fix: Make cached GVR thread-safe

CHANGELOG.md

@@ -4,6 +4,7 @@
 
 ### Bugs fixed
 - Update postgresql to fix CVE-2024-1597
+- Fix cached gvr to be thread-safe during first boot. [#978](https://github.com/Consensys/web3signer/issues/978)
 
 ## 24.2.0
 

slashing-protection/src/main/java/tech/pegasys/web3signer/slashingprotection/validator/GenesisValidatorRootValidator.java

@@ -18,7 +18,10 @@
 
 import java.util.Objects;
 import java.util.Optional;
+import java.util.concurrent.ExecutionException;
 
+import com.google.common.cache.Cache;
+import com.google.common.cache.CacheBuilder;
 import net.jodah.failsafe.Failsafe;
 import net.jodah.failsafe.FailsafeExecutor;
 import net.jodah.failsafe.RetryPolicy;
@@ -36,7 +39,7 @@ public class GenesisValidatorRootValidator {
   private final MetadataDao metadataDao;
   private final FailsafeExecutor<Object> failsafeExecutor;
 
-  private Bytes32 cachedGenesisValidatorRoot;
+  private final Cache<String, Bytes32> gvrCache = CacheBuilder.newBuilder().maximumSize(1).build();
 
   public GenesisValidatorRootValidator(final Jdbi jdbi, final MetadataDao metadataDao) {
     this.jdbi = jdbi;
@@ -46,16 +49,9 @@ public GenesisValidatorRootValidator(final Jdbi jdbi, final MetadataDao metadata
   }
 
   public boolean checkGenesisValidatorsRootAndInsertIfEmpty(final Bytes32 genesisValidatorsRoot) {
-    if (cachedGenesisValidatorRoot == null) {
-      cachedGenesisValidatorRoot =
-          failsafeExecutor.get(
-              () ->
-                  jdbi.inTransaction(
-                      READ_COMMITTED,
-                      handle -> findAndInsertIfNotExists(handle, genesisValidatorsRoot)));
-    }
+    var cachedGVR = insertAndCacheGVR(genesisValidatorsRoot);
 
-    if (Objects.equals(cachedGenesisValidatorRoot, genesisValidatorsRoot)) {
+    if (Objects.equals(cachedGVR, genesisValidatorsRoot)) {
       return true;
     } else {
       LOG.warn(
@@ -65,6 +61,23 @@ public boolean checkGenesisValidatorsRootAndInsertIfEmpty(final Bytes32 genesisV
     }
   }
 
+  private Bytes32 insertAndCacheGVR(final Bytes32 genesisValidatorsRoot) {
+    try {
+      return gvrCache.get(
+          "gvr",
+          () -> {
+            LOG.debug("Cached GVR not found, fetching from database");
+            return failsafeExecutor.get(
+                () ->
+                    jdbi.inTransaction(
+                        READ_COMMITTED,
+                        handle -> findAndInsertIfNotExists(handle, genesisValidatorsRoot)));
+          });
+    } catch (final ExecutionException e) {
+      throw new RuntimeException(e);
+    }
+  }
+
   public boolean genesisValidatorRootExists() {
     return failsafeExecutor.get(
         () ->

slashing-protection/src/test/java/tech/pegasys/web3signer/slashingprotection/validator/GenesisValidatorRootValidatorTest.java

@@ -12,6 +12,7 @@
  */
 package tech.pegasys.web3signer.slashingprotection.validator;
 
+import static java.util.concurrent.TimeUnit.MINUTES;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.ArgumentMatchers.any;
@@ -23,6 +24,9 @@
 
 import tech.pegasys.web3signer.slashingprotection.dao.MetadataDao;
 
+import java.util.concurrent.Executors;
+import java.util.concurrent.atomic.AtomicBoolean;
+
 import db.DatabaseSetupExtension;
 import org.apache.tuweni.bytes.Bytes;
 import org.apache.tuweni.bytes.Bytes32;
@@ -64,6 +68,36 @@ void verifyCachedGVRIsUsedForNewGVR(final Jdbi jdbi) {
     verify(metadataDao, times(1)).insertGenesisValidatorsRoot(any(), eq(gvr));
   }
 
+  @Test
+  void verifyCachedGVRReturnsTrueFromMultipleThreads(final Jdbi jdbi) throws InterruptedException {
+    var gvrValidator = new GenesisValidatorRootValidator(jdbi, metadataDao);
+    var gvr = Bytes32.leftPad(Bytes.of(3));
+
+    var numberOfThreads = 10;
+    var executorService = Executors.newFixedThreadPool(numberOfThreads);
+    var allCachedGVRMatches = new AtomicBoolean(true);
+    for (int i = 0; i < numberOfThreads; i++) {
+      executorService.submit(
+          () -> {
+            boolean gvrMatches = gvrValidator.checkGenesisValidatorsRootAndInsertIfEmpty(gvr);
+            if (!gvrMatches) {
+              allCachedGVRMatches.set(false);
+            }
+          });
+    }
+
+    // Shutdown the executor service, no new tasks will be accepted
+    executorService.shutdown();
+
+    // wait for all threads to finish
+    var successfulTerminate = executorService.awaitTermination(1, MINUTES);
+    assertThat(successfulTerminate).isTrue();
+
+    assertThat(allCachedGVRMatches).isTrue();
+    verify(metadataDao, times(1)).findGenesisValidatorsRoot(any());
+    verify(metadataDao, times(1)).insertGenesisValidatorsRoot(any(), any());
+  }
+
   @Test
   void verifyCachedGVRIsUsedForExistingGVR(final Jdbi jdbi, final Handle handle) {
     final GenesisValidatorRootValidator gvrValidator =