Follow up commit removes feature gate code separating durable nonce from
blockhash domain. This commit allows to encapsulate any logic
distinguishing legacy vs current nonce versions in the nonce module
after removing the feature gate.
This partially reverts commit 47e62add5b.
Adding back the feature-id so that the master branch can successfully
run ledger-tool across epoch-boundary which enabled the feature.
Note that #25963 backport did not remove the feature-id.
* Adds methods based on instruction_account_index to InstructionContext.
Removes methods which are based on index_in_instruction.
* Adjusts program-runtime.
* Adjusts runtime.
* Adjusts bpf loader.
* Adjusts built-in programs.
* Adjusts program-test and bpf tests.
* [vote_authorize_with_seed] Add `VoteInstruction::AuthorizeWithSeed`
* [vote_authorize_with_seed] You can now update a vote account's authority if it's a derived key for which you control the base key
* [vote_authorize_with_seed] Add test helper to create a vote account whose authorities are derived keys
* [vote_authorize_with_seed] Write tests to assert the behavior of `VoteInstruction::AuthorizeWithSeed`
* [vote_authorize_with_seed] Feature gate the `VoteInstruction::AuthorizeWithSeed` processor
* [vote_authorize_with_seed] Add `VoteInstruction::AuthorizeWithSeed` to transaction status parser
* [vote_authorize_with_seed] Add `VoteInstruction::AuthorizeWithSeed` to docs
* [vote_authorize_with_seed] Add `VoteInstruction::AuthorizeCheckedWithSeed`
* [vote_authorize_with_seed] You can now update a vote account's authority (while checking that the new authority has signed) if it's a derived
key for which you control the base key
* [vote_authorize_with_seed] Add `VoteInstruction::AuthorizeCheckedWithSeed` to transaction status parser
* [vote_authorize_with_seed] Write tests to assert the behavior of `VoteInstruction::AuthorizeCheckedWithSeed`
https://github.com/solana-labs/solana/pull/25788
permanently disables durable transactions with legacy nonce versions
which are within chain blockhash domain.
This commit adds a new system instruction for a one-time idempotent
upgrade of legacy nonce accounts in order to bump them out of chain
blockhash domain.
https://github.com/solana-labs/solana/pull/25744
separated durable nonce and blockhash domains, which will stop double
execution going forward. However it is possible that a durable
transaction has *already* been executed once as a normal transaction and
it is now a valid durable transaction. #25744 cannot stop such
transactions to be re-executed until the nonce accounts are advanced.
This commit adds a new nonce version indicating that the nonce is moved
out of the blockhash domain, and permanently disables durable
transactions for legacy nonces which are in the blockhash domain.
Usernames and other environment specific information can be revealed
in on-chain program binary files that compiler generates, because it
includes paths to source files as strings in the binary files. The
added option instructs the compiler to strip the path parts up to
and including crate root subdirectory from the path strings added to
the generated binary files.
* Award one credit per dequeued vote when processing VoteStateUpdate instruction,
to match vote rewards of Vote instruction.
* Update feature pubkey to one owned by cc (ashwin)
Co-authored-by: Ashwin Sekar <ashwin@solana.com>
Previous commit separates durable nonce and blockhash domains with a
feature gate. A 2nd feature added in this commit enables durable nonce
at least one epoch after the 1st feature.
By the time 2nd feature is activated, some nonce accounts will have an
old blockhash, but no nonce account can have a recent blockhash.
As a result no transaction (durable or normal) can be executed twice.
AdvanceNonceAccount instruction updates nonce to blockhash. This makes it
possible that a durable transaction is executed twice both as a normal
transaction and a nonce transaction if it uses blockhash (as opposed to nonce)
for its recent_blockhash field.
The commit prevents this double execution by separating nonce and blockhash
domains; when advancing nonce account, blockhash is hashed with a fixed string.
As a result a blockhash cannot be a valid nonce value; and if transaction was
once executed as a normal transaction it cannot be re-executed as a durable
transaction again and vice-versa.
Packets are at the boundary of the system where, vast majority of the
time, they are received from an untrusted source. Raw indexing into the
data buffer can open attack vectors if the offsets are invalid.
Validating offsets beforehand is verbose and error prone.
The commit updates Packet::data() api to take a SliceIndex and always to
return an Option. The call-sites are so forced to explicitly handle the
case where the offsets are invalid.
Move all syscall declarations under solana_program::syscalls. If the target
supports static syscalls (sbfv2), then actually define them statically to avoid
dynamic relocations.
Indices for code and data shreds of the same slot overlap; and so they
will have the same random number generator seed when shuffling cluster
nodes for turbine broadcast.
This results in the same propagation path for code and data shreds of
the same index and effectively smaller sample size for re-transmitter
nodes. For example a 32:32 batch (32 code + 32 data shreds), is
retransmitted through _at most_ 32 unique nodes, whereas ideally we want
~64 unique re-transmitters.
This commit adds shred-type to seed function so that code and data
sherds of the same (slot, index) will (most likely) have different
propagation paths.
Bytes past Packet.meta.size are not valid to read from.
The commit makes the buffer field private and instead provides two
methods:
* Packet::data() which returns an immutable reference to the underlying
buffer up to Packet.meta.size. The rest of the buffer is not valid to
read from.
* Packet::buffer_mut() which returns a mutable reference to the entirety
of the underlying buffer to write into. The caller is responsible to
update Packet.meta.size after writing to the buffer.
* Removes the offset InstructionContext::get_number_of_program_accounts() from InstructionAccount::index_in_caller.
* Removes unreachable SyscallError::InvalidLength in orig_data_lens.get().
Ryo Onodera
behzad nouri
Jeff Washington (jwash)
Brooks Prumo
github-actions[bot]
Jack May
Michael Vines
Lijun Wang
Will Hickey
Dmitri Makarov
Alexander Meißner
Steven Luscher
apfitzge
steviez
samkim-crypto
carllin
Justin Starry
bji
Ashwin Sekar
HaoranYi
Tyera Eulberg
Brian Anderson
Alessandro Decina
dependabot[bot]