feat: ETH compatibility in Filecoin : Support Homestead and EIP-155 Ethereum transactions("legacy" transactions) in Filecoin #11969
Conversation
Co-authored-by: Rod Vagg <rod@vagg.org>
…ctions in Filecoin (#11970) * itests passing for 155 tx * first working version for EIP-155 transactions * green itest * add docs * tests * remove print stmt * remove print stmt * validate signature * changes as per zen's review * correct signature verification
There was a problem hiding this comment.
Some notes:
- The new logic for the two types of Homestead transactions seems correct, assuming the FIP is correctly specified. I'll stare at it more in second review, but everything seems to do what it should.
- I'm not too strongly in favour of this change, it's adding a lot more edgecase-handling to what is already one of the gnarliest parts of the Filecoin protocol. I see the strong support for it in the FIP discussion, and this is about as lightweight an approach as can be expected for this change, so I'm happy to disagree-and-commit. But I do think this is a step in the wrong direction.
- In particular, I don't think we should lean into an attitude of "well, it's just in the client, so it's okay". It's still very much sharp edges in the protocol, and the fact that it's in the client only means that it needs to be (potentially incorrectly / incompatibly) re-implemented by Forest and Venus too.
- Directly related to the previous point, I unfortunately don't think this PR is safe to land as-is, because I strongly suspect it unintentionally breaks existing behaviour in subtle ways. In general, it seems like this PR will tighten conditions on Eth1559 transactions. I don't think there's anything wrong with the changes, but they'll still break consensus on nv22 (so, if anything, we'll have to put them behind a network version check).
- As an example (the only one I can see so far, though there might be more), I'm pretty sure we can have messages with ID addresses as the sender carrying a Delegated signature today. I think that behaviour will change with this PR (it'll become invalid).
When you say this are you referring to the FIP change itself?
Can you explain this more. My understanding is that EIP1559 Txs won't have any behavior changes at all with this change. How does this PR/FIP impact ID address sender of EIP1559 Tx? |
|
So tested this with CB Wallet on devnet after implementing Network Version Gating and looks good now. Transactions fail for NV22(when devnet epoch < NV23 epoch) but work for NV23(when devnet epoch >= NV23 epoch) ! 
|
Yes.
EIP-1559 Txs shouldn't have any behaviour changes with this FIP. I'm concerned that this PR will cause some changes (example above) due to the refactor, which is consensus-breaking. |
The objection isn't that 3 implementations have to ship the change, the objection is that this is further messing up what is already a pretty janky part of the Filecoin protocol.
Because of the refactor. You're now calling |
The same behaviour is also enforced in master for EIP-1559 transactions. There is no behaviour change for EIP-1559 txns in this PR. |
|
@Stebalien Pls can you approve this if lgty ? |
Please read the code and my message more carefully. We are calling With this refactor, we will start asserting that the sender of EIP-1559 transactions is an f4 address. If I'm right about all of this, that would be a consensus break. I may not be right, but we need to be sure of that, and this PR cannot land until we are. |
|
Oh hey @arajasek I see what you mean. We do NOT in fact allow EIP-1559 messages where sender is a non-ETH(f4) address and fail these transactions during signature verification. See: lotus/lib/sigs/delegated/init.go Line 65 in 1879570 Basically, the sender of a delegated signature type MUST be an f4 address for the signature verification to succeed. |
@aarshkshah1992 Thanks for digging further! I’m not quite convinced yet -- the line you linked to extracts the address from the signature carried by the message (which can obviously never be an ID address). But what happens if the sender field of a message is an ID address? That case will definitely not be supported (invalid message) after this refactor, because of the additional checks in |
|
Oh hey @arajasek
|
I assume you mean has to be a delegated (f4) address here?
Is the sender of the message being passed? I see the signer being passed as an argument here, but going up one more level it looks like that has already been resolved to a deterministic address. AFAIC tell this confirms my concern? |
|
To break this down:
If the answer to either question is (I think the answers are Yes and No respectively, which would be a problem if true, but that's what needs to be confirmed). |
|
|
Thanks a lot for looking into this in detail! I'll give it a second review today, but it should be good to go. |
|
The network-version checks look correct to me. I would, however, recommend making them a bit more generic (can also happen in a followup so we can get this merged). Basically, combine the |
Related Issues
For #11859
Proposed Changes
FIP discussion at filecoin-project/FIPs#962.
FIP proposal at filecoin-project/FIPs#995
Implement Ethereum Homestead transactions and EIP-155 transactions(both are referred to as "legacy" transactions) in Filecoin.
Additional Info
Checklist
Before you mark the PR ready for review, please make sure that:
<PR type>: <area>: <change being made>fix: mempool: Introduce a cache for valid signaturesPR type: fix, feat, build, chore, ci, docs, perf, refactor, revert, style, testarea, e.g. api, chain, state, market, mempool, multisig, networking, paych, proving, sealing, wallet, deps