Skip to content

[PM-21799] (fix): replace panic with error handling in get_data_from_inherent_data#1234

Merged
m2ux merged 7 commits into
mainfrom
fix/PM-21799-inherent-data-panic
Apr 30, 2026
Merged

[PM-21799] (fix): replace panic with error handling in get_data_from_inherent_data#1234
m2ux merged 7 commits into
mainfrom
fix/PM-21799-inherent-data-panic

Conversation

@m2ux

@m2ux m2ux commented Apr 3, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Summary

Replace .expect() on inherent data decoding in get_data_from_inherent_data with typed Result<Option<...>, InherentError> error handling, preventing simultaneous validator panics on malformed inherent data.

🎫 PM-21799 📐 Engineering

Motivation

The get_data_from_inherent_data function in the cnight-observation pallet decodes inherent data on every block through three consensus-critical entry points: create_inherent, check_inherent, and is_inherent_required. The function uses .expect() on the decode result, which means any malformed inherent data — from serialization bugs, version mismatches, or data corruption — causes all validators to panic simultaneously, permanently halting the chain with no automatic recovery.

This fix adopts the error handling pattern already established in the sibling federated-authority-observation pallet: returning Result<Option<...>, InherentError> with a new DecodeFailed variant, allowing each caller to handle decode failures appropriately without crashing.

Changes

Primitives (primitives/cnight-observation/src/lib.rs)

  • Add DecodeFailed variant to InherentError enum with #[cfg_attr(feature = "std", error("Inherent data decode failed"))]
  • Variant inherits is_fatal_error() = true from the blanket IsFatalError impl

Pallet (pallets/cnight-observation/src/lib.rs)

  • get_data_from_inherent_data — Return type changed from Option<T> to Result<Option<T>, InherentError>; .expect() replaced with .map_err(|_| InherentError::DecodeFailed)
  • create_inherent — Match on Ok/Err; error path logs log::error! with target cnight-observation and returns None
  • check_inherent — Propagate decode error via ?, then .ok_or(InherentError::Other)? for the missing-data case
  • is_inherent_required — Propagate decode error via ? before checking .is_some()

Tests (pallets/cnight-observation/tests/tests.rs)

  • Add create_malformed_inherent() helper (puts invalid bytes for INHERENT_IDENTIFIER)
  • create_inherent_with_malformed_data_returns_none — verifies no panic, returns None
  • check_inherent_with_malformed_data_returns_error — verifies Err(InherentError::DecodeFailed)
  • is_inherent_required_with_malformed_data_returns_error — verifies Err(InherentError::DecodeFailed)

Consensus safety

  • Valid inherent data paths produce identical results before and after the change
  • DecodeFailed is fatal (is_fatal_error() = true), so blocks with corrupted inherent data are rejected during import

📌 Submission Checklist

  • Changes are backward-compatible (or flagged if breaking)
  • Pull request description explains why the change is needed
  • Self-reviewed the diff
  • I have included a change file, or skipped for this reason: bug fix with no product-visible change
  • If the changes introduce a new feature, I have bumped the node minor version
  • Update documentation (if relevant)
  • No new todos introduced

🔱 Fork Strategy

  • Node Runtime Update
  • Node Client Update
  • Other
  • N/A

🗹 TODO before merging

  • Ready for review
  • Commit signing (agent environment lacks GPG — may need manual re-sign)

@m2ux m2ux force-pushed the fix/PM-21799-inherent-data-panic branch from 09cd34b to 9857de0 Compare April 5, 2026 18:30
@m2ux m2ux marked this pull request as ready for review April 6, 2026 13:15
@m2ux m2ux requested a review from a team as a code owner April 6, 2026 13:15
m2ux added a commit that referenced this pull request Apr 13, 2026
@m2ux
chore: fix formatting and add change file for PR #1234
0e0da7d 
Run cargo fmt to fix two formatting issues flagged by CI and add the
missing changes/changed entry so the Changes Check passes.
@m2ux m2ux mentioned this pull request Apr 13, 2026
Closed
m2ux and others added 4 commits April 13, 2026 15:20
@m2ux
chore: initialize branch for PM-21799 inherent data panic fix
d7c4932 
Made-with: Cursor
Signed-off-by: Mike Clay <mike.clay@shielded.io>
@m2ux
fix: replace .expect() with Result-based error handling in get_data_f…
7ab1dca 
…rom_inherent_data

Replace the panicking .expect() in get_data_from_inherent_data with
typed error propagation via Result<Option<...>, InherentError>,
matching the established pattern in federated-authority-observation.

Changes:
- Add DecodeFailed variant to InherentError in primitives
- Change get_data_from_inherent_data to return Result with .map_err()
- Update create_inherent to log error and return None on decode failure
- Update check_inherent to propagate DecodeFailed via ?
- Update is_inherent_required to propagate DecodeFailed via ?
- Add tests for malformed inherent data across all three callers

This prevents all validators from panicking simultaneously on malformed
inherent data, which would permanently halt the chain.

Closes: PM-21799
Made-with: Cursor
Signed-off-by: Mike Clay <mike.clay@shielded.io>
@m2ux
chore: fix formatting and add change file for PR #1234
7c1f78b 
Run cargo fmt to fix two formatting issues flagged by CI and add the
missing changes/changed entry so the Changes Check passes.

Signed-off-by: Mike Clay <mike.clay@shielded.io>
@m2ux
chore: add GitHub issue link to change file
beddf7c 
Signed-off-by: Mike Clay <mike.clay@shielded.io>
@m2ux m2ux force-pushed the fix/PM-21799-inherent-data-panic branch from 0e0da7d to beddf7c Compare April 13, 2026 14:20
justinfrevert
justinfrevert reviewed Apr 15, 2026
View reviewed changes
Comment thread changes/changed/fix-inherent-data-panic.md Outdated
@m2ux m2ux self-assigned this Apr 29, 2026
@m2ux m2ux changed the title fix: replace panic with error handling in get_data_from_inherent_data (PM-21799) fix(PM-21799): replace panic with error handling in get_data_from_inherent_data Apr 29, 2026
@m2ux m2ux changed the title fix(PM-21799): replace panic with error handling in get_data_from_inherent_data [PM-21799] (fix): replace panic with error handling in get_data_from_inherent_data Apr 29, 2026
m2ux and others added 2 commits April 30, 2026 11:27
@m2ux @justinfrevert
Update changes/changed/fix-inherent-data-panic.md
13115e0 
Co-authored-by: justinfrevert <81839854+justinfrevert@users.noreply.github.com>
Signed-off-by: Mike Clay <176900785+m2ux@users.noreply.github.com>
@m2ux
Merge branch 'main' into fix/PM-21799-inherent-data-panic
cb78ab8
@m2ux m2ux added this pull request to the merge queue Apr 30, 2026
Merged via the queue into main with commit 8967f5f Apr 30, 2026
33 checks passed
@m2ux m2ux deleted the fix/PM-21799-inherent-data-panic branch April 30, 2026 15:27
@m2ux m2ux mentioned this pull request May 6, 2026
Merged
12 tasks
@gilescope gilescope linked an issue May 15, 2026 that may be closed by this pull request
Validators panic on malformed inherent data in cnight-observation pallet #1317
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@justinfrevert justinfrevert justinfrevert approved these changes

Assignees

@m2ux m2ux

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Validators panic on malformed inherent data in cnight-observation pallet

2 participants

@m2ux @justinfrevert