feat: mark a miner as invalid once signers have rejected its reorg attempt

Author: obycode

stacks-signer/CHANGELOG.md

@@ -18,6 +18,7 @@ and this project adheres to the versioning scheme outlined in the [README.md](RE
 - Signers no longer view any block proposal by a miner in their DB as indicative of valid miner activity.
 - Various index improvements to the signer's database to improve performance.
 - Add new reject codes to the signer response for better visibility into why a block was rejected.
+- When allowing a reorg within the `reorg_attempts_activity_timeout_ms`, the signer will now watch the responses from other signers and if >30% of them reject this reorg attempt, then the signer will mark the miner as invalid, reject further attempts to reorg and allowing the previous miner to extend their tenure.
 
 ## [3.1.0.0.5.0]
 

stacks-signer/src/signerdb.rs

@@ -27,6 +27,8 @@ use blockstack_lib::util_lib::db::{
 #[cfg(any(test, feature = "testing"))]
 use blockstack_lib::util_lib::db::{FromColumn, FromRow};
 use clarity::types::chainstate::{BurnchainHeaderHash, StacksAddress};
+use clarity::types::Address;
+use libsigner::v0::messages::{RejectReason, RejectReasonPrefix};
 use libsigner::BlockProposal;
 use rusqlite::functions::FunctionFlags;
 use rusqlite::{
@@ -500,6 +502,11 @@ CREATE TABLE IF NOT EXISTS tenure_activity (
     last_activity_time INTEGER NOT NULL
 ) STRICT;"#;
 
+static ADD_REJECT_CODE: &str = r#"
+ALTER TABLE block_rejection_signer_addrs
+    ADD COLUMN reject_code INTEGER;
+"#;
+
 static SCHEMA_1: &[&str] = &[
     DROP_SCHEMA_0,
     CREATE_DB_CONFIG,
@@ -564,9 +571,14 @@ static SCHEMA_8: &[&str] = &[
     "INSERT INTO db_config (version) VALUES (8);",
 ];
 
+static SCHEMA_9: &[&str] = &[
+    ADD_REJECT_CODE,
+    "INSERT INTO db_config (version) VALUES (9);",
+];
+
 impl SignerDb {
     /// The current schema version used in this build of the signer binary.
-    pub const SCHEMA_VERSION: u32 = 8;
+    pub const SCHEMA_VERSION: u32 = 9;
 
     /// Create a new `SignerState` instance.
     /// This will create a new SQLite database at the given path
@@ -708,6 +720,20 @@ impl SignerDb {
         Ok(())
     }
 
+    /// Migrate from schema 9 to schema 9
+    fn schema_9_migration(tx: &Transaction) -> Result<(), DBError> {
+        if Self::get_schema_version(tx)? >= 9 {
+            // no migration necessary
+            return Ok(());
+        }
+
+        for statement in SCHEMA_9.iter() {
+            tx.execute_batch(statement)?;
+        }
+
+        Ok(())
+    }
+
     /// Register custom scalar functions used by the database
     fn register_scalar_functions(&self) -> Result<(), DBError> {
         // Register helper function for determining if a block is a tenure change transaction
@@ -749,7 +775,8 @@ impl SignerDb {
                 5 => Self::schema_6_migration(&sql_tx)?,
                 6 => Self::schema_7_migration(&sql_tx)?,
                 7 => Self::schema_8_migration(&sql_tx)?,
-                8 => break,
+                8 => Self::schema_9_migration(&sql_tx)?,
+                9 => break,
                 x => return Err(DBError::Other(format!(
                     "Database schema is newer than supported by this binary. Expected version = {}, Database version = {x}",
                     Self::SCHEMA_VERSION,
@@ -998,27 +1025,58 @@ impl SignerDb {
         &self,
         block_sighash: &Sha512Trunc256Sum,
         addr: &StacksAddress,
+        reject_reason: &RejectReason,
     ) -> Result<(), DBError> {
-        let qry = "INSERT OR REPLACE INTO block_rejection_signer_addrs (signer_signature_hash, signer_addr) VALUES (?1, ?2);";
-        let args = params![block_sighash, addr.to_string(),];
+        let qry = "INSERT OR REPLACE INTO block_rejection_signer_addrs (signer_signature_hash, signer_addr, reject_code) VALUES (?1, ?2, ?3);";
+        let args = params![
+            block_sighash,
+            addr.to_string(),
+            RejectReasonPrefix::from(reject_reason) as i64
+        ];
 
         debug!("Inserting block rejection.";
-                "block_sighash" => %block_sighash,
-                "signer_address" => %addr);
+            "block_sighash" => %block_sighash,
+            "signer_address" => %addr,
+            "reject_reason" => %reject_reason
+        );
 
         self.db.execute(qry, args)?;
         Ok(())
     }
 
-    /// Get all signer addresses that rejected the block
+    /// Get all signer addresses that rejected the block (and their reject codes)
     pub fn get_block_rejection_signer_addrs(
         &self,
         block_sighash: &Sha512Trunc256Sum,
-    ) -> Result<Vec<StacksAddress>, DBError> {
+    ) -> Result<Vec<(StacksAddress, RejectReasonPrefix)>, DBError> {
         let qry =
-            "SELECT signer_addr FROM block_rejection_signer_addrs WHERE signer_signature_hash = ?1";
+            "SELECT signer_addr, reject_code FROM block_rejection_signer_addrs WHERE signer_signature_hash = ?1";
         let args = params![block_sighash];
-        query_rows(&self.db, qry, args)
+        let mut stmt = self.db.prepare(qry)?;
+
+        let rows = stmt.query_map(args, |row| {
+            let addr: String = row.get(0)?;
+            let addr = StacksAddress::from_string(&addr).ok_or(SqliteError::InvalidColumnType(
+                0,
+                "signer_addr".into(),
+                rusqlite::types::Type::Text,
+            ))?;
+            let reject_code: i64 = row.get(1)?;
+
+            let reject_code = u8::try_from(reject_code)
+                .map_err(|_| {
+                    SqliteError::InvalidColumnType(
+                        1,
+                        "reject_code".into(),
+                        rusqlite::types::Type::Integer,
+                    )
+                })
+                .map(RejectReasonPrefix::from)?;
+
+            Ok((addr, reject_code))
+        })?;
+
+        rows.collect::<Result<Vec<_>, _>>().map_err(|e| e.into())
     }
 
     /// Mark a block as having been broadcasted and therefore GloballyAccepted

stacks-signer/src/v0/signer.rs

@@ -28,7 +28,7 @@ use clarity::util::hash::{MerkleHashFunc, Sha512Trunc256Sum};
 use clarity::util::secp256k1::Secp256k1PublicKey;
 use libsigner::v0::messages::{
     BlockAccepted, BlockRejection, BlockResponse, MessageSlotID, MockProposal, MockSignature,
-    RejectReason, SignerMessage,
+    RejectReason, RejectReasonPrefix, SignerMessage,
 };
 use libsigner::{BlockProposal, SignerEvent};
 use slog::{slog_debug, slog_error, slog_info, slog_warn};
@@ -37,7 +37,7 @@ use stacks_common::util::get_epoch_time_secs;
 use stacks_common::util::secp256k1::MessageSignature;
 use stacks_common::{debug, error, info, warn};
 
-use crate::chainstate::{ProposalEvalConfig, SortitionsView};
+use crate::chainstate::{ProposalEvalConfig, SortitionMinerStatus, SortitionsView};
 use crate::client::{ClientError, SignerSlotID, StackerDB, StacksClient};
 use crate::config::{SignerConfig, SignerConfigMode};
 use crate::runloop::SignerResult;
@@ -165,7 +165,11 @@ impl SignerTrait<SignerMessage> for Signer {
         match event {
             SignerEvent::BlockValidationResponse(block_validate_response) => {
                 debug!("{self}: Received a block proposal result from the stacks node...");
-                self.handle_block_validate_response(stacks_client, block_validate_response)
+                self.handle_block_validate_response(
+                    stacks_client,
+                    block_validate_response,
+                    sortition_state,
+                )
             }
             SignerEvent::SignerMessages(_signer_set, messages) => {
                 debug!(
@@ -177,7 +181,7 @@ impl SignerTrait<SignerMessage> for Signer {
                     let SignerMessage::BlockResponse(block_response) = message else {
                         continue;
                     };
-                    self.handle_block_response(stacks_client, block_response);
+                    self.handle_block_response(stacks_client, block_response, sortition_state);
                 }
             }
             SignerEvent::MinerMessages(messages, miner_pubkey) => {
@@ -618,13 +622,14 @@ impl Signer {
         &mut self,
         stacks_client: &StacksClient,
         block_response: &BlockResponse,
+        sortition_state: &mut Option<SortitionsView>,
     ) {
         match block_response {
             BlockResponse::Accepted(accepted) => {
                 self.handle_block_signature(stacks_client, accepted);
             }
             BlockResponse::Rejected(block_rejection) => {
-                self.handle_block_rejection(block_rejection);
+                self.handle_block_rejection(block_rejection, sortition_state);
             }
         };
     }
@@ -793,6 +798,7 @@ impl Signer {
     fn handle_block_validate_reject(
         &mut self,
         block_validate_reject: &BlockValidateReject,
+        sortition_state: &mut Option<SortitionsView>,
     ) -> Option<BlockResponse> {
         crate::monitoring::actions::increment_block_validation_responses(false);
         let signer_signature_hash = block_validate_reject.signer_signature_hash;
@@ -833,7 +839,7 @@ impl Signer {
         self.signer_db
             .insert_block(&block_info)
             .unwrap_or_else(|e| self.handle_insert_block_error(e));
-        self.handle_block_rejection(&block_rejection);
+        self.handle_block_rejection(&block_rejection, sortition_state);
         Some(BlockResponse::Rejected(block_rejection))
     }
 
@@ -842,6 +848,7 @@ impl Signer {
         &mut self,
         stacks_client: &StacksClient,
         block_validate_response: &BlockValidateResponse,
+        sortition_state: &mut Option<SortitionsView>,
     ) {
         info!("{self}: Received a block validate response: {block_validate_response:?}");
         let block_response = match block_validate_response {
@@ -852,7 +859,7 @@ impl Signer {
                 self.handle_block_validate_ok(stacks_client, block_validate_ok)
             }
             BlockValidateResponse::Reject(block_validate_reject) => {
-                self.handle_block_validate_reject(block_validate_reject)
+                self.handle_block_validate_reject(block_validate_reject, sortition_state)
             }
         };
         // Remove this block validation from the pending table
@@ -994,6 +1001,21 @@ impl Signer {
         })
     }
 
+    /// Compute the rejection weight for the given reject code, given a list of signatures
+    fn compute_reject_code_signing_weight<'a>(
+        &self,
+        addrs: impl Iterator<Item = &'a (StacksAddress, RejectReasonPrefix)>,
+        reject_code: RejectReasonPrefix,
+    ) -> u32 {
+        addrs.filter(|(_, code)| *code == reject_code).fold(
+            0u32,
+            |signing_weight, (stacker_address, _)| {
+                let stacker_weight = self.signer_weights.get(stacker_address).unwrap_or(&0);
+                signing_weight.saturating_add(*stacker_weight)
+            },
+        )
+    }
+
     /// Compute the total signing weight
     fn compute_signature_total_weight(&self) -> u32 {
         self.signer_weights
@@ -1002,7 +1024,11 @@ impl Signer {
     }
 
     /// Handle an observed rejection from another signer
-    fn handle_block_rejection(&mut self, rejection: &BlockRejection) {
+    fn handle_block_rejection(
+        &mut self,
+        rejection: &BlockRejection,
+        sortition_state: &mut Option<SortitionsView>,
+    ) {
         debug!("{self}: Received a block-reject signature: {rejection:?}");
 
         let block_hash = &rejection.signer_signature_hash;
@@ -1045,10 +1071,11 @@ impl Signer {
         }
 
         // signature is valid! store it
-        if let Err(e) = self
-            .signer_db
-            .add_block_rejection_signer_addr(block_hash, &signer_address)
-        {
+        if let Err(e) = self.signer_db.add_block_rejection_signer_addr(
+            block_hash,
+            &signer_address,
+            &rejection.response_data.reject_reason,
+        ) {
             warn!("{self}: Failed to save block rejection signature: {e:?}",);
         }
 
@@ -1061,7 +1088,8 @@ impl Signer {
                 return;
             }
         };
-        let total_reject_weight = self.compute_signature_signing_weight(rejection_addrs.iter());
+        let total_reject_weight =
+            self.compute_signature_signing_weight(rejection_addrs.iter().map(|(addr, _)| addr));
         let total_weight = self.compute_signature_total_weight();
 
         let min_weight = NakamotoBlockHeader::compute_voting_weight_threshold(total_weight)
@@ -1089,6 +1117,24 @@ impl Signer {
             // Consensus reached! No longer bother tracking its validation submission to the node as we are too late to participate in the decision anyway.
             self.submitted_block_proposal = None;
         }
+
+        // If 30% of the signers have rejected the block due to an invalid
+        // reorg, mark the miner as invalid.
+        let total_reorg_reject_weight = self.compute_reject_code_signing_weight(
+            rejection_addrs.iter(),
+            RejectReasonPrefix::ReorgNotAllowed,
+        );
+        if total_reorg_reject_weight.saturating_add(min_weight) > total_weight {
+            // Mark the miner as invalid
+            if let Some(sortition_state) = sortition_state {
+                let ch = block_info.block.header.consensus_hash;
+                if sortition_state.cur_sortition.consensus_hash == ch {
+                    info!("{self}: Marking miner as invalid for attempted reorg");
+                    sortition_state.cur_sortition.miner_status =
+                        SortitionMinerStatus::InvalidatedBeforeFirstBlock;
+                }
+            }
+        }
     }
 
     /// Handle an observed signature from another signer