iota_protocol_config/
lib.rs

1// Copyright (c) Mysten Labs, Inc.
2// Modifications Copyright (c) 2024 IOTA Stiftung
3// SPDX-License-Identifier: Apache-2.0
4
5use std::{
6    cell::RefCell,
7    cmp::min,
8    sync::atomic::{AtomicBool, Ordering},
9};
10
11use clap::*;
12use iota_protocol_config_macros::{
13    ProtocolConfigAccessors, ProtocolConfigFeatureFlagsGetters, ProtocolConfigOverride,
14};
15use move_vm_config::verifier::VerifierConfig;
16use serde::{Deserialize, Serialize};
17use serde_with::skip_serializing_none;
18use tracing::{info, warn};
19
20/// The minimum and maximum protocol versions supported by this build.
21const MIN_PROTOCOL_VERSION: u64 = 1;
22pub const MAX_PROTOCOL_VERSION: u64 = 12;
23
24// Record history of protocol version allocations here:
25//
26// Version 1:  Original version.
27// Version 2:  Don't redistribute slashed staking rewards, fix computation of
28//             SystemEpochInfoEventV1.
29// Version 3:  Set the `relocate_event_module` to be true so that the module
30//             that is associated as the "sending module" for an event is
31//             relocated by linkage.
32//             Add `Clock` based unlock to `Timelock` objects.
33// Version 4:  Introduce the `max_type_to_layout_nodes` config that sets the
34//             maximal nodes which are allowed when converting to a type layout.
35// Version 5:  Introduce fixed protocol-defined base fee, IotaSystemStateV2 and
36//             SystemEpochInfoEventV2.
37//             Disallow adding new modules in `deps-only` packages.
38//             Improve gas/wall time efficiency of some Move stdlib vector
39//             functions.
40//             Add new gas model version to update charging of functions.
41//             Enable proper conversion of certain type argument errors in the
42//             execution layer.
43// Version 6:  Bound size of values created in the adapter.
44// Version 7:  Improve handling of stake withdrawal from candidate validators.
45// Version 8:  Variants as type nodes.
46//             Enable smart ancestor selection for testnet.
47//             Enable probing for accepted rounds in round prober for testnet.
48//             Switch to distributed vote scoring in consensus in testnet.
49//             Enable zstd compression for consensus tonic network in testnet.
50//             Enable consensus garbage collection for testnet
51//             Enable the new consensus commit rule for testnet.
52//             Enable min_free_execution_slot for the shared object congestion
53//             tracker in devnet.
54// Version 9:  Disable smart ancestor selection for the testnet.
55//             Enable zstd compression for consensus tonic network in mainnet.
56//             Enable passkey auth in multisig for devnet.
57//             Remove the iota-bridge from the framework.
58// Version 10: Enable min_free_execution_slot for the shared object congestion
59//             tracker in all networks.
60//             Increase the committee size to 80 on all networks.
61//             Enable round prober in consensus for mainnet.
62//             Enable probing for accepted rounds in round prober for mainnet.
63//             Switch to distributed vote scoring in consensus for mainnet.
64//             Enable the new consensus commit rule for mainnet.
65//             Enable consensus garbage collection for mainnet with GC depth set
66//             to 60 rounds.
67//             Enable batching in synchronizer for testnet
68//             Enable the gas price feedback mechanism in devnet.
69//             Enable Identifier input validation.
70//             Removes unnecessary child object mutations
71//             Add additional signature checks
72//             Add additional linkage checks
73// Version 11: Framework fix regarding candidate validator commission rate.
74// Version 12: Enable the gas price feedback mechanism in all networks.
75
76#[derive(Copy, Clone, Debug, Hash, Serialize, Deserialize, PartialEq, Eq, PartialOrd, Ord)]
77pub struct ProtocolVersion(u64);
78
79impl ProtocolVersion {
80    // The minimum and maximum protocol version supported by this binary.
81    // Counterintuitively, this constant may change over time as support for old
82    // protocol versions is removed from the source. This ensures that when a
83    // new network (such as a testnet) is created, its genesis committee will
84    // use a protocol version that is actually supported by the binary.
85    pub const MIN: Self = Self(MIN_PROTOCOL_VERSION);
86
87    pub const MAX: Self = Self(MAX_PROTOCOL_VERSION);
88
89    #[cfg(not(msim))]
90    const MAX_ALLOWED: Self = Self::MAX;
91
92    // We create one additional "fake" version in simulator builds so that we can
93    // test upgrades.
94    #[cfg(msim)]
95    pub const MAX_ALLOWED: Self = Self(MAX_PROTOCOL_VERSION + 1);
96
97    pub fn new(v: u64) -> Self {
98        Self(v)
99    }
100
101    pub const fn as_u64(&self) -> u64 {
102        self.0
103    }
104
105    // For serde deserialization - we don't define a Default impl because there
106    // isn't a single universally appropriate default value.
107    pub fn max() -> Self {
108        Self::MAX
109    }
110}
111
112impl From<u64> for ProtocolVersion {
113    fn from(v: u64) -> Self {
114        Self::new(v)
115    }
116}
117
118impl std::ops::Sub<u64> for ProtocolVersion {
119    type Output = Self;
120    fn sub(self, rhs: u64) -> Self::Output {
121        Self::new(self.0 - rhs)
122    }
123}
124
125impl std::ops::Add<u64> for ProtocolVersion {
126    type Output = Self;
127    fn add(self, rhs: u64) -> Self::Output {
128        Self::new(self.0 + rhs)
129    }
130}
131
132#[derive(Clone, Serialize, Deserialize, Debug, PartialEq, Copy, PartialOrd, Ord, Eq, ValueEnum)]
133pub enum Chain {
134    Mainnet,
135    Testnet,
136    Unknown,
137}
138
139impl Default for Chain {
140    fn default() -> Self {
141        Self::Unknown
142    }
143}
144
145impl Chain {
146    pub fn as_str(self) -> &'static str {
147        match self {
148            Chain::Mainnet => "mainnet",
149            Chain::Testnet => "testnet",
150            Chain::Unknown => "unknown",
151        }
152    }
153}
154
155pub struct Error(pub String);
156
157// TODO: There are quite a few non boolean values in the feature flags. We
158// should move them out.
159/// Records on/off feature flags that may vary at each protocol version.
160#[derive(Default, Clone, Serialize, Deserialize, Debug, ProtocolConfigFeatureFlagsGetters)]
161struct FeatureFlags {
162    // Add feature flags here, e.g.:
163    // new_protocol_feature: bool,
164
165    // Disables unnecessary invariant check in the Move VM when swapping the value out of a local
166    // This flag is used to provide the correct MoveVM configuration for clients.
167    #[serde(skip_serializing_if = "is_true")]
168    disable_invariant_violation_check_in_swap_loc: bool,
169
170    // If true, checks no extra bytes in a compiled module
171    // This flag is used to provide the correct MoveVM configuration for clients.
172    #[serde(skip_serializing_if = "is_true")]
173    no_extraneous_module_bytes: bool,
174
175    // Enable zklogin auth
176    #[serde(skip_serializing_if = "is_false")]
177    zklogin_auth: bool,
178
179    // How we order transactions coming out of consensus before sending to execution.
180    #[serde(skip_serializing_if = "ConsensusTransactionOrdering::is_none")]
181    consensus_transaction_ordering: ConsensusTransactionOrdering,
182
183    #[serde(skip_serializing_if = "is_false")]
184    enable_jwk_consensus_updates: bool,
185
186    // If true, multisig containing zkLogin sig is accepted.
187    #[serde(skip_serializing_if = "is_false")]
188    accept_zklogin_in_multisig: bool,
189
190    // If true, use the hardened OTW check
191    // This flag is used to provide the correct MoveVM configuration for clients.
192    #[serde(skip_serializing_if = "is_true")]
193    hardened_otw_check: bool,
194
195    // Enable the poseidon hash function
196    #[serde(skip_serializing_if = "is_false")]
197    enable_poseidon: bool,
198
199    // Enable native function for msm.
200    #[serde(skip_serializing_if = "is_false")]
201    enable_group_ops_native_function_msm: bool,
202
203    // Controls the behavior of per object congestion control in consensus handler.
204    #[serde(skip_serializing_if = "PerObjectCongestionControlMode::is_none")]
205    per_object_congestion_control_mode: PerObjectCongestionControlMode,
206
207    // The consensus protocol to be used for the epoch.
208    #[serde(skip_serializing_if = "ConsensusChoice::is_mysticeti")]
209    consensus_choice: ConsensusChoice,
210
211    // Consensus network to use.
212    #[serde(skip_serializing_if = "ConsensusNetwork::is_tonic")]
213    consensus_network: ConsensusNetwork,
214
215    // Set the upper bound allowed for max_epoch in zklogin signature.
216    #[serde(skip_serializing_if = "Option::is_none")]
217    zklogin_max_epoch_upper_bound_delta: Option<u64>,
218
219    // Enable VDF
220    #[serde(skip_serializing_if = "is_false")]
221    enable_vdf: bool,
222
223    // Enable passkey auth (SIP-9)
224    #[serde(skip_serializing_if = "is_false")]
225    passkey_auth: bool,
226
227    // Rethrow type layout errors during serialization instead of trying to convert them.
228    // This flag is used to provide the correct MoveVM configuration for clients.
229    #[serde(skip_serializing_if = "is_true")]
230    rethrow_serialization_type_layout_errors: bool,
231
232    // Makes the event's sending module version-aware.
233    #[serde(skip_serializing_if = "is_false")]
234    relocate_event_module: bool,
235
236    // Enable a protocol-defined base gas price for all transactions.
237    #[serde(skip_serializing_if = "is_false")]
238    protocol_defined_base_fee: bool,
239
240    // Enable uncompressed group elements in BLS123-81 G1
241    #[serde(skip_serializing_if = "is_false")]
242    uncompressed_g1_group_elements: bool,
243
244    // Disallow adding new modules in `deps-only` packages.
245    #[serde(skip_serializing_if = "is_false")]
246    disallow_new_modules_in_deps_only_packages: bool,
247
248    // Enable v2 native charging for natives.
249    #[serde(skip_serializing_if = "is_false")]
250    native_charging_v2: bool,
251
252    // Properly convert certain type argument errors in the execution layer.
253    #[serde(skip_serializing_if = "is_false")]
254    convert_type_argument_error: bool,
255
256    // Probe rounds received by peers from every authority.
257    #[serde(skip_serializing_if = "is_false")]
258    consensus_round_prober: bool,
259
260    // Use distributed vote leader scoring strategy in consensus.
261    #[serde(skip_serializing_if = "is_false")]
262    consensus_distributed_vote_scoring_strategy: bool,
263
264    // Enables the new logic for collecting the subdag in the consensus linearizer. The new logic
265    // does not stop the recursion at the highest committed round for each authority, but
266    // allows to commit uncommitted blocks up to gc round (excluded) for that authority.
267    #[serde(skip_serializing_if = "is_false")]
268    consensus_linearize_subdag_v2: bool,
269
270    // Variants count as nodes
271    #[serde(skip_serializing_if = "is_false")]
272    variant_nodes: bool,
273
274    // Use smart ancestor selection in consensus.
275    #[serde(skip_serializing_if = "is_false")]
276    consensus_smart_ancestor_selection: bool,
277
278    // Probe accepted rounds in round prober.
279    #[serde(skip_serializing_if = "is_false")]
280    consensus_round_prober_probe_accepted_rounds: bool,
281
282    // If true, enable zstd compression for consensus tonic network.
283    #[serde(skip_serializing_if = "is_false")]
284    consensus_zstd_compression: bool,
285
286    // Use the minimum free execution slot to schedule execution of a transaction in the shared
287    // object congestion tracker.
288    #[serde(skip_serializing_if = "is_false")]
289    congestion_control_min_free_execution_slot: bool,
290
291    // If true, multisig containing passkey sig is accepted.
292    #[serde(skip_serializing_if = "is_false")]
293    accept_passkey_in_multisig: bool,
294
295    // If true, enabled batched block sync in consensus.
296    #[serde(skip_serializing_if = "is_false")]
297    consensus_batched_block_sync: bool,
298
299    // To enable/disable the gas price feedback mechanism used for transactions
300    // cancelled due to shared object congestion
301    #[serde(skip_serializing_if = "is_false")]
302    congestion_control_gas_price_feedback_mechanism: bool,
303
304    // Validate identifier inputs separately
305    #[serde(skip_serializing_if = "is_false")]
306    validate_identifier_inputs: bool,
307
308    // If true, enables the optimizations for child object mutations, removing unnecessary
309    // mutations
310    #[serde(skip_serializing_if = "is_false")]
311    minimize_child_object_mutations: bool,
312
313    // If true enable additional linkage checks.
314    #[serde(skip_serializing_if = "is_false")]
315    dependency_linkage_error: bool,
316
317    // If true enable additional multisig checks.
318    #[serde(skip_serializing_if = "is_false")]
319    additional_multisig_checks: bool,
320}
321
322fn is_true(b: &bool) -> bool {
323    *b
324}
325
326fn is_false(b: &bool) -> bool {
327    !b
328}
329
330/// Ordering mechanism for transactions in one consensus output.
331#[derive(Default, Copy, Clone, PartialEq, Eq, Serialize, Deserialize, Debug)]
332pub enum ConsensusTransactionOrdering {
333    /// No ordering. Transactions are processed in the order they appear in the
334    /// consensus output.
335    #[default]
336    None,
337    /// Order transactions by gas price, highest first.
338    ByGasPrice,
339}
340
341impl ConsensusTransactionOrdering {
342    pub fn is_none(&self) -> bool {
343        matches!(self, ConsensusTransactionOrdering::None)
344    }
345}
346
347// The config for per object congestion control in consensus handler.
348#[derive(Default, Copy, Clone, PartialEq, Eq, Serialize, Deserialize, Debug)]
349pub enum PerObjectCongestionControlMode {
350    #[default]
351    None, // No congestion control.
352    TotalGasBudget, // Use txn gas budget as execution cost.
353    TotalTxCount,   // Use total txn count as execution cost.
354}
355
356impl PerObjectCongestionControlMode {
357    pub fn is_none(&self) -> bool {
358        matches!(self, PerObjectCongestionControlMode::None)
359    }
360}
361
362// Configuration options for consensus algorithm.
363#[derive(Default, Copy, Clone, PartialEq, Eq, Serialize, Deserialize, Debug)]
364pub enum ConsensusChoice {
365    #[default]
366    Mysticeti,
367}
368
369impl ConsensusChoice {
370    pub fn is_mysticeti(&self) -> bool {
371        matches!(self, ConsensusChoice::Mysticeti)
372    }
373}
374
375// Configuration options for consensus network.
376#[derive(Default, Copy, Clone, PartialEq, Eq, Serialize, Deserialize, Debug)]
377pub enum ConsensusNetwork {
378    #[default]
379    Tonic,
380}
381
382impl ConsensusNetwork {
383    pub fn is_tonic(&self) -> bool {
384        matches!(self, ConsensusNetwork::Tonic)
385    }
386}
387
388/// Constants that change the behavior of the protocol.
389///
390/// The value of each constant here must be fixed for a given protocol version.
391/// To change the value of a constant, advance the protocol version, and add
392/// support for it in `get_for_version` under the new version number.
393/// (below).
394///
395/// To add a new field to this struct, use the following procedure:
396/// - Advance the protocol version.
397/// - Add the field as a private `Option<T>` to the struct.
398/// - Initialize the field to `None` in prior protocol versions.
399/// - Initialize the field to `Some(val)` for your new protocol version.
400/// - Add a public getter that simply unwraps the field.
401/// - Two public getters of the form `field(&self) -> field_type` and
402///   `field_as_option(&self) -> Option<field_type>` will be automatically
403///   generated for you.
404/// Example for a field: `new_constant: Option<u64>`
405/// ```rust,ignore
406///      pub fn new_constant(&self) -> u64 {
407///         self.new_constant.expect(Self::CONSTANT_ERR_MSG)
408///     }
409///      pub fn new_constant_as_option(&self) -> Option<u64> {
410///         self.new_constant.expect(Self::CONSTANT_ERR_MSG)
411///     }
412/// ```
413/// With `pub fn new_constant(&self) -> u64`, if the constant is accessed in a
414/// protocol version in which it is not defined, the validator will crash.
415/// (Crashing is necessary because this type of error would almost always result
416/// in forking if not prevented here). If you don't want the validator to crash,
417/// you can use the `pub fn new_constant_as_option(&self) -> Option<u64>`
418/// getter, which will return `None` if the field is not defined at that
419/// version.
420/// - If you want a customized getter, you can add a method in the impl.
421#[skip_serializing_none]
422#[derive(Clone, Serialize, Debug, ProtocolConfigAccessors, ProtocolConfigOverride)]
423pub struct ProtocolConfig {
424    pub version: ProtocolVersion,
425
426    feature_flags: FeatureFlags,
427
428    // ==== Transaction input limits ====
429
430    //
431    /// Maximum serialized size of a transaction (in bytes).
432    max_tx_size_bytes: Option<u64>,
433
434    /// Maximum number of input objects to a transaction. Enforced by the
435    /// transaction input checker
436    max_input_objects: Option<u64>,
437
438    /// Max size of objects a transaction can write to disk after completion.
439    /// Enforce by the IOTA adapter. This is the sum of the serialized size
440    /// of all objects written to disk. The max size of individual objects
441    /// on the other hand is `max_move_object_size`.
442    max_size_written_objects: Option<u64>,
443    /// Max size of objects a system transaction can write to disk after
444    /// completion. Enforce by the IOTA adapter. Similar to
445    /// `max_size_written_objects` but for system transactions.
446    max_size_written_objects_system_tx: Option<u64>,
447
448    /// Maximum size of serialized transaction effects.
449    max_serialized_tx_effects_size_bytes: Option<u64>,
450
451    /// Maximum size of serialized transaction effects for system transactions.
452    max_serialized_tx_effects_size_bytes_system_tx: Option<u64>,
453
454    /// Maximum number of gas payment objects for a transaction.
455    max_gas_payment_objects: Option<u32>,
456
457    /// Maximum number of modules in a Publish transaction.
458    max_modules_in_publish: Option<u32>,
459
460    /// Maximum number of transitive dependencies in a package when publishing.
461    max_package_dependencies: Option<u32>,
462
463    /// Maximum number of arguments in a move call or a
464    /// ProgrammableTransaction's TransferObjects command.
465    max_arguments: Option<u32>,
466
467    /// Maximum number of total type arguments, computed recursively.
468    max_type_arguments: Option<u32>,
469
470    /// Maximum depth of an individual type argument.
471    max_type_argument_depth: Option<u32>,
472
473    /// Maximum size of a Pure CallArg.
474    max_pure_argument_size: Option<u32>,
475
476    /// Maximum number of Commands in a ProgrammableTransaction.
477    max_programmable_tx_commands: Option<u32>,
478
479    // ==== Move VM, Move bytecode verifier, and execution limits ===
480
481    //
482    /// Maximum Move bytecode version the VM understands. All older versions are
483    /// accepted.
484    move_binary_format_version: Option<u32>,
485    min_move_binary_format_version: Option<u32>,
486
487    /// Configuration controlling binary tables size.
488    binary_module_handles: Option<u16>,
489    binary_struct_handles: Option<u16>,
490    binary_function_handles: Option<u16>,
491    binary_function_instantiations: Option<u16>,
492    binary_signatures: Option<u16>,
493    binary_constant_pool: Option<u16>,
494    binary_identifiers: Option<u16>,
495    binary_address_identifiers: Option<u16>,
496    binary_struct_defs: Option<u16>,
497    binary_struct_def_instantiations: Option<u16>,
498    binary_function_defs: Option<u16>,
499    binary_field_handles: Option<u16>,
500    binary_field_instantiations: Option<u16>,
501    binary_friend_decls: Option<u16>,
502    binary_enum_defs: Option<u16>,
503    binary_enum_def_instantiations: Option<u16>,
504    binary_variant_handles: Option<u16>,
505    binary_variant_instantiation_handles: Option<u16>,
506
507    /// Maximum size of the `contents` part of an object, in bytes. Enforced by
508    /// the IOTA adapter when effects are produced.
509    max_move_object_size: Option<u64>,
510
511    // TODO: Option<increase to 500 KB. currently, publishing a package > 500 KB exceeds the max
512    // computation gas cost
513    /// Maximum size of a Move package object, in bytes. Enforced by the IOTA
514    /// adapter at the end of a publish transaction.
515    max_move_package_size: Option<u64>,
516
517    /// Max number of publish or upgrade commands allowed in a programmable
518    /// transaction block.
519    max_publish_or_upgrade_per_ptb: Option<u64>,
520
521    /// Maximum gas budget in NANOS that a transaction can use.
522    max_tx_gas: Option<u64>,
523
524    /// Maximum amount of the proposed gas price in NANOS (defined in the
525    /// transaction).
526    max_gas_price: Option<u64>,
527
528    /// The max computation bucket for gas. This is the max that can be charged
529    /// for computation.
530    max_gas_computation_bucket: Option<u64>,
531
532    // Define the value used to round up computation gas charges
533    gas_rounding_step: Option<u64>,
534
535    /// Maximum number of nested loops. Enforced by the Move bytecode verifier.
536    max_loop_depth: Option<u64>,
537
538    /// Maximum number of type arguments that can be bound to generic type
539    /// parameters. Enforced by the Move bytecode verifier.
540    max_generic_instantiation_length: Option<u64>,
541
542    /// Maximum number of parameters that a Move function can have. Enforced by
543    /// the Move bytecode verifier.
544    max_function_parameters: Option<u64>,
545
546    /// Maximum number of basic blocks that a Move function can have. Enforced
547    /// by the Move bytecode verifier.
548    max_basic_blocks: Option<u64>,
549
550    /// Maximum stack size value. Enforced by the Move bytecode verifier.
551    max_value_stack_size: Option<u64>,
552
553    /// Maximum number of "type nodes", a metric for how big a SignatureToken
554    /// will be when expanded into a fully qualified type. Enforced by the Move
555    /// bytecode verifier.
556    max_type_nodes: Option<u64>,
557
558    /// Maximum number of push instructions in one function. Enforced by the
559    /// Move bytecode verifier.
560    max_push_size: Option<u64>,
561
562    /// Maximum number of struct definitions in a module. Enforced by the Move
563    /// bytecode verifier.
564    max_struct_definitions: Option<u64>,
565
566    /// Maximum number of function definitions in a module. Enforced by the Move
567    /// bytecode verifier.
568    max_function_definitions: Option<u64>,
569
570    /// Maximum number of fields allowed in a struct definition. Enforced by the
571    /// Move bytecode verifier.
572    max_fields_in_struct: Option<u64>,
573
574    /// Maximum dependency depth. Enforced by the Move linker when loading
575    /// dependent modules.
576    max_dependency_depth: Option<u64>,
577
578    /// Maximum number of Move events that a single transaction can emit.
579    /// Enforced by the VM during execution.
580    max_num_event_emit: Option<u64>,
581
582    /// Maximum number of new IDs that a single transaction can create. Enforced
583    /// by the VM during execution.
584    max_num_new_move_object_ids: Option<u64>,
585
586    /// Maximum number of new IDs that a single system transaction can create.
587    /// Enforced by the VM during execution.
588    max_num_new_move_object_ids_system_tx: Option<u64>,
589
590    /// Maximum number of IDs that a single transaction can delete. Enforced by
591    /// the VM during execution.
592    max_num_deleted_move_object_ids: Option<u64>,
593
594    /// Maximum number of IDs that a single system transaction can delete.
595    /// Enforced by the VM during execution.
596    max_num_deleted_move_object_ids_system_tx: Option<u64>,
597
598    /// Maximum number of IDs that a single transaction can transfer. Enforced
599    /// by the VM during execution.
600    max_num_transferred_move_object_ids: Option<u64>,
601
602    /// Maximum number of IDs that a single system transaction can transfer.
603    /// Enforced by the VM during execution.
604    max_num_transferred_move_object_ids_system_tx: Option<u64>,
605
606    /// Maximum size of a Move user event. Enforced by the VM during execution.
607    max_event_emit_size: Option<u64>,
608
609    /// Maximum size of a Move user event. Enforced by the VM during execution.
610    max_event_emit_size_total: Option<u64>,
611
612    /// Maximum length of a vector in Move. Enforced by the VM during execution,
613    /// and for constants, by the verifier.
614    max_move_vector_len: Option<u64>,
615
616    /// Maximum length of an `Identifier` in Move. Enforced by the bytecode
617    /// verifier at signing.
618    max_move_identifier_len: Option<u64>,
619
620    /// Maximum depth of a Move value within the VM.
621    max_move_value_depth: Option<u64>,
622
623    /// Maximum number of variants in an enum. Enforced by the bytecode verifier
624    /// at signing.
625    max_move_enum_variants: Option<u64>,
626
627    /// Maximum number of back edges in Move function. Enforced by the bytecode
628    /// verifier at signing.
629    max_back_edges_per_function: Option<u64>,
630
631    /// Maximum number of back edges in Move module. Enforced by the bytecode
632    /// verifier at signing.
633    max_back_edges_per_module: Option<u64>,
634
635    /// Maximum number of meter `ticks` spent verifying a Move function.
636    /// Enforced by the bytecode verifier at signing.
637    max_verifier_meter_ticks_per_function: Option<u64>,
638
639    /// Maximum number of meter `ticks` spent verifying a Move function.
640    /// Enforced by the bytecode verifier at signing.
641    max_meter_ticks_per_module: Option<u64>,
642
643    /// Maximum number of meter `ticks` spent verifying a Move package. Enforced
644    /// by the bytecode verifier at signing.
645    max_meter_ticks_per_package: Option<u64>,
646
647    // === Object runtime internal operation limits ====
648    // These affect dynamic fields
649
650    //
651    /// Maximum number of cached objects in the object runtime ObjectStore.
652    /// Enforced by object runtime during execution
653    object_runtime_max_num_cached_objects: Option<u64>,
654
655    /// Maximum number of cached objects in the object runtime ObjectStore in
656    /// system transaction. Enforced by object runtime during execution
657    object_runtime_max_num_cached_objects_system_tx: Option<u64>,
658
659    /// Maximum number of stored objects accessed by object runtime ObjectStore.
660    /// Enforced by object runtime during execution
661    object_runtime_max_num_store_entries: Option<u64>,
662
663    /// Maximum number of stored objects accessed by object runtime ObjectStore
664    /// in system transaction. Enforced by object runtime during execution
665    object_runtime_max_num_store_entries_system_tx: Option<u64>,
666
667    // === Execution gas costs ====
668
669    //
670    /// Base cost for any IOTA transaction
671    base_tx_cost_fixed: Option<u64>,
672
673    /// Additional cost for a transaction that publishes a package
674    /// i.e., the base cost of such a transaction is base_tx_cost_fixed +
675    /// package_publish_cost_fixed
676    package_publish_cost_fixed: Option<u64>,
677
678    /// Cost per byte of a Move call transaction
679    /// i.e., the cost of such a transaction is base_cost +
680    /// (base_tx_cost_per_byte * size)
681    base_tx_cost_per_byte: Option<u64>,
682
683    /// Cost per byte for a transaction that publishes a package
684    package_publish_cost_per_byte: Option<u64>,
685
686    // Per-byte cost of reading an object during transaction execution
687    obj_access_cost_read_per_byte: Option<u64>,
688
689    // Per-byte cost of writing an object during transaction execution
690    obj_access_cost_mutate_per_byte: Option<u64>,
691
692    // Per-byte cost of deleting an object during transaction execution
693    obj_access_cost_delete_per_byte: Option<u64>,
694
695    /// Per-byte cost charged for each input object to a transaction.
696    /// Meant to approximate the cost of checking locks for each object
697    // TODO: Option<I'm not sure that this cost makes sense. Checking locks is "free"
698    // in the sense that an invalid tx that can never be committed/pay gas can
699    // force validators to check an arbitrary number of locks. If those checks are
700    // "free" for invalid transactions, why charge for them in valid transactions
701    // TODO: Option<if we keep this, I think we probably want it to be a fixed cost rather
702    // than a per-byte cost. checking an object lock should not require loading an
703    // entire object, just consulting an ID -> tx digest map
704    obj_access_cost_verify_per_byte: Option<u64>,
705
706    // Maximal nodes which are allowed when converting to a type layout.
707    max_type_to_layout_nodes: Option<u64>,
708
709    // Maximal size in bytes that a PTB value can be
710    max_ptb_value_size: Option<u64>,
711
712    // === Gas version. gas model ===
713
714    //
715    /// Gas model version, what code we are using to charge gas
716    gas_model_version: Option<u64>,
717
718    // === Storage gas costs ===
719
720    //
721    /// Per-byte cost of storing an object in the IOTA global object store. Some
722    /// of this cost may be refundable if the object is later freed
723    obj_data_cost_refundable: Option<u64>,
724
725    // Per-byte cost of storing an object in the IOTA transaction log (e.g., in
726    // CertifiedTransactionEffects) This depends on the size of various fields including the
727    // effects TODO: Option<I don't fully understand this^ and more details would be useful
728    obj_metadata_cost_non_refundable: Option<u64>,
729
730    // === Tokenomics ===
731
732    // TODO: Option<this should be changed to u64.
733    /// Sender of a txn that touches an object will get this percent of the
734    /// storage rebate back. In basis point.
735    storage_rebate_rate: Option<u64>,
736
737    /// The share of rewards that will be slashed and redistributed is 50%.
738    /// In basis point.
739    reward_slashing_rate: Option<u64>,
740
741    /// Unit storage gas price, Nanos per internal gas unit.
742    storage_gas_price: Option<u64>,
743
744    // Base gas price for computation gas, nanos per computation unit.
745    base_gas_price: Option<u64>,
746
747    /// The number of tokens minted as a validator subsidy per epoch.
748    validator_target_reward: Option<u64>,
749
750    // === Core Protocol ===
751
752    //
753    /// Max number of transactions per checkpoint.
754    /// Note that this is a protocol constant and not a config as validators
755    /// must have this set to the same value, otherwise they *will* fork.
756    max_transactions_per_checkpoint: Option<u64>,
757
758    /// Max size of a checkpoint in bytes.
759    /// Note that this is a protocol constant and not a config as validators
760    /// must have this set to the same value, otherwise they *will* fork.
761    max_checkpoint_size_bytes: Option<u64>,
762
763    /// A protocol upgrade always requires 2f+1 stake to agree. We support a
764    /// buffer of additional stake (as a fraction of f, expressed in basis
765    /// points) that is required before an upgrade can happen automatically.
766    /// 10000bps would indicate that complete unanimity is required (all
767    /// 3f+1 must vote), while 0bps would indicate that 2f+1 is sufficient.
768    buffer_stake_for_protocol_upgrade_bps: Option<u64>,
769
770    // === Native Function Costs ===
771
772    // `address` module
773    // Cost params for the Move native function `address::from_bytes(bytes: vector<u8>)`
774    address_from_bytes_cost_base: Option<u64>,
775    // Cost params for the Move native function `address::to_u256(address): u256`
776    address_to_u256_cost_base: Option<u64>,
777    // Cost params for the Move native function `address::from_u256(u256): address`
778    address_from_u256_cost_base: Option<u64>,
779
780    // `config` module
781    // Cost params for the Move native function `read_setting_impl<Name: copy + drop + store,
782    // SettingValue: key + store, SettingDataValue: store, Value: copy + drop + store,
783    // >(config: address, name: address, current_epoch: u64): Option<Value>`
784    config_read_setting_impl_cost_base: Option<u64>,
785    config_read_setting_impl_cost_per_byte: Option<u64>,
786
787    // `dynamic_field` module
788    // Cost params for the Move native function `hash_type_and_key<K: copy + drop + store>(parent:
789    // address, k: K): address`
790    dynamic_field_hash_type_and_key_cost_base: Option<u64>,
791    dynamic_field_hash_type_and_key_type_cost_per_byte: Option<u64>,
792    dynamic_field_hash_type_and_key_value_cost_per_byte: Option<u64>,
793    dynamic_field_hash_type_and_key_type_tag_cost_per_byte: Option<u64>,
794    // Cost params for the Move native function `add_child_object<Child: key>(parent: address,
795    // child: Child)`
796    dynamic_field_add_child_object_cost_base: Option<u64>,
797    dynamic_field_add_child_object_type_cost_per_byte: Option<u64>,
798    dynamic_field_add_child_object_value_cost_per_byte: Option<u64>,
799    dynamic_field_add_child_object_struct_tag_cost_per_byte: Option<u64>,
800    // Cost params for the Move native function `borrow_child_object_mut<Child: key>(parent: &mut
801    // UID, id: address): &mut Child`
802    dynamic_field_borrow_child_object_cost_base: Option<u64>,
803    dynamic_field_borrow_child_object_child_ref_cost_per_byte: Option<u64>,
804    dynamic_field_borrow_child_object_type_cost_per_byte: Option<u64>,
805    // Cost params for the Move native function `remove_child_object<Child: key>(parent: address,
806    // id: address): Child`
807    dynamic_field_remove_child_object_cost_base: Option<u64>,
808    dynamic_field_remove_child_object_child_cost_per_byte: Option<u64>,
809    dynamic_field_remove_child_object_type_cost_per_byte: Option<u64>,
810    // Cost params for the Move native function `has_child_object(parent: address, id: address):
811    // bool`
812    dynamic_field_has_child_object_cost_base: Option<u64>,
813    // Cost params for the Move native function `has_child_object_with_ty<Child: key>(parent:
814    // address, id: address): bool`
815    dynamic_field_has_child_object_with_ty_cost_base: Option<u64>,
816    dynamic_field_has_child_object_with_ty_type_cost_per_byte: Option<u64>,
817    dynamic_field_has_child_object_with_ty_type_tag_cost_per_byte: Option<u64>,
818
819    // `event` module
820    // Cost params for the Move native function `event::emit<T: copy + drop>(event: T)`
821    event_emit_cost_base: Option<u64>,
822    event_emit_value_size_derivation_cost_per_byte: Option<u64>,
823    event_emit_tag_size_derivation_cost_per_byte: Option<u64>,
824    event_emit_output_cost_per_byte: Option<u64>,
825
826    //  `object` module
827    // Cost params for the Move native function `borrow_uid<T: key>(obj: &T): &UID`
828    object_borrow_uid_cost_base: Option<u64>,
829    // Cost params for the Move native function `delete_impl(id: address)`
830    object_delete_impl_cost_base: Option<u64>,
831    // Cost params for the Move native function `record_new_uid(id: address)`
832    object_record_new_uid_cost_base: Option<u64>,
833
834    // Transfer
835    // Cost params for the Move native function `transfer_impl<T: key>(obj: T, recipient: address)`
836    transfer_transfer_internal_cost_base: Option<u64>,
837    // Cost params for the Move native function `freeze_object<T: key>(obj: T)`
838    transfer_freeze_object_cost_base: Option<u64>,
839    // Cost params for the Move native function `share_object<T: key>(obj: T)`
840    transfer_share_object_cost_base: Option<u64>,
841    // Cost params for the Move native function
842    // `receive_object<T: key>(p: &mut UID, recv: Receiving<T>T)`
843    transfer_receive_object_cost_base: Option<u64>,
844
845    // TxContext
846    // Cost params for the Move native function `transfer_impl<T: key>(obj: T, recipient: address)`
847    tx_context_derive_id_cost_base: Option<u64>,
848
849    // Types
850    // Cost params for the Move native function `is_one_time_witness<T: drop>(_: &T): bool`
851    types_is_one_time_witness_cost_base: Option<u64>,
852    types_is_one_time_witness_type_tag_cost_per_byte: Option<u64>,
853    types_is_one_time_witness_type_cost_per_byte: Option<u64>,
854
855    // Validator
856    // Cost params for the Move native function `validate_metadata_bcs(metadata: vector<u8>)`
857    validator_validate_metadata_cost_base: Option<u64>,
858    validator_validate_metadata_data_cost_per_byte: Option<u64>,
859
860    // Crypto natives
861    crypto_invalid_arguments_cost: Option<u64>,
862    // bls12381::bls12381_min_sig_verify
863    bls12381_bls12381_min_sig_verify_cost_base: Option<u64>,
864    bls12381_bls12381_min_sig_verify_msg_cost_per_byte: Option<u64>,
865    bls12381_bls12381_min_sig_verify_msg_cost_per_block: Option<u64>,
866
867    // bls12381::bls12381_min_pk_verify
868    bls12381_bls12381_min_pk_verify_cost_base: Option<u64>,
869    bls12381_bls12381_min_pk_verify_msg_cost_per_byte: Option<u64>,
870    bls12381_bls12381_min_pk_verify_msg_cost_per_block: Option<u64>,
871
872    // ecdsa_k1::ecrecover
873    ecdsa_k1_ecrecover_keccak256_cost_base: Option<u64>,
874    ecdsa_k1_ecrecover_keccak256_msg_cost_per_byte: Option<u64>,
875    ecdsa_k1_ecrecover_keccak256_msg_cost_per_block: Option<u64>,
876    ecdsa_k1_ecrecover_sha256_cost_base: Option<u64>,
877    ecdsa_k1_ecrecover_sha256_msg_cost_per_byte: Option<u64>,
878    ecdsa_k1_ecrecover_sha256_msg_cost_per_block: Option<u64>,
879
880    // ecdsa_k1::decompress_pubkey
881    ecdsa_k1_decompress_pubkey_cost_base: Option<u64>,
882
883    // ecdsa_k1::secp256k1_verify
884    ecdsa_k1_secp256k1_verify_keccak256_cost_base: Option<u64>,
885    ecdsa_k1_secp256k1_verify_keccak256_msg_cost_per_byte: Option<u64>,
886    ecdsa_k1_secp256k1_verify_keccak256_msg_cost_per_block: Option<u64>,
887    ecdsa_k1_secp256k1_verify_sha256_cost_base: Option<u64>,
888    ecdsa_k1_secp256k1_verify_sha256_msg_cost_per_byte: Option<u64>,
889    ecdsa_k1_secp256k1_verify_sha256_msg_cost_per_block: Option<u64>,
890
891    // ecdsa_r1::ecrecover
892    ecdsa_r1_ecrecover_keccak256_cost_base: Option<u64>,
893    ecdsa_r1_ecrecover_keccak256_msg_cost_per_byte: Option<u64>,
894    ecdsa_r1_ecrecover_keccak256_msg_cost_per_block: Option<u64>,
895    ecdsa_r1_ecrecover_sha256_cost_base: Option<u64>,
896    ecdsa_r1_ecrecover_sha256_msg_cost_per_byte: Option<u64>,
897    ecdsa_r1_ecrecover_sha256_msg_cost_per_block: Option<u64>,
898
899    // ecdsa_r1::secp256k1_verify
900    ecdsa_r1_secp256r1_verify_keccak256_cost_base: Option<u64>,
901    ecdsa_r1_secp256r1_verify_keccak256_msg_cost_per_byte: Option<u64>,
902    ecdsa_r1_secp256r1_verify_keccak256_msg_cost_per_block: Option<u64>,
903    ecdsa_r1_secp256r1_verify_sha256_cost_base: Option<u64>,
904    ecdsa_r1_secp256r1_verify_sha256_msg_cost_per_byte: Option<u64>,
905    ecdsa_r1_secp256r1_verify_sha256_msg_cost_per_block: Option<u64>,
906
907    // ecvrf::verify
908    ecvrf_ecvrf_verify_cost_base: Option<u64>,
909    ecvrf_ecvrf_verify_alpha_string_cost_per_byte: Option<u64>,
910    ecvrf_ecvrf_verify_alpha_string_cost_per_block: Option<u64>,
911
912    // ed25519
913    ed25519_ed25519_verify_cost_base: Option<u64>,
914    ed25519_ed25519_verify_msg_cost_per_byte: Option<u64>,
915    ed25519_ed25519_verify_msg_cost_per_block: Option<u64>,
916
917    // groth16::prepare_verifying_key
918    groth16_prepare_verifying_key_bls12381_cost_base: Option<u64>,
919    groth16_prepare_verifying_key_bn254_cost_base: Option<u64>,
920
921    // groth16::verify_groth16_proof_internal
922    groth16_verify_groth16_proof_internal_bls12381_cost_base: Option<u64>,
923    groth16_verify_groth16_proof_internal_bls12381_cost_per_public_input: Option<u64>,
924    groth16_verify_groth16_proof_internal_bn254_cost_base: Option<u64>,
925    groth16_verify_groth16_proof_internal_bn254_cost_per_public_input: Option<u64>,
926    groth16_verify_groth16_proof_internal_public_input_cost_per_byte: Option<u64>,
927
928    // hash::blake2b256
929    hash_blake2b256_cost_base: Option<u64>,
930    hash_blake2b256_data_cost_per_byte: Option<u64>,
931    hash_blake2b256_data_cost_per_block: Option<u64>,
932
933    // hash::keccak256
934    hash_keccak256_cost_base: Option<u64>,
935    hash_keccak256_data_cost_per_byte: Option<u64>,
936    hash_keccak256_data_cost_per_block: Option<u64>,
937
938    // poseidon::poseidon_bn254
939    poseidon_bn254_cost_base: Option<u64>,
940    poseidon_bn254_cost_per_block: Option<u64>,
941
942    // group_ops
943    group_ops_bls12381_decode_scalar_cost: Option<u64>,
944    group_ops_bls12381_decode_g1_cost: Option<u64>,
945    group_ops_bls12381_decode_g2_cost: Option<u64>,
946    group_ops_bls12381_decode_gt_cost: Option<u64>,
947    group_ops_bls12381_scalar_add_cost: Option<u64>,
948    group_ops_bls12381_g1_add_cost: Option<u64>,
949    group_ops_bls12381_g2_add_cost: Option<u64>,
950    group_ops_bls12381_gt_add_cost: Option<u64>,
951    group_ops_bls12381_scalar_sub_cost: Option<u64>,
952    group_ops_bls12381_g1_sub_cost: Option<u64>,
953    group_ops_bls12381_g2_sub_cost: Option<u64>,
954    group_ops_bls12381_gt_sub_cost: Option<u64>,
955    group_ops_bls12381_scalar_mul_cost: Option<u64>,
956    group_ops_bls12381_g1_mul_cost: Option<u64>,
957    group_ops_bls12381_g2_mul_cost: Option<u64>,
958    group_ops_bls12381_gt_mul_cost: Option<u64>,
959    group_ops_bls12381_scalar_div_cost: Option<u64>,
960    group_ops_bls12381_g1_div_cost: Option<u64>,
961    group_ops_bls12381_g2_div_cost: Option<u64>,
962    group_ops_bls12381_gt_div_cost: Option<u64>,
963    group_ops_bls12381_g1_hash_to_base_cost: Option<u64>,
964    group_ops_bls12381_g2_hash_to_base_cost: Option<u64>,
965    group_ops_bls12381_g1_hash_to_cost_per_byte: Option<u64>,
966    group_ops_bls12381_g2_hash_to_cost_per_byte: Option<u64>,
967    group_ops_bls12381_g1_msm_base_cost: Option<u64>,
968    group_ops_bls12381_g2_msm_base_cost: Option<u64>,
969    group_ops_bls12381_g1_msm_base_cost_per_input: Option<u64>,
970    group_ops_bls12381_g2_msm_base_cost_per_input: Option<u64>,
971    group_ops_bls12381_msm_max_len: Option<u32>,
972    group_ops_bls12381_pairing_cost: Option<u64>,
973    group_ops_bls12381_g1_to_uncompressed_g1_cost: Option<u64>,
974    group_ops_bls12381_uncompressed_g1_to_g1_cost: Option<u64>,
975    group_ops_bls12381_uncompressed_g1_sum_base_cost: Option<u64>,
976    group_ops_bls12381_uncompressed_g1_sum_cost_per_term: Option<u64>,
977    group_ops_bls12381_uncompressed_g1_sum_max_terms: Option<u64>,
978
979    // hmac::hmac_sha3_256
980    hmac_hmac_sha3_256_cost_base: Option<u64>,
981    hmac_hmac_sha3_256_input_cost_per_byte: Option<u64>,
982    hmac_hmac_sha3_256_input_cost_per_block: Option<u64>,
983
984    // zklogin::check_zklogin_id
985    check_zklogin_id_cost_base: Option<u64>,
986    // zklogin::check_zklogin_issuer
987    check_zklogin_issuer_cost_base: Option<u64>,
988
989    vdf_verify_vdf_cost: Option<u64>,
990    vdf_hash_to_input_cost: Option<u64>,
991
992    // Stdlib costs
993    bcs_per_byte_serialized_cost: Option<u64>,
994    bcs_legacy_min_output_size_cost: Option<u64>,
995    bcs_failure_cost: Option<u64>,
996
997    hash_sha2_256_base_cost: Option<u64>,
998    hash_sha2_256_per_byte_cost: Option<u64>,
999    hash_sha2_256_legacy_min_input_len_cost: Option<u64>,
1000    hash_sha3_256_base_cost: Option<u64>,
1001    hash_sha3_256_per_byte_cost: Option<u64>,
1002    hash_sha3_256_legacy_min_input_len_cost: Option<u64>,
1003    type_name_get_base_cost: Option<u64>,
1004    type_name_get_per_byte_cost: Option<u64>,
1005
1006    string_check_utf8_base_cost: Option<u64>,
1007    string_check_utf8_per_byte_cost: Option<u64>,
1008    string_is_char_boundary_base_cost: Option<u64>,
1009    string_sub_string_base_cost: Option<u64>,
1010    string_sub_string_per_byte_cost: Option<u64>,
1011    string_index_of_base_cost: Option<u64>,
1012    string_index_of_per_byte_pattern_cost: Option<u64>,
1013    string_index_of_per_byte_searched_cost: Option<u64>,
1014
1015    vector_empty_base_cost: Option<u64>,
1016    vector_length_base_cost: Option<u64>,
1017    vector_push_back_base_cost: Option<u64>,
1018    vector_push_back_legacy_per_abstract_memory_unit_cost: Option<u64>,
1019    vector_borrow_base_cost: Option<u64>,
1020    vector_pop_back_base_cost: Option<u64>,
1021    vector_destroy_empty_base_cost: Option<u64>,
1022    vector_swap_base_cost: Option<u64>,
1023    debug_print_base_cost: Option<u64>,
1024    debug_print_stack_trace_base_cost: Option<u64>,
1025
1026    // === Execution Version ===
1027    execution_version: Option<u64>,
1028
1029    // Dictates the threshold (percentage of stake) that is used to calculate the "bad" nodes to be
1030    // swapped when creating the consensus schedule. The values should be of the range [0 - 33].
1031    // Anything above 33 (f) will not be allowed.
1032    consensus_bad_nodes_stake_threshold: Option<u64>,
1033
1034    max_jwk_votes_per_validator_per_epoch: Option<u64>,
1035    // The maximum age of a JWK in epochs before it is removed from the AuthenticatorState object.
1036    // Applied at the end of an epoch as a delta from the new epoch value, so setting this to 1
1037    // will cause the new epoch to start with JWKs from the previous epoch still valid.
1038    max_age_of_jwk_in_epochs: Option<u64>,
1039
1040    // === random beacon ===
1041    /// Maximum allowed precision loss when reducing voting weights for the
1042    /// random beacon protocol.
1043    random_beacon_reduction_allowed_delta: Option<u16>,
1044
1045    /// Minimum number of shares below which voting weights will not be reduced
1046    /// for the random beacon protocol.
1047    random_beacon_reduction_lower_bound: Option<u32>,
1048
1049    /// Consensus Round after which DKG should be aborted and randomness
1050    /// disabled for the epoch, if it hasn't already completed.
1051    random_beacon_dkg_timeout_round: Option<u32>,
1052
1053    /// Minimum interval between consecutive rounds of generated randomness.
1054    random_beacon_min_round_interval_ms: Option<u64>,
1055
1056    /// Version of the random beacon DKG protocol.
1057    /// 0 was deprecated (and currently not supported), 1 is the default
1058    /// version.
1059    random_beacon_dkg_version: Option<u64>,
1060
1061    /// The maximum serialized transaction size (in bytes) accepted by
1062    /// consensus. `consensus_max_transaction_size_bytes` should include
1063    /// space for additional metadata, on top of the `max_tx_size_bytes`
1064    /// value.
1065    consensus_max_transaction_size_bytes: Option<u64>,
1066    /// The maximum size of transactions included in a consensus block.
1067    consensus_max_transactions_in_block_bytes: Option<u64>,
1068    /// The maximum number of transactions included in a consensus block.
1069    consensus_max_num_transactions_in_block: Option<u64>,
1070
1071    /// The max number of consensus rounds a transaction can be deferred due to
1072    /// shared object congestion. Transactions will be cancelled after this
1073    /// many rounds.
1074    max_deferral_rounds_for_congestion_control: Option<u64>,
1075
1076    /// Minimum interval of commit timestamps between consecutive checkpoints.
1077    min_checkpoint_interval_ms: Option<u64>,
1078
1079    /// Version number to use for version_specific_data in `CheckpointSummary`.
1080    checkpoint_summary_version_specific_data: Option<u64>,
1081
1082    /// The max number of transactions that can be included in a single Soft
1083    /// Bundle.
1084    max_soft_bundle_size: Option<u64>,
1085
1086    /// Deprecated because of bridge removal.
1087    /// Whether to try to form bridge committee
1088    // Note: this is not a feature flag because we want to distinguish between
1089    // `None` and `Some(false)`, as committee was already finalized on Testnet.
1090    bridge_should_try_to_finalize_committee: Option<bool>,
1091
1092    /// The max accumulated txn execution cost per object in a mysticeti commit.
1093    /// Transactions in a commit will be deferred once their touch shared
1094    /// objects hit this limit.
1095    max_accumulated_txn_cost_per_object_in_mysticeti_commit: Option<u64>,
1096
1097    /// Maximum number of committee (validators taking part in consensus)
1098    /// validators at any moment. We do not allow the number of committee
1099    /// validators in any epoch to go above this.
1100    max_committee_members_count: Option<u64>,
1101
1102    /// Configures the garbage collection depth for consensus. When is unset or
1103    /// `0` then the garbage collection is disabled.
1104    consensus_gc_depth: Option<u32>,
1105}
1106
1107// feature flags
1108impl ProtocolConfig {
1109    // Add checks for feature flag support here, e.g.:
1110    // pub fn check_new_protocol_feature_supported(&self) -> Result<(), Error> {
1111    //     if self.feature_flags.new_protocol_feature_supported {
1112    //         Ok(())
1113    //     } else {
1114    //         Err(Error(format!(
1115    //             "new_protocol_feature is not supported at {:?}",
1116    //             self.version
1117    //         )))
1118    //     }
1119    // }
1120
1121    pub fn disable_invariant_violation_check_in_swap_loc(&self) -> bool {
1122        self.feature_flags
1123            .disable_invariant_violation_check_in_swap_loc
1124    }
1125
1126    pub fn no_extraneous_module_bytes(&self) -> bool {
1127        self.feature_flags.no_extraneous_module_bytes
1128    }
1129
1130    pub fn zklogin_auth(&self) -> bool {
1131        self.feature_flags.zklogin_auth
1132    }
1133
1134    pub fn consensus_transaction_ordering(&self) -> ConsensusTransactionOrdering {
1135        self.feature_flags.consensus_transaction_ordering
1136    }
1137
1138    pub fn enable_jwk_consensus_updates(&self) -> bool {
1139        self.feature_flags.enable_jwk_consensus_updates
1140    }
1141
1142    // this function only exists for readability in the genesis code.
1143    pub fn create_authenticator_state_in_genesis(&self) -> bool {
1144        self.enable_jwk_consensus_updates()
1145    }
1146
1147    pub fn dkg_version(&self) -> u64 {
1148        // Version 0 was deprecated and removed, the default is 1 if not set.
1149        self.random_beacon_dkg_version.unwrap_or(1)
1150    }
1151
1152    pub fn accept_zklogin_in_multisig(&self) -> bool {
1153        self.feature_flags.accept_zklogin_in_multisig
1154    }
1155
1156    pub fn zklogin_max_epoch_upper_bound_delta(&self) -> Option<u64> {
1157        self.feature_flags.zklogin_max_epoch_upper_bound_delta
1158    }
1159
1160    pub fn hardened_otw_check(&self) -> bool {
1161        self.feature_flags.hardened_otw_check
1162    }
1163
1164    pub fn enable_poseidon(&self) -> bool {
1165        self.feature_flags.enable_poseidon
1166    }
1167
1168    pub fn enable_group_ops_native_function_msm(&self) -> bool {
1169        self.feature_flags.enable_group_ops_native_function_msm
1170    }
1171
1172    pub fn per_object_congestion_control_mode(&self) -> PerObjectCongestionControlMode {
1173        self.feature_flags.per_object_congestion_control_mode
1174    }
1175
1176    pub fn consensus_choice(&self) -> ConsensusChoice {
1177        self.feature_flags.consensus_choice
1178    }
1179
1180    pub fn consensus_network(&self) -> ConsensusNetwork {
1181        self.feature_flags.consensus_network
1182    }
1183
1184    pub fn enable_vdf(&self) -> bool {
1185        self.feature_flags.enable_vdf
1186    }
1187
1188    pub fn passkey_auth(&self) -> bool {
1189        self.feature_flags.passkey_auth
1190    }
1191
1192    pub fn max_transaction_size_bytes(&self) -> u64 {
1193        // Provide a default value if protocol config version is too low.
1194        self.consensus_max_transaction_size_bytes
1195            .unwrap_or(256 * 1024)
1196    }
1197
1198    pub fn max_transactions_in_block_bytes(&self) -> u64 {
1199        if cfg!(msim) {
1200            256 * 1024
1201        } else {
1202            self.consensus_max_transactions_in_block_bytes
1203                .unwrap_or(512 * 1024)
1204        }
1205    }
1206
1207    pub fn max_num_transactions_in_block(&self) -> u64 {
1208        if cfg!(msim) {
1209            8
1210        } else {
1211            self.consensus_max_num_transactions_in_block.unwrap_or(512)
1212        }
1213    }
1214
1215    pub fn rethrow_serialization_type_layout_errors(&self) -> bool {
1216        self.feature_flags.rethrow_serialization_type_layout_errors
1217    }
1218
1219    pub fn relocate_event_module(&self) -> bool {
1220        self.feature_flags.relocate_event_module
1221    }
1222
1223    pub fn protocol_defined_base_fee(&self) -> bool {
1224        self.feature_flags.protocol_defined_base_fee
1225    }
1226
1227    pub fn uncompressed_g1_group_elements(&self) -> bool {
1228        self.feature_flags.uncompressed_g1_group_elements
1229    }
1230
1231    pub fn disallow_new_modules_in_deps_only_packages(&self) -> bool {
1232        self.feature_flags
1233            .disallow_new_modules_in_deps_only_packages
1234    }
1235
1236    pub fn native_charging_v2(&self) -> bool {
1237        self.feature_flags.native_charging_v2
1238    }
1239
1240    pub fn consensus_round_prober(&self) -> bool {
1241        self.feature_flags.consensus_round_prober
1242    }
1243
1244    pub fn consensus_distributed_vote_scoring_strategy(&self) -> bool {
1245        self.feature_flags
1246            .consensus_distributed_vote_scoring_strategy
1247    }
1248
1249    pub fn gc_depth(&self) -> u32 {
1250        if cfg!(msim) {
1251            // exercise a very low gc_depth
1252            min(5, self.consensus_gc_depth.unwrap_or(0))
1253        } else {
1254            self.consensus_gc_depth.unwrap_or(0)
1255        }
1256    }
1257
1258    pub fn consensus_linearize_subdag_v2(&self) -> bool {
1259        let res = self.feature_flags.consensus_linearize_subdag_v2;
1260        assert!(
1261            !res || self.gc_depth() > 0,
1262            "The consensus linearize sub dag V2 requires GC to be enabled"
1263        );
1264        res
1265    }
1266
1267    pub fn variant_nodes(&self) -> bool {
1268        self.feature_flags.variant_nodes
1269    }
1270
1271    pub fn consensus_smart_ancestor_selection(&self) -> bool {
1272        self.feature_flags.consensus_smart_ancestor_selection
1273    }
1274
1275    pub fn consensus_round_prober_probe_accepted_rounds(&self) -> bool {
1276        self.feature_flags
1277            .consensus_round_prober_probe_accepted_rounds
1278    }
1279
1280    pub fn consensus_zstd_compression(&self) -> bool {
1281        self.feature_flags.consensus_zstd_compression
1282    }
1283
1284    pub fn congestion_control_min_free_execution_slot(&self) -> bool {
1285        self.feature_flags
1286            .congestion_control_min_free_execution_slot
1287    }
1288
1289    pub fn accept_passkey_in_multisig(&self) -> bool {
1290        self.feature_flags.accept_passkey_in_multisig
1291    }
1292
1293    pub fn consensus_batched_block_sync(&self) -> bool {
1294        self.feature_flags.consensus_batched_block_sync
1295    }
1296
1297    /// Check if the gas price feedback mechanism (which is used for
1298    /// transactions cancelled due to shared object congestion) is enabled
1299    pub fn congestion_control_gas_price_feedback_mechanism(&self) -> bool {
1300        self.feature_flags
1301            .congestion_control_gas_price_feedback_mechanism
1302    }
1303
1304    pub fn validate_identifier_inputs(&self) -> bool {
1305        self.feature_flags.validate_identifier_inputs
1306    }
1307
1308    pub fn minimize_child_object_mutations(&self) -> bool {
1309        self.feature_flags.minimize_child_object_mutations
1310    }
1311
1312    pub fn dependency_linkage_error(&self) -> bool {
1313        self.feature_flags.dependency_linkage_error
1314    }
1315
1316    pub fn additional_multisig_checks(&self) -> bool {
1317        self.feature_flags.additional_multisig_checks
1318    }
1319
1320    pub fn consensus_num_requested_prior_commits_at_startup(&self) -> u32 {
1321        // TODO: this will eventually be the max of some number of other
1322        // parameters.
1323        0
1324    }
1325}
1326
1327#[cfg(not(msim))]
1328static POISON_VERSION_METHODS: AtomicBool = const { AtomicBool::new(false) };
1329
1330// Use a thread local in sim tests for test isolation.
1331#[cfg(msim)]
1332thread_local! {
1333    static POISON_VERSION_METHODS: AtomicBool = const { AtomicBool::new(false) };
1334}
1335
1336// Instantiations for each protocol version.
1337impl ProtocolConfig {
1338    /// Get the value ProtocolConfig that are in effect during the given
1339    /// protocol version.
1340    pub fn get_for_version(version: ProtocolVersion, chain: Chain) -> Self {
1341        // ProtocolVersion can be deserialized so we need to check it here as well.
1342        assert!(
1343            version >= ProtocolVersion::MIN,
1344            "Network protocol version is {:?}, but the minimum supported version by the binary is {:?}. Please upgrade the binary.",
1345            version,
1346            ProtocolVersion::MIN.0,
1347        );
1348        assert!(
1349            version <= ProtocolVersion::MAX_ALLOWED,
1350            "Network protocol version is {:?}, but the maximum supported version by the binary is {:?}. Please upgrade the binary.",
1351            version,
1352            ProtocolVersion::MAX_ALLOWED.0,
1353        );
1354
1355        let mut ret = Self::get_for_version_impl(version, chain);
1356        ret.version = version;
1357
1358        ret = CONFIG_OVERRIDE.with(|ovr| {
1359            if let Some(override_fn) = &*ovr.borrow() {
1360                warn!(
1361                    "overriding ProtocolConfig settings with custom settings (you should not see this log outside of tests)"
1362                );
1363                override_fn(version, ret)
1364            } else {
1365                ret
1366            }
1367        });
1368
1369        if std::env::var("IOTA_PROTOCOL_CONFIG_OVERRIDE_ENABLE").is_ok() {
1370            warn!(
1371                "overriding ProtocolConfig settings with custom settings; this may break non-local networks"
1372            );
1373            let overrides: ProtocolConfigOptional =
1374                serde_env::from_env_with_prefix("IOTA_PROTOCOL_CONFIG_OVERRIDE")
1375                    .expect("failed to parse ProtocolConfig override env variables");
1376            overrides.apply_to(&mut ret);
1377        }
1378
1379        ret
1380    }
1381
1382    /// Get the value ProtocolConfig that are in effect during the given
1383    /// protocol version. Or none if the version is not supported.
1384    pub fn get_for_version_if_supported(version: ProtocolVersion, chain: Chain) -> Option<Self> {
1385        if version.0 >= ProtocolVersion::MIN.0 && version.0 <= ProtocolVersion::MAX_ALLOWED.0 {
1386            let mut ret = Self::get_for_version_impl(version, chain);
1387            ret.version = version;
1388            Some(ret)
1389        } else {
1390            None
1391        }
1392    }
1393
1394    #[cfg(not(msim))]
1395    pub fn poison_get_for_min_version() {
1396        POISON_VERSION_METHODS.store(true, Ordering::Relaxed);
1397    }
1398
1399    #[cfg(not(msim))]
1400    fn load_poison_get_for_min_version() -> bool {
1401        POISON_VERSION_METHODS.load(Ordering::Relaxed)
1402    }
1403
1404    #[cfg(msim)]
1405    pub fn poison_get_for_min_version() {
1406        POISON_VERSION_METHODS.with(|p| p.store(true, Ordering::Relaxed));
1407    }
1408
1409    #[cfg(msim)]
1410    fn load_poison_get_for_min_version() -> bool {
1411        POISON_VERSION_METHODS.with(|p| p.load(Ordering::Relaxed))
1412    }
1413
1414    pub fn convert_type_argument_error(&self) -> bool {
1415        self.feature_flags.convert_type_argument_error
1416    }
1417
1418    /// Convenience to get the constants at the current minimum supported
1419    /// version. Mainly used by client code that may not yet be
1420    /// protocol-version aware.
1421    pub fn get_for_min_version() -> Self {
1422        if Self::load_poison_get_for_min_version() {
1423            panic!("get_for_min_version called on validator");
1424        }
1425        ProtocolConfig::get_for_version(ProtocolVersion::MIN, Chain::Unknown)
1426    }
1427
1428    /// CAREFUL! - You probably want to use `get_for_version` instead.
1429    ///
1430    /// Convenience to get the constants at the current maximum supported
1431    /// version. Mainly used by genesis. Note well that this function uses
1432    /// the max version supported locally by the node, which is not
1433    /// necessarily the current version of the network. ALSO, this function
1434    /// disregards chain specific config (by using Chain::Unknown), thereby
1435    /// potentially returning a protocol config that is incorrect for some
1436    /// feature flags. Definitely safe for testing and for protocol version
1437    /// 11 and prior.
1438    #[expect(non_snake_case)]
1439    pub fn get_for_max_version_UNSAFE() -> Self {
1440        if Self::load_poison_get_for_min_version() {
1441            panic!("get_for_max_version_UNSAFE called on validator");
1442        }
1443        ProtocolConfig::get_for_version(ProtocolVersion::MAX, Chain::Unknown)
1444    }
1445
1446    fn get_for_version_impl(version: ProtocolVersion, chain: Chain) -> Self {
1447        #[cfg(msim)]
1448        {
1449            // populate the fake simulator version # with a different base tx cost.
1450            if version > ProtocolVersion::MAX {
1451                let mut config = Self::get_for_version_impl(ProtocolVersion::MAX, Chain::Unknown);
1452                config.base_tx_cost_fixed = Some(config.base_tx_cost_fixed() + 1000);
1453                return config;
1454            }
1455        }
1456
1457        // IMPORTANT: Never modify the value of any constant for a pre-existing protocol
1458        // version. To change the values here you must create a new protocol
1459        // version with the new values!
1460        let mut cfg = Self {
1461            version,
1462
1463            feature_flags: Default::default(),
1464
1465            max_tx_size_bytes: Some(128 * 1024),
1466            // We need this number to be at least 100x less than
1467            // `max_serialized_tx_effects_size_bytes`otherwise effects can be huge
1468            max_input_objects: Some(2048),
1469            max_serialized_tx_effects_size_bytes: Some(512 * 1024),
1470            max_serialized_tx_effects_size_bytes_system_tx: Some(512 * 1024 * 16),
1471            max_gas_payment_objects: Some(256),
1472            max_modules_in_publish: Some(64),
1473            max_package_dependencies: Some(32),
1474            max_arguments: Some(512),
1475            max_type_arguments: Some(16),
1476            max_type_argument_depth: Some(16),
1477            max_pure_argument_size: Some(16 * 1024),
1478            max_programmable_tx_commands: Some(1024),
1479            move_binary_format_version: Some(7),
1480            min_move_binary_format_version: Some(6),
1481            binary_module_handles: Some(100),
1482            binary_struct_handles: Some(300),
1483            binary_function_handles: Some(1500),
1484            binary_function_instantiations: Some(750),
1485            binary_signatures: Some(1000),
1486            binary_constant_pool: Some(4000),
1487            binary_identifiers: Some(10000),
1488            binary_address_identifiers: Some(100),
1489            binary_struct_defs: Some(200),
1490            binary_struct_def_instantiations: Some(100),
1491            binary_function_defs: Some(1000),
1492            binary_field_handles: Some(500),
1493            binary_field_instantiations: Some(250),
1494            binary_friend_decls: Some(100),
1495            binary_enum_defs: None,
1496            binary_enum_def_instantiations: None,
1497            binary_variant_handles: None,
1498            binary_variant_instantiation_handles: None,
1499            max_move_object_size: Some(250 * 1024),
1500            max_move_package_size: Some(100 * 1024),
1501            max_publish_or_upgrade_per_ptb: Some(5),
1502            // max gas budget is in NANOS and an absolute value 50IOTA
1503            max_tx_gas: Some(50_000_000_000),
1504            max_gas_price: Some(100_000),
1505            max_gas_computation_bucket: Some(5_000_000),
1506            max_loop_depth: Some(5),
1507            max_generic_instantiation_length: Some(32),
1508            max_function_parameters: Some(128),
1509            max_basic_blocks: Some(1024),
1510            max_value_stack_size: Some(1024),
1511            max_type_nodes: Some(256),
1512            max_push_size: Some(10000),
1513            max_struct_definitions: Some(200),
1514            max_function_definitions: Some(1000),
1515            max_fields_in_struct: Some(32),
1516            max_dependency_depth: Some(100),
1517            max_num_event_emit: Some(1024),
1518            max_num_new_move_object_ids: Some(2048),
1519            max_num_new_move_object_ids_system_tx: Some(2048 * 16),
1520            max_num_deleted_move_object_ids: Some(2048),
1521            max_num_deleted_move_object_ids_system_tx: Some(2048 * 16),
1522            max_num_transferred_move_object_ids: Some(2048),
1523            max_num_transferred_move_object_ids_system_tx: Some(2048 * 16),
1524            max_event_emit_size: Some(250 * 1024),
1525            max_move_vector_len: Some(256 * 1024),
1526            max_type_to_layout_nodes: None,
1527            max_ptb_value_size: None,
1528
1529            max_back_edges_per_function: Some(10_000),
1530            max_back_edges_per_module: Some(10_000),
1531
1532            max_verifier_meter_ticks_per_function: Some(16_000_000),
1533
1534            max_meter_ticks_per_module: Some(16_000_000),
1535            max_meter_ticks_per_package: Some(16_000_000),
1536
1537            object_runtime_max_num_cached_objects: Some(1000),
1538            object_runtime_max_num_cached_objects_system_tx: Some(1000 * 16),
1539            object_runtime_max_num_store_entries: Some(1000),
1540            object_runtime_max_num_store_entries_system_tx: Some(1000 * 16),
1541            // min gas budget is in NANOS and an absolute value 1000 NANOS or 0.000001IOTA
1542            base_tx_cost_fixed: Some(1_000),
1543            package_publish_cost_fixed: Some(1_000),
1544            base_tx_cost_per_byte: Some(0),
1545            package_publish_cost_per_byte: Some(80),
1546            obj_access_cost_read_per_byte: Some(15),
1547            obj_access_cost_mutate_per_byte: Some(40),
1548            obj_access_cost_delete_per_byte: Some(40),
1549            obj_access_cost_verify_per_byte: Some(200),
1550            obj_data_cost_refundable: Some(100),
1551            obj_metadata_cost_non_refundable: Some(50),
1552            gas_model_version: Some(1),
1553            storage_rebate_rate: Some(10000),
1554            // Change reward slashing rate to 100%.
1555            reward_slashing_rate: Some(10000),
1556            storage_gas_price: Some(76),
1557            base_gas_price: None,
1558            // The initial subsidy (target reward) for validators per epoch.
1559            // Refer to the IOTA tokenomics for the origin of this value.
1560            validator_target_reward: Some(767_000 * 1_000_000_000),
1561            max_transactions_per_checkpoint: Some(10_000),
1562            max_checkpoint_size_bytes: Some(30 * 1024 * 1024),
1563
1564            // For now, perform upgrades with a bare quorum of validators.
1565            buffer_stake_for_protocol_upgrade_bps: Some(5000),
1566
1567            // === Native Function Costs ===
1568            // `address` module
1569            // Cost params for the Move native function `address::from_bytes(bytes: vector<u8>)`
1570            address_from_bytes_cost_base: Some(52),
1571            // Cost params for the Move native function `address::to_u256(address): u256`
1572            address_to_u256_cost_base: Some(52),
1573            // Cost params for the Move native function `address::from_u256(u256): address`
1574            address_from_u256_cost_base: Some(52),
1575
1576            // `config` module
1577            // Cost params for the Move native function `read_setting_impl``
1578            config_read_setting_impl_cost_base: Some(100),
1579            config_read_setting_impl_cost_per_byte: Some(40),
1580
1581            // `dynamic_field` module
1582            // Cost params for the Move native function `hash_type_and_key<K: copy + drop +
1583            // store>(parent: address, k: K): address`
1584            dynamic_field_hash_type_and_key_cost_base: Some(100),
1585            dynamic_field_hash_type_and_key_type_cost_per_byte: Some(2),
1586            dynamic_field_hash_type_and_key_value_cost_per_byte: Some(2),
1587            dynamic_field_hash_type_and_key_type_tag_cost_per_byte: Some(2),
1588            // Cost params for the Move native function `add_child_object<Child: key>(parent:
1589            // address, child: Child)`
1590            dynamic_field_add_child_object_cost_base: Some(100),
1591            dynamic_field_add_child_object_type_cost_per_byte: Some(10),
1592            dynamic_field_add_child_object_value_cost_per_byte: Some(10),
1593            dynamic_field_add_child_object_struct_tag_cost_per_byte: Some(10),
1594            // Cost params for the Move native function `borrow_child_object_mut<Child: key>(parent:
1595            // &mut UID, id: address): &mut Child`
1596            dynamic_field_borrow_child_object_cost_base: Some(100),
1597            dynamic_field_borrow_child_object_child_ref_cost_per_byte: Some(10),
1598            dynamic_field_borrow_child_object_type_cost_per_byte: Some(10),
1599            // Cost params for the Move native function `remove_child_object<Child: key>(parent:
1600            // address, id: address): Child`
1601            dynamic_field_remove_child_object_cost_base: Some(100),
1602            dynamic_field_remove_child_object_child_cost_per_byte: Some(2),
1603            dynamic_field_remove_child_object_type_cost_per_byte: Some(2),
1604            // Cost params for the Move native function `has_child_object(parent: address, id:
1605            // address): bool`
1606            dynamic_field_has_child_object_cost_base: Some(100),
1607            // Cost params for the Move native function `has_child_object_with_ty<Child:
1608            // key>(parent: address, id: address): bool`
1609            dynamic_field_has_child_object_with_ty_cost_base: Some(100),
1610            dynamic_field_has_child_object_with_ty_type_cost_per_byte: Some(2),
1611            dynamic_field_has_child_object_with_ty_type_tag_cost_per_byte: Some(2),
1612
1613            // `event` module
1614            // Cost params for the Move native function `event::emit<T: copy + drop>(event: T)`
1615            event_emit_cost_base: Some(52),
1616            event_emit_value_size_derivation_cost_per_byte: Some(2),
1617            event_emit_tag_size_derivation_cost_per_byte: Some(5),
1618            event_emit_output_cost_per_byte: Some(10),
1619
1620            //  `object` module
1621            // Cost params for the Move native function `borrow_uid<T: key>(obj: &T): &UID`
1622            object_borrow_uid_cost_base: Some(52),
1623            // Cost params for the Move native function `delete_impl(id: address)`
1624            object_delete_impl_cost_base: Some(52),
1625            // Cost params for the Move native function `record_new_uid(id: address)`
1626            object_record_new_uid_cost_base: Some(52),
1627
1628            // `transfer` module
1629            // Cost params for the Move native function `transfer_impl<T: key>(obj: T, recipient:
1630            // address)`
1631            transfer_transfer_internal_cost_base: Some(52),
1632            // Cost params for the Move native function `freeze_object<T: key>(obj: T)`
1633            transfer_freeze_object_cost_base: Some(52),
1634            // Cost params for the Move native function `share_object<T: key>(obj: T)`
1635            transfer_share_object_cost_base: Some(52),
1636            transfer_receive_object_cost_base: Some(52),
1637
1638            // `tx_context` module
1639            // Cost params for the Move native function `transfer_impl<T: key>(obj: T, recipient:
1640            // address)`
1641            tx_context_derive_id_cost_base: Some(52),
1642
1643            // `types` module
1644            // Cost params for the Move native function `is_one_time_witness<T: drop>(_: &T): bool`
1645            types_is_one_time_witness_cost_base: Some(52),
1646            types_is_one_time_witness_type_tag_cost_per_byte: Some(2),
1647            types_is_one_time_witness_type_cost_per_byte: Some(2),
1648
1649            // `validator` module
1650            // Cost params for the Move native function `validate_metadata_bcs(metadata:
1651            // vector<u8>)`
1652            validator_validate_metadata_cost_base: Some(52),
1653            validator_validate_metadata_data_cost_per_byte: Some(2),
1654
1655            // Crypto
1656            crypto_invalid_arguments_cost: Some(100),
1657            // bls12381::bls12381_min_pk_verify
1658            bls12381_bls12381_min_sig_verify_cost_base: Some(52),
1659            bls12381_bls12381_min_sig_verify_msg_cost_per_byte: Some(2),
1660            bls12381_bls12381_min_sig_verify_msg_cost_per_block: Some(2),
1661
1662            // bls12381::bls12381_min_pk_verify
1663            bls12381_bls12381_min_pk_verify_cost_base: Some(52),
1664            bls12381_bls12381_min_pk_verify_msg_cost_per_byte: Some(2),
1665            bls12381_bls12381_min_pk_verify_msg_cost_per_block: Some(2),
1666
1667            // ecdsa_k1::ecrecover
1668            ecdsa_k1_ecrecover_keccak256_cost_base: Some(52),
1669            ecdsa_k1_ecrecover_keccak256_msg_cost_per_byte: Some(2),
1670            ecdsa_k1_ecrecover_keccak256_msg_cost_per_block: Some(2),
1671            ecdsa_k1_ecrecover_sha256_cost_base: Some(52),
1672            ecdsa_k1_ecrecover_sha256_msg_cost_per_byte: Some(2),
1673            ecdsa_k1_ecrecover_sha256_msg_cost_per_block: Some(2),
1674
1675            // ecdsa_k1::decompress_pubkey
1676            ecdsa_k1_decompress_pubkey_cost_base: Some(52),
1677
1678            // ecdsa_k1::secp256k1_verify
1679            ecdsa_k1_secp256k1_verify_keccak256_cost_base: Some(52),
1680            ecdsa_k1_secp256k1_verify_keccak256_msg_cost_per_byte: Some(2),
1681            ecdsa_k1_secp256k1_verify_keccak256_msg_cost_per_block: Some(2),
1682            ecdsa_k1_secp256k1_verify_sha256_cost_base: Some(52),
1683            ecdsa_k1_secp256k1_verify_sha256_msg_cost_per_byte: Some(2),
1684            ecdsa_k1_secp256k1_verify_sha256_msg_cost_per_block: Some(2),
1685
1686            // ecdsa_r1::ecrecover
1687            ecdsa_r1_ecrecover_keccak256_cost_base: Some(52),
1688            ecdsa_r1_ecrecover_keccak256_msg_cost_per_byte: Some(2),
1689            ecdsa_r1_ecrecover_keccak256_msg_cost_per_block: Some(2),
1690            ecdsa_r1_ecrecover_sha256_cost_base: Some(52),
1691            ecdsa_r1_ecrecover_sha256_msg_cost_per_byte: Some(2),
1692            ecdsa_r1_ecrecover_sha256_msg_cost_per_block: Some(2),
1693
1694            // ecdsa_r1::secp256k1_verify
1695            ecdsa_r1_secp256r1_verify_keccak256_cost_base: Some(52),
1696            ecdsa_r1_secp256r1_verify_keccak256_msg_cost_per_byte: Some(2),
1697            ecdsa_r1_secp256r1_verify_keccak256_msg_cost_per_block: Some(2),
1698            ecdsa_r1_secp256r1_verify_sha256_cost_base: Some(52),
1699            ecdsa_r1_secp256r1_verify_sha256_msg_cost_per_byte: Some(2),
1700            ecdsa_r1_secp256r1_verify_sha256_msg_cost_per_block: Some(2),
1701
1702            // ecvrf::verify
1703            ecvrf_ecvrf_verify_cost_base: Some(52),
1704            ecvrf_ecvrf_verify_alpha_string_cost_per_byte: Some(2),
1705            ecvrf_ecvrf_verify_alpha_string_cost_per_block: Some(2),
1706
1707            // ed25519
1708            ed25519_ed25519_verify_cost_base: Some(52),
1709            ed25519_ed25519_verify_msg_cost_per_byte: Some(2),
1710            ed25519_ed25519_verify_msg_cost_per_block: Some(2),
1711
1712            // groth16::prepare_verifying_key
1713            groth16_prepare_verifying_key_bls12381_cost_base: Some(52),
1714            groth16_prepare_verifying_key_bn254_cost_base: Some(52),
1715
1716            // groth16::verify_groth16_proof_internal
1717            groth16_verify_groth16_proof_internal_bls12381_cost_base: Some(52),
1718            groth16_verify_groth16_proof_internal_bls12381_cost_per_public_input: Some(2),
1719            groth16_verify_groth16_proof_internal_bn254_cost_base: Some(52),
1720            groth16_verify_groth16_proof_internal_bn254_cost_per_public_input: Some(2),
1721            groth16_verify_groth16_proof_internal_public_input_cost_per_byte: Some(2),
1722
1723            // hash::blake2b256
1724            hash_blake2b256_cost_base: Some(52),
1725            hash_blake2b256_data_cost_per_byte: Some(2),
1726            hash_blake2b256_data_cost_per_block: Some(2),
1727            // hash::keccak256
1728            hash_keccak256_cost_base: Some(52),
1729            hash_keccak256_data_cost_per_byte: Some(2),
1730            hash_keccak256_data_cost_per_block: Some(2),
1731
1732            poseidon_bn254_cost_base: None,
1733            poseidon_bn254_cost_per_block: None,
1734
1735            // hmac::hmac_sha3_256
1736            hmac_hmac_sha3_256_cost_base: Some(52),
1737            hmac_hmac_sha3_256_input_cost_per_byte: Some(2),
1738            hmac_hmac_sha3_256_input_cost_per_block: Some(2),
1739
1740            // group ops
1741            group_ops_bls12381_decode_scalar_cost: Some(52),
1742            group_ops_bls12381_decode_g1_cost: Some(52),
1743            group_ops_bls12381_decode_g2_cost: Some(52),
1744            group_ops_bls12381_decode_gt_cost: Some(52),
1745            group_ops_bls12381_scalar_add_cost: Some(52),
1746            group_ops_bls12381_g1_add_cost: Some(52),
1747            group_ops_bls12381_g2_add_cost: Some(52),
1748            group_ops_bls12381_gt_add_cost: Some(52),
1749            group_ops_bls12381_scalar_sub_cost: Some(52),
1750            group_ops_bls12381_g1_sub_cost: Some(52),
1751            group_ops_bls12381_g2_sub_cost: Some(52),
1752            group_ops_bls12381_gt_sub_cost: Some(52),
1753            group_ops_bls12381_scalar_mul_cost: Some(52),
1754            group_ops_bls12381_g1_mul_cost: Some(52),
1755            group_ops_bls12381_g2_mul_cost: Some(52),
1756            group_ops_bls12381_gt_mul_cost: Some(52),
1757            group_ops_bls12381_scalar_div_cost: Some(52),
1758            group_ops_bls12381_g1_div_cost: Some(52),
1759            group_ops_bls12381_g2_div_cost: Some(52),
1760            group_ops_bls12381_gt_div_cost: Some(52),
1761            group_ops_bls12381_g1_hash_to_base_cost: Some(52),
1762            group_ops_bls12381_g2_hash_to_base_cost: Some(52),
1763            group_ops_bls12381_g1_hash_to_cost_per_byte: Some(2),
1764            group_ops_bls12381_g2_hash_to_cost_per_byte: Some(2),
1765            group_ops_bls12381_g1_msm_base_cost: Some(52),
1766            group_ops_bls12381_g2_msm_base_cost: Some(52),
1767            group_ops_bls12381_g1_msm_base_cost_per_input: Some(52),
1768            group_ops_bls12381_g2_msm_base_cost_per_input: Some(52),
1769            group_ops_bls12381_msm_max_len: Some(32),
1770            group_ops_bls12381_pairing_cost: Some(52),
1771            group_ops_bls12381_g1_to_uncompressed_g1_cost: None,
1772            group_ops_bls12381_uncompressed_g1_to_g1_cost: None,
1773            group_ops_bls12381_uncompressed_g1_sum_base_cost: None,
1774            group_ops_bls12381_uncompressed_g1_sum_cost_per_term: None,
1775            group_ops_bls12381_uncompressed_g1_sum_max_terms: None,
1776
1777            // zklogin::check_zklogin_id
1778            check_zklogin_id_cost_base: Some(200),
1779            // zklogin::check_zklogin_issuer
1780            check_zklogin_issuer_cost_base: Some(200),
1781
1782            vdf_verify_vdf_cost: None,
1783            vdf_hash_to_input_cost: None,
1784
1785            bcs_per_byte_serialized_cost: Some(2),
1786            bcs_legacy_min_output_size_cost: Some(1),
1787            bcs_failure_cost: Some(52),
1788            hash_sha2_256_base_cost: Some(52),
1789            hash_sha2_256_per_byte_cost: Some(2),
1790            hash_sha2_256_legacy_min_input_len_cost: Some(1),
1791            hash_sha3_256_base_cost: Some(52),
1792            hash_sha3_256_per_byte_cost: Some(2),
1793            hash_sha3_256_legacy_min_input_len_cost: Some(1),
1794            type_name_get_base_cost: Some(52),
1795            type_name_get_per_byte_cost: Some(2),
1796            string_check_utf8_base_cost: Some(52),
1797            string_check_utf8_per_byte_cost: Some(2),
1798            string_is_char_boundary_base_cost: Some(52),
1799            string_sub_string_base_cost: Some(52),
1800            string_sub_string_per_byte_cost: Some(2),
1801            string_index_of_base_cost: Some(52),
1802            string_index_of_per_byte_pattern_cost: Some(2),
1803            string_index_of_per_byte_searched_cost: Some(2),
1804            vector_empty_base_cost: Some(52),
1805            vector_length_base_cost: Some(52),
1806            vector_push_back_base_cost: Some(52),
1807            vector_push_back_legacy_per_abstract_memory_unit_cost: Some(2),
1808            vector_borrow_base_cost: Some(52),
1809            vector_pop_back_base_cost: Some(52),
1810            vector_destroy_empty_base_cost: Some(52),
1811            vector_swap_base_cost: Some(52),
1812            debug_print_base_cost: Some(52),
1813            debug_print_stack_trace_base_cost: Some(52),
1814
1815            max_size_written_objects: Some(5 * 1000 * 1000),
1816            // max size of written objects during a system TXn to allow for larger writes
1817            // akin to `max_size_written_objects` but for system TXns
1818            max_size_written_objects_system_tx: Some(50 * 1000 * 1000),
1819
1820            // Limits the length of a Move identifier
1821            max_move_identifier_len: Some(128),
1822            max_move_value_depth: Some(128),
1823            max_move_enum_variants: None,
1824
1825            gas_rounding_step: Some(1_000),
1826
1827            execution_version: Some(1),
1828
1829            // We maintain the same total size limit for events, but increase the number of
1830            // events that can be emitted.
1831            max_event_emit_size_total: Some(
1832                256 /* former event count limit */ * 250 * 1024, // size limit per event
1833            ),
1834
1835            // Taking a baby step approach, we consider only 20% by stake as bad nodes so we
1836            // have a 80% by stake of nodes participating in the leader committee. That
1837            // allow us for more redundancy in case we have validators
1838            // under performing - since the responsibility is shared
1839            // amongst more nodes. We can increase that once we do have
1840            // higher confidence.
1841            consensus_bad_nodes_stake_threshold: Some(20),
1842
1843            // Max of 10 votes per hour.
1844            max_jwk_votes_per_validator_per_epoch: Some(240),
1845
1846            max_age_of_jwk_in_epochs: Some(1),
1847
1848            consensus_max_transaction_size_bytes: Some(256 * 1024), // 256KB
1849
1850            // Assume 1KB per transaction and 500 transactions per block.
1851            consensus_max_transactions_in_block_bytes: Some(512 * 1024),
1852
1853            random_beacon_reduction_allowed_delta: Some(800),
1854
1855            random_beacon_reduction_lower_bound: Some(1000),
1856            random_beacon_dkg_timeout_round: Some(3000),
1857            random_beacon_min_round_interval_ms: Some(500),
1858
1859            random_beacon_dkg_version: Some(1),
1860
1861            // Assume 20_000 TPS * 5% max stake per validator / (minimum) 4 blocks per round
1862            // = 250 transactions per block maximum Using a higher limit
1863            // that is 512, to account for bursty traffic and system transactions.
1864            consensus_max_num_transactions_in_block: Some(512),
1865
1866            max_deferral_rounds_for_congestion_control: Some(10),
1867
1868            min_checkpoint_interval_ms: Some(200),
1869
1870            checkpoint_summary_version_specific_data: Some(1),
1871
1872            max_soft_bundle_size: Some(5),
1873
1874            bridge_should_try_to_finalize_committee: None,
1875
1876            max_accumulated_txn_cost_per_object_in_mysticeti_commit: Some(10),
1877
1878            max_committee_members_count: None,
1879
1880            consensus_gc_depth: None,
1881            // When adding a new constant, set it to None in the earliest version, like this:
1882            // new_constant: None,
1883        };
1884
1885        cfg.feature_flags.consensus_transaction_ordering = ConsensusTransactionOrdering::ByGasPrice;
1886
1887        // MoveVM related flags
1888        {
1889            cfg.feature_flags
1890                .disable_invariant_violation_check_in_swap_loc = true;
1891            cfg.feature_flags.no_extraneous_module_bytes = true;
1892            cfg.feature_flags.hardened_otw_check = true;
1893            cfg.feature_flags.rethrow_serialization_type_layout_errors = true;
1894        }
1895
1896        // zkLogin related flags
1897        {
1898            cfg.feature_flags.zklogin_max_epoch_upper_bound_delta = Some(30);
1899        }
1900
1901        // Enable Mysticeti on mainnet.
1902        cfg.feature_flags.consensus_choice = ConsensusChoice::Mysticeti;
1903        // Use tonic networking for Mysticeti.
1904        cfg.feature_flags.consensus_network = ConsensusNetwork::Tonic;
1905
1906        cfg.feature_flags.per_object_congestion_control_mode =
1907            PerObjectCongestionControlMode::TotalTxCount;
1908
1909        // Do not allow bridge committee to finalize on mainnet.
1910        cfg.bridge_should_try_to_finalize_committee = Some(chain != Chain::Mainnet);
1911
1912        // Devnet
1913        if chain != Chain::Mainnet && chain != Chain::Testnet {
1914            cfg.feature_flags.enable_poseidon = true;
1915            cfg.poseidon_bn254_cost_base = Some(260);
1916            cfg.poseidon_bn254_cost_per_block = Some(10);
1917
1918            cfg.feature_flags.enable_group_ops_native_function_msm = true;
1919
1920            cfg.feature_flags.enable_vdf = true;
1921            // Set to 30x and 2x the cost of a signature verification for now. This
1922            // should be updated along with other native crypto functions.
1923            cfg.vdf_verify_vdf_cost = Some(1500);
1924            cfg.vdf_hash_to_input_cost = Some(100);
1925
1926            cfg.feature_flags.passkey_auth = true;
1927        }
1928
1929        for cur in 2..=version.0 {
1930            match cur {
1931                1 => unreachable!(),
1932                // version 2 is a new framework version but with no config changes
1933                2 => {}
1934                3 => {
1935                    cfg.feature_flags.relocate_event_module = true;
1936                }
1937                4 => {
1938                    cfg.max_type_to_layout_nodes = Some(512);
1939                }
1940                5 => {
1941                    cfg.feature_flags.protocol_defined_base_fee = true;
1942                    cfg.base_gas_price = Some(1000);
1943
1944                    cfg.feature_flags.disallow_new_modules_in_deps_only_packages = true;
1945                    cfg.feature_flags.convert_type_argument_error = true;
1946                    cfg.feature_flags.native_charging_v2 = true;
1947
1948                    if chain != Chain::Mainnet && chain != Chain::Testnet {
1949                        cfg.feature_flags.uncompressed_g1_group_elements = true;
1950                    }
1951
1952                    cfg.gas_model_version = Some(2);
1953
1954                    cfg.poseidon_bn254_cost_per_block = Some(388);
1955
1956                    cfg.bls12381_bls12381_min_sig_verify_cost_base = Some(44064);
1957                    cfg.bls12381_bls12381_min_pk_verify_cost_base = Some(49282);
1958                    cfg.ecdsa_k1_secp256k1_verify_keccak256_cost_base = Some(1470);
1959                    cfg.ecdsa_k1_secp256k1_verify_sha256_cost_base = Some(1470);
1960                    cfg.ecdsa_r1_secp256r1_verify_sha256_cost_base = Some(4225);
1961                    cfg.ecdsa_r1_secp256r1_verify_keccak256_cost_base = Some(4225);
1962                    cfg.ecvrf_ecvrf_verify_cost_base = Some(4848);
1963                    cfg.ed25519_ed25519_verify_cost_base = Some(1802);
1964
1965                    // Manually changed to be "under cost"
1966                    cfg.ecdsa_r1_ecrecover_keccak256_cost_base = Some(1173);
1967                    cfg.ecdsa_r1_ecrecover_sha256_cost_base = Some(1173);
1968                    cfg.ecdsa_k1_ecrecover_keccak256_cost_base = Some(500);
1969                    cfg.ecdsa_k1_ecrecover_sha256_cost_base = Some(500);
1970
1971                    cfg.groth16_prepare_verifying_key_bls12381_cost_base = Some(53838);
1972                    cfg.groth16_prepare_verifying_key_bn254_cost_base = Some(82010);
1973                    cfg.groth16_verify_groth16_proof_internal_bls12381_cost_base = Some(72090);
1974                    cfg.groth16_verify_groth16_proof_internal_bls12381_cost_per_public_input =
1975                        Some(8213);
1976                    cfg.groth16_verify_groth16_proof_internal_bn254_cost_base = Some(115502);
1977                    cfg.groth16_verify_groth16_proof_internal_bn254_cost_per_public_input =
1978                        Some(9484);
1979
1980                    cfg.hash_keccak256_cost_base = Some(10);
1981                    cfg.hash_blake2b256_cost_base = Some(10);
1982
1983                    // group ops
1984                    cfg.group_ops_bls12381_decode_scalar_cost = Some(7);
1985                    cfg.group_ops_bls12381_decode_g1_cost = Some(2848);
1986                    cfg.group_ops_bls12381_decode_g2_cost = Some(3770);
1987                    cfg.group_ops_bls12381_decode_gt_cost = Some(3068);
1988
1989                    cfg.group_ops_bls12381_scalar_add_cost = Some(10);
1990                    cfg.group_ops_bls12381_g1_add_cost = Some(1556);
1991                    cfg.group_ops_bls12381_g2_add_cost = Some(3048);
1992                    cfg.group_ops_bls12381_gt_add_cost = Some(188);
1993
1994                    cfg.group_ops_bls12381_scalar_sub_cost = Some(10);
1995                    cfg.group_ops_bls12381_g1_sub_cost = Some(1550);
1996                    cfg.group_ops_bls12381_g2_sub_cost = Some(3019);
1997                    cfg.group_ops_bls12381_gt_sub_cost = Some(497);
1998
1999                    cfg.group_ops_bls12381_scalar_mul_cost = Some(11);
2000                    cfg.group_ops_bls12381_g1_mul_cost = Some(4842);
2001                    cfg.group_ops_bls12381_g2_mul_cost = Some(9108);
2002                    cfg.group_ops_bls12381_gt_mul_cost = Some(27490);
2003
2004                    cfg.group_ops_bls12381_scalar_div_cost = Some(91);
2005                    cfg.group_ops_bls12381_g1_div_cost = Some(5091);
2006                    cfg.group_ops_bls12381_g2_div_cost = Some(9206);
2007                    cfg.group_ops_bls12381_gt_div_cost = Some(27804);
2008
2009                    cfg.group_ops_bls12381_g1_hash_to_base_cost = Some(2962);
2010                    cfg.group_ops_bls12381_g2_hash_to_base_cost = Some(8688);
2011
2012                    cfg.group_ops_bls12381_g1_msm_base_cost = Some(62648);
2013                    cfg.group_ops_bls12381_g2_msm_base_cost = Some(131192);
2014                    cfg.group_ops_bls12381_g1_msm_base_cost_per_input = Some(1333);
2015                    cfg.group_ops_bls12381_g2_msm_base_cost_per_input = Some(3216);
2016
2017                    cfg.group_ops_bls12381_uncompressed_g1_to_g1_cost = Some(677);
2018                    cfg.group_ops_bls12381_g1_to_uncompressed_g1_cost = Some(2099);
2019                    cfg.group_ops_bls12381_uncompressed_g1_sum_base_cost = Some(77);
2020                    cfg.group_ops_bls12381_uncompressed_g1_sum_cost_per_term = Some(26);
2021                    cfg.group_ops_bls12381_uncompressed_g1_sum_max_terms = Some(1200);
2022
2023                    cfg.group_ops_bls12381_pairing_cost = Some(26897);
2024
2025                    cfg.validator_validate_metadata_cost_base = Some(20000);
2026
2027                    cfg.max_committee_members_count = Some(50);
2028                }
2029                6 => {
2030                    cfg.max_ptb_value_size = Some(1024 * 1024);
2031                }
2032                7 => {
2033                    // version 7 is a new framework version but with no config
2034                    // changes
2035                }
2036                8 => {
2037                    cfg.feature_flags.variant_nodes = true;
2038
2039                    if chain != Chain::Mainnet {
2040                        // Enable round prober in consensus.
2041                        cfg.feature_flags.consensus_round_prober = true;
2042                        // Enable distributed vote scoring.
2043                        cfg.feature_flags
2044                            .consensus_distributed_vote_scoring_strategy = true;
2045                        cfg.feature_flags.consensus_linearize_subdag_v2 = true;
2046                        // Enable smart ancestor selection for testnet
2047                        cfg.feature_flags.consensus_smart_ancestor_selection = true;
2048                        // Enable probing for accepted rounds in round prober for testnet
2049                        cfg.feature_flags
2050                            .consensus_round_prober_probe_accepted_rounds = true;
2051                        // Enable zstd compression for consensus in testnet
2052                        cfg.feature_flags.consensus_zstd_compression = true;
2053                        // Assuming a round rate of max 15/sec, then using a gc depth of 60 allow
2054                        // blocks within a window of ~4 seconds
2055                        // to be included before be considered garbage collected.
2056                        cfg.consensus_gc_depth = Some(60);
2057                    }
2058
2059                    // Enable min_free_execution_slot for the shared object congestion tracker in
2060                    // devnet.
2061                    if chain != Chain::Testnet && chain != Chain::Mainnet {
2062                        cfg.feature_flags.congestion_control_min_free_execution_slot = true;
2063                    }
2064                }
2065                9 => {
2066                    if chain != Chain::Mainnet {
2067                        // Disable smart ancestor selection in the testnet and devnet.
2068                        cfg.feature_flags.consensus_smart_ancestor_selection = false;
2069                    }
2070
2071                    // Enable zstd compression for consensus
2072                    cfg.feature_flags.consensus_zstd_compression = true;
2073
2074                    // Enable passkey in multisig in devnet.
2075                    if chain != Chain::Testnet && chain != Chain::Mainnet {
2076                        cfg.feature_flags.accept_passkey_in_multisig = true;
2077                    }
2078
2079                    // this flag is now deprecated because of the bridge removal.
2080                    cfg.bridge_should_try_to_finalize_committee = None;
2081                }
2082                10 => {
2083                    // Enable min_free_execution_slot for the shared object congestion tracker in
2084                    // all networks.
2085                    cfg.feature_flags.congestion_control_min_free_execution_slot = true;
2086
2087                    // Increase the committee size to 80 on all networks.
2088                    cfg.max_committee_members_count = Some(80);
2089
2090                    // Enable round prober in consensus.
2091                    cfg.feature_flags.consensus_round_prober = true;
2092                    // Enable probing for accepted rounds in round.
2093                    cfg.feature_flags
2094                        .consensus_round_prober_probe_accepted_rounds = true;
2095                    // Enable distributed vote scoring.
2096                    cfg.feature_flags
2097                        .consensus_distributed_vote_scoring_strategy = true;
2098                    // Enable the new consensus commit rule.
2099                    cfg.feature_flags.consensus_linearize_subdag_v2 = true;
2100
2101                    // Enable consensus garbage collection
2102                    // Assuming a round rate of max 15/sec, then using a gc depth of 60 allow
2103                    // blocks within a window of ~4 seconds
2104                    // to be included before be considered garbage collected.
2105                    cfg.consensus_gc_depth = Some(60);
2106
2107                    // Enable minimized child object mutation counting.
2108                    cfg.feature_flags.minimize_child_object_mutations = true;
2109
2110                    if chain != Chain::Mainnet {
2111                        // Enable batched block sync in devnet and testnet.
2112                        cfg.feature_flags.consensus_batched_block_sync = true;
2113                    }
2114
2115                    if chain != Chain::Testnet && chain != Chain::Mainnet {
2116                        // Enable the gas price feedback mechanism (which is used for
2117                        // transactions cancelled due to shared object congestion) in devnet
2118                        cfg.feature_flags
2119                            .congestion_control_gas_price_feedback_mechanism = true;
2120                    }
2121
2122                    cfg.feature_flags.validate_identifier_inputs = true;
2123                    cfg.feature_flags.dependency_linkage_error = true;
2124                    cfg.feature_flags.additional_multisig_checks = true;
2125                }
2126                11 => {
2127                    // version 11 is a new framework version but with no config
2128                    // changes
2129                }
2130                12 => {
2131                    // Enable the gas price feedback mechanism for transactions
2132                    // cancelled due to congestion in all networks
2133                    cfg.feature_flags
2134                        .congestion_control_gas_price_feedback_mechanism = true;
2135                }
2136                // Use this template when making changes:
2137                //
2138                //     // modify an existing constant.
2139                //     move_binary_format_version: Some(7),
2140                //
2141                //     // Add a new constant (which is set to None in prior versions).
2142                //     new_constant: Some(new_value),
2143                //
2144                //     // Remove a constant (ensure that it is never accessed during this version).
2145                //     max_move_object_size: None,
2146                _ => panic!("unsupported version {version:?}"),
2147            }
2148        }
2149        cfg
2150    }
2151
2152    // Extract the bytecode verifier config from this protocol config. `for_signing`
2153    // indicates whether this config is used for verification during signing or
2154    // execution.
2155    pub fn verifier_config(&self, signing_limits: Option<(usize, usize)>) -> VerifierConfig {
2156        let (max_back_edges_per_function, max_back_edges_per_module) = if let Some((
2157            max_back_edges_per_function,
2158            max_back_edges_per_module,
2159        )) = signing_limits
2160        {
2161            (
2162                Some(max_back_edges_per_function),
2163                Some(max_back_edges_per_module),
2164            )
2165        } else {
2166            (None, None)
2167        };
2168
2169        VerifierConfig {
2170            max_loop_depth: Some(self.max_loop_depth() as usize),
2171            max_generic_instantiation_length: Some(self.max_generic_instantiation_length() as usize),
2172            max_function_parameters: Some(self.max_function_parameters() as usize),
2173            max_basic_blocks: Some(self.max_basic_blocks() as usize),
2174            max_value_stack_size: self.max_value_stack_size() as usize,
2175            max_type_nodes: Some(self.max_type_nodes() as usize),
2176            max_push_size: Some(self.max_push_size() as usize),
2177            max_dependency_depth: Some(self.max_dependency_depth() as usize),
2178            max_fields_in_struct: Some(self.max_fields_in_struct() as usize),
2179            max_function_definitions: Some(self.max_function_definitions() as usize),
2180            max_data_definitions: Some(self.max_struct_definitions() as usize),
2181            max_constant_vector_len: Some(self.max_move_vector_len()),
2182            max_back_edges_per_function,
2183            max_back_edges_per_module,
2184            max_basic_blocks_in_script: None,
2185            max_identifier_len: self.max_move_identifier_len_as_option(), /* Before protocol
2186                                                                           * version 9, there was
2187                                                                           * no limit */
2188            bytecode_version: self.move_binary_format_version(),
2189            max_variants_in_enum: self.max_move_enum_variants_as_option(),
2190        }
2191    }
2192
2193    /// Override one or more settings in the config, for testing.
2194    /// This must be called at the beginning of the test, before
2195    /// get_for_(min|max)_version is called, since those functions cache
2196    /// their return value.
2197    pub fn apply_overrides_for_testing(
2198        override_fn: impl Fn(ProtocolVersion, Self) -> Self + Send + Sync + 'static,
2199    ) -> OverrideGuard {
2200        CONFIG_OVERRIDE.with(|ovr| {
2201            let mut cur = ovr.borrow_mut();
2202            assert!(cur.is_none(), "config override already present");
2203            *cur = Some(Box::new(override_fn));
2204            OverrideGuard
2205        })
2206    }
2207}
2208
2209// Setters for tests.
2210// This is only needed for feature_flags. Please suffix each setter with
2211// `_for_testing`. Non-feature_flags should already have test setters defined
2212// through macros.
2213impl ProtocolConfig {
2214    pub fn set_zklogin_auth_for_testing(&mut self, val: bool) {
2215        self.feature_flags.zklogin_auth = val
2216    }
2217    pub fn set_enable_jwk_consensus_updates_for_testing(&mut self, val: bool) {
2218        self.feature_flags.enable_jwk_consensus_updates = val
2219    }
2220
2221    pub fn set_accept_zklogin_in_multisig_for_testing(&mut self, val: bool) {
2222        self.feature_flags.accept_zklogin_in_multisig = val
2223    }
2224
2225    pub fn set_per_object_congestion_control_mode_for_testing(
2226        &mut self,
2227        val: PerObjectCongestionControlMode,
2228    ) {
2229        self.feature_flags.per_object_congestion_control_mode = val;
2230    }
2231
2232    pub fn set_consensus_choice_for_testing(&mut self, val: ConsensusChoice) {
2233        self.feature_flags.consensus_choice = val;
2234    }
2235
2236    pub fn set_consensus_network_for_testing(&mut self, val: ConsensusNetwork) {
2237        self.feature_flags.consensus_network = val;
2238    }
2239
2240    pub fn set_zklogin_max_epoch_upper_bound_delta_for_testing(&mut self, val: Option<u64>) {
2241        self.feature_flags.zklogin_max_epoch_upper_bound_delta = val
2242    }
2243
2244    pub fn set_passkey_auth_for_testing(&mut self, val: bool) {
2245        self.feature_flags.passkey_auth = val
2246    }
2247
2248    pub fn set_disallow_new_modules_in_deps_only_packages_for_testing(&mut self, val: bool) {
2249        self.feature_flags
2250            .disallow_new_modules_in_deps_only_packages = val;
2251    }
2252
2253    pub fn set_consensus_round_prober_for_testing(&mut self, val: bool) {
2254        self.feature_flags.consensus_round_prober = val;
2255    }
2256
2257    pub fn set_consensus_distributed_vote_scoring_strategy_for_testing(&mut self, val: bool) {
2258        self.feature_flags
2259            .consensus_distributed_vote_scoring_strategy = val;
2260    }
2261
2262    pub fn set_gc_depth_for_testing(&mut self, val: u32) {
2263        self.consensus_gc_depth = Some(val);
2264    }
2265
2266    pub fn set_consensus_linearize_subdag_v2_for_testing(&mut self, val: bool) {
2267        self.feature_flags.consensus_linearize_subdag_v2 = val;
2268    }
2269
2270    pub fn set_consensus_round_prober_probe_accepted_rounds(&mut self, val: bool) {
2271        self.feature_flags
2272            .consensus_round_prober_probe_accepted_rounds = val;
2273    }
2274
2275    pub fn set_accept_passkey_in_multisig_for_testing(&mut self, val: bool) {
2276        self.feature_flags.accept_passkey_in_multisig = val;
2277    }
2278
2279    pub fn set_consensus_smart_ancestor_selection_for_testing(&mut self, val: bool) {
2280        self.feature_flags.consensus_smart_ancestor_selection = val;
2281    }
2282
2283    pub fn set_consensus_batched_block_sync_for_testing(&mut self, val: bool) {
2284        self.feature_flags.consensus_batched_block_sync = val;
2285    }
2286
2287    pub fn set_congestion_control_min_free_execution_slot_for_testing(&mut self, val: bool) {
2288        self.feature_flags
2289            .congestion_control_min_free_execution_slot = val;
2290    }
2291
2292    pub fn set_congestion_control_gas_price_feedback_mechanism_for_testing(&mut self, val: bool) {
2293        self.feature_flags
2294            .congestion_control_gas_price_feedback_mechanism = val;
2295    }
2296}
2297
2298type OverrideFn = dyn Fn(ProtocolVersion, ProtocolConfig) -> ProtocolConfig + Send + Sync;
2299
2300thread_local! {
2301    static CONFIG_OVERRIDE: RefCell<Option<Box<OverrideFn>>> = const { RefCell::new(None) };
2302}
2303
2304#[must_use]
2305pub struct OverrideGuard;
2306
2307impl Drop for OverrideGuard {
2308    fn drop(&mut self) {
2309        info!("restoring override fn");
2310        CONFIG_OVERRIDE.with(|ovr| {
2311            *ovr.borrow_mut() = None;
2312        });
2313    }
2314}
2315
2316/// Defines which limit got crossed.
2317/// The value which crossed the limit and value of the limit crossed are
2318/// embedded
2319#[derive(PartialEq, Eq)]
2320pub enum LimitThresholdCrossed {
2321    None,
2322    Soft(u128, u128),
2323    Hard(u128, u128),
2324}
2325
2326/// Convenience function for comparing limit ranges
2327/// V::MAX must be at >= U::MAX and T::MAX
2328pub fn check_limit_in_range<T: Into<V>, U: Into<V>, V: PartialOrd + Into<u128>>(
2329    x: T,
2330    soft_limit: U,
2331    hard_limit: V,
2332) -> LimitThresholdCrossed {
2333    let x: V = x.into();
2334    let soft_limit: V = soft_limit.into();
2335
2336    debug_assert!(soft_limit <= hard_limit);
2337
2338    // It is important to preserve this comparison order because if soft_limit ==
2339    // hard_limit we want LimitThresholdCrossed::Hard
2340    if x >= hard_limit {
2341        LimitThresholdCrossed::Hard(x.into(), hard_limit.into())
2342    } else if x < soft_limit {
2343        LimitThresholdCrossed::None
2344    } else {
2345        LimitThresholdCrossed::Soft(x.into(), soft_limit.into())
2346    }
2347}
2348
2349#[macro_export]
2350macro_rules! check_limit {
2351    ($x:expr, $hard:expr) => {
2352        check_limit!($x, $hard, $hard)
2353    };
2354    ($x:expr, $soft:expr, $hard:expr) => {
2355        check_limit_in_range($x as u64, $soft, $hard)
2356    };
2357}
2358
2359/// Used to check which limits were crossed if the TX is metered (not system tx)
2360/// Args are: is_metered, value_to_check, metered_limit, unmetered_limit
2361/// metered_limit is always less than or equal to unmetered_hard_limit
2362#[macro_export]
2363macro_rules! check_limit_by_meter {
2364    ($is_metered:expr, $x:expr, $metered_limit:expr, $unmetered_hard_limit:expr, $metric:expr) => {{
2365        // If this is metered, we use the metered_limit limit as the upper bound
2366        let (h, metered_str) = if $is_metered {
2367            ($metered_limit, "metered")
2368        } else {
2369            // Unmetered gets more headroom
2370            ($unmetered_hard_limit, "unmetered")
2371        };
2372        use iota_protocol_config::check_limit_in_range;
2373        let result = check_limit_in_range($x as u64, $metered_limit, h);
2374        match result {
2375            LimitThresholdCrossed::None => {}
2376            LimitThresholdCrossed::Soft(_, _) => {
2377                $metric.with_label_values(&[metered_str, "soft"]).inc();
2378            }
2379            LimitThresholdCrossed::Hard(_, _) => {
2380                $metric.with_label_values(&[metered_str, "hard"]).inc();
2381            }
2382        };
2383        result
2384    }};
2385}
2386
2387#[cfg(all(test, not(msim)))]
2388mod test {
2389    use insta::assert_yaml_snapshot;
2390
2391    use super::*;
2392
2393    #[test]
2394    fn snapshot_tests() {
2395        println!("\n============================================================================");
2396        println!("!                                                                          !");
2397        println!("! IMPORTANT: never update snapshots from this test. only add new versions! !");
2398        println!("!                                                                          !");
2399        println!("============================================================================\n");
2400        for chain_id in &[Chain::Unknown, Chain::Mainnet, Chain::Testnet] {
2401            // make Chain::Unknown snapshots compatible with pre-chain-id snapshots so that
2402            // we don't break the release-time compatibility tests. Once Chain
2403            // Id configs have been released everywhere, we can remove this and
2404            // only test Mainnet and Testnet
2405            let chain_str = match chain_id {
2406                Chain::Unknown => "".to_string(),
2407                _ => format!("{chain_id:?}_"),
2408            };
2409            for i in MIN_PROTOCOL_VERSION..=MAX_PROTOCOL_VERSION {
2410                let cur = ProtocolVersion::new(i);
2411                assert_yaml_snapshot!(
2412                    format!("{}version_{}", chain_str, cur.as_u64()),
2413                    ProtocolConfig::get_for_version(cur, *chain_id)
2414                );
2415            }
2416        }
2417    }
2418
2419    #[test]
2420    fn test_getters() {
2421        let prot: ProtocolConfig =
2422            ProtocolConfig::get_for_version(ProtocolVersion::new(1), Chain::Unknown);
2423        assert_eq!(
2424            prot.max_arguments(),
2425            prot.max_arguments_as_option().unwrap()
2426        );
2427    }
2428
2429    #[test]
2430    fn test_setters() {
2431        let mut prot: ProtocolConfig =
2432            ProtocolConfig::get_for_version(ProtocolVersion::new(1), Chain::Unknown);
2433        prot.set_max_arguments_for_testing(123);
2434        assert_eq!(prot.max_arguments(), 123);
2435
2436        prot.set_max_arguments_from_str_for_testing("321".to_string());
2437        assert_eq!(prot.max_arguments(), 321);
2438
2439        prot.disable_max_arguments_for_testing();
2440        assert_eq!(prot.max_arguments_as_option(), None);
2441
2442        prot.set_attr_for_testing("max_arguments".to_string(), "456".to_string());
2443        assert_eq!(prot.max_arguments(), 456);
2444    }
2445
2446    #[test]
2447    #[should_panic(expected = "unsupported version")]
2448    fn max_version_test() {
2449        // When this does not panic, version higher than MAX_PROTOCOL_VERSION exists.
2450        // To fix, bump MAX_PROTOCOL_VERSION or disable this check for the version.
2451        let _ = ProtocolConfig::get_for_version_impl(
2452            ProtocolVersion::new(MAX_PROTOCOL_VERSION + 1),
2453            Chain::Unknown,
2454        );
2455    }
2456
2457    #[test]
2458    fn lookup_by_string_test() {
2459        let prot: ProtocolConfig =
2460            ProtocolConfig::get_for_version(ProtocolVersion::new(1), Chain::Mainnet);
2461        // Does not exist
2462        assert!(prot.lookup_attr("some random string".to_string()).is_none());
2463
2464        assert!(
2465            prot.lookup_attr("max_arguments".to_string())
2466                == Some(ProtocolConfigValue::u32(prot.max_arguments())),
2467        );
2468
2469        // We didnt have this in version 1 on Mainnet
2470        assert!(
2471            prot.lookup_attr("poseidon_bn254_cost_base".to_string())
2472                .is_none()
2473        );
2474        assert!(
2475            prot.attr_map()
2476                .get("poseidon_bn254_cost_base")
2477                .unwrap()
2478                .is_none()
2479        );
2480
2481        // But we did in version 1 on Devnet
2482        let prot: ProtocolConfig =
2483            ProtocolConfig::get_for_version(ProtocolVersion::new(1), Chain::Unknown);
2484
2485        assert!(
2486            prot.lookup_attr("poseidon_bn254_cost_base".to_string())
2487                == Some(ProtocolConfigValue::u64(prot.poseidon_bn254_cost_base()))
2488        );
2489        assert!(
2490            prot.attr_map().get("poseidon_bn254_cost_base").unwrap()
2491                == &Some(ProtocolConfigValue::u64(prot.poseidon_bn254_cost_base()))
2492        );
2493
2494        // Check feature flags
2495        let prot: ProtocolConfig =
2496            ProtocolConfig::get_for_version(ProtocolVersion::new(1), Chain::Mainnet);
2497        // Does not exist
2498        assert!(
2499            prot.feature_flags
2500                .lookup_attr("some random string".to_owned())
2501                .is_none()
2502        );
2503        assert!(
2504            !prot
2505                .feature_flags
2506                .attr_map()
2507                .contains_key("some random string")
2508        );
2509
2510        // Was false in v1 on Mainnet
2511        assert!(prot.feature_flags.lookup_attr("enable_poseidon".to_owned()) == Some(false));
2512        assert!(
2513            prot.feature_flags
2514                .attr_map()
2515                .get("enable_poseidon")
2516                .unwrap()
2517                == &false
2518        );
2519        let prot: ProtocolConfig =
2520            ProtocolConfig::get_for_version(ProtocolVersion::new(1), Chain::Unknown);
2521        // Was true from v1 and up on Devnet
2522        assert!(prot.feature_flags.lookup_attr("enable_poseidon".to_owned()) == Some(true));
2523        assert!(
2524            prot.feature_flags
2525                .attr_map()
2526                .get("enable_poseidon")
2527                .unwrap()
2528                == &true
2529        );
2530    }
2531
2532    #[test]
2533    fn limit_range_fn_test() {
2534        let low = 100u32;
2535        let high = 10000u64;
2536
2537        assert!(check_limit!(1u8, low, high) == LimitThresholdCrossed::None);
2538        assert!(matches!(
2539            check_limit!(255u16, low, high),
2540            LimitThresholdCrossed::Soft(255u128, 100)
2541        ));
2542        // This wont compile because lossy
2543        // assert!(check_limit!(100000000u128, low, high) ==
2544        // LimitThresholdCrossed::None); This wont compile because lossy
2545        // assert!(check_limit!(100000000usize, low, high) ==
2546        // LimitThresholdCrossed::None);
2547
2548        assert!(matches!(
2549            check_limit!(2550000u64, low, high),
2550            LimitThresholdCrossed::Hard(2550000, 10000)
2551        ));
2552
2553        assert!(matches!(
2554            check_limit!(2550000u64, high, high),
2555            LimitThresholdCrossed::Hard(2550000, 10000)
2556        ));
2557
2558        assert!(matches!(
2559            check_limit!(1u8, high),
2560            LimitThresholdCrossed::None
2561        ));
2562
2563        assert!(check_limit!(255u16, high) == LimitThresholdCrossed::None);
2564
2565        assert!(matches!(
2566            check_limit!(2550000u64, high),
2567            LimitThresholdCrossed::Hard(2550000, 10000)
2568        ));
2569    }
2570}