iota_protocol_config/
lib.rs

1// Copyright (c) Mysten Labs, Inc.
2// Modifications Copyright (c) 2024 IOTA Stiftung
3// SPDX-License-Identifier: Apache-2.0
4
5use std::{
6    cell::RefCell,
7    cmp::min,
8    sync::atomic::{AtomicBool, Ordering},
9};
10
11use clap::*;
12use iota_protocol_config_macros::{
13    ProtocolConfigAccessors, ProtocolConfigFeatureFlagsGetters, ProtocolConfigOverride,
14};
15use move_vm_config::verifier::VerifierConfig;
16use serde::{Deserialize, Serialize};
17use serde_with::skip_serializing_none;
18use tracing::{info, warn};
19
20/// The minimum and maximum protocol versions supported by this build.
21const MIN_PROTOCOL_VERSION: u64 = 1;
22pub const MAX_PROTOCOL_VERSION: u64 = 20;
23
24// Record history of protocol version allocations here:
25//
26// Version 1:  Original version.
27// Version 2:  Don't redistribute slashed staking rewards, fix computation of
28//             SystemEpochInfoEventV1.
29// Version 3:  Set the `relocate_event_module` to be true so that the module
30//             that is associated as the "sending module" for an event is
31//             relocated by linkage.
32//             Add `Clock` based unlock to `Timelock` objects.
33// Version 4:  Introduce the `max_type_to_layout_nodes` config that sets the
34//             maximal nodes which are allowed when converting to a type layout.
35// Version 5:  Introduce fixed protocol-defined base fee, IotaSystemStateV2 and
36//             SystemEpochInfoEventV2.
37//             Disallow adding new modules in `deps-only` packages.
38//             Improve gas/wall time efficiency of some Move stdlib vector
39//             functions.
40//             Add new gas model version to update charging of functions.
41//             Enable proper conversion of certain type argument errors in the
42//             execution layer.
43// Version 6:  Bound size of values created in the adapter.
44// Version 7:  Improve handling of stake withdrawal from candidate validators.
45// Version 8:  Variants as type nodes.
46//             Enable smart ancestor selection for testnet.
47//             Enable probing for accepted rounds in round prober for testnet.
48//             Switch to distributed vote scoring in consensus in testnet.
49//             Enable zstd compression for consensus tonic network in testnet.
50//             Enable consensus garbage collection for testnet
51//             Enable the new consensus commit rule for testnet.
52//             Enable min_free_execution_slot for the shared object congestion
53//             tracker in devnet.
54// Version 9:  Disable smart ancestor selection for the testnet.
55//             Enable zstd compression for consensus tonic network in mainnet.
56//             Enable passkey auth in multisig for devnet.
57//             Remove the iota-bridge from the framework.
58// Version 10: Enable min_free_execution_slot for the shared object congestion
59//             tracker in all networks.
60//             Increase the committee size to 80 on all networks.
61//             Enable round prober in consensus for mainnet.
62//             Enable probing for accepted rounds in round prober for mainnet.
63//             Switch to distributed vote scoring in consensus for mainnet.
64//             Enable the new consensus commit rule for mainnet.
65//             Enable consensus garbage collection for mainnet with GC depth set
66//             to 60 rounds.
67//             Enable batching in synchronizer for testnet
68//             Enable the gas price feedback mechanism in devnet.
69//             Enable Identifier input validation.
70//             Removes unnecessary child object mutations
71//             Add additional signature checks
72//             Add additional linkage checks
73// Version 11: Framework fix regarding candidate validator commission rate.
74// Version 12: Enable the gas price feedback mechanism in all networks.
75//             Enable the normalization of PTB arguments.
76// Version 13: Introduce logic to allow the committee to be selected from a set
77//             of eligible active validators.
78//             Enable processing and tracking AuthorityCapabilitiesV1 from
79//             non-committee validators in the devnet.
80// Version 14: Switches the consensus protocol to Starfish in devnet.
81//             Enable median-based commit timestamp calculation in consensus,
82//             and enforce checkpoint timestamp monotonicity for testnet.
83//             Enable batched block sync for mainnet.
84//             Enable selecting committee only from active validators that
85//             support the next epoch's version and issued valid
86//             AuthorityCapabilities notification in testnet.
87// Version 15: Enable shared object transaction bursts of 10 times average load
88//             on devnet.
89// Version 16: Enable selecting committee only from active validators that
90//             support the next epoch's version and issued valid
91//             AuthorityCapabilities notification.
92//             Enable committing transactions only for traversed headers in
93//             Starfish.
94// Version 17: Increase the committee size to 100 on all networks.
95// Version 18: Enable passkey authentication support in testnet.
96// Version 19: Enable congestion limit overshoot in the gas price feedback
97//             mechanism on devnet.
98//             Enable a separate gas price feedback mechanism for transactions
99//             using randomness on devnet.
100//             Allow metadata bytes indexed with a dedicated key in compiled
101//             Move modules in devnet.
102//             Enable publishing package metadata v1 along with the package in
103//             devnet.
104//             Enable Move-based account authentication in devnet.
105//             Increase the base cost for transfer receive object in devnet.
106//             Switch consensus protocol to Starfish in testnet.
107//             Enable passkey authentication support in mainnet.
108//             Change epoch transaction will contain validator scores.
109//             Enable validator scoring on testnet and enable adjustment of
110//             validator rewards based on scores on Devnet.
111// Version 20: Supports the calculation of validator scores while still passing
112//             a default score value to the advance_epoch call. Enables this
113//             decoupling on Testnet; Devnet and Mainnet behavior remain the
114//             same.
115//             Introduce Dynamic Minimum Commission (IIP-8) on all networks.
116#[derive(Copy, Clone, Debug, Hash, Serialize, Deserialize, PartialEq, Eq, PartialOrd, Ord)]
117pub struct ProtocolVersion(u64);
118
119impl ProtocolVersion {
120    // The minimum and maximum protocol version supported by this binary.
121    // Counterintuitively, this constant may change over time as support for old
122    // protocol versions is removed from the source. This ensures that when a
123    // new network (such as a testnet) is created, its genesis committee will
124    // use a protocol version that is actually supported by the binary.
125    pub const MIN: Self = Self(MIN_PROTOCOL_VERSION);
126
127    pub const MAX: Self = Self(MAX_PROTOCOL_VERSION);
128
129    #[cfg(not(msim))]
130    const MAX_ALLOWED: Self = Self::MAX;
131
132    // We create one additional "fake" version in simulator builds so that we can
133    // test upgrades.
134    #[cfg(msim)]
135    pub const MAX_ALLOWED: Self = Self(MAX_PROTOCOL_VERSION + 1);
136
137    pub fn new(v: u64) -> Self {
138        Self(v)
139    }
140
141    pub const fn as_u64(&self) -> u64 {
142        self.0
143    }
144
145    // For serde deserialization - we don't define a Default impl because there
146    // isn't a single universally appropriate default value.
147    pub fn max() -> Self {
148        Self::MAX
149    }
150}
151
152impl From<u64> for ProtocolVersion {
153    fn from(v: u64) -> Self {
154        Self::new(v)
155    }
156}
157
158impl std::ops::Sub<u64> for ProtocolVersion {
159    type Output = Self;
160    fn sub(self, rhs: u64) -> Self::Output {
161        Self::new(self.0 - rhs)
162    }
163}
164
165impl std::ops::Add<u64> for ProtocolVersion {
166    type Output = Self;
167    fn add(self, rhs: u64) -> Self::Output {
168        Self::new(self.0 + rhs)
169    }
170}
171
172#[derive(
173    Clone, Serialize, Deserialize, Debug, PartialEq, Copy, PartialOrd, Ord, Eq, ValueEnum, Default,
174)]
175pub enum Chain {
176    Mainnet,
177    Testnet,
178    #[default]
179    Unknown,
180}
181
182impl Chain {
183    pub fn as_str(self) -> &'static str {
184        match self {
185            Chain::Mainnet => "mainnet",
186            Chain::Testnet => "testnet",
187            Chain::Unknown => "unknown",
188        }
189    }
190}
191
192pub struct Error(pub String);
193
194// TODO: There are quite a few non boolean values in the feature flags. We
195// should move them out.
196/// Records on/off feature flags that may vary at each protocol version.
197#[derive(Default, Clone, Serialize, Deserialize, Debug, ProtocolConfigFeatureFlagsGetters)]
198struct FeatureFlags {
199    // Add feature flags here, e.g.:
200    // new_protocol_feature: bool,
201
202    // Disables unnecessary invariant check in the Move VM when swapping the value out of a local
203    // This flag is used to provide the correct MoveVM configuration for clients.
204    #[serde(skip_serializing_if = "is_true")]
205    disable_invariant_violation_check_in_swap_loc: bool,
206
207    // If true, checks no extra bytes in a compiled module
208    // This flag is used to provide the correct MoveVM configuration for clients.
209    #[serde(skip_serializing_if = "is_true")]
210    no_extraneous_module_bytes: bool,
211
212    // Enable zklogin auth
213    #[serde(skip_serializing_if = "is_false")]
214    zklogin_auth: bool,
215
216    // How we order transactions coming out of consensus before sending to execution.
217    #[serde(skip_serializing_if = "ConsensusTransactionOrdering::is_none")]
218    consensus_transaction_ordering: ConsensusTransactionOrdering,
219
220    #[serde(skip_serializing_if = "is_false")]
221    enable_jwk_consensus_updates: bool,
222
223    // If true, multisig containing zkLogin sig is accepted.
224    #[serde(skip_serializing_if = "is_false")]
225    accept_zklogin_in_multisig: bool,
226
227    // If true, use the hardened OTW check
228    // This flag is used to provide the correct MoveVM configuration for clients.
229    #[serde(skip_serializing_if = "is_true")]
230    hardened_otw_check: bool,
231
232    // Enable the poseidon hash function
233    #[serde(skip_serializing_if = "is_false")]
234    enable_poseidon: bool,
235
236    // Enable native function for msm.
237    #[serde(skip_serializing_if = "is_false")]
238    enable_group_ops_native_function_msm: bool,
239
240    // Controls the behavior of per object congestion control in consensus handler.
241    #[serde(skip_serializing_if = "PerObjectCongestionControlMode::is_none")]
242    per_object_congestion_control_mode: PerObjectCongestionControlMode,
243
244    // The consensus protocol to be used for the epoch.
245    #[serde(skip_serializing_if = "ConsensusChoice::is_mysticeti")]
246    consensus_choice: ConsensusChoice,
247
248    // Consensus network to use.
249    #[serde(skip_serializing_if = "ConsensusNetwork::is_tonic")]
250    consensus_network: ConsensusNetwork,
251
252    // Set the upper bound allowed for max_epoch in zklogin signature.
253    #[serde(skip_serializing_if = "Option::is_none")]
254    zklogin_max_epoch_upper_bound_delta: Option<u64>,
255
256    // Enable VDF
257    #[serde(skip_serializing_if = "is_false")]
258    enable_vdf: bool,
259
260    // Enable passkey auth (SIP-9)
261    #[serde(skip_serializing_if = "is_false")]
262    passkey_auth: bool,
263
264    // Rethrow type layout errors during serialization instead of trying to convert them.
265    // This flag is used to provide the correct MoveVM configuration for clients.
266    #[serde(skip_serializing_if = "is_true")]
267    rethrow_serialization_type_layout_errors: bool,
268
269    // Makes the event's sending module version-aware.
270    #[serde(skip_serializing_if = "is_false")]
271    relocate_event_module: bool,
272
273    // Enable a protocol-defined base gas price for all transactions.
274    #[serde(skip_serializing_if = "is_false")]
275    protocol_defined_base_fee: bool,
276
277    // Enable uncompressed group elements in BLS123-81 G1
278    #[serde(skip_serializing_if = "is_false")]
279    uncompressed_g1_group_elements: bool,
280
281    // Disallow adding new modules in `deps-only` packages.
282    #[serde(skip_serializing_if = "is_false")]
283    disallow_new_modules_in_deps_only_packages: bool,
284
285    // Enable v2 native charging for natives.
286    #[serde(skip_serializing_if = "is_false")]
287    native_charging_v2: bool,
288
289    // Properly convert certain type argument errors in the execution layer.
290    #[serde(skip_serializing_if = "is_false")]
291    convert_type_argument_error: bool,
292
293    // Probe rounds received by peers from every authority.
294    #[serde(skip_serializing_if = "is_false")]
295    consensus_round_prober: bool,
296
297    // Use distributed vote leader scoring strategy in consensus.
298    #[serde(skip_serializing_if = "is_false")]
299    consensus_distributed_vote_scoring_strategy: bool,
300
301    // Enables the new logic for collecting the subdag in the consensus linearizer. The new logic
302    // does not stop the recursion at the highest committed round for each authority, but
303    // allows to commit uncommitted blocks up to gc round (excluded) for that authority.
304    #[serde(skip_serializing_if = "is_false")]
305    consensus_linearize_subdag_v2: bool,
306
307    // Variants count as nodes
308    #[serde(skip_serializing_if = "is_false")]
309    variant_nodes: bool,
310
311    // Use smart ancestor selection in consensus.
312    #[serde(skip_serializing_if = "is_false")]
313    consensus_smart_ancestor_selection: bool,
314
315    // Probe accepted rounds in round prober.
316    #[serde(skip_serializing_if = "is_false")]
317    consensus_round_prober_probe_accepted_rounds: bool,
318
319    // If true, enable zstd compression for consensus tonic network.
320    #[serde(skip_serializing_if = "is_false")]
321    consensus_zstd_compression: bool,
322
323    // Use the minimum free execution slot to schedule execution of a transaction in the shared
324    // object congestion tracker.
325    #[serde(skip_serializing_if = "is_false")]
326    congestion_control_min_free_execution_slot: bool,
327
328    // If true, multisig containing passkey sig is accepted.
329    #[serde(skip_serializing_if = "is_false")]
330    accept_passkey_in_multisig: bool,
331
332    // If true, enabled batched block sync in consensus.
333    #[serde(skip_serializing_if = "is_false")]
334    consensus_batched_block_sync: bool,
335
336    // To enable/disable the gas price feedback mechanism used for transactions
337    // cancelled due to shared object congestion
338    #[serde(skip_serializing_if = "is_false")]
339    congestion_control_gas_price_feedback_mechanism: bool,
340
341    // Validate identifier inputs separately
342    #[serde(skip_serializing_if = "is_false")]
343    validate_identifier_inputs: bool,
344
345    // If true, enables the optimizations for child object mutations, removing unnecessary
346    // mutations
347    #[serde(skip_serializing_if = "is_false")]
348    minimize_child_object_mutations: bool,
349
350    // If true enable additional linkage checks.
351    #[serde(skip_serializing_if = "is_false")]
352    dependency_linkage_error: bool,
353
354    // If true enable additional multisig checks.
355    #[serde(skip_serializing_if = "is_false")]
356    additional_multisig_checks: bool,
357
358    // If true, enables the normalization of PTB arguments but does not yet enable splatting
359    // `Result`s of length not equal to 1
360    #[serde(skip_serializing_if = "is_false")]
361    normalize_ptb_arguments: bool,
362
363    // If true, use ChangeEpochV3 for epoch change to pass an additional eligible_active_validators
364    // parameter to IotaSystem's advance_epoch call. This should only be enabled when on-chain
365    // IotaSystem objects are updated as well.
366    #[serde(skip_serializing_if = "is_false")]
367    select_committee_from_eligible_validators: bool,
368
369    // If true, non-committee active validators will sign and send AuthorityCapabilitiesV1 to the
370    // committee. Once the committee reaches consensus over the AuthorityCapabilitiesV1, it is
371    // recorded and possible to use in the committee selection if
372    // select_validators_supporting_next_epoch_version is enabled. This flag does not change the
373    // way that eligible_validators vector is created - still all active validators are used for
374    // selecting the committee.
375    #[serde(skip_serializing_if = "is_false")]
376    track_non_committee_eligible_validators: bool,
377
378    // The committee be selected from active_validators who support the next protocol version AND
379    // have issued a correct AuthorityCapabilities notification. This flag should only be enabled
380    // if both select_committee_from_eligible_validators and
381    // track_non_committee_eligible_validators are enabled. If this is disabled, then all
382    // active validators are used for selecting the committee (default behavior).
383    #[serde(skip_serializing_if = "is_false")]
384    select_committee_supporting_next_epoch_version: bool,
385
386    // If true, then it (1) will not enforce monotonicity checks for a block's ancestors, (2)
387    // calculates the commit's timestamp based on the weighted by stake median timestamp of the
388    // leader's ancestors, and (3) enforces checkpoint timestamps are non-decreasing.
389    #[serde(skip_serializing_if = "is_false")]
390    consensus_median_timestamp_with_checkpoint_enforcement: bool,
391
392    // If true, then transactions are committed only for traversed headers
393    #[serde(skip_serializing_if = "is_false")]
394    consensus_commit_transactions_only_for_traversed_headers: bool,
395
396    // To enable/disable congestion limit overshoot in the gas price feedback mechanism.
397    #[serde(skip_serializing_if = "is_false")]
398    congestion_limit_overshoot_in_gas_price_feedback_mechanism: bool,
399
400    // To enable/disable a separate gas price feedback mechanism for transactions using
401    // randomness.
402    #[serde(skip_serializing_if = "is_false")]
403    separate_gas_price_feedback_mechanism_for_randomness: bool,
404
405    // If true, it allows metadata bytes indexed with a dedicated key in a compiled module.
406    // This flag is used to provide the correct MoveVM configuration for clients.
407    #[serde(skip_serializing_if = "is_false")]
408    metadata_in_module_bytes: bool,
409
410    // If true, enables publishing package metadata v1 along with the package.
411    #[serde(skip_serializing_if = "is_false")]
412    publish_package_metadata: bool,
413
414    // If true, enables the authentication of account using Move code.
415    #[serde(skip_serializing_if = "is_false")]
416    enable_move_authentication: bool,
417
418    // If true, the change epoch transaction will contain validator scores.
419    #[serde(skip_serializing_if = "is_false")]
420    pass_validator_scores_to_advance_epoch: bool,
421
422    // If true, enables calculation of validator scores.
423    #[serde(skip_serializing_if = "is_false")]
424    calculate_validator_scores: bool,
425
426    // If true, validators will use the committee's score to adjust rewards.
427    #[serde(skip_serializing_if = "is_false")]
428    adjust_rewards_by_score: bool,
429
430    // If true, the change epoch transaction will contain the locally calculated validator scores.
431    // If false, a default score (MAX_SCORE) is passed
432    #[serde(skip_serializing_if = "is_false")]
433    pass_calculated_validator_scores_to_advance_epoch: bool,
434}
435
436fn is_true(b: &bool) -> bool {
437    *b
438}
439
440fn is_false(b: &bool) -> bool {
441    !b
442}
443
444/// Ordering mechanism for transactions in one consensus output.
445#[derive(Default, Copy, Clone, PartialEq, Eq, Serialize, Deserialize, Debug)]
446pub enum ConsensusTransactionOrdering {
447    /// No ordering. Transactions are processed in the order they appear in the
448    /// consensus output.
449    #[default]
450    None,
451    /// Order transactions by gas price, highest first.
452    ByGasPrice,
453}
454
455impl ConsensusTransactionOrdering {
456    pub fn is_none(&self) -> bool {
457        matches!(self, ConsensusTransactionOrdering::None)
458    }
459}
460
461// The config for per object congestion control in consensus handler.
462#[derive(Default, Copy, Clone, PartialEq, Eq, Serialize, Deserialize, Debug)]
463pub enum PerObjectCongestionControlMode {
464    #[default]
465    None, // No congestion control.
466    TotalGasBudget, // Use txn gas budget as execution cost.
467    TotalTxCount,   // Use total txn count as execution cost.
468}
469
470impl PerObjectCongestionControlMode {
471    pub fn is_none(&self) -> bool {
472        matches!(self, PerObjectCongestionControlMode::None)
473    }
474}
475
476// Configuration options for consensus algorithm.
477#[derive(Default, Copy, Clone, PartialEq, Eq, Serialize, Deserialize, Debug)]
478pub enum ConsensusChoice {
479    #[default]
480    Mysticeti,
481    Starfish,
482}
483
484impl ConsensusChoice {
485    pub fn is_mysticeti(&self) -> bool {
486        matches!(self, ConsensusChoice::Mysticeti)
487    }
488    pub fn is_starfish(&self) -> bool {
489        matches!(self, ConsensusChoice::Starfish)
490    }
491}
492
493// Configuration options for consensus network.
494#[derive(Default, Copy, Clone, PartialEq, Eq, Serialize, Deserialize, Debug)]
495pub enum ConsensusNetwork {
496    #[default]
497    Tonic,
498}
499
500impl ConsensusNetwork {
501    pub fn is_tonic(&self) -> bool {
502        matches!(self, ConsensusNetwork::Tonic)
503    }
504}
505
506/// Constants that change the behavior of the protocol.
507///
508/// The value of each constant here must be fixed for a given protocol version.
509/// To change the value of a constant, advance the protocol version, and add
510/// support for it in `get_for_version` under the new version number.
511/// (below).
512///
513/// To add a new field to this struct, use the following procedure:
514/// - Advance the protocol version.
515/// - Add the field as a private `Option<T>` to the struct.
516/// - Initialize the field to `None` in prior protocol versions.
517/// - Initialize the field to `Some(val)` for your new protocol version.
518/// - Add a public getter that simply unwraps the field.
519/// - Two public getters of the form `field(&self) -> field_type` and
520///   `field_as_option(&self) -> Option<field_type>` will be automatically
521///   generated for you.
522/// Example for a field: `new_constant: Option<u64>`
523/// ```rust,ignore
524///      pub fn new_constant(&self) -> u64 {
525///         self.new_constant.expect(Self::CONSTANT_ERR_MSG)
526///     }
527///      pub fn new_constant_as_option(&self) -> Option<u64> {
528///         self.new_constant.expect(Self::CONSTANT_ERR_MSG)
529///     }
530/// ```
531/// With `pub fn new_constant(&self) -> u64`, if the constant is accessed in a
532/// protocol version in which it is not defined, the validator will crash.
533/// (Crashing is necessary because this type of error would almost always result
534/// in forking if not prevented here). If you don't want the validator to crash,
535/// you can use the `pub fn new_constant_as_option(&self) -> Option<u64>`
536/// getter, which will return `None` if the field is not defined at that
537/// version.
538/// - If you want a customized getter, you can add a method in the impl.
539#[skip_serializing_none]
540#[derive(Clone, Serialize, Debug, ProtocolConfigAccessors, ProtocolConfigOverride)]
541pub struct ProtocolConfig {
542    pub version: ProtocolVersion,
543
544    feature_flags: FeatureFlags,
545
546    // ==== Transaction input limits ====
547
548    //
549    /// Maximum serialized size of a transaction (in bytes).
550    max_tx_size_bytes: Option<u64>,
551
552    /// Maximum number of input objects to a transaction. Enforced by the
553    /// transaction input checker
554    max_input_objects: Option<u64>,
555
556    /// Max size of objects a transaction can write to disk after completion.
557    /// Enforce by the IOTA adapter. This is the sum of the serialized size
558    /// of all objects written to disk. The max size of individual objects
559    /// on the other hand is `max_move_object_size`.
560    max_size_written_objects: Option<u64>,
561    /// Max size of objects a system transaction can write to disk after
562    /// completion. Enforce by the IOTA adapter. Similar to
563    /// `max_size_written_objects` but for system transactions.
564    max_size_written_objects_system_tx: Option<u64>,
565
566    /// Maximum size of serialized transaction effects.
567    max_serialized_tx_effects_size_bytes: Option<u64>,
568
569    /// Maximum size of serialized transaction effects for system transactions.
570    max_serialized_tx_effects_size_bytes_system_tx: Option<u64>,
571
572    /// Maximum number of gas payment objects for a transaction.
573    max_gas_payment_objects: Option<u32>,
574
575    /// Maximum number of modules in a Publish transaction.
576    max_modules_in_publish: Option<u32>,
577
578    /// Maximum number of transitive dependencies in a package when publishing.
579    max_package_dependencies: Option<u32>,
580
581    /// Maximum number of arguments in a move call or a
582    /// ProgrammableTransaction's TransferObjects command.
583    max_arguments: Option<u32>,
584
585    /// Maximum number of total type arguments, computed recursively.
586    max_type_arguments: Option<u32>,
587
588    /// Maximum depth of an individual type argument.
589    max_type_argument_depth: Option<u32>,
590
591    /// Maximum size of a Pure CallArg.
592    max_pure_argument_size: Option<u32>,
593
594    /// Maximum number of Commands in a ProgrammableTransaction.
595    max_programmable_tx_commands: Option<u32>,
596
597    // ==== Move VM, Move bytecode verifier, and execution limits ===
598
599    //
600    /// Maximum Move bytecode version the VM understands. All older versions are
601    /// accepted.
602    move_binary_format_version: Option<u32>,
603    min_move_binary_format_version: Option<u32>,
604
605    /// Configuration controlling binary tables size.
606    binary_module_handles: Option<u16>,
607    binary_struct_handles: Option<u16>,
608    binary_function_handles: Option<u16>,
609    binary_function_instantiations: Option<u16>,
610    binary_signatures: Option<u16>,
611    binary_constant_pool: Option<u16>,
612    binary_identifiers: Option<u16>,
613    binary_address_identifiers: Option<u16>,
614    binary_struct_defs: Option<u16>,
615    binary_struct_def_instantiations: Option<u16>,
616    binary_function_defs: Option<u16>,
617    binary_field_handles: Option<u16>,
618    binary_field_instantiations: Option<u16>,
619    binary_friend_decls: Option<u16>,
620    binary_enum_defs: Option<u16>,
621    binary_enum_def_instantiations: Option<u16>,
622    binary_variant_handles: Option<u16>,
623    binary_variant_instantiation_handles: Option<u16>,
624
625    /// Maximum size of the `contents` part of an object, in bytes. Enforced by
626    /// the IOTA adapter when effects are produced.
627    max_move_object_size: Option<u64>,
628
629    // TODO: Option<increase to 500 KB. currently, publishing a package > 500 KB exceeds the max
630    // computation gas cost
631    /// Maximum size of a Move package object, in bytes. Enforced by the IOTA
632    /// adapter at the end of a publish transaction.
633    max_move_package_size: Option<u64>,
634
635    /// Max number of publish or upgrade commands allowed in a programmable
636    /// transaction block.
637    max_publish_or_upgrade_per_ptb: Option<u64>,
638
639    /// Maximum gas budget in NANOS that a transaction can use.
640    max_tx_gas: Option<u64>,
641
642    /// Maximum gas budget in NANOS that a authentication transaction can use.
643    max_auth_gas: Option<u64>,
644
645    /// Maximum amount of the proposed gas price in NANOS (defined in the
646    /// transaction).
647    max_gas_price: Option<u64>,
648
649    /// The max computation bucket for gas. This is the max that can be charged
650    /// for computation.
651    max_gas_computation_bucket: Option<u64>,
652
653    // Define the value used to round up computation gas charges
654    gas_rounding_step: Option<u64>,
655
656    /// Maximum number of nested loops. Enforced by the Move bytecode verifier.
657    max_loop_depth: Option<u64>,
658
659    /// Maximum number of type arguments that can be bound to generic type
660    /// parameters. Enforced by the Move bytecode verifier.
661    max_generic_instantiation_length: Option<u64>,
662
663    /// Maximum number of parameters that a Move function can have. Enforced by
664    /// the Move bytecode verifier.
665    max_function_parameters: Option<u64>,
666
667    /// Maximum number of basic blocks that a Move function can have. Enforced
668    /// by the Move bytecode verifier.
669    max_basic_blocks: Option<u64>,
670
671    /// Maximum stack size value. Enforced by the Move bytecode verifier.
672    max_value_stack_size: Option<u64>,
673
674    /// Maximum number of "type nodes", a metric for how big a SignatureToken
675    /// will be when expanded into a fully qualified type. Enforced by the Move
676    /// bytecode verifier.
677    max_type_nodes: Option<u64>,
678
679    /// Maximum number of push instructions in one function. Enforced by the
680    /// Move bytecode verifier.
681    max_push_size: Option<u64>,
682
683    /// Maximum number of struct definitions in a module. Enforced by the Move
684    /// bytecode verifier.
685    max_struct_definitions: Option<u64>,
686
687    /// Maximum number of function definitions in a module. Enforced by the Move
688    /// bytecode verifier.
689    max_function_definitions: Option<u64>,
690
691    /// Maximum number of fields allowed in a struct definition. Enforced by the
692    /// Move bytecode verifier.
693    max_fields_in_struct: Option<u64>,
694
695    /// Maximum dependency depth. Enforced by the Move linker when loading
696    /// dependent modules.
697    max_dependency_depth: Option<u64>,
698
699    /// Maximum number of Move events that a single transaction can emit.
700    /// Enforced by the VM during execution.
701    max_num_event_emit: Option<u64>,
702
703    /// Maximum number of new IDs that a single transaction can create. Enforced
704    /// by the VM during execution.
705    max_num_new_move_object_ids: Option<u64>,
706
707    /// Maximum number of new IDs that a single system transaction can create.
708    /// Enforced by the VM during execution.
709    max_num_new_move_object_ids_system_tx: Option<u64>,
710
711    /// Maximum number of IDs that a single transaction can delete. Enforced by
712    /// the VM during execution.
713    max_num_deleted_move_object_ids: Option<u64>,
714
715    /// Maximum number of IDs that a single system transaction can delete.
716    /// Enforced by the VM during execution.
717    max_num_deleted_move_object_ids_system_tx: Option<u64>,
718
719    /// Maximum number of IDs that a single transaction can transfer. Enforced
720    /// by the VM during execution.
721    max_num_transferred_move_object_ids: Option<u64>,
722
723    /// Maximum number of IDs that a single system transaction can transfer.
724    /// Enforced by the VM during execution.
725    max_num_transferred_move_object_ids_system_tx: Option<u64>,
726
727    /// Maximum size of a Move user event. Enforced by the VM during execution.
728    max_event_emit_size: Option<u64>,
729
730    /// Maximum size of a Move user event. Enforced by the VM during execution.
731    max_event_emit_size_total: Option<u64>,
732
733    /// Maximum length of a vector in Move. Enforced by the VM during execution,
734    /// and for constants, by the verifier.
735    max_move_vector_len: Option<u64>,
736
737    /// Maximum length of an `Identifier` in Move. Enforced by the bytecode
738    /// verifier at signing.
739    max_move_identifier_len: Option<u64>,
740
741    /// Maximum depth of a Move value within the VM.
742    max_move_value_depth: Option<u64>,
743
744    /// Maximum number of variants in an enum. Enforced by the bytecode verifier
745    /// at signing.
746    max_move_enum_variants: Option<u64>,
747
748    /// Maximum number of back edges in Move function. Enforced by the bytecode
749    /// verifier at signing.
750    max_back_edges_per_function: Option<u64>,
751
752    /// Maximum number of back edges in Move module. Enforced by the bytecode
753    /// verifier at signing.
754    max_back_edges_per_module: Option<u64>,
755
756    /// Maximum number of meter `ticks` spent verifying a Move function.
757    /// Enforced by the bytecode verifier at signing.
758    max_verifier_meter_ticks_per_function: Option<u64>,
759
760    /// Maximum number of meter `ticks` spent verifying a Move function.
761    /// Enforced by the bytecode verifier at signing.
762    max_meter_ticks_per_module: Option<u64>,
763
764    /// Maximum number of meter `ticks` spent verifying a Move package. Enforced
765    /// by the bytecode verifier at signing.
766    max_meter_ticks_per_package: Option<u64>,
767
768    // === Object runtime internal operation limits ====
769    // These affect dynamic fields
770
771    //
772    /// Maximum number of cached objects in the object runtime ObjectStore.
773    /// Enforced by object runtime during execution
774    object_runtime_max_num_cached_objects: Option<u64>,
775
776    /// Maximum number of cached objects in the object runtime ObjectStore in
777    /// system transaction. Enforced by object runtime during execution
778    object_runtime_max_num_cached_objects_system_tx: Option<u64>,
779
780    /// Maximum number of stored objects accessed by object runtime ObjectStore.
781    /// Enforced by object runtime during execution
782    object_runtime_max_num_store_entries: Option<u64>,
783
784    /// Maximum number of stored objects accessed by object runtime ObjectStore
785    /// in system transaction. Enforced by object runtime during execution
786    object_runtime_max_num_store_entries_system_tx: Option<u64>,
787
788    // === Execution gas costs ====
789
790    //
791    /// Base cost for any IOTA transaction
792    base_tx_cost_fixed: Option<u64>,
793
794    /// Additional cost for a transaction that publishes a package
795    /// i.e., the base cost of such a transaction is base_tx_cost_fixed +
796    /// package_publish_cost_fixed
797    package_publish_cost_fixed: Option<u64>,
798
799    /// Cost per byte of a Move call transaction
800    /// i.e., the cost of such a transaction is base_cost +
801    /// (base_tx_cost_per_byte * size)
802    base_tx_cost_per_byte: Option<u64>,
803
804    /// Cost per byte for a transaction that publishes a package
805    package_publish_cost_per_byte: Option<u64>,
806
807    // Per-byte cost of reading an object during transaction execution
808    obj_access_cost_read_per_byte: Option<u64>,
809
810    // Per-byte cost of writing an object during transaction execution
811    obj_access_cost_mutate_per_byte: Option<u64>,
812
813    // Per-byte cost of deleting an object during transaction execution
814    obj_access_cost_delete_per_byte: Option<u64>,
815
816    /// Per-byte cost charged for each input object to a transaction.
817    /// Meant to approximate the cost of checking locks for each object
818    // TODO: Option<I'm not sure that this cost makes sense. Checking locks is "free"
819    // in the sense that an invalid tx that can never be committed/pay gas can
820    // force validators to check an arbitrary number of locks. If those checks are
821    // "free" for invalid transactions, why charge for them in valid transactions
822    // TODO: Option<if we keep this, I think we probably want it to be a fixed cost rather
823    // than a per-byte cost. checking an object lock should not require loading an
824    // entire object, just consulting an ID -> tx digest map
825    obj_access_cost_verify_per_byte: Option<u64>,
826
827    // Maximal nodes which are allowed when converting to a type layout.
828    max_type_to_layout_nodes: Option<u64>,
829
830    // Maximal size in bytes that a PTB value can be
831    max_ptb_value_size: Option<u64>,
832
833    // === Gas version. gas model ===
834
835    //
836    /// Gas model version, what code we are using to charge gas
837    gas_model_version: Option<u64>,
838
839    // === Storage gas costs ===
840
841    //
842    /// Per-byte cost of storing an object in the IOTA global object store. Some
843    /// of this cost may be refundable if the object is later freed
844    obj_data_cost_refundable: Option<u64>,
845
846    // Per-byte cost of storing an object in the IOTA transaction log (e.g., in
847    // CertifiedTransactionEffects) This depends on the size of various fields including the
848    // effects TODO: Option<I don't fully understand this^ and more details would be useful
849    obj_metadata_cost_non_refundable: Option<u64>,
850
851    // === Tokenomics ===
852
853    // TODO: Option<this should be changed to u64.
854    /// Sender of a txn that touches an object will get this percent of the
855    /// storage rebate back. In basis point.
856    storage_rebate_rate: Option<u64>,
857
858    /// The share of rewards that will be slashed and redistributed is 50%.
859    /// In basis point.
860    reward_slashing_rate: Option<u64>,
861
862    /// Unit storage gas price, Nanos per internal gas unit.
863    storage_gas_price: Option<u64>,
864
865    // Base gas price for computation gas, nanos per computation unit.
866    base_gas_price: Option<u64>,
867
868    /// The number of tokens minted as a validator subsidy per epoch.
869    validator_target_reward: Option<u64>,
870
871    // === Core Protocol ===
872
873    //
874    /// Max number of transactions per checkpoint.
875    /// Note that this is a protocol constant and not a config as validators
876    /// must have this set to the same value, otherwise they *will* fork.
877    max_transactions_per_checkpoint: Option<u64>,
878
879    /// Max size of a checkpoint in bytes.
880    /// Note that this is a protocol constant and not a config as validators
881    /// must have this set to the same value, otherwise they *will* fork.
882    max_checkpoint_size_bytes: Option<u64>,
883
884    /// A protocol upgrade always requires 2f+1 stake to agree. We support a
885    /// buffer of additional stake (as a fraction of f, expressed in basis
886    /// points) that is required before an upgrade can happen automatically.
887    /// 10000bps would indicate that complete unanimity is required (all
888    /// 3f+1 must vote), while 0bps would indicate that 2f+1 is sufficient.
889    buffer_stake_for_protocol_upgrade_bps: Option<u64>,
890
891    // === Native Function Costs ===
892
893    // `address` module
894    // Cost params for the Move native function `address::from_bytes(bytes: vector<u8>)`
895    address_from_bytes_cost_base: Option<u64>,
896    // Cost params for the Move native function `address::to_u256(address): u256`
897    address_to_u256_cost_base: Option<u64>,
898    // Cost params for the Move native function `address::from_u256(u256): address`
899    address_from_u256_cost_base: Option<u64>,
900
901    // `config` module
902    // Cost params for the Move native function `read_setting_impl<Name: copy + drop + store,
903    // SettingValue: key + store, SettingDataValue: store, Value: copy + drop + store,
904    // >(config: address, name: address, current_epoch: u64): Option<Value>`
905    config_read_setting_impl_cost_base: Option<u64>,
906    config_read_setting_impl_cost_per_byte: Option<u64>,
907
908    // `dynamic_field` module
909    // Cost params for the Move native function `hash_type_and_key<K: copy + drop + store>(parent:
910    // address, k: K): address`
911    dynamic_field_hash_type_and_key_cost_base: Option<u64>,
912    dynamic_field_hash_type_and_key_type_cost_per_byte: Option<u64>,
913    dynamic_field_hash_type_and_key_value_cost_per_byte: Option<u64>,
914    dynamic_field_hash_type_and_key_type_tag_cost_per_byte: Option<u64>,
915    // Cost params for the Move native function `add_child_object<Child: key>(parent: address,
916    // child: Child)`
917    dynamic_field_add_child_object_cost_base: Option<u64>,
918    dynamic_field_add_child_object_type_cost_per_byte: Option<u64>,
919    dynamic_field_add_child_object_value_cost_per_byte: Option<u64>,
920    dynamic_field_add_child_object_struct_tag_cost_per_byte: Option<u64>,
921    // Cost params for the Move native function `borrow_child_object_mut<Child: key>(parent: &mut
922    // UID, id: address): &mut Child`
923    dynamic_field_borrow_child_object_cost_base: Option<u64>,
924    dynamic_field_borrow_child_object_child_ref_cost_per_byte: Option<u64>,
925    dynamic_field_borrow_child_object_type_cost_per_byte: Option<u64>,
926    // Cost params for the Move native function `remove_child_object<Child: key>(parent: address,
927    // id: address): Child`
928    dynamic_field_remove_child_object_cost_base: Option<u64>,
929    dynamic_field_remove_child_object_child_cost_per_byte: Option<u64>,
930    dynamic_field_remove_child_object_type_cost_per_byte: Option<u64>,
931    // Cost params for the Move native function `has_child_object(parent: address, id: address):
932    // bool`
933    dynamic_field_has_child_object_cost_base: Option<u64>,
934    // Cost params for the Move native function `has_child_object_with_ty<Child: key>(parent:
935    // address, id: address): bool`
936    dynamic_field_has_child_object_with_ty_cost_base: Option<u64>,
937    dynamic_field_has_child_object_with_ty_type_cost_per_byte: Option<u64>,
938    dynamic_field_has_child_object_with_ty_type_tag_cost_per_byte: Option<u64>,
939
940    // `event` module
941    // Cost params for the Move native function `event::emit<T: copy + drop>(event: T)`
942    event_emit_cost_base: Option<u64>,
943    event_emit_value_size_derivation_cost_per_byte: Option<u64>,
944    event_emit_tag_size_derivation_cost_per_byte: Option<u64>,
945    event_emit_output_cost_per_byte: Option<u64>,
946
947    //  `object` module
948    // Cost params for the Move native function `borrow_uid<T: key>(obj: &T): &UID`
949    object_borrow_uid_cost_base: Option<u64>,
950    // Cost params for the Move native function `delete_impl(id: address)`
951    object_delete_impl_cost_base: Option<u64>,
952    // Cost params for the Move native function `record_new_uid(id: address)`
953    object_record_new_uid_cost_base: Option<u64>,
954
955    // Transfer
956    // Cost params for the Move native function `transfer_impl<T: key>(obj: T, recipient: address)`
957    transfer_transfer_internal_cost_base: Option<u64>,
958    // Cost params for the Move native function `freeze_object<T: key>(obj: T)`
959    transfer_freeze_object_cost_base: Option<u64>,
960    // Cost params for the Move native function `share_object<T: key>(obj: T)`
961    transfer_share_object_cost_base: Option<u64>,
962    // Cost params for the Move native function
963    // `receive_object<T: key>(p: &mut UID, recv: Receiving<T>T)`
964    transfer_receive_object_cost_base: Option<u64>,
965
966    // TxContext
967    // Cost params for the Move native function `transfer_impl<T: key>(obj: T, recipient: address)`
968    tx_context_derive_id_cost_base: Option<u64>,
969
970    // Types
971    // Cost params for the Move native function `is_one_time_witness<T: drop>(_: &T): bool`
972    types_is_one_time_witness_cost_base: Option<u64>,
973    types_is_one_time_witness_type_tag_cost_per_byte: Option<u64>,
974    types_is_one_time_witness_type_cost_per_byte: Option<u64>,
975
976    // Validator
977    // Cost params for the Move native function `validate_metadata_bcs(metadata: vector<u8>)`
978    validator_validate_metadata_cost_base: Option<u64>,
979    validator_validate_metadata_data_cost_per_byte: Option<u64>,
980
981    // Crypto natives
982    crypto_invalid_arguments_cost: Option<u64>,
983    // bls12381::bls12381_min_sig_verify
984    bls12381_bls12381_min_sig_verify_cost_base: Option<u64>,
985    bls12381_bls12381_min_sig_verify_msg_cost_per_byte: Option<u64>,
986    bls12381_bls12381_min_sig_verify_msg_cost_per_block: Option<u64>,
987
988    // bls12381::bls12381_min_pk_verify
989    bls12381_bls12381_min_pk_verify_cost_base: Option<u64>,
990    bls12381_bls12381_min_pk_verify_msg_cost_per_byte: Option<u64>,
991    bls12381_bls12381_min_pk_verify_msg_cost_per_block: Option<u64>,
992
993    // ecdsa_k1::ecrecover
994    ecdsa_k1_ecrecover_keccak256_cost_base: Option<u64>,
995    ecdsa_k1_ecrecover_keccak256_msg_cost_per_byte: Option<u64>,
996    ecdsa_k1_ecrecover_keccak256_msg_cost_per_block: Option<u64>,
997    ecdsa_k1_ecrecover_sha256_cost_base: Option<u64>,
998    ecdsa_k1_ecrecover_sha256_msg_cost_per_byte: Option<u64>,
999    ecdsa_k1_ecrecover_sha256_msg_cost_per_block: Option<u64>,
1000
1001    // ecdsa_k1::decompress_pubkey
1002    ecdsa_k1_decompress_pubkey_cost_base: Option<u64>,
1003
1004    // ecdsa_k1::secp256k1_verify
1005    ecdsa_k1_secp256k1_verify_keccak256_cost_base: Option<u64>,
1006    ecdsa_k1_secp256k1_verify_keccak256_msg_cost_per_byte: Option<u64>,
1007    ecdsa_k1_secp256k1_verify_keccak256_msg_cost_per_block: Option<u64>,
1008    ecdsa_k1_secp256k1_verify_sha256_cost_base: Option<u64>,
1009    ecdsa_k1_secp256k1_verify_sha256_msg_cost_per_byte: Option<u64>,
1010    ecdsa_k1_secp256k1_verify_sha256_msg_cost_per_block: Option<u64>,
1011
1012    // ecdsa_r1::ecrecover
1013    ecdsa_r1_ecrecover_keccak256_cost_base: Option<u64>,
1014    ecdsa_r1_ecrecover_keccak256_msg_cost_per_byte: Option<u64>,
1015    ecdsa_r1_ecrecover_keccak256_msg_cost_per_block: Option<u64>,
1016    ecdsa_r1_ecrecover_sha256_cost_base: Option<u64>,
1017    ecdsa_r1_ecrecover_sha256_msg_cost_per_byte: Option<u64>,
1018    ecdsa_r1_ecrecover_sha256_msg_cost_per_block: Option<u64>,
1019
1020    // ecdsa_r1::secp256k1_verify
1021    ecdsa_r1_secp256r1_verify_keccak256_cost_base: Option<u64>,
1022    ecdsa_r1_secp256r1_verify_keccak256_msg_cost_per_byte: Option<u64>,
1023    ecdsa_r1_secp256r1_verify_keccak256_msg_cost_per_block: Option<u64>,
1024    ecdsa_r1_secp256r1_verify_sha256_cost_base: Option<u64>,
1025    ecdsa_r1_secp256r1_verify_sha256_msg_cost_per_byte: Option<u64>,
1026    ecdsa_r1_secp256r1_verify_sha256_msg_cost_per_block: Option<u64>,
1027
1028    // ecvrf::verify
1029    ecvrf_ecvrf_verify_cost_base: Option<u64>,
1030    ecvrf_ecvrf_verify_alpha_string_cost_per_byte: Option<u64>,
1031    ecvrf_ecvrf_verify_alpha_string_cost_per_block: Option<u64>,
1032
1033    // ed25519
1034    ed25519_ed25519_verify_cost_base: Option<u64>,
1035    ed25519_ed25519_verify_msg_cost_per_byte: Option<u64>,
1036    ed25519_ed25519_verify_msg_cost_per_block: Option<u64>,
1037
1038    // groth16::prepare_verifying_key
1039    groth16_prepare_verifying_key_bls12381_cost_base: Option<u64>,
1040    groth16_prepare_verifying_key_bn254_cost_base: Option<u64>,
1041
1042    // groth16::verify_groth16_proof_internal
1043    groth16_verify_groth16_proof_internal_bls12381_cost_base: Option<u64>,
1044    groth16_verify_groth16_proof_internal_bls12381_cost_per_public_input: Option<u64>,
1045    groth16_verify_groth16_proof_internal_bn254_cost_base: Option<u64>,
1046    groth16_verify_groth16_proof_internal_bn254_cost_per_public_input: Option<u64>,
1047    groth16_verify_groth16_proof_internal_public_input_cost_per_byte: Option<u64>,
1048
1049    // hash::blake2b256
1050    hash_blake2b256_cost_base: Option<u64>,
1051    hash_blake2b256_data_cost_per_byte: Option<u64>,
1052    hash_blake2b256_data_cost_per_block: Option<u64>,
1053
1054    // hash::keccak256
1055    hash_keccak256_cost_base: Option<u64>,
1056    hash_keccak256_data_cost_per_byte: Option<u64>,
1057    hash_keccak256_data_cost_per_block: Option<u64>,
1058
1059    // poseidon::poseidon_bn254
1060    poseidon_bn254_cost_base: Option<u64>,
1061    poseidon_bn254_cost_per_block: Option<u64>,
1062
1063    // group_ops
1064    group_ops_bls12381_decode_scalar_cost: Option<u64>,
1065    group_ops_bls12381_decode_g1_cost: Option<u64>,
1066    group_ops_bls12381_decode_g2_cost: Option<u64>,
1067    group_ops_bls12381_decode_gt_cost: Option<u64>,
1068    group_ops_bls12381_scalar_add_cost: Option<u64>,
1069    group_ops_bls12381_g1_add_cost: Option<u64>,
1070    group_ops_bls12381_g2_add_cost: Option<u64>,
1071    group_ops_bls12381_gt_add_cost: Option<u64>,
1072    group_ops_bls12381_scalar_sub_cost: Option<u64>,
1073    group_ops_bls12381_g1_sub_cost: Option<u64>,
1074    group_ops_bls12381_g2_sub_cost: Option<u64>,
1075    group_ops_bls12381_gt_sub_cost: Option<u64>,
1076    group_ops_bls12381_scalar_mul_cost: Option<u64>,
1077    group_ops_bls12381_g1_mul_cost: Option<u64>,
1078    group_ops_bls12381_g2_mul_cost: Option<u64>,
1079    group_ops_bls12381_gt_mul_cost: Option<u64>,
1080    group_ops_bls12381_scalar_div_cost: Option<u64>,
1081    group_ops_bls12381_g1_div_cost: Option<u64>,
1082    group_ops_bls12381_g2_div_cost: Option<u64>,
1083    group_ops_bls12381_gt_div_cost: Option<u64>,
1084    group_ops_bls12381_g1_hash_to_base_cost: Option<u64>,
1085    group_ops_bls12381_g2_hash_to_base_cost: Option<u64>,
1086    group_ops_bls12381_g1_hash_to_cost_per_byte: Option<u64>,
1087    group_ops_bls12381_g2_hash_to_cost_per_byte: Option<u64>,
1088    group_ops_bls12381_g1_msm_base_cost: Option<u64>,
1089    group_ops_bls12381_g2_msm_base_cost: Option<u64>,
1090    group_ops_bls12381_g1_msm_base_cost_per_input: Option<u64>,
1091    group_ops_bls12381_g2_msm_base_cost_per_input: Option<u64>,
1092    group_ops_bls12381_msm_max_len: Option<u32>,
1093    group_ops_bls12381_pairing_cost: Option<u64>,
1094    group_ops_bls12381_g1_to_uncompressed_g1_cost: Option<u64>,
1095    group_ops_bls12381_uncompressed_g1_to_g1_cost: Option<u64>,
1096    group_ops_bls12381_uncompressed_g1_sum_base_cost: Option<u64>,
1097    group_ops_bls12381_uncompressed_g1_sum_cost_per_term: Option<u64>,
1098    group_ops_bls12381_uncompressed_g1_sum_max_terms: Option<u64>,
1099
1100    // hmac::hmac_sha3_256
1101    hmac_hmac_sha3_256_cost_base: Option<u64>,
1102    hmac_hmac_sha3_256_input_cost_per_byte: Option<u64>,
1103    hmac_hmac_sha3_256_input_cost_per_block: Option<u64>,
1104
1105    // zklogin::check_zklogin_id
1106    check_zklogin_id_cost_base: Option<u64>,
1107    // zklogin::check_zklogin_issuer
1108    check_zklogin_issuer_cost_base: Option<u64>,
1109
1110    vdf_verify_vdf_cost: Option<u64>,
1111    vdf_hash_to_input_cost: Option<u64>,
1112
1113    // Stdlib costs
1114    bcs_per_byte_serialized_cost: Option<u64>,
1115    bcs_legacy_min_output_size_cost: Option<u64>,
1116    bcs_failure_cost: Option<u64>,
1117
1118    hash_sha2_256_base_cost: Option<u64>,
1119    hash_sha2_256_per_byte_cost: Option<u64>,
1120    hash_sha2_256_legacy_min_input_len_cost: Option<u64>,
1121    hash_sha3_256_base_cost: Option<u64>,
1122    hash_sha3_256_per_byte_cost: Option<u64>,
1123    hash_sha3_256_legacy_min_input_len_cost: Option<u64>,
1124    type_name_get_base_cost: Option<u64>,
1125    type_name_get_per_byte_cost: Option<u64>,
1126
1127    string_check_utf8_base_cost: Option<u64>,
1128    string_check_utf8_per_byte_cost: Option<u64>,
1129    string_is_char_boundary_base_cost: Option<u64>,
1130    string_sub_string_base_cost: Option<u64>,
1131    string_sub_string_per_byte_cost: Option<u64>,
1132    string_index_of_base_cost: Option<u64>,
1133    string_index_of_per_byte_pattern_cost: Option<u64>,
1134    string_index_of_per_byte_searched_cost: Option<u64>,
1135
1136    vector_empty_base_cost: Option<u64>,
1137    vector_length_base_cost: Option<u64>,
1138    vector_push_back_base_cost: Option<u64>,
1139    vector_push_back_legacy_per_abstract_memory_unit_cost: Option<u64>,
1140    vector_borrow_base_cost: Option<u64>,
1141    vector_pop_back_base_cost: Option<u64>,
1142    vector_destroy_empty_base_cost: Option<u64>,
1143    vector_swap_base_cost: Option<u64>,
1144    debug_print_base_cost: Option<u64>,
1145    debug_print_stack_trace_base_cost: Option<u64>,
1146
1147    // === Execution Version ===
1148    execution_version: Option<u64>,
1149
1150    // Dictates the threshold (percentage of stake) that is used to calculate the "bad" nodes to be
1151    // swapped when creating the consensus schedule. The values should be of the range [0 - 33].
1152    // Anything above 33 (f) will not be allowed.
1153    consensus_bad_nodes_stake_threshold: Option<u64>,
1154
1155    max_jwk_votes_per_validator_per_epoch: Option<u64>,
1156    // The maximum age of a JWK in epochs before it is removed from the AuthenticatorState object.
1157    // Applied at the end of an epoch as a delta from the new epoch value, so setting this to 1
1158    // will cause the new epoch to start with JWKs from the previous epoch still valid.
1159    max_age_of_jwk_in_epochs: Option<u64>,
1160
1161    // === random beacon ===
1162    /// Maximum allowed precision loss when reducing voting weights for the
1163    /// random beacon protocol.
1164    random_beacon_reduction_allowed_delta: Option<u16>,
1165
1166    /// Minimum number of shares below which voting weights will not be reduced
1167    /// for the random beacon protocol.
1168    random_beacon_reduction_lower_bound: Option<u32>,
1169
1170    /// Consensus Round after which DKG should be aborted and randomness
1171    /// disabled for the epoch, if it hasn't already completed.
1172    random_beacon_dkg_timeout_round: Option<u32>,
1173
1174    /// Minimum interval between consecutive rounds of generated randomness.
1175    random_beacon_min_round_interval_ms: Option<u64>,
1176
1177    /// Version of the random beacon DKG protocol.
1178    /// 0 was deprecated (and currently not supported), 1 is the default
1179    /// version.
1180    random_beacon_dkg_version: Option<u64>,
1181
1182    /// The maximum serialized transaction size (in bytes) accepted by
1183    /// consensus. `consensus_max_transaction_size_bytes` should include
1184    /// space for additional metadata, on top of the `max_tx_size_bytes`
1185    /// value.
1186    consensus_max_transaction_size_bytes: Option<u64>,
1187    /// The maximum size of transactions included in a consensus block.
1188    consensus_max_transactions_in_block_bytes: Option<u64>,
1189    /// The maximum number of transactions included in a consensus block.
1190    consensus_max_num_transactions_in_block: Option<u64>,
1191
1192    /// The max number of consensus rounds a transaction can be deferred due to
1193    /// shared object congestion. Transactions will be cancelled after this
1194    /// many rounds.
1195    max_deferral_rounds_for_congestion_control: Option<u64>,
1196
1197    /// Minimum interval of commit timestamps between consecutive checkpoints.
1198    min_checkpoint_interval_ms: Option<u64>,
1199
1200    /// Version number to use for version_specific_data in `CheckpointSummary`.
1201    checkpoint_summary_version_specific_data: Option<u64>,
1202
1203    /// The max number of transactions that can be included in a single Soft
1204    /// Bundle.
1205    max_soft_bundle_size: Option<u64>,
1206
1207    /// Deprecated because of bridge removal.
1208    /// Whether to try to form bridge committee
1209    // Note: this is not a feature flag because we want to distinguish between
1210    // `None` and `Some(false)`, as committee was already finalized on Testnet.
1211    bridge_should_try_to_finalize_committee: Option<bool>,
1212
1213    /// The max accumulated txn execution cost per object in a mysticeti commit.
1214    /// Transactions in a commit will be deferred once their touch shared
1215    /// objects hit this limit. Note that if
1216    /// `max_congestion_limit_overshoot_per_commit` is set, this may be overshot
1217    /// within a single commit, but the limit will be enforced in the long run.
1218    max_accumulated_txn_cost_per_object_in_mysticeti_commit: Option<u64>,
1219
1220    /// Maximum number of committee (validators taking part in consensus)
1221    /// validators at any moment. We do not allow the number of committee
1222    /// validators in any epoch to go above this.
1223    max_committee_members_count: Option<u64>,
1224
1225    /// Configures the garbage collection depth for consensus. When is unset or
1226    /// `0` then the garbage collection is disabled.
1227    consensus_gc_depth: Option<u32>,
1228
1229    /// Configures the maximum number of acknowledgments to be included in a
1230    /// block. It must be reasonably larger than the number of validators
1231    /// because not all validators create their blocks at the same pace.
1232    /// Default value set to 400. (5 x expected committee size (80)).
1233    /// Applicable only to `starfish` consensus.
1234    consensus_max_acknowledgments_per_block: Option<u32>,
1235
1236    /// The maximum amount that is allowed to overshoot the congestion limit
1237    /// specified by 'max_accumulated_txn_cost_per_object_in_mysticeti_commit'
1238    /// for any single commit. Any overshoot is tracked as a debt that must
1239    /// be accounted for in subsequent commits.
1240    max_congestion_limit_overshoot_per_commit: Option<u64>,
1241
1242    /// Scorer version. When set to `None`, MisbehaviorReports are not sent nor
1243    /// considered valid. When set to `Some(version)`, scores are included in
1244    /// the MisbehaviorReports messages, where `version` determines the scoring
1245    /// formulas and metrics to be used. Even if set to None, the Scorer
1246    /// component is created, having access to metrics and being able to expose
1247    /// validator scores.
1248    scorer_version: Option<u16>,
1249}
1250
1251// feature flags
1252impl ProtocolConfig {
1253    // Add checks for feature flag support here, e.g.:
1254    // pub fn check_new_protocol_feature_supported(&self) -> Result<(), Error> {
1255    //     if self.feature_flags.new_protocol_feature_supported {
1256    //         Ok(())
1257    //     } else {
1258    //         Err(Error(format!(
1259    //             "new_protocol_feature is not supported at {:?}",
1260    //             self.version
1261    //         )))
1262    //     }
1263    // }
1264
1265    pub fn disable_invariant_violation_check_in_swap_loc(&self) -> bool {
1266        self.feature_flags
1267            .disable_invariant_violation_check_in_swap_loc
1268    }
1269
1270    pub fn no_extraneous_module_bytes(&self) -> bool {
1271        self.feature_flags.no_extraneous_module_bytes
1272    }
1273
1274    pub fn zklogin_auth(&self) -> bool {
1275        self.feature_flags.zklogin_auth
1276    }
1277
1278    pub fn consensus_transaction_ordering(&self) -> ConsensusTransactionOrdering {
1279        self.feature_flags.consensus_transaction_ordering
1280    }
1281
1282    pub fn enable_jwk_consensus_updates(&self) -> bool {
1283        self.feature_flags.enable_jwk_consensus_updates
1284    }
1285
1286    // this function only exists for readability in the genesis code.
1287    pub fn create_authenticator_state_in_genesis(&self) -> bool {
1288        self.enable_jwk_consensus_updates()
1289    }
1290
1291    pub fn dkg_version(&self) -> u64 {
1292        // Version 0 was deprecated and removed, the default is 1 if not set.
1293        self.random_beacon_dkg_version.unwrap_or(1)
1294    }
1295
1296    pub fn accept_zklogin_in_multisig(&self) -> bool {
1297        self.feature_flags.accept_zklogin_in_multisig
1298    }
1299
1300    pub fn zklogin_max_epoch_upper_bound_delta(&self) -> Option<u64> {
1301        self.feature_flags.zklogin_max_epoch_upper_bound_delta
1302    }
1303
1304    pub fn hardened_otw_check(&self) -> bool {
1305        self.feature_flags.hardened_otw_check
1306    }
1307
1308    pub fn enable_poseidon(&self) -> bool {
1309        self.feature_flags.enable_poseidon
1310    }
1311
1312    pub fn enable_group_ops_native_function_msm(&self) -> bool {
1313        self.feature_flags.enable_group_ops_native_function_msm
1314    }
1315
1316    pub fn per_object_congestion_control_mode(&self) -> PerObjectCongestionControlMode {
1317        self.feature_flags.per_object_congestion_control_mode
1318    }
1319
1320    pub fn consensus_choice(&self) -> ConsensusChoice {
1321        self.feature_flags.consensus_choice
1322    }
1323
1324    pub fn consensus_network(&self) -> ConsensusNetwork {
1325        self.feature_flags.consensus_network
1326    }
1327
1328    pub fn enable_vdf(&self) -> bool {
1329        self.feature_flags.enable_vdf
1330    }
1331
1332    pub fn passkey_auth(&self) -> bool {
1333        self.feature_flags.passkey_auth
1334    }
1335
1336    pub fn max_transaction_size_bytes(&self) -> u64 {
1337        // Provide a default value if protocol config version is too low.
1338        self.consensus_max_transaction_size_bytes
1339            .unwrap_or(256 * 1024)
1340    }
1341
1342    pub fn max_transactions_in_block_bytes(&self) -> u64 {
1343        if cfg!(msim) {
1344            256 * 1024
1345        } else {
1346            self.consensus_max_transactions_in_block_bytes
1347                .unwrap_or(512 * 1024)
1348        }
1349    }
1350
1351    pub fn max_num_transactions_in_block(&self) -> u64 {
1352        if cfg!(msim) {
1353            8
1354        } else {
1355            self.consensus_max_num_transactions_in_block.unwrap_or(512)
1356        }
1357    }
1358
1359    pub fn rethrow_serialization_type_layout_errors(&self) -> bool {
1360        self.feature_flags.rethrow_serialization_type_layout_errors
1361    }
1362
1363    pub fn relocate_event_module(&self) -> bool {
1364        self.feature_flags.relocate_event_module
1365    }
1366
1367    pub fn protocol_defined_base_fee(&self) -> bool {
1368        self.feature_flags.protocol_defined_base_fee
1369    }
1370
1371    pub fn uncompressed_g1_group_elements(&self) -> bool {
1372        self.feature_flags.uncompressed_g1_group_elements
1373    }
1374
1375    pub fn disallow_new_modules_in_deps_only_packages(&self) -> bool {
1376        self.feature_flags
1377            .disallow_new_modules_in_deps_only_packages
1378    }
1379
1380    pub fn native_charging_v2(&self) -> bool {
1381        self.feature_flags.native_charging_v2
1382    }
1383
1384    pub fn consensus_round_prober(&self) -> bool {
1385        self.feature_flags.consensus_round_prober
1386    }
1387
1388    pub fn consensus_distributed_vote_scoring_strategy(&self) -> bool {
1389        self.feature_flags
1390            .consensus_distributed_vote_scoring_strategy
1391    }
1392
1393    pub fn gc_depth(&self) -> u32 {
1394        if cfg!(msim) {
1395            // exercise a very low gc_depth
1396            min(5, self.consensus_gc_depth.unwrap_or(0))
1397        } else {
1398            self.consensus_gc_depth.unwrap_or(0)
1399        }
1400    }
1401
1402    pub fn consensus_linearize_subdag_v2(&self) -> bool {
1403        let res = self.feature_flags.consensus_linearize_subdag_v2;
1404        assert!(
1405            !res || self.gc_depth() > 0,
1406            "The consensus linearize sub dag V2 requires GC to be enabled"
1407        );
1408        res
1409    }
1410
1411    pub fn consensus_max_acknowledgments_per_block_or_default(&self) -> u32 {
1412        self.consensus_max_acknowledgments_per_block.unwrap_or(400)
1413    }
1414
1415    pub fn variant_nodes(&self) -> bool {
1416        self.feature_flags.variant_nodes
1417    }
1418
1419    pub fn consensus_smart_ancestor_selection(&self) -> bool {
1420        self.feature_flags.consensus_smart_ancestor_selection
1421    }
1422
1423    pub fn consensus_round_prober_probe_accepted_rounds(&self) -> bool {
1424        self.feature_flags
1425            .consensus_round_prober_probe_accepted_rounds
1426    }
1427
1428    pub fn consensus_zstd_compression(&self) -> bool {
1429        self.feature_flags.consensus_zstd_compression
1430    }
1431
1432    pub fn congestion_control_min_free_execution_slot(&self) -> bool {
1433        self.feature_flags
1434            .congestion_control_min_free_execution_slot
1435    }
1436
1437    pub fn accept_passkey_in_multisig(&self) -> bool {
1438        self.feature_flags.accept_passkey_in_multisig
1439    }
1440
1441    pub fn consensus_batched_block_sync(&self) -> bool {
1442        self.feature_flags.consensus_batched_block_sync
1443    }
1444
1445    /// Check if the gas price feedback mechanism (which is used for
1446    /// transactions cancelled due to shared object congestion) is enabled
1447    pub fn congestion_control_gas_price_feedback_mechanism(&self) -> bool {
1448        self.feature_flags
1449            .congestion_control_gas_price_feedback_mechanism
1450    }
1451
1452    pub fn validate_identifier_inputs(&self) -> bool {
1453        self.feature_flags.validate_identifier_inputs
1454    }
1455
1456    pub fn minimize_child_object_mutations(&self) -> bool {
1457        self.feature_flags.minimize_child_object_mutations
1458    }
1459
1460    pub fn dependency_linkage_error(&self) -> bool {
1461        self.feature_flags.dependency_linkage_error
1462    }
1463
1464    pub fn additional_multisig_checks(&self) -> bool {
1465        self.feature_flags.additional_multisig_checks
1466    }
1467
1468    pub fn consensus_num_requested_prior_commits_at_startup(&self) -> u32 {
1469        // TODO: this will eventually be the max of some number of other
1470        // parameters.
1471        0
1472    }
1473
1474    pub fn normalize_ptb_arguments(&self) -> bool {
1475        self.feature_flags.normalize_ptb_arguments
1476    }
1477
1478    pub fn select_committee_from_eligible_validators(&self) -> bool {
1479        let res = self.feature_flags.select_committee_from_eligible_validators;
1480        assert!(
1481            !res || (self.protocol_defined_base_fee()
1482                && self.max_committee_members_count_as_option().is_some()),
1483            "select_committee_from_eligible_validators requires protocol_defined_base_fee and max_committee_members_count to be set"
1484        );
1485        res
1486    }
1487
1488    pub fn track_non_committee_eligible_validators(&self) -> bool {
1489        self.feature_flags.track_non_committee_eligible_validators
1490    }
1491
1492    pub fn select_committee_supporting_next_epoch_version(&self) -> bool {
1493        let res = self
1494            .feature_flags
1495            .select_committee_supporting_next_epoch_version;
1496        assert!(
1497            !res || (self.track_non_committee_eligible_validators()
1498                && self.select_committee_from_eligible_validators()),
1499            "select_committee_supporting_next_epoch_version requires select_committee_from_eligible_validators to be set"
1500        );
1501        res
1502    }
1503
1504    pub fn consensus_median_timestamp_with_checkpoint_enforcement(&self) -> bool {
1505        let res = self
1506            .feature_flags
1507            .consensus_median_timestamp_with_checkpoint_enforcement;
1508        assert!(
1509            !res || self.gc_depth() > 0,
1510            "The consensus median timestamp with checkpoint enforcement requires GC to be enabled"
1511        );
1512        res
1513    }
1514
1515    pub fn consensus_commit_transactions_only_for_traversed_headers(&self) -> bool {
1516        self.feature_flags
1517            .consensus_commit_transactions_only_for_traversed_headers
1518    }
1519
1520    /// Check whether congestion limit overshoot is enabled in the gas price
1521    /// feedback mechanism.
1522    pub fn congestion_limit_overshoot_in_gas_price_feedback_mechanism(&self) -> bool {
1523        self.feature_flags
1524            .congestion_limit_overshoot_in_gas_price_feedback_mechanism
1525    }
1526
1527    /// Check whether a separate gas price feedback mechanism is used for
1528    /// randomness transactions.
1529    pub fn separate_gas_price_feedback_mechanism_for_randomness(&self) -> bool {
1530        self.feature_flags
1531            .separate_gas_price_feedback_mechanism_for_randomness
1532    }
1533
1534    pub fn metadata_in_module_bytes(&self) -> bool {
1535        self.feature_flags.metadata_in_module_bytes
1536    }
1537
1538    pub fn publish_package_metadata(&self) -> bool {
1539        self.feature_flags.publish_package_metadata
1540    }
1541
1542    pub fn enable_move_authentication(&self) -> bool {
1543        self.feature_flags.enable_move_authentication
1544    }
1545
1546    pub fn pass_validator_scores_to_advance_epoch(&self) -> bool {
1547        self.feature_flags.pass_validator_scores_to_advance_epoch
1548    }
1549
1550    pub fn calculate_validator_scores(&self) -> bool {
1551        let calculate_validator_scores = self.feature_flags.calculate_validator_scores;
1552        assert!(
1553            !calculate_validator_scores || self.scorer_version.is_some(),
1554            "calculate_validator_scores requires scorer_version to be set"
1555        );
1556        calculate_validator_scores
1557    }
1558
1559    pub fn adjust_rewards_by_score(&self) -> bool {
1560        let adjust = self.feature_flags.adjust_rewards_by_score;
1561        assert!(
1562            !adjust || (self.scorer_version.is_some() && self.calculate_validator_scores()),
1563            "adjust_rewards_by_score requires scorer_version to be set"
1564        );
1565        adjust
1566    }
1567
1568    pub fn pass_calculated_validator_scores_to_advance_epoch(&self) -> bool {
1569        let pass = self
1570            .feature_flags
1571            .pass_calculated_validator_scores_to_advance_epoch;
1572        assert!(
1573            !pass
1574                || (self.pass_validator_scores_to_advance_epoch()
1575                    && self.calculate_validator_scores()),
1576            "pass_calculated_validator_scores_to_advance_epoch requires pass_validator_scores_to_advance_epoch and calculate_validator_scores to be enabled"
1577        );
1578        pass
1579    }
1580}
1581
1582#[cfg(not(msim))]
1583static POISON_VERSION_METHODS: AtomicBool = const { AtomicBool::new(false) };
1584
1585// Use a thread local in sim tests for test isolation.
1586#[cfg(msim)]
1587thread_local! {
1588    static POISON_VERSION_METHODS: AtomicBool = const { AtomicBool::new(false) };
1589}
1590
1591// Instantiations for each protocol version.
1592impl ProtocolConfig {
1593    /// Get the value ProtocolConfig that are in effect during the given
1594    /// protocol version.
1595    pub fn get_for_version(version: ProtocolVersion, chain: Chain) -> Self {
1596        // ProtocolVersion can be deserialized so we need to check it here as well.
1597        assert!(
1598            version >= ProtocolVersion::MIN,
1599            "Network protocol version is {:?}, but the minimum supported version by the binary is {:?}. Please upgrade the binary.",
1600            version,
1601            ProtocolVersion::MIN.0,
1602        );
1603        assert!(
1604            version <= ProtocolVersion::MAX_ALLOWED,
1605            "Network protocol version is {:?}, but the maximum supported version by the binary is {:?}. Please upgrade the binary.",
1606            version,
1607            ProtocolVersion::MAX_ALLOWED.0,
1608        );
1609
1610        let mut ret = Self::get_for_version_impl(version, chain);
1611        ret.version = version;
1612
1613        ret = CONFIG_OVERRIDE.with(|ovr| {
1614            if let Some(override_fn) = &*ovr.borrow() {
1615                warn!(
1616                    "overriding ProtocolConfig settings with custom settings (you should not see this log outside of tests)"
1617                );
1618                override_fn(version, ret)
1619            } else {
1620                ret
1621            }
1622        });
1623
1624        if std::env::var("IOTA_PROTOCOL_CONFIG_OVERRIDE_ENABLE").is_ok() {
1625            warn!(
1626                "overriding ProtocolConfig settings with custom settings; this may break non-local networks"
1627            );
1628            let overrides: ProtocolConfigOptional =
1629                serde_env::from_env_with_prefix("IOTA_PROTOCOL_CONFIG_OVERRIDE")
1630                    .expect("failed to parse ProtocolConfig override env variables");
1631            overrides.apply_to(&mut ret);
1632        }
1633
1634        ret
1635    }
1636
1637    /// Get the value ProtocolConfig that are in effect during the given
1638    /// protocol version. Or none if the version is not supported.
1639    pub fn get_for_version_if_supported(version: ProtocolVersion, chain: Chain) -> Option<Self> {
1640        if version.0 >= ProtocolVersion::MIN.0 && version.0 <= ProtocolVersion::MAX_ALLOWED.0 {
1641            let mut ret = Self::get_for_version_impl(version, chain);
1642            ret.version = version;
1643            Some(ret)
1644        } else {
1645            None
1646        }
1647    }
1648
1649    #[cfg(not(msim))]
1650    pub fn poison_get_for_min_version() {
1651        POISON_VERSION_METHODS.store(true, Ordering::Relaxed);
1652    }
1653
1654    #[cfg(not(msim))]
1655    fn load_poison_get_for_min_version() -> bool {
1656        POISON_VERSION_METHODS.load(Ordering::Relaxed)
1657    }
1658
1659    #[cfg(msim)]
1660    pub fn poison_get_for_min_version() {
1661        POISON_VERSION_METHODS.with(|p| p.store(true, Ordering::Relaxed));
1662    }
1663
1664    #[cfg(msim)]
1665    fn load_poison_get_for_min_version() -> bool {
1666        POISON_VERSION_METHODS.with(|p| p.load(Ordering::Relaxed))
1667    }
1668
1669    pub fn convert_type_argument_error(&self) -> bool {
1670        self.feature_flags.convert_type_argument_error
1671    }
1672
1673    /// Convenience to get the constants at the current minimum supported
1674    /// version. Mainly used by client code that may not yet be
1675    /// protocol-version aware.
1676    pub fn get_for_min_version() -> Self {
1677        if Self::load_poison_get_for_min_version() {
1678            panic!("get_for_min_version called on validator");
1679        }
1680        ProtocolConfig::get_for_version(ProtocolVersion::MIN, Chain::Unknown)
1681    }
1682
1683    /// CAREFUL! - You probably want to use `get_for_version` instead.
1684    ///
1685    /// Convenience to get the constants at the current maximum supported
1686    /// version. Mainly used by genesis. Note well that this function uses
1687    /// the max version supported locally by the node, which is not
1688    /// necessarily the current version of the network. ALSO, this function
1689    /// disregards chain specific config (by using Chain::Unknown), thereby
1690    /// potentially returning a protocol config that is incorrect for some
1691    /// feature flags. Definitely safe for testing and for protocol version
1692    /// 11 and prior.
1693    #[expect(non_snake_case)]
1694    pub fn get_for_max_version_UNSAFE() -> Self {
1695        if Self::load_poison_get_for_min_version() {
1696            panic!("get_for_max_version_UNSAFE called on validator");
1697        }
1698        ProtocolConfig::get_for_version(ProtocolVersion::MAX, Chain::Unknown)
1699    }
1700
1701    fn get_for_version_impl(version: ProtocolVersion, chain: Chain) -> Self {
1702        #[cfg(msim)]
1703        {
1704            // populate the fake simulator version # with a different base tx cost.
1705            if version > ProtocolVersion::MAX {
1706                let mut config = Self::get_for_version_impl(ProtocolVersion::MAX, Chain::Unknown);
1707                config.base_tx_cost_fixed = Some(config.base_tx_cost_fixed() + 1000);
1708                return config;
1709            }
1710        }
1711
1712        // IMPORTANT: Never modify the value of any constant for a pre-existing protocol
1713        // version. To change the values here you must create a new protocol
1714        // version with the new values!
1715        let mut cfg = Self {
1716            version,
1717
1718            feature_flags: Default::default(),
1719
1720            max_tx_size_bytes: Some(128 * 1024),
1721            // We need this number to be at least 100x less than
1722            // `max_serialized_tx_effects_size_bytes`otherwise effects can be huge
1723            max_input_objects: Some(2048),
1724            max_serialized_tx_effects_size_bytes: Some(512 * 1024),
1725            max_serialized_tx_effects_size_bytes_system_tx: Some(512 * 1024 * 16),
1726            max_gas_payment_objects: Some(256),
1727            max_modules_in_publish: Some(64),
1728            max_package_dependencies: Some(32),
1729            max_arguments: Some(512),
1730            max_type_arguments: Some(16),
1731            max_type_argument_depth: Some(16),
1732            max_pure_argument_size: Some(16 * 1024),
1733            max_programmable_tx_commands: Some(1024),
1734            move_binary_format_version: Some(7),
1735            min_move_binary_format_version: Some(6),
1736            binary_module_handles: Some(100),
1737            binary_struct_handles: Some(300),
1738            binary_function_handles: Some(1500),
1739            binary_function_instantiations: Some(750),
1740            binary_signatures: Some(1000),
1741            binary_constant_pool: Some(4000),
1742            binary_identifiers: Some(10000),
1743            binary_address_identifiers: Some(100),
1744            binary_struct_defs: Some(200),
1745            binary_struct_def_instantiations: Some(100),
1746            binary_function_defs: Some(1000),
1747            binary_field_handles: Some(500),
1748            binary_field_instantiations: Some(250),
1749            binary_friend_decls: Some(100),
1750            binary_enum_defs: None,
1751            binary_enum_def_instantiations: None,
1752            binary_variant_handles: None,
1753            binary_variant_instantiation_handles: None,
1754            max_move_object_size: Some(250 * 1024),
1755            max_move_package_size: Some(100 * 1024),
1756            max_publish_or_upgrade_per_ptb: Some(5),
1757            // max gas budget for an authentication is in NANOS
1758            max_auth_gas: None,
1759            // max gas budget is in NANOS and an absolute value 50IOTA
1760            max_tx_gas: Some(50_000_000_000),
1761            max_gas_price: Some(100_000),
1762            max_gas_computation_bucket: Some(5_000_000),
1763            max_loop_depth: Some(5),
1764            max_generic_instantiation_length: Some(32),
1765            max_function_parameters: Some(128),
1766            max_basic_blocks: Some(1024),
1767            max_value_stack_size: Some(1024),
1768            max_type_nodes: Some(256),
1769            max_push_size: Some(10000),
1770            max_struct_definitions: Some(200),
1771            max_function_definitions: Some(1000),
1772            max_fields_in_struct: Some(32),
1773            max_dependency_depth: Some(100),
1774            max_num_event_emit: Some(1024),
1775            max_num_new_move_object_ids: Some(2048),
1776            max_num_new_move_object_ids_system_tx: Some(2048 * 16),
1777            max_num_deleted_move_object_ids: Some(2048),
1778            max_num_deleted_move_object_ids_system_tx: Some(2048 * 16),
1779            max_num_transferred_move_object_ids: Some(2048),
1780            max_num_transferred_move_object_ids_system_tx: Some(2048 * 16),
1781            max_event_emit_size: Some(250 * 1024),
1782            max_move_vector_len: Some(256 * 1024),
1783            max_type_to_layout_nodes: None,
1784            max_ptb_value_size: None,
1785
1786            max_back_edges_per_function: Some(10_000),
1787            max_back_edges_per_module: Some(10_000),
1788
1789            max_verifier_meter_ticks_per_function: Some(16_000_000),
1790
1791            max_meter_ticks_per_module: Some(16_000_000),
1792            max_meter_ticks_per_package: Some(16_000_000),
1793
1794            object_runtime_max_num_cached_objects: Some(1000),
1795            object_runtime_max_num_cached_objects_system_tx: Some(1000 * 16),
1796            object_runtime_max_num_store_entries: Some(1000),
1797            object_runtime_max_num_store_entries_system_tx: Some(1000 * 16),
1798            // min gas budget is in NANOS and an absolute value 1000 NANOS or 0.000001IOTA
1799            base_tx_cost_fixed: Some(1_000),
1800            package_publish_cost_fixed: Some(1_000),
1801            base_tx_cost_per_byte: Some(0),
1802            package_publish_cost_per_byte: Some(80),
1803            obj_access_cost_read_per_byte: Some(15),
1804            obj_access_cost_mutate_per_byte: Some(40),
1805            obj_access_cost_delete_per_byte: Some(40),
1806            obj_access_cost_verify_per_byte: Some(200),
1807            obj_data_cost_refundable: Some(100),
1808            obj_metadata_cost_non_refundable: Some(50),
1809            gas_model_version: Some(1),
1810            storage_rebate_rate: Some(10000),
1811            // Change reward slashing rate to 100%.
1812            reward_slashing_rate: Some(10000),
1813            storage_gas_price: Some(76),
1814            base_gas_price: None,
1815            // The initial subsidy (target reward) for validators per epoch.
1816            // Refer to the IOTA tokenomics for the origin of this value.
1817            validator_target_reward: Some(767_000 * 1_000_000_000),
1818            max_transactions_per_checkpoint: Some(10_000),
1819            max_checkpoint_size_bytes: Some(30 * 1024 * 1024),
1820
1821            // For now, perform upgrades with a bare quorum of validators.
1822            buffer_stake_for_protocol_upgrade_bps: Some(5000),
1823
1824            // === Native Function Costs ===
1825            // `address` module
1826            // Cost params for the Move native function `address::from_bytes(bytes: vector<u8>)`
1827            address_from_bytes_cost_base: Some(52),
1828            // Cost params for the Move native function `address::to_u256(address): u256`
1829            address_to_u256_cost_base: Some(52),
1830            // Cost params for the Move native function `address::from_u256(u256): address`
1831            address_from_u256_cost_base: Some(52),
1832
1833            // `config` module
1834            // Cost params for the Move native function `read_setting_impl``
1835            config_read_setting_impl_cost_base: Some(100),
1836            config_read_setting_impl_cost_per_byte: Some(40),
1837
1838            // `dynamic_field` module
1839            // Cost params for the Move native function `hash_type_and_key<K: copy + drop +
1840            // store>(parent: address, k: K): address`
1841            dynamic_field_hash_type_and_key_cost_base: Some(100),
1842            dynamic_field_hash_type_and_key_type_cost_per_byte: Some(2),
1843            dynamic_field_hash_type_and_key_value_cost_per_byte: Some(2),
1844            dynamic_field_hash_type_and_key_type_tag_cost_per_byte: Some(2),
1845            // Cost params for the Move native function `add_child_object<Child: key>(parent:
1846            // address, child: Child)`
1847            dynamic_field_add_child_object_cost_base: Some(100),
1848            dynamic_field_add_child_object_type_cost_per_byte: Some(10),
1849            dynamic_field_add_child_object_value_cost_per_byte: Some(10),
1850            dynamic_field_add_child_object_struct_tag_cost_per_byte: Some(10),
1851            // Cost params for the Move native function `borrow_child_object_mut<Child: key>(parent:
1852            // &mut UID, id: address): &mut Child`
1853            dynamic_field_borrow_child_object_cost_base: Some(100),
1854            dynamic_field_borrow_child_object_child_ref_cost_per_byte: Some(10),
1855            dynamic_field_borrow_child_object_type_cost_per_byte: Some(10),
1856            // Cost params for the Move native function `remove_child_object<Child: key>(parent:
1857            // address, id: address): Child`
1858            dynamic_field_remove_child_object_cost_base: Some(100),
1859            dynamic_field_remove_child_object_child_cost_per_byte: Some(2),
1860            dynamic_field_remove_child_object_type_cost_per_byte: Some(2),
1861            // Cost params for the Move native function `has_child_object(parent: address, id:
1862            // address): bool`
1863            dynamic_field_has_child_object_cost_base: Some(100),
1864            // Cost params for the Move native function `has_child_object_with_ty<Child:
1865            // key>(parent: address, id: address): bool`
1866            dynamic_field_has_child_object_with_ty_cost_base: Some(100),
1867            dynamic_field_has_child_object_with_ty_type_cost_per_byte: Some(2),
1868            dynamic_field_has_child_object_with_ty_type_tag_cost_per_byte: Some(2),
1869
1870            // `event` module
1871            // Cost params for the Move native function `event::emit<T: copy + drop>(event: T)`
1872            event_emit_cost_base: Some(52),
1873            event_emit_value_size_derivation_cost_per_byte: Some(2),
1874            event_emit_tag_size_derivation_cost_per_byte: Some(5),
1875            event_emit_output_cost_per_byte: Some(10),
1876
1877            //  `object` module
1878            // Cost params for the Move native function `borrow_uid<T: key>(obj: &T): &UID`
1879            object_borrow_uid_cost_base: Some(52),
1880            // Cost params for the Move native function `delete_impl(id: address)`
1881            object_delete_impl_cost_base: Some(52),
1882            // Cost params for the Move native function `record_new_uid(id: address)`
1883            object_record_new_uid_cost_base: Some(52),
1884
1885            // `transfer` module
1886            // Cost params for the Move native function `transfer_impl<T: key>(obj: T, recipient:
1887            // address)`
1888            transfer_transfer_internal_cost_base: Some(52),
1889            // Cost params for the Move native function `freeze_object<T: key>(obj: T)`
1890            transfer_freeze_object_cost_base: Some(52),
1891            // Cost params for the Move native function `share_object<T: key>(obj: T)`
1892            transfer_share_object_cost_base: Some(52),
1893            transfer_receive_object_cost_base: Some(52),
1894
1895            // `tx_context` module
1896            // Cost params for the Move native function `transfer_impl<T: key>(obj: T, recipient:
1897            // address)`
1898            tx_context_derive_id_cost_base: Some(52),
1899
1900            // `types` module
1901            // Cost params for the Move native function `is_one_time_witness<T: drop>(_: &T): bool`
1902            types_is_one_time_witness_cost_base: Some(52),
1903            types_is_one_time_witness_type_tag_cost_per_byte: Some(2),
1904            types_is_one_time_witness_type_cost_per_byte: Some(2),
1905
1906            // `validator` module
1907            // Cost params for the Move native function `validate_metadata_bcs(metadata:
1908            // vector<u8>)`
1909            validator_validate_metadata_cost_base: Some(52),
1910            validator_validate_metadata_data_cost_per_byte: Some(2),
1911
1912            // Crypto
1913            crypto_invalid_arguments_cost: Some(100),
1914            // bls12381::bls12381_min_pk_verify
1915            bls12381_bls12381_min_sig_verify_cost_base: Some(52),
1916            bls12381_bls12381_min_sig_verify_msg_cost_per_byte: Some(2),
1917            bls12381_bls12381_min_sig_verify_msg_cost_per_block: Some(2),
1918
1919            // bls12381::bls12381_min_pk_verify
1920            bls12381_bls12381_min_pk_verify_cost_base: Some(52),
1921            bls12381_bls12381_min_pk_verify_msg_cost_per_byte: Some(2),
1922            bls12381_bls12381_min_pk_verify_msg_cost_per_block: Some(2),
1923
1924            // ecdsa_k1::ecrecover
1925            ecdsa_k1_ecrecover_keccak256_cost_base: Some(52),
1926            ecdsa_k1_ecrecover_keccak256_msg_cost_per_byte: Some(2),
1927            ecdsa_k1_ecrecover_keccak256_msg_cost_per_block: Some(2),
1928            ecdsa_k1_ecrecover_sha256_cost_base: Some(52),
1929            ecdsa_k1_ecrecover_sha256_msg_cost_per_byte: Some(2),
1930            ecdsa_k1_ecrecover_sha256_msg_cost_per_block: Some(2),
1931
1932            // ecdsa_k1::decompress_pubkey
1933            ecdsa_k1_decompress_pubkey_cost_base: Some(52),
1934
1935            // ecdsa_k1::secp256k1_verify
1936            ecdsa_k1_secp256k1_verify_keccak256_cost_base: Some(52),
1937            ecdsa_k1_secp256k1_verify_keccak256_msg_cost_per_byte: Some(2),
1938            ecdsa_k1_secp256k1_verify_keccak256_msg_cost_per_block: Some(2),
1939            ecdsa_k1_secp256k1_verify_sha256_cost_base: Some(52),
1940            ecdsa_k1_secp256k1_verify_sha256_msg_cost_per_byte: Some(2),
1941            ecdsa_k1_secp256k1_verify_sha256_msg_cost_per_block: Some(2),
1942
1943            // ecdsa_r1::ecrecover
1944            ecdsa_r1_ecrecover_keccak256_cost_base: Some(52),
1945            ecdsa_r1_ecrecover_keccak256_msg_cost_per_byte: Some(2),
1946            ecdsa_r1_ecrecover_keccak256_msg_cost_per_block: Some(2),
1947            ecdsa_r1_ecrecover_sha256_cost_base: Some(52),
1948            ecdsa_r1_ecrecover_sha256_msg_cost_per_byte: Some(2),
1949            ecdsa_r1_ecrecover_sha256_msg_cost_per_block: Some(2),
1950
1951            // ecdsa_r1::secp256k1_verify
1952            ecdsa_r1_secp256r1_verify_keccak256_cost_base: Some(52),
1953            ecdsa_r1_secp256r1_verify_keccak256_msg_cost_per_byte: Some(2),
1954            ecdsa_r1_secp256r1_verify_keccak256_msg_cost_per_block: Some(2),
1955            ecdsa_r1_secp256r1_verify_sha256_cost_base: Some(52),
1956            ecdsa_r1_secp256r1_verify_sha256_msg_cost_per_byte: Some(2),
1957            ecdsa_r1_secp256r1_verify_sha256_msg_cost_per_block: Some(2),
1958
1959            // ecvrf::verify
1960            ecvrf_ecvrf_verify_cost_base: Some(52),
1961            ecvrf_ecvrf_verify_alpha_string_cost_per_byte: Some(2),
1962            ecvrf_ecvrf_verify_alpha_string_cost_per_block: Some(2),
1963
1964            // ed25519
1965            ed25519_ed25519_verify_cost_base: Some(52),
1966            ed25519_ed25519_verify_msg_cost_per_byte: Some(2),
1967            ed25519_ed25519_verify_msg_cost_per_block: Some(2),
1968
1969            // groth16::prepare_verifying_key
1970            groth16_prepare_verifying_key_bls12381_cost_base: Some(52),
1971            groth16_prepare_verifying_key_bn254_cost_base: Some(52),
1972
1973            // groth16::verify_groth16_proof_internal
1974            groth16_verify_groth16_proof_internal_bls12381_cost_base: Some(52),
1975            groth16_verify_groth16_proof_internal_bls12381_cost_per_public_input: Some(2),
1976            groth16_verify_groth16_proof_internal_bn254_cost_base: Some(52),
1977            groth16_verify_groth16_proof_internal_bn254_cost_per_public_input: Some(2),
1978            groth16_verify_groth16_proof_internal_public_input_cost_per_byte: Some(2),
1979
1980            // hash::blake2b256
1981            hash_blake2b256_cost_base: Some(52),
1982            hash_blake2b256_data_cost_per_byte: Some(2),
1983            hash_blake2b256_data_cost_per_block: Some(2),
1984            // hash::keccak256
1985            hash_keccak256_cost_base: Some(52),
1986            hash_keccak256_data_cost_per_byte: Some(2),
1987            hash_keccak256_data_cost_per_block: Some(2),
1988
1989            poseidon_bn254_cost_base: None,
1990            poseidon_bn254_cost_per_block: None,
1991
1992            // hmac::hmac_sha3_256
1993            hmac_hmac_sha3_256_cost_base: Some(52),
1994            hmac_hmac_sha3_256_input_cost_per_byte: Some(2),
1995            hmac_hmac_sha3_256_input_cost_per_block: Some(2),
1996
1997            // group ops
1998            group_ops_bls12381_decode_scalar_cost: Some(52),
1999            group_ops_bls12381_decode_g1_cost: Some(52),
2000            group_ops_bls12381_decode_g2_cost: Some(52),
2001            group_ops_bls12381_decode_gt_cost: Some(52),
2002            group_ops_bls12381_scalar_add_cost: Some(52),
2003            group_ops_bls12381_g1_add_cost: Some(52),
2004            group_ops_bls12381_g2_add_cost: Some(52),
2005            group_ops_bls12381_gt_add_cost: Some(52),
2006            group_ops_bls12381_scalar_sub_cost: Some(52),
2007            group_ops_bls12381_g1_sub_cost: Some(52),
2008            group_ops_bls12381_g2_sub_cost: Some(52),
2009            group_ops_bls12381_gt_sub_cost: Some(52),
2010            group_ops_bls12381_scalar_mul_cost: Some(52),
2011            group_ops_bls12381_g1_mul_cost: Some(52),
2012            group_ops_bls12381_g2_mul_cost: Some(52),
2013            group_ops_bls12381_gt_mul_cost: Some(52),
2014            group_ops_bls12381_scalar_div_cost: Some(52),
2015            group_ops_bls12381_g1_div_cost: Some(52),
2016            group_ops_bls12381_g2_div_cost: Some(52),
2017            group_ops_bls12381_gt_div_cost: Some(52),
2018            group_ops_bls12381_g1_hash_to_base_cost: Some(52),
2019            group_ops_bls12381_g2_hash_to_base_cost: Some(52),
2020            group_ops_bls12381_g1_hash_to_cost_per_byte: Some(2),
2021            group_ops_bls12381_g2_hash_to_cost_per_byte: Some(2),
2022            group_ops_bls12381_g1_msm_base_cost: Some(52),
2023            group_ops_bls12381_g2_msm_base_cost: Some(52),
2024            group_ops_bls12381_g1_msm_base_cost_per_input: Some(52),
2025            group_ops_bls12381_g2_msm_base_cost_per_input: Some(52),
2026            group_ops_bls12381_msm_max_len: Some(32),
2027            group_ops_bls12381_pairing_cost: Some(52),
2028            group_ops_bls12381_g1_to_uncompressed_g1_cost: None,
2029            group_ops_bls12381_uncompressed_g1_to_g1_cost: None,
2030            group_ops_bls12381_uncompressed_g1_sum_base_cost: None,
2031            group_ops_bls12381_uncompressed_g1_sum_cost_per_term: None,
2032            group_ops_bls12381_uncompressed_g1_sum_max_terms: None,
2033
2034            // zklogin::check_zklogin_id
2035            check_zklogin_id_cost_base: Some(200),
2036            // zklogin::check_zklogin_issuer
2037            check_zklogin_issuer_cost_base: Some(200),
2038
2039            vdf_verify_vdf_cost: None,
2040            vdf_hash_to_input_cost: None,
2041
2042            bcs_per_byte_serialized_cost: Some(2),
2043            bcs_legacy_min_output_size_cost: Some(1),
2044            bcs_failure_cost: Some(52),
2045            hash_sha2_256_base_cost: Some(52),
2046            hash_sha2_256_per_byte_cost: Some(2),
2047            hash_sha2_256_legacy_min_input_len_cost: Some(1),
2048            hash_sha3_256_base_cost: Some(52),
2049            hash_sha3_256_per_byte_cost: Some(2),
2050            hash_sha3_256_legacy_min_input_len_cost: Some(1),
2051            type_name_get_base_cost: Some(52),
2052            type_name_get_per_byte_cost: Some(2),
2053            string_check_utf8_base_cost: Some(52),
2054            string_check_utf8_per_byte_cost: Some(2),
2055            string_is_char_boundary_base_cost: Some(52),
2056            string_sub_string_base_cost: Some(52),
2057            string_sub_string_per_byte_cost: Some(2),
2058            string_index_of_base_cost: Some(52),
2059            string_index_of_per_byte_pattern_cost: Some(2),
2060            string_index_of_per_byte_searched_cost: Some(2),
2061            vector_empty_base_cost: Some(52),
2062            vector_length_base_cost: Some(52),
2063            vector_push_back_base_cost: Some(52),
2064            vector_push_back_legacy_per_abstract_memory_unit_cost: Some(2),
2065            vector_borrow_base_cost: Some(52),
2066            vector_pop_back_base_cost: Some(52),
2067            vector_destroy_empty_base_cost: Some(52),
2068            vector_swap_base_cost: Some(52),
2069            debug_print_base_cost: Some(52),
2070            debug_print_stack_trace_base_cost: Some(52),
2071
2072            max_size_written_objects: Some(5 * 1000 * 1000),
2073            // max size of written objects during a system TXn to allow for larger writes
2074            // akin to `max_size_written_objects` but for system TXns
2075            max_size_written_objects_system_tx: Some(50 * 1000 * 1000),
2076
2077            // Limits the length of a Move identifier
2078            max_move_identifier_len: Some(128),
2079            max_move_value_depth: Some(128),
2080            max_move_enum_variants: None,
2081
2082            gas_rounding_step: Some(1_000),
2083
2084            execution_version: Some(1),
2085
2086            // We maintain the same total size limit for events, but increase the number of
2087            // events that can be emitted.
2088            max_event_emit_size_total: Some(
2089                256 /* former event count limit */ * 250 * 1024, // size limit per event
2090            ),
2091
2092            // Taking a baby step approach, we consider only 20% by stake as bad nodes so we
2093            // have a 80% by stake of nodes participating in the leader committee. That
2094            // allow us for more redundancy in case we have validators
2095            // under performing - since the responsibility is shared
2096            // amongst more nodes. We can increase that once we do have
2097            // higher confidence.
2098            consensus_bad_nodes_stake_threshold: Some(20),
2099
2100            // Max of 10 votes per hour.
2101            max_jwk_votes_per_validator_per_epoch: Some(240),
2102
2103            max_age_of_jwk_in_epochs: Some(1),
2104
2105            consensus_max_transaction_size_bytes: Some(256 * 1024), // 256KB
2106
2107            // Assume 1KB per transaction and 500 transactions per block.
2108            consensus_max_transactions_in_block_bytes: Some(512 * 1024),
2109
2110            random_beacon_reduction_allowed_delta: Some(800),
2111
2112            random_beacon_reduction_lower_bound: Some(1000),
2113            random_beacon_dkg_timeout_round: Some(3000),
2114            random_beacon_min_round_interval_ms: Some(500),
2115
2116            random_beacon_dkg_version: Some(1),
2117
2118            // Assume 20_000 TPS * 5% max stake per validator / (minimum) 4 blocks per round
2119            // = 250 transactions per block maximum Using a higher limit
2120            // that is 512, to account for bursty traffic and system transactions.
2121            consensus_max_num_transactions_in_block: Some(512),
2122
2123            max_deferral_rounds_for_congestion_control: Some(10),
2124
2125            min_checkpoint_interval_ms: Some(200),
2126
2127            checkpoint_summary_version_specific_data: Some(1),
2128
2129            max_soft_bundle_size: Some(5),
2130
2131            bridge_should_try_to_finalize_committee: None,
2132
2133            max_accumulated_txn_cost_per_object_in_mysticeti_commit: Some(10),
2134
2135            max_committee_members_count: None,
2136
2137            consensus_gc_depth: None,
2138
2139            consensus_max_acknowledgments_per_block: None,
2140
2141            max_congestion_limit_overshoot_per_commit: None,
2142
2143            scorer_version: None,
2144            // When adding a new constant, set it to None in the earliest version, like this:
2145            // new_constant: None,
2146        };
2147
2148        cfg.feature_flags.consensus_transaction_ordering = ConsensusTransactionOrdering::ByGasPrice;
2149
2150        // MoveVM related flags
2151        {
2152            cfg.feature_flags
2153                .disable_invariant_violation_check_in_swap_loc = true;
2154            cfg.feature_flags.no_extraneous_module_bytes = true;
2155            cfg.feature_flags.hardened_otw_check = true;
2156            cfg.feature_flags.rethrow_serialization_type_layout_errors = true;
2157        }
2158
2159        // zkLogin related flags
2160        {
2161            cfg.feature_flags.zklogin_max_epoch_upper_bound_delta = Some(30);
2162        }
2163
2164        // Enable Mysticeti on mainnet.
2165        cfg.feature_flags.consensus_choice = ConsensusChoice::Mysticeti;
2166        // Use tonic networking for Mysticeti.
2167        cfg.feature_flags.consensus_network = ConsensusNetwork::Tonic;
2168
2169        cfg.feature_flags.per_object_congestion_control_mode =
2170            PerObjectCongestionControlMode::TotalTxCount;
2171
2172        // Do not allow bridge committee to finalize on mainnet.
2173        cfg.bridge_should_try_to_finalize_committee = Some(chain != Chain::Mainnet);
2174
2175        // Devnet
2176        if chain != Chain::Mainnet && chain != Chain::Testnet {
2177            cfg.feature_flags.enable_poseidon = true;
2178            cfg.poseidon_bn254_cost_base = Some(260);
2179            cfg.poseidon_bn254_cost_per_block = Some(10);
2180
2181            cfg.feature_flags.enable_group_ops_native_function_msm = true;
2182
2183            cfg.feature_flags.enable_vdf = true;
2184            // Set to 30x and 2x the cost of a signature verification for now. This
2185            // should be updated along with other native crypto functions.
2186            cfg.vdf_verify_vdf_cost = Some(1500);
2187            cfg.vdf_hash_to_input_cost = Some(100);
2188
2189            cfg.feature_flags.passkey_auth = true;
2190        }
2191
2192        for cur in 2..=version.0 {
2193            match cur {
2194                1 => unreachable!(),
2195                // version 2 is a new framework version but with no config changes
2196                2 => {}
2197                3 => {
2198                    cfg.feature_flags.relocate_event_module = true;
2199                }
2200                4 => {
2201                    cfg.max_type_to_layout_nodes = Some(512);
2202                }
2203                5 => {
2204                    cfg.feature_flags.protocol_defined_base_fee = true;
2205                    cfg.base_gas_price = Some(1000);
2206
2207                    cfg.feature_flags.disallow_new_modules_in_deps_only_packages = true;
2208                    cfg.feature_flags.convert_type_argument_error = true;
2209                    cfg.feature_flags.native_charging_v2 = true;
2210
2211                    if chain != Chain::Mainnet && chain != Chain::Testnet {
2212                        cfg.feature_flags.uncompressed_g1_group_elements = true;
2213                    }
2214
2215                    cfg.gas_model_version = Some(2);
2216
2217                    cfg.poseidon_bn254_cost_per_block = Some(388);
2218
2219                    cfg.bls12381_bls12381_min_sig_verify_cost_base = Some(44064);
2220                    cfg.bls12381_bls12381_min_pk_verify_cost_base = Some(49282);
2221                    cfg.ecdsa_k1_secp256k1_verify_keccak256_cost_base = Some(1470);
2222                    cfg.ecdsa_k1_secp256k1_verify_sha256_cost_base = Some(1470);
2223                    cfg.ecdsa_r1_secp256r1_verify_sha256_cost_base = Some(4225);
2224                    cfg.ecdsa_r1_secp256r1_verify_keccak256_cost_base = Some(4225);
2225                    cfg.ecvrf_ecvrf_verify_cost_base = Some(4848);
2226                    cfg.ed25519_ed25519_verify_cost_base = Some(1802);
2227
2228                    // Manually changed to be "under cost"
2229                    cfg.ecdsa_r1_ecrecover_keccak256_cost_base = Some(1173);
2230                    cfg.ecdsa_r1_ecrecover_sha256_cost_base = Some(1173);
2231                    cfg.ecdsa_k1_ecrecover_keccak256_cost_base = Some(500);
2232                    cfg.ecdsa_k1_ecrecover_sha256_cost_base = Some(500);
2233
2234                    cfg.groth16_prepare_verifying_key_bls12381_cost_base = Some(53838);
2235                    cfg.groth16_prepare_verifying_key_bn254_cost_base = Some(82010);
2236                    cfg.groth16_verify_groth16_proof_internal_bls12381_cost_base = Some(72090);
2237                    cfg.groth16_verify_groth16_proof_internal_bls12381_cost_per_public_input =
2238                        Some(8213);
2239                    cfg.groth16_verify_groth16_proof_internal_bn254_cost_base = Some(115502);
2240                    cfg.groth16_verify_groth16_proof_internal_bn254_cost_per_public_input =
2241                        Some(9484);
2242
2243                    cfg.hash_keccak256_cost_base = Some(10);
2244                    cfg.hash_blake2b256_cost_base = Some(10);
2245
2246                    // group ops
2247                    cfg.group_ops_bls12381_decode_scalar_cost = Some(7);
2248                    cfg.group_ops_bls12381_decode_g1_cost = Some(2848);
2249                    cfg.group_ops_bls12381_decode_g2_cost = Some(3770);
2250                    cfg.group_ops_bls12381_decode_gt_cost = Some(3068);
2251
2252                    cfg.group_ops_bls12381_scalar_add_cost = Some(10);
2253                    cfg.group_ops_bls12381_g1_add_cost = Some(1556);
2254                    cfg.group_ops_bls12381_g2_add_cost = Some(3048);
2255                    cfg.group_ops_bls12381_gt_add_cost = Some(188);
2256
2257                    cfg.group_ops_bls12381_scalar_sub_cost = Some(10);
2258                    cfg.group_ops_bls12381_g1_sub_cost = Some(1550);
2259                    cfg.group_ops_bls12381_g2_sub_cost = Some(3019);
2260                    cfg.group_ops_bls12381_gt_sub_cost = Some(497);
2261
2262                    cfg.group_ops_bls12381_scalar_mul_cost = Some(11);
2263                    cfg.group_ops_bls12381_g1_mul_cost = Some(4842);
2264                    cfg.group_ops_bls12381_g2_mul_cost = Some(9108);
2265                    cfg.group_ops_bls12381_gt_mul_cost = Some(27490);
2266
2267                    cfg.group_ops_bls12381_scalar_div_cost = Some(91);
2268                    cfg.group_ops_bls12381_g1_div_cost = Some(5091);
2269                    cfg.group_ops_bls12381_g2_div_cost = Some(9206);
2270                    cfg.group_ops_bls12381_gt_div_cost = Some(27804);
2271
2272                    cfg.group_ops_bls12381_g1_hash_to_base_cost = Some(2962);
2273                    cfg.group_ops_bls12381_g2_hash_to_base_cost = Some(8688);
2274
2275                    cfg.group_ops_bls12381_g1_msm_base_cost = Some(62648);
2276                    cfg.group_ops_bls12381_g2_msm_base_cost = Some(131192);
2277                    cfg.group_ops_bls12381_g1_msm_base_cost_per_input = Some(1333);
2278                    cfg.group_ops_bls12381_g2_msm_base_cost_per_input = Some(3216);
2279
2280                    cfg.group_ops_bls12381_uncompressed_g1_to_g1_cost = Some(677);
2281                    cfg.group_ops_bls12381_g1_to_uncompressed_g1_cost = Some(2099);
2282                    cfg.group_ops_bls12381_uncompressed_g1_sum_base_cost = Some(77);
2283                    cfg.group_ops_bls12381_uncompressed_g1_sum_cost_per_term = Some(26);
2284                    cfg.group_ops_bls12381_uncompressed_g1_sum_max_terms = Some(1200);
2285
2286                    cfg.group_ops_bls12381_pairing_cost = Some(26897);
2287
2288                    cfg.validator_validate_metadata_cost_base = Some(20000);
2289
2290                    cfg.max_committee_members_count = Some(50);
2291                }
2292                6 => {
2293                    cfg.max_ptb_value_size = Some(1024 * 1024);
2294                }
2295                7 => {
2296                    // version 7 is a new framework version but with no config
2297                    // changes
2298                }
2299                8 => {
2300                    cfg.feature_flags.variant_nodes = true;
2301
2302                    if chain != Chain::Mainnet {
2303                        // Enable round prober in consensus.
2304                        cfg.feature_flags.consensus_round_prober = true;
2305                        // Enable distributed vote scoring.
2306                        cfg.feature_flags
2307                            .consensus_distributed_vote_scoring_strategy = true;
2308                        cfg.feature_flags.consensus_linearize_subdag_v2 = true;
2309                        // Enable smart ancestor selection for testnet
2310                        cfg.feature_flags.consensus_smart_ancestor_selection = true;
2311                        // Enable probing for accepted rounds in round prober for testnet
2312                        cfg.feature_flags
2313                            .consensus_round_prober_probe_accepted_rounds = true;
2314                        // Enable zstd compression for consensus in testnet
2315                        cfg.feature_flags.consensus_zstd_compression = true;
2316                        // Assuming a round rate of max 15/sec, then using a gc depth of 60 allow
2317                        // blocks within a window of ~4 seconds
2318                        // to be included before be considered garbage collected.
2319                        cfg.consensus_gc_depth = Some(60);
2320                    }
2321
2322                    // Enable min_free_execution_slot for the shared object congestion tracker in
2323                    // devnet.
2324                    if chain != Chain::Testnet && chain != Chain::Mainnet {
2325                        cfg.feature_flags.congestion_control_min_free_execution_slot = true;
2326                    }
2327                }
2328                9 => {
2329                    if chain != Chain::Mainnet {
2330                        // Disable smart ancestor selection in the testnet and devnet.
2331                        cfg.feature_flags.consensus_smart_ancestor_selection = false;
2332                    }
2333
2334                    // Enable zstd compression for consensus
2335                    cfg.feature_flags.consensus_zstd_compression = true;
2336
2337                    // Enable passkey in multisig in devnet.
2338                    if chain != Chain::Testnet && chain != Chain::Mainnet {
2339                        cfg.feature_flags.accept_passkey_in_multisig = true;
2340                    }
2341
2342                    // this flag is now deprecated because of the bridge removal.
2343                    cfg.bridge_should_try_to_finalize_committee = None;
2344                }
2345                10 => {
2346                    // Enable min_free_execution_slot for the shared object congestion tracker in
2347                    // all networks.
2348                    cfg.feature_flags.congestion_control_min_free_execution_slot = true;
2349
2350                    // Increase the committee size to 80 on all networks.
2351                    cfg.max_committee_members_count = Some(80);
2352
2353                    // Enable round prober in consensus.
2354                    cfg.feature_flags.consensus_round_prober = true;
2355                    // Enable probing for accepted rounds in round.
2356                    cfg.feature_flags
2357                        .consensus_round_prober_probe_accepted_rounds = true;
2358                    // Enable distributed vote scoring.
2359                    cfg.feature_flags
2360                        .consensus_distributed_vote_scoring_strategy = true;
2361                    // Enable the new consensus commit rule.
2362                    cfg.feature_flags.consensus_linearize_subdag_v2 = true;
2363
2364                    // Enable consensus garbage collection
2365                    // Assuming a round rate of max 15/sec, then using a gc depth of 60 allow
2366                    // blocks within a window of ~4 seconds
2367                    // to be included before be considered garbage collected.
2368                    cfg.consensus_gc_depth = Some(60);
2369
2370                    // Enable minimized child object mutation counting.
2371                    cfg.feature_flags.minimize_child_object_mutations = true;
2372
2373                    if chain != Chain::Mainnet {
2374                        // Enable batched block sync in devnet and testnet.
2375                        cfg.feature_flags.consensus_batched_block_sync = true;
2376                    }
2377
2378                    if chain != Chain::Testnet && chain != Chain::Mainnet {
2379                        // Enable the gas price feedback mechanism (which is used for
2380                        // transactions cancelled due to shared object congestion) in devnet
2381                        cfg.feature_flags
2382                            .congestion_control_gas_price_feedback_mechanism = true;
2383                    }
2384
2385                    cfg.feature_flags.validate_identifier_inputs = true;
2386                    cfg.feature_flags.dependency_linkage_error = true;
2387                    cfg.feature_flags.additional_multisig_checks = true;
2388                }
2389                11 => {
2390                    // version 11 is a new framework version but with no config
2391                    // changes
2392                }
2393                12 => {
2394                    // Enable the gas price feedback mechanism for transactions
2395                    // cancelled due to congestion in all networks
2396                    cfg.feature_flags
2397                        .congestion_control_gas_price_feedback_mechanism = true;
2398
2399                    // Enable normalization of PTB arguments in all networks.
2400                    cfg.feature_flags.normalize_ptb_arguments = true;
2401                }
2402                13 => {
2403                    // Enable selecting committee based on eligible active validators on all
2404                    // networks.
2405                    cfg.feature_flags.select_committee_from_eligible_validators = true;
2406                    // Enable tracking non-committee eligible active
2407                    // validators on all networks.
2408                    cfg.feature_flags.track_non_committee_eligible_validators = true;
2409
2410                    if chain != Chain::Testnet && chain != Chain::Mainnet {
2411                        // Enable selecting committee only from active validators that next epoch
2412                        // version and issued valid AuthorityCapabilities notification in devnet.
2413                        cfg.feature_flags
2414                            .select_committee_supporting_next_epoch_version = true;
2415                    }
2416                }
2417                14 => {
2418                    // Enable batched block sync for mainnet.
2419                    cfg.feature_flags.consensus_batched_block_sync = true;
2420
2421                    if chain != Chain::Mainnet {
2422                        // Enable median-based commit timestamp calculation in consensus and
2423                        // enforce checkpoint timestamp monotonicity for testnet.
2424                        cfg.feature_flags
2425                            .consensus_median_timestamp_with_checkpoint_enforcement = true;
2426                        // Enable selecting committee only from active validators that support the
2427                        // next epoch's version and issued valid AuthorityCapabilities notification
2428                        // in testnet.
2429                        cfg.feature_flags
2430                            .select_committee_supporting_next_epoch_version = true;
2431                    }
2432                    if chain != Chain::Testnet && chain != Chain::Mainnet {
2433                        // Switch consensus protocol to Starfish in devnet
2434                        cfg.feature_flags.consensus_choice = ConsensusChoice::Starfish;
2435                    }
2436                }
2437                15 => {
2438                    if chain != Chain::Mainnet && chain != Chain::Testnet {
2439                        // Enable overshoot of 100 in congestion control. This allows bursts of
2440                        // shared object transactions up to 10 times the average allowable
2441                        // load set by `max_accumulated_txn_cost_per_object_in_mysticeti_commit`.
2442                        cfg.max_congestion_limit_overshoot_per_commit = Some(100);
2443                    }
2444                }
2445                16 => {
2446                    // Enable selecting committee only from active validators that support the
2447                    // next epoch's version and issued valid AuthorityCapabilities notification.
2448                    cfg.feature_flags
2449                        .select_committee_supporting_next_epoch_version = true;
2450                    // Enable committing transactions only for traversed headers in Starfish
2451                    cfg.feature_flags
2452                        .consensus_commit_transactions_only_for_traversed_headers = true;
2453                }
2454                17 => {
2455                    // Increase the committee size to 100 on all networks.
2456                    cfg.max_committee_members_count = Some(100);
2457                }
2458                18 => {
2459                    if chain != Chain::Mainnet {
2460                        // Enable passkey authentication support in testnet.
2461                        cfg.feature_flags.passkey_auth = true;
2462                    }
2463                }
2464                19 => {
2465                    if chain != Chain::Testnet && chain != Chain::Mainnet {
2466                        // Enable congestion limit overshoot in the gas price feedback
2467                        // mechanism on devnet.
2468                        cfg.feature_flags
2469                            .congestion_limit_overshoot_in_gas_price_feedback_mechanism = true;
2470                        // Enable a separate gas price feedback mechanism for transactions using
2471                        // randomness on devnet.
2472                        cfg.feature_flags
2473                            .separate_gas_price_feedback_mechanism_for_randomness = true;
2474                        // Enable storing metadata in module bytes and then
2475                        // publishing package metadata in devnet
2476                        cfg.feature_flags.metadata_in_module_bytes = true;
2477                        cfg.feature_flags.publish_package_metadata = true;
2478                        // Enable Move authentication in devnet
2479                        cfg.feature_flags.enable_move_authentication = true;
2480                        // Max auth gas budget is in NANOS and an absolute value 0.25 IOTA
2481                        cfg.max_auth_gas = Some(250_000_000);
2482                        // Increase the base cost for transfer receive object in devnet, since the
2483                        // implementation now does check if parent is not an account.
2484                        cfg.transfer_receive_object_cost_base = Some(100);
2485                        // Enable adjustment of validator rewards based on score in devnet.
2486                        cfg.feature_flags.adjust_rewards_by_score = true;
2487                    }
2488
2489                    if chain != Chain::Mainnet {
2490                        // Switch consensus protocol to Starfish in testnet.
2491                        cfg.feature_flags.consensus_choice = ConsensusChoice::Starfish;
2492
2493                        // Enable validator score calculation on testnet
2494                        cfg.feature_flags.calculate_validator_scores = true;
2495                        cfg.scorer_version = Some(1);
2496                    }
2497
2498                    // Change epoch transaction will contain validator scores
2499                    cfg.feature_flags.pass_validator_scores_to_advance_epoch = true;
2500
2501                    // Enable passkey authentication support in mainnet
2502                    cfg.feature_flags.passkey_auth = true;
2503                }
2504                20 => {
2505                    if chain != Chain::Testnet && chain != Chain::Mainnet {
2506                        // Passes the calculated validator scores to advance epoch only on Devnet
2507                        cfg.feature_flags
2508                            .pass_calculated_validator_scores_to_advance_epoch = true;
2509                    }
2510                }
2511
2512                // Use this template when making changes:
2513                //
2514                //     // modify an existing constant.
2515                //     move_binary_format_version: Some(7),
2516                //
2517                //     // Add a new constant (which is set to None in prior versions).
2518                //     new_constant: Some(new_value),
2519                //
2520                //     // Remove a constant (ensure that it is never accessed during this version).
2521                //     max_move_object_size: None,
2522                _ => panic!("unsupported version {version:?}"),
2523            }
2524        }
2525        cfg
2526    }
2527
2528    // Extract the bytecode verifier config from this protocol config. `for_signing`
2529    // indicates whether this config is used for verification during signing or
2530    // execution.
2531    pub fn verifier_config(&self, signing_limits: Option<(usize, usize)>) -> VerifierConfig {
2532        let (max_back_edges_per_function, max_back_edges_per_module) = if let Some((
2533            max_back_edges_per_function,
2534            max_back_edges_per_module,
2535        )) = signing_limits
2536        {
2537            (
2538                Some(max_back_edges_per_function),
2539                Some(max_back_edges_per_module),
2540            )
2541        } else {
2542            (None, None)
2543        };
2544
2545        VerifierConfig {
2546            max_loop_depth: Some(self.max_loop_depth() as usize),
2547            max_generic_instantiation_length: Some(self.max_generic_instantiation_length() as usize),
2548            max_function_parameters: Some(self.max_function_parameters() as usize),
2549            max_basic_blocks: Some(self.max_basic_blocks() as usize),
2550            max_value_stack_size: self.max_value_stack_size() as usize,
2551            max_type_nodes: Some(self.max_type_nodes() as usize),
2552            max_push_size: Some(self.max_push_size() as usize),
2553            max_dependency_depth: Some(self.max_dependency_depth() as usize),
2554            max_fields_in_struct: Some(self.max_fields_in_struct() as usize),
2555            max_function_definitions: Some(self.max_function_definitions() as usize),
2556            max_data_definitions: Some(self.max_struct_definitions() as usize),
2557            max_constant_vector_len: Some(self.max_move_vector_len()),
2558            max_back_edges_per_function,
2559            max_back_edges_per_module,
2560            max_basic_blocks_in_script: None,
2561            max_identifier_len: self.max_move_identifier_len_as_option(), /* Before protocol
2562                                                                           * version 9, there was
2563                                                                           * no limit */
2564            bytecode_version: self.move_binary_format_version(),
2565            max_variants_in_enum: self.max_move_enum_variants_as_option(),
2566        }
2567    }
2568
2569    /// Override one or more settings in the config, for testing.
2570    /// This must be called at the beginning of the test, before
2571    /// get_for_(min|max)_version is called, since those functions cache
2572    /// their return value.
2573    pub fn apply_overrides_for_testing(
2574        override_fn: impl Fn(ProtocolVersion, Self) -> Self + Send + Sync + 'static,
2575    ) -> OverrideGuard {
2576        CONFIG_OVERRIDE.with(|ovr| {
2577            let mut cur = ovr.borrow_mut();
2578            assert!(cur.is_none(), "config override already present");
2579            *cur = Some(Box::new(override_fn));
2580            OverrideGuard
2581        })
2582    }
2583}
2584
2585// Setters for tests.
2586// This is only needed for feature_flags. Please suffix each setter with
2587// `_for_testing`. Non-feature_flags should already have test setters defined
2588// through macros.
2589impl ProtocolConfig {
2590    pub fn set_zklogin_auth_for_testing(&mut self, val: bool) {
2591        self.feature_flags.zklogin_auth = val
2592    }
2593    pub fn set_enable_jwk_consensus_updates_for_testing(&mut self, val: bool) {
2594        self.feature_flags.enable_jwk_consensus_updates = val
2595    }
2596
2597    pub fn set_accept_zklogin_in_multisig_for_testing(&mut self, val: bool) {
2598        self.feature_flags.accept_zklogin_in_multisig = val
2599    }
2600
2601    pub fn set_per_object_congestion_control_mode_for_testing(
2602        &mut self,
2603        val: PerObjectCongestionControlMode,
2604    ) {
2605        self.feature_flags.per_object_congestion_control_mode = val;
2606    }
2607
2608    pub fn set_consensus_choice_for_testing(&mut self, val: ConsensusChoice) {
2609        self.feature_flags.consensus_choice = val;
2610    }
2611
2612    pub fn set_consensus_network_for_testing(&mut self, val: ConsensusNetwork) {
2613        self.feature_flags.consensus_network = val;
2614    }
2615
2616    pub fn set_zklogin_max_epoch_upper_bound_delta_for_testing(&mut self, val: Option<u64>) {
2617        self.feature_flags.zklogin_max_epoch_upper_bound_delta = val
2618    }
2619
2620    pub fn set_passkey_auth_for_testing(&mut self, val: bool) {
2621        self.feature_flags.passkey_auth = val
2622    }
2623
2624    pub fn set_disallow_new_modules_in_deps_only_packages_for_testing(&mut self, val: bool) {
2625        self.feature_flags
2626            .disallow_new_modules_in_deps_only_packages = val;
2627    }
2628
2629    pub fn set_consensus_round_prober_for_testing(&mut self, val: bool) {
2630        self.feature_flags.consensus_round_prober = val;
2631    }
2632
2633    pub fn set_consensus_distributed_vote_scoring_strategy_for_testing(&mut self, val: bool) {
2634        self.feature_flags
2635            .consensus_distributed_vote_scoring_strategy = val;
2636    }
2637
2638    pub fn set_gc_depth_for_testing(&mut self, val: u32) {
2639        self.consensus_gc_depth = Some(val);
2640    }
2641
2642    pub fn set_consensus_linearize_subdag_v2_for_testing(&mut self, val: bool) {
2643        self.feature_flags.consensus_linearize_subdag_v2 = val;
2644    }
2645
2646    pub fn set_consensus_round_prober_probe_accepted_rounds(&mut self, val: bool) {
2647        self.feature_flags
2648            .consensus_round_prober_probe_accepted_rounds = val;
2649    }
2650
2651    pub fn set_accept_passkey_in_multisig_for_testing(&mut self, val: bool) {
2652        self.feature_flags.accept_passkey_in_multisig = val;
2653    }
2654
2655    pub fn set_consensus_smart_ancestor_selection_for_testing(&mut self, val: bool) {
2656        self.feature_flags.consensus_smart_ancestor_selection = val;
2657    }
2658
2659    pub fn set_consensus_batched_block_sync_for_testing(&mut self, val: bool) {
2660        self.feature_flags.consensus_batched_block_sync = val;
2661    }
2662
2663    pub fn set_congestion_control_min_free_execution_slot_for_testing(&mut self, val: bool) {
2664        self.feature_flags
2665            .congestion_control_min_free_execution_slot = val;
2666    }
2667
2668    pub fn set_congestion_control_gas_price_feedback_mechanism_for_testing(&mut self, val: bool) {
2669        self.feature_flags
2670            .congestion_control_gas_price_feedback_mechanism = val;
2671    }
2672
2673    pub fn set_select_committee_from_eligible_validators_for_testing(&mut self, val: bool) {
2674        self.feature_flags.select_committee_from_eligible_validators = val;
2675    }
2676
2677    pub fn set_track_non_committee_eligible_validators_for_testing(&mut self, val: bool) {
2678        self.feature_flags.track_non_committee_eligible_validators = val;
2679    }
2680
2681    pub fn set_select_committee_supporting_next_epoch_version(&mut self, val: bool) {
2682        self.feature_flags
2683            .select_committee_supporting_next_epoch_version = val;
2684    }
2685
2686    pub fn set_consensus_median_timestamp_with_checkpoint_enforcement_for_testing(
2687        &mut self,
2688        val: bool,
2689    ) {
2690        self.feature_flags
2691            .consensus_median_timestamp_with_checkpoint_enforcement = val;
2692    }
2693
2694    pub fn set_consensus_commit_transactions_only_for_traversed_headers_for_testing(
2695        &mut self,
2696        val: bool,
2697    ) {
2698        self.feature_flags
2699            .consensus_commit_transactions_only_for_traversed_headers = val;
2700    }
2701
2702    pub fn set_congestion_limit_overshoot_in_gas_price_feedback_mechanism_for_testing(
2703        &mut self,
2704        val: bool,
2705    ) {
2706        self.feature_flags
2707            .congestion_limit_overshoot_in_gas_price_feedback_mechanism = val;
2708    }
2709
2710    pub fn set_separate_gas_price_feedback_mechanism_for_randomness_for_testing(
2711        &mut self,
2712        val: bool,
2713    ) {
2714        self.feature_flags
2715            .separate_gas_price_feedback_mechanism_for_randomness = val;
2716    }
2717
2718    pub fn set_metadata_in_module_bytes_for_testing(&mut self, val: bool) {
2719        self.feature_flags.metadata_in_module_bytes = val;
2720    }
2721
2722    pub fn set_publish_package_metadata_for_testing(&mut self, val: bool) {
2723        self.feature_flags.publish_package_metadata = val;
2724    }
2725
2726    pub fn set_enable_move_authentication_for_testing(&mut self, val: bool) {
2727        self.feature_flags.enable_move_authentication = val;
2728    }
2729}
2730
2731type OverrideFn = dyn Fn(ProtocolVersion, ProtocolConfig) -> ProtocolConfig + Send + Sync;
2732
2733thread_local! {
2734    static CONFIG_OVERRIDE: RefCell<Option<Box<OverrideFn>>> = const { RefCell::new(None) };
2735}
2736
2737#[must_use]
2738pub struct OverrideGuard;
2739
2740impl Drop for OverrideGuard {
2741    fn drop(&mut self) {
2742        info!("restoring override fn");
2743        CONFIG_OVERRIDE.with(|ovr| {
2744            *ovr.borrow_mut() = None;
2745        });
2746    }
2747}
2748
2749/// Defines which limit got crossed.
2750/// The value which crossed the limit and value of the limit crossed are
2751/// embedded
2752#[derive(PartialEq, Eq)]
2753pub enum LimitThresholdCrossed {
2754    None,
2755    Soft(u128, u128),
2756    Hard(u128, u128),
2757}
2758
2759/// Convenience function for comparing limit ranges
2760/// V::MAX must be at >= U::MAX and T::MAX
2761pub fn check_limit_in_range<T: Into<V>, U: Into<V>, V: PartialOrd + Into<u128>>(
2762    x: T,
2763    soft_limit: U,
2764    hard_limit: V,
2765) -> LimitThresholdCrossed {
2766    let x: V = x.into();
2767    let soft_limit: V = soft_limit.into();
2768
2769    debug_assert!(soft_limit <= hard_limit);
2770
2771    // It is important to preserve this comparison order because if soft_limit ==
2772    // hard_limit we want LimitThresholdCrossed::Hard
2773    if x >= hard_limit {
2774        LimitThresholdCrossed::Hard(x.into(), hard_limit.into())
2775    } else if x < soft_limit {
2776        LimitThresholdCrossed::None
2777    } else {
2778        LimitThresholdCrossed::Soft(x.into(), soft_limit.into())
2779    }
2780}
2781
2782#[macro_export]
2783macro_rules! check_limit {
2784    ($x:expr, $hard:expr) => {
2785        check_limit!($x, $hard, $hard)
2786    };
2787    ($x:expr, $soft:expr, $hard:expr) => {
2788        check_limit_in_range($x as u64, $soft, $hard)
2789    };
2790}
2791
2792/// Used to check which limits were crossed if the TX is metered (not system tx)
2793/// Args are: is_metered, value_to_check, metered_limit, unmetered_limit
2794/// metered_limit is always less than or equal to unmetered_hard_limit
2795#[macro_export]
2796macro_rules! check_limit_by_meter {
2797    ($is_metered:expr, $x:expr, $metered_limit:expr, $unmetered_hard_limit:expr, $metric:expr) => {{
2798        // If this is metered, we use the metered_limit limit as the upper bound
2799        let (h, metered_str) = if $is_metered {
2800            ($metered_limit, "metered")
2801        } else {
2802            // Unmetered gets more headroom
2803            ($unmetered_hard_limit, "unmetered")
2804        };
2805        use iota_protocol_config::check_limit_in_range;
2806        let result = check_limit_in_range($x as u64, $metered_limit, h);
2807        match result {
2808            LimitThresholdCrossed::None => {}
2809            LimitThresholdCrossed::Soft(_, _) => {
2810                $metric.with_label_values(&[metered_str, "soft"]).inc();
2811            }
2812            LimitThresholdCrossed::Hard(_, _) => {
2813                $metric.with_label_values(&[metered_str, "hard"]).inc();
2814            }
2815        };
2816        result
2817    }};
2818}
2819
2820#[cfg(all(test, not(msim)))]
2821mod test {
2822    use insta::assert_yaml_snapshot;
2823
2824    use super::*;
2825
2826    #[test]
2827    fn snapshot_tests() {
2828        println!("\n============================================================================");
2829        println!("!                                                                          !");
2830        println!("! IMPORTANT: never update snapshots from this test. only add new versions! !");
2831        println!("!                                                                          !");
2832        println!("============================================================================\n");
2833        for chain_id in &[Chain::Unknown, Chain::Mainnet, Chain::Testnet] {
2834            // make Chain::Unknown snapshots compatible with pre-chain-id snapshots so that
2835            // we don't break the release-time compatibility tests. Once Chain
2836            // Id configs have been released everywhere, we can remove this and
2837            // only test Mainnet and Testnet
2838            let chain_str = match chain_id {
2839                Chain::Unknown => "".to_string(),
2840                _ => format!("{chain_id:?}_"),
2841            };
2842            for i in MIN_PROTOCOL_VERSION..=MAX_PROTOCOL_VERSION {
2843                let cur = ProtocolVersion::new(i);
2844                assert_yaml_snapshot!(
2845                    format!("{}version_{}", chain_str, cur.as_u64()),
2846                    ProtocolConfig::get_for_version(cur, *chain_id)
2847                );
2848            }
2849        }
2850    }
2851
2852    #[test]
2853    fn test_getters() {
2854        let prot: ProtocolConfig =
2855            ProtocolConfig::get_for_version(ProtocolVersion::new(1), Chain::Unknown);
2856        assert_eq!(
2857            prot.max_arguments(),
2858            prot.max_arguments_as_option().unwrap()
2859        );
2860    }
2861
2862    #[test]
2863    fn test_setters() {
2864        let mut prot: ProtocolConfig =
2865            ProtocolConfig::get_for_version(ProtocolVersion::new(1), Chain::Unknown);
2866        prot.set_max_arguments_for_testing(123);
2867        assert_eq!(prot.max_arguments(), 123);
2868
2869        prot.set_max_arguments_from_str_for_testing("321".to_string());
2870        assert_eq!(prot.max_arguments(), 321);
2871
2872        prot.disable_max_arguments_for_testing();
2873        assert_eq!(prot.max_arguments_as_option(), None);
2874
2875        prot.set_attr_for_testing("max_arguments".to_string(), "456".to_string());
2876        assert_eq!(prot.max_arguments(), 456);
2877    }
2878
2879    #[test]
2880    #[should_panic(expected = "unsupported version")]
2881    fn max_version_test() {
2882        // When this does not panic, version higher than MAX_PROTOCOL_VERSION exists.
2883        // To fix, bump MAX_PROTOCOL_VERSION or disable this check for the version.
2884        let _ = ProtocolConfig::get_for_version_impl(
2885            ProtocolVersion::new(MAX_PROTOCOL_VERSION + 1),
2886            Chain::Unknown,
2887        );
2888    }
2889
2890    #[test]
2891    fn lookup_by_string_test() {
2892        let prot: ProtocolConfig =
2893            ProtocolConfig::get_for_version(ProtocolVersion::new(1), Chain::Mainnet);
2894        // Does not exist
2895        assert!(prot.lookup_attr("some random string".to_string()).is_none());
2896
2897        assert!(
2898            prot.lookup_attr("max_arguments".to_string())
2899                == Some(ProtocolConfigValue::u32(prot.max_arguments())),
2900        );
2901
2902        // We didnt have this in version 1 on Mainnet
2903        assert!(
2904            prot.lookup_attr("poseidon_bn254_cost_base".to_string())
2905                .is_none()
2906        );
2907        assert!(
2908            prot.attr_map()
2909                .get("poseidon_bn254_cost_base")
2910                .unwrap()
2911                .is_none()
2912        );
2913
2914        // But we did in version 1 on Devnet
2915        let prot: ProtocolConfig =
2916            ProtocolConfig::get_for_version(ProtocolVersion::new(1), Chain::Unknown);
2917
2918        assert!(
2919            prot.lookup_attr("poseidon_bn254_cost_base".to_string())
2920                == Some(ProtocolConfigValue::u64(prot.poseidon_bn254_cost_base()))
2921        );
2922        assert!(
2923            prot.attr_map().get("poseidon_bn254_cost_base").unwrap()
2924                == &Some(ProtocolConfigValue::u64(prot.poseidon_bn254_cost_base()))
2925        );
2926
2927        // Check feature flags
2928        let prot: ProtocolConfig =
2929            ProtocolConfig::get_for_version(ProtocolVersion::new(1), Chain::Mainnet);
2930        // Does not exist
2931        assert!(
2932            prot.feature_flags
2933                .lookup_attr("some random string".to_owned())
2934                .is_none()
2935        );
2936        assert!(
2937            !prot
2938                .feature_flags
2939                .attr_map()
2940                .contains_key("some random string")
2941        );
2942
2943        // Was false in v1 on Mainnet
2944        assert!(prot.feature_flags.lookup_attr("enable_poseidon".to_owned()) == Some(false));
2945        assert!(
2946            prot.feature_flags
2947                .attr_map()
2948                .get("enable_poseidon")
2949                .unwrap()
2950                == &false
2951        );
2952        let prot: ProtocolConfig =
2953            ProtocolConfig::get_for_version(ProtocolVersion::new(1), Chain::Unknown);
2954        // Was true from v1 and up on Devnet
2955        assert!(prot.feature_flags.lookup_attr("enable_poseidon".to_owned()) == Some(true));
2956        assert!(
2957            prot.feature_flags
2958                .attr_map()
2959                .get("enable_poseidon")
2960                .unwrap()
2961                == &true
2962        );
2963    }
2964
2965    #[test]
2966    fn limit_range_fn_test() {
2967        let low = 100u32;
2968        let high = 10000u64;
2969
2970        assert!(check_limit!(1u8, low, high) == LimitThresholdCrossed::None);
2971        assert!(matches!(
2972            check_limit!(255u16, low, high),
2973            LimitThresholdCrossed::Soft(255u128, 100)
2974        ));
2975        // This wont compile because lossy
2976        // assert!(check_limit!(100000000u128, low, high) ==
2977        // LimitThresholdCrossed::None); This wont compile because lossy
2978        // assert!(check_limit!(100000000usize, low, high) ==
2979        // LimitThresholdCrossed::None);
2980
2981        assert!(matches!(
2982            check_limit!(2550000u64, low, high),
2983            LimitThresholdCrossed::Hard(2550000, 10000)
2984        ));
2985
2986        assert!(matches!(
2987            check_limit!(2550000u64, high, high),
2988            LimitThresholdCrossed::Hard(2550000, 10000)
2989        ));
2990
2991        assert!(matches!(
2992            check_limit!(1u8, high),
2993            LimitThresholdCrossed::None
2994        ));
2995
2996        assert!(check_limit!(255u16, high) == LimitThresholdCrossed::None);
2997
2998        assert!(matches!(
2999            check_limit!(2550000u64, high),
3000            LimitThresholdCrossed::Hard(2550000, 10000)
3001        ));
3002    }
3003}