feat: implement slashing functionality on the provider chain (ADR-013)

CHANGELOG.md

@@ -1,6 +1,28 @@
 # CHANGELOG
 
-## v.2.0.0
+## [Unreleased]
+
+Add an entry to the unreleased section whenever merging a PR to main that is not targeted at a specific release. These entries will eventually be included in a release.
+
+## v2.1.0-lsm-provider
+
+* (feature!) [#1280](https://github.com/cosmos/interchain-security/pull/1280) provider proposal for changing reward denoms
+* (feature!) [#826](https://github.com/cosmos/interchain-security/pull/826) add new endpoint to provider to handle consumer light client attacks
+* (feature!) [#1227](https://github.com/cosmos/interchain-security/pull/1227) add new endpoint to provider to handle consumer double signing attacks
+
+
+### Cryptographic verification of equivocation
+* New feature enabling the provider chain to verify equivocation evidence on its own instead of trusting consumer chains, see [EPIC](https://github.com/cosmos/interchain-security/issues/732).
+
+
+## v2.0.0-lsm
+
+Date: August 18th, 2023
+
+* (deps!) [#1120](https://github.com/cosmos/interchain-security/pull/1120) Bump [Cosmos SDK](https://github.com/cosmos/cosmos-sdk) to [v0.45.16-ics-lsm](https://github.com/cosmos/cosmos-sdk/tree/v0.45.16-ics-lsm). This requires adapting ICS to support this SDK release. Changes are state breaking.
+* (fix) [#720](https://github.com/cosmos/interchain-security/issues/720) Fix the attribute `AttributeDistributionTotal` value in `FeeDistribution` event emit.
+
+## v2.0.0
 
 Date: June 1st, 2023
 

Dockerfile

@@ -28,7 +28,7 @@ RUN go mod tidy
 RUN make install
 
 # Get Hermes build
-FROM otacrew/hermes-ics:latest AS hermes-builder
+FROM otacrew/hermes-ics:evidence-cmd AS hermes-builder
 
 # Get CometMock
 FROM informalofftermatt/cometmock:latest as cometmock-builder

app/provider/app.go

@@ -140,6 +140,7 @@ var (
 			ibcproviderclient.ConsumerAdditionProposalHandler,
 			ibcproviderclient.ConsumerRemovalProposalHandler,
 			ibcproviderclient.EquivocationProposalHandler,
+			ibcproviderclient.ChangeRewardDenomsProposalHandler,
 		),
 		params.AppModuleBasic{},
 		crisis.AppModuleBasic{},

docs/docs/features/proposals.md

@@ -48,7 +48,7 @@ Minimal example:
     "distribution_transmission_channel": "channel-123"
 }
 ```
-More examples can be found in the replicated security testnet repository [here](https://github.com/cosmos/testnets/blob/master/replicated-security/baryon-1/proposal-baryon-1.json) and [here](https://github.com/cosmos/testnets/blob/master/replicated-security/noble-1/start-proposal-noble-1.json).
+More examples can be found in the replicated security testnet repository [here](https://github.com/cosmos/testnets/blob/master/replicated-security/stopped/baryon-1/proposal-baryon-1.json) and [here](https://github.com/cosmos/testnets/blob/master/replicated-security/stopped/noble-1/start-proposal-noble-1.json).
 
 ## `ConsumerRemovalProposal`
 Proposal type used to suggest removing an existing consumer chain.
@@ -105,6 +105,23 @@ Minimal example:
 }
 ```
 
+## ChangeRewardDenomProposal
+:::tip
+`ChangeRewardDenomProposal` will only be accepted on the provider chain if at least one of the denomsToAdd or denomsToRemove fields is populated with at least one denom. Also, a denom cannot be repeated in both sets.
+:::
+
+Proposal type used to mutate the set of denoms accepted by the provider as rewards.
+
+Minimal example:
+```js
+{
+  "title": "Add untrn as a reward denom",
+  "description": "Here is more information about the proposal",
+  "denomsToAdd": ["untrn"],
+  "denomsToRemove": []
+}
+```
+
 ### Notes
 When submitting equivocation evidence through an `EquivocationProposal` please take note that you need to use the consensus address (`valcons`) of the offending validator on the **provider chain**.
 Besides that, the `height` and the `time` fields should be mapped to the **provider chain** to avoid your evidence being rejected.

docs/docs/features/slashing.md

@@ -34,3 +34,19 @@ The offending validator will effectively get slashed and tombstoned on all consu
 
 <!-- markdown-link-check-disable-next-line -->
 You can find instructions on creating `EquivocationProposal`s [here](./proposals#equivocationproposal).
+
+# Cryptographic verification of equivocation
+The Cryptographic verification of equivocation allows external agents to submit evidences of light client and double signing attack observed on a consumer chain. When a valid evidence is received, the malicious validators will be permanently jailed on the provider.
+
+The feature is outlined in this [ADR-005](../adrs/adr-005-cryptographic-equivocation-verification.md)
+
+By sending a `MsgSubmitConsumerMisbehaviour` or a `MsgSubmitConsumerDoubleVoting` transaction, the provider will
+ verify the reported equivocation and, if successful, jail the malicious validator.
+
+:::info
+Note that this feature can only lead to the jailing of the validators responsible for an attack on a consumer chain. However, an [equivocation proposal](#double-signing-equivocation) can still be submitted to execute the slashing and the tombstoning of the a malicious validator afterwards. 
+:::
+
+
+
+

docs/docs/validators/joining-testnet.md

@@ -169,8 +169,7 @@ gaiad tx provider assign-consensus-key consumer-1 '<consumer_pubkey>' --from <ke
 After this step, you are ready to copy the consumer genesis into your nodes's `/config` folder, start your consumer chain node and catch up to the network.
 
 ## Baryon
-You can find the onboarding repo instructions for the Baryon chain [here](https://github.com/cosmos/testnets/blob/master/replicated-security/baryon-1/README.md)
-
+You can find the onboarding repo instructions for the Baryon chain [here](https://github.com/cosmos/testnets/blob/master/replicated-security/stopped/baryon-1/README.md)
 
 ## Noble
-You can find the onboarding repo instructions for the Noble chain [here](https://github.com/cosmos/testnets/blob/master/replicated-security/noble-1/README.md)
+You can find the onboarding repo instructions for the Noble chain [here](https://github.com/cosmos/testnets/blob/master/replicated-security/stopped/noble-1/README.md)

go.mod

@@ -153,7 +153,7 @@ require (
 )
 
 replace (
-	github.com/cosmos/cosmos-sdk => github.com/cosmos/cosmos-sdk v0.45.15-ics
+	github.com/cosmos/cosmos-sdk => github.com/cosmos/cosmos-sdk v0.45.16-ics-lsm
 	github.com/gogo/protobuf => github.com/regen-network/protobuf v1.3.3-alpha.regen.1
 	github.com/tendermint/tendermint => github.com/cometbft/cometbft v0.34.28
 	google.golang.org/grpc => google.golang.org/grpc v1.33.2

go.sum

@@ -231,8 +231,8 @@ github.com/cosmos/cosmos-db v0.0.0-20221226095112-f3c38ecb5e32 h1:zlCp9n3uwQieEL
 github.com/cosmos/cosmos-db v0.0.0-20221226095112-f3c38ecb5e32/go.mod h1:kwMlEC4wWvB48zAShGKVqboJL6w4zCLesaNQ3YLU2BQ=
 github.com/cosmos/cosmos-proto v1.0.0-beta.1 h1:iDL5qh++NoXxG8hSy93FdYJut4XfgbShIocllGaXx/0=
 github.com/cosmos/cosmos-proto v1.0.0-beta.1/go.mod h1:8k2GNZghi5sDRFw/scPL8gMSowT1vDA+5ouxL8GjaUE=
-github.com/cosmos/cosmos-sdk v0.45.15-ics h1:ujrXsulYGwggLCC0oD7CizvlAerqMQHfCHHjHqIamfY=
-github.com/cosmos/cosmos-sdk v0.45.15-ics/go.mod h1:bScuNwWAP0TZJpUf+SHXRU3xGoUPp+X9nAzfeIXts40=
+github.com/cosmos/cosmos-sdk v0.45.16-ics-lsm h1:Cld5lg+lXvqT8plyy0l5Aytir4PdxWMHNLyFbOE3iMs=
+github.com/cosmos/cosmos-sdk v0.45.16-ics-lsm/go.mod h1:bScuNwWAP0TZJpUf+SHXRU3xGoUPp+X9nAzfeIXts40=
 github.com/cosmos/go-bip39 v0.0.0-20180819234021-555e2067c45d/go.mod h1:tSxLoYXyBmiFeKpvmq4dzayMdCjCnu8uqmCysIGBT2Y=
 github.com/cosmos/go-bip39 v1.0.0 h1:pcomnQdrdH22njcAatO0yWojsUnCO3y2tNoV1cb6hHY=
 github.com/cosmos/go-bip39 v1.0.0/go.mod h1:RNJv0H/pOIVgxw6KS7QeX2a0Uo0aKUlfhZ4xuwvCdJw=

legacy_ibc_testing/testing/app.go

@@ -79,20 +79,23 @@ func SetupWithGenesisValSet(t *testing.T, appIniter AppIniter, valSet *tmtypes.V
 		pkAny, err := codectypes.NewAnyWithValue(pk)
 		require.NoError(t, err)
 		validator := stakingtypes.Validator{
-			OperatorAddress:   sdk.ValAddress(val.Address).String(),
-			ConsensusPubkey:   pkAny,
-			Jailed:            false,
-			Status:            stakingtypes.Bonded,
-			Tokens:            bondAmt,
-			DelegatorShares:   sdk.OneDec(),
-			Description:       stakingtypes.Description{},
-			UnbondingHeight:   int64(0),
-			UnbondingTime:     time.Unix(0, 0).UTC(),
-			Commission:        stakingtypes.NewCommission(sdk.ZeroDec(), sdk.ZeroDec(), sdk.ZeroDec()),
-			MinSelfDelegation: sdk.ZeroInt(),
+			OperatorAddress: sdk.ValAddress(val.Address).String(),
+			ConsensusPubkey: pkAny,
+			Jailed:          false,
+			Status:          stakingtypes.Bonded,
+			Tokens:          bondAmt,
+			DelegatorShares: sdk.OneDec(),
+			Description:     stakingtypes.Description{},
+			UnbondingHeight: int64(0),
+			UnbondingTime:   time.Unix(0, 0).UTC(),
+			Commission:      stakingtypes.NewCommission(sdk.ZeroDec(), sdk.ZeroDec(), sdk.ZeroDec()),
+			// MinSelfDelegation: sdk.ZeroInt(),
 		}
 
 		validators = append(validators, validator)
+		// NOTE: @MSalopek
+		// need more info about stakingtypes.Delegation.ValidatorBond flag usage
+		// setting this to both true or false does not affect the test results
 		delegations = append(delegations, stakingtypes.NewDelegation(genAccs[0].GetAddress(), val.Address.Bytes(), sdk.OneDec()))
 	}
 

proto/interchain_security/ccv/provider/v1/provider.proto

@@ -95,6 +95,19 @@ message EquivocationProposal {
   repeated cosmos.evidence.v1beta1.Equivocation equivocations = 3;
 }
 
+// ChangeRewardDenomsProposal is a governance proposal on the provider chain to
+// mutate the set of denoms accepted by the provider as rewards.
+message ChangeRewardDenomsProposal {
+  // the title of the proposal
+  string title = 1;
+  // the description of the proposal
+  string description = 2;
+  // the list of consumer reward denoms to add
+  repeated string denoms_to_add = 3;
+  // the list of consumer reward denoms to remove
+  repeated string denoms_to_remove = 4;
+}
+
 // A persisted queue entry indicating that a slash packet data instance needs to be handled.
 // This type belongs in the "global" queue, to coordinate slash packet handling times between consumers.
 message GlobalSlashEntry {

proto/interchain_security/ccv/provider/v1/tx.proto

@@ -14,7 +14,6 @@ import "tendermint/types/evidence.proto";
 // Msg defines the Msg service.
 service Msg {
   rpc AssignConsumerKey(MsgAssignConsumerKey) returns (MsgAssignConsumerKeyResponse);
-  rpc RegisterConsumerRewardDenom(MsgRegisterConsumerRewardDenom) returns (MsgRegisterConsumerRewardDenomResponse);
   rpc SubmitConsumerMisbehaviour(MsgSubmitConsumerMisbehaviour) returns (MsgSubmitConsumerMisbehaviourResponse);
   rpc SubmitConsumerDoubleVoting(MsgSubmitConsumerDoubleVoting) returns (MsgSubmitConsumerDoubleVotingResponse);
 }
@@ -35,23 +34,9 @@ message MsgAssignConsumerKey {
 
 message MsgAssignConsumerKeyResponse {}
 
-// MsgRegisterConsumerRewardDenom allows an account to register 
-// a consumer reward denom, i.e., add it to the list of denoms 
-// accepted by the provider as rewards.
-message MsgRegisterConsumerRewardDenom {
-  option (gogoproto.equal)           = false;
-  option (gogoproto.goproto_getters) = false;
-
-  string denom = 1;
-  string depositor = 2;
-}
-
-// MsgRegisterConsumerRewardDenomResponse defines the Msg/RegisterConsumerRewardDenom response type.
-message MsgRegisterConsumerRewardDenomResponse {}
 
-// MsgSubmitConsumerMisbehaviour defines a message that reports a misbehaviour
-// observed on a consumer chain
-// Note that the misbheaviour' headers must contain the same trusted states
+// MsgSubmitConsumerMisbehaviour defines a message that reports a light client attack,
+//  also known as a misbehaviour, observed on a consumer chain
 message MsgSubmitConsumerMisbehaviour {
   option (gogoproto.equal) = false;
   option (gogoproto.goproto_getters) = false;
@@ -64,8 +49,8 @@ message MsgSubmitConsumerMisbehaviour {
 message MsgSubmitConsumerMisbehaviourResponse {}
 
 
-// MsgSubmitConsumerDoubleVoting defines a message that reports an equivocation
-// observed on a consumer chain
+// MsgSubmitConsumerDoubleVoting defines a message that reports 
+// a double signing infraction observed on a consumer chain
 message MsgSubmitConsumerDoubleVoting {
   option (gogoproto.equal) = false;
   option (gogoproto.goproto_getters) = false;
@@ -77,4 +62,4 @@ message MsgSubmitConsumerDoubleVoting {
   ibc.lightclients.tendermint.v1.Header infraction_block_header = 3;
 }
 
-message MsgSubmitConsumerDoubleVotingResponse {}
+message MsgSubmitConsumerDoubleVotingResponse {}

tests/difference/core/driver/setup.go

@@ -176,17 +176,17 @@ func (b *Builder) getAppBytesAndSenders(
 		require.NoError(b.suite.T(), err)
 
 		validator := stakingtypes.Validator{
-			OperatorAddress:   sdk.ValAddress(val.Address).String(),
-			ConsensusPubkey:   pkAny,
-			Jailed:            false,
-			Status:            status,
-			Tokens:            tokens,
-			DelegatorShares:   sumShares,
-			Description:       stakingtypes.Description{},
-			UnbondingHeight:   int64(0),
-			UnbondingTime:     time.Unix(0, 0).UTC(),
-			Commission:        stakingtypes.NewCommission(sdk.ZeroDec(), sdk.ZeroDec(), sdk.ZeroDec()),
-			MinSelfDelegation: sdk.ZeroInt(),
+			OperatorAddress: sdk.ValAddress(val.Address).String(),
+			ConsensusPubkey: pkAny,
+			Jailed:          false,
+			Status:          status,
+			Tokens:          tokens,
+			DelegatorShares: sumShares,
+			Description:     stakingtypes.Description{},
+			UnbondingHeight: int64(0),
+			UnbondingTime:   time.Unix(0, 0).UTC(),
+			Commission:      stakingtypes.NewCommission(sdk.ZeroDec(), sdk.ZeroDec(), sdk.ZeroDec()),
+			// MinSelfDelegation: sdk.ZeroInt(),
 		}
 
 		stakingValidators = append(stakingValidators, validator)
@@ -413,7 +413,7 @@ func (b *Builder) addValidatorToStakingModule(privVal mock.PV) {
 		coin,
 		stakingtypes.Description{},
 		stakingtypes.NewCommissionRates(sdk.ZeroDec(), sdk.ZeroDec(), sdk.ZeroDec()),
-		sdk.ZeroInt())
+	)
 	b.suite.Require().NoError(err)
 	pskServer := stakingkeeper.NewMsgServerImpl(b.providerStakingKeeper())
 	_, _ = pskServer.CreateValidator(sdk.WrapSDKContext(b.providerCtx()), msg)