update#431
Open
itsmylife44 wants to merge 3039 commits into
Open
Conversation
Contributor
|
It is the biggest pull request in one hit that I have ever seen in Github. 🙈 To the moon 🚀. |
|
These changes will work on latest snipa pool if I add them? what is best way to implement them? it will work for Aeon still? I am worried about DB changes |
Contributor
|
It works with Aeon, of course. Aeon is a sibling of Monero, much simpler than other coins. |
MoneroOcean
force-pushed
the
master
branch
2 times, most recently
from
c8f6dd3 to
3f45f35
Compare
MoneroOcean
force-pushed
the
master
branch
2 times, most recently
from
8aa7251 to
054f3e1
Compare
- isSafeToTrust: use a single random draw per trust decision - wire trustChange as a trust ramp-slow factor; default 2 in base.sql - ETH/ETC/ERG verifiers fail open on verifier outage instead of rejecting - update trust test for single-draw accounting
- setNewDiff: read varDiffVariance (percent) for the retarget deadband; falls back to 0.2 - base.sql: seed varDiffVariance=20; remove unused banLength/trustPenalty rows - add trust-gate regression tests (single-draw isSafeToTrust, ETH/ERG fail-open)
The xmr-stak agent matchers used an unbounded leading \w+ before the
'-stak' literal, which backtracks quadratically on long agent strings.
Bound the prefix to {1,64}; matching is unchanged for real agents.
shareDB keys are uint32; a share whose blockHeight is out of range aborted the whole flush. Skip non-uint32 block heights when storing.
Behavior-preserving cleanup across lib/, tests/, and root + manage_scripts: - add concise why-comments to non-obvious logic; drop comments that merely restate code; fix two inaccurate comments - remove never-referenced test helpers, fixtures, and orphaned require()s - consolidate the duplicated flushShareAccumulator into the shared harness - normalize stray tab indentation to 4 spaces; clarify a few internal names - gitignore the local audit.md notes No runtime behavior change; full test suite green throughout.
blockDB is opened with keyIsUint32, so the height key must be a Number. The read used parseInt(height) but the write used the raw String height, which throws on a keyIsUint32 dbi -- so the script could never relock a block that exists, and it printed 're-locked!' even when none was found. Use the Number key for both read and write, and report/exit accurately when the block is missing.
unlockBatch checked opts.force === true, so --force=true / --force 1 (which the CLI parser yields as strings) were silently treated as falsy and the unlock refused, even though the sibling --confirm-wallet-history- checked flag already accepts those forms via isBooleanOption. Route force through the same helper and add a regression test for the string form.
block_height_hex is reassigned to body.result.number, a 0x-prefixed hex quantity, but onComplete parsed it with parseInt(..., 10), which yields 0 for any 0x value. That zero tripped ethBlockFind's '!block_height' guard and skipped the 32-block historical fallback scan, so ETH/ETC blocks no longer at the chain tip could be missed. Parse as base 16, matching the parseEthBlockNumber helper. Refactor regression.
cleanShareDB set cleanShareInProgress=true and then ran the locked-block read plus scanShares (LMDB read) and finalizeCleanup (write txn). A throw on any of those -- the read runs synchronously, the others inside the async getLastBlockHeader/getBlockHeaderByID callbacks -- latched the flag forever, so every later cycle logged 'already running' and share pruning stopped until restart. Route all of them through a shared failCleanup() that resets the flag and reports the error, matching the sibling reads.
On an LMDB map-full during a drain the failed batch is re-queued, leaving the queue non-empty, so finishShareDrain() did not resolve waiters and a stop() awaiting waitForShareDrain() could hang. Resolve the waiters on the reject path, mirroring the lmdbRejecting fast-path at the top of drain.
normalizeExtraNonceSubmitNonce lowercased the full-nonce branch but
returned the suffix branch with the miner's original casing. An uppercase
hex suffix then failed the lowercase-only nonce check (^[0-9a-f]{16}$)
and the valid share was rejected. Use the already-computed lowercased
suffix, matching the full-nonce branch. Adds a regression test.
- user_balance_move: always refuse a balance reserved by a pending batch; the non-force tool used to skip the pending_batch_id check, letting an in-flight payout be relocated and effectively paid twice - payment_batch_unlock: machine-verify wallet history (get_transfers + transferMatchesBatch) before crossing the submit boundary instead of trusting operator attestation alone; fail closed if the wallet is unreachable or a matching transfer is found
- drop the unreachable "retryable" submit-outcome branch in runCycle (submitReservedBatch never returns it) - normalizeHash: require a full 64-hex tx hash rather than the first hex run, so a malformed value cannot normalize to a colliding prefix
- long_runner: scan the cache/altblock DBs in bounded chunks instead of holding one read txn open across the whole scan. A long-lived read txn pins its snapshot and stops every process sharing the env from reusing freed pages, growing the map toward MDB_MAP_FULL. The txn is released between chunks and re-seeks past the last processed key. - init.js / init_mini.js: close the env on process "exit" (idempotent, guarded). node "exit" fires on process.exit(), uncaughtException and unhandledRejection, so any termination now frees this process's reader slots; manage scripts no longer leak a slot per run. - script_utils.forEachEntry: release the cursor/read txn in a finally so a throwing iterator cannot leave the txn open. - altblock_prune_old: abort the in-flight write txn on error to release the env's single writer lock immediately. Note: node-lmdb opens with MDB_NOTLS, so abort()/commit() frees the reader slot at once and a process at rest holds none; a normal pm2 (SIGINT) restart already left no stale reader. These changes remove the remaining leaks (open txn at exit) and the long-held-read-txn overflow path.
- remote_share drainShareQueue: a non-map-full write error was re-thrown out of the flush timer/setImmediate callback, which is uncaught and crashes the process (losing the whole in-memory share queue). Now re-queue the atomic batch, rate-limit the log, and let the next queued share retry the drain; waiters resolve (not reject) so stop() still proceeds. - worker updateShareStats2: only the final cache flush was guarded. The batcher also flushes mid-cycle every CACHE_WRITE_BATCH_SIZE (500) entries - common on a large pool - and that throw escaped the getLastBlockHeader callback uncaught. Wrap all cache writes so any flush failure funnels through enterLmdbFailStop (map-full pauses the worker) like the final flush. - tests: worker mid-cycle map-full now pauses without crashing; remote_share non-map-full flush error retries the batch without crash or data loss.
…ap-full Previously a non-map-full write error during share flush re-queued the batch and retried indefinitely. A persistent failure (corruption, disk/IO error) would then grow the in-memory queue forever while quietly failing. Treat any LMDB write failure during share flush as unrecoverable: enter reject mode (pause) like the map-full case - stop accepting new share/block frames, keep the un-committed batch, notify the admin (generic write-failure message), and release drain waiters so stop() proceeds. The operator restarts once the DB is healthy. Pending-job processing still pauses only on map-full, since its errors can be transient or non-LMDB (e.g. daemon RPC) and should not stop ingress.
lmdb_copy opened a destination env (env2) and held a source read txn + dest write txn + cursor across each per-DB copy with no try/finally. On a mid-copy throw the txns/cursor were left open and env2 - which the init_mini exit handler does not close (it only closes global.database.env) - was never closed. Wrap each per-DB copy so the source read txn and cursor are always ended and the dest txn is committed on success / aborted on error, and close env2 in an outer finally. Also warn that the copy holds a source snapshot, so it should be run with the pool stopped (a long copy otherwise pins pages and can drive a live source DB to map-full).
collectPplnsSharePayments holds a single read txn for the whole descending share scan on purpose - the payout must be summed against a consistent snapshot. Document that chunking or releasing the txn mid-scan would let a concurrent cleanShareDB delete shares before they are counted and pay miners incorrectly, so the transient page-pin is intentional, not an oversight.
- account.js: require string username/from/to and a primitive enabled on subscribeEmail; require string username on updateThreshold - api.js: reject object/array bound values in the query() wrapper, and treat a stored JSON null as a cache miss - public.js: percent-encode response-cache key parts before joining - tests: cover subscribeEmail body validation (rejects array/object fields, still accepts a normal scalar request)
Drop GET /user/:address/unsubscribeEmail. The token-based GET /user/unsubscribeEmail/:token route (the only one current emails link to) fully replaces it; the legacy route required no proof of ownership.
Key the nginx limit_req zone on the real client IP (Cloudflare CF-Connecting-IP; origin accepts Cloudflare traffic only) instead of $uri, and apply it to /miner/ and /pool/ with a generous per-client budget. Cheap cached routes under / stay unthrottled. Zone renamed (big_api -> api_ip) so the key change applies on reload without a restart.
…che key - getMinerBlockPayments: the 7-day paid_blocks list is identical for every miner, so memoize it briefly (bounded 64-entry map) instead of re-running the scan for each distinct address. - transactions reads use an explicit column list (never SELECT *) so internal columns (payee address, payment_id) are never selected. - /pool/coin_altblocks cache key uses the normalized integer port so equivalent spellings share one entry.
The mo-miner project's executable and release archives are now named mom; update the live miner registry, binary lookup, cache key, and asset-name patterns (mom-v*) in tests/live. GitHub repo/release URLs stay MoneroOcean/mo-miner; the cached older mominer release under .cache is left untouched.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.