core, util: attach stateroot witness to NeoFS state objects #4099
Conversation
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## master #4099 +/- ##
==========================================
- Coverage 83.51% 83.38% -0.13%
==========================================
Files 351 351
Lines 42390 42458 +68
==========================================
+ Hits 35401 35405 +4
- Misses 5251 5317 +66
+ Partials 1738 1736 -2 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
|
I'll test this code on real network once we finalize the PR. |
pkg/core/native/designate.go
Outdated
| // NotifyServices notifies dependent services about node roles. It does not | ||
| // check whether roles were updated in the last block. It expects the cache to | ||
| // be initialized and RW. | ||
| func (s *Designate) NotifyServices(dao *dao.Simple, force bool) { |
There was a problem hiding this comment.
You can hide the force from public method if all callers use it this way (and postpersist can handle deal with caches internally).
| } | ||
|
|
||
| lastFoundIdx, err := strconv.ParseUint(lastItem.Attributes[0], 10, 32) | ||
| lastItemH, err := neofs.ObjectHead(ctx, s.Pool, s.Account.PrivateKey(), s.ContainerID, lastItem.ID) |
There was a problem hiding this comment.
Why an additional Head? You can request the attribute from ObjectSearch directly.
There was a problem hiding this comment.
How exactly?
From what I understood, we need to include attribute to a search filter. The problem is that this attribute is optional, and there's no such filter like "check attribute if it's present".
There was a problem hiding this comment.
No, just add it to the list of requested attributes, you'll get it if it's present.
| continue | ||
| } | ||
| if err = s.chain.AddContractStorageItems(batch, syncHeight, expectedRoot); err != nil { | ||
| if err = s.chain.AddContractStorageItems(batch, syncHeight, expectedRoot, witness); err != nil { |
There was a problem hiding this comment.
I'm not sure why you're passing it always when processing batches of KVs. Intermediate roots will never be correct, only the final one can be, so to me you should be:
- checking stateroot witness once before performing any state changes
- adding sets of KVs as usual
- checking the resulting stateroot to be equal to the one we proved to be correct at the first step
There was a problem hiding this comment.
I'm not sure why you're passing it always when processing batches of KVs
I'm just following the current implementation since we're passing expectedRoot every time as far. It was like that since #3844, let's refactor this code.
checking stateroot witness once before performing any state changes
It was an initial implementation, but then I discovered stateroot verification functions bound to the state service and decided to reuse this code (and it can be done only after state service cache initialization on the proper height). Fail-fast strategy is good, but we'll be sure that the whole state is correct only after full MPT recovery at the third step.
So are we OK with the stateroot witness checking code duplication?
There was a problem hiding this comment.
Implemented in a separate commit.
pkg/core/blockchain.go
Outdated
| // TODO: @roman-khimov, we need to notify NeoFS nodes about chain state reset so that they update | ||
| // NeoFSAlphabet-dependent services accordingly (the current code won't work because it's based | ||
| // on notifications, and there are no notifications during state sync). I suggest to add a callback | ||
| // to the Blockchain that will be called once state reset is finished. |
There was a problem hiding this comment.
It only happens on a new node normally and this can happen with non-local RPC as well, so callbacks can't solve the problem.
A part of #4049. Signed-off-by: Anna Shaleva <shaleva.ann@nspcc.ru>
AnnaShaleva
force-pushed
the
witnessed-root
branch
from
dcb5e8b to
d0216f0
Compare
Oracle, StateRoot and Notary services should properly react to state jump (either occured after state reset or after statesync finalization). Otherwise, these services use an out-of-date roles information retrieved from the previous node state. Signed-off-by: Anna Shaleva <shaleva.ann@nspcc.ru>
AnnaShaleva
force-pushed
the
witnessed-root
branch
2 times, most recently
from
e0fdcb0 to
a26d6a8
Compare
A part of #4049. 1. Check the stateroot witness. 2. Ensure witness' public keys match block's validators at the state sync height. Signed-off-by: Anna Shaleva <shaleva.ann@nspcc.ru>
AnnaShaleva
force-pushed
the
witnessed-root
branch
from
a26d6a8 to
3d7e28d
Compare
This callback is set when module is not active yet, no locking required. Signed-off-by: Anna Shaleva <shaleva.ann@nspcc.ru>
(*Module).syncStage is a subject of change, it may be updated by every Module's callback called concurrently. Signed-off-by: Anna Shaleva <shaleva.ann@nspcc.ru>
Signed-off-by: Anna Shaleva <shaleva.ann@nspcc.ru>
|
|
Close #4049.
As an alternative, we may consider attaching a full serialized stateroot instead of just witness (right now stateroot version is missing from the state object which may be a problem in future if stateroot version will be changed).