fix(cardano): inject Plutus POSIXTime in milliseconds for mempool validation

[scarmuega]

Summary

Phase-2 script-context evaluation in the mempool (evaluate_tx in crates/cardano/src/validate.rs) built pallas' SlotConfig directly from ChainSummary values, which are stored in seconds (the Ouroboros era-summary convention). Pallas' SlotConfig expects milliseconds and does no scaling of its own:

// pallas-validate/src/phase2/script_context.rs
let ms_after_begin = (slot - sc.zero_slot) * sc.slot_length;
sc.zero_time + ms_after_begin   // units == input units, no *1000

As a result the POSIXTime exposed in txInfoValidRange was 1000× too small. Any Plutus script that inspects the validity range (deadlines, time-locks) would mis-validate transactions in the mempool.

Root cause

ChainSummary/EraSummary keep slot_length and timestamp in seconds (forks.rs divides slot duration by 1000; start.timestamp comes from chrono::DateTime::timestamp(), Unix seconds). Every other consumer already converts at the boundary — e.g. the gRPC era-summary path does boundary.timestamp.saturating_mul(1000) (src/serve/grpc/*/query.rs:702). The mempool validation path was the one site that fed seconds straight into pallas' ms-based SlotConfig.

Fix

The mismatch is an impedance boundary between two libraries with different unit conventions (dolos = seconds, pallas Plutus = milliseconds). Pallas is correct as-is — its contract matches upstream cardano-ledger's SlotConfig — so the conversion belongs on the dolos side, at the seam.

• Add ChainSummary::to_pallas_slot_config(), which converts both slot_length and zero_time from seconds to milliseconds in one named place, so no future call site has to remember the unit mismatch.
• Use it from evaluate_tx.

Testing

• New unit test slot_config_is_in_milliseconds using mainnet Shelley values — the expected output (slot_length: 1000, zero_slot: 4492800, zero_time: 1596059091000) exactly matches pallas' documented mainnet SlotConfig::default().
• cargo clippy -p dolos-cardano clean; cargo build --bin dolos clean.

🤖 Generated with Claude Code

Summary by CodeRabbit

• Refactor
  • Streamlined internal slot configuration handling by consolidating time conversion logic for improved code maintainability and consistency.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 5d86826d-f9f8-460e-aa3e-8c14873f2391

📥 Commits

Reviewing files that changed from the base of the PR and between ea7960a and ad69e07.

📒 Files selected for processing (2)

• crates/cardano/src/eras.rs
• crates/cardano/src/validate.rs

---

📝 Walkthrough

Walkthrough

A MS_PER_SECOND constant and ChainSummary::to_pallas_slot_config() method are added to eras.rs, encapsulating the seconds-to-milliseconds conversion for slot_length and zero_time. In validate.rs, the inline SlotConfig struct literal in evaluate_tx is replaced with a call to this new helper.

Changes

SlotConfig Unit Conversion Helper

Layer / File(s)	Summary
MS_PER_SECOND constant and to_pallas_slot_config() method crates/cardano/src/eras.rs	Introduces MS_PER_SECOND = 1000 and ChainSummary::to_pallas_slot_config(), which builds a Pallas SlotConfig by scaling the edge era's slot_length and timestamp from seconds to milliseconds; a unit test verifies the millisecond output for both fields and the unchanged zero_slot.
evaluate_tx callsite update crates/cardano/src/validate.rs	Replaces the inline SlotConfig { slot_length, zero_slot, zero_time } construction with eras.to_pallas_slot_config() and adds comments documenting the unit conversion.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐇 A millisecond matters, oh yes it's true,
The slots were in seconds, now Pallas wants two —
A thousand-fold hop, with a helper so neat,
No more inline math cluttering the beat.
The rabbit approves: clean code, clean feat! 🕐

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: fixing Plutus POSIXTime unit conversion from seconds to milliseconds for mempool validation.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/mempool-script-context-posixtime-ms

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}