Updated follower state to stop checking orphan blocks

Author: durkmurder

engine/common/follower/core.go

@@ -18,7 +18,6 @@ import (
 	"github.com/onflow/flow-go/module/component"
 	"github.com/onflow/flow-go/module/irrecoverable"
 	"github.com/onflow/flow-go/module/trace"
-	"github.com/onflow/flow-go/state"
 	"github.com/onflow/flow-go/state/protocol"
 )
 
@@ -121,7 +120,7 @@ func NewCore(log zerolog.Logger,
 // Effectively, this function validates incoming batch, adds it to cache of pending blocks and possibly schedules blocks for further
 // processing if they were certified.
 // This function is safe to use in concurrent environment.
-// Caution: this function might block if internally too many certified blocks are queued in the channel `certifiedBlocksChan`. 
+// Caution: this function might block if internally too many certified blocks are queued in the channel `certifiedBlocksChan`.
 // Expected errors during normal operations:
 //   - ErrDisconnectedBatch
 func (c *Core) OnBlockRange(originID flow.Identifier, batch []*flow.Block) error {
@@ -147,16 +146,16 @@ func (c *Core) OnBlockRange(originID flow.Identifier, batch []*flow.Block) error
 
 	if c.pendingCache.Peek(hotstuffProposal.Block.BlockID) == nil {
 		log.Debug().Msg("block not found in cache, performing validation")
-		// Caution: we are _not_ verifying the proposal's full validity here. Instead, we need to check 
-		// the following two critical properties: 
-		// 1. The block has been signed by the legitimate primary for the view. This is important in case 
-		//    there are multiple blocks for the view. We need to differentiate the following byzantine cases: 
+		// Caution: we are _not_ verifying the proposal's full validity here. Instead, we need to check
+		// the following two critical properties:
+		// 1. The block has been signed by the legitimate primary for the view. This is important in case
+		//    there are multiple blocks for the view. We need to differentiate the following byzantine cases:
 		//     (i) Some other consensus node that is _not_ primary is trying to publish a block.
 		//         This would result in the validation below failing with and `InvalidBlockError`.
 		//    (ii) The legitimate primary for the view is equivocating. In this case, the validity check
-		//         below would pass. Though, the `PendingTree` would eventually notice this, when we connect 
-		//         the equivocating blocks to the latest finalized block.  
-		// 2. The QC within the block is valid. A valid QC proves validity of all ancestors. 
+		//         below would pass. Though, the `PendingTree` would eventually notice this, when we connect
+		//         the equivocating blocks to the latest finalized block.
+		// 2. The QC within the block is valid. A valid QC proves validity of all ancestors.
 		err := c.validator.ValidateProposal(hotstuffProposal)
 		if err != nil {
 			if model.IsInvalidBlockError(err) {
@@ -233,8 +232,8 @@ func (c *Core) processCoreSeqEvents(ctx irrecoverable.SignalerContext, ready com
 // OnFinalizedBlock updates local state of pendingCache tree using received finalized block and queues finalized block
 // to be processed by internal goroutine.
 // This function is safe to use in concurrent environment.
-// CAUTION: this function blocks and is therefore not compliant with the `FinalizationConsumer.OnFinalizedBlock` 
-// interface. This function should only be executed within the a worker routine.  
+// CAUTION: this function blocks and is therefore not compliant with the `FinalizationConsumer.OnFinalizedBlock`
+// interface. This function should only be executed within the a worker routine.
 func (c *Core) OnFinalizedBlock(final *flow.Header) {
 	c.pendingCache.PruneUpToView(final.View)
 
@@ -278,9 +277,6 @@ func (c *Core) extendCertifiedBlocks(parentCtx context.Context, connectedBlocks
 		err := c.state.ExtendCertified(ctx, certifiedBlock.Block, certifiedBlock.QC)
 		span.End()
 		if err != nil {
-			if state.IsOutdatedExtensionError(err) {
-				continue
-			}
 			return fmt.Errorf("could not extend protocol state with certified block: %w", err)
 		}
 

state/protocol/badger/mutator.go

@@ -110,30 +110,23 @@ func NewFullConsensusState(
 //	candidate.View == certifyingQC.View && candidate.ID() == certifyingQC.BlockID
 //
 // NOTE: this function expects that `certifyingQC` has been validated.
-// Expected errors during normal operations:
-//   - state.OutdatedExtensionError if the candidate block is outdated (e.g. orphaned)
+// No errors are expected during normal operations.
 func (m *FollowerState) ExtendCertified(ctx context.Context, candidate *flow.Block, certifyingQC *flow.QuorumCertificate) error {
 	span, ctx := m.tracer.StartSpanFromContext(ctx, trace.ProtoStateMutatorHeaderExtend)
 	defer span.End()
 
-	// there are no cases where certifyingQC can be nil.
-	if certifyingQC != nil {
-		blockID := candidate.ID()
-		// sanity check if certifyingQC actually certifies candidate block
-		if certifyingQC.View != candidate.Header.View {
-			return fmt.Errorf("qc doesn't certify candidate block, expect %d view, got %d", candidate.Header.View, certifyingQC.View)
-		}
-		if certifyingQC.BlockID != blockID {
-			return fmt.Errorf("qc doesn't certify candidate block, expect %x blockID, got %x", blockID, certifyingQC.BlockID)
-		}
+	blockID := candidate.ID()
+	// sanity check if certifyingQC actually certifies candidate block
+	if certifyingQC.View != candidate.Header.View {
+		return fmt.Errorf("qc doesn't certify candidate block, expect %d view, got %d", candidate.Header.View, certifyingQC.View)
+	}
+	if certifyingQC.BlockID != blockID {
+		return fmt.Errorf("qc doesn't certify candidate block, expect %x blockID, got %x", blockID, certifyingQC.BlockID)
 	}
 
-	// check if the block header is a valid extension of the finalized state
+	// check if the block header is a valid extension of parent block
 	err := m.headerExtend(candidate)
 	if err != nil {
-		if state.IsOutdatedExtensionError(err) {
-			return fmt.Errorf("candidate block is an outdated extension: %w", err)
-		}
 		// since we have a QC for this block, it cannot be an invalid extension
 		return fmt.Errorf("unexpected invalid block (id=%x) with certifying qc (id=%x): %s",
 			candidate.ID(), certifyingQC.ID(), err.Error())
@@ -163,12 +156,21 @@ func (m *ParticipantState) Extend(ctx context.Context, candidate *flow.Block) er
 	span, ctx := m.tracer.StartSpanFromContext(ctx, trace.ProtoStateMutatorExtend)
 	defer span.End()
 
-	// check if the block header is a valid extension of the finalized state
+	// check if the block header is a valid extension of parent block
 	err := m.headerExtend(candidate)
 	if err != nil {
 		return fmt.Errorf("header not compliant with chain state: %w", err)
 	}
 
+	// check if the block header is a valid extension of the finalized state
+	err = m.checkOutdatedExtension(candidate.Header)
+	if err != nil {
+		if state.IsOutdatedExtensionError(err) {
+			return fmt.Errorf("candidate block is an outdated extension: %w", err)
+		}
+		return fmt.Errorf("could not check if block is an outdated extension: %w", err)
+	}
+
 	// check if the guarantees in the payload is a valid extension of the finalized state
 	err = m.guaranteeExtend(ctx, candidate)
 	if err != nil {
@@ -199,7 +201,6 @@ func (m *ParticipantState) Extend(ctx context.Context, candidate *flow.Block) er
 // headerExtend verifies the validity of the block header (excluding verification of the
 // consensus rules). Specifically, we check that the block connects to the last finalized block.
 // Expected errors during normal operations:
-//   - state.OutdatedExtensionError if the candidate block is outdated (e.g. orphaned)
 //   - state.InvalidExtensionError if the candidate block is invalid
 func (m *FollowerState) headerExtend(candidate *flow.Block) error {
 	// FIRST: We do some initial cheap sanity checks, like checking the payload
@@ -240,13 +241,17 @@ func (m *FollowerState) headerExtend(candidate *flow.Block) error {
 		return fmt.Errorf("validating block's time stamp failed with unexpected error: %w", err)
 	}
 
-	// THIRD: Once we have established the block is valid within itself, and the
-	// block is valid in relation to its parent, we can check whether it is
-	// valid in the context of the entire state. For this, the block needs to
-	// directly connect, through its ancestors, to the last finalized block.
+	return nil
+}
 
+// checkOutdatedExtension checks whether candidate block is
+// valid in the context of the entire state. For this, the block needs to
+// directly connect, through its ancestors, to the last finalized block.
+// Expected errors during normal operations:
+//   - state.OutdatedExtensionError if the candidate block is outdated (e.g. orphaned)
+func (m *ParticipantState) checkOutdatedExtension(header *flow.Header) error {
 	var finalizedHeight uint64
-	err = m.db.View(operation.RetrieveFinalizedHeight(&finalizedHeight))
+	err := m.db.View(operation.RetrieveFinalizedHeight(&finalizedHeight))
 	if err != nil {
 		return fmt.Errorf("could not retrieve finalized height: %w", err)
 	}
@@ -276,7 +281,6 @@ func (m *FollowerState) headerExtend(candidate *flow.Block) error {
 		}
 		ancestorID = ancestor.ParentID
 	}
-
 	return nil
 }
 

state/protocol/badger/mutator_test.go

@@ -1940,16 +1940,17 @@ func TestExtendBlockProcessable(t *testing.T) {
 	})
 }
 
-func TestHeaderExtendBlockNotConnected(t *testing.T) {
+// TestFollowerHeaderExtendBlockNotConnected tests adding orphan block to the finalized state
+// add 2 blocks, where:
+// first block is added and then finalized;
+// second block is a sibling to the finalized block
+// The Follower should accept this block since tracking of orphan blocks is implemented by another component.
+func TestFollowerHeaderExtendBlockNotConnected(t *testing.T) {
 	rootSnapshot := unittest.RootSnapshotFixture(participants)
 	util.RunWithFollowerProtocolState(t, rootSnapshot, func(db *badger.DB, state *protocol.FollowerState) {
 		head, err := rootSnapshot.Head()
 		require.NoError(t, err)
 
-		// add 2 blocks, where:
-		// first block is added and then finalized;
-		// second block is a sibling to the finalized block
-		// The Follower should reject this block as an outdated chain extension
 		block1 := unittest.BlockWithParentFixture(head)
 		err = state.ExtendCertified(context.Background(), block1, unittest.CertifyBlock(block1.Header))
 		require.NoError(t, err)
@@ -1960,6 +1961,36 @@ func TestHeaderExtendBlockNotConnected(t *testing.T) {
 		// create a fork at view/height 1 and try to connect it to root
 		block2 := unittest.BlockWithParentFixture(head)
 		err = state.ExtendCertified(context.Background(), block2, unittest.CertifyBlock(block2.Header))
+		require.NoError(t, err)
+
+		// verify seal not indexed
+		var sealID flow.Identifier
+		err = db.View(operation.LookupLatestSealAtBlock(block2.ID(), &sealID))
+		require.NoError(t, err)
+	})
+}
+
+// TestParticipantHeaderExtendBlockNotConnected tests adding orphan block to the finalized state
+// add 2 blocks, where:
+// first block is added and then finalized;
+// second block is a sibling to the finalized block
+// The Participant should reject this block as an outdated chain extension
+func TestParticipantHeaderExtendBlockNotConnected(t *testing.T) {
+	rootSnapshot := unittest.RootSnapshotFixture(participants)
+	util.RunWithFullProtocolState(t, rootSnapshot, func(db *badger.DB, state *protocol.ParticipantState) {
+		head, err := rootSnapshot.Head()
+		require.NoError(t, err)
+
+		block1 := unittest.BlockWithParentFixture(head)
+		err = state.Extend(context.Background(), block1)
+		require.NoError(t, err)
+
+		err = state.Finalize(context.Background(), block1.ID())
+		require.NoError(t, err)
+
+		// create a fork at view/height 1 and try to connect it to root
+		block2 := unittest.BlockWithParentFixture(head)
+		err = state.Extend(context.Background(), block2)
 		require.True(t, st.IsOutdatedExtensionError(err), err)
 
 		// verify seal not indexed

state/protocol/state.go

@@ -51,8 +51,7 @@ type FollowerState interface {
 	// has been certified, and it's safe to add it to the protocol state.
 	// QC cannot be nil and must certify candidate block (candidate.View == qc.View && candidate.BlockID == qc.BlockID)
 	// The `candidate` block and its QC _must be valid_ (otherwise, the state will be corrupted).
-	// Expected errors during normal operations:
-	//  * state.OutdatedExtensionError if the candidate block is outdated (e.g. orphaned)
+	// No errors are expected during normal operations.
 	ExtendCertified(ctx context.Context, candidate *flow.Block, qc *flow.QuorumCertificate) error
 
 	// Finalize finalizes the block with the given hash.