Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

check: prohibit WatchOnly to send commits #139

Merged
merged 1 commit into from
Dec 5, 2024
Merged

Conversation

AnnaShaleva
Copy link
Member

Problem:

Inappropriate message in the WatchOnly node logs with NeoXAMEV extension enabled:

2024-12-05T15:15:54.366+0300	INFO	[email protected]/dbft.go:545	received PreCommit	{"validator": 5}
2024-12-05T15:15:54.366+0300	DEBUG	[email protected]/check.go:90	can't send commit since self preCommit not yet sent

Based on these logs it may seem that WatchOnly is trying (or will try) to send Commit. It must never happen, hence I dived into the library code and discovered the condition that was added mostly for safety and that was planned to be removed in future:

dbft/check.go

Lines 82 to 84 in 7c005d9

// Require PreCommit sent by self for reliability. This condition may be removed
// in the future.
if d.PreCommitSent() {

Ref. #118 (comment).

So the problem is in the invalid documentaiton and in improper log message.

It should be noted that for non-WatchOnly CNs we also need to keep and check PreCommitSent requirement because node's Commit must be confirmed by previousely sent PreCommit.

Solution:

Strictly speaking, this commit almost doesn't change the dBFT behaviour because WatchOnly node is not allowed to send Commit thanks to the condition outlined above. But we'd better adjust the comment and don't confuse the library users with inappropriate message.

Problem:

Inappropriate message in the WatchOnly node logs with NeoXAMEV extension
enabled:
```
2024-12-05T15:15:54.366+0300	INFO	[email protected]/dbft.go:545	received PreCommit	{"validator": 5}
2024-12-05T15:15:54.366+0300	DEBUG	[email protected]/check.go:90	can't send commit since self preCommit not yet sent
```

Based on these logs it may seem that WatchOnly is trying (or will try)
to send Commit. It must never happen, hence I dived into the library
code and discovered the condition that was added mostly for safety and
that was planned to be removed in future:
https://github.com/nspcc-dev/dbft/blob/7c005d93e4b47106b679e3cc55d182f8167e0e56/check.go#L82-L84

Ref. #118 (comment).

So the problem is in the invalid documentaiton and in improper log
message.

It should be noted that for non-WatchOnly CNs we also need to keep
and check PreCommitSent requirement because node's Commit must be
confirmed by previousely sent PreCommit.

Solution:

Strictly speaking, this commit almost doesn't change the dBFT behaviour
because WatchOnly node is not allowed to send Commit thanks to the
condition outlined above. But we'd better adjust the comment and don't
confuse the library users with inappropriate message.

Signed-off-by: Anna Shaleva <[email protected]>
@AnnaShaleva AnnaShaleva added the bug Something isn't working label Dec 5, 2024
@AnnaShaleva AnnaShaleva added this to the v0.3.2 milestone Dec 5, 2024
Copy link

codecov bot commented Dec 5, 2024

Codecov Report

Attention: Patch coverage is 0% with 3 lines in your changes missing coverage. Please review.

Project coverage is 58.21%. Comparing base (7c005d9) to head (28758a4).
Report is 2 commits behind head on master.

Files with missing lines Patch % Lines
check.go 0.00% 3 Missing ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##           master     #139      +/-   ##
==========================================
- Coverage   58.24%   58.21%   -0.03%     
==========================================
  Files          32       32              
  Lines        2256     2257       +1     
==========================================
  Hits         1314     1314              
- Misses        858      859       +1     
  Partials       84       84              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@AnnaShaleva
Copy link
Member Author

I also have checked that anti-MEV enabled WatchOnly node is not allowed to construct other messages.

check.go Show resolved Hide resolved
@roman-khimov roman-khimov merged commit b2ba0cd into master Dec 5, 2024
10 of 12 checks passed
@roman-khimov roman-khimov deleted the commit-protection branch December 5, 2024 12:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants