Skip to content

v0.20.0: Flash validation, major UX improvements, registry role expanding

Compare
Choose a tag to compare
@Geod24 Geod24 released this 03 Sep 05:23
· 1132 commits to v0.x.x since this release

Major improvements since v0.19.0:

Older CONFIRM envelopes are now properly ignored

A recent security fix removed the ability to gossip signatures via CONFIRM signatures as it was insecure.
However, envelopes where still checked for signatures, which would then fail to validate. This has been fixed.

Minimum fee is now properly enforced

All transactions must now include the minimum fee as defined by the consensus configuration,
not only transactions with a payload as was previously the case.

Pre-image catchup is now more reliable

Pre-image catchup has been improved to be more predictable and eager,
reducing the risk of starting a nomination round with missing pre-images.

API: Many endpoints have been renamed and made more conformant to REST principles

Previously, our API was a mix of naming conventions and HTTP verbs, due to its organic growth.
This release sees the following renames:

  • PUT /transaction => POST /transaction (a backward-compatible method exists for this release);
  • POST /receive_preimage => POST /preimage;
  • POST /enroll_validator => POST /enrollment;
  • POST /receive_envelope => POST /envelope;
  • PUT /receive_block_signature => POST /block_signature;

Duration are now parsed consistently in the config file

The config file used to mix different styles for duration parsing.
Either the unit was implicit, and documented, or it was part of the field name.
Starting from this release, all fields that deal with duration can specify their value more expressively.

For example, the field that control a node's request timeout used to be specified as:

node:
  # This value is in milliseconds
  retry_delay: 3000

On the other hand, the field controlling how often block catchup is performed was specified as such:

node:
  # This value is in seconds, as the field name shows
  block_catchup_interval_secs: 20

Now, both needs to be specified as such:

node:
  retry_delay:
    msecs: 3000
  block_catchup_interval:
    seconds: 20

The valid units are weeks, days, hours, minutes, seconds, msecs, usecs, hnsecs, nsecs.
Units are additive, so having both seconds: 60 and minutes: 41 has the same effect as minutes: 42.
Fields with a suffix have been renamed to be suffix-less.
This change affects the following config fields:

  • node.retry_delay (used to be in msecs);
  • node.timeout (used to be in msecs);
  • node.block_time_offset_tolerance_secs => node.block_time_offset_tolerance;
  • node.network_discovery_interval_secs => node.network_discovery_interval;
  • node.block_catchup_interval_secs => node.block_catchup_interval;
  • node.relay_tx_interval_secs => node.relay_tx_interval;
  • node.relay_tx_cache_exp_secs => node.relay_tx_cache_exp;
  • node.preimage_reveal_interval (used to be in seconds);
  • node.preimage_catchup_interval (used to be in seconds);
  • flash.timeout (used to be in msecs);
  • flash.max_retry_time (used to be in msecs);
  • banman.ban_duration (used to be in seconds):

Flash: Gossip latest channel update alongside channel open

Previously, there was a possible race condition where the update could be received before the open event,
leading to the update being discarded and parties being out-of-sync.
The latest update are now transmitted alongside the open event to prevent this from being an issue.

Nomination now ignores early envelopes

The nominator would previously accept envelopes as soon as the previous block was externalized,
leading to situation where an attacker with large resources could bias a node on externalizing
a block earlier than it should. There is now a tolerance of 5% for time jitter.

Flash nodes now do extra validation on channel open

A few issues around channel opening were fixed, and nodes will now properly fetch blocks for validation.

The transaction pool can now be configured to exclude txs with much lower fees than average

The transaction pool now keeps track of transaction fee, and can be configured to reject
transactions where the fee is lower than a certain percentage.
This percentage is set to 80 by default, so a transaction that is less than 80% of the fee rate
(not absolute fee) of the average fee rate of the transaction pool will be rejected.
This can be disabled by setting the value to 0.

Name registry now has a configuration file

The name registry's role has evolved to include a full DNS server in addition of an HTTP server,
and most of its options were previously set via CLI arguments.
To make it easier to use, and extend its capabilities even further, it will now read a (required)
configuration file under config.yaml.

The only required field in that new configuration file (if dns.enabled is not set to false)
is dns.authoritative, which defines the zones this server is authoritative for.

The previous CLI arguments are mapped as follows:

  • --bind-host (-h) => http.address;
  • --bind-port (-p) => http.port;
  • --stats-port => http.stats_port (0, or disabled, by default, as before);
  • --no-dns => dns.enabled set to false (true by default);
  • --verbose => Use logging section, similar to Agora, instead;

Registry now listen to TCP DNS queries in addition to UDP

The first iteration of the DNS support in the registry only listened to DNS queries.
It now also listens to TCP queries, as required by the protocol, on the same port than the UDP listener.

Registry: Authoritative zones are now configurable

When the DNS is enabled, the dns.authoritative array needs to have a least one entry.
The registry will only respond to DNS queries for which it is authoritative.
A future iteration will improve this to allow the DNS to follow an authoritative server
and not be authoritative itself, but for the time being this can be achieved via another DNS server.

Configuration: Restored behavior of root logger

This fixes a minor regression that crop up in v0.19.0: Configuring the logger named root now affects all loggers again.