Add randomness contract support to AuthorityRound. #10946
Conversation
|
It looks like @afck signed our Contributor License Agreement. 👍 Many thanks, Parity Technologies CLA Bot |
jam10o-new
added
A0-pleasereview 🤓
afck
force-pushed
the
afck-rand
branch
2 times, most recently
from
73fca41
to
98c6827
Compare
afck
force-pushed
the
afck-rand
branch
2 times, most recently
from
64ae88d
to
cfad2b7
Compare
afck
force-pushed
the
afck-rand
branch
3 times, most recently
from
d1af62f
to
565c31e
Compare
|
|
afck
force-pushed
the
afck-rand
branch
3 times, most recently
from
b93995f
to
fd89a98
Compare
afck
force-pushed
the
afck-rand
branch
2 times, most recently
from
ed2b734
to
3e42c94
Compare
afck
force-pushed
the
afck-rand
branch
2 times, most recently
from
e7d4815
to
11efb01
Compare
|
Hi! I'm still interested in merging this, and happy address any concerns about the implementation. |
afck
force-pushed
the
afck-rand
branch
3 times, most recently
from
8998882
to
245d71c
Compare
|
Changes have been cherry-picked from poanetwork's aura-pos branch. Most of the work has been done by @mbr.
Co-Authored-By: David <[email protected]>
| // Creates and signs a transaction with the given contract call. | ||
| let mut make_transaction = |to: Address, data: Bytes| -> Result<SignedTransaction, Error> { | ||
| let nonce = Some(tx_nonce); | ||
| tx_nonce += U256::one(); // Increment the nonce for the next transaction. |
There was a problem hiding this comment.
is it okay to panic here on overflow? or is it not feasible to get an overflow here?
There was a problem hiding this comment.
Is there a way to artificially increase account nonces somehow?
Otherwise I'd say it's not feasible: You'd have to execute 2^256 transactions to get there.
Not sure whether the yellow paper even defines what should happen in that case? At a glance, I couldn't find it.
| @@ -1430,6 +1452,46 @@ impl Engine for AuthorityRound { | |||
| block_reward::apply_block_rewards(&rewards, block, &self.machine) | |||
| } | |||
|
|
|||
| /// Make calls to the randomness contract. | |||
| fn on_prepare_block(&self, block: &ExecutedBlock) -> Result<Vec<SignedTransaction>, Error> { | |||
There was a problem hiding this comment.
Is it still guaranteed at this point that the client's latest nonce is the same, i.e. that the latest block as seen by the client is the parent of this
block?
I honestly do not know. @tomusdrw maybe?
| /// Waiting for the next phase. | ||
| /// | ||
| /// This state indicates either the successful revelation in this round or having missed the | ||
| /// window to make a commitment. |
There was a problem hiding this comment.
Maybe dumb q: what is the window? A range of blocks? Where do we set this? In the aura_random contract? (If yes, I think it's a good idea to add notes for any piece of data that is defined in the contract as opposed to the rust code).
There was a problem hiding this comment.
That's up to the contract. In POSDAO it's a range of blocks, yes.
I'll add a comment.
There was a problem hiding this comment.
The comment was added in poanetwork@4799aeb.
| /// | ||
| /// Returns the encoded contract call necessary to advance the randomness contract's state. | ||
| /// | ||
| /// **Warning**: The `advance()` function should be called only once per block state; otherwise |
There was a problem hiding this comment.
Not sure what you mean by "block state"? Can you elaborate?
There was a problem hiding this comment.
I think the intent of this warning was to make sure we don't call advance() twice in the same block. I'll reword it.
|
|
||
| /// Perform a function call to an ethereum machine that doesn't create a transaction or change the state. | ||
| /// | ||
| /// Runs a constant function call on `client`. The `call` value can be serialized by calling any |
There was a problem hiding this comment.
I think I've asked this somewhere else already but I do not remember the answer, apologies. What is meant by a "constant function" in this context? Is it "constant" because it does not create txs and thus does not alter state? If yes, I suggest being explicit: "Runs a non-state altering function call…" (or something to that effect).
There was a problem hiding this comment.
Yes, exactly. I'll expand the comment.
There was a problem hiding this comment.
The comment was expanded in poanetwork@4799aeb#diff-a4faad7e2fe2f519b612d48dfa0f8607.
json/src/spec/authority_round.rs
Outdated
| #[derive(Debug, PartialEq, Deserialize)] | ||
| #[serde(deny_unknown_fields)] | ||
| #[serde(untagged)] | ||
| pub enum TransitionMap<T> { |
There was a problem hiding this comment.
I agree that it'd be nice to let knowledgeable users to have a short-form for the single-item use case. However I also think that it's worth more to have less rust code to maintain: configuration mistakes are non-catastrophic (the node won't start; bugs in rust might be more subtle) and probably easy to mitigate with docs. So yeah, unless you disagree strongly I think it's good to mandate a map here.
|
I addressed most comments, except the error-related ones (also #10946 (comment) — see my reply; happy to work on this once we make a decision). |
ethcore/client-traits/src/lib.rs
Outdated
| self.transact(Action::Call(address), data, None, None, None) | ||
| } | ||
|
|
||
| /// Returns a signed transaction. If gas limit, gas price, or nonce are not |
ethcore/client-traits/src/lib.rs
Outdated
| } | ||
|
|
||
| /// Returns a signed transaction. If gas limit, gas price, or nonce are not | ||
| /// specified, the defaults are used. |
There was a problem hiding this comment.
the defaults are used.
I like the comment from transact better, cause you really can't have a default nonce - it's a bit nonsense.
ethcore/client-traits/src/lib.rs
Outdated
| &self, | ||
| action: Action, | ||
| data: Bytes, | ||
| gas: Option<U256>, |
There was a problem hiding this comment.
I was expressing my need for a builder in such long calls in some other PR already :) I really think it would make the callers life easier and the code more readable, especially if we are passing 3 Nones.
There was a problem hiding this comment.
Something like:
client.create_transaction(TransactionBuilder::call(address).gas(5).nonce(4).build())
Then the caller would configure only the stuff they really need and we could simplify the interface to:
fn create_transaction(&self, TransactionRequest) -> Result<SignedTransaction>;
fn submit_transaction(&self, SignedTransaction) -> Result<()>;
fn transact(&self, r: TransactionRequest) -> Result<()> {
self.submit_transaction(self.create_transaction(r)?)
}
instead of having a random transact_contract.
There was a problem hiding this comment.
Done…
I didn't separate builder from request, though; let me know if you're okay with that approach.
| snapshot::Snapshotting, | ||
| transaction::{Action, SignedTransaction}, |
There was a problem hiding this comment.
Fixed. (Sorry, somehow sometimes my Vim doesn't realize it's tabs.)
| EngineError::RequiresClient | ||
| })?; | ||
| let full_client = client.as_full_client() | ||
| .ok_or(EngineError::FailedSystemCall("Failed to upgrade to BlockchainClient.".to_string()))?; |
There was a problem hiding this comment.
| .ok_or(EngineError::FailedSystemCall("Failed to upgrade to BlockchainClient.".to_string()))?; | |
| .ok_or_else(|| EngineError::FailedSystemCall("Failed to upgrade to BlockchainClient.".to_string()))?; |
| /// Creates new instance of miner with given spec and accounts. | ||
| /// | ||
| /// NOTE This should be only used for tests. | ||
| pub fn new_for_tests_force_sealing(spec: &Spec, accounts: Option<HashSet<Address>>, force_sealing: bool) -> Miner { |
There was a problem hiding this comment.
I would rather keep only one function that is exposed for tests (especially that it's not feature-flagged). Is this new function really necessary? Can't you enable force_sealing for all tests?
There was a problem hiding this comment.
There seem to be two tests relying on it:
failures:
miner::miner::tests::should_not_mine_if_internal_sealing_is_disabled
miner::miner::tests::should_not_mine_if_no_fetch_work_request
We can add the parameter to new_for_tests, but that will touch a lot of files.
There was a problem hiding this comment.
Okay, would be best to have some way for them to alter the options, without introducing those additional methods, but I'm fine as-is.
|
|
||
| impl<'a> BoundContract<'a> { | ||
| /// Create a new `BoundContract`. | ||
| #[inline] |
There was a problem hiding this comment.
| #[inline] |
Should be left to compiler to decide that.
| let number: RandNumber = rng.gen(); | ||
| let number_hash: Hash = keccak(number.as_bytes()); | ||
| let public = signer.public().ok_or(PhaseError::MissingPublicKey)?; | ||
| let cipher = ecies::encrypt(&public, &number_hash.0, number.as_bytes())?; |
There was a problem hiding this comment.
Are there any other reasons to store the encrypted number on-chain other than avoiding validator nodes being stateful (i.e. having to store it off-chain to reveal in the future)?
There was a problem hiding this comment.
We think it would be more reliable to store the cipher on-chain, and, since we call the commitHash function anyway, we pass the cipher to it at the same time. So storing it on-chain doesn't require making a separate transaction.
There was a problem hiding this comment.
Also, if your node crashes somehow and you start another one, it can just continue, and won't fail to reveal the secret.
If we stored that locally, the backup node wouldn't have the required information.
There was a problem hiding this comment.
Would be good to check with some cryptographer if we don't leak some information everytime we encode the same number. I think it's unlikely, but still.
There was a problem hiding this comment.
You mean because we publish multiple pairs of plaintext + ciphertext for the same key?
Since ECIES is supposed to be secure even against chosen-plaintext and chosen-ciphertext attacks, I believe that shouldn't be a problem. But I'm not a cryptographer either.
| @@ -1430,6 +1452,46 @@ impl Engine for AuthorityRound { | |||
| block_reward::apply_block_rewards(&rewards, block, &self.machine) | |||
| } | |||
|
|
|||
| /// Make calls to the randomness contract. | |||
| fn on_prepare_block(&self, block: &ExecutedBlock) -> Result<Vec<SignedTransaction>, Error> { | |||
There was a problem hiding this comment.
Yes, the nonce should be the same since we are only calling this function before any transaction is applied. I think we should actually consider renaming this function to fn generate_engine_transactions(&self, block: &ExecutedBlock) -> Result<Vec<_>> and document it properly. Having on_prepare_block return a list of transactions doesn't seem intuitive for me.
| @@ -35,8 +35,16 @@ pub enum EngineError { | |||
| BadSealFieldSize(OutOfBounds<usize>), | |||
| /// Validation proof insufficient. | |||
| InsufficientProof(String), | |||
| /// Randomness error in load method | |||
| RandomnessLoadError(String), | |||
There was a problem hiding this comment.
Seems that the AuRa internal randomness contract is leaking to a generic EngineError type, I think we should rather keep these under some more generic variant, especially that we never really handle them explicitly.
There was a problem hiding this comment.
Yes, I'm really unsure about how we should organize these errors (also see #10946 (comment)).
Should we call this Other(String) then? Or Other<Box<dyn Error>>?
There was a problem hiding this comment.
Yeah, either of those. I think I'm more in favor of simpler Other(String). Ideally would be if Engine had an associated type of it's custom error type, but that's way beyond the scope of this PR.
@dvdplm are you fine with Other(String) or do you like Other<Box<dyn Error>> more?
There was a problem hiding this comment.
Actually, there's already a Custom(String).
There was a problem hiding this comment.
Let's go with the existing Custom(String). Not ideal, but I agree with Tomek here: improving the error handling here is non-trivial and not in scope for this PR.
There was a problem hiding this comment.
Great! I used Custom in ab169e2.
ethcore/client-traits/src/lib.rs
Outdated
| @@ -397,30 +397,69 @@ pub trait BlockChainClient: | |||
|
|
|||
| /// Schedule state-altering transaction to be executed on the next pending block. | |||
| fn transact_contract(&self, address: Address, data: Bytes) -> Result<(), transaction::Error> { | |||
There was a problem hiding this comment.
I'd remove that method now, it's really easy to use transact instead.
This allows
AuthorityRoundvalidators to participate in a RANDAO-like RNG smart contract. We implemented it as part of POSDAO, but it would work as a standalone feature to provide on-chain randomness, too.See the description below: #10946 (comment)
Original implementation by @mbr: poanetwork#52
I'm not really happy with the fact that we can only call e.g.
isCommitPhaseon the "latest" block, i.e. the parent of the one we're currently creating, and we're including our transactions in. This means authors of randomness contracts need to check incommitHashwhether_isCommitPhase(block.number - 1).For a different feature, we actually added a
Client::call_contract_beforemethod that allows you to make calls at the current pending block: https://github.com/poanetwork/parity-ethereum/pull/140/files#diff-40c7c65265e511d07158f62712f69573R1460I.e. the call is made at the initial state of the pending block, but with the correct new block number. Do you think it would make sense to add that to
Clientand use it here instead?Another issue is that without
--force-sealing, we're not producing new blocks, even if it would be our turn to send a value to the randomness contract. I'm not sure where the right place in the code is to put a warning in that case; or where I'd even have access to bothforce_sealingandrandomness_contract_address?Is there any place where I should add documentation for the contract API?
Please let me know your thoughts!