Skip to content

Priority transactors liveness#46

Merged
chrischarlesharrison merged 5 commits intomasterfrom
priority-transactors-liveness
Feb 13, 2026
Merged

Priority transactors liveness#46
chrischarlesharrison merged 5 commits intomasterfrom
priority-transactors-liveness

Conversation

@chrischarlesharrison
Copy link
Collaborator

@chrischarlesharrison chrischarlesharrison commented Feb 13, 2026
edited
Loading

Summary

  • Replace MustGetPriorityTransactors / MustGetPriorityTransactorsForState (panic on error) with GetPriorityTransactors / GetPriorityTransactorsForState (return empty map on error) to prevent chain halts from contract failures
  • Add defensive validation of contract return data: safe type conversion with panic recovery, public key length checks, all-zero key rejection, and secp256k1 curve validation via PublicKey.IsValid()
  • Add unit tests for the safeConvertTransactorsMeta helper and PublicKey.IsValid() edge cases

Motivation

The old code used panic() when the priority transactors contract call failed or returned unexpected data. A panic during block processing or tx pool reset would crash the node. If the contract is misconfigured, upgraded incorrectly, or returns malformed
data, every validator would crash simultaneously — causing a full chain halt.

This PR ensures the chain stays alive by returning an empty priority transactor list (denying privileges) on any failure, and logging at Error level for operator visibility. Malformed individual entries (wrong key length, all-zero keys, keys not on the
secp256k1 curve) are skipped with Warn-level logs rather than poisoning the entire map.

Changes

  • core/prioritytransactors.go — Core logic: panic removal, error-return pattern, safeConvertTransactorsMeta with panic recovery, per-entry public key validation (length, all-zero, IsValid() curve check)
  • core/blockchain_reader.go — Rename MustGetPriorityTransactorsForState → GetPriorityTransactorsForState
  • core/state_processor.go — Update call sites
  • core/tx_pool.go — Update interface and call site
  • miner/worker.go — Update call site
  • core/tx_pool_test.go, miner/miner_test.go — Update mock implementations to match renamed interface
  • core/prioritytransactors_test.go (new) — Unit tests for safeConvertTransactorsMeta and PublicKey.IsValid()

Test plan

  • All existing tx_pool_test.go priority transaction tests pass with renamed interface
  • New safeConvertTransactorsMeta tests: valid input, empty slice, nil, string/int/struct type mismatches (panic recovery)
  • New PublicKey.IsValid() tests: valid key, wrong prefix (0x02), off-curve point
  • Manual: verify node continues producing blocks when contract address points to invalid/empty bytecode
  • Manual: verify Error/Warn log output appears when contract call fails or individual entries are malformed

@chrischarlesharrison
core/prioritytransactors: do not panic if the priority transactors co…
56b51c7 
…ntract call goes wrong to preserve liveness
@chrischarlesharrison
core: defensively handle malformed priority transactor contract data
34e6dc5
@chrischarlesharrison
Merge branch 'master' into priority-transactors-liveness
5874342
@chrischarlesharrison
core: add unit tests for safeConvertTransactorsMeta
6da811a 
Cover valid input, empty slice, nil, and type-mismatch recovery to
ensure the panic-recovery wrapper introduced in the liveness PR
behaves correctly for all edge cases.
@chrischarlesharrison
core: validate priority transactor public keys against secp256k1 curve
a08563f 
Use PublicKey.IsValid() to reject keys that are 65 bytes but have
a wrong prefix or coordinates not on the secp256k1 curve. Add tests
for the curve validation covering valid keys, wrong prefix, and
off-curve points.
@chrischarlesharrison chrischarlesharrison merged commit aa4e0de into master Feb 13, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@chrischarlesharrison