From 34e8a93be958788902d0df8da4eb16585e3ee9c6 Mon Sep 17 00:00:00 2001 From: Matthias <5011972+fasmat@users.noreply.github.com> Date: Thu, 8 Aug 2024 08:54:23 +0000 Subject: [PATCH 1/2] Remove cmd line option to scan for malfeasant ATXs --- activation/verify_state.go | 90 --------------------------------- activation/verify_state_test.go | 69 ------------------------- cmd/root.go | 3 -- config/config.go | 3 -- config/mainnet.go | 3 +- node/node.go | 9 ---- 6 files changed, 1 insertion(+), 176 deletions(-) delete mode 100644 activation/verify_state.go delete mode 100644 activation/verify_state_test.go diff --git a/activation/verify_state.go b/activation/verify_state.go deleted file mode 100644 index 3300444c84..0000000000 --- a/activation/verify_state.go +++ /dev/null @@ -1,90 +0,0 @@ -package activation - -import ( - "context" - "fmt" - "time" - - "go.uber.org/zap" - - awire "github.com/spacemeshos/go-spacemesh/activation/wire" - "github.com/spacemeshos/go-spacemesh/codec" - "github.com/spacemeshos/go-spacemesh/log" - "github.com/spacemeshos/go-spacemesh/malfeasance/wire" - "github.com/spacemeshos/go-spacemesh/sql" - "github.com/spacemeshos/go-spacemesh/sql/atxs" - "github.com/spacemeshos/go-spacemesh/sql/identities" -) - -func CheckPrevATXs(ctx context.Context, logger *zap.Logger, db sql.Executor) error { - collisions, err := atxs.PrevATXCollisions(db) - if err != nil { - return fmt.Errorf("get prev ATX collisions: %w", err) - } - - logger.Info("found ATX collisions", zap.Int("count", len(collisions))) - count := 0 - for _, collision := range collisions { - select { - case <-ctx.Done(): - // stop on context cancellation - return ctx.Err() - default: - } - - if collision.NodeID1 != collision.NodeID2 { - logger.Panic( - "unexpected collision", - log.ZShortStringer("NodeID1", collision.NodeID1), - log.ZShortStringer("NodeID2", collision.NodeID2), - log.ZShortStringer("ATX1", collision.ATX1), - log.ZShortStringer("ATX2", collision.ATX2), - ) - } - - malicious, err := identities.IsMalicious(db, collision.NodeID1) - if err != nil { - return fmt.Errorf("get malicious status: %w", err) - } - - if malicious { - // already malicious no need to generate proof - continue - } - - // we are ignoring the ATX version, because as of now we only have V1 - // by the time we have V2, this function is not needed anymore and can be deleted - var blob sql.Blob - var atx1 awire.ActivationTxV1 - if _, err := atxs.LoadBlob(ctx, db, collision.ATX1.Bytes(), &blob); err != nil { - return fmt.Errorf("get blob %s: %w", collision.ATX1.ShortString(), err) - } - codec.MustDecode(blob.Bytes, &atx1) - - var atx2 awire.ActivationTxV1 - if _, err := atxs.LoadBlob(ctx, db, collision.ATX2.Bytes(), &blob); err != nil { - return fmt.Errorf("get blob %s: %w", collision.ATX2.ShortString(), err) - } - codec.MustDecode(blob.Bytes, &atx2) - - proof := &wire.MalfeasanceProof{ - Layer: atx1.PublishEpoch.FirstLayer(), - Proof: wire.Proof{ - Type: wire.InvalidPrevATX, - Data: &wire.InvalidPrevATXProof{ - Atx1: atx1, - Atx2: atx2, - }, - }, - } - - encodedProof := codec.MustEncode(proof) - if err := identities.SetMalicious(db, collision.NodeID1, encodedProof, time.Now()); err != nil { - return fmt.Errorf("add malfeasance proof: %w", err) - } - - count++ - } - logger.Info("created malfeasance proofs", zap.Int("count", count)) - return nil -} diff --git a/activation/verify_state_test.go b/activation/verify_state_test.go deleted file mode 100644 index 26446d5926..0000000000 --- a/activation/verify_state_test.go +++ /dev/null @@ -1,69 +0,0 @@ -package activation - -import ( - "context" - "math/rand/v2" - "testing" - - "github.com/stretchr/testify/require" - "go.uber.org/zap/zaptest" - - "github.com/spacemeshos/go-spacemesh/activation/wire" - "github.com/spacemeshos/go-spacemesh/common/types" - "github.com/spacemeshos/go-spacemesh/signing" - "github.com/spacemeshos/go-spacemesh/sql" - "github.com/spacemeshos/go-spacemesh/sql/atxs" - "github.com/spacemeshos/go-spacemesh/sql/identities" -) - -func Test_CheckPrevATXs(t *testing.T) { - db := sql.InMemory() - logger := zaptest.NewLogger(t) - - // Arrange - sig, err := signing.NewEdSigner() - require.NoError(t, err) - - // create two ATXs with the same PrevATXID - prevATXID := types.RandomATXID() - goldenATXID := types.RandomATXID() - - atx1 := newInitialATXv1(t, goldenATXID, func(atx *wire.ActivationTxV1) { - atx.PrevATXID = prevATXID - atx.PublishEpoch = 2 - }) - atx1.Sign(sig) - vAtx1 := toAtx(t, atx1) - require.NoError(t, atxs.Add(db, vAtx1, atx1.Blob())) - - atx2 := newInitialATXv1(t, goldenATXID, func(atx *wire.ActivationTxV1) { - atx.PrevATXID = prevATXID - atx.PublishEpoch = 3 - }) - atx2.Sign(sig) - vAtx2 := toAtx(t, atx2) - require.NoError(t, atxs.Add(db, vAtx2, atx2.Blob())) - - // create 100 random ATXs that are not malicious - for i := 0; i < 100; i++ { - otherSig, err := signing.NewEdSigner() - require.NoError(t, err) - atx := newInitialATXv1(t, types.RandomATXID(), func(atx *wire.ActivationTxV1) { - atx.PrevATXID = types.RandomATXID() - atx.NumUnits = rand.Uint32() - atx.PublishEpoch = rand.N[types.EpochID](100) - }) - atx.Sign(otherSig) - vAtx := toAtx(t, atx) - require.NoError(t, atxs.Add(db, vAtx, atx.Blob())) - } - - // Act - err = CheckPrevATXs(context.Background(), logger, db) - require.NoError(t, err) - - // Assert - malicious, err := identities.IsMalicious(db, sig.NodeID()) - require.NoError(t, err) - require.True(t, malicious) -} diff --git a/cmd/root.go b/cmd/root.go index 5d8409cfad..1f64748904 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -79,9 +79,6 @@ func AddFlags(flagSet *pflag.FlagSet, cfg *config.Config) (configPath *string) { flagSet.DurationVar(&cfg.DatabasePruneInterval, "db-prune-interval", cfg.DatabasePruneInterval, "configure interval for database pruning") - flagSet.BoolVar(&cfg.ScanMalfeasantATXs, "scan-malfeasant-atxs", cfg.ScanMalfeasantATXs, - "scan for malfeasant ATXs") - flagSet.BoolVar(&cfg.NoMainOverride, "no-main-override", cfg.NoMainOverride, "force 'nomain' builds to run on the mainnet") diff --git a/config/config.go b/config/config.go index aac864e8da..b289ba722b 100644 --- a/config/config.go +++ b/config/config.go @@ -122,9 +122,6 @@ type BaseConfig struct { PruneActivesetsFrom types.EpochID `mapstructure:"prune-activesets-from"` - // ScanMalfeasantATXs is a flag to enable scanning for malfeasant ATXs. - ScanMalfeasantATXs bool `mapstructure:"scan-malfeasant-atxs"` - NetworkHRP string `mapstructure:"network-hrp"` // MinerGoodAtxsPercent is a threshold to decide if tortoise activeset should be diff --git a/config/mainnet.go b/config/mainnet.go index 996ddbc7da..30d6a71e09 100644 --- a/config/mainnet.go +++ b/config/mainnet.go @@ -80,8 +80,7 @@ func MainnetConfig() Config { DatabaseConnections: 16, DatabasePruneInterval: 30 * time.Minute, DatabaseVacuumState: 15, - PruneActivesetsFrom: 12, // starting from epoch 13 activesets below 12 will be pruned - ScanMalfeasantATXs: false, // opt-in + PruneActivesetsFrom: 12, // starting from epoch 13 activesets below 12 will be pruned NetworkHRP: "sm", LayerDuration: 5 * time.Minute, diff --git a/node/node.go b/node/node.go index 95a0b05dec..ac8dc5e5f0 100644 --- a/node/node.go +++ b/node/node.go @@ -2005,15 +2005,6 @@ func (app *App) setupDBs(ctx context.Context, lg log.Log) error { datastore.WithConsensusCache(data), ) - if app.Config.ScanMalfeasantATXs { - app.log.With().Info("checking DB for malicious ATXs") - start = time.Now() - if err := activation.CheckPrevATXs(ctx, app.log.Zap(), app.db); err != nil { - return fmt.Errorf("malicious ATX check: %w", err) - } - app.log.With().Info("malicious ATX check completed", log.Duration("duration", time.Since(start))) - } - migrations, err = sql.LocalMigrations() if err != nil { return fmt.Errorf("load local migrations: %w", err) From 8da25101b5841e78e4bbfb08595615f52b2903e1 Mon Sep 17 00:00:00 2001 From: Matthias <5011972+fasmat@users.noreply.github.com> Date: Thu, 8 Aug 2024 08:58:22 +0000 Subject: [PATCH 2/2] Update CHANGELOG --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 462b887df9..e237b3aafb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,9 @@ See [RELEASE](./RELEASE.md) for workflow instructions. ### Upgrade information +The command line flag `--scan-malfeasant-atxs` has been removed. All malfeasant ATXs before 1.6.0 have been marked as +such and the node will continue to scan new ATXs for their validity. + ### Highlights ### Features @@ -699,6 +702,7 @@ and permanent ineligibility for rewards. * [#5494](https://github.com/spacemeshos/go-spacemesh/pull/5494) Make routing discovery more configurable and less spammy by default. + * [#5511](https://github.com/spacemeshos/go-spacemesh/pull/5511) Fix dialing peers on their private IPs, which was causing "portscan" complaints.