RecoveryRequest triggers PrepareRequest from Primary even if the time is not yet came to send it #10

New issue

Closed

opened 2025-12-28 17:07:39 +00:00 by sami · 1 comment

sami commented

2025-12-28 17:07:39 +00:00

Owner

Originally created by @roman-khimov on GitHub (Apr 19, 2023).

Originally assigned to: @AnnaShaleva on GitHub.

Consider a network operated by @aprasolova. She has seven consensus nodes and tries to play with one of them, substituting CN+IR setup with a single IR using internal CN. We have a network with TimePerBlock: 15s, but she accidentally sets it to 1s on the node she works with. What happens next is whole network creating blocks each ~1-3s which is obvious for the case when we have a primary node using 1s timeout, but less so when it's a backup. When it's a backup it sends a recovery request after ~2s which triggers

                        } else if d.IsPrimary() {
                                d.sendPrepareRequest()

in onRecoveryMessage on a primary and then everyone is rushing to complete a block.

Can @aprasolova be blamed for misconfiguration? YES, that's a huge and obvious mistake. But what she can't be blamed for is a single-node setting affecting whole network. This MUST NOT happen at the dBFT/CN level.

I'm wondering what would the C# node reaction be to a similar RecoveryRequest.

Originally created by @roman-khimov on GitHub (Apr 19, 2023). Originally assigned to: @AnnaShaleva on GitHub. Consider a network operated by @aprasolova. She has seven consensus nodes and tries to play with one of them, substituting CN+IR setup with a single IR using internal CN. We have a network with `TimePerBlock: 15s`, but she accidentally sets it to `1s` on the node she works with. What happens next is whole network creating blocks each ~1-3s which is obvious for the case when we have a primary node using `1s` timeout, but less so when it's a backup. When it's a backup it sends a recovery request after ~2s which triggers ``` } else if d.IsPrimary() { d.sendPrepareRequest() ``` in `onRecoveryMessage` on a primary and then everyone is rushing to complete a block. Can @aprasolova be blamed for misconfiguration? YES, that's a huge and obvious mistake. But what she can't be blamed for is a single-node setting affecting whole network. This MUST NOT happen at the dBFT/CN level. I'm wondering what would the C# node reaction be to a similar RecoveryRequest.

sami

2025-12-28 17:07:39 +00:00

closed this issue
added the
bug
label

sami commented

2025-12-28 17:07:39 +00:00

Author

Owner

@vncoelho commented on GitHub (May 15, 2023):

Sure, @roman-khimov,

In fact, that line could be removed.
It would be also good to keep in mind a mechanism that often check network parameters between nodes.

@vncoelho commented on GitHub (May 15, 2023): Sure, @roman-khimov, In fact, that line could be removed. It would be also good to keep in mind a mechanism that often check network parameters between nodes.