Skip to content

Commit

Permalink
feat!: add cryptographic equivocation (#1340)
Browse files Browse the repository at this point in the history
* docs: cleanup changelog for v2.0.0 on release/v2.0.x (#987)

* Update CHANGELOG.md

* Update CHANGELOG.md

* comment

* chore: Hardcode golangci-lint version (backport #990) (#1013)

chore: Hardcode golangci-lint version (#990)

* Hardcode golangci-lint version

* Hardcode version in CI config

(cherry picked from commit 9920121)

Co-authored-by: Philip Offtermatt <[email protected]>

* fix: proper consumer key prefix ordering (backport #991) (#1011)

fix: proper consumer key prefix ordering (#991)

* Update keys.go

* tests

* fix another bug

* fix comments

(cherry picked from commit a1e18d0)

Co-authored-by: Shawn <[email protected]>

* feat: Remove consumer genesis migration on provider (backport #997) (#1012)

feat: Remove consumer genesis migration on provider (#997)

* Update keys.go

* tests

* fix another bug

* remove consumer genesis deletion, link to test

* remove unused bond denom method

* Revert "remove unused bond denom method"

This reverts commit f930eca.

* remove test too

* update changelog

(cherry picked from commit e2ac974)

Co-authored-by: Shawn <[email protected]>

* fix: limit vsc matured packets handled per endblocker (backport #1004) (#1015)

fix: limit vsc matured packets handled per endblocker (#1004)

* initial implementation, still need tests

* UTs

* integration test

* linter

* Update CHANGELOG.md

* make vsc matured handled this block a var

* comment

(cherry picked from commit 8c2fc56)

Co-authored-by: Shawn <[email protected]>

* feat: integrate cometmock (backport #989) (#1030)

feat: integrate cometmock (#989)

* Add gorelayer and CometMock to Dockerfile

* Add option to start with cometmock in start-chain script

* Start adding support for rly

* Adjust relayer start action

* Add entrypoint for short happy path steps

* Add . nosec G204 and waiting for blocks

* Adjust rly config: Gas is free

* Remove optout steps from short happy path

* Use separate redelegate step for short happy path

* Wait for blocks after unbonding

* Make naming more descriptive and add comments

* Add comment to chain name sorting and improve comments

* Update start-chain.sh

Address comments form joint review session with @MSalopek

* Fix typo

(cherry picked from commit 07be71a)

Co-authored-by: Philip Offtermatt <[email protected]>

* feat!: Add DistributionTransmissionChannel to ConsumerAdditionProposal (manual backport #965) (#1031)

feat!: Add DistributionTransmissionChannel to ConsumerAdditionProposal (#965)

* update proto

* remove transfer_channel_id from consumer genesis

* ConsumerAdditionProposal: transfer_channel_id -> distribution_transmission_channel

* send updated ConsumerAdditionProposal

* validate consumer genesis param

* remove StandaloneTransferChannelID from store

* fix TestOnChanOpenAck

* remove state breaking change

* finalize merge and fix issues

* chore: update docs and changelog

* chore: regenerate protos

* re-add integrationt tests around changeover

* mv entry in changelog

* test: add sovereign to consumer changeover e2e (#1025)

* tests: add sovereign to consumer e2e test

* rm unused bash scripts

* partially address review comments

* apply remaining review comments

* chore: apply formatting rules

---------

Co-authored-by: Marius Poke <[email protected]>
Co-authored-by: MSalopek <[email protected]>

* refactor: log when constructing IBC err ack (backport #1090) (#1094)

refactor: log when constructing IBC err ack (#1090)

* log with err ack

* linter

(cherry picked from commit 07302ff)

Co-authored-by: Shawn <[email protected]>

* fix: `AttributeDistributionTotal` in event emit (backport #1097) (#1114)

* fix: `AttributeDistributionTotal` in event emit (#1097)

* fix: emitted distribution events

* docs: update changelog

* fix: lint

---------

Co-authored-by: MSalopek <[email protected]>
(cherry picked from commit d16c766)

# Conflicts:
#	CHANGELOG.md
#	x/ccv/consumer/keeper/distribution.go

* resolve conflicts

* docs: remove v3 changelog from v2 release line

---------

Co-authored-by: yaruwangway <[email protected]>
Co-authored-by: Yaru Wang <[email protected]>

* docs: update broken md links (backport #1130) (#1142)

* docs: update broken md links (#1130)

(cherry picked from commit fd76f45)

# Conflicts:
#	docs/docs/validators/joining-testnet.md

* Update joining-testnet.md

---------

Co-authored-by: MSalopek <[email protected]>
Co-authored-by: Shawn <[email protected]>

* feat!: add ICS misbehaviour handling (#826)

* define msg to submit misbehaviour to provider

implement msg handling logic

e2e test msg handling logic

* wip: get byzantine validators in misbehavioiur handling

* add tx handler

* format HandleConsumerMisbehaviour

* add tx handler

* add debugging stuff

* Add misbehaviour handler

* create message for consumer double voting evidence

* add DRAFT double vote handler

* Add cli cmd for submit consumer double voting

* Add double-vote handler

* add last update

* fix jailing

* pass first jailing integration test

* format tests

* doc

* save

* update e2e tests'

* fix typo and improve docs

* remove unwanted tm evidence protofile

* fix typos

* update submit-consumer-misbehaviour cli description

* check that header1 and header2 have the same TrustedValidators

* feat: add e2e tests for ICS misbehaviour (#1118)

* remove unwanted changes

* fix hermes config with assigned key

* revert unwanted changes

* revert local setup

* remove log file

* typo

* update doc

* update ICS misbehaviour test

* update ICS misbehaviour test

* revert mixed commits

* add doc

* lint

* update to handle only equivocations

* improve doc

* update doc

* update E2E tests comment

* optimize signatures check

* doc

* update e2e tests

* linter

* remove todo

* Feat: avoid race condition in ICS misbehaviour handling (#1148)

* remove unwanted changes

* fix hermes config with assigned key

* revert unwanted changes

* revert local setup

* remove log file

* typo

* update doc

* update ICS misbehaviour test

* update ICS misbehaviour test

* revert mixed commits

* update ICS misbehaviour test

* update ICS misbehaviour test

* Add test for MsgSubmitConsumerMisbehaviour parsing

* fix linter

* save progress

* add CheckMisbehaviourAndUpdateState

* update integration tests

* typo

* remove e2e tests from another PRs

* cleaning'

* Update x/ccv/provider/keeper/misbehaviour.go

Co-authored-by: Anca Zamfir <[email protected]>

* Update x/ccv/provider/keeper/misbehaviour.go

Co-authored-by: Anca Zamfir <[email protected]>

* update integration tests

* save

* save

* nits

* remove todo

* lint

* Update x/ccv/provider/keeper/misbehaviour.go

---------

Co-authored-by: Anca Zamfir <[email protected]>
Co-authored-by: Marius Poke <[email protected]>

* Update x/ccv/provider/client/cli/tx.go

Co-authored-by: Anca Zamfir <[email protected]>

* Update x/ccv/provider/client/cli/tx.go

Co-authored-by: Anca Zamfir <[email protected]>

* add attributes to EventTypeSubmitConsumerMisbehaviour

* Update x/ccv/provider/keeper/misbehaviour.go

Co-authored-by: Anca Zamfir <[email protected]>

* Update x/ccv/provider/keeper/misbehaviour.go

Co-authored-by: Anca Zamfir <[email protected]>

* apply review suggestions

* fix docstring

* Update x/ccv/provider/keeper/misbehaviour.go

Co-authored-by: Anca Zamfir <[email protected]>

* fix link

* apply review suggestions

* update docstring

---------

Co-authored-by: Anca Zamfir <[email protected]>
Co-authored-by: Marius Poke <[email protected]>

* deps!: support  cosmos-sdk-v45-ics-lsm integration (#1120)

* tests: check cosmos-sdk-v45-ics-lsm integration

* bump cosmos-sdk to inqlusion latest

* support new method signatuers

* fix: bump v0.45.16-ics-lsm to latest [fixes difftests]

* fix: update democracy tests representative registration

* chore: bump iqlusion:cosmos-sdk to latest

* chore: bump iqlusion:cosmos-sdk to latest

* chore: bump iqlusion:cosmos-sdk to latest

* fix!: avoid panicking on CancelUnbondingDelegation  (#977)

* handle CancelUnbondingDelegation message

* tests: add cancel-unbond e2e test

* fix: appease linter

* chore: Hardcode golangci-lint version (#990)

* Hardcode golangci-lint version

* Hardcode version in CI config

---------

Co-authored-by: MSalopek <[email protected]>
Co-authored-by: Philip Offtermatt <[email protected]>

* tests: fix broken cancelUnbond e2e after cherry pick

* chore: regenerate mocks

* chore: run make proto-gen

* fix: complete concel-unbond handling in hooks

* chore: bump iqlusion:cosmos-sdk to latest

* chore: fix brokene gov prop submit

* chore: fix brokene gov prop submit

* use SDK 0.45.16-ics-lsm-rc0

* add changelog entry

---------

Co-authored-by: Marius Poke <[email protected]>
Co-authored-by: Philip Offtermatt <[email protected]>

* docs: add v2.0.0-lsm changelog section (#1210)

add changelog section

* deps: bump SDK to v0.45.16-ics-lsm (#1212)

bump SDK to v0.45.16-ics-lsm

* feat: improve ICS misbehaviour E2E testing coverage (#1225)

* update e2e tests

* update the chain halt assertion

* refactor: address comments of ICS Misbehaviour PRs #826 and #1148  (#1223)

* remove interface

* improve comment

* update godoc

* address last comments

* feat: add handler for consumer double voting (#1232)

* create new endpoint for consumer double voting

* add first draft handling logic

* first iteration of double voting

* draft first mem test

* error handling

* refactor

* add unit test of double voting verification

* remove evidence age checks

* document

* doc

* protogen

* reformat double voting handling

* logger nit

* nits

* check evidence age duration

* move verify double voting evidence to ut

* fix nit

* nits

* fix e2e tests

* improve double vote testing coverage

* remove TODO

* lint

* add UT for JailAndTombstoneValidator

* nits

* nits

* remove tombstoning and evidence age check

* lint

* typo

* improve godoc

* fix: tiny bug in `NewSubmitConsumerDoubleVotingCmd` (#1247)

* fix double voting cli

* fix bug double signing handler

* godoc

* nits

* revert wrong push of lasts commits

* fix: make `HandleConsumerDoubleVoting` works with provider pubkeys (#1254)

* fix double voting cli

* fix bug double signing handler

* godoc

* nits

* lint

* nit

* fix: verify equivocation using validator pubkey in `SubmitConsumerDoubleVoting` msg (#1264)

* verify dv evidence using malicious validator pubkey in infraction block header

* nits

* nits

* refactor: update the E2E tests to work with Hermes relayer v1.6.0 (#1278)

* save changes

* fix hermes config

* fist successful run

* nit

* nits

* nits

* doc and nits

* lint

* test: add E2E tests for double voting evidence handling (#1256)

* fix double voting cli

* add double-signing e2e test

* refortmat e2e double voting test

* godoc, revert unwanted changes

* nit

* verify dv evidence using malicious validator pubkey in infraction block header

* save changes

* fix hermes config

* fist successful run

* nit

* nits

* nits

* doc and nits

* lint

* refactor

* typo

* change hermes docker image

* nits

* Update tests/e2e/steps.go

Co-authored-by: Philip Offtermatt <[email protected]>

* address PR comments

* nits

---------

Co-authored-by: Philip Offtermatt <[email protected]>

* feat!: provider proposal for changing reward denoms (backport #1280) (#1291)

* feat!: provider proposal for changing reward denoms (#1280)

* new provider prop type

* add methods and tests for new prop, update docs

* remove old tx, fix tests

* e2e handling

* fix command type

* boilerplate

* fix e2e tests

* Update CHANGELOG.md

* lint

* validate denoms

* Update proposal.go

* rm msg string

* fix tests

* rm chain in change denom action

* lint

* test for invalid denom

* events for both add and remove

* Update proposal_test.go

(cherry picked from commit 48a2186)

# Conflicts:
#	CHANGELOG.md
#	app/provider/app.go
#	proto/interchain_security/ccv/provider/v1/provider.proto
#	proto/interchain_security/ccv/provider/v1/tx.proto
#	tests/e2e/actions.go
#	tests/integration/distribution.go
#	x/ccv/provider/client/cli/tx.go
#	x/ccv/provider/client/proposal_handler.go
#	x/ccv/provider/keeper/distribution.go
#	x/ccv/provider/keeper/distribution_test.go
#	x/ccv/provider/proposal_handler_test.go
#	x/ccv/provider/types/codec.go
#	x/ccv/provider/types/proposal.go
#	x/ccv/provider/types/provider.pb.go
#	x/ccv/provider/types/tx.pb.go

* fix conflicts

* fix rest handler

* Update CHANGELOG.md

* rm uneeded tx proto

---------

Co-authored-by: Shawn <[email protected]>

* save

* fix nits

* update changelog and fix nits

* feat: implement slashing functionality on the provider chain (ADR-013) (#1275)

Implementing the slashing functionality, as described in ADDR, on the provider chain.

* fix e2e happy-path-short test

* make consumer misbehaviour and double signing tests pass

* currently debugging democracy-reward

* fix e2e democ test

* refactor: remove equivocation proposal (#1294)

* remove equivocation proposal

* bring back evidencekeeper

* go.sum added

* rebase and fix lint issues

* fix mocks

* clean up protos & delete unecessary file

* fix E2E test

* fix Dockerfile

* more fixes

* increase wait attempt

* increase wait attempt

* wait 1 block in gov proposal

* fix numbers

---------

Co-authored-by: Karolos Antoniadis <[email protected]>

* add equivo removal failing tests

* fix democ e2e tests

* make mem tests pass

* lint

* fix Dockerfile

* update changelog

* fix nits

* update rapid test

* fix democ tests

* update changelog

* fix CHANGELOG.md

* nits

* Update docs/docs/features/slashing.md

Co-authored-by: insumity <[email protected]>

* Update proto/interchain_security/ccv/provider/v1/tx.proto

Co-authored-by: insumity <[email protected]>

* Update x/ccv/provider/client/cli/tx.go

Co-authored-by: insumity <[email protected]>

* Update x/ccv/provider/client/cli/tx.go

Co-authored-by: insumity <[email protected]>

* Update x/ccv/provider/keeper/misbehaviour.go

Co-authored-by: insumity <[email protected]>

* Update x/ccv/provider/keeper/punish_validator.go

Co-authored-by: insumity <[email protected]>

* Update x/ccv/provider/keeper/punish_validator.go

Co-authored-by: insumity <[email protected]>

* Update x/ccv/provider/keeper/punish_validator.go

Co-authored-by: insumity <[email protected]>

* check verifying pubkey against validator address

* add tests

* update checkMisbehaviour tests

* save

* update all misbehaviour memory tests

* fix misb verify valset sigs test

* revert misb check fix for ibc 7

* nit fix

* fix nit

* fix: add equivocation proposal message back in protos (#1394)

* add depreacted equiv prop msg def

* add codec and content for equivo proposal msg

* doc

* proto

* fix!: verify the signatures of byzantine validators in misbehaviour handling (#1422)

* update byzantine validators extraction

* nits

* Update x/ccv/provider/keeper/misbehaviour.go

Co-authored-by: insumity <[email protected]>

* last changes

* udpdate changelog

---------

Co-authored-by: insumity <[email protected]>

* feat: update misbehaviour handling using IBC-Go 7 (#1401)

* nit fix

* improve doc

* super picky nit

* fix!: drop nil votes in misbehaviour handling (#1404)

* update CHANGELOG for final release

* save

* update test to extract byzantine validators

* improve testing

* nits

* nits

* Update tests/integration/misbehaviour.go

Co-authored-by: insumity <[email protected]>

* Update testutil/crypto/evidence.go

Co-authored-by: insumity <[email protected]>

* update util func

* doc

* check misb client ID

* Update x/ccv/provider/keeper/misbehaviour.go

Co-authored-by: insumity <[email protected]>

* nits

---------

Co-authored-by: insumity <[email protected]>

* fix comments

* update changelog

* Update x/ccv/provider/keeper/misbehaviour.go

Co-authored-by: insumity <[email protected]>

* improve tests

* lint

* udpate traces

* silly bug

---------

Co-authored-by: insumity <[email protected]>

* nit

* Update x/ccv/provider/keeper/double_vote.go

Co-authored-by: insumity <[email protected]>

* Update x/ccv/provider/keeper/double_vote.go

Co-authored-by: insumity <[email protected]>

* Update x/ccv/provider/keeper/misbehaviour.go

Co-authored-by: insumity <[email protected]>

* Update x/ccv/provider/keeper/misbehaviour.go

Co-authored-by: insumity <[email protected]>

* Update tests/integration/double_vote.go

Co-authored-by: insumity <[email protected]>

* Update x/ccv/provider/client/cli/tx.go

Co-authored-by: insumity <[email protected]>

* Update x/ccv/provider/client/cli/tx.go

Co-authored-by: insumity <[email protected]>

* address comments

* address comments

* Update x/ccv/provider/types/proposal.go

Co-authored-by: Philip Offtermatt <[email protected]>

* Update tests/integration/double_vote.go

Co-authored-by: Philip Offtermatt <[email protected]>

* Port: (feat!) [#1435](#1435) Add height-base filter for consumer equivocation evidence.

* fix: update consumer double vote cmd (#1439)

add cmd fix

* update CHANGELOG

* update changelog

* update changelog entries

* nits

---------

Co-authored-by: Shawn <[email protected]>
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
Co-authored-by: Philip Offtermatt <[email protected]>
Co-authored-by: Marius Poke <[email protected]>
Co-authored-by: MSalopek <[email protected]>
Co-authored-by: yaruwangway <[email protected]>
Co-authored-by: Yaru Wang <[email protected]>
Co-authored-by: Anca Zamfir <[email protected]>
Co-authored-by: insumity <[email protected]>
Co-authored-by: Karolos Antoniadis <[email protected]>
  • Loading branch information
11 people authored Nov 21, 2023
1 parent 81331b4 commit 1e8512a
Show file tree
Hide file tree
Showing 68 changed files with 6,128 additions and 1,749 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
- Deprecate equivocation proposals.
([\#1340](https://github.com/cosmos/interchain-security/pull/1340))
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
- Introduce the cryptographic verification of equivocation feature to the provider
(cf. [ADR-005](/docs/docs/adrs/adr-005-cryptographic-equivocation-verification.md)
& [ADR-013](/docs/docs/adrs/adr-013-equivocation-slashing.md)).
([\#1340](https://github.com/cosmos/interchain-security/pull/1340))
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
- Introduce the cryptographic verification of equivocation feature to the provider
(cf. [ADR-005](/docs/docs/adrs/adr-005-cryptographic-equivocation-verification.md)
& [ADR-013](/docs/docs/adrs/adr-013-equivocation-slashing.md)).
([\#1340](https://github.com/cosmos/interchain-security/pull/1340))
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -186,3 +186,4 @@ In addition, RS has the following features:

- **Key Assignment**: Enables validator operators to use different consensus keys for each consumer chain validator node that they operate.
- **Jail Throttling**: Enables the provider to slow down a "worst case scenario" attack where a malicious consumer binary attempts to jail a significant amount (> 2/3) of the voting power, effectively taking control of the provider.

2 changes: 1 addition & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ RUN go mod tidy
RUN make install

# Get Hermes build
FROM ghcr.io/informalsystems/hermes:1.4.1 AS hermes-builder
FROM otacrew/hermes-ics:evidence-cmd AS hermes-builder

# Get CometMock
FROM ghcr.io/informalsystems/cometmock:v0.37.x as cometmock-builder
Expand Down
20 changes: 10 additions & 10 deletions app/provider/app.go
Original file line number Diff line number Diff line change
Expand Up @@ -140,7 +140,6 @@ var (
ibcclientclient.UpgradeProposalHandler,
ibcproviderclient.ConsumerAdditionProposalHandler,
ibcproviderclient.ConsumerRemovalProposalHandler,
ibcproviderclient.EquivocationProposalHandler,
ibcproviderclient.ChangeRewardDenomsProposalHandler,
},
),
Expand Down Expand Up @@ -404,14 +403,6 @@ func New(
scopedIBCKeeper,
)

// create evidence keeper with router
app.EvidenceKeeper = *evidencekeeper.NewKeeper(
appCodec,
keys[evidencetypes.StoreKey],
app.StakingKeeper,
app.SlashingKeeper,
)

app.ProviderKeeper = ibcproviderkeeper.NewKeeper(
appCodec,
keys[providertypes.StoreKey],
Expand All @@ -424,7 +415,6 @@ func New(
app.StakingKeeper,
app.SlashingKeeper,
app.AccountKeeper,
app.EvidenceKeeper,
app.DistrKeeper,
app.BankKeeper,
authtypes.FeeCollectorName,
Expand Down Expand Up @@ -477,6 +467,16 @@ func New(
ibcRouter.AddRoute(providertypes.ModuleName, providerModule)
app.IBCKeeper.SetRouter(ibcRouter)

// create evidence keeper with router
evidenceKeeper := evidencekeeper.NewKeeper(
appCodec,
keys[evidencetypes.StoreKey],
app.StakingKeeper,
app.SlashingKeeper,
)

app.EvidenceKeeper = *evidenceKeeper

skipGenesisInvariants := cast.ToBool(appOpts.Get(crisis.FlagSkipGenesisInvariants))

// NOTE: Any module instantiated in the module manager that is later modified
Expand Down
58 changes: 0 additions & 58 deletions docs/docs/features/proposals.md
Original file line number Diff line number Diff line change
Expand Up @@ -74,37 +74,6 @@ Minimal example:
}
```

## `EquivocationProposal`
:::tip
`EquivocationProposal` will only be accepted on the provider chain if at least one of the consumer chains submits equivocation evidence to the provider.
Sending equivocation evidence to the provider is handled automatically by the interchain security protocol when an equivocation infraction is detected on the consumer chain.
:::

Proposal type used to suggest slashing a validator for double signing on consumer chain.
When proposals of this type are passed, the validator in question will be slashed for equivocation on the provider chain.

:::warning
Take note that an equivocation slash causes a validator to be tombstoned (can never re-enter the active set).
Tombstoning a validator on the provider chain will remove the validator from the validator set of all consumer chains.
:::

Minimal example:
```js
{
"title": "Validator-1 double signed on consumerchain-1",
"description": "Here is more information about the infraction so you can verify it yourself",
// the list of equivocations that will be processed
"equivocations": [
{
"height": 14444680,
"time": "2023-02-28T20:40:00.000000Z",
"power": 5500000,
"consensus_address": "<consensus address ON THE PROVIDER>"
}
]
}
```

## ChangeRewardDenomProposal
:::tip
`ChangeRewardDenomProposal` will only be accepted on the provider chain if at least one of the denomsToAdd or denomsToRemove fields is populated with at least one denom. Also, a denom cannot be repeated in both sets.
Expand All @@ -121,30 +90,3 @@ Minimal example:
"denomsToRemove": []
}
```

### Notes
When submitting equivocation evidence through an `EquivocationProposal` please take note that you need to use the consensus address (`valcons`) of the offending validator on the **provider chain**.
Besides that, the `height` and the `time` fields should be mapped to the **provider chain** to avoid your evidence being rejected.

Before submitting the proposal please check that the evidence is not outdated by comparing the infraction height with the `max_age_duration` and `max_age_num_blocks` consensus parameters of the **provider chain**.

### Gaia example:
```
➜ ~ cat genesis.json | jq ".consensus_params"
{
"block": {
...
},
"evidence": {
"max_age_duration": "172800000000000",
"max_age_num_blocks": "1000000",
"max_bytes": "50000"
},
"validator": {
...
},
"version": {}
}
```

Any `EquivocationProposal` transactions that submit evidence with `height` older than `max_age_num_blocks` and `time` older than `max_age_duration` will be considered invalid.
17 changes: 5 additions & 12 deletions docs/docs/features/slashing.md
Original file line number Diff line number Diff line change
Expand Up @@ -20,17 +20,10 @@ Instead of slashing, the provider will only jail offending validator for the dur
Slash throttling (sometimes called jail throttling) mechanism ensures that only a fraction of the validator set can be jailed at any one time to prevent malicious consumer chains from harming the provider.
:::

## Double-signing (equivocation)
infractions are not acted upon immediately.
# Cryptographic verification of equivocation and slashing
The Cryptographic verification of equivocation allows external agents to submit evidences of light client and double signing attacks observed on a consumer chain. When valid evidence is received, the malicious validators will be slashed, jailed, and tombstoned on the provider.

Upon receiving double signing evidence, the provider chain will take note of the evidence and allow for `EquivocationProposal` to be submitted to slash the offending validator.
Any `EquivocationProposal`s to slash a validator that has not double signed on any of the consumer chains will be automatically rejected by the provider chain.
The feature is outlined in [ADR-005](../adrs/adr-005-cryptographic-equivocation-verification.md) and [ADR-013](../adrs/adr-013-equivocation-slashing.md).

:::info
The offending validator will only be slashed (and tombstoned) if an `EquivocationProposal` is accepted and passed through governance.

The offending validator will effectively get slashed and tombstoned on all consumer chains.
:::

<!-- markdown-link-check-disable-next-line -->
You can find instructions on creating `EquivocationProposal`s [here](./proposals#equivocationproposal).
By sending a `MsgSubmitConsumerMisbehaviour` or a `MsgSubmitConsumerDoubleVoting` transaction, the provider will
verify the reported equivocation and, if successful, slash, jail, and tombstone the malicious validator.
4 changes: 0 additions & 4 deletions docs/docs/introduction/overview.md
Original file line number Diff line number Diff line change
Expand Up @@ -30,10 +30,6 @@ To ensure the security of the consumer chain, provider delegators cannot unbond

If downtime is initiated by a validator on a consumer chain, a downtime packet will be relayed to the provider to jail that validator for a set amount of time. The validator who committed downtime will then miss out on staking rewards for the configured jailing period.

### Equivocation (Double Sign) Slashing

Evidence of equivocation must be submitted to provider governance and be voted on. This behavior is an extra safeguard before a validator is slashed, and may be replaced by a more automated system in the future.

### Tokenomics and Rewards

Consumer chains are free to create their own native token which can be used for fees, and can be created on the consumer chain in the form of inflationary rewards. These rewards can be used to incentivize user behavior, for example, LPing or staking. A portion of these fees and rewards will be sent to provider chain stakers, but that proportion is completely customizable by the developers, and subject to governance.
Expand Down
2 changes: 1 addition & 1 deletion docs/docs/validators/overview.md
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@ More information is available in [Downtime Slashing documentation](../features/s
:::

## Double-signing Infractions
To learn more about equivocation handling in replicated security check out the [Slashing](../features/slashing.md#double-signing-equivocation) and [EquivocationProposal](../features/proposals.md#equivocationproposal) documentation sections
To learn more about equivocation handling in replicated security check out the [Slashing](../features/slashing.md) documentation section.

## Key assignment
Validators can use different consensus keys on the provider and each of the consumer chains. The consumer chain consensus key must be registered on the provider before use.
Expand Down
5 changes: 4 additions & 1 deletion proto/interchain_security/ccv/provider/v1/provider.proto
Original file line number Diff line number Diff line change
Expand Up @@ -106,10 +106,13 @@ message ConsumerRemovalProposal {
// punish a validator for equivocation on a consumer chain.
//
// This type is only used internally to the consumer CCV module.
// WARNING: This message is deprecated now that equivocations can be submitted
// and verified automatically on the provider. (see SubmitConsumerDoubleVoting in proto/interchain-security/ccv/provider/v1/tx.proto).
message EquivocationProposal {
option deprecated = true;
// the title of the proposal
string title = 1;
// the description of the proposal
// the description of the proposal
string description = 2;
// the list of equivocations that will be processed
repeated cosmos.evidence.v1beta1.Equivocation equivocations = 3;
Expand Down
40 changes: 38 additions & 2 deletions proto/interchain_security/ccv/provider/v1/tx.proto
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,17 @@ package interchain_security.ccv.provider.v1;
option go_package = "github.com/cosmos/interchain-security/v3/x/ccv/provider/types";

import "gogoproto/gogo.proto";
import "cosmos_proto/cosmos.proto";
import "google/protobuf/any.proto";
import "ibc/lightclients/tendermint/v1/tendermint.proto";
import "tendermint/types/evidence.proto";


// Msg defines the Msg service.
service Msg {
rpc AssignConsumerKey(MsgAssignConsumerKey)
returns (MsgAssignConsumerKeyResponse);
rpc AssignConsumerKey(MsgAssignConsumerKey) returns (MsgAssignConsumerKeyResponse);
rpc SubmitConsumerMisbehaviour(MsgSubmitConsumerMisbehaviour) returns (MsgSubmitConsumerMisbehaviourResponse);
rpc SubmitConsumerDoubleVoting(MsgSubmitConsumerDoubleVoting) returns (MsgSubmitConsumerDoubleVotingResponse);
}

message MsgAssignConsumerKey {
Expand All @@ -25,3 +31,33 @@ message MsgAssignConsumerKey {
}

message MsgAssignConsumerKeyResponse {}


// MsgSubmitConsumerMisbehaviour defines a message that reports a light client attack,
// also known as a misbehaviour, observed on a consumer chain
message MsgSubmitConsumerMisbehaviour {
option (gogoproto.equal) = false;
option (gogoproto.goproto_getters) = false;
string submitter = 1;
// The Misbehaviour of the consumer chain wrapping
// two conflicting IBC headers
ibc.lightclients.tendermint.v1.Misbehaviour misbehaviour = 2;
}

message MsgSubmitConsumerMisbehaviourResponse {}


// MsgSubmitConsumerDoubleVoting defines a message that reports
// a double signing infraction observed on a consumer chain
message MsgSubmitConsumerDoubleVoting {
option (gogoproto.equal) = false;
option (gogoproto.goproto_getters) = false;
string submitter = 1;
// The equivocation of the consumer chain wrapping
// an evidence of a validator that signed two conflicting votes
tendermint.types.DuplicateVoteEvidence duplicate_vote_evidence = 2;
// The light client header of the infraction block
ibc.lightclients.tendermint.v1.Header infraction_block_header = 3;
}

message MsgSubmitConsumerDoubleVotingResponse {}
49 changes: 34 additions & 15 deletions tests/e2e/action_rapid_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,6 @@ func GetActionGen() *rapid.Generator[any] {
GetSubmitConsumerAdditionProposalActionGen().AsAny(),
GetSubmitConsumerRemovalProposalActionGen().AsAny(),
GetSubmitParamChangeProposalActionGen().AsAny(),
GetSubmitEquivocationProposalActionGen().AsAny(),
GetVoteGovProposalActionGen().AsAny(),
GetStartConsumerChainActionGen().AsAny(),
GetAddChainToRelayerActionGen().AsAny(),
Expand All @@ -91,6 +90,9 @@ func GetActionGen() *rapid.Generator[any] {
CreateLightClientEquivocationAttackActionGen().AsAny(),
CreateLightClientAmnesiaAttackActionGen().AsAny(),
CreateLightClientLunaticAttackActionGen().AsAny(),
GetStartConsumerEvidenceDetectorActionGen().AsAny(),
GetForkConsumerChainActionGen().AsAny(),
GetUpdateLightClientActionGen().AsAny(),
)
}

Expand Down Expand Up @@ -209,7 +211,7 @@ func GetStartChainActionGen() *rapid.Generator[StartChainAction] {
Chain: GetChainIDGen().Draw(t, "Chain"),
Validators: GetStartChainValidatorsGen().Draw(t, "Validators"),
GenesisChanges: rapid.String().Draw(t, "GenesisChanges"),
SkipGentx: rapid.Bool().Draw(t, "SkipGentx"),
IsConsumer: rapid.Bool().Draw(t, "IsConsumer"),
}
})
}
Expand Down Expand Up @@ -280,19 +282,6 @@ func GetSubmitParamChangeProposalActionGen() *rapid.Generator[submitParamChangeL
})
}

func GetSubmitEquivocationProposalActionGen() *rapid.Generator[submitEquivocationProposalAction] {
return rapid.Custom(func(t *rapid.T) submitEquivocationProposalAction {
return submitEquivocationProposalAction{
Chain: GetChainIDGen().Draw(t, "Chain"),
From: GetValidatorIDGen().Draw(t, "From"),
Deposit: rapid.Uint().Draw(t, "Deposit"),
Height: rapid.Int64().Draw(t, "Height"),
Time: GetTimeGen().Draw(t, "Time"),
Power: rapid.Int64().Draw(t, "Power"),
}
})
}

func TestMarshalAndUnmarshalTime(t *testing.T) {
rapid.Check(t, func(t *rapid.T) {
time1 := GetTimeGen().Draw(t, "time")
Expand Down Expand Up @@ -506,3 +495,33 @@ func GetWaitTimeAction() *rapid.Generator[waitTimeAction] {
}
})
}

func GetForkConsumerChainActionGen() *rapid.Generator[forkConsumerChainAction] {
return rapid.Custom(func(t *rapid.T) forkConsumerChainAction {
return forkConsumerChainAction{
ConsumerChain: GetChainIDGen().Draw(t, "ConsumerChain"),
ProviderChain: GetChainIDGen().Draw(t, "ProviderChain"),
Validator: GetValidatorIDGen().Draw(t, "Validator"),
RelayerConfig: rapid.String().Draw(t, "RelayerConfig"),
}
})
}

func GetStartConsumerEvidenceDetectorActionGen() *rapid.Generator[startConsumerEvidenceDetectorAction] {
return rapid.Custom(func(t *rapid.T) startConsumerEvidenceDetectorAction {
return startConsumerEvidenceDetectorAction{
Chain: GetChainIDGen().Draw(t, "Chain"),
}
})
}

func GetUpdateLightClientActionGen() *rapid.Generator[updateLightClientAction] {
return rapid.Custom(func(t *rapid.T) updateLightClientAction {
return updateLightClientAction{
Chain: GetChainIDGen().Draw(t, "Chain"),
HostChain: GetChainIDGen().Draw(t, "HostChain"),
RelayerConfig: rapid.String().Draw(t, "RelayerConfig"),
ClientID: rapid.String().Draw(t, "ClientID"),
}
})
}
Loading

0 comments on commit 1e8512a

Please sign in to comment.