diff --git a/crates/pallet-domains/src/lib.rs b/crates/pallet-domains/src/lib.rs index 80b2373522..ae43b8a0f7 100644 --- a/crates/pallet-domains/src/lib.rs +++ b/crates/pallet-domains/src/lib.rs @@ -201,6 +201,7 @@ mod pallet { #[cfg(not(feature = "runtime-benchmarks"))] use crate::staking_epoch::do_slash_operator; use crate::staking_epoch::{do_finalize_domain_current_epoch, Error as StakingEpochError}; + use crate::storage_proof::InvalidInherentExtrinsicData; use crate::weights::WeightInfo; #[cfg(not(feature = "runtime-benchmarks"))] use crate::DomainHashingFor; @@ -246,7 +247,7 @@ mod pallet { use sp_std::collections::btree_set::BTreeSet; use sp_std::fmt::Debug; use sp_subspace_mmr::MmrProofVerifier; - use subspace_core_primitives::U256; + use subspace_core_primitives::{Randomness, U256}; use subspace_runtime_primitives::StorageFee; #[pallet::config] @@ -1850,6 +1851,10 @@ mod pallet { } } + /// Combined fraud proof data for the InvalidInherentExtrinsic fraud proof + #[pallet::storage] + pub type BlockInvalidInherentExtrinsicData = StorageValue<_, InvalidInherentExtrinsicData>; + #[pallet::hooks] // TODO: proper benchmark impl Hooks> for Pallet { @@ -1894,10 +1899,27 @@ mod pallet { } } + BlockInvalidInherentExtrinsicData::::kill(); + Weight::zero() } fn on_finalize(_: BlockNumberFor) { + // If this consensus block will derive any domain block, gather the necessary storage for potential fraud proof usage + if SuccessfulBundles::::iter_keys().count() > 0 + || DomainRuntimeUpgrades::::exists() + { + let extrinsics_shuffling_seed = Randomness::from( + Into::::into(Self::extrinsics_shuffling_seed()).to_fixed_bytes(), + ); + + let invalid_inherent_extrinsic_data = InvalidInherentExtrinsicData { + extrinsics_shuffling_seed, + }; + + BlockInvalidInherentExtrinsicData::::set(Some(invalid_inherent_extrinsic_data)); + } + let _ = LastEpochStakingDistribution::::clear(u32::MAX, None); let _ = NewAddedHeadReceipt::::clear(u32::MAX, None); } @@ -2717,8 +2739,8 @@ impl Pallet { } pub fn extrinsics_shuffling_seed() -> T::Hash { - let seed = DOMAIN_EXTRINSICS_SHUFFLING_SEED_SUBJECT; - let (randomness, _) = T::Randomness::random(seed); + let subject = DOMAIN_EXTRINSICS_SHUFFLING_SEED_SUBJECT; + let (randomness, _) = T::Randomness::random(subject); randomness } @@ -2889,9 +2911,9 @@ impl Pallet { parent_receipt.consensus_block_number }; - let is_domain_runtime_updraded = current_runtime_obj.updated_at >= at; + let is_domain_runtime_upgraded = current_runtime_obj.updated_at >= at; - let mut runtime_obj = match (is_domain_runtime_updraded, maybe_domain_runtime_code_at) { + let mut runtime_obj = match (is_domain_runtime_upgraded, maybe_domain_runtime_code_at) { // The domain runtime is upgraded since `at`, the domain runtime code in `at` is not available // so `domain_runtime_code_proof` must be provided (true, None) => return Err(FraudProofError::DomainRuntimeCodeProofNotFound), diff --git a/crates/sp-domains-fraud-proof/src/fraud_proof.rs b/crates/sp-domains-fraud-proof/src/fraud_proof.rs index 157b4c3280..149a960d6b 100644 --- a/crates/sp-domains-fraud-proof/src/fraud_proof.rs +++ b/crates/sp-domains-fraud-proof/src/fraud_proof.rs @@ -494,7 +494,11 @@ pub struct InvalidExtrinsicsRootProof { /// Valid Bundle digests pub valid_bundle_digests: Vec, - /// The storage proof used during verification + /// The combined storage proofs used during verification + pub invalid_inherent_extrinsic_proofs: InvalidInherentExtrinsicDataProof, + + /// The individual storage proofs used during verification + // TODO: combine these proofs into `InvalidInherentExtrinsicDataProof` pub invalid_inherent_extrinsic_proof: InvalidInherentExtrinsicProof, /// Optional sudo extrinsic call storage proof diff --git a/crates/sp-domains-fraud-proof/src/host_functions.rs b/crates/sp-domains-fraud-proof/src/host_functions.rs index 21add775b0..eede593383 100644 --- a/crates/sp-domains-fraud-proof/src/host_functions.rs +++ b/crates/sp-domains-fraud-proof/src/host_functions.rs @@ -262,8 +262,6 @@ where domain_inherent_extrinsic_data: DomainInherentExtrinsicData, ) -> Option { let DomainInherentExtrinsicData { - // Used by caller - block_randomness: _, timestamp, maybe_domain_runtime_upgrade, consensus_transaction_byte_fee, diff --git a/crates/sp-domains-fraud-proof/src/lib.rs b/crates/sp-domains-fraud-proof/src/lib.rs index 24f30cfa7c..f061c28796 100644 --- a/crates/sp-domains-fraud-proof/src/lib.rs +++ b/crates/sp-domains-fraud-proof/src/lib.rs @@ -54,7 +54,7 @@ use sp_runtime::transaction_validity::{InvalidTransaction, TransactionValidity}; use sp_runtime::OpaqueExtrinsic; use sp_runtime_interface::pass_by; use sp_runtime_interface::pass_by::PassBy; -use subspace_core_primitives::{Randomness, U256}; +use subspace_core_primitives::U256; use subspace_runtime_primitives::{Balance, Moment}; /// Custom invalid validity code for the extrinsics in pallet-domains. @@ -108,7 +108,6 @@ pub enum DomainChainAllowlistUpdateExtrinsic { #[derive(Debug, Decode, Encode, TypeInfo, PartialEq, Eq, Clone)] pub struct DomainInherentExtrinsicData { - pub block_randomness: Randomness, pub timestamp: Moment, pub maybe_domain_runtime_upgrade: Option>, pub consensus_transaction_byte_fee: Balance, diff --git a/crates/sp-domains-fraud-proof/src/storage_proof.rs b/crates/sp-domains-fraud-proof/src/storage_proof.rs index e0c15e3db7..9aaaf29180 100644 --- a/crates/sp-domains-fraud-proof/src/storage_proof.rs +++ b/crates/sp-domains-fraud-proof/src/storage_proof.rs @@ -1,4 +1,3 @@ -use crate::DomainInherentExtrinsicData; use codec::{Decode, Encode}; use frame_support::PalletError; use scale_info::TypeInfo; @@ -13,6 +12,8 @@ use sp_domains::{ }; use sp_runtime::generic::Digest; use sp_runtime::traits::{Block as BlockT, HashingFor, Header as HeaderT, NumberFor}; +use sp_runtime_interface::pass_by; +use sp_runtime_interface::pass_by::PassBy; use sp_std::marker::PhantomData; use sp_std::vec::Vec; use sp_trie::StorageProof; @@ -36,7 +37,7 @@ pub enum VerificationError { InvalidBundleStorageProof, RuntimeCodeNotFound, UnexpectedDomainRuntimeUpgrade, - BlockRandomnessStorageProof(StorageProofVerificationError), + InvalidInherentExtrinsicStorageProof(StorageProofVerificationError), TimestampStorageProof(StorageProofVerificationError), SuccessfulBundlesStorageProof(StorageProofVerificationError), TransactionByteFeeStorageProof(StorageProofVerificationError), @@ -54,7 +55,7 @@ pub enum VerificationError { #[derive(Clone, Debug, Decode, Encode, Eq, PartialEq, TypeInfo)] pub enum FraudProofStorageKeyRequest { - BlockRandomness, + InvalidInherentExtrinsicData, Timestamp, SuccessfulBundles(DomainId), TransactionByteFee, @@ -69,7 +70,9 @@ pub enum FraudProofStorageKeyRequest { impl FraudProofStorageKeyRequest { fn into_error(self, err: StorageProofVerificationError) -> VerificationError { match self { - Self::BlockRandomness => VerificationError::BlockRandomnessStorageProof(err), + Self::InvalidInherentExtrinsicData => { + VerificationError::InvalidInherentExtrinsicStorageProof(err) + } Self::Timestamp => VerificationError::TimestampStorageProof(err), Self::SuccessfulBundles(_) => VerificationError::SuccessfulBundlesStorageProof(err), Self::TransactionByteFee => VerificationError::TransactionByteFeeStorageProof(err), @@ -173,17 +176,6 @@ impl BasicStorageProof for SuccessfulBundlesProof { } } -#[derive(Clone, Debug, Decode, Encode, Eq, PartialEq, TypeInfo)] -pub struct BlockRandomnessProof(StorageProof); - -impl_storage_proof!(BlockRandomnessProof); -impl BasicStorageProof for BlockRandomnessProof { - type StorageValue = Randomness; - fn storage_key_request(_key: Self::Key) -> FraudProofStorageKeyRequest> { - FraudProofStorageKeyRequest::BlockRandomness - } -} - #[derive(Clone, Debug, Decode, Encode, Eq, PartialEq, TypeInfo)] pub struct DomainChainsAllowlistUpdateStorageProof(StorageProof); @@ -414,10 +406,28 @@ impl MaybeDomainRuntimeUpgradedProof { } #[derive(Clone, Debug, Decode, Encode, Eq, PartialEq, TypeInfo)] -pub struct InvalidInherentExtrinsicProof { - /// Block randomness storage proof - pub block_randomness_proof: BlockRandomnessProof, +pub struct InvalidInherentExtrinsicData { + /// Extrinsics shuffling seed, derived from block randomness + pub extrinsics_shuffling_seed: Randomness, +} + +impl PassBy for InvalidInherentExtrinsicData { + type PassBy = pass_by::Codec; +} + +#[derive(Clone, Debug, Decode, Encode, Eq, PartialEq, TypeInfo)] +pub struct InvalidInherentExtrinsicDataProof(StorageProof); +impl_storage_proof!(InvalidInherentExtrinsicDataProof); +impl BasicStorageProof for InvalidInherentExtrinsicDataProof { + type StorageValue = InvalidInherentExtrinsicData; + fn storage_key_request(_key: Self::Key) -> FraudProofStorageKeyRequest> { + FraudProofStorageKeyRequest::InvalidInherentExtrinsicData + } +} + +#[derive(Clone, Debug, Decode, Encode, Eq, PartialEq, TypeInfo)] +pub struct InvalidInherentExtrinsicProof { /// Block timestamp storage proof pub timestamp_proof: TimestampStorageProof, @@ -434,6 +444,15 @@ pub struct InvalidInherentExtrinsicProof { pub domain_chain_allowlist_proof: DomainChainsAllowlistUpdateStorageProof, } +/// The verified data from an `InvalidInherentExtrinsicProof` +#[derive(Clone, Debug, Decode, Encode, Eq, PartialEq, TypeInfo)] +pub struct InvalidInherentExtrinsicVerified { + pub timestamp: Moment, + pub maybe_domain_runtime_upgrade: Option>, + pub consensus_transaction_byte_fee: Balance, + pub domain_chain_allowlist: DomainAllowlistUpdates, +} + impl InvalidInherentExtrinsicProof { #[cfg(feature = "std")] #[allow(clippy::let_and_return)] @@ -448,8 +467,6 @@ impl InvalidInherentExtrinsicProof { block_hash: Block::Hash, maybe_runtime_id: Option, ) -> Result { - let block_randomness_proof = - BlockRandomnessProof::generate(proof_provider, block_hash, (), storage_key_provider)?; let timestamp_proof = TimestampStorageProof::generate(proof_provider, block_hash, (), storage_key_provider)?; let maybe_domain_runtime_upgrade_proof = MaybeDomainRuntimeUpgradedProof::generate( @@ -478,7 +495,6 @@ impl InvalidInherentExtrinsicProof { )?; Ok(Self { - block_randomness_proof, timestamp_proof, maybe_domain_runtime_upgrade_proof, dynamic_cost_of_storage_proof, @@ -492,13 +508,7 @@ impl InvalidInherentExtrinsicProof { domain_id: DomainId, runtime_id: RuntimeId, state_root: &Block::Hash, - ) -> Result { - let block_randomness = >::verify::( - self.block_randomness_proof.clone(), - (), - state_root, - )?; - + ) -> Result { let timestamp = >::verify::( self.timestamp_proof.clone(), (), @@ -535,14 +545,11 @@ impl InvalidInherentExtrinsicProof { state_root, )?; - Ok(DomainInherentExtrinsicData { - block_randomness, + Ok(InvalidInherentExtrinsicVerified { timestamp, maybe_domain_runtime_upgrade, consensus_transaction_byte_fee, domain_chain_allowlist, - // Populated by caller - maybe_sudo_runtime_call: None, }) } } diff --git a/crates/sp-domains-fraud-proof/src/verification.rs b/crates/sp-domains-fraud-proof/src/verification.rs index af8715cadb..51535ed70c 100644 --- a/crates/sp-domains-fraud-proof/src/verification.rs +++ b/crates/sp-domains-fraud-proof/src/verification.rs @@ -7,8 +7,8 @@ use crate::fraud_proof::{ }; use crate::storage_proof::{self, *}; use crate::{ - fraud_proof_runtime_interface, DomainInherentExtrinsic, DomainStorageKeyRequest, - StatelessDomainRuntimeCall, + fraud_proof_runtime_interface, DomainInherentExtrinsic, DomainInherentExtrinsicData, + DomainStorageKeyRequest, StatelessDomainRuntimeCall, }; #[cfg(not(feature = "std"))] use alloc::vec::Vec; @@ -17,7 +17,7 @@ use domain_runtime_primitives::BlockNumber; use hash_db::Hasher; use sp_core::storage::StorageKey; use sp_core::H256; -use sp_domains::extrinsics::{deduplicate_and_shuffle_extrinsics, extrinsics_shuffling_seed}; +use sp_domains::extrinsics::deduplicate_and_shuffle_extrinsics; use sp_domains::proof_provider_and_verifier::StorageProofVerifier; use sp_domains::valued_trie::valued_ordered_trie_root; use sp_domains::{ @@ -32,7 +32,7 @@ use sp_runtime::traits::{ use sp_runtime::{OpaqueExtrinsic, SaturatedConversion}; use sp_subspace_mmr::{ConsensusChainMmrLeafProof, MmrProofVerifier}; use sp_trie::{LayoutV1, StorageProof}; -use subspace_core_primitives::{Randomness, U256}; +use subspace_core_primitives::U256; use trie_db::node::Value; /// Verifies invalid domain extrinsic root fraud proof. @@ -65,24 +65,39 @@ where { let InvalidExtrinsicsRootProof { valid_bundle_digests, + invalid_inherent_extrinsic_proofs, invalid_inherent_extrinsic_proof, domain_sudo_call_proof, } = fraud_proof; - let mut domain_inherent_extrinsic_data = invalid_inherent_extrinsic_proof - .verify::(domain_id, runtime_id, &state_root)?; + let invalid_inherent_extrinsic_data = + >::verify::( + invalid_inherent_extrinsic_proofs.clone(), + (), + &state_root, + )?; + + let inherent_extrinsic_verified = invalid_inherent_extrinsic_proof.verify::( + domain_id, + runtime_id, + &state_root, + )?; let domain_sudo_call = >::verify::( domain_sudo_call_proof.clone(), domain_id, &state_root, )?; - domain_inherent_extrinsic_data.maybe_sudo_runtime_call = domain_sudo_call.maybe_call; - let shuffling_seed = H256::from_slice( - extrinsics_shuffling_seed::(domain_inherent_extrinsic_data.block_randomness) - .as_ref(), - ); + let shuffling_seed = invalid_inherent_extrinsic_data.extrinsics_shuffling_seed; + + let domain_inherent_extrinsic_data = DomainInherentExtrinsicData { + timestamp: inherent_extrinsic_verified.timestamp, + maybe_domain_runtime_upgrade: inherent_extrinsic_verified.maybe_domain_runtime_upgrade, + consensus_transaction_byte_fee: inherent_extrinsic_verified.consensus_transaction_byte_fee, + domain_chain_allowlist: inherent_extrinsic_verified.domain_chain_allowlist, + maybe_sudo_runtime_call: domain_sudo_call.maybe_call, + }; let DomainInherentExtrinsic { domain_timestamp_extrinsic, @@ -115,10 +130,8 @@ where bundle_extrinsics_digests.extend(bundle_digest.bundle_digest.clone()); } - let mut ordered_extrinsics = deduplicate_and_shuffle_extrinsics( - bundle_extrinsics_digests, - Randomness::from(shuffling_seed.to_fixed_bytes()), - ); + let mut ordered_extrinsics = + deduplicate_and_shuffle_extrinsics(bundle_extrinsics_digests, shuffling_seed); // NOTE: the order of the inherent extrinsic MUST aligned with the // pallets order defined in `construct_runtime` macro for domains. diff --git a/crates/subspace-runtime/src/lib.rs b/crates/subspace-runtime/src/lib.rs index 76382a21ab..2ee201c0a1 100644 --- a/crates/subspace-runtime/src/lib.rs +++ b/crates/subspace-runtime/src/lib.rs @@ -1038,8 +1038,8 @@ pub struct StorageKeyProvider; impl FraudProofStorageKeyProvider> for StorageKeyProvider { fn storage_key(req: FraudProofStorageKeyRequest>) -> Vec { match req { - FraudProofStorageKeyRequest::BlockRandomness => { - pallet_subspace::BlockRandomness::::hashed_key().to_vec() + FraudProofStorageKeyRequest::InvalidInherentExtrinsicData => { + pallet_domains::BlockInvalidInherentExtrinsicData::::hashed_key().to_vec() } FraudProofStorageKeyRequest::Timestamp => { pallet_timestamp::Now::::hashed_key().to_vec() diff --git a/domains/client/domain-operator/src/fraud_proof.rs b/domains/client/domain-operator/src/fraud_proof.rs index 7236273d35..3f82ba8eb7 100644 --- a/domains/client/domain-operator/src/fraud_proof.rs +++ b/domains/client/domain-operator/src/fraud_proof.rs @@ -382,6 +382,13 @@ where let maybe_runtime_id = self.is_domain_runtime_upgraded_at(domain_id, consensus_block_hash)?; + let invalid_inherent_extrinsic_proofs = InvalidInherentExtrinsicDataProof::generate( + self.consensus_client.as_ref(), + consensus_block_hash, + (), + &self.storage_key_provider, + )?; + let invalid_inherent_extrinsic_proof = InvalidInherentExtrinsicProof::generate( &self.storage_key_provider, self.consensus_client.as_ref(), @@ -404,6 +411,7 @@ where maybe_domain_runtime_code_proof, proof: FraudProofVariant::InvalidExtrinsicsRoot(InvalidExtrinsicsRootProof { valid_bundle_digests, + invalid_inherent_extrinsic_proofs, invalid_inherent_extrinsic_proof, domain_sudo_call_proof, }), diff --git a/test/subspace-test-runtime/src/lib.rs b/test/subspace-test-runtime/src/lib.rs index b1bf2008d3..ee36d26082 100644 --- a/test/subspace-test-runtime/src/lib.rs +++ b/test/subspace-test-runtime/src/lib.rs @@ -1115,8 +1115,8 @@ pub struct StorageKeyProvider; impl FraudProofStorageKeyProvider> for StorageKeyProvider { fn storage_key(req: FraudProofStorageKeyRequest>) -> Vec { match req { - FraudProofStorageKeyRequest::BlockRandomness => { - pallet_subspace::BlockRandomness::::hashed_key().to_vec() + FraudProofStorageKeyRequest::InvalidInherentExtrinsicData => { + pallet_domains::BlockInvalidInherentExtrinsicData::::hashed_key().to_vec() } FraudProofStorageKeyRequest::Timestamp => { pallet_timestamp::Now::::hashed_key().to_vec()