Don't retry real MLS validation errors (#1602)

fbac · web-flow · commit 26b388dd736d · 2026-02-05T18:16:45.000+01:00
diff --git a/pkg/indexer/app_chain/contracts/identity_update_storer.go b/pkg/indexer/app_chain/contracts/identity_update_storer.go
@@ -5,6 +5,7 @@ import (
 	"database/sql"
 	"errors"
 	"math"
+	"strings"
 	"time"
 
 	"github.com/ethereum/go-ethereum/common"
@@ -25,7 +26,26 @@ import (
 	"google.golang.org/protobuf/proto"
 )
 
-var (
+const (
+	// https://github.com/xmtp/libxmtp/blob/main/crates/xmtp_id/src/associations/association_log.rs#L10
+	associationErrorGeneric                      = "Error creating association"
+	associationErrorMultipleCreate               = "Multiple create operations detected"
+	associationErrorNotCreated                   = "XID not yet created"
+	associationErrorSignature                    = "Signature validation failed"
+	associationErrorMemberNotAllowed             = "not allowed to add"
+	associationErrorMissingExistingMember        = "Missing existing member"
+	associationErrorLegacySignatureReuse         = "Legacy key is only allowed to be associated using a legacy signature with nonce 0"
+	associationErrorNewMemberIDSignatureMismatch = "The new member identifier does not match the signer"
+	associationErrorWrongInboxID                 = "Wrong inbox_id specified on association"
+	associationErrorSignatureNotAllowed          = "Signature not allowed for role"
+	associationErrorReplay                       = "Replay detected"
+	associationErrorDeserialization              = "Deserialization error"
+	associationErrorMissingIdentityUpdate        = "Missing identity update"
+	associationErrorChainIDMismatch              = "Wrong chain id."
+	associationErrorInvalidAccountAddress        = "Invalid account address: Must be 42 hex characters, starting with '0x'."
+	associationErrorNotIdentifier                = "are not a public identifier"
+	associationErrorConvert                      = "Conversion error"
+
 	ErrAdvisoryLockSequence   = "advisory lock failed"
 	ErrParseIdentityUpdate    = "error parsing identity update"
 	ErrGetLatestSequenceID    = "get latest sequence id failed"
@@ -34,6 +54,26 @@ var (
 	ErrRevokeAddressFromLog   = "revoke address from log failed"
 )
 
+var associationErrorPatterns = []string{
+	associationErrorGeneric,
+	associationErrorMultipleCreate,
+	associationErrorNotCreated,
+	associationErrorSignature,
+	associationErrorMemberNotAllowed,
+	associationErrorMissingExistingMember,
+	associationErrorLegacySignatureReuse,
+	associationErrorNewMemberIDSignatureMismatch,
+	associationErrorWrongInboxID,
+	associationErrorSignatureNotAllowed,
+	associationErrorReplay,
+	associationErrorDeserialization,
+	associationErrorMissingIdentityUpdate,
+	associationErrorChainIDMismatch,
+	associationErrorInvalidAccountAddress,
+	associationErrorNotIdentifier,
+	associationErrorConvert,
+}
+
 type IdentityUpdateStorer struct {
 	contract          *iu.IdentityUpdateBroadcaster
 	db                *sql.DB
@@ -156,6 +196,7 @@ func (s *IdentityUpdateStorer) StoreLog(
 
 			inboxID := utils.HexEncode(msgSent.InboxId[:])
 
+			// TODO: Batch insert address log entries
 			for _, newMember := range associationState.StateDiff.NewMembers {
 				if s.logger.Core().Enabled(zap.DebugLevel) {
 					s.logger.Debug("new member", utils.BodyField(newMember))
@@ -185,6 +226,7 @@ func (s *IdentityUpdateStorer) StoreLog(
 				}
 			}
 
+			// TODO: Batch revoke address log entries
 			for _, removedMember := range associationState.StateDiff.RemovedMembers {
 				if s.logger.Core().Enabled(zap.DebugLevel) {
 					s.logger.Debug("removed member", utils.BodyField(removedMember))
@@ -325,7 +367,14 @@ func (s *IdentityUpdateStorer) validateIdentityUpdate(
 		identityUpdate.IdentityUpdate,
 	)
 	if err != nil {
-		return nil, re.NewRecoverableError(
+		if shouldRetryValidationError(err) {
+			return nil, re.NewRecoverableError(
+				"could not get association state from envelopes",
+				err,
+			)
+		}
+
+		return nil, re.NewNonRecoverableError(
 			"could not get association state from envelopes",
 			err,
 		)
@@ -373,3 +422,17 @@ func buildSignedOriginatorEnvelope(
 		},
 	}, nil
 }
+
+// shouldRetryValidationError returns true if the error is a validation error that should be retried.
+// Note: this approach is fragile as it depends on us creating new error messages for new validation errors.
+// This function should rely on gRPC error codes instead, but it's not possible at the moment.
+// Read https://github.com/xmtp/libxmtp/issues/3130
+func shouldRetryValidationError(err error) bool {
+	errMsg := err.Error()
+	for _, pattern := range associationErrorPatterns {
+		if strings.Contains(errMsg, pattern) {
+			return false
+		}
+	}
+	return true
+}
