, namely: + + - The nonce account is not a statically included account. + +Replay logic remains unchanged - entire block is rejected; + +2. For failures require account state to verify, namely: + + - The nonce account does not exist. + - The nonce account is not properly initialized. + - The stored nonce does not match the transaction's recent blockhash. + - The transaction fails to advance the nonce. + +Replay treats these transactions as non-state-modifying and non-fee-charging +failures, as follows: + + - The transaction is not executed. + - The transaction is not included in status cache. + - The transaction’s non-execution CU cost (i.e., transaction's static CUs, + plus actual CUs for loading accounts) still applies to the block limit. + - The transaction is recorded in the block (marked as failed). + - No account state is modified, including the nonce account (i.e., nonce is + not advanced) and fee payer account (it is not charged with the + transaction's fee). + - The block is not rejected as long as all other transactions replay + successfully. + ## Alternatives Considered -- Only relax a subset of errors (e.g., missing nonce account but not mismatched - blockhash). Adds complexity and partial gains. +N/A ## Impact From 6b825d62dc807f676e65cd264647fc13fc1e272b Mon Sep 17 00:00:00 2001 From: Tao Zhu Date: Tue, 7 Oct 2025 11:46:22 -0500 Subject: [PATCH 11/12] highlight impact on rpc --- proposals/0297-relax-invalid-nonce.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/proposals/0297-relax-invalid-nonce.md b/proposals/0297-relax-invalid-nonce.md index 1dfc88df4..88a38451c 100644 --- a/proposals/0297-relax-invalid-nonce.md +++ b/proposals/0297-relax-invalid-nonce.md @@ -81,8 +81,12 @@ N/A ## Impact -- Invalid nonced transactions will be included in blocks but will not be charged - fees. +- Invalid nonce transactions will be included in multiple blocks but will not be + charged fees. + +- The inclusion of the same nonce transaction in multiple blocks may affect RPC + behavior, such as querying a transaction by signature. The exact handling of + this is outside the scope of this proposal. ## Security Considerations From 4699ac684dc4b8a0a1916ce1cc2765dc594f302c Mon Sep 17 00:00:00 2001 From: Tao Zhu Date: Mon, 13 Oct 2025 10:37:22 -0500 Subject: [PATCH 12/12] nit fix --- proposals/0297-relax-invalid-nonce.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proposals/0297-relax-invalid-nonce.md b/proposals/0297-relax-invalid-nonce.md index 88a38451c..dfdb911f9 100644 --- a/proposals/0297-relax-invalid-nonce.md +++ b/proposals/0297-relax-invalid-nonce.md @@ -81,7 +81,7 @@ N/A ## Impact -- Invalid nonce transactions will be included in multiple blocks but will not be +- Invalid nonce transactions may be included in multiple blocks but will not be charged fees. - The inclusion of the same nonce transaction in multiple blocks may affect RPC