// Copyright 2014 The go-ethereum Authors // This file is part of the go-ethereum library. // // The go-ethereum library is free software: you can redistribute it and/or modify // it under the terms of the GNU Lesser General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // // The go-ethereum library is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU Lesser General Public License for more details. // // You should have received a copy of the GNU Lesser General Public License // along with the go-ethereum library. If not, see . // Package core implements the Ethereum consensus protocol. package core import ( "bytes" "errors" "fmt" "io" "math/big" "runtime" "slices" "sort" "strings" "sync" "sync/atomic" "time" "github.com/ethereum/go-ethereum/common" "github.com/ethereum/go-ethereum/common/lru" "github.com/ethereum/go-ethereum/common/mclock" "github.com/ethereum/go-ethereum/common/prque" "github.com/ethereum/go-ethereum/consensus" "github.com/ethereum/go-ethereum/consensus/misc/eip4844" "github.com/ethereum/go-ethereum/core/history" "github.com/ethereum/go-ethereum/core/rawdb" "github.com/ethereum/go-ethereum/core/state" "github.com/ethereum/go-ethereum/core/state/snapshot" "github.com/ethereum/go-ethereum/core/stateless" "github.com/ethereum/go-ethereum/core/tracing" "github.com/ethereum/go-ethereum/core/types" "github.com/ethereum/go-ethereum/core/vm" "github.com/ethereum/go-ethereum/ethdb" "github.com/ethereum/go-ethereum/event" "github.com/ethereum/go-ethereum/internal/syncx" "github.com/ethereum/go-ethereum/internal/version" "github.com/ethereum/go-ethereum/log" "github.com/ethereum/go-ethereum/metrics" "github.com/ethereum/go-ethereum/params" "github.com/ethereum/go-ethereum/rlp" "github.com/ethereum/go-ethereum/triedb" "github.com/ethereum/go-ethereum/triedb/hashdb" "github.com/ethereum/go-ethereum/triedb/pathdb" ) var ( headBlockGauge = metrics.NewRegisteredGauge("chain/head/block", nil) headHeaderGauge = metrics.NewRegisteredGauge("chain/head/header", nil) headFastBlockGauge = metrics.NewRegisteredGauge("chain/head/receipt", nil) headFinalizedBlockGauge = metrics.NewRegisteredGauge("chain/head/finalized", nil) headSafeBlockGauge = metrics.NewRegisteredGauge("chain/head/safe", nil) chainInfoGauge = metrics.NewRegisteredGaugeInfo("chain/info", nil) chainMgaspsMeter = metrics.NewRegisteredResettingTimer("chain/mgasps", nil) accountReadTimer = metrics.NewRegisteredResettingTimer("chain/account/reads", nil) accountHashTimer = metrics.NewRegisteredResettingTimer("chain/account/hashes", nil) accountUpdateTimer = metrics.NewRegisteredResettingTimer("chain/account/updates", nil) accountCommitTimer = metrics.NewRegisteredResettingTimer("chain/account/commits", nil) storageReadTimer = metrics.NewRegisteredResettingTimer("chain/storage/reads", nil) storageUpdateTimer = metrics.NewRegisteredResettingTimer("chain/storage/updates", nil) storageCommitTimer = metrics.NewRegisteredResettingTimer("chain/storage/commits", nil) codeReadTimer = metrics.NewRegisteredResettingTimer("chain/code/reads", nil) codeReadBytesTimer = metrics.NewRegisteredResettingTimer("chain/code/readbytes", nil) accountCacheHitMeter = metrics.NewRegisteredMeter("chain/account/reads/cache/process/hit", nil) accountCacheMissMeter = metrics.NewRegisteredMeter("chain/account/reads/cache/process/miss", nil) storageCacheHitMeter = metrics.NewRegisteredMeter("chain/storage/reads/cache/process/hit", nil) storageCacheMissMeter = metrics.NewRegisteredMeter("chain/storage/reads/cache/process/miss", nil) accountCacheHitPrefetchMeter = metrics.NewRegisteredMeter("chain/account/reads/cache/prefetch/hit", nil) accountCacheMissPrefetchMeter = metrics.NewRegisteredMeter("chain/account/reads/cache/prefetch/miss", nil) storageCacheHitPrefetchMeter = metrics.NewRegisteredMeter("chain/storage/reads/cache/prefetch/hit", nil) storageCacheMissPrefetchMeter = metrics.NewRegisteredMeter("chain/storage/reads/cache/prefetch/miss", nil) accountReadSingleTimer = metrics.NewRegisteredResettingTimer("chain/account/single/reads", nil) storageReadSingleTimer = metrics.NewRegisteredResettingTimer("chain/storage/single/reads", nil) codeReadSingleTimer = metrics.NewRegisteredResettingTimer("chain/code/single/reads", nil) snapshotCommitTimer = metrics.NewRegisteredResettingTimer("chain/snapshot/commits", nil) triedbCommitTimer = metrics.NewRegisteredResettingTimer("chain/triedb/commits", nil) blockInsertTimer = metrics.NewRegisteredResettingTimer("chain/inserts", nil) blockValidationTimer = metrics.NewRegisteredResettingTimer("chain/validation", nil) blockCrossValidationTimer = metrics.NewRegisteredResettingTimer("chain/crossvalidation", nil) blockExecutionTimer = metrics.NewRegisteredResettingTimer("chain/execution", nil) blockWriteTimer = metrics.NewRegisteredResettingTimer("chain/write", nil) blockReorgMeter = metrics.NewRegisteredMeter("chain/reorg/executes", nil) blockReorgAddMeter = metrics.NewRegisteredMeter("chain/reorg/add", nil) blockReorgDropMeter = metrics.NewRegisteredMeter("chain/reorg/drop", nil) blockPrefetchExecuteTimer = metrics.NewRegisteredResettingTimer("chain/prefetch/executes", nil) blockPrefetchInterruptMeter = metrics.NewRegisteredMeter("chain/prefetch/interrupts", nil) blockPrefetchTxsInvalidMeter = metrics.NewRegisteredMeter("chain/prefetch/txs/invalid", nil) blockPrefetchTxsValidMeter = metrics.NewRegisteredMeter("chain/prefetch/txs/valid", nil) errInsertionInterrupted = errors.New("insertion is interrupted") errChainStopped = errors.New("blockchain is stopped") errInvalidOldChain = errors.New("invalid old chain") errInvalidNewChain = errors.New("invalid new chain") ) var ( forkReadyInterval = 3 * time.Minute ) const ( bodyCacheLimit = 256 blockCacheLimit = 256 receiptsCacheLimit = 32 txLookupCacheLimit = 1024 // BlockChainVersion ensures that an incompatible database forces a resync from scratch. // // Changelog: // // - Version 4 // The following incompatible database changes were added: // * the `BlockNumber`, `TxHash`, `TxIndex`, `BlockHash` and `Index` fields of log are deleted // * the `Bloom` field of receipt is deleted // * the `BlockIndex` and `TxIndex` fields of txlookup are deleted // // - Version 5 // The following incompatible database changes were added: // * the `TxHash`, `GasCost`, and `ContractAddress` fields are no longer stored for a receipt // * the `TxHash`, `GasCost`, and `ContractAddress` fields are computed by looking up the // receipts' corresponding block // // - Version 6 // The following incompatible database changes were added: // * Transaction lookup information stores the corresponding block number instead of block hash // // - Version 7 // The following incompatible database changes were added: // * Use freezer as the ancient database to maintain all ancient data // // - Version 8 // The following incompatible database changes were added: // * New scheme for contract code in order to separate the codes and trie nodes // // - Version 9 // The following incompatible database changes were added: // * Total difficulty has been removed from both the key-value store and the ancient store. // * The metadata structure of freezer is changed by adding 'flushOffset' BlockChainVersion uint64 = 9 ) // BlockChainConfig contains the configuration of the BlockChain object. type BlockChainConfig struct { // Trie database related options TrieCleanLimit int // Memory allowance (MB) to use for caching trie nodes in memory TrieDirtyLimit int // Memory limit (MB) at which to start flushing dirty trie nodes to disk TrieTimeLimit time.Duration // Time limit after which to flush the current in-memory trie to disk TrieNoAsyncFlush bool // Whether the asynchronous buffer flushing is disallowed TrieJournalDirectory string // Directory path to the journal used for persisting trie data across node restarts Preimages bool // Whether to store preimage of trie key to the disk StateScheme string // Scheme used to store ethereum states and merkle tree nodes on top ArchiveMode bool // Whether to enable the archive mode // Number of blocks from the chain head for which state histories are retained. // If set to 0, all state histories across the entire chain will be retained; StateHistory uint64 // Number of blocks from the chain head for which trienode histories are retained. // If set to 0, all trienode histories across the entire chain will be retained; // If set to -1, no trienode history will be retained; TrienodeHistory int64 // The frequency of full-value encoding. For example, a value of 16 means // that, on average, for a given trie node across its 16 consecutive historical // versions, only one version is stored in full format, while the others // are stored in diff mode for storage compression. NodeFullValueCheckpoint uint32 // State snapshot related options SnapshotLimit int // Memory allowance (MB) to use for caching snapshot entries in memory SnapshotNoBuild bool // Whether the background generation is allowed SnapshotWait bool // Wait for snapshot construction on startup. TODO(karalabe): This is a dirty hack for testing, nuke it // This defines the cutoff block for history expiry. // Blocks before this number may be unavailable in the chain database. ChainHistoryMode history.HistoryMode // Misc options NoPrefetch bool // Whether to disable heuristic state prefetching when processing blocks Overrides *ChainOverrides // Optional chain config overrides VmConfig vm.Config // Config options for the EVM Interpreter // TxLookupLimit specifies the maximum number of blocks from head for which // transaction hashes will be indexed. // // If the value is zero, all transactions of the entire chain will be indexed. // If the value is -1, indexing is disabled. TxLookupLimit int64 // SyncFromBlock is the block number from which syncing starts (0 = genesis). // Used by the tx indexer to avoid indexing blocks that won't have bodies // when checkpoint sync is used. SyncFromBlock uint64 // StateSizeTracking indicates whether the state size tracking is enabled. StateSizeTracking bool // SlowBlockThreshold is the block execution time threshold beyond which // detailed statistics will be logged. Negative value means disabled (default), // zero logs all blocks, positive value filters blocks by execution time. SlowBlockThreshold time.Duration } // DefaultConfig returns the default config. // Note the returned object is safe to modify! func DefaultConfig() *BlockChainConfig { return &BlockChainConfig{ TrieCleanLimit: 256, TrieDirtyLimit: 256, TrieTimeLimit: 5 * time.Minute, StateScheme: rawdb.HashScheme, SnapshotLimit: 256, SnapshotWait: true, ChainHistoryMode: history.KeepAll, // Transaction indexing is disabled by default. // This is appropriate for most unit tests. TxLookupLimit: -1, } } // WithArchive enables/disables archive mode on the config. func (cfg BlockChainConfig) WithArchive(on bool) *BlockChainConfig { cfg.ArchiveMode = on return &cfg } // WithStateScheme sets the state storage scheme on the config. func (cfg BlockChainConfig) WithStateScheme(scheme string) *BlockChainConfig { cfg.StateScheme = scheme return &cfg } // WithNoAsyncFlush enables/disables asynchronous buffer flushing mode on the config. func (cfg BlockChainConfig) WithNoAsyncFlush(on bool) *BlockChainConfig { cfg.TrieNoAsyncFlush = on return &cfg } // triedbConfig derives the configures for trie database. func (cfg *BlockChainConfig) triedbConfig(isVerkle bool) *triedb.Config { config := &triedb.Config{ Preimages: cfg.Preimages, IsVerkle: isVerkle, } if cfg.StateScheme == rawdb.HashScheme { config.HashDB = &hashdb.Config{ CleanCacheSize: cfg.TrieCleanLimit * 1024 * 1024, } } if cfg.StateScheme == rawdb.PathScheme { config.PathDB = &pathdb.Config{ TrieCleanSize: cfg.TrieCleanLimit * 1024 * 1024, StateCleanSize: cfg.SnapshotLimit * 1024 * 1024, // TODO(rjl493456442): The write buffer represents the memory limit used // for flushing both trie data and state data to disk. The config name // should be updated to eliminate the confusion. WriteBufferSize: cfg.TrieDirtyLimit * 1024 * 1024, JournalDirectory: cfg.TrieJournalDirectory, // Historical state configurations StateHistory: cfg.StateHistory, TrienodeHistory: cfg.TrienodeHistory, EnableStateIndexing: cfg.ArchiveMode, FullValueCheckpoint: cfg.NodeFullValueCheckpoint, // Testing configurations NoAsyncFlush: cfg.TrieNoAsyncFlush, } } return config } // txLookup is wrapper over transaction lookup along with the corresponding // transaction object. type txLookup struct { lookup *rawdb.LegacyTxLookupEntry transaction *types.Transaction } // BlockChain represents the canonical chain given a database with a genesis // block. The Blockchain manages chain imports, reverts, chain reorganisations. // // Importing blocks in to the block chain happens according to the set of rules // defined by the two stage Validator. Processing of blocks is done using the // Processor which processes the included transaction. The validation of the state // is done in the second part of the Validator. Failing results in aborting of // the import. // // The BlockChain also helps in returning blocks from **any** chain included // in the database as well as blocks that represents the canonical chain. It's // important to note that GetBlock can return any block and does not need to be // included in the canonical one where as GetBlockByNumber always represents the // canonical chain. type BlockChain struct { chainConfig *params.ChainConfig // Chain & network configuration cfg *BlockChainConfig // Blockchain configuration db ethdb.Database // Low level persistent database to store final content in snaps *snapshot.Tree // Snapshot tree for fast trie leaf access triegc *prque.Prque[int64, common.Hash] // Priority queue mapping block numbers to tries to gc gcproc time.Duration // Accumulates canonical block processing for trie dumping lastWrite uint64 // Last block when the state was flushed flushInterval atomic.Int64 // Time interval (processing time) after which to flush a state triedb *triedb.Database // The database handler for maintaining trie nodes. statedb *state.CachingDB // State database to reuse between imports (contains state cache) txIndexer *txIndexer // Transaction indexer, might be nil if not enabled hc *HeaderChain rmLogsFeed event.Feed chainFeed event.Feed chainHeadFeed event.Feed logsFeed event.Feed blockProcFeed event.Feed newPayloadFeed event.Feed // Feed for engine API newPayload events blockProcCounter int32 scope event.SubscriptionScope genesisBlock *types.Block // This mutex synchronizes chain write operations. // Readers don't need to take it, they can just read the database. chainmu *syncx.ClosableMutex currentBlock atomic.Pointer[types.Header] // Current head of the chain currentSnapBlock atomic.Pointer[types.Header] // Current head of snap-sync currentFinalBlock atomic.Pointer[types.Header] // Latest (consensus) finalized block currentSafeBlock atomic.Pointer[types.Header] // Latest (consensus) safe block historyPrunePoint atomic.Pointer[history.PrunePoint] bodyCache *lru.Cache[common.Hash, *types.Body] bodyRLPCache *lru.Cache[common.Hash, rlp.RawValue] receiptsCache *lru.Cache[common.Hash, []*types.Receipt] // Receipts cache with all fields derived blockCache *lru.Cache[common.Hash, *types.Block] txLookupLock sync.RWMutex txLookupCache *lru.Cache[common.Hash, txLookup] stopping atomic.Bool // false if chain is running, true when stopped procInterrupt atomic.Bool // interrupt signaler for block processing engine consensus.Engine validator Validator // Block and state validator interface prefetcher Prefetcher processor Processor // Block transaction processor interface logger *tracing.Hooks stateSizer *state.SizeTracker // State size tracking lastForkReadyAlert time.Time // Last time there was a fork readiness print out slowBlockThreshold time.Duration // Block execution time threshold beyond which detailed statistics will be logged // XDC: Checkpoint sync mode — when true, state validation is skipped for // blocks near the checkpoint because the pre-state was not downloaded. // State is built incrementally as blocks are processed. checkpointSyncNoState atomic.Bool } // NewBlockChain returns a fully initialised block chain using information // available in the database. It initialises the default Ethereum Validator // and Processor. func NewBlockChain(db ethdb.Database, genesis *Genesis, engine consensus.Engine, cfg *BlockChainConfig) (*BlockChain, error) { if cfg == nil { cfg = DefaultConfig() } // Open trie database with provided config enableVerkle, err := EnableVerkleAtGenesis(db, genesis) if err != nil { return nil, err } triedb := triedb.NewDatabase(db, cfg.triedbConfig(enableVerkle)) // Write the supplied genesis to the database if it has not been initialized // yet. The corresponding chain config will be returned, either from the // provided genesis or from the locally stored configuration if the genesis // has already been initialized. chainConfig, genesisHash, compatErr, err := SetupGenesisBlockWithOverride(db, triedb, genesis, cfg.Overrides, cfg.VmConfig.Tracer) if err != nil { return nil, err } log.Info("") log.Info(strings.Repeat("-", 153)) for _, line := range strings.Split(chainConfig.Description(), "\n") { log.Info(line) } log.Info(strings.Repeat("-", 153)) log.Info("") bc := &BlockChain{ chainConfig: chainConfig, cfg: cfg, db: db, triedb: triedb, triegc: prque.New[int64, common.Hash](nil), chainmu: syncx.NewClosableMutex(), bodyCache: lru.NewCache[common.Hash, *types.Body](bodyCacheLimit), bodyRLPCache: lru.NewCache[common.Hash, rlp.RawValue](bodyCacheLimit), receiptsCache: lru.NewCache[common.Hash, []*types.Receipt](receiptsCacheLimit), blockCache: lru.NewCache[common.Hash, *types.Block](blockCacheLimit), txLookupCache: lru.NewCache[common.Hash, txLookup](txLookupCacheLimit), engine: engine, logger: cfg.VmConfig.Tracer, slowBlockThreshold: cfg.SlowBlockThreshold, } bc.hc, err = NewHeaderChain(db, chainConfig, engine, bc.insertStopped) if err != nil { return nil, err } bc.flushInterval.Store(int64(cfg.TrieTimeLimit)) bc.statedb = state.NewDatabase(bc.triedb, nil) // Initialize XDC state root cache with database access for disk persistence initXdcCache(db) bc.validator = NewBlockValidator(chainConfig, bc) bc.prefetcher = newStatePrefetcher(chainConfig, bc.hc) bc.processor = NewStateProcessor(bc.hc) genesisHeader := bc.GetHeaderByNumber(0) if genesisHeader == nil { return nil, ErrNoGenesis } bc.genesisBlock = types.NewBlockWithHeader(genesisHeader) bc.currentBlock.Store(nil) bc.currentSnapBlock.Store(nil) bc.currentFinalBlock.Store(nil) bc.currentSafeBlock.Store(nil) // Update chain info data metrics chainInfoGauge.Update(metrics.GaugeInfoValue{"chain_id": bc.chainConfig.ChainID.String()}) // If Geth is initialized with an external ancient store, re-initialize the // missing chain indexes and chain flags. This procedure can survive crash // and can be resumed in next restart since chain flags are updated in last step. if bc.empty() { rawdb.InitDatabaseFromFreezer(bc.db) } // Fix #61: For XDC chains using PBSS, clear any stale StateSyncRunning flag. // XDC uses pre-merge sync (not beacon-chain snap-sync), so a stale // StateSyncRunning flag would cause the pathdb to be disabled on startup, // preventing any state writes. Clear it if the chain already has blocks. if bc.chainConfig.XDPoS != nil && bc.cfg.StateScheme == rawdb.PathScheme { if flag := rawdb.ReadSnapSyncStatusFlag(bc.db); flag == rawdb.StateSyncRunning { // Only clear if we have a non-empty chain (snap-sync was started but never finished) if head := rawdb.ReadHeadBlockHash(bc.db); head != (common.Hash{}) { log.Info("XDC: Clearing stale StateSyncRunning flag for PBSS (XDC uses pre-merge sync)") rawdb.WriteSnapSyncStatusFlag(bc.db, rawdb.StateSyncFinished) } } } // Load blockchain states from disk if err := bc.loadLastState(); err != nil { return nil, err } // Make sure the state associated with the block is available, or log out // if there is no available state, waiting for state sync. head := bc.CurrentBlock() // XDC: For XDC chains, also check if we have a cached local root for this block. // GP5 stores state under a different root than what the header says (due to uint256/BigBalance // differences with v2.6.8). On restart, HasState might fail if the trie was committed under // GP5's local root but the header has v2.6.8's root. We resolve this by explicitly checking // the cached root and opening the trie under it. xdcHeadStateOk := false if bc.chainConfig.ChainID != nil { chainID := bc.chainConfig.ChainID.Uint64() if chainID == 50 || chainID == 51 { // Try two lookup methods: // 1. By block number (in-memory only, lost on restart) // 2. By remote root → local root mapping (persisted to disk) if cachedRoot, ok := XdcGetCachedStateRoot(head.Number.Uint64()); ok { if _, err := bc.statedb.OpenTrie(cachedRoot); err == nil { xdcHeadStateOk = true log.Info("XDC: Head state found via block number cache", "block", head.Number, "headerRoot", head.Root, "cachedRoot", cachedRoot) } } if !xdcHeadStateOk { if cachedRoot, ok := XdcFindCachedRootForRemote(head.Root); ok { if _, err := bc.statedb.OpenTrie(cachedRoot); err == nil { xdcHeadStateOk = true log.Info("XDC: Head state found via remote→local disk cache", "block", head.Number, "headerRoot", head.Root, "cachedRoot", cachedRoot) } else { log.Warn("XDC: Cached root exists but trie not found", "block", head.Number, "cachedRoot", cachedRoot, "err", err) } } else { log.Warn("XDC: No cached root for head block on disk", "block", head.Number, "headerRoot", head.Root) } } // If still no cached root, for PBSS try the disk layer root directly first // (avoids unnecessary 10K-block backward scan on every startup) if !xdcHeadStateOk && bc.cfg.StateScheme == rawdb.PathScheme && head.Number.Uint64() > 0 { diskRoot := bc.triedb.DiskLayerRoot() if diskRoot != (common.Hash{}) && diskRoot != types.EmptyRootHash { if _, err := bc.statedb.OpenTrie(diskRoot); err == nil { log.Info("XDC: Found state via PBSS disk layer root (unclean shutdown recovery)", "block", head.Number, "diskRoot", diskRoot, "headerRoot", head.Root) xdcHeadStateOk = true // Register this as a cache entry so future lookups work if err := XdcCacheStateRoot(head.Number.Uint64(), diskRoot, head.Root); err != nil { log.Error("XDC cache: failed to register disk root", "block", head.Number, "err", err) } } else { log.Warn("XDC: PBSS disk layer root not openable", "diskRoot", diskRoot, "err", err) } } } // If still no cached root and not PBSS, use backward scan to find any block with a valid cached state // This prevents full rewind to genesis on restart if !xdcHeadStateOk && head.Number.Uint64() > 0 { if foundBlock, foundRoot, found := XdcFindBestCachedRoot(head.Number.Uint64()); found { // Verify the state is actually available if _, err := bc.statedb.OpenTrie(foundRoot); err == nil { log.Info("XDC: Setting head to block with valid cached state", "block", foundBlock, "root", foundRoot, "scannedBack", head.Number.Uint64()-foundBlock) if _, err := bc.setHeadBeyondRoot(foundBlock, 0, foundRoot, true); err != nil { log.Error("XDC: Failed to set head during backward scan", "block", foundBlock, "err", err) } else { head = bc.CurrentBlock() xdcHeadStateOk = true } } } if !xdcHeadStateOk { log.Warn("XDC: No valid cached state found in backward scan, will attempt standard recovery") } } } } if !xdcHeadStateOk && !bc.HasState(head.Root) { // XDC: For XDC chains with path-based state, the state root computed by GP5 // differs from the header's state root (due to uint256/BigBalance encoding differences // with v2.6.8). The standard rewind logic uses head.Root (v2.6.8 root) which will // always fail HasState(), causing a full rewind to genesis. // // Instead, rewind to the nearest checkpoint (multiple of 900) where state was // guaranteed to be committed. This is safe because: // - Checkpoint blocks always execute txs and commit state // - Non-checkpoint blocks during bulk sync skip state commit // - Maximum rewind is 899 blocks if bc.chainConfig.ChainID != nil && bc.cfg.StateScheme == rawdb.PathScheme { chainID := bc.chainConfig.ChainID.Uint64() if chainID == 50 || chainID == 51 { if head.Number.Uint64() > 0 { checkpointBlock := (head.Number.Uint64() / 900) * 900 if checkpointBlock > 0 { log.Warn("XDC: Head state missing, rewinding to nearest checkpoint", "head", head.Number, "checkpoint", checkpointBlock, "headerRoot", head.Root) diskRoot := bc.triedb.DiskLayerRoot() if _, err := bc.setHeadBeyondRoot(checkpointBlock, 0, diskRoot, true); err != nil { log.Error("XDC: Failed to rewind to checkpoint", "checkpoint", checkpointBlock, "err", err) } else { head = bc.CurrentBlock() xdcHeadStateOk = true log.Info("XDC: Rewound to checkpoint for state recovery", "checkpoint", checkpointBlock, "newHead", head.Number) } } } if !xdcHeadStateOk { log.Warn("XDC: Checkpoint rewind failed or genesis, will attempt standard recovery") } } } if !xdcHeadStateOk { // Standard Ethereum repair logic for non-XDC chains or XDC fallback if head.Number.Uint64() == 0 { // The genesis state is missing, which is only possible in the path-based // scheme. This situation occurs when the initial state sync is not finished // yet, or the chain head is rewound below the pivot point. In both scenarios, // there is no possible recovery approach except for rerunning a snap sync. // Do nothing here until the state syncer picks it up. log.Info("Genesis state is missing, wait state sync") } else { // Head state is missing, before the state recovery, find out the disk // layer point of snapshot(if it's enabled). Make sure the rewound point // is lower than disk layer. // // Note it's unnecessary in path mode which always keep trie data and // state data consistent. var diskRoot common.Hash if bc.cfg.SnapshotLimit > 0 && bc.cfg.StateScheme == rawdb.HashScheme { diskRoot = rawdb.ReadSnapshotRoot(bc.db) } if diskRoot != (common.Hash{}) { log.Warn("Head state missing, repairing", "number", head.Number, "hash", head.Hash(), "snaproot", diskRoot) snapDisk, err := bc.setHeadBeyondRoot(head.Number.Uint64(), 0, diskRoot, true) if err != nil { return nil, err } // Chain rewound, persist old snapshot number to indicate recovery procedure if snapDisk != 0 { rawdb.WriteSnapshotRecoveryNumber(bc.db, snapDisk) } } else { log.Warn("Head state missing, repairing", "number", head.Number, "hash", head.Hash()) diskRoot := bc.triedb.DiskLayerRoot() if _, err := bc.setHeadBeyondRoot(head.Number.Uint64(), 0, diskRoot, true); err != nil { return nil, err } } } } } // Ensure that a previous crash in SetHead doesn't leave extra ancients if frozen, err := bc.db.Ancients(); err == nil && frozen > 0 { var ( needRewind bool low uint64 ) // The head full block may be rolled back to a very low height due to // blockchain repair. If the head full block is even lower than the ancient // chain, truncate the ancient store. fullBlock := bc.CurrentBlock() if fullBlock != nil && fullBlock.Hash() != bc.genesisBlock.Hash() && fullBlock.Number.Uint64() < frozen-1 { needRewind = true low = fullBlock.Number.Uint64() } // In snap sync, it may happen that ancient data has been written to the // ancient store, but the LastFastBlock has not been updated, truncate the // extra data here. snapBlock := bc.CurrentSnapBlock() if snapBlock != nil && snapBlock.Number.Uint64() < frozen-1 { needRewind = true if snapBlock.Number.Uint64() < low || low == 0 { low = snapBlock.Number.Uint64() } } if needRewind { log.Error("Truncating ancient chain", "from", bc.CurrentHeader().Number.Uint64(), "to", low) if err := bc.SetHead(low); err != nil { return nil, err } } } // The first thing the node will do is reconstruct the verification data for // the head block (ethash cache or clique voting snapshot). Might as well do // it in advance. bc.engine.VerifyHeader(bc, bc.CurrentHeader()) if bc.logger != nil && bc.logger.OnBlockchainInit != nil { bc.logger.OnBlockchainInit(chainConfig) } if bc.logger != nil && bc.logger.OnGenesisBlock != nil { if block := bc.CurrentBlock(); block.Number.Uint64() == 0 { alloc, err := getGenesisState(bc.db, block.Hash()) if err != nil { return nil, fmt.Errorf("failed to get genesis state: %w", err) } if alloc == nil { return nil, errors.New("live blockchain tracer requires genesis alloc to be set") } bc.logger.OnGenesisBlock(bc.genesisBlock, alloc) } } bc.setupSnapshot() // Rewind the chain in case of an incompatible config upgrade. if compatErr != nil { log.Warn("Rewinding chain to upgrade configuration", "err", compatErr) if compatErr.RewindToTime > 0 { bc.SetHeadWithTimestamp(compatErr.RewindToTime) } else { bc.SetHead(compatErr.RewindToBlock) } rawdb.WriteChainConfig(db, genesisHash, chainConfig) } // Start tx indexer if it's enabled. if bc.cfg.TxLookupLimit >= 0 { bc.txIndexer = newTxIndexer(uint64(bc.cfg.TxLookupLimit), bc) } // Start state size tracker if bc.cfg.StateSizeTracking { stateSizer, err := state.NewSizeTracker(bc.db, bc.triedb) if err == nil { bc.stateSizer = stateSizer log.Info("Enabled state size metrics") } else { log.Info("Failed to setup size tracker", "err", err) } } // P0 FIX: Reload checkpointSyncNoState from DB on startup. // If checkpoint sync was started without state in a previous run, the flag // was persisted. Restore it so ProcessBlock skips state validation. if rawdb.ReadCheckpointSyncNoState(bc.db) { bc.checkpointSyncNoState.Store(true) log.Info("BlockChain: restored checkpoint sync without state mode from DB — state validation will be skipped until state is built") } return bc, nil } func (bc *BlockChain) setupSnapshot() { // Short circuit if the chain is established with path scheme, as the // state snapshot has been integrated into path database natively. if bc.cfg.StateScheme == rawdb.PathScheme { return } // Load any existing snapshot, regenerating it if loading failed if bc.cfg.SnapshotLimit > 0 { // If the chain was rewound past the snapshot persistent layer (causing // a recovery block number to be persisted to disk), check if we're still // in recovery mode and in that case, don't invalidate the snapshot on a // head mismatch. var recover bool head := bc.CurrentBlock() if layer := rawdb.ReadSnapshotRecoveryNumber(bc.db); layer != nil && *layer >= head.Number.Uint64() { log.Warn("Enabling snapshot recovery", "chainhead", head.Number, "diskbase", *layer) recover = true } snapconfig := snapshot.Config{ CacheSize: bc.cfg.SnapshotLimit, Recovery: recover, NoBuild: bc.cfg.SnapshotNoBuild, AsyncBuild: !bc.cfg.SnapshotWait, } bc.snaps, _ = snapshot.New(snapconfig, bc.db, bc.triedb, head.Root) // Re-initialize the state database with snapshot bc.statedb = state.NewDatabase(bc.triedb, bc.snaps) } } // empty returns an indicator whether the blockchain is empty. // Note, it's a special case that we connect a non-empty ancient // database with an empty node, so that we can plugin the ancient // into node seamlessly. func (bc *BlockChain) empty() bool { genesis := bc.genesisBlock.Hash() for _, hash := range []common.Hash{rawdb.ReadHeadBlockHash(bc.db), rawdb.ReadHeadHeaderHash(bc.db), rawdb.ReadHeadFastBlockHash(bc.db)} { if hash != genesis { return false } } return true } // loadLastState loads the last known chain state from the database. This method // assumes that the chain manager mutex is held. func (bc *BlockChain) loadLastState() error { // Restore the last known head block head := rawdb.ReadHeadBlockHash(bc.db) if head == (common.Hash{}) { // Corrupt or empty database, init from scratch log.Warn("Empty database, resetting chain") return bc.Reset() } headHeader := bc.GetHeaderByHash(head) if headHeader == nil { // Corrupt or empty database, init from scratch log.Warn("Head header missing, resetting chain", "hash", head) return bc.Reset() } var headBlock *types.Block if cmp := headHeader.Number.Cmp(new(big.Int)); cmp == 1 { // Make sure the entire head block is available. headBlock = bc.GetBlockByHash(head) } else if cmp == 0 { // On a pruned node the block body might not be available. But a pruned // block should never be the head block. The only exception is when, as // a last resort, chain is reset to genesis. headBlock = bc.genesisBlock } if headBlock == nil { // Corrupt or empty database, init from scratch log.Warn("Head block missing, resetting chain", "hash", head) return bc.Reset() } // Everything seems to be fine, set as the head block bc.currentBlock.Store(headHeader) headBlockGauge.Update(int64(headBlock.NumberU64())) // Restore the last known head header if head := rawdb.ReadHeadHeaderHash(bc.db); head != (common.Hash{}) { if header := bc.GetHeaderByHash(head); header != nil { headHeader = header } } bc.hc.SetCurrentHeader(headHeader) // Initialize history pruning. latest := max(headBlock.NumberU64(), headHeader.Number.Uint64()) if err := bc.initializeHistoryPruning(latest); err != nil { return err } // Restore the last known head snap block bc.currentSnapBlock.Store(headBlock.Header()) headFastBlockGauge.Update(int64(headBlock.NumberU64())) if head := rawdb.ReadHeadFastBlockHash(bc.db); head != (common.Hash{}) { if block := bc.GetBlockByHash(head); block != nil { bc.currentSnapBlock.Store(block.Header()) headFastBlockGauge.Update(int64(block.NumberU64())) } } // Restore the last known finalized block and safe block // Note: the safe block is not stored on disk and it is set to the last // known finalized block on startup if head := rawdb.ReadFinalizedBlockHash(bc.db); head != (common.Hash{}) { if block := bc.GetBlockByHash(head); block != nil { bc.currentFinalBlock.Store(block.Header()) headFinalizedBlockGauge.Update(int64(block.NumberU64())) bc.currentSafeBlock.Store(block.Header()) headSafeBlockGauge.Update(int64(block.NumberU64())) } } // Issue a status log for the user var ( currentSnapBlock = bc.CurrentSnapBlock() currentFinalBlock = bc.CurrentFinalBlock() ) if headHeader.Hash() != headBlock.Hash() { log.Info("Loaded most recent local header", "number", headHeader.Number, "hash", headHeader.Hash(), "age", common.PrettyAge(time.Unix(int64(headHeader.Time), 0))) } log.Info("Loaded most recent local block", "number", headBlock.Number(), "hash", headBlock.Hash(), "age", common.PrettyAge(time.Unix(int64(headBlock.Time()), 0))) if headBlock.Hash() != currentSnapBlock.Hash() { log.Info("Loaded most recent local snap block", "number", currentSnapBlock.Number, "hash", currentSnapBlock.Hash(), "age", common.PrettyAge(time.Unix(int64(currentSnapBlock.Time), 0))) } if currentFinalBlock != nil { log.Info("Loaded most recent local finalized block", "number", currentFinalBlock.Number, "hash", currentFinalBlock.Hash(), "age", common.PrettyAge(time.Unix(int64(currentFinalBlock.Time), 0))) } if pivot := rawdb.ReadLastPivotNumber(bc.db); pivot != nil { log.Info("Loaded last snap-sync pivot marker", "number", *pivot) } if pruning := bc.historyPrunePoint.Load(); pruning != nil { log.Info("Chain history is pruned", "earliest", pruning.BlockNumber, "hash", pruning.BlockHash) } return nil } // initializeHistoryPruning sets bc.historyPrunePoint. func (bc *BlockChain) initializeHistoryPruning(latest uint64) error { freezerTail, _ := bc.db.Tail() switch bc.cfg.ChainHistoryMode { case history.KeepAll: if freezerTail == 0 { return nil } // The database was pruned somehow, so we need to figure out if it's a known // configuration or an error. predefinedPoint := history.PrunePoints[bc.genesisBlock.Hash()] if predefinedPoint == nil || freezerTail != predefinedPoint.BlockNumber { // XDC CHECKPOINT SYNC: If no predefined prune point (XDC networks not in // PrunePoints map), check for checkpoint sync metadata in DB. This allows // restart after checkpoint sync where ancient DB tail matches checkpoint. if predefinedPoint == nil { // P1: Check for persisted checkpoint sync metadata from previous run if cpMeta := rawdb.ReadCheckpointSyncMetadata(bc.db); cpMeta != nil { if freezerTail == cpMeta.Number { log.Info("Chain history pruned to checkpoint sync anchor", "tail", freezerTail, "checkpoint", cpMeta.Number) bc.historyPrunePoint.Store(&history.PrunePoint{ BlockNumber: cpMeta.Number, BlockHash: cpMeta.Hash, }) return nil } log.Warn("Chain history tail mismatch with checkpoint metadata", "tail", freezerTail, "checkpoint", cpMeta.Number) } // P2: Check if freezer tail matches any trusted sync checkpoint. // This handles the case where checkpoint sync metadata was not persisted // (e.g., node crashed before metadata write) but the ancient DB tail // matches a known checkpoint. if bc.chainConfig.TrustedSyncCheckpoints != nil { for _, cp := range bc.chainConfig.TrustedSyncCheckpoints { if cp != nil && cp.Number == freezerTail { log.Info("Chain history pruned to trusted sync checkpoint", "tail", freezerTail, "checkpoint", cp.Number) bc.historyPrunePoint.Store(&history.PrunePoint{ BlockNumber: cp.Number, BlockHash: cp.Hash, }) // Persist the metadata now so future restarts work meta := &rawdb.CheckpointSyncMetadata{ Number: cp.Number, Hash: cp.Hash, } rawdb.WriteCheckpointSyncMetadata(bc.db, meta) return nil } } } // P3: XDC NETWORK FALLBACK — For XDC networks (which don't have predefined // prune points in the PrunePoints map), if the DB is pruned and we can't // find checkpoint metadata, accept the current freezer tail as the prune // point. This handles the case where checkpoint sync created a pruned DB // but the metadata was lost (e.g., node crashed before metadata write). // The tail block hash is unknown, so we use an empty hash. if bc.chainConfig.XDPoS != nil { log.Warn("XDC network: accepting pruned DB tail as checkpoint sync anchor", "tail", freezerTail, "note", "checkpoint metadata not found, using tail as prune point") bc.historyPrunePoint.Store(&history.PrunePoint{ BlockNumber: freezerTail, BlockHash: common.Hash{}, }) // Persist metadata for future restarts meta := &rawdb.CheckpointSyncMetadata{ Number: freezerTail, Hash: common.Hash{}, } rawdb.WriteCheckpointSyncMetadata(bc.db, meta) return nil } } log.Error("Chain history database is pruned with unknown configuration", "tail", freezerTail) return errors.New("unexpected database tail") } bc.historyPrunePoint.Store(predefinedPoint) return nil case history.KeepPostMerge: if freezerTail == 0 && latest != 0 { // This is the case where a user is trying to run with --history.chain // postmerge directly on an existing DB. We could just trigger the pruning // here, but it'd be a bit dangerous since they may not have intended this // action to happen. So just tell them how to do it. log.Error(fmt.Sprintf("Chain history mode is configured as %q, but database is not pruned.", bc.cfg.ChainHistoryMode.String())) log.Error(fmt.Sprintf("Run 'geth prune-history' to prune pre-merge history.")) return errors.New("history pruning requested via configuration") } predefinedPoint := history.PrunePoints[bc.genesisBlock.Hash()] if predefinedPoint == nil { log.Error("Chain history pruning is not supported for this network", "genesis", bc.genesisBlock.Hash()) return errors.New("history pruning requested for unknown network") } else if freezerTail > 0 && freezerTail != predefinedPoint.BlockNumber { log.Error("Chain history database is pruned to unknown block", "tail", freezerTail) return errors.New("unexpected database tail") } bc.historyPrunePoint.Store(predefinedPoint) return nil default: return fmt.Errorf("invalid history mode: %d", bc.cfg.ChainHistoryMode) } } // SetCheckpointPrunePoint sets the history prune point to the given checkpoint. // This is used during checkpoint sync to indicate that blocks before the checkpoint // don't have bodies/receipts available. func (bc *BlockChain) SetCheckpointPrunePoint(checkpoint uint64, hash common.Hash) { pt := &history.PrunePoint{ BlockNumber: checkpoint, BlockHash: hash, } bc.historyPrunePoint.Store(pt) log.Info("Set checkpoint prune point", "checkpoint", checkpoint, "hash", hash.Hex()[:16]) } // SetHead rewinds the local chain to a new head. Depending on whether the node // was snap synced or full synced and in which state, the method will try to // delete minimal data from disk whilst retaining chain consistency. func (bc *BlockChain) SetHead(head uint64) error { if _, err := bc.setHeadBeyondRoot(head, 0, common.Hash{}, false); err != nil { return err } return bc.sendChainHeadEvent() } // rewindHeadMaxSteps caps the size of a single surgical rewind. A larger value // risks runaway rewinds against malformed peer data; 32 is more than enough // for V2 BFT side-branch recovery at the tip. const rewindHeadMaxSteps = 32 // RewindHead is a surgical N-step head rewind that bypasses SetHead's // state-having walk-back. Required for the downloader's tip-fork recovery // path under checkpointSyncNoState mode: in that mode intermediate blocks // intentionally lack state, so SetHead's rewindHead would skip the requested // target and walk back hundreds (or thousands) of blocks to find a // state-having ancestor — turning a 1-block recovery into a full re-sync. // // This method only updates the head pointers (block, header, snap) and // deletes the canonical mapping for the orphan range. State and triedb are // not touched; the next sync round will re-fetch the canonical block at the // rewound height. Bounded to rewindHeadMaxSteps to keep the worst case fast // and prevent runaway rewinds from buggy peers. func (bc *BlockChain) RewindHead(steps uint64) (uint64, error) { if steps == 0 { return 0, fmt.Errorf("RewindHead: steps must be > 0") } if steps > rewindHeadMaxSteps { return 0, fmt.Errorf("RewindHead: steps %d exceeds cap %d", steps, rewindHeadMaxSteps) } if !bc.chainmu.TryLock() { return 0, errChainStopped } defer bc.chainmu.Unlock() current := bc.CurrentBlock() if current == nil { return 0, fmt.Errorf("RewindHead: no current block") } if steps >= current.Number.Uint64() { return 0, fmt.Errorf("RewindHead: would rewind to genesis or below (current=%d, steps=%d)", current.Number.Uint64(), steps) } target := current.Number.Uint64() - steps targetHash := rawdb.ReadCanonicalHash(bc.db, target) if targetHash == (common.Hash{}) { return 0, fmt.Errorf("RewindHead: no canonical hash at %d", target) } targetHeader := bc.GetHeader(targetHash, target) if targetHeader == nil { return 0, fmt.Errorf("RewindHead: target header at %d not in DB", target) } // Delete the orphan range (target+1 .. current). Use a batch for atomicity. batch := bc.db.NewBatch() for n := current.Number.Uint64(); n > target; n-- { hash := rawdb.ReadCanonicalHash(bc.db, n) if hash != (common.Hash{}) { rawdb.DeleteBlock(batch, hash, n) rawdb.DeleteCanonicalHash(batch, n) } } rawdb.WriteHeadBlockHash(batch, targetHash) rawdb.WriteHeadHeaderHash(batch, targetHash) if err := batch.Write(); err != nil { return 0, fmt.Errorf("RewindHead: batch write failed: %w", err) } bc.currentBlock.Store(targetHeader) bc.hc.currentHeader.Store(targetHeader) bc.hc.currentHeaderHash = targetHash bc.currentSnapBlock.Store(targetHeader) headBlockGauge.Update(int64(target)) headHeaderGauge.Update(int64(target)) headFastBlockGauge.Update(int64(target)) bc.hc.headerCache.Purge() bc.bodyCache.Purge() bc.blockCache.Purge() log.Info("Surgical head rewind complete", "from", current.Number.Uint64(), "to", target, "steps", steps, "newHead", targetHash.Hex()[:16]) return target, bc.sendChainHeadEvent() } // SetHeadWithTimestamp rewinds the local chain to a new head that has at max // the given timestamp. Depending on whether the node was snap synced or full // synced and in which state, the method will try to delete minimal data from // disk whilst retaining chain consistency. func (bc *BlockChain) SetHeadWithTimestamp(timestamp uint64) error { if _, err := bc.setHeadBeyondRoot(0, timestamp, common.Hash{}, false); err != nil { return err } return bc.sendChainHeadEvent() } // sendChainHeadEvent notifies all subscribers about the new chain head, // checking first that the current block is actually available. func (bc *BlockChain) sendChainHeadEvent() error { header := bc.CurrentBlock() if block := bc.GetBlock(header.Hash(), header.Number.Uint64()); block == nil { // In a pruned node the genesis block will not exist in the freezer. // It should not happen that we set head to any other pruned block. if header.Number.Uint64() > 0 { // This should never happen. In practice, previously currentBlock // contained the entire block whereas now only a "marker", so there // is an ever so slight chance for a race we should handle. log.Error("Current block not found in database", "block", header.Number, "hash", header.Hash()) return fmt.Errorf("current block missing: #%d [%x..]", header.Number, header.Hash().Bytes()[:4]) } } bc.chainHeadFeed.Send(ChainHeadEvent{Header: header}) return nil } // SetFinalized sets the finalized block. func (bc *BlockChain) SetFinalized(header *types.Header) { bc.currentFinalBlock.Store(header) if header != nil { rawdb.WriteFinalizedBlockHash(bc.db, header.Hash()) headFinalizedBlockGauge.Update(int64(header.Number.Uint64())) } else { rawdb.WriteFinalizedBlockHash(bc.db, common.Hash{}) headFinalizedBlockGauge.Update(0) } } // SetSafe sets the safe block. func (bc *BlockChain) SetSafe(header *types.Header) { bc.currentSafeBlock.Store(header) if header != nil { headSafeBlockGauge.Update(int64(header.Number.Uint64())) } else { headSafeBlockGauge.Update(0) } } // rewindHashHead implements the logic of rewindHead in the context of hash scheme. func (bc *BlockChain) rewindHashHead(head *types.Header, root common.Hash) (*types.Header, uint64) { var ( limit uint64 // The oldest block that will be searched for this rewinding beyondRoot = root == common.Hash{} // Flag whether we're beyond the requested root (no root, always true) pivot = rawdb.ReadLastPivotNumber(bc.db) // Associated block number of pivot point state rootNumber uint64 // Associated block number of requested root start = time.Now() // Timestamp the rewinding is restarted logged = time.Now() // Timestamp last progress log was printed ) // The oldest block to be searched is determined by the pivot block or a constant // searching threshold. The rationale behind this is as follows: // // - Snap sync is selected if the pivot block is available. The earliest available // state is the pivot block itself, so there is no sense in going further back. // // - Full sync is selected if the pivot block does not exist. The hash database // periodically flushes the state to disk, and the used searching threshold is // considered sufficient to find a persistent state, even for the testnet. It // might be not enough for a chain that is nearly empty. In the worst case, // the entire chain is reset to genesis, and snap sync is re-enabled on top, // which is still acceptable. if pivot != nil { limit = *pivot } else if head.Number.Uint64() > params.FullImmutabilityThreshold { limit = head.Number.Uint64() - params.FullImmutabilityThreshold } for { logger := log.Trace if time.Since(logged) > time.Second*8 { logged = time.Now() logger = log.Info } logger("Block state missing, rewinding further", "number", head.Number, "hash", head.Hash(), "elapsed", common.PrettyDuration(time.Since(start))) // If a root threshold was requested but not yet crossed, check if !beyondRoot && head.Root == root { beyondRoot, rootNumber = true, head.Number.Uint64() } // If search limit is reached, return the genesis block as the // new chain head. if head.Number.Uint64() < limit { log.Info("Rewinding limit reached, resetting to genesis", "number", head.Number, "hash", head.Hash(), "limit", limit) return bc.genesisBlock.Header(), rootNumber } // If the associated state is not reachable, continue searching // backwards until an available state is found. if !bc.HasState(head.Root) { // If the chain is gapped in the middle, return the genesis // block as the new chain head. parent := bc.GetHeader(head.ParentHash, head.Number.Uint64()-1) if parent == nil { log.Error("Missing block in the middle, resetting to genesis", "number", head.Number.Uint64()-1, "hash", head.ParentHash) return bc.genesisBlock.Header(), rootNumber } head = parent // If the genesis block is reached, stop searching. if head.Number.Uint64() == 0 { log.Info("Genesis block reached", "number", head.Number, "hash", head.Hash()) return head, rootNumber } continue // keep rewinding } // Once the available state is found, ensure that the requested root // has already been crossed. If not, continue rewinding. if beyondRoot || head.Number.Uint64() == 0 { log.Info("Rewound to block with state", "number", head.Number, "hash", head.Hash()) return head, rootNumber } log.Debug("Skipping block with threshold state", "number", head.Number, "hash", head.Hash(), "root", head.Root) head = bc.GetHeader(head.ParentHash, head.Number.Uint64()-1) // Keep rewinding } } // rewindPathHead implements the logic of rewindHead in the context of path scheme. func (bc *BlockChain) rewindPathHead(head *types.Header, root common.Hash) (*types.Header, uint64) { var ( pivot = rawdb.ReadLastPivotNumber(bc.db) // Associated block number of pivot block rootNumber uint64 // Associated block number of requested root // BeyondRoot represents whether the requested root is already // crossed. The flag value is set to true if the root is empty. beyondRoot = root == common.Hash{} // noState represents if the target state requested for search // is unavailable and impossible to be recovered. noState = !bc.HasState(root) && !bc.stateRecoverable(root) start = time.Now() // Timestamp the rewinding is restarted logged = time.Now() // Timestamp last progress log was printed ) // Rewind the head block tag until an available state is found. for { logger := log.Trace if time.Since(logged) > time.Second*8 { logged = time.Now() logger = log.Info } logger("Block state missing, rewinding further", "number", head.Number, "hash", head.Hash(), "elapsed", common.PrettyDuration(time.Since(start))) // If a root threshold was requested but not yet crossed, check if !beyondRoot && head.Root == root { beyondRoot, rootNumber = true, head.Number.Uint64() } // If the root threshold hasn't been crossed but the available // state is reached, quickly determine if the target state is // possible to be reached or not. if !beyondRoot && noState && bc.HasState(head.Root) { beyondRoot = true log.Info("Disable the search for unattainable state", "root", root) } // Check if the associated state is available or recoverable if // the requested root has already been crossed. if beyondRoot && (bc.HasState(head.Root) || bc.stateRecoverable(head.Root)) { break } // If pivot block is reached, return the genesis block as the // new chain head. Theoretically there must be a persistent // state before or at the pivot block, prevent endless rewinding // towards the genesis just in case. if pivot != nil && *pivot >= head.Number.Uint64() { log.Info("Pivot block reached, resetting to genesis", "number", head.Number, "hash", head.Hash()) return bc.genesisBlock.Header(), rootNumber } // If the chain is gapped in the middle, return the genesis // block as the new chain head parent := bc.GetHeader(head.ParentHash, head.Number.Uint64()-1) // Keep rewinding if parent == nil { log.Error("Missing block in the middle, resetting to genesis", "number", head.Number.Uint64()-1, "hash", head.ParentHash) return bc.genesisBlock.Header(), rootNumber } head = parent // If the genesis block is reached, stop searching. if head.Number.Uint64() == 0 { log.Info("Genesis block reached", "number", head.Number, "hash", head.Hash()) return head, rootNumber } } // Recover if the target state if it's not available yet. if !bc.HasState(head.Root) { if err := bc.triedb.Recover(head.Root); err != nil { log.Error("Failed to rollback state, resetting to genesis", "err", err) return bc.genesisBlock.Header(), rootNumber } } log.Info("Rewound to block with state", "number", head.Number, "hash", head.Hash()) return head, rootNumber } // rewindHead searches the available states in the database and returns the associated // block as the new head block. // // If the given root is not empty, then the rewind should attempt to pass the specified // state root and return the associated block number as well. If the root, typically // representing the state corresponding to snapshot disk layer, is deemed impassable, // then block number zero is returned, indicating that snapshot recovery is disabled // and the whole snapshot should be auto-generated in case of head mismatch. func (bc *BlockChain) rewindHead(head *types.Header, root common.Hash) (*types.Header, uint64) { if bc.triedb.Scheme() == rawdb.PathScheme { return bc.rewindPathHead(head, root) } return bc.rewindHashHead(head, root) } // setHeadBeyondRoot rewinds the local chain to a new head with the extra condition // that the rewind must pass the specified state root. This method is meant to be // used when rewinding with snapshots enabled to ensure that we go back further than // persistent disk layer. Depending on whether the node was snap synced or full, and // in which state, the method will try to delete minimal data from disk whilst // retaining chain consistency. // // The method also works in timestamp mode if `head == 0` but `time != 0`. In that // case blocks are rolled back until the new head becomes older or equal to the // requested time. If both `head` and `time` is 0, the chain is rewound to genesis. // // The method returns the block number where the requested root cap was found. func (bc *BlockChain) setHeadBeyondRoot(head uint64, time uint64, root common.Hash, repair bool) (uint64, error) { if !bc.chainmu.TryLock() { return 0, errChainStopped } defer bc.chainmu.Unlock() var ( // Track the block number of the requested root hash rootNumber uint64 // (no root == always 0) // Retrieve the last pivot block to short circuit rollbacks beyond it // and the current freezer limit to start nuking it's underflown. pivot = rawdb.ReadLastPivotNumber(bc.db) ) updateFn := func(db ethdb.KeyValueWriter, header *types.Header) (*types.Header, bool) { // Rewind the blockchain, ensuring we don't end up with a stateless head // block. Note, depth equality is permitted to allow using SetHead as a // chain reparation mechanism without deleting any data! if currentBlock := bc.CurrentBlock(); currentBlock != nil && header.Number.Uint64() <= currentBlock.Number.Uint64() { var newHeadBlock *types.Header newHeadBlock, rootNumber = bc.rewindHead(header, root) rawdb.WriteHeadBlockHash(db, newHeadBlock.Hash()) // Degrade the chain markers if they are explicitly reverted. // In theory we should update all in-memory markers in the // last step, however the direction of SetHead is from high // to low, so it's safe to update in-memory markers directly. bc.currentBlock.Store(newHeadBlock) headBlockGauge.Update(int64(newHeadBlock.Number.Uint64())) // The head state is missing, which is only possible in the path-based // scheme. For standard Ethereum this is fatal. For XDC (no beacon chain), // we attempt PBSS recovery: find the closest recoverable state from the // disk layer and re-execute forward (#35, #36). if !bc.HasState(newHeadBlock.Root) { if newHeadBlock.Number.Uint64() != 0 { // XDC fix #35/#36: Don't crash — try to recover from disk layer root diskRoot := bc.triedb.DiskLayerRoot() if diskRoot != (common.Hash{}) { log.Warn("PBSS head state missing after crash, attempting recovery from disk layer", "head", newHeadBlock.Number, "headRoot", newHeadBlock.Root.Hex()[:16], "diskRoot", diskRoot.Hex()[:16]) // Walk back to find the block matching diskRoot recoveryBlock := newHeadBlock for recoveryBlock != nil && recoveryBlock.Root != diskRoot { if bc.stateRecoverable(recoveryBlock.Root) { log.Info("Found recoverable state during PBSS recovery", "number", recoveryBlock.Number, "root", recoveryBlock.Root.Hex()[:16]) if err := bc.triedb.Recover(recoveryBlock.Root); err == nil { bc.currentBlock.Store(recoveryBlock) headBlockGauge.Update(int64(recoveryBlock.Number.Uint64())) log.Info("PBSS recovery successful", "number", recoveryBlock.Number) break } } parent := bc.GetHeader(recoveryBlock.ParentHash, recoveryBlock.Number.Uint64()-1) if parent == nil { break } recoveryBlock = parent } // If we found the disk layer block, use it if recoveryBlock != nil && bc.HasState(recoveryBlock.Root) { bc.currentBlock.Store(recoveryBlock) headBlockGauge.Update(int64(recoveryBlock.Number.Uint64())) log.Info("PBSS recovered to disk layer state", "number", recoveryBlock.Number, "root", recoveryBlock.Root.Hex()[:16]) } else { log.Error("PBSS recovery failed, will re-sync from scratch", "head", newHeadBlock.Number, "diskRoot", diskRoot.Hex()[:16]) // Reset to genesis — better than crashing bc.currentBlock.Store(bc.genesisBlock.Header()) headBlockGauge.Update(0) } } else { log.Error("PBSS stateless with no disk layer, resetting to genesis", "number", newHeadBlock.Number) bc.currentBlock.Store(bc.genesisBlock.Header()) headBlockGauge.Update(0) } } else { log.Info("Chain is stateless at genesis, wait state sync", "number", newHeadBlock.Number, "hash", newHeadBlock.Hash()) } } } // Rewind the snap block in a simpleton way to the target head if currentSnapBlock := bc.CurrentSnapBlock(); currentSnapBlock != nil && header.Number.Uint64() < currentSnapBlock.Number.Uint64() { newHeadSnapBlock := bc.GetBlock(header.Hash(), header.Number.Uint64()) // If either blocks reached nil, reset to the genesis state if newHeadSnapBlock == nil { newHeadSnapBlock = bc.genesisBlock } rawdb.WriteHeadFastBlockHash(db, newHeadSnapBlock.Hash()) // Degrade the chain markers if they are explicitly reverted. // In theory we should update all in-memory markers in the // last step, however the direction of SetHead is from high // to low, so it's safe the update in-memory markers directly. bc.currentSnapBlock.Store(newHeadSnapBlock.Header()) headFastBlockGauge.Update(int64(newHeadSnapBlock.NumberU64())) } var ( headHeader = bc.CurrentBlock() headNumber = headHeader.Number.Uint64() ) // If setHead underflown the freezer threshold and the block processing // intent afterwards is full block importing, delete the chain segment // between the stateful-block and the sethead target. var wipe bool frozen, _ := bc.db.Ancients() if headNumber+1 < frozen { wipe = pivot == nil || headNumber >= *pivot } return headHeader, wipe // Only force wipe if full synced } // Rewind the header chain, deleting all block bodies until then delFn := func(db ethdb.KeyValueWriter, hash common.Hash, num uint64) { // Ignore the error here since light client won't hit this path frozen, _ := bc.db.Ancients() if num+1 <= frozen { // The chain segment, such as the block header, canonical hash, // body, and receipt, will be removed from the ancient store // in one go. // // The hash-to-number mapping in the key-value store will be // removed by the hc.SetHead function. } else { // Remove the associated body and receipts from the key-value store. // The header, hash-to-number mapping, and canonical hash will be // removed by the hc.SetHead function. rawdb.DeleteBody(db, hash, num) rawdb.DeleteReceipts(db, hash, num) } // Todo(rjl493456442) txlookup, log index, etc } // If SetHead was only called as a chain reparation method, try to skip // touching the header chain altogether, unless the freezer is broken if repair { if target, force := updateFn(bc.db, bc.CurrentBlock()); force { bc.hc.SetHead(target.Number.Uint64(), nil, delFn) } } else { // Rewind the chain to the requested head and keep going backwards until a // block with a state is found or snap sync pivot is passed if time > 0 { log.Warn("Rewinding blockchain to timestamp", "target", time) bc.hc.SetHeadWithTimestamp(time, updateFn, delFn) } else { log.Warn("Rewinding blockchain to block", "target", head) bc.hc.SetHead(head, updateFn, delFn) } } // Clear out any stale content from the caches bc.bodyCache.Purge() bc.bodyRLPCache.Purge() bc.receiptsCache.Purge() bc.blockCache.Purge() bc.txLookupCache.Purge() // Clear safe block, finalized block if needed headBlock := bc.CurrentBlock() if safe := bc.CurrentSafeBlock(); safe != nil && headBlock.Number.Uint64() < safe.Number.Uint64() { log.Warn("SetHead invalidated safe block") bc.SetSafe(nil) } if finalized := bc.CurrentFinalBlock(); finalized != nil && headBlock.Number.Uint64() < finalized.Number.Uint64() { log.Error("SetHead invalidated finalized block") bc.SetFinalized(nil) } return rootNumber, bc.loadLastState() } // SnapSyncStart disables the underlying databases (such as the trie DB and the // optional state snapshot) to prevent potential concurrent mutations between // snap sync and other chain operations. func (bc *BlockChain) SnapSyncStart() error { if !bc.chainmu.TryLock() { return errChainStopped } defer bc.chainmu.Unlock() // Snap sync will directly modify the persistent state, making the entire // trie database unusable until the state is fully synced. To prevent any // subsequent state reads, explicitly disable the trie database and state // syncer is responsible to address and correct any state missing. if bc.TrieDB().Scheme() == rawdb.PathScheme { if err := bc.TrieDB().Disable(); err != nil { return err } } // Snap sync uses the snapshot namespace to store potentially flaky data until // sync completely heals and finishes. Pause snapshot maintenance in the mean- // time to prevent access. if snapshots := bc.Snapshots(); snapshots != nil { // Only nil in tests snapshots.Disable() } return nil } // SnapSyncComplete sets the current head block to the block identified by the // given hash, regardless of the chain contents prior to snap sync. It is // invoked once snap sync completes and assumes that SnapSyncStart was called // previously. func (bc *BlockChain) SnapSyncComplete(hash common.Hash) error { // Make sure that both the block as well at its state trie exists block := bc.GetBlockByHash(hash) if block == nil { return fmt.Errorf("non existent block [%x..]", hash[:4]) } if !bc.chainmu.TryLock() { return errChainStopped } defer bc.chainmu.Unlock() // Reset the trie database with the fresh snap synced state. root := block.Root() if bc.triedb.Scheme() == rawdb.PathScheme { if err := bc.triedb.Enable(root); err != nil { return err } } if !bc.HasState(root) { return fmt.Errorf("non existent state [%x..]", root[:4]) } // Destroy any existing state snapshot and regenerate it in the background, // also resuming the normal maintenance of any previously paused snapshot. if bc.snaps != nil { bc.snaps.Rebuild(root) } // If all checks out, manually set the head block. // P0 HARDENING: Validate state root against checkpoint if this is a checkpoint block if err := bc.validateCheckpointStateRoot(block); err != nil { return err } bc.currentBlock.Store(block.Header()) headBlockGauge.Update(int64(block.NumberU64())) log.Info("Committed new head block", "number", block.Number(), "hash", hash) return nil } // Reset purges the entire blockchain, restoring it to its genesis state. func (bc *BlockChain) Reset() error { return bc.ResetWithGenesisBlock(bc.genesisBlock) } // ResetWithGenesisBlock purges the entire blockchain, restoring it to the // specified genesis state. func (bc *BlockChain) ResetWithGenesisBlock(genesis *types.Block) error { // Dump the entire block chain and purge the caches if err := bc.SetHead(0); err != nil { return err } if !bc.chainmu.TryLock() { return errChainStopped } defer bc.chainmu.Unlock() // Prepare the genesis block and reinitialise the chain batch := bc.db.NewBatch() rawdb.WriteBlock(batch, genesis) if err := batch.Write(); err != nil { log.Crit("Failed to write genesis block", "err", err) } bc.writeHeadBlock(genesis) // Last update all in-memory chain markers bc.genesisBlock = genesis bc.currentBlock.Store(bc.genesisBlock.Header()) headBlockGauge.Update(int64(bc.genesisBlock.NumberU64())) bc.hc.SetGenesis(bc.genesisBlock.Header()) bc.hc.SetCurrentHeader(bc.genesisBlock.Header()) bc.currentSnapBlock.Store(bc.genesisBlock.Header()) headFastBlockGauge.Update(int64(bc.genesisBlock.NumberU64())) // Reset history pruning status. return bc.initializeHistoryPruning(0) } // Export writes the active chain to the given writer. func (bc *BlockChain) Export(w io.Writer) error { return bc.ExportN(w, uint64(0), bc.CurrentBlock().Number.Uint64()) } // ExportN writes a subset of the active chain to the given writer. func (bc *BlockChain) ExportN(w io.Writer, first uint64, last uint64) error { if first > last { return fmt.Errorf("export failed: first (%d) is greater than last (%d)", first, last) } log.Info("Exporting batch of blocks", "count", last-first+1) var ( parentHash common.Hash start = time.Now() reported = time.Now() ) for nr := first; nr <= last; nr++ { block := bc.GetBlockByNumber(nr) if block == nil { return fmt.Errorf("export failed on #%d: not found", nr) } if nr > first && block.ParentHash() != parentHash { return errors.New("export failed: chain reorg during export") } parentHash = block.Hash() if err := block.EncodeRLP(w); err != nil { return err } if time.Since(reported) >= statsReportLimit { log.Info("Exporting blocks", "exported", block.NumberU64()-first, "elapsed", common.PrettyDuration(time.Since(start))) reported = time.Now() } } return nil } // writeHeadBlock injects a new head block into the current block chain. This method // assumes that the block is indeed a true head. It will also reset the head // header and the head snap sync block to this very same block if they are older // or if they are on a different side chain. // // Note, this function assumes that the `mu` mutex is held! func (bc *BlockChain) writeHeadBlock(block *types.Block) { // Add the block to the canonical chain number scheme and mark as the head batch := bc.db.NewBatch() rawdb.WriteHeadHeaderHash(batch, block.Hash()) rawdb.WriteHeadFastBlockHash(batch, block.Hash()) rawdb.WriteCanonicalHash(batch, block.Hash(), block.NumberU64()) rawdb.WriteTxLookupEntriesByBlock(batch, block) rawdb.WriteHeadBlockHash(batch, block.Hash()) // Flush the whole batch into the disk, exit the node if failed if err := batch.Write(); err != nil { log.Crit("Failed to update chain indexes and markers", "err", err) } // Update all in-memory chain markers in the last step bc.hc.SetCurrentHeader(block.Header()) bc.currentSnapBlock.Store(block.Header()) headFastBlockGauge.Update(int64(block.NumberU64())) bc.currentBlock.Store(block.Header()) headBlockGauge.Update(int64(block.NumberU64())) } // stopWithoutSaving stops the blockchain service. If any imports are currently in progress // it will abort them using the procInterrupt. This method stops all running // goroutines, but does not do all the post-stop work of persisting data. // OBS! It is generally recommended to use the Stop method! // This method has been exposed to allow tests to stop the blockchain while simulating // a crash. func (bc *BlockChain) stopWithoutSaving() { if !bc.stopping.CompareAndSwap(false, true) { return } // Signal shutdown tx indexer. if bc.txIndexer != nil { bc.txIndexer.close() } // Unsubscribe all subscriptions registered from blockchain. bc.scope.Close() // Signal shutdown to all goroutines. bc.InterruptInsert(true) // Stop state size tracker if bc.stateSizer != nil { bc.stateSizer.Stop() } // Now wait for all chain modifications to end and persistent goroutines to exit. // // Note: Close waits for the mutex to become available, i.e. any running chain // modification will have exited when Close returns. Since we also called StopInsert, // the mutex should become available quickly. It cannot be taken again after Close has // returned. bc.chainmu.Close() } // Stop stops the blockchain service. If any imports are currently in progress // it will abort them using the procInterrupt. func (bc *BlockChain) Stop() { bc.stopWithoutSaving() // Ensure that the entirety of the state snapshot is journaled to disk. var snapBase common.Hash if bc.snaps != nil { var err error if snapBase, err = bc.snaps.Journal(bc.CurrentBlock().Root); err != nil { log.Error("Failed to journal state snapshot", "err", err) } bc.snaps.Release() } if bc.triedb.Scheme() == rawdb.PathScheme { // Ensure that the in-memory trie nodes are journaled to disk properly. if err := bc.triedb.Journal(bc.CurrentBlock().Root); err != nil { log.Info("Failed to journal in-memory trie nodes", "err", err) } } else { // Ensure the state of a recent block is also stored to disk before exiting. // We're writing three different states to catch different restart scenarios: // - HEAD: So we don't need to reprocess any blocks in the general case // - HEAD-1: So we don't do large reorgs if our HEAD becomes an uncle // - HEAD-127: So we have a hard limit on the number of blocks reexecuted if !bc.cfg.ArchiveMode { triedb := bc.triedb for _, offset := range []uint64{0, 1, state.TriesInMemory - 1} { if number := bc.CurrentBlock().Number.Uint64(); number > offset { recent := bc.GetBlockByNumber(number - offset) // XDC fix: On XDC chains, GP5 stores trie nodes under its // own computed root (differs from header root). Commit the // GP5 root so the trie is actually persisted to disk. commitRoot := recent.Root() blockNum := number - offset if cachedRoot, ok := XdcGetCachedStateRoot(blockNum); ok { log.Info("Writing cached state to disk (XDC cached root)", "block", recent.Number(), "hash", recent.Hash(), "headerRoot", recent.Root(), "cachedRoot", cachedRoot) commitRoot = cachedRoot } else { log.Info("Writing cached state to disk", "block", recent.Number(), "hash", recent.Hash(), "root", recent.Root()) } if err := triedb.Commit(commitRoot, true); err != nil { log.Error("Failed to commit recent state trie", "err", err) } } } if snapBase != (common.Hash{}) { log.Info("Writing snapshot state to disk", "root", snapBase) if err := triedb.Commit(snapBase, true); err != nil { log.Error("Failed to commit recent state trie", "err", err) } } for !bc.triegc.Empty() { triedb.Dereference(bc.triegc.PopItem()) } if _, nodes, _ := triedb.Size(); nodes != 0 { // all memory is contained within the nodes return for hashdb log.Error("Dangling trie nodes after full cleanup") } } } // Allow tracers to clean-up and release resources. if bc.logger != nil && bc.logger.OnClose != nil { bc.logger.OnClose() } // Flush XDC state root cache to disk before shutdown XdcFlushCache() // Close the trie database, release all the held resources as the last step. if err := bc.triedb.Close(); err != nil { log.Error("Failed to close trie database", "err", err) } log.Info("Blockchain stopped") } // InterruptInsert interrupts all insertion methods, causing them to return // errInsertionInterrupted as soon as possible, or resume the chain insertion // if required. func (bc *BlockChain) InterruptInsert(on bool) { if on { bc.procInterrupt.Store(true) } else { bc.procInterrupt.Store(false) } } // insertStopped returns true after StopInsert has been called. func (bc *BlockChain) insertStopped() bool { return bc.procInterrupt.Load() } // WriteStatus status of write type WriteStatus byte const ( NonStatTy WriteStatus = iota CanonStatTy SideStatTy ) // InsertReceiptChain inserts a batch of blocks along with their receipts into // the database. Unlike InsertChain, this function does not verify the state root // in the blocks. It is used exclusively for snap sync. All the inserted blocks // will be regarded as canonical, chain reorg is not supported. // // The optional ancientLimit can also be specified and chain segment before that // will be directly stored in the ancient, getting rid of the chain migration. func (bc *BlockChain) InsertReceiptChain(blockChain types.Blocks, receiptChain []rlp.RawValue, ancientLimit uint64) (int, error) { // Verify the supplied headers before insertion without lock var headers []*types.Header for _, block := range blockChain { headers = append(headers, block.Header()) // Here we also validate that blob transactions in the block do not // contain a sidecar. While the sidecar does not affect the block hash // or tx hash, sending blobs within a block is not allowed. for txIndex, tx := range block.Transactions() { if tx.Type() == types.BlobTxType && tx.BlobTxSidecar() != nil { return 0, fmt.Errorf("block #%d contains unexpected blob sidecar in tx at index %d", block.NumberU64(), txIndex) } } } if n, err := bc.hc.ValidateHeaderChain(headers); err != nil { return n, err } // Hold the mutation lock if !bc.chainmu.TryLock() { return 0, errChainStopped } defer bc.chainmu.Unlock() var ( stats = struct{ processed, ignored int32 }{} start = time.Now() size = int64(0) ) // updateHead updates the head header and head snap block flags. updateHead := func(header *types.Header) error { batch := bc.db.NewBatch() hash := header.Hash() rawdb.WriteHeadHeaderHash(batch, hash) rawdb.WriteHeadFastBlockHash(batch, hash) if err := batch.Write(); err != nil { return err } bc.hc.currentHeader.Store(header) bc.currentSnapBlock.Store(header) headHeaderGauge.Update(header.Number.Int64()) headFastBlockGauge.Update(header.Number.Int64()) return nil } // writeAncient writes blockchain and corresponding receipt chain into ancient store. // // this function only accepts canonical chain data. All side chain will be reverted // eventually. writeAncient := func(blockChain types.Blocks, receiptChain []rlp.RawValue) (int, error) { // Ensure genesis is in the ancient store if blockChain[0].NumberU64() == 1 { if frozen, _ := bc.db.Ancients(); frozen == 0 { writeSize, err := rawdb.WriteAncientBlocks(bc.db, []*types.Block{bc.genesisBlock}, []rlp.RawValue{rlp.EmptyList}) if err != nil { log.Error("Error writing genesis to ancients", "err", err) return 0, err } size += writeSize log.Info("Wrote genesis to ancients") } } // Write all chain data to ancients. writeSize, err := rawdb.WriteAncientBlocks(bc.db, blockChain, receiptChain) if err != nil { log.Error("Error importing chain data to ancients", "err", err) return 0, err } size += writeSize // Sync the ancient store explicitly to ensure all data has been flushed to disk. if err := bc.db.SyncAncient(); err != nil { return 0, err } // Write hash to number mappings batch := bc.db.NewBatch() for _, block := range blockChain { rawdb.WriteHeaderNumber(batch, block.Hash(), block.NumberU64()) } if err := batch.Write(); err != nil { return 0, err } // Update the current snap block because all block data is now present in DB. if err := updateHead(blockChain[len(blockChain)-1].Header()); err != nil { return 0, err } stats.processed += int32(len(blockChain)) return 0, nil } // writeLive writes the blockchain and corresponding receipt chain to the active store. // // Notably, in different snap sync cycles, the supplied chain may partially reorganize // existing local chain segments (reorg around the chain tip). The reorganized part // will be included in the provided chain segment, and stale canonical markers will be // silently rewritten. Therefore, no explicit reorg logic is needed. writeLive := func(blockChain types.Blocks, receiptChain []rlp.RawValue) (int, error) { var ( skipPresenceCheck = false batch = bc.db.NewBatch() ) for i, block := range blockChain { // Short circuit insertion if shutting down or processing failed if bc.insertStopped() { return 0, errInsertionInterrupted } if !skipPresenceCheck { // Ignore if the entire data is already known if bc.HasBlock(block.Hash(), block.NumberU64()) { stats.ignored++ continue } else { // If block N is not present, neither are the later blocks. // This should be true, but if we are mistaken, the shortcut // here will only cause overwriting of some existing data skipPresenceCheck = true } } // Write all the data out into the database rawdb.WriteCanonicalHash(batch, block.Hash(), block.NumberU64()) rawdb.WriteBlock(batch, block) rawdb.WriteRawReceipts(batch, block.Hash(), block.NumberU64(), receiptChain[i]) // Write everything belongs to the blocks into the database. So that // we can ensure all components of body is completed(body, receipts) // except transaction indexes(will be created once sync is finished). if batch.ValueSize() >= ethdb.IdealBatchSize { if err := batch.Write(); err != nil { return 0, err } size += int64(batch.ValueSize()) batch.Reset() } stats.processed++ } // Write everything belongs to the blocks into the database. So that // we can ensure all components of body is completed(body, receipts, // tx indexes) if batch.ValueSize() > 0 { size += int64(batch.ValueSize()) if err := batch.Write(); err != nil { return 0, err } } if err := updateHead(blockChain[len(blockChain)-1].Header()); err != nil { return 0, err } return 0, nil } // Split the supplied blocks into two groups, according to the // given ancient limit. index := sort.Search(len(blockChain), func(i int) bool { return blockChain[i].NumberU64() >= ancientLimit }) if index > 0 { if n, err := writeAncient(blockChain[:index], receiptChain[:index]); err != nil { if err == errInsertionInterrupted { return 0, nil } return n, err } } if index != len(blockChain) { if n, err := writeLive(blockChain[index:], receiptChain[index:]); err != nil { if err == errInsertionInterrupted { return 0, nil } return n, err } } var ( head = blockChain[len(blockChain)-1] context = []interface{}{ "count", stats.processed, "elapsed", common.PrettyDuration(time.Since(start)), "number", head.Number(), "hash", head.Hash(), "age", common.PrettyAge(time.Unix(int64(head.Time()), 0)), "size", common.StorageSize(size), } ) if stats.ignored > 0 { context = append(context, []interface{}{"ignored", stats.ignored}...) } log.Debug("Imported new block receipts", context...) return 0, nil } // writeBlockWithoutState writes only the block and its metadata to the database, // but does not write any state. This is used to construct competing side forks // up to the point where they exceed the canonical total difficulty. func (bc *BlockChain) writeBlockWithoutState(block *types.Block) (err error) { if bc.insertStopped() { return errInsertionInterrupted } batch := bc.db.NewBatch() rawdb.WriteBlock(batch, block) if err := batch.Write(); err != nil { log.Crit("Failed to write block into disk", "err", err) } return nil } // writeKnownBlock updates the head block flag with a known block // and introduces chain reorg if necessary. func (bc *BlockChain) writeKnownBlock(block *types.Block) error { current := bc.CurrentBlock() if block.ParentHash() != current.Hash() { if err := bc.reorg(current, block.Header()); err != nil { return err } } bc.writeHeadBlock(block) return nil } // writeBlockWithState writes block, metadata and corresponding state data to the // database. func (bc *BlockChain) writeBlockWithState(block *types.Block, receipts []*types.Receipt, statedb *state.StateDB) error { if !bc.HasHeader(block.ParentHash(), block.NumberU64()-1) { return consensus.ErrUnknownAncestor } // Irrelevant of the canonical status, write the block itself to the database. // // Note all the components of block(hash->number map, header, body, receipts) // should be written atomically. BlockBatch is used for containing all components. var ( batch = bc.db.NewBatch() start = time.Now() ) rawdb.WriteBlock(batch, block) rawdb.WriteReceipts(batch, block.Hash(), block.NumberU64(), receipts) rawdb.WritePreimages(batch, statedb.Preimages()) if err := batch.Write(); err != nil { log.Crit("Failed to write block into disk", "err", err) } log.Debug("Committed block data", "size", common.StorageSize(batch.ValueSize()), "elapsed", common.PrettyDuration(time.Since(start))) var ( err error root common.Hash isEIP158 = bc.chainConfig.IsEIP158(block.Number()) isCancun = bc.chainConfig.IsCancun(block.Number(), block.Time()) hasStateHook = bc.logger != nil && bc.logger.OnStateUpdate != nil hasStateSizer = bc.stateSizer != nil ) if hasStateHook || hasStateSizer { r, update, err := statedb.CommitWithUpdate(block.NumberU64(), isEIP158, isCancun) if err != nil { return err } if hasStateHook { trUpdate, err := update.ToTracingUpdate() if err != nil { return err } bc.logger.OnStateUpdate(trUpdate) } if hasStateSizer { bc.stateSizer.Notify(update) } root = r } else { root, err = statedb.Commit(block.NumberU64(), isEIP158, isCancun) if err != nil { return err } } // If node is running in path mode, skip explicit gc operation // which is unnecessary in this mode. if bc.triedb.Scheme() == rawdb.PathScheme { return nil } // If we're running an archive node, always flush if bc.cfg.ArchiveMode { return bc.triedb.Commit(root, false) } // Full but not archive node, do proper garbage collection bc.triedb.Reference(root, common.Hash{}) // metadata reference to keep trie alive bc.triegc.Push(root, -int64(block.NumberU64())) // Flush limits are not considered for the first TriesInMemory blocks. current := block.NumberU64() // XDC opt: during bulk sync, keep more tries in memory to reduce GC churn effectiveTriesInMemory := uint64(state.TriesInMemory) if XdcBulkSyncMode.Load() && XdcBulkTriesInMemory > effectiveTriesInMemory { effectiveTriesInMemory = XdcBulkTriesInMemory } if current <= effectiveTriesInMemory { return nil } // If we exceeded our memory allowance, flush matured singleton nodes to disk var ( _, nodes, imgs = bc.triedb.Size() // all memory is contained within the nodes return for hashdb limit = common.StorageSize(bc.cfg.TrieDirtyLimit) * 1024 * 1024 ) if nodes > limit || imgs > 4*1024*1024 { bc.triedb.Cap(limit - ethdb.IdealBatchSize) } // Find the next state trie we need to commit chosen := current - effectiveTriesInMemory flushInterval := time.Duration(bc.flushInterval.Load()) // If we exceeded time allowance, flush an entire trie to disk if bc.gcproc > flushInterval { // If the header is missing (canonical chain behind), we're reorging a low // diff sidechain. Suspend committing until this operation is completed. header := bc.GetHeaderByNumber(chosen) if header == nil { log.Warn("Reorg in progress, trie commit postponed", "number", chosen) } else { // If we're exceeding limits but haven't reached a large enough memory gap, // warn the user that the system is becoming unstable. if chosen < bc.lastWrite+effectiveTriesInMemory && bc.gcproc >= 2*flushInterval { log.Info("State in memory for too long, committing", "time", bc.gcproc, "allowance", flushInterval, "optimum", float64(chosen-bc.lastWrite)/float64(effectiveTriesInMemory)) } // Flush an entire trie and restart the counters. // XDC fix: On XDC chains, GP5 computes a different state root than // the header contains (uint256/BigBalance vs v2.6.8). Trie nodes // live under GP5's root, so we must commit that root — otherwise // hashdb.Commit silently no-ops and the trie is never persisted. commitRoot := header.Root if cachedRoot, ok := XdcGetCachedStateRoot(chosen); ok { commitRoot = cachedRoot } bc.triedb.Commit(commitRoot, true) bc.lastWrite = chosen bc.gcproc = 0 } } // Garbage collect anything below our required write retention for !bc.triegc.Empty() { root, number := bc.triegc.Pop() if uint64(-number) > chosen { bc.triegc.Push(root, number) break } bc.triedb.Dereference(root) } // XDC P1: Force trie commit at checkpoint blocks. // This ensures checkpoint state (the only state with full tx execution) // is always persisted to disk. On restart, the startup repair code can // rewind to the nearest checkpoint and resume from there. // Without this, trie data stays in memory and is lost on crash/restart. // FIX #362: Extended to normal operation — previously only bulk sync was covered. if bc.chainConfig.ChainID != nil { chainID := bc.chainConfig.ChainID.Uint64() if (chainID == 50 || chainID == 51) && current%900 == 0 { // XDC fix (#308): On XDC chains, GP5 stores trie nodes under its own // computed root (differs from header root). Commit the cached GP5 root // so the trie is actually persisted to disk. commitRoot := root if cachedRoot, ok := XdcGetCachedStateRoot(current); ok { commitRoot = cachedRoot } if err := bc.triedb.Commit(commitRoot, false); err != nil { log.Error("XDC P1: checkpoint trie commit failed", "block", current, "root", commitRoot, "err", err) } else { log.Info("XDC P1: forced trie commit at checkpoint", "block", current, "root", commitRoot) bc.lastWrite = current bc.gcproc = 0 } } } // XDC: Also force-commit at V2 switch block — this is a critical consensus // transition where state must be persisted for restart safety. if bc.chainConfig.XDPoS != nil && bc.chainConfig.XDPoS.V2 != nil { switchBlock := bc.chainConfig.XDPoS.V2.SwitchBlock if switchBlock != nil && current == switchBlock.Uint64() { commitRoot := root if cachedRoot, ok := XdcGetCachedStateRoot(current); ok { commitRoot = cachedRoot } if err := bc.triedb.Commit(commitRoot, false); err != nil { log.Error("XDC: V2 switch block trie commit failed", "block", current, "root", commitRoot, "err", err) } else { log.Info("XDC: forced trie commit at V2 switch block", "block", current, "root", commitRoot) bc.lastWrite = current bc.gcproc = 0 } } } return nil } // writeBlockAndSetHead is the internal implementation of WriteBlockAndSetHead. // This function expects the chain mutex to be held. func (bc *BlockChain) writeBlockAndSetHead(block *types.Block, receipts []*types.Receipt, logs []*types.Log, state *state.StateDB, emitHeadEvent bool) (status WriteStatus, err error) { if err := bc.writeBlockWithState(block, receipts, state); err != nil { return NonStatTy, err } currentBlock := bc.CurrentBlock() // Reorganise the chain if the parent is not the head block if block.ParentHash() != currentBlock.Hash() { if err := bc.reorg(currentBlock, block.Header()); err != nil { return NonStatTy, err } } // Set new head. bc.writeHeadBlock(block) // XDC opt: during bulk sync, skip per-block chain events (they are expensive // due to subscriber overhead). Only emit every XdcChainHeadEventInterval blocks. bulkSync := XdcBulkSyncMode.Load() if !bulkSync || block.NumberU64()%XdcChainHeadEventInterval == 0 { bc.chainFeed.Send(ChainEvent{ Header: block.Header(), Receipts: receipts, Transactions: block.Transactions(), }) } if len(logs) > 0 && !bulkSync { bc.logsFeed.Send(logs) } // In theory, we should fire a ChainHeadEvent when we inject // a canonical block, but sometimes we can insert a batch of // canonical blocks. Avoid firing too many ChainHeadEvents, // we will fire an accumulated ChainHeadEvent and disable fire // event here. if emitHeadEvent { bc.chainHeadFeed.Send(ChainHeadEvent{Header: block.Header()}) } return CanonStatTy, nil } // InsertChain attempts to insert the given batch of blocks in to the canonical // chain or, otherwise, create a fork. If an error is returned it will return // the index number of the failing block as well an error describing what went // wrong. After insertion is done, all accumulated events will be fired. func (bc *BlockChain) InsertChain(chain types.Blocks) (int, error) { // Sanity check that we have something meaningful to import if len(chain) == 0 { return 0, nil } // Do a sanity check that the provided chain is actually ordered and linked. for i := 1; i < len(chain); i++ { block, prev := chain[i], chain[i-1] if block.NumberU64() != prev.NumberU64()+1 || block.ParentHash() != prev.Hash() { log.Error("Non contiguous block insert", "number", block.Number(), "hash", block.Hash(), "parent", block.ParentHash(), "prevnumber", prev.Number(), "prevhash", prev.Hash(), ) return 0, fmt.Errorf("non contiguous insert: item %d is #%d [%x..], item %d is #%d [%x..] (parent [%x..])", i-1, prev.NumberU64(), prev.Hash().Bytes()[:4], i, block.NumberU64(), block.Hash().Bytes()[:4], block.ParentHash().Bytes()[:4]) } } // Pre-checks passed, start the full block imports if !bc.chainmu.TryLock() { return 0, errChainStopped } defer bc.chainmu.Unlock() _, n, err := bc.insertChain(chain, true, false) // No witness collection for mass inserts (would get super large) return n, err } // insertChain is the internal implementation of InsertChain, which assumes that // 1) chains are contiguous, and 2) The chain mutex is held. // // This method is split out so that import batches that require re-injecting // historical blocks can do so without releasing the lock, which could lead to // racey behaviour. If a sidechain import is in progress, and the historic state // is imported, but then new canon-head is added before the actual sidechain // completes, then the historic state could be pruned again func (bc *BlockChain) insertChain(chain types.Blocks, setHead bool, makeWitness bool) (*stateless.Witness, int, error) { // If the chain is terminating, don't even bother starting up. if bc.insertStopped() { return nil, 0, nil } if atomic.AddInt32(&bc.blockProcCounter, 1) == 1 { bc.blockProcFeed.Send(true) } defer func() { if atomic.AddInt32(&bc.blockProcCounter, -1) == 0 { bc.blockProcFeed.Send(false) } }() // Start a parallel signature recovery (signer will fluke on fork transition, minimal perf loss) // XDC opt: skip sender caching during bulk sync — not needed when tx execution is skipped if !XdcBulkSyncMode.Load() { SenderCacher().RecoverFromBlocks(types.MakeSigner(bc.chainConfig, chain[0].Number(), chain[0].Time()), chain) } var ( stats = insertStats{startTime: mclock.Now()} lastCanon *types.Block ) // Fire a single chain head event if we've progressed the chain defer func() { if lastCanon != nil && bc.CurrentBlock().Hash() == lastCanon.Hash() { bc.chainHeadFeed.Send(ChainHeadEvent{Header: lastCanon.Header()}) } }() // Start the parallel header verifier headers := make([]*types.Header, len(chain)) for i, block := range chain { headers[i] = block.Header() } abort, results := bc.engine.VerifyHeaders(bc, headers) defer close(abort) // Peek the error for the first block to decide the directing import logic it := newInsertIterator(chain, results, bc.validator) block, err := it.next() // Left-trim all the known blocks that don't need to build snapshot if bc.skipBlock(err, it) { // First block (and state) is known // 1. We did a roll-back, and should now do a re-import // 2. The block is stored as a sidechain, and is lying about it's stateroot, and passes a stateroot // from the canonical chain, which has not been verified. // Skip all known blocks that are behind us. current := bc.CurrentBlock() for block != nil && bc.skipBlock(err, it) { if block.NumberU64() > current.Number.Uint64() || bc.GetCanonicalHash(block.NumberU64()) != block.Hash() { break } log.Debug("Ignoring already known block", "number", block.Number(), "hash", block.Hash()) stats.ignored++ block, err = it.next() } // The remaining blocks are still known blocks, the only scenario here is: // During the snap sync, the pivot point is already submitted but rollback // happens. Then node resets the head full block to a lower height via `rollback` // and leaves a few known blocks in the database. // // When node runs a snap sync again, it can re-import a batch of known blocks via // `insertChain` while a part of them have higher total difficulty than current // head full block(new pivot point). for block != nil && bc.skipBlock(err, it) { log.Debug("Writing previously known block", "number", block.Number(), "hash", block.Hash()) if err := bc.writeKnownBlock(block); err != nil { return nil, it.index, err } lastCanon = block block, err = it.next() } // Falls through to the block import } if err != nil { log.Debug("insertChain first block error", "block", block.NumberU64(), "err", err.Error(), "isPruned", errors.Is(err, consensus.ErrPrunedAncestor), "isUnknown", errors.Is(err, consensus.ErrUnknownAncestor), "isKnown", errors.Is(err, ErrKnownBlock)) } switch { // First block is pruned case errors.Is(err, consensus.ErrPrunedAncestor): if setHead { // First block is pruned, insert as sidechain and reorg only if TD grows enough log.Debug("Pruned ancestor, inserting as sidechain", "number", block.Number(), "hash", block.Hash()) return bc.insertSideChain(block, it, makeWitness) } else { // We're post-merge and the parent is pruned, try to recover the parent state log.Debug("Pruned ancestor", "number", block.Number(), "hash", block.Hash()) _, err := bc.recoverAncestors(block, makeWitness) return nil, it.index, err } // Some other error(except ErrKnownBlock) occurred, abort. // ErrKnownBlock is allowed here since some known blocks // still need re-execution to generate snapshots that are missing case err != nil && !errors.Is(err, ErrKnownBlock): stats.ignored += len(it.chain) bc.reportBadBlock(block, nil, err) return nil, it.index, err } // Track the singleton witness from this chain insertion (if any) var witness *stateless.Witness for ; block != nil && err == nil || errors.Is(err, ErrKnownBlock); block, err = it.next() { // If the chain is terminating, stop processing blocks if bc.insertStopped() { log.Debug("Abort during block processing") break } // If the block is known (in the middle of the chain), it's a special case for // Clique blocks where they can share state among each other, so importing an // older block might complete the state of the subsequent one. In this case, // just skip the block (we already validated it once fully (and crashed), since // its header and body was already in the database). But if the corresponding // snapshot layer is missing, forcibly rerun the execution to build it. if bc.skipBlock(err, it) { logger := log.Debug if bc.chainConfig.Clique == nil { logger = log.Warn } logger("Inserted known block", "number", block.Number(), "hash", block.Hash(), "uncles", len(block.Uncles()), "txs", len(block.Transactions()), "gas", block.GasUsed(), "root", block.Root()) // Special case. Commit the empty receipt slice if we meet the known // block in the middle. It can only happen in the clique chain. Whenever // we insert blocks via `insertSideChain`, we only commit `td`, `header` // and `body` if it's non-existent. Since we don't have receipts without // reexecution, so nothing to commit. But if the sidechain will be adopted // as the canonical chain eventually, it needs to be reexecuted for missing // state, but if it's this special case here(skip reexecution) we will lose // the empty receipt entry. if len(block.Transactions()) == 0 { rawdb.WriteReceipts(bc.db, block.Hash(), block.NumberU64(), nil) } else { log.Error("Please file an issue, skip known block execution without receipt", "hash", block.Hash(), "number", block.NumberU64()) } if err := bc.writeKnownBlock(block); err != nil { return nil, it.index, err } stats.processed++ if bc.logger != nil && bc.logger.OnSkippedBlock != nil { bc.logger.OnSkippedBlock(tracing.BlockEvent{ Block: block, Finalized: bc.CurrentFinalBlock(), Safe: bc.CurrentSafeBlock(), }) } // We can assume that logs are empty here, since the only way for consecutive // Clique blocks to have the same state is if there are no transactions. lastCanon = block continue } // Retrieve the parent block and it's state to execute on top parent := it.previous() if parent == nil { parent = bc.GetHeader(block.ParentHash(), block.NumberU64()-1) } // XDC v114: If parent is nil and this block is a trusted checkpoint, // use an empty state root. During bulk sync, TX execution is skipped // so the state root doesn't matter. The checkpoint is trusted. parentRoot := common.Hash{} if parent != nil { parentRoot = parent.Root } else if bc.chainConfig.XDPoS != nil { for _, cp := range bc.chainConfig.TrustedSyncCheckpoints { if cp != nil && cp.Number == block.NumberU64() && cp.Hash == block.Hash() { parentRoot = types.EmptyRootHash log.Info("XDC sync: using empty state root for trusted checkpoint (parent missing)", "block", block.NumberU64()) break } } } if parentRoot == (common.Hash{}) && parent == nil { return nil, it.index, consensus.ErrUnknownAncestor } // The traced section of block import. start := time.Now() // XDC: Use cached state root if available (GP5 computes different roots than v2.6.8) if cachedRoot, ok := XdcGetCachedStateRoot(block.NumberU64() - 1); ok { parentRoot = cachedRoot } // P5d FIX: When checkpoint sync without state is active, the parent state // is intentionally missing. Use empty root hash so ProcessBlock can create // an empty statedb and skip execution/validation. // This MUST be after the XDC cache lookup to override any cached real state root. if parentRoot != (common.Hash{}) && bc.checkpointSyncNoState.Load() { if !bc.HasState(parentRoot) { if block.NumberU64()%1000 == 0 { log.Info("XDC sync: checkpointSyncNoState active, parent state missing — using empty state root", "block", block.NumberU64(), "parentRoot", parentRoot.Hex()[:16]) } parentRoot = types.EmptyRootHash } } res, err := bc.ProcessBlock(parentRoot, block, setHead, makeWitness && len(chain) == 1) if err != nil { return nil, it.index, err } res.stats.reportMetrics() // Log slow block only if a single block is inserted (usually after the // initial sync) to not overwhelm the users. if len(chain) == 1 { res.stats.logSlow(block, bc.slowBlockThreshold) } // Report the import stats before returning the various results stats.processed++ stats.usedGas += res.usedGas witness = res.witness var snapDiffItems, snapBufItems common.StorageSize if bc.snaps != nil { snapDiffItems, snapBufItems = bc.snaps.Size() } trieDiffNodes, trieBufNodes, _ := bc.triedb.Size() stats.report(chain, it.index, snapDiffItems, snapBufItems, trieDiffNodes, trieBufNodes, setHead) // Print confirmation that a future fork is scheduled, but not yet active. bc.logForkReadiness(block) if !setHead { // After merge we expect few side chains. Simply count // all blocks the CL gives us for GC processing time bc.gcproc += res.procTime return witness, it.index, nil // Direct block insertion of a single block } switch res.status { case CanonStatTy: log.Debug("Inserted new block", "number", block.Number(), "hash", block.Hash(), "uncles", len(block.Uncles()), "txs", len(block.Transactions()), "gas", block.GasUsed(), "elapsed", common.PrettyDuration(time.Since(start)), "root", block.Root()) lastCanon = block // Only count canonical blocks for GC processing time bc.gcproc += res.procTime case SideStatTy: log.Debug("Inserted forked block", "number", block.Number(), "hash", block.Hash(), "diff", block.Difficulty(), "elapsed", common.PrettyDuration(time.Since(start)), "txs", len(block.Transactions()), "gas", block.GasUsed(), "uncles", len(block.Uncles()), "root", block.Root()) default: // This in theory is impossible, but lets be nice to our future selves and leave // a log, instead of trying to track down blocks imports that don't emit logs. log.Warn("Inserted block with unknown status", "number", block.Number(), "hash", block.Hash(), "diff", block.Difficulty(), "elapsed", common.PrettyDuration(time.Since(start)), "txs", len(block.Transactions()), "gas", block.GasUsed(), "uncles", len(block.Uncles()), "root", block.Root()) } } stats.ignored += it.remaining() return witness, it.index, err } // blockProcessingResult is a summary of block processing // used for updating the stats. type blockProcessingResult struct { usedGas uint64 procTime time.Duration status WriteStatus witness *stateless.Witness stats *ExecuteStats } func (bpr *blockProcessingResult) Witness() *stateless.Witness { return bpr.witness } func (bpr *blockProcessingResult) Stats() *ExecuteStats { return bpr.stats } // ProcessBlock executes and validates the given block. If there was no error // it writes the block and associated state to database. func (bc *BlockChain) ProcessBlock(parentRoot common.Hash, block *types.Block, setHead bool, makeWitness bool) (result *blockProcessingResult, blockEndErr error) { var ( err error startTime = time.Now() statedb *state.StateDB interrupt atomic.Bool ) defer interrupt.Store(true) // terminate the prefetch at the end // P5c: When checkpoint sync without state is active, ALL blocks (including // checkpoint blocks that normally require TX execution) must use an empty // state because the parent state is not available. checkpointSyncNoState := bc.checkpointSyncNoState.Load() if bc.cfg.NoPrefetch || checkpointSyncNoState { statedb, err = state.New(parentRoot, bc.statedb) if err != nil { // XDC: When checkpoint sync without state is active and the parent state // is missing, create an empty state. TX execution will be skipped anyway // (checkpoint sync without state), so we just need a valid statedb // for Finalize/ValidateState which are also skipped during checkpoint sync. // // P5b: Auto-detect checkpoint sync without state. If the flag is not set // but the parent state is missing and we're in bulk sync, this means the // checkpoint anchor was inserted in a previous run and the flag was not // persisted. Enable it now. if checkpointSyncNoState { // Only log every 1000th block to avoid spam if block.NumberU64()%1000 == 0 { log.Warn("BlockChain: parent state missing during checkpoint sync, using empty state", "parentRoot", parentRoot.Hex()[:16], "block", block.NumberU64()) } statedb, err = state.New(types.EmptyRootHash, bc.statedb) if err != nil { return nil, err } } else if XdcBulkSyncMode.Load() { // P0 FIX: Auto-detect checkpoint sync without state during bulk sync. // The checkpoint anchor was inserted in a previous run but the flag // was not persisted. Enable checkpointSyncNoState now and retry. log.Warn("BlockChain: auto-detected checkpoint sync without state — parent state missing during bulk sync", "parentRoot", parentRoot.Hex()[:16], "block", block.NumberU64()) bc.checkpointSyncNoState.Store(true) // P0 FIX: Persist the flag to DB so it survives future restarts rawdb.WriteCheckpointSyncNoState(bc.db, true) statedb, err = state.New(types.EmptyRootHash, bc.statedb) if err != nil { return nil, err } } else { return nil, err } } } else { // If prefetching is enabled, run that against the current state to pre-cache // transactions and probabilistically some of the account/storage trie nodes. // // Note: the main processor and prefetcher share the same reader with a local // cache for mitigating the overhead of state access. prefetch, process, err := bc.statedb.ReadersWithCacheStats(parentRoot) if err != nil { // v162 FIX: During true genesis sync from block 0, parent state may not // be available for early blocks because state is built incrementally. // Enable checkpointSyncNoState mode for the first 1000 blocks to allow // genesis sync to proceed without requiring full state for every block. if bc.chainConfig.XDPoS != nil && block.NumberU64() <= 1000 { log.Info("BlockChain: genesis sync early block — enabling checkpointSyncNoState for missing parent state", "block", block.NumberU64(), "parentRoot", parentRoot.Hex()[:16]) bc.checkpointSyncNoState.Store(true) rawdb.WriteCheckpointSyncNoState(bc.db, true) statedb, err = state.New(types.EmptyRootHash, bc.statedb) if err != nil { return nil, err } } else { return nil, err } } else { throwaway, err := state.NewWithReader(parentRoot, bc.statedb, prefetch) if err != nil { return nil, err } statedb, err = state.NewWithReader(parentRoot, bc.statedb, process) if err != nil { return nil, err } // Upload the statistics of reader at the end defer func() { if result != nil { result.stats.StatePrefetchCacheStats = prefetch.GetStats() result.stats.StateReadCacheStats = process.GetStats() } }() go func(start time.Time, throwaway *state.StateDB, block *types.Block) { // Disable tracing for prefetcher executions. vmCfg := bc.cfg.VmConfig vmCfg.Tracer = nil bc.prefetcher.Prefetch(block, throwaway, vmCfg, &interrupt) blockPrefetchExecuteTimer.Update(time.Since(start)) if interrupt.Load() { blockPrefetchInterruptMeter.Mark(1) } }(time.Now(), throwaway, block) } } // If we are past Byzantium, enable prefetching to pull in trie node paths // while processing transactions. Before Byzantium the prefetcher is mostly // useless due to the intermediate root hashing after each transaction. var ( witness *stateless.Witness witnessStats *stateless.WitnessStats ) if bc.chainConfig.IsByzantium(block.Number()) { // Generate witnesses either if we're self-testing, or if it's the // only block being inserted. A bit crude, but witnesses are huge, // so we refuse to make an entire chain of them. if bc.cfg.VmConfig.StatelessSelfValidation || makeWitness { witness, err = stateless.NewWitness(block.Header(), bc) if err != nil { return nil, err } if bc.cfg.VmConfig.EnableWitnessStats { witnessStats = stateless.NewWitnessStats() } } statedb.StartPrefetcher("chain", witness, witnessStats) defer statedb.StopPrefetcher() } if bc.logger != nil && bc.logger.OnBlockStart != nil { bc.logger.OnBlockStart(tracing.BlockEvent{ Block: block, Finalized: bc.CurrentFinalBlock(), Safe: bc.CurrentSafeBlock(), }) } if bc.logger != nil && bc.logger.OnBlockEnd != nil { defer func() { bc.logger.OnBlockEnd(blockEndErr) }() } // Process block using the parent state as reference point var res *ProcessResult var ptime time.Duration // P5c: When checkpoint sync without state is active, skip ALL execution // including checkpoint blocks. The parent state is not available, so we // cannot execute transactions or compute rewards. Return empty results. if bc.checkpointSyncNoState.Load() { // Log only every 1000th block to avoid spam during bulk sync if block.NumberU64()%1000 == 0 { log.Info("BlockChain: checkpoint sync without state — skipping execution/validation", "block", block.NumberU64()) } res = &ProcessResult{ Receipts: types.Receipts{}, Logs: nil, GasUsed: 0, } ptime = 0 } else { pstart := time.Now() res, err = bc.processor.Process(block, statedb, bc.cfg.VmConfig) if err != nil { bc.reportBadBlock(block, res, err) return nil, err } ptime = time.Since(pstart) } vstart := time.Now() // XDC: Skip state validation when in checkpoint sync without state mode. // In this mode, the pre-state at the checkpoint is not available, so we // cannot validate the state root. State is built incrementally as blocks // are processed. // NOTE: We do NOT auto-clear this flag. The flag must be explicitly disabled // by restarting the node without --checkpointSyncNoState. Auto-clearing // caused issues where partial state was detected as "available" but was // actually incomplete, causing missing trie node errors. if !bc.checkpointSyncNoState.Load() { if err := bc.validator.ValidateState(block, statedb, res, false); err != nil { bc.reportBadBlock(block, res, err) return nil, err } } vtime := time.Since(vstart) // If witnesses was generated and stateless self-validation requested, do // that now. Self validation should *never* run in production, it's more of // a tight integration to enable running *all* consensus tests through the // witness builder/runner, which would otherwise be impossible due to the // various invalid chain states/behaviors being contained in those tests. xvstart := time.Now() if witness := statedb.Witness(); witness != nil && bc.cfg.VmConfig.StatelessSelfValidation { log.Warn("Running stateless self-validation", "block", block.Number(), "hash", block.Hash()) // Remove critical computed fields from the block to force true recalculation context := block.Header() context.Root = common.Hash{} context.ReceiptHash = common.Hash{} task := types.NewBlockWithHeader(context).WithBody(*block.Body()) // Run the stateless self-cross-validation crossStateRoot, crossReceiptRoot, err := ExecuteStateless(bc.chainConfig, bc.cfg.VmConfig, task, witness) if err != nil { return nil, fmt.Errorf("stateless self-validation failed: %v", err) } if crossStateRoot != block.Root() { return nil, fmt.Errorf("stateless self-validation root mismatch (cross: %x local: %x)", crossStateRoot, block.Root()) } if crossReceiptRoot != block.ReceiptHash() { return nil, fmt.Errorf("stateless self-validation receipt root mismatch (cross: %x local: %x)", crossReceiptRoot, block.ReceiptHash()) } } var ( xvtime = time.Since(xvstart) proctime = time.Since(startTime) // processing + validation + cross validation stats = &ExecuteStats{} ) // Update the metrics touched during block processing and validation stats.AccountReads = statedb.AccountReads // Account reads are complete(in processing) stats.StorageReads = statedb.StorageReads // Storage reads are complete(in processing) stats.AccountUpdates = statedb.AccountUpdates // Account updates are complete(in validation) stats.StorageUpdates = statedb.StorageUpdates // Storage updates are complete(in validation) stats.AccountHashes = statedb.AccountHashes // Account hashes are complete(in validation) stats.CodeReads = statedb.CodeReads stats.AccountLoaded = statedb.AccountLoaded stats.AccountUpdated = statedb.AccountUpdated stats.AccountDeleted = statedb.AccountDeleted stats.StorageLoaded = statedb.StorageLoaded stats.StorageUpdated = int(statedb.StorageUpdated.Load()) stats.StorageDeleted = int(statedb.StorageDeleted.Load()) stats.CodeLoaded = statedb.CodeLoaded stats.CodeLoadBytes = statedb.CodeLoadBytes stats.CodeUpdated = statedb.CodeUpdated stats.CodeUpdateBytes = statedb.CodeUpdateBytes stats.Execution = ptime - (statedb.AccountReads + statedb.StorageReads + statedb.CodeReads) // The time spent on EVM processing stats.Validation = vtime - (statedb.AccountHashes + statedb.AccountUpdates + statedb.StorageUpdates) // The time spent on block validation stats.CrossValidation = xvtime // The time spent on stateless cross validation // Write the block to the chain and get the status. // // XDC P1 optimization: During bulk sync for non-checkpoint blocks (tx execution // was skipped in Process()), write block data and advance chain head WITHOUT // committing state to triedb. The state is unchanged from the parent (last // checkpoint), so there's nothing new to commit. This eliminates the per-block // overhead of statedb.Commit + triedb.Reference + GC for ~899/900 blocks. // // Checkpoint blocks (every 900) go through the normal writeBlockAndSetHead path // which commits state and force-flushes triedb to disk for restart safety. // // On restart: chain head may point to a block without persisted state. The startup // repair code (NewBlockChain) uses the XDC state root cache to find the nearest // block with committed state and rewinds there. Since checkpoints are committed // every 900 blocks, rewind is at most 899 blocks. xdcSkipStateCommit := false if XdcBulkSyncMode.Load() && bc.chainConfig.ChainID != nil { chainID := bc.chainConfig.ChainID.Uint64() if (chainID == 50 || chainID == 51) && block.NumberU64()%900 != 0 { xdcSkipStateCommit = true } } var ( wstart = time.Now() status WriteStatus ) if xdcSkipStateCommit && setHead { // XDC P1: Write block data + advance head in one batch, skip state commit. // This is the fast path for ~899/900 blocks during bulk sync. batch := bc.db.NewBatch() rawdb.WriteBlock(batch, block) rawdb.WriteReceipts(batch, block.Hash(), block.NumberU64(), res.Receipts) rawdb.WriteHeadHeaderHash(batch, block.Hash()) rawdb.WriteHeadFastBlockHash(batch, block.Hash()) rawdb.WriteCanonicalHash(batch, block.Hash(), block.NumberU64()) rawdb.WriteTxLookupEntriesByBlock(batch, block) rawdb.WriteHeadBlockHash(batch, block.Hash()) if err := batch.Write(); err != nil { return nil, fmt.Errorf("failed to write block data: %w", err) } // Update in-memory chain markers (mirrors writeHeadBlock) bc.hc.SetCurrentHeader(block.Header()) bc.currentSnapBlock.Store(block.Header()) headFastBlockGauge.Update(int64(block.NumberU64())) bc.currentBlock.Store(block.Header()) headBlockGauge.Update(int64(block.NumberU64())) // Emit chain event (mirrors writeBlockAndSetHead) bc.chainFeed.Send(ChainEvent{ Header: block.Header(), Receipts: res.Receipts, Transactions: block.Transactions(), }) status = CanonStatTy } else if !setHead { // Don't set the head, only insert the block err = bc.writeBlockWithState(block, res.Receipts, statedb) } else { status, err = bc.writeBlockAndSetHead(block, res.Receipts, res.Logs, statedb, false) } if err != nil { return nil, err } // Report the collected witness statistics if witnessStats != nil { witnessStats.ReportMetrics(block.NumberU64()) } // Update the metrics touched during block commit stats.AccountCommits = statedb.AccountCommits // Account commits are complete, we can mark them stats.StorageCommits = statedb.StorageCommits // Storage commits are complete, we can mark them stats.SnapshotCommit = statedb.SnapshotCommits // Snapshot commits are complete, we can mark them stats.TrieDBCommit = statedb.TrieDBCommits // Trie database commits are complete, we can mark them stats.BlockWrite = time.Since(wstart) - max(statedb.AccountCommits, statedb.StorageCommits) /* concurrent */ - statedb.SnapshotCommits - statedb.TrieDBCommits elapsed := time.Since(startTime) + 1 // prevent zero division stats.TotalTime = elapsed stats.MgasPerSecond = float64(res.GasUsed) * 1000 / float64(elapsed) return &blockProcessingResult{ usedGas: res.GasUsed, procTime: proctime, status: status, witness: witness, stats: stats, }, nil } // insertSideChain is called when an import batch hits upon a pruned ancestor // error, which happens when a sidechain with a sufficiently old fork-block is // found. // // The method writes all (header-and-body-valid) blocks to disk, then tries to // switch over to the new chain if the TD exceeded the current chain. // insertSideChain is only used pre-merge. func (bc *BlockChain) insertSideChain(block *types.Block, it *insertIterator, makeWitness bool) (*stateless.Witness, int, error) { var current = bc.CurrentBlock() // The first sidechain block error is already verified to be ErrPrunedAncestor. // Since we don't import them here, we expect ErrUnknownAncestor for the remaining // ones. Any other errors means that the block is invalid, and should not be written // to disk. err := consensus.ErrPrunedAncestor for ; block != nil && errors.Is(err, consensus.ErrPrunedAncestor); block, err = it.next() { // Check the canonical state root for that number if number := block.NumberU64(); current.Number.Uint64() >= number { canonical := bc.GetBlockByNumber(number) if canonical != nil && canonical.Hash() == block.Hash() { // Not a sidechain block, this is a re-import of a canon block which has it's state pruned continue } if canonical != nil && canonical.Root() == block.Root() { // This is most likely a shadow-state attack. When a fork is imported into the // database, and it eventually reaches a block height which is not pruned, we // just found that the state already exist! This means that the sidechain block // refers to a state which already exists in our canon chain. // // If left unchecked, we would now proceed importing the blocks, without actually // having verified the state of the previous blocks. log.Warn("Sidechain ghost-state attack detected", "number", block.NumberU64(), "sideroot", block.Root(), "canonroot", canonical.Root()) // If someone legitimately side-mines blocks, they would still be imported as usual. However, // we cannot risk writing unverified blocks to disk when they obviously target the pruning // mechanism. return nil, it.index, errors.New("sidechain ghost-state attack") } } if !bc.HasBlock(block.Hash(), block.NumberU64()) { start := time.Now() if err := bc.writeBlockWithoutState(block); err != nil { return nil, it.index, err } log.Debug("Injected sidechain block", "number", block.Number(), "hash", block.Hash(), "diff", block.Difficulty(), "elapsed", common.PrettyDuration(time.Since(start)), "txs", len(block.Transactions()), "gas", block.GasUsed(), "uncles", len(block.Uncles()), "root", block.Root()) } } // Gather all the sidechain hashes (full blocks may be memory heavy) var ( hashes []common.Hash numbers []uint64 ) parent := it.previous() for parent != nil && !bc.HasState(parent.Root) { if bc.stateRecoverable(parent.Root) { if err := bc.triedb.Recover(parent.Root); err != nil { return nil, 0, err } break } hashes = append(hashes, parent.Hash()) numbers = append(numbers, parent.Number.Uint64()) parent = bc.GetHeader(parent.ParentHash, parent.Number.Uint64()-1) } if parent == nil { return nil, it.index, errors.New("missing parent") } // Import all the pruned blocks to make the state available var ( blocks []*types.Block memory uint64 ) for i := len(hashes) - 1; i >= 0; i-- { // Append the next block to our batch block := bc.GetBlock(hashes[i], numbers[i]) blocks = append(blocks, block) memory += block.Size() // If memory use grew too large, import and continue. Sadly we need to discard // all raised events and logs from notifications since we're too heavy on the // memory here. if len(blocks) >= 2048 || memory > 64*1024*1024 { log.Info("Importing heavy sidechain segment", "blocks", len(blocks), "start", blocks[0].NumberU64(), "end", block.NumberU64()) if _, _, err := bc.insertChain(blocks, true, false); err != nil { return nil, 0, err } blocks, memory = blocks[:0], 0 // If the chain is terminating, stop processing blocks if bc.insertStopped() { log.Debug("Abort during blocks processing") return nil, 0, nil } } } if len(blocks) > 0 { log.Info("Importing sidechain segment", "start", blocks[0].NumberU64(), "end", blocks[len(blocks)-1].NumberU64()) return bc.insertChain(blocks, true, makeWitness) } return nil, 0, nil } // recoverAncestors finds the closest ancestor with available state and re-execute // all the ancestor blocks since that. // recoverAncestors is only used post-merge. // We return the hash of the latest block that we could correctly validate. func (bc *BlockChain) recoverAncestors(block *types.Block, makeWitness bool) (common.Hash, error) { // Gather all the sidechain hashes (full blocks may be memory heavy) var ( hashes []common.Hash numbers []uint64 parent = block ) for parent != nil && !bc.HasState(parent.Root()) { if bc.stateRecoverable(parent.Root()) { if err := bc.triedb.Recover(parent.Root()); err != nil { return common.Hash{}, err } break } hashes = append(hashes, parent.Hash()) numbers = append(numbers, parent.NumberU64()) parent = bc.GetBlock(parent.ParentHash(), parent.NumberU64()-1) // If the chain is terminating, stop iteration if bc.insertStopped() { log.Debug("Abort during blocks iteration") return common.Hash{}, errInsertionInterrupted } } if parent == nil { return common.Hash{}, errors.New("missing parent") } // Import all the pruned blocks to make the state available for i := len(hashes) - 1; i >= 0; i-- { // If the chain is terminating, stop processing blocks if bc.insertStopped() { log.Debug("Abort during blocks processing") return common.Hash{}, errInsertionInterrupted } var b *types.Block if i == 0 { b = block } else { b = bc.GetBlock(hashes[i], numbers[i]) } if _, _, err := bc.insertChain(types.Blocks{b}, false, makeWitness && i == 0); err != nil { return b.ParentHash(), err } } return block.Hash(), nil } // collectLogs collects the logs that were generated or removed during the // processing of a block. These logs are later announced as deleted or reborn. func (bc *BlockChain) collectLogs(b *types.Block, removed bool) []*types.Log { _, logs := bc.collectReceiptsAndLogs(b, removed) return logs } // collectReceiptsAndLogs retrieves receipts from the database and returns both receipts and logs. // This avoids duplicate database reads when both are needed. func (bc *BlockChain) collectReceiptsAndLogs(b *types.Block, removed bool) ([]*types.Receipt, []*types.Log) { var blobGasPrice *big.Int if b.ExcessBlobGas() != nil { blobGasPrice = eip4844.CalcBlobFee(bc.chainConfig, b.Header()) } receipts := rawdb.ReadRawReceipts(bc.db, b.Hash(), b.NumberU64()) if err := receipts.DeriveFields(bc.chainConfig, b.Hash(), b.NumberU64(), b.Time(), b.BaseFee(), blobGasPrice, b.Transactions()); err != nil { log.Error("Failed to derive block receipts fields", "hash", b.Hash(), "number", b.NumberU64(), "err", err) } var logs []*types.Log for _, receipt := range receipts { for _, log := range receipt.Logs { if removed { log.Removed = true } logs = append(logs, log) } } return receipts, logs } // reorg takes two blocks, an old chain and a new chain and will reconstruct the // blocks and inserts them to be part of the new canonical chain and accumulates // potential missing transactions and post an event about them. // // Note the new head block won't be processed here, callers need to handle it // externally. func (bc *BlockChain) reorg(oldHead *types.Header, newHead *types.Header) error { var ( newChain []*types.Header oldChain []*types.Header commonBlock *types.Header ) // Reduce the longer chain to the same number as the shorter one if oldHead.Number.Uint64() > newHead.Number.Uint64() { // Old chain is longer, gather all transactions and logs as deleted ones for ; oldHead != nil && oldHead.Number.Uint64() != newHead.Number.Uint64(); oldHead = bc.GetHeader(oldHead.ParentHash, oldHead.Number.Uint64()-1) { oldChain = append(oldChain, oldHead) } } else { // New chain is longer, stash all blocks away for subsequent insertion for ; newHead != nil && newHead.Number.Uint64() != oldHead.Number.Uint64(); newHead = bc.GetHeader(newHead.ParentHash, newHead.Number.Uint64()-1) { newChain = append(newChain, newHead) } } if oldHead == nil { return errInvalidOldChain } if newHead == nil { return errInvalidNewChain } // Both sides of the reorg are at the same number, reduce both until the common // ancestor is found for { // If the common ancestor was found, bail out if oldHead.Hash() == newHead.Hash() { commonBlock = oldHead break } // Remove an old block as well as stash away a new block oldChain = append(oldChain, oldHead) newChain = append(newChain, newHead) // Step back with both chains oldHead = bc.GetHeader(oldHead.ParentHash, oldHead.Number.Uint64()-1) if oldHead == nil { return errInvalidOldChain } newHead = bc.GetHeader(newHead.ParentHash, newHead.Number.Uint64()-1) if newHead == nil { return errInvalidNewChain } } // Ensure the user sees large reorgs if len(oldChain) > 0 && len(newChain) > 0 { logFn := log.Info msg := "Chain reorg detected" if len(oldChain) > 63 { msg = "Large chain reorg detected" logFn = log.Warn } logFn(msg, "number", commonBlock.Number, "hash", commonBlock.Hash(), "drop", len(oldChain), "dropfrom", oldChain[0].Hash(), "add", len(newChain), "addfrom", newChain[0].Hash()) blockReorgAddMeter.Mark(int64(len(newChain))) blockReorgDropMeter.Mark(int64(len(oldChain))) blockReorgMeter.Mark(1) } else if len(newChain) > 0 { // Special case happens in the post merge stage that current head is // the ancestor of new head while these two blocks are not consecutive log.Info("Extend chain", "add", len(newChain), "number", newChain[0].Number, "hash", newChain[0].Hash()) blockReorgAddMeter.Mark(int64(len(newChain))) } else { // len(newChain) == 0 && len(oldChain) > 0 // rewind the canonical chain to a lower point. log.Error("Impossible reorg, please file an issue", "oldnum", oldHead.Number, "oldhash", oldHead.Hash(), "oldblocks", len(oldChain), "newnum", newHead.Number, "newhash", newHead.Hash(), "newblocks", len(newChain)) } // Acquire the tx-lookup lock before mutation. This step is essential // as the txlookups should be changed atomically, and all subsequent // reads should be blocked until the mutation is complete. bc.txLookupLock.Lock() // Reorg can be executed, start reducing the chain's old blocks and appending // the new blocks var ( deletedTxs []common.Hash rebirthTxs []common.Hash deletedLogs []*types.Log rebirthLogs []*types.Log ) // Deleted log emission on the API uses forward order, which is borked, but // we'll leave it in for legacy reasons. // // TODO(karalabe): This should be nuked out, no idea how, deprecate some APIs? { for i := len(oldChain) - 1; i >= 0; i-- { block := bc.GetBlock(oldChain[i].Hash(), oldChain[i].Number.Uint64()) if block == nil { return errInvalidOldChain // Corrupt database, mostly here to avoid weird panics } if logs := bc.collectLogs(block, true); len(logs) > 0 { deletedLogs = append(deletedLogs, logs...) } if len(deletedLogs) > 512 { bc.rmLogsFeed.Send(RemovedLogsEvent{deletedLogs}) deletedLogs = nil } } if len(deletedLogs) > 0 { bc.rmLogsFeed.Send(RemovedLogsEvent{deletedLogs}) } } // Undo old blocks in reverse order for i := 0; i < len(oldChain); i++ { // Collect all the deleted transactions block := bc.GetBlock(oldChain[i].Hash(), oldChain[i].Number.Uint64()) if block == nil { return errInvalidOldChain // Corrupt database, mostly here to avoid weird panics } for _, tx := range block.Transactions() { deletedTxs = append(deletedTxs, tx.Hash()) } // Collect deleted logs and emit them for new integrations if logs := bc.collectLogs(block, true); len(logs) > 0 { // Emit revertals latest first, older then slices.Reverse(logs) // TODO(karalabe): Hook into the reverse emission part } } // Apply new blocks in forward order for i := len(newChain) - 1; i >= 1; i-- { // Collect all the included transactions block := bc.GetBlock(newChain[i].Hash(), newChain[i].Number.Uint64()) if block == nil { return errInvalidNewChain // Corrupt database, mostly here to avoid weird panics } for _, tx := range block.Transactions() { rebirthTxs = append(rebirthTxs, tx.Hash()) } // Collect inserted logs and emit them if logs := bc.collectLogs(block, false); len(logs) > 0 { rebirthLogs = append(rebirthLogs, logs...) } if len(rebirthLogs) > 512 { bc.logsFeed.Send(rebirthLogs) rebirthLogs = nil } // Update the head block bc.writeHeadBlock(block) } if len(rebirthLogs) > 0 { bc.logsFeed.Send(rebirthLogs) } // Delete useless indexes right now which includes the non-canonical // transaction indexes, canonical chain indexes which above the head. batch := bc.db.NewBatch() for _, tx := range types.HashDifference(deletedTxs, rebirthTxs) { rawdb.DeleteTxLookupEntry(batch, tx) } // Delete all hash markers that are not part of the new canonical chain. // Because the reorg function does not handle new chain head, all hash // markers greater than or equal to new chain head should be deleted. number := commonBlock.Number if len(newChain) > 1 { number = newChain[1].Number } for i := number.Uint64() + 1; ; i++ { hash := rawdb.ReadCanonicalHash(bc.db, i) if hash == (common.Hash{}) { break } rawdb.DeleteCanonicalHash(batch, i) } if err := batch.Write(); err != nil { log.Crit("Failed to delete useless indexes", "err", err) } // Reset the tx lookup cache to clear stale txlookup cache. bc.txLookupCache.Purge() // Release the tx-lookup lock after mutation. bc.txLookupLock.Unlock() return nil } // InsertBlockWithoutSetHead executes the block, runs the necessary verification // upon it and then persist the block and the associate state into the database. // The key difference between the InsertChain is it won't do the canonical chain // updating. It relies on the additional SetCanonical call to finalize the entire // procedure. func (bc *BlockChain) InsertBlockWithoutSetHead(block *types.Block, makeWitness bool) (*stateless.Witness, error) { if !bc.chainmu.TryLock() { return nil, errChainStopped } defer bc.chainmu.Unlock() witness, _, err := bc.insertChain(types.Blocks{block}, false, makeWitness) return witness, err } // SetCanonical rewinds the chain to set the new head block as the specified // block. It's possible that the state of the new head is missing, and it will // be recovered in this function as well. func (bc *BlockChain) SetCanonical(head *types.Block) (common.Hash, error) { if !bc.chainmu.TryLock() { return common.Hash{}, errChainStopped } defer bc.chainmu.Unlock() // Re-execute the reorged chain in case the head state is missing. if !bc.HasState(head.Root()) { if latestValidHash, err := bc.recoverAncestors(head, false); err != nil { return latestValidHash, err } log.Info("Recovered head state", "number", head.Number(), "hash", head.Hash()) } // Run the reorg if necessary and set the given block as new head. start := time.Now() if head.ParentHash() != bc.CurrentBlock().Hash() { if err := bc.reorg(bc.CurrentBlock(), head.Header()); err != nil { return common.Hash{}, err } } bc.writeHeadBlock(head) // Emit events receipts, logs := bc.collectReceiptsAndLogs(head, false) bc.chainFeed.Send(ChainEvent{ Header: head.Header(), Receipts: receipts, Transactions: head.Transactions(), }) if len(logs) > 0 { bc.logsFeed.Send(logs) } bc.chainHeadFeed.Send(ChainHeadEvent{Header: head.Header()}) context := []interface{}{ "number", head.Number(), "hash", head.Hash(), "root", head.Root(), "elapsed", time.Since(start), } if timestamp := time.Unix(int64(head.Time()), 0); time.Since(timestamp) > time.Minute { context = append(context, []interface{}{"age", common.PrettyAge(timestamp)}...) } log.Info("Chain head was updated", context...) return head.Hash(), nil } // skipBlock returns 'true', if the block being imported can be skipped over, meaning // that the block does not need to be processed but can be considered already fully 'done'. func (bc *BlockChain) skipBlock(err error, it *insertIterator) bool { // We can only ever bypass processing if the only error returned by the validator // is ErrKnownBlock, which means all checks passed, but we already have the block // and state. if !errors.Is(err, ErrKnownBlock) { return false } // If we're not using snapshots, we can skip this, since we have both block // and (trie-) state if bc.snaps == nil { return true } var ( header = it.current() // header can't be nil parentRoot common.Hash ) // If we also have the snapshot-state, we can skip the processing. if bc.snaps.Snapshot(header.Root) != nil { return true } // In this case, we have the trie-state but not snapshot-state. If the parent // snapshot-state exists, we need to process this in order to not get a gap // in the snapshot layers. // Resolve parent block if parent := it.previous(); parent != nil { parentRoot = parent.Root } else if parent = bc.GetHeaderByHash(header.ParentHash); parent != nil { parentRoot = parent.Root } if parentRoot == (common.Hash{}) { return false // Theoretically impossible case } // Parent is also missing snapshot: we can skip this. Otherwise process. if bc.snaps.Snapshot(parentRoot) == nil { return true } return false } // reportBadBlock logs a bad block error. func (bc *BlockChain) reportBadBlock(block *types.Block, res *ProcessResult, err error) { var receipts types.Receipts if res != nil { receipts = res.Receipts } rawdb.WriteBadBlock(bc.db, block) log.Error(summarizeBadBlock(block, receipts, bc.Config(), err)) } // logForkReadiness will write a log when a future fork is scheduled, but not // active. This is useful so operators know their client is ready for the fork. func (bc *BlockChain) logForkReadiness(block *types.Block) { current := bc.Config().LatestFork(block.Time()) // Short circuit if the timestamp of the last fork is undefined. t := bc.Config().Timestamp(current + 1) if t == nil { return } at := time.Unix(int64(*t), 0) // Only log if: // - Current time is before the fork activation time // - Enough time has passed since last alert now := time.Now() if now.Before(at) && now.After(bc.lastForkReadyAlert.Add(forkReadyInterval)) { log.Info("Ready for fork activation", "fork", current+1, "date", at.Format(time.RFC822), "remaining", time.Until(at).Round(time.Second), "timestamp", at.Unix()) bc.lastForkReadyAlert = time.Now() } } // summarizeBadBlock returns a string summarizing the bad block and other // relevant information. func summarizeBadBlock(block *types.Block, receipts []*types.Receipt, config *params.ChainConfig, err error) string { var receiptString string for i, receipt := range receipts { receiptString += fmt.Sprintf("\n %d: cumulative: %v gas: %v contract: %v status: %v tx: %v logs: %v bloom: %x state: %x", i, receipt.CumulativeGasUsed, receipt.GasUsed, receipt.ContractAddress.Hex(), receipt.Status, receipt.TxHash.Hex(), receipt.Logs, receipt.Bloom, receipt.PostState) } version, vcs := version.Info() platform := fmt.Sprintf("%s %s %s %s", version, runtime.Version(), runtime.GOARCH, runtime.GOOS) if vcs != "" { vcs = fmt.Sprintf("\nVCS: %s", vcs) } return fmt.Sprintf(` ########## BAD BLOCK ######### Block: %v (%#x) Error: %v Platform: %v%v Chain config: %#v Receipts: %v ############################## `, block.Number(), block.Hash(), err, platform, vcs, config, receiptString) } // InsertHeaderChain attempts to insert the given header chain in to the local // chain, possibly creating a reorg. If an error is returned, it will return the // index number of the failing header as well an error describing what went wrong. func (bc *BlockChain) InsertHeaderChain(chain []*types.Header) (int, error) { if len(chain) == 0 { return 0, nil } start := time.Now() if i, err := bc.hc.ValidateHeaderChain(chain); err != nil { return i, err } if !bc.chainmu.TryLock() { return 0, errChainStopped } defer bc.chainmu.Unlock() _, err := bc.hc.InsertHeaderChain(chain, start) return 0, err } // InsertHeadersBeforeCutoff inserts the given headers into the ancient store // as they are claimed older than the configured chain cutoff point. All the // inserted headers are regarded as canonical and chain reorg is not supported. func (bc *BlockChain) InsertHeadersBeforeCutoff(headers []*types.Header) (int, error) { if len(headers) == 0 { return 0, nil } // TODO(rjl493456442): Headers before the configured cutoff have already // been verified by the hash of cutoff header. Theoretically, header validation // could be skipped here. // XDC: When first header matches any TrustedSyncCheckpoint, skip full chain validation // since the checkpoint is hardcoded and trusted. Still validate intra-batch links. checkpointMatch := false var matchedCp *params.TrustedSyncCheckpoint // v367 FIX: Detect checkpoint anchor insertion (single header that IS the checkpoint). // When insertCheckpointAnchor calls this with a single checkpoint header, we MUST skip // parent validation because the parent chain doesn't exist locally yet. isCheckpointAnchor := len(headers) == 1 if isCheckpointAnchor { for _, cp := range bc.chainConfig.TrustedSyncCheckpoints { if cp != nil && cp.Number == headers[0].Number.Uint64() && cp.Hash == headers[0].Hash() { isCheckpointAnchor = true checkpointMatch = true matchedCp = cp break } } } if isCheckpointAnchor && checkpointMatch { // v367: Checkpoint anchor - skip ALL validation including parent checks. // The checkpoint is trusted by definition. We just need to insert it. log.Info("InsertHeadersBeforeCutoff: checkpoint anchor detected, skipping all validation", "checkpoint", matchedCp.Number, "hash", matchedCp.Hash.Hex()[:16]) // Only do basic sanity checks if headers[0].Number == nil || headers[0].Number.Sign() < 0 { return 0, fmt.Errorf("checkpoint anchor has invalid number") } } else { // v366 FIX: If all headers are before any checkpoint, just insert them without // checkpoint validation. Only validate checkpoint match when headers include checkpoint. maxCheckpointNumber := uint64(0) for _, cp := range bc.chainConfig.TrustedSyncCheckpoints { if cp != nil && cp.Number > maxCheckpointNumber { maxCheckpointNumber = cp.Number } } // If headers are entirely before checkpoints, skip checkpoint validation lastHeaderNumber := headers[len(headers)-1].Number.Uint64() if lastHeaderNumber < maxCheckpointNumber && headers[0].Number.Uint64() != maxCheckpointNumber { log.Info("InsertHeadersBeforeCutoff: headers before checkpoint range, skipping checkpoint validation", "first", headers[0].Number.Uint64(), "last", lastHeaderNumber, "maxCheckpoint", maxCheckpointNumber) // Still validate header chain integrity if n, err := bc.hc.ValidateHeaderChain(headers); err != nil { return n, err } } else { log.Info("InsertHeadersBeforeCutoff: checking checkpoints", "headerNumber", headers[0].Number.Uint64(), "headerHash", headers[0].Hash().Hex(), "trustedCheckpointsCount", len(bc.chainConfig.TrustedSyncCheckpoints)) for _, cp := range bc.chainConfig.TrustedSyncCheckpoints { if cp != nil { log.Info("InsertHeadersBeforeCutoff: comparing checkpoint", "cpNumber", cp.Number, "headerNumber", headers[0].Number.Uint64(), "expected", cp.Hash.Hex(), "got", headers[0].Hash().Hex(), "match", cp.Hash == headers[0].Hash()) if cp.Number == headers[0].Number.Uint64() && cp.Hash == headers[0].Hash() { checkpointMatch = true matchedCp = cp break } } } if checkpointMatch { log.Info("InsertHeadersBeforeCutoff: trusted checkpoint anchor, skipping consensus validation", "checkpoint", matchedCp.Number, "hash", matchedCp.Hash.Hex()[:16]) // P0 HARDENING: Even with trusted checkpoint, validate parent hash continuity // and basic header well-formedness. Don't skip ALL validation. // Consensus validation (difficulty, seal) is skipped since checkpoint is trusted. if err := bc.validateCheckpointHeaders(headers); err != nil { return 0, err } } else { if n, err := bc.hc.ValidateHeaderChain(headers); err != nil { return n, err } } } } if !bc.chainmu.TryLock() { return 0, errChainStopped } defer bc.chainmu.Unlock() // Initialize the ancient store with genesis block if it's empty. var ( frozen, _ = bc.db.Ancients() first = headers[0].Number.Uint64() ) if first == 1 && frozen == 0 { _, err := rawdb.WriteAncientBlocks(bc.db, []*types.Block{bc.genesisBlock}, []rlp.RawValue{rlp.EmptyList}) if err != nil { log.Error("Error writing genesis to ancients", "err", err) return 0, err } log.Info("Wrote genesis to ancient store") } else if frozen != first { // XDC: Allow gap when using sync-from-block (first header starts after genesis). // The gap will be filled by normal sync or the headers are treated as canonical. // Also allow gap when first header matches any TrustedSyncCheckpoint — the checkpoint // is a hardcoded trusted anchor, so the gap from genesis to checkpoint is expected. checkpointGapMatch := false var gapCp *params.TrustedSyncCheckpoint for _, cp := range bc.chainConfig.TrustedSyncCheckpoints { if cp != nil && cp.Number == first && frozen == 0 { checkpointGapMatch = true gapCp = cp break } } if first > 1 && frozen == 0 { log.Info("InsertHeadersBeforeCutoff: allowing gap for sync-from-block", "first", first, "frozen", frozen) } else if checkpointGapMatch { log.Info("InsertHeadersBeforeCutoff: allowing gap for trusted checkpoint", "checkpoint", gapCp.Number, "hash", gapCp.Hash.Hex()[:16]) } else { return 0, fmt.Errorf("headers are gapped with the ancient store, first: %d, ancient: %d", first, frozen) } } // Write hash to number mappings batch := bc.db.NewBatch() for _, header := range headers { rawdb.WriteHeaderNumber(batch, header.Hash(), header.Number.Uint64()) } // Write head header and head snap block flags last := headers[len(headers)-1] rawdb.WriteHeadHeaderHash(batch, last.Hash()) rawdb.WriteHeadFastBlockHash(batch, last.Hash()) if err := batch.Write(); err != nil { return 0, err } if checkpointMatch { // XDC: For trusted checkpoint anchor, write to key-value DB instead of // ancient store. The ancient store only supports sequential appending, // but a checkpoint anchor creates a gap from genesis to the checkpoint. // The key-value DB allows non-sequential storage. for _, header := range headers { rawdb.WriteHeader(bc.db, header) // Write canonical hash so GetHeaderByNumber can find this header. // Without this, parent lookups during block import fail with "unknown ancestor". rawdb.WriteCanonicalHash(bc.db, header.Hash(), header.Number.Uint64()) } // Update the header chain's current header bc.hc.currentHeader.Store(types.CopyHeader(last)) bc.hc.currentHeaderHash = last.Hash() bc.currentSnapBlock.Store(last) bc.currentBlock.Store(last) headHeaderGauge.Update(last.Number.Int64()) headFastBlockGauge.Update(last.Number.Int64()) headBlockGauge.Update(last.Number.Int64()) log.Info("InsertHeadersBeforeCutoff: trusted checkpoint anchor written to key-value DB", "checkpoint", matchedCp.Number, "hash", matchedCp.Hash.Hex()[:16]) // Pre-seed V2 gap snapshot if checkpoint is a gap block. Without this, the // first post-checkpoint epoch switch block hits getSnapshot → missing → // repairSnapshot, which fails when state isn't downloaded yet. // // Three sources, in priority order: // 1. V2-switch header (V1→V2 entrypoint): masternodes embedded in header.Validators. // 2. Trusted-checkpoint embedded list (Path B): used for V2-era anchors // where header.Validators is empty on Apothem. // 3. Contract state read via UpdateMasternodesFromHeader: requires state, // so this only works when starting from a non-checkpoint sync. // All three reach the V2 snapshot store via the wrapper's UpdateMasternodesV2 // passthrough; the type-assertion match is a single anonymous interface. if bc.chainConfig.XDPoS != nil { cpNum := matchedCp.Number epoch := bc.chainConfig.XDPoS.Epoch gap := bc.chainConfig.XDPoS.Gap // Pre-seed runs for two anchor classes: // 1) Gap blocks (Number % Epoch == Epoch-Gap, e.g. %900==450) — the V2 // snapshot store maps masternode sets to gap-block hashes. // 2) The V2 switch block itself — special-cased Source 1 path reads // masternodes from header.Validators / V1 Extra; without this // branch a checkpoint anchored at the V2 switch (e.g. Apothem // 56,828,700 or mainnet 80,370,000) would skip pre-seed entirely // because those switch blocks are NOT gap blocks (% 900 == 0). isGapBlock := gap > 0 && cpNum%epoch == epoch-gap isV2SwitchBlock := bc.chainConfig.XDPoS.V2 != nil && cpNum == bc.chainConfig.XDPoS.V2.SwitchBlock.Uint64() if isGapBlock || isV2SwitchBlock { cpHeader := headers[0] // checkpoint anchor is first header type v2Seeder interface { GetMasternodesFromEpochSwitchHeader(consensus.ChainReader, *types.Header) []common.Address UpdateMasternodesV2(consensus.ChainReader, *types.Header, []common.Address) error UpdateMasternodesV2WithPenalties(consensus.ChainReader, *types.Header, []common.Address, []common.Address) error UpdateMasternodesFromHeader(consensus.ChainReader, *types.Header, *state.StateDB) error } engineV2, hasV2 := bc.engine.(v2Seeder) if !hasV2 { log.Warn("InsertHeadersBeforeCutoff: engine does not expose V2 seeder interface, skipping snapshot pre-seed", "checkpoint", cpNum) } else { seeded := false // Source 1: V2 switch block — masternodes from header.Validators / Extra fallback. if bc.chainConfig.XDPoS.V2 != nil && cpNum == bc.chainConfig.XDPoS.V2.SwitchBlock.Uint64() { masternodes := engineV2.GetMasternodesFromEpochSwitchHeader(bc, cpHeader) if len(masternodes) > 0 { if err := engineV2.UpdateMasternodesV2(bc, cpHeader, masternodes); err != nil { log.Warn("InsertHeadersBeforeCutoff: V2 switch snapshot store failed", "checkpoint", cpNum, "err", err) } else { log.Info("InsertHeadersBeforeCutoff: V2 switch checkpoint snapshot pre-seeded from header masternodes", "checkpoint", cpNum, "masternodes", len(masternodes)) seeded = true } } else { log.Warn("InsertHeadersBeforeCutoff: V2 switch header has no masternodes", "checkpoint", cpNum) } } // Source 2: trusted-checkpoint embedded list (Path B) — used when // header.Validators is empty (Apothem V2-era) and state isn't available. // // Persist the active set in NextEpochCandidates (drives proposer // rotation via the synthetic-epoch-info path at engine.go:1818) and // the penalty set in the separate Penalties field. calcMasternodes' // CandidatePool() unions both at HookPenalty time so the comeback // algorithm finds pens ⊆ pool. Stuffing both into NextEpochCandidates // inflates the active list and breaks `leaderIndex = round % // len(masterNodes)`, yielding "not its turn" at the first // post-anchor block. if !seeded && len(matchedCp.Masternodes) > 0 { if err := engineV2.UpdateMasternodesV2WithPenalties(bc, cpHeader, matchedCp.Masternodes, matchedCp.Penalties); err != nil { log.Warn("InsertHeadersBeforeCutoff: V2 checkpoint snapshot pre-seed from embedded masternodes failed", "checkpoint", cpNum, "err", err) } else { log.Info("InsertHeadersBeforeCutoff: V2 checkpoint snapshot pre-seeded from embedded masternodes+penalties", "checkpoint", cpNum, "masternodes", len(matchedCp.Masternodes), "penalties", len(matchedCp.Penalties)) seeded = true } } // Source 3: contract state read — requires StateAt to succeed. if !seeded { if statedb, err := bc.StateAt(cpHeader.Root); err == nil { if err := engineV2.UpdateMasternodesFromHeader(bc, cpHeader, statedb); err != nil { log.Warn("InsertHeadersBeforeCutoff: checkpoint gap snapshot pre-seed failed", "checkpoint", cpNum, "err", err) } else { log.Info("InsertHeadersBeforeCutoff: checkpoint gap snapshot pre-seeded from contract state", "checkpoint", cpNum) seeded = true } } else { log.Info("InsertHeadersBeforeCutoff: checkpoint state not available, skipping state-based pre-seed (expected for syncfromblock)", "checkpoint", cpNum, "root", cpHeader.Root.Hex(), "err", err) } } // If the state read failed and we have no other source, enter no-state mode // so subsequent state validation is skipped until snap-sync downloads state. if !seeded { bc.checkpointSyncNoState.Store(true) rawdb.WriteCheckpointSyncNoState(bc.db, true) log.Info("BlockChain: enabled checkpoint sync without state mode — state validation will be skipped until state is built") } } } } return len(headers), nil } // Write headers to the ancient store, with block bodies and receipts set to nil // to ensure consistency across tables in the freezer. _, err := rawdb.WriteAncientHeaderChain(bc.db, headers) if err != nil { return 0, err } // Sync the ancient store explicitly to ensure all data has been flushed to disk. if err := bc.db.SyncAncient(); err != nil { return 0, err } // Truncate the useless chain segment (zero bodies and receipts) in the // ancient store. if _, err := bc.db.TruncateTail(last.Number.Uint64() + 1); err != nil { return 0, err } // P1 HARDENING: Track lowest inserted header for resume support. // This enables the downloader to resume from the correct point without // re-downloading headers that are already in the ancient store. rawdb.WriteLowestInsertedHeader(bc.db, first) log.Debug("InsertHeadersBeforeCutoff: tracked lowest inserted header", "number", first) // Last step update all in-memory markers bc.hc.currentHeader.Store(last) bc.currentSnapBlock.Store(last) // XDC: Also update currentBlock for FullSync --syncfromblock support. // Headers before cutoff are treated as canonical; bodies will be // downloaded starting from the cutoff block. bc.currentBlock.Store(last) headHeaderGauge.Update(last.Number.Int64()) headFastBlockGauge.Update(last.Number.Int64()) headBlockGauge.Update(last.Number.Int64()) return 0, nil } // SetBlockValidatorAndProcessorForTesting sets the current validator and processor. // This method can be used to force an invalid blockchain to be verified for tests. // This method is unsafe and should only be used before block import starts. func (bc *BlockChain) SetBlockValidatorAndProcessorForTesting(v Validator, p Processor) { bc.validator = v bc.processor = p } // validateCheckpointHeaders performs lightweight validation on headers that match // a TrustedSyncCheckpoint. Consensus validation (difficulty, seal) is skipped since // the checkpoint is trusted, but we still validate: // 1. Parent hash continuity within the batch // 2. Basic header well-formedness (number, timestamp, extra data) // 3. XDPoS seal format (if XDC chain) // 4. V2-specific: QC format, round, validator signature length // // P0 HARDENING: Don't skip ALL validation at checkpoints. func (bc *BlockChain) validateCheckpointHeaders(headers []*types.Header) error { if len(headers) == 0 { return nil } for i, header := range headers { // Validate basic well-formedness if header.Number == nil { return fmt.Errorf("checkpoint header %d has nil number", i) } if header.Number.Sign() < 0 { return fmt.Errorf("checkpoint header %d has negative number: %v", i, header.Number) } if len(header.Extra) < 32 { return fmt.Errorf("checkpoint header %d extra data too short: %d bytes", i, len(header.Extra)) } // Validate parent hash continuity (except for first header which may be a checkpoint anchor) if i > 0 { expectedParent := headers[i-1].Hash() if header.ParentHash != expectedParent { return fmt.Errorf("checkpoint header %d parent hash mismatch: expected %s, got %s", i, expectedParent.Hex()[:16], header.ParentHash.Hex()[:16]) } // Validate number continuity expectedNumber := new(big.Int).Add(headers[i-1].Number, big.NewInt(1)) if header.Number.Cmp(expectedNumber) != 0 { return fmt.Errorf("checkpoint header %d number discontinuity: expected %d, got %d", i, expectedNumber.Uint64(), header.Number.Uint64()) } } // Validate timestamp is reasonable (not in the future, not before parent) if i > 0 && header.Time <= headers[i-1].Time { return fmt.Errorf("checkpoint header %d timestamp not increasing: parent=%d, current=%d", i, headers[i-1].Time, header.Time) } // XDC-specific: validate seal length for XDPoS chains if bc.chainConfig.XDPoS != nil { if len(header.Extra) < 65 { return fmt.Errorf("checkpoint header %d XDPoS extra data too short: %d bytes (need >=65)", i, len(header.Extra)) } // V2-specific format validation for blocks after V2 switch if bc.chainConfig.XDPoS.V2 != nil && bc.chainConfig.XDPoS.V2.SwitchBlock != nil && header.Number.Uint64() > bc.chainConfig.XDPoS.V2.SwitchBlock.Uint64() { // V2 blocks must have validator signature (65 bytes) if len(header.Validator) != 65 { return fmt.Errorf("checkpoint header %d V2 validator signature invalid length: %d, want 65", i, len(header.Validator)) } // V2 blocks must have difficulty == 1 if header.Difficulty == nil || header.Difficulty.Cmp(big.NewInt(1)) != 0 { return fmt.Errorf("checkpoint header %d V2 difficulty invalid: %v, want 1", i, header.Difficulty) } // V2 blocks have Coinbase == proposer/validator address (non-zero). // The old "zero beneficiary" rule only applies to V1 (Clique-style) checkpoints. // V2 epoch-switch blocks must have nonce == 0x00..0 (drop vote) if !bytes.Equal(header.Nonce[:], []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}) { return fmt.Errorf("checkpoint header %d V2 checkpoint nonce invalid", i) } } } } log.Info("validateCheckpointHeaders: lightweight validation passed", "count", len(headers), "first", headers[0].Number.Uint64(), "last", headers[len(headers)-1].Number.Uint64()) return nil } // validateCheckpointStateRoot checks if the block's state root matches the // TrustedSyncCheckpoint Root for checkpoint blocks. This is called after snap // sync completes to ensure the downloaded state is valid. // P0 HARDENING: Use checkpoint Root for state validation. func (bc *BlockChain) validateCheckpointStateRoot(block *types.Block) error { if bc.chainConfig == nil || len(bc.chainConfig.TrustedSyncCheckpoints) == 0 { return nil // No checkpoints configured, nothing to validate } blockNumber := block.NumberU64() blockRoot := block.Root() for _, cp := range bc.chainConfig.TrustedSyncCheckpoints { if cp != nil && cp.Number == blockNumber { // This block is a checkpoint — validate its state root if cp.Root == (common.Hash{}) { log.Warn("validateCheckpointStateRoot: checkpoint has empty Root, skipping validation", "checkpoint", cp.Number) return nil } if blockRoot != cp.Root { log.Error("validateCheckpointStateRoot: STATE ROOT MISMATCH", "checkpoint", cp.Number, "expectedRoot", cp.Root.Hex(), "actualRoot", blockRoot.Hex(), "blockHash", block.Hash().Hex()) return fmt.Errorf("checkpoint %d state root mismatch: expected %s, got %s", cp.Number, cp.Root.Hex()[:16], blockRoot.Hex()[:16]) } log.Info("validateCheckpointStateRoot: checkpoint state root verified", "checkpoint", cp.Number, "root", blockRoot.Hex()[:16]) return nil } } return nil // Not a checkpoint block } // SetTrieFlushInterval configures how often in-memory tries are persisted to disk. // The interval is in terms of block processing time, not wall clock. // It is thread-safe and can be called repeatedly without side effects. func (bc *BlockChain) SetTrieFlushInterval(interval time.Duration) { bc.flushInterval.Store(int64(interval)) } // GetTrieFlushInterval gets the in-memory tries flushAlloc interval func (bc *BlockChain) GetTrieFlushInterval() time.Duration { return time.Duration(bc.flushInterval.Load()) } // StateSizer returns the state size tracker, or nil if it's not initialized func (bc *BlockChain) StateSizer() *state.SizeTracker { return bc.stateSizer }