R4R: Fix Cliff Validator Update Bugs

[cwgoes]

• Implement updateCliffValidator which is called via UpdateValidator when the power of a validator increases.
• Updated and added to the original tests @cwgoes wrote to test the initial bugs.
• Update some comments

closes: #1857

---

• Linked to github-issue with discussion and accepted design
• Updated all relevant documentation (docs/)
• Updated all relevant code comments
• Wrote tests
• Added entries in PENDING.md that include links to the relevant issue or PR that most accurately describes the change.
• Updated cmd/gaia and examples/

---

For Admin Use:

• Added appropriate labels to PR (ex. wip, ready-for-review, docs)
• Reviewers Assigned
• Squashed all commits, uses message "Merge pull request #XYZ: [title]" (coding standards)

[rigelrozanski]

@cwgoes are you working on this more or can @alexanderbez / myself work form here?

[cwgoes]

@cwgoes are you working on this more or can @alexanderbez / myself work form here?

Not presently - by all means take over this PR.

[codecov]

Codecov Report

Merging #1858 into develop will increase coverage by 0.04%.
The diff coverage is 77.77%.

@@             Coverage Diff             @@
##           develop    #1858      +/-   ##
===========================================
+ Coverage    64.82%   64.87%   +0.04%     
===========================================
  Files          114      114              
  Lines         6804     6836      +32     
===========================================
+ Hits          4411     4435      +24     
- Misses        2114     2119       +5     
- Partials       279      282       +3

[alexanderbez]

@cwgoes since this was originally your PR, I cannot add you as a reviewer, but please still feel free to review.

Also, still getting acquainted with the staking code/logic, so lmk if there is a more immediate and efficient solution to what I have implemented 👍

/cc @rigelrozanski

[ValarDragon]

from the godoc of k.updateCliffVlaidator, it seems that we should have the cliffPower != nil check in there?

[alexanderbez]

Not sure I totally agree, I think have the explicit check here makes the context more clear opposed to always calling updateCliffValidator.

[ValarDragon]

I don't understand this for loop. Why are we breaking when offset == 1. It seems to me that the only code path here is offset incrementing after the first iteration, and this for loop breaking. (Which means it shouldn't be a loop)

[alexanderbez]

I originally had it with an offset of two. In which case I needed the loop, but then discovered that would not work. I glossed over the fact that I no longer need the loop.

[cwgoes]

Hmm I don't think this is the correct logic. The power store includes (a) many validator candidates which are not validators (not in the top hundred by stake) and (b) revoked validators, neither of which should be set as the cliff validator. The cliff validator is simply the "lowest-ranked bonded validator by stake" - but this logic reads the "lowest-ranked validator candidate", which is not necessarily the same.

For the case of "same cliff validator, increased power" this rough logic is fine. For the case of "cliff validator increased power, so now no longer cliff validator" I think we need to seek from the old cliff validator power store key and find the next-highest stake validator (which might become the cliff validator).

[alexanderbez]

I see. It did not occur to me that the power store held those validators as well. I'll need to refactor this and add test cases where we also have revoked validators and candidates which are not validators.

[cwgoes]

I can't "request changes" on my own PR (apparently), but see comment - also, we should extend the testcases to cover the situation described in the comment.

[jaekwon]

I like to call this, "maybeUpdateCliffValidator", which implies that it only happens conditionally.
The comment could be better, as it does more than determine the conditional.

[alexanderbez]

ehhhh I'm not totally sure about maybeUpdateCliffValidator, but I will certainly update the godoc 👍

[rigelrozanski]

Not of the idea of putting maybe in the func name. Something we've used for a similar idea for the sequence number is Ensure, -> I'd be okay with something more like EnsureCliffValidator or UpdateEnsureCliffValidator or UpdateOrEnsureCliffValidator

Use of this type of language for func naming would be cool to document in the Tenderming/coding - opened an issue here tendermint/coding#71

[alexanderbez]

Agreed more appropriate nomenclature could be defined and standardized, but I'm not convinced Ensure* is it?

[cwgoes]

ensure implies a post-condition for the function, which is accurate

[cwgoes]

(then we should comment explaining what the postcondition is)

[alexanderbez]

At first it seemed to me, ensure implies something must be done (in this, now old, case would imply that cliff must be updated, even though it's possible for it not to).

Now that I think about it more, it kinda makes sense.

[cwgoes]

@alexanderbez Did we reach consensus on updating the name to ensureCliffValidator?

[rigelrozanski]

Why don't we just call this UpdateCliffValidator and move the code currently in this attempt function to the switch statement here:

if cliffPower != nil {
	cliffAddr := sdk.AccAddress(k.GetCliffValidator(ctx))
	if bytes.Equal(cliffAddr, affectedVal.Owner) {
		k.UpdateCliffValidator(ctx, validator)
	}
}

I bet there is an even nicer way to combine those if statements too

[alexanderbez]

I like this idea as well. I'll update.

[rigelrozanski]

better indentation:

func (k Keeper) UpdateBondedValidators(
    ctx sdk.Context, affectedValidator types.Validator) (
    updatedVal types.Validator, updated bool) {

[alexanderbez]

Tbh, I don't necessarily agree here because it's hard for me to immediately see the return values (and their potential names) due to the location of the opening parenthesis. (e.g. immediate glance seems to show it has no returns).

But this is your baby and I'd like to keep in-line with what you've written and the team's standards, so I can update it 😄

[cwgoes]

Why a loop and an offset - we should only need to scan one record?

[alexanderbez]

I believe Rige and I discussed to use an offset to be a bit cautious (offset should only be 1).

[alexanderbez]

I think it'll be cleaner w/o one. I'll remove it.

[cwgoes]

Good defensive coding!

[cwgoes]

We just need to update the power, right? I think setCliffValidator will unnecessarily re-set the cliff validator address.

[alexanderbez]

Correct! I suppose we can save a write, huh?

[cwgoes]

A few minor suggestions but otherwise LGTM.

[alexanderbez]

Addressed comments @cwgoes .

[cwgoes]

Can't approve my own PR, but LGTM. Left one minor comment, just a nit.

[cwgoes]

I still don't understand the point of a for loop with only one iteration, why do we need a loop structure at all?

[rigelrozanski]

Yeah ++ this comment we shouldn't have a loop it should just panic at the higher level if it would have reached the end of the loop

[alexanderbez]

Guys my brain was fried yesterday...sorry about this.

[rigelrozanski]

haha no worries (me too!) thanks for the updated

[alexanderbez]

Updated @cwgoes @rigelrozanski

[cwgoes]

I wonder if this might crash if the user is running only one validator. Not sure if that is a usecase we care about or not - but we could check it with params.MaxVals

[ValarDragon]

We probably want to support that for convenience in testing.

[alexanderbez]

This should not crash, but let me check.

[alexanderbez]

Yeah it works with one validator 👍

[ValarDragon]

Sweet! Lets merge this then!

[cwgoes]

@alexanderbez Did we reach consensus on updating the name to ensureCliffValidator?

[alexanderbez]

@cwgoes re ensureCliffValidator, I'm not totally sure because I removed the original conditional check out of the method. So I don't think it applies anymore?