Skip to content

feat(syncer): verify force inclusion for p2p blocks #2963

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
julienrbrt wants to merge 60 commits into
base: main
Choose a base branch
from
Open

feat(syncer): verify force inclusion for p2p blocks #2963

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
60 commits
Select commit Hold shift + click to select a range
0b04da3
wip
alpe Nov 26, 2025
044903f
x
alpe Nov 27, 2025
2c9a212
Review feedback
alpe Nov 28, 2025
e2b0520
Encapsulate hint in sync package
alpe Nov 28, 2025
aaacbde
Async DA pull
alpe Nov 28, 2025
74be668
Merge branch 'main' into alex/2609_hints
alpe Dec 1, 2025
b9b5f5b
Minor cleanup
alpe Dec 1, 2025
e3336ce
Merge branch 'main' into alex/2609_hints
alpe Dec 8, 2025
c40b96b
Indipendent types for p2p store
alpe Dec 15, 2025
f3fb315
Merge branch 'main' into alex/2609_hints
alpe Dec 15, 2025
56c278f
Merge updates
alpe Dec 15, 2025
413b40d
Merge branch 'main' into alex/2609_hints
alpe Dec 15, 2025
a585190
Bump sonic version
alpe Dec 15, 2025
d09c8ab
Make tidy-all
alpe Dec 15, 2025
f0a505f
Merge branch 'main' into alex/2609_hints
alpe Dec 16, 2025
4ecf0a0
Use envelope for p2p store
alpe Dec 19, 2025
6c85d8d
Merge branch 'main' into alex/2609_hints
alpe Dec 19, 2025
7abfecc
Minor cleanup
alpe Dec 19, 2025
e593848
Better test data
alpe Dec 19, 2025
993c2b1
Merge branch 'main' into alex/2609_hints
alpe Dec 22, 2025
8b99828
Merge branch 'main' into alex/2609_hints
alpe Jan 8, 2026
544c0b9
Linter
alpe Jan 8, 2026
e1446a3
Merge branch 'main' into alex/2609_hints
alpe Jan 19, 2026
570ac06
Resolve merge conflicts
alpe Jan 19, 2026
1f6c405
Merge branch 'main' into alex/2609_hints
alpe Jan 19, 2026
4907c92
Tidy all
alpe Jan 19, 2026
6e4554d
Merge branch 'main' into alex/2609_hints
alpe Jan 19, 2026
6962e6f
Merge branch 'main' into alex/2609_hints
alpe Jan 20, 2026
158bcad
Merge branch 'main' into alex/2609_hints
alpe Jan 21, 2026
66b6db8
Integrate changes
alpe Jan 21, 2026
94fe911
Merge branch 'main' into alex/2609_hints
alpe Jan 22, 2026
a20e483
Merge branch 'main' into alex/2609_hints
alpe Jan 26, 2026
69bf91b
Merge branch 'main' into alex/2609_hints
alpe Jan 27, 2026
b8ec42f
Merge branch 'main' into alex/2609_hints
alpe Jan 28, 2026
eb5aff5
Merge branch 'main' into alex/2609_hints
julienrbrt Feb 2, 2026
9c95101
updates
julienrbrt Feb 2, 2026
19835e8
build fixes
julienrbrt Feb 2, 2026
c6e5696
fixes
julienrbrt Feb 2, 2026
b7b2100
cleanup
julienrbrt Feb 2, 2026
7b1c802
updates
julienrbrt Feb 2, 2026
14b83ff
implement setting
julienrbrt Feb 2, 2026
3a2ba3f
limit abstractions
julienrbrt Feb 2, 2026
c9d3251
linting
julienrbrt Feb 2, 2026
fcb3e75
use same key as sequencer
julienrbrt Feb 2, 2026
1b3802e
fix unit test
julienrbrt Feb 2, 2026
aac3f47
rename working pool to avoid naming confusion
julienrbrt Feb 2, 2026
68b3bcb
persist da/height for da synced nodes as well for consistency
julienrbrt Feb 2, 2026
1b394e0
Merge branch 'main' into alex/2609_hints
julienrbrt Feb 2, 2026
4f4ad36
feat(syncer): verify force inclusion for p2p blocks
julienrbrt Feb 2, 2026
36526ec
fix tests
julienrbrt Feb 2, 2026
025ee3f
fixes
julienrbrt Feb 2, 2026
3abb188
Merge branch 'alex/2609_hints' into julien/fi-p2p
julienrbrt Feb 2, 2026
0298cea
use height instead of hashes
julienrbrt Feb 3, 2026
4905677
Merge branch 'main' into alex/2609_hints
julienrbrt Feb 3, 2026
d6ba01d
fixes
julienrbrt Feb 3, 2026
f662a50
add docs
julienrbrt Feb 3, 2026
0a8e542
remove worker pool
julienrbrt Feb 3, 2026
a729ac2
Merge branch 'alex/2609_hints' into julien/fi-p2p
julienrbrt Feb 3, 2026
f728ec2
fix test
julienrbrt Feb 3, 2026
956c898
Merge branch 'main' into julien/fi-p2p
julienrbrt Feb 3, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion block/internal/syncing/block_syncer.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,5 +21,5 @@ type BlockSyncer interface {
ValidateBlock(ctx context.Context, currState types.State, data *types.Data, header *types.SignedHeader) error

// VerifyForcedInclusionTxs verifies that forced inclusion transactions are properly handled.
VerifyForcedInclusionTxs(ctx context.Context, currentState types.State, data *types.Data) error
VerifyForcedInclusionTxs(ctx context.Context, daHeight uint64, data *types.Data) error
}
51 changes: 37 additions & 14 deletions block/internal/syncing/syncer.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,7 @@ type Syncer struct {
gracePeriodMultiplier *atomic.Pointer[float64]
blockFullnessEMA *atomic.Pointer[float64]
gracePeriodConfig forcedInclusionGracePeriodConfig
p2pHeightHints map[uint64]uint64 // map[height]daHeight

// Lifecycle
ctx context.Context
Expand Down Expand Up @@ -183,6 +184,7 @@ func NewSyncer(
gracePeriodMultiplier: gracePeriodMultiplier,
blockFullnessEMA: blockFullnessEMA,
gracePeriodConfig: newForcedInclusionGracePeriodConfig(),
p2pHeightHints: make(map[uint64]uint64),
}
s.blockSyncer = s
if raftNode != nil && !reflect.ValueOf(raftNode).IsNil() {
Expand Down Expand Up @@ -654,6 +656,7 @@ func (s *Syncer) processHeightEvent(ctx context.Context, event *common.DAHeightE
Msg("P2P event with DA height hint, queuing priority DA retrieval")

// Queue priority DA retrieval - will be processed in fetchDAUntilCaughtUp
s.p2pHeightHints[height] = daHeightHint
s.daRetriever.QueuePriorityHeight(daHeightHint)
}
}
Expand Down Expand Up @@ -733,13 +736,17 @@ func (s *Syncer) TrySyncNextBlock(ctx context.Context, event *common.DAHeightEve
}

// Verify forced inclusion transactions if configured
if event.Source == common.SourceDA {
if err := s.VerifyForcedInclusionTxs(ctx, currentState, data); err != nil {
s.logger.Error().Err(err).Uint64("height", nextHeight).Msg("forced inclusion verification failed")
if errors.Is(err, errMaliciousProposer) {
s.cache.RemoveHeaderDAIncluded(headerHash)
return err
}
currentDaHeight, ok := s.p2pHeightHints[nextHeight]
if !ok {
currentDaHeight = currentState.DAHeight
} else {
delete(s.p2pHeightHints, nextHeight)
}
if err := s.VerifyForcedInclusionTxs(ctx, currentDaHeight, data); err != nil {
Copy link
Member Author

@julienrbrt julienrbrt Feb 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Knowing #2891 (comment), this is actually not the right solution for P2P.

s.logger.Error().Err(err).Uint64("height", nextHeight).Msg("forced inclusion verification failed")
if errors.Is(err, errMaliciousProposer) {
s.cache.RemoveHeaderDAIncluded(headerHash)
return err
}
Comment on lines +746 to 750
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot Jan 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

critical

Failure to verify forced inclusion transactions should not be ignored. Currently, only errMaliciousProposer errors are returned from trySyncNextBlock, while other errors (e.g., transient DA layer connection issues) are only logged. This could lead to the node accepting a block that is invalid because it's missing forced transactions. All errors from verifyForcedInclusionTxs should be returned so the caller can handle them, for instance by retrying the block processing later.

Suggested change
s.logger.Error().Err(err).Uint64("height", nextHeight).Msg("forced inclusion verification failed")
if errors.Is(err, errMaliciousProposer) {
s.cache.RemoveHeaderDAIncluded(headerHash)
return err
}
s.logger.Error().Err(err).Uint64("height", nextHeight).Msg("forced inclusion verification failed")
if errors.Is(err, errMaliciousProposer) {
s.cache.RemoveHeaderDAIncluded(headerHash)
}
return err

Copy link
Member Author

@julienrbrt julienrbrt Jan 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

current behavior is correct. a fetch issue due to the sync node have issues or the da layer down should not crash the node.

}

Expand Down Expand Up @@ -777,6 +784,22 @@ func (s *Syncer) TrySyncNextBlock(ctx context.Context, event *common.DAHeightEve
return fmt.Errorf("failed to commit batch: %w", err)
}

// Persist DA height mapping for blocks synced from DA
// This ensures consistency with the sequencer's submitter which also persists this mapping
// Note: P2P hints are already persisted via store_adapter.Append when items have DAHint set
// But DaHeight from events always take precedence as they are authoritative (comes from DA)
if event.DaHeight > 0 {
daHeightBytes := make([]byte, 8)
binary.LittleEndian.PutUint64(daHeightBytes, event.DaHeight)

if err := s.store.SetMetadata(ctx, store.GetHeightToDAHeightHeaderKey(nextHeight), daHeightBytes); err != nil {
s.logger.Warn().Err(err).Uint64("height", nextHeight).Msg("failed to persist header DA height mapping")
}
if err := s.store.SetMetadata(ctx, store.GetHeightToDAHeightDataKey(nextHeight), daHeightBytes); err != nil {
s.logger.Warn().Err(err).Uint64("height", nextHeight).Msg("failed to persist data DA height mapping")
}
}

// Update in-memory state after successful commit
s.SetLastState(newState)
s.metrics.Height.Set(float64(newState.LastBlockHeight))
Expand Down Expand Up @@ -952,7 +975,7 @@ func (s *Syncer) getEffectiveGracePeriod() uint64 {
// Note: Due to block size constraints (MaxBytes), sequencers may defer forced inclusion transactions
// to future blocks (smoothing). This is legitimate behavior within an epoch.
// However, ALL forced inclusion txs from an epoch MUST be included before the next epoch begins or grace boundary (whichever comes later).
func (s *Syncer) VerifyForcedInclusionTxs(ctx context.Context, currentState types.State, data *types.Data) error {
func (s *Syncer) VerifyForcedInclusionTxs(ctx context.Context, daHeight uint64, data *types.Data) error {
if s.fiRetriever == nil {
return nil
}
Expand All @@ -962,7 +985,7 @@ func (s *Syncer) VerifyForcedInclusionTxs(ctx context.Context, currentState type
s.updateDynamicGracePeriod(blockFullness)

// Retrieve forced inclusion transactions from DA for current epoch
forcedIncludedTxsEvent, err := s.fiRetriever.RetrieveForcedIncludedTxs(ctx, currentState.DAHeight)
forcedIncludedTxsEvent, err := s.fiRetriever.RetrieveForcedIncludedTxs(ctx, daHeight)
if err != nil {
if errors.Is(err, da.ErrForceInclusionNotConfigured) {
s.logger.Debug().Msg("forced inclusion namespace not configured, skipping verification")
Expand Down Expand Up @@ -1049,10 +1072,10 @@ func (s *Syncer) VerifyForcedInclusionTxs(ctx context.Context, currentState type
effectiveGracePeriod := s.getEffectiveGracePeriod()
graceBoundary := pending.EpochEnd + (effectiveGracePeriod * s.genesis.DAEpochForcedInclusion)

if currentState.DAHeight > graceBoundary {
if daHeight > graceBoundary {
maliciousTxs = append(maliciousTxs, pending)
s.logger.Warn().
Uint64("current_da_height", currentState.DAHeight).
Uint64("current_da_height", daHeight).
Uint64("epoch_end", pending.EpochEnd).
Uint64("grace_boundary", graceBoundary).
Uint64("base_grace_periods", s.gracePeriodConfig.basePeriod).
Expand All @@ -1062,7 +1085,7 @@ func (s *Syncer) VerifyForcedInclusionTxs(ctx context.Context, currentState type
Msg("forced inclusion transaction past grace boundary - marking as malicious")
} else {
remainingPending = append(remainingPending, pending)
if currentState.DAHeight > pending.EpochEnd {
if daHeight > pending.EpochEnd {
txsInGracePeriod++
}
}
Expand All @@ -1086,7 +1109,7 @@ func (s *Syncer) VerifyForcedInclusionTxs(ctx context.Context, currentState type
effectiveGracePeriod := s.getEffectiveGracePeriod()
s.logger.Error().
Uint64("height", data.Height()).
Uint64("current_da_height", currentState.DAHeight).
Uint64("current_da_height", daHeight).
Int("malicious_count", len(maliciousTxs)).
Uint64("base_grace_periods", s.gracePeriodConfig.basePeriod).
Uint64("effective_grace_periods", effectiveGracePeriod).
Expand All @@ -1106,7 +1129,7 @@ func (s *Syncer) VerifyForcedInclusionTxs(ctx context.Context, currentState type

s.logger.Info().
Uint64("height", data.Height()).
Uint64("da_height", currentState.DAHeight).
Uint64("da_height", daHeight).
Uint64("epoch_start", forcedIncludedTxsEvent.StartDaHeight).
Uint64("epoch_end", forcedIncludedTxsEvent.EndDaHeight).
Int("included_count", includedCount).
Expand Down
Loading
Loading