HIP-844: Handling and externalisation improvements for account nonce updates
Author | Stoyan Panayotov |
---|---|
Working Group | Nana Essilfie-Conduah, Danno Ferrin, Steven Sheehy |
Discussions-To | https://github.com/hashgraph/hedera-improvement-proposal/discussions/845 |
Status | Final ⓘ |
Needs Council Approval | Yes ⓘ |
Review period ends ⓘ | Thu, 08 Feb 2024 07:00:00 +0000 |
Type | Standards Track ⓘ |
Category | Service ⓘ |
Created | 2023-12-12 |
Updated | 2024-05-08 |
Release | v0.47.0 |
Table of Contents
Abstract
Introduce rules for when to update an Ethereum transaction signer’s nonce and a new field for externalising the nonce update in the record stream. This will help resolve issues where the Consensus nodes and the Mirror nodes are out of sync in regards to what the current value of an account’s nonce is.
Motivation
Unclear rules for when the nonce of an EthereumTransaction signer account should be updated result in discrepancies between the Consensus nodes’ and Mirror nodes’ states. This leads to users experiencing issues when reading the account nonce from the Mirror node and trying to use it in a transaction sent to the Consensus node.
Rationale
The nonce of a signer of an Ethereum transaction should be increased for all transactions that are executed in the EVM.
Transactions that have reached consensus and are handled by the node but have failed additional validations performed by the node prior to being executed in the EVM should have no effect on the Ethereum transaction signer nonce.
A new protobuf field in the record stream - signerNonce - should be populated by the node with the current value of the signer account nonce after executing the transaction. This value should be used by the Mirror nodes when importing record stream files.
User stories
- As a Mirror node operator, I would like to receive information about incremented account nonces from the record stream produced by the consensus nodes.
- As a web3 user of the network, I would like to be able to more easily submit transactions without having to change the transaction nonce manualy.
Specification
Protobuf update
Add a new protobuf field to contract_call_local.proto:
message ContractFunctionResult {
[...]
/**
* If not null this field specifies what the value of the signer account nonce is post transaction execution.
* For transactions that don't update the signer nonce (like HAPI ContractCall and ContractCreate transactions) this field should be null.
*/
Int64Value signer_nonce = 15;
}
Services update
- Move the signer nonce update to be right before the node spins up the EVM and starts the transaction execution in the EVM.
- Populate the new protobuf field when externalising the transaction.
- Initially, populate the new protobuf field with the actual signer nonce value after the transaction execution even if the nonce on the account is unchagned. This will allow the Mirror node to update any incorrect nonce values stored without the users having to manually update the nonce on the transactions they’re sending.
Mirror node update
When importing transactions from the record stream, update the value of the signer account’s nonce that’s persisted on the mirror node side with the value externalised in the new protobuf field.
Backward Compatibility
When importing legacy transactions that don’t have this field, the Mirror node should consider whether the transaction result is SUCCESS or CONTRACT_REVERT_EXECUTED and increment the signer nonce in these cases. Some statuses such as INSUFFICIENT_GAS can be returned both before and after entering the EVM, there is no way for the Mirror node to know whether the signer nonce should be updated. This was the root cause of multiple issues and the reason for the new protobuf field.
The Mirror node will continue to serve outdated nonce information for some accounts and will provide accurate nonces for accounts that have signed valid EthereumTransactions post this HIP implementation.
Users that experience issues such as the following error when they attempt to sign and send Ethereum transactions through the JSON-RPC Relay: Nonce too low. Provided nonce: 0, current nonce: 0
should be able to unblock themselves by increasing the nonce property of the transaction they’re sending with 1.
Security Implications
Having consistency between Mirror node and Consensus node states will improve the overall network security and improve the user experience.
How to Teach This
Respective documentation will be added.
References
Open Issues
Copyright/license
This document is licensed under the Apache License, Version 2.0 – see LICENSE or (https://www.apache.org/licenses/LICENSE-2.0)
Citation
Please cite this document as: