Skip to content

fix: wait for proposal timestamps to enter future window#280

Merged
matthias-wright merged 2 commits into
audit-may-2026from
m/proposed-timestamp
Jun 26, 2026
Merged

fix: wait for proposal timestamps to enter future window#280
matthias-wright merged 2 commits into
audit-may-2026from
m/proposed-timestamp

Conversation

@matthias-wright

Copy link
Copy Markdown
Collaborator

Addresses #254.

Fixes proposer timestamp selection when the parent timestamp is near the verifier future-window limit.

Changes:

  • Wait before building a payload until parent.timestamp + 1 is acceptable under now + allowed_timestamp_future_ms.
  • Keep child timestamps monotonic by selecting max(now, parent.timestamp + 1) after the wait.
  • Add focused tests for wait and no-wait timestamp selection.
  • Add unit tests.

@evonide

evonide commented Jun 1, 2026

Copy link
Copy Markdown

The timestamp mismatch looks fixed. The proposer now waits until the required child timestamp is inside the verifier’s accepted future window before building the payload.

One follow-up concern is that the wait happens inside handle_proposal meaning a longer wait could keep the application actor from promptly handling other things like verify or certify messages. Is the assumption that this wait is always short enough in practice or should the wait be moved outside the actor path?

@matthias-wright

Copy link
Copy Markdown
Collaborator Author

That's a good point.
What if we check if the initial waiting time returned by proposal_timestamp_wait is larger than leader_timeout_ms, and if so, we abort immediately?

@sebastian-osec

Copy link
Copy Markdown

Yes, I think that makes sense. If the initial proposal_timestamp_wait is greater than the leader timeout, this proposal cannot become valid within the current leader window anyway, so aborting immediately avoids tying up the application actor.

The important part is that this should abort proposal creation, not bypass the timestamp wait. We should still only build once parent.timestamp() + 1 is inside the verifier future window.

@matthias-wright

Copy link
Copy Markdown
Collaborator Author

Update(c5dd562):

  • Abandon proposal when timestamp wait exceeds leader timeout

@sebastian-osec

Copy link
Copy Markdown

Thanks. Looks good to me.

@matthias-wright matthias-wright merged commit f79049d into audit-may-2026 Jun 26, 2026
4 checks passed
@matthias-wright matthias-wright deleted the m/proposed-timestamp branch June 26, 2026 05:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants