multi: Rework old fork rejection logic. #2945
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
davecgh
added
non-forking consensus
davecgh
force-pushed
the
multi_rework_old_fork_rejection
branch
2 times, most recently
from
67a452e
to
ca75fea
Compare
rstaudt2
reviewed
May 15, 2022
There was a problem hiding this comment.
This looks great. It's nice to consolidate this logic and not deal with both checkpoints and assume valid separately. I also think referring to the concept as allowing old forks is more self-explanatory than calling it checkpoints.
I don't see any logic issues and ran a few full syncs on mainnet without issue with various combinations of --allowoldforks and --assumevalid options.
| // Calculate the expected number of blocks in 2 weeks and cache it in order | ||
| // to avoid repeated calculation. | ||
| const timeInTwoWeeks = time.Hour * 24 * 14 | ||
| expectedBlksInTwoWeeks := int64(timeInTwoWeeks / params.TargetTimePerBlock) |
There was a problem hiding this comment.
Nice, good call to cache this.
davecgh
force-pushed
the
multi_rework_old_fork_rejection
branch
3 times, most recently
from
1c50347
to
e01c1fc
Compare
rstaudt2
approved these changes
May 15, 2022
davecgh
commented
May 16, 2022
davecgh
force-pushed
the
multi_rework_old_fork_rejection
branch
from
e01c1fc
to
185df25
Compare
JoeGruffins
approved these changes
May 19, 2022
This utility is no longer be necessary since the manual checkpoint logic is being reworked in upcoming commits.
This adds a new field to the blockchain instance to store a cached version of the number of expected blocks in two weeks to avoid repeated calculation.
Historically, checkpoints have been manually specified and used both for
various optimizations and to protect against cheap DoS attacks by
rejecting forks deep in history. The primary motivation for manually
specifying the checkpoints was said optimizations, however, those
optimization portions have now been decoupled from checkpoints in favor
of other methods, so the only remaining use of checkpoints is the
aforementioned rejection of forks deep in history.
Thus, this reworks the old fork rejection logic to make it automatic
based on an ancestor that is two weeks worth of blocks behind the
hard-coded assumevalid block (clamped to the genesis block if necessary)
that is manually specified at each release as opposed to needing to
additionally manually specify checkpoints.
Note the distinction here between the hard-coded assumevalid block
specified at each release and the potentially overridden value specified
by a user via CLI configuration options. This is an important
distinction because old fork rejection affects consensus and thus must
not move around based on user configuration.
This approach means the user can still specify a more recent assume
valid hash or disable assume valid optimizations independently without
affecting the consensus logic while still removing the need to manually
specify additional checkpoints.
The following is a high level overview of the changes:
- Modifies the blockchain.Config struct as follows:
- Removes the LastestCheckpoint option
- Adds a AllowOldForks option
- Removes all code related to manually specified checkpoints and finding
candidates
- Removes the following errors since they are no longer used:
- ErrBadCheckpoint
- ErrCheckpointTimeTooOld
- Renames checkpointNode to rejectForksCheckpoint to make it clear that
is the only thing it applies to
- Adds logic to potentially reject forks deep in history as follows:
- Do not reject old forks if they are manually allowed or the
hard-coded assumevalid block is not specified for the network
- Automatically choose an ancestor that is two weeks worth of blocks
prior to the hard-coded assumevalid block (clamped to the genesis
block if necessary)
- Replaces --nocheckpoints CLI option with --allowoldforks
- Updates doc.go to match the changes to the CLI options
This method is no longer used since manual checkpoints no longer exist.
This deprecates the Checkpoints field of the chain parameters and removes all manually-specified entries for all networks since manual checkpoints no longer exist.
davecgh
force-pushed
the
multi_rework_old_fork_rejection
branch
from
185df25
to
55ac703
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This requires #2942 and #2943.Historically, checkpoints have been manually specified and used both for various optimizations and to protect against cheap DoS attacks by rejecting forks deep in history. The primary motivation for manually specifying the checkpoints was said optimizations, however, those optimization portions have now been decoupled from checkpoints in favor of other methods, so the only remaining use of checkpoints is the aforementioned rejection of forks deep in history.
Thus, this reworks the old fork rejection logic to make it automatic based on an ancestor that is two weeks worth of blocks behind the hard-coded
assumevalidblock (clamped to the genesis block if necessary) that is manually specified at each release as opposed to needing to additionally manually specify checkpoints.Note the distinction here between the hard-coded
assumevalidblock specified at each release and the potentially overridden value specified by a user via CLI configuration options. This is an important distinction because old fork rejection affects consensus and thus must not move around based on user configuration.This approach means the user can still specify a more recent assume valid hash or disable assume valid optimizations independently without affecting the consensus logic while still removing the need to manually specify additional checkpoints.
The changes have been split into multiple commits to help ease review.
The following is a high level overview of the changes:
findcheckpointsutilityblockchain.Configstruct as follows:LastestCheckpointoptionAllowOldForksoptionErrBadCheckpointErrCheckpointTimeTooOldcheckpointNodetorejectForksCheckpointto make it clear that is the only thing it applies toassumevalidblock is not specified for the networkassumevalidblock (clamped to the genesis block if necessary)--nocheckpointsCLI option with--allowoldforksdoc.goto match the changes to the CLI optionschaincfg.LatestCheckpointHeightchaincfg.Checkpointschaincfg.Checkpointsentries since they are no longer used