faucet: update

Otherwise the node will be waiting for 500ms before the block fetcher
keeps processing.

.nancy-ignore

@@ -1,2 +1,3 @@
 CVE-2024-34478 # "CWE-754: Improper Check for Unusual or Exceptional Conditions." This vulnerability is BTC only, BSC does not have the issue.
 CVE-2024-6104 # "CWE-532: Information Exposure Through Log Files" This is caused by the vulnerabilities go-retryablehttp@v0.7.4, it is only used in cmd devp2p, impact is limited. will upgrade to v0.7.7 later
+CVE-2024-8421 # "CWE-400: Uncontrolled Resource Consumption (Resource Exhaustion)" This vulnerability is caused by issues in the golang.org/x/net package. Even the latest version(v0.29.0) has not yet addressed it, but we will continue to monitor updates closely.

cmd/faucet/customized/README.md

@@ -0,0 +1,14 @@
+# 1.Background
+This is to support some projects with customized tokens that they want to integrate into the BSC faucet tool.
+
+## 1.1. How to Integrate Your Token
+- Step 1: Submmit a Pull Request to [bsc develop branch](https://github.com/bnb-chain/bsc/tree/develop) with relevant token information: `symbol`, `amount`, `icon`, `addr`. Append these information in [Section 2: Token List](#2token-list)
+- Step 2: Wait for approval, we will review the request, and once it is approved, the faucet tool will start to support the customized token and list it on https://www.bnbchain.org/en/testnet-faucet.
+- Step 3: Deposit your test token to designated address(0xaa25aa7a19f9c426e07dee59b12f944f4d9f1dd3) on the BSC testnet.
+
+# 2.Token List
+## 2.1.DemoToken
+- symbol: DEMO
+- amount: 10000000000000000000
+- icon: ./demotoken.png
+- addr: https://testnet.bscscan.com/address/0xe15c158d768c306dae87b96430a94f884333e55d

cmd/faucet/faucet.go

@@ -500,7 +500,7 @@ func (f *faucet) apiHandler(w http.ResponseWriter, r *http.Request) {
 			continue
 		}
 
-		// check #2: check IP and ID(address) to ensure the user didn't request funds too recently,
+		// check #2: check IP and ID(address) to ensure the user didn't request funds too frequently
 		f.lock.Lock()
 
 		if ipTimeout := f.timeouts[ips[len(ips)-2]]; time.Now().Before(ipTimeout) {

consensus/parlia/parlia.go

@@ -68,7 +68,6 @@ const (
 
 	wiggleTime         = uint64(1) // second, Random delay (per signer) to allow concurrent signers
 	initialBackOffTime = uint64(1) // second
-	processBackOffTime = uint64(1) // second
 
 	systemRewardPercent = 4 // it means 1/2^4 = 1/16 percentage of gas fee incoming will be distributed to system
 
@@ -1616,12 +1615,15 @@ func (p *Parlia) Seal(chain consensus.ChainHeaderReader, block *types.Block, res
 		copy(header.Extra[len(header.Extra)-extraSeal:], sig)
 
 		if p.shouldWaitForCurrentBlockProcess(chain, header, snap) {
-			log.Info("Waiting for received in turn block to process")
+			highestVerifiedHeader := chain.GetHighestVerifiedHeader()
+			// including time for writing and committing blocks
+			waitProcessEstimate := math.Ceil(float64(highestVerifiedHeader.GasUsed) / float64(100_000_000))
+			log.Info("Waiting for received in turn block to process", "waitProcessEstimate(Seconds)", waitProcessEstimate)
 			select {
 			case <-stop:
 				log.Info("Received block process finished, abort block seal")
 				return
-			case <-time.After(time.Duration(processBackOffTime) * time.Second):
+			case <-time.After(time.Duration(waitProcessEstimate) * time.Second):
 				if chain.CurrentHeader().Number.Uint64() >= header.Number.Uint64() {
 					log.Info("Process backoff time exhausted, and current header has updated to abort this seal")
 					return

crypto/bn256/cloudflare/gfp12.go

@@ -1,7 +1,7 @@
 package bn256
 
 // For details of the algorithms used, see "Multiplication and Squaring on
-// Pairing-Friendly Fields, Devegili et al.
+// Pairing-Friendly Fields", Devegili et al.
 // http://eprint.iacr.org/2006/471.pdf.
 
 import (

crypto/bn256/cloudflare/gfp2.go

@@ -1,7 +1,7 @@
 package bn256
 
 // For details of the algorithms used, see "Multiplication and Squaring on
-// Pairing-Friendly Fields, Devegili et al.
+// Pairing-Friendly Fields", Devegili et al.
 // http://eprint.iacr.org/2006/471.pdf.
 
 // gfP2 implements a field of size p² as a quadratic extension of the base field

crypto/bn256/cloudflare/gfp6.go

@@ -1,7 +1,7 @@
 package bn256
 
 // For details of the algorithms used, see "Multiplication and Squaring on
-// Pairing-Friendly Fields, Devegili et al.
+// Pairing-Friendly Fields", Devegili et al.
 // http://eprint.iacr.org/2006/471.pdf.
 
 // gfP6 implements the field of size p⁶ as a cubic extension of gfP2 where τ³=ξ

crypto/bn256/google/gfp12.go

@@ -5,7 +5,7 @@
 package bn256
 
 // For details of the algorithms used, see "Multiplication and Squaring on
-// Pairing-Friendly Fields, Devegili et al.
+// Pairing-Friendly Fields", Devegili et al.
 // http://eprint.iacr.org/2006/471.pdf.
 
 import (

crypto/bn256/google/gfp2.go

@@ -5,7 +5,7 @@
 package bn256
 
 // For details of the algorithms used, see "Multiplication and Squaring on
-// Pairing-Friendly Fields, Devegili et al.
+// Pairing-Friendly Fields", Devegili et al.
 // http://eprint.iacr.org/2006/471.pdf.
 
 import (

crypto/bn256/google/gfp6.go

@@ -5,7 +5,7 @@
 package bn256
 
 // For details of the algorithms used, see "Multiplication and Squaring on
-// Pairing-Friendly Fields, Devegili et al.
+// Pairing-Friendly Fields", Devegili et al.
 // http://eprint.iacr.org/2006/471.pdf.
 
 import (

eth/blacklist.go

@@ -1,114 +0,0 @@
-package eth
-
-import (
-	"container/heap"
-	"sync"
-	"time"
-)
-
-// Implements the heap.Interface for *BlackListPeer based on LastSeen
-type PeerHeap []*BlackListPeer
-
-func (h PeerHeap) Len() int           { return len(h) }
-func (h PeerHeap) Less(i, j int) bool { return h[i].LastSeen.Before(h[j].LastSeen) }
-func (h PeerHeap) Swap(i, j int)      { h[i], h[j] = h[j], h[i]; h[i].index = i; h[j].index = j }
-
-func (h *PeerHeap) Push(x interface{}) {
-	n := len(*h)
-	item := x.(*BlackListPeer)
-	item.index = n
-	*h = append(*h, item)
-}
-
-func (h *PeerHeap) Pop() interface{} {
-	old := *h
-	n := len(old)
-	item := old[n-1]
-	item.index = -1 // for safety
-	*h = old[0 : n-1]
-	return item
-}
-
-// Peer represents the state of a peer in the network.
-type BlackListPeer struct {
-	ID             string    // Unique identifier for the peer
-	HeadBlock      int64     // Current head block of the peer
-	LastSeen       time.Time // Timestamp of the last head block update
-	BlacklistCount int       // Counter for failed head block updates
-	index          int       // Index of the peer in the heap
-}
-
-// blackList manages peers, both active and blacklisted.
-type blackList struct {
-	mu               sync.Mutex // To handle concurrent access
-	peers            map[string]*BlackListPeer
-	peerHeap         PeerHeap
-	maxPeers         int
-	expiryTime       time.Duration
-	blacklistedCount int
-}
-
-// NewBlackList creates a new instance of blackList.
-func NewBlackList(maxPeers int, expiryTime time.Duration, blacklistedCount int) *blackList {
-	bl := &blackList{
-		peers:            make(map[string]*BlackListPeer),
-		peerHeap:         make(PeerHeap, 0, maxPeers),
-		maxPeers:         maxPeers,
-		expiryTime:       expiryTime,
-		blacklistedCount: blacklistedCount,
-	}
-	heap.Init(&bl.peerHeap)
-	return bl
-}
-
-// AddOrUpdatePeer adds or updates a peer in the map, rejecting invalid IDs.
-func (bl *blackList) AddOrUpdatePeer(id string, headBlock int64) {
-	if id == "" {
-		return // Reject empty ID
-	}
-
-	bl.mu.Lock()
-	defer bl.mu.Unlock()
-
-	peer, exists := bl.peers[id]
-	if exists {
-		if peer.HeadBlock != headBlock {
-			peer.HeadBlock = headBlock
-			peer.LastSeen = time.Now()
-			peer.BlacklistCount = 0
-			heap.Fix(&bl.peerHeap, peer.index)
-		}
-	} else {
-		if len(bl.peers) >= bl.maxPeers {
-			oldest := heap.Pop(&bl.peerHeap).(*BlackListPeer)
-			delete(bl.peers, oldest.ID) // Corrected to use ID
-		}
-		newPeer := &BlackListPeer{
-			ID: id, HeadBlock: headBlock, LastSeen: time.Now(), BlacklistCount: 0,
-		}
-		bl.peers[id] = newPeer
-		heap.Push(&bl.peerHeap, newPeer)
-	}
-}
-
-// BlacklistStalePeers updates the blacklist count of stale peers.
-func (bl *blackList) BlacklistStalePeers() {
-	bl.mu.Lock()
-	defer bl.mu.Unlock()
-
-	now := time.Now()
-	for _, peer := range bl.peers {
-		if now.Sub(peer.LastSeen) > bl.expiryTime {
-			peer.BlacklistCount++
-		}
-	}
-}
-
-// IsBlacklisted checks if a peer is blacklisted.
-func (bl *blackList) IsBlacklisted(id string) bool {
-	bl.mu.Lock()
-	defer bl.mu.Unlock()
-
-	peer, exists := bl.peers[id]
-	return exists && peer.BlacklistCount >= bl.blacklistedCount
-}

eth/blacklist_test.go

@@ -1,161 +0,0 @@
-package eth
-
-import (
-	"sync"
-	"testing"
-	"time"
-)
-
-// TestAddOrUpdatePeer tests adding new peers and updating existing ones.
-func TestAddOrUpdatePeer(t *testing.T) {
-	bl := NewBlackList(2, 10*time.Minute, 3)
-	bl.AddOrUpdatePeer("peer1", 100)
-	if len(bl.peers) != 1 {
-		t.Errorf("Expected 1 peer, got %d", len(bl.peers))
-	}
-
-	// Test updating the same peer
-	bl.AddOrUpdatePeer("peer1", 101)
-	if bl.peers["peer1"].HeadBlock != 101 {
-		t.Errorf("Expected head block 101, got %d", bl.peers["peer1"].HeadBlock)
-	}
-
-	// Test adding another peer and triggering the maxPeers limit
-	bl.AddOrUpdatePeer("peer2", 102)
-	bl.AddOrUpdatePeer("peer3", 103) // This should remove the oldest (peer1)
-	if len(bl.peers) != 2 {
-		t.Errorf("Expected 2 peers, got %d", len(bl.peers))
-	}
-	if _, exists := bl.peers["peer1"]; exists {
-		t.Errorf("Expected peer1 to be removed")
-	}
-}
-
-// TestBlacklistStalePeers tests the automatic blacklisting of stale peers.
-func TestBlacklistStalePeers(t *testing.T) {
-	bl := NewBlackList(2, 1*time.Minute, 1)
-	bl.AddOrUpdatePeer("peer1", 100)
-	time.Sleep(2 * time.Minute) // simulate time passing
-	bl.BlacklistStalePeers()
-
-	if bl.peers["peer1"].BlacklistCount != 1 {
-		t.Errorf("Expected BlacklistCount of 1, got %d", bl.peers["peer1"].BlacklistCount)
-	}
-}
-
-// TestIsBlacklisted tests checking if a peer is blacklisted.
-func TestIsBlacklisted(t *testing.T) {
-	bl := NewBlackList(2, 1*time.Minute, 1)
-	bl.AddOrUpdatePeer("peer1", 100)
-	bl.peers["peer1"].LastSeen = time.Now().Add(-2 * time.Minute) // make peer stale
-	bl.BlacklistStalePeers()
-
-	if !bl.IsBlacklisted("peer1") {
-		t.Errorf("Expected peer1 to be blacklisted")
-	}
-}
-
-// TestEdgeCases tests handling of edge cases such as invalid IDs.
-func TestEdgeCases(t *testing.T) {
-	bl := NewBlackList(2, 1*time.Minute, 1)
-	bl.AddOrUpdatePeer("", 100) // testing with empty ID
-	if len(bl.peers) != 0 {
-		t.Errorf("Expected 0 peers, got %d", len(bl.peers))
-	}
-}
-
-// TestAddOrUpdatePeer_MaxPeers tests behavior when adding peers up to and beyond the maximum limit.
-func TestAddOrUpdatePeer_MaxPeers(t *testing.T) {
-	bl := NewBlackList(3, 10*time.Minute, 3)
-
-	bl.AddOrUpdatePeer("peer1", 100)
-	bl.AddOrUpdatePeer("peer2", 101)
-	bl.AddOrUpdatePeer("peer3", 102)
-	bl.AddOrUpdatePeer("peer4", 103) // This should remove peer1
-
-	if len(bl.peers) != 3 {
-		t.Errorf("Expected 3 peers, got %d", len(bl.peers))
-	}
-
-	if _, exists := bl.peers["peer1"]; exists {
-		t.Errorf("Expected peer1 to be removed")
-	}
-}
-
-// TestBlacklistCountOverflow checks how the system handles when a peer's BlacklistCount exceeds the threshold.
-func TestBlacklistCountOverflow(t *testing.T) {
-	bl := NewBlackList(2, 1*time.Second, 2)
-	bl.AddOrUpdatePeer("peer1", 100)
-
-	// Simulate multiple blacklist increments
-	time.Sleep(2 * time.Second)
-	bl.BlacklistStalePeers()
-	bl.BlacklistStalePeers()
-
-	if !bl.IsBlacklisted("peer1") {
-		t.Errorf("Expected peer1 to be blacklisted after exceeding blacklist count")
-	}
-}
-
-// TestExpiryTimeBoundary tests behavior when a peer's LastSeen is exactly at the expiry boundary.
-func TestExpiryTimeBoundary(t *testing.T) {
-	bl := NewBlackList(2, 1*time.Second, 2)
-	bl.AddOrUpdatePeer("peer1", 100)
-	time.Sleep(1 * time.Second)
-
-	bl.BlacklistStalePeers() // Should increment blacklist count but not blacklisted yet
-
-	if bl.peers["peer1"].BlacklistCount != 1 {
-		t.Errorf("Expected BlacklistCount of 1, got %d", bl.peers["peer1"].BlacklistCount)
-	}
-
-	if bl.IsBlacklisted("peer1") {
-		t.Errorf("Peer1 should not be blacklisted yet")
-	}
-}
-
-// TestConcurrentAccess tests concurrent access to the blackList.
-func TestConcurrentAccess(t *testing.T) {
-	bl := NewBlackList(100, 10*time.Minute, 3)
-	var wg sync.WaitGroup
-
-	for i := 0; i < 50; i++ {
-		wg.Add(1)
-		go func(id string) {
-			defer wg.Done()
-			bl.AddOrUpdatePeer(id, int64(i))
-		}(string(rune('a' + i)))
-	}
-
-	wg.Wait()
-
-	if len(bl.peers) != 50 {
-		t.Errorf("Expected 50 peers, got %d", len(bl.peers))
-	}
-}
-
-// TestReaddingBlacklistedPeer tests the behavior when a blacklisted peer is re-added.
-func TestReaddingBlacklistedPeer(t *testing.T) {
-	bl := NewBlackList(2, 1*time.Second, 1)
-	bl.AddOrUpdatePeer("peer1", 100)
-
-	// Simulate time passing to trigger blacklist
-	time.Sleep(2 * time.Second)
-	bl.BlacklistStalePeers()
-
-	// Ensure peer1 is blacklisted
-	if !bl.IsBlacklisted("peer1") {
-		t.Errorf("Expected peer1 to be blacklisted")
-	}
-
-	// Re-add the same peer
-	bl.AddOrUpdatePeer("peer1", 101)
-
-	if bl.peers["peer1"].BlacklistCount != 0 {
-		t.Errorf("Expected BlacklistCount to be reset, got %d", bl.peers["peer1"].BlacklistCount)
-	}
-
-	if bl.IsBlacklisted("peer1") {
-		t.Errorf("Peer1 should not be blacklisted after re-adding with updated information")
-	}
-}

eth/fetcher/block_fetcher.go

@@ -868,9 +868,9 @@ func (f *BlockFetcher) importHeaders(op *blockOrHeaderInject) {
 		parent := f.getHeader(header.ParentHash)
 		if parent == nil {
 			log.Debug("Unknown parent of propagated header", "peer", peer, "number", header.Number, "hash", hash, "parent", header.ParentHash)
-			time.Sleep(reQueueBlockTimeout)
 			// forget block first, then re-queue
 			f.done <- hash
+			time.Sleep(reQueueBlockTimeout)
 			f.requeue <- op
 			return
 		}
@@ -909,9 +909,9 @@ func (f *BlockFetcher) importBlocks(op *blockOrHeaderInject) {
 		parent := f.getBlock(block.ParentHash())
 		if parent == nil {
 			log.Debug("Unknown parent of propagated block", "peer", peer, "number", block.Number(), "hash", hash, "parent", block.ParentHash())
-			time.Sleep(reQueueBlockTimeout)
 			// forget block first, then re-queue
 			f.done <- hash
+			time.Sleep(reQueueBlockTimeout)
 			f.requeue <- op
 			return
 		}

eth/handler.go

@@ -172,8 +172,6 @@ type handler struct {
 
 	handlerStartCh chan struct{}
 	handlerDoneCh  chan struct{}
-
-	blackList *blackList
 }
 
 // newHandler returns a handler for all Ethereum chain management protocol.
@@ -704,7 +702,6 @@ func (h *handler) unregisterPeer(id string) {
 func (h *handler) Start(maxPeers int, maxPeersPerIP int) {
 	h.maxPeers = maxPeers
 	h.maxPeersPerIP = maxPeersPerIP
-	h.blackList = NewBlackList(maxPeers, 1*time.Hour, 3)
 	// broadcast and announce transactions (only new ones, not resurrected ones)
 	h.wg.Add(1)
 	h.txsCh = make(chan core.NewTxsEvent, txChanSize)

eth/protocols/eth/protocol.go

@@ -25,6 +25,7 @@ import (
 	"github.com/ethereum/go-ethereum/common"
 	"github.com/ethereum/go-ethereum/core/forkid"
 	"github.com/ethereum/go-ethereum/core/types"
+	"github.com/ethereum/go-ethereum/params"
 	"github.com/ethereum/go-ethereum/rlp"
 )
 
@@ -46,7 +47,7 @@ var ProtocolVersions = []uint{ETH68}
 var protocolLengths = map[uint]uint64{ETH68: 17}
 
 // maxMessageSize is the maximum cap on the size of a protocol message.
-const maxMessageSize = 10 * 1024 * 1024
+var maxMessageSize = params.MaxMessageSize
 
 const (
 	StatusMsg                     = 0x00

eth/sync.go

@@ -248,6 +248,9 @@ func (h *handler) doSync(op *chainSyncOp) error {
 		// degenerate connectivity, but it should be healthy for the mainnet too to
 		// more reliably update peers or the local TD state.
 		if block := h.chain.GetBlock(head.Hash(), head.Number.Uint64()); block != nil {
+			if h.chain.Config().IsCancun(block.Number(), block.Time()) {
+				block = block.WithSidecars(h.chain.GetSidecarsByHash(block.Hash()))
+			}
 			h.BroadcastBlock(block, false)
 		}
 	}

miner/bid_simulator.go

@@ -692,6 +692,14 @@ func (b *bidSimulator) simBid(interruptCh chan int32, bidRuntime *BidRuntime) {
 		return
 	}
 
+	// check bid size
+	if bidRuntime.env.size+blockReserveSize > params.MaxMessageSize {
+		log.Error("BidSimulator: failed to check bid size", "builder", bidRuntime.bid.Builder,
+			"bidHash", bidRuntime.bid.Hash(), "env.size", bidRuntime.env.size)
+		err = errors.New("invalid bid size")
+		return
+	}
+
 	bestBid := b.GetBestBid(parentHash)
 	if bestBid == nil {
 		log.Info("[BID RESULT]", "win", "true[first]", "builder", bidRuntime.bid.Builder, "hash", bidRuntime.bid.Hash().TerminalString())
@@ -858,6 +866,7 @@ func (r *BidRuntime) commitTransaction(chain *core.BlockChain, chainConfig *para
 	}
 
 	r.env.tcount++
+	r.env.size += uint32(tx.Size())
 
 	return nil
 }

miner/worker.go

@@ -70,6 +70,12 @@ const (
 
 	// the default to wait for the mev miner to finish
 	waitMEVMinerEndTimeLimit = 50 * time.Millisecond
+
+	// Reserve block size for the following 3 components:
+	// a. System transactions at the end of the block
+	// b. Seal in the block header
+	// c. Overhead from RLP encoding
+	blockReserveSize = 100 * 1024
 )
 
 var (
@@ -89,6 +95,7 @@ type environment struct {
 	signer   types.Signer
 	state    *state.StateDB // apply state changes here
 	tcount   int            // tx count in cycle
+	size     uint32         // almost accurate block size,
 	gasPool  *core.GasPool  // available gas used to pack transactions
 	coinbase common.Address
 
@@ -105,6 +112,7 @@ func (env *environment) copy() *environment {
 		signer:   env.signer,
 		state:    env.state.Copy(),
 		tcount:   env.tcount,
+		size:     env.size,
 		coinbase: env.coinbase,
 		header:   types.CopyHeader(env.header),
 		receipts: copyReceipts(env.receipts),
@@ -895,6 +903,13 @@ LOOP:
 			txs.Pop()
 			continue
 		}
+		// If we don't have enough size left for the next transaction, skip it.
+		if env.size+uint32(tx.Size())+blockReserveSize > params.MaxMessageSize {
+			log.Trace("Not enough size left for transaction", "hash", ltx.Hash,
+				"env.size", env.size, "needed", uint32(tx.Size()))
+			txs.Pop()
+			continue
+		}
 		// Error may be ignored here. The error has already been checked
 		// during transaction acceptance is the transaction pool.
 		from, _ := types.Sender(env.signer, tx)
@@ -920,6 +935,7 @@ LOOP:
 			// Everything ok, collect the logs and shift in the next transaction from the same account
 			coalescedLogs = append(coalescedLogs, logs...)
 			env.tcount++
+			env.size += uint32(tx.Size()) // size of BlobTxSidecar included
 			txs.Shift()
 
 		default:
@@ -1055,6 +1071,9 @@ func (w *worker) prepareWork(genParams *generateParams) (*environment, error) {
 		vmenv := vm.NewEVM(context, vm.TxContext{}, env.state, w.chainConfig, vm.Config{})
 		core.ProcessBeaconBlockRoot(*header.ParentBeaconRoot, vmenv, env.state)
 	}
+
+	env.size = uint32(env.header.Size())
+
 	return env, nil
 }
 

params/protocol_params.go

@@ -29,6 +29,8 @@ const (
 	GenesisGasLimit      uint64 = 4712388            // Gas limit of the Genesis block.
 	PayBidTxGasLimit     uint64 = 25000              // Gas limit of the PayBidTx in the types.BidArgs.
 
+	MaxMessageSize uint32 = 10 * 1024 * 1024 // MaxMessageSize is the maximum cap on the size of a eth protocol message.
+
 	MaximumExtraDataSize  uint64 = 32       // Maximum size extra data may be after Genesis.
 	ForkIDSize            uint64 = 4        // The length of fork id
 	ExpByteGas            uint64 = 10       // Times ceil(log256(exponent)) for the EXP instruction.