Try โ€‚โ€‰HackMD

2023 02 27 NEM Stall Post Mortem

Observation

After the production of block 4129631, block production on the NEM network slowed to a crawl. This situation was instigated by an unexpected transaction entering the Unconfirmed Transactions cache. When this transaction expired, block production went back to normal.

We have identified the makeup of the unexpected transaction and how it entered the Unconfirmed Transactions cache.

A multisig account configured with 1-of-2 multisig sent two conflicting transactaions. Assume that the two cosigners are named A and B and the multisig account is named M.

Root Cause Analysis

The following sequence of events occured:

  1. M sends a multisig transaction MT with an inner transaction - X - signed by A

  2. The multisig transaction gets committed to the chain and TransactionHashesObserver (running as part of BlockTransactionFactory) adds both H(MT), H(X) to HashTransactionsCache

    โ€‹โ€‹โ€‹โ€‹public void notify(final TransactionHashesNotification notification, final BlockNotificationContext context) {
โ€‹if (NotificationTrigger.Execute == context.getTrigger()) {
โ€‹	this.transactionHashCache.putAll(notification.getPairs());
โ€‹} 
โ€‹โ€‹โ€‹โ€‹...

    Importantly, when the TransactionsHashesNotification is created, streamDefault is used, which expands to both outer and inner transactions:

    โ€‹protected void notifyTransactionHashes() {
โ€‹	final List<HashMetaDataPair> pairs = BlockExtensions.streamDefault(this.block)
โ€‹			.map(t -> new HashMetaDataPair(HashUtils.calculateHash(t), new HashMetaData(this.block.getHeight(), t.getTimeStamp())))
โ€‹			.collect(Collectors.toList());
โ€‹	this.observer.notify(new TransactionHashesNotification(pairs));
โ€‹}

  3. M sends a multisig transaction MT' with the SAME inner transaction X signed by B

  4. BatchUniqueHashTransactionValidator checks that H(MT') is not in HashTransactionsCache, so it gets added to UnconfirmedTransactionsCache โœ…

    โ€‹public ValidationResult validate(final List<TransactionsContextPair> groupedTransactions) {
โ€‹โ€‹โ€‹โ€‹        ...
โ€‹	final List<Hash> hashes = groupedTransactions.stream().flatMap(pair -> pair.getTransactions().stream())
โ€‹			.map(HashUtils::calculateHash).collect(Collectors.toList());

โ€‹	return this.validate(hashes);
โ€‹}

    Importantly, pair.getTransactions() returns Collection<Transaction>, which only contains outer transactions. As a result, H(MT') != H(MT) is checked but H(X) is not checked.

  5. MT' gets selected for a block by the harvester. BlockUniqueHashTransactionValidator has the same logic as BatchUniqueHashTransactionValidator, so only the hash of the outer MT' is checked. As a result, the transaction is included in the harvested block โœ…

    โ€‹public ValidationResult validate(final Block 
โ€‹โ€‹โ€‹โ€‹        ...
โ€‹	final List<Hash> hashes = block.getTransactions().stream().map(HashUtils::calculateHash).collect(Collectors.toList());
โ€‹	return this.transactionHashCache.anyHashExists(hashes) ? ValidationResult.NEUTRAL : ValidationResult.SUCCESS;
โ€‹}

  6. When the newly harvested block - containing MT' - is processed, TransactionHashesObserver attempts to add both H(MT') and H(X) to HashTransactionsCache during part of the block processing that makes state changes. This fails because H(X) is already present in the UnconfirmedTransactionsCache, so the harvested block gets rejected ๐Ÿ›‘

  7. Go to step 5 until H(MT') expires out of the UnconfirmedTransactionsCache

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More โ†’

Fix

The fix is to update both of the unique hash transaction validators to check both outer and inner transactions hashes. This can be done simply by using TransactionExtensions.streamDefault().

BatchUniqueHashTransactionValidator

The addition of TransactionExtensions.streamDefault will prevent MT' (or similar) from getting added to the `UnconfirmedTransactionsCache.

public ValidationResult validate(final List<TransactionsContextPair> groupedTransactions) {
    if (groupedTransactions.isEmpty()) {
        return ValidationResult.SUCCESS;
    }

    final List<Hash> hashes = groupedTransactions.stream().flatMap(pair -> pair.getTransactions().stream())
            .flatMap(transaction -> TransactionExtensions.streamDefault(transaction)).map(HashUtils::calculateHash)
            .collect(Collectors.toList());
    return this.validate(hashes);
}

BlockUniqueHashTransactionValidator

The addition of TransactionExtensions.streamDefault will prevent MT' (or similar) from getting added to a newly harvested block.

public ValidationResult validate(final Block block) {
    if (block.getTransactions().isEmpty()) {
        return ValidationResult.SUCCESS;
    }

    final List<Hash> hashes = block.getTransactions().stream().flatMap(transaction -> TransactionExtensions.streamDefault(transaction))
            .map(HashUtils::calculateHash).collect(Collectors.toList());
    return this.transactionHashCache.anyHashExists(hashes) ? ValidationResult.NEUTRAL : ValidationResult.SUCCESS;
}
Last changed by 
โ€‰
The Symbol Syndicate
We're the team behind Symbol, a next generation protocol for market makers. Join us.
1
1
1545

Read more

Ramblings about public keys that were supposed to be twitter thread

Hello, @gimre here. We should probably change the way we display public keys in all possible applications/tools/etc. But before I dive into this, let&apos;s refresh your memory about addresses. This part is Symbol oriented, but it&apos;s also true for NEM. Addresses (again) Addresses in Symbol consist of 3 parts: 1-byte network prefix (0x68 byte in mainnet)

May 11, 2023
A Guide to Creating a Symbol Test Network

Before any changes are deployed to Symbol mainnet or a new project gets launches on the blockchain, a test version is deployed to testnet first. Symbol test network(testnet) simulates the Symbol main network which gives developers and the community a chance to test features before real assets are used. Sai Testnet is the current testnet for Symbol. You can add a node and get test tokens from the Faucet. The Faucet allow an account to request up to 10k in test xym. If more token are needed to test or run a voting node, you can be requested from the Symbol&apos;s helpdesk on discord. It can be fun to have 3 or 4 million of test xym to splurge a bit, even though they carry no real-world value. Why should you create your own dev testnet? Creating and maintaining a Symbol testnet requires some work like certs and voting key renewals, so why bother setting up your own? These are some reasons you would want to setup your own dev testnet. Test Scenario - you might want to run specific test scenarios for your application. Let&apos;s say you want to fork the network and stall finalization to verify that your application also stops accepting deposits and withdrawals. Persistence - there is no guarantee that the testnet won&apos;t be reset. Symbol testnet is reset at least once a year to keep storage low. But it can also be reset if a major feature stops working. If your application requires the data kept for a longer time then a dev testnet would be better. Control Funds - your use case might require a large sum of funds like 500 Million xym. Even though there is the Faucet, requesting that much token is best done on dev testnet.

Dec 21, 2022
Symbol - October 25th, Post Mortem

Greetings, Citizens of XYM City! Find the Japanese translation here. The Discovery On October 13th, Toshi reported some unexpected behavior to us on Discord in the #sdk-js channel. He had been comparing the outputs of the deprecated TypeScript SDK to the newer JavaScript SDK and noticed that the aggregate transaction hashes were being calculated differently. That...was not expected behavior. Even more concerning was the fact that they were both being accepted (and confirmed) by the network. Root Cause The team quickly identified two critical bugs - one in Catapult (the Symbol client), and one in the TypeScript and Java SDKs.

Oct 26, 2022
OUR LANGUAGES

Throughout Symbol&apos;s development, we&apos;ve used a large number of different languages. As part of regrouping and turning the ship, we&apos;ve decided to cut back on the number of primary languages. Some choices will be less surprising than others. We hope this will facilitate hiring and improve intra-organizational mobility. We want to tear down those walls, Mr. Gorbachev! C++ catapult-client is the Symbol reference client and will continue to be developed and maintained in C++. We like C++ because it is a deterministic destruction language, which gives us fine grained control over memory usage. This allows us to optimize performance. C++ before and after 0x are almost different languages. Using RAII patterns, memory problems are almost almost a thing of the past.

Jan 10, 2022
Read more from The Symbol Syndicate
Published on HackMD