feat: use global signer state machine replay set

hstove · hstove · commit d0edcdb5a922 · 2025-05-21T18:22:21.000-07:00
diff --git a/libsigner/src/events.rs b/libsigner/src/events.rs
@@ -29,7 +29,6 @@ use blockstack_lib::chainstate::stacks::StacksTransaction;
 use blockstack_lib::net::api::postblock_proposal::{
     BlockValidateReject, BlockValidateResponse, ValidateRejectCode,
 };
-use blockstack_lib::net::api::{prefix_hex, prefix_opt_hex};
 use blockstack_lib::net::stackerdb::MINER_SLOT_COUNT;
 use blockstack_lib::util_lib::boot::boot_code_id;
 use blockstack_lib::version_string;
@@ -46,7 +45,8 @@ pub use stacks_common::consts::SIGNER_SLOTS_PER_USER;
 use stacks_common::types::chainstate::{
     BlockHeaderHash, BurnchainHeaderHash, ConsensusHash, SortitionId, StacksPublicKey,
 };
-use stacks_common::util::hash::{Hash160, Sha512Trunc256Sum};
+use stacks_common::util::hash::{hex_bytes, Hash160, Sha512Trunc256Sum};
+use stacks_common::util::serde_serializers::{prefix_hex, prefix_opt_hex, prefix_string_0x};
 use stacks_common::util::HexError;
 use stacks_common::versions::STACKS_NODE_VERSION;
 use tiny_http::{
@@ -229,6 +229,8 @@ pub enum SignerEvent<T: SignerEventTrait> {
         signer_sighash: Option<Sha512Trunc256Sum>,
         /// The block height for the newly processed stacks block
         block_height: u64,
+        /// The transactions included in the block
+        transactions: Vec<StacksTransaction>,
     },
 }
 
@@ -613,6 +615,45 @@ impl<T: SignerEventTrait> TryFrom<BurnBlockEvent> for SignerEvent<T> {
     }
 }
 
+/// A subset of `TransactionEventPayload`, received from the event
+/// dispatcher.
+#[derive(Clone, Debug, PartialEq, Serialize, Deserialize)]
+pub struct NewBlockTransaction {
+    /// The raw transaction bytes. If this is a burn operation,
+    /// this will be "00".
+    #[serde(with = "prefix_string_0x")]
+    raw_tx: String,
+}
+
+impl NewBlockTransaction {
+    pub fn get_stacks_transaction(&self) -> Result<Option<StacksTransaction>, CodecError> {
+        if self.raw_tx == "00" {
+            Ok(None)
+        } else {
+            let tx_bytes = hex_bytes(&self.raw_tx).map_err(|e| {
+                CodecError::DeserializeError(format!("Failed to deserialize raw tx: {}", e))
+            })?;
+            let tx = StacksTransaction::consensus_deserialize(&mut &tx_bytes[..])?;
+            Ok(Some(tx))
+        }
+    }
+}
+
+/// "Special" deserializer to turn `{ tx_raw: "0x..." }` into `StacksTransaction`.
+fn deserialize_raw_tx_hex<'de, D: serde::Deserializer<'de>>(
+    d: D,
+) -> Result<Vec<StacksTransaction>, D::Error> {
+    let tx_objs: Vec<NewBlockTransaction> = serde::Deserialize::deserialize(d)?;
+    Ok(tx_objs
+        .iter()
+        .map(|tx| tx.get_stacks_transaction())
+        .collect::<Result<Vec<_>, _>>()
+        .map_err(serde::de::Error::custom)?
+        .into_iter()
+        .flatten()
+        .collect::<Vec<_>>())
+}
+
 #[derive(Debug, Deserialize)]
 struct BlockEvent {
     #[serde(with = "prefix_hex")]
@@ -625,6 +666,8 @@ struct BlockEvent {
     #[serde(with = "prefix_hex")]
     block_hash: BlockHeaderHash,
     block_height: u64,
+    #[serde(deserialize_with = "deserialize_raw_tx_hex")]
+    transactions: Vec<StacksTransaction>,
 }
 
 impl<T: SignerEventTrait> TryFrom<BlockEvent> for SignerEvent<T> {
@@ -636,6 +679,7 @@ impl<T: SignerEventTrait> TryFrom<BlockEvent> for SignerEvent<T> {
             block_id: block_event.index_block_hash,
             consensus_hash: block_event.consensus_hash,
             block_height: block_event.block_height,
+            transactions: block_event.transactions,
         })
     }
 }
diff --git a/libsigner/src/v0/signer_state.rs b/libsigner/src/v0/signer_state.rs
@@ -182,6 +182,13 @@ impl GlobalStateEvaluator {
     pub fn reached_agreement(&self, vote_weight: u32) -> bool {
         vote_weight >= self.total_weight * 7 / 10
     }
+
+    /// Get the global transaction replay set. Returns `None` if there
+    /// is no global state.
+    pub fn get_global_tx_replay_set(&mut self) -> Option<ReplayTransactionSet> {
+        let global_state = self.determine_global_state()?;
+        Some(global_state.tx_replay_set)
+    }
 }
 
 /// A "wrapper" struct around Vec<StacksTransaction> that behaves like
diff --git a/stacks-signer/src/v0/signer.rs b/stacks-signer/src/v0/signer.rs
@@ -525,6 +525,7 @@ impl Signer {
                 block_id,
                 consensus_hash,
                 signer_sighash,
+                transactions,
             } => {
                 let Some(signer_sighash) = signer_sighash else {
                     debug!("{self}: received a new block event for a pre-nakamoto block, no processing necessary");
@@ -536,10 +537,11 @@ impl Signer {
                     "block_id" => %block_id,
                     "signer_signature_hash" => %signer_sighash,
                     "consensus_hash" => %consensus_hash,
-                    "block_height" => block_height
+                    "block_height" => block_height,
+                    "total_txs" => transactions.len()
                 );
                 self.local_state_machine
-                    .stacks_block_arrival(consensus_hash, *block_height, block_id, signer_sighash, &self.signer_db)
+                    .stacks_block_arrival(consensus_hash, *block_height, block_id, signer_sighash, &self.signer_db, transactions)
                     .unwrap_or_else(|e| error!("{self}: failed to update local state machine for latest stacks block arrival"; "err" => ?e));
 
                 if let Ok(Some(mut block_info)) = self
@@ -1615,7 +1617,10 @@ impl Signer {
             if is_block_found || !self.validate_with_replay_tx {
                 None
             } else {
-                self.local_state_machine.get_tx_replay_set()
+                self.global_state_evaluator
+                    .get_global_tx_replay_set()
+                    .unwrap_or_default()
+                    .into_optional()
             },
         ) {
             Ok(_) => {
diff --git a/stacks-signer/src/v0/signer_state.rs b/stacks-signer/src/v0/signer_state.rs
@@ -14,13 +14,19 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 use std::collections::HashMap;
+#[cfg(any(test, feature = "testing"))]
+use std::sync::LazyLock;
 use std::time::{Duration, UNIX_EPOCH};
 
 use blockstack_lib::chainstate::burn::ConsensusHashExtensions;
 use blockstack_lib::chainstate::nakamoto::{NakamotoBlock, NakamotoBlockHeader};
-use blockstack_lib::chainstate::stacks::{StacksTransaction, TransactionPayload};
+use blockstack_lib::chainstate::stacks::{
+    StacksTransaction, TenureChangeCause, TenureChangePayload, TransactionPayload,
+};
 use blockstack_lib::net::api::postblock_proposal::NakamotoBlockProposal;
 use clarity::types::chainstate::StacksAddress;
+#[cfg(any(test, feature = "testing"))]
+use clarity::util::tests::TestFlag;
 use libsigner::v0::messages::{
     MessageSlotID, SignerMessage, StateMachineUpdate as StateMachineUpdateMessage,
     StateMachineUpdateContent, StateMachineUpdateMinerState,
@@ -34,6 +40,8 @@ use stacks_common::codec::Error as CodecError;
 use stacks_common::types::chainstate::{ConsensusHash, StacksBlockId, TrieHash};
 use stacks_common::util::hash::Sha512Trunc256Sum;
 use stacks_common::util::secp256k1::MessageSignature;
+#[cfg(any(test, feature = "testing"))]
+use stacks_common::util::secp256k1::Secp256k1PublicKey;
 use stacks_common::{debug, info, warn};
 
 use crate::chainstate::{
@@ -45,6 +53,11 @@ use crate::signerdb::SignerDb;
 /// This is the latest supported protocol version for this signer binary
 pub static SUPPORTED_SIGNER_PROTOCOL_VERSION: u64 = 1;
 
+/// Vec of pubkeys that should ignore checking for a bitcoin fork
+#[cfg(any(test, feature = "testing"))]
+pub static TEST_IGNORE_BITCOIN_FORK_PUBKEYS: LazyLock<TestFlag<Vec<Secp256k1PublicKey>>> =
+    LazyLock::new(TestFlag::default);
+
 /// The local signer state machine
 #[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
 pub enum LocalStateMachine {
@@ -346,6 +359,7 @@ impl LocalStateMachine {
         block_id: &StacksBlockId,
         signer_signature_hash: &Sha512Trunc256Sum,
         db: &SignerDb,
+        txs: &Vec<StacksTransaction>,
     ) -> Result<(), SignerChainstateError> {
         // set self to uninitialized so that if this function errors,
         //  self is left as uninitialized.
@@ -383,7 +397,25 @@ impl LocalStateMachine {
                     );
                     prior_state_machine.tx_replay_set = ReplayTransactionSet::none();
                 }
-                Ok(false) => {}
+                Ok(false) => {
+                    info!("Signer state: got a new block during replay that wasn't validated by our replay set.";
+                        "txs" => ?txs,
+                    );
+                    // If any of the transactions aren't TenureChange/Coinbase, we should
+                    // capitulate and clear the tx replay set.
+                    if txs.iter().any(|tx| {
+                        !matches!(
+                            tx.payload,
+                            TransactionPayload::TenureChange(TenureChangePayload {
+                                cause: TenureChangeCause::BlockFound,
+                                ..
+                            }) | TransactionPayload::Coinbase(..)
+                        )
+                    }) {
+                        info!("Signer state: clearing the tx replay set due to unrecognized transactions");
+                        prior_state_machine.tx_replay_set = ReplayTransactionSet::none();
+                    }
+                }
                 Err(e) => {
                     warn!("Failed to check if block was validated by replay tx";
                         "err" => ?e,
@@ -861,6 +893,17 @@ impl LocalStateMachine {
             "prior_state_machine.burn_block_height" => prior_state_machine.burn_block_height,
             "prior_state_machine.burn_block" => %prior_state_machine.burn_block,
         );
+        #[cfg(any(test, feature = "testing"))]
+        {
+            let ignore_bitcoin_fork = TEST_IGNORE_BITCOIN_FORK_PUBKEYS
+                .get()
+                .iter()
+                .any(|pubkey| &StacksAddress::p2pkh(false, pubkey) == client.get_signer_address());
+            if ignore_bitcoin_fork {
+                warn!("Ignoring bitcoin fork due to test flag");
+                return Ok(None);
+            }
+        }
         // Determine the tenures that were forked
         let mut parent_burn_block_info =
             db.get_burn_block_by_ch(&prior_state_machine.burn_block)?;
diff --git a/testnet/stacks-node/src/tests/signer/v0.rs b/testnet/stacks-node/src/tests/signer/v0.rs

Original file line number	Diff line number	Diff line change
`@@ -182,6 +182,13 @@ impl GlobalStateEvaluator {`
`182`	`182`	`pub fn reached_agreement(&self, vote_weight: u32) -> bool {`
`183`	`183`	`vote_weight >= self.total_weight * 7 / 10`
`184`	`184`	`}`
	`185`	`+`
	`186`	+ /// Get the global transaction replay set. Returns `None` if there
	`187`	`+ /// is no global state.`
	`188`	`+ pub fn get_global_tx_replay_set(&mut self) -> Option<ReplayTransactionSet> {`
	`189`	`+ let global_state = self.determine_global_state()?;`
	`190`	`+ Some(global_state.tx_replay_set)`
	`191`	`+ }`
`185`	`192`	`}`
`186`	`193`
`187`	`194`	`/// A "wrapper" struct around Vec<StacksTransaction> that behaves like`