Add optional EIP-8025 execution proofs#39
Draft
frisitano wants to merge 25 commits into
Draft
Conversation
…p#9323) Addresses sigp#9232 partially. This PR covers two topics only. * sigp#9232 Wires up networking test vectors for `gossip_proposer_slashing` and `gossip_attester_slashing` topics. The tests also revealed minor spec non-compliance where invalid slashings were ignored rather than rejected. - Refactor `process_gossip_proposer_slashing` and `process_gossip_attester_slashing` to return `MessageAcceptance`, so it can be verified in the tests - Add `GossipValidation` test case, handler, and test entries - Spec compliance fix: distinguish between internal errors and validation error - return `Reject` when the slashing is invalid and only penalise on invalid messages Co-Authored-By: Jimmy Chen <jchen.tc@gmail.com>
N/A A rare single line lint update . Co-Authored-By: Pawan Dhananjay <pawandhananjay@gmail.com>
sigp#9124 Deprecate unneeded pre-Fulu blob features - blob gossip - blob lookup sync - engine getBlobsV1 Also deprecates some tests and cleans up production code paths I think this is blocked until gnosis forks to fulu? Co-Authored-By: Eitan Seri-Levi <eserilev@ucsc.edu> Co-Authored-By: Eitan Seri- Levi <eserilev@gmail.com> Co-Authored-By: dapplion <35266934+dapplion@users.noreply.github.com> Co-Authored-By: Pawan Dhananjay <pawandhananjay@gmail.com> Co-Authored-By: Michael Sproul <michael@sigmaprime.io> Co-Authored-By: Daniel Knopik <daniel@dknopik.de> Co-Authored-By: Michael Sproul <michaelsproul@users.noreply.github.com>
On Glamsterdam devnets we started seeing Lighthouse nodes unable to start with errors like:
> May 26 04:34:01.582 CRIT Failed to start beacon node reason: "Unable to load fork choice from disk: ForkChoiceError(ProtoArrayStringError(\"find_head failed: InvalidBestNode(InvalidBestNodeInfo { current_slot: Slot(23550), start_root: 0x2c70b1641c29ec46360c99f9a8512f077862cbbc603e16f4a423007d210b0c5f, justified_checkpoint: Checkpoint { epoch: Epoch(712), root: 0x2c70b1641c29ec46360c99f9a8512f077862cbbc603e16f4a423007d210b0c5f }, finalized_checkpoint: Checkpoint { epoch: Epoch(710), root: 0xede5e0b09b51bdb5445ade3398e685bd193b845e0b0ffb827f0c3fec8277ea51 }, head_root: 0x2c70b1641c29ec46360c99f9a8512f077862cbbc603e16f4a423007d210b0c5f, head_justified_checkpoint: Checkpoint { epoch: Epoch(710), root: 0xede5e0b09b51bdb5445ade3398e685bd193b845e0b0ffb827f0c3fec8277ea51 }, head_finalized_checkpoint: Checkpoint { epoch: Epoch(709), root: 0xbb243eff616ff362c52b83113e7c536d0a68cb9ca3d6a1cb1055e732219d9736 } })\"))"
This error was the result of an overly-strict sanity check, based on assumptions that are not true under extreme network conditions.
Completely remove the `InvalidBestNode` failure path: it is not compliant with the spec, and is actively harmful when triggered (it prevents Lighthouse from starting at all). The error was reachable in any situation where all leaf nodes of fork choice were ineligible to be the head. The payload invalidation tests show some examples of cases where this would happen, and the [newly-added regression test](9a5df1d) shows a contrived case where it can happen on a Gloas network without _any_ slashings or invalid blocks. There are probably many more cases where it can happen.
We do not lose anything by removing it. The spec's implementation of `get_head` _always_ returns something (unless it crashes), and in these cases it is correct to return the starting node of the traversal: the justified checkpoint block. This is what we now do, and what the new test verifies.
I've also added some facilities to the harness for injecting attestations with fixed `payload_present` fields. @hopinheimer found himself needing something similar when messing with reorg tests, so I think these are probably useful. It might be possible to do without them by juggling the payload reveal timing in just the right way, but I think this approach is just way simpler.
Co-Authored-By: Michael Sproul <michael@sigmaprime.io>
Co-Authored-By: dapplion <35266934+dapplion@users.noreply.github.com>
Co-Authored-By: dapplion <35266934+dapplion@users.noreply.github.com>
This endpoint is needed for buildoor (and eventually our builder client once its implemented) Co-Authored-By: Eitan Seri-Levi <eserilev@ucsc.edu>
- Extends sigp#9126 to cover blob lookup sync Lookup sync is only for unfinalized blocks, which will never contains blobs in any network we support. Co-Authored-By: dapplion <35266934+dapplion@users.noreply.github.com> Co-Authored-By: Eitan Seri-Levi <eserilev@ucsc.edu>
- sigp#9155 remove the trait abstraction for processing block / blobs / columns / payloads As a result we would have to duplicate x3 the big match on `BlockProcessingResult` we currently have in block lookups mod.rs This PR moves the match of `BlockProcessingResult` to `sync_methods` to reduce the diff of sigp#9155. There are some subtle changes that deserve dedicated attention, and may be drowned in the bigger diff of sigp#9155 otherwise: | Unstable | This PR / sigp#9115 | | - | - | | Some error conditions immediately `Drop` the lookup (no retries). For example for "internal" errors like the BeaconChainError | Retries ALL errors 4 times. I believe assuming some errors are internal is risky as dropping a lookup drops all its children potentially forcing the node to resync a lot of blocks because of an internal timeout Co-Authored-By: dapplion <35266934+dapplion@users.noreply.github.com>
- Simplification from sigp#9155 Lookup sync does not cache sidecars, so sending the full network object adds unnecessary complexity. Sync only needs to know: We have received a header that has an unknown parent. Replace `UnknownParentDataColumn` and `UnknownParentPartialDataColumn` for `UnknownParentSidecarHeader` Co-Authored-By: dapplion <35266934+dapplion@users.noreply.github.com> Co-Authored-By: Eitan Seri-Levi <eserilev@gmail.com>
Co-Authored-By: João Oliveira <hello@jxs.pt>
Co-Authored-By: dapplion <35266934+dapplion@users.noreply.github.com>
When debugging ePBS with columns, we noticed that columns arriving before their block dont pass gossip verification checks and are dropped. This PR ensures that columns arriving before the block are sent to the reprocess queue. Once their block arrives, they are reprocessed. This isn't an issue pre-gloas because we don't make block root checks for fulu data columns. This allows us to gossip verify the column and send it to the DA cache before the block arrives. I think we also need to handle this edge case for partial data columns. Theres an existing TODO for that already. Co-Authored-By: Eitan Seri-Levi <eserilev@ucsc.edu>
Co-Authored-By: Jimmy Chen <jchen.tc@gmail.com>
…#9382) Co-Authored-By: dapplion <35266934+dapplion@users.noreply.github.com> Co-Authored-By: Michael Sproul <michael@sigmaprime.io>
N/A Remove unused spec field from AvailableBlock Co-Authored-By: dapplion <35266934+dapplion@users.noreply.github.com>
Co-Authored-By: Eitan Seri-Levi <eserilev@ucsc.edu>
Co-Authored-By: dapplion <35266934+dapplion@users.noreply.github.com> Co-Authored-By: Michael Sproul <michaelsproul@users.noreply.github.com>
Implements EIP-8025 proof types, proof engine integration, proof gossip/RPC, and proof sync over the updated unstable branch.
SszEncoder::container takes the fixed-portion length in bytes (20), not the number of fields (3). The bogus offset made every receiver fail decoding with OffsetIntoFixedPortion(3) and ban the requesting peer, which broke proof sync by-range requests entirely. Add round-trip codec coverage for ExecutionProofsByRange, ExecutionProofsByRoot and ExecutionProofStatus requests. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- Add missing proof_service field to validator HTTP API test Context initializers (check-code, cargo-udeps, debug/release-tests). - Regenerate book/src/help_vc.md for the new proof engine flags (cli-check). - Bump ethereum_ssz to 0.10.4 and ssz_types to 0.14.1 and refresh the proof_engine_zkboost lockfile so consensus/types compiles in the zkboost workspace (zkboost-tests). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- Ignore test_proof_engine_sync: the late-joining verifier cannot reliably discover the proof-capable peer without the reverted peer handling changes; proof-sync peer selection will be reworked separately. - test_proof_verifier_receives_proofs: accept Accepted as a successful verification status. Quorum-based payload promotion is disabled in the test network, so newly verified proofs never surface as Valid; this matches the predicate used by the other tests. - Allow dead code for proof node types and test-only helpers in the simulator so the binary builds under -D warnings. - Fix clippy manual_option_zip in partial_data_column_sidecar (surfaced by newer stable clippy once the compile error was fixed). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
frisitano
force-pushed
the
optional-proofs-unstable
branch
from
78058c9 to
0dd6c3b
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Adds optional EIP-8025 execution proof support on top of the updated unstable branch.
This wires proof types, proof-engine client integration, proof status tracking, execution proof gossip/RPC, HTTP pool submission, and proof catch-up sync. Proof validity remains optional for fork choice: payload validity is not flipped to valid unless normal execution validation succeeds, with proof-backed promotion guarded behind non-default quorum configuration.
Additional Info
Base branch eth-act/unstable was updated to upstream/unstable at dfb2591 before opening this draft.
Validation run locally:
Draft because the migrated simulator proof-engine test crate is not yet present on this branch and the proof-sync design still needs review.