Merge commit '392447f5c8f986ded2559a78457f4cd87942f393' into update-bridges-subtree-r/w

2026-05-31 12:11:02 +00:00 · 2021-12-01 09:46:14 +01:00
parent e16f71b7b6 392447f5c8
commit 5228731ae8
321 changed files with 28385 additions and 10466 deletions
@@ -18,7 +18,8 @@

 use bitvec::prelude::*;
 use bp_messages::{
-	DeliveredMessages, DispatchResultsBitVec, LaneId, MessageData, MessageNonce, OutboundLaneData, UnrewardedRelayer,
+	DeliveredMessages, DispatchResultsBitVec, LaneId, MessageData, MessageNonce, OutboundLaneData,
+	UnrewardedRelayer,
 };
 use frame_support::RuntimeDebug;
 use sp_std::collections::vec_deque::VecDeque;
@@ -49,7 +50,7 @@ pub enum ReceivalConfirmationResult {
 	/// New messages have been confirmed by the confirmation transaction.
 	ConfirmedMessages(DeliveredMessages),
 	/// Confirmation transaction brings no new confirmation. This may be a result of relayer
-	/// error or several relayers runnng.
+	/// error or several relayers running.
 	NoNewConfirmations,
 	/// Bridged chain is trying to confirm more messages than we have generated. May be a result
 	/// of invalid bridged chain storage.
@@ -57,12 +58,14 @@ pub enum ReceivalConfirmationResult {
 	/// The unrewarded relayers vec contains an empty entry. May be a result of invalid bridged
 	/// chain storage.
 	EmptyUnrewardedRelayerEntry,
-	/// The unrewarded relayers vec contains non-consecutive entries. May be a result of invalid bridged
-	/// chain storage.
+	/// The unrewarded relayers vec contains non-consecutive entries. May be a result of invalid
+	/// bridged chain storage.
 	NonConsecutiveUnrewardedRelayerEntries,
-	/// The unrewarded relayers vec contains entry with mismatched number of dispatch results. May be
-	/// a result of invalid bridged chain storage.
+	/// The unrewarded relayers vec contains entry with mismatched number of dispatch results. May
+	/// be a result of invalid bridged chain storage.
 	InvalidNumberOfDispatchResults,
+	/// The chain has more messages that need to be confirmed than there is in the proof.
+	TryingToConfirmMoreMessagesThanExpected(MessageNonce),
 }

 /// Outbound messages lane.
@@ -98,30 +101,44 @@ impl<S: OutboundLaneStorage> OutboundLane<S> {
 	/// Confirm messages delivery.
 	pub fn confirm_delivery<RelayerId>(
 		&mut self,
-		latest_received_nonce: MessageNonce,
+		max_allowed_messages: MessageNonce,
+		latest_delivered_nonce: MessageNonce,
 		relayers: &VecDeque<UnrewardedRelayer<RelayerId>>,
 	) -> ReceivalConfirmationResult {
 		let mut data = self.storage.data();
-		if latest_received_nonce <= data.latest_received_nonce {
-			return ReceivalConfirmationResult::NoNewConfirmations;
+		if latest_delivered_nonce <= data.latest_received_nonce {
+			return ReceivalConfirmationResult::NoNewConfirmations
 		}
-		if latest_received_nonce > data.latest_generated_nonce {
-			return ReceivalConfirmationResult::FailedToConfirmFutureMessages;
+		if latest_delivered_nonce > data.latest_generated_nonce {
+			return ReceivalConfirmationResult::FailedToConfirmFutureMessages
+		}
+		if latest_delivered_nonce - data.latest_received_nonce > max_allowed_messages {
+			// that the relayer has declared correct number of messages that the proof contains (it
+			// is checked outside of the function). But it may happen (but only if this/bridged
+			// chain storage is corrupted, though) that the actual number of confirmed messages if
+			// larger than declared. This would mean that 'reward loop' will take more time than the
+			// weight formula accounts, so we can't allow that.
+			return ReceivalConfirmationResult::TryingToConfirmMoreMessagesThanExpected(
+				latest_delivered_nonce - data.latest_received_nonce,
+			)
 		}

-		let dispatch_results =
-			match extract_dispatch_results(data.latest_received_nonce, latest_received_nonce, relayers) {
-				Ok(dispatch_results) => dispatch_results,
-				Err(extract_error) => return extract_error,
-			};
+		let dispatch_results = match extract_dispatch_results(
+			data.latest_received_nonce,
+			latest_delivered_nonce,
+			relayers,
+		) {
+			Ok(dispatch_results) => dispatch_results,
+			Err(extract_error) => return extract_error,
+		};

 		let prev_latest_received_nonce = data.latest_received_nonce;
-		data.latest_received_nonce = latest_received_nonce;
+		data.latest_received_nonce = latest_delivered_nonce;
 		self.storage.set_data(data);

 		ReceivalConfirmationResult::ConfirmedMessages(DeliveredMessages {
 			begin: prev_latest_received_nonce + 1,
-			end: latest_received_nonce,
+			end: latest_delivered_nonce,
 			dispatch_results,
 		})
 	}
@@ -133,7 +150,9 @@ impl<S: OutboundLaneStorage> OutboundLane<S> {
 		let mut pruned_messages = 0;
 		let mut anything_changed = false;
 		let mut data = self.storage.data();
-		while pruned_messages < max_messages_to_prune && data.oldest_unpruned_nonce <= data.latest_received_nonce {
+		while pruned_messages < max_messages_to_prune &&
+			data.oldest_unpruned_nonce <= data.latest_received_nonce
+		{
 			self.storage.remove_message(&data.oldest_unpruned_nonce);

 			anything_changed = true;
@@ -158,9 +177,10 @@ fn extract_dispatch_results<RelayerId>(
 	latest_received_nonce: MessageNonce,
 	relayers: &VecDeque<UnrewardedRelayer<RelayerId>>,
 ) -> Result<DispatchResultsBitVec, ReceivalConfirmationResult> {
-	// the only caller of this functions checks that the prev_latest_received_nonce..=latest_received_nonce
-	// is valid, so we're ready to accept messages in this range
-	// => with_capacity call must succeed here or we'll be unable to receive confirmations at all
+	// the only caller of this functions checks that the
+	// prev_latest_received_nonce..=latest_received_nonce is valid, so we're ready to accept
+	// messages in this range => with_capacity call must succeed here or we'll be unable to receive
+	// confirmations at all
 	let mut received_dispatch_result =
 		BitVec::with_capacity((latest_received_nonce - prev_latest_received_nonce + 1) as _);
 	let mut last_entry_end: Option<MessageNonce> = None;
@@ -168,43 +188,48 @@ fn extract_dispatch_results<RelayerId>(
 		// unrewarded relayer entry must have at least 1 unconfirmed message
 		// (guaranteed by the `InboundLane::receive_message()`)
 		if entry.messages.end < entry.messages.begin {
-			return Err(ReceivalConfirmationResult::EmptyUnrewardedRelayerEntry);
+			return Err(ReceivalConfirmationResult::EmptyUnrewardedRelayerEntry)
 		}
 		// every entry must confirm range of messages that follows previous entry range
 		// (guaranteed by the `InboundLane::receive_message()`)
 		if let Some(last_entry_end) = last_entry_end {
 			let expected_entry_begin = last_entry_end.checked_add(1);
 			if expected_entry_begin != Some(entry.messages.begin) {
-				return Err(ReceivalConfirmationResult::NonConsecutiveUnrewardedRelayerEntries);
+				return Err(ReceivalConfirmationResult::NonConsecutiveUnrewardedRelayerEntries)
 			}
 		}
 		last_entry_end = Some(entry.messages.end);
 		// entry can't confirm messages larger than `inbound_lane_data.latest_received_nonce()`
 		// (guaranteed by the `InboundLane::receive_message()`)
 		if entry.messages.end > latest_received_nonce {
-			// technically this will be detected in the next loop iteration as `InvalidNumberOfDispatchResults`
-			// but to guarantee safety of loop operations below this is detected now
-			return Err(ReceivalConfirmationResult::FailedToConfirmFutureMessages);
+			// technically this will be detected in the next loop iteration as
+			// `InvalidNumberOfDispatchResults` but to guarantee safety of loop operations below
+			// this is detected now
+			return Err(ReceivalConfirmationResult::FailedToConfirmFutureMessages)
 		}
 		// entry must have single dispatch result for every message
 		// (guaranteed by the `InboundLane::receive_message()`)
-		if entry.messages.dispatch_results.len() as MessageNonce != entry.messages.end - entry.messages.begin + 1 {
-			return Err(ReceivalConfirmationResult::InvalidNumberOfDispatchResults);
+		if entry.messages.dispatch_results.len() as MessageNonce !=
+			entry.messages.end - entry.messages.begin + 1
+		{
+			return Err(ReceivalConfirmationResult::InvalidNumberOfDispatchResults)
 		}

 		// now we know that the entry is valid
 		// => let's check if it brings new confirmations
-		let new_messages_begin = sp_std::cmp::max(entry.messages.begin, prev_latest_received_nonce + 1);
+		let new_messages_begin =
+			sp_std::cmp::max(entry.messages.begin, prev_latest_received_nonce + 1);
 		let new_messages_end = sp_std::cmp::min(entry.messages.end, latest_received_nonce);
 		let new_messages_range = new_messages_begin..=new_messages_end;
 		if new_messages_range.is_empty() {
-			continue;
+			continue
 		}

 		// now we know that entry brings new confirmations
 		// => let's extract dispatch results
 		received_dispatch_result.extend_from_bitslice(
-			&entry.messages.dispatch_results[(new_messages_begin - entry.messages.begin) as usize..],
+			&entry.messages.dispatch_results
+				[(new_messages_begin - entry.messages.begin) as usize..],
 		);
 	}

@@ -215,12 +240,17 @@ fn extract_dispatch_results<RelayerId>(
 mod tests {
 	use super::*;
 	use crate::{
-		mock::{message_data, run_test, unrewarded_relayer, TestRelayer, TestRuntime, REGULAR_PAYLOAD, TEST_LANE_ID},
+		mock::{
+			message_data, run_test, unrewarded_relayer, TestRelayer, TestRuntime, REGULAR_PAYLOAD,
+			TEST_LANE_ID,
+		},
 		outbound_lane,
 	};
 	use sp_std::ops::RangeInclusive;

-	fn unrewarded_relayers(nonces: RangeInclusive<MessageNonce>) -> VecDeque<UnrewardedRelayer<TestRelayer>> {
+	fn unrewarded_relayers(
+		nonces: RangeInclusive<MessageNonce>,
+	) -> VecDeque<UnrewardedRelayer<TestRelayer>> {
 		vec![unrewarded_relayer(*nonces.start(), *nonces.end(), 0)]
 			.into_iter()
 			.collect()
@@ -245,7 +275,7 @@ mod tests {
 			lane.send_message(message_data(REGULAR_PAYLOAD));
 			assert_eq!(lane.storage.data().latest_generated_nonce, 3);
 			assert_eq!(lane.storage.data().latest_received_nonce, 0);
-			let result = lane.confirm_delivery(latest_received_nonce, relayers);
+			let result = lane.confirm_delivery(3, latest_received_nonce, relayers);
 			assert_eq!(lane.storage.data().latest_generated_nonce, 3);
 			assert_eq!(lane.storage.data().latest_received_nonce, 0);
 			result
@@ -273,7 +303,7 @@ mod tests {
 			assert_eq!(lane.storage.data().latest_generated_nonce, 3);
 			assert_eq!(lane.storage.data().latest_received_nonce, 0);
 			assert_eq!(
-				lane.confirm_delivery(3, &unrewarded_relayers(1..=3)),
+				lane.confirm_delivery(3, 3, &unrewarded_relayers(1..=3)),
 				ReceivalConfirmationResult::ConfirmedMessages(delivered_messages(1..=3)),
 			);
 			assert_eq!(lane.storage.data().latest_generated_nonce, 3);
@@ -291,18 +321,18 @@ mod tests {
 			assert_eq!(lane.storage.data().latest_generated_nonce, 3);
 			assert_eq!(lane.storage.data().latest_received_nonce, 0);
 			assert_eq!(
-				lane.confirm_delivery(3, &unrewarded_relayers(1..=3)),
+				lane.confirm_delivery(3, 3, &unrewarded_relayers(1..=3)),
 				ReceivalConfirmationResult::ConfirmedMessages(delivered_messages(1..=3)),
 			);
 			assert_eq!(
-				lane.confirm_delivery(3, &unrewarded_relayers(1..=3)),
+				lane.confirm_delivery(3, 3, &unrewarded_relayers(1..=3)),
 				ReceivalConfirmationResult::NoNewConfirmations,
 			);
 			assert_eq!(lane.storage.data().latest_generated_nonce, 3);
 			assert_eq!(lane.storage.data().latest_received_nonce, 3);

 			assert_eq!(
-				lane.confirm_delivery(2, &unrewarded_relayers(1..=1)),
+				lane.confirm_delivery(1, 2, &unrewarded_relayers(1..=1)),
 				ReceivalConfirmationResult::NoNewConfirmations,
 			);
 			assert_eq!(lane.storage.data().latest_generated_nonce, 3);
@@ -393,18 +423,40 @@ mod tests {
 			assert_eq!(lane.storage.data().oldest_unpruned_nonce, 1);
 			// after confirmation, some messages are received
 			assert_eq!(
-				lane.confirm_delivery(2, &unrewarded_relayers(1..=2)),
+				lane.confirm_delivery(2, 2, &unrewarded_relayers(1..=2)),
 				ReceivalConfirmationResult::ConfirmedMessages(delivered_messages(1..=2)),
 			);
 			assert_eq!(lane.prune_messages(100), 2);
 			assert_eq!(lane.storage.data().oldest_unpruned_nonce, 3);
 			// after last message is confirmed, everything is pruned
 			assert_eq!(
-				lane.confirm_delivery(3, &unrewarded_relayers(3..=3)),
+				lane.confirm_delivery(1, 3, &unrewarded_relayers(3..=3)),
 				ReceivalConfirmationResult::ConfirmedMessages(delivered_messages(3..=3)),
 			);
 			assert_eq!(lane.prune_messages(100), 1);
 			assert_eq!(lane.storage.data().oldest_unpruned_nonce, 4);
 		});
 	}
+
+	#[test]
+	fn confirm_delivery_detects_when_more_than_expected_messages_are_confirmed() {
+		run_test(|| {
+			let mut lane = outbound_lane::<TestRuntime, _>(TEST_LANE_ID);
+			lane.send_message(message_data(REGULAR_PAYLOAD));
+			lane.send_message(message_data(REGULAR_PAYLOAD));
+			lane.send_message(message_data(REGULAR_PAYLOAD));
+			assert_eq!(
+				lane.confirm_delivery(0, 3, &unrewarded_relayers(1..=3)),
+				ReceivalConfirmationResult::TryingToConfirmMoreMessagesThanExpected(3),
+			);
+			assert_eq!(
+				lane.confirm_delivery(2, 3, &unrewarded_relayers(1..=3)),
+				ReceivalConfirmationResult::TryingToConfirmMoreMessagesThanExpected(3),
+			);
+			assert_eq!(
+				lane.confirm_delivery(3, 3, &unrewarded_relayers(1..=3)),
+				ReceivalConfirmationResult::ConfirmedMessages(delivered_messages(1..=3)),
+			);
+		});
+	}
 }