-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add base merge p2p spec #2531
add base merge p2p spec #2531
Conversation
specs/merge/p2p-interface.md
Outdated
|
||
##### `beacon_block` | ||
|
||
The existing specification for this topic does not change from prior upgrades, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we can introduce additional gossip topic validation steps, to filter bad execution-payloads, without requiring any execution-layer storage:
- [reject] Check
gas_used <= gas_limit
- [reject] Check
gas_limit <= GAS_SANITY_LIMIT
- [reject]
timestamp != genesis_time + slot * SECONDS_PER_SLOT
- [reject]
block_hash != parent_hash
- [reject] Check transactions data size
And if we want to track the execution chain history (or maybe just a cache of the latest hashes and numbers?)
- [ignore] Check
parent_hash
is known - [reject] Check
block_number == previous_block_number + 1
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yeah, good call. also checking what other low-cost validations geth does today
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The current devp2p gossip validations can be found here -- https://github.com/ethereum/devp2p/blob/master/caps/eth.md#block-encoding-and-validity
All cheap checks should be replicated here as much as is possible. Ideally, we do not have to add a validateHeader
call to the execution-engine. I would argue it's even okay for a "cheap" condition or two to be dropped if it is too difficult for the consensus layer to validate. The proposer signature (like the proof of work) is the most important initial validation. All others are nice-to-have
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Check parent_hash is known
comes trivially from knowing and fully processing the beacon_block
parent. Will keep that embedded in that validation.
[reject] Check block_number == previous_block_number + 1
going to avoid adding state/cache here for now
We should consider rebasing the Merge spec with London as well as with Altair to incorporate new checks introduced in London into state transition and p2p interface.
To get this done properly clients would need to check if the payload refers to a terminal PoW block which might be too heavy to be included in a block gossip checks.
Clients won't be able to fully check the block format without a corresponding request to the execution-layer, this external dependency might hinder fast block propagation. Another potential argument against introducing such a request would be the willingness of supplanting the existing format of execution block with the one that is beacon chain friendly in the future which would allow more checks on the consensus-layer side. Also, receiving malformed block with correct proposer's signature looks more like a result of software bug rather than DoS attempt and proposer will eventually be punished by not receiving proposer's reward for it. I think we should aim for as many checks as we can do with the data that is accessible to consensus-layer without introduction of external dependency. Some of the checks are meaningful only if |
A thought. Looks like parent beacon block is available to the block gossip validator and instead of |
absolutely agreed! Let's handle this in a separate PR to ease review
Right because it is wrt total_difficultly which would require a call to the execution-engine
By default, I agree. Most checks beyond the PoW (or proposer signature) are "nice to have" in a sense. Let's do a full evaluation of https://github.com/ethereum/devp2p/blob/master/caps/eth.md#block-encoding-and-validity and make a call on the right balance Conditional on parent execution_payload seems reasonable to me |
@mkalinin It's actually more expected for the client to have |
@protolambda @mkalinin I added some of the simple execution payload validations (conditional upon merge status and execution payload status) that proto suggested, and deferred anything that was stateful or required too much logic from the execution-layer directly. We can debate/discuss more beyond this initial PR ready for final review |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me! 👍
I don't see value in checking that block_hash
doesn't equal to parent_hash
.
the only reason is it's trivial to check so "why not" leaving in for now. we can debate in another context. certainly not critical either way |
[wait for #2530 to integrate merge p2p into slightly modified build process]
todo: