Support validator key rotation

consensus/istanbul/backend/announce.go

@@ -143,7 +143,7 @@ func (sb *Backend) sendAnnounceMsgs() {
 	sb.announceWg.Add(1)
 	defer sb.announceWg.Done()
 
-	ticker := time.NewTicker(time.Minute)
+	ticker := time.NewTicker(time.Second)
 
 	for {
 		select {
@@ -337,7 +337,7 @@ func (sb *Backend) handleIstAnnounce(payload []byte) error {
 	// If we gossiped this address/enodeURL within the last 60 seconds, then don't regossip
 	sb.lastAnnounceGossipedMu.RLock()
 	if lastGossipTs, ok := sb.lastAnnounceGossiped[msg.Address]; ok {
-		if lastGossipTs.enodeURL == enodeURL && time.Since(lastGossipTs.timestamp) < time.Minute {
+		if lastGossipTs.enodeURL == enodeURL && time.Since(lastGossipTs.timestamp) < time.Second {
 			sb.logger.Trace("Already regossiped the msg within the last minute, so not regossiping.", "AnnounceMsg", msg)
 			sb.lastAnnounceGossipedMu.RUnlock()
 			return nil

consensus/istanbul/backend/engine.go

@@ -412,6 +412,7 @@ func (sb *Backend) Finalize(chain consensus.ChainReader, header *types.Header, s
 	if istanbul.IsLastBlockOfEpoch(header.Number.Uint64(), sb.config.Epoch) {
 		snapshot = state.Snapshot()
 		err = sb.distributeEpochPaymentsAndRewards(header, state)
+		log.Info("Distributed epoch payments and rewards", "err", err)
 		if err != nil {
 			state.RevertToSnapshot(snapshot)
 		}

consensus/istanbul/backend/internal/enodes/val_enode_table.go

@@ -64,9 +64,8 @@ func NewValidatorEnodeTable() *ValidatorEnodeTable {
 
 func (vet *ValidatorEnodeTable) String() string {
 	var b strings.Builder
-	b.WriteString("ValEnodeTable:")
 	for _, valEnode := range vet.valEnodeTable {
-		fmt.Fprintf(&b, "%s\t", valEnode.String())
+		fmt.Fprintf(&b, "%s\n", valEnode.String())
 	}
 	return b.String()
 }

consensus/istanbul/core/persistent_state.go

@@ -98,7 +98,7 @@ func writeToDisk(filePath string, data []byte) error {
 	if err4 != nil {
 		return err4
 	}
-	log.Debug("Syncing dir %s\n", fpDir.Name())
+	log.Debug("Syncing dir", "dir", fpDir.Name())
 	err5 := fpDir.Sync()
 	if err5 != nil {
 		return err5

consensus/istanbul/utils.go

@@ -108,6 +108,7 @@ func GetEpochLastBlockNumber(epochNumber uint64, epochSize uint64) uint64 {
 	return firstBlockNum + (epochSize - 1)
 }
 
+// TODO(asa): Make this return a diff if at least one of the address/blskey changes. Right now, only returns diff if address changes.
 func ValidatorSetDiff(oldValSet []ValidatorData, newValSet []ValidatorData) ([]ValidatorData, *big.Int) {
 	valSetMap := make(map[common.Address]bool)
 	oldValSetMap := make(map[common.Address]int)

contract_comm/election/election.go

@@ -33,7 +33,7 @@ import (
 const electionABIString string = `[
   {"constant": true,
               "inputs": [],
-        "name": "electValidators",
+        "name": "electValidatorSigners",
         "outputs": [
        {
             "name": "",
@@ -118,7 +118,7 @@ var electionABI, _ = abi.JSON(strings.NewReader(electionABIString))
 func GetElectedValidators(header *types.Header, state vm.StateDB) ([]common.Address, error) {
 	var newValSet []common.Address
 	// Get the new epoch's validator set
-	_, err := contract_comm.MakeStaticCall(params.ElectionRegistryId, electionABI, "electValidators", []interface{}{}, &newValSet, params.MaxGasForElectValidators, header, state)
+	_, err := contract_comm.MakeStaticCall(params.ElectionRegistryId, electionABI, "electValidatorSigners", []interface{}{}, &newValSet, params.MaxGasForElectValidators, header, state)
 	if err != nil {
 		return nil, err
 	}

contract_comm/validators/validators.go

@@ -32,41 +32,33 @@ import (
 
 // This is taken from celo-monorepo/packages/protocol/build/<env>/contracts/Validators.json
 const validatorsABIString string = `[
-  {
-    "constant": true,
-    "inputs": [],
-    "name": "getRegisteredValidators",
-    "outputs": [
+		{
+			"constant": true,
+			"inputs": [],
+			"name": "getRegisteredValidatorSigners",
+			"outputs": [
+			{
+				"name": "",
+				"type": "address[]"
+			}
+			],
+			"payable": false,
+			"stateMutability": "view",
+			"type": "function"
+		},
     {
-      "name": "",
-      "type": "address[]"
-    }
-    ],
-    "payable": false,
-    "stateMutability": "view",
-    "type": "function"
-  },
-	    {
       "constant": true,
       "inputs": [
         {
-          "name": "account",
+          "name": "signer",
           "type": "address"
         }
       ],
-      "name": "getValidator",
+      "name": "getValidatorBlsKeyFromSigner",
       "outputs": [
         {
-          "name": "publicKeysData",
+          "name": "blsKey",
           "type": "bytes"
-        },
-        {
-          "name": "affiliation",
-          "type": "address"
-        },
-        {
-          "name": "score",
-          "type": "uint256"
         }
       ],
       "payable": false,
@@ -85,7 +77,7 @@ const validatorsABIString string = `[
           "type": "uint256"
         }
       ],
-      "name": "distributeEpochPayment",
+      "name": "distributeEpochPaymentsFromSigner",
       "outputs": [
         {
           "name": "",
@@ -108,7 +100,7 @@ const validatorsABIString string = `[
           "type": "uint256"
         }
       ],
-      "name": "updateValidatorScore",
+      "name": "updateValidatorScoreFromSigner",
       "outputs": [],
       "payable": false,
       "stateMutability": "nonpayable",
@@ -122,7 +114,7 @@ const validatorsABIString string = `[
           "type": "address"
         }
       ],
-      "name": "getMembershipInLastEpoch",
+      "name": "getMembershipInLastEpochFromSigner",
       "outputs": [
         {
           "name": "",
@@ -141,7 +133,7 @@ func RetrieveRegisteredValidators(header *types.Header, state vm.StateDB) ([]com
 	var regVals []common.Address
 
 	// Get the new epoch's validator set
-	if _, err := contract_comm.MakeStaticCall(params.ValidatorsRegistryId, validatorsABI, "getRegisteredValidators", []interface{}{}, &regVals, params.MaxGasForGetRegisteredValidators, header, state); err != nil {
+	if _, err := contract_comm.MakeStaticCall(params.ValidatorsRegistryId, validatorsABI, "getRegisteredValidatorSigners", []interface{}{}, &regVals, params.MaxGasForGetRegisteredValidators, header, state); err != nil {
 		return nil, err
 	}
 
@@ -151,23 +143,17 @@ func RetrieveRegisteredValidators(header *types.Header, state vm.StateDB) ([]com
 func GetValidatorData(header *types.Header, state vm.StateDB, validatorAddresses []common.Address) ([]istanbul.ValidatorData, error) {
 	var validatorData []istanbul.ValidatorData
 	for _, addr := range validatorAddresses {
-		validator := struct {
-			PublicKeysData []byte
-			Affiliation    common.Address
-			Score          *big.Int
-		}{}
-		_, err := contract_comm.MakeStaticCall(params.ValidatorsRegistryId, validatorsABI, "getValidator", []interface{}{addr}, &validator, params.MaxGasForGetValidator, header, state)
+		var blsKey []byte
+		_, err := contract_comm.MakeStaticCall(params.ValidatorsRegistryId, validatorsABI, "getValidatorBlsKeyFromSigner", []interface{}{addr}, &blsKey, params.MaxGasForGetValidator, header, state)
 		if err != nil {
 			return nil, err
 		}
-		expectedLength := 64 + blscrypto.PUBLICKEYBYTES + blscrypto.SIGNATUREBYTES
-		if len(validator.PublicKeysData) != expectedLength {
-			return nil, fmt.Errorf("length of publicKeysData incorrect. Expected %d, got %d", expectedLength, len(validator.PublicKeysData))
+		if len(blsKey) != blscrypto.PUBLICKEYBYTES {
+			return nil, fmt.Errorf("length of BLS key incorrect. Expected %d, got %d", blscrypto.PUBLICKEYBYTES, len(blsKey))
 		}
-		blsPublicKey := validator.PublicKeysData[64 : 64+blscrypto.PUBLICKEYBYTES]
 		validatorData = append(validatorData, istanbul.ValidatorData{
 			addr,
-			blsPublicKey,
+			blsKey,
 		})
 	}
 	return validatorData, nil
@@ -177,7 +163,7 @@ func UpdateValidatorScore(header *types.Header, state vm.StateDB, address common
 	_, err := contract_comm.MakeCall(
 		params.ValidatorsRegistryId,
 		validatorsABI,
-		"updateValidatorScore",
+		"updateValidatorScoreFromSigner",
 		[]interface{}{address, uptime},
 		nil,
 		params.MaxGasForUpdateValidatorScore,
@@ -194,7 +180,7 @@ func DistributeEpochPayment(header *types.Header, state vm.StateDB, address comm
 	_, err := contract_comm.MakeCall(
 		params.ValidatorsRegistryId,
 		validatorsABI,
-		"distributeEpochPayment",
+		"distributeEpochPaymentsFromSigner",
 		[]interface{}{address, maxPayment},
 		&epochPayment,
 		params.MaxGasForDistributeEpochPayment,
@@ -208,7 +194,7 @@ func DistributeEpochPayment(header *types.Header, state vm.StateDB, address comm
 
 func GetMembershipInLastEpoch(header *types.Header, state vm.StateDB, validator common.Address) (common.Address, error) {
 	var group common.Address
-	_, err := contract_comm.MakeStaticCall(params.ValidatorsRegistryId, validatorsABI, "getMembershipInLastEpoch", []interface{}{validator}, &group, params.MaxGasForGetMembershipInLastEpoch, header, state)
+	_, err := contract_comm.MakeStaticCall(params.ValidatorsRegistryId, validatorsABI, "getMembershipInLastEpochFromSigner", []interface{}{validator}, &group, params.MaxGasForGetMembershipInLastEpoch, header, state)
 	if err != nil {
 		return common.ZeroAddress, err
 	}

core/tx_pool.go

@@ -605,8 +605,8 @@ func (pool *TxPool) local() map[common.Address]types.Transactions {
 // validateTx checks whether a transaction is valid according to the consensus
 // rules and adheres to some heuristic limits of the local node (price and size).
 func (pool *TxPool) validateTx(tx *types.Transaction, local bool) error {
-	// Heuristic limit, reject transactions over 32KB to prevent DOS attacks
-	if tx.Size() > 32*1024 {
+	// Heuristic limit, reject transactions over MaxCodeSize to prevent DOS attacks
+	if tx.Size() > params.MaxCodeSize {
 		return ErrOversizedData
 	}
 	// Transactions can't be negative. This may never happen using RLP decoded

core/vm/contracts.go

@@ -52,6 +52,7 @@ var PrecompiledContractsHomestead = map[common.Address]PrecompiledContract{
 }
 
 var CeloPrecompiledContractsAddressOffset = byte(0xff)
+var ecrecoverPublicKeyAddress = common.BytesToAddress(append([]byte{0}, (CeloPrecompiledContractsAddressOffset - 1)))
 var transferAddress = common.BytesToAddress(append([]byte{0}, (CeloPrecompiledContractsAddressOffset - 2)))
 var fractionMulExpAddress = common.BytesToAddress(append([]byte{0}, (CeloPrecompiledContractsAddressOffset - 3)))
 var proofOfPossessionAddress = common.BytesToAddress(append([]byte{0}, (CeloPrecompiledContractsAddressOffset - 4)))
@@ -72,12 +73,13 @@ var PrecompiledContractsByzantium = map[common.Address]PrecompiledContract{
 	common.BytesToAddress([]byte{8}): &bn256Pairing{},
 
 	// Celo Precompiled Contracts
-	transferAddress:          &transfer{},
-	fractionMulExpAddress:    &fractionMulExp{},
-	proofOfPossessionAddress: &proofOfPossession{},
-	getValidatorAddress:      &getValidator{},
-	numberValidatorsAddress:  &numberValidators{},
-	epochSizeAddress:         &epochSize{},
+	ecrecoverPublicKeyAddress: &ecrecoverPublicKey{},
+	transferAddress:           &transfer{},
+	fractionMulExpAddress:     &fractionMulExp{},
+	proofOfPossessionAddress:  &proofOfPossession{},
+	getValidatorAddress:       &getValidator{},
+	numberValidatorsAddress:   &numberValidators{},
+	epochSizeAddress:          &epochSize{},
 }
 
 // RunPrecompiledContract runs and evaluates the output of a precompiled contract.
@@ -97,42 +99,73 @@ func debitRequiredGas(p PrecompiledContract, input []byte, gas uint64) (uint64,
 	return gas - requiredGas, nil
 }
 
-// ECRECOVER implemented as a native contract.
+func ecrecoverHelper(input []byte) ([]byte, error) {
+	const ecRecoverInputLength = 128
+
+	input = common.RightPadBytes(input, ecRecoverInputLength)
+	// "input" is (hash, v, r, s), each 32 bytes
+	// but for ecrecover we want (r, s, v)
+
+	r := new(big.Int).SetBytes(input[64:96])
+	s := new(big.Int).SetBytes(input[96:128])
+	v := input[63] - 27
+
+	// tighter sig s values input homestead only apply to tx sigs
+	if !allZero(input[32:63]) || !crypto.ValidateSignatureValues(v, r, s, false) {
+		return nil, nil
+	}
+	// v needs to be at the end for libsecp256k1
+	return crypto.Ecrecover(input[:32], append(input[64:128], v))
+}
+
+// ECRECOVER implemented as a native contract. This variant returns the address.
 type ecrecover struct{}
 
 func (c *ecrecover) RequiredGas(input []byte) uint64 {
 	return params.EcrecoverGas
 }
 
 func (c *ecrecover) Run(input []byte, caller common.Address, evm *EVM, gas uint64) ([]byte, uint64, error) {
+	log.Info("called ecrecover", "intpu", hexutil.Encode(input))
 	gas, err := debitRequiredGas(c, input, gas)
 	if err != nil {
 		return nil, gas, err
 	}
 
-	const ecRecoverInputLength = 128
+	pubKey, err := ecrecoverHelper(input)
+	log.Info("recovered public key", "pubkey", hexutil.Encode(pubKey))
+	// make sure the public key is a valid one
+	if err != nil || pubKey == nil {
+		return nil, gas, nil
+	}
 
-	input = common.RightPadBytes(input, ecRecoverInputLength)
-	// "input" is (hash, v, r, s), each 32 bytes
-	// but for ecrecover we want (r, s, v)
+	// the first byte of pubkey is bitcoin heritage
+	return common.LeftPadBytes(crypto.Keccak256(pubKey[1:])[12:], 32), gas, nil
+}
 
-	r := new(big.Int).SetBytes(input[64:96])
-	s := new(big.Int).SetBytes(input[96:128])
-	v := input[63] - 27
+// ECRECOVER implemented as a native contract. This variant returns the full public key.
+type ecrecoverPublicKey struct{}
 
-	// tighter sig s values input homestead only apply to tx sigs
-	if !allZero(input[32:63]) || !crypto.ValidateSignatureValues(v, r, s, false) {
-		return nil, gas, nil
+func (c *ecrecoverPublicKey) RequiredGas(input []byte) uint64 {
+	return params.EcrecoverGas
+}
+
+func (c *ecrecoverPublicKey) Run(input []byte, caller common.Address, evm *EVM, gas uint64) ([]byte, uint64, error) {
+	log.Info("called ecrecover publickey", "intpu", hexutil.Encode(input))
+	gas, err := debitRequiredGas(c, input, gas)
+	if err != nil {
+		return nil, gas, err
 	}
-	// v needs to be at the end for libsecp256k1
-	pubKey, err := crypto.Ecrecover(input[:32], append(input[64:128], v))
+
+	pubKey, err := ecrecoverHelper(input)
 	// make sure the public key is a valid one
-	if err != nil {
+	if err != nil || pubKey == nil {
 		return nil, gas, nil
 	}
+	log.Info("recovered public key", "pubkey", hexutil.Encode(pubKey))
 
 	// the first byte of pubkey is bitcoin heritage
-	return common.LeftPadBytes(crypto.Keccak256(pubKey[1:])[12:], 32), gas, nil
+	return pubKey[1:], gas, nil
 }
 
 // SHA256 implemented as a native contract.
@@ -555,36 +588,42 @@ func (c *proofOfPossession) RequiredGas(input []byte) uint64 {
 }
 
 func (c *proofOfPossession) Run(input []byte, caller common.Address, evm *EVM, gas uint64) ([]byte, uint64, error) {
+	log.Info("Called proofofpossession")
 	gas, err := debitRequiredGas(c, input, gas)
 	if err != nil {
 		return nil, gas, err
 	}
 
-	// input is comprised of 2 arguments:
+	// input is comprised of 3 arguments:
+	//   address:   20 bytes, an address used to generate the proof-of-possession
 	//   publicKey: 48 bytes, representing the public key (defined as a const in bls package)
-	//   signature: 96 bytes, representing the signature (defined as a const in bls package)
+	//   signature: 96 bytes, representing the signature on `address` (defined as a const in bls package)
 	// the total length of input required is the sum of these constants
 	if len(input) != common.AddressLength+blscrypto.PUBLICKEYBYTES+blscrypto.SIGNATUREBYTES {
+		log.Error("ProofOfPoss", "len1", len(input), "len2", common.AddressLength+blscrypto.PUBLICKEYBYTES+blscrypto.SIGNATUREBYTES)
 		return nil, gas, ErrInputLength
 	}
 	addressBytes := input[:common.AddressLength]
 
 	publicKeyBytes := input[common.AddressLength : common.AddressLength+blscrypto.PUBLICKEYBYTES]
 	publicKey, err := bls.DeserializePublicKey(publicKeyBytes)
 	if err != nil {
+		log.Error("error deserializing public key", "err", err)
 		return nil, gas, err
 	}
 	defer publicKey.Destroy()
 
 	signatureBytes := input[common.AddressLength+blscrypto.PUBLICKEYBYTES : common.AddressLength+blscrypto.PUBLICKEYBYTES+blscrypto.SIGNATUREBYTES]
 	signature, err := bls.DeserializeSignature(signatureBytes)
 	if err != nil {
+		log.Error("error deserializing signature", "err", err)
 		return nil, gas, err
 	}
 	defer signature.Destroy()
 
 	err = publicKey.VerifyPoP(addressBytes, signature)
 	if err != nil {
+		log.Error("error verifying pop", "err", err)
 		return nil, gas, err
 	}