fabric icon indicating copy to clipboard operation
fabric copied to clipboard

Published 20 hours ago verified publisher icon hyperledger-archives

consensus helper ExecTx ignoring errors from transaction batch execution

Open muralisrini opened this issue 9 years ago • 11 comments

ExexTxs ignores error array from chaincode.ExecuteTransactions. This will result in transactions getting committed whether they succeeded or not.

muralisrini avatar Feb 20 '16 21:02 muralisrini

This is pending to be fixed by issue #579 and you can find additional information there.

@tuand27613 We can still address this with a stopgap solution, if you would like to implement it in helper.go, it should be a fairly straightforward fix, or feel free to assign to me, and I can quickly handle it.

This is all related to a discussion that occurred between myself, @srderson, @kchristidis, and @binhn. In short, ExecTxs used to return a []error from the transactions, and it was consensus' responsibility to remove transactions from the commit list which had encountered an error. There were two big problems with this, first, every consensus implementation must duplicate this logic, which increases the surface for bugs. Secondly, consensus should be agnostic to the details of transactions, it does not make sense that two consensus algorithms, who pick the same order for transactions, could result in two different blocks.

Finally, there are also multiple competing ideas as to whether failing transactions should be stored or not. Some use cases involve many many failing transactions, which could produce an excessively long blockchain with few valid transactions, and so wish to have invalid transactions excluded from the block. In other use cases, it may be very important that for auditing purposes all attempted transactions are recorded, regardless of their ability to be executed. This sort of complexity does not belong in consensus, and more likely belongs with the chaincode, or possibly some configuration.

@muralisrini Sorry for the verbose explanation, but I wasn't sure if you had any of the above on your radar.

jyellick avatar Feb 21 '16 02:02 jyellick

@muralisrini , your thoughts ?

tuand27613 avatar Mar 21 '16 13:03 tuand27613

@muralisrini Is this on your radar? We'd like to get this closed ASAP.

jyellick avatar Apr 04 '16 16:04 jyellick

@jyellick @tuand27613 @binh

To capture the main point - ExecTxs has access to chaincode generated errors but ignores them today. (Summarizing @jyellick comment) this is because we do not know how to treat errors...we just save everything today.

Shoud we just add a "not started/succ/fail" enum to proto.Transaction ? ExecTx will set this flag to succ/fail

  • Consensus can make use of this if it wants to
  • it will be stored in the block (just an an additional int)... available for audit
  • event clients have information about failed transaction too (SDK could provide additional mechanism to filter out succ or failed transactions from the block)
  • minimal change (and we don't duplicate code by exposing errors to higher layers)

The above won't work if we think we shoud NEVER save a block with erred transactions in it.

In any case this is not a chaincode fix ... more of consensus/system to decide what to store on ledger.

@prjayach, fyi. Sounds like this is what you ran into in your application ?

muralisrini avatar Apr 16 '16 15:04 muralisrini

Yes, @muralisrini This will fix the issue. Once this is in, the events framework messages should include which transactions succeeded/failed in each block.

From an application point of view, I do want to know if a transaction failed -- either as part of the block or somewhere else where I can look it up.

prjayach avatar Apr 16 '16 16:04 prjayach

Thanks, @prjayach .

@binhn, consensus, acutely sensitive that this is reopening discussions in this area...

Is adding "not started/succ/fail" field to proto.Transaction is right thing to do ? What this means

  • a block would get committed if it passes consensus
  • passing consensus just means everyone agrees on the block - does not mean all transactions in the block have succeeded
  • note that this will not set the actual error itself

We have to look beyond current consensus mechanism to make sure this will work for future work as well.

muralisrini avatar Apr 16 '16 16:04 muralisrini

linking to #752

tuand27613 avatar Apr 17 '16 21:04 tuand27613

This should be addressed by #1392 and can be closed.

corecode avatar May 09 '16 15:05 corecode

@muralisrini can you please close this one if it is fixed? Thanks, @bmos299

bmos299 avatar May 16 '16 14:05 bmos299

@binh @muralisrini should not store transaction if chain code returns error. Reason: chain code can implement validation. Storing invalid transaction opens up the chain to severe DoS attacks or flood by incorrectly working peer. Please stay practical. Storing errors is not the job of the blockchain.

tamasblummer avatar Jun 02 '16 09:06 tamasblummer

@tamasblummer @muralisrini @binhn this sounds more like an architectural concern? What do you think?

bmos299 avatar Jun 06 '16 14:06 bmos299