From 042aef452dec501c74fd08a03d9f24ac4ab9cffe Mon Sep 17 00:00:00 2001 From: Roman Khimov Date: Fri, 26 Mar 2021 22:16:46 +0300 Subject: [PATCH 1/6] stateroot: Extensible messages must have proper category --- pkg/services/stateroot/network.go | 1 + pkg/services/stateroot/validators.go | 1 + 2 files changed, 2 insertions(+) diff --git a/pkg/services/stateroot/network.go b/pkg/services/stateroot/network.go index 21174c3a5..af8e6fceb 100644 --- a/pkg/services/stateroot/network.go +++ b/pkg/services/stateroot/network.go @@ -81,6 +81,7 @@ func (s *service) sendValidatedRoot(r *state.MPTRoot, priv *keys.PrivateKey) { m := NewMessage(RootT, r) m.EncodeBinary(w.BinWriter) ep := &payload.Extensible{ + Category: Category, ValidBlockStart: r.Index, ValidBlockEnd: r.Index + transaction.MaxValidUntilBlockIncrement, Sender: priv.GetScriptHash(), diff --git a/pkg/services/stateroot/validators.go b/pkg/services/stateroot/validators.go index fbd9a88d2..3a56041c4 100644 --- a/pkg/services/stateroot/validators.go +++ b/pkg/services/stateroot/validators.go @@ -68,6 +68,7 @@ func (s *service) signAndSend(r *state.MPTRoot) error { return w.Err } e := &payload.Extensible{ + Category: Category, ValidBlockStart: r.Index, ValidBlockEnd: r.Index + transaction.MaxValidUntilBlockIncrement, Sender: s.getAccount().PrivateKey().GetScriptHash(), From 1fdd4062340bbdb53649cd9e0784d6c482f02c0f Mon Sep 17 00:00:00 2001 From: Roman Khimov Date: Fri, 26 Mar 2021 22:34:21 +0300 Subject: [PATCH 2/6] stateroot: drop unused function --- pkg/services/stateroot/signature.go | 6 ------ 1 file changed, 6 deletions(-) diff --git a/pkg/services/stateroot/signature.go b/pkg/services/stateroot/signature.go index 3ebbcbeb2..5262473f0 100644 --- a/pkg/services/stateroot/signature.go +++ b/pkg/services/stateroot/signature.go @@ -33,12 +33,6 @@ type ( } ) -func newIncompleteRoot() *incompleteRoot { - return &incompleteRoot{ - sigs: make(map[string]*rootSig), - } -} - func (r *incompleteRoot) reverify(net netmode.Magic) { for _, sig := range r.sigs { if !sig.ok { From 56fd375c6d367864c411941c8988423de75b84f7 Mon Sep 17 00:00:00 2001 From: Roman Khimov Date: Fri, 26 Mar 2021 22:55:08 +0300 Subject: [PATCH 3/6] core: move stateroot check into header check As it's a part of the header. --- pkg/core/blockchain.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/pkg/core/blockchain.go b/pkg/core/blockchain.go index face98d17..e8ae39980 100644 --- a/pkg/core/blockchain.go +++ b/pkg/core/blockchain.go @@ -501,12 +501,6 @@ func (bc *Blockchain) AddBlock(block *block.Block) error { return fmt.Errorf("%w: %v != %v", ErrHdrStateRootSetting, bc.config.StateRootInHeader, block.StateRootEnabled) } - if bc.config.StateRootInHeader { - if sr := bc.stateRoot.CurrentLocalStateRoot(); block.PrevStateRoot != sr { - return fmt.Errorf("%w: %s != %s", - ErrHdrInvalidStateRoot, block.PrevStateRoot.StringLE(), sr.StringLE()) - } - } if block.Index == bc.HeaderHeight()+1 { err := bc.addHeaders(bc.config.VerifyBlocks, &block.Header) @@ -1391,6 +1385,12 @@ var ( ) func (bc *Blockchain) verifyHeader(currHeader, prevHeader *block.Header) error { + if bc.config.StateRootInHeader { + if sr := bc.stateRoot.CurrentLocalStateRoot(); currHeader.PrevStateRoot != sr { + return fmt.Errorf("%w: %s != %s", + ErrHdrInvalidStateRoot, currHeader.PrevStateRoot.StringLE(), sr.StringLE()) + } + } if prevHeader.Hash() != currHeader.PrevHash { return ErrHdrHashMismatch } From d143696328459bad3634b85c2d7ed5d3cf175ad9 Mon Sep 17 00:00:00 2001 From: Roman Khimov Date: Sat, 27 Mar 2021 00:13:19 +0300 Subject: [PATCH 4/6] stateroot: try to fix MPT caching/updating It was completely ruined by bf20db09e05fae4d7e3ef142b823bab8df32ce7e. MPT was updating bc.dao directly which shouldn't ever happen, it must write into the same cache and then Persist these KVs as usual. --- pkg/core/blockchain.go | 5 ++++- pkg/core/native_management_test.go | 3 ++- pkg/core/stateroot/module.go | 35 ++++++++++++++++++++---------- pkg/core/stateroot/store.go | 21 +++++------------- 4 files changed, 36 insertions(+), 28 deletions(-) diff --git a/pkg/core/blockchain.go b/pkg/core/blockchain.go index e8ae39980..41c2758e2 100644 --- a/pkg/core/blockchain.go +++ b/pkg/core/blockchain.go @@ -731,7 +731,8 @@ func (bc *Blockchain) storeBlock(block *block.Block, txpool *mempool.Pool) error d := cache.DAO.(*dao.Simple) b := d.GetMPTBatch() - if err := bc.stateRoot.AddMPTBatch(block.Index, b); err != nil { + mpt, sr, err := bc.stateRoot.AddMPTBatch(block.Index, b, d.Store) + if err != nil { // Here MPT can be left in a half-applied state. // However if this error occurs, this is a bug somewhere in code // because changes applied are the ones from HALTed transactions. @@ -761,6 +762,8 @@ func (bc *Blockchain) storeBlock(block *block.Block, txpool *mempool.Pool) error return err } + mpt.Store = bc.dao.Store + bc.stateRoot.UpdateCurrentLocal(mpt, sr) bc.topBlock.Store(block) atomic.StoreUint32(&bc.blockHeight, block.Index) bc.memPool.RemoveStale(func(tx *transaction.Transaction) bool { return bc.IsTxStillRelevant(tx, txpool, false) }, bc) diff --git a/pkg/core/native_management_test.go b/pkg/core/native_management_test.go index 790deb469..b0f441e68 100644 --- a/pkg/core/native_management_test.go +++ b/pkg/core/native_management_test.go @@ -557,7 +557,8 @@ func TestContractDestroy(t *testing.T) { err = bc.dao.PutStorageItem(cs1.ID, []byte{1, 2, 3}, state.StorageItem{3, 2, 1}) require.NoError(t, err) b := bc.dao.GetMPTBatch() - require.NoError(t, bc.GetStateModule().(*stateroot.Module).AddMPTBatch(bc.BlockHeight(), b)) + _, _, err = bc.GetStateModule().(*stateroot.Module).AddMPTBatch(bc.BlockHeight(), b, bc.dao.Store) + require.NoError(t, err) t.Run("no contract", func(t *testing.T) { res, err := invokeContractMethod(bc, 1_00000000, mgmtHash, "destroy") diff --git a/pkg/core/stateroot/module.go b/pkg/core/stateroot/module.go index fa6f5127d..ec0aa6fb6 100644 --- a/pkg/core/stateroot/module.go +++ b/pkg/core/stateroot/module.go @@ -110,20 +110,33 @@ func (s *Module) Init(height uint32, enableRefCount bool) error { } // AddMPTBatch updates using provided batch. -func (s *Module) AddMPTBatch(index uint32, b mpt.Batch) error { - if _, err := s.mpt.PutBatch(b); err != nil { - return err +func (s *Module) AddMPTBatch(index uint32, b mpt.Batch, cache *storage.MemCachedStore) (*mpt.Trie, *state.MPTRoot, error) { + mpt := *s.mpt + mpt.Store = cache + if _, err := mpt.PutBatch(b); err != nil { + return nil, nil, err } - s.mpt.Flush() - err := s.addLocalStateRoot(&state.MPTRoot{ + mpt.Flush() + sr := &state.MPTRoot{ Index: index, - Root: s.mpt.StateRoot(), - }) - if err != nil { - return err + Root: mpt.StateRoot(), + } + err := s.addLocalStateRoot(cache, sr) + if err != nil { + return nil, nil, err + } + return &mpt, sr, err +} + +// UpdateCurrentLocal updates local caches using provided state root. +func (s *Module) UpdateCurrentLocal(mpt *mpt.Trie, sr *state.MPTRoot) { + s.mpt = mpt + s.currentLocal.Store(sr.Root) + s.localHeight.Store(sr.Index) + if s.bc.GetConfig().StateRootInHeader { + s.validatedHeight.Store(sr.Index) + updateStateHeightMetric(sr.Index) } - _, err = s.Store.Persist() - return err } // VerifyStateRoot checks if state root is valid. diff --git a/pkg/core/stateroot/store.go b/pkg/core/stateroot/store.go index 865073159..ff3b1a6cb 100644 --- a/pkg/core/stateroot/store.go +++ b/pkg/core/stateroot/store.go @@ -14,30 +14,21 @@ const ( prefixValidated = 0x03 ) -func (s *Module) addLocalStateRoot(sr *state.MPTRoot) error { +func (s *Module) addLocalStateRoot(store *storage.MemCachedStore, sr *state.MPTRoot) error { key := makeStateRootKey(sr.Index) - if err := s.putStateRoot(key, sr); err != nil { + if err := putStateRoot(store, key, sr); err != nil { return err } data := make([]byte, 4) binary.LittleEndian.PutUint32(data, sr.Index) - if err := s.Store.Put([]byte{byte(storage.DataMPT), prefixLocal}, data); err != nil { - return err - } - s.currentLocal.Store(sr.Root) - s.localHeight.Store(sr.Index) - if s.bc.GetConfig().StateRootInHeader { - s.validatedHeight.Store(sr.Index) - updateStateHeightMetric(sr.Index) - } - return nil + return store.Put([]byte{byte(storage.DataMPT), prefixLocal}, data) } -func (s *Module) putStateRoot(key []byte, sr *state.MPTRoot) error { +func putStateRoot(store *storage.MemCachedStore, key []byte, sr *state.MPTRoot) error { w := io.NewBufBinWriter() sr.EncodeBinary(w.BinWriter) - return s.Store.Put(key, w.Bytes()) + return store.Put(key, w.Bytes()) } func (s *Module) getStateRoot(key []byte) (*state.MPTRoot, error) { @@ -72,7 +63,7 @@ func (s *Module) AddStateRoot(sr *state.MPTRoot) error { if len(local.Witness) != 0 { return nil } - if err := s.putStateRoot(key, sr); err != nil { + if err := putStateRoot(s.Store, key, sr); err != nil { return err } From 216513e14f32e58e719553d3bcd9c4a127f6d355 Mon Sep 17 00:00:00 2001 From: Roman Khimov Date: Sat, 27 Mar 2021 00:31:22 +0300 Subject: [PATCH 5/6] stateroot: reject validated root if it doesn't match local one Prevent 2021-03-27T00:05:23.382+0300 WARN blockQueue: failed adding block into the blockchain {"error": "error while trying to apply MPT changes: key not found", "blockHeight": 12757, "nextIndex": 12758} after node restart (node reads "local" root hash that it doesn't have). --- pkg/core/stateroot/store.go | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/pkg/core/stateroot/store.go b/pkg/core/stateroot/store.go index ff3b1a6cb..9efcf7c5f 100644 --- a/pkg/core/stateroot/store.go +++ b/pkg/core/stateroot/store.go @@ -2,12 +2,20 @@ package stateroot import ( "encoding/binary" + "errors" + "fmt" "github.com/nspcc-dev/neo-go/pkg/core/state" "github.com/nspcc-dev/neo-go/pkg/core/storage" "github.com/nspcc-dev/neo-go/pkg/io" ) +var ( + // ErrStateMismatch means that local state root doesn't match the one + // signed by state validators. + ErrStateMismatch = errors.New("stateroot mismatch") +) + const ( prefixGC = 0x01 prefixLocal = 0x02 @@ -60,6 +68,9 @@ func (s *Module) AddStateRoot(sr *state.MPTRoot) error { if err != nil { return err } + if !local.Root.Equals(sr.Root) { + return fmt.Errorf("%w at block %d: %v vs %v", ErrStateMismatch, sr.Index, local.Root, sr.Root) + } if len(local.Witness) != 0 { return nil } From 3b4dde05c373ccc06d68bd04263ba7c46e846de2 Mon Sep 17 00:00:00 2001 From: Roman Khimov Date: Sat, 27 Mar 2021 00:32:15 +0300 Subject: [PATCH 6/6] stateroot: handle ErrStateMismatch internally It's a local problem and returning error from here leads to peer disconnect that isn't solving anything. --- pkg/services/stateroot/service.go | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/pkg/services/stateroot/service.go b/pkg/services/stateroot/service.go index d8ebc4249..ba3a35998 100644 --- a/pkg/services/stateroot/service.go +++ b/pkg/services/stateroot/service.go @@ -9,6 +9,7 @@ import ( "github.com/nspcc-dev/neo-go/pkg/core/block" "github.com/nspcc-dev/neo-go/pkg/core/blockchainer" "github.com/nspcc-dev/neo-go/pkg/core/state" + "github.com/nspcc-dev/neo-go/pkg/core/stateroot" "github.com/nspcc-dev/neo-go/pkg/crypto/keys" "github.com/nspcc-dev/neo-go/pkg/io" "github.com/nspcc-dev/neo-go/pkg/network/payload" @@ -107,7 +108,12 @@ func (s *service) OnPayload(ep *payload.Extensible) error { if sr.Index == 0 { return nil } - return s.AddStateRoot(sr) + err := s.AddStateRoot(sr) + if errors.Is(err, stateroot.ErrStateMismatch) { + s.log.Error("can't add SV-signed state root", zap.Error(err)) + return nil + } + return err case VoteT: v := m.Payload.(*Vote) return s.AddSignature(v.Height, v.ValidatorIndex, v.Signature)