Improve release frequency for signing keys by checking tx result status

Author: m-Peter

bootstrap/bootstrap.go

@@ -243,7 +243,7 @@ func (b *Bootstrap) StartAPIServer(ctx context.Context) error {
 		}
 	}
 
-	b.keystore = keystore.New(accountKeys)
+	b.keystore = keystore.New(ctx, accountKeys, b.client, b.logger)
 
 	// create transaction pool
 	var txPool requester.TxPool

services/ingestion/event_subscriber.go

@@ -176,7 +176,7 @@ func (r *RPCEventSubscriber) subscribe(ctx context.Context, height uint64) <-cha
 				for _, evt := range blockEvents.Events {
 					r.keyLock.NotifyTransaction(evt.TransactionID)
 				}
-				r.keyLock.NotifyBlock(blockEvents.Height)
+				r.keyLock.NotifyBlock(blockEvents.BlockID)
 
 				eventsChan <- evmEvents
 

services/ingestion/event_subscriber_test.go

@@ -44,9 +44,13 @@ func Test_Subscribing(t *testing.T) {
 	)
 	require.NoError(t, err)
 
-	subscriber := NewRPCEventSubscriber(zerolog.Nop(), client, flowGo.Previewnet, keystore.New(nil), 1)
+	ctx := context.Background()
+	logger := zerolog.Nop()
+	ks := keystore.New(ctx, nil, client, logger)
 
-	events := subscriber.Subscribe(context.Background())
+	subscriber := NewRPCEventSubscriber(logger, client, flowGo.Previewnet, ks, 1)
+
+	events := subscriber.Subscribe(ctx)
 
 	var prevHeight uint64
 
@@ -84,9 +88,13 @@ func Test_MissingBlockEvent(t *testing.T) {
 	)
 	require.NoError(t, err)
 
-	subscriber := NewRPCEventSubscriber(zerolog.Nop(), client, flowGo.Previewnet, keystore.New(nil), 1)
+	ctx := context.Background()
+	logger := zerolog.Nop()
+	ks := keystore.New(ctx, nil, client, logger)
+
+	subscriber := NewRPCEventSubscriber(logger, client, flowGo.Previewnet, ks, 1)
 
-	events := subscriber.Subscribe(context.Background())
+	events := subscriber.Subscribe(ctx)
 
 	missingHashes := make([]gethCommon.Hash, 0)
 
@@ -186,9 +194,13 @@ func Test_SubscribingWithRetryOnError(t *testing.T) {
 	)
 	require.NoError(t, err)
 
-	subscriber := NewRPCEventSubscriber(zerolog.Nop(), client, flowGo.Previewnet, keystore.New(nil), 1)
+	ctx := context.Background()
+	logger := zerolog.Nop()
+	ks := keystore.New(ctx, nil, client, logger)
+
+	subscriber := NewRPCEventSubscriber(logger, client, flowGo.Previewnet, ks, 1)
 
-	events := subscriber.Subscribe(context.Background())
+	events := subscriber.Subscribe(ctx)
 
 	var prevHeight uint64
 
@@ -249,9 +261,13 @@ func Test_SubscribingWithRetryOnErrorMultipleBlocks(t *testing.T) {
 	)
 	require.NoError(t, err)
 
-	subscriber := NewRPCEventSubscriber(zerolog.Nop(), client, flowGo.Previewnet, keystore.New(nil), 1)
+	ctx := context.Background()
+	logger := zerolog.Nop()
+	ks := keystore.New(ctx, nil, client, logger)
 
-	events := subscriber.Subscribe(context.Background())
+	subscriber := NewRPCEventSubscriber(logger, client, flowGo.Previewnet, ks, 1)
+
+	events := subscriber.Subscribe(ctx)
 
 	var prevHeight uint64
 
@@ -311,9 +327,13 @@ func Test_SubscribingWithRetryOnErrorEmptyBlocks(t *testing.T) {
 	)
 	require.NoError(t, err)
 
-	subscriber := NewRPCEventSubscriber(zerolog.Nop(), client, flowGo.Previewnet, keystore.New(nil), 1)
+	ctx := context.Background()
+	logger := zerolog.Nop()
+	ks := keystore.New(ctx, nil, client, logger)
+
+	subscriber := NewRPCEventSubscriber(logger, client, flowGo.Previewnet, ks, 1)
 
-	events := subscriber.Subscribe(context.Background())
+	events := subscriber.Subscribe(ctx)
 
 	var prevHeight uint64
 

services/requester/keystore/key_store.go

@@ -1,11 +1,14 @@
 package keystore
 
 import (
+	"context"
 	"fmt"
 	"sync"
 
 	flowsdk "github.com/onflow/flow-go-sdk"
+	"github.com/onflow/flow-go-sdk/access"
 	"github.com/onflow/flow-go/model/flow"
+	"github.com/rs/zerolog"
 )
 
 var ErrNoKeysAvailable = fmt.Errorf("no signing keys available")
@@ -14,21 +17,40 @@ const accountKeyBlockExpiration = flow.DefaultTransactionExpiry
 
 type KeyLock interface {
 	NotifyTransaction(txID flowsdk.Identifier)
-	NotifyBlock(blockHeight uint64)
+	NotifyBlock(blockID flowsdk.Identifier)
 }
 
 type KeyStore struct {
+	client        access.Client
 	availableKeys chan *AccountKey
 	usedKeys      map[flowsdk.Identifier]*AccountKey
 	size          int
 	keyMu         sync.Mutex
+	blockChan     chan flowsdk.Identifier
+	logger        zerolog.Logger
+
+	// Signal channel used to prevent blocking writes
+	// on `blockChan` when the node is shutting down.
+	done chan struct{}
 }
 
 var _ KeyLock = (*KeyStore)(nil)
 
-func New(keys []*AccountKey) *KeyStore {
+func New(
+	ctx context.Context,
+	keys []*AccountKey,
+	client access.Client,
+	logger zerolog.Logger,
+) *KeyStore {
 	ks := &KeyStore{
+		client:   client,
 		usedKeys: map[flowsdk.Identifier]*AccountKey{},
+		// `KeyStore.NotifyBlock` is called for each new Flow block,
+		// so we use a buffered channel to write the new block IDs
+		// to the `blockChan`, and read them through `processLockedKeys`.
+		blockChan: make(chan flowsdk.Identifier, 100),
+		logger:    logger,
+		done:      make(chan struct{}),
 	}
 
 	availableKeys := make(chan *AccountKey, len(keys))
@@ -39,6 +61,13 @@ func New(keys []*AccountKey) *KeyStore {
 	ks.size = len(keys)
 	ks.availableKeys = availableKeys
 
+	// For cases where the EVM Gateway is run in an index-mode,
+	// there is no need to release any keys, since transaction
+	// submission is not allowed.
+	if ks.size > 0 {
+		go ks.processLockedKeys(ctx)
+	}
+
 	return ks
 }
 
@@ -69,16 +98,17 @@ func (k *KeyStore) NotifyTransaction(txID flowsdk.Identifier) {
 	k.unsafeUnlockKey(txID)
 }
 
-// NotifyBlock is called to notify the KeyStore of a new ingested block height.
+// NotifyBlock is called to notify the KeyStore of a newly ingested block.
 // Pending transactions older than a threshold number of blocks are removed.
-func (k *KeyStore) NotifyBlock(blockHeight uint64) {
-	k.keyMu.Lock()
-	defer k.keyMu.Unlock()
-
-	for txID, key := range k.usedKeys {
-		if blockHeight-key.lastLockedBlock.Load() >= accountKeyBlockExpiration {
-			k.unsafeUnlockKey(txID)
-		}
+func (k *KeyStore) NotifyBlock(blockID flowsdk.Identifier) {
+	select {
+	case <-k.done:
+		k.logger.Warn().Msg(
+			"received `NotifyBlock` while the server is shutting down",
+		)
+		return
+	default:
+		k.blockChan <- blockID
 	}
 }
 
@@ -106,3 +136,71 @@ func (k *KeyStore) setLockMetadata(
 	defer k.keyMu.Unlock()
 	k.usedKeys[txID] = key
 }
+
+// processLockedKeys reads from the `blockChan` channel, and for each new
+// Flow block, it fetches the transaction results of the given block and
+// releases the account keys associated with those transactions.
+func (k *KeyStore) processLockedKeys(ctx context.Context) {
+	for {
+		select {
+		case <-ctx.Done():
+			close(k.done)
+			return
+		case blockID := <-k.blockChan:
+			// TODO: If calling `k.client.GetTransactionResultsByBlockID` for each
+			// new block, seems to be problematic for ANs, we can take an approach
+			// like the one below:
+			// If the available keys ratio is >= 60% of the total signing keys,
+			// then we can skip checking the transaction result statuses.
+			// The signing keys from invalid EVM transactions, will eventually
+			// come again into availability, after `accountKeyBlockExpiration`
+			// blocks have passed.
+			// availablekeysRatio := float64(k.AvailableKeys()) / float64(k.size)
+			// if availablekeysRatio >= 0.6 {
+			// 	continue
+			// }
+
+			// Optimization to avoid AN calls when no signing keys have
+			// been used. For example, when back-filling the EVM GW state,
+			// we don't care about releasing signing keys.
+			if k.AvailableKeys() == k.size {
+				continue
+			}
+
+			txResults, err := k.client.GetTransactionResultsByBlockID(ctx, blockID)
+			if err != nil {
+				k.logger.Error().Err(err).Msgf(
+					"failed to get transaction results for block ID: %s",
+					blockID.Hex(),
+				)
+				continue
+			}
+
+			k.releasekeys(txResults)
+		}
+	}
+}
+
+// releasekeys accepts a slice of `TransactionResult` objects and
+// releases the account keys used for signing the given transactions.
+// It also releases the account keys which were last locked more than
+// or equal to `accountKeyBlockExpiration` blocks in the past.
+func (k *KeyStore) releasekeys(txResults []*flowsdk.TransactionResult) {
+	if len(txResults) == 0 {
+		return
+	}
+
+	k.keyMu.Lock()
+	defer k.keyMu.Unlock()
+
+	for _, txResult := range txResults {
+		k.unsafeUnlockKey(txResult.TransactionID)
+	}
+
+	blockHeight := txResults[0].BlockHeight
+	for txID, key := range k.usedKeys {
+		if blockHeight-key.lastLockedBlock.Load() >= accountKeyBlockExpiration {
+			k.unsafeUnlockKey(txID)
+		}
+	}
+}

services/requester/keystore/key_store_test.go

@@ -1,14 +1,18 @@
 package keystore
 
 import (
+	"context"
 	"errors"
 	"sync"
 	"testing"
 	"time"
 
+	"github.com/onflow/flow-evm-gateway/services/testutils"
 	sdk "github.com/onflow/flow-go-sdk"
+	"github.com/onflow/flow-go-sdk/access/mocks"
 	"github.com/onflow/flow-go-sdk/test"
 	"github.com/onflow/flow-go/utils/unittest"
+	"github.com/rs/zerolog"
 	"golang.org/x/sync/errgroup"
 
 	"github.com/stretchr/testify/assert"
@@ -25,7 +29,7 @@ func TestTake(t *testing.T) {
 		keys = append(keys, NewAccountKey(*accountKey, addrGenerator.New(), signer))
 	}
 
-	ks := New(keys)
+	ks := New(context.Background(), keys, testutils.SetupClientForRange(1, 100), zerolog.Nop())
 
 	t.Run("Take with no metadata updates", func(t *testing.T) {
 		key, err := ks.Take()
@@ -67,10 +71,50 @@ func TestTake(t *testing.T) {
 	})
 
 	t.Run("Take with expiration", func(t *testing.T) {
+		blockHeight := uint64(10)
+		blockID10 := identifierFixture()
+		blockIDNonExpired := identifierFixture()
+		client := &testutils.MockClient{
+			Client: &mocks.Client{},
+			GetTransactionResultsByBlockIDFunc: func(ctx context.Context, blockID sdk.Identifier) ([]*sdk.TransactionResult, error) {
+				if blockID == blockID10 {
+					return []*sdk.TransactionResult{}, nil
+				}
+
+				if blockID == blockIDNonExpired {
+					return []*sdk.TransactionResult{
+						{
+							Status:           sdk.TransactionStatusFinalized,
+							Error:            nil,
+							Events:           []sdk.Event{},
+							BlockID:          blockID,
+							BlockHeight:      blockHeight + accountKeyBlockExpiration - 1,
+							TransactionID:    identifierFixture(),
+							CollectionID:     identifierFixture(),
+							ComputationUsage: 104_512,
+						},
+					}, nil
+				}
+
+				return []*sdk.TransactionResult{
+					{
+						Status:           sdk.TransactionStatusFinalized,
+						Error:            nil,
+						Events:           []sdk.Event{},
+						BlockID:          blockID,
+						BlockHeight:      blockHeight + accountKeyBlockExpiration,
+						TransactionID:    identifierFixture(),
+						CollectionID:     identifierFixture(),
+						ComputationUsage: 104_512,
+					},
+				}, nil
+			},
+		}
+		ks := New(context.Background(), keys, client, zerolog.Nop())
+
 		key, err := ks.Take()
 		require.NoError(t, err)
 
-		blockHeight := uint64(10)
 		txID := identifierFixture()
 		key.SetLockMetadata(txID, blockHeight)
 
@@ -82,13 +126,21 @@ func TestTake(t *testing.T) {
 		assert.Equal(t, key, ks.usedKeys[txID])
 
 		// notify for one block before the expiration block, key should still be reserved
-		ks.NotifyBlock(blockHeight + accountKeyBlockExpiration - 1)
+		ks.NotifyBlock(blockIDNonExpired)
+
+		// Give some time to allow the KeyStore to check for the
+		// transaction result statuses in the background.
+		time.Sleep(time.Second * 2)
 
 		assert.True(t, key.inUse.Load())
 		assert.Equal(t, key, ks.usedKeys[txID])
 
 		// notify for the expiration block
-		ks.NotifyBlock(blockHeight + accountKeyBlockExpiration)
+		ks.NotifyBlock(identifierFixture())
+
+		// Give some time to allow the KeyStore to check for the
+		// transaction result statuses in the background.
+		time.Sleep(time.Second * 2)
 
 		// keystore and key should be reset
 		assert.Equal(t, 2, ks.AvailableKeys())
@@ -106,9 +158,14 @@ func TestKeySigning(t *testing.T) {
 	accountKey.Index = 0 // the fixture starts from index 1
 	accountKey.SequenceNumber = 42
 
-	ks := New([]*AccountKey{
-		NewAccountKey(*accountKey, address, signer),
-	})
+	ks := New(
+		context.Background(),
+		[]*AccountKey{
+			NewAccountKey(*accountKey, address, signer),
+		},
+		testutils.SetupClientForRange(1, 100),
+		zerolog.Nop(),
+	)
 
 	key, err := ks.Take()
 	require.NoError(t, err)
@@ -154,7 +211,7 @@ func TestConcurrentUse(t *testing.T) {
 		keys = append(keys, key)
 	}
 
-	ks := New(keys)
+	ks := New(context.Background(), keys, testutils.SetupClientForRange(1, 100), zerolog.Nop())
 
 	g := errgroup.Group{}
 	g.SetLimit(concurrentTxCount)