Files
nym/common/credential-verification/src/ecash/credential_sender.rs
T

951 lines
36 KiB
Rust

// Copyright 2022-2024 - Nym Technologies SA <contact@nymtech.net>
// SPDX-License-Identifier: GPL-3.0-only
use crate::ecash::error::EcashTicketError;
use crate::ecash::helpers::for_each_api_concurrent;
use crate::ecash::state::SharedState;
use crate::Error;
use cosmwasm_std::Fraction;
use cw_utils::ThresholdResponse;
use futures::channel::mpsc::UnboundedReceiver;
use futures::{Stream, StreamExt};
use nym_api_requests::constants::MIN_BATCH_REDEMPTION_DELAY;
use nym_api_requests::ecash::models::{BatchRedeemTicketsBody, VerifyEcashTicketBody};
use nym_credentials_interface::Bandwidth;
use nym_credentials_interface::{ClientTicket, TicketType};
use nym_validator_client::nym_api::EpochId;
use nym_validator_client::nyxd::contract_traits::{
EcashSigningClient, MultisigQueryClient, MultisigSigningClient, PagedMultisigQueryClient,
};
use nym_validator_client::nyxd::cosmwasm_client::ContractResponseData;
use nym_validator_client::nyxd::cw3::Status;
use nym_validator_client::nyxd::AccountId;
use nym_validator_client::EcashApiClient;
use si_scale::helpers::bibytes2;
use std::collections::{HashMap, HashSet};
use std::ops::Deref;
use std::sync::atomic::{AtomicUsize, Ordering};
use time::OffsetDateTime;
use tokio::sync::{Mutex, RwLockReadGuard};
use tokio::time::{interval_at, Duration, Instant};
use tracing::{debug, error, info, instrument, trace, warn};
enum ProposalResult {
Executed,
Rejected,
Pending,
}
impl ProposalResult {
fn is_pending(&self) -> bool {
matches!(self, ProposalResult::Pending)
}
fn is_rejected(&self) -> bool {
matches!(self, ProposalResult::Rejected)
}
}
struct PendingVerification {
ticket: ClientTicket,
// vec of node ids of apis that haven't sent a valid response
pending: Vec<u64>,
}
impl PendingVerification {
fn new(ticket: ClientTicket, pending: Vec<u64>) -> Self {
PendingVerification { ticket, pending }
}
fn to_request_body(&self, gateway_cosmos_addr: AccountId) -> VerifyEcashTicketBody {
VerifyEcashTicketBody {
// TODO: redundant clone
credential: self.ticket.spending_data.clone(),
gateway_cosmos_addr,
}
}
}
struct PendingRedemptionVote {
proposal_id: u64,
digest: Vec<u8>,
included_serial_numbers: Vec<Vec<u8>>,
epoch_id: EpochId,
// vec of node ids of apis that haven't sent a valid response
pending: Vec<u64>,
}
impl PendingRedemptionVote {
fn new(
proposal_id: u64,
digest: Vec<u8>,
included_serial_numbers: Vec<Vec<u8>>,
epoch_id: EpochId,
pending: Vec<u64>,
) -> Self {
PendingRedemptionVote {
proposal_id,
digest,
included_serial_numbers,
epoch_id,
pending,
}
}
fn to_request_body(&self, gateway_cosmos_addr: AccountId) -> BatchRedeemTicketsBody {
BatchRedeemTicketsBody::new(
self.digest.clone(),
self.proposal_id,
self.included_serial_numbers.clone(),
gateway_cosmos_addr,
)
}
}
pub struct CredentialHandlerConfig {
/// Specifies the multiplier for revoking a malformed/double-spent ticket
/// (if it has to go all the way to the nym-api for verification)
/// e.g. if one ticket grants 100Mb and `revocation_bandwidth_penalty` is set to 1.5,
/// the client will lose 150Mb
pub revocation_bandwidth_penalty: f32,
/// Specifies the interval for attempting to resolve any failed, pending operations,
/// such as ticket verification or redemption.
pub pending_poller: Duration,
pub minimum_api_quorum: f32,
/// Specifies the minimum number of tickets this gateway will attempt to redeem.
pub minimum_redemption_tickets: usize,
/// Specifies the maximum time between two subsequent tickets redemptions.
/// That's required as nym-apis will purge all ticket information for tickets older than maximum validity.
pub maximum_time_between_redemption: Duration,
}
pub(crate) struct CredentialHandler {
config: CredentialHandlerConfig,
multisig_threshold: f32,
ticket_receiver: UnboundedReceiver<ClientTicket>,
shared_state: SharedState,
pending_tickets: Vec<PendingVerification>,
pending_redemptions: Vec<PendingRedemptionVote>,
}
impl CredentialHandler {
async fn rebuild_pending_tickets(
shared_state: &SharedState,
) -> Result<Vec<PendingVerification>, EcashTicketError> {
// 1. get all tickets that were not fully verified
let unverified = shared_state.storage.get_all_unverified_tickets().await?;
let mut pending = Vec::with_capacity(unverified.len());
// a lookup of ids for signers for given epoch
let mut apis_lookup = HashMap::new();
// 2. for each of them, reconstruct missing votes
for ticket in unverified {
let epoch = ticket.spending_data.epoch_id;
assert!(epoch <= i64::MAX as u64);
let signers = match apis_lookup.get(&epoch) {
Some(signers) => signers,
None => {
// get all signers for given epoch
let signers = shared_state.storage.get_signers(epoch as i64).await?;
apis_lookup.insert(epoch, signers);
// safety: we just inserted that entry
#[allow(clippy::unwrap_used)]
apis_lookup.get(&epoch).unwrap()
}
};
// get all votes the ticket received
let votes = shared_state
.storage
.get_votes(ticket.ticket_id)
.await?
.into_iter()
.collect::<HashSet<_>>();
let mut missing_votes = Vec::new();
for signer in signers {
// for each signer, check if they have actually voted; if not, that's the missing guy
if !votes.contains(signer) {
missing_votes.push(*signer as u64)
}
}
pending.push(PendingVerification {
ticket,
pending: missing_votes,
})
}
Ok(pending)
}
async fn rebuild_pending_votes(
shared_state: &SharedState,
) -> Result<Vec<PendingRedemptionVote>, EcashTicketError> {
// 1. get all tickets that were not fully verified
let unverified = shared_state.storage.get_all_unresolved_proposals().await?;
let mut pending = Vec::with_capacity(unverified.len());
let epoch_id = shared_state.current_epoch_id().await?;
let apis = shared_state
.api_clients(epoch_id)
.await?
.iter()
.map(|s| (s.cosmos_address.to_string(), s.node_id))
.collect::<Vec<_>>();
for proposal_id in unverified {
// get all of the votes
let votes = shared_state
.start_query()
.await
.get_all_votes(proposal_id as u64)
.await
.map_err(EcashTicketError::chain_query_failure)?
.into_iter()
.map(|v| v.voter)
.collect::<HashSet<_>>();
let mut missing_votes = Vec::new();
// see who hasn't voted
for (api_address, api_id) in &apis {
// for each signer, check if they have actually voted; if not, that's the missing guy
if !votes.contains(api_address) {
missing_votes.push(*api_id)
}
}
// attempt to rebuild SN and digest from the proposal info + storage data
let proposal_info = shared_state
.start_query()
.await
.query_proposal(proposal_id as u64)
.await
.map_err(EcashTicketError::chain_query_failure)?;
let tickets = shared_state
.storage
.get_all_proposed_tickets_with_sn(proposal_id as u32)
.await?;
let digest =
BatchRedeemTicketsBody::make_digest(tickets.iter().map(|t| &t.serial_number));
let encoded_digest = bs58::encode(&digest).into_string();
if encoded_digest != proposal_info.description {
error!("the lost proposal {proposal_id} does not have a matching digest!");
continue;
}
pending.push(PendingRedemptionVote {
proposal_id: proposal_id as u64,
digest,
included_serial_numbers: tickets.into_iter().map(|t| t.serial_number).collect(),
epoch_id,
pending: missing_votes,
})
}
Ok(pending)
}
pub(crate) async fn new(
config: CredentialHandlerConfig,
ticket_receiver: UnboundedReceiver<ClientTicket>,
shared_state: SharedState,
) -> Result<Self, Error> {
let multisig_threshold = shared_state
.nyxd_client
.read()
.await
.query_threshold()
.await?;
let ThresholdResponse::AbsolutePercentage { percentage, .. } = multisig_threshold else {
return Err(Error::InvalidMultisigThreshold);
};
// that's a nasty conversion, but it works : )
let multisig_threshold =
percentage.numerator().u128() as f32 / percentage.denominator().u128() as f32;
// on startup read pending credentials and api responses from the storage
let pending_tickets = Self::rebuild_pending_tickets(&shared_state).await?;
// on startup read pending proposals from the storage
// then reconstruct the votes by querying the multisig contract for votes on those proposals
// digest from the description and count from the message
let pending_redemptions = Self::rebuild_pending_votes(&shared_state).await?;
Ok(CredentialHandler {
config,
multisig_threshold,
ticket_receiver,
shared_state,
pending_tickets,
pending_redemptions,
})
}
// the argument is temporary as we'll be reading from the storage
async fn create_redemption_proposal(
&self,
commitment: &[u8],
number_of_tickets: u16,
) -> Result<u64, EcashTicketError> {
let res = self
.shared_state
.start_tx()
.await
.request_ticket_redemption(
bs58::encode(commitment).into_string(),
number_of_tickets,
None,
)
.await
.map_err(|source| EcashTicketError::RedemptionProposalCreationFailure { source })?;
// that one is quite tricky because proposal exists on chain, but we didn't get the id...
// but it should be quite impossible to ever reach this unless we make breaking changes
let proposal_id = res
.parse_singleton_u64_contract_data()
.inspect_err(|err| error!("reached seemingly impossible error! could not recover the redemption proposal id: {err}"))
.map_err(|source| EcashTicketError::ProposalIdParsingFailure { source })?;
info!("created redemption proposal {proposal_id} to redeem {number_of_tickets} tickets");
Ok(proposal_id)
}
/// Attempt to send ticket verification request to the provided ecash verifier.
async fn verify_ticket(
&self,
ticket_id: i64,
request: &VerifyEcashTicketBody,
client: &EcashApiClient,
) -> Result<bool, EcashTicketError> {
match client.api_client.verify_ecash_ticket(request).await {
Ok(res) => {
let accepted = match res.verified {
Ok(_) => {
trace!("{client} has accepted ticket {ticket_id}");
true
}
Err(rejection) => {
warn!("{client} has rejected ticket {ticket_id}: {rejection}");
false
}
};
self.shared_state
.storage
.insert_ticket_verification(
ticket_id,
client.node_id as i64,
OffsetDateTime::now_utc(),
accepted,
)
.await?;
Ok(accepted)
}
Err(err) => {
error!("failed to send ticket {ticket_id} for verification to ecash signer '{client}': {err}. if we don't reach quorum, we'll retry later");
Ok(false)
}
}
}
#[instrument(skip(self))]
async fn revoke_ticket_bandwidth(
&self,
ticket_id: i64,
ticket_type: TicketType,
) -> Result<(), EcashTicketError> {
warn!("revoking bandwidth associated with ticket {ticket_id} since it failed verification");
let bytes_to_revoke = Bandwidth::ticket_amount(ticket_type.into()).value() as f32
* self.config.revocation_bandwidth_penalty;
let to_revoke_bi2 = bibytes2(bytes_to_revoke as f64);
info!(to_revoke_bi2);
self.shared_state
.storage
.revoke_ticket_bandwidth(ticket_id, bytes_to_revoke as i64)
.await?;
Ok(())
}
/// Attempt to send the pending ticket to all ecash verifiers that haven't yet returned valid response.
async fn send_pending_ticket_for_verification(
&self,
pending: &mut PendingVerification,
api_clients: Option<RwLockReadGuard<'_, Vec<EcashApiClient>>>,
) -> Result<bool, EcashTicketError> {
let ticket_id = pending.ticket.ticket_id;
let ticket_type =
TicketType::try_from_encoded(pending.ticket.spending_data.payment.t_type)?;
let api_clients = match api_clients {
Some(clients) => clients,
None => {
self.shared_state
.api_clients(pending.ticket.spending_data.epoch_id)
.await?
}
};
let verification_request = pending.to_request_body(self.shared_state.address.clone());
let total = api_clients.len();
let api_failures = Mutex::new(Vec::new());
let rejected = AtomicUsize::new(0);
// this vector will never contain more than ~30 entries so linear lookup is fine.
// it's probably even faster than hashset due to overhead
futures::stream::iter(
api_clients
.deref()
.iter()
.filter(|client| pending.pending.contains(&client.node_id)),
)
.for_each_concurrent(32, |ecash_client| async {
// errors are only returned on hard, storage, failures
match self
.verify_ticket(
pending.ticket.ticket_id,
&verification_request,
ecash_client,
)
.await
{
Err(err) => {
error!("internal failure. could not proceed with ticket verification: {err}");
api_failures.lock().await.push(ecash_client.node_id);
}
Ok(false) => {
rejected.fetch_add(1, Ordering::SeqCst);
}
_ => {}
}
})
.await;
let api_failures = api_failures.into_inner();
let num_failures = api_failures.len();
pending.pending = api_failures;
let rejected = rejected.into_inner();
let rejected_ratio = rejected as f32 / total as f32;
let rejected_perc = rejected_ratio * 100.;
if rejected_ratio >= (1. - self.config.minimum_api_quorum) {
error!("{rejected_perc:.2}% of signers rejected ticket {ticket_id}. we won't be able to redeem it");
self.shared_state
.storage
.update_rejected_ticket(pending.ticket.ticket_id)
.await?;
self.revoke_ticket_bandwidth(pending.ticket.ticket_id, ticket_type)
.await?;
}
let accepted_ratio = (total - rejected - num_failures) as f32 / total as f32;
let accepted_perc = accepted_ratio * 100.;
match accepted_ratio {
n if n < self.multisig_threshold => error!("less than 2/3 of signers ({accepted_perc:.2}%) accepted ticket {ticket_id}. we won't be able to spend it"),
n if n < self.config.minimum_api_quorum => warn!("less than 80%, but more than 67% of signers ({accepted_perc:.2}%) accepted ticket {ticket_id}. technically we could redeem it, but we'll wait for the bigger quorum"),
_ => {
trace!("{accepted_perc:.2}% of signers accepted ticket {ticket_id}");
self.shared_state.storage.update_verified_ticket(pending.ticket.ticket_id).await?;
return Ok(true)
}
}
Ok(false)
}
async fn send_ticket_for_verification(
&mut self,
ticket: ClientTicket,
) -> Result<(), EcashTicketError> {
let api_clients = self
.shared_state
.api_clients(ticket.spending_data.epoch_id)
.await?;
let ids = api_clients.iter().map(|c| c.node_id).collect();
let mut pending = PendingVerification::new(ticket, ids);
let got_quorum = self
.send_pending_ticket_for_verification(&mut pending, Some(api_clients))
.await?;
if !got_quorum {
debug!("failed to reach quorum for ticket {}. apis: {:?} haven't responded. we'll retry later", pending.ticket.ticket_id, pending.pending);
self.pending_tickets.push(pending);
} else {
// since we reached the quorum we no longer need to hold the ticket's binary data
self.shared_state
.storage
.remove_verified_ticket_binary_data(pending.ticket.ticket_id)
.await?;
}
Ok(())
}
async fn handle_client_ticket(&mut self, ticket: ClientTicket) {
// attempt to send for verification
let ticket_id = ticket.ticket_id;
if let Err(err) = self.send_ticket_for_verification(ticket).await {
error!("failed to verify ticket {ticket_id}: {err}")
}
}
async fn resolve_pending(&mut self) -> Result<(), EcashTicketError> {
let mut still_failing = Vec::new();
// 1. attempt to resolve all pending proposals
while let Some(mut pending) = self.pending_redemptions.pop() {
match self.try_resolve_pending_proposal(&mut pending, None).await {
Ok(resolution) => {
if resolution.is_pending() {
warn!("still failed to reach quorum for proposal {}. apis: {:?} haven't responded. we'll retry later", pending.proposal_id, pending.pending);
still_failing.push(pending);
} else {
self.shared_state
.storage
.clear_post_proposal_data(
pending.proposal_id as u32,
OffsetDateTime::now_utc(),
resolution.is_rejected(),
)
.await?;
}
}
Err(err) => {
error!("experienced internal error when attempting to resolve pending proposal: {err}");
// make sure to update internal state to not lose any data
self.pending_redemptions.push(pending);
self.pending_redemptions.append(&mut still_failing);
return Err(err);
}
}
}
let mut still_failing = Vec::new();
// 2. attempt to verify the remaining tickets
while let Some(mut pending) = self.pending_tickets.pop() {
// possible optimisation: if there's a lot of pending tickets, pre-emptively grab locks for api_clients
match self
.send_pending_ticket_for_verification(&mut pending, None)
.await
{
Ok(got_quorum) => {
if !got_quorum {
warn!("still failed to reach quorum for ticket {}. apis: {:?} haven't responded. we'll retry later", pending.ticket.ticket_id, pending.pending);
still_failing.push(pending);
} else {
// since we reached the quorum we no longer need to hold the ticket's binary data
self.shared_state
.storage
.remove_verified_ticket_binary_data(pending.ticket.ticket_id)
.await?;
}
}
Err(err) => {
error!("experienced internal error when attempting to resolve pending ticket: {err}");
// make sure to update internal state to not lose any data
self.pending_tickets.push(pending);
self.pending_tickets.append(&mut still_failing);
return Err(err);
}
}
}
// at this point self.pending_tickets is empty
self.pending_tickets = still_failing;
Ok(())
}
/// Attempt to send batch redemption request to the provided ecash verifier.
async fn redeem_tickets(
&self,
proposal_id: u64,
request: &BatchRedeemTicketsBody,
client: &EcashApiClient,
) -> Result<bool, EcashTicketError> {
match client.api_client.batch_redeem_ecash_tickets(request).await {
Ok(res) => {
let accepted = if res.proposal_accepted {
trace!("{client} has accepted proposal {proposal_id}");
true
} else {
warn!("{client} has rejected proposal {proposal_id}");
false
};
Ok(accepted)
}
Err(err) => {
error!("failed to send proposal {proposal_id} for redemption vote to ecash signer '{client}': {err}. if we don't reach quorum, we'll retry later");
Ok(false)
}
}
}
async fn try_execute_proposal(&self, proposal_id: u64) -> Result<(), EcashTicketError> {
self.shared_state
.start_tx()
.await
.execute_proposal(proposal_id, None)
.await
.map_err(
|source| EcashTicketError::RedemptionProposalExecutionFailure {
proposal_id,
source,
},
)?;
Ok(())
}
async fn get_proposal_status(&self, proposal_id: u64) -> Result<Status, EcashTicketError> {
Ok(self
.shared_state
.start_query()
.await
.query_proposal(proposal_id)
.await
.map_err(EcashTicketError::chain_query_failure)?
.status)
}
async fn try_finalize_proposal(
&self,
proposal_id: u64,
) -> Result<ProposalResult, EcashTicketError> {
match self.get_proposal_status(proposal_id).await? {
Status::Pending => {
// the voting hasn't even begun!
error!("impossible case! the proposal {proposal_id} is still pending");
Ok(ProposalResult::Pending)
}
Status::Open => {
debug!("proposal {proposal_id} is still open and needs more votes");
Ok(ProposalResult::Pending)
}
Status::Rejected => {
warn!("proposal {proposal_id} has been rejected");
Ok(ProposalResult::Rejected)
}
Status::Passed => {
info!(
"proposal {proposal_id} has already been passed - we just need to execute it"
);
self.try_execute_proposal(proposal_id).await?;
info!("executed proposal {proposal_id}");
Ok(ProposalResult::Executed)
}
Status::Executed => {
info!("proposal {proposal_id} has already been executed - nothing to do!");
Ok(ProposalResult::Executed)
}
}
}
async fn try_resolve_pending_proposal(
&self,
pending: &mut PendingRedemptionVote,
api_clients: Option<RwLockReadGuard<'_, Vec<EcashApiClient>>>,
) -> Result<ProposalResult, EcashTicketError> {
let proposal_id = pending.proposal_id;
info!(
"attempting to resolve pending redemption proposal {proposal_id} to redeem {} tickets",
pending.included_serial_numbers.len()
);
// check if the proposal still needs more votes from the apis
let result = self.try_finalize_proposal(proposal_id).await?;
if !result.is_pending() {
return Ok(result);
}
let api_clients = match api_clients {
Some(clients) => clients,
None => self.shared_state.api_clients(pending.epoch_id).await?,
};
let redemption_request = pending.to_request_body(self.shared_state.address.clone());
// TODO: optimisation: tell other apis they can purge our tickets even if they haven't voted
let total = api_clients.len();
let api_failures = Mutex::new(Vec::new());
let rejected = AtomicUsize::new(0);
for_each_api_concurrent(&api_clients, &pending.pending, |ecash_client| async {
// errors are only returned on hard, storage, failures
match self
.redeem_tickets(pending.proposal_id, &redemption_request, ecash_client)
.await
{
Err(err) => {
error!("internal failure. could not proceed with ticket redemption: {err}");
api_failures.lock().await.push(ecash_client.node_id);
}
Ok(false) => {
rejected.fetch_add(1, Ordering::SeqCst);
}
_ => {}
}
})
.await;
let api_failures = api_failures.into_inner();
let num_failures = api_failures.len();
pending.pending = api_failures;
let rejected = rejected.into_inner();
let rejected_ratio = rejected as f32 / total as f32;
let rejected_perc = rejected_ratio * 100.;
if rejected_ratio >= (1. - self.multisig_threshold) {
error!("{rejected_perc:.2}% of signers rejected proposal {proposal_id}. we won't be able to execute it");
// no need to query the chain as with so many rejections it's impossible it has passed.
return Ok(ProposalResult::Rejected);
}
let accepted_ratio = (total - rejected - num_failures) as f32 / total as f32;
let accepted_perc = accepted_ratio * 100.;
match accepted_ratio {
n if n < self.multisig_threshold => {
error!("less than 2/3 of signers ({accepted_perc:.2}%) accepted proposal {proposal_id}. we're not yet be able to execute it to get funds out");
return Ok(ProposalResult::Pending);
}
n if n < self.config.minimum_api_quorum => {
warn!("the system seems to be a bit unstable: less than 80%, but more than 67% of signers ({accepted_perc:.2}%) accepted proposal {proposal_id}");
}
_ => {
trace!("{accepted_perc:.2}% of signers accepted proposal {proposal_id}");
}
}
// attempt to execute the proposal if it reached the required threshold
self.try_finalize_proposal(proposal_id).await
}
async fn maybe_redeem_tickets(&mut self) -> Result<(), EcashTicketError> {
if !self.pending_tickets.is_empty() {
return Err(EcashTicketError::PendingTickets);
}
let latest_stored = self.shared_state.storage.latest_proposal().await?;
// check if we have already created the proposal but crashed before persisting it in the db
//
// if we have some persisted proposals in storage, try to see if there's anything more recent on chain
// (i.e. the missing proposal)
// if not (i.e. this would have been our first) check the latest page of proposals.
// while this is not ideal, realistically speaking we probably crashed few minutes ago
// and worst case scenario we'll just recreate the proposal instead
//
// LIMITATION: if MULTIPLE proposals got created in between, well. though luck.
let latest_on_chain = if let Some(latest_stored) = &latest_stored {
// those are sorted in ASCENDING way
self.shared_state
.proposals_since(latest_stored.proposal_id as u64)
.await?
.pop()
} else {
// but those are DESCENDING
self.shared_state
.last_proposal_page()
.await?
.first()
.cloned()
};
let now = OffsetDateTime::now_utc();
let prior_proposal = match (&latest_stored, latest_on_chain) {
(None, None) => {
// we haven't created any proposals before
trace!("this could be our first redemption proposal");
None
}
(Some(stored), None) => {
if stored.created_at + MIN_BATCH_REDEMPTION_DELAY > now {
trace!("too soon to create new redemption proposal");
return Ok(());
}
None
}
(_, Some(on_chain)) => {
warn!("we seem to have crashed after creating proposal, but before persisting it onto disk!");
Some(on_chain)
}
};
// technically we could have been just caching all of those serial numbers as we verify tickets,
// but given how infrequently we call this, there's no point in wasting this memory
let verified_tickets = self
.shared_state
.storage
.get_all_verified_tickets_with_sn()
.await?;
// TODO: somehow simplify that nasty nested if
if verified_tickets.len() < self.config.minimum_redemption_tickets {
// bypass the number of tickets check if we're about to lose our rewards due to expiration
if let Some(latest_stored) = latest_stored {
if latest_stored.created_at + self.config.maximum_time_between_redemption < now {
{}
} else {
debug!("we only have {} verified tickets. there's no point in creating a redemption request yet. (we need at least {} (configurable))", verified_tickets.len(), self.config.minimum_redemption_tickets);
return Ok(());
}
} else {
// first proposal
debug!("we only have {} verified tickets. there's no point in creating a redemption request yet. (we need at least {} (configurable))", verified_tickets.len(), self.config.minimum_redemption_tickets);
return Ok(());
}
}
// this should have been ensured when querying
assert!(verified_tickets.len() <= u16::MAX as usize);
let digest =
BatchRedeemTicketsBody::make_digest(verified_tickets.iter().map(|t| &t.serial_number));
let encoded_digest = bs58::encode(&digest).into_string();
let prior_proposal_id = if let Some(prior_proposal) = prior_proposal {
if prior_proposal.description == encoded_digest {
info!("we have already created proposal for those tickets");
Some(prior_proposal.id)
} else {
warn!(
"our missed proposal seem to have been for different tickets - abandoning it"
);
None
}
} else {
None
};
// if the proposal has already existed on chain, do use it. otherwise create a new one
let proposal_id = if let Some(prior) = prior_proposal_id {
prior
} else {
self.create_redemption_proposal(&digest, verified_tickets.len() as u16)
.await?
};
if proposal_id > u32::MAX as u64 {
// realistically will we ever reach it? no.
panic!(
"we have created more than {} proposals. we can't handle that.",
u32::MAX
)
}
self.shared_state
.storage
.insert_redemption_proposal(
&verified_tickets,
proposal_id as u32,
OffsetDateTime::now_utc(),
)
.await?;
let current_epoch = self.shared_state.current_epoch_id().await?;
let api_clients = self.shared_state.api_clients(current_epoch).await?;
let ids = api_clients.iter().map(|c| c.node_id).collect();
let mut pending = PendingRedemptionVote::new(
proposal_id,
digest,
verified_tickets
.into_iter()
.map(|t| t.serial_number)
.collect(),
current_epoch,
ids,
);
let resolution = self
.try_resolve_pending_proposal(&mut pending, Some(api_clients))
.await?;
if resolution.is_pending() {
warn!("failed to reach quorum for proposal {proposal_id}. apis: {:?} haven't responded. we'll retry later", pending.pending);
self.pending_redemptions.push(pending);
} else {
self.shared_state
.storage
.clear_post_proposal_data(
proposal_id as u32,
OffsetDateTime::now_utc(),
resolution.is_rejected(),
)
.await?;
}
Ok(())
}
async fn periodic_operations(&mut self) -> Result<(), EcashTicketError> {
trace!("attempting to resolve all pending operations -> tickets that are waiting for verification and possibly redemption");
// 1. retry all operations that have failed in the past: verification requests and pending redemption
self.resolve_pending().await?;
// 2. if applicable, attempt to redeem all newly verified tickets
self.maybe_redeem_tickets().await?;
Ok(())
}
async fn run(mut self, mut shutdown: nym_task::TaskClient) {
info!("Starting Ecash CredentialSender");
// attempt to clear any pending operations
info!("attempting to resolve any pending operations");
if let Err(err) = self.periodic_operations().await {
error!("failed to resolve pending operations on startup: {err}")
}
let start = Instant::now() + self.config.pending_poller;
let mut resolver_interval = interval_at(start, self.config.pending_poller);
while !shutdown.is_shutdown() {
tokio::select! {
biased;
_ = shutdown.recv() => {
trace!("client_handling::credentialSender : received shutdown");
},
Some(ticket) = self.ticket_receiver.next() => {
let (queued_up, _) = self.ticket_receiver.size_hint();
// this will help us determine if we need to parallelize it
match queued_up {
n if n < 5 => debug!("there are {n} tickets queued up that need processing"),
n if (5..20).contains(&n) => info!("there are {n} tickets queued up that need processing"),
n if (20..50).contains(&n) => warn!("there are {n} tickets queued up that need processing!"),
n => error!("there are {n} tickets queued up that need processing!"),
}
self.handle_client_ticket(ticket).await
},
_ = resolver_interval.tick() => {
if let Err(err) = self.periodic_operations().await {
error!("failed to deal with periodic operations: {err}")
}
}
}
}
}
pub(crate) fn start(self, shutdown: nym_task::TaskClient) {
tokio::spawn(async move { self.run(shutdown).await });
}
}