gnosis/lighthouse
1
0
Fork 0
mirror of https://github.com/sigp/lighthouse.git synced 2026-05-31 13:17:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Resolve merge conflicts

Browse Source
This commit is contained in:
Eitan Seri- Levi
2026-03-16 02:24:50 -07:00
parent 3778e50710 4eecca6da7
commit 2f8e140a9e
270 changed files with 16594 additions and 8798 deletions
Download Patch File Download Diff File Expand all files Collapse all files

321
beacon_node/beacon_chain/src/block_verification.rs
View File

@@ -50,12 +50,13 @@
use crate::beacon_snapshot::PreProcessingSnapshot;
use crate::blob_verification::GossipBlobError;
use crate::block_verification_types::{AsBlock, BlockImportData, RpcBlock};
use crate::data_availability_checker::{AvailabilityCheckError, MaybeAvailableBlock};
use crate::block_verification_types::{AsBlock, BlockImportData, LookupBlock, RangeSyncBlock};
use crate::data_availability_checker::{
AvailabilityCheckError, AvailableBlock, AvailableBlockData, MaybeAvailableBlock,
};
use crate::data_column_verification::GossipDataColumnError;
use crate::execution_payload::{
AllowOptimisticImport, NotifyExecutionLayer, PayloadNotifier,
validate_execution_payload_for_gossip, validate_merge_block,
NotifyExecutionLayer, PayloadNotifier, validate_execution_payload_for_gossip,
};
use crate::kzg_utils::blobs_to_data_column_sidecars;
use crate::observed_block_producers::SeenBlock;
@@ -78,7 +79,7 @@ use safe_arith::ArithError;
use slot_clock::SlotClock;
use ssz::Encode;
use ssz_derive::{Decode, Encode};
use state_processing::per_block_processing::{errors::IntoWithIndex, is_merge_transition_block};
use state_processing::per_block_processing::errors::IntoWithIndex;
use state_processing::{
AllCaches, BlockProcessingError, BlockSignatureStrategy, ConsensusContext, SlotProcessingError,
VerifyBlockRoot,
@@ -97,34 +98,11 @@ use task_executor::JoinHandle;
use tracing::{Instrument, Span, debug, debug_span, error, info_span, instrument};
use types::{
BeaconBlockRef, BeaconState, BeaconStateError, BlobsList, ChainSpec, DataColumnSidecarList,
Epoch, EthSpec, ExecutionBlockHash, FullPayload, Hash256, InconsistentFork, KzgProofs,
RelativeEpoch, SignedBeaconBlock, SignedBeaconBlockHeader, Slot, data::DataColumnSidecarError,
Epoch, EthSpec, FullPayload, Hash256, InconsistentFork, KzgProofs, RelativeEpoch,
SignedBeaconBlock, SignedBeaconBlockHeader, Slot, StatePayloadStatus,
data::DataColumnSidecarError,
};
pub const POS_PANDA_BANNER: &str = r#"
,,, ,,, ,,, ,,,
;" ^; ;' ", ;" ^; ;' ",
; s$$$$$$$s ; ; s$$$$$$$s ;
, ss$$$$$$$$$$s ,' ooooooooo. .oooooo. .oooooo..o , ss$$$$$$$$$$s ,'
;s$$$$$$$$$$$$$$$ `888 `Y88. d8P' `Y8b d8P' `Y8 ;s$$$$$$$$$$$$$$$
$$$$$$$$$$$$$$$$$$ 888 .d88'888 888Y88bo. $$$$$$$$$$$$$$$$$$
$$$$P""Y$$$Y""W$$$$$ 888ooo88P' 888 888 `"Y8888o. $$$$P""Y$$$Y""W$$$$$
$$$$ p"LFG"q $$$$$ 888 888 888 `"Y88b $$$$ p"LFG"q $$$$$
$$$$ .$$$$$. $$$$ 888 `88b d88'oo .d8P $$$$ .$$$$$. $$$$
$$DcaU$$$$$$$$$$ o888o `Y8bood8P' 8""88888P' $$DcaU$$$$$$$$$$
"Y$$$"*"$$$Y" "Y$$$"*"$$$Y"
"$b.$$" "$b.$$"
.o. . o8o . .o8
.888. .o8 `"' .o8 "888
.8"888. .ooooo. .o888oooooo oooo ooo .oooo. .o888oo .ooooo. .oooo888
.8' `888. d88' `"Y8 888 `888 `88. .8' `P )88b 888 d88' `88bd88' `888
.88ooo8888. 888 888 888 `88..8' .oP"888 888 888ooo888888 888
.8' `888. 888 .o8 888 . 888 `888' d8( 888 888 .888 .o888 888
o88o o8888o`Y8bod8P' "888"o888o `8' `Y888""8o "888"`Y8bod8P'`Y8bod88P"
"#;
/// Maximum block slot number. Block with slots bigger than this constant will NOT be processed.
const MAXIMUM_BLOCK_SLOT_NUMBER: u64 = 4_294_967_296; // 2^32
@@ -334,6 +312,15 @@ pub enum BlockError {
max_blobs_at_epoch: usize,
block: usize,
},
/// The bid's parent_block_root does not match the block's parent_root.
///
/// ## Peer scoring
///
/// The block is invalid and the peer should be penalized.
BidParentRootMismatch {
bid_parent_root: Hash256,
block_parent_root: Hash256,
},
}
/// Which specific signature(s) are invalid in a SignedBeaconBlock
@@ -381,13 +368,6 @@ pub enum ExecutionPayloadError {
///
/// The block is invalid and the peer is faulty
InvalidPayloadTimestamp { expected: u64, found: u64 },
/// The execution payload references an execution block that cannot trigger the merge.
///
/// ## Peer scoring
///
/// The block is invalid and the peer sent us a block that passes gossip propagation conditions,
/// but is invalid upon further verification.
InvalidTerminalPoWBlock { parent_hash: ExecutionBlockHash },
/// The `TERMINAL_BLOCK_HASH` is set, but the block has not reached the
/// `TERMINAL_BLOCK_HASH_ACTIVATION_EPOCH`.
///
@@ -399,16 +379,6 @@ pub enum ExecutionPayloadError {
activation_epoch: Epoch,
epoch: Epoch,
},
/// The `TERMINAL_BLOCK_HASH` is set, but does not match the value specified by the block.
///
/// ## Peer scoring
///
/// The block is invalid and the peer sent us a block that passes gossip propagation conditions,
/// but is invalid upon further verification.
InvalidTerminalBlockHash {
terminal_block_hash: ExecutionBlockHash,
payload_parent_hash: ExecutionBlockHash,
},
/// The execution node is syncing but we fail the conditions for optimistic sync
///
/// ## Peer scoring
@@ -433,16 +403,11 @@ impl ExecutionPayloadError {
// This is a trivial gossip validation condition, there is no reason for an honest peer
// to propagate a block with an invalid payload time stamp.
ExecutionPayloadError::InvalidPayloadTimestamp { .. } => true,
// An honest optimistic node may propagate blocks with an invalid terminal PoW block, we
// should not penalized them.
ExecutionPayloadError::InvalidTerminalPoWBlock { .. } => false,
// This condition is checked *after* gossip propagation, therefore penalizing gossip
// peers for this block would be unfair. There may be an argument to penalize RPC
// blocks, since even an optimistic node shouldn't verify this block. We will remove the
// penalties for all block imports to keep things simple.
ExecutionPayloadError::InvalidActivationEpoch { .. } => false,
// As per `Self::InvalidActivationEpoch`.
ExecutionPayloadError::InvalidTerminalBlockHash { .. } => false,
// Do not penalize the peer since it's not their fault that *we're* optimistic.
ExecutionPayloadError::UnverifiedNonOptimisticCandidate => false,
}
@@ -526,7 +491,6 @@ impl From<ArithError> for BlockError {
#[derive(Debug, PartialEq, Clone, Encode, Decode)]
pub struct PayloadVerificationOutcome {
pub payload_verification_status: PayloadVerificationStatus,
pub is_valid_merge_transition_block: bool,
}
/// Information about invalid blocks which might still be slashable despite being invalid.
@@ -621,7 +585,7 @@ pub(crate) fn process_block_slash_info<T: BeaconChainTypes, TErr: BlockBlobError
/// will be returned.
#[instrument(skip_all)]
pub fn signature_verify_chain_segment<T: BeaconChainTypes>(
mut chain_segment: Vec<(Hash256, RpcBlock<T::EthSpec>)>,
mut chain_segment: Vec<(Hash256, RangeSyncBlock<T::EthSpec>)>,
chain: &BeaconChain<T>,
) -> Result<Vec<SignatureVerifiedBlock<T>>, BlockError> {
if chain_segment.is_empty() {
@@ -652,24 +616,14 @@ pub fn signature_verify_chain_segment<T: BeaconChainTypes>(
let consensus_context =
ConsensusContext::new(block.slot()).set_current_block_root(block_root);
match block {
RpcBlock::FullyAvailable(available_block) => {
available_blocks.push(available_block.clone());
signature_verified_blocks.push(SignatureVerifiedBlock {
block: MaybeAvailableBlock::Available(available_block),
block_root,
parent: None,
consensus_context,
});
}
RpcBlock::BlockOnly { .. } => {
// RangeSync and BackfillSync already ensure that the chain segment is fully available
// so this shouldn't be possible in practice.
return Err(BlockError::InternalError(
"Chain segment is not fully available".to_string(),
));
}
}
let available_block = block.into_available_block();
available_blocks.push(available_block.clone());
signature_verified_blocks.push(SignatureVerifiedBlock {
block: MaybeAvailableBlock::Available(available_block),
block_root,
parent: None,
consensus_context,
});
}
// TODO(gloas) When implementing range and backfill sync for gloas
// we need a batch verify kzg function in the new da checker as well.
@@ -719,7 +673,8 @@ pub struct SignatureVerifiedBlock<T: BeaconChainTypes> {
}
/// Used to await the result of executing payload with an EE.
type PayloadVerificationHandle = JoinHandle<Option<Result<PayloadVerificationOutcome, BlockError>>>;
pub type PayloadVerificationHandle =
JoinHandle<Option<Result<PayloadVerificationOutcome, BlockError>>>;
/// A wrapper around a `SignedBeaconBlock` that indicates that this block is fully verified and
/// ready to import into the `BeaconChain`. The validation includes:
@@ -888,15 +843,15 @@ impl<T: BeaconChainTypes> GossipVerifiedBlock<T> {
// Do not gossip blocks that claim to contain more blobs than the max allowed
// at the given block epoch.
if let Ok(commitments) = block.message().body().blob_kzg_commitments() {
if let Some(blob_kzg_commitments_len) = block.message().blob_kzg_commitments_len() {
let max_blobs_at_epoch = chain
.spec
.max_blobs_per_block(block.slot().epoch(T::EthSpec::slots_per_epoch()))
as usize;
if commitments.len() > max_blobs_at_epoch {
if blob_kzg_commitments_len > max_blobs_at_epoch {
return Err(BlockError::InvalidBlobCount {
max_blobs_at_epoch,
block: commitments.len(),
block: blob_kzg_commitments_len,
});
}
}
@@ -933,6 +888,24 @@ impl<T: BeaconChainTypes> GossipVerifiedBlock<T> {
let block_epoch = block.slot().epoch(T::EthSpec::slots_per_epoch());
let (parent_block, block) =
verify_parent_block_is_known::<T>(&fork_choice_read_lock, block)?;
// [New in Gloas]: Verify bid.parent_block_root matches block.parent_root.
if let Ok(bid) = block.message().body().signed_execution_payload_bid()
&& bid.message.parent_block_root != block.message().parent_root()
{
return Err(BlockError::BidParentRootMismatch {
bid_parent_root: bid.message.parent_block_root,
block_parent_root: block.message().parent_root(),
});
}
// TODO(gloas) The following validation can only be completed once fork choice has been implemented:
// The block's parent execution payload (defined by bid.parent_block_hash) has been seen
// (via gossip or non-gossip sources) (a client MAY queue blocks for processing
// once the parent payload is retrieved). If execution_payload verification of block's execution
// payload parent by an execution node is complete, verify the block's execution payload
// parent (defined by bid.parent_block_hash) passes all validation.
drop(fork_choice_read_lock);
// Track the number of skip slots between the block and its parent.
@@ -1039,8 +1012,15 @@ impl<T: BeaconChainTypes> GossipVerifiedBlock<T> {
});
}
// Validate the block's execution_payload (if any).
validate_execution_payload_for_gossip(&parent_block, block.message(), chain)?;
// [New in Gloas]: Skip payload validation checks. The payload now arrives separately
// via `ExecutionPayloadEnvelope`.
if !chain
.spec
.fork_name_at_slot::<T::EthSpec>(block.slot())
.gloas_enabled()
{
validate_execution_payload_for_gossip(&parent_block, block.message(), chain)?;
}
// Beacon API block_gossip events
if let Some(event_handler) = chain.event_handler.as_ref()
@@ -1212,15 +1192,35 @@ impl<T: BeaconChainTypes> SignatureVerifiedBlock<T> {
let result = info_span!("signature_verify").in_scope(|| signature_verifier.verify());
match result {
Ok(_) => Ok(Self {
block: MaybeAvailableBlock::AvailabilityPending {
Ok(_) => {
// gloas blocks are always available.
let maybe_available = if chain
.spec
.fork_name_at_slot::<T::EthSpec>(block.slot())
.gloas_enabled()
{
MaybeAvailableBlock::Available(
AvailableBlock::new(
block,
AvailableBlockData::NoData,
chain.data_availability_checker.v1(),
chain.spec.clone(),
)
.map_err(BlockError::AvailabilityCheck)?,
)
} else {
MaybeAvailableBlock::AvailabilityPending {
block_root: from.block_root,
block,
}
};
Ok(Self {
block: maybe_available,
block_root: from.block_root,
block,
},
block_root: from.block_root,
parent: Some(parent),
consensus_context,
}),
parent: Some(parent),
consensus_context,
})
}
Err(_) => Err(BlockError::InvalidSignature(
InvalidSignature::BlockBodySignatures,
)),
@@ -1291,11 +1291,11 @@ impl<T: BeaconChainTypes> IntoExecutionPendingBlock<T> for SignatureVerifiedBloc
}
}
impl<T: BeaconChainTypes> IntoExecutionPendingBlock<T> for RpcBlock<T::EthSpec> {
impl<T: BeaconChainTypes> IntoExecutionPendingBlock<T> for RangeSyncBlock<T::EthSpec> {
/// Verifies the `SignedBeaconBlock` by first transforming it into a `SignatureVerifiedBlock`
/// and then using that implementation of `IntoExecutionPendingBlock` to complete verification.
#[instrument(
name = "rpc_block_into_execution_pending_block_slashable",
name = "range_sync_block_into_execution_pending_block_slashable",
level = "debug"
skip_all,
)]
@@ -1309,26 +1309,51 @@ impl<T: BeaconChainTypes> IntoExecutionPendingBlock<T> for RpcBlock<T::EthSpec>
let block_root = check_block_relevancy(self.as_block(), block_root, chain)
.map_err(|e| BlockSlashInfo::SignatureNotChecked(self.signed_block_header(), e))?;
let maybe_available_block = match &self {
RpcBlock::FullyAvailable(available_block) => {
// TODO(gloas) when implementing sync for gloas we need a verify kzg function
// added to the new da checker as well.
chain
.data_availability_checker
.verify_kzg_for_available_block(available_block)
.map_err(|e| {
BlockSlashInfo::SignatureNotChecked(
self.signed_block_header(),
BlockError::AvailabilityCheck(e),
)
})?;
MaybeAvailableBlock::Available(available_block.clone())
}
// No need to perform KZG verification unless we have a fully available block
RpcBlock::BlockOnly { block, block_root } => MaybeAvailableBlock::AvailabilityPending {
block_root: *block_root,
block: block.clone(),
},
let available_block = self.into_available_block();
chain
.data_availability_checker
.verify_kzg_for_available_block(&available_block)
.map_err(|e| {
BlockSlashInfo::SignatureNotChecked(
available_block.as_block().signed_block_header(),
BlockError::AvailabilityCheck(e),
)
})?;
let maybe_available_block = MaybeAvailableBlock::Available(available_block);
SignatureVerifiedBlock::check_slashable(maybe_available_block, block_root, chain)?
.into_execution_pending_block_slashable(block_root, chain, notify_execution_layer)
}
fn block(&self) -> &SignedBeaconBlock<T::EthSpec> {
self.as_block()
}
fn block_cloned(&self) -> Arc<SignedBeaconBlock<T::EthSpec>> {
self.block_cloned()
}
}
impl<T: BeaconChainTypes> IntoExecutionPendingBlock<T> for LookupBlock<T::EthSpec> {
/// Verifies the `SignedBeaconBlock` by first transforming it into a `SignatureVerifiedBlock`
/// and then using that implementation of `IntoExecutionPendingBlock` to complete verification.
#[instrument(
name = "lookup_block_into_execution_pending_block_slashable",
level = "debug"
skip_all,
)]
fn into_execution_pending_block_slashable(
self,
block_root: Hash256,
chain: &Arc<BeaconChain<T>>,
notify_execution_layer: NotifyExecutionLayer,
) -> Result<ExecutionPendingBlock<T>, BlockSlashInfo<BlockError>> {
// Perform an early check to prevent wasting time on irrelevant blocks.
let block_root = check_block_relevancy(self.as_block(), block_root, chain)
.map_err(|e| BlockSlashInfo::SignatureNotChecked(self.signed_block_header(), e))?;
let maybe_available_block = MaybeAvailableBlock::AvailabilityPending {
block_root,
block: self.block_cloned(),
};
SignatureVerifiedBlock::check_slashable(maybe_available_block, block_root, chain)?
@@ -1352,7 +1377,7 @@ impl<T: BeaconChainTypes> ExecutionPendingBlock<T> {
/// verification must be done upstream (e.g., via a `SignatureVerifiedBlock`
///
/// Returns an error if the block is invalid, or if the block was unable to be verified.
#[instrument(skip_all, level = "debug")]
#[instrument(skip_all, level = "debug", fields(?block_root))]
pub fn from_signature_verified_components(
block: MaybeAvailableBlock<T::EthSpec>,
block_root: Hash256,
@@ -1416,27 +1441,10 @@ impl<T: BeaconChainTypes> ExecutionPendingBlock<T> {
&parent.pre_state,
notify_execution_layer,
)?;
let is_valid_merge_transition_block =
is_merge_transition_block(&parent.pre_state, block.message().body());
let payload_verification_future = async move {
let chain = payload_notifier.chain.clone();
let block = payload_notifier.block.clone();
// If this block triggers the merge, check to ensure that it references valid execution
// blocks.
//
// The specification defines this check inside `on_block` in the fork-choice specification,
// however we perform the check here for two reasons:
//
// - There's no point in importing a block that will fail fork choice, so it's best to fail
// early.
// - Doing the check here means we can keep our fork-choice implementation "pure". I.e., no
// calls to remote servers.
if is_valid_merge_transition_block {
validate_merge_block(&chain, block.message(), AllowOptimisticImport::Yes).await?;
};
// The specification declares that this should be run *inside* `per_block_processing`,
// however we run it here to keep `per_block_processing` pure (i.e., no calls to external
// servers).
@@ -1451,7 +1459,6 @@ impl<T: BeaconChainTypes> ExecutionPendingBlock<T> {
Ok(PayloadVerificationOutcome {
payload_verification_status,
is_valid_merge_transition_block,
})
};
// Spawn the payload verification future as a new task, but don't wait for it to complete.
@@ -1503,7 +1510,11 @@ impl<T: BeaconChainTypes> ExecutionPendingBlock<T> {
let distance = block.slot().as_u64().saturating_sub(state.slot().as_u64());
for _ in 0..distance {
let state_root = if parent.beacon_block.slot() == state.slot() {
// TODO(gloas): could do a similar optimisation here for Full blocks if we have access
// to the parent envelope and its `state_root`.
let state_root = if parent.beacon_block.slot() == state.slot()
&& state.payload_status() == StatePayloadStatus::Pending
{
// If it happens that `pre_state` has *not* already been advanced forward a single
// slot, then there is no need to compute the state root for this
// `per_slot_processing` call since that state root is already stored in the parent
@@ -1584,24 +1595,6 @@ impl<T: BeaconChainTypes> ExecutionPendingBlock<T> {
metrics::stop_timer(committee_timer);
/*
* If we have block reward listeners, compute the block reward and push it to the
* event handler.
*/
if let Some(ref event_handler) = chain.event_handler
&& event_handler.has_block_reward_subscribers()
{
let mut reward_cache = Default::default();
let block_reward = chain.compute_block_reward(
block.message(),
block_root,
&state,
&mut reward_cache,
true,
)?;
event_handler.register(EventKind::BlockReward(block_reward));
}
/*
* Perform `per_block_processing` on the block and state, returning early if the block is
* invalid.
@@ -1801,10 +1794,12 @@ pub fn check_block_relevancy<T: BeaconChainTypes>(
) -> Result<Hash256, BlockError> {
let block = signed_block.message();
let present_slot = chain.slot()?;
// Do not process blocks from the future.
if block.slot() > chain.slot()? {
if block.slot() > present_slot {
return Err(BlockError::FutureSlot {
present_slot: chain.slot()?,
present_slot,
block_slot: block.slot(),
});
}
@@ -1936,9 +1931,31 @@ fn load_parent<T: BeaconChainTypes, B: AsBlock<T::EthSpec>>(
// Retrieve any state that is advanced through to at most `block.slot()`: this is
// particularly important if `block` descends from the finalized/split block, but at a slot
// prior to the finalized slot (which is invalid and inaccessible in our DB schema).
//
// Post-Gloas we must also fetch a state with the correct payload status. If the current
// block builds upon the payload of its parent block, then we know the parent block is FULL
// and we need to load the full state.
let (payload_status, parent_state_root) =
if block.as_block().fork_name_unchecked().gloas_enabled()
&& let Ok(parent_bid_block_hash) = parent_block.payload_bid_block_hash()
{
if block.as_block().is_parent_block_full(parent_bid_block_hash) {
// TODO(gloas): loading the envelope here is not very efficient
let envelope = chain.store.get_payload_envelope(&root)?.ok_or_else(|| {
BeaconChainError::DBInconsistent(format!(
"Missing envelope for parent block {root:?}",
))
})?;
(StatePayloadStatus::Full, envelope.message.state_root)
} else {
(StatePayloadStatus::Pending, parent_block.state_root())
}
} else {
(StatePayloadStatus::Pending, parent_block.state_root())
};
let (parent_state_root, state) = chain
.store
.get_advanced_hot_state(root, block.slot(), parent_block.state_root())?
.get_advanced_hot_state(root, payload_status, block.slot(), parent_state_root)?
.ok_or_else(|| {
BeaconChainError::DBInconsistent(
format!("Missing state for parent block {root:?}",),
@@ -1961,7 +1978,9 @@ fn load_parent<T: BeaconChainTypes, B: AsBlock<T::EthSpec>>(
);
}
let beacon_state_root = if state.slot() == parent_block.slot() {
let beacon_state_root = if state.slot() == parent_block.slot()
&& let StatePayloadStatus::Pending = payload_status
{
// Sanity check.
if parent_state_root != parent_block.state_root() {
return Err(BeaconChainError::DBInconsistent(format!(