These are quite serious: if they occur there's a good chance that the
local SN state data is wrong. (At default logging they aren't printed
at all, and really should be).
This also fixes and adds more detail in the the "height is not stored"
error.
These are quite serious: if they occur there's a good chance that the
local SN state data is wrong. (At default logging they aren't printed
at all, and really should be).
This also fixes and adds more detail in the the "height is not stored"
error.
This adds a thread-local, pre-seeded rng at `tools::rng` (to avoid the
multiple places we are creating + seeding such an RNG currently).
This also moves the portable uniform value and generic shuffle code
there as well as neither function is specific to service nodes and this
seems a logical place for them.
We don't impose any alignment on hashable types, but this means the
hashing function is doing invalid misaligned access when converting to a
size_t. This aligns all of the primitive data types (crypto::hash,
public keys, etc.) to the same alignment as size_t.
That cascades into a few places in epee which only allow byte spanning
types that have byte alignment when what it really requires is just that
the type has no padding. In C++17 this is exactly the purpose of
std::has_unique_object_representations, but that isn't available (or
even implementable) in C++14 so add specializations for the type that
need it to tell epee that we know those types are properly packed and
that it can safely use them as bytes.
Related to this, monero/epee also misuses `is_standard_layout` when the
purpose is actually `is_trivially_copyable`, so fixed that too. (You
need the latter but don't need the former for a type to be safely
memcpy'able; the only purpose of `is_standard_layout` is when you need
to be sure your structs are compatible with C structs which is
irrelevant here).
This is the bulk of the work for blink. There is two pieces yet to come
which will follow shortly, which are: the p2p communication of blink
transactions (which needs to be fully synchronized, not just shared,
unlike regular mempool txes); and an implementation of fee burning.
Blink approval, multi-quorum signing, cli wallet and node support for
submission denial are all implemented here.
This overhauls and fixes various parts of the SNNetwork interface to fix
some issues (particularly around non-SN communication with SNs, which
wasn't working).
There are also a few sundry FIXME's and TODO's of other minor details
that will follow shortly under cleanup/testing/etc.
The owning pointer is stashed in a unique_ptr so that it gets properly
destroyed; everything else gets a plain pointer to it.
(Ideally it would be std::optional instead, but that's not until C++17)
Currently we store it as various different things: 3 separate ints, 2
u16s, 3 separate u16s, and a vector of u16s. This unifies all version
values to a `std::array<uint16_t,3>`.
- LOKI_VERSION_{MAJOR,MINOR,PATCH} are now just LOKI_VERSION
- The previous LOKI_VERSION (C-string of the version) is now renamed
LOKI_VERSION_STR
A related change included here is that the restricted RPC now returns
the major version in the get_info rpc call instead of an empty string
(e.g. "5" instead of ""). There is almost certainly enough difference
in the RPC results to distinguish major versions already so this doesn't
seem like it actually leaks anything significant.
This adds vote relaying via quorumnet.
- The main glue between existing code and quorumnet code is in
cryptonote_protocol/quorumnet.{h,cpp}
- Uses function pointers assigned at initialization to call into the
glue without making cn_core depend on p2p
- Adds ed25519 and quorumnet port to uptime proofs and serialization.
- Added a second uptime proof signature using the ed25519 key to that
SNs are proving they actually have it (otherwise they could spoof
someone else's pubkey).
- Adds quorumnet port, defaulting to zmq rpc port + 1. quorumnet
listens on the p2p IPv4 address (but broadcasts the `public_ip` to the
network).
- Derives x25519 when received or deserialized.
- Converted service_info_info::version_t into a scoped enum (with the
same underlying type).
- Added contribution_t::version_t scoped enum. It was using
service_info_info::version for a 0 value which seemed rather wrong.
Random small details:
- Renamed internal `arg_sn_bind_port` for consistency
- Moved default stagenet ports from 38153-38155 to 38056-38058, and add the default stagenet
quorumnet port at 38059 (this keeps the range contiguous; otherwise the next stagenet default port
would collide with the testnet p2p port).
This allows a `"if_block_not_equal": "hash"` parameter to be given to
`get_n_service_nodes` which, if the given value matches the current
top block hash, skips building and returning a reply.
This is primarily aimed at lokinet which polls fairly frequenty for an
update but where the vast majority of those polls contain no new
information.
It also removes the get_all_service_nodes_public_keys RPC request
completely as lokinet was the only consumer of it (particularly unlikely
that anyone else was using this because it was returning the keys
base32z-encoded).
Neither of these have a place in modern C++11; boost::value_initialized
is entirely superseded by `Type var{};` which does value initialization
(or default construction if a default constructor is defined). More
problematically, each `boost::value_initialized<T>` requires
instantiation of another wrapping templated type which is a pointless
price to pay the compiler in C++11 or newer.
Also removed is the AUTO_VAL_INIT macro (which is just a simple macro
around constructing a boost::value_initialized<T>).
BOOST_FOREACH is a similarly massive pile of code to implement
C++11-style for-each loops. (And bizarrely it *doesn't* appear to fall
back to C++ for-each loops even when under a C++11 compiler!)
This removes both entirely from the codebase.
If major/minor are uint8_t then printing them tries to print characters
rather than numbers. Changing them to uint16_t seems the easiest fix
(and agrees with the type we use for storing version parts in proofs).
This required a bit of reworking - without the duplication we only have
a const iterator so can't reuse it later for a non-const iterator, so
store the found contributor by index instead.
This generates a ed25519 keypair (and from it derives a x25519 keypair)
and broadcasts the ed25519 pubkey in HF13 uptime proofs.
This auxiliary key will be used both inside lokid (starting in HF14) in
places like the upcoming quorumnet code where we need a standard
pub/priv keypair that is usable in external tools (e.g. sodium) without
having to reimplement the incompatible (though still 25519-based) Monero
pubkey format.
This pulls it back into HF13 from the quorumnet code because the
generation code is ready now, and because there may be opportunities to
use this outside of lokid (e.g. in the storage server and in lokinet)
before HF14. Broadcasting it earlier also allows us to be ready to go
as soon as HF14 hits rather than having to wait for every node to have
sent a post-HF14 block uptime proof.
For a similar reason this adds a placeholder for the quorumnet port in
the uptime proof: currently the value is just set to 0 and ignored, but
allowing it to be passed will allow upgraded loki 6.x nodes to start
sending it to each other without having to wait for the fork height so
that they can start using it immediately when HF14 begins.
This puts the SN pubkey/privkey into a single struct (which have
ed25519/x25519 keys added to it in the future), which simplifies various
places to just pass the struct rather than storing and passing the
pubkey and privkey separately.
- Replace a bunch of repetitive proof rejection rules with a macro +
HF requirement version loop.
- Remove mostly unused MAX_KEY_IMAGES_PER_CONTRIBUTOR variable. It has
always been set to 1 (and so doesn't actually do anything). If we
wanted to increase it at this point we'd have to add multiple
HF-guarded versions of it and HF-version guard the code anyway, so
seems simpler to just drop it.
- Simplify the max contributor/max contribution logic and merge it in
with the existing contributor code (this is made easier by the above
dropped variable).
* Add a 1 atomic unit fudge factor on reward calculations
If the thread's rounding mode is different (because RandomX changed it
in the current thread or in the thread that generated the block) then
the reward calculation can be up to 1 atomic unit off. This lets those
pass rather than rejecting the block.
(I tested LOKI's reward calculations up to height 10M to verify that the
maximum error in reward values is never off by more than 1).
* Remove partial_block_reward
This variable is not actually used anywhere.
* Add 1ULP tolerance for SN reward checks
* Rewrite confusing logic and error
- fix the broken error message which was printing "base(base+fees)" instead
of "total(base+fees)".
- improve the error message wording to actually indicate what the values
signify.
- don't use base_reward as a temporary value (the intermediate value
assigned to it is completely replaced later anyway).
- use some better variable names to describe what is happening here
* Add check for overflow
This is so that we can validly print an error in quorum_cop on the
heights that are actually not being stored in the daemon VS a service
node network that has insufficient nodes to form the quorum.
Update core test to enforce this constraint
* Add temporary HF12/13 code to switch to validators for checkpointing
* Don't use target height for verifying vote age
You wouldn't have the quorum calculated to verify the vote in the first place.
* Update core tests to use validators for checkpoints
If a peer views the destination peer as not synchronizing, then the
destination peer should just accept the uptime proof, rather than accept
it and then conditionally relay it depending on whether or not you are
synchronizing at the point of attempting to relay (which you could
transition into synchronizing state interim between accepting and
attempting to relay the proof).
Otherwise we get into a ping-pong situation as follows
Node1 sends uptime ->
Node2 receives uptime and relays it back to Node1 for acknowledgement ->
Node1 receives it, handle_uptime_proof returns true to acknowledge ->
Node1 tries to resend to the same peers again
Instead, if we receive our own uptime proof, then acknowledge but don't
send on. If the we are missing an uptime proof it will have been
submitted automatically by the daemon itself instead of using my own
proof relayed by other nodes.
Remove using crypto, using cryptonote, using epee in chaingen
Add loki prefix to data structures, cleanup warts
Remove the need for get_static_keys(), remove useless functions and
attempt to remove some pointless function overloading that puts too many
levels of indirection and makes it harder to follow code execution.
Rehaul tests further, persist test generator when replaying through core
The class used to generate the testing events to replay through core is
now preserved. This subtle change simplifies a big chunk of core testing
in that we can remove the need for using callbacks to track events in
the events vector.
Add preliminary checkpoint/alt service node tests
Allow inlining of fail cases for test conditions
Add more checkpoint core tests
add_block in generator is parameterised with checkpoints
Add test to check chain with equal checkpoints
Add test for chain reorging when recieving enough votes for checkpoint
Move service node list methods to state_t methods
Add querying state from alt blocks and put key image parsing into function
Incorporate hash into state_t to find alt states
Add a way to query alternate testing quorums
Rebase cleanup
only_serialize_quorums should set only_store_quorums flag
Simplify detach logic since we don't need constants anymore
Move state storage comment to ::store
Fix off by one in detach on recent states
If we are re-deriving states we still also need the historical quorums
such that we can process incoming blocks with state changes. Without it,
state changes will be ignored and skipped causing inconsistent state in
the service node list.
This mandates a rescan and stores the most recent in state_ts, and only
just quorums for states preceeding 10k intervals. We can no longer store
the 1st most recent state in the DB as that will be missing quorums as
well for similar reason when rederiving on start-up.
When a node gets recommissioned in 4.0.4 we reset its timestamp to the
current time to delay obligations checks for newly recommissioned nodes,
but this reset caused problems:
- the code runs not only when a fresh block is received, but also when
syncing or rescanning, and so time(NULL) gets used to update the
node's timestamp even if it is an old record, and since proof info is
shared across states, the affects the current state.
- as a result of the above, a just-rescanned node that has been
decommissioned at some point in the past will think it has just sent a
proof, and so won't send any proofs for an hour.
- A just-rescanned node won't accept or relay any proofs for any node
that was recommissioned in its scan for the first half an hour, but this
lack of relaying can cause chaos in getting uptime proofs out across the
network, especially while we still have 4.0.3 nodes that need it.
To address the first issue, this switches the recommissioning to use the
block timestamp rather than the current timestamp. This *will* be
slightly delayed in the case of current blocks (since a block timestamp
is the time the pool *started* working on the block, which is generally
the time the previous block was found on the network), but even with an
exceptionally long block delay (e.g. 20 minutes) we are still fending
off obligations checks for 1h40m.
That would partially fix issues 2 and 3, but we actually don't want a
recommissioning to look like a received uptime proof for a couple
reasons:
- When we haven't actually received an uptime proof it's confusing to
report that we have (at the recommission time) and may mask an
underlying issue of a node that isn't actually sending proofs for some
reason (which might be more common for a node that has just been
decommissioned/recommissioned). There's also a related weird state
here for nodes that have come on recently: they think the SN is
active, but have 0's for IP and storage server port.
- 4.0.3 nodes don't get the updated timestamp and so really need the
proof to come through even when the 4.0.4 nodes don't think it's
important/acceptable.
So to also fix these, this commits adds an "effective_timestamp" to the
proof info: if it is larger than the actual timestamp field, we use it
instead of the actual one for obligations checking. On a recommission,
we update only the effective field so that we can delay obligations
checking for a couple of hours without delaying actual proofs info going
over the network.
If we are re-deriving states we still also need the historical quorums
such that we can process incoming blocks with state changes. Without it,
state changes will be ignored and skipped causing inconsistent state in
the service node list.
This mandates a rescan and stores the most recent in state_ts, and only
just quorums for states preceeding 10k intervals. We can no longer store
the 1st most recent state in the DB as that will be missing quorums as
well for similar reason when rederiving on start-up.
We can't delete all state change TX's on blockchain increment incase the
state change came from an alternative block. We must keep them around
even if they would conflict with another state change because if we
switch chains, they need to be present for the block to still be
considered valid.
Add a .size() check when checking for is_migrated_from_v403 because when
reinitialise is true, m_state_history does not necessarily have any
elements (in tests atleast).
This converts the stored service_node_info value into a
`shared_ptr<const service_node_info>` rather than a plain
`service_node_info`. This yields a huge performance benefit by
significantly eliminating the vast majority of service_node_info
construction, destruction, and copying.
Most of the time when we copy a service_node_info nothing in it has
changed, which means we're storing exactly the same thing; this means an
extra construction for every SN info on every block *and* an extra
destruction when we cull old stored history. By using a
shared_ptr, the vast majority of those constructions and destructions
are eliminated.
The immediately previous commit (upon which this one builds) already
reduced a full rescan from 180s to 171s; this commit further reduces
that time to 104s, or about 42% reduced from the rescan time required
before this pair of commits. (All timings are from the dev.lokinet.org
box, tested over multiple runs with the entire lmdb cached in memory).
With the shared_ptr approach, we only make a copy when a change is
actually needed: because of infrequent (at the per-SN level) events like
a state_change, received reward, contribution, etc. The contained
reference is deliberately `const` so that values are not changeable;
there's a new function that does an explicit copying duplication,
returning the new non-const and storing the const ref in the shared
pointer.
Related to this is a small change (and fix) to how proof info and
public_ip/storage_port are stored: rather than store the values in the
service_node_info struct itself, they now gets stored in a shared_ptr
inside the service_node_info that intentionally gets shared among all
copies of the service_node_info (that is, a SN info copy deliberately
copies the pointer rather than the values). This also moves the ip/port
values into the proof struct, since that seemed much easier than
maintaining a separate shared_ptr for each value.
Previously, because these were stored as values in the service_node_info
they would actually get rolled back in the event of a reorg, but that
seems highly undesirable: you would end up rolling back to the old
values of the uptime proof and ip address (for example), but that should
not happen: those values are not dependent on the blockchain and so
should not be affected by a reorg/rollback. With this change they
aren't since there is only one actual proof stored.
Note that the shared storage here only applies to in-memory states;
states loaded from the db will still be duplicated.
This commit makes various simplifications and optimizations, mainly in
the service node list code.
All in all, this shaves about 5% of the CPU time used for re-processing
the entire service node list.
In particular:
- changed m_state_history from a std::vector to a std::set that sorts on
height. This is responsible for the bulk of the CPU reduction by
significant reducing the amount of work required for checkpoint
culling, which has to shuffle a lot of `state_t`s around when removing
from the midde of a vector.
- the above also allows replacing the binary-search `std::lower_bound`
complexity with a much simpler `find()`.
- since the history is now always sorted, removed the error messages
related to sorting that either can't happen (on store) or don't matter
(on load).
- Added some converting constructors to simplify code (for example, a
`state_t` can now be very usefully constructed from an r-value
`state_serialized`).
- Many construct + moves (and a couple construct + copy) were replaced
with in-place constructions.
- removed some unused variables
Ordinarily on shut down we would discard the quorum states that are
converted and serialised once on initial start up with the new software.
If this is lost, we would not be able to process incoming votes or any
state changes and essentially halt without forcing a way to rescan the
service node list back to a consistent state.
* Update state transition check to account for height and universally set timestamp on recommission
Reject invalidated state changes by their height after HF13
* Prune invalidated state changes on blockchain increment
Simplify check_tx_inputs for state_changes by using service node list
Instead of querying the last 60 historical blocks for every transaction,
use the service node list and determine the state of the service node
and if it can transition to its new state.
We also now enforce at hardfork 13, that the network cannot commit
transactions to the network if they would have been invalidated by
a newer state change that already is already on the blockchain.
This is backwards compatible all the way back to hardfork 9.
Greatly simplify state change tx pruning on block added
Use the new stricter rules for pruning state changes in the txpool
We can do so because pruning the TX pool won't cause issues at the
protocol level, but the more people we can upgrade the better network
behaviour we get in terms of propagating more intrinsically correct
ordering of state changes to other peers.
* Don't generate state changes if not valid, disallow voting if node is non-votable
* Store the oldest state in the MAX_SHORT_TERM_STATE_HISTORY window
Rederive the rest on startup, this way we only need to store states for
10k intervals + 1 state every block temporarily removing the overhead of
having to serialise 30+(every 10k interval) states every block which was
taking upto 15ms~ per block on mainnet.
* Store quorums into the state class
This is setup work to allow only storing one service node list state and
rederiving the rest of the state at runtime in memory without having to
waste space storing the extra 360 quorums every block which is the
biggest bottleneck with syncing the blockchain adding around ~15ms per
block after Service Nodes are activated.
* Derive quorums using correct state, record duration of scan
* Don't fail load if quorums empty, save progress on rescan
Storing quorums in quorum states is now optional because quorums are
stored with the state objects. Quorums are only stored in the dedicated
data structure if you requested to store quorum history so for most
users this will be empty.
* Store state upto quorum lifetime to match previous behaviour
* Make store every 10k states more robust
* Corectly use lower bound to find quorum
* Code review
Increase the range to mitigate frequent rescanning when reorganising,
technically with checkpointing we only need up to the 2nd oldest
checkpoint, but I'm sure there's some case we're forgetting that would
benefit from a larger rollback range.
Also considering there were only 160 events in the month with a mass
deregistration- keeping 2 days worth of rollbacks around is not going to
be too expensive.
Start storing service node list state for past blocks
Separate quorums and reduce storage to 1 days worth
Don't use pointer, declare m_state by value
Fix rebase to dev
Fix double serialise of service node state and expensive blob copy
std::move quorums into storage, reserve vector size
Don't +1 checkpoint finality height
Code review
Code review 2
* Add disabled-by-default quorum storage support
This adds support for storing N blocks of recent expired quorum state
history in lokid (and dumping to/from the lmdb).
This isn't useful for regular nodes (and that's why we don't store it)
but is incredibly useful for the block explorer to be able to report
*which* node got deregistered/decommissioned/etc. by a given
state_change tx.
* Fix quorum states copy
As recent bugs have demonstrated, requiring the caller to have offset
the quorum by 11 is highly error prone. This commit moves the offset
into `get_testing_quorum` itself so that any caller asking for the
quorum for vote height 12345 just asks for it rather than having to
remember to subtract 11 to get at the correct generating block.
Because of how the serialization code works, these gets stored as
quorums with empty members, but we don't want them at all so just skip
loading them when the height says it should be empty.
This was causing mass checkpoint deregistrations for missed votes
because 3/4 of the checkpointing "quorums" being identified were not
(and not supposed to be) voted on.
* Only dupe check state changes against the latest valid change
* Check the service node info for dupe state change
* Gate dupe state changes behind HF12
* Actually properly gate dupe state change and revert breaking changes
* Use is_decommissioned() to get service node state, change msg log level
service_node_list::store() was called on destruction, but destruction
can happen before it is set up with the database pointer (hence the
segfault). Fix it to just silently return if not set up yet.
* Add deregistration of checkpoints by checking how many votes are missed
Move uptime proofs and add checkpoint counts in the service_node_list
because we typically prune uptime proofs by time, but it seems we want
to switch to a model where we persist proof data until the node expires
otherwise currently we would prune uptime entries and potentially our
checkpoint vote counts which would cause premature deregistration as the
expected vote counts start mismatching with the number of received
votes.
* Revise deregistration
* Fix test breakages
* uint16_t for port, remove debug false, min votes to 2 in integration mode
* Fix integration build
This adds a new obligations quorum vote "ip_change_penalty" that gets
triggered if the quorum has received multiple IPs advertised in uptime
proofs from a service node in the past 24 hours. Upon reception of such
a transaction the SN gets bumped to the bottom of the reward list.
The vast majority of the time `is_active()` is what we actually want.
Most of these are just a name change, but there is also one important
fix here to the next-winner list which needs to use active, not
fully-funded.
* core: do not commit half constructed batch db txn
* Add defer macro
* Revert dumb extra copy/move change
* Fix pop_blocks not calling hooks, fix BaseTestDB missing prototypes
* Merge ServiceNodeCheckpointing5 branch, syncing and integration fixes
* Update tests to compile with relaxed-registration changes
* Get back to feature parity pre-relaxed registration changes
* Remove debug changes noticed in code review and some small bugs
The replaces the deregistration mechanism with a new state change
mechanism (beginning at the v12 fork) which can change a service node's
network status via three potential values (and is extensible in the
future to handle more):
- deregistered -- this is the same as the existing deregistration; the
SN is instantly removed from the SN list.
- decommissioned -- this is a sort of temporary deregistration: your SN
remains in the service node list, but is removed from the rewards list
and from any network duties.
- recommissioned -- this tx is sent by a quorum if they observe a
decommissioned SN sending uptime proofs again. Upon reception, the SN
is reactivated and put on the end of the reward list.
Since this is broadening the quorum use, this also renames the relevant
quorum to a "obligations" quorum (since it validates SN obligations),
while the transactions are "state_change" transactions (since they
change the state of a registered SN).
The new parameters added to service_node_rules.h control how this works:
// Service node decommissioning: as service nodes stay up they earn "credits" (measured in blocks)
// towards a future outage. A new service node starts out with INITIAL_CREDIT, and then builds up
// CREDIT_PER_DAY for each day the service node remains active up to a maximum of
// DECOMMISSION_MAX_CREDIT.
//
// If a service node stops sending uptime proofs, a quorum will consider whether the service node
// has built up enough credits (at least MINIMUM): if so, instead of submitting a deregistration,
// it instead submits a decommission. This removes the service node from the list of active
// service nodes both for rewards and for any active network duties. If the service node comes
// back online (i.e. starts sending the required performance proofs again) before the credits run
// out then a quorum will reinstate the service node using a recommission transaction, which adds
// the service node back to the bottom of the service node reward list, and resets its accumulated
// credits to 0. If it does not come back online within the required number of blocks (i.e. the
// accumulated credit at the point of decommissioning) then a quorum will send a permanent
// deregistration transaction to the network, starting a 30-day deregistration count down.
This commit currently includes values (which are not necessarily
finalized):
- 8 hours (240 blocks) of credit required for activation of a
decommission (rather than a deregister)
- 0 initial credits at registration
- a maximum of 24 hours (720 blocks) of credits
- credits accumulate at a rate that you hit 24 hours of credits after 30
days of operation.
Miscellaneous other details of this PR:
- a new TX extra tag is used for the state change (including
deregistrations). The old extra tag has no version or type tag, so
couldn't be reused. The data in the new tag is slightly more
efficiently packed than the old deregistration transaction, so it gets
used for deregistrations (starting at the v12 fork) as well.
- Correct validator/worker selection required generalizing the shuffle
function to be able to shuffle just part of a vector. This lets us
stick any down service nodes at the end of the potential list, then
select validators by only shuffling the part of the index vector that
contains active service indices. Once the validators are selected, the
remainder of the list (this time including decommissioned SN indices) is
shuffled to select quorum workers to check, thus allowing decommisioned
nodes to be randomly included in the nodes to check without being
selected as a validator.
- Swarm recalculation was not quite right: swarms were recalculated on
SN registrations, even if those registrations were include shared node
registrations, but *not* recalculated on stakes. Starting with the
upgrade this behaviour is fixed (swarms aren't actually used currently
and aren't consensus-relevant so recalculating early won't hurt
anything).
- Details on decomm/dereg are added to RPC info and print_sn/print_sn_status
- Slightly improves the % of reward output in the print_sn output by
rounding it to two digits, and reserves space in the output string to
avoid excessive reallocations.
- Adds various debugging at higher debug levels to quorum voting (into
all of voting itself, vote transmission, and vote reception).
- Reset service node list internal data structure version to 0. The SN
list has to be rescanned anyway at upgrade (its size has changed), so we
might as well reset the version and remove the version-dependent
serialization code. (Note that the affected code here is for SN states
in lmdb storage, not for SN-to-SN communication serialization).
This converts the transaction type and version to scoped enum, giving
type safety and making the tx type assignment less error prone because
there is no implicit conversion or comparison with raw integers that has
to be worried about.
This ends up converting any use of `cryptonote::transaction::type_xyz`
to `cryptonote::transaction::txtype::xyz`. For version, names like
`transaction::version_v4` become `cryptonote::txversion::v4_tx_types`.
This also allows/includes various other simplifications related to or
enabled by this change:
- handle `is_deregister` dynamically in serialization code (setting
`type::standard` or `type::deregister` rather than using a
version-determined union)
- `get_type()` is no longer needed with the above change: it is now
much simpler to directly access `type` which will always have the
correct value (even for v2 or v3 transaction types). And though there
was an assertion on the enum value, `get_type()` was being used only
sporadically: many places accessed `.type` directly.
- the old unscoped enum didn't have a type but was assumed castable
to/from `uint16_t`, which technically meant there was potential
undefined behaviour when deserializing any type values >= 8.
- tx type range checks weren't being done in all serialization paths;
they are now. Because `get_type()` was not used everywhere (lots of
places simply accessed `.type` directory) these might not have been
caught.
- `set_type()` is not needed; it was only being used in a single place
(wallet2.cpp) and only for v4 txes, so the version protection code was
never doing anything.
- added a std::ostream << operator for the enum types so that they can be
output with `<< tx_type <<` rather than needing to wrap it in
`type_to_string(tx_type)` everywhere. For the versions, you get the
annotated version string (e.g. 4_tx_types) rather than just the number
4.
* Initial updates to allow syncing of checkpoints in protocol_handler
* Handle checkpoints in prepare_handle_incoming_blocks
* Debug changes for testing, cancel changes later
* Add checkpoint pruning code
* Reduce DB checkpoint accesses, sync votes for up to 60 blocks
* Remove duplicate lifetime variable
* Move parsing checkpoints to above early return for consistency
* Various integration test fixes
- Don't try participate in quorums at startup if you are not a service node
- Add lock for when potentially writing to the DB
- Pre-existing batch can be open whilst updating checkpoint so can't use
DB guards
- Temporarily emit the ban message using msgwriter instead of logs
* Integration mode bug fixes
- Always deserialize empty quorums so get_testing_quorum only fails when
an actual critical error has occurred
- Cache the last culled height so we don't needlessly query the DB over
the same heights trying to delete already-deleted checkpoints
- Submit votes when new blocks arrive for more reliable vote
transportation
* Undo debug changes for testing
* Update incorrect DB message and stale comment
* Incorporate service node ip address into uptime proofs; expose them using rpc
* Check that storage server port is specified in service-node mode
* Remove problematic const, rename argument name for storage port, update comments
* Validate ip address when receive uptime proof
* Better argument names and descriptions
* Unify checkpointing and uptime quorums
* Begin making checkpoints cull old votes/checkpoints
* Begin rehaul of service node code out of core, to assist checkpoints
* Begin overhaul of votes to move resposibility into quorum_cop
* Update testing suite to work with the new system
* Remove vote culling from checkpoints and into voting_pool
* Fix bugs making integration deregistration fail
* Votes don't always specify an index in the validators
* Update tests for validator index member change
* Rename deregister to voting, fix subtle hashing bug
Update the deregister hash derivation to use uint32_t as originally set
not uint64_t otherwise this affects the result and produces different
results.
* Remove un-needed nettype from vote pool
* PR review, use <algorithms>
* Rename uptime_deregister/uptime quorums to just deregister quorums
* Remove unused add_deregister_vote, move side effect out of macro
* unit tests and core tests for new queueless swarm assignment logic
* new bufferless swarm assignment logic
* new lines
* Address reviews
* Improve node stealing logic
* unit tests for additional functions
* get_excess_pool to return early if the threshold is lower than MIN_SWARM_SIZE
* Address reviews
* another round of reviews
* Move new_swarm_vector inside loop
* Rebase changes: moved get_new_swarm_id to service_node_swarm.cpp
* reserve vector size for all_ids in get_new_swarm_id
* Add the minimal fix for prepare registration failing by dust amounts
* Add dust redistribution at final step
* Comment and clean up useless lines
* Add fudge factor for dust amounts
* Avoid possible overflow with portions if contributor 1 is insufficient
* Cleanup and undoing some protocol breakages
* Simplify expiration of nodes
* Request unlock schedules entire node for expiration
* Fix off by one in expiring nodes
* Undo expiring code for pre v10 nodes
* Fix RPC returning register as unlock height and not checking 0
* Rename key image unlock height const
* Undo testnet hardfork debug changes
* Remove is_type for get_type, fix missing var rename
* Move serialisable data into public namespace
* Serialise tx types properly
* Fix typo in no service node known msg
* Code review
* Fix == to >= on serialising tx type
* Code review 2
* Fix tests and key image unlock
* Add command to print locked key images
* Update ui to display lock stakes, query in print cmd blacklist
* Modify print stakes to be less slow
* Remove autostaking code
* Refactor staking into sweep functions
It appears staking was derived off stake_main written separately at
implementation at the beginning. This merges them back into a common
code path, after removing autostake there's only some minor differences.
It also makes sure that any changes to sweeping upstream are going to be
considered in the staking process which we want.
* Display unlock height for stakes
* Begin creating output blacklist
* Make blacklist output a migration step
* Implement get_output_blacklist for lmdb
* In wallet output selection ignore blacklisted outputs
* Apply blacklisted outputs to output selection
* Fix broken tests, switch key image unlock
* Fix broken unit_tests
* Begin change to limit locked key images to 4 globally
* Revamp prepare registration for new min contribution rules
* Fix up old back case in prepare registration
* Remove debug code
* Cleanup debug code and some unecessary changes
* Fix migration step on mainnet db
* Fix blacklist outputs for pre-existing DB's
* Remove irrelevant note
* Tweak scanning addresses for locked stakes
Since we only now allow contributions from the primary address we can
skip checking all subaddress + lookahead to speed up wallet scanning
* Define macro for SCNu64 for Mingw
* Fix failure on empty DB
* Add missing error msg, remove contributor from stake
* Improve staking messages
* Flush prompt to always display
* Return the msg from stake failure and fix stake parsing error
* Tweak fork rules for smaller bulletproofs
* Tweak pooled nodes minimum amounts
* Fix crash on exit, there's no need to store on destructor
Since all information about service nodes is derived from the blockchain
and we store state every time we receive a block, storing in the
destructor is redundant as there is no new information to store.
* Make prompt be consistent with CLI
* Check max number of key images from per user to node
* Implement error message on get_output_blacklist failure
* Remove resolved TODO's/comments
* Handle infinite staking in print_sn
* Atoi->strtol, fix prepare_registration, virtual override, stale msgs
* Remove dead branches in hot-path check_tx_inputs
Also renames #define for mixins to better match naming convention
* Shuffle around some more code into common branches
* Fix min/max tx version rules, since there 1 tx v2 on v9 fork
* First draft infinite staking implementation
* Actually generate the right key image and expire appropriately
* Add framework to lock key images after expiry
* Return locked key images for nodes, add request unlock option
* Introduce transaction types for key image unlock
* Update validation steps to accept tx types, key_image_unlock
* Add mapping for lockable key images to amounts
* Change inconsistent naming scheme of contributors
* Create key image unlock transaction type and process it
* Update tx params to allow v4 types and as a result construct_tx*
* Fix some serialisation issues not sending all the information
* Fix dupe tx extra tag causing incorrect deserialisation
* Add warning comments
* Fix key image unlocks parsing error
* Simplify key image proof checks
* Fix rebase errors
* Correctly calculate the key image unlock times
* Blacklist key image on deregistration
* Serialise key image blacklist
* Rollback blacklisted key images
* Fix expiry logic error
* Disallow requesting stake unlock if already unlocked client side
* Add double spend checks for key image unlocks
* Rename get_staking_requirement_lock_blocks
To staking_initial_num_lock_blocks
* Begin modifying output selection to not use locked outputs
* Modify output selection to avoid locked/blacklisted key images
* Cleanup and undoing some protocol breakages
* Simplify expiration of nodes
* Request unlock schedules entire node for expiration
* Fix off by one in expiring nodes
* Undo expiring code for pre v10 nodes
* Fix RPC returning register as unlock height and not checking 0
* Rename key image unlock height const
* Undo testnet hardfork debug changes
* Remove is_type for get_type, fix missing var rename
* Move serialisable data into public namespace
* Serialise tx types properly
* Fix typo in no service node known msg
* Code review
* Fix == to >= on serialising tx type
* Code review 2
* Fix tests and key image unlock
* Add additional test, fix assert
* Remove debug code in wallet
* Fix merge dev problem
* create get_service_node_list rpc call
currently does nothing, just a shell (that compiles)
* implement get_all_service_node_keys rpc call
* change get_all_service_node_keys rpc to use json rpc
also change the result to be vector of hex strings rather than binary keys
* Make nodes be plural, add hex to base32z for keys
Base32z for Lokinet internal usage
* Add option to return fully funded service nodes only
* Add nullptr check for conversion
* Add assert for incorrect usage of to base32z
* Allow `prepare_registration` to work on command-line
This allows you to use `lokid prepare_registration` to generate a
registration command via RPC commands to the lokid, which is
particularly useful when the lokid is running non-interactively as a
system service.
Without this it is necessary to stop the lokid service, start it
manually, run the prepare_registration, then stop lokid and restart it
via the system service.
This also rewrites the description of the prepare_registration command to
remove the reference to saving to disk.
* make getting registration command more user-friendly via rpc
* better error message for get registration command rpc
* move get_service_node_registration_cmd into prepare_registration
* show error message on unsuccessful registration in simplewallet as well
* Enable staking in GUI wallet
* Move more helper functions into service_node_rules.h
* Move validation of arguments for staking into wallet2
* call stake validation from within create_stake_tx
* Add multiple governance keys
* Batch governance payments to every interval blocks
* Batching of gov rewards and fix breakages in tests
* Add changes to api for working with core tests
* Clean up left over debug stuff
* more cleanup
* Fix uninitialised batched governance value
* Remove dependency on blockchain in tx utils
* Remove redundant vector reserve
* Make scanning code more robust and compliant with core_tests
* Fix incorrect call to get_hard_fork_version
* On clear, start height from hardfork 9 height.
* updated checkpoints to remove early hardfork chainsplit
* Service Nodes Safe Guard (#246)
* Enforce stake and registration to always be atleast v3
* Scan from hardfork 9 height
* Remove get quorum state URI endpoint, use json rpc only (#199)
* core_tests: test that deregister tx make it into full blocks
* correct derivation of the service nodes winner in core tests
* core_tests: check deregistrations with non-zero fee declined
* core_tests: linear chain generator refactoring
* core_tests: test deregister safety buffer
* fix build error with const elements
* remote unnecessary const from return type
* core: submit uptime proof immediately after registering
* Increase visibility of autostaking prompts
* quorum_cop: changed uptime proof prune timeout to 2 hours 10 minutes
* cleanup: removed scope limiting block
* check_tx_inputs: fix deregister double spend test to include deregisters from other heights
* config: new testnet network id, genesis tx, and version bump
* wallet2: fix testnet wallet blockheight approximation
* Fix change in address format in RPC which broke parsing and pooling contributors (#184)
* Fix service node endpoints for RPC to also use stdout (#185)
* fixed some further rct core tests (#180)
* Fix service node state by calling detached hooks on failure to switch to alt chain (#188)
* fixed block verification core tests (#186)
* fixed block verification core tests
* core tests: removed gen_block_miner_tx_out_is_small which is only relevant to hardfork version 1
* Don't consider expired deregistrations when filling block template
* Add unit tests for getting staking requirement (#191)
* First service node test (#190)
* core_tests: added service node tests
* core_tests: check balance after registration tx
* Fix underflow for popping rollback events (#189)
* Move deregistration age check into check_tx_inputs
* Zero initialise rct_signatures member txnFee is a uint64_t and has uninit values
* Enforce that deregisters must be 0 fee since we skip checks
* Add unit tests for vote validation (#193)
* Add unit tests for deregistration validation (#194)
* Mainnet checkpoint 86535, testnet 3591, 4166
* Bump version number
* Add print_sr for getting staking requirement (#198)
* Misc bugfixes (#203)
* removed unnecessary cast to double during txfee+coinbase calculation
* simplewallet: increased autostaking interval from 2 minutes to 40
* Fix casting issues from uint to int (#204)
* core_tests: check service node registration and expiration (#195)
* core_tests: check service node registration and deregistration
* core_tests for service nodes:
- include service nodes rewards when calculating account's balance
- check that service nodes rewards have been received
* fixed namespace error; reduced the scope of staking requirement constants
* On blockchain inc/dec mark deregisters relayble based on age (#201)
* Service nodes restore only 1 rollback bug (#206)
* Fix restore 1 rollback event, ensure prevent rollback is always added
* Remove adding prevent_rollback event at init
It gets called in on block added generic anyway.
* Log db exception, fix relation operators for vote/deregister lifetime (#207)
* Filter relayable deregisters w/ check_tx_inputs instead of blockchain callbacks
* Bump version to 0.3.7-beta
* fix build with GCC 8.1.0 (#211)
* Add temp hardfork rule in testnet for deregister lifetimes (#210)
* Update testnet, remove testnet forks, remove checkpoints, update blockheight estimate (#212)
* Don't ban peers for a bad vote, just drop their connection (#213)
* Update to version 0.3.0 release candidate (#215)
* Fix restore 1 rollback event, ensure prevent rollback is always added
* Remove adding prevent_rollback event at init
It gets called in on block added generic anyway.
* core_tests: check service node registration and deregistration
* core_tests for service nodes:
- include service nodes rewards when calculating account's balance
- check that service nodes rewards have been received
* fixed namespace error; reduced the scope of staking requirement constants
This reverts commit c4988f5a1f.
This un-reverts the changes to store the service node info in the
database. This could easily just be its own commit instead of a
revert, but doing a revert is amusing (and easier in this case).
* Add get_service_node_list_state command for analytics
* Update service_node_list_state to search particular pubkey
* Service node list state sorts display results by longest waiting
* Fix up leftover todos/unused data structures
* Change get_service_node_list_state to print_sn
Add new interactive daemon command "prepare_registration" that saves the registration parameters to a file.
Changes to interactive prompt + put contribution<25% last
clean up
changed everything to portions
added check for --service-node flag
* add per-output unlock time field to transaction class
* get output unlock time (and relevant const fixes)
* move output unlocked check to separate function
* tx unlocked -> output unlocked in Blockchain
* per output unlock in tx creation; needs fork rules and testing
* per output unlock in tx prefix so it is signed...
also fix a couple typos/goofs
* wallet: check if using per output unlock time
* add rules.h and rules.cpp. git woopsie.
* update test for BlockchainDB changes
* Change tx v3 deregister to be a bool in tx header
* service_node_list: handle per output unlock times in contribution txs
* transaction: added verification of unlock_times.size()
* Retrieve quorum list from height, reviewed
* Setup data structures for de/register TX
* Submit and validate partial/full deregisters
* Add P2P relaying of partial deregistration votes
* Code review adjustments for deregistration part 1
- Fix check_tx_semantic
- Remove signature_pod as votes are now stored as blobs. Serialization
overrides don't intefere with crypto::signature anymore.
* deregistration_vote_pool - changed sign/verify interface and removed repeated code
* Misc review, fix sign/verify api, vote threshold
* Deregister/tx edge case handling for combinatoric votes
* core, service_node_list: separated address from service node pubkey
* Retrieve quorum list from height, reviewed
* Setup data structures for de/register TX
* Submit and validate partial/full deregisters
* Add P2P relaying of partial deregistration votes
* Code review adjustments for deregistration part 1
- Fix check_tx_semantic
- Remove signature_pod as votes are now stored as blobs. Serialization
overrides don't intefere with crypto::signature anymore.
* deregistration_vote_pool - changed sign/verify interface and removed repeated code
* Misc review, fix sign/verify api, vote threshold
* Deregister/tx edge case handling for combinatoric votes
* Store service node lists for the duration of deregister lifetimes
* Quorum min/max bug, sort node list, fix node to test list
* Change quorum to store acc pub address, fix oob bug
* Code review for expiring votes, acc keys to pub_key, improve err msgs
* Add early out for is_deregistration_tx and protect against quorum changes
* Remove debug code, fix segfault
* Remove irrelevant check for tx v3 in blockchain, fix >= height for pruning quorum states
Incorrect assumption that a transaction can be kept in the chain if it could
eventually become invalid, because if it were the chain would be split and
eventually these transaction would be dropped. But also that we should not
override the pre-existing logic which handles this case anyway.
Doyle
Jason Rhinelander
Doyle
1point21gigabytes
Maxim Shishmarev
Maxim Shishmarev
sachaaaaa
moneromooo-monero
jcktm
Doyle T
Thomas Winget
sachaaaaa