-
Notifications
You must be signed in to change notification settings - Fork 122
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pause unbondings while equivocation slashing proposal is in voting period #747
Comments
What about the This might need an extra check in |
That's a really interesting point- we have to think through how this interacts with the existing use of the API. At first glance, I think it's not a problem. Unbondings are actually paused with a counter. So if it's paused twice it needs to be unpaused twice. But this definitely needs to be thought through |
@jtremback Don't you think this pause should be triggered on proposal activation rather than on proposal creation ? Because if it's on proposal creation, I fear that some malicious people could pause the validator unbondings almost indefinitively, by submitting the same equivocation proposal consecutively. |
Well, you can't make the equivocation proposal at all unless a consumer chain claims the validator has equivocated. So for this to be an avenue of attack, you would also need a consumer chain to forge slash packets. Of course since this is the attack that we are trying to prevent, we can't count on it not being possible. We could do a lot better to keep track of the slash packets. Right now we just check that there has been one at all. We could enhance this so that it needs to have been in the last unbodnign period |
Indeed, there's probably enough safeguard for now. Anyway, the pause on proposal creation is coded right now, but it's trivial to change it for proposal activation. Now we're working on removing the pause when the voting period (or deposit period) is over. |
@jtremback I just realized that the answer to my question is actually in the issue title :
This excludes pause during the deposit period, so the pause should be triggered when the voting period starts, not when the proposal is created. Can you confirm ? |
That's a really good question. I will have to think about it. |
Fix cosmos#747 The change registers 2 gov module hooks in the provider module: - `AfterProposalDeposit`: if the proposal is an equivocation proposal in voting period, then call `PutUnbondingOnHold` for each unbondings of each validators found in the proposal. - `AfterProposalVotingPeriodEnded`: if the proposal is an equivocation proposal, then call `UnbondingCanComplete` for each unbondings of each validators found in the proposal. A new key is also added, to store the equivocation proposal ID for which unbondings have been put on hold. This covers 2 specific cases: - The gov module allows additional deposits even if the proposal is already in voting period. So when `AfterProposalDeposit` is invoked, we have to make sure the proposal is in voting period for the first time before puting the unbondings on hold. This is simply handled by checking if the proposal ID exists in the store at the beginning of the hook, and then storing it if not. - If the provider chain is upgraded with this change and there's already an equivocation proposal in voting period, `AfterProposalVotingPeriodEnded` could be invoked without the initial `AfterProposalDeposit`, so some unbondings could be un-paused while they hadn't been paused (conflicts with `AfterUnbondingInitiated` hook). To prevent that, we check the proposal ID exists in the store, which means `AfterProposalDeposit` has been called prevouisly. Co-authored-by: Albert Le Batteux <[email protected]>
@jtremback The PR is now opened, we can continue the discussion inside it. |
@jtremback @mpoke @albttx @giunatale The ADR #964 has been merged, but it's still in the draft status. @mpoke raised important points that were added to the ADR (dd353c2) and must be fixed in the implementation #791 :
Before we rebase and add those points, I think we should first continue the discussions, and we'll work on that only if the ADR is finally accepted. I think the blocking point is mainly related to that part #964 (comment). |
@tbruyelle I've thought of another possible issue with this approach. Maybe you can tell me if it sounds like a problem. It seems to me that an attacker could keep a validator's unbondings paused continually by submitting and resubmitting this type of proposal. Of course, this could only happen if that validator had already been slashed unfairly by a malicious consumer chain, and it would cost the attacker the deposit. Additionally, we are getting closer to having actual cryptographic verification of equivocation evidence, so I'm not sure how much we should pursue this. But again, thanks very much for your work, it is very good. |
From what I understand, #964 (comment) concludes that this ADR is a possible approach to be followed at least until #732 is done.
With this in mind, what is effectively holding back this ADR from being implemented? |
I didn't see this when I wrote my reply, I believe I was on an old browser tab that was not refreshed. Apologies. With that said, if the cryptographic verification is really close to completion, maybe you are right, this might be not worth pursuing. It really depends - IMHO - what it means "close to completion". |
@jtremback the problem you're talking about was one of our first concerns, so yes we still believe this can be a real issue, even with the need of having a slash log in the provider chain or with the need of initial deposit. I think @giunatale has raised good points to mitigate that, but that will require more work and add more complexity. Cryptographic equivocation looks like a better solution, but unfortunately it's not complete for now (handles only light client attack and can't slash). |
Closing as no longer relevant since #1340 was merged. |
* scaffolding for 29-fee (cosmos#274) * scaffolding for 29-fee * fix build * update keeper test * remove module test * feat: adding proto files for fee payment middleware (cosmos#272) * feat: adding proto files for fee payment middleware * grammar * fix: remove generated .pb files * fix: comment * feat: adding PacketId type * refactor: fee / genesis * refactor: escrowed fees map * Apply suggestions from code review Co-authored-by: colin axnér <[email protected]> * Update proto/ibc/applications/middleware/fee/v1/tx.proto Co-authored-by: colin axnér <[email protected]> * Update proto/ibc/applications/middleware/fee/v1/tx.proto Co-authored-by: colin axnér <[email protected]> * Update proto/ibc/applications/middleware/fee/v1/tx.proto Co-authored-by: colin axnér <[email protected]> * refactor: use packetID + minor changes * feat: adding query for all incentivized packets + some fixes * feat: adding pagination to incentivized query * fix: removing generated ibc directory + adding import/yaml * fix: naming * increase max depth for proto file searching and make proto all * Update proto/ibc/applications/middleware/fee/v1/fee.proto Co-authored-by: colin axnér <[email protected]> * refactor: remove file imports/add yaml/add argument for requests * refactor: updating IdentifiedPacketFee * fix: remove hidden file * removing middleware dir & adding query * remove junk file and update query rpcs * Apply suggestions from code review * Apply suggestions from code review * remove query yaml, make proto-all Co-authored-by: colin axnér <[email protected]> Co-authored-by: Aditya Sripal <[email protected]> * fix: removing unncessary fields MsgEscrow & adding query params (cosmos#300) * fix: removing unncessary fields MsgEscrow & adding query params * fix: grammar * fix: add yaml * feat: cosmos#258 Register Counterparty Address (cosmos#376) * feat: adding MsgServer for RegisterCounterPartyAddress & EscrowPacketFree * test: adding test for ValidateBasic * fix: removing validate basic check * fix: removing empty file * Update modules/apps/29-fee/keeper/msg_server.go Co-authored-by: colin axnér <[email protected]> * Update modules/apps/29-fee/types/msgs.go Co-authored-by: colin axnér <[email protected]> * Update modules/apps/29-fee/types/keys.go Co-authored-by: colin axnér <[email protected]> * Update modules/apps/29-fee/keeper/keeper.go Co-authored-by: Aditya <[email protected]> * fix: fixing typos, variable names, comments * fix: updating import comments * test: adding test for KeyRelayerAddress * update: comments & key_test * Update modules/apps/29-fee/keeper/msg_server.go Co-authored-by: colin axnér <[email protected]> * fix: error message * docs: updating RegisterCounterpartyAddress fn description Co-authored-by: colin axnér <[email protected]> Co-authored-by: Aditya <[email protected]> * fix: remove comments for imports (cosmos#385) * feat: Add handshake logic to ics29 (cosmos#307) * do handshake logic, create test file * do cap logic and fix build * open handshake implementation and tests * remove prints * Update modules/apps/29-fee/module.go Co-authored-by: Sean King <[email protected]> * debugging progress * fee enabled flag * cleanup handshake logic * fix tests * much cleaner simapp * split module.go file * cleanup and docs * assert IBC interfaces are fulfilled in middleware * Update modules/apps/transfer/module.go Co-authored-by: colin axnér <[email protected]> * Apply suggestions from code review Co-authored-by: colin axnér <[email protected]> * fix unnecessary crossing hello logic * fix version negotiation bugs and improve tests * cleanup tests * Apply suggestions from code review Co-authored-by: colin axnér <[email protected]> * Apply suggestions from code review Co-authored-by: colin axnér <[email protected]> * address rest of colin comments Co-authored-by: Sean King <[email protected]> Co-authored-by: colin axnér <[email protected]> * Fee Middleware: Escrow logic (cosmos#465) * fix: adding second endpoint for async pay fee + renaming types * feat: adding escrow logic * feat: updating proto types & escrow logic * fix: stub fn & proto comment * feat: adding PayFee & PayFeeTimeout & escrow_test * test: adding happy path for EscrowPacketFee * fix: comments, error handling * fix: comments & grammar * test: adding unhappy path for escrow * tests(escrow): adding hasBalance check for module acc * test(PayFee): adding happy path for PayFee tests * tests(PayFee, PayFeeTimeout): adding tests * fix: adding relayers back to IdentifiedPacket * fix: removing refund acc from key * fix: storing IdentifiedPacketFee in state instead of Fee * feat: adding msg_server test for registerCPAddr, wiring for codec + stubs for sdk.Msg interface * test: adding msg_server test for PayPacketFee * test: adding PayPacketFeeAsync msg_server test * chore: updating PayFee -> DistributeFee & minor nits * nit: removing unnecessary nil check * refactor: add portId to store key & use packetId as param * fix: add DeleteFeeInEscrow & remove fee on successful distribution * tests: adding validation & signer tests for PayFee/Async & updating proto to use Signer sdk standard * chore: adding NewIdentifiedPacketFee fn * fix: getter/setter for counterparty address + fix NewIdentifiedPacketFee * fix: updating EscrowPacketFee with correct usage of coins api * test: adding balance check for refund acc after escrow * fix: remove unncessary errors * test: updating escrow tests + miscellaneous fixes * nit: updating var names * docs: godoc * refactor: IdentifiedPacketFee & Fee no longer pointers * fixes: small fixes * Update modules/apps/29-fee/keeper/escrow.go Co-authored-by: Aditya <[email protected]> * Update modules/apps/29-fee/keeper/escrow.go Co-authored-by: Aditya <[email protected]> * Update modules/apps/29-fee/keeper/keeper.go Co-authored-by: Aditya <[email protected]> * Update modules/apps/29-fee/keeper/msg_server.go Co-authored-by: Aditya <[email protected]> * Update modules/apps/29-fee/keeper/msg_server.go Co-authored-by: Aditya <[email protected]> * Update modules/apps/29-fee/types/msgs.go Co-authored-by: Aditya <[email protected]> * nit: proto doc & error fix * fix: escrow test * test: updating distribute fee tests * test: adding validation check for fee and updating tests * test: allow counterparty address to be arbitrary string * fix: message validation should pass if one fee is valid * Update modules/apps/29-fee/keeper/escrow.go Co-authored-by: colin axnér <[email protected]> * Update modules/apps/29-fee/keeper/escrow.go Co-authored-by: colin axnér <[email protected]> * fix: nits * Update modules/apps/29-fee/keeper/escrow.go Co-authored-by: colin axnér <[email protected]> * test: adding isZero check for msgs Co-authored-by: Aditya <[email protected]> Co-authored-by: colin axnér <[email protected]> * feat: update protos, grpc queries (cosmos#488) * store refund address in IdentifiedPacketFee (cosmos#546) * 29-Fee: Genesis (cosmos#557) * proto: adding genesis state * feat: add GetAllIdentifiedPacketFees * feat: adding genesis.go & updating proto + app.go * fix: removing PortId from genesis * feat: adding GetAll for relayer addr/fee enabled chan + update genesis * test: TestExportGenesis * feat: update type + hook up to module.go * fix: remove PortKey * fix: imports + remove scoped keeper * nit: using NewPacketId helper and updating helper def to have correct params * feat: adding genesis validation + tests (cosmos#561) * feat: adding genesis validation + tests * fix: imports * Update modules/apps/29-fee/types/genesis.go * fix: nit * Update modules/apps/29-fee/types/genesis_test.go Co-authored-by: Aditya <[email protected]> * nit: imporve default gen val test * chore: move packetId + val to channeltypes and use validate fn Co-authored-by: Aditya <[email protected]> * feat: add incentivised ack proto (cosmos#564) * proto file * incentivized ack proto * Fee Closing Handshake (cosmos#551) * add iterate logic * add closing logic with tests * add comments for panic * change invariant breaking recovery to disabling middleware rather than panicing * docs, tests, minor refactor * Fee Middleware: Add ICS4 wrapper (cosmos#562) * chore: add ICS4 wrapper * fix: remove channelKeeper sender packet * chore: add WriteAck * feat: ics 29 packet callbacks (cosmos#357) * update imports to v3 * regenerate proto files * fix build * fix: event caching for fee distribution (cosmos#661) * proto file * initial impl * apply self review suggestions Deduplicate fee distribution code. Rename DistributeFee to DistributePacketFees. Rename DistributeFeeTimeout to DistributePacketFeesOnTimeout * fixup tests rename validCoins. DistributePacketFeesOnTimeout no longer has a valid error case Add test case for invalid forward relayer address on DistributePacketFees. * partially fix tests timeout fee is still being distributed depsite WriteFn() not being called * fix tests * address code nit Co-authored-by: Colin Axnér <[email protected]> * ics4 callbacks fee middleware (cosmos#580) * feat: adding WriteAcknowledgement * updating genesis & relayer prefix * fix: comment * fix: comments * Update modules/apps/29-fee/keeper/relay.go Co-authored-by: colin axnér <[email protected]> * feat: add DeleteForwardRelayerAddr helper + use Set in ack * fix: SetForwardAddr * chore: add panic * fix: remove fmt * test: add WriteAcknowledgement test * Update modules/apps/29-fee/ibc_module.go Co-authored-by: Aditya <[email protected]> * fix: remove print * fix: WriteAck * fix: use constructor * Update modules/apps/29-fee/keeper/keeper.go Co-authored-by: colin axnér <[email protected]> * fix: nits * fix: remove found var not used * test: adding check that forward relayer address is successfully deleted if set * fix: merge issues Co-authored-by: colin axnér <[email protected]> Co-authored-by: Aditya <[email protected]> * chore: making PacketId non nullable (cosmos#737) * nits: proto spacing + naming (cosmos#739) * nits: proto spacing + naming * nit: update comment * fix: go.mod * nit: option above import proto * fix: spacing * sean/fix-proto-identified-fee-not-null (cosmos#746) * nits: more ics29 nits (cosmos#741) * nits: remove capital from error + add godoc * nit: add Wrapf * nit: use strings.TrimSpace * nit: add err type for MsgPayPacketFee * refactor: app version + add comment (cosmos#750) * chore: remove error * test: add test for whitespaced empty string * nit: update err syntax (cosmos#747) * nit: update err syntax * nit: more * nit: err syntax * feat: adding Route, Type, GetSignBytes for all messages (cosmos#743) * feat: adding Route, Type, GetSignBytes for all messages * tests: adding tests for Route/Type/GetSignBytes * hygiene: add validate fn for Fee (cosmos#748) * hygiene: add validate fn for Fee * Update modules/apps/29-fee/types/msgs.go Co-authored-by: Damian Nolan <[email protected]> * fix: error message * test: move Validate to fee.go & abstract out test * chore: remove test cases Co-authored-by: Damian Nolan <[email protected]> * fix: app.go (cosmos#789) * refactor: ics29 json encoded version metadata (cosmos#883) * adding metadata type to ics29 protos * updating ics29 handshake handlers to support json encoded metadata * updating tests to support json encoded metadata * Update modules/apps/29-fee/ibc_module.go Co-authored-by: colin axnér <[email protected]> * Update modules/apps/29-fee/ibc_module.go Co-authored-by: colin axnér <[email protected]> * renaming metadata version to fee_version Co-authored-by: colin axnér <[email protected]> * fix: return nil on OnRecvPacket for async pay (cosmos#911) * nit: ics29 comments (cosmos#910) * fix: comments * Update modules/apps/29-fee/keeper/escrow.go Co-authored-by: Aditya <[email protected]> * chore: Add transfer test for ics29 (cosmos#901) * begin writing transfer test for ics29 * finish writing transfer test * refactor: ics29 OnChanOpenInit callback tests now use mock module (cosmos#924) * refactor: OnChanOpenInit callback tests now use mock module * Update modules/apps/29-fee/fee_test.go * feat: allow multiple addrs to incentivize packets (cosmos#915) * [WIP] allow multiple addresses to incentivize a packet * distribute multiple fees, fix broken tests * use NewIdentifiedPacketFees in EscrowPacketFee * cleanup var naming * removing commented out code and adding test case * Update modules/apps/29-fee/ibc_module.go Co-authored-by: Aditya <[email protected]> * fix: refund RecvFee if ForwardAddr is invalid * test: update tests to distribute multiple identified fees * refactor: clean up DistrPacketFees * refactor: using .Empty() helper func for code hygiene Co-authored-by: Aditya <[email protected]> Co-authored-by: Sean King <[email protected]> Co-authored-by: Sean King <[email protected]> * chore: remove spec directory from ics29 (cosmos#934) * refactor: use mock module for ics29 closing handshakes (cosmos#926) * refactor: use mock module for closing handshakes in ics29 * self-review fix * refactor: use mock module for ics29 grpc_query_test.go (cosmos#933) * refactor: readjust keeper_test.go to use mock module (cosmos#930) * fix: fields for genesis should be non nullable (cosmos#938) * refactor: use mock module for ics29 escrow_test.go (cosmos#932) * refactor: use mock module for ics29 genesis_test.go (cosmos#931) * ics29:feat: emit event escrow (cosmos#914) * feat: emit EventTypeSendIncentivizedPacket event on EscrowPacket * fix: string conversion * refactor: add helper fn for emit event * chore: godoc * nit: use .String()) * refactor: OnRecvPacket to use mock module (cosmos#927) Co-authored-by: Sean King <[email protected]> * refactor: ics29 OnChanOpenTry/Ack use mock module for testing instead of ics20 (cosmos#925) Co-authored-by: Sean King <[email protected]> * refactor: use mock module for OnAcknowledgePacket callback testing (cosmos#929) Co-authored-by: Sean King <[email protected]> * refactor: OnTimeoutPacket to use mock module (cosmos#928) Co-authored-by: Sean King <[email protected]> * chore: add packet id arg to EscrowPacketFee (cosmos#951) * adding packet id arg to EscrowPacketFee * updating tests * review adaptations * chore: remove legacy testing functions (cosmos#954) * fix:ics29: WriteAck update + adding success bool to IncentivizedAck (cosmos#952) * fix: updating WriteAck & adding Success boolean to IncentivizedAcknowledgement * feat: adding check of is fee enabled * nit: change successful to underlying_application_success * test: adding seperate test for fee disabled write async * Update modules/apps/29-fee/ibc_module_test.go Co-authored-by: Aditya <[email protected]> * test: adding check to compare hash of acks * fix: var name Co-authored-by: Aditya <[email protected]> * chore: add cli cmd to incentivize existing packet (async) (cosmos#965) * chore: add cli to incentivize existing packets * Update modules/apps/29-fee/client/cli/cli.go * Update modules/apps/29-fee/client/cli/cli.go Co-authored-by: Aditya <[email protected]> * chore: update cli example Co-authored-by: Aditya <[email protected]> * ics29:fix: counterparty addr must contain channelID (cosmos#937) * fix: counterparty address must chain channelID * nit: updating var name * test: adding validation check for channelID * nit: fn names * chore: fix err msg (cosmos#971) * ics29:fix: store source address for query later on WriteAck (cosmos#912) * fix: for async WriteAck store source address for query later * ics29:fix: update genesis type (cosmos#913) * fix: adding ForwardRelayerAddresses to genesis * fix: trimspace on string check * nit: err + trimspace error case * refactor: updating WriteAck + keeper fn name * Update modules/apps/29-fee/keeper/relay.go Co-authored-by: Damian Nolan <[email protected]> * chore: remove legacy testing functions (cosmos#954) * fix:ics29: WriteAck update + adding success bool to IncentivizedAck (cosmos#952) * fix: updating WriteAck & adding Success boolean to IncentivizedAcknowledgement * feat: adding check of is fee enabled * nit: change successful to underlying_application_success * test: adding seperate test for fee disabled write async * Update modules/apps/29-fee/ibc_module_test.go Co-authored-by: Aditya <[email protected]> * test: adding check to compare hash of acks * fix: var name Co-authored-by: Aditya <[email protected]> Co-authored-by: Damian Nolan <[email protected]> Co-authored-by: colin axnér <[email protected]> Co-authored-by: Aditya <[email protected]> * refactor: make fee storage more efficient (cosmos#956) * adding new proto types and codegen * refactoring ics29 fees for more efficient storage * updating tests * fixing typo in protodoc comments * chore: update ics29 genesis state to support multiple packet fees (cosmos#957) * adding new proto types and codegen * refactoring ics29 fees for more efficient storage * updating tests * updating genesis protos to use IdentifiedPacketFees * updating init/export genesis state functionality and tests * chore: update MsgPayPacketFeeAsync fields (cosmos#979) * adding new proto types and codegen * refactoring ics29 fees for more efficient storage * updating tests * fixing typo in protodoc comments * updating protos and codegen * updating MsgPayPacketFeeAsync handler and tests * chore: add ParseKeyFeesInEscrow helper function (cosmos#998) * chore: update grpc queries to handle multiple fees (cosmos#967) * adding new proto types and codegen * refactoring ics29 fees for more efficient storage * updating tests * updating protos and existing queries * updating grpc queries and refactoring tests * format error correct in favour of proto string() method * leveraging ParseKeyFeesInEscrow to obtain packet id in query * feat: CLI cmd for MsgRegisterCounterpartyAddress (cosmos#987) * feat: CLI cmd for MsgRegisterCounterpartyAddress * fix: examples * Update modules/apps/29-fee/client/cli/tx.go Co-authored-by: colin axnér <[email protected]> * Update modules/apps/29-fee/client/cli/tx.go Co-authored-by: colin axnér <[email protected]> * chore: remove print * nit: update address for counterparty Co-authored-by: colin axnér <[email protected]> * fix: ics29: switch source with destintion for chan/port IDs (cosmos#961) * fix: switch source with destintion for chan/port IDs * fix: blunder * test: adding tests in case of incorrect channel/port id * test: moving check to WriteAcknowledgement * add test case for Get/Set counterparty address * nit: path name * Update modules/apps/29-fee/keeper/msg_server_test.go * test: cleanup 29-fee/types tests (cosmos#1006) * feat: grpc query total recv packet fees (cosmos#1015) * adding query for total packet recv fees to proto query server * adding total packet recv fee query impl and tests * updating doc comments * chore: switch code ordering (cosmos#1025) * feat: Add ParseKeyFeeEnabled and rename FeeEnabledKey -> KeyFeeEnabled (cosmos#1023) * chore: add ParseKeyFeesInEscrow helper function * feat: add ParseKeyFeeEnabled function and rename FeeEnabledKey to KeyFeeEnabled * feat: ics29 cli for query total recv fees (cosmos#1035) * feat: grpc query total ack fees (cosmos#1032) * adding query for total packet recv fees to proto query server * adding total packet recv fee query impl and tests * updating doc comments * adding protos and codegen * adding total ack fees query and tests * fixing protodoc comment * feat: grpc query total timeout fees (cosmos#1033) * adding query for total packet recv fees to proto query server * adding total packet recv fee query impl and tests * updating doc comments * adding protos and codegen * adding total ack fees query and tests * adding protos and codegen * adding query total timeout fees and tests * fixing protodoc comment * fixing protodoc comment * feat: adding clis for total ack and timeout queries (cosmos#1043) * add ParseKeyForwardRelayerAddress function + test (cosmos#1046) * chore: remove unused ics29 keeper funcs (cosmos#1044) * removing keys, adding additional test, moving event attribute keys * removing unused code and updating tests * removing unused IdentifiedPacketFee type * chore: add gRPC for querying incentivized packets for a specific channel (cosmos#983) * generate proto files * feat: add gRPC for querying incentivized packets for a specific channel * test: add gRPC test for incentivized packets for channel query * fix build * partially fix tests * chore: fix tests * deduplicate code * chore: code cleanup * fix build * remove changes from merge conflict * nit: rename c to goCtx * add function EscrowAccountHasBalance (cosmos#1042) * add function EscrowAccountHasBalance * change API to use sdk.Coins * feat: ParseKeyCounterpartyRelayer function (cosmos#1047) * chore: adding queries to cmd builder (cosmos#1057) * chore: update ics29 protodocs (cosmos#1055) * updating protodocs comments and regen code/docs * Update proto/ibc/applications/fee/v1/tx.proto Co-authored-by: colin axnér <[email protected]> * updating incentivized ack doc Co-authored-by: colin axnér <[email protected]> * add counter party channel ID to argument list of on channel open ack (cosmos#1159) Co-authored-by: Carlos Rodriguez <[email protected]> * ADR 004: Fee module locking in the presence of severe bugs (cosmos#1060) * add adr 004 * add to README * Update docs/architecture/adr-004-ics29-lock-fee-module.md Co-authored-by: Aditya <[email protected]> * Update docs/architecture/adr-004-ics29-lock-fee-module.md Co-authored-by: Aditya <[email protected]> Co-authored-by: Carlos Rodriguez <[email protected]> Co-authored-by: Aditya <[email protected]> * nit: packetID var name (cosmos#1214) * ics29: update with changes from main (cosmos#1221) * add banner image (cosmos#1158) Co-authored-by: Carlos Rodriguez <[email protected]> * Add alpha, beta, and rc release definitions (cosmos#1151) ## Description The proposed definitions for each phase of our release cycle. Please feel free to adjust my wording closes: cosmos#881 --- Before we can merge this PR, please make sure that all the following items have been checked off. If any of the checklist items are not applicable, please leave them but write a little note why. - [ ] Targeted PR against correct branch (see [CONTRIBUTING.md](https://github.com/cosmos/ibc-go/blob/master/CONTRIBUTING.md#pr-targeting)) - [ ] Linked to Github issue with discussion and accepted design OR link to spec that describes this work. - [ ] Code follows the [module structure standards](https://github.com/cosmos/cosmos-sdk/blob/master/docs/building-modules/structure.md). - [ ] Wrote unit and integration [tests](https://github.com/cosmos/ibc-go/blob/master/CONTRIBUTING.md#testing) - [ ] Updated relevant documentation (`docs/`) or specification (`x/<module>/spec/`) - [ ] Added relevant `godoc` [comments](https://blog.golang.org/godoc-documenting-go-code). - [ ] Added a relevant changelog entry to the `Unreleased` section in `CHANGELOG.md` - [ ] Re-reviewed `Files changed` in the Github PR explorer - [ ] Review `Codecov Report` in the comment section below once CI passes * build(deps): bump google.golang.org/protobuf from 1.27.1 to 1.28.0 (cosmos#1164) Bumps [google.golang.org/protobuf](https://github.com/protocolbuffers/protobuf-go) from 1.27.1 to 1.28.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/protocolbuffers/protobuf-go/releases">google.golang.org/protobuf's releases</a>.</em></p> <blockquote> <h2>v1.28.0</h2> <ul> <li><a href="https://github.com/protocolbuffers/protobuf-go/blob/HEAD/#v1.28-overview">Overview</a></li> <li><a href="https://github.com/protocolbuffers/protobuf-go/blob/HEAD/#v1.28-notable-changes">Notable changes</a> <ul> <li><a href="https://github.com/protocolbuffers/protobuf-go/blob/HEAD/#v1.28-recursion-limit">UnmarshalOption RecursionLimit</a></li> </ul> </li> <li><a href="https://github.com/protocolbuffers/protobuf-go/blob/HEAD/#v1.28-breaking-changes">Upcoming breakage changes</a></li> </ul> <h2>Overview </h2> <p>The release provides a new unmarshal option for limiting the recursion depth when unmarshalling nested messages to prevent stack overflows. (<a href="https://pkg.go.dev/google.golang.org/protobuf/proto#UnmarshalOptions.RecursionLimit"><code>UnmarshalOptions.RecursionLimit</code></a>).</p> <h2>Notable changes </h2> <p><strong>New features:</strong></p> <ul> <li><a href="https://go.dev/cl/340489">CL/340489</a>: testing/protocmp: add Message.Unwrap</li> </ul> <p><strong>Documentation improvements:</strong></p> <ul> <li><a href="https://go.dev/cl/339569">CL/339569</a>: reflect/protoreflect: add more docs on Value aliasing</li> </ul> <p><strong>Updated supported versions:</strong></p> <ul> <li><a href="https://go.dev/cl/370055">CL/370055</a>: all: update supported versions</li> </ul> <h3>UnmarshalOption RecursionLimit </h3> <ul> <li><a href="https://golang.org/cl/385854">CL/385854</a>: all: implement depth limit for unmarshalling</li> </ul> <p>The new <a href="https://pkg.go.dev/google.golang.org/protobuf/proto#UnmarshalOptions.RecursionLimit"><code>UnmarshalOptions.RecursionLimit</code></a> limits the maximum recursion depth when unmarshalling messages. The limit is applied for nested messages. When messages are nested deeper than the specified limit the unmarshalling will fail. If unspecified, a default limit of 10,000 is applied.</p> <p>In addition to the configurable limit for message nesting a non-configurable recursion limit for <a href="https://developers.google.com/protocol-buffers/docs/proto#groups">group</a> nesting of 10,000 was introduced.</p> <h2>Upcoming breakage changes </h2> <p>The default recursion limit of 10,000 introduced in the release is subject to change. We want to align this limit with implementations for other languages in the long term. C++ and Java use a limit of 100 which is also the target for the Go implementation.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/protocolbuffers/protobuf-go/commit/32051b4f86e54c2142c7c05362c6e96ae3454a1c"><code>32051b4</code></a> all: release v1.28.0</li> <li><a href="https://github.com/protocolbuffers/protobuf-go/commit/3992ea83a23c00882339f33511074d251e19822c"><code>3992ea8</code></a> all: implement depth limit for unmarshaling</li> <li><a href="https://github.com/protocolbuffers/protobuf-go/commit/e5db2960ed1380681b571cdf4648230beefaf58b"><code>e5db296</code></a> all: update supported versions</li> <li><a href="https://github.com/protocolbuffers/protobuf-go/commit/3a9e1dc314e2cb57d6cb054df513f17586295fc7"><code>3a9e1dc</code></a> all: gofmt all</li> <li><a href="https://github.com/protocolbuffers/protobuf-go/commit/26e8bcb3c743193558d1a0ff540c9e05f999267d"><code>26e8bcb</code></a> all: remove unnecessary string([]byte) conversion in fmt.Sprintf with %s</li> <li><a href="https://github.com/protocolbuffers/protobuf-go/commit/5aec41b4809b9822a34e17acd06ae9ae9f41c13d"><code>5aec41b</code></a> testing/protocmp: add Message.Unwrap</li> <li><a href="https://github.com/protocolbuffers/protobuf-go/commit/05be61fde35dcaa3502f4430edee444a294d41c3"><code>05be61f</code></a> reflect/protoreflect: add more docs on Value aliasing</li> <li><a href="https://github.com/protocolbuffers/protobuf-go/commit/b03064a95cacfede187231741d9918a75653057d"><code>b03064a</code></a> all: start v1.27.1-devel</li> <li>See full diff in <a href="https://github.com/protocolbuffers/protobuf-go/compare/v1.27.1...v1.28.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google.golang.org/protobuf&package-manager=go_modules&previous-version=1.27.1&new-version=1.28.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> * fix typos in the controller params (cosmos#1172) ## Description closes: #XXXX --- Before we can merge this PR, please make sure that all the following items have been checked off. If any of the checklist items are not applicable, please leave them but write a little note why. - [x] Targeted PR against correct branch (see [CONTRIBUTING.md](https://github.com/cosmos/ibc-go/blob/master/CONTRIBUTING.md#pr-targeting)) - [ ] Linked to Github issue with discussion and accepted design OR link to spec that describes this work. - [ ] Code follows the [module structure standards](https://github.com/cosmos/cosmos-sdk/blob/master/docs/building-modules/structure.md). - [ ] Wrote unit and integration [tests](https://github.com/cosmos/ibc-go/blob/master/CONTRIBUTING.md#testing) - [ ] Updated relevant documentation (`docs/`) or specification (`x/<module>/spec/`) - [ ] Added relevant `godoc` [comments](https://blog.golang.org/godoc-documenting-go-code). - [ ] Added a relevant changelog entry to the `Unreleased` section in `CHANGELOG.md` - [x] Re-reviewed `Files changed` in the Github PR explorer - [ ] Review `Codecov Report` in the comment section below once CI passes * add versions for new releases (cosmos#1175) ## Description closes: #XXXX --- Before we can merge this PR, please make sure that all the following items have been checked off. If any of the checklist items are not applicable, please leave them but write a little note why. - [x] Targeted PR against correct branch (see [CONTRIBUTING.md](https://github.com/cosmos/ibc-go/blob/master/CONTRIBUTING.md#pr-targeting)) - [ ] Linked to Github issue with discussion and accepted design OR link to spec that describes this work. - [ ] Code follows the [module structure standards](https://github.com/cosmos/cosmos-sdk/blob/master/docs/building-modules/structure.md). - [ ] Wrote unit and integration [tests](https://github.com/cosmos/ibc-go/blob/master/CONTRIBUTING.md#testing) - [ ] Updated relevant documentation (`docs/`) or specification (`x/<module>/spec/`) - [ ] Added relevant `godoc` [comments](https://blog.golang.org/godoc-documenting-go-code). - [ ] Added a relevant changelog entry to the `Unreleased` section in `CHANGELOG.md` - [x] Re-reviewed `Files changed` in the Github PR explorer - [ ] Review `Codecov Report` in the comment section below once CI passes * fix: link checker reporting broken milestone link (cosmos#1200) * update roadmap for q2 2022 and deleted history roadmap (don't think we'll need it) * requirements document for ICA (cosmos#1173) * add requirements document for interchain accounts * fix branch * added number in tittle. * apply suggestions from review Co-authored-by: Aditya <[email protected]> * review comment Co-authored-by: Carlos Rodriguez <[email protected]> Co-authored-by: Aditya <[email protected]> * imp: improve Logger performance (cosmos#1160) * fix: Logger marshal errors * changelog * update Co-authored-by: Carlos Rodriguez <[email protected]> Co-authored-by: Carlos Rodriguez <[email protected]> Co-authored-by: colin axnér <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Damian Nolan <[email protected]> Co-authored-by: Aditya <[email protected]> Co-authored-by: Federico Kunze Küllmer <[email protected]> Co-authored-by: colin axnér <[email protected]> Co-authored-by: Sean King <[email protected]> Co-authored-by: Charly <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Carlos Rodriguez <[email protected]> Co-authored-by: Carlos Rodriguez <[email protected]> Co-authored-by: Luke Rhoads <[email protected]> Co-authored-by: Damian Nolan <[email protected]> Co-authored-by: Dev Ojha <[email protected]> Co-authored-by: Jack Zampolin <[email protected]> Co-authored-by: Federico Kunze Küllmer <[email protected]> Co-authored-by: Leo Pang <[email protected]> Co-authored-by: Barrie Byron <[email protected]> Co-authored-by: Tyler <[email protected]> Co-authored-by: technicallyty <[email protected]> Co-authored-by: Barrie Byron <[email protected]> Co-authored-by: Marko <[email protected]> Co-authored-by: Marko Baricevic <[email protected]> Co-authored-by: Aleksandr Bezobchuk <[email protected]> Co-authored-by: nir1218 <[email protected]> Co-authored-by: Carlos Rodriguez <[email protected]> Co-authored-by: Assaf Morami <[email protected]> Co-authored-by: Dan McCandless <[email protected]> Co-authored-by: Ramiro Carlucho <[email protected]> Co-authored-by: frog power 4000 <[email protected]> Co-authored-by: Sean King <[email protected]>
Problem
Currently, if an equivocation slashing proposal is created after more than one week has passed since the equivocation, it is possible that the validator in question could unbond and get away without being slashed, since the unbonding period is 3 weeks, and the voting period is 3 weeks. For this reason, it might be good to pause unbondings for validators named in an equivocation slashing proposal until the proposal's voting period is over.
NOTE: This will be kind of complicated and janky to implement, and it may be that we would be better off just getting automatic equivocation slashing to work correctly. Just writing it here for future reference.
Solution
With current Cosmos Hub settings, it would be sufficient to simply pause all unbondings for a validator that were started before the proposal was created. This is because new unbondings created after the proposal could not complete before the proposal's voting period ended, because the voting period is shorter than the unbonding period. However, if for some reason the voting period was set to be longer than the unbonding period, this would no longer hold, and it would be necessary to pause unbondings started after the proposal was created.
There is no way to get the governance module to run some code when a proposal is created, so we would need to create an antehandler which recognizes a tx creating an equivocation slashing proposal, validates it, and pauses the unbondings. This is kind of janky, but would work.
The API necessary to pause unbondings was added to Cosmos-SDK as part of the changes that we made to enable replicated security. There are 3 types of unbondings: undelegations, redelegations, and validator self unbondings. To pause unbondings for a specific validator, we would first need to get a list of all undelegations, redelegations and self unbondings for that validator, and then pause them.
To get undelegations, call GetValidatorDelegations. This should be an efficient function that uses an index and does not iterate any records that it does not need to, but we should verify that.
To get redelegations, call GetRedelegationsFromSrcValidator.
I don't remember how to get validator self unbondings right now, but it should also be possible.
Once we have a list of all unbondings for a validator, iterate it, and call PutUnbondingOnHold for each one. This will pause the unbonding and it will no longer be able to complete.
It will then be necessary to unpause the unbondings once the voting period is over. We will need to check periodically in an endblocker to see if the voting period is over. If it is, call UnbondingCanComplete for each unbonding to allow the unbonding to complete.
TODOs
The text was updated successfully, but these errors were encountered: