Skip to content

fix: remove old SP key indexes on edit#683

Open
flywukong wants to merge 1 commit into
bnb-chain:masterfrom
flywukong:fix-bugbunty
Open

fix: remove old SP key indexes on edit#683
flywukong wants to merge 1 commit into
bnb-chain:masterfrom
flywukong:fix-bugbunty

Conversation

@flywukong

@flywukong flywukong commented Jun 30, 2026

Copy link
Copy Markdown

Description

Fixes stale SP key indexes after EditStorageProvider.
When an SP rotates operational identities such as seal, gc, approval, or bls, the old secondary indexes were not removed. As a result, retired keys could still resolve to the same SP and be accepted by storage authorization paths.

This PR updates EditStorageProvider to:

  • validate that new SP identities are not already owned by another SP
  • remove old secondary indexes when an identity is changed
  • keep the new indexes bound to the updated SP

Note: this PR prevents new stale SP key indexes from being created. Existing stale indexes in chain state should be cleaned by a one-time upgrade migration that prunes secondary indexes whose key no longer matches the current SP identity

Rationale

tell us why we need these changes...

Example

add an example CLI or API response...

Changes

Notable changes:

  • add each change in a bullet point here
  • ...

Potential Impacts

  • add potential impacts for other components here
  • ...

@hashdit-bot

hashdit-bot Bot commented Jun 30, 2026

Copy link
Copy Markdown

Pull Request Review

This PR fixes stale secondary-index handling for storage provider identity rotation in the Cosmos SDK-based SP keeper logic. In EditStorageProvider, it now checks that incoming seal/approval/gc/BLS identities are not already owned by another SP, updates the SP record, and explicitly deletes old index keys when identities change. It also corrects BLS index deletion logic in Exit and adds regression tests covering stale-index revocation and identity ownership collision prevention.

Sensitive Content

No sensitive content detected.

Security Issues

No serious security issues detected.


Generated by Hashdit Bot. This tool can absolutely NOT replace manual audits.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant