chore: merge main branch to oracle feature branch #2022
Merged
+16,525
−3,909
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## Summary Propagate errors which occur while composer is starting up and/or running so that the will be returned by the Composer's handle. ## Background Previously, composer would only exit with an error if the collectors' or executor's status channels were closed, and then the error message did not provide detailed information about the error that occurred. Additionally, if either of the `wait_for_*` loops failed, the composer would not shut down gracefully. This change is meant to expose the first eyre report which causes the composer to shut down, and gracefully shut down in all circumstances. ## Changes - Started collector and executor `wait_for_ready` loops concurrently, and continue with graceful shutdown even if these fail. - Store the first error composer encounters, and return it after graceful shutdown. If waiting for collectors or executor fails, Composer continues so that it can ascertain the underlying error from the task which caused it. ## Testing Passing all tests ## Changelogs Changelog updated ## Related Issues closes #1833
## Summary Added more thorough unit tests for each action and revised existing unit tests as needed. ## Background Many of our actions were lacking thorough unit tests to ensure that they were succeeding and/or failing in the proper scenarios. Some had not unit tests at all. Additionally, some unit tests were incorrect or had some vestigial code regarding how fees were previously handled. ## Changes - Added unit tests for all potential successes and failures in actions, disregarding state read/write errors. - Revised existing unit tests as needed. ## Testing Passing all tests ## Changelogs Changelogs updated. ## Related Issues closes #1909
) ## Summary Changed server names to conform to Rust naming conventions. ## Background Per Rust naming conventions [here](https://github.com/rust-lang/rfcs/blob/1c590ce05d676e72e2217845ee054758d3a6df34/text/0430-finalizing-naming-conventions.md?plain=1#L46-L47) acronyms in upper camel case should be treated as words. ## Changes - Renamed `RunningABCIServer` to `RunningAbciServer`. - Renamed `RunningGrpcServer` to `RunningGrpcServer`. - Removed aliases for the handles to these types. ## Testing Passing all tests, no additional tests needed. ## Changelogs No updates required. ## Related Issues closes #1930
## Summary Update CODEOWNERS allocate by project. ## Background The previous CODEOWNERS file assigned reviews mainly by language (which is rust), which is no longer workable for a growing project leading to a) review bottlenecks, and b) unclear responsibilities over project-local styles and cognitive models on how to evolve the codebase. The present changes have a BDFL model in mind, where the CODEOWNERS get the final vote over modifications to their crates. ## Changes - Remove any `@astriaorg/rust-reviewers` from the CODEOWNERS file - Allocate crate ownership by project to @Fraser999, @noot, @SuperFluffy, and @joroshiba. - Remove the `*.rs` catchall - Assign rust-specific config files (`Cargo.toml`, and `Cargo.lock`, `rustfmt.toml`, `nextest.toml`, `rust-toolchain`, `.cargo/`) relative to CODEWONERS at the repository root to @SuperFluffy and @Fraser999 - Reassign ownership of the workflows `.github/workflows/test.yml` and `.github/workflows/lint.yml` to @Fraser999 and @SuperFluffy ## Testing Github confirms this is a valid CODEOWNERS file. Other than that this cannot be tested. ## Changelogs No updates required.
## Summary Allows restoring a geth node from a snapshot, and creating snapshots on a schedule with the option to upload them to remote storage via rclone. ## Background Spinning up a geth node from a snapshot is more ideal than syncing from genesis. We won't always have a PVC snapshot to restore from. This allows any geth node to migrate to Astria infra, and is needed to migrate Forma testnet. ## Changes - Added a restore from snapshot - snapshots can be loaded from any compatible rclone source (including local) - rclone config allow snapshots to be loaded from private sources - optional sha256 checksum to verify the snapshot after download - Added scheduled snapshot creation - Cron schedule - Retention count for # of snapshots to keep on local disk - Optional upload of snapshot to a remote destination - rclone config management via secrets ## Testing Tested on local k8s dev cluster, with and without rclone w/ an AWS S3 config
## Summary Removes a panic source in the conductor frontend by moving around the restart logic. ## Background `Conductor::run_until_stopped` contains a loop to allow restarting its backend business logic. This loop delegates to a `Conductor::restart_or_shutdown` method to execute the restart of the backend, and then immediately reenters the loop no matter a restart happened or not. While refactoring the inner conductor business logic (which lead to slightly different return values in turn affecting the blackbox test assertions) it was found that behavior can lead to the conductor backend panicking because it's being polled again even after running to completion. ## Changes - Rename `Conductor::shutdown_or_restart` to `Conductor::restart_or_shutdown` to match the enum it's branching on. - Execute the restart inside the frontend loop to not reentering it, avoiding to poll the already completed backend task. ## Testing This can't really be tested. But it does fix the panic in the refactor PR. ## Changelogs Changelogs updated.
## Summary
Makes the firm and soft readers subtasks of the main exection loop.
## Background
Making the celestia (firm) and astria (soft)
readers subtasks of the executor loop is a more
faithful representation of their dependencies:
1. the execution loop can run with either or both present.
2. but the readers cannot run without the
execution loop present (the tasks do not run at the
same level of privilege).
3. to fully initialize they the readers depend on
data provided via the execution loop (rollup genesis
info and commitment state).
This patch then spins up the readers during initialization
of the execution event loop, which allows removing a lot
of complexity from the conductor codebase:
1. the readers need not explicitly wait for the state to be
initialized but receive an already initialized state.
2. there is no need for a bespoke channel to dynamically
set permits (this was needed for dynamic backpressure
handling by setting the channel capacity after reading the
celestia variance from the rollup): a standard mpsc channel
can be instantiated and then passed to the (soft/sequencer)
reader.
executor::Initialized::run delegates to
executor::Initialized::run_event_loop to separate
the shutdown token from the other arms of the
select macro - this way, an else => {} arm can be
introduced that shuts down executor as a fallback
## Changes
- make the firm (celestia) and soft (sequencer) readers subtasks of the
executor task
- remove the `JoinMap` from the `conductor::Inner` business logic as
this is
now tracked by the executor task
- initialize the reader tasks only after the initial rollup node state
is received
- in the executor task, separate the test for shutdown token
cancellation
from its main event loop so that the `tokio::select!` macro's `else =>
{}` arm
can be used as a fallback.
- remove the bespoke `executor::channel` for dynamically setting channel
capacity at runtime (no longer necessary; the channel is initialized
later
after we know its capacity)
- simplify the `State` watch channel notifying the readers of the latest
rollup
state by removing the `StateIsInit` and `StateNotInit` markers (the
readers
now get a fully initialized watch channel).
## Testing
These changes should be transparent and not noticeable. The blackbox
tests
still pass which implies that the (tested) conductor behavior works.
## Changelogs
**NOTE**: Update before merge
Ensure all relevant changelog files are updated as necessary. See
[keepachangelog](https://keepachangelog.com/en/1.1.0/#how) for change
categories. Replace this text with e.g. "Changelogs updated." or "No
updates
required." to acknowledge changelogs have been considered.
## Related Issues
**NOTE**: Link the forma issue?
Link any issues that are related, prefer full GitHub links.
closes <!-- list any issues closed here -->
## Summary Makes the `astria_grpc_mock::mock::Times` part of the public API. ## Background Having `Times` (which itself is wrapper around `u64` or one of the Rust `Range*` types) part of the public API is useful when writing abstraction tests. ## Changes - Export `astria_grpc_mock::mock::Times` at the root of the crate. ## Testing Not applicable. The type is now available. ## Changelogs Changelogs updated.
## Summary Adds @ethanoroshiba to the `crates/astria-conductor` line in CODEOWNERS.
## Summary Adds an additional tag to docker images corresponding to the full commit hash. ## Background Manually running github actions to build a docker image was not setting the full sha hash, which argocd uses to pull images. This should always set at least the full hash to the merge commit of a PR. ## Changes Updated the docker metadata step to include an additional tag ## Testing Manually with PR commit and triggering GH action. ## Changelogs "No updates required."
) ## Summary Instructs the tracing formatting subscriber to emit span events for event construction and deletion. ## Background Developers frequently add an event at the beginning of a function to get information on whether a function is invoked. In tracing telemetry this is strictly speaking superfluous because the existence of a span already implies this information. If Astriia's services were primarily observed via an opentelemetry platform, then this issue wouldn't arise in the first place. But since events/logs are still consumed as plain text, we should mimick this behavior by emitting events when a particular unit of processing is started or finished. Note that this will lead to noisier logs, but that is a justifiable tradeoff because this information is frequently needed when debugging services. ## Changes - Change Astria's human readable trace/event output to constructs events when spans are constructed or deleted (which usually means that an instrumented function or method is invoked or finished). ## Testing These changes can be observed when running a service locally. ## Changelogs Changelog updated.
## Summary implement `BridgeTransfer` action which transfers funds from one bridge account to another. essentially, it atomically performs a `BridgeUnlock` and a `BridgeLock`. ## Background this is functionality we want and `BridgeUnlock`ing to another bridge account wouldn't create a `Deposit` correctly. the issue is that `BridgeUnlock` does not contain all the information needed to create a deposit event, namely `destination_chain_address`, so `BridgeUnlock` directly into another bridge account doesn't work as a lock. `BridgeLock` from a bridge account to another also doesn't contain the desired withdrawal information (eg `rollup_withdrawal_event_id`). an atomic `BridgeUnlock`/`BridgeLock` combo would only work if the `BridgeUnlock` unlocks the funds to itself, providing `rollup_withdrawal_event_id`, and then `BridgeLock`s to the receiving account. `BridgeUnlock` cannot go directly into a different account as the bridge would no longer be able to access it. however this seems unwieldly as opposed to just having one action which makes the intention clear. ## Changes - slightly refactor `BridgeUnlock` to move checks to their own function - also slightly refactor `BridgeLock` to move execution and `Deposit` emission to their own function - implement `BridgeTransfer` action using existing `BridgeUnlock` checks and `BridgeLock` execution logic. ## Testing unit tests ## Changelogs Changelogs updated. ## Breaking Changelist - a new action was added, which is a breaking sequencer change. ## Related Issues closes #1921
## Summary Migrates us away from using buildjet for builds towards using depot. This reduces the number of third party services we rely on for tests, and is as fast if not faster than buildjet based on recent tests.
## Summary This patch adds the Astria Auctioneer service to the monorepo. ## Background The Astria Auctioneer auctions the top of the next Rollup to the highest bidder. It receives a proposed Sequencer block[^1] via a Sequencer node's `astria.sequencerblock.optimistic.v1alpha1.OptimisticBlock` service, and forwards it to its Rollup node's `astria.auction.v1alpha1.OptimisticExecutionService` for optimistic execution by the Rollup. The executed optimistic block hash returned by the rollup triggers Auctioneer to start an auction. It then receives bids from the Rollup node's `astria.auction.v1alpha.AuctionService`, selecting the winner using a first-price mechanism. The auction winner is finally submitted to the same Sequencer node using a standard ABCI `broadcast_tx_sync` to the Sequencer network. Auctioneer does not act as a server in its own right but connects as a client to a Rollup node and to a Sequencer node. [^1]: A proposed Sequencer block is that data structure that comes out of the Astria Sequencer network's CometBFT process-proposal step. ## Changes - Add crate `crates/astria-auctioneer`. It is implemented as a simple event loop that multiplexes proposed blocks and finalized commits (from sequencer), as well as executed rollup blocks and bids (from the rollup). - Bump workspace dependency `tokio_utils` to `0.7.13` to get access to `CancellationToken::run_until_cancelled` - Rename execution APIs `astria.bundle` to `astria.auction` - Add domain type `SequencerBlockCommit` to new `astria_core::sequencerblock::optimistic::v1alpha1` submodule, following protobuf spec naming conventions (the other domain types remain exclusive to auctioneer for now). - Implement `astria_core::Protobuf` for `FilteredSequencerBlock` to get access to the wiretype name in error and log messages. - Refactor `astria_sequencer::sequencer::start_grpc_server` to `astria-sequencer::grpc::serve` - Add module `astria_sequencer::grpc::optimistic` implementing the `astria.sequencerblock.optimistic.v1alpha1.OptimisticBlock` gRPC service - Refactor `astria_sequencer::app` module to implement an `EventBus` that is used by the gRPC service to subscribe to new events (right now, only proposed blocks and commits). - Add setting `ASTRIA_SEQUENCER_NO_OPTIMISTIC_BLOCKS` to toggle the optimistic block service in Sequencer - Add chart `charts/auctioneer` - Update `charts/evm-rollup/files/genesis/geth-genesis.json` to set `astriaAuctioneerAddresses` - Update `charts/sequencer/templates/configmaps.yaml` to to set `ASTRIA_SEQUENCER_NO_OPTIMISTIC_BLOCKS` - Update `justifle` to understand how to docker-build auctioneer - Add job `auctioneer` to docker-build github workflow. ## Testing This patch does not contain blackbox tests because there currently is no support in the Rust ecosystem to easily mock streams. Smoke tests to submit a winning bid to sequencer and have it executed against geth will be done in a follow-up PR. We deployed a local setup consisting of a dedicated auctioneer flame node, the auctioneer node and a sequencer with optimistic blocks enabled. The code for auctioneer flame node can be found at astriaorg/flame#30. The auctioneer has been tested locally against this auctioneer flame node branch. We have tested the setup by sending txs to the auctioneer flame node using spamooor. We check with logs and manually query the blocks to ensure that the tx sent has end up on the top of block of the auctioneer. ## Metrics - `astria_auctioneer_block_commitments_received`: counter (the number of block commitments auctioneer received from sequencer over its runtime) - `astria_auctioneer_executed_blocks_received`: counter (the number of executed blocks auctioneer received from its connected rollup over its runtime) - `astria_auctioneer_proposed_blocks_received`: counter (the number of proposed blocks auctioneer received from sequencer over its runtime) - `astria_auctioneer_auctions_cancelled`: counter (the auctions auctioneer cancelled over its runtime because a new proposed sequencer block cancelled a previous one and thus the auction; this might include auctions for which sumissions took too long) - `astria_auctioneer_auctions_submitted`: counter (the auctions auctioneer successfully submitted over its runtime) - `astria_auctioneer_auction_bids_received`: counter (total bids received over the runtime of auctioneer) - `astria_auctioneer_auction_bids: histogram` (bids per auction labels "processed" and "dropped") - `astria_auctioneer_auction_bids_without_matching_auction`: counter (the number of bids auctioneer received without having a matching auction running over its runtime; for example because the bid contained a difference sequencer or rollup block hashes than what the auction expected) - `astria_auctioneer_winner_submission_latency` histogram (labels "success" and "error"; time from when an auction started and auctioneer received a bid for the auction) - `astria_winning_bid`: histogram (the amount that the winning bid was willing to pay) ## Changelogs Changelogs updated. ## Related Issues closes #1888 closes #1533 closes #1820 --------- Co-authored-by: itamar <[email protected]> Co-authored-by: Bharath <[email protected]> Co-authored-by: quasystaty <[email protected]>
## Summary changes to how flags condition is evaluated and used. ## Background Our current evm-rollup charts has a bug, the condition which helps configuring geth flags is not being evaluated and always acts as `true`. This PR changes the condition templating. ## Changes - conditions are now being templated based on the key value. Also makes sure this value is `true` if the condition exists. ## Testing - locally running smoke test against a cluster - using the helm command for templating: ` helm template my-chart ./charts/evm-stack -f ./dev/values/rollup/dev.yaml` ## Changelogs No updates required.
## Summary Add support to the sequencer to support running the ABCI connection over UDS instead of TCP only, updates to chart to use the UDS connection by default. ## Background Local testing found up to a 25x speed up using UDS instead of TCP loopback for ABCI communication. We can continue to offer the option of using TCP connections, and support the faster connection within our charts by default. ## Changes - mild refactor of sequencer startup to move abci server start to it's own function, mirroring grpc server setup - replace old `listen_addr` config with new `abci_listener_url` config where protocol is used to inform sequencer whether to use tcp or unix ## Testing Synced a full node with mainnet, and tested with ABCI replay. ## Changelogs Changelogs updated. ## Breaking Changelist - Removed `ASTRIA_SEQUENCER_LISTEN_ADDR` config variable, replaced with `ASTRIA_SEQUENCER_ABCI_LISTENER_URL` ## Related Issues closes #1891 --------- Co-authored-by: Richard Janis Goldschmidt <[email protected]>
## Summary Reverts a state breaking change in fee values. ## Background We added a fee variable to the middle of an enum resulting in Borsch serialization breaking for existing stored state. ## Changes - Move new enum to the end of the list ## Testing Tests to be in follow up PR ensuring we don't make such breaking changes in the future. ## Changelogs I did not make a changelog entry here since we haven't cut a release since the breaking behaivior was added.
## Summary prague and verkle heights in genesis are now configured based on the appropriate values. ## Background we have a bug in our charts where if we set an enable Cancun height, we will end up printing out a height for prague and verkle heights. ## Changes - prague and verkle heights are now set based on their values instead of cancun's. ## Testing locally by running helm template command ## Changelogs No updates required.
…mes usage (#1978) ## Summary upgrades cometbft version from `v0.38.8 -> v0.38.17 ` ## Background cometbft [v0.38.17](https://github.com/cometbft/cometbft/blob/v0.38.17/CHANGELOG.md#v03817) includes two security fixes. ## Changes - bumps cometbft version to v0.38.17 - hermes now uses serde patched image ( but in the `block_result` response) - hermes now uses pull instead of push method for events. ## Testing locally running smoke tests against a local cluster. closes #1980
## Summary auctioneer metric port name update to match `serviceMonitor` port ## Background The port name tracked by auctioneer `serviceMonitor` does not match the metric service. ## Changes - change metrics port name (`metrics -> auct-metrics`) ## Testing Tested while resolving auctioneer grafana dashboards on testnet. ## Changelogs No updates required. Note: Bumping the auctioneer chart version may also resolve an issue with our initial auctioneer chart release.
## Summary Adds a github workflow to build an auctioneer release ## Background To launch auctioneer on mainnet, we need to be able to make releases of it. This workflow allows us to build an auctioneer release with a gh action. ## Changes - Add auctioneer release workflow to `.github/workflow/release.yaml`
## Summary Creates v2 execution API to support upcoming v2 changes to Conductor and Geth. ## Background These changes are meant to support the upcoming v2 upgrades to [Conductor](#1928) and [astria-geth](astriaorg/astria-geth#59), which will facilitate the ability to have rollup forks, driven by the need to migrate Forma to Mainnet. ## Changes from `v1` - Removed `GenesisInfo` and associated RPC. - Removed `BatchGetBlocks` RPC and associated types. - Removed `GetCommitmentState` RPC. - Introduced **`ExecutionSession`** and associated RPC `CreateExecutionSession`: - An `ExecutionSession` is the execution client-side's current session, which starts at a specific block number and can end at one as well. - Upon startup and after each restart (if stop numbers are specified), `CreateExecutionSession` should be called, to which the server should respond with the current session, containing an ID for the session, the `CommitmentState`, and `ExecutionSessionParams`. - Added `ExecutionSessionParams`, which contains the necessary configuration for the execution client to run for the entirety of the session, consisting of the following: - `rollup_id` - `rollup_start_block_number`, the first block to be executed against the rollup - `rollup_end_block_number`, the final block to be executed against the rollup before ending the current execution session. - `sequencer_chain_id` - `sequencer_start_block_height`, the sequencer height to map to `rollup_start_block_number`. - `celestia_chain_id` - `celestia_max_search_height_look_ahead` (formerly `celestia_block_variance`) - Added `session_id` to `ExecuteBlockRequest` and `UpdateCommitmentStateRequest`, so that the server can validate the calls are for the correct execution session. - Changed `Block` to `ExecutedBlockMetadata` and made corresponding service changes. - Added `ExecuteBlockResponse` to follow AIP. - Changed `CommitmentState.base_celestia_height` to `lowest_celestia_search_height` - Represented all hashes as Strings so that they are displayed in whichever format the hashes are in, as opposed to Base64. - Separated all top-level proto entities into separate files (per [1-1-1 best practice](https://protobuf.dev/best-practices/1-1-1/)) ## Testing No testing needed. ## Changelogs Protos have no changelog --------- Co-authored-by: Jordan Oroshiba <[email protected]> Co-authored-by: Superfluffy <[email protected]>
## Summary Added missing `BridgeTransfer` fee storage key tests ## Background These tests were a minor oversight in the implementation of `BridgeTransfer`, but an easy fix to get in. As a followup, we should get together some documentation for adding new actions such that there's a quantitative list of items like this which are easy to miss. ## Changes - Added storage key snapshot and fee component prefix test for `BridgeTransfer` fees ## Testing Passing tests ## Changelogs No updates required ## Breaking Changelist - Not breaking, just noting that this added a snapshot ## Related Issues closes #1988
## Summary implement `RecoverClient` action which replaces an expired or otherwise inactive IBC client. this is based off `MsgRecoverClient` implemented in ibc-go v8: https://github.com/cosmos/ibc-go/blob/a71577cc1bf242f8c99360777106b1321503b17f/proto/ibc/core/client/v1/tx.proto#L126 ## Background there is no way to otherwise replace an expired IBC client without creating a new one and creating a governance proposal on the counterparty chain to change the client there, which is a lot more hassle than just being able to replace an expired client on one chain. ## Changes - implement `RecoverClient` action - the implementation is based off the following ibc-go implementation: - https://github.com/cosmos/ibc-go/blob/a71577cc1bf242f8c99360777106b1321503b17f/modules/core/02-client/keeper/client.go#L121 - https://github.com/cosmos/ibc-go/blob/a71577cc1bf242f8c99360777106b1321503b17f/modules/light-clients/07-tendermint/light_client_module.go#L179 - https://github.com/cosmos/ibc-go/blob/a71577cc1bf242f8c99360777106b1321503b17f/modules/light-clients/07-tendermint/proposal_handle.go#L29 - i had to export some types from penumbra (ConsensusStateWriteExt, ClientState) which is why it's on a different commit (commit is based off v0.80.7) ## Testing not yet, will be done on devnet ## Changelogs changelogs updated ## Breaking Changelist - a new action is added, which is a breaking change. ## Related Issues closes #2005
## Summary Refactored bridge checks. ## Background Needed a couple edge case checks and wanted to move withdrawer check to `check_transfer` as a catch-all. ## Changes - Added checks for bridge lock and unlock. - Moved withdrawer check to `check_transfer`. ## Testing Added unit tests for all checks. ## Changelogs No updates required. ## Breaking Changelist - Changed breaking changes test since it violated new checks and regenerated app hash, breaking snapshot.
## Summary Adds a `sequencer_block_hash` to Execution API `Block` and `ExecuteBlock` shapes such that an execution can include it in their block space. This is an addition but is backwards compatible. Old rollups can run the new binary, rollups that don't use the sequencer hash can utilize the old binary. Rollup forks which rely on the sequencer hash must utilize the new binary. ## Background We are upgrading Flame to the `Cancun` upgrade which includes `BeaconRoot` in the block hash. This is a natural time to add the sequencer block, as it is a similar concept. ## Changes - Add new hash field to execution v1 protos and `astria-core` - Added the field to in development execution v2 protos - Update conductor to include the new data in `ExecuteBlock` requests - Added information to the execute API spec. ## Testing CI/CD testing has been updated to run the smoke tests with an updated version of geth that utilizes the sequencer and includes a beacon root contract in genesis. I have done manual testing of the following: - old geth w/ new conductor unchanged - new geth w/ cancun upgrade disabled ## Changelogs Changelogs updated ## Breaking Changelist This is not a breaking change as it is a protobuf addition.
…te-breaking changes (#1985) ## Summary Added snapshot tests for all storage values to ensure that future changes do not break state. ## Background The addition of the `BridgeTransfer` action revealed how inserting a value into the storage `ValueImpl` is a breaking change, since deserialization would then fail. New values, such as `BridgeTransferFees` need to be appended instead of inserted. Adding snapshots for each storage variant's discriminant ensures that there is an extra level of protection against making a state breaking change. ## Changes - Added snapshots for the borsch encoding of every `ValueImpl` variant and every `StoredValue` variant. ## Testing Manually reviewed every discriminant. ## Changelogs No updates required. ## Related Issues closes #1982 --------- Co-authored-by: Jordan Oroshiba <[email protected]>
## Summary Updates when the mempool is rebalanced in order to solve for race condition in which call falls through to state before it has been written, by rebalancing after commit and updates the mempool methods to return the pending account nonce instead of the highest nonce in the pending mempool. ## Background Nonce is defined as the number of transactions which have been executed on the account. The pending nonce should then be the number of transactions executed + the number of transactions sitting in pending. Our API was not doing this correctly. Pending nonce on the mempool was being defined as the transaction with the highest nonce as opposed to what the account nonce will be after all pending transactions. Additionally, our mempool was being rebalanced before state was committed, this can result in a race condition where you request the pending nonce after rebalancing has occured but before committed state has occured resulting in fetching not the pending nonce but the current nonce. ## Changes - Move mempool maintenance to after `commit` from finalized block - Mempool defines pending nonce as pending account nonce instead of highest nonce in queue ## Testing CI/CD tests, which have been updated. ## Changelogs Changelogs updated. ## Related Issues closes #2011
Fraser999
requested review from
a team,
joroshiba,
SuperFluffy and
noot
as code owners
github-actions
bot
added
documentation
Fraser999
force-pushed
the
fraser/merge-main
branch
from
8731d40 to
1a56673
Compare
## Summary Fixes for two new `cargo audit` warnings. ## Background We get two warnings when running `cargo audit`, both for [RUSTSEC-2025-0009](https://rustsec.org/advisories/RUSTSEC-2025-0009). One is for `[email protected]` and the other `[email protected]`. <details><summary>cargo audit output</summary><p> ``` Crate: ring Version: 0.16.20 Title: Some AES functions may panic when overflow checking is enabled. Date: 2025-03-06 ID: RUSTSEC-2025-0009 URL: https://rustsec.org/advisories/RUSTSEC-2025-0009 Solution: Upgrade to >=0.17.12 Dependency tree: ring 0.16.20 └── jsonwebtoken 8.3.0 └── ethers-providers 2.0.14 ├── ethers-middleware 2.0.14 │ └── ethers 2.0.14 │ ├── astria-test-utils 0.1.0 │ │ └── astria-composer 1.0.0 │ ├── astria-composer 1.0.0 │ ├── astria-cli 0.5.1 │ ├── astria-bridge-withdrawer 1.0.1 │ └── astria-bridge-contracts 0.1.0 │ ├── astria-cli 0.5.1 │ └── astria-bridge-withdrawer 1.0.1 ├── ethers-contract 2.0.14 │ ├── ethers-middleware 2.0.14 │ └── ethers 2.0.14 └── ethers 2.0.14 Crate: ring Version: 0.17.11 Title: Some AES functions may panic when overflow checking is enabled. Date: 2025-03-06 ID: RUSTSEC-2025-0009 URL: https://rustsec.org/advisories/RUSTSEC-2025-0009 Solution: Upgrade to >=0.17.12 Dependency tree: ring 0.17.11 ├── sct 0.7.1 │ └── rustls 0.21.12 │ ├── tungstenite 0.20.1 │ │ ├── tokio-tungstenite 0.20.1 │ │ │ └── ethers-providers 2.0.14 │ │ │ ├── ethers-middleware 2.0.14 │ │ │ │ └── ethers 2.0.14 │ │ │ │ ├── astria-test-utils 0.1.0 │ │ │ │ │ └── astria-composer 1.0.0 │ │ │ │ ├── astria-composer 1.0.0 │ │ │ │ ├── astria-cli 0.5.1 │ │ │ │ ├── astria-bridge-withdrawer 1.0.1 │ │ │ │ └── astria-bridge-contracts 0.1.0 │ │ │ │ ├── astria-cli 0.5.1 │ │ │ │ └── astria-bridge-withdrawer 1.0.1 │ │ │ ├── ethers-contract 2.0.14 │ │ │ │ ├── ethers-middleware 2.0.14 │ │ │ │ └── ethers 2.0.14 │ │ │ └── ethers 2.0.14 │ │ └── async-tungstenite 0.23.0 │ │ └── tendermint-rpc 0.34.1 │ │ ├── astria-sequencer-relayer 1.0.0 │ │ ├── astria-sequencer-client 0.1.0 │ │ │ ├── astria-sequencer-relayer 1.0.0 │ │ │ ├── astria-conductor 1.0.0 │ │ │ ├── astria-composer 1.0.0 │ │ │ ├── astria-cli 0.5.1 │ │ │ ├── astria-bridge-withdrawer 1.0.1 │ │ │ └── astria-auctioneer 0.0.1 │ │ ├── astria-conductor 1.0.0 │ │ ├── astria-composer 1.0.0 │ │ └── astria-bridge-withdrawer 1.0.1 │ ├── tonic 0.10.2 │ │ ├── tonic-health 0.10.2 │ │ │ └── astria-composer 1.0.0 │ │ ├── penumbra-tower-trace 0.80.10 │ │ │ └── astria-sequencer 1.0.0 │ │ ├── penumbra-sct 0.80.10 │ │ │ └── penumbra-ibc 0.80.10 │ │ │ ├── astria-sequencer-utils 0.1.0 │ │ │ ├── astria-sequencer 1.0.0 │ │ │ └── astria-core 0.1.0 │ │ │ ├── astria-sequencer-utils 0.1.0 │ │ │ ├── astria-sequencer-relayer 1.0.0 │ │ │ ├── astria-sequencer-client 0.1.0 │ │ │ ├── astria-sequencer 1.0.0 │ │ │ ├── astria-core 0.1.0 │ │ │ ├── astria-conductor 1.0.0 │ │ │ ├── astria-composer 1.0.0 │ │ │ ├── astria-cli 0.5.1 │ │ │ ├── astria-bridge-withdrawer 1.0.1 │ │ │ ├── astria-bridge-contracts 0.1.0 │ │ │ └── astria-auctioneer 0.0.1 │ │ ├── penumbra-proto 0.80.10 │ │ │ ├── penumbra-txhash 0.80.10 │ │ │ │ └── penumbra-ibc 0.80.10 │ │ │ ├── penumbra-tct 0.80.10 │ │ │ │ ├── penumbra-txhash 0.80.10 │ │ │ │ ├── penumbra-sct 0.80.10 │ │ │ │ └── penumbra-keys 0.80.10 │ │ │ │ └── penumbra-sct 0.80.10 │ │ │ ├── penumbra-sct 0.80.10 │ │ │ ├── penumbra-num 0.80.10 │ │ │ │ ├── penumbra-ibc 0.80.10 │ │ │ │ └── penumbra-asset 0.80.10 │ │ │ │ ├── penumbra-keys 0.80.10 │ │ │ │ └── penumbra-ibc 0.80.10 │ │ │ ├── penumbra-keys 0.80.10 │ │ │ ├── penumbra-ibc 0.80.10 │ │ │ ├── penumbra-asset 0.80.10 │ │ │ ├── astria-sequencer 1.0.0 │ │ │ └── astria-core 0.1.0 │ │ ├── penumbra-ibc 0.80.10 │ │ ├── ibc-proto 0.41.0 │ │ │ ├── penumbra-proto 0.80.10 │ │ │ ├── penumbra-ibc 0.80.10 │ │ │ ├── ibc-types-lightclients-tendermint 0.12.1 │ │ │ │ └── ibc-types 0.12.1 │ │ │ │ ├── penumbra-proto 0.80.10 │ │ │ │ ├── penumbra-ibc 0.80.10 │ │ │ │ ├── cnidarium 0.80.10 │ │ │ │ │ ├── penumbra-sct 0.80.10 │ │ │ │ │ ├── penumbra-proto 0.80.10 │ │ │ │ │ ├── penumbra-ibc 0.80.10 │ │ │ │ │ ├── cnidarium-component 0.80.10 │ │ │ │ │ │ └── penumbra-sct 0.80.10 │ │ │ │ │ └── astria-sequencer 1.0.0 │ │ │ │ ├── astria-sequencer 1.0.0 │ │ │ │ ├── astria-core 0.1.0 │ │ │ │ ├── astria-cli 0.5.1 │ │ │ │ ├── astria-bridge-withdrawer 1.0.1 │ │ │ │ └── astria-bridge-contracts 0.1.0 │ │ │ ├── ibc-types-core-connection 0.12.1 │ │ │ │ ├── ibc-types-path 0.12.1 │ │ │ │ │ └── ibc-types 0.12.1 │ │ │ │ ├── ibc-types-lightclients-tendermint 0.12.1 │ │ │ │ ├── ibc-types-core-channel 0.12.1 │ │ │ │ │ ├── ibc-types-path 0.12.1 │ │ │ │ │ └── ibc-types 0.12.1 │ │ │ │ └── ibc-types 0.12.1 │ │ │ ├── ibc-types-core-commitment 0.12.1 │ │ │ │ ├── ibc-types-lightclients-tendermint 0.12.1 │ │ │ │ ├── ibc-types-core-connection 0.12.1 │ │ │ │ ├── ibc-types-core-channel 0.12.1 │ │ │ │ └── ibc-types 0.12.1 │ │ │ ├── ibc-types-core-client 0.12.1 │ │ │ │ ├── ibc-types-path 0.12.1 │ │ │ │ ├── ibc-types-lightclients-tendermint 0.12.1 │ │ │ │ ├── ibc-types-core-connection 0.12.1 │ │ │ │ ├── ibc-types-core-channel 0.12.1 │ │ │ │ └── ibc-types 0.12.1 │ │ │ ├── ibc-types-core-channel 0.12.1 │ │ │ └── astria-sequencer 1.0.0 │ │ ├── astria-sequencer-relayer 1.0.0 │ │ ├── astria-sequencer 1.0.0 │ │ ├── astria-grpc-mock-test 0.1.0 │ │ ├── astria-grpc-mock 0.1.0 │ │ │ ├── astria-sequencer-relayer 1.0.0 │ │ │ ├── astria-grpc-mock-test 0.1.0 │ │ │ ├── astria-conductor 1.0.0 │ │ │ ├── astria-composer 1.0.0 │ │ │ └── astria-bridge-withdrawer 1.0.1 │ │ ├── astria-core 0.1.0 │ │ ├── astria-conductor 1.0.0 │ │ ├── astria-composer 1.0.0 │ │ ├── astria-bridge-withdrawer 1.0.1 │ │ └── astria-auctioneer 0.0.1 │ ├── tokio-rustls 0.24.1 │ │ ├── tonic 0.10.2 │ │ ├── reqwest 0.11.27 │ │ │ ├── tendermint-rpc 0.34.1 │ │ │ ├── ethers-providers 2.0.14 │ │ │ ├── ethers-middleware 2.0.14 │ │ │ ├── astria-composer 1.0.0 │ │ │ └── astria-bridge-withdrawer 1.0.1 │ │ ├── jsonrpsee-client-transport 0.20.4 │ │ │ └── jsonrpsee-ws-client 0.20.4 │ │ │ └── jsonrpsee 0.20.4 │ │ │ ├── celestia-rpc 0.1.1 │ │ │ │ └── astria-conductor 1.0.0 │ │ │ ├── astria-test-utils 0.1.0 │ │ │ └── astria-conductor 1.0.0 │ │ ├── hyper-rustls 0.24.2 │ │ │ ├── reqwest 0.11.27 │ │ │ └── jsonrpsee-http-client 0.20.4 │ │ │ └── jsonrpsee 0.20.4 │ │ └── async-tungstenite 0.23.0 │ ├── reqwest 0.11.27 │ └── hyper-rustls 0.24.2 ├── rustls-webpki 0.101.7 │ └── rustls 0.21.12 └── rustls 0.21.12 error: 2 vulnerabilities found! ``` </p></details> One of these vulnerabilities can be resolved simply by running `cargo update [email protected]`. However, to resolve the one caused by `[email protected]`, we need to change our own usage of `ethers` to `alloy` throughout. For now, this is worked around by adding an entry to the ignore list. The outstanding work is being tracked at #2020. ## Changes - Ran `cargo update [email protected]` - Ignore RustSec warning in `.cargo/audit.toml`. ## Testing Ran `cargo audit` locally. ## Changelogs No updates required - nothing really fixed or updated. ## Related Issues Closes #2018. Closes #2019.
noot
approved these changes
Mar 10, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This is a simple merge of
main.Background
We want to keep the feature branch as in sync with
mainas possible.Changes
main. Conflicts in the following files, but all relatively trivial. Mostly related to adding new actions in both branches:Testing
No new tests added.
Changelogs
No updates required.