Add storage bounds for pallet `staking` and clean up deprecated non paged exposure storages #6445

re-gius · 2024-11-11T15:08:49Z

This is part of #6289 and necessary for the Asset Hub migration.

Building on the observations and suggestions from #255 .

Changes

Add MaxInvulnerables to bound Invulnerables Vec -> BoundedVec.
- Set to constant 20 in the pallet (must be >= 17 for backward compatibility of runtime westend).
Add MaxDisabledValidators to bound DisabledValidators Vec -> BoundedVec
- Set to constant 100 in the pallet (it should be <= 1/3 * MaxValidatorsCount according to the current disabling strategy)
Remove ErasStakers and ErasStakersClipped (see Tracker issue for cleaning up old non-paged exposure logic in staking pallet #433 )
- They were deprecated in v14 and could have been removed since staking era 1504 (now it's > 1600)
- Completing the task from [pallet-staking] Clean up stale non paged exposure storages in the pallet #5986
Use MaxExposurePageSize to bound ErasStakersPaged mapping to exposure pages: each ExposurePage.others Vec is turned into a WeakBoundedVec to allow easy and quick changes to this bound
Add MaxBondedEras to bound BondedEras Vec -> BoundedVec
- Set to BondingDuration::get() + 1 everywhere to include both time interval endpoints in [current_era - BondingDuration::get(), current_era]. Notice that this was done manually in every test and runtime, so I wonder if there is a better way to ensure that MaxBondedEras::get() == BondingDuration::get() + 1 everywhere.
Add MaxRewardPagesPerValidator to bound ClaimedRewards Vec of pages -> WeakBoundedVec
- Set to constant 20 in the pallet. The vector of pages is now a WeakBoundedVec to allow easy and quick changes to this parameter
Remove MaxValidatorsCount optional storage item to add MaxValidatorsCount mandatory config parameter
- Using it to to bound EraRewardPoints.individual BTreeMap -> BoundedBTreeMap;
- Set to dynamic parameter in runtime westend so that changing it should not require migrations for it

TO DO
Slashing storage items will be bounded in another PR.

UnappliedSlashes
SlashingSpans

kianenigma · 2024-12-19T14:19:05Z

polkadot/runtime/rococo/src/lib.rs

@@ -1184,7 +1184,6 @@ impl parachains_slashing::Config for Runtime {
 		ReportLongevity,
 	>;
 	type WeightInfo = parachains_slashing::TestWeightInfo;
-	type BenchmarkingConfig = parachains_slashing::BenchConfig<200>;


The overall observation is that we had to add temporarily a lot of bounds to pallets just for benchmarks, but as staking has now proper bounds for all its storage, they are not needed ✅

polkadot/runtime/test-runtime/src/lib.rs

kianenigma · 2024-12-19T14:20:57Z

polkadot/runtime/westend/src/genesis_config_presets.rs

+			invulnerables: BoundedVec::try_from(
+				initial_authorities.iter().map(|x| x.0.clone()).collect::<Vec<_>>()
+			)
+			.expect("Too many invulnerable validators!"),


Error message can be a bit more informative, hinting at which config should be tweaked if this expect is ever reached.

error message improved in 0d47dc5

kianenigma · 2024-12-19T14:24:20Z

polkadot/runtime/westend/src/lib.rs

@@ -1841,6 +1855,7 @@ pub mod migrations {
 		parachains_shared::migration::MigrateToV1<Runtime>,
 		parachains_scheduler::migration::MigrateV2ToV3<Runtime>,
 		pallet_staking::migrations::v16::MigrateV15ToV16<Runtime>,
+		pallet_staking::migrations::v17::MigrateV16ToV17<Runtime>,


You can check the logs for this migration in this CI job:

https://github.com/paritytech/polkadot-sdk/actions/runs/12412281493/job/34651846644?pr=6445

there seems to be some error-ish logs in there:

💸 Migration failed for ClaimedRewards from v16 to v17.

Solved with force_from(...) for WeakBoundedVec. I noticed that old individual validator exposures have up to 205 pages, while we would expect them to be at most 20 in the future @Ank4n
What do you think is the best approach: keep 20 as a limit for MaxRewardPagesPerValidator for future items and force old items in a WeakBoundedVec or increase the MaxRewardPagesPerValidator limit to something like 250 to accomodate old items?

EDIT: I can also see a third option: merge pages for old items until they are less than 20.

I think using WeakBoundedVec with too much elements is prone to error. operation like remove and then try_push will fail. We should have a clean state. WeakBoundedVec is more for emergency.

kianenigma · 2024-12-19T14:30:22Z

substrate/bin/node/runtime/src/lib.rs

@@ -745,6 +746,10 @@ impl pallet_staking::Config for Runtime {
 	type WeightInfo = pallet_staking::weights::SubstrateWeight<Runtime>;
 	type BenchmarkingConfig = StakingBenchmarkingConfig;
 	type DisablingStrategy = pallet_staking::UpToLimitWithReEnablingDisablingStrategy;
+	type MaxInvulnerables = ConstU32<20>;
+	type MaxRewardPagesPerValidator = ConstU32<20>;
+	type MaxValidatorsCount = ConstU32<300>;


Other pallets like session, babe, grandpa and such also have a notion of MaxValidators (expressed as MaxAuthorities) that should be equal to the max validators of this pallet.

within this file, you can use one pub const MaxValidators: u32 = 300 everywhere to unify it.

Taking it a step further, you can expose this as a part of trait SessionManager. this trait can expose a trat SessionManager { type MaxAuthorities = <set-by-staking-pallet> }. Then, within the pallet-session, who consumes SessionManager, you can do:

fn integroty_check() { /// A way to express within pallet-session that whoever implements `SessionManager` should have a compatible `MaxAuthorities`. assert!(T::SessionManager::MaxAuthoritiet::get() >= T::MaxAuthorities::get()) }

This might be too much for this PR, but good for you to be familiar with the pattern.

Whenever they are multiple parameters within two pallets that have a logical dependency (they have to be equal, or one has to be larger than the other), you can remove the implicitness like this.

changed in a065a91

Opened issue #6972 to unify MaxValidators limit (I also see a MaxActiveValidators)

Co-authored-by: Kian Paimani <[email protected]>

substrate/frame/staking/src/pallet/mod.rs

gui1117 · 2025-01-16T08:51:02Z

substrate/frame/staking/src/pallet/mod.rs

+			ensure!(
+				invulnerables.len() as u32 <= T::MaxInvulnerables::get(),
+				Error::<T>::BoundNotMet
+			);
+			<Invulnerables<T>>::put(BoundedVec::truncate_from(invulnerables));


Suggested change

ensure!(

invulnerables.len() as u32 <= T::MaxInvulnerables::get(),

Error::<T>::BoundNotMet

);

<Invulnerables<T>>::put(BoundedVec::truncate_from(invulnerables));

let invulnerables = BoundedVec::try_from(invulnerables)

.map_err(|_| Error::<T>::BoundNotMet)?;

<Invulnerables<T>>::put(invulnerables);

gui1117 · 2025-01-16T08:55:26Z

substrate/primitives/staking/src/lib.rs

 			for individual in chunk.iter() {
 				page_total.saturating_accrue(individual.value);
-				others.push(IndividualExposure {
+				let _ = others.try_push(IndividualExposure {


We could use defensive. but it is ok to me

Suggested change

let _ = others.try_push(IndividualExposure {

// Always successful as chunks are of size `MaxExposurePageSize`.

let _ = others.try_push(IndividualExposure {

seadanda · 2025-01-16T16:50:41Z

polkadot/runtime/test-runtime/src/lib.rs

@@ -400,7 +401,7 @@ impl pallet_staking::Config for Runtime {
 	type DisablingStrategy = pallet_staking::UpToLimitWithReEnablingDisablingStrategy;
 	type MaxInvulnerables = ConstU32<20>;
 	type MaxRewardPagesPerValidator = ConstU32<20>;
-	type MaxValidatorsCount = ConstU32<300>;
+	type MaxValidatorsCount = MaxAuthorities;


This is a huge jump, is there a reason why the MaxAuthorities is so big in the test runtime?

gui1117

Overall looks good, but there is still some comments to resolve.

gui1117 · 2025-01-17T05:31:31Z