-
Notifications
You must be signed in to change notification settings - Fork 746
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Snowbridge free consensus updates #5201
Conversation
* free finalized updates * update comment * fix check * fixes * tests * fixes * fmt * finishing touches * comments * adds missing impl * adds test * fixes * fix
…e-consensus-updates
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1
return Pays::No; | ||
} | ||
|
||
// If free headers are allowed and the latest finalized header is larger than the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This part of the comment, "If free headers are allowed". I don't see it reflected in the code. Should it be another condition apart from the inequality?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good catch, in an older implementation it was optional. Comment updated here: ab8739c#diff-adbbba03e39a047dd71745d3ed0eaf33b4e982ac58d64f273f1574816ff44940R664
new_tester().execute_with(|| { | ||
// Not free, smaller than the allowed free header interval | ||
assert_eq!( | ||
EthereumBeaconClient::check_refundable(&finalized_update.clone(), 8190), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It might be clearer if you use finalized_update.finalized_header.slot + some_offset
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed, updated here: ab8739c#diff-ea6025b3cac6719f750d1f0065ba30d70a16d386a5ce374e4a6b79299f48a3eeR136
type RuntimeEvent = RuntimeEvent; | ||
type ForkVersions = ChainForkVersions; | ||
// Free consensus update every epoch. Works out to be 225 updates per day. | ||
type FreeHeadersInterval = ConstU32<32>; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess the epoch will not change often, but probably better to use a constant like EPOCH_LENGTH
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
prdoc/pr_5201.prdoc
Outdated
Allow free consensus updates to the Snowbridge Ethereum client if the headers are more than a certain | ||
number of headers apart. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How does this impact the devs? Is it cheaper to run relayers now?
Does this affect the user somehow? E.g. cheaper to use the bridge?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Co-authored-by: Francisco Aguirre <franciscoaguirreperez@gmail.com>
let pays_fee = Self::check_refundable(update, latest_finalized_state.slot); | ||
let actual_weight = match update.next_sync_committee_update { | ||
None => T::WeightInfo::submit(), | ||
Some(_) => T::WeightInfo::submit_with_sync_committee(), | ||
}; | ||
|
||
if update.finalized_header.slot > latest_finalized_state.slot { | ||
Self::store_finalized_header(update.finalized_header, update.block_roots_root)?; | ||
} | ||
|
||
Ok(()) | ||
Ok(PostDispatchInfo { actual_weight: Some(actual_weight), pays_fee }) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you double-check and confirm that this doesn't allow free spamming for this call with using the same "valid" update (with update.next_sync_committee_update.is_some() == true
) over and over for free, potentially DoS-ing BH blocks?
It looks like there is a compute_period
verification for updating sync committee, that would not allow the DoS I described above, but I got a bit lost in the details and would like you to confirm.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@acatangiu that's a valid point, thanks! There is a specific test for that (duplicate_sync_committee_updates_are_not_free
): https://github.com/paritytech/polkadot-sdk/pull/5201/files#diff-ea6025b3cac6719f750d1f0065ba30d70a16d386a5ce374e4a6b79299f48a3eeR684
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, didn't yet look at tests 🙈
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The test tries to submit the exact same proof twice, which will fail the second time because the attested header in the proof is no longer newer than the stored one on-chain.
But what about the following scenario:
- Relayer submits valid update for slot
N
in periodP
with sync committeeS
provided inSome(next_sync_committee_update)
- Relayer then provides update for slot
N+1
in periodP
with sync committeeS
provided inSome(next_sync_committee_update)
?
Basically try to "farm" the Some(next_sync_committee_update)
tx fee freebie, to spam update one slot at a time.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The above is a valid issue, and is being fixed in Snowfork#172
The CI pipeline was cancelled due to failure one of the required jobs. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approving this like so, Clara to follow-up with requested test in another PR.
@claravanstaden please merge master to make this mergable. |
On it! |
c8015b2
Allow free Snowbridge consensus updates, if the header interval is larger than the configured value (set to 32, so once a epoch). This PR also moves the Rococo Snowbridge pallet config into its own module. Original PR: Snowfork#159 --------- Co-authored-by: Francisco Aguirre <franciscoaguirreperez@gmail.com>
Allow free Snowbridge consensus updates, if the header interval is larger than the configured value (set to 32, so once a epoch). This PR also moves the Rococo Snowbridge pallet config into its own module. Original PR: Snowfork#159 ---------- Original `pr_5201.prdoc` is present but moved to release dir, ergo `R0-Silent` for this backport PR. --------- Co-authored-by: Clara van Staden <claravanstaden64@gmail.com> Co-authored-by: Francisco Aguirre <franciscoaguirreperez@gmail.com>
Allow free Snowbridge consensus updates, if the header interval is larger than the configured value (set to 32, so once a epoch). This PR also moves the Rococo Snowbridge pallet config into its own module. Original PR: Snowfork#159 --------- Co-authored-by: Francisco Aguirre <franciscoaguirreperez@gmail.com>
# Description A fix for a border condition introduced with new feature #5201. A malicious relayer could spam the Ethereum client with sync committee updates that have already been imported for the period. This PR adds a storage item to track the last imported sync committee period, so that subsequent irrelevant updates are not free. Original PR: Snowfork#172 ## Integration Downstream projects are not affected. Relayers will not be able to spam the Ethereum client with irrelevant sync committee updates for free. ## Review Notes Adds a storage item to track the last free sync committee update period, so that duplicate imports are not free. --------- Co-authored-by: Adrian Catangiu <adrian@parity.io>
# Description A fix for a border condition introduced with new feature #5201. A malicious relayer could spam the Ethereum client with sync committee updates that have already been imported for the period. This PR adds a storage item to track the last imported sync committee period, so that subsequent irrelevant updates are not free. Original PR: Snowfork#172 ## Integration Downstream projects are not affected. Relayers will not be able to spam the Ethereum client with irrelevant sync committee updates for free. ## Review Notes Adds a storage item to track the last free sync committee update period, so that duplicate imports are not free. --------- Co-authored-by: Adrian Catangiu <adrian@parity.io> (cherry picked from commit 1790e42)
Allow free Snowbridge consensus updates, if the header interval is larger than the configured value (set to 32, so once a epoch).
This PR also moves the Rococo Snowbridge pallet config into its own module.
Original PR: Snowfork#159