feat(l2): privileged transaction inclusion deadline #3427
Conversation
Lines of code reportTotal lines added: Detailed view |
crates/l2/sequencer/l1_committer.rs
Outdated
| @@ -359,7 +361,7 @@ async fn prepare_batch_from_block( | |||
|
|
|||
| // Accumulate block data with the rest of the batch. | |||
| acc_messages.extend(messages.clone()); | |||
| acc_deposits.extend(deposits.clone()); | |||
| acc_privileged_txs.extend(privileged_transactions.clone()); | |||
There was a problem hiding this comment.
acc_X needs to have an owned version. .iter().cloned() could also work though.
iovoid
force-pushed
the
feat/inclusion-deadline
branch
from
eb057fa to
848a2d5
Compare
| uint256 public constant PRIVILEGED_TX_MAX_WAIT_BEFORE_INCLUSION = 300; | ||
| /// @notice Minimum of privileged transactions that must be included to reset the deadline | ||
| /// @dev If there aren't that many pending, pendingTxHashes.length is used | ||
| uint16 public constant MIN_INCLUDED_PRIVILEGED_TX = 10; |
There was a problem hiding this comment.
Why do we use an uint16 here? What's the benefit vs simply using uint256?
There was a problem hiding this comment.
To avoid having to downcast it later. State diffs only support u16::MAX privileged transactions.
| @@ -390,6 +403,17 @@ contract OnChainProposer is | |||
| emit BatchVerified(lastVerifiedBatch); | |||
| } | |||
|
|
|||
| function _checkAndUpdateInclusionQuota(uint16 privileged_transaction_count) private { | |||
| uint256 pending_count = ICommonBridge(BRIDGE).getPendingTransactionHashes().length; | |||
| uint16 mimimum_to_include = MIN_INCLUDED_PRIVILEGED_TX > pending_count ? uint16(pending_count) : MIN_INCLUDED_PRIVILEGED_TX; | |||
There was a problem hiding this comment.
This is a bit strange, pending_count is uint256, and we then cast it to uint 16. Why is that?
I'm not saying this is wrong, but I don't see the benefit vs simply setting the type to uint256 and avoid potential issues.
There was a problem hiding this comment.
Of the types:
privileged_transaction_countis necessarily an u16, because of a limitation in statediffsMIN_INCLUDED_PRIVILEGED_TXshould be an u16, to avoid accidentally setting impossible valuespending_countis necessarily an u256, becauseX.lengthreturns one. If it's less than MIN_INCLUDED_PRIVILEGED_TX, then it can be safely downcasted.
This way minimizes the number of casts and also prevents user error.
| uint256 public constant PRIVILEGED_TX_MAX_WAIT_BEFORE_INCLUSION = 300; | ||
| /// @notice Minimum of privileged transactions that must be included to reset the deadline | ||
| /// @dev If there aren't that many pending, pendingTxHashes.length is used | ||
| uint16 public constant MIN_INCLUDED_PRIVILEGED_TX = 10; |
There was a problem hiding this comment.
I think our committer, as it is now, can easily get stuck with these changes.
Let's suppose a scenario where the deadline is reached, but when the committer builds the batch, only two deposits have been made. The committer then builds the transaction, and before it is included, one more deposit is made. The transaction will revert because privileged_transaction_count < minimum_to_include, but our committer will retry forever with the same batch.
| uint256 public constant PRIVILEGED_TX_MAX_WAIT_BEFORE_INCLUSION = 300; | ||
| /// @notice Minimum of privileged transactions that must be included to reset the deadline | ||
| /// @dev If there aren't that many pending, pendingTxHashes.length is used | ||
| uint16 public constant MIN_INCLUDED_PRIVILEGED_TX = 10; |
There was a problem hiding this comment.
Does defining these constants like this force us to recompile the binaries each time we want to update them?
There was a problem hiding this comment.
Moved to the initializer in 7ebe8c0 to avoid that.
github-project-automation
bot
moved this from In Review
to Requires Changes
in ethrex_l2
docs/l2/deposits.md
Outdated
| CommonBridge ->> Sequencer: OK | ||
| Sequencer ->> CommonBridge: Sends batch of only privileged transactions | ||
| CommonBridge ->> Sequencer: OK | ||
| Note: Sequencer catches up |
There was a problem hiding this comment.
GitHub is giving me errors when parsing this line:
Unable to render rich display
| uint256 nonPrivilegedTransactions = uint256(bytes32(publicData[160:192])); | ||
| require( | ||
| ICommonBridge(BRIDGE).withinProcessingDeadline() || nonPrivilegedTransactions == 0, | ||
| "OnChainProposer: exceeded privileged transaction inclusion deadline, can't include non-privileged transactions" | ||
| ); |
There was a problem hiding this comment.
Isn't nonPrivilegedTransactions == 0 equivalent to enforcing privileged_transaction_count > 0? I think we should also file an issue to prioritize deposits in the sequencer.
There was a problem hiding this comment.
Technically, it's not the same. But isn't it better?
There was a problem hiding this comment.
No, that would only ensure at least one is being processed. We want normal ones to not advance.
Otherwise the sequencer could just send 10000 privileged transactions, include a single one per batch and stall user-made ones forever.
github-project-automation
bot
moved this from In Review
to Requires Changes
in ethrex_l2
**Motivation** To prevent the sequencer from censoring transactions, we want to force it to include at least some of them. **Description** This PR introduces a deadline after which either `INCLUSION_BATCH_SIZE` (or all pending transactions, if there are less) privileged transactions are included, or the batch is rejected. Closes lambdaclass#3230
Motivation
To prevent the sequencer from censoring transactions, we want to force it to include at least some of them.
Description
This PR introduces a deadline after which either
INCLUSION_BATCH_SIZE(or all pending transactions, if there are less) privileged transactions are included, or the batch is rejected.Closes #3230