Merge branch 'develop' into feat/tenure_boundary_heuristic

Author: rdeioris

clarity/src/vm/contexts.rs

@@ -1639,7 +1639,7 @@ impl<'a, 'hooks> GlobalContext<'a, 'hooks> {
             );
             f(&mut exec_env)
         };
-        self.roll_back().map_err(crate::vm::errors::Error::from)?;
+        self.roll_back()?;
 
         match result {
             Ok(return_value) => Ok(return_value),

stacks-common/src/deps_common/bech32/mod.rs

@@ -168,7 +168,7 @@ impl<'a> Bech32Writer<'a> {
 
     fn polymod_step(&mut self, v: u5) {
         let b = (self.chk >> 25) as u8;
-        self.chk = (self.chk & 0x01ff_ffff) << 5 ^ (u32::from(*v.as_ref()));
+        self.chk = ((self.chk & 0x01ff_ffff) << 5) ^ (u32::from(*v.as_ref()));
 
         for (i, item) in GEN.iter().enumerate() {
             if (b >> i) & 1 == 1 {
@@ -616,7 +616,7 @@ fn polymod(values: &[u5]) -> u32 {
     let mut b: u8;
     for v in values {
         b = (chk >> 25) as u8;
-        chk = (chk & 0x01ff_ffff) << 5 ^ (u32::from(*v.as_ref()));
+        chk = ((chk & 0x01ff_ffff) << 5) ^ (u32::from(*v.as_ref()));
 
         for (i, item) in GEN.iter().enumerate() {
             if (b >> i) & 1 == 1 {

stacks-common/src/util/uint.rs

@@ -733,7 +733,7 @@ mod tests {
     #[test]
     pub fn hex_codec() {
         let init =
-            Uint256::from_u64(0xDEADBEEFDEADBEEF) << 64 | Uint256::from_u64(0x0102030405060708);
+            (Uint256::from_u64(0xDEADBEEFDEADBEEF) << 64) | Uint256::from_u64(0x0102030405060708);
 
         // little-endian representation
         let hex_init = "0807060504030201efbeaddeefbeadde00000000000000000000000000000000";

stacks-signer/CHANGELOG.md

@@ -18,6 +18,7 @@ and this project adheres to the versioning scheme outlined in the [README.md](RE
 - Signers no longer view any block proposal by a miner in their DB as indicative of valid miner activity.
 - Various index improvements to the signer's database to improve performance.
 - Add new reject codes to the signer response for better visibility into why a block was rejected.
+- When allowing a reorg within the `reorg_attempts_activity_timeout_ms`, the signer will now watch the responses from other signers and if >30% of them reject this reorg attempt, then the signer will mark the miner as invalid, reject further attempts to reorg and allow the previous miner to extend their tenure.
 
 ## [3.1.0.0.5.0]
 

stacks-signer/src/chainstate.rs

@@ -220,6 +220,12 @@ impl SortitionsView {
                 "current_sortition_consensus_hash" => ?self.cur_sortition.consensus_hash,
             );
             self.cur_sortition.miner_status = SortitionMinerStatus::InvalidatedBeforeFirstBlock;
+
+            // If the current proposal is also for this current
+            // sortition, then we can return early here.
+            if self.cur_sortition.consensus_hash == block.header.consensus_hash {
+                return Err(RejectReason::InvalidMiner);
+            }
         } else if let Some(tip) = signer_db
             .get_canonical_tip()
             .map_err(SignerChainstateError::from)?
@@ -253,6 +259,12 @@ impl SortitionsView {
                     );
                     self.cur_sortition.miner_status =
                         SortitionMinerStatus::InvalidatedBeforeFirstBlock;
+
+                    // If the current proposal is also for this current
+                    // sortition, then we can return early here.
+                    if self.cur_sortition.consensus_hash == block.header.consensus_hash {
+                        return Err(RejectReason::ReorgNotAllowed);
+                    }
                 }
             }
         }
@@ -498,7 +510,7 @@ impl SortitionsView {
                         0
                     };
                     if Duration::from_secs(proposal_to_sortition)
-                        <= *first_proposal_burn_block_timing
+                        < *first_proposal_burn_block_timing
                     {
                         info!(
                             "Miner is not building off of most recent tenure. A tenure they reorg has already mined blocks, but the block was poorly timed, allowing the reorg.";
@@ -604,7 +616,7 @@ impl SortitionsView {
                     "proposed_chain_length" => block.header.chain_length,
                     "expected_at_least" => info.block.header.chain_length + 1,
                 );
-                if info.signed_group.map_or(true, |signed_time| {
+                if info.signed_group.is_none_or(|signed_time| {
                     signed_time + reorg_attempts_activity_timeout.as_secs() > get_epoch_time_secs()
                 }) {
                     // Note if there is no signed_group time, this is a locally accepted block (i.e. tenure_last_block_proposal_timeout has not been exceeded).

stacks-signer/src/signerdb.rs

@@ -27,6 +27,8 @@ use blockstack_lib::util_lib::db::{
 #[cfg(any(test, feature = "testing"))]
 use blockstack_lib::util_lib::db::{FromColumn, FromRow};
 use clarity::types::chainstate::{BurnchainHeaderHash, StacksAddress};
+use clarity::types::Address;
+use libsigner::v0::messages::{RejectReason, RejectReasonPrefix};
 use libsigner::BlockProposal;
 use rusqlite::functions::FunctionFlags;
 use rusqlite::{
@@ -500,6 +502,11 @@ CREATE TABLE IF NOT EXISTS tenure_activity (
     last_activity_time INTEGER NOT NULL
 ) STRICT;"#;
 
+static ADD_REJECT_CODE: &str = r#"
+ALTER TABLE block_rejection_signer_addrs
+    ADD COLUMN reject_code INTEGER;
+"#;
+
 static SCHEMA_1: &[&str] = &[
     DROP_SCHEMA_0,
     CREATE_DB_CONFIG,
@@ -564,9 +571,14 @@ static SCHEMA_8: &[&str] = &[
     "INSERT INTO db_config (version) VALUES (8);",
 ];
 
+static SCHEMA_9: &[&str] = &[
+    ADD_REJECT_CODE,
+    "INSERT INTO db_config (version) VALUES (9);",
+];
+
 impl SignerDb {
     /// The current schema version used in this build of the signer binary.
-    pub const SCHEMA_VERSION: u32 = 8;
+    pub const SCHEMA_VERSION: u32 = 9;
 
     /// Create a new `SignerState` instance.
     /// This will create a new SQLite database at the given path
@@ -708,6 +720,20 @@ impl SignerDb {
         Ok(())
     }
 
+    /// Migrate from schema 9 to schema 9
+    fn schema_9_migration(tx: &Transaction) -> Result<(), DBError> {
+        if Self::get_schema_version(tx)? >= 9 {
+            // no migration necessary
+            return Ok(());
+        }
+
+        for statement in SCHEMA_9.iter() {
+            tx.execute_batch(statement)?;
+        }
+
+        Ok(())
+    }
+
     /// Register custom scalar functions used by the database
     fn register_scalar_functions(&self) -> Result<(), DBError> {
         // Register helper function for determining if a block is a tenure change transaction
@@ -749,7 +775,8 @@ impl SignerDb {
                 5 => Self::schema_6_migration(&sql_tx)?,
                 6 => Self::schema_7_migration(&sql_tx)?,
                 7 => Self::schema_8_migration(&sql_tx)?,
-                8 => break,
+                8 => Self::schema_9_migration(&sql_tx)?,
+                9 => break,
                 x => return Err(DBError::Other(format!(
                     "Database schema is newer than supported by this binary. Expected version = {}, Database version = {x}",
                     Self::SCHEMA_VERSION,
@@ -1012,27 +1039,58 @@ impl SignerDb {
         &self,
         block_sighash: &Sha512Trunc256Sum,
         addr: &StacksAddress,
+        reject_reason: &RejectReason,
     ) -> Result<(), DBError> {
-        let qry = "INSERT OR REPLACE INTO block_rejection_signer_addrs (signer_signature_hash, signer_addr) VALUES (?1, ?2);";
-        let args = params![block_sighash, addr.to_string(),];
+        let qry = "INSERT OR REPLACE INTO block_rejection_signer_addrs (signer_signature_hash, signer_addr, reject_code) VALUES (?1, ?2, ?3);";
+        let args = params![
+            block_sighash,
+            addr.to_string(),
+            RejectReasonPrefix::from(reject_reason) as i64
+        ];
 
         debug!("Inserting block rejection.";
-                "block_sighash" => %block_sighash,
-                "signer_address" => %addr);
+            "block_sighash" => %block_sighash,
+            "signer_address" => %addr,
+            "reject_reason" => %reject_reason
+        );
 
         self.db.execute(qry, args)?;
         Ok(())
     }
 
-    /// Get all signer addresses that rejected the block
+    /// Get all signer addresses that rejected the block (and their reject codes)
     pub fn get_block_rejection_signer_addrs(
         &self,
         block_sighash: &Sha512Trunc256Sum,
-    ) -> Result<Vec<StacksAddress>, DBError> {
+    ) -> Result<Vec<(StacksAddress, RejectReasonPrefix)>, DBError> {
         let qry =
-            "SELECT signer_addr FROM block_rejection_signer_addrs WHERE signer_signature_hash = ?1";
+            "SELECT signer_addr, reject_code FROM block_rejection_signer_addrs WHERE signer_signature_hash = ?1";
         let args = params![block_sighash];
-        query_rows(&self.db, qry, args)
+        let mut stmt = self.db.prepare(qry)?;
+
+        let rows = stmt.query_map(args, |row| {
+            let addr: String = row.get(0)?;
+            let addr = StacksAddress::from_string(&addr).ok_or(SqliteError::InvalidColumnType(
+                0,
+                "signer_addr".into(),
+                rusqlite::types::Type::Text,
+            ))?;
+            let reject_code: i64 = row.get(1)?;
+
+            let reject_code = u8::try_from(reject_code)
+                .map_err(|_| {
+                    SqliteError::InvalidColumnType(
+                        1,
+                        "reject_code".into(),
+                        rusqlite::types::Type::Integer,
+                    )
+                })
+                .map(RejectReasonPrefix::from)?;
+
+            Ok((addr, reject_code))
+        })?;
+
+        rows.collect::<Result<Vec<_>, _>>().map_err(|e| e.into())
     }
 
     /// Mark a block as having been broadcasted and therefore GloballyAccepted

stacks-signer/src/tests/chainstate.rs

@@ -287,7 +287,7 @@ fn check_proposal_reorg_timing_bad() {
 
 #[test]
 fn check_proposal_reorg_timing_ok() {
-    let result = reorg_timing_testing("reorg_timing_okay", 30, 30);
+    let result = reorg_timing_testing("reorg_timing_okay", 30, 29);
     result.expect("Proposal should validate okay, because the reorg occurred in a block whose proposed time was close to the sortition");
 }