Add a config flag for enabling the signing keys release frequency improvement

m-Peter · m-Peter · commit 97550d23753f · 2025-07-16T14:03:52.000+03:00
diff --git a/bootstrap/bootstrap.go b/bootstrap/bootstrap.go
@@ -243,7 +243,7 @@ func (b *Bootstrap) StartAPIServer(ctx context.Context) error {
 		}
 	}
 
-	b.keystore = keystore.New(ctx, accountKeys, b.client, b.logger)
+	b.keystore = keystore.New(ctx, accountKeys, b.client, b.config, b.logger)
 
 	// create transaction pool
 	var txPool requester.TxPool
diff --git a/cmd/run/cmd.go b/cmd/run/cmd.go
@@ -282,6 +282,7 @@ func init() {
 	Cmd.Flags().StringVar(&cloudKMSLocationID, "coa-cloud-kms-location-id", "", "The location ID where the key ring is grouped into, e.g. 'global'")
 	Cmd.Flags().StringVar(&cloudKMSKeyRingID, "coa-cloud-kms-key-ring-id", "", "The key ring ID where the KMS keys exist, e.g. 'tx-signing'")
 	Cmd.Flags().StringVar(&cloudKMSKey, "coa-cloud-kms-key", "", `Name of the KMS key and its version, e.g. "gw-key-6@1"`)
+	Cmd.Flags().BoolVar(&cfg.COATxLookupEnabled, "coa-tx-lookup-enabled", false, "Release COA signing keys by looking up their tx result status. Increases capacity of the available COA signing keys.")
 	Cmd.Flags().StringVar(&walletKey, "wallet-api-key", "", "ECDSA private key used for wallet APIs. WARNING: This should only be used locally or for testing, never in production.")
 	Cmd.Flags().IntVar(&cfg.MetricsPort, "metrics-port", 9091, "Port for the metrics server")
 	Cmd.Flags().BoolVar(&cfg.IndexOnly, "index-only", false, "Run the gateway in index-only mode which only allows querying the state and indexing, but disallows sending transactions.")
diff --git a/config/config.go b/config/config.go
@@ -56,6 +56,10 @@ type Config struct {
 	COAKey crypto.PrivateKey
 	// COACloudKMSKey is a Cloud KMS key that will be used for signing transactions.
 	COACloudKMSKey *flowGoKMS.Key
+	// COATxLookupEnabled sets whether COA signing keys are released by looking up
+	// their transaction result status from ANs. Increases capacity of the available
+	// COA signing keys.
+	COATxLookupEnabled bool
 	// GasPrice is a fixed gas price that will be used when submitting transactions.
 	GasPrice *big.Int
 	// EnforceGasPrice defines whether the minimum gas price should be enforced.
diff --git a/services/ingestion/event_subscriber.go b/services/ingestion/event_subscriber.go
@@ -176,7 +176,12 @@ func (r *RPCEventSubscriber) subscribe(ctx context.Context, height uint64) <-cha
 				for _, evt := range blockEvents.Events {
 					r.keyLock.NotifyTransaction(evt.TransactionID)
 				}
-				r.keyLock.NotifyBlock(blockEvents.BlockID)
+				r.keyLock.NotifyBlock(
+					flow.BlockHeader{
+						ID:     blockEvents.BlockID,
+						Height: blockEvents.Height,
+					},
+				)
 
 				eventsChan <- evmEvents
 
diff --git a/services/ingestion/event_subscriber_test.go b/services/ingestion/event_subscriber_test.go
@@ -10,6 +10,7 @@ import (
 	"github.com/onflow/flow-go-sdk/access"
 	gethCommon "github.com/onflow/go-ethereum/common"
 
+	"github.com/onflow/flow-evm-gateway/config"
 	"github.com/onflow/flow-evm-gateway/models"
 	errs "github.com/onflow/flow-evm-gateway/models/errors"
 	"github.com/onflow/flow-evm-gateway/services/requester"
@@ -46,7 +47,8 @@ func Test_Subscribing(t *testing.T) {
 
 	ctx := context.Background()
 	logger := zerolog.Nop()
-	ks := keystore.New(ctx, nil, client, logger)
+	cfg := config.Config{COATxLookupEnabled: true}
+	ks := keystore.New(ctx, nil, client, cfg, logger)
 
 	subscriber := NewRPCEventSubscriber(logger, client, flowGo.Previewnet, ks, 1)
 
@@ -90,7 +92,8 @@ func Test_MissingBlockEvent(t *testing.T) {
 
 	ctx := context.Background()
 	logger := zerolog.Nop()
-	ks := keystore.New(ctx, nil, client, logger)
+	cfg := config.Config{COATxLookupEnabled: true}
+	ks := keystore.New(ctx, nil, client, cfg, logger)
 
 	subscriber := NewRPCEventSubscriber(logger, client, flowGo.Previewnet, ks, 1)
 
@@ -196,7 +199,8 @@ func Test_SubscribingWithRetryOnError(t *testing.T) {
 
 	ctx := context.Background()
 	logger := zerolog.Nop()
-	ks := keystore.New(ctx, nil, client, logger)
+	cfg := config.Config{COATxLookupEnabled: true}
+	ks := keystore.New(ctx, nil, client, cfg, logger)
 
 	subscriber := NewRPCEventSubscriber(logger, client, flowGo.Previewnet, ks, 1)
 
@@ -263,7 +267,8 @@ func Test_SubscribingWithRetryOnErrorMultipleBlocks(t *testing.T) {
 
 	ctx := context.Background()
 	logger := zerolog.Nop()
-	ks := keystore.New(ctx, nil, client, logger)
+	cfg := config.Config{COATxLookupEnabled: true}
+	ks := keystore.New(ctx, nil, client, cfg, logger)
 
 	subscriber := NewRPCEventSubscriber(logger, client, flowGo.Previewnet, ks, 1)
 
@@ -329,7 +334,8 @@ func Test_SubscribingWithRetryOnErrorEmptyBlocks(t *testing.T) {
 
 	ctx := context.Background()
 	logger := zerolog.Nop()
-	ks := keystore.New(ctx, nil, client, logger)
+	cfg := config.Config{COATxLookupEnabled: true}
+	ks := keystore.New(ctx, nil, client, cfg, logger)
 
 	subscriber := NewRPCEventSubscriber(logger, client, flowGo.Previewnet, ks, 1)
 
diff --git a/services/requester/keystore/key_store.go b/services/requester/keystore/key_store.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"sync"
 
+	"github.com/onflow/flow-evm-gateway/config"
 	flowsdk "github.com/onflow/flow-go-sdk"
 	"github.com/onflow/flow-go-sdk/access"
 	"github.com/onflow/flow-go/model/flow"
@@ -17,16 +18,17 @@ const accountKeyBlockExpiration = flow.DefaultTransactionExpiry
 
 type KeyLock interface {
 	NotifyTransaction(txID flowsdk.Identifier)
-	NotifyBlock(blockID flowsdk.Identifier)
+	NotifyBlock(blockHeader flowsdk.BlockHeader)
 }
 
 type KeyStore struct {
 	client        access.Client
+	config        config.Config
 	availableKeys chan *AccountKey
 	usedKeys      map[flowsdk.Identifier]*AccountKey
 	size          int
 	keyMu         sync.Mutex
-	blockChan     chan flowsdk.Identifier
+	blockChan     chan flowsdk.BlockHeader
 	logger        zerolog.Logger
 
 	// Signal channel used to prevent blocking writes
@@ -40,19 +42,21 @@ func New(
 	ctx context.Context,
 	keys []*AccountKey,
 	client access.Client,
+	config config.Config,
 	logger zerolog.Logger,
 ) *KeyStore {
 	totalKeys := len(keys)
 
 	ks := &KeyStore{
 		client:        client,
+		config:        config,
 		availableKeys: make(chan *AccountKey, totalKeys),
 		usedKeys:      map[flowsdk.Identifier]*AccountKey{},
 		size:          totalKeys,
 		// `KeyStore.NotifyBlock` is called for each new Flow block,
-		// so we use a buffered channel to write the new block IDs
+		// so we use a buffered channel to write the new block headers
 		// to the `blockChan`, and read them through `processLockedKeys`.
-		blockChan: make(chan flowsdk.Identifier, 100),
+		blockChan: make(chan flowsdk.BlockHeader, 100),
 		logger:    logger,
 		done:      make(chan struct{}),
 	}
@@ -106,15 +110,15 @@ func (k *KeyStore) NotifyTransaction(txID flowsdk.Identifier) {
 
 // NotifyBlock is called to notify the KeyStore of a newly ingested block.
 // Pending transactions older than a threshold number of blocks are removed.
-func (k *KeyStore) NotifyBlock(blockID flowsdk.Identifier) {
+func (k *KeyStore) NotifyBlock(blockHeader flowsdk.BlockHeader) {
 	select {
 	case <-k.done:
 		k.logger.Warn().Msg(
 			"received `NotifyBlock` while the server is shutting down",
 		)
 		return
 	default:
-		k.blockChan <- blockID
+		k.blockChan <- blockHeader
 	}
 }
 
@@ -152,7 +156,7 @@ func (k *KeyStore) processLockedKeys(ctx context.Context) {
 		case <-ctx.Done():
 			close(k.done)
 			return
-		case blockID := <-k.blockChan:
+		case blockHeader := <-k.blockChan:
 			// TODO: If calling `k.client.GetTransactionResultsByBlockID` for each
 			// new block, seems to be problematic for ANs, we can take an approach
 			// like the one below:
@@ -173,37 +177,37 @@ func (k *KeyStore) processLockedKeys(ctx context.Context) {
 				continue
 			}
 
-			txResults, err := k.client.GetTransactionResultsByBlockID(ctx, blockID)
-			if err != nil {
-				k.logger.Error().Err(err).Msgf(
-					"failed to get transaction results for block ID: %s",
-					blockID.Hex(),
-				)
-				continue
+			txResults := []*flowsdk.TransactionResult{}
+			var err error
+			if k.config.COATxLookupEnabled {
+				txResults, err = k.client.GetTransactionResultsByBlockID(ctx, blockHeader.ID)
+				if err != nil {
+					k.logger.Error().Err(err).Msgf(
+						"failed to get transaction results for block ID: %s",
+						blockHeader.ID.Hex(),
+					)
+					continue
+				}
 			}
 
-			k.releasekeys(txResults)
+			k.releasekeys(blockHeader.Height, txResults)
 		}
 	}
 }
 
-// releasekeys accepts a slice of `TransactionResult` objects and
-// releases the account keys used for signing the given transactions.
+// releasekeys accepts a block height and a slice of `TransactionResult`
+// objects and releases the account keys used for signing the given
+// transactions.
 // It also releases the account keys which were last locked more than
 // or equal to `accountKeyBlockExpiration` blocks in the past.
-func (k *KeyStore) releasekeys(txResults []*flowsdk.TransactionResult) {
-	if len(txResults) == 0 {
-		return
-	}
-
+func (k *KeyStore) releasekeys(blockHeight uint64, txResults []*flowsdk.TransactionResult) {
 	k.keyMu.Lock()
 	defer k.keyMu.Unlock()
 
 	for _, txResult := range txResults {
 		k.unsafeUnlockKey(txResult.TransactionID)
 	}
 
-	blockHeight := txResults[0].BlockHeight
 	for txID, key := range k.usedKeys {
 		if blockHeight-key.lastLockedBlock.Load() >= accountKeyBlockExpiration {
 			k.unsafeUnlockKey(txID)
diff --git a/services/requester/keystore/key_store_test.go b/services/requester/keystore/key_store_test.go
@@ -7,6 +7,7 @@ import (
 	"testing"
 	"time"
 
+	"github.com/onflow/flow-evm-gateway/config"
 	"github.com/onflow/flow-evm-gateway/services/testutils"
 	sdk "github.com/onflow/flow-go-sdk"
 	"github.com/onflow/flow-go-sdk/access/mocks"
@@ -29,7 +30,13 @@ func TestTake(t *testing.T) {
 		keys = append(keys, NewAccountKey(*accountKey, addrGenerator.New(), signer))
 	}
 
-	ks := New(context.Background(), keys, testutils.SetupClientForRange(1, 100), zerolog.Nop())
+	ks := New(
+		context.Background(),
+		keys,
+		testutils.SetupClientForRange(1, 100),
+		config.Config{COATxLookupEnabled: true},
+		zerolog.Nop(),
+	)
 
 	t.Run("Take with no metadata updates", func(t *testing.T) {
 		key, err := ks.Take()
@@ -110,7 +117,13 @@ func TestTake(t *testing.T) {
 				}, nil
 			},
 		}
-		ks := New(context.Background(), keys, client, zerolog.Nop())
+		ks := New(
+			context.Background(),
+			keys,
+			client,
+			config.Config{COATxLookupEnabled: true},
+			zerolog.Nop(),
+		)
 
 		key, err := ks.Take()
 		require.NoError(t, err)
@@ -126,7 +139,12 @@ func TestTake(t *testing.T) {
 		assert.Equal(t, key, ks.usedKeys[txID])
 
 		// notify for one block before the expiration block, key should still be reserved
-		ks.NotifyBlock(blockIDNonExpired)
+		ks.NotifyBlock(
+			sdk.BlockHeader{
+				ID:     blockIDNonExpired,
+				Height: blockHeight + accountKeyBlockExpiration - 1,
+			},
+		)
 
 		// Give some time to allow the KeyStore to check for the
 		// transaction result statuses in the background.
@@ -136,7 +154,12 @@ func TestTake(t *testing.T) {
 		assert.Equal(t, key, ks.usedKeys[txID])
 
 		// notify for the expiration block
-		ks.NotifyBlock(identifierFixture())
+		ks.NotifyBlock(
+			sdk.BlockHeader{
+				ID:     identifierFixture(),
+				Height: blockHeight + accountKeyBlockExpiration,
+			},
+		)
 
 		// Give some time to allow the KeyStore to check for the
 		// transaction result statuses in the background.
@@ -164,6 +187,7 @@ func TestKeySigning(t *testing.T) {
 			NewAccountKey(*accountKey, address, signer),
 		},
 		testutils.SetupClientForRange(1, 100),
+		config.Config{COATxLookupEnabled: true},
 		zerolog.Nop(),
 	)
 
@@ -211,7 +235,13 @@ func TestConcurrentUse(t *testing.T) {
 		keys = append(keys, key)
 	}
 
-	ks := New(context.Background(), keys, testutils.SetupClientForRange(1, 100), zerolog.Nop())
+	ks := New(
+		context.Background(),
+		keys,
+		testutils.SetupClientForRange(1, 100),
+		config.Config{COATxLookupEnabled: true},
+		zerolog.Nop(),
+	)
 
 	g := errgroup.Group{}
 	g.SetLimit(concurrentTxCount)
diff --git a/tests/key_store_release_test.go b/tests/key_store_release_test.go
@@ -55,20 +55,21 @@ func Test_KeyStoreSigningKeysRelease(t *testing.T) {
 	require.NoError(t, err)
 
 	cfg := config.Config{
-		DatabaseDir:       t.TempDir(),
-		AccessNodeHost:    grpcHost,
-		RPCPort:           8545,
-		RPCHost:           "127.0.0.1",
-		FlowNetworkID:     "flow-emulator",
-		EVMNetworkID:      types.FlowEVMPreviewNetChainID,
-		Coinbase:          eoaTestAccount,
-		COAAddress:        *createdAddr,
-		COAKey:            privateKey,
-		GasPrice:          new(big.Int).SetUint64(0),
-		EnforceGasPrice:   true,
-		LogLevel:          zerolog.DebugLevel,
-		LogWriter:         testLogWriter(),
-		TxStateValidation: config.LocalIndexValidation,
+		DatabaseDir:        t.TempDir(),
+		AccessNodeHost:     grpcHost,
+		RPCPort:            8545,
+		RPCHost:            "127.0.0.1",
+		FlowNetworkID:      "flow-emulator",
+		EVMNetworkID:       types.FlowEVMPreviewNetChainID,
+		Coinbase:           eoaTestAccount,
+		COAAddress:         *createdAddr,
+		COAKey:             privateKey,
+		COATxLookupEnabled: true,
+		GasPrice:           new(big.Int).SetUint64(0),
+		EnforceGasPrice:    true,
+		LogLevel:           zerolog.DebugLevel,
+		LogWriter:          testLogWriter(),
+		TxStateValidation:  config.LocalIndexValidation,
 	}
 
 	rpcTester := &rpcTest{

Original file line number	Diff line number	Diff line change
`@@ -243,7 +243,7 @@ func (b *Bootstrap) StartAPIServer(ctx context.Context) error {`
`243`	`243`	`}`
`244`	`244`	`}`
`245`	`245`
`246`		`- b.keystore = keystore.New(ctx, accountKeys, b.client, b.logger)`
	`246`	`+ b.keystore = keystore.New(ctx, accountKeys, b.client, b.config, b.logger)`
`247`	`247`
`248`	`248`	`// create transaction pool`
`249`	`249`	`var txPool requester.TxPool`