feat!: backport cryptographic equivocation to SDKv45 #1360
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* define msg to submit misbehaviour to provider implement msg handling logic e2e test msg handling logic * wip: get byzantine validators in misbehavioiur handling * add tx handler * format HandleConsumerMisbehaviour * add tx handler * add debugging stuff * Add misbehaviour handler * create message for consumer double voting evidence * add DRAFT double vote handler * Add cli cmd for submit consumer double voting * Add double-vote handler * add last update * fix jailing * pass first jailing integration test * format tests * doc * save * update e2e tests' * fix typo and improve docs * remove unwanted tm evidence protofile * fix typos * update submit-consumer-misbehaviour cli description * check that header1 and header2 have the same TrustedValidators * feat: add e2e tests for ICS misbehaviour (#1118) * remove unwanted changes * fix hermes config with assigned key * revert unwanted changes * revert local setup * remove log file * typo * update doc * update ICS misbehaviour test * update ICS misbehaviour test * revert mixed commits * add doc * lint * update to handle only equivocations * improve doc * update doc * update E2E tests comment * optimize signatures check * doc * update e2e tests * linter * remove todo * Feat: avoid race condition in ICS misbehaviour handling (#1148) * remove unwanted changes * fix hermes config with assigned key * revert unwanted changes * revert local setup * remove log file * typo * update doc * update ICS misbehaviour test * update ICS misbehaviour test * revert mixed commits * update ICS misbehaviour test * update ICS misbehaviour test * Add test for MsgSubmitConsumerMisbehaviour parsing * fix linter * save progress * add CheckMisbehaviourAndUpdateState * update integration tests * typo * remove e2e tests from another PRs * cleaning' * Update x/ccv/provider/keeper/misbehaviour.go Co-authored-by: Anca Zamfir <ancazamfir@users.noreply.github.com> * Update x/ccv/provider/keeper/misbehaviour.go Co-authored-by: Anca Zamfir <ancazamfir@users.noreply.github.com> * update integration tests * save * save * nits * remove todo * lint * Update x/ccv/provider/keeper/misbehaviour.go --------- Co-authored-by: Anca Zamfir <ancazamfir@users.noreply.github.com> Co-authored-by: Marius Poke <marius.poke@posteo.de> * Update x/ccv/provider/client/cli/tx.go Co-authored-by: Anca Zamfir <ancazamfir@users.noreply.github.com> * Update x/ccv/provider/client/cli/tx.go Co-authored-by: Anca Zamfir <ancazamfir@users.noreply.github.com> * add attributes to EventTypeSubmitConsumerMisbehaviour * Update x/ccv/provider/keeper/misbehaviour.go Co-authored-by: Anca Zamfir <ancazamfir@users.noreply.github.com> * Update x/ccv/provider/keeper/misbehaviour.go Co-authored-by: Anca Zamfir <ancazamfir@users.noreply.github.com> * apply review suggestions * fix docstring * Update x/ccv/provider/keeper/misbehaviour.go Co-authored-by: Anca Zamfir <ancazamfir@users.noreply.github.com> * fix link * apply review suggestions * update docstring --------- Co-authored-by: Anca Zamfir <ancazamfir@users.noreply.github.com> Co-authored-by: Marius Poke <marius.poke@posteo.de>
* update e2e tests * update the chain halt assertion
* create new endpoint for consumer double voting * add first draft handling logic * first iteration of double voting * draft first mem test * error handling * refactor * add unit test of double voting verification * remove evidence age checks * document * doc * protogen * reformat double voting handling * logger nit * nits * check evidence age duration * move verify double voting evidence to ut * fix nit * nits * fix e2e tests * improve double vote testing coverage * remove TODO * lint * add UT for JailAndTombstoneValidator * nits * nits * remove tombstoning and evidence age check * lint * typo * improve godoc
* fix double voting cli * fix bug double signing handler * godoc * nits * revert wrong push of lasts commits
…1254) * fix double voting cli * fix bug double signing handler * godoc * nits * lint * nit
…bleVoting` msg (#1264) * verify dv evidence using malicious validator pubkey in infraction block header * nits * nits
* fix double voting cli * add double-signing e2e test * refortmat e2e double voting test * godoc, revert unwanted changes * nit * verify dv evidence using malicious validator pubkey in infraction block header * save changes * fix hermes config * fist successful run * nit * nits * nits * doc and nits * lint * refactor * typo * change hermes docker image * nits * Update tests/e2e/steps.go Co-authored-by: Philip Offtermatt <57488781+p-offtermatt@users.noreply.github.com> * address PR comments * nits --------- Co-authored-by: Philip Offtermatt <57488781+p-offtermatt@users.noreply.github.com>
…1291) * feat!: provider proposal for changing reward denoms (#1280) * new provider prop type * add methods and tests for new prop, update docs * remove old tx, fix tests * e2e handling * fix command type * boilerplate * fix e2e tests * Update CHANGELOG.md * lint * validate denoms * Update proposal.go * rm msg string * fix tests * rm chain in change denom action * lint * test for invalid denom * events for both add and remove * Update proposal_test.go (cherry picked from commit 48a2186) # Conflicts: # CHANGELOG.md # app/provider/app.go # proto/interchain_security/ccv/provider/v1/provider.proto # proto/interchain_security/ccv/provider/v1/tx.proto # tests/e2e/actions.go # tests/integration/distribution.go # x/ccv/provider/client/cli/tx.go # x/ccv/provider/client/proposal_handler.go # x/ccv/provider/keeper/distribution.go # x/ccv/provider/keeper/distribution_test.go # x/ccv/provider/proposal_handler_test.go # x/ccv/provider/types/codec.go # x/ccv/provider/types/proposal.go # x/ccv/provider/types/provider.pb.go # x/ccv/provider/types/tx.pb.go * fix conflicts * fix rest handler * Update CHANGELOG.md * rm uneeded tx proto --------- Co-authored-by: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com>
…ics-misbehaviour-handling
#1275) Implementing the slashing functionality, as described in ADDR, on the provider chain.
sainoe
changed the title
sainoe
changed the title
insumity
reviewed
Oct 16, 2023
insumity
reviewed
Oct 16, 2023
insumity
reviewed
Oct 16, 2023
insumity
reviewed
Oct 16, 2023
insumity
reviewed
Oct 16, 2023
| // but does NOT update the light client state. | ||
| // Note that the IBC CheckMisbehaviourAndUpdateState method returns an error if the trusted consensus states are expired, | ||
| // see ibc-go/modules/light-clients/07-tendermint/types/misbehaviour_handle.go | ||
| _, err := clientState.CheckMisbehaviourAndUpdateState(ctx, k.cdc, clientStore, &misbehaviour) |
There was a problem hiding this comment.
I might be missing something in regards to light client attacks but I was wondering the following: At the end of the day, it would seem that a lunatic light client attack consists of having > 1/ 3 validators sign 2 conflicting blocks (i.e., with different BlockID). In other words, we still have a case of double voting here (i.e., someone provided 2 votes for different blocks). If that's true, then what is the difference in slashing those malicious validators here due to misbehaviour and not just slashing them in the double-voting case. In the general case, we do freeze the client but here we do not. So, why are we making a distinction between misbehaviour and double voting?
insumity
reviewed
Oct 16, 2023
| // but does NOT update the light client state. | ||
| // Note that the IBC CheckMisbehaviourAndUpdateState method returns an error if the trusted consensus states are expired, | ||
| // see ibc-go/modules/light-clients/07-tendermint/types/misbehaviour_handle.go | ||
| _, err := clientState.CheckMisbehaviourAndUpdateState(ctx, k.cdc, clientStore, &misbehaviour) |
There was a problem hiding this comment.
Ot seems that CheckMisbehaviourAndUpdateState under the hoods would end up calling checkTrustedHeader that checks:
consState.NextValidatorsHash __equal_to__ tvalHash
In other words, if MsgSubmitConsumerMisbehaviour for a light client attack provides a trusted height X and a new header height Y with Y > X + 1 this evidence would fail. Could this be something that we check in CheckMisbehaviour and stop verifying the evidence early if that's the case?
insumity
reviewed
Oct 16, 2023
insumity
reviewed
Oct 17, 2023
insumity
reviewed
Oct 17, 2023
insumity
reviewed
Oct 17, 2023
insumity
reviewed
Oct 17, 2023
insumity
reviewed
Oct 17, 2023
insumity
reviewed
Oct 17, 2023
insumity
approved these changes
Oct 17, 2023
There was a problem hiding this comment.
I focused my review on double_vote.go and misbehaviour.go. The security issues raised in #1340 have been fixed and for this I'm accepting. Thanks Simon!
Note that I did not revisit the tests part of this PR, proto file changes, tx.go and other code related to submitting the appropriate messages.
MSalopek
approved these changes
Oct 17, 2023
tbruyelle
reviewed
Nov 9, 2023
There was a problem hiding this comment.
At @sainoe's request, @giunatale and I reviewed the PR and it's all good for us. Personally I found it very well documented and implemented, impressive work 💪
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Closes: #1346
Author Checklist
All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.
I have...
!to the type prefix if state-machine breaking change (i.e., requires coordinated upgrade)CHANGELOG.mdReviewers Checklist
All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.
I have...
!in the type prefix if API or client breaking change