ICS20 Inconsistencies with spec and improvements to code #65
Comments
This isn't true,
I believe spec should change right? cc: @cwgoes
I believe spec should change. No need to add confusion between transfer module and bank module. |
Yes, this should change in the spec.
Aye, sure. |
Rest server allows proper wasm code download
* Patch ci-chains.sh * relayer config init * Migrate message generation to PathEnd * parallel query functions for connections, clientstates, channels, clientconsstates * migrate handshakes to use concurrent queries * add query balance command * add debug logging for all transactions * fix validateConfig function signature * Update logging * better errors * Add raw xfer command to dev-chains.sh * More accurate logging * Panic on nil proof * Tweak some heights * More offsets * Fix several off-by-one errors * Add time.Sleep for now * Change created port to transfer * Speed up and add more stringent checks to ci-chains * kick ci * change caching * Change denom * Flip boolean * Fix commit * Update go.sum * xfer modification * modify xfer command * switch source in the xfer command * args right and dev-chains.sh update * push tx query * Fix other direction * Transfer n0token, not stake * Fix the account receiver * Update dev-chains * fix embarassing misspelling * Fix identifiers * Fix denom * WORKING * query until proo isn't nil * update naming * Path name arg to flag in most commands * last little bit of cleanup Co-authored-by: Jack Zampolin <[email protected]>
Add relay-alpha config for chain-id 'dos-ibc'
Surfaced from Informal Systems IBC Audit of cosmos-sdk hash 82f15f306e8a6a2e9ae3e122c348b579c43a3d92 and ics hash eb31a56467a48cd7eb4c2232705ad0fc632f9a19.
This is a working list of inconsistencies between the code and the spec of ICS20 that will continue to be updated. Most of these are issues with the spec, but there's a few places where the code could be improved.
setupfunction which calls BindPort and ClaimCapability and should run once when module is created. But Code calls these functions during OnChainOpenInit and OnChanOpenTry instead.onChanOpenInit(creates escrow address E1), thencreateOutgoingPacketusing E1, thenonChanOpenTrywe creates a new escrow address E2 that replaces E1, so money is gone. It seems that at code level we don't have this problem as implementation does not follow spec, i.e., it generates escrow account based on portId/channelID. But if someone follows the spec, then we have safety problem.TransferCoinsin the specvs. SendCoins in the code
FungibleTokenPacketData: amount is uint256 in spec and uint64 in the code.onRecvPacketprefix should contain "/" at the end to be aligned with the code.createOutgoingPacketspec has unusedsourceargumentcreateOutgoingPacketspec is missingsequencenumber when constructing aPacketand callingsendPacketcreateOutgoingPacketfunction - either keeper.SendTransfer should be renamed to CreateOutgoingPacket or it should call such a function.GetReceiveEnabledcheck inOnRecvPacketcode is not found in spec. Is this really how IBC application functionality should be enabled/disabled by governance? Is there a more generic approach?refundPacketTokenspec does not return errors, but there are fallible operations in the code (ie. SendCoins and MintCoins). If we cannot 'mint vouchers back to sender' there is a problem. Either the code should clarify/assert that errors are not possible, or errors should be handled somehow more severely."and whether the sending chain is the source of the asset", which is missing both from the pseudo-code and from the implementation.Additionally, some places where the code could be improved for maintainability:
OnAcknowledgementPacket, thedefaultbranch of a switch statement is used for success logic. This is bit risky to maintain if additional error codes get added in the future (in the ICS it simply saysif (!ack.success)). Rather, all error and success cases for theack.Responseshould be handled explicitly and thedefaultshould be an error.OnRecvPacketconverts all errors equally into Acknowledgements. The ICS specifies that errors fromTransferandMintshould be converted to acknowledgements, butkeeper.OnRecvPacketcan also error in other ways, like ondata.ValidateBasic, or if receiving is not enabled, or the receiver address is incorrectly decoded. Probably these last error types should be genuine errors (ie. cause rollbacks) or they should be captured in the spec.The text was updated successfully, but these errors were encountered: