Fix median plugin deadlock when TX fails silently#131
Open
cl-efornaciari wants to merge 1 commit intosmartcontractkit:masterfrom
Open
Fix median plugin deadlock when TX fails silently#131cl-efornaciari wants to merge 1 commit intosmartcontractkit:masterfrom
cl-efornaciari wants to merge 1 commit intosmartcontractkit:masterfrom
Conversation
When ShouldAcceptFinalizedReport accepts a report, it advances latestAcceptedEpochRound optimistically before the TX is confirmed on-chain. If the TX fails silently (e.g. fees too low), the on-chain state never advances but latestAcceptedEpochRound remains stuck ahead, causing nothingPending to permanently evaluate to false. For stable feeds with no price deviation, this creates an unrecoverable deadlock that can only be resolved by restarting the node. Add a pendingTooOld check: if a previously accepted report has been pending for longer than DeltaC without landing on-chain, treat it as expired and allow new reports to be accepted. This reuses the existing DeltaC config parameter (heartbeat timeout) as the expiry threshold, requiring no new configuration. Affected chains: Solana, Starknet, Fantom, Matic, BSC, Moonbeam. Ticket: DF-22948
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
ShouldAcceptFinalizedReportpermanently rejects new reports after a TX fails silentlylatestAcceptedEpochRoundis advanced optimistically but the TX never lands on-chain,nothingPendingevaluates tofalsepermanently. For stable/pegged feeds with no price deviation, this creates an unrecoverable deadlockpendingTooOldcheck: if a pending report has not landed on-chain withinDeltaC(heartbeat timeout), treat it as expired and accept new reports. No new config parameters requiredAffected chains: Solana, Starknet, Fantom, Matic, BSC, Moonbeam
Ticket: DF-22948
Changes
median.go: AddlatestAcceptedAttimestamp field, addpendingTooOldcondition to acceptance logic, enhanced debug loggingmedian_test.go: New test file with 5 tests covering deadlock recovery, pending check preservation, deviation bypass, normal flow, and stale report rejectionTest plan
TestShouldAcceptFinalizedReport_PendingTooOldRecovery-- verifies recovery after DeltaC expiryTestShouldAcceptFinalizedReport_PendingCheckStillWorksWithinDeltaC-- confirms pending optimization still active within windowTestShouldAcceptFinalizedReport_VolatileFeedCanRecover-- deviation bypass works immediatelyTestShouldAcceptFinalizedReport_NormalFlow-- happy path (TX lands on-chain)TestShouldAcceptFinalizedReport_StaleReportRejected-- stale reports still rejected