Change Lotus Miner Participation API to avoid equivocations #599
Comments
rjan90
added this to the Milestone 2: Harderning and Mainnet Deployment Readiness milestone
|
Discussed: change the paticipation API to be per-instance, and both lotus and miner code should remember that leases were givinen out. |
masih
added a commit
that referenced
this issue
Sep 26, 2024
The host implementation needs to know the progress of the current instance for certificate storage and catch up purposes. As a result the current instance must be safe to read from multiple goroutines. This was achieved by a dedicated mutex that synchronised all access to the current instanceID. Separately, validation logic requires to know how far the current instance has progressed in order to effectively validate incoming messages. The changes here simplify the locking by unifying the logic for checking the progress of an instance: both validator and host can now get the latest progress from the participant that is safe for concurrent use. This is achieved by moving the progress observer mechanism out of validator and into the participant, while introducing the concept of `gpbft.Progress` a function that returns the current instance, round and phase. As part of this change, Lotus integration can now get the current round and phase as well as current instance, which is useful for self equivocation checking as well as debugging purposes. Fixes #658 Relates to #599
github-merge-queue bot
pushed a commit
that referenced
this issue
Sep 27, 2024
The host implementation needs to know the progress of the current instance for certificate storage and catch up purposes. As a result the current instance must be safe to read from multiple goroutines. This was achieved by a dedicated mutex that synchronised all access to the current instanceID. Separately, validation logic requires to know how far the current instance has progressed in order to effectively validate incoming messages. The changes here simplify the locking by unifying the logic for checking the progress of an instance: both validator and host can now get the latest progress from the participant that is safe for concurrent use. This is achieved by moving the progress observer mechanism out of validator and into the participant, while introducing the concept of `gpbft.Progress` a function that returns the current instance, round and phase. As part of this change, Lotus integration can now get the current round and phase as well as current instance, which is useful for self equivocation checking as well as debugging purposes. Fixes #658 Relates to #599
masih
added a commit
that referenced
this issue
Sep 30, 2024
The root F3 instance holds reference to the `gpbftRunner`, not `gpbftHost`. To allow access to current progress from Lotus, move the `Progress` implementation to runner and expose at root `F3` type. Part of #599
masih
added a commit
to filecoin-project/lotus
that referenced
this issue
Sep 30, 2024
Implemented enhanced token-based participation system for F3 consensus in `F3Participate`. This update introduces a new design where participation tokens grant a temporary lease, allowing storage providers to sign as part of the F3 consensus mechanism. This design ensures that tokens are checked for validity and issuer alignment, handling errors robustly. If there's an issuer mismatch, the system advises miners to retry with the existing token. If the token is invalid or expired, miners are directed to obtain a new token via `F3GetParticipationToken`. Fixes filecoin-project/go-f3#599
8 tasks
masih
added a commit
to filecoin-project/lotus
that referenced
this issue
Sep 30, 2024
Implemented enhanced token-based participation system for F3 consensus in `F3Participate`. This update introduces a new design where participation tokens grant a temporary lease, allowing storage providers to sign as part of the F3 consensus mechanism. This design ensures that tokens are checked for validity and issuer alignment, handling errors robustly. If there's an issuer mismatch, the system advises miners to retry with the existing token. If the token is invalid or expired, miners are directed to obtain a new token via `F3GetParticipationToken`. Fixes filecoin-project/go-f3#599
masih
added a commit
to filecoin-project/lotus
that referenced
this issue
Sep 30, 2024
Implemented enhanced token-based participation system for F3 consensus in `F3Participate`. This update introduces a new design where participation tokens grant a temporary lease, allowing storage providers to sign as part of the F3 consensus mechanism. This design ensures that tokens are checked for validity and issuer alignment, handling errors robustly. If there's an issuer mismatch, the system advises miners to retry with the existing token. If the token is invalid or expired, miners are directed to obtain a new token via `F3GetParticipationToken`. Fixes filecoin-project/go-f3#599
masih
added a commit
to filecoin-project/lotus
that referenced
this issue
Sep 30, 2024
Implemented enhanced token-based participation system for F3 consensus in `F3Participate`. This update introduces a new design where participation tokens grant a temporary lease, allowing storage providers to sign as part of the F3 consensus mechanism. This design ensures that tokens are checked for validity and issuer alignment, handling errors robustly. If there's an issuer mismatch, the system advises miners to retry with the existing token. If the token is invalid or expired, miners are directed to obtain a new token via `F3GetParticipationToken`. Fixes filecoin-project/go-f3#599
masih
added a commit
to filecoin-project/lotus
that referenced
this issue
Oct 1, 2024
Implemented enhanced token-based participation system for F3 consensus in `F3Participate`. This update introduces a new design where participation tokens grant a temporary lease, allowing storage providers to sign as part of the F3 consensus mechanism. This design ensures that tokens are checked for validity and issuer alignment, handling errors robustly. If there's an issuer mismatch, the system advises miners to retry with the existing token. If the token is invalid or expired, miners are directed to obtain a new token via `F3GetParticipationToken`. Fixes filecoin-project/go-f3#599
masih
added a commit
to filecoin-project/lotus
that referenced
this issue
Oct 1, 2024
Implemented enhanced token-based participation system for F3 consensus in `F3Participate`. This update introduces a new design where participation tokens grant a temporary lease, allowing storage providers to sign as part of the F3 consensus mechanism. This design ensures that tokens are checked for validity and issuer alignment, handling errors robustly. If there's an issuer mismatch, the system advises miners to retry with the existing token. If the token is invalid or expired, miners are directed to obtain a new token via `F3GetParticipationToken`. Fixes filecoin-project/go-f3#599
masih
added a commit
to filecoin-project/lotus
that referenced
this issue
Oct 1, 2024
Implemented enhanced token-based participation system for F3 consensus in `F3Participate`. This update introduces a new design where participation tokens grant a temporary lease, allowing storage providers to sign as part of the F3 consensus mechanism. This design ensures that tokens are checked for validity and issuer alignment, handling errors robustly. If there's an issuer mismatch, the system advises miners to retry with the existing token. If the token is invalid or expired, miners are directed to obtain a new token via `F3GetParticipationToken`. Fixes filecoin-project/go-f3#599
masih
added a commit
to filecoin-project/lotus
that referenced
this issue
Oct 1, 2024
Implemented enhanced token-based participation system for F3 consensus in `F3Participate`. This update introduces a new design where participation tokens grant a temporary lease, allowing storage providers to sign as part of the F3 consensus mechanism. This design ensures that tokens are checked for validity and issuer alignment, handling errors robustly. If there's an issuer mismatch, the system advises miners to retry with the existing token. If the token is invalid or expired, miners are directed to obtain a new token via `F3GetParticipationToken`. Fixes filecoin-project/go-f3#599
masih
added a commit
to filecoin-project/lotus
that referenced
this issue
Oct 1, 2024
Implemented enhanced token-based participation system for F3 consensus in `F3Participate`. This update introduces a new design where participation tokens grant a temporary lease, allowing storage providers to sign as part of the F3 consensus mechanism. This design ensures that tokens are checked for validity and issuer alignment, handling errors robustly. If there's an issuer mismatch, the system advises miners to retry with the existing token. If the token is invalid or expired, miners are directed to obtain a new token via `F3GetParticipationToken`. Fixes filecoin-project/go-f3#599
masih
added a commit
that referenced
this issue
Oct 1, 2024
The root F3 instance holds reference to the `gpbftRunner`, not `gpbftHost`. To allow access to current progress from Lotus, move the `Progress` implementation to runner and expose at root `F3` type. Part of #599
masih
added a commit
that referenced
this issue
Oct 1, 2024
The root F3 instance holds reference to the `gpbftRunner`, not `gpbftHost`. To allow access to current progress from Lotus, move the `Progress` implementation to runner and expose at root `F3` type. Part of #599
masih
added a commit
to filecoin-project/lotus
that referenced
this issue
Oct 1, 2024
Implemented enhanced token-based participation system for F3 consensus in `F3Participate`. This update introduces a new design where participation tokens grant a temporary lease, allowing storage providers to sign as part of the F3 consensus mechanism. This design ensures that tokens are checked for validity and issuer alignment, handling errors robustly. If there's an issuer mismatch, the system advises miners to retry with the existing token. If the token is invalid or expired, miners are directed to obtain a new token via `F3GetParticipationToken`. Fixes filecoin-project/go-f3#599
github-merge-queue bot
pushed a commit
that referenced
this issue
Oct 1, 2024
The root F3 instance holds reference to the `gpbftRunner`, not `gpbftHost`. To allow access to current progress from Lotus, move the `Progress` implementation to runner and expose at root `F3` type. Part of #599
masih
added a commit
to filecoin-project/lotus
that referenced
this issue
Oct 2, 2024
Implemented enhanced ticket-based participation system for F3 consensus in `F3Participate`. This update introduces a new design where participation tickets grant a temporary lease, allowing storage providers to sign as part of the F3 consensus mechanism. This design ensures that tickets are checked for validity and issuer alignment, handling errors robustly. If there's an issuer mismatch, the system advises miners to retry with the existing ticket. If the ticket is invalid or expired, miners are directed to obtain a new ticket via `F3GetOrRenewParticipationTicket`. Fixes filecoin-project/go-f3#599
masih
added a commit
to filecoin-project/lotus
that referenced
this issue
Oct 2, 2024
Implemented enhanced ticket-based participation system for F3 consensus in `F3Participate`. This update introduces a new design where participation tickets grant a temporary lease, allowing storage providers to sign as part of the F3 consensus mechanism. This design ensures that tickets are checked for validity and issuer alignment, handling errors robustly. If there's an issuer mismatch, the system advises miners to retry with the existing ticket. If the ticket is invalid or expired, miners are directed to obtain a new ticket via `F3GetOrRenewParticipationTicket`. Fixes filecoin-project/go-f3#599
masih
added a commit
to filecoin-project/lotus
that referenced
this issue
Oct 2, 2024
Implemented enhanced ticket-based participation system for F3 consensus in `F3Participate`. This update introduces a new design where participation tickets grant a temporary lease, allowing storage providers to sign as part of the F3 consensus mechanism. This design ensures that tickets are checked for validity and issuer alignment, handling errors robustly. If there's an issuer mismatch, the system advises miners to retry with the existing ticket. If the ticket is invalid or expired, miners are directed to obtain a new ticket via `F3GetOrRenewParticipationTicket`. Fixes filecoin-project/go-f3#599
masih
added a commit
to filecoin-project/lotus
that referenced
this issue
Oct 2, 2024
Implemented enhanced ticket-based participation system for F3 consensus in `F3Participate`. This update introduces a new design where participation tickets grant a temporary lease, allowing storage providers to sign as part of the F3 consensus mechanism. This design ensures that tickets are checked for validity and issuer alignment, handling errors robustly. If there's an issuer mismatch, the system advises miners to retry with the existing ticket. If the ticket is invalid or expired, miners are directed to obtain a new ticket via `F3GetOrRenewParticipationTicket`. Fixes filecoin-project/go-f3#599
masih
added a commit
to filecoin-project/lotus
that referenced
this issue
Oct 4, 2024
Implemented enhanced ticket-based participation system for F3 consensus in `F3Participate`. This update introduces a new design where participation tickets grant a temporary lease, allowing storage providers to sign as part of the F3 consensus mechanism. This design ensures that tickets are checked for validity and issuer alignment, handling errors robustly. If there's an issuer mismatch, the system advises miners to retry with the existing ticket. If the ticket is invalid or expired, miners are directed to obtain a new ticket via `F3GetOrRenewParticipationTicket`. Fixes filecoin-project/go-f3#599
masih
added a commit
to filecoin-project/lotus
that referenced
this issue
Oct 4, 2024
Implemented enhanced ticket-based participation system for F3 consensus in `F3Participate`. This update introduces a new design where participation tickets grant a temporary lease, allowing storage providers to sign as part of the F3 consensus mechanism. This design ensures that tickets are checked for validity and issuer alignment, handling errors robustly. If there's an issuer mismatch, the system advises miners to retry with the existing ticket. If the ticket is invalid or expired, miners are directed to obtain a new ticket via `F3GetOrRenewParticipationTicket`. Fixes filecoin-project/go-f3#599
masih
added a commit
to filecoin-project/lotus
that referenced
this issue
Oct 4, 2024
Implemented enhanced ticket-based participation system for F3 consensus in `F3Participate`. This update introduces a new design where participation tickets grant a temporary lease, allowing storage providers to sign as part of the F3 consensus mechanism. This design ensures that tickets are checked for validity and issuer alignment, handling errors robustly. If there's an issuer mismatch, the system advises miners to retry with the existing ticket. If the ticket is invalid or expired, miners are directed to obtain a new ticket via `F3GetOrRenewParticipationTicket`. Fixes filecoin-project/go-f3#599
masih
added a commit
to filecoin-project/lotus
that referenced
this issue
Oct 4, 2024
Implemented enhanced ticket-based participation system for F3 consensus in `F3Participate`. This update introduces a new design where participation tickets grant a temporary lease, allowing storage providers to sign as part of the F3 consensus mechanism. This design ensures that tickets are checked for validity and issuer alignment, handling errors robustly. If there's an issuer mismatch, the system advises miners to retry with the existing ticket. If the ticket is invalid or expired, miners are directed to obtain a new ticket via `F3GetOrRenewParticipationTicket`. Fixes filecoin-project/go-f3#599
Stebalien
pushed a commit
to filecoin-project/lotus
that referenced
this issue
Oct 7, 2024
Implemented enhanced ticket-based participation system for F3 consensus in `F3Participate`. This update introduces a new design where participation tickets grant a temporary lease, allowing storage providers to sign as part of the F3 consensus mechanism. This design ensures that tickets are checked for validity and issuer alignment, handling errors robustly. If there's an issuer mismatch, the system advises miners to retry with the existing ticket. If the ticket is invalid or expired, miners are directed to obtain a new ticket via `F3GetOrRenewParticipationTicket`. Fixes filecoin-project/go-f3#599
rjan90
pushed a commit
to filecoin-project/lotus
that referenced
this issue
Oct 8, 2024
* Implement ticket based F3 participation lease Implemented enhanced ticket-based participation system for F3 consensus in `F3Participate`. This update introduces a new design where participation tickets grant a temporary lease, allowing storage providers to sign as part of the F3 consensus mechanism. This design ensures that tickets are checked for validity and issuer alignment, handling errors robustly. If there's an issuer mismatch, the system advises miners to retry with the existing ticket. If the ticket is invalid or expired, miners are directed to obtain a new ticket via `F3GetOrRenewParticipationTicket`. Fixes filecoin-project/go-f3#599 * Use fresh timer every time for F3 backoffs To avoid potential of deadlock in case f3Participator is used from multiple goroutines use throw-away timers at the price of higher GC. Also use the cancel function in context explicitly in a unified stop hook that awaits the participation to end before exiting. * Strictly require start instance to never decrease Require the start instance of a participation to never decrease if there is an existing lease by the miner. * feat(f3): update go-f3 to 0.7.0 and adapt for changes to the API * feat(f3): Include the network name in the lease That way we don't re-use leases across networks. It's a bit racy (we ask for the manifest before we ask for the current progress) but it should be fine because at least we won't create a lease for the new network with a future instance. There's still an ABA problem if we rapidly switch back and forth between two networks but... let's just not do that? At least for the mainnet switchover, that won't be an issue because we enforce a 900 epoch silence period. I have to say, I'm not happy about this. But... we can probably just hard-code it in the future once we get rid of the dynamic manifest. * Handle not ready error gracefully in participator Back off and get a fresh token if F3 is not ready. --------- Co-authored-by: Steven Allen <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The current API does not prevent equivocations if requests are mirrored
The text was updated successfully, but these errors were encountered: