diff --git a/Cargo.lock b/Cargo.lock index d559c2f1fe..cd953e6862 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2569,7 +2569,7 @@ dependencies = [ "bls", "hex", "num-bigint-dig", - "ring 0.16.20", + "ring", "sha2 0.9.9", "zeroize", ] @@ -2740,7 +2740,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c853bd72c9e5787f8aafc3df2907c2ed03cff3150c3acd94e2e53a98ab70a8ab" dependencies = [ "cpufeatures", - "ring 0.17.14", + "ring", "sha2 0.10.8", ] @@ -4592,7 +4592,7 @@ dependencies = [ "base64 0.22.1", "js-sys", "pem", - "ring 0.17.14", + "ring", "serde", "serde_json", "simple_asn1", @@ -4679,7 +4679,7 @@ version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" dependencies = [ - "spin 0.9.8", + "spin", ] [[package]] @@ -5062,7 +5062,7 @@ dependencies = [ "libp2p-tls", "quinn", "rand 0.8.5", - "ring 0.17.14", + "ring", "rustls 0.23.23", "socket2", "thiserror 2.0.12", @@ -5132,7 +5132,7 @@ dependencies = [ "libp2p-core", "libp2p-identity", "rcgen", - "ring 0.17.14", + "ring", "rustls 0.23.23", "rustls-webpki 0.101.7", "thiserror 2.0.12", @@ -6752,7 +6752,6 @@ dependencies = [ "lazy_static", "memchr", "parking_lot 0.12.3", - "protobuf", "thiserror 1.0.69", ] @@ -6823,12 +6822,6 @@ dependencies = [ "types", ] -[[package]] -name = "protobuf" -version = "2.28.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "106dd99e98437432fed6519dedecfade6a06a73bb7b2a1e019fdd2bee5778d94" - [[package]] name = "psutil" version = "3.3.0" @@ -6925,7 +6918,7 @@ dependencies = [ "bytes", "getrandom 0.2.15", "rand 0.8.5", - "ring 0.17.14", + "ring", "rustc-hash 2.1.1", "rustls 0.23.23", "rustls-pki-types", @@ -7089,7 +7082,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "75e669e5202259b5314d1ea5397316ad400819437857b90861765f24c4cf80a2" dependencies = [ "pem", - "ring 0.17.14", + "ring", "rustls-pki-types", "time", "yasna", @@ -7272,30 +7265,15 @@ dependencies = [ [[package]] name = "ring" -version = "0.16.20" +version = "0.17.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc" -dependencies = [ - "cc", - "libc", - "once_cell", - "spin 0.5.2", - "untrusted 0.7.1", - "web-sys", - "winapi", -] - -[[package]] -name = "ring" -version = "0.17.14" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a4689e6c2294d81e88dc6261c768b63bc4fcdb852be6d1352498b114f61383b7" +checksum = "70ac5d832aa16abd7d1def883a8545280c20a60f523a370aa3a9617c2b8550ee" dependencies = [ "cc", "cfg-if", "getrandom 0.2.15", "libc", - "untrusted 0.9.0", + "untrusted", "windows-sys 0.52.0", ] @@ -7516,7 +7494,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3f56a14d1f48b391359b22f731fd4bd7e43c97f3c50eee276f3aa09c94784d3e" dependencies = [ "log", - "ring 0.17.14", + "ring", "rustls-webpki 0.101.7", "sct", ] @@ -7528,7 +7506,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bf4ef73721ac7bcd79b2b315da7779d8fc09718c6b3d2d1b2d94850eb8c18432" dependencies = [ "log", - "ring 0.17.14", + "ring", "rustls-pki-types", "rustls-webpki 0.102.8", "subtle", @@ -7542,7 +7520,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "47796c98c480fce5406ef69d1c76378375492c3b0a0de587be0c1d9feb12f395" dependencies = [ "once_cell", - "ring 0.17.14", + "ring", "rustls-pki-types", "rustls-webpki 0.102.8", "subtle", @@ -7582,8 +7560,8 @@ version = "0.101.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765" dependencies = [ - "ring 0.17.14", - "untrusted 0.9.0", + "ring", + "untrusted", ] [[package]] @@ -7592,9 +7570,9 @@ version = "0.102.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "64ca1bc8749bd4cf37b5ce386cc146580777b4e8572c7b97baf22c83f444bee9" dependencies = [ - "ring 0.17.14", + "ring", "rustls-pki-types", - "untrusted 0.9.0", + "untrusted", ] [[package]] @@ -7726,8 +7704,8 @@ version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414" dependencies = [ - "ring 0.17.14", - "untrusted 0.9.0", + "ring", + "untrusted", ] [[package]] @@ -8178,7 +8156,7 @@ dependencies = [ "chacha20poly1305", "curve25519-dalek", "rand_core 0.6.4", - "ring 0.17.14", + "ring", "rustc_version 0.4.1", "sha2 0.10.8", "subtle", @@ -8194,12 +8172,6 @@ dependencies = [ "windows-sys 0.52.0", ] -[[package]] -name = "spin" -version = "0.5.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" - [[package]] name = "spin" version = "0.9.8" @@ -9218,12 +9190,6 @@ dependencies = [ "tokio-util", ] -[[package]] -name = "untrusted" -version = "0.7.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" - [[package]] name = "untrusted" version = "0.9.0" diff --git a/Cargo.toml b/Cargo.toml index bad374201d..72424e9f09 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -158,7 +158,7 @@ mockito = "1.5.0" num_cpus = "1" parking_lot = "0.12" paste = "1" -prometheus = "0.13" +prometheus = { version = "0.13", default-features = false } quickcheck = "1" quickcheck_macros = "1" quote = "1" @@ -173,7 +173,7 @@ reqwest = { version = "0.11", default-features = false, features = [ "rustls-tls", "native-tls-vendored", ] } -ring = "0.16" +ring = "0.17" rpds = "0.11" rusqlite = { version = "0.28", features = ["bundled"] } serde = { version = "1", features = ["derive"] } diff --git a/Makefile b/Makefile index 3282e4fa0e..f621f38a63 100644 --- a/Makefile +++ b/Makefile @@ -250,7 +250,7 @@ install-audit: cargo install --force cargo-audit audit-CI: - cargo audit --ignore RUSTSEC-2025-0009 --ignore RUSTSEC-2024-0437 + cargo audit # Runs `cargo vendor` to make sure dependencies can be vendored for packaging, reproducibility and archival purpose. vendor: diff --git a/beacon_node/network/src/network_beacon_processor/rpc_methods.rs b/beacon_node/network/src/network_beacon_processor/rpc_methods.rs index da8e595ddc..7beadffc06 100644 --- a/beacon_node/network/src/network_beacon_processor/rpc_methods.rs +++ b/beacon_node/network/src/network_beacon_processor/rpc_methods.rs @@ -17,7 +17,7 @@ use std::sync::Arc; use tokio_stream::StreamExt; use tracing::{debug, error, warn}; use types::blob_sidecar::BlobIdentifier; -use types::{Epoch, EthSpec, FixedBytesExtended, Hash256, Slot}; +use types::{Epoch, EthSpec, Hash256, Slot}; impl NetworkBeaconProcessor { /* Auxiliary functions */ @@ -93,20 +93,42 @@ impl NetworkBeaconProcessor { // current slot. This could be because they are using a different genesis time, or that // their or our system's clock is incorrect. Some("Different system clocks or genesis time".to_string()) - } else if remote.finalized_epoch <= local.finalized_epoch - && remote.finalized_root != Hash256::zero() - && local.finalized_root != Hash256::zero() - && self - .chain - .block_root_at_slot(start_slot(remote.finalized_epoch), WhenSlotSkipped::Prev) - .map(|root_opt| root_opt != Some(remote.finalized_root))? + } else if (remote.finalized_epoch == local.finalized_epoch + && remote.finalized_root == local.finalized_root) + || remote.finalized_root.is_zero() + || local.finalized_root.is_zero() + || remote.finalized_epoch > local.finalized_epoch { - // The remote's finalized epoch is less than or equal to ours, but the block root is - // different to the one in our chain. Therefore, the node is on a different chain and we - // should not communicate with them. - Some("Different finalized chain".to_string()) - } else { + // Fast path. Remote finalized checkpoint is either identical, or genesis, or we are at + // genesis, or they are ahead. In all cases, we should allow this peer to connect to us + // so we can sync from them. None + } else { + // Remote finalized epoch is less than ours. + let remote_finalized_slot = start_slot(remote.finalized_epoch); + if remote_finalized_slot < self.chain.store.get_oldest_block_slot() { + // Peer's finalized checkpoint is older than anything in our DB. We are unlikely + // to be able to help them sync. + Some("Old finality out of range".to_string()) + } else if remote_finalized_slot < self.chain.store.get_split_slot() { + // Peer's finalized slot is in range for a quick block root check in our freezer DB. + // If that block root check fails, reject them as they're on a different finalized + // chain. + if self + .chain + .block_root_at_slot(remote_finalized_slot, WhenSlotSkipped::Prev) + .map(|root_opt| root_opt != Some(remote.finalized_root))? + { + Some("Different finalized chain".to_string()) + } else { + None + } + } else { + // Peer's finality is older than ours, but newer than our split point, making a + // block root check infeasible. This case shouldn't happen particularly often so + // we give the peer the benefit of the doubt and let them connect to us. + None + } }; Ok(irrelevant_reason) diff --git a/beacon_node/src/cli.rs b/beacon_node/src/cli.rs index 9934d34493..e34285edbc 100644 --- a/beacon_node/src/cli.rs +++ b/beacon_node/src/cli.rs @@ -812,7 +812,7 @@ pub fn cli_app() -> Command { .long("state-cache-size") .value_name("STATE_CACHE_SIZE") .help("Specifies the size of the state cache") - .default_value("128") + .default_value("32") .action(ArgAction::Set) .display_order(0) ) @@ -1009,7 +1009,7 @@ pub fn cli_app() -> Command { database when they are older than the data availability boundary \ relative to the current epoch.") .action(ArgAction::Set) - .default_value("1") + .default_value("256") .display_order(0) ) .arg( diff --git a/book/src/help_bn.md b/book/src/help_bn.md index 4c76647c0c..cebf97023d 100644 --- a/book/src/help_bn.md +++ b/book/src/help_bn.md @@ -118,7 +118,7 @@ Options: --epochs-per-blob-prune The epoch interval with which to prune blobs from Lighthouse's database when they are older than the data availability boundary - relative to the current epoch. [default: 1] + relative to the current epoch. [default: 256] --epochs-per-migration The number of epochs to wait between running the migration of data from the hot DB to the cold DB. Less frequent runs can be useful for @@ -382,7 +382,7 @@ Options: --slots-per-restore-point DEPRECATED. This flag has no effect. --state-cache-size - Specifies the size of the state cache [default: 128] + Specifies the size of the state cache [default: 32] --suggested-fee-recipient Emergency fallback fee recipient for use in case the validator client does not have one configured. You should set this flag on the diff --git a/lighthouse/tests/beacon_node.rs b/lighthouse/tests/beacon_node.rs index 96c1b5313a..d9b40ffb1f 100644 --- a/lighthouse/tests/beacon_node.rs +++ b/lighthouse/tests/beacon_node.rs @@ -1873,7 +1873,7 @@ fn block_cache_size_flag() { fn state_cache_size_default() { CommandLineTest::new() .run_with_zero_port() - .with_config(|config| assert_eq!(config.store.state_cache_size, new_non_zero_usize(128))); + .with_config(|config| assert_eq!(config.store.state_cache_size, new_non_zero_usize(32))); } #[test] fn state_cache_size_flag() { @@ -1972,7 +1972,7 @@ fn prune_blobs_on_startup_false() { fn epochs_per_blob_prune_default() { CommandLineTest::new() .run_with_zero_port() - .with_config(|config| assert!(config.store.epochs_per_blob_prune == 1)); + .with_config(|config| assert_eq!(config.store.epochs_per_blob_prune, 256)); } #[test] fn epochs_per_blob_prune_on_startup_five() {