feat!: limit the max tx size to 2 MiB

[ninabarbakadze]

Overview

Fixes #3686

[github-actions]

PR Preview Action v1.4.8
🚀 Deployed preview to https://celestiaorg.github.io/celestia-app/pr-preview/pr-3909/
on branch gh-pages at 2024-10-11 16:25 UTC

[ninabarbakadze]

I'll add the link to MaxTxSize in appconsts once this pr is merged

[coderabbitai]

📝 Walkthrough

📝 Walkthrough

Walkthrough

The changes introduce a new decorator, MaxTxSizeDecorator, to the transaction handling process, ensuring transactions do not exceed a specified size limit. This decorator is added to the NewAnteHandler function, which is responsible for processing transactions. Additionally, a new constant MaxTxBytes is defined to set the maximum transaction size, and corresponding tests have been implemented to validate the decorator's functionality across various scenarios.

Changes

File	Change Summary
app/ante/ante.go	Added NewMaxTxSizeDecorator() to NewAnteHandler for transaction size validation.
app/ante/max_tx_size.go	Introduced MaxTxSizeDecorator type with AnteHandle method to enforce transaction size limits.
app/ante/max_tx_size_test.go	Created tests for MaxTxSizeDecorator to validate behavior with various transaction sizes and versions.
pkg/appconsts/v3/app_consts.go	Added constant MaxTxBytes set to 2097152 (2 MiB).
pkg/appconsts/versioned_consts.go	Added function MaxTxBytes to return the value of v3.MaxTxBytes.
app/process_proposal.go	Modified to set transaction bytes in context for application versions 3 and above.
app/validate_txs.go	Modified filterStdTxs and filterBlobTxs to set transaction size on context.

Assessment against linked issues

Objective	Addressed	Explanation
Cap the size of the transaction to reduce strain on network (#3686)	✅

Possibly related PRs

• chore: optimize checkTx #3954: The changes in this PR involve updates to the ProcessProposal method and the prepare_proposal_test.go file, which are directly related to the modifications made in the main PR regarding transaction processing and size management.

Suggested labels

enhancement, WS: Big Blonks 🔭, WS: Maintenance 🔧

Suggested reviewers

• rootulp
• evan-forbes
• cmwaters

---

📜 Recent review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 70b4174 and f600227.

📒 Files selected for processing (1)

• app/test/prepare_proposal_test.go (6 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• app/test/prepare_proposal_test.go

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

‼️ IMPORTANT
Auto-reply has been disabled for this repository in the CodeRabbit settings. The CodeRabbit bot will not respond to your replies unless it is explicitly tagged.

• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (7)

pkg/appconsts/versioned_consts.go (2)

45-47: Consider implementing the previous review suggestion

As suggested in a previous review, consider removing the parameter name for consistency:

-func MaxTxBytes(_ uint64) int {
+func MaxTxBytes(uint64) int {
 	return v3.MaxTxBytes
}

This change improves code clarity by explicitly showing that the parameter is unused.

---

45-47: Add a comment explaining the unused parameter

Consider adding a comment to explain the purpose of the unused uint64 parameter. If it's for future versioning, make this explicit:

+// MaxTxBytes returns the maximum transaction size in bytes.
+// The uint64 parameter is reserved for future versioning and is currently unused.
func MaxTxBytes(_ uint64) int {
	return v3.MaxTxBytes
}

This addition would improve code documentation and clarify the intent behind the function signature.

app/ante/max_tx_size_test.go (3)

20-50: LGTM: Test cases cover important scenarios.

The test cases are well-defined and cover crucial scenarios including valid transaction size, oversized transactions, edge cases, and version compatibility. The use of v3.MaxTxBytes constant ensures the test adapts to changes in the maximum transaction size.

Consider adding an additional test case for a transaction size slightly below the maximum threshold (e.g., v3.MaxTxBytes - 1000) to ensure there's no off-by-one error in the implementation.

---

52-72: LGTM: Test execution logic is robust and well-implemented.

The test execution logic is sound, iterating over each test case, setting up the appropriate context, and verifying the results. The use of the require package ensures clear test failure messages.

Consider adding a comment explaining the purpose of ctx.WithTxBytes(txBytes) to improve code readability. For example:

// Set the transaction bytes in the context to simulate a transaction of the specified size
ctx = ctx.WithTxBytes(txBytes)

---

1-72: Great job on implementing comprehensive tests for MaxTxSizeDecorator!

This test file effectively validates the functionality of the MaxTxSizeDecorator, aligning well with the PR objectives of implementing a maximum transaction size. The tests cover various scenarios, including valid and invalid transaction sizes, edge cases, and version compatibility.

The code is well-structured, follows Go best practices, and uses appropriate testing utilities. This will help ensure the robustness of the transaction size limitation feature.

As the project evolves, consider expanding these tests to cover more edge cases and potential real-world scenarios. This could include testing with different types of transactions or simulating network conditions that might affect transaction processing.

specs/src/ante_handler_v3.md (1)

6-6: Approved addition with a suggestion for improvement

The new criterion for transaction size validation aligns well with the PR objectives of capping transaction size to reduce network strain. This is a valuable addition to the AnteHandler specifications.

To enhance clarity and maintainability, consider adding a reference or link to the definition of MaxTxBytes. This would help developers quickly locate the specific value and any related configuration details.

Consider adding a reference like this:

- The tx size is not larger than the application's configured versioned constant MaxTxBytes (defined in [appconsts](link-to-appconsts-file)).

app/ante/max_tx_size.go (1)

10-11: Improve comment clarity for MaxTxSizeDecorator.

Consider rephrasing the comment to form a complete sentence and enhance readability. For example:

-// MaxTxSizeDecorator ensures that a tx can not be larger than
-// application's configured versioned constant.
+// MaxTxSizeDecorator ensures that a transaction cannot exceed
+// the application's configured maximum size.

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between c713401 and 941f55b.

📒 Files selected for processing (7)

• app/ante/ante.go (1 hunks)
• app/ante/max_tx_size.go (1 hunks)
• app/ante/max_tx_size_test.go (1 hunks)
• pkg/appconsts/v3/app_consts.go (1 hunks)
• pkg/appconsts/versioned_consts.go (1 hunks)
• pkg/appconsts/versioned_consts_test.go (1 hunks)
• specs/src/ante_handler_v3.md (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• pkg/appconsts/v3/app_consts.go

🔇 Additional comments (6)

pkg/appconsts/versioned_consts.go (2)

45-47: LGTM: Function aligns with PR objectives

The MaxTxBytes function correctly provides access to the maximum transaction size, which is crucial for implementing the transaction size cap as per the PR objectives.

---

45-47: Verify the usage of MaxTxBytes in the codebase

To ensure that this function is being used correctly to implement the transaction size cap, we should verify its usage across the codebase.

✅ Verification successful

MaxTxBytes usage verified across the codebase

The MaxTxBytes function is consistently utilized in all relevant areas to enforce transaction size limits, ensuring correct implementation of the transaction size cap.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Search for usages of MaxTxBytes function to verify its implementation in capping transaction sizes.

# Test: Search for MaxTxBytes usage
echo "Searching for MaxTxBytes usage:"
rg --type go "MaxTxBytes\(" -A 5

# Test: Search for potential transaction size checks
echo "Searching for potential transaction size checks:"
rg --type go "tx.*size|size.*tx" -i

Length of output: 15509

app/ante/max_tx_size_test.go (2)

1-14: LGTM: Package declaration and imports are well-structured.

The package name and imports are appropriate for the test file. The use of aliases for different versions of app constants (v2, v3) enhances readability.

---

16-19: LGTM: Test function setup is correct.

The test function is properly named and the setup correctly initializes the MaxTxSizeDecorator and chains it with sdk.ChainAnteDecorators.

pkg/appconsts/versioned_consts_test.go (1)

69-74: LGTM! The new test case aligns well with the PR objectives.

The addition of this test case for MaxTxBytes in version 3 is a good implementation. It directly supports the PR's goal of capping transaction sizes by ensuring that the new constant is correctly set and can be retrieved. This test will help maintain the integrity of the transaction size limit as the codebase evolves.

app/ante/ante.go (1)

35-36: Approve addition of NewMaxTxSizeDecorator with suggestions

The addition of NewMaxTxSizeDecorator() aligns well with the PR objectives of capping transaction size to alleviate network strain. Its placement in the decorator chain is logical, allowing for early rejection of oversized transactions.

However, I have a few suggestions to enhance clarity and ensure proper implementation:

1. Please provide information about the implementation of NewMaxTxSizeDecorator(). What specific size limit is being enforced?
2. Consider adding a comment to explain how this new decorator interacts with the existing NewConsumeGasForTxSizeDecorator. Are they complementary or potentially redundant?
3. It would be helpful to see the implementation of NewMaxTxSizeDecorator() to ensure it correctly enforces the desired transaction size limit.

To verify the implementation and usage of NewMaxTxSizeDecorator(), please run the following script:

✅ Verification successful

Approve addition of NewMaxTxSizeDecorator with implementation verified

The NewMaxTxSizeDecorator() correctly enforces a transaction size limit of 2 MiB, aligning with the PR objectives of capping transaction size to alleviate network strain. Its placement in the decorator chain allows for early rejection of oversized transactions, and the implementation is supported by relevant test cases (TestMaxTxSizeDecorator).

Suggestions:

1. Add comments to clearly state the enforced transaction size limit.
2. Document the interaction between NewMaxTxSizeDecorator and existing decorators to ensure clarity.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the implementation of NewMaxTxSizeDecorator

# Test: Search for the implementation of NewMaxTxSizeDecorator
echo "Searching for NewMaxTxSizeDecorator implementation:"
rg --type go "func NewMaxTxSizeDecorator\(" -A 10

# Test: Check for any constants or variables related to max transaction size
echo "\nSearching for max transaction size constants or variables:"
rg --type go "(MaxTxSize|MAX_TX_SIZE)"

# Test: Look for tests related to max transaction size
echo "\nSearching for related test cases:"
rg --type go "TestMaxTxSize"

Length of output: 1955

---

Script:

#!/bin/bash
# Description: Locate the definition and value of MaxTxBytes

echo "Searching for the definition of MaxTxBytes:"
rg --type go "const\s+MaxTxBytes\s*="

echo "\nSearching for configurations or usages of MaxTxBytes:"
rg --type go "MaxTxBytes"

Length of output: 1785

[coderabbitai]

⚠️ Potential issue

Correct the transaction size comparison operator.

The current condition rejects transactions that are exactly the maximum allowed size:

if len(ctx.TxBytes()) >= appconsts.MaxTxBytes(ctx.BlockHeader().Version.App) {

If the intention is to allow transactions up to and including the maximum size, consider changing the comparison operator to >:

-if len(ctx.TxBytes()) >= appconsts.MaxTxBytes(ctx.BlockHeader().Version.App) {
+if len(ctx.TxBytes()) > appconsts.MaxTxBytes(ctx.BlockHeader().Version.App) {

This change ensures that transactions equal to the maximum size are accepted, and only those exceeding it are rejected.

[evan-forbes]

this is good to note, whichever is used, we simply need to document it

using strictly greater than makes sense to me, as we can just use that constant everywhere instead of subtracting 1 everywhere as well

[cmwaters]

I second this that it would be better if it were strictly greater than 2MB

[rootulp]

Implementation LGTM, great work! I think we need a FLUP issue to write a CIP for this.

nit: PR title should include ! because I think this is consensus breaking.

[rootulp]

Another nit: PR title could be more readable to end-users b/c it will show up in release notes. For example: "feat!: limit the max tx size to 2 MiB".

Can also add this to release notes.

[ninabarbakadze]

Another nit: PR title could be more readable to end-users b/c it will show up in release notes. For example: "feat!: limit the max tx size to 2 MiB".

Can also add this to release notes.

Thanks @rootulp! Updated :)

[evan-forbes]

[very optional]

imo, if we can exit with a negative, then we should. this follows golang's norms

so

if ctx.BlockHeader().Version.App < v3.Version {
    next() // or whatever
   }

[evan-forbes]

this is good to note, whichever is used, we simply need to document it

using strictly greater than makes sense to me, as we can just use that constant everywhere instead of subtracting 1 everywhere as well

[cmwaters]

A few nits otherwise looks good

[rootulp]

Pretty confident the process_proposal change needs to be gated behind an app version check. There are a few other instances that should be verified if they are consensus breaking and if they are then we need version gates.

[rootulp]

[nit] provide the current tx bytes in the error message so that a user knows how many bytes they need to trim from their tx.

[ninabarbakadze]

54b2b4d

[rootulp]

[question] does this need to be gated behind a version gate? @evan-forbes mentioned that it is consensus breaking

Suggested change

	// Set the tx size on the context before calling the AnteHandler
	sdkCtx = sdkCtx.WithTxBytes(tx)
	// Set the tx bytes in the context for app version v3 and greater
	if sdkCtx.BlockHeader().Version.App >= 3 {
	sdkCtx = sdkCtx.WithTxBytes(tx)
	}

[ninabarbakadze]

me and @evan-forbes briefly discussed this yesterday but I don't think we reached a firm conclusion. ConsumeTxSizeGasDecorator also uses TxBytes set on the context so I guess it is consensus breaking? I could also reset it back to empty after MaxTxSizeDecorator is executed.

[ninabarbakadze]

because even if we version gate it do we want it to be set during the ante handler execution in v3?

[rootulp]

It seems like a bug that it wasn't set before ConsumeTxSizeGasDecorator.

do we want it to be set during the ante handler execution in v3?

IMO yes

[evan-forbes]

I added this gate in #3960 (which we can close after this)

I think there's a chance it could be consensus breaking because of the ante handle that subtracts gas for the size of the tx. we don't currently set it in process proposal afaik, which would mean that's its possible to reject or accept a block if an account does or doesn't have enough gas. very unlikely, but I think it could happen.

[evan-forbes]

so we need a gate in processproposal

we don't need a gate in prepare proposal, we can start applying the logic whenever

[ninabarbakadze]

makes sense! thanks!

[ninabarbakadze]

a873099

[rootulp]

[same question] does this need to be gated behind a version check?

Can this be hoisted up so that it only needs to happen once in this file? Perhaps after this line:

		sdkTx, err := app.txConfig.TxDecoder()(tx)
		// Set the tx bytes in the context for app version v3 and greater
		if sdkCtx.BlockHeader().Version.App >= 3 {
			sdkCtx = sdkCtx.WithTxBytes(tx)
		}
		// rest of file

[evan-forbes]

referencing this comment #3909 (comment)

we need a gate for process proposal, we don't need a gate prepare proposal

[ninabarbakadze]

a873099

[rootulp]

[question] how does this function create 2 single blobTxs? I don't see 2 used as an argument to ManyMultiBlobTx

[ninabarbakadze]

I'll create as many blobs as the accounts you pass into the function

[rootulp]

[question] does this need to be version gated? In other words is it consensus breaking?

[ninabarbakadze]

#3909 (comment)

[cmwaters]

nit: this would have been easier to follow if it was done once in PrepareProposal where the context actually is created

[rootulp]

[question] does this need to be version gated? In other words is it consensus breaking?

[ninabarbakadze]

#3909 (comment)

[evan-forbes]

nice, I think we only need the gates

also left an optional change for including ischecktx in our tests

[evan-forbes]

optional, but useful

we can add a bool to determine if this is checkTx here, then add that bool to the test sdk.Context as will with sdkCtx.WithIsCheckTx(true)

[ninabarbakadze]

both addressed 54b2b4d and a873099

[coderabbitai]

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (1)

app/ante/max_tx_size.go (1)

19-33: LGTM: AnteHandle method is well-implemented with clear error messaging.

The method correctly checks the app version and transaction size. The error message now includes all necessary information for users.

Consider using errors.New() or a custom error type instead of fmt.Errorf() for better error handling:

return ctx, errors.New(fmt.Sprintf("tx size %d bytes is larger than the application's configured threshold of %d bytes. Please reduce the size by %d bytes", currentTxSize, maxTxBytes, bytesOverLimit))

This allows for easier error checking and type assertions in the calling code.

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 12dfb01 and 54b2b4d.

📒 Files selected for processing (3)

• app/ante/max_tx_size.go (1 hunks)
• app/ante/max_tx_size_test.go (1 hunks)
• app/process_proposal.go (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• app/ante/max_tx_size_test.go
• app/process_proposal.go

🧰 Additional context used

🔇 Additional comments (3)

app/ante/max_tx_size.go (3)

1-9: LGTM: Package declaration and imports are appropriate.

The package name "ante" is suitable for an ante handler, and the imports are relevant to the implemented functionality.

---

11-17: LGTM: MaxTxSizeDecorator type and constructor are well-defined.

The MaxTxSizeDecorator is correctly implemented as an empty struct, and its constructor follows Go conventions.

---

1-33: Overall implementation aligns well with PR objectives.

The MaxTxSizeDecorator successfully implements the transaction size limit as described in the PR objectives. It correctly applies the limit only to app versions 3 and onwards, addressing the need to cap transaction sizes to alleviate network strain.

Key points:

1. The implementation is clean and follows Go best practices.
2. It provides clear error messages to guide users when their transactions exceed the size limit.
3. The code addresses previous review comments, such as using the correct comparison operator.

This implementation enhances the network's resilience against excessive load and provides clear guidance for transaction batching.

[evan-forbes]

LGTM

nice work!

[cmwaters]

A few nits which would be nice to address but logically looks good

[cmwaters]

I think the memo size is capped (256 bytes IIRC) so this will fail regardless

[ninabarbakadze]

do you know where the memo check is? because it was failing with transaction too large error in the logs

[cmwaters]

It's called ValidateMemoDecorator

[ninabarbakadze]

NewMaxTxSizeDecorator is called before so it'll be rejected for transaction being too large

[cmwaters]

nit: this would have been easier to follow if it was done once in PrepareProposal where the context actually is created

[cmwaters]

same nit here: this would be easier to follow if it was placed right after sdkCtx is initialised on line 54

[ninabarbakadze]

it needs to be done while we're iterating over transactions in later lines no?

[ninabarbakadze]

so you suggest i iterate over block txs another time after context is created and set WithTxBytes there?

[cmwaters]

ignore me. I misunderstood this

[rootulp]

LGTM great work.

Do we need a follow up issue to track writing a CIP for this change? I noted this elsewhere but perhaps the CIP can explain why we're using a tx validity rule instead of a mempool parameter.

[rootulp]

[not blocking] we should have considered naming it something else to avoid conflicting with the mempool parameter MaxTxBytes. For example MaxTxSize would've worked

[ninabarbakadze]

I can change it in a follow-up since i need to update the ante handler anyway :)

[evan-forbes]

we're setting the tx bytes twice here, but its not super important I don't think

[ninabarbakadze]

I think this is due to the merge. I'll update in a follow-up