feat: validator authenticate on-demand request by disperser key #1539
Conversation
hopeyen
force-pushed
the
hope/on-demand-check
branch
from
1e0b820 to
8928e15
Compare
| return nil, api.NewErrorInvalidArg("on-demand payments are only allowed for EigenLabsDisperser") | ||
| } | ||
| } | ||
| } |
There was a problem hiding this comment.
Before this, do we check that the ondemand blobs we're from EigenLabsDisperser by checking the signature or something ?
There was a problem hiding this comment.
yep! in AuthenticateStoreChunksRequest on L131 we authenticate the signature first to make sure it is a registered disperser
There was a problem hiding this comment.
Arguably, we can move this check in the AuthenticateStoreChunksRequest right ? Cause it has the registered disperser and signature check.
| @@ -277,3 +277,7 @@ func (m *Meterer) IncrementGlobalBinUsage(ctx context.Context, symbolsCharged ui | |||
| func (m *Meterer) GetReservationBinLimit(reservation *core.ReservedPayment, reservationWindow uint64) uint64 { | |||
| return reservation.SymbolsPerSecond * reservationWindow | |||
| } | |||
|
|
|||
| func IsOnDemandPayment(paymentMetadata *core.PaymentMetadata) bool { | |||
| return paymentMetadata.CumulativePayment.Cmp(big.NewInt(0)) > 0 | |||
There was a problem hiding this comment.
The reservation_period should be unset as well?
There was a problem hiding this comment.
I don't think we need this check with similar reason in #1536 comment
There was a problem hiding this comment.
So on demand payment will not have cumulative payment ?
node/grpc/server_v2.go
Outdated
| if meterer.IsOnDemandPayment(&blob.BlobHeader.PaymentMetadata) { | ||
| // Batch contains on-demand payments, so the chunk must be from EigenLabsDisperser | ||
| if in.DisperserID != api.EigenLabsDisperserID { | ||
| return nil, api.NewErrorInvalidArg("on-demand payments are only allowed for EigenLabsDisperser") |
There was a problem hiding this comment.
would be helpful to pinpoint the blob that's on-demand but via a non-eigen disperser in error log
There was a problem hiding this comment.
yes! would be. I will add
disperser/apiserver/server_v2.go
Outdated
| @@ -170,6 +170,7 @@ func (s *DispersalServerV2) Start(ctx context.Context) error { | |||
| for { | |||
| select { | |||
| case <-ticker.C: | |||
| s.logger.Debug("Refreshing onchain quorum state", "onchainState", s.onchainState.Load()) | |||
There was a problem hiding this comment.
nit: Is this intentionally logging the state prior to the refresh? A bit confusing to me as I'd interpret this as the state after the refresh if this showed up in the logs
There was a problem hiding this comment.
Ah, makes sense. moved down
| @@ -145,6 +143,15 @@ func (s *ServerV2) StoreChunks(ctx context.Context, in *pb.StoreChunksRequest) ( | |||
| if err != nil { | |||
| return nil, api.NewErrorInvalidArg(fmt.Sprintf("failed to verify request: %v", err)) | |||
| } | |||
| // TODO: move to blob authenticator later | |||
| for _, blob := range batch.BlobCertificates { | |||
There was a problem hiding this comment.
Should metering logic be gated behind the permissionless disperser feature flag?
There was a problem hiding this comment.
There's no metering logic, just a filter for whether the node should serve the ondemand request from a certain disperser. If the disperser is not EigenLabs, it will get rejected regardless of whether there's permissionless dispersers or not, so I didn't think this block should be gated by other flags
|
Need to resolve CI |
node/grpc/server_v2.go
Outdated
| if meterer.IsOnDemandPayment(&blob.BlobHeader.PaymentMetadata) { | ||
| // Batch contains on-demand payments, so the chunk must be from EigenLabsDisperser | ||
| if in.DisperserID != api.EigenLabsDisperserID { | ||
| return nil, api.NewErrorInvalidArg(fmt.Sprintf("on-demand payments are only allowed for EigenLabsDisperser; receiving disperser ID: %d", in.DisperserID)) |
There was a problem hiding this comment.
Should this be a forbidden error?
- PermissionDenied (Code 7) → HTTP 403: "the caller does not have permission to execute the specified operation"
There was a problem hiding this comment.
makes sense, updated!
* Revert "refactor: account ledger interface incorporates debit slip (#1732)" This reverts commit b4cf3d9. * Revert "fix: period record circular wrapping refresh (#1731)" This reverts commit 1091f46. * Revert "fix: disperser_client v2 nil ptr bug (#1710)" This reverts commit a5acd93. * Revert "fix: disperser_client v2 should use default onDemandQuorums (#1700)" This reverts commit 005e0a6. * Revert "refactor: unify accountant debit slip (#1695)" This reverts commit a9c0868. * Revert "feat: AccountantLedger interface for next step unifications (#1694)" This reverts commit 354e42f. * Revert "feat: extract generic payment logic (#1693)" This reverts commit 1003b98. * Revert "fix: make disperser client backwards compatible (#1686)" This reverts commit 26c612f. * Revert "fix: payment state api doesn't fail at zero valued reservations/ondemand (#1682)" This reverts commit 2031c1d. * Revert "refactor: quorum specific metrics for metered bytes (#1668)" This reverts commit 7ac688d. * Revert "feat: GetPaymentStateForAllQuorums api impl (#1664)" This reverts commit ed89588. * Revert "refactor: core meterer consolidation (#1663)" This reverts commit 319a865. * Revert "refactor: onchain state interface (#1662)" This reverts commit d795dfa. * Revert "refactor: core meterer period record module (#1661)" This reverts commit afbef90. * Revert "refactor: payment common functions (#1653)" This reverts commit 36a3d33. * Revert "fix: period index calculation (#1641)" This reverts commit c229748. * Revert "refactor: use generic column name (#1626)" This reverts commit 4d1994e. * Revert "feat: payment onchain state interface (#1625)" This reverts commit 61e46ac. * Revert "feat: offchain quorum period record getter (#1620)" This reverts commit a309139. * Revert "feat: protobuf payment state api quorum specific variant (#1613)" This reverts commit 58acdfd. * Revert "fix: nil assignment to new account (#1612)" This reverts commit bcbf9f5. * Revert "feat: offchain batch writes (#1580)" This reverts commit ce4d2f5. * Revert "feat: validator authenticate on-demand request by disperser key (#1539)" This reverts commit f545b16. * fix: issues after series of reverts (scary) * chore: add back ErrZeroSymbols error This error was likely removed by mistake during a revert conflict fix from one of the previous set of reverted PRs. * style: fix lint * test: fix accountant_test hardcoded error string * Revert "Revert "fix: period index calculation (#1641)"" This reverts commit b8767ae.
Why are these changes needed?
Validators should only accept ondemand requests from the EigenLabs disperser.
The key has already been authenticated at the step of the check.
If batch request contains any blob with ondemand payment but the batch didn't come from EigenLabs disperser, then validator rejects.
Checks