170 lines
4.8 KiB
Markdown
170 lines
4.8 KiB
Markdown
# Network Permissions Check - Final Analysis
|
|
|
|
**Date**: 2025-01-12
|
|
**Purpose**: Complete analysis of network permission requirements for contract creation
|
|
|
|
---
|
|
|
|
## Executive Summary
|
|
|
|
**Finding**: The network does NOT require explicit account-level permissions for contract creation, but **ALL contract deployment attempts are failing**, including minimal 204-byte contracts.
|
|
|
|
**Status**: ⚠️ **CRITICAL ISSUE** - Contract creation is blocked at the network level
|
|
|
|
---
|
|
|
|
## Network Configuration
|
|
|
|
### Consensus: QBFT (Permissioned Blockchain)
|
|
- **Block Period**: 2 seconds
|
|
- **Epoch Length**: 30,000 blocks
|
|
- **Validators**: 5 nodes (192.168.11.100-104)
|
|
|
|
### Permissioning Configuration
|
|
|
|
#### 1. Node-Level Permissioning ✅
|
|
- **File**: `permissions-nodes.toml`
|
|
- **Status**: Enabled
|
|
- **Allowlist**: 13 nodes (validators, sentries, RPC nodes)
|
|
- **Purpose**: Controls which nodes can connect to the network
|
|
|
|
#### 2. Account-Level Permissioning ✅
|
|
- **File**: `permissions-accounts.toml`
|
|
- **Status**: Enabled on RPC nodes
|
|
- **Allowlist**: **EMPTY** (all accounts allowed)
|
|
- **Note**: Empty allowlist means all accounts are permitted
|
|
|
|
---
|
|
|
|
## Deployment Test Results
|
|
|
|
### Test 1: MockLinkToken (5M gas)
|
|
- **Status**: ❌ FAILED
|
|
- **Gas Used**: 5,000,000 (all available)
|
|
- **Error**: Out of gas
|
|
|
|
### Test 2: MockLinkToken (10M gas)
|
|
- **Status**: ❌ FAILED
|
|
- **Gas Used**: 10,000,000 (all available)
|
|
- **Error**: Out of gas
|
|
|
|
### Test 3: MinimalLink (10M gas)
|
|
- **Status**: ❌ FAILED
|
|
- **Gas Used**: 10,000,000 (all available)
|
|
- **Error**: Out of gas
|
|
|
|
### Test 4: Minimal Test Contract (204 bytes, 1M gas)
|
|
- **Status**: ❌ FAILED
|
|
- **Gas Used**: 1,000,000 (all available)
|
|
- **Error**: Transaction reverted
|
|
- **Transaction**: `0xc6502cdc4cb2f583fc6b3ddeb8b67b81877cff7a3c824634874a844651609a51`
|
|
|
|
---
|
|
|
|
## Critical Analysis
|
|
|
|
### What This Tells Us
|
|
|
|
1. **NOT a Contract Size Issue**
|
|
- Minimal 204-byte contract failed
|
|
- Well under 24KB limit (EIP-170)
|
|
|
|
2. **NOT a Gas Limit Issue**
|
|
- 1M gas used (well under block limit of 30M)
|
|
- All gas was consumed, suggesting revert
|
|
|
|
3. **NOT an Account Permission Issue**
|
|
- `permissions-accounts.toml` is empty (all accounts allowed)
|
|
- Deployer has sufficient balance (999M+ ETH)
|
|
|
|
4. **Possible Causes**
|
|
- Network-level restriction on contract creation
|
|
- RPC node configuration issue
|
|
- Network state corruption
|
|
- Validator-level restrictions
|
|
|
|
---
|
|
|
|
## RPC Node Configuration
|
|
|
|
### RPC Node Types
|
|
|
|
1. **Core RPC** (192.168.11.250)
|
|
- **Config**: `config-rpc-core.toml`
|
|
- **Account Permissioning**: May be enabled
|
|
- **APIs**: Full access (ETH, NET, WEB3, ADMIN, DEBUG, TXPOOL)
|
|
|
|
2. **Permissioned RPC** (192.168.11.251)
|
|
- **Config**: `config-rpc-perm.toml`
|
|
- **Account Permissioning**: ✅ Enabled
|
|
- **APIs**: ETH, NET, WEB3, TXPOOL, QBFT, ADMIN
|
|
|
|
3. **Public RPC** (192.168.11.252)
|
|
- **Config**: `config-rpc-public.toml`
|
|
- **Account Permissioning**: May be enabled
|
|
- **APIs**: Limited (read-only)
|
|
|
|
### Current RPC Endpoint
|
|
- **URL**: `http://192.168.11.250:8545`
|
|
- **Type**: Core RPC
|
|
- **Account Permissioning**: Unknown (need to verify)
|
|
|
|
---
|
|
|
|
## Recommendations
|
|
|
|
### Immediate Actions
|
|
|
|
1. **Verify RPC Node Configuration**
|
|
```bash
|
|
# Check if account permissioning is enabled on RPC node
|
|
# Verify permissions-accounts.toml is empty or includes deployer
|
|
```
|
|
|
|
2. **Check Network-Level Restrictions**
|
|
- Verify if contract creation is restricted at validator level
|
|
- Check network genesis for contract creation restrictions
|
|
- Review Besu logs for deployment errors
|
|
|
|
3. **Test with Different RPC Endpoint**
|
|
- Try permissioned RPC (192.168.11.251)
|
|
- Try public RPC (192.168.11.252)
|
|
- Compare results
|
|
|
|
4. **Contact Network Administrators**
|
|
- Verify if contract creation requires special permissions
|
|
- Check if deployer account needs whitelisting
|
|
- Review network policies
|
|
|
|
### Long-Term Solutions
|
|
|
|
1. **Add Deployer to Account Allowlist**
|
|
- If account permissioning is enabled, add deployer address
|
|
- Update `permissions-accounts.toml` on all RPC nodes
|
|
|
|
2. **Verify Network Health**
|
|
- Check if network is fully operational
|
|
- Verify validators are functioning correctly
|
|
- Review network logs for errors
|
|
|
|
3. **Alternative Deployment Methods**
|
|
- Use Remix IDE with network admin access
|
|
- Deploy via validator node directly
|
|
- Request network administrator to deploy
|
|
|
|
---
|
|
|
|
## Conclusion
|
|
|
|
**The network does NOT require explicit account-level permissions for contract creation** (based on empty `permissions-accounts.toml`), but **ALL contract deployments are failing**, suggesting:
|
|
|
|
1. Network-level restriction on contract creation
|
|
2. RPC node configuration issue
|
|
3. Network state or validator issue
|
|
|
|
**Next Steps**: Verify RPC node configuration and contact network administrators to resolve the contract creation restriction.
|
|
|
|
---
|
|
|
|
**Last Updated**: 2025-01-12
|