Block Template Validation Queue #65
Description
The current hashpool design is focused on getting ehash working ASAP so makes a lot of simplifying assumptions. One of these assumptions is that the pool does not validate miner block templates. This isn't going to work in practice. We either need to disallow miners from producing their own templates (👎 for bitcoin but faster to production) or bite the bullet and build template validation (👍 for bitcoin but more complex and time consuming to build). I intend to build for both use cases.
Currently, the pool creates a quote at the mint with status PAID immediately after verifying a mining share. The PAID status enables the miner to mint the ehash tokens immediately. Due to their privacy properties, ecash tokens cannot be revoked or invalidated after the user has taken custody. This means we cannot issue ecash tokens before fully validating the share and, if it includes one, the block template. If the share is found to be invalid after we issue the ecash token this would represent an inflation in the token supply, and a theft from all miners submitting valid shares.
We can enable template validation by creating the quote with a status of PENDING and introducing a delay before updating it to PAID. This design prevents miners from claiming the ehash immediately and decouples block template validation from the highly time sensitive pool role operations related to accepting shares.
I think this will be increasingly important as Hashpool matures and we start developing the proof of liabilities protocol, which matches accepted shares (including block templates) to issued ecash.
Current Flow
- Pool receives mining share submission
- Pool verifies proof-of-work
- Pool creates mint quote with status
PAID - Wallet can immediately mint ehash tokens
Proposed Flow for Block Template Validation
- Pool receives mining share submission
- Pool verifies proof-of-work
- Pool creates mint quote with status
PENDING - Pool pushes template verification task to Redis queue
- Auditor role validates the associated block template asynchronously
- Auditor role updates quote to
PAID/FAILED - Wallets periodically mint ehash for all
PAIDquotes
Benefits
- Decoupling: template validation can be done in a separate process from the pool role without being subject to the pool role's strict efficiency and reliability requirements
- Persistence: Tasks survive service restarts
- Observability: Task queue provides metrics and monitoring
- Scalability: Multiple worker threads can process block template validation tasks
- Error Handling: Failed templates can be moved to a dead letter queue for later analysis
Technical Implementation
- Add
PENDINGstate to MintQuoteState enum - Create Redis task queue schemas for template validation requests/responses
- Implement mint-side polling task to process validation results
- Extend pubsub notifications for quote state changes