fix: prevent building on orphan proposed blocks#23606
Open
spalladino wants to merge 1 commit into
Open
Conversation
spalladino
added
the
ci-no-fail-fast
Collaborator
Flakey Tests🤖 says: This CI run detected 1 tests that failed, but were tolerated due to a .test_patterns.yml entry. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation
Under proposer pipelining a node can receive and reexecute the block-only proposals for a checkpoint before (or without ever) receiving the enclosing proposed checkpoint. This leaves the local tip one checkpoint ahead of the checkpointed tip with no proposed checkpoint backing it. A sequencer that then builds the next checkpoint on top of that orphan tip forks the chain off a parent no other node can follow, which was the root cause behind the sentinel CI flake.
Approach
Two complementary defenses. The sequencer's
checkSyncrefuses to proceed when the synced block's checkpoint is ahead of the checkpointed tip and no matching proposed checkpoint exists, holding the line during the window before cleanup. The archiver adds a wall-clock orphan prune that, shortly after a block's build slot ends, removes a block-only tip whose checkpoint was never proposed, restoring liveness even while L1 is quiet.Changes
checkSyncrejects syncing onto a proposed block with no matching proposed-checkpoint tip/data, logging a descriptive warning.pruneOrphanProposedBlockson the L1 synchronizer, run fromArchiver.sync()after the inbound queue drains and before L1 sync; prunes afterstart(blockSlot) + graceusing the epoch-cache pipelining offset and emitsL2PruneUncheckpointed. The existing L1-sync prune is preserved (shared prune/emit helper).orphanProposedBlockPruneGraceSecondsinArchiverSpecificConfig, archiver config mappings (ARCHIVER_ORPHAN_PROPOSED_BLOCK_PRUNE_GRACE_SECONDS),mapArchiverConfig, the synchronizer/archiver config types, and a newEnvVar.blockDurationMs / 1000when unset, falling back toMIN_EXECUTION_TIME; the archiver factory also defaults toMIN_EXECUTION_TIME.undefinedand warns; matching proposed checkpoint proceeds.