Merge branch 'develop' into deneb-web3signer

.buildkite-bazelrc

@@ -12,7 +12,8 @@
 #build:remote-cache --disk_cache=
 build:remote-cache --remote_download_toplevel
 build:remote-cache --remote_cache=grpc://bazel-remote-cache:9092
-build:remote-cache --experimental_remote_downloader=grpc://bazel-remote-cache:9092
+# Does not work with rules_oci. See https://github.com/bazel-contrib/rules_oci/issues/292
+#build:remote-cache --experimental_remote_downloader=grpc://bazel-remote-cache:9092
 build:remote-cache --remote_local_fallback
 build:remote-cache --experimental_remote_cache_async
 build:remote-cache --experimental_remote_merkle_tree_cache

WORKSPACE

@@ -50,8 +50,6 @@ load("@prysm//tools/cross-toolchain:prysm_toolchains.bzl", "configure_prysm_tool
 
 configure_prysm_toolchains()
 
-load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
-
 http_archive(
     name = "bazel_skylib",
     sha256 = "1c531376ac7e5a180e0237938a2536de0c54d93f5c278634818e0efc952dd56c",
@@ -87,6 +85,24 @@ http_archive(
     urls = ["https://github.com/bazelbuild/rules_docker/releases/download/v0.25.0/rules_docker-v0.25.0.tar.gz"],
 )
 
+http_archive(
+    name = "rules_oci",
+    sha256 = "c71c25ed333a4909d2dd77e0b16c39e9912525a98c7fa85144282be8d04ef54c",
+    strip_prefix = "rules_oci-1.3.4",
+    url = "https://github.com/bazel-contrib/rules_oci/releases/download/v1.3.4/rules_oci-v1.3.4.tar.gz",
+)
+
+load("@rules_oci//oci:dependencies.bzl", "rules_oci_dependencies")
+
+rules_oci_dependencies()
+
+load("@rules_oci//oci:repositories.bzl", "LATEST_CRANE_VERSION", "oci_register_toolchains")
+
+oci_register_toolchains(
+    name = "oci",
+    crane_version = LATEST_CRANE_VERSION,
+)
+
 http_archive(
     name = "io_bazel_rules_go",
     patch_args = ["-p1"],
@@ -167,6 +183,24 @@ container_pull(
     repository = "pinglamb/alpine-glibc",
 )
 
+load("@rules_oci//oci:pull.bzl", "oci_pull")
+
+# A multi-arch base image
+oci_pull(
+    name = "linux_debian11_multiarch_base",  # Debian bullseye
+    digest = "sha256:9b8e0854865dcaf49470b4ec305df45957020fbcf17b71eeb50ffd3bc5bf885d",  # 2023-05-17
+    image = "gcr.io/distroless/cc-debian11",
+    platforms = [
+        "linux/amd64",
+        "linux/arm64",
+    ],
+    reproducible = True,
+)
+
+load("@prysm//tools:image_deps.bzl", "prysm_image_deps")
+
+prysm_image_deps()
+
 load("@io_bazel_rules_go//go:deps.bzl", "go_register_toolchains", "go_rules_dependencies")
 
 go_rules_dependencies()
@@ -213,7 +247,9 @@ filegroup(
     url = "https://github.com/ethereum/EIPs/archive/5480440fe51742ed23342b68cf106cefd427e39d.tar.gz",
 )
 
-consensus_spec_version = "v1.4.0-beta.1"
+consensus_spec_test_version = "v1.4.0-beta.2-hotfix"
+
+consensus_spec_version = "v1.4.0-beta.2"
 
 bls_test_version = "v0.1.1"
 
@@ -229,8 +265,8 @@ filegroup(
     visibility = ["//visibility:public"],
 )
     """,
-    sha256 = "24399b60ce3fbeb2311952d213dc3731b6dcb0f8881b016c283de5b518d2bbba",
-    url = "https://github.com/ethereum/consensus-spec-tests/releases/download/%s/general.tar.gz" % consensus_spec_version,
+    sha256 = "99770a001189f66204a4ef79161c8002bcbbcbd8236f1c6479bd5b83a3c68d42",
+    url = "https://github.com/ethereum/consensus-spec-tests/releases/download/%s/general.tar.gz" % consensus_spec_test_version,
 )
 
 http_archive(
@@ -245,8 +281,8 @@ filegroup(
     visibility = ["//visibility:public"],
 )
     """,
-    sha256 = "8e656ee48d2e2ebc9cf9baedb81f27925bc625b3e3fbb2883444a08758a5884a",
-    url = "https://github.com/ethereum/consensus-spec-tests/releases/download/%s/minimal.tar.gz" % consensus_spec_version,
+    sha256 = "56763f6492ee137108271007d62feef60d8e3f1698e53dee4bc4b07e55f7326b",
+    url = "https://github.com/ethereum/consensus-spec-tests/releases/download/%s/minimal.tar.gz" % consensus_spec_test_version,
 )
 
 http_archive(
@@ -261,8 +297,8 @@ filegroup(
     visibility = ["//visibility:public"],
 )
     """,
-    sha256 = "8bd137da6cc57a25383bfac5bc37e31265098145278bd8002b88e24c8b4718b9",
-    url = "https://github.com/ethereum/consensus-spec-tests/releases/download/%s/mainnet.tar.gz" % consensus_spec_version,
+    sha256 = "bc1cac1a991cdc7426efea14385dcf215df85ed3f0572b824ad6a1d7ca0c89ad",
+    url = "https://github.com/ethereum/consensus-spec-tests/releases/download/%s/mainnet.tar.gz" % consensus_spec_test_version,
 )
 
 http_archive(
@@ -276,7 +312,7 @@ filegroup(
     visibility = ["//visibility:public"],
 )
     """,
-    sha256 = "2bc1edb6e4a4f86c00317c04618a90b0ca29ee1eba833d0a64dd67fdd83fdbe3",
+    sha256 = "c5898001aaab2a5bb38a39ff9d17a52f1f9befcc26e63752cbf556040f0c884e",
     strip_prefix = "consensus-specs-" + consensus_spec_version[1:],
     url = "https://github.com/ethereum/consensus-specs/archive/refs/tags/%s.tar.gz" % consensus_spec_version,
 )
@@ -337,9 +373,6 @@ http_archive(
     ],
 )
 
-# Group the sources of the library so that CMake rule have access to it
-all_content = """filegroup(name = "all", srcs = glob(["**"]), visibility = ["//visibility:public"])"""
-
 # External dependencies
 load("//:deps.bzl", "prysm_deps")
 

beacon-chain/blockchain/receive_blob.go

@@ -1,7 +1,23 @@
 package blockchain
 
+import (
+	"context"
+
+	ethpb "github.com/prysmaticlabs/prysm/v4/proto/prysm/v1alpha1"
+)
+
 // SendNewBlobEvent sends a message to the BlobNotifier channel that the blob
 // for the blocroot `root` is ready in the database
-func (s *Service) SendNewBlobEvent(root [32]byte, index uint64) {
+func (s *Service) sendNewBlobEvent(root [32]byte, index uint64) {
 	s.blobNotifiers.forRoot(root) <- index
 }
+
+// ReceiveBlob saves the blob to database and sends the new event
+func (s *Service) ReceiveBlob(ctx context.Context, b *ethpb.BlobSidecar) error {
+	if err := s.cfg.BeaconDB.SaveBlobSidecar(ctx, []*ethpb.BlobSidecar{b}); err != nil {
+		return err
+	}
+
+	s.sendNewBlobEvent([32]byte(b.BlockRoot), b.Index)
+	return nil
+}

beacon-chain/blockchain/receive_block.go

@@ -3,6 +3,7 @@ package blockchain
 import (
 	"bytes"
 	"context"
+	"time"
 
 	"github.com/pkg/errors"
 	"github.com/prysmaticlabs/prysm/v4/beacon-chain/core/feed"
@@ -21,7 +22,6 @@ import (
 	ethpb "github.com/prysmaticlabs/prysm/v4/proto/prysm/v1alpha1"
 	"github.com/prysmaticlabs/prysm/v4/proto/prysm/v1alpha1/attestation"
 	"github.com/prysmaticlabs/prysm/v4/runtime/version"
-	"github.com/prysmaticlabs/prysm/v4/time"
 	"github.com/prysmaticlabs/prysm/v4/time/slots"
 	"go.opencensus.io/trace"
 	"golang.org/x/sync/errgroup"
@@ -42,7 +42,7 @@ type BlockReceiver interface {
 // BlobReceiver interface defines the methods of chain service for receiving new
 // blobs
 type BlobReceiver interface {
-	SendNewBlobEvent([32]byte, uint64)
+	ReceiveBlob(context.Context, *ethpb.BlobSidecar) error
 }
 
 // SlashingReceiver interface defines the methods of chain service for receiving validated slashing over the wire.

beacon-chain/blockchain/testing/mock.go

@@ -606,10 +606,12 @@ func (s *ChainService) UnrealizedJustifiedPayloadBlockHash() [32]byte {
 	return [32]byte{}
 }
 
-// SendNewBlobEvent mocks the same method in the chain service
-func (*ChainService) SendNewBlobEvent(_ [32]byte, _ uint64) {}
-
 // BlockBeingSynced mocks the same method in the chain service
 func (c *ChainService) BlockBeingSynced(root [32]byte) bool {
 	return root == c.SyncingRoot
 }
+
+// ReceiveBlob implements the same method in the chain service
+func (*ChainService) ReceiveBlob(_ context.Context, _ *ethpb.BlobSidecar) error {
+	return nil
+}

beacon-chain/core/epoch/epoch_processing.go

@@ -142,6 +142,13 @@ func ProcessRegistryUpdates(ctx context.Context, state state.BeaconState) (state
 		return nil, errors.Wrap(err, "could not get churn limit")
 	}
 
+	if state.Version() >= version.Deneb {
+		// Cap churn limit to max per epoch churn limit. New in EIP7514.
+		if churnLimit > params.BeaconConfig().MaxPerEpochActivationChurnLimit {
+			churnLimit = params.BeaconConfig().MaxPerEpochActivationChurnLimit
+		}
+	}
+
 	// Prevent churn limit cause index out of bound.
 	if churnLimit < limit {
 		limit = churnLimit

beacon-chain/core/epoch/epoch_processing_test.go

@@ -338,6 +338,42 @@ func TestProcessRegistryUpdates_EligibleToActivate(t *testing.T) {
 	}
 }
 
+func TestProcessRegistryUpdates_EligibleToActivate_Cancun(t *testing.T) {
+	base := &ethpb.BeaconStateDeneb{
+		Slot:                5 * params.BeaconConfig().SlotsPerEpoch,
+		FinalizedCheckpoint: &ethpb.Checkpoint{Epoch: 6, Root: make([]byte, fieldparams.RootLength)},
+	}
+	cfg := params.BeaconConfig()
+	cfg.MinPerEpochChurnLimit = 10
+	cfg.ChurnLimitQuotient = 1
+	params.OverrideBeaconConfig(cfg)
+
+	for i := uint64(0); i < 10; i++ {
+		base.Validators = append(base.Validators, &ethpb.Validator{
+			ActivationEligibilityEpoch: params.BeaconConfig().FarFutureEpoch,
+			EffectiveBalance:           params.BeaconConfig().MaxEffectiveBalance,
+			ActivationEpoch:            params.BeaconConfig().FarFutureEpoch,
+		})
+	}
+	beaconState, err := state_native.InitializeFromProtoDeneb(base)
+	require.NoError(t, err)
+	currentEpoch := time.CurrentEpoch(beaconState)
+	newState, err := epoch.ProcessRegistryUpdates(context.Background(), beaconState)
+	require.NoError(t, err)
+	for i, validator := range newState.Validators() {
+		assert.Equal(t, currentEpoch+1, validator.ActivationEligibilityEpoch, "Could not update registry %d, unexpected activation eligibility epoch", i)
+		// Note: In Deneb, only validators indices before `MaxPerEpochActivationChurnLimit` should be activated.
+		if uint64(i) < params.BeaconConfig().MaxPerEpochActivationChurnLimit && validator.ActivationEpoch != helpers.ActivationExitEpoch(currentEpoch) {
+			t.Errorf("Could not update registry %d, validators failed to activate: wanted activation epoch %d, got %d",
+				i, helpers.ActivationExitEpoch(currentEpoch), validator.ActivationEpoch)
+		}
+		if uint64(i) >= params.BeaconConfig().MaxPerEpochActivationChurnLimit && validator.ActivationEpoch != params.BeaconConfig().FarFutureEpoch {
+			t.Errorf("Could not update registry %d, validators should not have been activated, wanted activation epoch: %d, got %d",
+				i, params.BeaconConfig().FarFutureEpoch, validator.ActivationEpoch)
+		}
+	}
+}
+
 func TestProcessRegistryUpdates_ActivationCompletes(t *testing.T) {
 	base := &ethpb.BeaconState{
 		Slot: 5 * params.BeaconConfig().SlotsPerEpoch,

beacon-chain/forkchoice/doubly-linked-tree/proposer_boost_test.go

@@ -49,6 +49,7 @@ func TestForkChoice_BoostProposerRoot_PreventsExAnteAttack(t *testing.T) {
 		slot := primitives.Slot(1)
 		driftGenesisTime(f, slot, 0)
 		newRoot := indexToHash(1)
+		f.store.proposerBoostRoot = [32]byte{}
 		state, blkRoot, err := prepareForkchoiceState(
 			ctx,
 			slot,
@@ -74,6 +75,7 @@ func TestForkChoice_BoostProposerRoot_PreventsExAnteAttack(t *testing.T) {
 		slot = primitives.Slot(2)
 		driftGenesisTime(f, slot, 0)
 		newRoot = indexToHash(2)
+		f.store.proposerBoostRoot = [32]byte{}
 		state, blkRoot, err = prepareForkchoiceState(
 			ctx,
 			slot,
@@ -101,6 +103,7 @@ func TestForkChoice_BoostProposerRoot_PreventsExAnteAttack(t *testing.T) {
 		slot = primitives.Slot(3)
 		driftGenesisTime(f, slot, 0)
 		newRoot = indexToHash(3)
+		f.store.proposerBoostRoot = [32]byte{}
 		state, blkRoot, err = prepareForkchoiceState(
 			ctx,
 			slot,
@@ -129,6 +132,7 @@ func TestForkChoice_BoostProposerRoot_PreventsExAnteAttack(t *testing.T) {
 		slot = primitives.Slot(4)
 		driftGenesisTime(f, slot, 0)
 		newRoot = indexToHash(4)
+		f.store.proposerBoostRoot = [32]byte{}
 		state, blkRoot, err = prepareForkchoiceState(
 			ctx,
 			slot,
@@ -335,6 +339,7 @@ func TestForkChoice_BoostProposerRoot_PreventsExAnteAttack(t *testing.T) {
 		cSlot := primitives.Slot(2)
 		driftGenesisTime(f, cSlot, 0)
 		c := indexToHash(2)
+		f.store.proposerBoostRoot = [32]byte{}
 		state, blkRoot, err := prepareForkchoiceState(
 			ctx,
 			cSlot,
@@ -354,6 +359,7 @@ func TestForkChoice_BoostProposerRoot_PreventsExAnteAttack(t *testing.T) {
 
 		bSlot := primitives.Slot(1)
 		b := indexToHash(1)
+		f.store.proposerBoostRoot = [32]byte{}
 		state, blkRoot, err = prepareForkchoiceState(
 			ctx,
 			bSlot,
@@ -378,6 +384,7 @@ func TestForkChoice_BoostProposerRoot_PreventsExAnteAttack(t *testing.T) {
 		// A block D, building on B, is received at slot N+3. It should not be able to win without boosting.
 		dSlot := primitives.Slot(3)
 		d := indexToHash(3)
+		f.store.proposerBoostRoot = [32]byte{}
 		state, blkRoot, err = prepareForkchoiceState(
 			ctx,
 			dSlot,
@@ -398,6 +405,7 @@ func TestForkChoice_BoostProposerRoot_PreventsExAnteAttack(t *testing.T) {
 		// If the same block arrives with boosting then it becomes head:
 		driftGenesisTime(f, dSlot, 0)
 		d2 := indexToHash(30)
+		f.store.proposerBoostRoot = [32]byte{}
 		state, blkRoot, err = prepareForkchoiceState(
 			ctx,
 			dSlot,

beacon-chain/forkchoice/doubly-linked-tree/store.go

@@ -109,7 +109,8 @@ func (s *Store) insert(ctx context.Context,
 		secondsIntoSlot := (timeNow - s.genesisTime) % params.BeaconConfig().SecondsPerSlot
 		currentSlot := slots.CurrentSlot(s.genesisTime)
 		boostThreshold := params.BeaconConfig().SecondsPerSlot / params.BeaconConfig().IntervalsPerSlot
-		if currentSlot == slot && secondsIntoSlot < boostThreshold {
+		isFirstBlock := s.proposerBoostRoot == [32]byte{}
+		if currentSlot == slot && secondsIntoSlot < boostThreshold && isFirstBlock {
 			s.proposerBoostRoot = root
 		}
 

beacon-chain/rpc/eth/beacon/config_test.go

@@ -141,7 +141,7 @@ func TestGetSpec(t *testing.T) {
 	resp, err := server.GetSpec(context.Background(), &emptypb.Empty{})
 	require.NoError(t, err)
 
-	assert.Equal(t, 111, len(resp.Data))
+	assert.Equal(t, 112, len(resp.Data))
 	for k, v := range resp.Data {
 		switch k {
 		case "CONFIG_NAME":
@@ -380,6 +380,8 @@ func TestGetSpec(t *testing.T) {
 			assert.Equal(t, "20", v)
 		case "REORG_PARENT_WEIGHT_THRESHOLD":
 			assert.Equal(t, "160", v)
+		case "MAX_PER_EPOCH_ACTIVATION_CHURN_LIMIT":
+			assert.Equal(t, "8", v)
 		case "SAFE_SLOTS_TO_IMPORT_OPTIMISTICALLY":
 		default:
 			t.Errorf("Incorrect key: %s", k)

beacon-chain/rpc/eth/beacon/handlers.go

@@ -806,6 +806,10 @@ func (s *Server) GetBlockHeaders(w http.ResponseWriter, r *http.Request) {
 	ctx, span := trace.StartSpan(r.Context(), "beacon.GetBlockHeaders")
 	defer span.End()
 
+	query := r.URL.Query()
+	helpers.NormalizeQueryValues(query)
+	r.URL.RawQuery = query.Encode()
+
 	rawSlot := r.URL.Query().Get("slot")
 	rawParentRoot := r.URL.Query().Get("parent_root")
 

beacon-chain/rpc/eth/beacon/handlers_validator.go

@@ -26,6 +26,10 @@ func (s *Server) GetValidators(w http.ResponseWriter, r *http.Request) {
 	ctx, span := trace.StartSpan(r.Context(), "beacon.GetValidators")
 	defer span.End()
 
+	query := r.URL.Query()
+	helpers.NormalizeQueryValues(query)
+	r.URL.RawQuery = query.Encode()
+
 	stateId := mux.Vars(r)["state_id"]
 	if stateId == "" {
 		http2.HandleError(w, "state_id is required in URL params", http.StatusBadRequest)
@@ -211,6 +215,10 @@ func (bs *Server) GetValidatorBalances(w http.ResponseWriter, r *http.Request) {
 	ctx, span := trace.StartSpan(r.Context(), "beacon.GetValidatorBalances")
 	defer span.End()
 
+	query := r.URL.Query()
+	helpers.NormalizeQueryValues(query)
+	r.URL.RawQuery = query.Encode()
+
 	stateId := mux.Vars(r)["state_id"]
 	if stateId == "" {
 		http2.HandleError(w, "state_id is required in URL params", http.StatusBadRequest)