-
Notifications
You must be signed in to change notification settings - Fork 28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Make voter electing staisfy finality #123
Commits on Jul 2, 2020
-
Since the light client work introduced in v0.33 it appears full nodes are no longer fully verifying commit signatures during block execution - they stop after +2/3. See in VerifyCommit: https://github.com/tendermint/tendermint/blob/0c7fd316eb006c0afc13996c00ac8bde1078b32c/types/validator_set.go#L700-L703 This means proposers can propose blocks that contain valid +2/3 signatures and then the rest of the signatures can be whatever they want. They can claim that all the other validators signed just by including a CommitSig with arbitrary signature data. While this doesn't seem to impact safety of Tendermint per se, it means that Commits may contain a lot of invalid data. This is already true of blocks, since they can include invalid txs filled with garbage, but in that case the application knows they they are invalid and can punish the proposer. But since applications dont verify commit signatures directly (they trust tendermint to do that), they won't be able to detect it. This can impact incentivization logic in the application that depends on the LastCommitInfo sent in BeginBlock, which includes which validators signed. For instance, Gaia incentivizes proposers with a bonus for including more than +2/3 of the signatures. But a proposer can now claim that bonus just by including arbitrary data for the final -1/3 of validators without actually waiting for their signatures. There may be other tricks that can be played because of this. In general, the full node should be a fully verifying machine. While it's true that the light client can avoid verifying all signatures by stopping after +2/3, the full node can not. Thus the light client and full node should use distinct VerifyCommit functions if one is going to stop after +2/3 or otherwise perform less validation (for instance light clients can also skip verifying votes for nil while full nodes can not). See a commit with a bad signature that verifies here: 56367fd. From what I can tell, Tendermint will go on to think this commit is valid and forward this data to the app, so the app will think the second validator actually signed when it clearly did not.
Configuration menu - View commit details
-
Copy full SHA for 5e52a6e - Browse repository at this point
Copy the full SHA 5e52a6eView commit details -
consensus: Do not allow signatures for a wrong block in commits
Closes #4926 The dump consensus state had this: "last_commit": { "votes": [ "Vote{0:04CBBF43CA3E 385085/00/2(Precommit) 1B73DA9FC4C8 42C97B86D89D @ 2020-05-27T06:46:51.042392895Z}", "Vote{1:055799E028FA 385085/00/2(Precommit) 652B08AD61EA 0D507D7FA3AB @ 2020-06-28T04:57:29.20793209Z}", "Vote{2:056024CFA910 385085/00/2(Precommit) 652B08AD61EA C8E95532A4C3 @ 2020-06-28T04:57:29.452696998Z}", "Vote{3:0741C95814DA 385085/00/2(Precommit) 652B08AD61EA 36D567615F7C @ 2020-06-28T04:57:29.279788593Z}", Note there's a precommit in there from the first val from May (2020-05-27) while the rest are from today (2020-06-28). It suggests there's a validator from an old instance of the network at this height (they're using the same chain-id!). Obviously a single bad validator shouldn't be an issue. But the Commit refactor work introduced a bug. When we propose a block, we get the block.LastCommit by calling MakeCommit on the set of precommits we saw for the last height. This set may include precommits for a different block, and hence the block.LastCommit we propose may include precommits that aren't actually for the last block (but of course +2/3 will be). Before v0.33, we just skipped over these precommits during verification. But in v0.33, we expect all signatures for a blockID to be for the same block ID! Thus we end up proposing a block that we can't verify.
Configuration menu - View commit details
-
Copy full SHA for 8ccfdb9 - Browse repository at this point
Copy the full SHA 8ccfdb9View commit details -
Configuration menu - View commit details
-
Copy full SHA for cefeab0 - Browse repository at this point
Copy the full SHA cefeab0View commit details -
Configuration menu - View commit details
-
Copy full SHA for 606d0a8 - Browse repository at this point
Copy the full SHA 606d0a8View commit details
Commits on Jul 30, 2020
-
Configuration menu - View commit details
-
Copy full SHA for 52d8794 - Browse repository at this point
Copy the full SHA 52d8794View commit details
Commits on Aug 4, 2020
-
Merge pull request #112 from line/apply_v0.33.6
Apply tendermint v0.33.6
Configuration menu - View commit details
-
Copy full SHA for 0f9516a - Browse repository at this point
Copy the full SHA 0f9516aView commit details
Commits on Aug 5, 2020
-
Configuration menu - View commit details
-
Copy full SHA for 9a75993 - Browse repository at this point
Copy the full SHA 9a75993View commit details
Commits on Aug 7, 2020
-
Configuration menu - View commit details
-
Copy full SHA for 6994d02 - Browse repository at this point
Copy the full SHA 6994d02View commit details
Commits on Aug 13, 2020
-
Configuration menu - View commit details
-
Copy full SHA for c6e66bc - Browse repository at this point
Copy the full SHA c6e66bcView commit details
Commits on Aug 17, 2020
-
Merge pull request #101 from line/feature/signature_aggregation
Introduce composite key to delegate features to each function key
Configuration menu - View commit details
-
Copy full SHA for 40a2944 - Browse repository at this point
Copy the full SHA 40a2944View commit details
Commits on Aug 18, 2020
-
Configuration menu - View commit details
-
Copy full SHA for f869e87 - Browse repository at this point
Copy the full SHA f869e87View commit details
Commits on Aug 20, 2020
-
Merge pull request #116 from line/fix/missing_publickey_type
add public-key type in sending ValidatorUpdate Tx
Configuration menu - View commit details
-
Copy full SHA for 48cc715 - Browse repository at this point
Copy the full SHA 48cc715View commit details
Commits on Aug 28, 2020
-
* Add a script to generate new validator and add new validator to the chain * Fix: `add_validator.sh` script error * Add `Validators` in metric of consensus. * Add the setting of `addr_book_strict` of config change to false * Add `ValidatorsPower` in consensus metrics
Configuration menu - View commit details
-
Copy full SHA for 5db66a2 - Browse repository at this point
Copy the full SHA 5db66a2View commit details
Commits on Sep 24, 2020
-
feat: Make voting satisfy finality
kukugi authored and user committedSep 24, 2020 Configuration menu - View commit details
-
Copy full SHA for 7f63ef9 - Browse repository at this point
Copy the full SHA 7f63ef9View commit details -
Woosang Son authored and user committed
Sep 24, 2020 Configuration menu - View commit details
-
Copy full SHA for 01eeb48 - Browse repository at this point
Copy the full SHA 01eeb48View commit details -
fix: Make voter sorting working well
kukugi authored and user committedSep 24, 2020 Configuration menu - View commit details
-
Copy full SHA for 16736b8 - Browse repository at this point
Copy the full SHA 16736b8View commit details -
Get specific revision of mcl, bls library
kukugi authored and user committedSep 24, 2020 Configuration menu - View commit details
-
Copy full SHA for 88e29ce - Browse repository at this point
Copy the full SHA 88e29ceView commit details
Commits on Sep 29, 2020
-
Remove test case take too much time
user authored and kukugi committedSep 29, 2020 Configuration menu - View commit details
-
Copy full SHA for ead1476 - Browse repository at this point
Copy the full SHA ead1476View commit details -
Move sampling logic to types package
kukugi committedSep 29, 2020 Configuration menu - View commit details
-
Copy full SHA for 200aa1d - Browse repository at this point
Copy the full SHA 200aa1dView commit details