Merge pull request #842 from onflow/mpeter/improve-signing-keys-release-frequency

Improve release frequency for signing keys

Author: m-Peter

bootstrap/bootstrap.go

@@ -243,7 +243,7 @@ func (b *Bootstrap) StartAPIServer(ctx context.Context) error {
 		}
 	}
 
-	b.keystore = keystore.New(accountKeys)
+	b.keystore = keystore.New(ctx, accountKeys, b.client, b.config, b.logger)
 
 	// create transaction pool
 	var txPool requester.TxPool

cmd/run/cmd.go

@@ -282,6 +282,7 @@ func init() {
 	Cmd.Flags().StringVar(&cloudKMSLocationID, "coa-cloud-kms-location-id", "", "The location ID where the key ring is grouped into, e.g. 'global'")
 	Cmd.Flags().StringVar(&cloudKMSKeyRingID, "coa-cloud-kms-key-ring-id", "", "The key ring ID where the KMS keys exist, e.g. 'tx-signing'")
 	Cmd.Flags().StringVar(&cloudKMSKey, "coa-cloud-kms-key", "", `Name of the KMS key and its version, e.g. "gw-key-6@1"`)
+	Cmd.Flags().BoolVar(&cfg.COATxLookupEnabled, "coa-tx-lookup-enabled", false, "Tracks cadence transactions to release COA signing keys more quickly. Use this on nodes with high tx volume that frequently run out of proposer keys.")
 	Cmd.Flags().StringVar(&walletKey, "wallet-api-key", "", "ECDSA private key used for wallet APIs. WARNING: This should only be used locally or for testing, never in production.")
 	Cmd.Flags().IntVar(&cfg.MetricsPort, "metrics-port", 9091, "Port for the metrics server")
 	Cmd.Flags().BoolVar(&cfg.IndexOnly, "index-only", false, "Run the gateway in index-only mode which only allows querying the state and indexing, but disallows sending transactions.")

config/config.go

@@ -56,6 +56,10 @@ type Config struct {
 	COAKey crypto.PrivateKey
 	// COACloudKMSKey is a Cloud KMS key that will be used for signing transactions.
 	COACloudKMSKey *flowGoKMS.Key
+	// COATxLookupEnabled enables tracking of Cadence transactions to release COA signing
+	// keys much faster. Increases capacity of the available COA signing keys for nodes
+	// with high tx volume.
+	COATxLookupEnabled bool
 	// GasPrice is a fixed gas price that will be used when submitting transactions.
 	GasPrice *big.Int
 	// EnforceGasPrice defines whether the minimum gas price should be enforced.

services/ingestion/event_subscriber.go

@@ -176,7 +176,12 @@ func (r *RPCEventSubscriber) subscribe(ctx context.Context, height uint64) <-cha
 				for _, evt := range blockEvents.Events {
 					r.keyLock.NotifyTransaction(evt.TransactionID)
 				}
-				r.keyLock.NotifyBlock(blockEvents.Height)
+				r.keyLock.NotifyBlock(
+					flow.BlockHeader{
+						ID:     blockEvents.BlockID,
+						Height: blockEvents.Height,
+					},
+				)
 
 				eventsChan <- evmEvents
 

services/ingestion/event_subscriber_test.go

@@ -10,6 +10,7 @@ import (
 	"github.com/onflow/flow-go-sdk/access"
 	gethCommon "github.com/onflow/go-ethereum/common"
 
+	"github.com/onflow/flow-evm-gateway/config"
 	"github.com/onflow/flow-evm-gateway/models"
 	errs "github.com/onflow/flow-evm-gateway/models/errors"
 	"github.com/onflow/flow-evm-gateway/services/requester"
@@ -44,9 +45,14 @@ func Test_Subscribing(t *testing.T) {
 	)
 	require.NoError(t, err)
 
-	subscriber := NewRPCEventSubscriber(zerolog.Nop(), client, flowGo.Previewnet, keystore.New(nil), 1)
+	ctx := context.Background()
+	logger := zerolog.Nop()
+	cfg := config.Config{COATxLookupEnabled: true}
+	ks := keystore.New(ctx, nil, client, cfg, logger)
 
-	events := subscriber.Subscribe(context.Background())
+	subscriber := NewRPCEventSubscriber(logger, client, flowGo.Previewnet, ks, 1)
+
+	events := subscriber.Subscribe(ctx)
 
 	var prevHeight uint64
 
@@ -84,9 +90,14 @@ func Test_MissingBlockEvent(t *testing.T) {
 	)
 	require.NoError(t, err)
 
-	subscriber := NewRPCEventSubscriber(zerolog.Nop(), client, flowGo.Previewnet, keystore.New(nil), 1)
+	ctx := context.Background()
+	logger := zerolog.Nop()
+	cfg := config.Config{COATxLookupEnabled: true}
+	ks := keystore.New(ctx, nil, client, cfg, logger)
+
+	subscriber := NewRPCEventSubscriber(logger, client, flowGo.Previewnet, ks, 1)
 
-	events := subscriber.Subscribe(context.Background())
+	events := subscriber.Subscribe(ctx)
 
 	missingHashes := make([]gethCommon.Hash, 0)
 
@@ -186,9 +197,14 @@ func Test_SubscribingWithRetryOnError(t *testing.T) {
 	)
 	require.NoError(t, err)
 
-	subscriber := NewRPCEventSubscriber(zerolog.Nop(), client, flowGo.Previewnet, keystore.New(nil), 1)
+	ctx := context.Background()
+	logger := zerolog.Nop()
+	cfg := config.Config{COATxLookupEnabled: true}
+	ks := keystore.New(ctx, nil, client, cfg, logger)
+
+	subscriber := NewRPCEventSubscriber(logger, client, flowGo.Previewnet, ks, 1)
 
-	events := subscriber.Subscribe(context.Background())
+	events := subscriber.Subscribe(ctx)
 
 	var prevHeight uint64
 
@@ -249,9 +265,14 @@ func Test_SubscribingWithRetryOnErrorMultipleBlocks(t *testing.T) {
 	)
 	require.NoError(t, err)
 
-	subscriber := NewRPCEventSubscriber(zerolog.Nop(), client, flowGo.Previewnet, keystore.New(nil), 1)
+	ctx := context.Background()
+	logger := zerolog.Nop()
+	cfg := config.Config{COATxLookupEnabled: true}
+	ks := keystore.New(ctx, nil, client, cfg, logger)
 
-	events := subscriber.Subscribe(context.Background())
+	subscriber := NewRPCEventSubscriber(logger, client, flowGo.Previewnet, ks, 1)
+
+	events := subscriber.Subscribe(ctx)
 
 	var prevHeight uint64
 
@@ -311,9 +332,14 @@ func Test_SubscribingWithRetryOnErrorEmptyBlocks(t *testing.T) {
 	)
 	require.NoError(t, err)
 
-	subscriber := NewRPCEventSubscriber(zerolog.Nop(), client, flowGo.Previewnet, keystore.New(nil), 1)
+	ctx := context.Background()
+	logger := zerolog.Nop()
+	cfg := config.Config{COATxLookupEnabled: true}
+	ks := keystore.New(ctx, nil, client, cfg, logger)
+
+	subscriber := NewRPCEventSubscriber(logger, client, flowGo.Previewnet, ks, 1)
 
-	events := subscriber.Subscribe(context.Background())
+	events := subscriber.Subscribe(ctx)
 
 	var prevHeight uint64
 

services/requester/keystore/key_store.go

@@ -1,43 +1,92 @@
 package keystore
 
 import (
+	"context"
 	"fmt"
 	"sync"
 
+	"github.com/onflow/flow-evm-gateway/config"
 	flowsdk "github.com/onflow/flow-go-sdk"
+	"github.com/onflow/flow-go-sdk/access"
 	"github.com/onflow/flow-go/model/flow"
+	"github.com/rs/zerolog"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
 )
 
 var ErrNoKeysAvailable = fmt.Errorf("no signing keys available")
 
 const accountKeyBlockExpiration = flow.DefaultTransactionExpiry
 
 type KeyLock interface {
+	// This method is intended for the happy path of valid EVM transactions.
+	// The event subscriber module only subscribes to EVM-related events:
+	// - `EVM.TransactionExecuted`
+	// - `EVM.BlockExecuted`
+	//
+	// Valid EVM transactions do emit `EVM.TransactionExecuted` events, so we
+	// release the account key that was used by the Flow tx which emitted
+	// the above EVM event.
 	NotifyTransaction(txID flowsdk.Identifier)
-	NotifyBlock(blockHeight uint64)
+	// This method is intended for the unhappy path of invalid EVM transactions.
+	// For each new Flow block, we check the result status of all included Flow
+	// transactions, and we release the account keys which they used. This also
+	// handles the release of expired transactions, that weren't even included
+	// in a Flow block.
+	NotifyBlock(blockHeader flowsdk.BlockHeader)
 }
 
 type KeyStore struct {
+	client        access.Client
+	config        config.Config
 	availableKeys chan *AccountKey
 	usedKeys      map[flowsdk.Identifier]*AccountKey
 	size          int
 	keyMu         sync.Mutex
+	blockChan     chan flowsdk.BlockHeader
+	logger        zerolog.Logger
+
+	// Signal channel used to prevent blocking writes
+	// on `blockChan` when the node is shutting down.
+	done chan struct{}
 }
 
 var _ KeyLock = (*KeyStore)(nil)
 
-func New(keys []*AccountKey) *KeyStore {
+func New(
+	ctx context.Context,
+	keys []*AccountKey,
+	client access.Client,
+	config config.Config,
+	logger zerolog.Logger,
+) *KeyStore {
+	totalKeys := len(keys)
+
 	ks := &KeyStore{
-		usedKeys: map[flowsdk.Identifier]*AccountKey{},
+		client:        client,
+		config:        config,
+		availableKeys: make(chan *AccountKey, totalKeys),
+		usedKeys:      map[flowsdk.Identifier]*AccountKey{},
+		size:          totalKeys,
+		// `KeyStore.NotifyBlock` is called for each new Flow block,
+		// so we use a buffered channel to write the new block headers
+		// to the `blockChan`, and read them through `processLockedKeys`.
+		blockChan: make(chan flowsdk.BlockHeader, 200),
+		logger:    logger,
+		done:      make(chan struct{}),
 	}
 
-	availableKeys := make(chan *AccountKey, len(keys))
 	for _, key := range keys {
 		key.ks = ks
-		availableKeys <- key
+		ks.availableKeys <- key
+	}
+
+	// For cases where the EVM Gateway is run in an index-mode,
+	// there is no need to release any keys, since transaction
+	// submission is not allowed.
+	if !ks.config.IndexOnly {
+		go ks.processLockedKeys(ctx)
 	}
-	ks.size = len(keys)
-	ks.availableKeys = availableKeys
 
 	return ks
 }
@@ -47,6 +96,11 @@ func (k *KeyStore) AvailableKeys() int {
 	return len(k.availableKeys)
 }
 
+// HasKeysInUse returns whether any of the keys are currently being used.
+func (k *KeyStore) HasKeysInUse() bool {
+	return k.AvailableKeys() != k.size
+}
+
 // Take reserves a key for use in a transaction.
 func (k *KeyStore) Take() (*AccountKey, error) {
 	select {
@@ -63,22 +117,50 @@ func (k *KeyStore) Take() (*AccountKey, error) {
 
 // NotifyTransaction unlocks a key after use and puts it back into the pool.
 func (k *KeyStore) NotifyTransaction(txID flowsdk.Identifier) {
+	// For cases where the EVM Gateway is run in an index-mode,
+	// there is no need to release any keys, since transaction
+	// submission is not allowed. We return early here, to avoid
+	// any unnecessary steps such as lock acquisition and unlocking
+	// keys.
+	if k.config.IndexOnly {
+		return
+	}
+
 	k.keyMu.Lock()
 	defer k.keyMu.Unlock()
 
 	k.unsafeUnlockKey(txID)
 }
 
-// NotifyBlock is called to notify the KeyStore of a new ingested block height.
+// NotifyBlock is called to notify the KeyStore of a newly ingested block.
 // Pending transactions older than a threshold number of blocks are removed.
-func (k *KeyStore) NotifyBlock(blockHeight uint64) {
-	k.keyMu.Lock()
-	defer k.keyMu.Unlock()
+func (k *KeyStore) NotifyBlock(blockHeader flowsdk.BlockHeader) {
+	// For cases where the EVM Gateway is run in an index-mode,
+	// there is no need to release any keys, since transaction
+	// submission is not allowed. We return early here, to avoid
+	// blocking forever on writes to `k.blockChan`, because the
+	// `k.processLockedKeys()` function won't perform any reads
+	// from `k.blockChan`.
+	if k.config.IndexOnly {
+		return
+	}
 
-	for txID, key := range k.usedKeys {
-		if blockHeight-key.lastLockedBlock.Load() >= accountKeyBlockExpiration {
-			k.unsafeUnlockKey(txID)
-		}
+	select {
+	case <-k.done:
+		k.logger.Warn().Msg(
+			"received `NotifyBlock` while the server is shutting down",
+		)
+	case k.blockChan <- blockHeader:
+		k.logger.Info().Msgf(
+			"received `NotifyBlock` for block with ID: %s",
+			blockHeader.ID,
+		)
+	default:
+		// In this case, we only release the account keys which were last
+		// locked more than or equal to `accountKeyBlockExpiration` blocks
+		// in the past, in order to avoid slowing down the EVM event
+		// ingestion engine.
+		k.releasekeys(blockHeader.Height, nil)
 	}
 }
 
@@ -106,3 +188,58 @@ func (k *KeyStore) setLockMetadata(
 	defer k.keyMu.Unlock()
 	k.usedKeys[txID] = key
 }
+
+// processLockedKeys reads from the `blockChan` channel, and for each new
+// Flow block, it fetches the transaction results of the given block and
+// releases the account keys associated with those transactions.
+func (k *KeyStore) processLockedKeys(ctx context.Context) {
+	for {
+		select {
+		case <-ctx.Done():
+			close(k.done)
+			return
+		case blockHeader := <-k.blockChan:
+			// Optimization to avoid AN calls when no signing keys have
+			// been used. For example, when back-filling the EVM GW state,
+			// we don't care about releasing signing keys.
+			if !k.HasKeysInUse() {
+				continue
+			}
+
+			var txResults []*flowsdk.TransactionResult
+			var err error
+			if k.config.COATxLookupEnabled {
+				txResults, err = k.client.GetTransactionResultsByBlockID(ctx, blockHeader.ID)
+				if err != nil && status.Code(err) != codes.Canceled {
+					k.logger.Error().Err(err).Msgf(
+						"failed to get transaction results for block ID: %s",
+						blockHeader.ID.Hex(),
+					)
+					continue
+				}
+			}
+
+			k.releasekeys(blockHeader.Height, txResults)
+		}
+	}
+}
+
+// releasekeys accepts a block height and a slice of `TransactionResult`
+// objects and releases the account keys used for signing the given
+// transactions.
+// It also releases the account keys which were last locked more than
+// or equal to `accountKeyBlockExpiration` blocks in the past.
+func (k *KeyStore) releasekeys(blockHeight uint64, txResults []*flowsdk.TransactionResult) {
+	k.keyMu.Lock()
+	defer k.keyMu.Unlock()
+
+	for _, txResult := range txResults {
+		k.unsafeUnlockKey(txResult.TransactionID)
+	}
+
+	for txID, key := range k.usedKeys {
+		if blockHeight-key.lastLockedBlock.Load() >= accountKeyBlockExpiration {
+			k.unsafeUnlockKey(txID)
+		}
+	}
+}