Implement verify_upgrade_and_update_state for Tendermint Client
#349
Conversation
Codecov ReportBase: 58.77% // Head: 58.45% // Decreases project coverage by
Additional details and impacted files@@ Coverage Diff @@
## main #349 +/- ##
==========================================
- Coverage 58.77% 58.45% -0.32%
==========================================
Files 124 124
Lines 16111 16259 +148
==========================================
+ Hits 9470 9505 +35
- Misses 6641 6754 +113
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report at Codecov. |
| let mut upgrade_path = upgraded_tm_client_state.clone().upgrade_path; | ||
| if upgrade_path.pop().is_none() { | ||
| return Err(ClientError::ClientSpecific { | ||
| description: "cannot upgrade client as no upgrade path has been set".to_string(), | ||
| }); | ||
| }; | ||
|
|
||
| let last_height = self.latest_height().revision_height(); | ||
|
|
||
| // Construct the merkle path for the client state | ||
| let mut client_upgrade_path = upgrade_path.clone(); | ||
| client_upgrade_path.push(ClientUpgradePath::UpgradedClientState(last_height).to_string()); | ||
|
|
||
| let client_upgrade_merkle_path = MerklePath { | ||
| key_path: client_upgrade_path, | ||
| }; |
There was a problem hiding this comment.
I'm concerned that we're not building the right path, comparing with ibc-go. Can you confirm/disconfirm this?
There was a problem hiding this comment.
Quite understandable. Do you think we can keep this checked with issue #385?
There was a problem hiding this comment.
If were that unsure about the current implementation, we should then put it behind a feature flag (similar to val_exec_ctx), which will allow us to test it with basecoin-rs, and at the same time, signal to users that this feature shouldn't be used yet.
| upgrade_options: &dyn UpgradeOptions, | ||
| chain_id: ChainId, | ||
| ); | ||
| fn zero_custom_fields(&mut self); |
There was a problem hiding this comment.
Assuming we need this (see previous comments), I don't think this should be in the ICS-2 interface. Can't it just be a private function in the tendermint client module?
There was a problem hiding this comment.
Considering that in any chain and client state struct there will be some relayer customizable fields that are needed to be zeroed out for the upgrade process. I think it makes sense to keep it here
Signed-off-by: Farhad Shabani <[email protected]>
crates/ibc/Cargo.toml
Outdated
| @@ -17,7 +17,7 @@ description = """ | |||
| all-features = true | |||
|
|
|||
| [features] | |||
| default = ["std"] | |||
| default = ["std", "disable_upgrade_client"] | |||
There was a problem hiding this comment.
we should instead have the feature be upgraded_client, and if enabled, we provide the unfinished implementation. This is a subtle but necessary change: no_std users will build with default-features=false, which would "enable" the upgrade client code.
Shouldn't be a big change; feature checks just need to be flipped
cfg!(not(feature = "upgrade_client"))
crates/ibc/Cargo.toml
Outdated
| @@ -45,6 +45,9 @@ serde = ["dep:serde", "dep:serde_derive", "serde_json", "erased-serde"] | |||
| # This feature guards the unfinished implementation of ADR 5. | |||
| val_exec_ctx = [] | |||
|
|
|||
| # This feature disables the upgrade client handler and return an error when a client upgrade is attempted. | |||
There was a problem hiding this comment.
| # This feature disables the upgrade client handler and return an error when a client upgrade is attempted. | |
| # This feature guards the unfinished implementation of the `UpgradeClient` handler. |
Let's make it clear that this is not a feature users should be using.
* Implement verify_upgrade_and_update_state * Construct new_client_state and new_consensus_state * Split off verification and execution steps * Revise some namings and comments * Comment out some upgrade tests * Update mock tests related to ugrade_client * Add changelog entry * Refactor verify_upgrade_client to use Path and Encode error type * Remove pub before UPGRADE const * Rewrite upgrade_client unit tests * Add unbonding period validation step * Set root of new consensus state with sentinel value * Revise some comments * Refactor upgrade method to zero_custom_fields * Mend fields of new client state * Disable upgrade client handler * Fix issue with cargo test * Flip upgrade_client feature flag * Remove unnecessary unbonding period check --------- Signed-off-by: Farhad Shabani <[email protected]>
Closes: #19
Summary
This PR handles unimplemented
verify_upgrade_and_update_statemethod for Tendermint clients.Remarks
verify_upgrade_and_update_statehas been kept the same as IBC-Go's so far, but the processes it perform do not match the ongoing ADR05 change and requires both updating and verifying in one operation. Here, it's broken down intoverify_upgrade_clientandupdate_state_with_upgrade_client.Similarly, there are some other methods within
ClientStatetrait likenew_check_header_and_update_statethat can be refactored to have clearer distinction. In particular, when it comes to implementpub(crate) fn validate()andpub(crate) fn execute()functions.upgrade_clientmessage tests are done withMockContext, which does not cover every aspect of this change. The main purpose of this handler is to serve Tendermint clients. A separate PR or this could be covered here ?!PR author checklist:
unclog.docs/).Reviewer checklist:
Files changedin the GitHub PR explorer.