Function iota_types::execution::get_denied_certificates
source · pub fn get_denied_certificates() -> &'static HashSet<TransactionDigest>
Expand description
If a transaction digest shows up in this list, when executing such
transaction, we will always return ExecutionError::CertificateDenied
without executing it (but still do gas smashing). Because this list is not
gated by protocol version, there are a few important criteria for adding a
digest to this list:
- The certificate must be causing all validators to either panic or hang forever deterministically.
- If we ever ship a fix to make it no longer panic or hang when executing such transaction, we must make sure the transaction is already in this list. Otherwise nodes running the newer version without these transactions in the list will generate forked result.
Below is a scenario of when we need to use this list:
- We detect that a specific transaction is causing all validators to either panic or hang forever deterministically.
- We push a CertificateDenyConfig to deny such transaction to all validators asap.
- To make sure that all fullnodes are able to sync to the latest version, we need to add the transaction digest to this list as well asap, and ship this binary to all fullnodes, so that they can sync past this transaction.
- We then can start fixing the issue, and ship the fix to all nodes.
- Unfortunately, we can’t remove the transaction digest from this list, because if we do so, any future node that sync from genesis will fork on this transaction. We may be able to remove it once we have stable snapshots and the binary has a minimum supported protocol version past the epoch.