epoch 710 upgrade

Author: vans163

ex/lib/api/db_chain.ex

@@ -179,7 +179,7 @@ defmodule DB.Chain do
 
     # revert mmr
     case DB.MMR.snapshot_for(current_entry.hash, %{rtx: rtx}) do
-      nil  -> :ok
+      nil  -> raise "rewind: missing MMR snapshot for entry #{Base58.encode(current_entry.hash)} (height #{current_entry.header.height}); cannot restore accumulator"
       prev -> DB.MMR.save(prev, %{rtx: rtx})
     end
 
@@ -200,6 +200,7 @@ defmodule DB.Chain do
       cf_table = case mut.table do
         "contractstate" -> cf.contractstate
         "contractstate_tree" -> cf.contractstate_tree
+        "contractstate_tree_hbsmt" -> cf.contractstate_tree_hbsmt
       end
       case op do
         :put ->

ex/lib/api/db_entry.ex

@@ -90,6 +90,9 @@ defmodule DB.Entry do
 
   def apply_into_main_chain(entry, muts_hash, muts_rev, receipts, root_receipts, root_contractstate, db_opts = %{rtx: _}) do
     prev_mmr = DB.MMR.load_or_empty(db_opts)
+    if prev_mmr.size != entry.header.height do
+      raise "apply_into_main_chain: MMR size #{prev_mmr.size} != entry height #{entry.header.height}; entry is not the next block above the root, refusing to append"
+    end
     DB.MMR.snapshot_before(entry.hash, prev_mmr, db_opts)
     new_mmr = MMR.append(prev_mmr, entry.hash)
     DB.MMR.save(new_mmr, db_opts)

ex/lib/api/db_mmr.ex

@@ -78,11 +78,15 @@ defmodule DB.MMR do
   end
 
   def export_snapshot(entry_hash, db_opts \\ %{}) do
-    state = snapshot_for(entry_hash, db_opts)
-    %{
-      @sysconf_peaks => RDB.vecpak_encode(state.peaks),
-      @sysconf_size  => Integer.to_string(state.size)
-    }
+    case snapshot_for(entry_hash, db_opts) do
+      nil ->
+        raise "export_snapshot: missing MMR snapshot for rooted entry #{Base58.encode(entry_hash)}; refusing to ship a bundle without MMR state"
+      state ->
+        %{
+          @sysconf_peaks => RDB.vecpak_encode(state.peaks),
+          @sysconf_size  => Integer.to_string(state.size)
+        }
+    end
   end
 
   @doc """

ex/lib/consensus/coordination/fabric_snapshot.ex

@@ -262,17 +262,28 @@ defmodule FabricSnapshot do
       :ok
     end
 
-    defp verify_rooted_entry!(entry) do
-      res =
-        if entry[:mask] do
-          hash = :crypto.hash(:sha256, RDB.vecpak_encode(entry.header))
-          if entry[:hash] == hash, do: %{error: :ok}, else: %{error: :rooted_tip_hash_mismatch}
-        else
-          Entry.validate_signature(entry, true)
-        end
+    defp verify_rooted_entry!(entry, rtx) do
+      res = if entry[:mask] do
+        hash = :crypto.hash(:sha256, RDB.vecpak_encode(entry.header))
+        if entry[:hash] == hash, do: %{error: :ok}, else: %{error: :rooted_tip_hash_mismatch}
+      else
+        Entry.validate_signature(entry, true)
+      end
       if res.error != :ok do
         raise "bundle rooted tip failed verification: #{inspect res.error}"
       end
+
+      if entry.header.height >= Entry.root_chain_height() do
+        mmr = DB.MMR.load_or_empty(%{rtx: rtx})
+        if mmr.size != entry.header.height do
+          raise "bundle rooted tip MMR size #{mmr.size} != entry height #{entry.header.height}"
+        end
+        case Entry.check_root_chain(entry.header, mmr) do
+          :ok -> :ok
+          {:mismatch, ours, theirs} ->
+            raise "bundle rooted tip root_chain mismatch at height #{entry.header.height}; ours=#{Base58.encode(ours)} theirs=#{theirs && Base58.encode(theirs)}"
+        end
+      end
       :ok
     end
 
@@ -392,7 +403,7 @@ defmodule FabricSnapshot do
       entry = Entry.unpack_from_db(entry_packed)
       height = entry.header.height
 
-      verify_rooted_entry!(entry)
+      verify_rooted_entry!(entry, rtx)
 
       DB.Entry.insert(entry, %{rtx: rtx})
       DB.Entry.apply_into_main_chain(entry, muts_hash, muts_rev, receipts,

ex/lib/consensus/models/entry.ex

@@ -53,13 +53,6 @@ defmodule Entry do
     h (entry_hash || state_root || receipts_logs_extra_root)
     """
 
-    # :root_chain — PHASE 1 schema-only rollout.
-    # The field is whitelisted in @fields_header on every node, but proposers
-    # do NOT populate it yet (see build_next/3 below). Because Map.take only
-    # picks keys that exist on the source, current blocks (which don't carry
-    # the key) hash identically to pre-rollout. Once enough peers have shipped
-    # Phase 1, the next release flips proposers on (Phase 2). Old nodes that
-    # missed Phase 1 will reject Phase-2 blocks.
     @fields [:header, :hash, :signature, :txs, :mask, :mask_size, :mask_set_size]
     @fields_header [:height, :prev_hash, :slot, :prev_slot, :signer, :dr, :vr, :root_tx, :root_validator, :root_chain]
 
@@ -146,15 +139,19 @@ defmodule Entry do
         if !is_list(e.txs), do: throw(%{error: :txs_not_list})
         if length(e.txs) > 100, do: throw(%{error: :TEMPORARY_txs_only_100_per_entry})
 
+        # Duplicate TX check
+        tx_hashes = Enum.map(e.txs, & &1.hash)
+        if length(tx_hashes) != length(Enum.uniq(tx_hashes)), do: throw(%{error: :duplicate_tx_in_entry})
+
         if !is_binary(eh.root_tx), do: throw(%{error: :root_tx_not_binary})
         if byte_size(eh.root_tx) != 32, do: throw(%{error: :root_tx_not_256_bits})
-        if eh.root_tx != root_tx(Enum.map(e.txs, & &1.hash)), do: throw(%{error: :root_tx_invalid})
+        if eh.root_tx != root_tx(tx_hashes, eh.height), do: throw(%{error: :root_tx_invalid})
 
         if !is_binary(eh.root_validator), do: throw(%{error: :root_validator_not_binary})
         if byte_size(eh.root_validator) != 32, do: throw(%{error: :root_validator_not_256_bits})
         validators = DB.Chain.validators_for_height(eh.height)
         validators_last_change_height = DB.Chain.validators_last_change_height(eh.height)
-        if eh.root_validator != root_validator(validators, validators_last_change_height), do: throw(%{error: :root_validator_invalid})
+        if eh.root_validator != root_validator(validators, validators_last_change_height, eh.height), do: throw(%{error: :root_validator_invalid})
 
         is_special_meeting_block = !!e[:mask]
         steam = Task.async_stream(e.txs, fn txu ->
@@ -213,6 +210,13 @@ defmodule Entry do
         end
     end
 
+    def root_chain_height(), do: RDBProtocol.forkheight()
+
+    def check_root_chain(header, mmr) do
+      ours = MMR.root_chain(DB.MMR.chain_id(), mmr)
+      if header.root_chain == ours, do: :ok, else: {:mismatch, ours, header.root_chain}
+    end
+
     def validate_next(cur_entry, next_entry) do
         try do
         ceh = cur_entry.header
@@ -224,26 +228,15 @@ defmodule Entry do
         if :crypto.hash(:sha256, ceh.dr) != neh.dr, do: throw(%{error: :invalid_dr})
         if !BlsEx.verify?(neh.signer, neh.vr, ceh.vr, BLS12AggSig.dst_vrf()), do: throw(%{error: :invalid_vr})
 
-        # root_chain soft validation (log-only for now). Only runs when the
-        # proposer set the field AND our local MMR is in sync at this height.
-        # Filters bad blocks out of the candidate pool BEFORE expensive
-        # contract exec in apply_entry — so a persistently bad block doesn't
-        # DoS our apply path. Flip the IO.inspect to a `throw` to enforce.
-        case neh[:root_chain] do
-          nil -> :ok
-          theirs ->
-            mmr = DB.MMR.load_or_empty()
-            if mmr.size == neh.height do
-              ours = MMR.root_chain(DB.MMR.chain_id(), mmr)
-              if theirs != ours do
-                IO.inspect(
-                  {:root_chain_mismatch, neh.height,
-                    ours: Base.encode16(ours, case: :lower),
-                    theirs: Base.encode16(theirs, case: :lower)}
-                )
-                # throw(%{error: :root_chain_mismatch})
-              end
+        if neh.height >= root_chain_height() do
+          mmr = DB.MMR.load_or_empty()
+          if mmr.size == neh.height do
+            case check_root_chain(neh, mmr) do
+              :ok -> :ok
+              {:mismatch, ours, theirs} ->
+                throw(%{error: :root_chain_mismatch, height: neh.height, ours: Base58.encode(ours), theirs: theirs && Base58.encode(theirs)})
             end
+          end
         end
 
         chain_epoch = div(neh.height, 100_000)
@@ -278,20 +271,30 @@ defmodule Entry do
         validators = DB.Chain.validators_for_height(next_height)
         validators_last_change_height = DB.Chain.validators_last_change_height(next_height)
 
-        %{
-            header: %{
-                slot: cur_entry.header.slot + 1,
-                height: next_height,
-                prev_slot: cur_entry.header.slot,
-                prev_hash: cur_entry.hash,
-                dr: dr,
-                vr: vr,
-                signer: pk,
-                root_tx: root_tx(Enum.map(txus, & &1.hash)),
-                root_validator: root_validator(validators, validators_last_change_height)
-            },
-            txs: txus
+        header = %{
+            slot: cur_entry.header.slot + 1,
+            height: next_height,
+            prev_slot: cur_entry.header.slot,
+            prev_hash: cur_entry.hash,
+            dr: dr,
+            vr: vr,
+            signer: pk,
+            root_tx: root_tx(Enum.map(txus, & &1.hash), next_height),
+            root_validator: root_validator(validators, validators_last_change_height, next_height)
         }
+
+        header =
+          if next_height >= root_chain_height() do
+            mmr = DB.MMR.load_or_empty()
+            if mmr.size != next_height do
+              raise "build_next root_chain: MMR size #{mmr.size} != next_height #{next_height}; refusing to build (out-of-sync root_chain would halt consensus)"
+            end
+            Map.put(header, :root_chain, MMR.root_chain(DB.MMR.chain_id(), mmr))
+          else
+            header
+          end
+
+        %{header: header, txs: txus}
     end
 
     def sign(seed, entry) do
@@ -313,8 +316,12 @@ defmodule Entry do
         entry.header.height
     end
 
-    def root_tx(hashes) do
-      RDB.bintree_root(root_tx_build(hashes))
+    defp merkle_root(kvs, height) do
+      if height >= root_chain_height(), do: RDB.hbsmt_root(kvs), else: RDB.bintree_root(kvs)
+    end
+
+    def root_tx(hashes, height) do
+      merkle_root(root_tx_build(hashes), height)
     end
     def root_tx_build(hashes) do
       by_index_hash = Enum.flat_map(Enum.with_index(hashes), fn{hash, index}->
@@ -323,8 +330,8 @@ defmodule Entry do
       by_index_hash ++ [{nil, "count", "#{length(hashes)}"}]
     end
 
-    def root_validator(validator_pks, last_change_height) do
-      RDB.bintree_root(root_validator_build(validator_pks, last_change_height))
+    def root_validator(validator_pks, last_change_height, height) do
+      merkle_root(root_validator_build(validator_pks, last_change_height), height)
     end
     def root_validator_build(validator_pks, last_change_height) do
       by_index_hash = Enum.flat_map(Enum.with_index(validator_pks), fn{hash, index}->

ex/lib/native/rdb.ex

@@ -56,6 +56,7 @@ defmodule RDB do
   def compute_upow(_epoch, _segment_vr_hash, _trainer, _pop, _computor, _diff_bits, _iterations, _threads), do: :erlang.nif_error(:nif_not_loaded)
 
   def bintree_root(_propslist), do: :erlang.nif_error(:nif_not_loaded)
+  def hbsmt_root(_propslist), do: :erlang.nif_error(:nif_not_loaded)
   def bintree_root_prove(_propslist, _ns, _key), do: :erlang.nif_error(:nif_not_loaded)
   def bintree_root_verify(_expected_root, _proof, _ns, _key, _value), do: :erlang.nif_error(:nif_not_loaded)
   def bintree_contractstate_root_prove(_db, _ns, _key), do: :erlang.nif_error(:nif_not_loaded)

ex/native/rdb/src/consensus/bic/protocol.rs

@@ -1,7 +1,7 @@
 use crate::consensus::bic::coin;
 use crate::consensus::consensus_kv;
 
-pub const FORKHEIGHT: u64 = 490_00000;
+pub const FORKHEIGHT: u64 = 710_00000;
 pub const FORKHEIGHT_TESTNET: u64 = 0;
 
 pub fn forkheight(env: &crate::consensus::consensus_apply::ApplyEnv) -> u64 {
@@ -31,33 +31,23 @@ pub const COST_PER_DB_WRITE_BASE: i128 = 25_000 * 10;
 pub const COST_PER_DB_WRITE_BYTE: i128 = 250;
 
 pub fn cost_db_read_byte(env: &crate::consensus::consensus_apply::ApplyEnv) -> i128 {
-    if env.caller_env.entry_height >= forkheight(env) {
-        COST_PER_DB_READ_BYTE
-    } else {
-        COST_PER_DB_READ_BYTE
-    };
     COST_PER_DB_READ_BYTE
 }
 
 pub fn cost_db_write_byte(env: &crate::consensus::consensus_apply::ApplyEnv) -> i128 {
-    if env.caller_env.entry_height >= forkheight(env) {
-        COST_PER_DB_WRITE_BYTE
-    } else {
-        COST_PER_DB_WRITE_BYTE
-    };
     COST_PER_DB_WRITE_BYTE
 }
 
 pub const COST_PER_CALL: i128 = AMA_01_CENT;
 pub const COST_PER_DEPLOY: i128 = AMA_1_CENT; //cost to deploy contract
 pub const COST_PER_SOL: i128 = AMA_1_CENT; //cost to submit_sol
+pub const COST_PER_SLASH: i128 = AMA_1_CENT; //cost to slash_trainer (BLS aggregation over the validator set)
 pub const COST_PER_NEW_LEAF_MERKLE: i128 = COST_PER_BYTE_STATE * 128; //cost to grow the merkle tree
 
 pub const LOG_MSG_SIZE: usize = 4096; //max log line length
 pub const LOG_TOTAL_SIZE: usize = 16384; //max log total size
 pub const LOG_TOTAL_ELEMENTS: usize = 32; //max elements in list
 pub const WASM_MAX_PTR_LEN: usize = 1048576; //largest term passable from inside WASM to HOST
-                                             //pub const WASM_MAX_PTR_LEN: usize = 32768; //dont smash passed first page
 pub const WASM_MAX_PANIC_MSG_SIZE: usize = 128;
 
 pub const MAX_DB_KEY_SIZE: usize = 512;

ex/native/rdb/src/consensus/bic/wasm.rs

@@ -301,6 +301,10 @@ fn import_call_implementation(mut env: FunctionEnvMut<HostEnv>, table_ptr: i32,
     crate::consensus::consensus_kv::exec_budget_decr(applyenv, protocol::COST_PER_CALL);
     set_remaining_points(&mut store, &instance, applyenv.exec_left.max(0) as u64);
 
+    if applyenv.call_depth >= protocol::MAX_CALL_DEPTH {
+        panic_any("exec_call_depth_exceeded");
+    }
+
     let og_account_caller = applyenv.caller_env.account_caller.clone();
     let og_account_current = applyenv.caller_env.account_current.clone();
 
@@ -577,29 +581,40 @@ fn as_read_string(view: &MemoryView, ptr: i32) -> String {
     String::from_utf16_lossy(&u16_vec)
 }
 
+fn as_peek_len(view: &MemoryView, ptr: i32) -> usize {
+    let len_ptr = match (ptr as u64).checked_sub(4) {
+        Some(p) => p,
+        None => return 0,
+    };
+    let mut len_buf = [0u8; 4];
+    if view.read(len_ptr, &mut len_buf).is_err() {
+        return 0;
+    }
+    (u32::from_le_bytes(len_buf) as usize).min(protocol::WASM_MAX_PTR_LEN)
+}
+
 fn as_abort_implementation(mut env: FunctionEnvMut<HostEnv>, msg_ptr: i32, filename_ptr: i32, line: i32, column: i32) -> Result<(), RuntimeError> {
     let (data, mut store) = env.data_and_store_mut();
     let instance = data.instance.clone().unwrap_or_else(|| panic_any("exec_instance_not_injected"));
     let applyenv = unsafe { data.applyenv_ptr.as_mut() };
     budget_sync_in(&mut store, &instance, applyenv);
     let view = data.memory.clone().view(&store);
 
-    //set_return_value(applyenv, b"as_abort".to_vec());
-
+    crate::consensus::consensus_kv::exec_budget_decr(applyenv, protocol::cost_per_bytes_historical(as_peek_len(&view, msg_ptr)));
     let msg = as_read_string(&view, msg_ptr);
-    let filename = as_read_string(&view, filename_ptr);
 
-    let full_error_msg = format!("as_abort: '{}' at {}:{}:{}", msg, filename, line, column);
+    crate::consensus::consensus_kv::exec_budget_decr(applyenv, protocol::cost_per_bytes_historical(as_peek_len(&view, filename_ptr)));
+    let filename = as_read_string(&view, filename_ptr);
 
-    crate::consensus::consensus_kv::exec_budget_decr(applyenv, protocol::cost_per_bytes_historical(full_error_msg.len()));
+    // Sync the meter only after `view`'s last use (set_remaining_points needs &mut store).
     set_remaining_points(&mut store, &instance, applyenv.exec_left.max(0) as u64);
 
+    let full_error_msg = format!("as_abort: '{}' at {}:{}:{}", msg, filename, line, column);
     log_line(applyenv, full_error_msg.as_bytes().to_vec());
 
     //TODO: is this OK?
     panic_any("as_abort");
     Ok(())
-    //Err(RuntimeError::new("as_abort"))
 }
 
 fn as_seed_implementation(mut env: FunctionEnvMut<HostEnv>) -> Result<f64, RuntimeError> {
@@ -622,7 +637,7 @@ fn log_line(applyenv: &mut ApplyEnv, line: Vec<u8>) {
     if (applyenv.logs_size.saturating_add(len)) > protocol::LOG_TOTAL_SIZE {
         panic_any("exec_logs_total_size_exceeded")
     }
-    if applyenv.logs.len() > protocol::LOG_TOTAL_ELEMENTS {
+    if applyenv.logs.len() >= protocol::LOG_TOTAL_ELEMENTS {
         panic_any("exec_logs_total_elements_exceeded")
     }