View Change
In the event of a network stall, the core protocol falls back to a view change. This process occurs within the DS committee, and involves the selection of a new DS committee leader to pick the blockchain's progress back up at the point just before the stall.
The general steps are as follows:
- The DS committee consensus stalls for some reason
- The network enters into a view change state
- A candidate leader from the DS committee leads the view change consensus using PBFT
- The DS backups validate the candidate leader's announcement
- View change consensus is reached
- The DS committee resumes the stalled consensus
Terminology
- Candidate leader: The proposed leader who will lead the view change consensus round
- Faulty leader(s): The current leader prior to the stall, and any candidate leaders who could not successfully complete the view change consensus
- Ejection: Placement of all faulty leader(s) to the back of the DS committee. This means those nodes will be prioritized for removal from the DS committee after the next DS consensus
Trigger Conditions
These are the conditions that can cause a view change to occur:
- Node entered
RunConsensusOnDSBlock()
but DS block consensus did not complete within the time stipulated - Node entered
RunConsensusOnFinalBlock()
but Tx block consensus did not complete within the time stipulated - Node entered
RunConsensusOnViewChange()
but VC block consensus did not complete within the time stipulated
Procedure
- Any trigger condition is satisfied and view change begins
- DS nodes perform view change pre-check:
- Contact lookup to ask for new blocks (DS or Tx)
- If no new block is obtained, proceed with view change
- If a new block is obtained, rejoin as a DS node
- All nodes calculate the new candidate leader index using
CalculateNewLeaderIndex()
, which uses this algorithm
H(finalblock or vc block hash, vc counter) % size (or num of DS guard)
If a previous vc block (for current consensus) exists, use vc block hash. Else use Tx block hash. If new candidate leader index is current faulty leader, re-calculate using
H(H(finalblock or vc block hash, vc counter)) repeatedly till an index is not the current faulty leader.
- Candidate leader and backups proceed with view change consensus until completion or stall
- If stalled, wait for timeout and re-run view change consensus with a new candidate leader
- All nodes remove faulty leaders (found in the VC block header's list) from DS Committee
- All nodes add faulty leaders to the back of DS Committee (unless those are DS guards)
- All nodes recalculate
m_consensusMyID
andm_consensusLeaderID
according to the updated DS committee - All nodes store the VC block to persistent storage
- If stalled consensus is at Tx block consensus:
- VC block(s) is sent to the lookup and shard nodes
- Lookups and shard nodes use the VC block(s) to update the DS committee composition similarly
- If stalled consensus is at DS block consensus:
- DS nodes cache all VC block(s) generated during the view change(s)
- All nodes re-run the stalled consensus (DS block or Tx block consensus) prior to view change
- If the re-run consensus is for Tx block, the gas limit will be adjusted using exponential backoff algorithm
- Consensus runs to completion (or, fails and triggers another stall)
- If completed consensus is for DS block:
- DS nodes append the cached VC block(s) to the newly generated DS block
- DS block (together with the VC block(s)) is sent to the lookup and shard nodes
- Lookups and shard nodes use the VC block(s) to update the DS committee composition similarly