Skip to content

core/txpool: allow tx and authority regardless of admission order #31373

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Apr 10, 2025
Merged

core/txpool: allow tx and authority regardless of admission order #31373

merged 5 commits into from
Apr 10, 2025
+238 −71

Conversation

LuisPH3
Copy link
Contributor

@LuisPH3 LuisPH3 commented Mar 13, 2025

This PR proposes a change to the authorizations' validation introduced in commit cdb66c8. These changes make the expected behavior independent of the order of admission of authorizations, improving the predictability of the resulting state and the usability of the system with it.

The current implementation behavior is dependent on the transaction submission order: This issue is related to authorities and the sender of a transaction, and can be reproduced respecting the normal nonce rules.

The issue can be reproduced by the two following cases:
First case

  • Given an empty pool.
  • Submit transaction { from: B, auths [ A ] }: is accepted.
  • Submit transaction { from: A }: Is accepted: it becomes the one in-flight transaction allowed.

Second case

  • Given an empty pool.
  • Submit transaction { from: A }: is accepted
  • Submit transaction { from: B, auths [ A ] }: is rejected since there is already a queued/pending transaction from A.

The expected behavior is that both sequences of events would lead to the same sets of accepted and rejected transactions.

Proposed changes
The queued/pending transactions issued from any authority of the transaction being validated have to be counted, allowing one transaction from accounts submitting an authorization.

  • Notice that the expected behavior was explicitly forbidden in the case "reject-delegation-from-pending-account", I believe that this behavior conflicts to the definition of the limitation, and it is removed in this PR. The expected behavior is tested in "accept-authorization-from-sender-of-one-inflight-tx".
  • Replacement tests have been separated to improve readability of the acceptance test.
  • The test "allow-more-than-one-tx-from-replaced-authority" has been extended with one extra transaction, since the system would always have accepted one transaction (but not two).
  • The test "accept-one-inflight-tx-of-delegated-account" is extended to clean-up state, avoiding leaking the delegation used into the other tests. Additionally, replacement check is removed to be tested in its own test case.

Expected behavior
The expected behavior of the authorizations' validation shall be as follows:
image
Notice that replacement shall be allowed, and behavior shall remain coherent with the table, according to the replaced transaction.

@LuisPH3 LuisPH3 marked this pull request as ready for review March 13, 2025 08:39
@fjl fjl assigned fjl and lightclient and unassigned fjl Mar 13, 2025
@LuisPH3
Copy link
Contributor Author

LuisPH3 commented Mar 14, 2025

Hi @lightclient. I haven't managed to get CI to run in Image: Visual Studio 2019; Environment: GETH_ARCH=386, GETH_MINGW=C:\msys64\mingw32. I have noticed that other PRs fail in the same step.
How can I solve this issue?

@MariusVanDerWijden
Copy link
Member

@LuisPH3 This is a known timeout/flaky test. We will not block merging PRs on this test not passing

@LuisPH3 LuisPH3 force-pushed the setcode_changes branch 3 times, most recently from 71fc749 to 9d3b06d Compare March 27, 2025 14:12
lightclient
lightclient reviewed Apr 1, 2025
View reviewed changes
Copy link
Member

@lightclient lightclient left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Generally okay with the idea here. It doesn't seem terribly important though since we shouldn't really expect that a user will be sending both a delegation and tx at the same time. Since the change is small though, I don't see a reason to not do it.

Pushed a small change to simplify the logic for counting the in-flight txs.

@rjl493456442
Copy link
Member

My concern is that if we also consider the blobPool, the new rule will become even more complex.

delegation || pending auth:
=> at most one non-blob tx
=> at most one blob tx

at most one non-blob tx && at most one blob tx:
=> accept pending auth

more than one non-blob tx || more than one blob tx:
=> reject pending auth

@fjl fjl removed the status:triage label Apr 8, 2025
@lightclient lightclient changed the title Improve transaction pool validation of SetCode transactions: behavior independent of admission order. core/txpool: allow tx and authority regardless of admission order Apr 8, 2025
lightclient
lightclient reviewed Apr 8, 2025
View reviewed changes
core/txpool/blobpool/blobpool_test.go
Comment on lines +171 to +207
// reserver is a utility struct to sanity check that accounts are
// properly reserved by the blobpool (no duplicate reserves or unreserves).
type reserver struct {
accounts map[common.Address]struct{}
lock sync.RWMutex
}

func newReserver() txpool.Reserver {
return &reserver{accounts: make(map[common.Address]struct{})}
}

func (r *reserver) Hold(addr common.Address) error {
r.lock.Lock()
defer r.lock.Unlock()
if _, exists := r.accounts[addr]; exists {
panic("already reserved")
}
r.accounts[addr] = struct{}{}
return nil
}

func (r *reserver) Release(addr common.Address) error {
r.lock.Lock()
defer r.lock.Unlock()
if _, exists := r.accounts[addr]; !exists {
panic("not reserved")
}
delete(r.accounts, addr)
return nil
}

func (r *reserver) Has(address common.Address) bool {
r.lock.RLock()
defer r.lock.RUnlock()
_, exists := r.accounts[address]
return exists
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In #31373 I removed the test-only reserver and in hindsight I think this is a mistake. It's useful to panic when some assumptions about double holds and double releases fail. Adding it back here.

@lightclient
Copy link
Member

I think this change is small enough that it's okay to include. Allowing tx and authority regardless of order doesn't seem that important too me, but considering the change itself is only around 10 lines of code and the reset is fixing up some tests and me refactoring the Reserver object, it's reasonable.

The blobpool will still require specific order if the user wants to pool both a delegation and a blob tx. I think this is okay since we expect blob users to generally be EOAs managed by rollups.

lightclient
lightclient previously approved these changes Apr 8, 2025
View reviewed changes
@lightclient lightclient merged commit 0c2ad07 into ethereum:master Apr 10, 2025
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jwasinger jwasinger jwasinger left review comments

@lightclient lightclient lightclient approved these changes

@holiman holiman Awaiting requested review from holiman

@rjl493456442 rjl493456442 Awaiting requested review from rjl493456442 rjl493456442 is a code owner

Assignees

@lightclient lightclient

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@LuisPH3 @MariusVanDerWijden @rjl493456442 @lightclient @jwasinger @fjl