feat: F3 e2e lifecycle

[karlem]

Closes #1441 and #1442

---

Note

High Risk
High risk because it changes consensus-critical top-down finality initialization/execution paths, updates on-chain actor state schema for the F3 light client, and alters genesis creation to pull/derive F3 parameters from a parent chain.

Overview
Adds an end-to-end F3 proof-based top-down finality path: new app::service::topdown bootstraps either legacy vote-based topdown or F3 (with persistent proof cache, proof-service background task, and retry-on-cache-miss execution config), and node startup is refactored to use this pre/post-App::new() initialization.

Reworks the f3-light-client actor to store the power table as a HAMT rooted by power_table_root, track processed_instance_id with monotonicity checks, and materialize the table on GetState; updates associated types/tests and adds shared fendermint_vm_evm_event_utils for decoding EVM event proofs.

Extends genesis-from-parent to fetch/validate an F3 certificate, derive base_epoch and its ETH block hash, parse/sort power using big-int bytes, and adds configurable F3 proof-service + execution retry settings in fendermint_app_settings (with updated example config).

^{Written by Cursor Bugbot for commit 682a9e8. This will update automatically on new commits. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.}

[sergefdrv]

We should be able to initialize the cursor from the base tipset's storage commitment (used only as parent here), which is the same as the last tipset in the previous cert (used as child there). WDYT?

[sergefdrv]

As a workaround, maybe we could fetch parent tipsets (which are not very useful anyway) right in generate_proof_for_epoch, call it for the base tipset, get the nonces from the resulting proof bundle and discard the proof. Perhaps, we can do this only once and then maintain the cursor in ProofGeneratorService struct.

[karlem]

I think the best way here is to store it on L2 ledger...

[sergefdrv]

I think it should work, so we can test it against calibration and finally get merged 🚀 Good job! 💪

[sergefdrv]

Maybe verify_sequence_against_storage_next could also require the nonce rather than taking it wrapped in Option.

[sergefdrv]

we might want to keep this

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Bugbot Autofix prepared a fix for the issue found in the latest run.

• ✅ Fixed: Power table canonical ordering gets lost
  • Fixed get_state to sort power table by canonical F3 ordering (power descending, then participant id ascending) instead of sorting by id only, ensuring consistency with F3 certificates and power-table CIDs.

Or push these changes by commenting:

@cursor push 7d00f19e5a

Preview (7d00f19e5a)

diff --git a/fendermint/actors/f3-light-client/src/lib.rs b/fendermint/actors/f3-light-client/src/lib.rs
--- a/fendermint/actors/f3-light-client/src/lib.rs
+++ b/fendermint/actors/f3-light-client/src/lib.rs
@@ -6,6 +6,7 @@
 use fil_actors_runtime::builtin::singletons::SYSTEM_ACTOR_ADDR;
 use fil_actors_runtime::runtime::{ActorCode, Runtime};
 use fil_actors_runtime::{actor_dispatch, actor_error, ActorError};
+use fvm_shared::bigint::{BigInt, Sign};
 use fvm_shared::METHOD_CONSTRUCTOR;
 use num_derive::FromPrimitive;
 
@@ -103,7 +104,13 @@
                 });
                 Ok(())
             })?;
-            out.sort_by_key(|e| e.id);
+            // Sort by canonical F3 ordering: power descending, then participant id ascending.
+            // This matches the ordering used in F3 certificates and power-table CIDs.
+            out.sort_by(|a, b| {
+                let pa = BigInt::from_bytes_be(Sign::Plus, &a.power_be);
+                let pb = BigInt::from_bytes_be(Sign::Plus, &b.power_be);
+                pb.cmp(&pa).then_with(|| a.id.cmp(&b.id))
+            });
             out
         };
 
@@ -137,8 +144,18 @@
     use fil_actors_runtime::SYSTEM_ACTOR_ADDR;
     use fvm_ipld_encoding::ipld_block::IpldBlock;
     use fvm_shared::address::Address;
+    use fvm_shared::bigint::{BigInt, Sign};
     use fvm_shared::error::ExitCode;
 
+    /// Helper function to sort power entries to canonical F3 ordering
+    fn sort_power_entries_canonical(entries: &mut Vec<PowerEntry>) {
+        entries.sort_by(|a, b| {
+            let pa = BigInt::from_bytes_be(Sign::Plus, &a.power_be);
+            let pb = BigInt::from_bytes_be(Sign::Plus, &b.power_be);
+            pb.cmp(&pa).then_with(|| a.id.cmp(&b.id))
+        });
+    }
+
     /// Helper function to create test power entries
     fn create_test_power_entries() -> Vec<PowerEntry> {
         fn u64_to_power_be(x: u64) -> Vec<u8> {
@@ -321,7 +338,9 @@
 
         let response = result.deserialize::<GetStateResponse>().unwrap();
         assert_eq!(response.processed_instance_id, 42);
-        assert_eq!(response.power_table, power_entries);
+        let mut expected = power_entries;
+        sort_power_entries_canonical(&mut expected);
+        assert_eq!(response.power_table, expected);
     }
 
     #[test]
@@ -384,7 +403,9 @@
             initial.power_table_root, updated.power_table_root,
             "power table root CID should change when table changes"
         );
-        assert_eq!(updated.power_table, new_power_table);
+        let mut expected = new_power_table;
+        sort_power_entries_canonical(&mut expected);
+        assert_eq!(updated.power_table, expected);
     }
 
     #[test]

_{This Bugbot Autofix run was free. To enable autofix for future PRs, go to the Cursor dashboard.}

[cursor]

Power table canonical ordering gets lost

High Severity

get_state now sorts power_table by validator id, but F3 power tables are canonicalized by power descending then id ascending. Passing this reordered table into power_entries_from_actor changes table semantics and can break certificate/proof progression tied to canonical ordering.

Additional Locations (1)

• fendermint/app/src/service/topdown.rs#L483-L484

 

[sergefdrv]

maybe keep it?

[sergefdrv]

sure?

[sergefdrv]

Oh, this may cause starvation on the proposer side...

[sergefdrv]

sure?

[sergefdrv]

sure?

[sergefdrv]

Looks good

[cursor]

Cursor Bugbot has reviewed your changes and found 2 potential issues.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

[cursor]

Debug-level logging promoted to info in prepare_proposal

Low Severity

Several tracing::info! calls were added to prepare_proposal ("PrepareProposal start", "read_only_view ready", "message preparation finished", "response ready") that fire on every single block proposal. Since prepare_proposal runs on every block, these produce excessive noise at info level in production. They look like development instrumentation that was left at info! instead of being downgraded to debug! or trace!.