Concordium
diff --git a/‎CHANGELOG.md‎
Lines changed: 28 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 28 additions & 0 deletions
diff --git a/‎concordium-base‎ b/‎concordium-base‎
diff --git a/‎concordium-consensus/src-lib/Concordium/External.hs‎
Lines changed: 14 additions & 5 deletions b/‎concordium-consensus/src-lib/Concordium/External.hs‎
Lines changed: 14 additions & 5 deletions
diff --git a/‎concordium-consensus/src/Concordium/GlobalState/BakerInfo.hs‎
Lines changed: 123 additions & 86 deletions b/‎concordium-consensus/src/Concordium/GlobalState/BakerInfo.hs‎
Lines changed: 123 additions & 86 deletions
@@ -2,6 +2,24 @@
 
 ## Unreleased changes
 
+## 7.0.3
+
+- Fix a bug in the computation of the genesis height after the second protocol update. (#1237)
+- Fix a bug where an error was incorrectly thrown when loading the consenus state immediately
+  after a protocol update (in the new consensus version) (#1236).
+
+## 7.0.2
+
+- Fix the timing of paydays after protocol update from version 6 to 7.
+- Improve consensus behaviour in the event of an unrecoverable exception.
+
+## 7.0.1
+
+- Fix a bug in migration from protocol version 6 to 7.
+- Support "reboot" protocol update at protocol version 7.
+
+## 7.0.0
+
 - Fix a bug where `GetBakersRewardPeriod` returns incorrect data (#1176).
 - Fix a bug where `GetPoolInfo` returns incorrect data (#1177).
 - Change the severity of logs for failed gRPC API requests to DEBUG level.
@@ -20,6 +38,16 @@
   `TransferToPublic` remains enabled, allowing existing encrypted balances to be
   decrypted.
 - Improve logging around protocol update events.
+- Changes to stake cooldown behavior in protocol version 7:
+  - When stake is reduced or removed from a validator or delegator, it becomes
+    inactive, and is not counted for future stake calculations. The inactive
+    stake is not spendable, but is released after a cooldown period elapses.
+  - Changes to validators and delegators can be made while stake is in cooldown,
+    including changing the stake, or changing directly between validator and
+    delegator.
+- Fix a bug where a configure-validator transaction that is rejected for having
+  a duplicate aggregation key would report the old key for the validator,
+  rather than the key that is a duplicate.
 
 ## 6.3.1
 
 
@@ -726,7 +726,7 @@ stopBaker cptr = mask_ $ do
 -- |    16 | ResultNonexistingSenderAccount              | The transaction's sender account does not exist according to the focus block                  | No       |
 -- +-------+---------------------------------------------+-----------------------------------------------------------------------------------------------+----------+
 -- |    17 | ResultDuplicateNonce                        | The sequence number for this account or update type was already used                          | No       |
--- i+-------+---------------------------------------------+-----------------------------------------------------------------------------------------------+----------+
+-- +-------+---------------------------------------------+-----------------------------------------------------------------------------------------------+----------+
 -- |    18 | ResultNonceTooLarge                         | The transaction seq. number is larger than the next one for this account/update type          | No       |
 -- +-------+---------------------------------------------+-----------------------------------------------------------------------------------------------+----------+
 -- |    19 | ResultTooLowEnergy                          | The stated transaction energy is lower than the minimum amount necessary to execute it        | No       |
@@ -755,6 +755,8 @@ stopBaker cptr = mask_ $ do
 -- +-------+---------------------------------------------+-----------------------------------------------------------------------------------------------+----------+
 -- |    31 | ResultDoubleSign                            | The consensus message is a result of malignant double signing.                                | No       |
 -- +-------+---------------------------------------------+-----------------------------------------------------------------------------------------------+----------+
+-- |    32 | ResultConsensusFailure                      | The consensus has thrown an exception and entered an unrecoverable state.                     | No       |
+-- +-------+---------------------------------------------+-----------------------------------------------------------------------------------------------+----------+
 type ReceiveResult = Int64
 
 -- | Convert an 'UpdateResult' to the corresponding 'ReceiveResult' value.
@@ -791,12 +793,13 @@ toReceiveResult ResultChainUpdateInvalidSignatures = 28
 toReceiveResult ResultEnergyExceeded = 29
 toReceiveResult ResultInsufficientFunds = 30
 toReceiveResult ResultDoubleSign = 31
+toReceiveResult ResultConsensusFailure = 32
 
 -- | Handle receipt of a block.
 --  The possible return codes are @ResultSuccess@, @ResultSerializationFail@,
 --  @ResultInvalid@, @ResultPendingBlock@, @ResultDuplicate@, @ResultStale@,
 --  @ResultConsensusShutDown@, @ResultEarlyBlock@, @ResultInvalidGenesisIndex@, and
---  @ResultDoubleSign@.
+--  @ResultDoubleSign@. Additionally @ResultConsensusFailure@ is returned if an exception occurs.
 --  'receiveBlock' may invoke the callbacks for new finalization messages.
 --  If the block was successfully verified i.e. baker signature, finalization proofs etc. then
 --  the continuation for executing the block will be written to the 'Ptr' provided.
@@ -827,25 +830,27 @@ receiveBlock bptr genIndex msg msgLen ptrPtrExecuteBlock = do
             poke ptrPtrExecuteBlock =<< newStablePtr eb
             return $ toReceiveResult receiveResult
 
--- | Execute a block that has been received and succesfully verified.
+-- | Execute a block that has been received and successfully verified.
 --  The 'MV.ExecuteBlock' continuation is obtained via first calling 'receiveBlock' which in return
 --  will construct a pointer to the continuation.
 --  The 'StablePtr' is freed here and so this function should only be called once for each 'MV.ExecuteBlock'.
 --  The possible return codes are @ResultSuccess@, @ResultSerializationFail@, @ResultInvalid@
 --  and @ResultConsensusShutDown@.
+--  Additionally @ResultConsensusFailure@ is returned if an exception occurs.
 executeBlock :: StablePtr ConsensusRunner -> StablePtr MV.ExecuteBlock -> IO ReceiveResult
 executeBlock ptrConsensus ptrCont = do
     (ConsensusRunner mvr) <- deRefStablePtr ptrConsensus
     executableBlock <- deRefStablePtr ptrCont
     freeStablePtr ptrCont
     mvLog mvr External LLTrace "Executing block."
-    res <- MV.runBlock executableBlock
+    res <- runMVR (MV.executeBlock executableBlock) mvr
     return $ toReceiveResult res
 
 -- | Handle receipt of a finalization message.
 --  The possible return codes are @ResultSuccess@, @ResultSerializationFail@, @ResultInvalid@,
 --  @ResultPendingFinalization@, @ResultDuplicate@, @ResultStale@, @ResultIncorrectFinalizationSession@,
 --  @ResultUnverifiable@, @ResultConsensusShutDown@, @ResultInvalidGenesisIndex@, and @ResultDoubleSign@.
+--  Additionally @ResultConsensusFailure@ is returned if an exception occurs.
 --  'receiveFinalization' may invoke the callbacks for new finalization messages.
 receiveFinalizationMessage ::
     StablePtr ConsensusRunner ->
@@ -863,6 +868,7 @@ receiveFinalizationMessage bptr genIndex msg msgLen = do
 --  The possible return codes are @ResultSuccess@, @ResultSerializationFail@, @ResultInvalid@,
 --  @ResultPendingBlock@, @ResultPendingFinalization@, @ResultDuplicate@, @ResultStale@,
 --  @ResultConsensusShutDown@ and @ResultInvalidGenesisIndex@.
+--  Additionally @ResultConsensusFailure@ is returned if an exception occurs.
 --  'receiveFinalizationRecord' may invoke the callbacks for new finalization messages.
 receiveFinalizationRecord ::
     StablePtr ConsensusRunner ->
@@ -885,7 +891,8 @@ receiveFinalizationRecord bptr genIndex msg msgLen = do
 --  @ResultCredentialDeploymentInvalidIP@, @ResultCredentialDeploymentInvalidAR@,
 --  @ResultCredentialDeploymentExpired@, @ResultChainUpdateInvalidSequenceNumber@,
 --  @ResultChainUpdateInvalidEffectiveTime@, @ResultChainUpdateInvalidSignatures@,
---  @ResultEnergyExceeded@
+--  @ResultEnergyExceeded@.
+--  Additionally @ResultConsensusFailure@ is returned if an exception occurs.
 receiveTransaction :: StablePtr ConsensusRunner -> CString -> Int64 -> Ptr Word8 -> IO ReceiveResult
 receiveTransaction bptr transactionData transactionLen outPtr = do
     (ConsensusRunner mvr) <- deRefStablePtr bptr
@@ -907,6 +914,7 @@ receiveTransaction bptr transactionData transactionLen outPtr = do
 --  * @ResultPendingBlock@ -- the sender has some data I am missing, and should be marked pending
 --  * @ResultSuccess@ -- I do not require additional data from the sender, so mark it as up-to-date
 --  * @ResultContinueCatchUp@ -- The sender should be marked pending if it is currently up-to-date (no change otherwise)
+--  * @ResultConsensusFailure@ -- an internal exception occurred
 receiveCatchUpStatus ::
     -- | Consensus pointer
     StablePtr ConsensusRunner ->
@@ -957,6 +965,7 @@ getCatchUpStatus cptr genIndexPtr resPtr = do
 
 -- | Import a file consisting of a set of blocks and finalization records for the purposes of
 --  out-of-band catch-up.
+--  @ResultConsensusFailure@ is returned if an exception occurs.
 importBlocks ::
     -- | Consensus runner
     StablePtr ConsensusRunner ->
 
@@ -111,6 +111,15 @@ data BakerKeyUpdate = BakerKeyUpdate
     }
     deriving (Eq, Ord, Show)
 
+-- | Extract the 'BakerKeyUpdate' from a 'BakerKeysWithProofs'.
+bakerKeysWithoutProofs :: BakerKeysWithProofs -> BakerKeyUpdate
+bakerKeysWithoutProofs BakerKeysWithProofs{..} =
+    BakerKeyUpdate
+        { bkuSignKey = bkwpSignatureVerifyKey,
+          bkuAggregationKey = bkwpAggregationVerifyKey,
+          bkuElectionKey = bkwpElectionVerifyKey
+        }
+
 data BakerKeyUpdateResult
     = -- | The keys were updated successfully
       BKUSuccess !BakerId
@@ -174,32 +183,83 @@ data BakerAddResult
       BAStakeUnderThreshold
     deriving (Eq, Ord, Show)
 
--- | Data structure used to add/remove/update baker.
-data BakerConfigure
-    = -- | Add a baker, all fields are required.
-      BakerConfigureAdd
-        { bcaKeys :: !BakerKeyUpdate,
-          bcaCapital :: !Amount,
-          bcaRestakeEarnings :: !Bool,
-          bcaOpenForDelegation :: !OpenStatus,
-          bcaMetadataURL :: !UrlText,
-          bcaTransactionFeeCommission :: !AmountFraction,
-          bcaBakingRewardCommission :: !AmountFraction,
-          bcaFinalizationRewardCommission :: !AmountFraction
-        }
-    | -- | Update baker with optional fields.
-      BakerConfigureUpdate
-        { -- | The timestamp of the current slot (slot time).
-          bcuSlotTimestamp :: !Timestamp,
-          bcuKeys :: !(Maybe BakerKeyUpdate),
-          bcuCapital :: !(Maybe Amount),
-          bcuRestakeEarnings :: !(Maybe Bool),
-          bcuOpenForDelegation :: !(Maybe OpenStatus),
-          bcuMetadataURL :: !(Maybe UrlText),
-          bcuTransactionFeeCommission :: !(Maybe AmountFraction),
-          bcuBakingRewardCommission :: !(Maybe AmountFraction),
-          bcuFinalizationRewardCommission :: !(Maybe AmountFraction)
+-- | Result of remove baker.
+data BakerRemoveResult
+    = -- | The baker was removed, effective from the given epoch.
+      BRRemoved !BakerId !Epoch
+    | -- | This is not a valid baker.
+      BRInvalidBaker
+    | -- | A change is already pending on this baker.
+      BRChangePending !BakerId
+    deriving (Eq, Ord, Show)
+
+-- | Parameters for adding a validator.
+data ValidatorAdd = ValidatorAdd
+    { -- | The keys for the validator.
+      vaKeys :: !BakerKeyUpdate,
+      -- | The initial stake.
+      vaCapital :: !Amount,
+      -- | Whether to restake earned rewards
+      vaRestakeEarnings :: !Bool,
+      -- | Whether the validator pool is open for delegation.
+      vaOpenForDelegation :: !OpenStatus,
+      -- | The metadata URL for the validator.
+      vaMetadataURL :: !UrlText,
+      -- | The commission rates for the validator.
+      vaCommissionRates :: !CommissionRates
+    }
+    deriving (Eq, Show)
+
+-- | Parameters for updating an existing validator. Where a field is 'Nothing', the field is not
+--  updated.
+data ValidatorUpdate = ValidatorUpdate
+    { -- | The new keys for the validator.
+      vuKeys :: !(Maybe BakerKeyUpdate),
+      -- | The new capital for the validator. If this is @Just 0@, the validator is removed.
+      vuCapital :: !(Maybe Amount),
+      -- | Whether to restake earned rewards.
+      vuRestakeEarnings :: !(Maybe Bool),
+      -- | Whether the validator pool is open for delegation.
+      vuOpenForDelegation :: !(Maybe OpenStatus),
+      -- | The new metadata URL for the validator.
+      vuMetadataURL :: !(Maybe UrlText),
+      -- | The new transaction fee commission for the validator.
+      vuTransactionFeeCommission :: !(Maybe AmountFraction),
+      -- | The new baking reward commission for the validator.
+      vuBakingRewardCommission :: !(Maybe AmountFraction),
+      -- | The new finalization reward commission for the validator.
+      vuFinalizationRewardCommission :: !(Maybe AmountFraction)
+    }
+    deriving (Eq, Show)
+
+-- | A 'ValidatorUpdate' that removes the validator.
+validatorRemove :: ValidatorUpdate
+validatorRemove =
+    ValidatorUpdate
+        { vuKeys = Nothing,
+          vuCapital = Just 0,
+          vuRestakeEarnings = Nothing,
+          vuOpenForDelegation = Nothing,
+          vuMetadataURL = Nothing,
+          vuTransactionFeeCommission = Nothing,
+          vuBakingRewardCommission = Nothing,
+          vuFinalizationRewardCommission = Nothing
         }
+
+-- | Failure modes when configuring a validator.
+data ValidatorConfigureFailure
+    = -- | The stake is below the required threshold dictated by current chain parameters.
+      VCFStakeUnderThreshold
+    | -- | The transaction fee commission is not in the allowed range.
+      VCFTransactionFeeCommissionNotInRange
+    | -- | The baking reward commission is not in the allowed range.
+      VCFBakingRewardCommissionNotInRange
+    | -- | The finalization reward commission is not in the allowed range.
+      VCFFinalizationRewardCommissionNotInRange
+    | -- | The aggregation key is already in use by another validator.
+      VCFDuplicateAggregationKey !BakerAggregationVerifyKey
+    | -- | A change is already pending on this validator.
+      VCFChangePending
     deriving (Eq, Show)
 
 -- | A baker update change result from configure baker. Used to indicate whether the configure will cause
@@ -216,55 +276,37 @@ data BakerConfigureUpdateChange
     | BakerConfigureFinalizationRewardCommission !AmountFraction
     deriving (Eq, Show)
 
--- | Result of configure baker.
-data BakerConfigureResult
-    = -- | Configure baker successful.
-      BCSuccess ![BakerConfigureUpdateChange] !BakerId
-    | -- | Account unknown.
-      BCInvalidAccount
-    | -- | The aggregation key already exists.
-      BCDuplicateAggregationKey !BakerAggregationVerifyKey
-    | -- | The stake is below the required threshold dictated by current chain parameters.
-      BCStakeUnderThreshold
-    | -- | The finalization reward commission is not in the allowed range.
-      BCFinalizationRewardCommissionNotInRange
-    | -- | The baking reward commission is not in the allowed range.
-      BCBakingRewardCommissionNotInRange
-    | -- | The transaction fee commission is not in the allowed range.
-      BCTransactionFeeCommissionNotInRange
-    | -- | A change is already pending on this baker.
-      BCChangePending
-    | -- | This is not a valid baker.
-      BCInvalidBaker
+-- | Parameters for adding a delegator.
+data DelegatorAdd = DelegatorAdd
+    { -- | The initial staked capital for the delegator.
+      daCapital :: !Amount,
+      -- | Whether to restake earnings.
+      daRestakeEarnings :: !Bool,
+      -- | The delegation target for the delegator.
+      daDelegationTarget :: !DelegationTarget
+    }
     deriving (Eq, Show)
 
--- | Result of remove baker.
-data BakerRemoveResult
-    = -- | The baker was removed, effective from the given epoch.
-      BRRemoved !BakerId !Epoch
-    | -- | This is not a valid baker.
-      BRInvalidBaker
-    | -- | A change is already pending on this baker.
-      BRChangePending !BakerId
-    deriving (Eq, Ord, Show)
+-- | Parameters for updating an existing delegator. Where a field is 'Nothing', the field is not
+--  updated.
+data DelegatorUpdate = DelegatorUpdate
+    { -- | The new capital for the delegator. If this is @Just 0@, the delegator is removed.
+      duCapital :: !(Maybe Amount),
+      -- | Whether to restake earnings.
+      duRestakeEarnings :: !(Maybe Bool),
+      -- | The new delegation target for the delegator.
+      duDelegationTarget :: !(Maybe DelegationTarget)
+    }
+    deriving (Eq, Show)
 
--- | Data structure used to add/remove/update delegator.
-data DelegationConfigure
-    = -- | Add a delegator, all fields are required.
-      DelegationConfigureAdd
-        { dcaCapital :: !Amount,
-          dcaRestakeEarnings :: !Bool,
-          dcaDelegationTarget :: !DelegationTarget
-        }
-    | -- | Update delegator with optional fields.
-      DelegationConfigureUpdate
-        { -- | The timestamp of the current slot (slot time of the block in which the update occurs).
-          dcuSlotTimestamp :: !Timestamp,
-          dcuCapital :: !(Maybe Amount),
-          dcuRestakeEarnings :: !(Maybe Bool),
-          dcuDelegationTarget :: !(Maybe DelegationTarget)
+-- | A 'DelegatorUpdate' that removes the delegator.
+delegatorRemove :: DelegatorUpdate
+delegatorRemove =
+    DelegatorUpdate
+        { duCapital = Just 0,
+          duRestakeEarnings = Nothing,
+          duDelegationTarget = Nothing
         }
-    deriving (Eq, Show)
 
 -- | A delegation update change result from configure delegation. Used to indicate whether the
 --  configure will cause any changes to the delegator's stake, restake earnings flag, etc.
@@ -275,24 +317,19 @@ data DelegationConfigureUpdateChange
     | DelegationConfigureDelegationTarget !DelegationTarget
     deriving (Eq, Show)
 
--- | Result of configure delegator.
-data DelegationConfigureResult
-    = -- | Configure delegation successful.
-      DCSuccess ![DelegationConfigureUpdateChange] !DelegatorId
-    | -- | Account unknown.
-      DCInvalidAccount
-    | -- | A change is already pending on this delegator.
-      DCChangePending
-    | -- | This is not a valid delegator.
-      DCInvalidDelegator
-    | -- | Delegation target is not a valid baker.
-      DCInvalidDelegationTarget !BakerId
+-- | Failure modes for configuring a delegator.
+data DelegatorConfigureFailure
+    = -- | The delegation target is not a valid baker.
+      DCFInvalidDelegationTarget !BakerId
     | -- | The pool is not open for delegators.
-      DCPoolClosed
+      DCFPoolClosed
     | -- | The pool's total capital would become too large.
-      DCPoolStakeOverThreshold
-    | -- | The delegated capital would become too large in comparison with pool owner's equity capital.
-      DCPoolOverDelegated
+      DCFPoolStakeOverThreshold
+    | -- | The delegated capital would become too large in comparison with pool owner's equity
+      -- capital.
+      DCFPoolOverDelegated
+    | -- | A change is already pending on this delegator.
+      DCFChangePending
     deriving (Eq, Show)
 
 -- | Construct an 'AccountBaker' from a 'GenesisBaker'.