Skip to content

refactor: enforce sequencer blob invariants, simplify conductor #576

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
SuperFluffy merged 2 commits into from
Nov 21, 2023
Merged

refactor: enforce sequencer blob invariants, simplify conductor #576

SuperFluffy merged 2 commits into from
Nov 21, 2023

Conversation

@SuperFluffy
Copy link
Contributor

@SuperFluffy SuperFluffy commented Nov 10, 2023
edited
Loading

Summary

Enforce invariants when constructing sequencer blobs.

Background

The sequencer blob type SequencerNamespaceData that was written to and read from celestia was treated as a dumb container, delegating consistency checks to downstream users (for example, to the block_verifier module in astria-conductor). In the spirit of making invalid states unrepresentable, this patch introdues a RawSequencerNamespaceData as the dumb (de)serialization container, from which a verified SequencerNamespaceData can be built. In particular, the following invariants are upheld at construction, rejecting a conversion otherwise (SMD stands for SequencerNamespaceData and SMD.field refers to the field of the same):

  1. SMD.header.data_hash must be set
  2. SMD.block_hash must match the result of SMD.header.hash()
  3. SMD.action_tree_root and SMD.action_tree_root_inclusion_proof must verify against SMD.data_hash
  4. The Merkle tree hash built from SMD.rollup_chain_ids must match SMD.chain_ids_commitment
  5. The SMD.chain_ids_commitment and SMD.chain_ids_commitment_proof must verifiy against SMD.data_hash

With these changes conductor's BlockVerifier can be simplified significantly and is now only responsible for checking the validity of a given sequencer blob against the remote sequencer.

Changes

  • Introduce RawSequencerNamespaceData type
  • Make all SequencerNamespaceData fields private, add read-only getters
  • Change SequencerNamespaceData serialization to be in terms of the Raw* type
  • Enforce sequencer blob invariants by introducing SequencerNamespaceData::try_from_raw as the only fallible constructor
  • Add a SMD::data_hash getter for convenience which panics if the invariants are violated
  • Streamline BlockVerifier by removing all checks that now happen during SequencerNamespaceData construction

Testing

How are these changes tested?

Related Issues

This is done as part of #356

Blocked on #554 being merged

@github-actions github-actions bot added conductor pertaining to the astria-conductor crate sequencer pertaining to the astria-sequencer crate sequencer-relayer pertaining to the astria-sequencer-relayer crate labels Nov 10, 2023
@SuperFluffy SuperFluffy changed the base branch from main to superfluffy/flat-merkle November 10, 2023 11:04
@github-actions github-actions bot removed sequencer pertaining to the astria-sequencer crate sequencer-relayer pertaining to the astria-sequencer-relayer crate labels Nov 10, 2023
@SuperFluffy SuperFluffy added sequencer pertaining to the astria-sequencer crate sequencer-relayer pertaining to the astria-sequencer-relayer crate blocked blocked on another PR, dependency, or missing feature labels Nov 10, 2023
@github-actions github-actions bot removed sequencer pertaining to the astria-sequencer crate sequencer-relayer pertaining to the astria-sequencer-relayer crate labels Nov 10, 2023
@SuperFluffy SuperFluffy marked this pull request as ready for review November 10, 2023 13:30
@SuperFluffy SuperFluffy requested a review from a team November 10, 2023 13:31
SuperFluffy
SuperFluffy commented Nov 10, 2023
View reviewed changes
crates/astria-sequencer-types/src/sequencer_block_data.rs
return Err(Error::ChainIdsCommitmentVerification);
}

// genesis and height 1 do not have a last commit
Copy link
Contributor Author

@SuperFluffy SuperFluffy Nov 10, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a remnant of the last_commit being part of the blocks, which was removed in PR #560. CC @noot for visibility

SuperFluffy
SuperFluffy commented Nov 10, 2023
View reviewed changes
crates/astria-sequencer-types/src/sequencer_block_data.rs
return Err(Error::ActionTreeRootVerification);
}

let chain_ids_commitment_hash = sha2::Sha256::digest(chain_ids_commitment);
Copy link
Contributor Author

@SuperFluffy SuperFluffy Nov 10, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

note: all of this is rolled into assert_chain_ids_are_included because that's used elsewhere.

SuperFluffy
SuperFluffy commented Nov 10, 2023
View reviewed changes
crates/astria-sequencer-types/src/sequencer_block_data.rs
///
/// # Errors
/// Returns one of the variants described in [`ChainIdsVerificationFailure`] as an error.
pub fn assert_chain_ids_are_included<'a, TChainIds: 'a>(
Copy link
Contributor Author

@SuperFluffy SuperFluffy Nov 10, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This function is now also used when constructing SequencerBlockData.

I also noticed that we were not ensuring that the chain ids commitment/root was checked, so it felt natural to also add that here. This essentially extends #548

@SuperFluffy SuperFluffy force-pushed the superfluffy/flat-merkle branch 2 times, most recently from aff5474 to 5796f0e Compare November 17, 2023 10:42
Base automatically changed from superfluffy/flat-merkle to main November 17, 2023 10:55
@github-actions github-actions bot added sequencer pertaining to the astria-sequencer crate sequencer-relayer pertaining to the astria-sequencer-relayer crate labels Nov 17, 2023
@SuperFluffy SuperFluffy force-pushed the superfluffy/invariant-blobspace branch from da8aca0 to 72794ca Compare November 17, 2023 10:59
@github-actions github-actions bot removed sequencer pertaining to the astria-sequencer crate sequencer-relayer pertaining to the astria-sequencer-relayer crate labels Nov 17, 2023
@SuperFluffy SuperFluffy added sequencer pertaining to the astria-sequencer crate sequencer-relayer pertaining to the astria-sequencer-relayer crate and removed blocked blocked on another PR, dependency, or missing feature labels Nov 17, 2023
@SuperFluffy SuperFluffy changed the title feat: enforce sequencer blob invariants, simplify conductor refactor: enforce sequencer blob invariants, simplify conductor Nov 17, 2023
@github-actions github-actions bot removed sequencer pertaining to the astria-sequencer crate sequencer-relayer pertaining to the astria-sequencer-relayer crate labels Nov 17, 2023
@SuperFluffy SuperFluffy mentioned this pull request Nov 17, 2023
Merged
noot
noot reviewed Nov 17, 2023
View reviewed changes
noot
noot reviewed Nov 17, 2023
View reviewed changes
noot
noot reviewed Nov 17, 2023
View reviewed changes
noot
noot reviewed Nov 17, 2023
View reviewed changes
noot
noot reviewed Nov 17, 2023
View reviewed changes
noot
noot reviewed Nov 17, 2023
View reviewed changes
noot
noot approved these changes Nov 17, 2023
View reviewed changes
Copy link
Contributor

@noot noot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good, just a few smaller comments!

@SuperFluffy
refactor: enforce sequencer blob invariants
71c549c 
+ sequencer-types: make data_hash being a valid sha256 hash invariant

+ sequencer-types: provide a utility fn to check chain IDs

+ conductor: simplify block verifier by enforcing sequencer blob invariants
@SuperFluffy SuperFluffy force-pushed the superfluffy/invariant-blobspace branch from dd3b730 to 71c549c Compare November 21, 2023 13:54
@SuperFluffy SuperFluffy merged commit b0a0213 into main Nov 21, 2023
@SuperFluffy SuperFluffy deleted the superfluffy/invariant-blobspace branch November 21, 2023 14:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@joroshiba joroshiba Awaiting requested review from joroshiba joroshiba is a code owner

1 more reviewer

@noot noot noot approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

conductor pertaining to the astria-conductor crate

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@SuperFluffy @noot