Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor(lightclient): removed the need for next stateInfo for valiadition #1467

Open
wants to merge 85 commits into
base: main
Choose a base branch
from
Open

refactor(lightclient): removed the need for next stateInfo for valiadition #1467

wants to merge 85 commits into from

Conversation

mtsitrin
Copy link
Contributor

@mtsitrin mtsitrin commented Nov 13, 2024
edited
Loading

x/lightclient/ante/ibc_msg_update_client.go:

  • refactor validation to use single state info, instead of checking state info for H+1

DRY state update callback:

  • state update validated against existing headers
  • if validated, will set canonical if needed.
  • if not validated, it's rejected

FIX:

  • when validating state update for the canonical case, do no iterate over all consensus states
    iterate over the state info heights instead

mtsitrin and others added 30 commits October 22, 2024 13:54
@mtsitrin
initial renames according to adr
c658ec5
@mtsitrin
reverting states
777dc32
@mtsitrin
removed frozen notation. added revision number in rollapp object
b713df3
@mtsitrin
Merge branch 'main' into mtsitrin/937-rollapp-hard-fork-hub-side
c3a08a5
@mtsitrin
cleanup
4d7ca18
@mtsitrin
UT compiles
fffe076
@mtsitrin
fixed state deletion on fraud
e61d2af
@mtsitrin
UT pass
654b069
@mtsitrin
fixed StateInfoByHeight UT
6782578
@mtsitrin
chainId revision check moved back to create rollapp. as it mess up dy…
c4d25ac 
…mns UT
@mtsitrin
PR comments
3e06f20
@mtsitrin
fixed basic sequencer logic to unbond all
411f4c5
@mtsitrin
feat(hard_fork): part2 (Delyayed ack callback) (#1355)
b08a106
@mtsitrin
feat(hard_fork): Lightclient rollback (#1363)
617fa63
@mtsitrin
feat(hard_fork): DRS and stateUpdate (#1369)
076136a
@mtsitrin
feat(hard_fork): rollapp fraud proposal (#1371)
fe49c1c
@mtsitrin
feat(hard_fork): revision start height (#1373)
209f91e
@mtsitrin
cleanup
8e943b8
@mtsitrin
Merge branch 'main' into mtsitrin/937-rollapp-hard-fork-hub-side
31d5d25
@mtsitrin
lightClient doesn't trigger hard fork
9f298af
@mtsitrin
clearing consesnsus state in descending order
67ec46a
@mtsitrin
fix UT
3fda55a
@mtsitrin
fraud proposal validates genesis bridge completed
612a673
@mtsitrin
validate revision in header.Header.Version.App
4078e39
@mtsitrin
linter
e57988a
@mtsitrin
linter
13a56a5
@mtsitrin
feat(hard_fork): delayed ack should create commitment after rolling b…
e6122d1 
…ack acks (#1383)
@mtsitrin
register proposal handler
ef4afb1
@mtsitrin
updating next proposer on state infos
d2f8152
@mtsitrin @keruch
@zale144 @danwt @omritoptix @srene @ItzhakBokris
feat(hard_fork): update hard fork to support new x/sequencer updates (
d5933ff 
#1406)

Co-authored-by: keruch <[email protected]>
Co-authored-by: zale144 <[email protected]>
Co-authored-by: Daniel T <[email protected]>
Co-authored-by: Omri <[email protected]>
Co-authored-by: Sergi Rene <[email protected]>
Co-authored-by: Itzhak Bokris <[email protected]>
@mtsitrin mtsitrin requested a review from a team as a code owner November 13, 2024 13:00
@mtsitrin mtsitrin requested a review from danwt November 13, 2024 14:36
danwt
danwt requested changes Nov 14, 2024
View reviewed changes
Copy link
Contributor

@danwt danwt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The cleanups are great, but the bit about iterating descending doesn't make sense.

dymension/x/lightclient/keeper/canonical_client.go

Lines 97 to 125 in 1deed9f

IterateConsensusStateDescending(csStore, func(h exported.Height) bool {
// skip future heights
if h.GetRevisionHeight() >= maxHeight {
return false
}
// iterate until we pass the fraud height
if h.GetRevisionHeight() < minHeight {
return true // break
}
consensusState, ok := k.ibcClientKeeper.GetClientConsensusState(ctx, clientID, h)
if !ok {
return false
}
tmConsensusState, ok := consensusState.(*ibctm.ConsensusState)
if !ok {
return false
}
err = k.ValidateUpdatePessimistically(ctx, sInfo, tmConsensusState, h.GetRevisionHeight())
if err != nil {
err = errorsmod.Wrapf(err, "validate pessimistic h: %d", h.GetRevisionHeight())
return true // break
}
atLeastOneMatch = true
return true // break
})

You're only checking the consensus states with heights in the state info, which isn't right. I'm sorry I should've thought about it more when you initially asked me on slack.

Now it's not secure; why? Because there can be invalid consensus states below the ones you check, which are opening a security hole by having a wrong nextValidatorsHash.

We need to iterate through all the consensus states and check that they're valid. In fact, we just need to check that there is a valid prefix . The reason it was implemented the way it was to begin with was because it's just simpler: if we check all up to and including the ones in the state info, then (in the previous design where a mismatch in state update would automatically trigger fraud handler) then we would be guaranteed to catch a wrong one.

I would really suggest to just keep it as it was before. You can still change it to be an iterator though (I think why Spoorthi made it fetch all before was because iterator was not publicly exposed).

The rest of the PR is good

x/lightclient/keeper/canonical_client.go Outdated Show resolved Hide resolved
x/lightclient/keeper/canonical_client.go Outdated Show resolved Hide resolved
x/lightclient/keeper/hook_listener.go Outdated Show resolved Hide resolved
Base automatically changed from mtsitrin/937-rollapp-hard-fork-hub-side to main November 14, 2024 14:29
@mtsitrin mtsitrin marked this pull request as draft November 15, 2024 06:30
@mtsitrin mtsitrin linked an issue Nov 17, 2024 that may be closed by this pull request
x/lightclient redundent call for FindStateInfoByHeight #1308
Open
@codecov Codecov
Copy link

codecov bot commented Nov 17, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 91.75258% with 8 lines in your changes missing coverage. Please review.

Project coverage is 22.69%. Comparing base (a308fd0) to head (4d50d9c).
Report is 5 commits behind head on main.

Files with missing lines Patch % Lines
x/lightclient/keeper/canonical_client.go 90.69% 3 Missing and 1 partial ⚠️
x/lightclient/keeper/hook_listener.go 92.59% 1 Missing and 1 partial ⚠️
x/lightclient/ante/ibc_msg_update_client.go 90.00% 1 Missing ⚠️
x/rollapp/types/state_info.go 87.50% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1467      +/-   ##
==========================================
- Coverage   22.69%   22.69%   -0.01%     
==========================================
  Files         575      575              
  Lines      124579   124516      -63     
==========================================
- Hits        28273    28257      -16     
+ Misses      92528    92494      -34     
+ Partials     3778     3765      -13

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@mtsitrin mtsitrin marked this pull request as ready for review November 17, 2024 17:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@danwt danwt Awaiting requested review from danwt

@omritoptix omritoptix Awaiting requested review from omritoptix

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
dym-internal
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

x/lightclient redundent call for FindStateInfoByHeight
3 participants
@mtsitrin @danwt @keruch