Exceptions thrown in raw vault observers can cause critical issues

Description

If code observing raw vault updates throws an exception, a number of bad things can happen:

  • This might be triggered in a recordTransactions() call and roll back the transaction recording

  • If this happens within the finality flow, the states involved might end up spend on the notary, but unspent in the vaults of involved notes. This problem is currently apparent inside of FinalityFlow only on the node triggering FinalityFlow. ReceiveFinalityflow and FinalityHandler on peers nodes has already been handled.

  • The vault observer itself will unsubscribe if no error handler has been provided on subscription, potentially altering the behaviour of the node for subsequent (or concurrent) flows. Even worse, there won't be much of a notification of this altered behaviour. This part is being dealt with in

The behaviour is reproduced in a set of integration tests in node/src/integration-test/kotlin/net/corda/node/services/messaging/ExceptionsAndMessagingTests.kt on the branch `christians/test-finality-exceptions` on Corda Enterprise.

Assignee

Kyriakos Tharrouniatis

Reporter

Christian Sailer

Sprint

None

Priority

High

Engineering Teams

Kernel

Fix versions

Ported to...

None

Story Points / Dev Days

5

Build cut

None

Feature Team

Kernel Group
Configure