PoX-4 Signing Keys Stacking-State

[setzeus]

PoX-4 Signing Key Stacking-State Update

Summary of Changes

This PR is meant to introduce, not complete, the core logic around signing keys in PoX-4 & address #4057 . The focus is specifically on updating the 'stacking-state' map & all the functions that read & write from it. This includes updates to the following public functions:

1. (stack-stx)
2. (delegate-stack-stx)
3. (stack-extend)
4. (delegate-stack-extend)

what this does not include
Getters & setters to the new map 'reward-cycle-signing-keys,' that'll be in another PR. This PR also does not include any logic that'll be used in relevant issues #4058, #4059, & #3970.

Testing

How were these changes tested?

This was only tested locally for syntax errors / clarinet check.

What future testing should occur?

As soon as this is merged I'll open an issue with the user stories that require testing for @moodmosaic to work into pox_4_tests.rs.

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes
• Any dependent changes have been merged and published in downstream modules

[codecov]

Codecov Report

Attention: 24 lines in your changes are missing coverage. Please review.

Comparison is base (8cffc38) 85.08% compared to head (166ac8f) 64.10%.
Report is 13 commits behind head on next.

Files	Patch %	Lines
...kslib/src/chainstate/stacks/boot/contract_tests.rs	0.00%	24 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff             @@
##             next    #4092       +/-   ##
===========================================
- Coverage   85.08%   64.10%   -20.99%     
===========================================
  Files         429      429               
  Lines      302009   302143      +134     
===========================================
- Hits       256976   193700    -63276     
- Misses      45033   108443    +63410     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[setzeus]

Additional context re: using 'delegate-stack-stx' vs. 'stack-aggregation-commit-index' to submit a pool's signing-key for delegates that registered without a signing-key here:

#4082

[setzeus]

Note: per Clarity WG morning discussion it's been noted that our preferred workflow here is to actively work on a version of PoX-4 that exists in /contrib per #4094 & then periodically copy that over to the more hardened PoX-4 that'll live in /boot.

Once #4094 is merged in I'll make these adjust only to the PoX-4 version in /contrib for now.

(unless there's reasonable push back on this workflow)

[kantai]

It seems like this could just be (buff 33) rather than an (optional (buff 33)): the delegate sets this value in delegate-stack-stx, which is also the first time the stacker-state is instantiated for the delegator.

[friedger]

Does it make sense to allow delegators enforce a signing key? If yes, should it be stored in a separate map?

[jcnelson]

Does it make sense to allow delegators enforce a signing key? If yes, should it be stored in a separate map?

Why would the delegator call delegate-stack-stx if the user supplied the wrong key?

[friedger]

Sorry, I meant the user/pool member. My question does not make sense here.

[friedger]

I agree, that stack-aggregation-commit can't change the signing key.

[kantai]

Echoing Jude's comments, and just had a few more

[kantai]

@setzeus -- this patch adds a unit test which would check that the contract instantiates:

diff --git a/stackslib/src/chainstate/stacks/boot/contract_tests.rs b/stackslib/src/chainstate/stacks/boot/contract_tests.rs
index bd7941f73..d8450f0e7 100644
--- a/stackslib/src/chainstate/stacks/boot/contract_tests.rs
+++ b/stackslib/src/chainstate/stacks/boot/contract_tests.rs
@@ -60,6 +60,8 @@ lazy_static! {
     pub static ref POX_CONTRACT_TESTNET: QualifiedContractIdentifier = boot_code_id("pox", false);
     pub static ref POX_2_CONTRACT_TESTNET: QualifiedContractIdentifier =
         boot_code_id("pox-2", false);
+    pub static ref POX_4_CONTRACT_TESTNET: QualifiedContractIdentifier =
+        boot_code_id("pox-4", false);
     pub static ref COST_VOTING_CONTRACT_TESTNET: QualifiedContractIdentifier =
         boot_code_id("cost-voting", false);
     pub static ref USER_KEYS: Vec<StacksPrivateKey> =
@@ -559,6 +561,31 @@ impl HeadersDB for TestSimHeadersDB {
     }
 }
 
+#[test]
+fn pox_4_instantiates() {
+    let mut sim = ClarityTestSim::new();
+    sim.epoch_bounds = vec![0, 1, 2];
+    let delegator = StacksPrivateKey::new();
+
+    let expected_unlock_height = POX_TESTNET_CYCLE_LENGTH * 4;
+
+    // execute past 2.1 epoch initialization
+    sim.execute_next_block(|_env| {});
+    sim.execute_next_block(|_env| {});
+    sim.execute_next_block(|_env| {});
+
+    sim.execute_next_block(|env| {
+        env.initialize_versioned_contract(
+            POX_4_CONTRACT_TESTNET.clone(),
+            ClarityVersion::Clarity2,
+            &boot::POX_4_TESTNET_CODE,
+            None,
+            ASTRules::PrecheckSize,
+        )
+        .unwrap()
+    });
+}
+
 #[test]
 fn pox_2_contract_caller_units() {
     let mut sim = ClarityTestSim::new();

The test passes with the most recent changes:

$ cargo test pox_4_instantiates
...
running 1 test
test chainstate::stacks::boot::contract_tests::pox_4_instantiates ... ok

test result: ok. 1 passed; 0 failed; 0 ignored; 0 measured; 1105 filtered out; finished in 0.04s
...

It also (correctly) fails if applied to the commit 6771f81.

[friedger]

I try to understand whether the same logic for the pox-address should be applied for the signing key for pools: If the pool operator decides to use a different signer key, the pool members rewards are not really at risk. However, would pool members like to decide whether the pool operator can delegate to one or the other signer? I think yes, therefore delegate-stx should also contain a signing key in the delegation-state

[friedger]

@setzeus There at least one rust functions that create stack-stx transactions with 4 instead of 5 arguments that makes the unit tests fail.
I found one in blocks.rs: https://github.com/stacks-network/stacks-blockchain/blob/cef8f87c59d326b5d30d9f2e6baf258d820da6b1/stackslib/src/chainstate/stacks/db/blocks.rs#L4222

from the logs of the test:

WARN [1701440351.250362] [stackslib/src/chainstate/stacks/db/transactions.rs:1045] [chainstate::nakamoto::coordinator::tests::test_simple_nakamoto_coordinator_10_tenures_10_blocks] Contract-call encountered an analysis error at runtime, contract_name: ST000000000000000000002AMW42H.pox-4, function_name: stack-stx, function_args: [u1000000000000000000, (tuple (hashbytes 0x253029fcdb225da88ef8434ed2bd32ff353983cf) (version 0x00)), u34, u12], error: IncorrectArgumentCount(5, 4)

[setzeus]

Ahhh okay, thx @friedger, so updating PoX-4 stacking parameters broke existing tests somewhere else* I follow. Looking into it.

[muneeb-ali]

Great to see the changes approved here! 🚀

[jcnelson]

Thank you for updating the stacking interfaces with these new methods! Before merging, I must insist that you add unit tests for them. It's not enough to see that PoX-4 instantiates; you must also verify that the public keys get added to the stacking state. Thanks!

[jcnelson]

Please remove dead code

[jcnelson]

Why is this a new key? Can you continue to please use the same key so we get consistent output?

[setzeus]

Recommendation from @kantai to pass/debug those unit tests, reverting back to commented out above I get in both places where I switched out peer.config for a new private key:

 let private_key = peer.config.private_key.clone();
    |                       ^^^^ not found in this scope

[jcnelson]

The problem is because you've commented out the code that instantiates peer

[jcnelson]

An update from the testing WG. This PR is blocked on getting the pox_4.rs tests in place, which is being handled in #4106. Once this is in place, it should be merged into this PR, so then it will become possible to test that the signing keys were indeed set.

[jcnelson]

This key is the key used to sign the transaction, not the DKG signing key. There needs to be a separate argument to make_pox_4_lockup for that signing key.

[jcnelson]

I don't think this is ever none if we're setting the signing key on delegate-stack-stx (which IIRC is the plan now)

EDIT: this comment is out of date

[jcnelson]

Can you add a comment about signing-key to the method doc?

[setzeus]

Updated a sentence & added the following to comment doc above function:

;; ...Stacker is responsible for providing a valid signing key.
...
;; You need to provide a signing-key used to allocate signature-weight to a valid signer

[jcnelson]

Same here -- can you add a comment to the method doc about the signing key?

[setzeus]

Updated a sentence & added the following to comment doc above function:

;; * You need to provide a signing-key used to allocate signature-weight to a valid signer

[jcnelson]

I think there instead needs to be a separate signing_key field in MockamotoNode. Same for the Nakamoto node. Perhaps it can be part of the Keychain?

[moodmosaic]

It would be nice with some tests to ensure everything works as intended:

1. signing-key in stacking-state:

   • Verify that the signing-key is correctly set.

2. Modified Functions (stack-stx, delegate-stack-stx, etc.):

   • Ensure all functions modified to include the signing-key handle it correctly.

3. stack-extend, delegate-stack-extend:

   • Test handling of updated-signing-key, ensuring proper updates in the stacking state.

4. get-signer-info-for-cycle:

   • Verify retrieval of correct signer info for various inputs.

@jcnelson, @setzeus, could you share your thoughts on these test cases or suggest additional ones that might be relevant?

[moodmosaic]

Where is this constant used?

[setzeus]

Unused, removed.

[jcnelson]

@moodmosaic Yes, please test all of those in pox_4_tests.rs.

[jcnelson]

This looks like there was an off-by-one error somewhere, with all these changes. Can you elaborate more on why all of these block heights are now +1?

[friedger]

The pox-4 is in a different epoch than bns, therefore booting needs one more block

[jcnelson]

Don't pass None; instead, make this an argument in Rust which gets passed to stack-extend.

[jcnelson]

Please don't commit commented-out code

[jcnelson]

If you're now using is-in-mainnet instead of a separate pox-4-mainnet.clar, then where are these constants defined now?

[jcnelson]

@setzeus This needs to be in #4164

[jcnelson]

Please revert this -- it has not been decided yet that stacking will be disabled in the prepare phase

[setzeus]

Yes. Reverting all the work here to un-do rebasing from #4094.

[moodmosaic]

@jcnelson, we'd like to get this method (delegate-stack-stx) under test, with @setzeus. In this diff, there's the signing-key key that's added.

Looking at PoX-3 tests, some candidates to copy over to PoX-4 are

• delegate_stack_increase
• delegate_extend_pox_3
• pox_3_getters
• stack_aggregation_increase

All of these tests seem to call into delegate-stack-stx. The question is:

1. Are all those tests relevant in the context of PoX-4
2. Which one would be the best to start with, so it can be added into this PR.

[setzeus]

Work picked up by @MarvinJanssen in #4209 to add required tests in addition to base tests - changing to draft until #4209 is merged in then will close.

[setzeus]

Closing since #4209 is now merged in.