Support PoA ACP99 + Externals EVM signatures for validator setup txs #2650
Conversation
felipemadero
requested review from
sukantoraymond,
meaghanfitzgerald and
cwend-ava
|
Excited about this! Going to be testing it today |
|
Was able to successfully get a changeWeight end to end adjustment completed today using this feature. Much appreciated! I'll try adding a validator (and removing one too probably) on Monday. The main tweak that would be helpful for us is if the complete step could be automatically called using a stored-key, rather than outputting the call data and access list. since those methods are not onlyOwner, anyone (including stored-keys) should be able to call them, saving us a manual step :) |
| @@ -403,6 +410,7 @@ func InitializeValidatorManager( | |||
| aggregatorAllowPrivatePeers, | |||
| aggregatorLogger, | |||
| validatorManagerAddrStr, | |||
| useACP99, | |||
There was a problem hiding this comment.
With ACP 99, we no longer have to differentiate initializing validator manager for poa and pos. We can just initialize validator manager and if user wants to do pos, we can do additional steps after.
Example implementation:
avalanche-cli/cmd/blockchaincmd/convert.go
Line 374 in f0a6d96
There was a problem hiding this comment.
the PT still supports v1.0.0. the variable is to differentiate between v1.0.0 and acp99
| @@ -186,6 +216,7 @@ func SetupPoA( | |||
| aggregatorAllowPrivatePeers bool, | |||
| aggregatorLogger logging.Logger, | |||
| validatorManagerAddressStr string, | |||
| useACP99 bool, | |||
| ) error { | |||
| return subnet.InitializeProofOfAuthority( | |||
There was a problem hiding this comment.
doesn't have to be InitializeProofOfAuthority anymore. Can just be initialize validator manager
There was a problem hiding this comment.
same. another PR be needed to check that PoS is supported on ACP99. For the moment this is
v1.0.0/ACP99 for PoA, v1.0.0 for PoS
|
Don't think we need to support both ACP 99 and validator manager 1.0.0 contracts. Supporting both adds additional complexity esp to our sdk. Plus once ACP 99 is released, don't think there's a need for users to use validator manager 1.0.0 contracts. Deferring to @learyce |
| cmd.Flags().Uint64Var(&weight, validatorWeightFlag, uint64(constants.DefaultStakeWeight), "set the weight of the validator") | ||
| cmd.Flags().StringVar(&validatorManagerOwner, "validator-manager-owner", "", "force using this address to issue transactions to the validator manager") |
There was a problem hiding this comment.
we technically dont even need to get validator manager using flag anymore. Currently we only get validator manager from on chain if user doesn't provide argument to add validator. But I think its better if we just do this for all cases -> meaning even if user provides argument to add validator. This means that we don't even need validator-manager-owner flag anymore in add_validator, same goes for remove_validator and change_weight
There was a problem hiding this comment.
The flag is to be used on special situations:
- the user has a multisig setup for the init tx. in this case the multisig (owner) contract does not even have to have balance. the init tx is sent and paid from another account so the address change needs to be considered by CLI
- the user uses a different account for init than for completion tx. particullary, anyone can send the completion tx. same idea, to enable the user to specify which account to use
| @@ -66,6 +66,8 @@ these prompts by providing the values with flags.`, | |||
| cmd.Flags().BoolVar(&aggregatorLogToStdout, "aggregator-log-to-stdout", false, "use stdout for signature aggregator logs") | |||
| cmd.Flags().Uint64Var(&uptimeSec, "uptime", 0, "validator's uptime in seconds. If not provided, it will be automatically calculated") | |||
| cmd.Flags().BoolVar(&force, "force", false, "force validator removal even if it's not getting rewarded") | |||
| cmd.Flags().BoolVar(&externalValidatorManagerOwner, "external-validator-manager-owner", false, "validator manager owner is external, make hex dump of ech evm transactions, so they can be signed in a separate flow") | |||
| cmd.Flags().StringVar(&validatorManagerOwner, "validator-manager-owner", "", "force using this address to issue transactions to the validator manager") | |||
There was a problem hiding this comment.
same comment here, dont think we need validator manager flag anymore, like in add_validator
| @@ -47,6 +59,14 @@ The L1 has to be a Proof of Authority L1.`, | |||
| cmd.Flags().StringVar(&nodeEndpoint, "node-endpoint", "", "gather node id/bls from publicly available avalanchego apis on the given endpoint") | |||
| cmd.Flags().BoolVarP(&useLedger, "ledger", "g", false, "use ledger instead of key (always true on mainnet, defaults to false on fuji/devnet)") | |||
| cmd.Flags().StringSliceVar(&ledgerAddresses, "ledger-addrs", []string{}, "use the given ledger addresses") | |||
| cmd.Flags().BoolVar(&externalValidatorManagerOwner, "external-validator-manager-owner", false, "validator manager owner is external, make hex dump of ech evm transactions, so they can be signed in a separate flow") | |||
| cmd.Flags().StringVar(&validatorManagerOwner, "validator-manager-owner", "", "force using this address to issue transactions to the validator manager") | |||
There was a problem hiding this comment.
same comment on no need for validator-manager-owner flag like in add_validator
| @@ -23,25 +23,46 @@ func PoAValidatorManagerInitialize( | |||
| privateKey string, | |||
| subnetID ids.ID, | |||
| ownerAddress common.Address, | |||
| useACP99 bool, | |||
There was a problem hiding this comment.
We don't have to differentiate PoAValidatorManagerInitialize and PoSValidatorManagerInitialize anymore. We can just have one function InitializeValidatorManager and have it in root.go / some common file
pkg/evm/evm.go
Outdated
| if from == (common.Address{}) { | ||
| from = crypto.PubkeyToAddress(privateKey.PublicKey) | ||
| } | ||
| gasFeeCap, gasTipCap, nonce, err := CalculateTxParams(client, from.Hex()) |
There was a problem hiding this comment.
I don't foresee from being an empty address, especially if we are getting "validator manager owner" address on chain anyways. This means that we don't need from in argument and we can just use crypto.PubkeyToAddress(privateKey.PublicKey)
There was a problem hiding this comment.
this is for a user that just nows the address but not the private key. eg a multisig.
There was a problem hiding this comment.
to be used in general in cases where a user does not now a private key but want to create anyway an unsigned
tx. this evm library is more general than validator manager owners
| func idempotentSigner( | ||
| _ common.Address, | ||
| tx *types.Transaction, | ||
| ) (*types.Transaction, error) { | ||
| return tx, nil | ||
| } | ||
|
|
There was a problem hiding this comment.
why dont we name this emptySigner
There was a problem hiding this comment.
idempotent is kind of more expressive IMO. empty can refer to something that generated empty output?
There was a problem hiding this comment.
idempotent is kind of more expressive IMO. empty can refer to something that generated empty output?
pkg/evm/evm.go
Outdated
| if privateKeyStr != "" { | ||
| privateKey, err = crypto.HexToECDSA(privateKeyStr) | ||
| if err != nil { | ||
| return nil, err | ||
| } | ||
| } | ||
| address := crypto.PubkeyToAddress(privateKey.PublicKey) | ||
| gasFeeCap, gasTipCap, nonce, err := CalculateTxParams(client, address.Hex()) | ||
| if from == (common.Address{}) { | ||
| from = crypto.PubkeyToAddress(privateKey.PublicKey) | ||
| } |
There was a problem hiding this comment.
Seems that either privateKeyStr == "" or from == "", maybe we can just do if else here to prevent unintended overriding of from values
There was a problem hiding this comment.
moving from branch inside the other one, to prevent panics. good catch!
cmd/blockchaincmd/add_validator.go
Outdated
| cmd.Flags().Uint64Var(&weight, validatorWeightFlag, uint64(constants.DefaultStakeWeight), "set the weight of the validator") | ||
| cmd.Flags().StringVar(&validatorManagerOwner, "validator-manager-owner", "", "force using this address to issue transactions to the validator manager") | ||
| cmd.Flags().BoolVar(&externalValidatorManagerOwner, "external-validator-manager-owner", false, "validator manager owner is external, make hex dump of ech evm transactions, so they can be signed in a separate flow") |
There was a problem hiding this comment.
unclear what external-validator-manager-owner means, I think we can just rename this to generate-raw-tx-only, with desc as "set this value to true when signing validator manager tx outside of cli" or sth similar
There was a problem hiding this comment.
or i think sign-externally ?
There was a problem hiding this comment.
and say in description for multisig or ledger
There was a problem hiding this comment.
changing external-evm-signature, to differentiate from p-chain signatures, but open to other names
I believe we currently have users on both sides of the contracts. We may deprecate v1.0.0 in a future release and take |
Why this should be merged
ACP99 is needed soon. This adds support for ACP99 PoA while keeping support for v1.0.0
There are users which have external signature processes for evm txs. Eg mutlisig.
The PR enable dumping the txs so can be separately signed, for adding , removing, and changing
weight.
How this works
How this was tested
How is this documented