feat: consistent handling of edge cases for header sync #5837
Conversation
ghpbot-tari-project
added
P-acks_required
Test Results (Integration tests) 2 files + 2 11 suites +11 22m 0s ⏱️ + 22m 0s For more details on these failures, see this check. Results for commit 323e3f2. ± Comparison against base commit 43b994e. ♻️ This comment has been updated with latest results. |
hansieodendaal
force-pushed
the
ho_header_sync
branch
7 times, most recently
from
495f44a to
97879b3
Compare
hansieodendaal
changed the title
hansieodendaal
force-pushed
the
ho_header_sync
branch
2 times, most recently
from
b5adc65 to
febf997
Compare
ghpbot-tari-project
removed
the
P-reviews_required
hansieodendaal
force-pushed
the
ho_header_sync
branch
from
88e5830 to
4caa193
Compare
applications/minotari_console_wallet/src/ui/components/transactions_tab.rs
Outdated
Show resolved
Hide resolved
applications/minotari_console_wallet/src/ui/components/transactions_tab.rs
Outdated
Show resolved
Hide resolved
ghpbot-tari-project
added
P-reviews_required
| {})", | ||
| header_tip_height, | ||
| metadata.height_of_longest_chain(), | ||
| {}), peer has lied about chain metadata or did not want to provide headers", |
There was a problem hiding this comment.
This is not true. We only checked if our best_block < our best_headers
There was a problem hiding this comment.
Its true by deduction.
For us to have entered Header_sync the peer needed tot have a better pow(it claimed it did)
Then we check that out pow did not update and that they still have a claimed higher pow.
We then asked the peer to provide us the chain which had a better pow, but it could not. So we have the same or more headers on the exact same chain as they have. But we can have the headers, not the block, so if we check if we have the same blocks than headers, we must have the same or more blocks than they. Its not possible to have blocks and not the headers.
So the only conclusion we can make is one of the following 3:
They lied about their pow
They did not want to provide us with a higher chain
The swapped to a lower-difficulty pow chain.
So we are only left with 1 and 2 realisticly.
There was a problem hiding this comment.
Ok, I provided better data for a better decision
There was a problem hiding this comment.
Please provide a link to the new code or more detail about what you did, I can't find it among the other changes
There was a problem hiding this comment.
The conditions are now tested separately and both will be ban-able offences.
See
// Basic sanity check about the peer's claimed chain metadata
if chain_split_result.peer_accumulated_difficulty < sync_peer.claimed_chain_metadata().accumulated_difficulty()and
match header_sync_status.clone() {
HeaderSyncStatus::InSyncOrAhead => {
// Our POW is less than the peer's POW, as verified before the attempted header sync, therefore, if the
// peer did not supply any headers and we know we are behind based on the peer's claimed metadata, then
// we can ban the peer.
if best_header.height() == best_block.height() {| @@ -105,6 +108,7 @@ pub struct BaseNodeBuilder { | |||
| mempool_config: Option<MempoolConfig>, | |||
| mempool_service_config: Option<MempoolServiceConfig>, | |||
| liveness_service_config: Option<LivenessConfig>, | |||
| p2p_config: Option<P2pConfig>, | |||
There was a problem hiding this comment.
Not related to this PR, but this struct should really be called "TestBaseNodeBuilder"
| @@ -135,7 +135,7 @@ pub async fn initialize_local_test_comms<P: AsRef<Path>>( | |||
| discovery_request_timeout: Duration, | |||
| seed_peers: Vec<Peer>, | |||
| shutdown_signal: ShutdownSignal, | |||
| ) -> Result<(CommsNode, Dht, MessagingEventSender), CommsInitializationError> { | |||
| ) -> Result<(UnspawnedCommsNode, Dht, MessagingEventSender), CommsInitializationError> { | |||
There was a problem hiding this comment.
Unrelated: This test method should also be moved into a file that shows it's a test method. Because the method is so long, it is difficult to see that it's test code
hansieodendaal
force-pushed
the
ho_header_sync
branch
2 times, most recently
from
6326491 to
8e46cc5
Compare
hansieodendaal
force-pushed
the
ho_header_sync
branch
from
8e46cc5 to
6affe84
Compare
hansieodendaal
force-pushed
the
ho_header_sync
branch
2 times, most recently
from
b400759 to
2535e04
Compare
Bumps [rustix](https://github.com/bytecodealliance/rustix) from 0.37.23 to 0.37.26. - [Release notes](https://github.com/bytecodealliance/rustix/releases) - [Commits](bytecodealliance/rustix@v0.37.23...v0.37.26) --- updated-dependencies: - dependency-name: rustix dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
This PR fixes an edge case for header sync where the local node has a higher chain header, but the remote node has a higher actual blockchain height. It also simplifies the attempted header sync logic and error handling when a peer does not return headers and introduces consistent naming, variable re-use and use of information. When doing header sync, and determining from which peer to sync, we need to consider our actual blockchain state when comparing chains. It is possible that our node has valid block headers that will translate into a higher proof of work when fully synced than the remote syncing peer, but lacking the blocks to back the block headers, thus the remote chain has an actual higher proof of work blockchain. With the current implementation, race conditions can exist when determining if the peer is misbehaving, i.e. lying about their proof-of-work or not wanting to supply block headers, due to a mismatch in tip height used for the check. This PR fixes the race conditions by always using the latest local chain metadata and block headers, ignoring all sync peers that do not exceed our own accumulated difficulty and using consistent information in all the checks. Added a header sync tests integration unit test.
hansieodendaal
force-pushed
the
ho_header_sync
branch
from
971da89 to
4eeb873
Compare
hansieodendaal
force-pushed
the
ho_header_sync
branch
from
5b774c5 to
3b7664d
Compare
|
Fixes: #5816 |
Description
This PR fixes an edge case for header sync where the local node has more headers, but the remote node has better proof-of-work (accumulated difficulty), thus higher actual blockchain height. It also simplifies the attempted header sync logic and error handling when a peer does not return headers and introduces consistent naming, variable re-use and use of information
Supersedes #5756
Motivation and Context
When doing header sync, and determining from which peer to sync, we need to consider our actual blockchain state when comparing chains. It is possible that our node has valid block headers that will translate into a higher proof of work when fully synced than the remote syncing peer, but lacking the blocks to back the block headers, thus the remote chain has an actual higher proof of work blockchain.
With the current implementation, race conditions can exist when determining if the peer is misbehaving, i.e. lying about their proof-of-work or not wanting to supply block headers, due to a mismatch in tip height used for the check.
This PR fixes the race conditions by always using the latest local chain metadata and block headers, ignoring all sync peers that do not exceed our own accumulated difficulty and using consistent information in all the checks.
How Has This Been Tested?
Added integration-level unit tests:
test_header_sync_happy_pathtest_header_sync_with_fork_happy_pathtest_header_sync_uneven_headers_and_blocks_happy_pathtest_header_sync_uneven_headers_and_blocks_peer_lies_about_pow_no_bantest_header_sync_even_headers_and_blocks_peer_lies_about_pow_with_bantest_header_sync_even_headers_and_blocks_peer_metadata_improve_with_reorgWhat process can a PR reviewer use to test or verify this change?
Breaking Changes