statement-store: validation without runtime#10787
Conversation
AndreiEres
changed the title
| let validation = match validation_result { | ||
| Ok(validation) => validation, | ||
| Err(InvalidStatement::BadProof) => { | ||
| let validation = match (self.read_allowance_fn)(&account_id) { |
There was a problem hiding this comment.
This completely ignores custom validation functions e.g. for POP that allow different kinds of statements, not just based on an allowance.
IMO it is fine to move as much as possible to the node side, but we will still need to call into the runtime for custom implementations of verify. But we could there directly pass the public key (to not needing to call validate_statement again in the runtime.
There was a problem hiding this comment.
What are those custom validation? So far there is only quota and signature check and from our discussions with Gavin we have not found any other options where directly calling runtime for every statement would be useful.
There was a problem hiding this comment.
There was a problem hiding this comment.
I believe this is a validation to be done by front-end. From the statement-store should knows noting about app layer. Our only concerns are users signatures that impy quota check. Every other verification is app problem.
|
Closes: #10799 |
|
/cmd prdoc --audience node_dev --bump minor |
There was a problem hiding this comment.
Could we just solve this by sending some transaction that sets the allowance? But can be done in a later pr.
|
All GitHub workflows were cancelled due to failure one of the required jobs. |
Signed-off-by: Alexandru Gheorghe <alexandru.gheorghe@parity.io>
## Work in progress ## Description Implements the proposed changes from here #10452, where the API surface has been limited to two functions `submit` and a `subscribe_statement`. ### Submit changes For submitting the only changes are implementing the logic of the newly `expiry` field where statements with an expiration timestamp lower than current time get rejected. ### Subscribe changes For subscription the approach is to have a configurable number of workers that keep track of all subscriptions, each time a new subscription arrives it gets assigned by a round-robin protocol to one of the workers. When a new statements gets accepted by the statement-store it notifies all workers about the statement, the workers then go and evaluate all subscription filters they are assigned to and notifies each of them accordingly. ## Remaining work - [x] Add more tests. - [x] Evaluate performance under load and port `statement_store_bench.rs` to using subscribe API, ported and performance stay the same on the benchmark, because bottlenecks are elsewhere and being addressed. ``` [2026-01-07T17:18:51Z INFO tests::zombie_ci::statement_store_bench] Participants: 49998, each sent: 6, received: 0 [2026-01-07T17:18:51Z INFO tests::zombie_ci::statement_store_bench] Summary min avg max [2026-01-07T17:18:51Z INFO tests::zombie_ci::statement_store_bench] time, s 8 19 24 [2026-01-07T17:18:51Z INFO tests::zombie_ci::statement_store_bench] retries 0 0 0 ``` - [x] Evaluate and set proper RPC limits. The normal RPC limits apply here we just need to make sure RPC nodes run with limits high enough, so each user can connect to the node all at the same time. - [x] Periodically scan existing statements and removed expired ones. - [ ] Plan for deploying it with minimising impact for people prototype with the old APIs - [ ] ~This modifies statement format(expiry field), Runtime and Node need to run latest version.~, post #10787, statement-store does not call into runtime anymore, so this dependency is not needed. ## Local testing To obtain a local node with the new APIs available run: ``` cargo build -p polkadot -p polkadot-parachain-bin --bin polkadot --bin polkadot-prepare-worker --bin polkadot-execute-worker --bin polkadot-parachain --features fast-runtime; ZOMBIE_PROVIDER=native cargo test -p cumulus-zombienet-sdk-tests --features zombie-ci zombie_ci::statement_store::statement_store ``` The rpc addresses are visible in the output: ``` charlie: direct link (pjs) https://polkadot.js.org/apps/?rpc=ws://127.0.0.1:26997#/explorer dave: direct link (pjs) https://polkadot.js.org/apps/?rpc=ws://127.0.0.1:12623#/explorer ``` --------- Signed-off-by: Alexandru Gheorghe <alexandru.gheorghe@parity.io> Co-authored-by: Andrei Eres <eresav@me.com> Co-authored-by: cmd[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Alexandru Gheorghe <alexandru.gheorghe@parity.io>
Signed-off-by: Alexandru Gheorghe <alexandru.gheorghe@parity.io>
github-merge-queue
bot
removed this pull request from the merge queue due to failed status checks
github-project-automation
bot
moved this from Todo
to Done
in [preview] release tracker
6 participants
Description
Fixes #10799
This removes slow runtime validation from statement-submission hot path. Validation now happens on the node side via direct signature verification and storage reads for account quotas.
Integration
Node validates signatures directly, reads quotas from storage. Setting allowances is implementing in another PR.