New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
assumeutxo: fail early if snapshot block hash doesn't match AssumeUTXO parameters #28652
assumeutxo: fail early if snapshot block hash doesn't match AssumeUTXO parameters #28652
Conversation
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. Code CoverageFor detailed information about the code coverage, see the test coverage report. ReviewsSee the guideline for information on the review process.
If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update. ConflictsReviewers, this pull request conflicts with the following ones:
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first. |
Wasn't the goal to make the RPC async, in which case the wait loop can be replaced with an immediate error? This would also avoid having to duplicate error checks in the RPC, as well as the Activate function? |
Yes, I think that's one of the long-term plans: #28620. It seems that currently no-one is working on that though and even if, it's likely too late to include it into the upcoming release v26 anyway. This PR is based on the assumption that the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Concept ACK.
It happened to me during assumeutxo
testing so returning errors earlier if possible makes sense to me, even if loadtxoutset
is made async at some point.
src/rpc/blockchain.cpp
Outdated
@@ -2751,6 +2751,10 @@ static RPCHelpMan loadtxoutset() | |||
afile >> metadata; | |||
|
|||
uint256 base_blockhash = metadata.m_base_blockhash; | |||
if (!Params().AssumeutxoForBlockhash(base_blockhash).has_value()) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: Use chainman
to get the params, instead of using the global?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, done. Intentionally moved the chainman
definition up more than needed (right after node
) to fail early in the (hypothetical?) case that there's no chainman.
164273c
to
9620cb4
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Code review ACK 9620cb4. This should fix an annoyance and bad UX.
It would be possible to deduplicate the checks in the loadtxoutset function and ActivateSnapshot without making the RPC async by splitting ActivateSnapshot up and returning util::Result as suggested #27596 (comment). But the current PR seems like a simple improvement for now.
lgtm ACK 9620cb4 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
tACK 9620cb4
error ouput with a file which size >= 40 bytes (size of SnapshotMetadata)
./src/bitcoin-cli -datadir=${AU_DATADIR} loadtxoutset ${AU_DATADIR}/utxo-111.dat
error code: -32603
error message:
Unable to load UTXO snapshot, assumeutxo block hash in snapshot metadata not recognized (3634353634363536363435363436353636343536343635363634353634363536)
error ouput with a file which size < 40 bytes (not enough to fit SnapshotMetadata structure)
./src/bitcoin-cli -datadir=${AU_DATADIR} loadtxoutset ${AU_DATADIR}/utxo-111.dat
error code: -1
error message:
AutoFile::read: end of file: iostream error
I left a suggestion to handle iostream error
when utxo file size is less than 40 bytes.
@@ -2751,14 +2752,16 @@ static RPCHelpMan loadtxoutset() | |||
afile >> metadata; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since we are touching this file I think we could improved the iostream error
that's thrown when the file size is less than 40 bytes.
afile >> metadata; | |
// Check if the file size is at least as large as the expected size of SnapshotMetadata | |
if (afile.size() < sizeof(SnapshotMetadata)) { | |
throw JSONRPCError(RPC_INTERNAL_ERROR, strprintf("Unable to load UTXO snapshot, " | |
"file size is invalid"); | |
} | |
afile >> metadata; | |
Since this adds the test for a bad hash, that Todo should be removed from the list at the top of |
This PR doesn't add a new test; the "bad hash" TODO (which refers to the UTXO set hash, not the block hash in the metadata, as far as I understand) is tackled in #28647. |
No, I'd say it is still up for grabs: #28647 (comment) |
Sorry, I actually meant the block hash one, just misspelled/confused: |
I implemented a (partial) fix for #28620 , you might want to take a look. |
…esn't match AssumeUTXO parameters
Right now the
loadtxoutset
RPC call treats literally all files with a minimum size of 40 bytes (=size of metadata) as potential valid snapshot candidates and the waiting loop for seeing the metadata block hash in the headers chain is always entered, e.g.:There is no point in doing any further action though if we already know from the start that the UTXO snapshot loading won't be successful. This PR adds an assumeutxo parameter check immediately after the metadata is read in, so we can fail immediately on a mismatch:
This way, users who mistakenly try to load files that are not snapshots don't have to wait 10 minutes (=the block header waiting timeout) anymore to get a negative response. If a file is loaded which is a valid snapshot (referencing to an existing block hash), but one which doesn't match the parameters, the feedback is also faster, as we don't have to wait anymore to see the hash in the headers chain before getting an error.
This is also partially fixes #28621.