You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
#6004 added support for validating that a payer has sufficient balance to fund a transaction. This is implemented by executing a script against the latest sealed block. If executing the script fails, the payer check fails open, and the tx is marked valid.
This is OK since the payer validation is a best-effort check since it does not provide any security guarantees, and instead helps to defend against accidental spam.
However, this also means that some percent of tx will still get through depending on how well the node keeps up with indexing.
Proposed Solution
Instead of using the latest sealed block, use the latest indexed block. We could then do a check to ensure that the difference between the latest sealed and indexed is within some tolerance to handle cases where a node is behind on indexing.
The access handler accepts a state_synchronization.IndexReporter which provides a method to get the highest indexed height. This is passed into the rpcBuilder here:
This same reporter could be passed into the backend, and then into the validator when instantiated it. This would allow us to extend the ProtocolStateBlocks to include a new method IndexedHeight that returned the response from calling HighestIndexedHeight() on the indexer
Problem Description
#6004 added support for validating that a payer has sufficient balance to fund a transaction. This is implemented by executing a script against the latest sealed block. If executing the script fails, the payer check fails open, and the tx is marked valid.
This is OK since the payer validation is a best-effort check since it does not provide any security guarantees, and instead helps to defend against accidental spam.
However, this also means that some percent of tx will still get through depending on how well the node keeps up with indexing.
Proposed Solution
Instead of using the latest sealed block, use the latest indexed block. We could then do a check to ensure that the difference between the latest sealed and indexed is within some tolerance to handle cases where a node is behind on indexing.
The access
handler
accepts astate_synchronization.IndexReporter
which provides a method to get the highest indexed height. This is passed into therpcBuilder
here:flow-go/cmd/access/node_builder/access_node_builder.go
Line 1776 in 9d87eb4
This same reporter could be passed into the backend, and then into the validator when instantiated it. This would allow us to extend the
ProtocolStateBlocks
to include a new methodIndexedHeight
that returned the response from callingHighestIndexedHeight()
on the indexerflow-go/access/validator.go
Lines 41 to 43 in 9d87eb4
Finally, when checking the payer,
This will produce a higher rate of successful checks, while avoiding the executions entirely when the node falls behind.
The text was updated successfully, but these errors were encountered: