Skip to main content

iota_protocol_config/
lib.rs

1// Copyright (c) Mysten Labs, Inc.
2// Modifications Copyright (c) 2024 IOTA Stiftung
3// SPDX-License-Identifier: Apache-2.0
4
5use std::{
6    cell::RefCell,
7    cmp::min,
8    sync::atomic::{AtomicBool, Ordering},
9};
10
11use clap::*;
12use iota_protocol_config_macros::{
13    ProtocolConfigAccessors, ProtocolConfigFeatureFlagsGetters, ProtocolConfigOverride,
14};
15use move_vm_config::verifier::VerifierConfig;
16use serde::{Deserialize, Serialize};
17use serde_with::skip_serializing_none;
18use tracing::{info, warn};
19
20/// The minimum and maximum protocol versions supported by this build.
21const MIN_PROTOCOL_VERSION: u64 = 1;
22pub const MAX_PROTOCOL_VERSION: u64 = 30;
23
24/// Protocol version that IIP8 took effect.
25pub const PROTOCOL_VERSION_IIP8: u64 = 20;
26// Record history of protocol version allocations here:
27//
28// Version 1:  Original version.
29// Version 2:  Don't redistribute slashed staking rewards, fix computation of
30//             SystemEpochInfoEventV1.
31// Version 3:  Set the `relocate_event_module` to be true so that the module
32//             that is associated as the "sending module" for an event is
33//             relocated by linkage.
34//             Add `Clock` based unlock to `Timelock` objects.
35// Version 4:  Introduce the `max_type_to_layout_nodes` config that sets the
36//             maximal nodes which are allowed when converting to a type layout.
37// Version 5:  Introduce fixed protocol-defined base fee, IotaSystemStateV2 and
38//             SystemEpochInfoEventV2.
39//             Disallow adding new modules in `deps-only` packages.
40//             Improve gas/wall time efficiency of some Move stdlib vector
41//             functions.
42//             Add new gas model version to update charging of functions.
43//             Enable proper conversion of certain type argument errors in the
44//             execution layer.
45// Version 6:  Bound size of values created in the adapter.
46// Version 7:  Improve handling of stake withdrawal from candidate validators.
47// Version 8:  Variants as type nodes.
48//             Enable smart ancestor selection for testnet.
49//             Enable probing for accepted rounds in round prober for testnet.
50//             Switch to distributed vote scoring in consensus in testnet.
51//             Enable zstd compression for consensus tonic network in testnet.
52//             Enable consensus garbage collection for testnet
53//             Enable the new consensus commit rule for testnet.
54//             Enable min_free_execution_slot for the shared object congestion
55//             tracker in devnet.
56// Version 9:  Disable smart ancestor selection for the testnet.
57//             Enable zstd compression for consensus tonic network in mainnet.
58//             Enable passkey auth in multisig for devnet.
59//             Remove the iota-bridge from the framework.
60// Version 10: Enable min_free_execution_slot for the shared object congestion
61//             tracker in all networks.
62//             Increase the committee size to 80 on all networks.
63//             Enable round prober in consensus for mainnet.
64//             Enable probing for accepted rounds in round prober for mainnet.
65//             Switch to distributed vote scoring in consensus for mainnet.
66//             Enable the new consensus commit rule for mainnet.
67//             Enable consensus garbage collection for mainnet with GC depth set
68//             to 60 rounds.
69//             Enable batching in synchronizer for testnet
70//             Enable the gas price feedback mechanism in devnet.
71//             Enable Identifier input validation.
72//             Removes unnecessary child object mutations
73//             Add additional signature checks
74//             Add additional linkage checks
75// Version 11: Framework fix regarding candidate validator commission rate.
76// Version 12: Enable the gas price feedback mechanism in all networks.
77//             Enable the normalization of PTB arguments.
78// Version 13: Introduce logic to allow the committee to be selected from a set
79//             of eligible active validators.
80//             Enable processing and tracking AuthorityCapabilitiesV1 from
81//             non-committee validators in the devnet.
82// Version 14: Switches the consensus protocol to Starfish in devnet.
83//             Enable median-based commit timestamp calculation in consensus,
84//             and enforce checkpoint timestamp monotonicity for testnet.
85//             Enable batched block sync for mainnet.
86//             Enable selecting committee only from active validators that
87//             support the next epoch's version and issued valid
88//             AuthorityCapabilities notification in testnet.
89// Version 15: Enable shared object transaction bursts of 10 times average load
90//             on devnet.
91// Version 16: Enable selecting committee only from active validators that
92//             support the next epoch's version and issued valid
93//             AuthorityCapabilities notification.
94//             Enable committing transactions only for traversed headers in
95//             Starfish.
96// Version 17: Increase the committee size to 100 on all networks.
97// Version 18: Enable passkey authentication support in testnet.
98// Version 19: Enable congestion limit overshoot in the gas price feedback
99//             mechanism on devnet.
100//             Enable a separate gas price feedback mechanism for transactions
101//             using randomness on devnet.
102//             Allow metadata bytes indexed with a dedicated key in compiled
103//             Move modules in devnet.
104//             Enable publishing package metadata v1 along with the package in
105//             devnet.
106//             Enable Move-based account authentication in devnet.
107//             Increase the base cost for transfer receive object in devnet.
108//             Switch consensus protocol to Starfish in testnet.
109//             Enable passkey authentication support in mainnet.
110//             Change epoch transaction will contain validator scores.
111//             Enable validator scoring on testnet and enable adjustment of
112//             validator rewards based on scores on Devnet.
113// Version 20: Supports the calculation of validator scores while still passing
114//             a default score value to the advance_epoch call. Enables this
115//             decoupling on Testnet; Devnet and Mainnet behavior remain the
116//             same.
117//             Introduce Dynamic Minimum Commission (IIP-8) on all networks.
118// Version 21: Enable overshoot of 100 in congestion control on testnet.
119//             Enable congestion limit overshoot in the gas price feedback
120//             mechanism on testnet.
121//             Enable a separate gas price feedback mechanism for transactions
122//             using randomness on testnet.
123//             Enable fast commit syncer for faster recovery in devnet.
124//             Add auth_context_tx native functions costs.
125//             Reduce max_auth_gas in Devnet.
126// Version 22: Enable overshoot of 100 in congestion control on all networks.
127//             Enable congestion limit overshoot in the gas price feedback
128//             mechanism on all networks.
129//             Enable a separate gas price feedback mechanism for transactions
130//             using randomness on all networks.
131//             Enable Move-based account authentication in testnet.
132//             Enable fast commit syncer for faster recovery on testnet.
133// Version 23: Enable Move native context (TxContext via native functions) in
134//             all networks. TxContext fields are read via native functions
135//             instead of being deserialized from a BCS-encoded struct.
136//             Enables sponsor, rgp, gas_price, and gas_budget to be exposed to
137//             Move.
138// Version 24: Switch consensus protocol to Starfish in all networks.
139//             Enable Move-based sponsor account authentication in devnet.
140//             Add AuthContext native functions cost for reading tx_data_bytes.
141//             Enable additional borrow checks.
142// Version 25: Deprecate zkLogin related parameters since zkLogin is no longer
143//             supported.
144// Version 26: Introduce a module to allow Move code to query protocol feature
145//             flags at runtime.
146// Version 27: Only sponsor Move authentication is performed pre-consensus in
147//             devnet.
148//             Enable consensus block restrictions on testnet and devnet:
149//             bound block-header size to O(committee_size) and enable
150//             garbage collection in the block manager.
151// Version 28: Move authenticator contracts can now inspect which authenticator
152//             function the sender and sponsor used during transaction execution
153//             via new AuthContext accessors.
154//             Enable Move-based account authentication in mainnet.
155//             Enable Move-based sponsor account authentication in testnet.
156// Version 29: Keep advancing the random beacon DKG state machine on every
157//             commit while it is still pending -- regardless of whether new DKG
158//             messages or confirmations arrived that commit -- so DKG resolves
159//             from persisted state (completing, or failing once the timeout
160//             round passes) even with no fresh inbound traffic, e.g. after a
161//             validator restart. Without this it can stay pending forever and
162//             block epoch close.
163//             Enable median-based commit timestamp calculation in consensus,
164//             and enforce checkpoint timestamp monotonicity for mainnet.
165//             Enable fast commit syncer for faster recovery on all networks.
166//             Enable consensus block restrictions on all networks:
167//             bound block-header size to O(committee_size) and enable
168//             garbage collection in the block manager.
169// Version 30: Extend the protocol_config framework module with a generic
170//             `get_attr<T>` native that lets Move code read any numeric or
171//             boolean protocol parameter by name, returning T directly and
172//             aborting on error.
173//             Expose `is_feature_enabled` and `get_attr<T>` natives to the
174//             iota_system package via a new iota_system::protocol_config
175//             module.
176#[derive(Copy, Clone, Debug, Hash, Serialize, Deserialize, PartialEq, Eq, PartialOrd, Ord)]
177pub struct ProtocolVersion(u64);
178
179impl ProtocolVersion {
180    // The minimum and maximum protocol version supported by this binary.
181    // Counterintuitively, this constant may change over time as support for old
182    // protocol versions is removed from the source. This ensures that when a
183    // new network (such as a testnet) is created, its genesis committee will
184    // use a protocol version that is actually supported by the binary.
185    pub const MIN: Self = Self(MIN_PROTOCOL_VERSION);
186
187    pub const MAX: Self = Self(MAX_PROTOCOL_VERSION);
188
189    #[cfg(not(msim))]
190    const MAX_ALLOWED: Self = Self::MAX;
191
192    // We create one additional "fake" version in simulator builds so that we can
193    // test upgrades.
194    #[cfg(msim)]
195    pub const MAX_ALLOWED: Self = Self(MAX_PROTOCOL_VERSION + 1);
196
197    pub fn new(v: u64) -> Self {
198        Self(v)
199    }
200
201    pub const fn as_u64(&self) -> u64 {
202        self.0
203    }
204
205    // For serde deserialization - we don't define a Default impl because there
206    // isn't a single universally appropriate default value.
207    pub fn max() -> Self {
208        Self::MAX
209    }
210}
211
212impl From<u64> for ProtocolVersion {
213    fn from(v: u64) -> Self {
214        Self::new(v)
215    }
216}
217
218impl std::ops::Sub<u64> for ProtocolVersion {
219    type Output = Self;
220    fn sub(self, rhs: u64) -> Self::Output {
221        Self::new(self.0 - rhs)
222    }
223}
224
225impl std::ops::Add<u64> for ProtocolVersion {
226    type Output = Self;
227    fn add(self, rhs: u64) -> Self::Output {
228        Self::new(self.0 + rhs)
229    }
230}
231
232#[derive(
233    Clone, Serialize, Deserialize, Debug, PartialEq, Copy, PartialOrd, Ord, Eq, ValueEnum, Default,
234)]
235pub enum Chain {
236    Mainnet,
237    Testnet,
238    #[default]
239    Unknown,
240}
241
242impl Chain {
243    pub fn as_str(self) -> &'static str {
244        match self {
245            Chain::Mainnet => "mainnet",
246            Chain::Testnet => "testnet",
247            Chain::Unknown => "unknown",
248        }
249    }
250}
251
252pub struct Error(pub String);
253
254// TODO: There are quite a few non boolean values in the feature flags. We
255// should move them out.
256/// Records on/off feature flags that may vary at each protocol version.
257#[derive(
258    Default,
259    Clone,
260    Serialize,
261    Deserialize,
262    Debug,
263    ProtocolConfigFeatureFlagsGetters,
264    ProtocolConfigOverride,
265)]
266struct FeatureFlags {
267    // Add feature flags here, e.g.:
268    // new_protocol_feature: bool,
269
270    // Disables unnecessary invariant check in the Move VM when swapping the value out of a local
271    // This flag is used to provide the correct MoveVM configuration for clients.
272    #[serde(skip_serializing_if = "is_true")]
273    disable_invariant_violation_check_in_swap_loc: bool,
274
275    // If true, checks no extra bytes in a compiled module
276    // This flag is used to provide the correct MoveVM configuration for clients.
277    #[serde(skip_serializing_if = "is_true")]
278    no_extraneous_module_bytes: bool,
279
280    // How we order transactions coming out of consensus before sending to execution.
281    #[serde(skip_serializing_if = "ConsensusTransactionOrdering::is_none")]
282    consensus_transaction_ordering: ConsensusTransactionOrdering,
283
284    // If true, use the hardened OTW check
285    // This flag is used to provide the correct MoveVM configuration for clients.
286    #[serde(skip_serializing_if = "is_true")]
287    hardened_otw_check: bool,
288
289    // Enable the poseidon hash function
290    #[serde(skip_serializing_if = "is_false")]
291    enable_poseidon: bool,
292
293    // Enable native function for msm.
294    #[serde(skip_serializing_if = "is_false")]
295    enable_group_ops_native_function_msm: bool,
296
297    // Controls the behavior of per object congestion control in consensus handler.
298    #[serde(skip_serializing_if = "PerObjectCongestionControlMode::is_none")]
299    per_object_congestion_control_mode: PerObjectCongestionControlMode,
300
301    // The consensus protocol to be used for the epoch.
302    #[serde(
303        default = "ConsensusChoice::mysticeti_deprecated",
304        skip_serializing_if = "ConsensusChoice::is_mysticeti_deprecated"
305    )]
306    consensus_choice: ConsensusChoice,
307
308    // Consensus network to use.
309    #[serde(skip_serializing_if = "ConsensusNetwork::is_tonic")]
310    consensus_network: ConsensusNetwork,
311
312    // Set the upper bound allowed for max_epoch in zklogin signature.
313    #[deprecated]
314    #[serde(skip_serializing_if = "Option::is_none")]
315    zklogin_max_epoch_upper_bound_delta: Option<u64>,
316
317    // Enable VDF
318    #[serde(skip_serializing_if = "is_false")]
319    enable_vdf: bool,
320
321    // Enable passkey auth (SIP-9)
322    #[serde(skip_serializing_if = "is_false")]
323    passkey_auth: bool,
324
325    // Rethrow type layout errors during serialization instead of trying to convert them.
326    // This flag is used to provide the correct MoveVM configuration for clients.
327    #[serde(skip_serializing_if = "is_true")]
328    rethrow_serialization_type_layout_errors: bool,
329
330    // Makes the event's sending module version-aware.
331    #[serde(skip_serializing_if = "is_false")]
332    relocate_event_module: bool,
333
334    // Enable a protocol-defined base gas price for all transactions.
335    #[serde(skip_serializing_if = "is_false")]
336    protocol_defined_base_fee: bool,
337
338    // Enable uncompressed group elements in BLS123-81 G1
339    #[serde(skip_serializing_if = "is_false")]
340    uncompressed_g1_group_elements: bool,
341
342    // Disallow adding new modules in `deps-only` packages.
343    #[serde(skip_serializing_if = "is_false")]
344    disallow_new_modules_in_deps_only_packages: bool,
345
346    // Enable v2 native charging for natives.
347    #[serde(skip_serializing_if = "is_false")]
348    native_charging_v2: bool,
349
350    // Properly convert certain type argument errors in the execution layer.
351    #[serde(skip_serializing_if = "is_false")]
352    convert_type_argument_error: bool,
353
354    // Probe rounds received by peers from every authority.
355    #[serde(skip_serializing_if = "is_false")]
356    consensus_round_prober: bool,
357
358    // Use distributed vote leader scoring strategy in consensus.
359    #[serde(skip_serializing_if = "is_false")]
360    consensus_distributed_vote_scoring_strategy: bool,
361
362    // Enables the new logic for collecting the subdag in the consensus linearizer. The new logic
363    // does not stop the recursion at the highest committed round for each authority, but
364    // allows to commit uncommitted blocks up to gc round (excluded) for that authority.
365    #[serde(skip_serializing_if = "is_false")]
366    consensus_linearize_subdag_v2: bool,
367
368    // Variants count as nodes
369    #[serde(skip_serializing_if = "is_false")]
370    variant_nodes: bool,
371
372    // Use smart ancestor selection in consensus.
373    #[serde(skip_serializing_if = "is_false")]
374    consensus_smart_ancestor_selection: bool,
375
376    // Probe accepted rounds in round prober.
377    #[serde(skip_serializing_if = "is_false")]
378    consensus_round_prober_probe_accepted_rounds: bool,
379
380    // If true, enable zstd compression for consensus tonic network.
381    #[serde(skip_serializing_if = "is_false")]
382    consensus_zstd_compression: bool,
383
384    // Use the minimum free execution slot to schedule execution of a transaction in the shared
385    // object congestion tracker.
386    #[serde(skip_serializing_if = "is_false")]
387    congestion_control_min_free_execution_slot: bool,
388
389    // If true, multisig containing passkey sig is accepted.
390    #[serde(skip_serializing_if = "is_false")]
391    accept_passkey_in_multisig: bool,
392
393    // If true, enabled batched block sync in consensus.
394    #[serde(skip_serializing_if = "is_false")]
395    consensus_batched_block_sync: bool,
396
397    // To enable/disable the gas price feedback mechanism used for transactions
398    // cancelled due to shared object congestion
399    #[serde(skip_serializing_if = "is_false")]
400    congestion_control_gas_price_feedback_mechanism: bool,
401
402    // Validate identifier inputs separately
403    #[serde(skip_serializing_if = "is_false")]
404    validate_identifier_inputs: bool,
405
406    // If true, enables the optimizations for child object mutations, removing unnecessary
407    // mutations
408    #[serde(skip_serializing_if = "is_false")]
409    minimize_child_object_mutations: bool,
410
411    // If true enable additional linkage checks.
412    #[serde(skip_serializing_if = "is_false")]
413    dependency_linkage_error: bool,
414
415    // If true enable additional multisig checks.
416    #[serde(skip_serializing_if = "is_false")]
417    additional_multisig_checks: bool,
418
419    // If true, enables the normalization of PTB arguments but does not yet enable splatting
420    // `Result`s of length not equal to 1
421    #[serde(skip_serializing_if = "is_false")]
422    normalize_ptb_arguments: bool,
423
424    // If true, use ChangeEpochV3 for epoch change to pass an additional eligible_active_validators
425    // parameter to IotaSystem's advance_epoch call. This should only be enabled when on-chain
426    // IotaSystem objects are updated as well.
427    #[serde(skip_serializing_if = "is_false")]
428    select_committee_from_eligible_validators: bool,
429
430    // If true, non-committee active validators will sign and send AuthorityCapabilitiesV1 to the
431    // committee. Once the committee reaches consensus over the AuthorityCapabilitiesV1, it is
432    // recorded and possible to use in the committee selection if
433    // select_validators_supporting_next_epoch_version is enabled. This flag does not change the
434    // way that eligible_validators vector is created - still all active validators are used for
435    // selecting the committee.
436    #[serde(skip_serializing_if = "is_false")]
437    track_non_committee_eligible_validators: bool,
438
439    // The committee be selected from active_validators who support the next protocol version AND
440    // have issued a correct AuthorityCapabilities notification. This flag should only be enabled
441    // if both select_committee_from_eligible_validators and
442    // track_non_committee_eligible_validators are enabled. If this is disabled, then all
443    // active validators are used for selecting the committee (default behavior).
444    #[serde(skip_serializing_if = "is_false")]
445    select_committee_supporting_next_epoch_version: bool,
446
447    // If true, then it (1) will not enforce monotonicity checks for a block's ancestors, (2)
448    // calculates the commit's timestamp based on the weighted by stake median timestamp of the
449    // leader's ancestors, and (3) enforces checkpoint timestamps are non-decreasing.
450    #[serde(skip_serializing_if = "is_false")]
451    consensus_median_timestamp_with_checkpoint_enforcement: bool,
452
453    // If true, then transactions are committed only for traversed headers
454    #[serde(skip_serializing_if = "is_false")]
455    consensus_commit_transactions_only_for_traversed_headers: bool,
456
457    // To enable/disable congestion limit overshoot in the gas price feedback mechanism.
458    #[serde(skip_serializing_if = "is_false")]
459    congestion_limit_overshoot_in_gas_price_feedback_mechanism: bool,
460
461    // To enable/disable a separate gas price feedback mechanism for transactions using
462    // randomness.
463    #[serde(skip_serializing_if = "is_false")]
464    separate_gas_price_feedback_mechanism_for_randomness: bool,
465
466    // If true, it allows metadata bytes indexed with a dedicated key in a compiled module.
467    // This flag is used to provide the correct MoveVM configuration for clients.
468    #[serde(skip_serializing_if = "is_false")]
469    metadata_in_module_bytes: bool,
470
471    // If true, enables publishing package metadata v1 along with the package.
472    #[serde(skip_serializing_if = "is_false")]
473    publish_package_metadata: bool,
474
475    // If true, enables the authentication of account using Move code.
476    #[serde(skip_serializing_if = "is_false")]
477    enable_move_authentication: bool,
478
479    // If true, enables the authentication of a sponsor account using Move code.
480    #[serde(skip_serializing_if = "is_false")]
481    enable_move_authentication_for_sponsor: bool,
482
483    // If true, the change epoch transaction will contain validator scores.
484    #[serde(skip_serializing_if = "is_false")]
485    pass_validator_scores_to_advance_epoch: bool,
486
487    // If true, enables calculation of validator scores.
488    #[serde(skip_serializing_if = "is_false")]
489    calculate_validator_scores: bool,
490
491    // If true, validators will use the committee's score to adjust rewards.
492    #[serde(skip_serializing_if = "is_false")]
493    adjust_rewards_by_score: bool,
494
495    // If true, the change epoch transaction will contain the locally calculated validator scores.
496    // If false, a default score (MAX_SCORE) is passed
497    #[serde(skip_serializing_if = "is_false")]
498    pass_calculated_validator_scores_to_advance_epoch: bool,
499
500    // If true, enables the fast commit syncer in Starfish consensus for faster recovery
501    // from large commit gaps. Also controls whether TransactionRef is used in commits
502    // instead of BlockRef, and enables the associated gRPC endpoints for fetching
503    // commits and transactions.
504    #[serde(skip_serializing_if = "is_false")]
505    consensus_fast_commit_sync: bool,
506
507    // If true, enables consensus block restrictions: bounds the block header size for
508    // a given committee size.
509    #[serde(skip_serializing_if = "is_false")]
510    consensus_block_restrictions: bool,
511
512    // If true, enable `TxContext` Move API to go native.
513    #[serde(skip_serializing_if = "is_false")]
514    move_native_tx_context: bool,
515
516    // If true, perform additional borrow checks
517    #[serde(skip_serializing_if = "is_false")]
518    additional_borrow_checks: bool,
519
520    // If true, only sponsor Move authentication is performed pre-consensus.
521    #[serde(skip_serializing_if = "is_false")]
522    pre_consensus_sponsor_only_move_authentication: bool,
523
524    // If true, enables the optimistic commit rule (StarfishSpeed) in Starfish consensus.
525    #[serde(skip_serializing_if = "is_false")]
526    consensus_starfish_speed: bool,
527
528    // If true, keep advancing the random beacon DKG state machine on every
529    // consensus commit while DKG is still pending, even when no new messages or
530    // confirmations were processed that commit. This lets a validator resolve
531    // DKG from already-persisted state (completing, or failing once the timeout
532    // round passes) with no fresh inbound traffic -- e.g. after a restart --
533    // instead of staying pending forever.
534    #[serde(skip_serializing_if = "is_false")]
535    always_advance_dkg_to_resolution: bool,
536
537    // If true, enables the P-COOL (post-consensus owned-object locking) flow:
538    // transactions bypass pre-consensus certification and owned-object locking,
539    // and conflicts are resolved deterministically post-consensus (white-flag
540    // conflict resolution) using persistent locks.
541    #[serde(skip_serializing_if = "is_false")]
542    enable_pcool_flow: bool,
543}
544
545fn is_true(b: &bool) -> bool {
546    *b
547}
548
549fn is_false(b: &bool) -> bool {
550    !b
551}
552
553/// Ordering mechanism for transactions in one consensus output.
554#[derive(Default, Copy, Clone, PartialEq, Eq, Serialize, Deserialize, Debug)]
555pub enum ConsensusTransactionOrdering {
556    /// No ordering. Transactions are processed in the order they appear in the
557    /// consensus output.
558    #[default]
559    None,
560    /// Order transactions by gas price, highest first.
561    ByGasPrice,
562}
563
564impl ConsensusTransactionOrdering {
565    pub fn is_none(&self) -> bool {
566        matches!(self, ConsensusTransactionOrdering::None)
567    }
568}
569
570// The config for per object congestion control in consensus handler.
571#[derive(Default, Copy, Clone, PartialEq, Eq, Serialize, Deserialize, Debug)]
572pub enum PerObjectCongestionControlMode {
573    #[default]
574    None, // No congestion control.
575    TotalGasBudget, // Use txn gas budget as execution cost.
576    TotalTxCount,   // Use total txn count as execution cost.
577}
578
579impl PerObjectCongestionControlMode {
580    pub fn is_none(&self) -> bool {
581        matches!(self, PerObjectCongestionControlMode::None)
582    }
583}
584
585// Configuration options for consensus algorithm.
586#[derive(Default, Copy, Clone, PartialEq, Eq, Serialize, Deserialize, Debug)]
587pub enum ConsensusChoice {
588    /// Kept only so protocol-config serialization of historical epochs stays
589    /// bit-for-bit identical; no runtime code branches on it.
590    #[deprecated(note = "Mysticeti was replaced by Starfish")]
591    MysticetiDeprecated,
592    #[default]
593    Starfish,
594}
595
596#[expect(deprecated)]
597impl ConsensusChoice {
598    /// serde deserialization default: an absent `consensus_choice` field in a
599    /// historical snapshot deserializes to `MysticetiDeprecated` so that
600    /// re-serialization stays byte-identical (the skip condition below also
601    /// triggers on that variant). Decoupled from the Rust `Default` impl,
602    /// which returns `Starfish` to reflect that Starfish is the current
603    /// consensus protocol.
604    fn mysticeti_deprecated() -> Self {
605        ConsensusChoice::MysticetiDeprecated
606    }
607
608    pub fn is_mysticeti_deprecated(&self) -> bool {
609        matches!(self, ConsensusChoice::MysticetiDeprecated)
610    }
611    pub fn is_starfish(&self) -> bool {
612        matches!(self, ConsensusChoice::Starfish)
613    }
614}
615
616// Configuration options for consensus network.
617#[derive(Default, Copy, Clone, PartialEq, Eq, Serialize, Deserialize, Debug)]
618pub enum ConsensusNetwork {
619    #[default]
620    Tonic,
621}
622
623impl ConsensusNetwork {
624    pub fn is_tonic(&self) -> bool {
625        matches!(self, ConsensusNetwork::Tonic)
626    }
627}
628
629/// Constants that change the behavior of the protocol.
630///
631/// The value of each constant here must be fixed for a given protocol version.
632/// To change the value of a constant, advance the protocol version, and add
633/// support for it in `get_for_version` under the new version number.
634/// (below).
635///
636/// To add a new field to this struct, use the following procedure:
637/// - Advance the protocol version.
638/// - Add the field as a private `Option<T>` to the struct.
639/// - Initialize the field to `None` in prior protocol versions.
640/// - Initialize the field to `Some(val)` for your new protocol version.
641/// - Add a public getter that simply unwraps the field.
642/// - Two public getters of the form `field(&self) -> field_type` and
643///   `field_as_option(&self) -> Option<field_type>` will be automatically
644///   generated for you.
645/// Example for a field: `new_constant: Option<u64>`
646/// ```rust,ignore
647///      pub fn new_constant(&self) -> u64 {
648///         self.new_constant.expect(Self::CONSTANT_ERR_MSG)
649///     }
650///      pub fn new_constant_as_option(&self) -> Option<u64> {
651///         self.new_constant.expect(Self::CONSTANT_ERR_MSG)
652///     }
653/// ```
654/// With `pub fn new_constant(&self) -> u64`, if the constant is accessed in a
655/// protocol version in which it is not defined, the validator will crash.
656/// (Crashing is necessary because this type of error would almost always result
657/// in forking if not prevented here). If you don't want the validator to crash,
658/// you can use the `pub fn new_constant_as_option(&self) -> Option<u64>`
659/// getter, which will return `None` if the field is not defined at that
660/// version.
661/// - If you want a customized getter, you can add a method in the impl.
662#[skip_serializing_none]
663#[derive(Clone, Serialize, Debug, ProtocolConfigAccessors, ProtocolConfigOverride)]
664pub struct ProtocolConfig {
665    pub version: ProtocolVersion,
666
667    feature_flags: FeatureFlags,
668
669    // ==== Transaction input limits ====
670
671    //
672    /// Maximum serialized size of a transaction (in bytes).
673    max_tx_size_bytes: Option<u64>,
674
675    /// Maximum number of input objects to a transaction. Enforced by the
676    /// transaction input checker
677    max_input_objects: Option<u64>,
678
679    /// Max size of objects a transaction can write to disk after completion.
680    /// Enforce by the IOTA adapter. This is the sum of the serialized size
681    /// of all objects written to disk. The max size of individual objects
682    /// on the other hand is `max_move_object_size`.
683    max_size_written_objects: Option<u64>,
684    /// Max size of objects a system transaction can write to disk after
685    /// completion. Enforce by the IOTA adapter. Similar to
686    /// `max_size_written_objects` but for system transactions.
687    max_size_written_objects_system_tx: Option<u64>,
688
689    /// Maximum size of serialized transaction effects.
690    max_serialized_tx_effects_size_bytes: Option<u64>,
691
692    /// Maximum size of serialized transaction effects for system transactions.
693    max_serialized_tx_effects_size_bytes_system_tx: Option<u64>,
694
695    /// Maximum number of gas payment objects for a transaction.
696    max_gas_payment_objects: Option<u32>,
697
698    /// Maximum number of modules in a Publish transaction.
699    max_modules_in_publish: Option<u32>,
700
701    /// Maximum number of transitive dependencies in a package when publishing.
702    max_package_dependencies: Option<u32>,
703
704    /// Maximum number of arguments in a move call or a
705    /// ProgrammableTransaction's TransferObjects command.
706    max_arguments: Option<u32>,
707
708    /// Maximum number of total type arguments, computed recursively.
709    max_type_arguments: Option<u32>,
710
711    /// Maximum depth of an individual type argument.
712    max_type_argument_depth: Option<u32>,
713
714    /// Maximum size of a Pure CallArg.
715    max_pure_argument_size: Option<u32>,
716
717    /// Maximum number of Commands in a ProgrammableTransaction.
718    max_programmable_tx_commands: Option<u32>,
719
720    // ==== Move VM, Move bytecode verifier, and execution limits ===
721
722    //
723    /// Maximum Move bytecode version the VM understands. All older versions are
724    /// accepted.
725    move_binary_format_version: Option<u32>,
726    min_move_binary_format_version: Option<u32>,
727
728    /// Configuration controlling binary tables size.
729    binary_module_handles: Option<u16>,
730    binary_struct_handles: Option<u16>,
731    binary_function_handles: Option<u16>,
732    binary_function_instantiations: Option<u16>,
733    binary_signatures: Option<u16>,
734    binary_constant_pool: Option<u16>,
735    binary_identifiers: Option<u16>,
736    binary_address_identifiers: Option<u16>,
737    binary_struct_defs: Option<u16>,
738    binary_struct_def_instantiations: Option<u16>,
739    binary_function_defs: Option<u16>,
740    binary_field_handles: Option<u16>,
741    binary_field_instantiations: Option<u16>,
742    binary_friend_decls: Option<u16>,
743    binary_enum_defs: Option<u16>,
744    binary_enum_def_instantiations: Option<u16>,
745    binary_variant_handles: Option<u16>,
746    binary_variant_instantiation_handles: Option<u16>,
747
748    /// Maximum size of the `contents` part of an object, in bytes. Enforced by
749    /// the IOTA adapter when effects are produced.
750    max_move_object_size: Option<u64>,
751
752    // TODO: Option<increase to 500 KB. currently, publishing a package > 500 KB exceeds the max
753    // computation gas cost
754    /// Maximum size of a Move package object, in bytes. Enforced by the IOTA
755    /// adapter at the end of a publish transaction.
756    max_move_package_size: Option<u64>,
757
758    /// Max number of publish or upgrade commands allowed in a programmable
759    /// transaction block.
760    max_publish_or_upgrade_per_ptb: Option<u64>,
761
762    /// Maximum gas budget in NANOS that a transaction can use.
763    max_tx_gas: Option<u64>,
764
765    /// Maximum gas budget in NANOS that a authentication transaction can use.
766    max_auth_gas: Option<u64>,
767
768    /// Maximum amount of the proposed gas price in NANOS (defined in the
769    /// transaction).
770    max_gas_price: Option<u64>,
771
772    /// The max computation bucket for gas. This is the max that can be charged
773    /// for computation.
774    max_gas_computation_bucket: Option<u64>,
775
776    // Define the value used to round up computation gas charges
777    gas_rounding_step: Option<u64>,
778
779    /// Maximum number of nested loops. Enforced by the Move bytecode verifier.
780    max_loop_depth: Option<u64>,
781
782    /// Maximum number of type arguments that can be bound to generic type
783    /// parameters. Enforced by the Move bytecode verifier.
784    max_generic_instantiation_length: Option<u64>,
785
786    /// Maximum number of parameters that a Move function can have. Enforced by
787    /// the Move bytecode verifier.
788    max_function_parameters: Option<u64>,
789
790    /// Maximum number of basic blocks that a Move function can have. Enforced
791    /// by the Move bytecode verifier.
792    max_basic_blocks: Option<u64>,
793
794    /// Maximum stack size value. Enforced by the Move bytecode verifier.
795    max_value_stack_size: Option<u64>,
796
797    /// Maximum number of "type nodes", a metric for how big a SignatureToken
798    /// will be when expanded into a fully qualified type. Enforced by the Move
799    /// bytecode verifier.
800    max_type_nodes: Option<u64>,
801
802    /// Maximum number of push instructions in one function. Enforced by the
803    /// Move bytecode verifier.
804    max_push_size: Option<u64>,
805
806    /// Maximum number of struct definitions in a module. Enforced by the Move
807    /// bytecode verifier.
808    max_struct_definitions: Option<u64>,
809
810    /// Maximum number of function definitions in a module. Enforced by the Move
811    /// bytecode verifier.
812    max_function_definitions: Option<u64>,
813
814    /// Maximum number of fields allowed in a struct definition. Enforced by the
815    /// Move bytecode verifier.
816    max_fields_in_struct: Option<u64>,
817
818    /// Maximum dependency depth. Enforced by the Move linker when loading
819    /// dependent modules.
820    max_dependency_depth: Option<u64>,
821
822    /// Maximum number of Move events that a single transaction can emit.
823    /// Enforced by the VM during execution.
824    max_num_event_emit: Option<u64>,
825
826    /// Maximum number of new IDs that a single transaction can create. Enforced
827    /// by the VM during execution.
828    max_num_new_move_object_ids: Option<u64>,
829
830    /// Maximum number of new IDs that a single system transaction can create.
831    /// Enforced by the VM during execution.
832    max_num_new_move_object_ids_system_tx: Option<u64>,
833
834    /// Maximum number of IDs that a single transaction can delete. Enforced by
835    /// the VM during execution.
836    max_num_deleted_move_object_ids: Option<u64>,
837
838    /// Maximum number of IDs that a single system transaction can delete.
839    /// Enforced by the VM during execution.
840    max_num_deleted_move_object_ids_system_tx: Option<u64>,
841
842    /// Maximum number of IDs that a single transaction can transfer. Enforced
843    /// by the VM during execution.
844    max_num_transferred_move_object_ids: Option<u64>,
845
846    /// Maximum number of IDs that a single system transaction can transfer.
847    /// Enforced by the VM during execution.
848    max_num_transferred_move_object_ids_system_tx: Option<u64>,
849
850    /// Maximum size of a Move user event. Enforced by the VM during execution.
851    max_event_emit_size: Option<u64>,
852
853    /// Maximum size of a Move user event. Enforced by the VM during execution.
854    max_event_emit_size_total: Option<u64>,
855
856    /// Maximum length of a vector in Move. Enforced by the VM during execution,
857    /// and for constants, by the verifier.
858    max_move_vector_len: Option<u64>,
859
860    /// Maximum length of an `Identifier` in Move. Enforced by the bytecode
861    /// verifier at signing.
862    max_move_identifier_len: Option<u64>,
863
864    /// Maximum depth of a Move value within the VM.
865    max_move_value_depth: Option<u64>,
866
867    /// Maximum number of variants in an enum. Enforced by the bytecode verifier
868    /// at signing.
869    max_move_enum_variants: Option<u64>,
870
871    /// Maximum number of back edges in Move function. Enforced by the bytecode
872    /// verifier at signing.
873    max_back_edges_per_function: Option<u64>,
874
875    /// Maximum number of back edges in Move module. Enforced by the bytecode
876    /// verifier at signing.
877    max_back_edges_per_module: Option<u64>,
878
879    /// Maximum number of meter `ticks` spent verifying a Move function.
880    /// Enforced by the bytecode verifier at signing.
881    max_verifier_meter_ticks_per_function: Option<u64>,
882
883    /// Maximum number of meter `ticks` spent verifying a Move function.
884    /// Enforced by the bytecode verifier at signing.
885    max_meter_ticks_per_module: Option<u64>,
886
887    /// Maximum number of meter `ticks` spent verifying a Move package. Enforced
888    /// by the bytecode verifier at signing.
889    max_meter_ticks_per_package: Option<u64>,
890
891    // === Object runtime internal operation limits ====
892    // These affect dynamic fields
893
894    //
895    /// Maximum number of cached objects in the object runtime ObjectStore.
896    /// Enforced by object runtime during execution
897    object_runtime_max_num_cached_objects: Option<u64>,
898
899    /// Maximum number of cached objects in the object runtime ObjectStore in
900    /// system transaction. Enforced by object runtime during execution
901    object_runtime_max_num_cached_objects_system_tx: Option<u64>,
902
903    /// Maximum number of stored objects accessed by object runtime ObjectStore.
904    /// Enforced by object runtime during execution
905    object_runtime_max_num_store_entries: Option<u64>,
906
907    /// Maximum number of stored objects accessed by object runtime ObjectStore
908    /// in system transaction. Enforced by object runtime during execution
909    object_runtime_max_num_store_entries_system_tx: Option<u64>,
910
911    // === Execution gas costs ====
912
913    //
914    /// Base cost for any IOTA transaction
915    base_tx_cost_fixed: Option<u64>,
916
917    /// Additional cost for a transaction that publishes a package
918    /// i.e., the base cost of such a transaction is base_tx_cost_fixed +
919    /// package_publish_cost_fixed
920    package_publish_cost_fixed: Option<u64>,
921
922    /// Cost per byte of a Move call transaction
923    /// i.e., the cost of such a transaction is base_cost +
924    /// (base_tx_cost_per_byte * size)
925    base_tx_cost_per_byte: Option<u64>,
926
927    /// Cost per byte for a transaction that publishes a package
928    package_publish_cost_per_byte: Option<u64>,
929
930    // Per-byte cost of reading an object during transaction execution
931    obj_access_cost_read_per_byte: Option<u64>,
932
933    // Per-byte cost of writing an object during transaction execution
934    obj_access_cost_mutate_per_byte: Option<u64>,
935
936    // Per-byte cost of deleting an object during transaction execution
937    obj_access_cost_delete_per_byte: Option<u64>,
938
939    /// Per-byte cost charged for each input object to a transaction.
940    /// Meant to approximate the cost of checking locks for each object
941    // TODO: Option<I'm not sure that this cost makes sense. Checking locks is "free"
942    // in the sense that an invalid tx that can never be committed/pay gas can
943    // force validators to check an arbitrary number of locks. If those checks are
944    // "free" for invalid transactions, why charge for them in valid transactions
945    // TODO: Option<if we keep this, I think we probably want it to be a fixed cost rather
946    // than a per-byte cost. checking an object lock should not require loading an
947    // entire object, just consulting an ID -> tx digest map
948    obj_access_cost_verify_per_byte: Option<u64>,
949
950    // Maximal nodes which are allowed when converting to a type layout.
951    max_type_to_layout_nodes: Option<u64>,
952
953    // Maximal size in bytes that a PTB value can be
954    max_ptb_value_size: Option<u64>,
955
956    // === Gas version. gas model ===
957
958    //
959    /// Gas model version, what code we are using to charge gas
960    gas_model_version: Option<u64>,
961
962    // === Storage gas costs ===
963
964    //
965    /// Per-byte cost of storing an object in the IOTA global object store. Some
966    /// of this cost may be refundable if the object is later freed
967    obj_data_cost_refundable: Option<u64>,
968
969    // Per-byte cost of storing an object in the IOTA transaction log (e.g., in
970    // CertifiedTransactionEffects) This depends on the size of various fields including the
971    // effects TODO: Option<I don't fully understand this^ and more details would be useful
972    obj_metadata_cost_non_refundable: Option<u64>,
973
974    // === Tokenomics ===
975
976    // TODO: Option<this should be changed to u64.
977    /// Sender of a txn that touches an object will get this percent of the
978    /// storage rebate back. In basis point.
979    storage_rebate_rate: Option<u64>,
980
981    /// The share of rewards that will be slashed and redistributed is 50%.
982    /// In basis point.
983    reward_slashing_rate: Option<u64>,
984
985    /// Unit storage gas price, Nanos per internal gas unit.
986    storage_gas_price: Option<u64>,
987
988    // Base gas price for computation gas, nanos per computation unit.
989    base_gas_price: Option<u64>,
990
991    /// The number of tokens minted as a validator subsidy per epoch.
992    validator_target_reward: Option<u64>,
993
994    // === Core Protocol ===
995
996    //
997    /// Max number of transactions per checkpoint.
998    /// Note that this is a protocol constant and not a config as validators
999    /// must have this set to the same value, otherwise they *will* fork.
1000    max_transactions_per_checkpoint: Option<u64>,
1001
1002    /// Max size of a checkpoint in bytes.
1003    /// Note that this is a protocol constant and not a config as validators
1004    /// must have this set to the same value, otherwise they *will* fork.
1005    max_checkpoint_size_bytes: Option<u64>,
1006
1007    /// A protocol upgrade always requires 2f+1 stake to agree. We support a
1008    /// buffer of additional stake (as a fraction of f, expressed in basis
1009    /// points) that is required before an upgrade can happen automatically.
1010    /// 10000bps would indicate that complete unanimity is required (all
1011    /// 3f+1 must vote), while 0bps would indicate that 2f+1 is sufficient.
1012    buffer_stake_for_protocol_upgrade_bps: Option<u64>,
1013
1014    // === Native Function Costs ===
1015
1016    // `address` module
1017    // Cost params for the Move native function `address::from_bytes(bytes: vector<u8>)`
1018    address_from_bytes_cost_base: Option<u64>,
1019    // Cost params for the Move native function `address::to_u256(address): u256`
1020    address_to_u256_cost_base: Option<u64>,
1021    // Cost params for the Move native function `address::from_u256(u256): address`
1022    address_from_u256_cost_base: Option<u64>,
1023
1024    // `config` module
1025    // Cost params for the Move native function `read_setting_impl<Name: copy + drop + store,
1026    // SettingValue: key + store, SettingDataValue: store, Value: copy + drop + store,
1027    // >(config: address, name: address, current_epoch: u64): Option<Value>`
1028    config_read_setting_impl_cost_base: Option<u64>,
1029    config_read_setting_impl_cost_per_byte: Option<u64>,
1030
1031    // `dynamic_field` module
1032    // Cost params for the Move native function `hash_type_and_key<K: copy + drop + store>(parent:
1033    // address, k: K): address`
1034    dynamic_field_hash_type_and_key_cost_base: Option<u64>,
1035    dynamic_field_hash_type_and_key_type_cost_per_byte: Option<u64>,
1036    dynamic_field_hash_type_and_key_value_cost_per_byte: Option<u64>,
1037    dynamic_field_hash_type_and_key_type_tag_cost_per_byte: Option<u64>,
1038    // Cost params for the Move native function `add_child_object<Child: key>(parent: address,
1039    // child: Child)`
1040    dynamic_field_add_child_object_cost_base: Option<u64>,
1041    dynamic_field_add_child_object_type_cost_per_byte: Option<u64>,
1042    dynamic_field_add_child_object_value_cost_per_byte: Option<u64>,
1043    dynamic_field_add_child_object_struct_tag_cost_per_byte: Option<u64>,
1044    // Cost params for the Move native function `borrow_child_object_mut<Child: key>(parent: &mut
1045    // UID, id: address): &mut Child`
1046    dynamic_field_borrow_child_object_cost_base: Option<u64>,
1047    dynamic_field_borrow_child_object_child_ref_cost_per_byte: Option<u64>,
1048    dynamic_field_borrow_child_object_type_cost_per_byte: Option<u64>,
1049    // Cost params for the Move native function `remove_child_object<Child: key>(parent: address,
1050    // id: address): Child`
1051    dynamic_field_remove_child_object_cost_base: Option<u64>,
1052    dynamic_field_remove_child_object_child_cost_per_byte: Option<u64>,
1053    dynamic_field_remove_child_object_type_cost_per_byte: Option<u64>,
1054    // Cost params for the Move native function `has_child_object(parent: address, id: address):
1055    // bool`
1056    dynamic_field_has_child_object_cost_base: Option<u64>,
1057    // Cost params for the Move native function `has_child_object_with_ty<Child: key>(parent:
1058    // address, id: address): bool`
1059    dynamic_field_has_child_object_with_ty_cost_base: Option<u64>,
1060    dynamic_field_has_child_object_with_ty_type_cost_per_byte: Option<u64>,
1061    dynamic_field_has_child_object_with_ty_type_tag_cost_per_byte: Option<u64>,
1062
1063    // `event` module
1064    // Cost params for the Move native function `event::emit<T: copy + drop>(event: T)`
1065    event_emit_cost_base: Option<u64>,
1066    event_emit_value_size_derivation_cost_per_byte: Option<u64>,
1067    event_emit_tag_size_derivation_cost_per_byte: Option<u64>,
1068    event_emit_output_cost_per_byte: Option<u64>,
1069
1070    //  `object` module
1071    // Cost params for the Move native function `borrow_uid<T: key>(obj: &T): &UID`
1072    object_borrow_uid_cost_base: Option<u64>,
1073    // Cost params for the Move native function `delete_impl(id: address)`
1074    object_delete_impl_cost_base: Option<u64>,
1075    // Cost params for the Move native function `record_new_uid(id: address)`
1076    object_record_new_uid_cost_base: Option<u64>,
1077
1078    // Transfer
1079    // Cost params for the Move native function `transfer_impl<T: key>(obj: T, recipient: address)`
1080    transfer_transfer_internal_cost_base: Option<u64>,
1081    // Cost params for the Move native function `freeze_object<T: key>(obj: T)`
1082    transfer_freeze_object_cost_base: Option<u64>,
1083    // Cost params for the Move native function `share_object<T: key>(obj: T)`
1084    transfer_share_object_cost_base: Option<u64>,
1085    // Cost params for the Move native function
1086    // `receive_object<T: key>(p: &mut UID, recv: Receiving<T>T)`
1087    transfer_receive_object_cost_base: Option<u64>,
1088
1089    // TxContext
1090    // Cost params for the Move native function `transfer_impl<T: key>(obj: T, recipient: address)`
1091    tx_context_derive_id_cost_base: Option<u64>,
1092    tx_context_fresh_id_cost_base: Option<u64>,
1093    tx_context_sender_cost_base: Option<u64>,
1094    tx_context_digest_cost_base: Option<u64>,
1095    tx_context_epoch_cost_base: Option<u64>,
1096    tx_context_epoch_timestamp_ms_cost_base: Option<u64>,
1097    tx_context_sponsor_cost_base: Option<u64>,
1098    tx_context_rgp_cost_base: Option<u64>,
1099    tx_context_gas_price_cost_base: Option<u64>,
1100    tx_context_gas_budget_cost_base: Option<u64>,
1101    tx_context_ids_created_cost_base: Option<u64>,
1102    tx_context_replace_cost_base: Option<u64>,
1103
1104    // Types
1105    // Cost params for the Move native function `is_one_time_witness<T: drop>(_: &T): bool`
1106    types_is_one_time_witness_cost_base: Option<u64>,
1107    types_is_one_time_witness_type_tag_cost_per_byte: Option<u64>,
1108    types_is_one_time_witness_type_cost_per_byte: Option<u64>,
1109
1110    // Validator
1111    // Cost params for the Move native function `validate_metadata_bcs(metadata: vector<u8>)`
1112    validator_validate_metadata_cost_base: Option<u64>,
1113    validator_validate_metadata_data_cost_per_byte: Option<u64>,
1114
1115    // Crypto natives
1116    crypto_invalid_arguments_cost: Option<u64>,
1117    // bls12381::bls12381_min_sig_verify
1118    bls12381_bls12381_min_sig_verify_cost_base: Option<u64>,
1119    bls12381_bls12381_min_sig_verify_msg_cost_per_byte: Option<u64>,
1120    bls12381_bls12381_min_sig_verify_msg_cost_per_block: Option<u64>,
1121
1122    // bls12381::bls12381_min_pk_verify
1123    bls12381_bls12381_min_pk_verify_cost_base: Option<u64>,
1124    bls12381_bls12381_min_pk_verify_msg_cost_per_byte: Option<u64>,
1125    bls12381_bls12381_min_pk_verify_msg_cost_per_block: Option<u64>,
1126
1127    // ecdsa_k1::ecrecover
1128    ecdsa_k1_ecrecover_keccak256_cost_base: Option<u64>,
1129    ecdsa_k1_ecrecover_keccak256_msg_cost_per_byte: Option<u64>,
1130    ecdsa_k1_ecrecover_keccak256_msg_cost_per_block: Option<u64>,
1131    ecdsa_k1_ecrecover_sha256_cost_base: Option<u64>,
1132    ecdsa_k1_ecrecover_sha256_msg_cost_per_byte: Option<u64>,
1133    ecdsa_k1_ecrecover_sha256_msg_cost_per_block: Option<u64>,
1134
1135    // ecdsa_k1::decompress_pubkey
1136    ecdsa_k1_decompress_pubkey_cost_base: Option<u64>,
1137
1138    // ecdsa_k1::secp256k1_verify
1139    ecdsa_k1_secp256k1_verify_keccak256_cost_base: Option<u64>,
1140    ecdsa_k1_secp256k1_verify_keccak256_msg_cost_per_byte: Option<u64>,
1141    ecdsa_k1_secp256k1_verify_keccak256_msg_cost_per_block: Option<u64>,
1142    ecdsa_k1_secp256k1_verify_sha256_cost_base: Option<u64>,
1143    ecdsa_k1_secp256k1_verify_sha256_msg_cost_per_byte: Option<u64>,
1144    ecdsa_k1_secp256k1_verify_sha256_msg_cost_per_block: Option<u64>,
1145
1146    // ecdsa_r1::ecrecover
1147    ecdsa_r1_ecrecover_keccak256_cost_base: Option<u64>,
1148    ecdsa_r1_ecrecover_keccak256_msg_cost_per_byte: Option<u64>,
1149    ecdsa_r1_ecrecover_keccak256_msg_cost_per_block: Option<u64>,
1150    ecdsa_r1_ecrecover_sha256_cost_base: Option<u64>,
1151    ecdsa_r1_ecrecover_sha256_msg_cost_per_byte: Option<u64>,
1152    ecdsa_r1_ecrecover_sha256_msg_cost_per_block: Option<u64>,
1153
1154    // ecdsa_r1::secp256k1_verify
1155    ecdsa_r1_secp256r1_verify_keccak256_cost_base: Option<u64>,
1156    ecdsa_r1_secp256r1_verify_keccak256_msg_cost_per_byte: Option<u64>,
1157    ecdsa_r1_secp256r1_verify_keccak256_msg_cost_per_block: Option<u64>,
1158    ecdsa_r1_secp256r1_verify_sha256_cost_base: Option<u64>,
1159    ecdsa_r1_secp256r1_verify_sha256_msg_cost_per_byte: Option<u64>,
1160    ecdsa_r1_secp256r1_verify_sha256_msg_cost_per_block: Option<u64>,
1161
1162    // ecvrf::verify
1163    ecvrf_ecvrf_verify_cost_base: Option<u64>,
1164    ecvrf_ecvrf_verify_alpha_string_cost_per_byte: Option<u64>,
1165    ecvrf_ecvrf_verify_alpha_string_cost_per_block: Option<u64>,
1166
1167    // ed25519
1168    ed25519_ed25519_verify_cost_base: Option<u64>,
1169    ed25519_ed25519_verify_msg_cost_per_byte: Option<u64>,
1170    ed25519_ed25519_verify_msg_cost_per_block: Option<u64>,
1171
1172    // groth16::prepare_verifying_key
1173    groth16_prepare_verifying_key_bls12381_cost_base: Option<u64>,
1174    groth16_prepare_verifying_key_bn254_cost_base: Option<u64>,
1175
1176    // groth16::verify_groth16_proof_internal
1177    groth16_verify_groth16_proof_internal_bls12381_cost_base: Option<u64>,
1178    groth16_verify_groth16_proof_internal_bls12381_cost_per_public_input: Option<u64>,
1179    groth16_verify_groth16_proof_internal_bn254_cost_base: Option<u64>,
1180    groth16_verify_groth16_proof_internal_bn254_cost_per_public_input: Option<u64>,
1181    groth16_verify_groth16_proof_internal_public_input_cost_per_byte: Option<u64>,
1182
1183    // hash::blake2b256
1184    hash_blake2b256_cost_base: Option<u64>,
1185    hash_blake2b256_data_cost_per_byte: Option<u64>,
1186    hash_blake2b256_data_cost_per_block: Option<u64>,
1187
1188    // hash::keccak256
1189    hash_keccak256_cost_base: Option<u64>,
1190    hash_keccak256_data_cost_per_byte: Option<u64>,
1191    hash_keccak256_data_cost_per_block: Option<u64>,
1192
1193    // poseidon::poseidon_bn254
1194    poseidon_bn254_cost_base: Option<u64>,
1195    poseidon_bn254_cost_per_block: Option<u64>,
1196
1197    // group_ops
1198    group_ops_bls12381_decode_scalar_cost: Option<u64>,
1199    group_ops_bls12381_decode_g1_cost: Option<u64>,
1200    group_ops_bls12381_decode_g2_cost: Option<u64>,
1201    group_ops_bls12381_decode_gt_cost: Option<u64>,
1202    group_ops_bls12381_scalar_add_cost: Option<u64>,
1203    group_ops_bls12381_g1_add_cost: Option<u64>,
1204    group_ops_bls12381_g2_add_cost: Option<u64>,
1205    group_ops_bls12381_gt_add_cost: Option<u64>,
1206    group_ops_bls12381_scalar_sub_cost: Option<u64>,
1207    group_ops_bls12381_g1_sub_cost: Option<u64>,
1208    group_ops_bls12381_g2_sub_cost: Option<u64>,
1209    group_ops_bls12381_gt_sub_cost: Option<u64>,
1210    group_ops_bls12381_scalar_mul_cost: Option<u64>,
1211    group_ops_bls12381_g1_mul_cost: Option<u64>,
1212    group_ops_bls12381_g2_mul_cost: Option<u64>,
1213    group_ops_bls12381_gt_mul_cost: Option<u64>,
1214    group_ops_bls12381_scalar_div_cost: Option<u64>,
1215    group_ops_bls12381_g1_div_cost: Option<u64>,
1216    group_ops_bls12381_g2_div_cost: Option<u64>,
1217    group_ops_bls12381_gt_div_cost: Option<u64>,
1218    group_ops_bls12381_g1_hash_to_base_cost: Option<u64>,
1219    group_ops_bls12381_g2_hash_to_base_cost: Option<u64>,
1220    group_ops_bls12381_g1_hash_to_cost_per_byte: Option<u64>,
1221    group_ops_bls12381_g2_hash_to_cost_per_byte: Option<u64>,
1222    group_ops_bls12381_g1_msm_base_cost: Option<u64>,
1223    group_ops_bls12381_g2_msm_base_cost: Option<u64>,
1224    group_ops_bls12381_g1_msm_base_cost_per_input: Option<u64>,
1225    group_ops_bls12381_g2_msm_base_cost_per_input: Option<u64>,
1226    group_ops_bls12381_msm_max_len: Option<u32>,
1227    group_ops_bls12381_pairing_cost: Option<u64>,
1228    group_ops_bls12381_g1_to_uncompressed_g1_cost: Option<u64>,
1229    group_ops_bls12381_uncompressed_g1_to_g1_cost: Option<u64>,
1230    group_ops_bls12381_uncompressed_g1_sum_base_cost: Option<u64>,
1231    group_ops_bls12381_uncompressed_g1_sum_cost_per_term: Option<u64>,
1232    group_ops_bls12381_uncompressed_g1_sum_max_terms: Option<u64>,
1233
1234    // hmac::hmac_sha3_256
1235    hmac_hmac_sha3_256_cost_base: Option<u64>,
1236    hmac_hmac_sha3_256_input_cost_per_byte: Option<u64>,
1237    hmac_hmac_sha3_256_input_cost_per_block: Option<u64>,
1238
1239    // zklogin::check_zklogin_id
1240    #[deprecated]
1241    check_zklogin_id_cost_base: Option<u64>,
1242    // zklogin::check_zklogin_issuer
1243    #[deprecated]
1244    check_zklogin_issuer_cost_base: Option<u64>,
1245
1246    vdf_verify_vdf_cost: Option<u64>,
1247    vdf_hash_to_input_cost: Option<u64>,
1248
1249    // Stdlib costs
1250    bcs_per_byte_serialized_cost: Option<u64>,
1251    bcs_legacy_min_output_size_cost: Option<u64>,
1252    bcs_failure_cost: Option<u64>,
1253
1254    hash_sha2_256_base_cost: Option<u64>,
1255    hash_sha2_256_per_byte_cost: Option<u64>,
1256    hash_sha2_256_legacy_min_input_len_cost: Option<u64>,
1257    hash_sha3_256_base_cost: Option<u64>,
1258    hash_sha3_256_per_byte_cost: Option<u64>,
1259    hash_sha3_256_legacy_min_input_len_cost: Option<u64>,
1260    type_name_get_base_cost: Option<u64>,
1261    type_name_get_per_byte_cost: Option<u64>,
1262
1263    string_check_utf8_base_cost: Option<u64>,
1264    string_check_utf8_per_byte_cost: Option<u64>,
1265    string_is_char_boundary_base_cost: Option<u64>,
1266    string_sub_string_base_cost: Option<u64>,
1267    string_sub_string_per_byte_cost: Option<u64>,
1268    string_index_of_base_cost: Option<u64>,
1269    string_index_of_per_byte_pattern_cost: Option<u64>,
1270    string_index_of_per_byte_searched_cost: Option<u64>,
1271
1272    vector_empty_base_cost: Option<u64>,
1273    vector_length_base_cost: Option<u64>,
1274    vector_push_back_base_cost: Option<u64>,
1275    vector_push_back_legacy_per_abstract_memory_unit_cost: Option<u64>,
1276    vector_borrow_base_cost: Option<u64>,
1277    vector_pop_back_base_cost: Option<u64>,
1278    vector_destroy_empty_base_cost: Option<u64>,
1279    vector_swap_base_cost: Option<u64>,
1280    debug_print_base_cost: Option<u64>,
1281    debug_print_stack_trace_base_cost: Option<u64>,
1282
1283    // === Execution Version ===
1284    execution_version: Option<u64>,
1285
1286    // Dictates the threshold (percentage of stake) that is used to calculate the "bad" nodes to be
1287    // swapped when creating the consensus schedule. The values should be of the range [0 - 33].
1288    // Anything above 33 (f) will not be allowed.
1289    consensus_bad_nodes_stake_threshold: Option<u64>,
1290
1291    #[deprecated]
1292    max_jwk_votes_per_validator_per_epoch: Option<u64>,
1293    // The maximum age of a JWK in epochs before it is removed from the AuthenticatorState object.
1294    // Applied at the end of an epoch as a delta from the new epoch value, so setting this to 1
1295    // will cause the new epoch to start with JWKs from the previous epoch still valid.
1296    #[deprecated]
1297    max_age_of_jwk_in_epochs: Option<u64>,
1298
1299    // === random beacon ===
1300    /// Maximum allowed precision loss when reducing voting weights for the
1301    /// random beacon protocol.
1302    random_beacon_reduction_allowed_delta: Option<u16>,
1303
1304    /// Minimum number of shares below which voting weights will not be reduced
1305    /// for the random beacon protocol.
1306    random_beacon_reduction_lower_bound: Option<u32>,
1307
1308    /// Consensus Round after which DKG should be aborted and randomness
1309    /// disabled for the epoch, if it hasn't already completed.
1310    random_beacon_dkg_timeout_round: Option<u32>,
1311
1312    /// Minimum interval between consecutive rounds of generated randomness.
1313    random_beacon_min_round_interval_ms: Option<u64>,
1314
1315    /// Version of the random beacon DKG protocol.
1316    /// 0 was deprecated (and currently not supported), 1 is the default
1317    /// version.
1318    random_beacon_dkg_version: Option<u64>,
1319
1320    /// The maximum serialized transaction size (in bytes) accepted by
1321    /// consensus. `consensus_max_transaction_size_bytes` should include
1322    /// space for additional metadata, on top of the `max_tx_size_bytes`
1323    /// value.
1324    consensus_max_transaction_size_bytes: Option<u64>,
1325    /// The maximum size of transactions included in a consensus block.
1326    consensus_max_transactions_in_block_bytes: Option<u64>,
1327    /// The maximum number of transactions included in a consensus block.
1328    consensus_max_num_transactions_in_block: Option<u64>,
1329
1330    /// The max number of consensus rounds a transaction can be deferred due to
1331    /// shared object congestion. Transactions will be cancelled after this
1332    /// many rounds.
1333    max_deferral_rounds_for_congestion_control: Option<u64>,
1334
1335    /// Minimum interval of commit timestamps between consecutive checkpoints.
1336    min_checkpoint_interval_ms: Option<u64>,
1337
1338    /// Version number to use for version_specific_data in `CheckpointSummary`.
1339    checkpoint_summary_version_specific_data: Option<u64>,
1340
1341    /// The max number of transactions that can be included in a single Soft
1342    /// Bundle.
1343    max_soft_bundle_size: Option<u64>,
1344
1345    /// Deprecated because of bridge removal.
1346    /// Whether to try to form bridge committee
1347    // Note: this is not a feature flag because we want to distinguish between
1348    // `None` and `Some(false)`, as committee was already finalized on Testnet.
1349    bridge_should_try_to_finalize_committee: Option<bool>,
1350
1351    /// The max accumulated txn execution cost per object in a mysticeti commit.
1352    /// Transactions in a commit will be deferred once their touch shared
1353    /// objects hit this limit. Note that if
1354    /// `max_congestion_limit_overshoot_per_commit` is set, this may be overshot
1355    /// within a single commit, but the limit will be enforced in the long run.
1356    max_accumulated_txn_cost_per_object_in_mysticeti_commit: Option<u64>,
1357
1358    /// Maximum number of committee (validators taking part in consensus)
1359    /// validators at any moment. We do not allow the number of committee
1360    /// validators in any epoch to go above this.
1361    max_committee_members_count: Option<u64>,
1362
1363    /// Configures the garbage collection depth for consensus. When is unset or
1364    /// `0` then the garbage collection is disabled.
1365    consensus_gc_depth: Option<u32>,
1366
1367    /// Configures the maximum number of acknowledgments to be included in a
1368    /// block. It must be reasonably larger than the number of validators
1369    /// because not all validators create their blocks at the same pace.
1370    /// Default value set to 400. (5 x expected committee size (80)).
1371    /// Applicable only to `starfish` consensus.
1372    consensus_max_acknowledgments_per_block: Option<u32>,
1373
1374    /// The maximum amount that is allowed to overshoot the congestion limit
1375    /// specified by 'max_accumulated_txn_cost_per_object_in_mysticeti_commit'
1376    /// for any single commit. Any overshoot is tracked as a debt that must
1377    /// be accounted for in subsequent commits.
1378    max_congestion_limit_overshoot_per_commit: Option<u64>,
1379
1380    /// Scorer version. When set to `None`, MisbehaviorReports are not sent nor
1381    /// considered valid. When set to `Some(version)`, scores are included in
1382    /// the MisbehaviorReports messages, where `version` determines the scoring
1383    /// formulas and metrics to be used. Even if set to None, the Scorer
1384    /// component is created, having access to metrics and being able to expose
1385    /// validator scores. Also gates the wire format of the
1386    /// `MisbehaviorReport` consensus transaction — scorer and report bump
1387    /// together.
1388    scorer_version: Option<u16>,
1389
1390    // `auth_context` module
1391    // Cost params for the Move native function `native_digest(): vector<u8>`
1392    auth_context_digest_cost_base: Option<u64>,
1393    // Cost params for the Move native function `native_tx_data_bytes(): &vector<u8>`
1394    auth_context_tx_data_bytes_cost_base: Option<u64>,
1395    auth_context_tx_data_bytes_cost_per_byte: Option<u64>,
1396    // Cost params for the Move native function `native_tx_commands<C>(): vector<C>`
1397    auth_context_tx_commands_cost_base: Option<u64>,
1398    auth_context_tx_commands_cost_per_byte: Option<u64>,
1399    // Cost params for the Move native function `native_tx_inputs<I>(): vector<I>`
1400    auth_context_tx_inputs_cost_base: Option<u64>,
1401    auth_context_tx_inputs_cost_per_byte: Option<u64>,
1402    // Cost params for the Move native function `fun native_replace<I, C>(auth_digest: vector<u8>,
1403    // tx_inputs: vector<I>, tx_commands: vector<C>, tx_data_bytes: vector<u8>)`
1404    auth_context_replace_cost_base: Option<u64>,
1405    auth_context_replace_cost_per_byte: Option<u64>,
1406    // Cost params for the Move native functions
1407    // `fun native_sender_authenticator_function_info_v1<F>(): &Option<F>`
1408    // `fun native_sponsor_authenticator_function_info_v1<F>(): &Option<F>`
1409    auth_context_authenticator_function_info_v1_cost_base: Option<u64>,
1410
1411    /// Number of committed subdags between leader-schedule recomputations.
1412    /// When unset, defaults to 300.
1413    consensus_commits_per_schedule: Option<u32>,
1414}
1415
1416// feature flags
1417impl ProtocolConfig {
1418    // Add checks for feature flag support here, e.g.:
1419    // pub fn check_new_protocol_feature_supported(&self) -> Result<(), Error> {
1420    //     if self.feature_flags.new_protocol_feature_supported {
1421    //         Ok(())
1422    //     } else {
1423    //         Err(Error(format!(
1424    //             "new_protocol_feature is not supported at {:?}",
1425    //             self.version
1426    //         )))
1427    //     }
1428    // }
1429
1430    pub fn disable_invariant_violation_check_in_swap_loc(&self) -> bool {
1431        self.feature_flags
1432            .disable_invariant_violation_check_in_swap_loc
1433    }
1434
1435    pub fn no_extraneous_module_bytes(&self) -> bool {
1436        self.feature_flags.no_extraneous_module_bytes
1437    }
1438
1439    pub fn consensus_transaction_ordering(&self) -> ConsensusTransactionOrdering {
1440        self.feature_flags.consensus_transaction_ordering
1441    }
1442
1443    pub fn dkg_version(&self) -> u64 {
1444        // Version 0 was deprecated and removed, the default is 1 if not set.
1445        self.random_beacon_dkg_version.unwrap_or(1)
1446    }
1447
1448    pub fn hardened_otw_check(&self) -> bool {
1449        self.feature_flags.hardened_otw_check
1450    }
1451
1452    pub fn enable_poseidon(&self) -> bool {
1453        self.feature_flags.enable_poseidon
1454    }
1455
1456    pub fn enable_group_ops_native_function_msm(&self) -> bool {
1457        self.feature_flags.enable_group_ops_native_function_msm
1458    }
1459
1460    pub fn per_object_congestion_control_mode(&self) -> PerObjectCongestionControlMode {
1461        self.feature_flags.per_object_congestion_control_mode
1462    }
1463
1464    pub fn consensus_choice(&self) -> ConsensusChoice {
1465        self.feature_flags.consensus_choice
1466    }
1467
1468    pub fn consensus_network(&self) -> ConsensusNetwork {
1469        self.feature_flags.consensus_network
1470    }
1471
1472    pub fn enable_vdf(&self) -> bool {
1473        self.feature_flags.enable_vdf
1474    }
1475
1476    pub fn passkey_auth(&self) -> bool {
1477        self.feature_flags.passkey_auth
1478    }
1479
1480    pub fn max_transaction_size_bytes(&self) -> u64 {
1481        // Provide a default value if protocol config version is too low.
1482        self.consensus_max_transaction_size_bytes
1483            .unwrap_or(256 * 1024)
1484    }
1485
1486    pub fn max_transactions_in_block_bytes(&self) -> u64 {
1487        if cfg!(msim) {
1488            256 * 1024
1489        } else {
1490            self.consensus_max_transactions_in_block_bytes
1491                .unwrap_or(512 * 1024)
1492        }
1493    }
1494
1495    pub fn max_num_transactions_in_block(&self) -> u64 {
1496        if cfg!(msim) {
1497            8
1498        } else {
1499            self.consensus_max_num_transactions_in_block.unwrap_or(512)
1500        }
1501    }
1502
1503    pub fn rethrow_serialization_type_layout_errors(&self) -> bool {
1504        self.feature_flags.rethrow_serialization_type_layout_errors
1505    }
1506
1507    pub fn relocate_event_module(&self) -> bool {
1508        self.feature_flags.relocate_event_module
1509    }
1510
1511    pub fn protocol_defined_base_fee(&self) -> bool {
1512        self.feature_flags.protocol_defined_base_fee
1513    }
1514
1515    pub fn uncompressed_g1_group_elements(&self) -> bool {
1516        self.feature_flags.uncompressed_g1_group_elements
1517    }
1518
1519    pub fn disallow_new_modules_in_deps_only_packages(&self) -> bool {
1520        self.feature_flags
1521            .disallow_new_modules_in_deps_only_packages
1522    }
1523
1524    pub fn native_charging_v2(&self) -> bool {
1525        self.feature_flags.native_charging_v2
1526    }
1527
1528    pub fn consensus_round_prober(&self) -> bool {
1529        self.feature_flags.consensus_round_prober
1530    }
1531
1532    pub fn consensus_distributed_vote_scoring_strategy(&self) -> bool {
1533        self.feature_flags
1534            .consensus_distributed_vote_scoring_strategy
1535    }
1536
1537    pub fn gc_depth(&self) -> u32 {
1538        if cfg!(msim) {
1539            // exercise a very low gc_depth
1540            min(5, self.consensus_gc_depth.unwrap_or(0))
1541        } else {
1542            self.consensus_gc_depth.unwrap_or(0)
1543        }
1544    }
1545
1546    pub fn consensus_linearize_subdag_v2(&self) -> bool {
1547        let res = self.feature_flags.consensus_linearize_subdag_v2;
1548        assert!(
1549            !res || self.gc_depth() > 0,
1550            "The consensus linearize sub dag V2 requires GC to be enabled"
1551        );
1552        res
1553    }
1554
1555    pub fn consensus_max_acknowledgments_per_block_or_default(&self) -> u32 {
1556        self.consensus_max_acknowledgments_per_block.unwrap_or(400)
1557    }
1558
1559    pub fn max_acknowledgments_per_block(&self, committee_size: usize) -> usize {
1560        2 * committee_size
1561    }
1562
1563    pub fn max_commit_votes_per_block(&self, committee_size: usize) -> usize {
1564        committee_size
1565    }
1566
1567    pub fn variant_nodes(&self) -> bool {
1568        self.feature_flags.variant_nodes
1569    }
1570
1571    pub fn consensus_smart_ancestor_selection(&self) -> bool {
1572        self.feature_flags.consensus_smart_ancestor_selection
1573    }
1574
1575    pub fn consensus_round_prober_probe_accepted_rounds(&self) -> bool {
1576        self.feature_flags
1577            .consensus_round_prober_probe_accepted_rounds
1578    }
1579
1580    pub fn consensus_zstd_compression(&self) -> bool {
1581        self.feature_flags.consensus_zstd_compression
1582    }
1583
1584    pub fn congestion_control_min_free_execution_slot(&self) -> bool {
1585        self.feature_flags
1586            .congestion_control_min_free_execution_slot
1587    }
1588
1589    pub fn accept_passkey_in_multisig(&self) -> bool {
1590        self.feature_flags.accept_passkey_in_multisig
1591    }
1592
1593    pub fn consensus_batched_block_sync(&self) -> bool {
1594        self.feature_flags.consensus_batched_block_sync
1595    }
1596
1597    /// Check if the gas price feedback mechanism (which is used for
1598    /// transactions cancelled due to shared object congestion) is enabled
1599    pub fn congestion_control_gas_price_feedback_mechanism(&self) -> bool {
1600        self.feature_flags
1601            .congestion_control_gas_price_feedback_mechanism
1602    }
1603
1604    pub fn validate_identifier_inputs(&self) -> bool {
1605        self.feature_flags.validate_identifier_inputs
1606    }
1607
1608    pub fn minimize_child_object_mutations(&self) -> bool {
1609        self.feature_flags.minimize_child_object_mutations
1610    }
1611
1612    pub fn dependency_linkage_error(&self) -> bool {
1613        self.feature_flags.dependency_linkage_error
1614    }
1615
1616    pub fn additional_multisig_checks(&self) -> bool {
1617        self.feature_flags.additional_multisig_checks
1618    }
1619
1620    pub fn consensus_num_requested_prior_commits_at_startup(&self) -> u32 {
1621        // TODO: this will eventually be the max of some number of other
1622        // parameters.
1623        0
1624    }
1625
1626    pub fn normalize_ptb_arguments(&self) -> bool {
1627        self.feature_flags.normalize_ptb_arguments
1628    }
1629
1630    pub fn select_committee_from_eligible_validators(&self) -> bool {
1631        let res = self.feature_flags.select_committee_from_eligible_validators;
1632        assert!(
1633            !res || (self.protocol_defined_base_fee()
1634                && self.max_committee_members_count_as_option().is_some()),
1635            "select_committee_from_eligible_validators requires protocol_defined_base_fee and max_committee_members_count to be set"
1636        );
1637        res
1638    }
1639
1640    pub fn track_non_committee_eligible_validators(&self) -> bool {
1641        self.feature_flags.track_non_committee_eligible_validators
1642    }
1643
1644    pub fn select_committee_supporting_next_epoch_version(&self) -> bool {
1645        let res = self
1646            .feature_flags
1647            .select_committee_supporting_next_epoch_version;
1648        assert!(
1649            !res || (self.track_non_committee_eligible_validators()
1650                && self.select_committee_from_eligible_validators()),
1651            "select_committee_supporting_next_epoch_version requires select_committee_from_eligible_validators to be set"
1652        );
1653        res
1654    }
1655
1656    pub fn consensus_median_timestamp_with_checkpoint_enforcement(&self) -> bool {
1657        let res = self
1658            .feature_flags
1659            .consensus_median_timestamp_with_checkpoint_enforcement;
1660        assert!(
1661            !res || self.gc_depth() > 0,
1662            "The consensus median timestamp with checkpoint enforcement requires GC to be enabled"
1663        );
1664        res
1665    }
1666
1667    pub fn consensus_commit_transactions_only_for_traversed_headers(&self) -> bool {
1668        self.feature_flags
1669            .consensus_commit_transactions_only_for_traversed_headers
1670    }
1671
1672    /// Check whether congestion limit overshoot is enabled in the gas price
1673    /// feedback mechanism.
1674    pub fn congestion_limit_overshoot_in_gas_price_feedback_mechanism(&self) -> bool {
1675        self.feature_flags
1676            .congestion_limit_overshoot_in_gas_price_feedback_mechanism
1677    }
1678
1679    /// Check whether a separate gas price feedback mechanism is used for
1680    /// randomness transactions.
1681    pub fn separate_gas_price_feedback_mechanism_for_randomness(&self) -> bool {
1682        self.feature_flags
1683            .separate_gas_price_feedback_mechanism_for_randomness
1684    }
1685
1686    pub fn metadata_in_module_bytes(&self) -> bool {
1687        self.feature_flags.metadata_in_module_bytes
1688    }
1689
1690    pub fn publish_package_metadata(&self) -> bool {
1691        self.feature_flags.publish_package_metadata
1692    }
1693
1694    pub fn enable_move_authentication(&self) -> bool {
1695        self.feature_flags.enable_move_authentication
1696    }
1697
1698    pub fn additional_borrow_checks(&self) -> bool {
1699        self.feature_flags.additional_borrow_checks
1700    }
1701
1702    pub fn enable_move_authentication_for_sponsor(&self) -> bool {
1703        let enable_move_authentication_for_sponsor =
1704            self.feature_flags.enable_move_authentication_for_sponsor;
1705        assert!(
1706            !enable_move_authentication_for_sponsor || self.enable_move_authentication(),
1707            "enable_move_authentication_for_sponsor requires enable_move_authentication to be set"
1708        );
1709        enable_move_authentication_for_sponsor
1710    }
1711
1712    pub fn pass_validator_scores_to_advance_epoch(&self) -> bool {
1713        self.feature_flags.pass_validator_scores_to_advance_epoch
1714    }
1715
1716    pub fn calculate_validator_scores(&self) -> bool {
1717        let calculate_validator_scores = self.feature_flags.calculate_validator_scores;
1718        assert!(
1719            !calculate_validator_scores || self.scorer_version.is_some(),
1720            "calculate_validator_scores requires scorer_version to be set"
1721        );
1722        calculate_validator_scores
1723    }
1724
1725    pub fn adjust_rewards_by_score(&self) -> bool {
1726        let adjust = self.feature_flags.adjust_rewards_by_score;
1727        assert!(
1728            !adjust || (self.scorer_version.is_some() && self.calculate_validator_scores()),
1729            "adjust_rewards_by_score requires scorer_version to be set"
1730        );
1731        adjust
1732    }
1733
1734    pub fn pass_calculated_validator_scores_to_advance_epoch(&self) -> bool {
1735        let pass = self
1736            .feature_flags
1737            .pass_calculated_validator_scores_to_advance_epoch;
1738        assert!(
1739            !pass
1740                || (self.pass_validator_scores_to_advance_epoch()
1741                    && self.calculate_validator_scores()),
1742            "pass_calculated_validator_scores_to_advance_epoch requires pass_validator_scores_to_advance_epoch and calculate_validator_scores to be enabled"
1743        );
1744        pass
1745    }
1746    pub fn consensus_fast_commit_sync(&self) -> bool {
1747        let res = self.feature_flags.consensus_fast_commit_sync;
1748        assert!(
1749            !res || self.consensus_commit_transactions_only_for_traversed_headers(),
1750            "consensus_fast_commit_sync requires consensus_commit_transactions_only_for_traversed_headers to be enabled"
1751        );
1752        res
1753    }
1754
1755    pub fn consensus_block_restrictions(&self) -> bool {
1756        self.feature_flags.consensus_block_restrictions
1757    }
1758
1759    pub fn move_native_tx_context(&self) -> bool {
1760        self.feature_flags.move_native_tx_context
1761    }
1762
1763    pub fn pre_consensus_sponsor_only_move_authentication(&self) -> bool {
1764        let pre_consensus_sponsor_only_move_authentication = self
1765            .feature_flags
1766            .pre_consensus_sponsor_only_move_authentication;
1767        if pre_consensus_sponsor_only_move_authentication {
1768            assert!(
1769                self.enable_move_authentication(),
1770                "pre_consensus_sponsor_only_move_authentication requires enable_move_authentication to be set"
1771            );
1772            assert!(
1773                self.enable_move_authentication_for_sponsor(),
1774                "pre_consensus_sponsor_only_move_authentication requires enable_move_authentication_for_sponsor to be set"
1775            );
1776        }
1777        pre_consensus_sponsor_only_move_authentication
1778    }
1779
1780    pub fn consensus_starfish_speed(&self) -> bool {
1781        let res = self.feature_flags.consensus_starfish_speed;
1782        assert!(
1783            !res || self.consensus_fast_commit_sync(),
1784            "consensus_starfish_speed requires consensus_fast_commit_sync to be enabled"
1785        );
1786        res
1787    }
1788
1789    pub fn always_advance_dkg_to_resolution(&self) -> bool {
1790        self.feature_flags.always_advance_dkg_to_resolution
1791    }
1792
1793    pub fn enable_pcool_flow(&self) -> bool {
1794        self.feature_flags.enable_pcool_flow
1795    }
1796
1797    pub fn commits_per_schedule(&self) -> u32 {
1798        if cfg!(msim) {
1799            // Exercise faster leader-schedule rotation in simtests.
1800            min(10, self.consensus_commits_per_schedule.unwrap_or(300))
1801        } else {
1802            self.consensus_commits_per_schedule.unwrap_or(300)
1803        }
1804    }
1805}
1806
1807#[cfg(not(msim))]
1808static POISON_VERSION_METHODS: AtomicBool = const { AtomicBool::new(false) };
1809
1810// Use a thread local in sim tests for test isolation.
1811#[cfg(msim)]
1812thread_local! {
1813    static POISON_VERSION_METHODS: AtomicBool = const { AtomicBool::new(false) };
1814}
1815
1816// Instantiations for each protocol version.
1817impl ProtocolConfig {
1818    /// Get the value ProtocolConfig that are in effect during the given
1819    /// protocol version.
1820    pub fn get_for_version(version: ProtocolVersion, chain: Chain) -> Self {
1821        // ProtocolVersion can be deserialized so we need to check it here as well.
1822        assert!(
1823            version >= ProtocolVersion::MIN,
1824            "Network protocol version is {:?}, but the minimum supported version by the binary is {:?}. Please upgrade the binary.",
1825            version,
1826            ProtocolVersion::MIN.0,
1827        );
1828        assert!(
1829            version <= ProtocolVersion::MAX_ALLOWED,
1830            "Network protocol version is {:?}, but the maximum supported version by the binary is {:?}. Please upgrade the binary.",
1831            version,
1832            ProtocolVersion::MAX_ALLOWED.0,
1833        );
1834
1835        let mut ret = Self::get_for_version_impl(version, chain);
1836        ret.version = version;
1837
1838        ret = CONFIG_OVERRIDE.with(|ovr| {
1839            if let Some(override_fn) = &*ovr.borrow() {
1840                warn!(
1841                    "overriding ProtocolConfig settings with custom settings (you should not see this log outside of tests)"
1842                );
1843                override_fn(version, ret)
1844            } else {
1845                ret
1846            }
1847        });
1848
1849        if std::env::var("IOTA_PROTOCOL_CONFIG_OVERRIDE_ENABLE").is_ok() {
1850            warn!(
1851                "overriding ProtocolConfig settings with custom settings; this may break non-local networks"
1852            );
1853
1854            // First, deserialize the top-level ProtocolConfig fields
1855            let overrides: ProtocolConfigOptional =
1856                serde_env::from_env_with_prefix("IOTA_PROTOCOL_CONFIG_OVERRIDE")
1857                    .expect("failed to parse ProtocolConfig override env variables");
1858            overrides.apply_to(&mut ret);
1859
1860            // Then, separately deserialize FeatureFlags fields
1861            let feature_flag_overrides: FeatureFlagsOptional =
1862                serde_env::from_env_with_prefix("IOTA_PROTOCOL_CONFIG_FEATURE_FLAGS_OVERRIDE")
1863                    .expect("failed to parse ProtocolConfig feature flags override env variables");
1864
1865            feature_flag_overrides.apply_to(&mut ret.feature_flags);
1866        }
1867
1868        ret
1869    }
1870
1871    /// Get the value ProtocolConfig that are in effect during the given
1872    /// protocol version. Or none if the version is not supported.
1873    pub fn get_for_version_if_supported(version: ProtocolVersion, chain: Chain) -> Option<Self> {
1874        if version.0 >= ProtocolVersion::MIN.0 && version.0 <= ProtocolVersion::MAX_ALLOWED.0 {
1875            let mut ret = Self::get_for_version_impl(version, chain);
1876            ret.version = version;
1877            Some(ret)
1878        } else {
1879            None
1880        }
1881    }
1882
1883    #[cfg(not(msim))]
1884    pub fn poison_get_for_min_version() {
1885        POISON_VERSION_METHODS.store(true, Ordering::Relaxed);
1886    }
1887
1888    #[cfg(not(msim))]
1889    fn load_poison_get_for_min_version() -> bool {
1890        POISON_VERSION_METHODS.load(Ordering::Relaxed)
1891    }
1892
1893    #[cfg(msim)]
1894    pub fn poison_get_for_min_version() {
1895        POISON_VERSION_METHODS.with(|p| p.store(true, Ordering::Relaxed));
1896    }
1897
1898    #[cfg(msim)]
1899    fn load_poison_get_for_min_version() -> bool {
1900        POISON_VERSION_METHODS.with(|p| p.load(Ordering::Relaxed))
1901    }
1902
1903    pub fn convert_type_argument_error(&self) -> bool {
1904        self.feature_flags.convert_type_argument_error
1905    }
1906
1907    /// Convenience to get the constants at the current minimum supported
1908    /// version. Mainly used by client code that may not yet be
1909    /// protocol-version aware.
1910    pub fn get_for_min_version() -> Self {
1911        if Self::load_poison_get_for_min_version() {
1912            panic!("get_for_min_version called on validator");
1913        }
1914        ProtocolConfig::get_for_version(ProtocolVersion::MIN, Chain::Unknown)
1915    }
1916
1917    /// CAREFUL! - You probably want to use `get_for_version` instead.
1918    ///
1919    /// Convenience to get the constants at the current maximum supported
1920    /// version. Mainly used by genesis. Note well that this function uses
1921    /// the max version supported locally by the node, which is not
1922    /// necessarily the current version of the network. ALSO, this function
1923    /// disregards chain specific config (by using Chain::Unknown), thereby
1924    /// potentially returning a protocol config that is incorrect for some
1925    /// feature flags. Definitely safe for testing and for protocol version
1926    /// 11 and prior.
1927    #[expect(non_snake_case)]
1928    pub fn get_for_max_version_UNSAFE() -> Self {
1929        if Self::load_poison_get_for_min_version() {
1930            panic!("get_for_max_version_UNSAFE called on validator");
1931        }
1932        ProtocolConfig::get_for_version(ProtocolVersion::MAX, Chain::Unknown)
1933    }
1934
1935    fn get_for_version_impl(version: ProtocolVersion, chain: Chain) -> Self {
1936        #[cfg(msim)]
1937        {
1938            // populate the fake simulator version # with a different base tx cost.
1939            if version > ProtocolVersion::MAX {
1940                let mut config = Self::get_for_version_impl(ProtocolVersion::MAX, Chain::Unknown);
1941                config.base_tx_cost_fixed = Some(config.base_tx_cost_fixed() + 1000);
1942                return config;
1943            }
1944        }
1945
1946        // IMPORTANT: Never modify the value of any constant for a pre-existing protocol
1947        // version. To change the values here you must create a new protocol
1948        // version with the new values!
1949        let mut cfg = Self {
1950            version,
1951
1952            feature_flags: Default::default(),
1953
1954            max_tx_size_bytes: Some(128 * 1024),
1955            // We need this number to be at least 100x less than
1956            // `max_serialized_tx_effects_size_bytes`otherwise effects can be huge
1957            max_input_objects: Some(2048),
1958            max_serialized_tx_effects_size_bytes: Some(512 * 1024),
1959            max_serialized_tx_effects_size_bytes_system_tx: Some(512 * 1024 * 16),
1960            max_gas_payment_objects: Some(256),
1961            max_modules_in_publish: Some(64),
1962            max_package_dependencies: Some(32),
1963            max_arguments: Some(512),
1964            max_type_arguments: Some(16),
1965            max_type_argument_depth: Some(16),
1966            max_pure_argument_size: Some(16 * 1024),
1967            max_programmable_tx_commands: Some(1024),
1968            move_binary_format_version: Some(7),
1969            min_move_binary_format_version: Some(6),
1970            binary_module_handles: Some(100),
1971            binary_struct_handles: Some(300),
1972            binary_function_handles: Some(1500),
1973            binary_function_instantiations: Some(750),
1974            binary_signatures: Some(1000),
1975            binary_constant_pool: Some(4000),
1976            binary_identifiers: Some(10000),
1977            binary_address_identifiers: Some(100),
1978            binary_struct_defs: Some(200),
1979            binary_struct_def_instantiations: Some(100),
1980            binary_function_defs: Some(1000),
1981            binary_field_handles: Some(500),
1982            binary_field_instantiations: Some(250),
1983            binary_friend_decls: Some(100),
1984            binary_enum_defs: None,
1985            binary_enum_def_instantiations: None,
1986            binary_variant_handles: None,
1987            binary_variant_instantiation_handles: None,
1988            max_move_object_size: Some(250 * 1024),
1989            max_move_package_size: Some(100 * 1024),
1990            max_publish_or_upgrade_per_ptb: Some(5),
1991            // max gas budget for an authentication is in NANOS
1992            max_auth_gas: None,
1993            // max gas budget is in NANOS and an absolute value 50IOTA
1994            max_tx_gas: Some(50_000_000_000),
1995            max_gas_price: Some(100_000),
1996            max_gas_computation_bucket: Some(5_000_000),
1997            max_loop_depth: Some(5),
1998            max_generic_instantiation_length: Some(32),
1999            max_function_parameters: Some(128),
2000            max_basic_blocks: Some(1024),
2001            max_value_stack_size: Some(1024),
2002            max_type_nodes: Some(256),
2003            max_push_size: Some(10000),
2004            max_struct_definitions: Some(200),
2005            max_function_definitions: Some(1000),
2006            max_fields_in_struct: Some(32),
2007            max_dependency_depth: Some(100),
2008            max_num_event_emit: Some(1024),
2009            max_num_new_move_object_ids: Some(2048),
2010            max_num_new_move_object_ids_system_tx: Some(2048 * 16),
2011            max_num_deleted_move_object_ids: Some(2048),
2012            max_num_deleted_move_object_ids_system_tx: Some(2048 * 16),
2013            max_num_transferred_move_object_ids: Some(2048),
2014            max_num_transferred_move_object_ids_system_tx: Some(2048 * 16),
2015            max_event_emit_size: Some(250 * 1024),
2016            max_move_vector_len: Some(256 * 1024),
2017            max_type_to_layout_nodes: None,
2018            max_ptb_value_size: None,
2019
2020            max_back_edges_per_function: Some(10_000),
2021            max_back_edges_per_module: Some(10_000),
2022
2023            max_verifier_meter_ticks_per_function: Some(16_000_000),
2024
2025            max_meter_ticks_per_module: Some(16_000_000),
2026            max_meter_ticks_per_package: Some(16_000_000),
2027
2028            object_runtime_max_num_cached_objects: Some(1000),
2029            object_runtime_max_num_cached_objects_system_tx: Some(1000 * 16),
2030            object_runtime_max_num_store_entries: Some(1000),
2031            object_runtime_max_num_store_entries_system_tx: Some(1000 * 16),
2032            // min gas budget is in NANOS and an absolute value 1000 NANOS or 0.000001IOTA
2033            base_tx_cost_fixed: Some(1_000),
2034            package_publish_cost_fixed: Some(1_000),
2035            base_tx_cost_per_byte: Some(0),
2036            package_publish_cost_per_byte: Some(80),
2037            obj_access_cost_read_per_byte: Some(15),
2038            obj_access_cost_mutate_per_byte: Some(40),
2039            obj_access_cost_delete_per_byte: Some(40),
2040            obj_access_cost_verify_per_byte: Some(200),
2041            obj_data_cost_refundable: Some(100),
2042            obj_metadata_cost_non_refundable: Some(50),
2043            gas_model_version: Some(1),
2044            storage_rebate_rate: Some(10000),
2045            // Change reward slashing rate to 100%.
2046            reward_slashing_rate: Some(10000),
2047            storage_gas_price: Some(76),
2048            base_gas_price: None,
2049            // The initial subsidy (target reward) for validators per epoch.
2050            // Refer to the IOTA tokenomics for the origin of this value.
2051            validator_target_reward: Some(767_000 * 1_000_000_000),
2052            max_transactions_per_checkpoint: Some(10_000),
2053            max_checkpoint_size_bytes: Some(30 * 1024 * 1024),
2054
2055            // For now, perform upgrades with a bare quorum of validators.
2056            buffer_stake_for_protocol_upgrade_bps: Some(5000),
2057
2058            // === Native Function Costs ===
2059            // `address` module
2060            // Cost params for the Move native function `address::from_bytes(bytes: vector<u8>)`
2061            address_from_bytes_cost_base: Some(52),
2062            // Cost params for the Move native function `address::to_u256(address): u256`
2063            address_to_u256_cost_base: Some(52),
2064            // Cost params for the Move native function `address::from_u256(u256): address`
2065            address_from_u256_cost_base: Some(52),
2066
2067            // `config` module
2068            // Cost params for the Move native function `read_setting_impl``
2069            config_read_setting_impl_cost_base: Some(100),
2070            config_read_setting_impl_cost_per_byte: Some(40),
2071
2072            // `dynamic_field` module
2073            // Cost params for the Move native function `hash_type_and_key<K: copy + drop +
2074            // store>(parent: address, k: K): address`
2075            dynamic_field_hash_type_and_key_cost_base: Some(100),
2076            dynamic_field_hash_type_and_key_type_cost_per_byte: Some(2),
2077            dynamic_field_hash_type_and_key_value_cost_per_byte: Some(2),
2078            dynamic_field_hash_type_and_key_type_tag_cost_per_byte: Some(2),
2079            // Cost params for the Move native function `add_child_object<Child: key>(parent:
2080            // address, child: Child)`
2081            dynamic_field_add_child_object_cost_base: Some(100),
2082            dynamic_field_add_child_object_type_cost_per_byte: Some(10),
2083            dynamic_field_add_child_object_value_cost_per_byte: Some(10),
2084            dynamic_field_add_child_object_struct_tag_cost_per_byte: Some(10),
2085            // Cost params for the Move native function `borrow_child_object_mut<Child: key>(parent:
2086            // &mut UID, id: address): &mut Child`
2087            dynamic_field_borrow_child_object_cost_base: Some(100),
2088            dynamic_field_borrow_child_object_child_ref_cost_per_byte: Some(10),
2089            dynamic_field_borrow_child_object_type_cost_per_byte: Some(10),
2090            // Cost params for the Move native function `remove_child_object<Child: key>(parent:
2091            // address, id: address): Child`
2092            dynamic_field_remove_child_object_cost_base: Some(100),
2093            dynamic_field_remove_child_object_child_cost_per_byte: Some(2),
2094            dynamic_field_remove_child_object_type_cost_per_byte: Some(2),
2095            // Cost params for the Move native function `has_child_object(parent: address, id:
2096            // address): bool`
2097            dynamic_field_has_child_object_cost_base: Some(100),
2098            // Cost params for the Move native function `has_child_object_with_ty<Child:
2099            // key>(parent: address, id: address): bool`
2100            dynamic_field_has_child_object_with_ty_cost_base: Some(100),
2101            dynamic_field_has_child_object_with_ty_type_cost_per_byte: Some(2),
2102            dynamic_field_has_child_object_with_ty_type_tag_cost_per_byte: Some(2),
2103
2104            // `event` module
2105            // Cost params for the Move native function `event::emit<T: copy + drop>(event: T)`
2106            event_emit_cost_base: Some(52),
2107            event_emit_value_size_derivation_cost_per_byte: Some(2),
2108            event_emit_tag_size_derivation_cost_per_byte: Some(5),
2109            event_emit_output_cost_per_byte: Some(10),
2110
2111            //  `object` module
2112            // Cost params for the Move native function `borrow_uid<T: key>(obj: &T): &UID`
2113            object_borrow_uid_cost_base: Some(52),
2114            // Cost params for the Move native function `delete_impl(id: address)`
2115            object_delete_impl_cost_base: Some(52),
2116            // Cost params for the Move native function `record_new_uid(id: address)`
2117            object_record_new_uid_cost_base: Some(52),
2118
2119            // `transfer` module
2120            // Cost params for the Move native function `transfer_impl<T: key>(obj: T, recipient:
2121            // address)`
2122            transfer_transfer_internal_cost_base: Some(52),
2123            // Cost params for the Move native function `freeze_object<T: key>(obj: T)`
2124            transfer_freeze_object_cost_base: Some(52),
2125            // Cost params for the Move native function `share_object<T: key>(obj: T)`
2126            transfer_share_object_cost_base: Some(52),
2127            transfer_receive_object_cost_base: Some(52),
2128
2129            // `tx_context` module
2130            // Cost params for the Move native function `transfer_impl<T: key>(obj: T, recipient:
2131            // address)`
2132            tx_context_derive_id_cost_base: Some(52),
2133            tx_context_fresh_id_cost_base: None,
2134            tx_context_sender_cost_base: None,
2135            tx_context_digest_cost_base: None,
2136            tx_context_epoch_cost_base: None,
2137            tx_context_epoch_timestamp_ms_cost_base: None,
2138            tx_context_sponsor_cost_base: None,
2139            tx_context_rgp_cost_base: None,
2140            tx_context_gas_price_cost_base: None,
2141            tx_context_gas_budget_cost_base: None,
2142            tx_context_ids_created_cost_base: None,
2143            tx_context_replace_cost_base: None,
2144
2145            // `types` module
2146            // Cost params for the Move native function `is_one_time_witness<T: drop>(_: &T): bool`
2147            types_is_one_time_witness_cost_base: Some(52),
2148            types_is_one_time_witness_type_tag_cost_per_byte: Some(2),
2149            types_is_one_time_witness_type_cost_per_byte: Some(2),
2150
2151            // `validator` module
2152            // Cost params for the Move native function `validate_metadata_bcs(metadata:
2153            // vector<u8>)`
2154            validator_validate_metadata_cost_base: Some(52),
2155            validator_validate_metadata_data_cost_per_byte: Some(2),
2156
2157            // Crypto
2158            crypto_invalid_arguments_cost: Some(100),
2159            // bls12381::bls12381_min_pk_verify
2160            bls12381_bls12381_min_sig_verify_cost_base: Some(52),
2161            bls12381_bls12381_min_sig_verify_msg_cost_per_byte: Some(2),
2162            bls12381_bls12381_min_sig_verify_msg_cost_per_block: Some(2),
2163
2164            // bls12381::bls12381_min_pk_verify
2165            bls12381_bls12381_min_pk_verify_cost_base: Some(52),
2166            bls12381_bls12381_min_pk_verify_msg_cost_per_byte: Some(2),
2167            bls12381_bls12381_min_pk_verify_msg_cost_per_block: Some(2),
2168
2169            // ecdsa_k1::ecrecover
2170            ecdsa_k1_ecrecover_keccak256_cost_base: Some(52),
2171            ecdsa_k1_ecrecover_keccak256_msg_cost_per_byte: Some(2),
2172            ecdsa_k1_ecrecover_keccak256_msg_cost_per_block: Some(2),
2173            ecdsa_k1_ecrecover_sha256_cost_base: Some(52),
2174            ecdsa_k1_ecrecover_sha256_msg_cost_per_byte: Some(2),
2175            ecdsa_k1_ecrecover_sha256_msg_cost_per_block: Some(2),
2176
2177            // ecdsa_k1::decompress_pubkey
2178            ecdsa_k1_decompress_pubkey_cost_base: Some(52),
2179
2180            // ecdsa_k1::secp256k1_verify
2181            ecdsa_k1_secp256k1_verify_keccak256_cost_base: Some(52),
2182            ecdsa_k1_secp256k1_verify_keccak256_msg_cost_per_byte: Some(2),
2183            ecdsa_k1_secp256k1_verify_keccak256_msg_cost_per_block: Some(2),
2184            ecdsa_k1_secp256k1_verify_sha256_cost_base: Some(52),
2185            ecdsa_k1_secp256k1_verify_sha256_msg_cost_per_byte: Some(2),
2186            ecdsa_k1_secp256k1_verify_sha256_msg_cost_per_block: Some(2),
2187
2188            // ecdsa_r1::ecrecover
2189            ecdsa_r1_ecrecover_keccak256_cost_base: Some(52),
2190            ecdsa_r1_ecrecover_keccak256_msg_cost_per_byte: Some(2),
2191            ecdsa_r1_ecrecover_keccak256_msg_cost_per_block: Some(2),
2192            ecdsa_r1_ecrecover_sha256_cost_base: Some(52),
2193            ecdsa_r1_ecrecover_sha256_msg_cost_per_byte: Some(2),
2194            ecdsa_r1_ecrecover_sha256_msg_cost_per_block: Some(2),
2195
2196            // ecdsa_r1::secp256k1_verify
2197            ecdsa_r1_secp256r1_verify_keccak256_cost_base: Some(52),
2198            ecdsa_r1_secp256r1_verify_keccak256_msg_cost_per_byte: Some(2),
2199            ecdsa_r1_secp256r1_verify_keccak256_msg_cost_per_block: Some(2),
2200            ecdsa_r1_secp256r1_verify_sha256_cost_base: Some(52),
2201            ecdsa_r1_secp256r1_verify_sha256_msg_cost_per_byte: Some(2),
2202            ecdsa_r1_secp256r1_verify_sha256_msg_cost_per_block: Some(2),
2203
2204            // ecvrf::verify
2205            ecvrf_ecvrf_verify_cost_base: Some(52),
2206            ecvrf_ecvrf_verify_alpha_string_cost_per_byte: Some(2),
2207            ecvrf_ecvrf_verify_alpha_string_cost_per_block: Some(2),
2208
2209            // ed25519
2210            ed25519_ed25519_verify_cost_base: Some(52),
2211            ed25519_ed25519_verify_msg_cost_per_byte: Some(2),
2212            ed25519_ed25519_verify_msg_cost_per_block: Some(2),
2213
2214            // groth16::prepare_verifying_key
2215            groth16_prepare_verifying_key_bls12381_cost_base: Some(52),
2216            groth16_prepare_verifying_key_bn254_cost_base: Some(52),
2217
2218            // groth16::verify_groth16_proof_internal
2219            groth16_verify_groth16_proof_internal_bls12381_cost_base: Some(52),
2220            groth16_verify_groth16_proof_internal_bls12381_cost_per_public_input: Some(2),
2221            groth16_verify_groth16_proof_internal_bn254_cost_base: Some(52),
2222            groth16_verify_groth16_proof_internal_bn254_cost_per_public_input: Some(2),
2223            groth16_verify_groth16_proof_internal_public_input_cost_per_byte: Some(2),
2224
2225            // hash::blake2b256
2226            hash_blake2b256_cost_base: Some(52),
2227            hash_blake2b256_data_cost_per_byte: Some(2),
2228            hash_blake2b256_data_cost_per_block: Some(2),
2229            // hash::keccak256
2230            hash_keccak256_cost_base: Some(52),
2231            hash_keccak256_data_cost_per_byte: Some(2),
2232            hash_keccak256_data_cost_per_block: Some(2),
2233
2234            poseidon_bn254_cost_base: None,
2235            poseidon_bn254_cost_per_block: None,
2236
2237            // hmac::hmac_sha3_256
2238            hmac_hmac_sha3_256_cost_base: Some(52),
2239            hmac_hmac_sha3_256_input_cost_per_byte: Some(2),
2240            hmac_hmac_sha3_256_input_cost_per_block: Some(2),
2241
2242            // group ops
2243            group_ops_bls12381_decode_scalar_cost: Some(52),
2244            group_ops_bls12381_decode_g1_cost: Some(52),
2245            group_ops_bls12381_decode_g2_cost: Some(52),
2246            group_ops_bls12381_decode_gt_cost: Some(52),
2247            group_ops_bls12381_scalar_add_cost: Some(52),
2248            group_ops_bls12381_g1_add_cost: Some(52),
2249            group_ops_bls12381_g2_add_cost: Some(52),
2250            group_ops_bls12381_gt_add_cost: Some(52),
2251            group_ops_bls12381_scalar_sub_cost: Some(52),
2252            group_ops_bls12381_g1_sub_cost: Some(52),
2253            group_ops_bls12381_g2_sub_cost: Some(52),
2254            group_ops_bls12381_gt_sub_cost: Some(52),
2255            group_ops_bls12381_scalar_mul_cost: Some(52),
2256            group_ops_bls12381_g1_mul_cost: Some(52),
2257            group_ops_bls12381_g2_mul_cost: Some(52),
2258            group_ops_bls12381_gt_mul_cost: Some(52),
2259            group_ops_bls12381_scalar_div_cost: Some(52),
2260            group_ops_bls12381_g1_div_cost: Some(52),
2261            group_ops_bls12381_g2_div_cost: Some(52),
2262            group_ops_bls12381_gt_div_cost: Some(52),
2263            group_ops_bls12381_g1_hash_to_base_cost: Some(52),
2264            group_ops_bls12381_g2_hash_to_base_cost: Some(52),
2265            group_ops_bls12381_g1_hash_to_cost_per_byte: Some(2),
2266            group_ops_bls12381_g2_hash_to_cost_per_byte: Some(2),
2267            group_ops_bls12381_g1_msm_base_cost: Some(52),
2268            group_ops_bls12381_g2_msm_base_cost: Some(52),
2269            group_ops_bls12381_g1_msm_base_cost_per_input: Some(52),
2270            group_ops_bls12381_g2_msm_base_cost_per_input: Some(52),
2271            group_ops_bls12381_msm_max_len: Some(32),
2272            group_ops_bls12381_pairing_cost: Some(52),
2273            group_ops_bls12381_g1_to_uncompressed_g1_cost: None,
2274            group_ops_bls12381_uncompressed_g1_to_g1_cost: None,
2275            group_ops_bls12381_uncompressed_g1_sum_base_cost: None,
2276            group_ops_bls12381_uncompressed_g1_sum_cost_per_term: None,
2277            group_ops_bls12381_uncompressed_g1_sum_max_terms: None,
2278
2279            // zklogin::check_zklogin_id
2280            #[allow(deprecated)]
2281            check_zklogin_id_cost_base: Some(200),
2282            #[allow(deprecated)]
2283            // zklogin::check_zklogin_issuer
2284            check_zklogin_issuer_cost_base: Some(200),
2285
2286            vdf_verify_vdf_cost: None,
2287            vdf_hash_to_input_cost: None,
2288
2289            bcs_per_byte_serialized_cost: Some(2),
2290            bcs_legacy_min_output_size_cost: Some(1),
2291            bcs_failure_cost: Some(52),
2292            hash_sha2_256_base_cost: Some(52),
2293            hash_sha2_256_per_byte_cost: Some(2),
2294            hash_sha2_256_legacy_min_input_len_cost: Some(1),
2295            hash_sha3_256_base_cost: Some(52),
2296            hash_sha3_256_per_byte_cost: Some(2),
2297            hash_sha3_256_legacy_min_input_len_cost: Some(1),
2298            type_name_get_base_cost: Some(52),
2299            type_name_get_per_byte_cost: Some(2),
2300            string_check_utf8_base_cost: Some(52),
2301            string_check_utf8_per_byte_cost: Some(2),
2302            string_is_char_boundary_base_cost: Some(52),
2303            string_sub_string_base_cost: Some(52),
2304            string_sub_string_per_byte_cost: Some(2),
2305            string_index_of_base_cost: Some(52),
2306            string_index_of_per_byte_pattern_cost: Some(2),
2307            string_index_of_per_byte_searched_cost: Some(2),
2308            vector_empty_base_cost: Some(52),
2309            vector_length_base_cost: Some(52),
2310            vector_push_back_base_cost: Some(52),
2311            vector_push_back_legacy_per_abstract_memory_unit_cost: Some(2),
2312            vector_borrow_base_cost: Some(52),
2313            vector_pop_back_base_cost: Some(52),
2314            vector_destroy_empty_base_cost: Some(52),
2315            vector_swap_base_cost: Some(52),
2316            debug_print_base_cost: Some(52),
2317            debug_print_stack_trace_base_cost: Some(52),
2318
2319            max_size_written_objects: Some(5 * 1000 * 1000),
2320            // max size of written objects during a system TXn to allow for larger writes
2321            // akin to `max_size_written_objects` but for system TXns
2322            max_size_written_objects_system_tx: Some(50 * 1000 * 1000),
2323
2324            // Limits the length of a Move identifier
2325            max_move_identifier_len: Some(128),
2326            max_move_value_depth: Some(128),
2327            max_move_enum_variants: None,
2328
2329            gas_rounding_step: Some(1_000),
2330
2331            execution_version: Some(1),
2332
2333            // We maintain the same total size limit for events, but increase the number of
2334            // events that can be emitted.
2335            max_event_emit_size_total: Some(
2336                256 /* former event count limit */ * 250 * 1024, // size limit per event
2337            ),
2338
2339            // Taking a baby step approach, we consider only 20% by stake as bad nodes so we
2340            // have a 80% by stake of nodes participating in the leader committee. That
2341            // allow us for more redundancy in case we have validators
2342            // under performing - since the responsibility is shared
2343            // amongst more nodes. We can increase that once we do have
2344            // higher confidence.
2345            consensus_bad_nodes_stake_threshold: Some(20),
2346
2347            // Max of 10 votes per hour.
2348            #[allow(deprecated)]
2349            max_jwk_votes_per_validator_per_epoch: Some(240),
2350
2351            #[allow(deprecated)]
2352            max_age_of_jwk_in_epochs: Some(1),
2353
2354            consensus_max_transaction_size_bytes: Some(256 * 1024), // 256KB
2355
2356            // Assume 1KB per transaction and 500 transactions per block.
2357            consensus_max_transactions_in_block_bytes: Some(512 * 1024),
2358
2359            random_beacon_reduction_allowed_delta: Some(800),
2360
2361            random_beacon_reduction_lower_bound: Some(1000),
2362            random_beacon_dkg_timeout_round: Some(3000),
2363            random_beacon_min_round_interval_ms: Some(500),
2364
2365            random_beacon_dkg_version: Some(1),
2366
2367            // Assume 20_000 TPS * 5% max stake per validator / (minimum) 4 blocks per round
2368            // = 250 transactions per block maximum Using a higher limit
2369            // that is 512, to account for bursty traffic and system transactions.
2370            consensus_max_num_transactions_in_block: Some(512),
2371
2372            max_deferral_rounds_for_congestion_control: Some(10),
2373
2374            min_checkpoint_interval_ms: Some(200),
2375
2376            checkpoint_summary_version_specific_data: Some(1),
2377
2378            max_soft_bundle_size: Some(5),
2379
2380            bridge_should_try_to_finalize_committee: None,
2381
2382            max_accumulated_txn_cost_per_object_in_mysticeti_commit: Some(10),
2383
2384            max_committee_members_count: None,
2385
2386            consensus_gc_depth: None,
2387
2388            consensus_max_acknowledgments_per_block: None,
2389
2390            max_congestion_limit_overshoot_per_commit: None,
2391
2392            scorer_version: None,
2393
2394            // `auth_context` module
2395            auth_context_digest_cost_base: None,
2396            auth_context_tx_data_bytes_cost_base: None,
2397            auth_context_tx_data_bytes_cost_per_byte: None,
2398            auth_context_tx_commands_cost_base: None,
2399            auth_context_tx_commands_cost_per_byte: None,
2400            auth_context_tx_inputs_cost_base: None,
2401            auth_context_tx_inputs_cost_per_byte: None,
2402            auth_context_replace_cost_base: None,
2403            auth_context_replace_cost_per_byte: None,
2404            auth_context_authenticator_function_info_v1_cost_base: None,
2405            consensus_commits_per_schedule: None,
2406            // When adding a new constant, set it to None in the earliest version, like this:
2407            // new_constant: None,
2408        };
2409
2410        cfg.feature_flags.consensus_transaction_ordering = ConsensusTransactionOrdering::ByGasPrice;
2411
2412        // MoveVM related flags
2413        {
2414            cfg.feature_flags
2415                .disable_invariant_violation_check_in_swap_loc = true;
2416            cfg.feature_flags.no_extraneous_module_bytes = true;
2417            cfg.feature_flags.hardened_otw_check = true;
2418            cfg.feature_flags.rethrow_serialization_type_layout_errors = true;
2419        }
2420
2421        // zkLogin related flags
2422        {
2423            #[allow(deprecated)]
2424            {
2425                cfg.feature_flags.zklogin_max_epoch_upper_bound_delta = Some(30);
2426            }
2427        }
2428
2429        // Historical default: Mysticeti. Kept explicitly to match the
2430        // serialized form of pre-v14/v19/v24 configs. No runtime behavior
2431        // depends on this — Starfish is the only consensus protocol.
2432        #[expect(deprecated)]
2433        {
2434            cfg.feature_flags.consensus_choice = ConsensusChoice::MysticetiDeprecated;
2435        }
2436        // Use tonic networking for consensus.
2437        cfg.feature_flags.consensus_network = ConsensusNetwork::Tonic;
2438
2439        cfg.feature_flags.per_object_congestion_control_mode =
2440            PerObjectCongestionControlMode::TotalTxCount;
2441
2442        // Do not allow bridge committee to finalize on mainnet.
2443        cfg.bridge_should_try_to_finalize_committee = Some(chain != Chain::Mainnet);
2444
2445        // Devnet
2446        if chain != Chain::Mainnet && chain != Chain::Testnet {
2447            cfg.feature_flags.enable_poseidon = true;
2448            cfg.poseidon_bn254_cost_base = Some(260);
2449            cfg.poseidon_bn254_cost_per_block = Some(10);
2450
2451            cfg.feature_flags.enable_group_ops_native_function_msm = true;
2452
2453            cfg.feature_flags.enable_vdf = true;
2454            // Set to 30x and 2x the cost of a signature verification for now. This
2455            // should be updated along with other native crypto functions.
2456            cfg.vdf_verify_vdf_cost = Some(1500);
2457            cfg.vdf_hash_to_input_cost = Some(100);
2458
2459            cfg.feature_flags.passkey_auth = true;
2460        }
2461
2462        for cur in 2..=version.0 {
2463            match cur {
2464                1 => unreachable!(),
2465                // version 2 is a new framework version but with no config changes
2466                2 => {}
2467                3 => {
2468                    cfg.feature_flags.relocate_event_module = true;
2469                }
2470                4 => {
2471                    cfg.max_type_to_layout_nodes = Some(512);
2472                }
2473                5 => {
2474                    cfg.feature_flags.protocol_defined_base_fee = true;
2475                    cfg.base_gas_price = Some(1000);
2476
2477                    cfg.feature_flags.disallow_new_modules_in_deps_only_packages = true;
2478                    cfg.feature_flags.convert_type_argument_error = true;
2479                    cfg.feature_flags.native_charging_v2 = true;
2480
2481                    if chain != Chain::Mainnet && chain != Chain::Testnet {
2482                        cfg.feature_flags.uncompressed_g1_group_elements = true;
2483                    }
2484
2485                    cfg.gas_model_version = Some(2);
2486
2487                    cfg.poseidon_bn254_cost_per_block = Some(388);
2488
2489                    cfg.bls12381_bls12381_min_sig_verify_cost_base = Some(44064);
2490                    cfg.bls12381_bls12381_min_pk_verify_cost_base = Some(49282);
2491                    cfg.ecdsa_k1_secp256k1_verify_keccak256_cost_base = Some(1470);
2492                    cfg.ecdsa_k1_secp256k1_verify_sha256_cost_base = Some(1470);
2493                    cfg.ecdsa_r1_secp256r1_verify_sha256_cost_base = Some(4225);
2494                    cfg.ecdsa_r1_secp256r1_verify_keccak256_cost_base = Some(4225);
2495                    cfg.ecvrf_ecvrf_verify_cost_base = Some(4848);
2496                    cfg.ed25519_ed25519_verify_cost_base = Some(1802);
2497
2498                    // Manually changed to be "under cost"
2499                    cfg.ecdsa_r1_ecrecover_keccak256_cost_base = Some(1173);
2500                    cfg.ecdsa_r1_ecrecover_sha256_cost_base = Some(1173);
2501                    cfg.ecdsa_k1_ecrecover_keccak256_cost_base = Some(500);
2502                    cfg.ecdsa_k1_ecrecover_sha256_cost_base = Some(500);
2503
2504                    cfg.groth16_prepare_verifying_key_bls12381_cost_base = Some(53838);
2505                    cfg.groth16_prepare_verifying_key_bn254_cost_base = Some(82010);
2506                    cfg.groth16_verify_groth16_proof_internal_bls12381_cost_base = Some(72090);
2507                    cfg.groth16_verify_groth16_proof_internal_bls12381_cost_per_public_input =
2508                        Some(8213);
2509                    cfg.groth16_verify_groth16_proof_internal_bn254_cost_base = Some(115502);
2510                    cfg.groth16_verify_groth16_proof_internal_bn254_cost_per_public_input =
2511                        Some(9484);
2512
2513                    cfg.hash_keccak256_cost_base = Some(10);
2514                    cfg.hash_blake2b256_cost_base = Some(10);
2515
2516                    // group ops
2517                    cfg.group_ops_bls12381_decode_scalar_cost = Some(7);
2518                    cfg.group_ops_bls12381_decode_g1_cost = Some(2848);
2519                    cfg.group_ops_bls12381_decode_g2_cost = Some(3770);
2520                    cfg.group_ops_bls12381_decode_gt_cost = Some(3068);
2521
2522                    cfg.group_ops_bls12381_scalar_add_cost = Some(10);
2523                    cfg.group_ops_bls12381_g1_add_cost = Some(1556);
2524                    cfg.group_ops_bls12381_g2_add_cost = Some(3048);
2525                    cfg.group_ops_bls12381_gt_add_cost = Some(188);
2526
2527                    cfg.group_ops_bls12381_scalar_sub_cost = Some(10);
2528                    cfg.group_ops_bls12381_g1_sub_cost = Some(1550);
2529                    cfg.group_ops_bls12381_g2_sub_cost = Some(3019);
2530                    cfg.group_ops_bls12381_gt_sub_cost = Some(497);
2531
2532                    cfg.group_ops_bls12381_scalar_mul_cost = Some(11);
2533                    cfg.group_ops_bls12381_g1_mul_cost = Some(4842);
2534                    cfg.group_ops_bls12381_g2_mul_cost = Some(9108);
2535                    cfg.group_ops_bls12381_gt_mul_cost = Some(27490);
2536
2537                    cfg.group_ops_bls12381_scalar_div_cost = Some(91);
2538                    cfg.group_ops_bls12381_g1_div_cost = Some(5091);
2539                    cfg.group_ops_bls12381_g2_div_cost = Some(9206);
2540                    cfg.group_ops_bls12381_gt_div_cost = Some(27804);
2541
2542                    cfg.group_ops_bls12381_g1_hash_to_base_cost = Some(2962);
2543                    cfg.group_ops_bls12381_g2_hash_to_base_cost = Some(8688);
2544
2545                    cfg.group_ops_bls12381_g1_msm_base_cost = Some(62648);
2546                    cfg.group_ops_bls12381_g2_msm_base_cost = Some(131192);
2547                    cfg.group_ops_bls12381_g1_msm_base_cost_per_input = Some(1333);
2548                    cfg.group_ops_bls12381_g2_msm_base_cost_per_input = Some(3216);
2549
2550                    cfg.group_ops_bls12381_uncompressed_g1_to_g1_cost = Some(677);
2551                    cfg.group_ops_bls12381_g1_to_uncompressed_g1_cost = Some(2099);
2552                    cfg.group_ops_bls12381_uncompressed_g1_sum_base_cost = Some(77);
2553                    cfg.group_ops_bls12381_uncompressed_g1_sum_cost_per_term = Some(26);
2554                    cfg.group_ops_bls12381_uncompressed_g1_sum_max_terms = Some(1200);
2555
2556                    cfg.group_ops_bls12381_pairing_cost = Some(26897);
2557
2558                    cfg.validator_validate_metadata_cost_base = Some(20000);
2559
2560                    cfg.max_committee_members_count = Some(50);
2561                }
2562                6 => {
2563                    cfg.max_ptb_value_size = Some(1024 * 1024);
2564                }
2565                7 => {
2566                    // version 7 is a new framework version but with no config
2567                    // changes
2568                }
2569                8 => {
2570                    cfg.feature_flags.variant_nodes = true;
2571
2572                    if chain != Chain::Mainnet {
2573                        // Enable round prober in consensus.
2574                        cfg.feature_flags.consensus_round_prober = true;
2575                        // Enable distributed vote scoring.
2576                        cfg.feature_flags
2577                            .consensus_distributed_vote_scoring_strategy = true;
2578                        cfg.feature_flags.consensus_linearize_subdag_v2 = true;
2579                        // Enable smart ancestor selection for testnet
2580                        cfg.feature_flags.consensus_smart_ancestor_selection = true;
2581                        // Enable probing for accepted rounds in round prober for testnet
2582                        cfg.feature_flags
2583                            .consensus_round_prober_probe_accepted_rounds = true;
2584                        // Enable zstd compression for consensus in testnet
2585                        cfg.feature_flags.consensus_zstd_compression = true;
2586                        // Assuming a round rate of max 15/sec, then using a gc depth of 60 allow
2587                        // blocks within a window of ~4 seconds
2588                        // to be included before be considered garbage collected.
2589                        cfg.consensus_gc_depth = Some(60);
2590                    }
2591
2592                    // Enable min_free_execution_slot for the shared object congestion tracker in
2593                    // devnet.
2594                    if chain != Chain::Testnet && chain != Chain::Mainnet {
2595                        cfg.feature_flags.congestion_control_min_free_execution_slot = true;
2596                    }
2597                }
2598                9 => {
2599                    if chain != Chain::Mainnet {
2600                        // Disable smart ancestor selection in the testnet and devnet.
2601                        cfg.feature_flags.consensus_smart_ancestor_selection = false;
2602                    }
2603
2604                    // Enable zstd compression for consensus
2605                    cfg.feature_flags.consensus_zstd_compression = true;
2606
2607                    // Enable passkey in multisig in devnet.
2608                    if chain != Chain::Testnet && chain != Chain::Mainnet {
2609                        cfg.feature_flags.accept_passkey_in_multisig = true;
2610                    }
2611
2612                    // this flag is now deprecated because of the bridge removal.
2613                    cfg.bridge_should_try_to_finalize_committee = None;
2614                }
2615                10 => {
2616                    // Enable min_free_execution_slot for the shared object congestion tracker in
2617                    // all networks.
2618                    cfg.feature_flags.congestion_control_min_free_execution_slot = true;
2619
2620                    // Increase the committee size to 80 on all networks.
2621                    cfg.max_committee_members_count = Some(80);
2622
2623                    // Enable round prober in consensus.
2624                    cfg.feature_flags.consensus_round_prober = true;
2625                    // Enable probing for accepted rounds in round.
2626                    cfg.feature_flags
2627                        .consensus_round_prober_probe_accepted_rounds = true;
2628                    // Enable distributed vote scoring.
2629                    cfg.feature_flags
2630                        .consensus_distributed_vote_scoring_strategy = true;
2631                    // Enable the new consensus commit rule.
2632                    cfg.feature_flags.consensus_linearize_subdag_v2 = true;
2633
2634                    // Enable consensus garbage collection
2635                    // Assuming a round rate of max 15/sec, then using a gc depth of 60 allow
2636                    // blocks within a window of ~4 seconds
2637                    // to be included before be considered garbage collected.
2638                    cfg.consensus_gc_depth = Some(60);
2639
2640                    // Enable minimized child object mutation counting.
2641                    cfg.feature_flags.minimize_child_object_mutations = true;
2642
2643                    if chain != Chain::Mainnet {
2644                        // Enable batched block sync in devnet and testnet.
2645                        cfg.feature_flags.consensus_batched_block_sync = true;
2646                    }
2647
2648                    if chain != Chain::Testnet && chain != Chain::Mainnet {
2649                        // Enable the gas price feedback mechanism (which is used for
2650                        // transactions cancelled due to shared object congestion) in devnet
2651                        cfg.feature_flags
2652                            .congestion_control_gas_price_feedback_mechanism = true;
2653                    }
2654
2655                    cfg.feature_flags.validate_identifier_inputs = true;
2656                    cfg.feature_flags.dependency_linkage_error = true;
2657                    cfg.feature_flags.additional_multisig_checks = true;
2658                }
2659                11 => {
2660                    // version 11 is a new framework version but with no config
2661                    // changes
2662                }
2663                12 => {
2664                    // Enable the gas price feedback mechanism for transactions
2665                    // cancelled due to congestion in all networks
2666                    cfg.feature_flags
2667                        .congestion_control_gas_price_feedback_mechanism = true;
2668
2669                    // Enable normalization of PTB arguments in all networks.
2670                    cfg.feature_flags.normalize_ptb_arguments = true;
2671                }
2672                13 => {
2673                    // Enable selecting committee based on eligible active validators on all
2674                    // networks.
2675                    cfg.feature_flags.select_committee_from_eligible_validators = true;
2676                    // Enable tracking non-committee eligible active
2677                    // validators on all networks.
2678                    cfg.feature_flags.track_non_committee_eligible_validators = true;
2679
2680                    if chain != Chain::Testnet && chain != Chain::Mainnet {
2681                        // Enable selecting committee only from active validators that next epoch
2682                        // version and issued valid AuthorityCapabilities notification in devnet.
2683                        cfg.feature_flags
2684                            .select_committee_supporting_next_epoch_version = true;
2685                    }
2686                }
2687                14 => {
2688                    // Enable batched block sync for mainnet.
2689                    cfg.feature_flags.consensus_batched_block_sync = true;
2690
2691                    if chain != Chain::Mainnet {
2692                        // Enable median-based commit timestamp calculation in consensus and
2693                        // enforce checkpoint timestamp monotonicity for testnet.
2694                        cfg.feature_flags
2695                            .consensus_median_timestamp_with_checkpoint_enforcement = true;
2696                        // Enable selecting committee only from active validators that support the
2697                        // next epoch's version and issued valid AuthorityCapabilities notification
2698                        // in testnet.
2699                        cfg.feature_flags
2700                            .select_committee_supporting_next_epoch_version = true;
2701                    }
2702                    if chain != Chain::Testnet && chain != Chain::Mainnet {
2703                        // Switch consensus protocol to Starfish in devnet
2704                        cfg.feature_flags.consensus_choice = ConsensusChoice::Starfish;
2705                    }
2706                }
2707                15 => {
2708                    if chain != Chain::Mainnet && chain != Chain::Testnet {
2709                        // Enable overshoot of 100 in congestion control. This allows bursts of
2710                        // shared object transactions up to 10 times the average allowable
2711                        // load set by `max_accumulated_txn_cost_per_object_in_mysticeti_commit`.
2712                        cfg.max_congestion_limit_overshoot_per_commit = Some(100);
2713                    }
2714                }
2715                16 => {
2716                    // Enable selecting committee only from active validators that support the
2717                    // next epoch's version and issued valid AuthorityCapabilities notification.
2718                    cfg.feature_flags
2719                        .select_committee_supporting_next_epoch_version = true;
2720                    // Enable committing transactions only for traversed headers in Starfish
2721                    cfg.feature_flags
2722                        .consensus_commit_transactions_only_for_traversed_headers = true;
2723                }
2724                17 => {
2725                    // Increase the committee size to 100 on all networks.
2726                    cfg.max_committee_members_count = Some(100);
2727                }
2728                18 => {
2729                    if chain != Chain::Mainnet {
2730                        // Enable passkey authentication support in testnet.
2731                        cfg.feature_flags.passkey_auth = true;
2732                    }
2733                }
2734                19 => {
2735                    if chain != Chain::Testnet && chain != Chain::Mainnet {
2736                        // Enable congestion limit overshoot in the gas price feedback
2737                        // mechanism on devnet.
2738                        cfg.feature_flags
2739                            .congestion_limit_overshoot_in_gas_price_feedback_mechanism = true;
2740                        // Enable a separate gas price feedback mechanism for transactions using
2741                        // randomness on devnet.
2742                        cfg.feature_flags
2743                            .separate_gas_price_feedback_mechanism_for_randomness = true;
2744                        // Enable storing metadata in module bytes and then
2745                        // publishing package metadata in devnet
2746                        cfg.feature_flags.metadata_in_module_bytes = true;
2747                        cfg.feature_flags.publish_package_metadata = true;
2748                        // Enable Move authentication in devnet
2749                        cfg.feature_flags.enable_move_authentication = true;
2750                        // Max auth gas budget is in NANOS and an absolute value 0.25 IOTA
2751                        cfg.max_auth_gas = Some(250_000_000);
2752                        // Increase the base cost for transfer receive object in devnet, since the
2753                        // implementation now does check if parent is not an account.
2754                        cfg.transfer_receive_object_cost_base = Some(100);
2755                        // Enable adjustment of validator rewards based on score in devnet.
2756                        cfg.feature_flags.adjust_rewards_by_score = true;
2757                    }
2758
2759                    if chain != Chain::Mainnet {
2760                        // Switch consensus protocol to Starfish in testnet.
2761                        cfg.feature_flags.consensus_choice = ConsensusChoice::Starfish;
2762
2763                        // Enable validator score calculation on testnet
2764                        cfg.feature_flags.calculate_validator_scores = true;
2765                        cfg.scorer_version = Some(1);
2766                    }
2767
2768                    // Change epoch transaction will contain validator scores
2769                    cfg.feature_flags.pass_validator_scores_to_advance_epoch = true;
2770
2771                    // Enable passkey authentication support in mainnet
2772                    cfg.feature_flags.passkey_auth = true;
2773                }
2774                20 => {
2775                    if chain != Chain::Testnet && chain != Chain::Mainnet {
2776                        // Passes the calculated validator scores to advance epoch only on Devnet
2777                        cfg.feature_flags
2778                            .pass_calculated_validator_scores_to_advance_epoch = true;
2779                    }
2780                }
2781                21 => {
2782                    if chain != Chain::Testnet && chain != Chain::Mainnet {
2783                        // Enable fast commit syncer for faster recovery in devnet.
2784                        cfg.feature_flags.consensus_fast_commit_sync = true;
2785                    }
2786                    if chain != Chain::Mainnet {
2787                        // Enable overshoot of 100 in congestion control on testnet.
2788                        // This allows bursts of shared-object transactions
2789                        // up to 10 times the average allowable load set by
2790                        // `max_accumulated_txn_cost_per_object_in_mysticeti_commit`.
2791                        cfg.max_congestion_limit_overshoot_per_commit = Some(100);
2792                        // Enable congestion limit overshoot in the gas price feedback
2793                        // mechanism on testnet.
2794                        cfg.feature_flags
2795                            .congestion_limit_overshoot_in_gas_price_feedback_mechanism = true;
2796                        // Enable a separate gas price feedback mechanism for transactions using
2797                        // randomness on testnet.
2798                        cfg.feature_flags
2799                            .separate_gas_price_feedback_mechanism_for_randomness = true;
2800                    }
2801
2802                    cfg.auth_context_digest_cost_base = Some(30);
2803                    cfg.auth_context_tx_commands_cost_base = Some(30);
2804                    cfg.auth_context_tx_commands_cost_per_byte = Some(2);
2805                    cfg.auth_context_tx_inputs_cost_base = Some(30);
2806                    cfg.auth_context_tx_inputs_cost_per_byte = Some(2);
2807                    cfg.auth_context_replace_cost_base = Some(30);
2808                    cfg.auth_context_replace_cost_per_byte = Some(2);
2809
2810                    if chain != Chain::Testnet && chain != Chain::Mainnet {
2811                        // Decrease max_auth_gas to 0.00025 IOTA
2812                        cfg.max_auth_gas = Some(250_000);
2813                    }
2814                }
2815                22 => {
2816                    // Enable overshoot of 100 in congestion control on all networks.
2817                    // This allows bursts of shared-object transactions
2818                    // up to 10 times the average allowable load set by
2819                    // `max_accumulated_txn_cost_per_object_in_mysticeti_commit`.
2820                    cfg.max_congestion_limit_overshoot_per_commit = Some(100);
2821                    // Enable congestion limit overshoot in the gas price feedback
2822                    // mechanism on all networks.
2823                    cfg.feature_flags
2824                        .congestion_limit_overshoot_in_gas_price_feedback_mechanism = true;
2825                    // Enable a separate gas price feedback mechanism for transactions using
2826                    // randomness on all networks.
2827                    cfg.feature_flags
2828                        .separate_gas_price_feedback_mechanism_for_randomness = true;
2829
2830                    if chain != Chain::Mainnet {
2831                        // Enable storing metadata in module bytes and then
2832                        // publishing package metadata in testnet
2833                        cfg.feature_flags.metadata_in_module_bytes = true;
2834                        cfg.feature_flags.publish_package_metadata = true;
2835                        // Enable Move authentication in testnet
2836                        cfg.feature_flags.enable_move_authentication = true;
2837                        // Max_auth_gas is 0.00025 IOTA
2838                        cfg.max_auth_gas = Some(250_000);
2839                        // Increase the base cost for transfer receive object in testnet, since the
2840                        // implementation now does check if parent is not an account.
2841                        cfg.transfer_receive_object_cost_base = Some(100);
2842                    }
2843
2844                    if chain != Chain::Mainnet {
2845                        // Enable fast commit syncer for faster recovery on testnet.
2846                        cfg.feature_flags.consensus_fast_commit_sync = true;
2847                    }
2848                }
2849                23 => {
2850                    // Enable Move native context (TxContext via native functions) in all networks.
2851                    cfg.feature_flags.move_native_tx_context = true;
2852                    cfg.tx_context_fresh_id_cost_base = Some(52);
2853                    cfg.tx_context_sender_cost_base = Some(30);
2854                    cfg.tx_context_digest_cost_base = Some(30);
2855                    cfg.tx_context_epoch_cost_base = Some(30);
2856                    cfg.tx_context_epoch_timestamp_ms_cost_base = Some(30);
2857                    cfg.tx_context_sponsor_cost_base = Some(30);
2858                    cfg.tx_context_rgp_cost_base = Some(30);
2859                    cfg.tx_context_gas_price_cost_base = Some(30);
2860                    cfg.tx_context_gas_budget_cost_base = Some(30);
2861                    cfg.tx_context_ids_created_cost_base = Some(30);
2862                    cfg.tx_context_replace_cost_base = Some(30);
2863                }
2864                24 => {
2865                    // Switch consensus protocol to Starfish in all networks.
2866                    cfg.feature_flags.consensus_choice = ConsensusChoice::Starfish;
2867
2868                    if chain != Chain::Testnet && chain != Chain::Mainnet {
2869                        // Enable Move-based sponsor account authentication in devnet.
2870                        cfg.feature_flags.enable_move_authentication_for_sponsor = true;
2871                    }
2872
2873                    // Add tx_data_bytes to AuthContext for intent-based signature
2874                    // verification in account abstraction.
2875                    cfg.auth_context_tx_data_bytes_cost_base = Some(30);
2876                    cfg.auth_context_tx_data_bytes_cost_per_byte = Some(2);
2877
2878                    // Enable additional borrow checks.
2879                    cfg.feature_flags.additional_borrow_checks = true;
2880                }
2881                #[allow(deprecated)]
2882                25 => {
2883                    // Deprecate zkLogin related parameters since zkLogin is deprecated and was
2884                    // never enabled on IOTA.
2885                    cfg.feature_flags.zklogin_max_epoch_upper_bound_delta = None;
2886                    cfg.check_zklogin_id_cost_base = None;
2887                    cfg.check_zklogin_issuer_cost_base = None;
2888                    cfg.max_jwk_votes_per_validator_per_epoch = None;
2889                    cfg.max_age_of_jwk_in_epochs = None;
2890                }
2891                26 => {
2892                    // Introduce a module to allow Move code to query protocol
2893                    // feature flags at runtime.
2894                }
2895                27 => {
2896                    if chain != Chain::Mainnet {
2897                        // Enable consensus block restrictions on testnet/devnet to bound
2898                        // header size by committee size.
2899                        cfg.feature_flags.consensus_block_restrictions = true;
2900                    }
2901
2902                    if chain != Chain::Testnet && chain != Chain::Mainnet {
2903                        // Only sponsor Move authentication is performed pre-consensus in devnet.
2904                        cfg.feature_flags
2905                            .pre_consensus_sponsor_only_move_authentication = true;
2906                    }
2907                }
2908                28 => {
2909                    // AuthenticatorFunctionInfoV1 max BCS size:
2910                    // package (32) + module_name (128) + function_name (128) = 288 bytes = 9 ×
2911                    // digest. auth_context_digest_cost_base = 30 for 32 bytes →
2912                    // 9 × 30 = 270.
2913                    cfg.auth_context_authenticator_function_info_v1_cost_base = Some(270);
2914
2915                    // Enable storing metadata in module bytes and then
2916                    // publishing package metadata in mainnet.
2917                    cfg.feature_flags.metadata_in_module_bytes = true;
2918                    cfg.feature_flags.publish_package_metadata = true;
2919                    // Enable Move authentication in mainnet.
2920                    cfg.feature_flags.enable_move_authentication = true;
2921                    // Increase the base cost for transfer receive object in mainnet, since the
2922                    // implementation now does check if parent is not an account.
2923                    cfg.transfer_receive_object_cost_base = Some(100);
2924
2925                    if chain != Chain::Unknown {
2926                        // max_auth_gas is 0.00002 IOTA in testnet and mainnet.
2927                        cfg.max_auth_gas = Some(20_000);
2928                    }
2929
2930                    if chain != Chain::Mainnet {
2931                        // Enable Move-based sponsor account authentication in testnet.
2932                        cfg.feature_flags.enable_move_authentication_for_sponsor = true;
2933                        // Only sponsor Move authentication is performed pre-consensus in testnet.
2934                        cfg.feature_flags
2935                            .pre_consensus_sponsor_only_move_authentication = true;
2936                    }
2937                }
2938                29 => {
2939                    // Keep advancing the random beacon DKG state machine on every commit
2940                    // while it is still pending so DKG resolves from persisted state
2941                    // (completing, or failing once the timeout round passes) even with no
2942                    // fresh inbound traffic -- e.g. after a validator restart -- instead of
2943                    // staying pending forever and blocking epoch close.
2944                    cfg.feature_flags.always_advance_dkg_to_resolution = true;
2945
2946                    // Enable median-based commit timestamp calculation in consensus and
2947                    // enforce checkpoint timestamp monotonicity for mainnet.
2948                    cfg.feature_flags
2949                        .consensus_median_timestamp_with_checkpoint_enforcement = true;
2950
2951                    // Enable fast commit syncer for faster recovery on all networks.
2952                    cfg.feature_flags.consensus_fast_commit_sync = true;
2953                    // Enable consensus block restrictions on all networks to bound
2954                    // header size by committee size and garbage-collect the block
2955                    // manager.
2956                    cfg.feature_flags.consensus_block_restrictions = true;
2957                }
2958                30 => {
2959                    // Extend the protocol_config framework module with
2960                    // `get_attr<T>`, a generic native that lets Move code
2961                    // read any numeric or boolean protocol parameter by name,
2962                    // returning T directly and aborting on error.
2963                    // Also expose `is_feature_enabled` and `get_attr<T>` to
2964                    // iota_system via a new iota_system::protocol_config
2965                    // module.
2966                }
2967                // Use this template when making changes:
2968                //
2969                //     // modify an existing constant.
2970                //     move_binary_format_version: Some(7),
2971                //
2972                //     // Add a new constant (which is set to None in prior versions).
2973                //     new_constant: Some(new_value),
2974                //
2975                //     // Remove a constant (ensure that it is never accessed during this version).
2976                //     max_move_object_size: None,
2977                _ => panic!("unsupported version {version:?}"),
2978            }
2979        }
2980        cfg
2981    }
2982
2983    // Extract the bytecode verifier config from this protocol config.
2984    // If used during signing, `signing_limits` should be set.
2985    // The third limit configures`sanity_check_with_regex_reference_safety`,
2986    // which runs the new regex-based reference safety check to check that it is
2987    // strictly more permissive than the current implementation.
2988    pub fn verifier_config(&self, signing_limits: Option<(usize, usize, usize)>) -> VerifierConfig {
2989        let (
2990            max_back_edges_per_function,
2991            max_back_edges_per_module,
2992            sanity_check_with_regex_reference_safety,
2993        ) = if let Some((
2994            max_back_edges_per_function,
2995            max_back_edges_per_module,
2996            sanity_check_with_regex_reference_safety,
2997        )) = signing_limits
2998        {
2999            (
3000                Some(max_back_edges_per_function),
3001                Some(max_back_edges_per_module),
3002                Some(sanity_check_with_regex_reference_safety),
3003            )
3004        } else {
3005            (None, None, None)
3006        };
3007
3008        let additional_borrow_checks = if signing_limits.is_some() {
3009            // Always apply additional borrow checks during signing regardless of
3010            // protocol version, to prevent accepting potentially unsafe bytecode.
3011            true
3012        } else {
3013            self.additional_borrow_checks()
3014        };
3015
3016        VerifierConfig {
3017            max_loop_depth: Some(self.max_loop_depth() as usize),
3018            max_generic_instantiation_length: Some(self.max_generic_instantiation_length() as usize),
3019            max_function_parameters: Some(self.max_function_parameters() as usize),
3020            max_basic_blocks: Some(self.max_basic_blocks() as usize),
3021            max_value_stack_size: self.max_value_stack_size() as usize,
3022            max_type_nodes: Some(self.max_type_nodes() as usize),
3023            max_push_size: Some(self.max_push_size() as usize),
3024            max_dependency_depth: Some(self.max_dependency_depth() as usize),
3025            max_fields_in_struct: Some(self.max_fields_in_struct() as usize),
3026            max_function_definitions: Some(self.max_function_definitions() as usize),
3027            max_data_definitions: Some(self.max_struct_definitions() as usize),
3028            max_constant_vector_len: Some(self.max_move_vector_len()),
3029            max_back_edges_per_function,
3030            max_back_edges_per_module,
3031            max_basic_blocks_in_script: None,
3032            max_identifier_len: self.max_move_identifier_len_as_option(), /* Before protocol
3033                                                                           * version 9, there was
3034                                                                           * no limit */
3035            bytecode_version: self.move_binary_format_version(),
3036            max_variants_in_enum: self.max_move_enum_variants_as_option(),
3037            additional_borrow_checks,
3038            sanity_check_with_regex_reference_safety: sanity_check_with_regex_reference_safety
3039                .map(|limit| limit as u128),
3040        }
3041    }
3042
3043    /// Override one or more settings in the config, for testing.
3044    /// This must be called at the beginning of the test, before
3045    /// get_for_(min|max)_version is called, since those functions cache
3046    /// their return value.
3047    pub fn apply_overrides_for_testing(
3048        override_fn: impl Fn(ProtocolVersion, Self) -> Self + Send + Sync + 'static,
3049    ) -> OverrideGuard {
3050        CONFIG_OVERRIDE.with(|ovr| {
3051            let mut cur = ovr.borrow_mut();
3052            assert!(cur.is_none(), "config override already present");
3053            *cur = Some(Box::new(override_fn));
3054            OverrideGuard
3055        })
3056    }
3057}
3058
3059// Setters for tests.
3060// This is only needed for feature_flags. Please suffix each setter with
3061// `_for_testing`. Non-feature_flags should already have test setters defined
3062// through macros.
3063impl ProtocolConfig {
3064    pub fn set_per_object_congestion_control_mode_for_testing(
3065        &mut self,
3066        val: PerObjectCongestionControlMode,
3067    ) {
3068        self.feature_flags.per_object_congestion_control_mode = val;
3069    }
3070
3071    pub fn set_consensus_choice_for_testing(&mut self, val: ConsensusChoice) {
3072        self.feature_flags.consensus_choice = val;
3073    }
3074
3075    pub fn set_consensus_network_for_testing(&mut self, val: ConsensusNetwork) {
3076        self.feature_flags.consensus_network = val;
3077    }
3078
3079    pub fn set_passkey_auth_for_testing(&mut self, val: bool) {
3080        self.feature_flags.passkey_auth = val
3081    }
3082
3083    pub fn set_disallow_new_modules_in_deps_only_packages_for_testing(&mut self, val: bool) {
3084        self.feature_flags
3085            .disallow_new_modules_in_deps_only_packages = val;
3086    }
3087
3088    pub fn set_consensus_round_prober_for_testing(&mut self, val: bool) {
3089        self.feature_flags.consensus_round_prober = val;
3090    }
3091
3092    pub fn set_consensus_distributed_vote_scoring_strategy_for_testing(&mut self, val: bool) {
3093        self.feature_flags
3094            .consensus_distributed_vote_scoring_strategy = val;
3095    }
3096
3097    pub fn set_gc_depth_for_testing(&mut self, val: u32) {
3098        self.consensus_gc_depth = Some(val);
3099    }
3100
3101    pub fn set_consensus_linearize_subdag_v2_for_testing(&mut self, val: bool) {
3102        self.feature_flags.consensus_linearize_subdag_v2 = val;
3103    }
3104
3105    pub fn set_consensus_round_prober_probe_accepted_rounds(&mut self, val: bool) {
3106        self.feature_flags
3107            .consensus_round_prober_probe_accepted_rounds = val;
3108    }
3109
3110    pub fn set_accept_passkey_in_multisig_for_testing(&mut self, val: bool) {
3111        self.feature_flags.accept_passkey_in_multisig = val;
3112    }
3113
3114    pub fn set_consensus_smart_ancestor_selection_for_testing(&mut self, val: bool) {
3115        self.feature_flags.consensus_smart_ancestor_selection = val;
3116    }
3117
3118    pub fn set_consensus_batched_block_sync_for_testing(&mut self, val: bool) {
3119        self.feature_flags.consensus_batched_block_sync = val;
3120    }
3121
3122    pub fn set_congestion_control_min_free_execution_slot_for_testing(&mut self, val: bool) {
3123        self.feature_flags
3124            .congestion_control_min_free_execution_slot = val;
3125    }
3126
3127    pub fn set_congestion_control_gas_price_feedback_mechanism_for_testing(&mut self, val: bool) {
3128        self.feature_flags
3129            .congestion_control_gas_price_feedback_mechanism = val;
3130    }
3131
3132    pub fn set_select_committee_from_eligible_validators_for_testing(&mut self, val: bool) {
3133        self.feature_flags.select_committee_from_eligible_validators = val;
3134    }
3135
3136    pub fn set_track_non_committee_eligible_validators_for_testing(&mut self, val: bool) {
3137        self.feature_flags.track_non_committee_eligible_validators = val;
3138    }
3139
3140    pub fn set_select_committee_supporting_next_epoch_version(&mut self, val: bool) {
3141        self.feature_flags
3142            .select_committee_supporting_next_epoch_version = val;
3143    }
3144
3145    pub fn set_consensus_median_timestamp_with_checkpoint_enforcement_for_testing(
3146        &mut self,
3147        val: bool,
3148    ) {
3149        self.feature_flags
3150            .consensus_median_timestamp_with_checkpoint_enforcement = val;
3151    }
3152
3153    pub fn set_consensus_commit_transactions_only_for_traversed_headers_for_testing(
3154        &mut self,
3155        val: bool,
3156    ) {
3157        self.feature_flags
3158            .consensus_commit_transactions_only_for_traversed_headers = val;
3159    }
3160
3161    pub fn set_congestion_limit_overshoot_in_gas_price_feedback_mechanism_for_testing(
3162        &mut self,
3163        val: bool,
3164    ) {
3165        self.feature_flags
3166            .congestion_limit_overshoot_in_gas_price_feedback_mechanism = val;
3167    }
3168
3169    pub fn set_separate_gas_price_feedback_mechanism_for_randomness_for_testing(
3170        &mut self,
3171        val: bool,
3172    ) {
3173        self.feature_flags
3174            .separate_gas_price_feedback_mechanism_for_randomness = val;
3175    }
3176
3177    pub fn set_metadata_in_module_bytes_for_testing(&mut self, val: bool) {
3178        self.feature_flags.metadata_in_module_bytes = val;
3179    }
3180
3181    pub fn set_publish_package_metadata_for_testing(&mut self, val: bool) {
3182        self.feature_flags.publish_package_metadata = val;
3183    }
3184
3185    pub fn set_enable_move_authentication_for_testing(&mut self, val: bool) {
3186        self.feature_flags.enable_move_authentication = val;
3187    }
3188
3189    pub fn set_enable_move_authentication_for_sponsor_for_testing(&mut self, val: bool) {
3190        self.feature_flags.enable_move_authentication_for_sponsor = val;
3191    }
3192
3193    pub fn set_consensus_fast_commit_sync_for_testing(&mut self, val: bool) {
3194        self.feature_flags.consensus_fast_commit_sync = val;
3195    }
3196
3197    pub fn set_consensus_block_restrictions_for_testing(&mut self, val: bool) {
3198        self.feature_flags.consensus_block_restrictions = val;
3199    }
3200
3201    pub fn set_pre_consensus_sponsor_only_move_authentication_for_testing(&mut self, val: bool) {
3202        self.feature_flags
3203            .pre_consensus_sponsor_only_move_authentication = val;
3204    }
3205
3206    pub fn set_consensus_starfish_speed_for_testing(&mut self, val: bool) {
3207        self.feature_flags.consensus_starfish_speed = val;
3208    }
3209
3210    pub fn set_always_advance_dkg_to_resolution_for_testing(&mut self, val: bool) {
3211        self.feature_flags.always_advance_dkg_to_resolution = val;
3212    }
3213
3214    pub fn set_enable_pcool_flow_for_testing(&mut self, val: bool) {
3215        self.feature_flags.enable_pcool_flow = val;
3216    }
3217
3218    pub fn set_commits_per_schedule_for_testing(&mut self, val: u32) {
3219        self.consensus_commits_per_schedule = Some(val);
3220    }
3221}
3222
3223type OverrideFn = dyn Fn(ProtocolVersion, ProtocolConfig) -> ProtocolConfig + Send + Sync;
3224
3225thread_local! {
3226    static CONFIG_OVERRIDE: RefCell<Option<Box<OverrideFn>>> = const { RefCell::new(None) };
3227}
3228
3229#[must_use]
3230pub struct OverrideGuard;
3231
3232impl Drop for OverrideGuard {
3233    fn drop(&mut self) {
3234        info!("restoring override fn");
3235        CONFIG_OVERRIDE.with(|ovr| {
3236            *ovr.borrow_mut() = None;
3237        });
3238    }
3239}
3240
3241/// Defines which limit got crossed.
3242/// The value which crossed the limit and value of the limit crossed are
3243/// embedded
3244#[derive(PartialEq, Eq)]
3245pub enum LimitThresholdCrossed {
3246    None,
3247    Soft(u128, u128),
3248    Hard(u128, u128),
3249}
3250
3251/// Convenience function for comparing limit ranges
3252/// V::MAX must be at >= U::MAX and T::MAX
3253pub fn check_limit_in_range<T: Into<V>, U: Into<V>, V: PartialOrd + Into<u128>>(
3254    x: T,
3255    soft_limit: U,
3256    hard_limit: V,
3257) -> LimitThresholdCrossed {
3258    let x: V = x.into();
3259    let soft_limit: V = soft_limit.into();
3260
3261    debug_assert!(soft_limit <= hard_limit);
3262
3263    // It is important to preserve this comparison order because if soft_limit ==
3264    // hard_limit we want LimitThresholdCrossed::Hard
3265    if x >= hard_limit {
3266        LimitThresholdCrossed::Hard(x.into(), hard_limit.into())
3267    } else if x < soft_limit {
3268        LimitThresholdCrossed::None
3269    } else {
3270        LimitThresholdCrossed::Soft(x.into(), soft_limit.into())
3271    }
3272}
3273
3274#[macro_export]
3275macro_rules! check_limit {
3276    ($x:expr, $hard:expr) => {
3277        check_limit!($x, $hard, $hard)
3278    };
3279    ($x:expr, $soft:expr, $hard:expr) => {
3280        check_limit_in_range($x as u64, $soft, $hard)
3281    };
3282}
3283
3284/// Used to check which limits were crossed if the TX is metered (not system tx)
3285/// Args are: is_metered, value_to_check, metered_limit, unmetered_limit
3286/// metered_limit is always less than or equal to unmetered_hard_limit
3287#[macro_export]
3288macro_rules! check_limit_by_meter {
3289    ($is_metered:expr, $x:expr, $metered_limit:expr, $unmetered_hard_limit:expr, $metric:expr) => {{
3290        // If this is metered, we use the metered_limit limit as the upper bound
3291        let (h, metered_str) = if $is_metered {
3292            ($metered_limit, "metered")
3293        } else {
3294            // Unmetered gets more headroom
3295            ($unmetered_hard_limit, "unmetered")
3296        };
3297        use iota_protocol_config::check_limit_in_range;
3298        let result = check_limit_in_range($x as u64, $metered_limit, h);
3299        match result {
3300            LimitThresholdCrossed::None => {}
3301            LimitThresholdCrossed::Soft(_, _) => {
3302                $metric.with_label_values(&[metered_str, "soft"]).inc();
3303            }
3304            LimitThresholdCrossed::Hard(_, _) => {
3305                $metric.with_label_values(&[metered_str, "hard"]).inc();
3306            }
3307        };
3308        result
3309    }};
3310}
3311
3312#[cfg(all(test, not(msim)))]
3313mod test {
3314    use insta::assert_yaml_snapshot;
3315
3316    use super::*;
3317
3318    #[test]
3319    fn snapshot_tests() {
3320        println!("\n============================================================================");
3321        println!("!                                                                          !");
3322        println!("! IMPORTANT: never update snapshots from this test. only add new versions! !");
3323        println!("!                                                                          !");
3324        println!("============================================================================\n");
3325        for chain_id in &[Chain::Unknown, Chain::Mainnet, Chain::Testnet] {
3326            // make Chain::Unknown snapshots compatible with pre-chain-id snapshots so that
3327            // we don't break the release-time compatibility tests. Once Chain
3328            // Id configs have been released everywhere, we can remove this and
3329            // only test Mainnet and Testnet
3330            let chain_str = match chain_id {
3331                Chain::Unknown => "".to_string(),
3332                _ => format!("{chain_id:?}_"),
3333            };
3334            for i in MIN_PROTOCOL_VERSION..=MAX_PROTOCOL_VERSION {
3335                let cur = ProtocolVersion::new(i);
3336                assert_yaml_snapshot!(
3337                    format!("{}version_{}", chain_str, cur.as_u64()),
3338                    ProtocolConfig::get_for_version(cur, *chain_id)
3339                );
3340            }
3341        }
3342    }
3343
3344    #[test]
3345    fn test_getters() {
3346        let prot: ProtocolConfig =
3347            ProtocolConfig::get_for_version(ProtocolVersion::new(1), Chain::Unknown);
3348        assert_eq!(
3349            prot.max_arguments(),
3350            prot.max_arguments_as_option().unwrap()
3351        );
3352    }
3353
3354    #[test]
3355    fn test_setters() {
3356        let mut prot: ProtocolConfig =
3357            ProtocolConfig::get_for_version(ProtocolVersion::new(1), Chain::Unknown);
3358        prot.set_max_arguments_for_testing(123);
3359        assert_eq!(prot.max_arguments(), 123);
3360
3361        prot.set_max_arguments_from_str_for_testing("321".to_string());
3362        assert_eq!(prot.max_arguments(), 321);
3363
3364        prot.disable_max_arguments_for_testing();
3365        assert_eq!(prot.max_arguments_as_option(), None);
3366
3367        prot.set_attr_for_testing("max_arguments".to_string(), "456".to_string());
3368        assert_eq!(prot.max_arguments(), 456);
3369    }
3370
3371    #[test]
3372    #[should_panic(expected = "unsupported version")]
3373    fn max_version_test() {
3374        // When this does not panic, version higher than MAX_PROTOCOL_VERSION exists.
3375        // To fix, bump MAX_PROTOCOL_VERSION or disable this check for the version.
3376        let _ = ProtocolConfig::get_for_version_impl(
3377            ProtocolVersion::new(MAX_PROTOCOL_VERSION + 1),
3378            Chain::Unknown,
3379        );
3380    }
3381
3382    #[test]
3383    fn lookup_by_string_test() {
3384        let prot: ProtocolConfig =
3385            ProtocolConfig::get_for_version(ProtocolVersion::new(1), Chain::Mainnet);
3386        // Does not exist
3387        assert!(prot.lookup_attr("some random string".to_string()).is_none());
3388
3389        assert!(
3390            prot.lookup_attr("max_arguments".to_string())
3391                == Some(ProtocolConfigValue::u32(prot.max_arguments())),
3392        );
3393
3394        // We didnt have this in version 1 on Mainnet
3395        assert!(
3396            prot.lookup_attr("poseidon_bn254_cost_base".to_string())
3397                .is_none()
3398        );
3399        assert!(
3400            prot.attr_map()
3401                .get("poseidon_bn254_cost_base")
3402                .unwrap()
3403                .is_none()
3404        );
3405
3406        // But we did in version 1 on Devnet
3407        let prot: ProtocolConfig =
3408            ProtocolConfig::get_for_version(ProtocolVersion::new(1), Chain::Unknown);
3409
3410        assert!(
3411            prot.lookup_attr("poseidon_bn254_cost_base".to_string())
3412                == Some(ProtocolConfigValue::u64(prot.poseidon_bn254_cost_base()))
3413        );
3414        assert!(
3415            prot.attr_map().get("poseidon_bn254_cost_base").unwrap()
3416                == &Some(ProtocolConfigValue::u64(prot.poseidon_bn254_cost_base()))
3417        );
3418
3419        // Check feature flags
3420        let prot: ProtocolConfig =
3421            ProtocolConfig::get_for_version(ProtocolVersion::new(1), Chain::Mainnet);
3422        // Does not exist
3423        assert!(
3424            prot.feature_flags
3425                .lookup_attr("some random string".to_owned())
3426                .is_none()
3427        );
3428        assert!(
3429            !prot
3430                .feature_flags
3431                .attr_map()
3432                .contains_key("some random string")
3433        );
3434
3435        // Was false in v1 on Mainnet
3436        assert!(prot.feature_flags.lookup_attr("enable_poseidon".to_owned()) == Some(false));
3437        assert!(
3438            prot.feature_flags
3439                .attr_map()
3440                .get("enable_poseidon")
3441                .unwrap()
3442                == &false
3443        );
3444        let prot: ProtocolConfig =
3445            ProtocolConfig::get_for_version(ProtocolVersion::new(1), Chain::Unknown);
3446        // Was true from v1 and up on Devnet
3447        assert!(prot.feature_flags.lookup_attr("enable_poseidon".to_owned()) == Some(true));
3448        assert!(
3449            prot.feature_flags
3450                .attr_map()
3451                .get("enable_poseidon")
3452                .unwrap()
3453                == &true
3454        );
3455    }
3456
3457    #[test]
3458    fn limit_range_fn_test() {
3459        let low = 100u32;
3460        let high = 10000u64;
3461
3462        assert!(check_limit!(1u8, low, high) == LimitThresholdCrossed::None);
3463        assert!(matches!(
3464            check_limit!(255u16, low, high),
3465            LimitThresholdCrossed::Soft(255u128, 100)
3466        ));
3467        // This wont compile because lossy
3468        // assert!(check_limit!(100000000u128, low, high) ==
3469        // LimitThresholdCrossed::None); This wont compile because lossy
3470        // assert!(check_limit!(100000000usize, low, high) ==
3471        // LimitThresholdCrossed::None);
3472
3473        assert!(matches!(
3474            check_limit!(2550000u64, low, high),
3475            LimitThresholdCrossed::Hard(2550000, 10000)
3476        ));
3477
3478        assert!(matches!(
3479            check_limit!(2550000u64, high, high),
3480            LimitThresholdCrossed::Hard(2550000, 10000)
3481        ));
3482
3483        assert!(matches!(
3484            check_limit!(1u8, high),
3485            LimitThresholdCrossed::None
3486        ));
3487
3488        assert!(check_limit!(255u16, high) == LimitThresholdCrossed::None);
3489
3490        assert!(matches!(
3491            check_limit!(2550000u64, high),
3492            LimitThresholdCrossed::Hard(2550000, 10000)
3493        ));
3494    }
3495}