Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: ica app version negotiation #410
feat: ica app version negotiation #410
Changes from 11 commits
18990b4
49e2901
1f73b16
b967f08
52fe314
bd66f33
62e5c39
4ee74bf
b2f3e3b
c7d7804
001313c
d6725e1
32240ff
e4af997
18e9601
c691632
3d5baab
f400bdc
File filter
Filter by extension
Conversations
Jump to
There are no files selected for viewing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@colin-axner I'm just wondering is there any way that a malicious relayer could pass in an address here to the ack step that isn't the address we validated on the
Try
step? I think we already discussed this but just refreshing my brain after the weekend.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, core IBC verifies a proof of the channel state set on the counterparty
If a relayer changed the version, the proof would fail
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks 🙏
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe we should change
Version
->VersionPrefix
? I mostly just find it confusing referring to bothics27-1
andics27-1|accaddr
as versionThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah I can change to
VersionPrefix
. But I agree, it's confusing. Wondering if perhaps a protobuf struct would've been a better option completely... idk something like below where a metadata field could be used for any arbitrary piece of data, in our case an account address string:The real problem here is with breaking existing APIs though I believe!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can do protobuf, we would just need to encode/decode when passing and interacting with core IBC. The version in the channel is intentionally a string to allow applications the flexibility of deciding what sort of version they want
They main downside of encoding is that the version might look odd when printing out a channel struct, but if we json encode maybe it'd be fine?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So with this approach, the version/counterpartyVersion args to the IBCModule callbacks would remain as strings but we would json encode the structure for ICA and handle encoding within the keeper?
Let's keep this as an option and we can discuss as part of the audit. If it's something we decide is valuable or a better approach I can implement it later.