Skip to content

Commit

Permalink
Merge branch 'main' into ph/e2e-tutorial
Browse files Browse the repository at this point in the history
  • Loading branch information
p-offtermatt committed Dec 4, 2023
2 parents e2ee8a2 + 178db48 commit accf2a9
Show file tree
Hide file tree
Showing 47 changed files with 466 additions and 213 deletions.
3 changes: 3 additions & 0 deletions .changelog/unreleased/bug-fixes/1460-msg-validation.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
- Improve validation of IBC packet data and provider messages. Also,
enable the provider to validate consumer packets before handling them.
([\#1460](https://github.com/cosmos/interchain-security/pull/1460))
3 changes: 3 additions & 0 deletions .changelog/unreleased/state-breaking/1460-msg-validation.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
- Improve validation of IBC packet data and provider messages. Also,
enable the provider to validate consumer packets before handling them.
([\#1460](https://github.com/cosmos/interchain-security/pull/1460))
3 changes: 3 additions & 0 deletions .changelog/v3.2.0/features/provider/1280-reward-denoms.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
- Add a governance proposal for setting on the provider the denominations for
rewards from consumer chains.
([\#1280](https://github.com/cosmos/interchain-security/pull/1280))
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
- Add a governance proposal for setting on the provider the denominations for
rewards from consumer chains.
([\#1280](https://github.com/cosmos/interchain-security/pull/1280))
1 change: 1 addition & 0 deletions .changelog/v3.2.0/summary.md
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
*November 24, 2023*
95 changes: 95 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,100 @@
# CHANGELOG

## v3.2.0

*November 24, 2023*

### BUG FIXES

- [Consumer](x/ccv/consumer)
- Fix deletion of pending packets that may cause duplicate sends
([\#1146](https://github.com/cosmos/interchain-security/pull/1146))
- Remove `idx` field from the `ccv.ConsumerPacketData` type as this would break the
wire ([\#1150](https://github.com/cosmos/interchain-security/pull/1150))
- Validate token transfer messages before calling `Transfer()`.
([\#1244](https://github.com/cosmos/interchain-security/pull/1244))
- Remove incorrect address validation on `ProviderFeePoolAddrStr` param.
([\#1262](https://github.com/cosmos/interchain-security/pull/1262))
- Increment consumer consensus version and register consumer migration.
([\#1295](https://github.com/cosmos/interchain-security/pull/1295))

### DEPENDENCIES

- Bump [ibc-go](https://github.com/cosmos/ibc-go) to
[v7.2.0](https://github.com/cosmos/ibc-go/releases/tag/v7.2.0).
([\#1196](https://github.com/cosmos/interchain-security/pull/1196))
- Bump [cosmos-sdk](https://github.com/cosmos/cosmos-sdk) to
[v0.47.4](https://github.com/cosmos/cosmos-sdk/releases/tag/v0.47.4).
([\#1258](https://github.com/cosmos/interchain-security/pull/1258))
- Bump [ibc-go](https://github.com/cosmos/ibc-go) to
[v7.3.0](https://github.com/cosmos/ibc-go/releases/tag/v7.3.0).
([\#1258](https://github.com/cosmos/interchain-security/pull/1258))
- Bump [cosmos-sdk](https://github.com/cosmos/cosmos-sdk) to
[v0.47.5](https://github.com/cosmos/cosmos-sdk/releases/tag/v0.47.5).
([\#1259](https://github.com/cosmos/interchain-security/pull/1259))

### FEATURES

- [Consumer](x/ccv/consumer)
- Add the consumer-side changes for jail throttling with retries (cf. ADR 008).
([\#1024](https://github.com/cosmos/interchain-security/pull/1024))
- Introduce the gRPC query `/interchain_security/ccv/consumer/provider-
info` and CLI command `interchain-security-cd q ccvconsumer
provider-info` to retrieve provider info from the consumer chain.
([\#1164](https://github.com/cosmos/interchain-security/pull/1164))
- [Provider](x/ccv/provider)
- Add `InitTimeoutTimestamps` and `ExportedVscSendTimestamps` to exported
genesis. ([\#1076](https://github.com/cosmos/interchain-security/pull/1076))
- Add a governance proposal for setting on the provider the denominations for
rewards from consumer chains.
([\#1280](https://github.com/cosmos/interchain-security/pull/1280))

### IMPROVEMENTS

- General
- Update the default consumer unbonding period to 2 weeks.
([\#1244](https://github.com/cosmos/interchain-security/pull/1244))
- [Consumer](x/ccv/consumer)
- Optimize pending packets storage on consumer, with migration.
([\#1037](https://github.com/cosmos/interchain-security/pull/1037))

### STATE BREAKING

- General
- Bump [ibc-go](https://github.com/cosmos/ibc-go) to
[v7.2.0](https://github.com/cosmos/ibc-go/releases/tag/v7.2.0).
([\#1196](https://github.com/cosmos/interchain-security/pull/1196))
- Update the default consumer unbonding period to 2 weeks.
([\#1244](https://github.com/cosmos/interchain-security/pull/1244))
- Bump [cosmos-sdk](https://github.com/cosmos/cosmos-sdk) to
[v0.47.4](https://github.com/cosmos/cosmos-sdk/releases/tag/v0.47.4).
([\#1258](https://github.com/cosmos/interchain-security/pull/1258))
- Bump [ibc-go](https://github.com/cosmos/ibc-go) to
[v7.3.0](https://github.com/cosmos/ibc-go/releases/tag/v7.3.0).
([\#1258](https://github.com/cosmos/interchain-security/pull/1258))
- Bump [cosmos-sdk](https://github.com/cosmos/cosmos-sdk) to
[v0.47.5](https://github.com/cosmos/cosmos-sdk/releases/tag/v0.47.5).
([\#1259](https://github.com/cosmos/interchain-security/pull/1259))
- [Consumer](x/ccv/consumer)
- Add the consumer-side changes for jail throttling with retries (cf. ADR 008).
([\#1024](https://github.com/cosmos/interchain-security/pull/1024))
- Optimize pending packets storage on consumer, with migration.
([\#1037](https://github.com/cosmos/interchain-security/pull/1037))
- Fix deletion of pending packets that may cause duplicate sends
([\#1146](https://github.com/cosmos/interchain-security/pull/1146))
- Remove `idx` field from the `ccv.ConsumerPacketData` type as this would break the
wire ([\#1150](https://github.com/cosmos/interchain-security/pull/1150))
- Validate token transfer messages before calling `Transfer()`.
([\#1244](https://github.com/cosmos/interchain-security/pull/1244))
- Remove incorrect address validation on `ProviderFeePoolAddrStr` param.
([\#1262](https://github.com/cosmos/interchain-security/pull/1262))
- Increment consumer consensus version and register consumer migration.
([\#1295](https://github.com/cosmos/interchain-security/pull/1295))
- [Provider](x/ccv/provider)
- Add a governance proposal for setting on the provider the denominations for
rewards from consumer chains.
([\#1280](https://github.com/cosmos/interchain-security/pull/1280))

## v3.1.0

Date July 11th, 2023
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ title: Cryptographic verification of equivocation evidence
* 5/1/2023: First draft
* 7/23/2023: Add light client attacks handling
* 9/6/2023: Add double signing attacks handling
* 11/3/2023: Update limitations to clarify amnesia attacks are ignored

## Status

Expand Down Expand Up @@ -137,7 +138,7 @@ either using its infraction height or its unsigned timestamp. Note that changes
The underlying reason is that a malicious validator could take advantage of getting tombstoned
to avoid being slashed on the provider ([see comment](https://github.com/cosmos/interchain-security/pull/1232#issuecomment-1693127641)).

- Currently, the endpoint can only handle "equivocation" light client attacks. This is because the "lunatic" attacks require the endpoint to possess the ability to dissociate which header is conflicted or trusted upon receiving a misbehavior message. Without this information, it's not possible to define the Byzantine validators from the conflicting headers (see [comment](https://github.com/cosmos/interchain-security/pull/826#discussion_r1268668684)).
- Currently, the endpoint can only handle _equivocation_ light client attacks. This is because the _lunatic_ attacks require the endpoint to possess the ability to dissociate which header is conflicted or trusted upon receiving a misbehavior message. Without this information, it's not possible to extract the Byzantine validators from the conflicting headers (see [comment](https://github.com/cosmos/interchain-security/pull/826#discussion_r1268668684)). In addition, "amnesia" attacks are ignored, similar to CometBFT (see [ADR-056](https://github.com/cometbft/cometbft/blob/main/docs/architecture/tendermint-core/adr-056-light-client-amnesia-attacks.md#decision)).


## Consequences
Expand Down
2 changes: 1 addition & 1 deletion tests/integration/expired_client.go
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,7 @@ func (s *CCVTestSuite) TestConsumerPacketSendExpiredClient() {

// try to send slash packet for downtime infraction
addr := ed25519.GenPrivKey().PubKey().Address()
val := abci.Validator{Address: addr}
val := abci.Validator{Address: addr, Power: 1}
consumerKeeper.QueueSlashPacket(s.consumerCtx(), val, 2, stakingtypes.Infraction_INFRACTION_DOWNTIME)
// try to send slash packet for the same downtime infraction
consumerKeeper.QueueSlashPacket(s.consumerCtx(), val, 3, stakingtypes.Infraction_INFRACTION_DOWNTIME)
Expand Down
162 changes: 72 additions & 90 deletions tests/integration/slashing.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import (

cryptocodec "github.com/cosmos/cosmos-sdk/crypto/codec"
sdk "github.com/cosmos/cosmos-sdk/types"
sdkaddress "github.com/cosmos/cosmos-sdk/types/address"
evidencetypes "github.com/cosmos/cosmos-sdk/x/evidence/types"
slashingtypes "github.com/cosmos/cosmos-sdk/x/slashing/types"
stakingtypes "github.com/cosmos/cosmos-sdk/x/staking/types"
Expand Down Expand Up @@ -270,12 +271,14 @@ func (s *CCVTestSuite) TestSlashPacketAcknowledgement() {
// Map infraction height on provider so validation passes and provider returns valid ack result
providerKeeper.SetValsetUpdateBlockHeight(s.providerCtx(), spd.ValsetUpdateId, 47923)

exportedAck := providerKeeper.OnRecvSlashPacket(s.providerCtx(), packet, spd)
s.Require().NotNil(exportedAck)
ackResult, err := providerKeeper.OnRecvSlashPacket(s.providerCtx(), packet, spd)
s.Require().NotNil(ackResult)
s.Require().NoError(err)
exportedAck := channeltypes.NewResultAcknowledgement(ackResult)

// Unmarshal ack to struct that's compatible with consumer. IBC does this automatically
ack := channeltypes.Acknowledgement{}
err := channeltypes.SubModuleCdc.UnmarshalJSON(exportedAck.Acknowledgement(), &ack)
err = channeltypes.SubModuleCdc.UnmarshalJSON(exportedAck.Acknowledgement(), &ack)
s.Require().NoError(err)

err = consumerKeeper.OnAcknowledgementPacket(s.consumerCtx(), packet, ack)
Expand Down Expand Up @@ -329,9 +332,7 @@ func (suite *CCVTestSuite) TestHandleSlashPacketDowntime() {
// TestOnRecvSlashPacketErrors tests errors for the OnRecvSlashPacket method in an integration testing setting
func (suite *CCVTestSuite) TestOnRecvSlashPacketErrors() {
providerKeeper := suite.providerApp.GetProviderKeeper()
providerSlashingKeeper := suite.providerApp.GetTestSlashingKeeper()
firstBundle := suite.getFirstBundle()
consumerChainID := firstBundle.Chain.ChainID

suite.SetupAllCCVChannels()

Expand All @@ -340,100 +341,80 @@ func (suite *CCVTestSuite) TestOnRecvSlashPacketErrors() {

// Expect panic if ccv channel is not established via dest channel of packet
suite.Panics(func() {
providerKeeper.OnRecvSlashPacket(ctx, channeltypes.Packet{}, ccv.SlashPacketData{})
_, _ = providerKeeper.OnRecvSlashPacket(ctx, channeltypes.Packet{}, ccv.SlashPacketData{})
})

// Add correct channelID to packet. Now we will not panic anymore.
packet := channeltypes.Packet{DestinationChannel: firstBundle.Path.EndpointB.ChannelID}
suite.NotPanics(func() {
_, _ = providerKeeper.OnRecvSlashPacket(ctx, packet, ccv.SlashPacketData{})
})

// Init chain height is set by established CCV channel
// Delete init chain height and confirm expected error
initChainHeight, found := providerKeeper.GetInitChainHeight(ctx, consumerChainID)
suite.Require().True(found)
providerKeeper.DeleteInitChainHeight(ctx, consumerChainID)

packetData := ccv.SlashPacketData{ValsetUpdateId: 0}
errAck := providerKeeper.OnRecvSlashPacket(ctx, packet, packetData)
suite.Require().False(errAck.Success())
errAckCast := errAck.(channeltypes.Acknowledgement)
// Error strings in err acks are now thrown out by IBC core to prevent app hash.
// Hence a generic error string is expected.
suite.Require().Equal("ABCI code: 1: error handling packet: see events for details", errAckCast.GetError())

// Restore init chain height
providerKeeper.SetInitChainHeight(ctx, consumerChainID, initChainHeight)

// now the method will fail at infraction height check.
packetData.Infraction = stakingtypes.Infraction_INFRACTION_UNSPECIFIED
errAck = providerKeeper.OnRecvSlashPacket(ctx, packet, packetData)
suite.Require().False(errAck.Success())
errAckCast = errAck.(channeltypes.Acknowledgement)
suite.Require().Equal("ABCI code: 1: error handling packet: see events for details", errAckCast.GetError())

// save current VSC ID
vscID := providerKeeper.GetValidatorSetUpdateId(ctx)

// remove block height value mapped to current VSC ID
providerKeeper.DeleteValsetUpdateBlockHeight(ctx, vscID)

// Instantiate packet data with current VSC ID
packetData = ccv.SlashPacketData{ValsetUpdateId: vscID}

// expect an error if mapped block height is not found
errAck = providerKeeper.OnRecvSlashPacket(ctx, packet, packetData)
suite.Require().False(errAck.Success())
errAckCast = errAck.(channeltypes.Acknowledgement)
suite.Require().Equal("ABCI code: 1: error handling packet: see events for details", errAckCast.GetError())

// construct slashing packet with non existing validator
slashingPkt := ccv.NewSlashPacketData(
// Check Validate for SlashPacket data
validAddress := ed25519.GenPrivKey().PubKey().Address()
slashPacketData := ccv.NewSlashPacketData(
abci.Validator{
Address: ed25519.GenPrivKey().PubKey().Address(),
Power: int64(0),
Address: validAddress,
Power: int64(1),
}, uint64(0), stakingtypes.Infraction_INFRACTION_DOWNTIME,
)

// Set initial block height for consumer chain
providerKeeper.SetInitChainHeight(ctx, consumerChainID, uint64(ctx.BlockHeight()))

// Expect no error ack if validator does not exist
// TODO: this behavior should be changed to return an error ack,
// see: https://github.com/cosmos/interchain-security/issues/546
ack := providerKeeper.OnRecvSlashPacket(ctx, packet, *slashingPkt)
suite.Require().True(ack.Success())

val := suite.providerChain.Vals.Validators[0]

// commit block to set VSC ID
suite.coordinator.CommitBlock(suite.providerChain)
// Update suite.ctx bc CommitBlock updates only providerChain's current header block height
ctx = suite.providerChain.GetContext()
suite.Require().NotZero(providerKeeper.GetValsetUpdateBlockHeight(ctx, vscID))

// create validator signing info
valInfo := slashingtypes.NewValidatorSigningInfo(sdk.ConsAddress(val.Address), ctx.BlockHeight(),
ctx.BlockHeight()-1, time.Time{}.UTC(), false, int64(0))
providerSlashingKeeper.SetValidatorSigningInfo(ctx, sdk.ConsAddress(val.Address), valInfo)

// update validator address and VSC ID
slashingPkt.Validator.Address = val.Address
slashingPkt.ValsetUpdateId = vscID

// expect error ack when infraction type in unspecified
tmAddr := suite.providerChain.Vals.Validators[1].Address
slashingPkt.Validator.Address = tmAddr
slashingPkt.Infraction = stakingtypes.Infraction_INFRACTION_UNSPECIFIED

valInfo.Address = sdk.ConsAddress(tmAddr).String()
providerSlashingKeeper.SetValidatorSigningInfo(ctx, sdk.ConsAddress(tmAddr), valInfo)

errAck = providerKeeper.OnRecvSlashPacket(ctx, packet, *slashingPkt)
suite.Require().False(errAck.Success())

// expect to queue entries for the slash request
slashingPkt.Infraction = stakingtypes.Infraction_INFRACTION_DOWNTIME
ack = providerKeeper.OnRecvSlashPacket(ctx, packet, *slashingPkt)
suite.Require().True(ack.Success())
// Expect an error if validator address is too long
slashPacketData.Validator.Address = make([]byte, sdkaddress.MaxAddrLen+1)
_, err := providerKeeper.OnRecvSlashPacket(ctx, packet, *slashPacketData)
suite.Require().Error(err, "validating SlashPacket data should fail - invalid validator address")

// Expect an error if validator power is zero
slashPacketData.Validator.Address = validAddress
slashPacketData.Validator.Power = 0
_, err = providerKeeper.OnRecvSlashPacket(ctx, packet, *slashPacketData)
suite.Require().Error(err, "validating SlashPacket data should fail - invalid validator power")

// Expect an error if the infraction type is unspecified
slashPacketData.Validator.Power = 1
slashPacketData.Infraction = stakingtypes.Infraction_INFRACTION_UNSPECIFIED
_, err = providerKeeper.OnRecvSlashPacket(ctx, packet, *slashPacketData)
suite.Require().Error(err, "validating SlashPacket data should fail - invalid infraction type")

// Restore slashPacketData to be valid
slashPacketData.Infraction = stakingtypes.Infraction_INFRACTION_DOWNTIME

// Check ValidateSlashPacket
// Expect an error if a mapping of the infraction height cannot be found;
// just set the vscID of the slash packet to the latest mapped vscID +1
valsetUpdateBlockHeights := providerKeeper.GetAllValsetUpdateBlockHeights(ctx)
latestMappedValsetUpdateId := valsetUpdateBlockHeights[len(valsetUpdateBlockHeights)-1].ValsetUpdateId
slashPacketData.ValsetUpdateId = latestMappedValsetUpdateId + 1
_, err = providerKeeper.OnRecvSlashPacket(ctx, packet, *slashPacketData)
suite.Require().Error(err, "ValidateSlashPacket should fail - no infraction height mapping")

// Restore slashPacketData to be valid
slashPacketData.ValsetUpdateId = latestMappedValsetUpdateId

// Expect no error if validator does not exist
_, err = providerKeeper.OnRecvSlashPacket(ctx, packet, *slashPacketData)
suite.Require().NoError(err, "no error expected")

// Check expected behavior for handling SlashPackets for double signing infractions
slashPacketData.Infraction = stakingtypes.Infraction_INFRACTION_DOUBLE_SIGN
ackResult, err := providerKeeper.OnRecvSlashPacket(ctx, packet, *slashPacketData)
suite.Require().NoError(err, "no error expected")
suite.Require().Equal(ccv.V1Result, ackResult, "expected successful ack")

// Check expected behavior for handling SlashPackets for downtime infractions
slashPacketData.Infraction = stakingtypes.Infraction_INFRACTION_DOWNTIME

// Expect the packet to bounce if the slash meter is negative
providerKeeper.SetSlashMeter(ctx, sdk.NewInt(-1))
ackResult, err = providerKeeper.OnRecvSlashPacket(ctx, packet, *slashPacketData)
suite.Require().NoError(err, "no error expected")
suite.Require().Equal(ccv.SlashPacketBouncedResult, ackResult, "expected successful ack")

// Expect the packet to be handled if the slash meter is positive
providerKeeper.SetSlashMeter(ctx, sdk.NewInt(0))
ackResult, err = providerKeeper.OnRecvSlashPacket(ctx, packet, *slashPacketData)
suite.Require().NoError(err, "no error expected")
suite.Require().Equal(ccv.SlashPacketHandledResult, ackResult, "expected successful ack")
}

// TestValidatorDowntime tests if a slash packet is sent
Expand Down Expand Up @@ -649,6 +630,7 @@ func (suite *CCVTestSuite) TestQueueAndSendSlashPacket() {
addr := ed25519.GenPrivKey().PubKey().Address()
val := abci.Validator{
Address: addr,
Power: int64(1),
}
consumerKeeper.QueueSlashPacket(ctx, val, 0, infraction)
slashedVals = append(slashedVals, slashedVal{validator: val, infraction: infraction})
Expand Down
Loading

0 comments on commit accf2a9

Please sign in to comment.