-
Notifications
You must be signed in to change notification settings - Fork 1.7k
Add randomness contract support to AuthorityRound. #10946
Conversation
It looks like @afck signed our Contributor License Agreement. 👍 Many thanks, Parity Technologies CLA Bot |
73fca41
to
98c6827
Compare
64ae88d
to
cfad2b7
Compare
d1af62f
to
565c31e
Compare
|
b93995f
to
fd89a98
Compare
ed2b734
to
3e42c94
Compare
e7d4815
to
11efb01
Compare
Hi! I'm still interested in merging this, and happy address any concerns about the implementation. |
8998882
to
245d71c
Compare
|
Changes have been cherry-picked from poanetwork's aura-pos branch. Most of the work has been done by @mbr.
Co-Authored-By: David <[email protected]>
// Creates and signs a transaction with the given contract call. | ||
let mut make_transaction = |to: Address, data: Bytes| -> Result<SignedTransaction, Error> { | ||
let nonce = Some(tx_nonce); | ||
tx_nonce += U256::one(); // Increment the nonce for the next transaction. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is it okay to panic here on overflow? or is it not feasible to get an overflow here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there a way to artificially increase account nonces somehow?
Otherwise I'd say it's not feasible: You'd have to execute 2^256 transactions to get there.
Not sure whether the yellow paper even defines what should happen in that case? At a glance, I couldn't find it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
@@ -1430,6 +1452,46 @@ impl Engine for AuthorityRound { | |||
block_reward::apply_block_rewards(&rewards, block, &self.machine) | |||
} | |||
|
|||
/// Make calls to the randomness contract. | |||
fn on_prepare_block(&self, block: &ExecutedBlock) -> Result<Vec<SignedTransaction>, Error> { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is it still guaranteed at this point that the client's latest nonce is the same, i.e. that the latest block as seen by the client is the parent of this
block
?
I honestly do not know. @tomusdrw maybe?
/// Waiting for the next phase. | ||
/// | ||
/// This state indicates either the successful revelation in this round or having missed the | ||
/// window to make a commitment. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe dumb q: what is the window? A range of blocks? Where do we set this? In the aura_random
contract? (If yes, I think it's a good idea to add notes for any piece of data that is defined in the contract as opposed to the rust code).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's up to the contract. In POSDAO it's a range of blocks, yes.
I'll add a comment.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The comment was added in poanetwork@4799aeb.
/// | ||
/// Returns the encoded contract call necessary to advance the randomness contract's state. | ||
/// | ||
/// **Warning**: The `advance()` function should be called only once per block state; otherwise |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure what you mean by "block state"? Can you elaborate?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the intent of this warning was to make sure we don't call advance()
twice in the same block. I'll reword it.
|
||
/// Perform a function call to an ethereum machine that doesn't create a transaction or change the state. | ||
/// | ||
/// Runs a constant function call on `client`. The `call` value can be serialized by calling any |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think I've asked this somewhere else already but I do not remember the answer, apologies. What is meant by a "constant function" in this context? Is it "constant" because it does not create txs and thus does not alter state? If yes, I suggest being explicit: "Runs a non-state altering function call…" (or something to that effect).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, exactly. I'll expand the comment.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The comment was expanded in poanetwork@4799aeb#diff-a4faad7e2fe2f519b612d48dfa0f8607.
json/src/spec/authority_round.rs
Outdated
#[derive(Debug, PartialEq, Deserialize)] | ||
#[serde(deny_unknown_fields)] | ||
#[serde(untagged)] | ||
pub enum TransitionMap<T> { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree that it'd be nice to let knowledgeable users to have a short-form for the single-item use case. However I also think that it's worth more to have less rust code to maintain: configuration mistakes are non-catastrophic (the node won't start; bugs in rust might be more subtle) and probably easy to mitigate with docs. So yeah, unless you disagree strongly I think it's good to mandate a map here.
I addressed most comments, except the error-related ones (also #10946 (comment) — see my reply; happy to work on this once we make a decision). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good overall, but I suggested couple of renames and we need to address the sealing.lock()
being held during the entire time when we push transactions to the block.
ethcore/client-traits/src/lib.rs
Outdated
self.transact(Action::Call(address), data, None, None, None) | ||
} | ||
|
||
/// Returns a signed transaction. If gas limit, gas price, or nonce are not |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Signed by what key?
ethcore/client-traits/src/lib.rs
Outdated
} | ||
|
||
/// Returns a signed transaction. If gas limit, gas price, or nonce are not | ||
/// specified, the defaults are used. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the defaults are used.
I like the comment from transact
better, cause you really can't have a default nonce
- it's a bit nonsense.
ethcore/client-traits/src/lib.rs
Outdated
&self, | ||
action: Action, | ||
data: Bytes, | ||
gas: Option<U256>, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was expressing my need for a builder in such long calls in some other PR already :) I really think it would make the callers life easier and the code more readable, especially if we are passing 3 None
s.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Something like:
client.create_transaction(TransactionBuilder::call(address).gas(5).nonce(4).build())
Then the caller would configure only the stuff they really need and we could simplify the interface to:
fn create_transaction(&self, TransactionRequest) -> Result<SignedTransaction>;
fn submit_transaction(&self, SignedTransaction) -> Result<()>;
fn transact(&self, r: TransactionRequest) -> Result<()> {
self.submit_transaction(self.create_transaction(r)?)
}
instead of having a random transact_contract
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done…
I didn't separate builder from request, though; let me know if you're okay with that approach.
snapshot::Snapshotting, | ||
transaction::{Action, SignedTransaction}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
funky indentation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed. (Sorry, somehow sometimes my Vim doesn't realize it's tabs.)
EngineError::RequiresClient | ||
})?; | ||
let full_client = client.as_full_client() | ||
.ok_or(EngineError::FailedSystemCall("Failed to upgrade to BlockchainClient.".to_string()))?; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
.ok_or(EngineError::FailedSystemCall("Failed to upgrade to BlockchainClient.".to_string()))?; | |
.ok_or_else(|| EngineError::FailedSystemCall("Failed to upgrade to BlockchainClient.".to_string()))?; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
/// Creates new instance of miner with given spec and accounts. | ||
/// | ||
/// NOTE This should be only used for tests. | ||
pub fn new_for_tests_force_sealing(spec: &Spec, accounts: Option<HashSet<Address>>, force_sealing: bool) -> Miner { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would rather keep only one function that is exposed for tests (especially that it's not feature-flagged). Is this new function really necessary? Can't you enable force_sealing
for all tests?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There seem to be two tests relying on it:
failures:
miner::miner::tests::should_not_mine_if_internal_sealing_is_disabled
miner::miner::tests::should_not_mine_if_no_fetch_work_request
We can add the parameter to new_for_tests
, but that will touch a lot of files.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay, would be best to have some way for them to alter the options, without introducing those additional methods, but I'm fine as-is.
|
||
impl<'a> BoundContract<'a> { | ||
/// Create a new `BoundContract`. | ||
#[inline] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
#[inline] |
Should be left to compiler to decide that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
let number: RandNumber = rng.gen(); | ||
let number_hash: Hash = keccak(number.as_bytes()); | ||
let public = signer.public().ok_or(PhaseError::MissingPublicKey)?; | ||
let cipher = ecies::encrypt(&public, &number_hash.0, number.as_bytes())?; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are there any other reasons to store the encrypted number on-chain other than avoiding validator nodes being stateful (i.e. having to store it off-chain to reveal in the future)?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We think it would be more reliable to store the cipher on-chain, and, since we call the commitHash
function anyway, we pass the cipher
to it at the same time. So storing it on-chain doesn't require making a separate transaction.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also, if your node crashes somehow and you start another one, it can just continue, and won't fail to reveal the secret.
If we stored that locally, the backup node wouldn't have the required information.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would be good to check with some cryptographer if we don't leak some information everytime we encode the same number. I think it's unlikely, but still.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You mean because we publish multiple pairs of plaintext + ciphertext for the same key?
Since ECIES is supposed to be secure even against chosen-plaintext and chosen-ciphertext attacks, I believe that shouldn't be a problem. But I'm not a cryptographer either.
@@ -1430,6 +1452,46 @@ impl Engine for AuthorityRound { | |||
block_reward::apply_block_rewards(&rewards, block, &self.machine) | |||
} | |||
|
|||
/// Make calls to the randomness contract. | |||
fn on_prepare_block(&self, block: &ExecutedBlock) -> Result<Vec<SignedTransaction>, Error> { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, the nonce
should be the same since we are only calling this function before any transaction is applied. I think we should actually consider renaming this function to fn generate_engine_transactions(&self, block: &ExecutedBlock) -> Result<Vec<_>>
and document it properly. Having on_prepare_block
return a list of transactions doesn't seem intuitive for me.
@@ -35,8 +35,16 @@ pub enum EngineError { | |||
BadSealFieldSize(OutOfBounds<usize>), | |||
/// Validation proof insufficient. | |||
InsufficientProof(String), | |||
/// Randomness error in load method | |||
RandomnessLoadError(String), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems that the AuRa internal randomness contract is leaking to a generic EngineError
type, I think we should rather keep these under some more generic variant, especially that we never really handle them explicitly.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, I'm really unsure about how we should organize these errors (also see #10946 (comment)).
Should we call this Other(String)
then? Or Other<Box<dyn Error>>
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, either of those. I think I'm more in favor of simpler Other(String)
. Ideally would be if Engine
had an associated type of it's custom error type, but that's way beyond the scope of this PR.
@dvdplm are you fine with Other(String)
or do you like Other<Box<dyn Error>>
more?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actually, there's already a Custom(String)
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's go with the existing Custom(String)
. Not ideal, but I agree with Tomek here: improving the error handling here is non-trivial and not in scope for this PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great! I used Custom
in ab169e2.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! Tiny thing left (remove transact_contract
), but I'm good to merge as is.
ethcore/client-traits/src/lib.rs
Outdated
@@ -397,30 +397,69 @@ pub trait BlockChainClient: | |||
|
|||
/// Schedule state-altering transaction to be executed on the next pending block. | |||
fn transact_contract(&self, address: Address, data: Bytes) -> Result<(), transaction::Error> { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd remove that method now, it's really easy to use transact
instead.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I removed it. 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perfect, thanks!
This allows
AuthorityRound
validators to participate in a RANDAO-like RNG smart contract. We implemented it as part of POSDAO, but it would work as a standalone feature to provide on-chain randomness, too.See the description below: #10946 (comment)
Original implementation by @mbr: poanetwork#52
I'm not really happy with the fact that we can only call e.g.
isCommitPhase
on the "latest" block, i.e. the parent of the one we're currently creating, and we're including our transactions in. This means authors of randomness contracts need to check incommitHash
whether_isCommitPhase(block.number - 1)
.For a different feature, we actually added a
Client::call_contract_before
method that allows you to make calls at the current pending block: https://github.com/poanetwork/parity-ethereum/pull/140/files#diff-40c7c65265e511d07158f62712f69573R1460I.e. the call is made at the initial state of the pending block, but with the correct new block number. Do you think it would make sense to add that to
Client
and use it here instead?Another issue is that without
--force-sealing
, we're not producing new blocks, even if it would be our turn to send a value to the randomness contract. I'm not sure where the right place in the code is to put a warning in that case; or where I'd even have access to bothforce_sealing
andrandomness_contract_address
?Is there any place where I should add documentation for the contract API?
Please let me know your thoughts!