Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: introduce ADR on slashing on the provider chain #1252

Merged
merged 15 commits into from
Sep 13, 2023
Merged

Conversation

insumity
Copy link
Contributor

@insumity insumity commented Sep 1, 2023

Description

Closes: #1222

Introduce an ADR that describes a first approach on slashing on the provider chain.


Author Checklist

All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.

I have...

  • included the correct docs: prefix in the PR title
  • targeted the correct branch (see PR Targeting)
  • provided a link to the relevant issue or specification
  • reviewed "Files changed" and left comments if necessary
  • confirmed all CI checks have passed

Reviewers Checklist

All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.

I have...

  • Confirmed the correct docs: prefix in the PR title
  • Confirmed all author checklist items have been addressed
  • Confirmed that this PR only changes documentation
  • Reviewed content for consistency
  • Reviewed content for spelling and grammar
  • Tested instructions (if applicable)
  • Checked that the documentation website can be built and deployed successfully (run make build-docs)

@github-actions github-actions bot added C:Docs Assigned automatically by the PR labeler C:ADR Assigned automatically by the PR labeler labels Sep 1, 2023
@insumity insumity changed the title initial draft of the adr docs: introduce ADR on slashing on the provider chain Sep 1, 2023
Copy link
Contributor

@mpoke mpoke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Partial review.

docs/docs/adrs/adr-013-equivocation-slashing.md Outdated Show resolved Hide resolved
docs/docs/adrs/adr-013-equivocation-slashing.md Outdated Show resolved Hide resolved
docs/docs/adrs/adr-013-equivocation-slashing.md Outdated Show resolved Hide resolved
docs/docs/adrs/adr-013-equivocation-slashing.md Outdated Show resolved Hide resolved
docs/docs/adrs/adr-013-equivocation-slashing.md Outdated Show resolved Hide resolved
docs/docs/adrs/adr-013-equivocation-slashing.md Outdated Show resolved Hide resolved
docs/docs/adrs/adr-013-equivocation-slashing.md Outdated Show resolved Hide resolved
docs/docs/adrs/adr-013-equivocation-slashing.md Outdated Show resolved Hide resolved
docs/docs/adrs/adr-013-equivocation-slashing.md Outdated Show resolved Hide resolved
docs/docs/adrs/adr-013-equivocation-slashing.md Outdated Show resolved Hide resolved
@insumity insumity marked this pull request as ready for review September 6, 2023 09:08
@insumity insumity requested a review from a team as a code owner September 6, 2023 09:08
Copy link
Contributor

@mpoke mpoke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work @insumity. See my comment bellow.

docs/docs/adrs/adr-013-equivocation-slashing.md Outdated Show resolved Hide resolved
docs/docs/adrs/adr-013-equivocation-slashing.md Outdated Show resolved Hide resolved
docs/docs/adrs/adr-013-equivocation-slashing.md Outdated Show resolved Hide resolved
docs/docs/adrs/adr-013-equivocation-slashing.md Outdated Show resolved Hide resolved
docs/docs/adrs/adr-013-equivocation-slashing.md Outdated Show resolved Hide resolved
docs/docs/adrs/adr-013-equivocation-slashing.md Outdated Show resolved Hide resolved
docs/docs/adrs/adr-013-equivocation-slashing.md Outdated Show resolved Hide resolved
docs/docs/adrs/adr-013-equivocation-slashing.md Outdated Show resolved Hide resolved
docs/docs/adrs/adr-013-equivocation-slashing.md Outdated Show resolved Hide resolved
docs/docs/adrs/adr-013-equivocation-slashing.md Outdated Show resolved Hide resolved
Copy link
Contributor

@jtremback jtremback left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One small comment, otherwise LGMT

Copy link
Contributor

@p-offtermatt p-offtermatt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, a few comments, mostly asking for extra references.

**Evidence expiration:** Additionally, because we cannot infer the actual time of the evidence (i.e., the timestamp of the evidence cannot be trusted), we do not consider _evidence expiration_ and hence old evidence is never ignored (e.g., the provider would act on 3 year-old evidence of equivocation on a consumer).
Additionally, we do not need to store equivocation evidence to avoid slashing a validator more than once, because we [do not slash](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0/x/evidence/keeper/infraction.go#L94) tombstoned validators and we [tombstone](https://github.com/cosmos/cosmos-sdk/blob/v0.47.0/x/evidence/keeper/infraction.go#L138) a validator when slashed.

We do not act on evidence that was signed by a validator [consensus key](https://tutorials.cosmos.network/tutorials/9-path-to-prod/3-keys.html#what-validator-keys) that is _pruned_ when we receive the evidence. We prune a validator's consensus key if the validator has assigned a new consumer key (using `MsgAssignConsumerKey`) and an unbonding period on the consumer chain has elapsed (see [key assignment ADR](https://github.com/cosmos/interchain-security/blob/main/docs/docs/adrs/adr-001-key-assignment.md)). Note that the provider chain is informed that the unbonding period has elapsed on the consumer when the provider receives a `VSCMaturedPacket` and because of this, if the consumer delays the sending of a `VSCMaturedPacket`, we would delay the pruning of the key as well.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you mention here that a malicious consumer chain can not delay sending VSCMaturedPackets forever? (This should hold true due to the VSCTimeout) I know this is mentioned in the ICS protocol, but might be good to have it here too for context

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe a malicious consumer chain can delay a VSCMaturedPacket forever. If the consumer chain is malicious, it could never write the VSCMaturedPacket packet in its store for the packet to be sent. In my view, the timeout assumption holds if the consumer chain tries to actually send the packet and this is not received on the other end.

@mpoke mpoke merged commit 1a009e7 into main Sep 13, 2023
13 checks passed
@mpoke mpoke deleted the insumity/first-adr branch September 13, 2023 10:44
shaspitz added a commit that referenced this pull request Sep 20, 2023
* build(deps): bump actions/checkout from 3 to 4 (#1257)

Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps)!: bump github.com/cosmos/ibc-go/v7 from 7.2.0 to 7.3.0 (#1258)

* build(deps): bump github.com/cosmos/ibc-go/v7 from 7.2.0 to 7.3.0

Bumps [github.com/cosmos/ibc-go/v7](https://github.com/cosmos/ibc-go) from 7.2.0 to 7.3.0.
- [Release notes](https://github.com/cosmos/ibc-go/releases)
- [Changelog](https://github.com/cosmos/ibc-go/blob/main/CHANGELOG.md)
- [Commits](cosmos/ibc-go@v7.2.0...v7.3.0)

---
updated-dependencies:
- dependency-name: github.com/cosmos/ibc-go/v7
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* add changelog entries

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: mpoke <[email protected]>

* build(deps): bump github.com/cosmos/cosmos-sdk from 0.47.4 to 0.47.5 (#1259)

* build(deps): bump github.com/cosmos/cosmos-sdk from 0.47.3 to 0.47.5

Bumps [github.com/cosmos/cosmos-sdk](https://github.com/cosmos/cosmos-sdk) from 0.47.3 to 0.47.5.
- [Release notes](https://github.com/cosmos/cosmos-sdk/releases)
- [Changelog](https://github.com/cosmos/cosmos-sdk/blob/main/CHANGELOG.md)
- [Commits](cosmos/cosmos-sdk@v0.47.3...v0.47.5)

---
updated-dependencies:
- dependency-name: github.com/cosmos/cosmos-sdk
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

* add changelog entries

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: mpoke <[email protected]>

* chore: Separate semver (#1217)

separate semver

* docs: cleanup changelog (#1260)

fix changelog

* fix!: validate MsgTransfer before calling Transfer() (#1244)

* validate MsgTransfer

* add TestSendRewardsToProvider

* update DefaultConsumerUnbondingPeriod to 14 days

* update changelog

* fix linter

* fix test

* apply review suggestions

* update changelog

* docs: Create adr-012-separate-releasing.md (#1229)

* Create adr-011-separate-releasing.md

* Update docs/docs/adrs/adr-011-separate-releasing.md

Co-authored-by: Philip Offtermatt <[email protected]>

* adr 12 not 11

* correct that we use postfix not prefix

* explanation on example release flow

---------

Co-authored-by: Philip Offtermatt <[email protected]>

* fix: remove addr validation for provider fee pool addr param (#1262)

* fix: remove validation for provider chain address since we cannot validate it properly on consumer

* add changelog entry

* docs: update CHANGELOG.md for `v3.2.0-consumer` release (#1268)

* Update CHANGELOG.md

* Update CHANGELOG.md

* chore: remove legacy_ibc_testing (rebased on main) (#1185)

* chore: remove legacy_ibc_testing

* fix import

* introduce provider.UnmarshalConsumerPacketData

* use patched ibc-go

* fix annoying import order

* test: ignore key ordering

Seems like ibctesting.GenerateKeys can returns keys in different orders
when test cover is enabled.

* fix after rebase

* replace allinbits/ibc-go with patched cosmos/ibc-go

Also fix panic in TestRedelegationNoConsumer

* fix lint

* use released ibc-go 7.3.0

* add newPacketFromConsumer/Provider helper funcs

* constructPacket method return ccv type instead of []byte

* tests: increase timeout in nightly e2e for multiconsumer (#1272)

* test: Add light client attack to e2e tests (#1249)

* Add light client attack to e2e tests

* Add details about the attack types

* Rename validatorAddress to validatorPrivateKeyAddress

* Add URL to CometMock to flag

* Improve wording for light client attack run

* Add submitting equivocation proposals and change consu->consumerName

* build(deps): bump google.golang.org/grpc from 1.57.0 to 1.58.0 (#1284)

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.57.0 to 1.58.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.57.0...v1.58.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* ci: update mergify and dependabot for v2.x-lsm (#1281)

update mergify and dependabot for v2.x-lsm

* build(deps): bump github.com/oxyno-zeta/gomock-extra-matcher from 1.1.0 to 1.2.0 (#1286)

build(deps): bump github.com/oxyno-zeta/gomock-extra-matcher

Bumps [github.com/oxyno-zeta/gomock-extra-matcher](https://github.com/oxyno-zeta/gomock-extra-matcher) from 1.1.0 to 1.2.0.
- [Release notes](https://github.com/oxyno-zeta/gomock-extra-matcher/releases)
- [Changelog](https://github.com/oxyno-zeta/gomock-extra-matcher/blob/master/release.config.js)
- [Commits](oxyno-zeta/gomock-extra-matcher@v1.1.0...v1.2.0)

---
updated-dependencies:
- dependency-name: github.com/oxyno-zeta/gomock-extra-matcher
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* feat!: provider proposal for changing reward denoms (#1280)

* new provider prop type

* add methods and tests for new prop, update docs

* remove old tx, fix tests

* e2e handling

* fix command type

* boilerplate

* fix e2e tests

* Update CHANGELOG.md

* lint

* validate denoms

* Update proposal.go

* rm msg string

* fix tests

* rm chain in change denom action

* lint

* test for invalid denom

* events for both add and remove

* Update proposal_test.go

* docs: introduce ADR on slashing on the provider chain (#1252)

* initial draft of the adr

* small change on intro.md to avoid huge diff

* clean up

* take into account Marius' comments

* rewrite v0.47 Cosmos SDK link because it was returning 404 and redirecting

* more cleaning up

* update based on comments

* removed confusing sentence on voting power

* add missing ADRs in the intro file

* add tokens to power conversion

* add paragraph on key pruning and references to light-client attacks code

* Update template title

* Took into account comments.

* augment pseudocode to skip redelegation/undelegation entries

* fix identation issue

---------

Co-authored-by: Karolos Antoniadis <[email protected]>

* ci: update mergify and dependabot for v3.2.x-consumer (#1297)

* update ymls

* add newline

---------

Co-authored-by: mpoke <[email protected]>

* ci: update bots for v2.1.x-provider-lsm (#1305)

update bots for v2.1.x-provider-lsm

* Fix `build` in makefile (#1303)

fix build in makefile

* refactor: Vaguely named consumer structs (#1288)

* Rename GenesisState proto
* make proto-gen
* proto rename: Params -> ConsumerParams
* make proto-gen
* App, fix type change for Param renaming
* App, fix type change for GenesisState renaming
* Fix unit-tests for GenesisState renaming
* Fix unit-tests for Params renaming
* Addressed review comments
* Fix linter issues

* build(deps): bump google.golang.org/grpc from 1.58.0 to 1.58.1 (#1306)

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.58.0 to 1.58.1.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.58.0...v1.58.1)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* feat: increment consensus ver and register migration (#1295)

* increment consensus ver and register migration

* Update CHANGELOG.md

* Update migration.go

* Update module.go

* tests: Export struct fields in the e2e tests (#1313)

* Make struct fields in e2e exported

* Un-capitalize binary name

* Remove prop type

* Channel to channel in comments

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: mpoke <[email protected]>
Co-authored-by: Philip Offtermatt <[email protected]>
Co-authored-by: Dmitry Kolupaev <[email protected]>
Co-authored-by: Thomas Bruyelle <[email protected]>
Co-authored-by: MSalopek <[email protected]>
Co-authored-by: insumity <[email protected]>
Co-authored-by: Karolos Antoniadis <[email protected]>
Co-authored-by: Simon Noetzlin <[email protected]>
Co-authored-by: bernd-m <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
C:ADR Assigned automatically by the PR labeler C:Docs Assigned automatically by the PR labeler
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Slashing in the provider chain for consumer chain infractions
6 participants