-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(external-node): delete empty unsealed batch on EN initialization #3125
Conversation
)" This reverts commit bb5d147.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can a similar situation reproduce on the main node (i.e., an unsealed batch w/o blocks / transactions)? Is it handled OK?
- AFAICT,
MempoolIO::initialize()
can insert an unsealed L1 batch viaensure_unsealed_l1_batch_exists
(as off-topic / bikeshedding, I think this method is too high-level to be placed in DAL). OTOH, we only reach theensure_unsealed_l1_batch_exists
call ifL1BatchParamsProvider::load_l1_batch_env()
above returnsSome(_)
, i.e. there is at least one L2 block persisted for the batch. So it doesn't look like theensure_unsealed_l1_batch_exists
may actually persist a batch without blocks. - In
MempoolIO::wait_for_new_batch_params()
, a new batch is inserted into the storage proactively. If a node crashes immediately afterwards, it looks like the situation can be reproduced.
I believe that is handled OK as main node has a slightly different mechanism: But I will write a test just to validate that everything is ok.
Ok, so the logic is a bit confusing and I should have left a comment but essentially this is a compatibility mechanism. Imagine that EN starts for the very first time after unsealed batches PR made it in - we have
Fair, this was a bit of dirty hack to be honest with you to fix stage which was in crash loop at the time. This entire logic is IMHO something that should've been a Rust migration script but AFAICT we don't have anything like that. Anyway, I'll try to refactor this in a separate PR.
As I said there is actually a fail-safe mechanism at the very top of the function that prevents this from happening. Unless you mean something else? |
@slowli I am merging this PR but thanks for the critical review and if you still have questions/concern please feel free to continue the discussion here. I will deliver extra tests/improvements in a follow-up PR. |
What ❔
This PR reverts #3088 as I have realized it is going to be very hard to make this fix work by going in that direction. Basically initializing with an empty unsealed batch causes a lot of issues and the existing state keeper/external IO flow heavily relies on us having at least one at the start to initialize correctly. Will leave more context in the comments.
Feel free to review individual commits to not see revert changelog.
Why ❔
This bug causes EN to panic
Checklist
zkstack dev fmt
andzkstack dev lint
.