docs: introduce ADR on slashing on the provider chain #1252
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
added
C:Docs
insumity
commented
Sep 1, 2023
insumity
changed the title
insumity
force-pushed
the
insumity/first-adr
branch
from
eeeaa31
to
82ab5c8
Compare
jtremback
reviewed
Sep 6, 2023
jtremback
approved these changes
Sep 6, 2023
p-offtermatt
approved these changes
Sep 8, 2023
| **Evidence expiration:** Additionally, because we cannot infer the actual time of the evidence (i.e., the timestamp of the evidence cannot be trusted), we do not consider _evidence expiration_ and hence old evidence is never ignored (e.g., the provider would act on 3 year-old evidence of equivocation on a consumer). | ||
| Additionally, we do not need to store equivocation evidence to avoid slashing a validator more than once, because we [do not slash](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0/x/evidence/keeper/infraction.go#L94) tombstoned validators and we [tombstone](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0/x/evidence/keeper/infraction.go#L138) a validator when slashed. | ||
|
|
||
| We do not act on evidence that was signed by a validator [consensus key](https://tutorials.cosmos.network/tutorials/9-path-to-prod/3-keys.html#what-validator-keys) that is _pruned_ when we receive the evidence. We prune a validator's consensus key if the validator has assigned a new consumer key (using `MsgAssignConsumerKey`) and an unbonding period on the consumer chain has elapsed (see [key assignment ADR](https://github.com/cosmos/interchain-security/blob/main/docs/docs/adrs/adr-001-key-assignment.md)). Note that the provider chain is informed that the unbonding period has elapsed on the consumer when the provider receives a `VSCMaturedPacket` and because of this, if the consumer delays the sending of a `VSCMaturedPacket`, we would delay the pruning of the key as well. |
There was a problem hiding this comment.
Could you mention here that a malicious consumer chain can not delay sending VSCMaturedPackets forever? (This should hold true due to the VSCTimeout) I know this is mentioned in the ICS protocol, but might be good to have it here too for context
There was a problem hiding this comment.
I believe a malicious consumer chain can delay a VSCMaturedPacket forever. If the consumer chain is malicious, it could never write the VSCMaturedPacket packet in its store for the packet to be sent. In my view, the timeout assumption holds if the consumer chain tries to actually send the packet and this is not received on the other end.
bermuell
reviewed
Sep 8, 2023
mpoke
approved these changes
Sep 13, 2023
shaspitz
added a commit
that referenced
this pull request
Sep 20, 2023
* build(deps): bump actions/checkout from 3 to 4 (#1257) Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps)!: bump github.com/cosmos/ibc-go/v7 from 7.2.0 to 7.3.0 (#1258) * build(deps): bump github.com/cosmos/ibc-go/v7 from 7.2.0 to 7.3.0 Bumps [github.com/cosmos/ibc-go/v7](https://github.com/cosmos/ibc-go) from 7.2.0 to 7.3.0. - [Release notes](https://github.com/cosmos/ibc-go/releases) - [Changelog](https://github.com/cosmos/ibc-go/blob/main/CHANGELOG.md) - [Commits](cosmos/ibc-go@v7.2.0...v7.3.0) --- updated-dependencies: - dependency-name: github.com/cosmos/ibc-go/v7 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * add changelog entries --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: mpoke <marius.poke@posteo.de> * build(deps): bump github.com/cosmos/cosmos-sdk from 0.47.4 to 0.47.5 (#1259) * build(deps): bump github.com/cosmos/cosmos-sdk from 0.47.3 to 0.47.5 Bumps [github.com/cosmos/cosmos-sdk](https://github.com/cosmos/cosmos-sdk) from 0.47.3 to 0.47.5. - [Release notes](https://github.com/cosmos/cosmos-sdk/releases) - [Changelog](https://github.com/cosmos/cosmos-sdk/blob/main/CHANGELOG.md) - [Commits](cosmos/cosmos-sdk@v0.47.3...v0.47.5) --- updated-dependencies: - dependency-name: github.com/cosmos/cosmos-sdk dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * add changelog entries --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: mpoke <marius.poke@posteo.de> * chore: Separate semver (#1217) separate semver * docs: cleanup changelog (#1260) fix changelog * fix!: validate MsgTransfer before calling Transfer() (#1244) * validate MsgTransfer * add TestSendRewardsToProvider * update DefaultConsumerUnbondingPeriod to 14 days * update changelog * fix linter * fix test * apply review suggestions * update changelog * docs: Create adr-012-separate-releasing.md (#1229) * Create adr-011-separate-releasing.md * Update docs/docs/adrs/adr-011-separate-releasing.md Co-authored-by: Philip Offtermatt <57488781+p-offtermatt@users.noreply.github.com> * adr 12 not 11 * correct that we use postfix not prefix * explanation on example release flow --------- Co-authored-by: Philip Offtermatt <57488781+p-offtermatt@users.noreply.github.com> * fix: remove addr validation for provider fee pool addr param (#1262) * fix: remove validation for provider chain address since we cannot validate it properly on consumer * add changelog entry * docs: update CHANGELOG.md for `v3.2.0-consumer` release (#1268) * Update CHANGELOG.md * Update CHANGELOG.md * chore: remove legacy_ibc_testing (rebased on main) (#1185) * chore: remove legacy_ibc_testing * fix import * introduce provider.UnmarshalConsumerPacketData * use patched ibc-go * fix annoying import order * test: ignore key ordering Seems like ibctesting.GenerateKeys can returns keys in different orders when test cover is enabled. * fix after rebase * replace allinbits/ibc-go with patched cosmos/ibc-go Also fix panic in TestRedelegationNoConsumer * fix lint * use released ibc-go 7.3.0 * add newPacketFromConsumer/Provider helper funcs * constructPacket method return ccv type instead of []byte * tests: increase timeout in nightly e2e for multiconsumer (#1272) * test: Add light client attack to e2e tests (#1249) * Add light client attack to e2e tests * Add details about the attack types * Rename validatorAddress to validatorPrivateKeyAddress * Add URL to CometMock to flag * Improve wording for light client attack run * Add submitting equivocation proposals and change consu->consumerName * build(deps): bump google.golang.org/grpc from 1.57.0 to 1.58.0 (#1284) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.57.0 to 1.58.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.57.0...v1.58.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * ci: update mergify and dependabot for v2.x-lsm (#1281) update mergify and dependabot for v2.x-lsm * build(deps): bump github.com/oxyno-zeta/gomock-extra-matcher from 1.1.0 to 1.2.0 (#1286) build(deps): bump github.com/oxyno-zeta/gomock-extra-matcher Bumps [github.com/oxyno-zeta/gomock-extra-matcher](https://github.com/oxyno-zeta/gomock-extra-matcher) from 1.1.0 to 1.2.0. - [Release notes](https://github.com/oxyno-zeta/gomock-extra-matcher/releases) - [Changelog](https://github.com/oxyno-zeta/gomock-extra-matcher/blob/master/release.config.js) - [Commits](oxyno-zeta/gomock-extra-matcher@v1.1.0...v1.2.0) --- updated-dependencies: - dependency-name: github.com/oxyno-zeta/gomock-extra-matcher dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat!: provider proposal for changing reward denoms (#1280) * new provider prop type * add methods and tests for new prop, update docs * remove old tx, fix tests * e2e handling * fix command type * boilerplate * fix e2e tests * Update CHANGELOG.md * lint * validate denoms * Update proposal.go * rm msg string * fix tests * rm chain in change denom action * lint * test for invalid denom * events for both add and remove * Update proposal_test.go * docs: introduce ADR on slashing on the provider chain (#1252) * initial draft of the adr * small change on intro.md to avoid huge diff * clean up * take into account Marius' comments * rewrite v0.47 Cosmos SDK link because it was returning 404 and redirecting * more cleaning up * update based on comments * removed confusing sentence on voting power * add missing ADRs in the intro file * add tokens to power conversion * add paragraph on key pruning and references to light-client attacks code * Update template title * Took into account comments. * augment pseudocode to skip redelegation/undelegation entries * fix identation issue --------- Co-authored-by: Karolos Antoniadis <karolos@informal.systems> * ci: update mergify and dependabot for v3.2.x-consumer (#1297) * update ymls * add newline --------- Co-authored-by: mpoke <marius.poke@posteo.de> * ci: update bots for v2.1.x-provider-lsm (#1305) update bots for v2.1.x-provider-lsm * Fix `build` in makefile (#1303) fix build in makefile * refactor: Vaguely named consumer structs (#1288) * Rename GenesisState proto * make proto-gen * proto rename: Params -> ConsumerParams * make proto-gen * App, fix type change for Param renaming * App, fix type change for GenesisState renaming * Fix unit-tests for GenesisState renaming * Fix unit-tests for Params renaming * Addressed review comments * Fix linter issues * build(deps): bump google.golang.org/grpc from 1.58.0 to 1.58.1 (#1306) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.58.0 to 1.58.1. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.58.0...v1.58.1) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat: increment consensus ver and register migration (#1295) * increment consensus ver and register migration * Update CHANGELOG.md * Update migration.go * Update module.go * tests: Export struct fields in the e2e tests (#1313) * Make struct fields in e2e exported * Un-capitalize binary name * Remove prop type * Channel to channel in comments --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: mpoke <marius.poke@posteo.de> Co-authored-by: Philip Offtermatt <57488781+p-offtermatt@users.noreply.github.com> Co-authored-by: Dmitry Kolupaev <dmitry.klpv@gmail.com> Co-authored-by: Thomas Bruyelle <thomas.bruyelle@tendermint.com> Co-authored-by: MSalopek <matija.salopek994@gmail.com> Co-authored-by: insumity <insumity@users.noreply.github.com> Co-authored-by: Karolos Antoniadis <karolos@informal.systems> Co-authored-by: Simon Noetzlin <simon.ntz@gmail.com> Co-authored-by: bernd-m <43466467+bermuell@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Closes: #1222
Introduce an ADR that describes a first approach on slashing on the provider chain.
Author Checklist
All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.
I have...
docs:prefix in the PR titleReviewers Checklist
All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.
I have...
docs:prefix in the PR titlemake build-docs)