d-bis/explorer-monorepo
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
06e2c7a29e3b578df126b8c30cb627045f6452b6
explorer-monorepo/docs/NETWORK_PERMISSIONS_FINAL_ANALYSIS.md

4.8 KiB
Raw Blame History

Network Permissions Check - Final Analysis

Date: 2025-01-12
Purpose: Complete analysis of network permission requirements for contract creation

Executive Summary

Finding: The network does NOT require explicit account-level permissions for contract creation, but ALL contract deployment attempts are failing, including minimal 204-byte contracts.

Status: ⚠️ CRITICAL ISSUE - Contract creation is blocked at the network level

Network Configuration

Consensus: QBFT (Permissioned Blockchain)

  • Block Period: 2 seconds
  • Epoch Length: 30,000 blocks
  • Validators: 5 nodes (192.168.11.100-104)

Permissioning Configuration

1. Node-Level Permissioning

  • File: permissions-nodes.toml
  • Status: Enabled
  • Allowlist: 13 nodes (validators, sentries, RPC nodes)
  • Purpose: Controls which nodes can connect to the network

2. Account-Level Permissioning

  • File: permissions-accounts.toml
  • Status: Enabled on RPC nodes
  • Allowlist: EMPTY (all accounts allowed)
  • Note: Empty allowlist means all accounts are permitted

Deployment Test Results

Test 1: MockLinkToken (5M gas)

  • Status: FAILED
  • Gas Used: 5,000,000 (all available)
  • Error: Out of gas

Test 2: MockLinkToken (10M gas)

  • Status: FAILED
  • Gas Used: 10,000,000 (all available)
  • Error: Out of gas

Test 3: MinimalLink (10M gas)

  • Status: FAILED
  • Gas Used: 10,000,000 (all available)
  • Error: Out of gas

Test 4: Minimal Test Contract (204 bytes, 1M gas)

  • Status: FAILED
  • Gas Used: 1,000,000 (all available)
  • Error: Transaction reverted
  • Transaction: 0xc6502cdc4cb2f583fc6b3ddeb8b67b81877cff7a3c824634874a844651609a51

Critical Analysis

What This Tells Us

  1. NOT a Contract Size Issue

    • Minimal 204-byte contract failed
    • Well under 24KB limit (EIP-170)

  2. NOT a Gas Limit Issue

    • 1M gas used (well under block limit of 30M)
    • All gas was consumed, suggesting revert

  3. NOT an Account Permission Issue

    • permissions-accounts.toml is empty (all accounts allowed)
    • Deployer has sufficient balance (999M+ ETH)

  4. Possible Causes

    • Network-level restriction on contract creation
    • RPC node configuration issue
    • Network state corruption
    • Validator-level restrictions

RPC Node Configuration

RPC Node Types

  1. Core RPC (192.168.11.250)

    • Config: config-rpc-core.toml
    • Account Permissioning: May be enabled
    • APIs: Full access (ETH, NET, WEB3, ADMIN, DEBUG, TXPOOL)

  2. Permissioned RPC (192.168.11.251)

    • Config: config-rpc-perm.toml
    • Account Permissioning: Enabled
    • APIs: ETH, NET, WEB3, TXPOOL, QBFT, ADMIN

  3. Public RPC (192.168.11.252)

    • Config: config-rpc-public.toml
    • Account Permissioning: May be enabled
    • APIs: Limited (read-only)

Current RPC Endpoint

  • URL: http://192.168.11.250:8545
  • Type: Core RPC
  • Account Permissioning: Unknown (need to verify)

Recommendations

Immediate Actions

  1. Verify RPC Node Configuration

    # Check if account permissioning is enabled on RPC node
# Verify permissions-accounts.toml is empty or includes deployer

  2. Check Network-Level Restrictions

    • Verify if contract creation is restricted at validator level
    • Check network genesis for contract creation restrictions
    • Review Besu logs for deployment errors

  3. Test with Different RPC Endpoint

    • Try permissioned RPC (192.168.11.251)
    • Try public RPC (192.168.11.252)
    • Compare results

  4. Contact Network Administrators

    • Verify if contract creation requires special permissions
    • Check if deployer account needs whitelisting
    • Review network policies

Long-Term Solutions

  1. Add Deployer to Account Allowlist

    • If account permissioning is enabled, add deployer address
    • Update permissions-accounts.toml on all RPC nodes

  2. Verify Network Health

    • Check if network is fully operational
    • Verify validators are functioning correctly
    • Review network logs for errors

  3. Alternative Deployment Methods

    • Use Remix IDE with network admin access
    • Deploy via validator node directly
    • Request network administrator to deploy

Conclusion

The network does NOT require explicit account-level permissions for contract creation (based on empty permissions-accounts.toml), but ALL contract deployments are failing, suggesting:

  1. Network-level restriction on contract creation
  2. RPC node configuration issue
  3. Network state or validator issue

Next Steps: Verify RPC node configuration and contact network administrators to resolve the contract creation restriction.

Last Updated: 2025-01-12

Reference in New Issue View Git Blame Copy Permalink