fix(blockchain): modify location and error handling of forkchoiceUpdated engine API calls

[shotes]

This PR is to resolve issue #2405

There are several fixes in here:

• call NotifyForkchoiceUpdate immediately after VerifyAndNotifyNewPayload. This validates that the EL is willing, able, and DOES, update the head of the chain to the proposed payload. This is the primary fix and resolves handling around the ACCEPTED status. This also enforces that errors in the forkchoiceUpdated propagate to consensus and aren't ignored.
• Fix a bug where an optimistic builder could send a forkchoice update that would attempt to un-finalize a block under one the following conditions (both of these conditions were bugs before the modifications in this PR with the immediate forkchoiceUpdates, but become much easier to accidentally happen with the new changes):
  1. A forkchoice update is sent at height B to set X as the final block and Y as the head. After sending this forkchoice update (in FinalizeBlock), the round does not reach consensus for some reason. Then the optimistic builder also fails a proposal that triggers an optimistic rebuild in rebuildPayloadForRejectedBlock(). This will attempt to set W (the block before X) as the final block, while setting X as the head in order to rebuild a block on X.
  2. The exact same scenario as 1, except instead of rebuilding optimistically, the proposer is attempting to grab an optimistic build, doesn't find one, and then requests a synchronous build via RequestPayloadSync(), which would result in the same issue.

Edit: my concerns about 1 and 2 are incorrect. In the live codebase (not this PR), fork choice updates are only sent in FinalizeBlock, and those block hashes are never to be changed, even if FinalizeBlock is called multiple times.

[codecov]

Codecov Report

Attention: Patch coverage is 0% with 26 lines in your changes missing coverage. Please review.

Project coverage is 27.11%. Comparing base (419cd66) to head (bf2fdc0).

Files with missing lines	Patch %	Lines
state-transition/core/state_processor_payload.go	0.00%	19 Missing ⚠️
beacon/blockchain/payload.go	0.00%	3 Missing ⚠️
execution/engine/engine.go	0.00%	2 Missing ⚠️
beacon/validator/block_builder.go	0.00%	1 Missing ⚠️
state-transition/core/state_processor.go	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2394      +/-   ##
==========================================
+ Coverage   27.08%   27.11%   +0.02%     
==========================================
  Files         351      350       -1     
  Lines       15543    15528      -15     
  Branches       20       20              
==========================================
  Hits         4210     4210              
+ Misses      11130    11115      -15     
  Partials      203      203              

Files with missing lines	Coverage Δ
beacon/blockchain/finalize_block.go	0.00% <ø> (ø)
beacon/validator/block_builder.go	0.00% <0.00%> (ø)
state-transition/core/state_processor.go	0.00% <0.00%> (ø)
execution/engine/engine.go	0.00% <0.00%> (ø)
beacon/blockchain/payload.go	0.00% <0.00%> (ø)
state-transition/core/state_processor_payload.go	0.00% <0.00%> (ø)

[shotes]

ErrAcceptedPayloadStatus does not get returned by notifyForkchoiceUpdated engine API calls.

[shotes]

If the block is syncing, we cannot verify it. This change requires more thought. How does this effect a new node syncing to the chain? Will this break that?

[shotes]

After thinking about this more, I think this is right. Please tell me why this is wrong.

• If the EL is syncing, we cannot verify the block. Therefore we should not give it the OK in a proposal.
• If we are a simple node catching up to the network, replaying blocks, then FinalizeBlock will be executed sequentially, guaranteeing that the EL always has the previous block. Therefore it should never be possible to get the SYNCING status.
• In fact, it should be theoretically impossible for this status to happen, as we now ALWAYS send the payload via newPayload right before the forkchoiceUpdated. So it should not be possible for the EL to not have the previous block.

[abi87]

https://github.com/cometbft/cometbft/blob/main/docs/references/rfc/rfc-105-non-det-process-proposal.md

[rezbera]

If the block is syncing, we cannot verify it. This change requires more thought. How does this effect a new node syncing to the chain? Will this break that?

We have had situations where the EL cannot find peers, and as such is stuck in a syncing state. Previously, consensus would continue but now it will error out. If we introduce this, we need to have some sort of indefinite looping that waits until the EL is synced.

[rezbera]

If we are a simple node catching up to the network, replaying blocks, then FinalizeBlock will be executed sequentially, guaranteeing that the EL always has the previous block. Therefore it should never be possible to get the SYNCING status.

Theoretically this is the case but we observed that when syncing full nodes without EL peers, it was returning "SYNCING" status - something to investigate.

[rezbera]

This bubbles up to the s.stateProcessor.Transition call which is also called in ProcessProposal.

Previously we would only set the FCU head in the EL after FinalizeBlock as we confirmed with Informal that this was never going to revert.

Now it seems possible that the "head", i.e. "latest" tag could revert given that we are setting it before FinalizeBlock. This would require that anyone waiting for finality must wait for the "finalized" tag in the EL which is friction we would have to discuss with DX

[calbera]

agree with removal here. this was useless with the comment being inconsistent