permanently disables durable nonces with chain blockhash domain #25788
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
behzadnouri
force-pushed
the
disable-legacy-nonce
branch
3 times, most recently
from
e02e4b8
to
2aa987c
Compare
behzadnouri
added a commit
to behzadnouri/solana
that referenced
this pull request
Jun 5, 2022
solana-labs#25788 permanently disables durable transactions with legacy nonce versions wich are within chain blockhash domain. This commit adds a new system instruction for a one-time idempotent upgrade of legacy nonce accounts in order to bump them out of chain blockhash domain.
behzadnouri
added a commit
to behzadnouri/solana
that referenced
this pull request
Jun 5, 2022
solana-labs#25788 permanently disables durable transactions with legacy nonce versions which are within chain blockhash domain. This commit adds a new system instruction for a one-time idempotent upgrade of legacy nonce accounts in order to bump them out of chain blockhash domain.
behzadnouri
added a commit
to behzadnouri/solana
that referenced
this pull request
Jun 5, 2022
solana-labs#25788 permanently disables durable transactions with legacy nonce versions which are within chain blockhash domain. This commit adds a new system instruction for a one-time idempotent upgrade of legacy nonce accounts in order to bump them out of chain blockhash domain.
jstarry
reviewed
Jun 5, 2022
behzadnouri
force-pushed
the
disable-legacy-nonce
branch
from
2aa987c
to
799a60e
Compare
behzadnouri
added a commit
to behzadnouri/solana
that referenced
this pull request
Jun 6, 2022
solana-labs#25788 permanently disables durable transactions with legacy nonce versions which are within chain blockhash domain. This commit adds a new system instruction for a one-time idempotent upgrade of legacy nonce accounts in order to bump them out of chain blockhash domain.
behzadnouri
added a commit
to behzadnouri/solana
that referenced
this pull request
Jun 6, 2022
solana-labs#25788 permanently disables durable transactions with legacy nonce versions which are within chain blockhash domain. This commit adds a new system instruction for a one-time idempotent upgrade of legacy nonce accounts in order to bump them out of chain blockhash domain.
behzadnouri
requested review from
CriesofCarrots,
jstarry,
mvines,
ryoqun,
sakridge and
t-nelson
behzadnouri
force-pushed
the
disable-legacy-nonce
branch
from
799a60e
to
8a6eec3
Compare
behzadnouri
commented
Jun 6, 2022
Comment on lines
600
to
611
| if !nonce_account::verify_nonce_account(&nonce_account, &durable_nonce) | ||
| && signature_status.is_none() | ||
| && expired | ||
| { |
There was a problem hiding this comment.
This condition is weird; shouldn't these be || instead of &&?
cc @CriesofCarrots
There was a problem hiding this comment.
The intent is to retry sending nonce transactions until the nonce is advanced or the last_valid_block_height passed in from rpc is reached.
If the nonce has been advanced, but signature_status.is_some(), the service keeps the transaction to check status until it's rooted (handled in signature_status match below), so that's why the initial &&
The expired clause was added by @lijunwangs ; he might be able to explain it faster.
There was a problem hiding this comment.
This logic ensures the nonce transaction to have allocated time to finish before being dropped altogether. Without this check, the transaction might be dropped as expired whenever the retry loop is run even right after the transaction was sent in the send thread.
There was a problem hiding this comment.
Mm, to confirm, you were seeing situations where the nonce had been advanced from a successful transaction but the signature_status wasn't available yet?
There was a problem hiding this comment.
I am still not sure why we keep onto the transaction even if verify_nonce_account returns false?
There was a problem hiding this comment.
verify_nonce_account returns false when the nonce has been advanced, which happens on both successful and failed durable-nonce transactions.
I think @lijunwangs is saying he saw instances where a successful tx would return None for the check on L592 because the signature wasn't yet available, but where the nonce had already been advanced by the time verify_nonce_account ran on L600, which means the tx should have been preserved to be checked until root. But best for him to confirm that I'm understanding correctly.
There was a problem hiding this comment.
If the transaction did not make it to the local node yet, line 594 will return a default account, and verify_nonce_account will return false if I understand correctly. This extra "expired" check ensure we at least wait for one cycle before we determine it is expired. This was introduced to reduce any regression potential when we did refactoring in https://github.com/solana-labs/solana/pull/24083/files#diff-a3caa5df6489d5460449094b87e57398a081eb6d7feca10bf89fa5847b429251R396.
There was a problem hiding this comment.
Hmm, you're trying to preserve transactions attempting to use a nonce account that hasn't been created yet? Doesn't seem quite right. But there's really very little potential harm in the && expired check
behzadnouri
force-pushed
the
disable-legacy-nonce
branch
from
8a6eec3
to
682aa12
Compare
behzadnouri
changed the title
behzadnouri
force-pushed
the
disable-legacy-nonce
branch
from
682aa12
to
2254f96
Compare
behzadnouri
commented
Jun 6, 2022
| account.set_state(&Versions::new( | ||
| State::Initialized(new_data), | ||
| separate_domains, | ||
| )) |
There was a problem hiding this comment.
AuthorizeNonceAccount does not change the value of nonce.
So this updated code is preserving domain and not bumping nonce out of blockhash domain because otherwise it needs to change the value of durable_nonce and that is a change of behavior.
Can we change the behavior here and change the nonce as well? cc @t-nelson
There was a problem hiding this comment.
I personally think we should preserve the version and the blockhash
behzadnouri
force-pushed
the
disable-legacy-nonce
branch
2 times, most recently
from
b9196e0
to
a4a7084
Compare
behzadnouri
added a commit
to behzadnouri/solana
that referenced
this pull request
Jun 6, 2022
solana-labs#25788 permanently disables durable transactions with legacy nonce versions which are within chain blockhash domain. This commit adds a new system instruction for a one-time idempotent upgrade of legacy nonce accounts in order to bump them out of chain blockhash domain.
behzadnouri
added a commit
to behzadnouri/solana
that referenced
this pull request
Jun 6, 2022
…ions solana-labs#25788 permanently disables durable transactions with legacy nonce versions which are within chain blockhash domain. This commit adds a new system instruction for a one-time idempotent upgrade of legacy nonce accounts in order to bump them out of chain blockhash domain.
behzadnouri
added a commit
to behzadnouri/solana
that referenced
this pull request
Jun 6, 2022
solana-labs#25788 permanently disables durable transactions with legacy nonce versions which are within chain blockhash domain. This commit adds a new system instruction for a one-time idempotent upgrade of legacy nonce accounts in order to bump them out of chain blockhash domain.
mergify bot
pushed a commit
that referenced
this pull request
Jun 9, 2022
#25744 separated durable nonce and blockhash domains, which will stop double execution going forward. However it is possible that a durable transaction has *already* been executed once as a normal transaction and it is now a valid durable transaction. #25744 cannot stop such transactions to be re-executed until the nonce accounts are advanced. This commit adds a new nonce version indicating that the nonce is moved out of the blockhash domain, and permanently disables durable transactions for legacy nonces which are in the blockhash domain. (cherry picked from commit 3c1ce3c) # Conflicts: # cli/src/nonce.rs # rpc/src/rpc.rs # runtime/src/nonce_keyed_account.rs # runtime/src/system_instruction_processor.rs # sdk/program/src/nonce/state/current.rs # send-transaction-service/src/send_transaction_service.rs
mergify bot
pushed a commit
that referenced
this pull request
Jun 9, 2022
#25744 separated durable nonce and blockhash domains, which will stop double execution going forward. However it is possible that a durable transaction has *already* been executed once as a normal transaction and it is now a valid durable transaction. #25744 cannot stop such transactions to be re-executed until the nonce accounts are advanced. This commit adds a new nonce version indicating that the nonce is moved out of the blockhash domain, and permanently disables durable transactions for legacy nonces which are in the blockhash domain. (cherry picked from commit 3c1ce3c) # Conflicts: # runtime/src/nonce_keyed_account.rs # sdk/program/src/nonce/state/current.rs
behzadnouri
added a commit
to behzadnouri/solana
that referenced
this pull request
Jun 9, 2022
solana-labs#25788 permanently disables durable transactions with legacy nonce versions which are within chain blockhash domain. This commit adds a new system instruction for a one-time idempotent upgrade of legacy nonce accounts in order to bump them out of chain blockhash domain.
mergify bot
added a commit
that referenced
this pull request
Jun 9, 2022
…port #25788) (#25872) * permanently disables durable nonces with chain blockhash domain (#25788) #25744 separated durable nonce and blockhash domains, which will stop double execution going forward. However it is possible that a durable transaction has *already* been executed once as a normal transaction and it is now a valid durable transaction. #25744 cannot stop such transactions to be re-executed until the nonce accounts are advanced. This commit adds a new nonce version indicating that the nonce is moved out of the blockhash domain, and permanently disables durable transactions for legacy nonces which are in the blockhash domain. (cherry picked from commit 3c1ce3c) # Conflicts: # runtime/src/nonce_keyed_account.rs # sdk/program/src/nonce/state/current.rs * removes mergify merge conflicts Co-authored-by: behzad nouri <[email protected]>
mergify bot
added a commit
that referenced
this pull request
Jun 9, 2022
…port #25788) (#25871) * permanently disables durable nonces with chain blockhash domain (#25788) #25744 separated durable nonce and blockhash domains, which will stop double execution going forward. However it is possible that a durable transaction has *already* been executed once as a normal transaction and it is now a valid durable transaction. #25744 cannot stop such transactions to be re-executed until the nonce accounts are advanced. This commit adds a new nonce version indicating that the nonce is moved out of the blockhash domain, and permanently disables durable transactions for legacy nonces which are in the blockhash domain. (cherry picked from commit 3c1ce3c) # Conflicts: # cli/src/nonce.rs # rpc/src/rpc.rs # runtime/src/nonce_keyed_account.rs # runtime/src/system_instruction_processor.rs # sdk/program/src/nonce/state/current.rs # send-transaction-service/src/send_transaction_service.rs * removes mergify merge conflicts Co-authored-by: behzad nouri <[email protected]>
behzadnouri
added a commit
to behzadnouri/solana
that referenced
this pull request
Jun 9, 2022
solana-labs#25788 permanently disables durable transactions with legacy nonce versions which are within chain blockhash domain. This commit adds a new system instruction for a one-time idempotent upgrade of legacy nonce accounts in order to bump them out of chain blockhash domain.
behzadnouri
added a commit
to behzadnouri/solana
that referenced
this pull request
Jun 9, 2022
solana-labs#25788 permanently disables durable transactions with legacy nonce versions which are within chain blockhash domain. This commit adds a new system instruction for a one-time idempotent upgrade of legacy nonce accounts in order to bump them out of chain blockhash domain.
mergify bot
pushed a commit
that referenced
this pull request
Jun 10, 2022
…#25789) #25788 permanently disables durable transactions with legacy nonce versions which are within chain blockhash domain. This commit adds a new system instruction for a one-time idempotent upgrade of legacy nonce accounts in order to bump them out of chain blockhash domain. (cherry picked from commit b419031) # Conflicts: # runtime/src/system_instruction_processor.rs # sdk/program/src/system_instruction.rs # web3.js/src/system-program.ts
mergify bot
pushed a commit
that referenced
this pull request
Jun 10, 2022
…#25789) #25788 permanently disables durable transactions with legacy nonce versions which are within chain blockhash domain. This commit adds a new system instruction for a one-time idempotent upgrade of legacy nonce accounts in order to bump them out of chain blockhash domain. (cherry picked from commit b419031) # Conflicts: # sdk/program/src/system_instruction.rs # web3.js/src/system-program.ts
denispalab
pushed a commit
to solana-labs/solana-web3.js
that referenced
this pull request
Jun 10, 2022
… (#25789) solana-labs/solana#25788 permanently disables durable transactions with legacy nonce versions which are within chain blockhash domain. This commit adds a new system instruction for a one-time idempotent upgrade of legacy nonce accounts in order to bump them out of chain blockhash domain.
behzadnouri
added a commit
that referenced
this pull request
Jun 10, 2022
…5789) (#25890) * feat(nonce): adds system instruction to upgrade legacy nonce versions (#25789) #25788 permanently disables durable transactions with legacy nonce versions which are within chain blockhash domain. This commit adds a new system instruction for a one-time idempotent upgrade of legacy nonce accounts in order to bump them out of chain blockhash domain. (cherry picked from commit b419031) # Conflicts: # runtime/src/system_instruction_processor.rs # sdk/program/src/system_instruction.rs # web3.js/src/system-program.ts * removes mergify merge conflicts * backport UpgradeNonceAccount Co-authored-by: behzad nouri <[email protected]>
behzadnouri
added a commit
that referenced
this pull request
Jun 10, 2022
…5789) (#25891) * feat(nonce): adds system instruction to upgrade legacy nonce versions (#25789) #25788 permanently disables durable transactions with legacy nonce versions which are within chain blockhash domain. This commit adds a new system instruction for a one-time idempotent upgrade of legacy nonce accounts in order to bump them out of chain blockhash domain. (cherry picked from commit b419031) # Conflicts: # sdk/program/src/system_instruction.rs # web3.js/src/system-program.ts * removes mergify merge conflicts * backport UpgradeNonceAccount Co-authored-by: behzad nouri <[email protected]>
jeffwashington
pushed a commit
to jeffwashington/solana
that referenced
this pull request
Jun 27, 2022
…na-labs#25788) solana-labs#25744 separated durable nonce and blockhash domains, which will stop double execution going forward. However it is possible that a durable transaction has *already* been executed once as a normal transaction and it is now a valid durable transaction. solana-labs#25744 cannot stop such transactions to be re-executed until the nonce accounts are advanced. This commit adds a new nonce version indicating that the nonce is moved out of the blockhash domain, and permanently disables durable transactions for legacy nonces which are in the blockhash domain.
jeffwashington
pushed a commit
to jeffwashington/solana
that referenced
this pull request
Jun 28, 2022
…na-labs#25788) solana-labs#25744 separated durable nonce and blockhash domains, which will stop double execution going forward. However it is possible that a durable transaction has *already* been executed once as a normal transaction and it is now a valid durable transaction. solana-labs#25744 cannot stop such transactions to be re-executed until the nonce accounts are advanced. This commit adds a new nonce version indicating that the nonce is moved out of the blockhash domain, and permanently disables durable transactions for legacy nonces which are in the blockhash domain.
jeffwashington
pushed a commit
to jeffwashington/solana
that referenced
this pull request
Jun 28, 2022
…na-labs#25788) solana-labs#25744 separated durable nonce and blockhash domains, which will stop double execution going forward. However it is possible that a durable transaction has *already* been executed once as a normal transaction and it is now a valid durable transaction. solana-labs#25744 cannot stop such transactions to be re-executed until the nonce accounts are advanced. This commit adds a new nonce version indicating that the nonce is moved out of the blockhash domain, and permanently disables durable transactions for legacy nonces which are in the blockhash domain.
jeffwashington
pushed a commit
to jeffwashington/solana
that referenced
this pull request
Jun 28, 2022
…na-labs#25788) solana-labs#25744 separated durable nonce and blockhash domains, which will stop double execution going forward. However it is possible that a durable transaction has *already* been executed once as a normal transaction and it is now a valid durable transaction. solana-labs#25744 cannot stop such transactions to be re-executed until the nonce accounts are advanced. This commit adds a new nonce version indicating that the nonce is moved out of the blockhash domain, and permanently disables durable transactions for legacy nonces which are in the blockhash domain.
jeffwashington
pushed a commit
to jeffwashington/solana
that referenced
this pull request
Jun 28, 2022
…na-labs#25788) solana-labs#25744 separated durable nonce and blockhash domains, which will stop double execution going forward. However it is possible that a durable transaction has *already* been executed once as a normal transaction and it is now a valid durable transaction. solana-labs#25744 cannot stop such transactions to be re-executed until the nonce accounts are advanced. This commit adds a new nonce version indicating that the nonce is moved out of the blockhash domain, and permanently disables durable transactions for legacy nonces which are in the blockhash domain.
jeffwashington
pushed a commit
to jeffwashington/solana
that referenced
this pull request
Jun 28, 2022
…na-labs#25788) solana-labs#25744 separated durable nonce and blockhash domains, which will stop double execution going forward. However it is possible that a durable transaction has *already* been executed once as a normal transaction and it is now a valid durable transaction. solana-labs#25744 cannot stop such transactions to be re-executed until the nonce accounts are advanced. This commit adds a new nonce version indicating that the nonce is moved out of the blockhash domain, and permanently disables durable transactions for legacy nonces which are in the blockhash domain.
jeffwashington
pushed a commit
to jeffwashington/solana
that referenced
this pull request
Jun 28, 2022
…na-labs#25788) solana-labs#25744 separated durable nonce and blockhash domains, which will stop double execution going forward. However it is possible that a durable transaction has *already* been executed once as a normal transaction and it is now a valid durable transaction. solana-labs#25744 cannot stop such transactions to be re-executed until the nonce accounts are advanced. This commit adds a new nonce version indicating that the nonce is moved out of the blockhash domain, and permanently disables durable transactions for legacy nonces which are in the blockhash domain.
jeffwashington
pushed a commit
to jeffwashington/solana
that referenced
this pull request
Jun 28, 2022
…na-labs#25788) solana-labs#25744 separated durable nonce and blockhash domains, which will stop double execution going forward. However it is possible that a durable transaction has *already* been executed once as a normal transaction and it is now a valid durable transaction. solana-labs#25744 cannot stop such transactions to be re-executed until the nonce accounts are advanced. This commit adds a new nonce version indicating that the nonce is moved out of the blockhash domain, and permanently disables durable transactions for legacy nonces which are in the blockhash domain.
jeffwashington
pushed a commit
to jeffwashington/solana
that referenced
this pull request
Jun 29, 2022
…na-labs#25788) solana-labs#25744 separated durable nonce and blockhash domains, which will stop double execution going forward. However it is possible that a durable transaction has *already* been executed once as a normal transaction and it is now a valid durable transaction. solana-labs#25744 cannot stop such transactions to be re-executed until the nonce accounts are advanced. This commit adds a new nonce version indicating that the nonce is moved out of the blockhash domain, and permanently disables durable transactions for legacy nonces which are in the blockhash domain.
jeffwashington
pushed a commit
to jeffwashington/solana
that referenced
this pull request
Jun 29, 2022
…na-labs#25788) solana-labs#25744 separated durable nonce and blockhash domains, which will stop double execution going forward. However it is possible that a durable transaction has *already* been executed once as a normal transaction and it is now a valid durable transaction. solana-labs#25744 cannot stop such transactions to be re-executed until the nonce accounts are advanced. This commit adds a new nonce version indicating that the nonce is moved out of the blockhash domain, and permanently disables durable transactions for legacy nonces which are in the blockhash domain.
jeffwashington
pushed a commit
to jeffwashington/solana
that referenced
this pull request
Jun 29, 2022
…na-labs#25788) solana-labs#25744 separated durable nonce and blockhash domains, which will stop double execution going forward. However it is possible that a durable transaction has *already* been executed once as a normal transaction and it is now a valid durable transaction. solana-labs#25744 cannot stop such transactions to be re-executed until the nonce accounts are advanced. This commit adds a new nonce version indicating that the nonce is moved out of the blockhash domain, and permanently disables durable transactions for legacy nonces which are in the blockhash domain.
joncinque
pushed a commit
to joncinque/system
that referenced
this pull request
Nov 1, 2024
… (#25789) solana-labs/solana#25788 permanently disables durable transactions with legacy nonce versions which are within chain blockhash domain. This commit adds a new system instruction for a one-time idempotent upgrade of legacy nonce accounts in order to bump them out of chain blockhash domain.
joncinque
pushed a commit
to solana-program/system
that referenced
this pull request
Nov 1, 2024
… (#25789) solana-labs/solana#25788 permanently disables durable transactions with legacy nonce versions which are within chain blockhash domain. This commit adds a new system instruction for a one-time idempotent upgrade of legacy nonce accounts in order to bump them out of chain blockhash domain.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Problem
#25744
separated durable nonce and blockhash domains, which will stop double
execution going forward. However it is possible that a durable
transaction has already been executed once as a normal transaction and
it is now a valid durable transaction. #25744 cannot stop such
transactions to be re-executed until the nonce accounts are advanced.
Summary of Changes
This commit adds a new nonce version indicating that the nonce is moved
out of blockhash domain, and permanently disables durable transactions
for legacy nonces which are in blockhash domain.