Merge pull request #86 from unicitynetwork/dynamic-trust-base

Dynamic trust base

Author: b3y0urs3lf

README.md

@@ -160,6 +160,22 @@ The service is configured via environment variables:
 | `BATCH_LIMIT` | Maximum number of commitments to process per batch | `1000` |
 | `ROUND_DURATION` | Duration between block creation rounds | `1s` |
 
+### BFT Configuration
+
+| Variable                            | Description                                                                         | Default                          |
+|-------------------------------------|-------------------------------------------------------------------------------------|----------------------------------|
+| `BFT_ENABLED`                       | Enables or disables the BFT client integration.                                     | `true`                           |
+| `BFT_ADDRESS`                       | The libp2p multiaddress for the BFT client to listen on.                            | `/ip4/0.0.0.0/tcp/9000`          |
+| `BFT_ANNOUNCE_ADDRESSES`            | Comma-separated list of public callback multi-addresses to announce to other peers. | `""`                             |
+| `BFT_BOOTSTRAP_ADDRESSES`           | Comma-separated list of bootstrap peer addresses.                                   | `""`                             |
+| `BFT_BOOTSTRAP_CONNECT_RETRY`       | Number of retries for connecting to bootstrap peers.                                | `3`                              |
+| `BFT_BOOTSTRAP_CONNECT_RETRY_DELAY` | Delay between bootstrap connection retries (in seconds).                            | `5`                              |
+| `BFT_HEARTBEAT_INTERVAL`            | How often the BFT client checks for inactivity.                                     | `1s`                             |
+| `BFT_INACTIVITY_TIMEOUT`            | Duration of inactivity before the BFT client sends a new handshake.                 | `5s`                             |
+| `BFT_KEY_CONF_FILE`                 | Path to the BFT key configuration file.                                             | `bft-config/keys.json`           |
+| `BFT_SHARD_CONF_FILE`               | Path to the aggregator shard configuration file.                                    | `bft-config/shard-conf-7_0.json` |
+| `BFT_TRUST_BASE_FILES`              | Comma-separated list of paths to trust base files.                                  | `bft-config/trust-base.json`     |
+
 ## API Endpoints
 
 ### JSON-RPC 2.0 Methods
@@ -420,6 +436,24 @@ Returns the health status and role of the service.
 }
 ```
 
+#### `PUT /api/v1/trustbases`
+Adds trust base to the trust base store. The request body must be a valid trust base in json format.
+
+Example curl request
+```curl -X PUT -H 'Content-Type: application/json' -d @./test-nodes/trust-base-1.json http://localhost:3000/api/v1/trustbases```
+
+**If trust base was stored successfully then status 200 with empty response body is returned:**
+```json
+{}
+```
+
+**If trust base is invalid error then status 400 with error cause is returned:**
+```json
+{
+  "error":"failed to store trust base: trust base already exists"
+}
+```
+
 #### `GET /docs`
 Returns **executable** interactive HTML API documentation page with live testing capabilities (if `ENABLE_DOCS=true`).
 

cmd/aggregator/main.go

@@ -2,12 +2,15 @@ package main
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"os"
 	"os/signal"
 	"syscall"
 	"time"
 
+	"github.com/unicitynetwork/bft-go-base/types"
+
 	"github.com/unicitynetwork/aggregator-go/internal/config"
 	"github.com/unicitynetwork/aggregator-go/internal/gateway"
 	"github.com/unicitynetwork/aggregator-go/internal/ha"
@@ -16,6 +19,7 @@ import (
 	"github.com/unicitynetwork/aggregator-go/internal/round"
 	"github.com/unicitynetwork/aggregator-go/internal/service"
 	"github.com/unicitynetwork/aggregator-go/internal/storage"
+	"github.com/unicitynetwork/aggregator-go/internal/storage/interfaces"
 )
 
 // gracefulExit flushes async logger and exits with the given code
@@ -68,7 +72,7 @@ func main() {
 	ctx, stop := signal.NotifyContext(context.Background(), os.Interrupt, syscall.SIGTERM)
 	defer stop()
 
-	commitmentQueue, storageInstance, err := storage.NewStorage(cfg, log)
+	commitmentQueue, storageInstance, err := storage.NewStorage(ctx, cfg, log)
 	if err != nil {
 		log.WithComponent("main").Error("Failed to initialize storage", "error", err.Error())
 		gracefulExit(asyncLogger, 1)
@@ -94,6 +98,25 @@ func main() {
 
 	log.WithComponent("main").Info("Database connection established")
 
+	// Store trust bases from config files
+	trustBaseValidator := service.NewTrustBaseValidator(storageInstance.TrustBaseStorage())
+	for _, tb := range cfg.BFT.TrustBases {
+		if err := trustBaseValidator.Verify(ctx, &tb); err != nil {
+			log.WithComponent("main").Error(fmt.Sprintf("Trust base verification failed"), "error", err.Error())
+			gracefulExit(asyncLogger, 1)
+		}
+		if err := storageInstance.TrustBaseStorage().Store(ctx, &tb); err != nil {
+			if errors.Is(err, interfaces.ErrTrustBaseAlreadyExists) {
+				log.WithComponent("main").Warn(fmt.Sprintf("Trust base already exists, not overwriting it"), "epoch", tb.GetEpoch())
+			} else {
+				log.WithComponent("main").Error("Failed to store trust base", "epoch", tb.GetEpoch(), "error", err.Error())
+				gracefulExit(asyncLogger, 1)
+			}
+		} else {
+			log.WithComponent("main").Info("Stored trust base", "epoch", tb.GetEpoch())
+		}
+	}
+
 	if err := commitmentQueue.Initialize(ctx); err != nil {
 		log.WithComponent("main").Error("Failed to initialize commitment queue", "error", err.Error())
 		gracefulExit(asyncLogger, 1)
@@ -102,8 +125,22 @@ func main() {
 	// Create the shared state tracker for block sync height
 	stateTracker := state.NewSyncStateTracker()
 
+	// Load last committed unicity certificate (can be nil for genesis)
+	var luc *types.UnicityCertificate
+	lastBlock, err := storageInstance.BlockStorage().GetLatest(ctx)
+	if err != nil {
+		log.WithComponent("main").Error("Failed to load last stored block", "error", err.Error())
+		gracefulExit(asyncLogger, 1)
+	}
+	if lastBlock != nil {
+		if err := types.Cbor.Unmarshal(lastBlock.UnicityCertificate, &luc); err != nil {
+			log.WithComponent("main").Error("Failed to decode unicity certificate", "error", err.Error())
+			gracefulExit(asyncLogger, 1)
+		}
+	}
+
 	// Create round manager based on sharding mode
-	roundManager, err := round.NewManager(ctx, cfg, log, commitmentQueue, storageInstance, stateTracker)
+	roundManager, err := round.NewManager(ctx, cfg, log, commitmentQueue, storageInstance, stateTracker, luc)
 	if err != nil {
 		log.WithComponent("main").Error("Failed to create round manager", "error", err.Error())
 		gracefulExit(asyncLogger, 1)

go.mod

@@ -12,8 +12,8 @@ require (
 	github.com/stretchr/testify v1.11.1
 	github.com/testcontainers/testcontainers-go v0.39.0
 	github.com/testcontainers/testcontainers-go/modules/mongodb v0.39.0
-	github.com/unicitynetwork/bft-core v1.0.2-0.20250618101015-e1316ad51f4e
-	github.com/unicitynetwork/bft-go-base v1.0.2
+	github.com/unicitynetwork/bft-core v1.0.2-0.20251126094351-51daa89c8c43
+	github.com/unicitynetwork/bft-go-base v1.0.3-0.20251125134602-9545226e4709
 	go.mongodb.org/mongo-driver v1.17.4
 	go.opentelemetry.io/otel/metric v1.38.0
 	go.opentelemetry.io/otel/trace v1.38.0

go.sum

@@ -559,10 +559,10 @@ github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS
 github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
 github.com/ugorji/go/codec v1.2.12 h1:9LC83zGrHhuUA9l16C9AHXAqEV/2wBQ4nkvumAE65EE=
 github.com/ugorji/go/codec v1.2.12/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
-github.com/unicitynetwork/bft-core v1.0.2-0.20250618101015-e1316ad51f4e h1:C8emZcWmMPG9uEfLW3Jk1jt7IcDdGo6g7KMxer7w1Aw=
-github.com/unicitynetwork/bft-core v1.0.2-0.20250618101015-e1316ad51f4e/go.mod h1:oHcvP+Jp8N4SzedwzxWfq7SfOAzgV0si6WsQBNYVQIo=
-github.com/unicitynetwork/bft-go-base v1.0.2 h1:Z5stN59ZP3psY5RDH4VFDyg5HXDsePv27uqvP56mNGw=
-github.com/unicitynetwork/bft-go-base v1.0.2/go.mod h1:hBnOG52VRy/vpgIBUulTgk7PBTwODZ2xkVjCEu5yRcQ=
+github.com/unicitynetwork/bft-core v1.0.2-0.20251126094351-51daa89c8c43 h1:oWVHqRyI+QeldeziycQ9Qs0g3PiJN3YlNxYEBFUHxUQ=
+github.com/unicitynetwork/bft-core v1.0.2-0.20251126094351-51daa89c8c43/go.mod h1:9qPdOWF7Hr2k2owuT4L4OpndbGcdZSdymjfbxiyp3Is=
+github.com/unicitynetwork/bft-go-base v1.0.3-0.20251125134602-9545226e4709 h1:otZGyxGVw63HpZBIVyyKNoJorukL7xNXDhKoWxCqbtc=
+github.com/unicitynetwork/bft-go-base v1.0.3-0.20251125134602-9545226e4709/go.mod h1:hBnOG52VRy/vpgIBUulTgk7PBTwODZ2xkVjCEu5yRcQ=
 github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
 github.com/urfave/cli v1.22.10/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
 github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU=

internal/bft/client.go

@@ -3,18 +3,19 @@ package bft
 import (
 	"bytes"
 	"context"
+	"crypto"
 	"encoding/hex"
 	"errors"
 	"fmt"
 	"math/big"
 	"sync"
 	"sync/atomic"
+	"time"
 
-	"github.com/libp2p/go-libp2p/core/peer"
 	"github.com/unicitynetwork/bft-core/network"
 	"github.com/unicitynetwork/bft-core/network/protocol/certification"
 	"github.com/unicitynetwork/bft-core/network/protocol/handshake"
-	"github.com/unicitynetwork/bft-go-base/crypto"
+	cryptobft "github.com/unicitynetwork/bft-go-base/crypto"
 	"github.com/unicitynetwork/bft-go-base/types"
 
 	"github.com/unicitynetwork/aggregator-go/internal/config"
@@ -38,12 +39,11 @@ type (
 		shardID     types.ShardID
 		logger      *logger.Logger
 
-		// mutex for peer, network, signer, rootNodes
-		mu        sync.Mutex
-		peer      *network.Peer
-		network   *BftNetwork
-		rootNodes peer.IDSlice
-		signer    crypto.Signer
+		// mutex for peer, network, signer TODO: there are readers without mutex
+		mu      sync.Mutex
+		peer    *network.Peer
+		network *BftNetwork
+		signer  cryptobft.Signer
 
 		// Latest UC this node has seen. Can be ahead of the committed UC during recovery.
 		luc           atomic.Pointer[types.UnicityCertificate]
@@ -57,6 +57,11 @@ type (
 		ucProcessingMutex sync.Mutex
 
 		msgLoopCancelFn context.CancelFunc
+
+		// timestamp when last UC was received
+		lastCertResponseTime atomic.Int64
+
+		trustBaseStore TrustBaseStore
 	}
 
 	BFTClient interface {
@@ -70,19 +75,26 @@ type (
 		StartNewRound(ctx context.Context, roundNumber *api.BigInt) error
 	}
 
+	TrustBaseStore interface {
+		GetByEpoch(ctx context.Context, epoch uint64) (types.RootTrustBase, error)
+	}
+
 	status int
 )
 
-func NewBFTClient(ctx context.Context, conf *config.BFTConfig, roundManager RoundManager, logger *logger.Logger) (*BFTClientImpl, error) {
+func NewBFTClient(conf *config.BFTConfig, roundManager RoundManager, trustBaseStore TrustBaseStore, luc *types.UnicityCertificate, logger *logger.Logger) (*BFTClientImpl, error) {
 	logger.Info("Creating BFT Client")
 	bftClient := &BFTClientImpl{
-		logger:       logger,
-		partitionID:  conf.ShardConf.PartitionID,
-		shardID:      conf.ShardConf.ShardID,
-		roundManager: roundManager,
-		conf:         conf,
+		logger:         logger,
+		partitionID:    conf.ShardConf.PartitionID,
+		shardID:        conf.ShardConf.ShardID,
+		roundManager:   roundManager,
+		trustBaseStore: trustBaseStore,
+		conf:           conf,
 	}
 	bftClient.status.Store(idle)
+	bftClient.luc.Store(luc)
+	bftClient.lastCertResponseTime.Store(time.Now().UnixMilli())
 	return bftClient, nil
 }
 
@@ -119,10 +131,6 @@ func (c *BFTClientImpl) Start(ctx context.Context) error {
 	if err != nil {
 		return err
 	}
-	rootNodes, err := c.conf.GetRootNodes()
-	if err != nil {
-		return fmt.Errorf("failed to get root nodes: %w", err)
-	}
 	signer, err := c.conf.KeyConf.Signer()
 	if err != nil {
 		return fmt.Errorf("failed to create signer: %w", err)
@@ -136,19 +144,20 @@ func (c *BFTClientImpl) Start(ctx context.Context) error {
 	c.peer = self
 	c.network = networkP2P
 	c.signer = signer
-	c.rootNodes = rootNodes
 
 	if err := c.peer.BootstrapConnect(ctx, c.logger.Logger); err != nil {
 		return fmt.Errorf("failed to bootstrap peer: %w", err)
 	}
 
-	if err := c.sendHandshake(ctx); err != nil {
-		return fmt.Errorf("failed to send handshake: %w", err)
-	}
-
 	msgLoopCtx, cancelFn := context.WithCancel(ctx)
 	c.msgLoopCancelFn = cancelFn
-	go c.loop(msgLoopCtx)
+	go func() {
+		if err := c.loop(msgLoopCtx); err != nil {
+			c.logger.Error("BFT event loop thread exited with error", "error", err.Error())
+		} else {
+			c.logger.Info("BFT event loop thread finished")
+		}
+	}()
 
 	return nil
 }
@@ -170,16 +179,21 @@ func (c *BFTClientImpl) Stop() {
 		c.peer = nil
 		c.network = nil
 		c.signer = nil
-		c.rootNodes = nil
 	}
 }
 
 func (c *BFTClientImpl) sendHandshake(ctx context.Context) error {
 	c.logger.WithContext(ctx).Debug("sending handshake to root chain")
+
+	// load trust base
+	rootEpoch := c.luc.Load().GetRootEpoch()
+	tb, err := c.trustBaseStore.GetByEpoch(ctx, rootEpoch)
+	if err != nil {
+		return fmt.Errorf("failed to load trust base for epoch %d: %w", rootEpoch, err)
+	}
 	// select some random root nodes
-	rootIDs, err := randomNodeSelector(c.rootNodes, defaultHandshakeNodes)
+	rootIDs, err := randomNodeSelector(tb, defaultHandshakeNodes)
 	if err != nil {
-		// error should only happen in case the root nodes are not initialized
 		return fmt.Errorf("failed to select root nodes for handshake: %w", err)
 	}
 	if err = c.network.Send(ctx,
@@ -195,6 +209,13 @@ func (c *BFTClientImpl) sendHandshake(ctx context.Context) error {
 }
 
 func (c *BFTClientImpl) loop(ctx context.Context) error {
+	if err := c.sendHandshake(ctx); err != nil {
+		return fmt.Errorf("failed to send initial handshake: %w", err)
+	}
+
+	heartbeat := time.NewTicker(c.conf.HeartbeatInterval)
+	defer heartbeat.Stop()
+
 	for {
 		select {
 		case <-ctx.Done():
@@ -205,6 +226,15 @@ func (c *BFTClientImpl) loop(ctx context.Context) error {
 			}
 			c.logger.WithContext(ctx).Debug("received message", "type", fmt.Sprintf("%T", m))
 			c.handleMessage(ctx, m)
+		case <-heartbeat.C:
+			lastCertMillis := c.lastCertResponseTime.Load()
+			lastCertTime := time.UnixMilli(lastCertMillis)
+			if time.Since(lastCertTime) > c.conf.InactivityTimeout {
+				c.logger.Warn("BFT client inactivity timeout exceeded, sending new handshake")
+				if err := c.sendHandshake(ctx); err != nil {
+					c.logger.Error("failed to send handshake on inactivity timeout", "error", err.Error())
+				}
+			}
 		}
 	}
 }
@@ -213,16 +243,30 @@ func (c *BFTClientImpl) handleMessage(ctx context.Context, msg any) {
 	switch mt := msg.(type) {
 	case *certification.CertificationResponse:
 		c.logger.WithContext(ctx).Info("received CertificationResponse")
-		c.handleCertificationResponse(ctx, mt)
+		if err := c.handleCertificationResponse(ctx, mt); err != nil {
+			c.logger.WithContext(ctx).Error("error processing CertificationResponse message", "error", err.Error())
+		}
 	default:
 		c.logger.WithContext(ctx).Info("received unknown message")
 	}
 }
 
 func (c *BFTClientImpl) handleCertificationResponse(ctx context.Context, cr *certification.CertificationResponse) error {
+	c.lastCertResponseTime.Store(time.Now().UnixMilli())
+
 	if err := cr.IsValid(); err != nil {
 		return fmt.Errorf("invalid CertificationResponse: %w", err)
 	}
+
+	// verify UC
+	tb, err := c.trustBaseStore.GetByEpoch(ctx, cr.UC.GetRootEpoch())
+	if err != nil {
+		return fmt.Errorf("failed to load trust base for epoch %d: %w", cr.UC.GetRootEpoch(), err)
+	}
+	if err := cr.UC.Verify(tb, crypto.SHA256, c.partitionID, c.shardID, nil); err != nil {
+		return fmt.Errorf("failed to verify UC: %w", err)
+	}
+
 	c.logger.WithContext(ctx).Info(fmt.Sprintf("handleCertificationResponse: UC round %d, next round %d, next leader %s",
 		cr.UC.GetRoundNumber(), cr.Technical.Round, cr.Technical.Leader))
 
@@ -472,7 +516,12 @@ func (c *BFTClientImpl) sendCertificationRequest(ctx context.Context, rootHash s
 	}
 	c.logger.WithContext(ctx).Info(fmt.Sprintf("Round %d sending block certification request to root chain, IR hash %X",
 		req.InputRecord.RoundNumber, req.InputRecord.Hash))
-	rootIDs, err := rootNodesSelector(luc, c.rootNodes, defaultNofRootNodes)
+
+	tb, err := c.trustBaseStore.GetByEpoch(ctx, luc.GetRootEpoch())
+	if err != nil {
+		return fmt.Errorf("failed to load trust base for epoch %d: %w", luc.GetRootEpoch(), err)
+	}
+	rootIDs, err := rootNodesSelector(luc, tb, defaultNofRootNodes)
 	if err != nil {
 		return fmt.Errorf("selecting root nodes: %w", err)
 	}