Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

refactor: adding CheckForMisbehaviour to 07-tendermint client #1163

Merged
merged 12 commits into from
Mar 28, 2022

Conversation

damiannolan
Copy link
Contributor

Description

  • Adds CheckForMisbehaviour to 07-tendermint

ref: #879 PR3


Before we can merge this PR, please make sure that all the following items have been
checked off. If any of the checklist items are not applicable, please leave them but
write a little note why.

  • Targeted PR against correct branch (see CONTRIBUTING.md)
  • Linked to Github issue with discussion and accepted design OR link to spec that describes this work.
  • Code follows the module structure standards.
  • Wrote unit and integration tests
  • Updated relevant documentation (docs/) or specification (x/<module>/spec/)
  • Added relevant godoc comments.
  • Added a relevant changelog entry to the Unreleased section in CHANGELOG.md
  • Re-reviewed Files changed in the Github PR explorer
  • Review Codecov Report in the comment section below once CI passes

@damiannolan
Copy link
Contributor Author

I think there is some more test scenarios that need to be covered from looking at misbehaviour_handle_test.go, but I wanted to share this so I know I'm moving in the right direction. I've updated the return sig from (bool, error) to only return a bool, and adapted the logic.
Just want to confirm logic is correct before moving forward with more test cases. cc. @colin-axner @seantking

Comment on lines 302 to 325
tmMisbehaviour := msg

// if heights are equal check that this is valid misbehaviour of a fork
// otherwise if heights are unequal check that this is valid misbehavior of BFT time violation
if tmMisbehaviour.Header1.GetHeight().EQ(tmMisbehaviour.Header2.GetHeight()) {
blockID1, err := tmtypes.BlockIDFromProto(&tmMisbehaviour.Header1.SignedHeader.Commit.BlockID)
if err != nil {
return false
}
blockID2, err := tmtypes.BlockIDFromProto(&tmMisbehaviour.Header2.SignedHeader.Commit.BlockID)
if err != nil {
return false
}

// Ensure that Commit Hashes are different
if !bytes.Equal(blockID1.Hash, blockID2.Hash) {
return true
}
} else {
// Header1 is at greater height than Header2, therefore Header1 time must be less than or equal to
// Header2 time in order to be valid misbehaviour (violation of monotonic time).
if tmMisbehaviour.Header1.SignedHeader.Header.Time.Before(tmMisbehaviour.Header2.SignedHeader.Header.Time) {
return true
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we can just return true here. I think this should be done in VerifyClientMessage. If the type is Misbehaviour it should be considered invalid if it isn't evidence of misbehaviour

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay, I get you! So if the type is indeed Misbehaviour then it should be validated as such in VerifyClientMessage and CheckForMisbehaviour can just directly return true for that type. So CheckForMisbehaviour should only check for time monotonicity of Header types as well as the previous consensus state checks, correct?

I can go ahead and remove this code and the tests for Misbehaviour types.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

correct! Does this API still make sense? It does seem kinda odd that developers need to know how these functions are used. But at the same time, I guess the perspective is "this is misbehaviour, thus I return true" and "this is a header, does it happen to be evidence of misbehaviour?"

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do agree, at first I thought it was slightly odd, it does require some thinking and prior knowledge that VerifyClientMessage should be called beforehand. But I guess it is a matter of perspective!
My only concern is that someone would use CheckForMisbehaviour with a malformed Misbehaviour type and freeze a client by mistake. But in reality I'm not sure how likely that is to happen, and the new APIs certainly make for cleaner code and an easier flow to reason about.

Comment on lines +302 to +303
// The correctness of Misbehaviour ClientMessage types is ensured by calling VerifyClientMessage prior to this function
// Thus, here we can return true, as ClientMessage is of type Misbehaviour
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added a comment here. Feel free to suggest any changes

@damiannolan damiannolan marked this pull request as ready for review March 24, 2022 10:37
Copy link
Contributor

@colin-axner colin-axner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work 💯

Copy link
Contributor

@seantking seantking left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice!

@damiannolan damiannolan enabled auto-merge (squash) March 28, 2022 15:38
@damiannolan damiannolan merged commit 17209f7 into 02-client-refactor Mar 28, 2022
@damiannolan damiannolan deleted the damian/879-check-for-misbehaviour branch March 28, 2022 15:40
seunlanlege pushed a commit to ComposableFi/ibc-go that referenced this pull request Aug 9, 2022
…#1163)

* adding CheckForMisbehaviour to tendermint ClientState

* adding initial testcases for CheckForMisbehaviour

* updating tests

* updating tests

* cleaning up code comments

* updating godocs

* fixing logic and updating tests

* removing Misbehaviour verification and tests

* fixing code structure after merge conflict
CosmosCar pushed a commit to caelus-labs/ibc-go that referenced this pull request Nov 6, 2023
… right errors (cosmos#1162)

<!--
Please read and fill out this form before submitting your PR.

Please make sure you have reviewed our contributors guide before
submitting your
first PR.
-->

## Overview
Closes: cosmos#1163 

<!-- 
Please provide an explanation of the PR, including the appropriate
context,
background, goal, and rationale. If there is an issue with this
information,
please provide a tl;dr and link the issue. 
-->

## Checklist

<!-- 
Please complete the checklist to ensure that the PR is ready to be
reviewed.

IMPORTANT:
PRs should be left in Draft until the below checklist is completed.
-->

- [x] New and updated code has appropriate documentation
- [x] New and updated code has new and/or updated testing
- [x] Required CI checks are passing
- [ ] Visual proof for any user facing features like CLI or
documentation updates
- [x] Linked issues closed with keywords
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants