Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Snowbridge Beacon header age check #3727

Merged
merged 9 commits into from
Mar 22, 2024

Conversation

claravanstaden
Copy link
Contributor

@claravanstaden claravanstaden commented Mar 18, 2024

Bug Explanation

Adds a check that prevents finalized headers with a gap larger than the sync committee period being imported, which could cause execution headers in the gap being unprovable. The current version of the Ethereum client checks that there is a header at least every sync committee, but it doesn't check that the headers are within a sync period of each other. For example:

Header 100 (sync committee period 1)
Header 9000 (sync committee period 2)
(8900 blocks apart)

These headers are in adjacent sync committees, but more than the sync committee period (8192 blocks) apart.

The reason we need a header every 8192 slots at least, is the header is used to prove messages within the last 8192 blocks. If we import header 9000, and we receive a message to be verified at header 200, the block_roots field of header 9000 won't contain the header in order to do the ancestry check.

Environment

While running in Rococo, this edge case was discovered after the relayer was offline for a few days. It is unlikely, but not impossible, to happen again and so it should be backported to polkadot-sdk 1.7.0 (so that polkadot-fellows/runtimes can be updated with the fix).

Our Ethereum client has been operational on Rococo for the past few months, and this been the only major issue discovered so far.

Unrelated Change

An unrelated nit: Removes a left over file that should have been deleted when the parachain directory was removed.

@claravanstaden claravanstaden marked this pull request as ready for review March 21, 2024 08:43
@paritytech-review-bot paritytech-review-bot bot requested a review from a team March 21, 2024 08:44
@@ -15,8 +15,6 @@
//! ## Consensus Updates
//!
//! * [`Call::submit`]: Submit a finalized beacon header with an optional sync committee update
//! * [`Call::submit_execution_header`]: Submit an execution header together with an ancestry proof
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This does not seem relevant?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correct, reverted in 27ecafd.

@@ -286,8 +286,8 @@ impl Contains<RuntimeCall> for SafeCallFilter {
match call {
RuntimeCall::System(frame_system::Call::set_storage { items })
if items.iter().all(|(k, _)| {
k.eq(&bridging::XcmBridgeHubRouterByteFee::key()) |
Copy link
Contributor

@vgeddes vgeddes Mar 22, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While this is certainly a bug you're fixing, its still not relevant to the issue in the beacon light client. I suggest updating the PR description, saying you added some miscellaneous unrelated fixes.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I reverted this change to keep the PR as focused as possible. I added the change in this PR: #3761

@claravanstaden claravanstaden requested a review from vgeddes March 22, 2024 08:49
@acatangiu acatangiu added the R0-silent Changes should not be mentioned in any release notes label Mar 22, 2024
@acatangiu acatangiu enabled auto-merge March 22, 2024 09:23
@acatangiu acatangiu added this pull request to the merge queue Mar 22, 2024
Merged via the queue into paritytech:master with commit 3410dfb Mar 22, 2024
133 of 140 checks passed
@claravanstaden claravanstaden deleted the beacon-header-age-check branch March 22, 2024 09:51
claravanstaden added a commit to Snowfork/polkadot-sdk that referenced this pull request Mar 22, 2024
## Bug Explanation
Adds a check that prevents finalized headers with a gap larger than the
sync committee period being imported, which could cause execution
headers in the gap being unprovable. The current version of the Ethereum
client checks that there is a header at least every sync committee, but
it doesn't check that the headers are within a sync period of each
other. For example:

Header 100 (sync committee period 1)
Header 9000 (sync committee period 2)
(8900 blocks apart)

These headers are in adjacent sync committees, but more than the sync
committee period (8192 blocks) apart.

The reason we need a header every 8192 slots at least, is the header is
used to prove messages within the last 8192 blocks. If we import header
9000, and we receive a message to be verified at header 200, the
`block_roots` field of header 9000 won't contain the header in order to
do the ancestry check.

## Environment
While running in Rococo, this edge case was discovered after the relayer
was offline for a few days. It is unlikely, but not impossible, to
happen again and so it should be backported to polkadot-sdk 1.7.0 (so
that
[polkadot-fellows/runtimes](https://github.com/polkadot-fellows/runtimes)
can be updated with the fix).

Our Ethereum client has been operational on Rococo for the past few
months, and this been the only major issue discovered so far.

### Unrelated Change
An unrelated nit: Removes a left over file that should have been deleted
when the `parachain` directory was removed.

---------

Co-authored-by: claravanstaden <Cats 4 life!>
acatangiu pushed a commit that referenced this pull request Mar 22, 2024
…nsure safety margins (#3791)

This is a cherry-pick from master of
#3727 and
#3790

Expected patches for (1.7.0):
snowbridge-pallet-ethereum-client
snowbridge-pallet-inbound-queue
snowbridge-pallet-outbound-queue
snowbridge-outbound-queue-runtime-api
snowbridge-pallet-system
snowbridge-core
dharjeezy pushed a commit to dharjeezy/polkadot-sdk that referenced this pull request Mar 24, 2024
## Bug Explanation
Adds a check that prevents finalized headers with a gap larger than the
sync committee period being imported, which could cause execution
headers in the gap being unprovable. The current version of the Ethereum
client checks that there is a header at least every sync committee, but
it doesn't check that the headers are within a sync period of each
other. For example:

Header 100 (sync committee period 1)
Header 9000 (sync committee period 2)
(8900 blocks apart)

These headers are in adjacent sync committees, but more than the sync
committee period (8192 blocks) apart.

The reason we need a header every 8192 slots at least, is the header is
used to prove messages within the last 8192 blocks. If we import header
9000, and we receive a message to be verified at header 200, the
`block_roots` field of header 9000 won't contain the header in order to
do the ancestry check.

## Environment
While running in Rococo, this edge case was discovered after the relayer
was offline for a few days. It is unlikely, but not impossible, to
happen again and so it should be backported to polkadot-sdk 1.7.0 (so
that
[polkadot-fellows/runtimes](https://github.com/polkadot-fellows/runtimes)
can be updated with the fix).

Our Ethereum client has been operational on Rococo for the past few
months, and this been the only major issue discovered so far.

### Unrelated Change
An unrelated nit: Removes a left over file that should have been deleted
when the `parachain` directory was removed.

---------

Co-authored-by: claravanstaden <Cats 4 life!>
claravanstaden added a commit to Snowfork/polkadot-sdk that referenced this pull request Mar 25, 2024
…nsure safety margins (paritytech#3791)

This is a cherry-pick from master of
paritytech#3727 and
paritytech#3790

Expected patches for (1.7.0):
snowbridge-pallet-ethereum-client
snowbridge-pallet-inbound-queue
snowbridge-pallet-outbound-queue
snowbridge-outbound-queue-runtime-api
snowbridge-pallet-system
snowbridge-core
claravanstaden added a commit to Snowfork/polkadot-sdk that referenced this pull request Mar 25, 2024
…nsure safety margins (paritytech#3791)

This is a cherry-pick from master of
paritytech#3727 and
paritytech#3790

Expected patches for (1.7.0):
snowbridge-pallet-ethereum-client
snowbridge-pallet-inbound-queue
snowbridge-pallet-outbound-queue
snowbridge-outbound-queue-runtime-api
snowbridge-pallet-system
snowbridge-core
acatangiu added a commit that referenced this pull request Mar 26, 2024
…nsure safety margins (#3814)

This is a cherry-pick from master of
#3790 and
#3727

Expected patches for (1.8.0):
snowbridge-pallet-ethereum-client
snowbridge-pallet-inbound-queue
snowbridge-pallet-outbound-queue
snowbridge-outbound-queue-runtime-api
snowbridge-pallet-system
snowbridge-core

---------

Co-authored-by: Vincent Geddes <vincent@snowfork.com>
Co-authored-by: Vincent Geddes <vincent.geddes@hey.com>
Co-authored-by: Adrian Catangiu <adrian@parity.io>
acatangiu added a commit that referenced this pull request Mar 26, 2024
…nsure safety margins (#3815)

This is a cherry-pick from master of
#3790 and
#3727

Expected patches for (1.9.0):
snowbridge-pallet-ethereum-client
snowbridge-pallet-inbound-queue
snowbridge-pallet-outbound-queue
snowbridge-outbound-queue-runtime-api
snowbridge-pallet-system
snowbridge-core

---------

Co-authored-by: Vincent Geddes <vincent@snowfork.com>
Co-authored-by: Vincent Geddes <vincent.geddes@hey.com>
Co-authored-by: Adrian Catangiu <adrian@parity.io>
acatangiu referenced this pull request May 16, 2024
…c committee in next store period (#4482)

This is a cherry-pick from master of
[#3790 and
https://github.com/paritytech/polkadot-sdk/pull/3727](https://github.com/paritytech/polkadot-sdk/pull/4478)

Expected patches for (1.7.0):
snowbridge-pallet-ethereum-client

Co-authored-by: Vincent Geddes <117534+vgeddes@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
R0-silent Changes should not be mentioned in any release notes
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants