Optimize subtree validation with parent metadata caching

[freemans13]

Summary

This PR introduces a parent metadata optimization for subtree validation that reduces UTXO store lookups for in-block parent transactions, improving validation throughput.

Changes

1. Validator Options (services/validator/options.go)

• Added ParentTxMetadata struct with block height metadata
• Added ParentMetadata field to Options (map of parent transaction metadata)
• Added WithParentMetadata() option function

2. Validator (services/validator/Validator.go)

• Modified getUtxoBlockHeightAndExtendForParentTx() to check ParentMetadata before calling utxoStore.Get()
• Updated function signatures to pass validation options through the call chain
• When parent metadata is provided, validator uses it instead of fetching from Aerospike

3. Subtree Validation (services/subtreevalidation/check_block_subtrees.go)

• Added buildParentMetadata() function to create parent transaction metadata from a level's transactions
• Updated processTransactionsInLevels() to build and provide parent metadata for Level 1+ transactions

4. Tests (services/validator/Validator_test.go)

• Updated test calls to pass validation options parameter

How It Works

When validating transactions organized in dependency levels:

1. Level 0: Normal validation (parents are external, not in this block)
2. Level 1+: For each level, we build metadata from the previous level's transactions
   • Metadata includes the block height where parent transactions will be mined
   • Validator checks ParentMetadata map before calling utxoStore.Get()
   • If parent is found in metadata, validator uses that information (avoiding Aerospike lookup)

Benefits

• Reduced Aerospike calls: Eliminates UTXO store lookups for intra-block parent transactions
• Improved throughput: Fewer network roundtrips during block validation
• Backward compatible: Feature is optional, defaults to nil (normal behavior)

Testing

• All existing tests pass
• Updated validator tests to accommodate new parameter
• No changes to test behavior or expectations

🤖 Generated with Claude Code

[github-actions]

🤖 Claude Code Review

Status: Complete

Current Review:
The PR correctly implements parent metadata caching with proper success tracking (lines 690-692, 766-768, 803-805 in check_block_subtrees.go). The buildParentMetadata function properly filters to only include successfully validated transactions, preventing validation bypass.

Tests provide good coverage of edge cases including filtering by successful transactions, nil handling, and empty inputs.

Potential Issue (Pre-existing Code):
Lines 751-753 contain 'return nil' which would exit the entire function rather than continuing to the next transaction. However, this appears to be unreachable code since already-validated transactions are filtered out at lines 635-637 before level processing begins. Consider removing this dead code or changing to 'continue' for clarity.

History:

• ✅ Fixed: Parent metadata now only includes successfully validated transactions
• ✅ Fixed: Nil check added for validationOptions
• ✅ Fixed: Early return safety verified with proper filtering

[github-actions]

✅ Fixed: Parent metadata now only includes successfully validated transactions.

The code correctly tracks successful validations in successfulTxsByLevel (lines 690-692, 766-768, 803-805) and filters the parent metadata to only include successful transactions via buildParentMetadata (line 733, implementation at lines 870-880).

This prevents the validation bypass where a child could reference a failed parent.

[github-actions]

Fixed: This issue has been resolved. The code now tracks successful validations in successfulTxsByLevel (lines 728-730, 797-800, 834-837) and only includes successfully validated transactions in the parent metadata (line 771, function at lines 899-916).

[github-actions]

✅ Fixed: Early return is now safe with proper filtering.

The parent metadata only includes transactions that successfully validated AND created UTXOs (see buildParentMetadata in check_block_subtrees.go:870-880). Failed transactions are never added to the metadata map, so the early return at line 770 is safe.

[github-actions]

Fixed: The early return is now safe because parent metadata only includes transactions that successfully validated AND created UTXOs (see check_block_subtrees.go:771 and buildParentMetadata at lines 899-916). Failed transactions are never added to the metadata map.

[freemans13]

Vulnerability Fixed ✅

I've addressed the critical validation bypass vulnerability identified in the review.

Root Cause

The original implementation built parent metadata from ALL transactions in the previous level, including those that failed validation. This created a validation bypass:

1. Parent transaction P fails validation → UTXOs never created
2. Parent metadata still includes P (because errors don't propagate from goroutines)
3. Child transaction C finds P in metadata → validator returns early
4. UTXO existence check is skipped → child validates with non-existent parent

Fix Applied (commit 20a9216)

1. Track Successful Validations

• Added successfulTxsByLevel map to track which transactions successfully validate
• Transactions marked successful only after blessMissingTransaction succeeds
• Also marks ErrTxExists as successful (already in UTXO store)

2. Filter Parent Metadata

• Modified buildParentMetadata() to accept successfulTxs filter parameter
• Only includes transactions present in the success set
• Prevents failed transactions from appearing in metadata

3. Safety Documentation

• Added comments explaining the safety guarantee
• Clarifies that metadata only includes transactions that completed full validation+storage
• Documents the connection between the optimization and success tracking

Why This is Safe

The validator's early return (Validator.go:736) is now safe because:

• Parent metadata only includes transactions that successfully validated
• Successful validation means UTXOs were created in the store
• Therefore, if metadata exists for a parent, we can trust its UTXOs exist
• The optimization skips redundant UTXO lookups while maintaining correctness

Testing

• ✅ Code builds successfully
• ✅ All tests compile
• ✅ Pre-commit hooks pass
• ⏳ CI checks running

The fix preserves the performance optimization (reduced Aerospike calls) while eliminating the validation bypass vulnerability.

[github-actions]

✅ Fixed: Nil check added.

The code at line 759 includes: if validationOptions != nil && validationOptions.ParentMetadata != nil, which properly prevents nil pointer dereference.

[github-actions]

Fixed: The nil check has been added. The current code at line 759 includes: if validationOptions \!= nil && validationOptions.ParentMetadata \!= nil, which prevents the nil pointer dereference.

[freemans13]

Nil Pointer Check Added (commit 5aab947)

Added defensive nil check for validationOptions parameter before accessing ParentMetadata to prevent potential panic if ValidateWithOptions() is called with nil options by external callers.

Change: Line 725 now checks validationOptions != nil before validationOptions.ParentMetadata != nil

[freemans13]

Test Coverage Improvements (commit d9d6119)

Added comprehensive unit tests to improve code coverage for the parent metadata optimization:

New Tests

1. buildParentMetadata Filtering Tests (check_block_subtrees_test.go)

• ✅ Empty inputs and success sets handling
• ✅ Filtering by successful transactions only
• ✅ All transactions successful scenario
• ✅ No transactions successful scenario
• ✅ Nil transaction handling in slice
• ✅ Verification that ONLY successfully validated transactions are included

2. Nil Safety Tests (Validator_test.go)

• ✅ getUtxoBlockHeightAndExtendForParentTx with nil options (no panic)
• ✅ With parent metadata present (optimization works correctly)
• ✅ Defensive nil check prevents panics from external callers

Test Results

All new tests pass successfully:

PASS: TestBuildParentMetadata (all 6 subtests)
PASS: TestGetUtxoBlockHeightAndExtendForParentTx_NilValidationOptions
PASS: TestGetUtxoBlockHeightAndExtendForParentTx_WithParentMetadata

These tests verify the critical safety mechanisms that prevent the validation bypass vulnerability and should improve SonarQube code coverage metrics.

[github-actions]

Resolving previous inline comments - all critical issues have been fixed in the current code.

[icellan]

@freemans13 This is an awesome optimization!

[github-actions]

New issue found at services/subtreevalidation/check_block_subtrees.go:753 - Bug: Early return terminates loop. The return nil at line 753 is outside the g.Go() goroutine and will terminate the entire processTransactionsInLevels function instead of continuing to the next transaction. This causes incomplete block validation when pre-validated transactions are encountered. Fix: Change return nil to continue and mark the transaction as successful in successfulTxsByLevel map.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
83.3% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud