[BFT Testing] implements wintermute attack orchestrator #2291
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…_CorruptSingleExecutionResult() so it passes but needs assertions
yhassanzadeh13
requested review from
peterargue
and removed request for
vishalchangrani and
ramtinms
|
I am not sure, though I feel there might be a bit of an imprecision in the terminology here:
In short, I feel the code (or documentation?) is conflating conduits and nodes Identifiers. @gomisha response: |
AlexHentschel
approved these changes
Apr 21, 2022
There was a problem hiding this comment.
Looks good. Mostly focused my efforts on reviewing the attack logic. Its very cool to see that we can encode the entire attack logic for Wintermute in the relatively compact wintermute/attackOrchestrator.go 👏
Most of my comments are w.r.t. documentation. While the flow is coarsely described, I feel we gloss over some important details thereby introducing imprecision and ambiguity that might mislead engineers trying to understand the code. I tried to give detailed explanations in my comments where I think the lack of precision might be misleading.
Overall, very nice work. Thanks.
Co-authored-by: Alexander Hentschel <alex.hentschel@axiomzen.co>
…instead of bounce-back
…gh chunk data request unaltered
gomisha
approved these changes
Apr 26, 2022
szegedim
pushed a commit
to GetElastech/flow-go
that referenced
this pull request
Apr 27, 2022
* BFT Testing - Wintermute - minor clean up * BFT Testing - Wintermute - more clean up, prep for VN tests * refactors test for corrupted en to span scenario * encapsulates corruption logic of execution receipts in a method * renames part of complete execution result fixture * implements corruption logic for wintermute attacker * implements test covering corruption logic for wintermute orchestrator * implements bounce-back logic * wip adds event sanity check * fixes single exeuction receipt test * refactors corrupted receipt with result * adds wintermute sanity check for execution results * fixes and adds documentation to orchestrator output sanity check * removes debug printing off orchestrator * implements distinct execution receipt fixture * re-organizes test with fixtures * adds comment * adds receipts with same result fixture * adds comment for distinct result test * adds test for the same result * adds attack state * refactors attack state * integrates attack state with orchestrator * adds sanity check to test fixtures * makes code more dry * adds multiple receipts with same result fixture * adds a comment * adds a comment * adds test for multiple receipts * adds count to receipts with distinct result * fixes broken tests * adds test multiple concurrent receipts with distinct results * fixes a method receivier * cleans up tests * implements pre-attack and post-attack scenarios * encapsulates corrupting execution receipts * refactors with post attack func * refactors with post attack func * adds chunk data request sanity check * implements chunk data pack request for receipts * adds pre-attack request response test * adds chunk index map * adds responding with attestation for corrupted chunk * adds corrupted chunk request test * adds more constraints to the test * fixes a bug * toughen up parameters of test * adds a comment * adds test for bouncing back * adds handle chunk data pack response * adds godoc * adds godoc * adds a fatal level log * adds chunkDataPackResponseForReceipts * adds TestBouncingBackChunkDataResponse_NoAttack * adds TestBouncingBackChunkDataResponse_WithAttack * refactors a test * refactors a test * adds TestWintermuteChunkResponseForCorruptedChunks * moves chunkDataPackRequestForReceipts * fixes a typo * fixes lint * adds protocol to string * simplifies tests * adds more cleanup * fixes the tests * refactors out chunk index map * refactors corrupted identifier list * adds more logging * refactors comments * renames to pass through * clarified explanation of corrupted chunk data pack request * clarified docs of HandleEventFromCorruptedNode() Co-authored-by: Alexander Hentschel <alex.hentschel@axiomzen.co> * updated docs to clarify wintermute behavior, using pass-through term instead of bounce-back * clarified comments about passing through event for handleChunkDataPackResponseEvent() * updated docs for handleChunkDataPackRequestEvent() when passing through chunk data request unaltered * renamed corruptedIds to corruptedNodeIds to remove ambiguity Co-authored-by: Misha <misha.rybalov@dapperlabs.com> Co-authored-by: Alexander Hentschel <alex.hentschel@axiomzen.co>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Implements Wintermute attack orchestrator. The orchestrator takes control of a subset of corrupted execution and verification nodes, and performs the following attack logic: