Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix Timing Issues on UpdateClient #5764

Merged
merged 6 commits into from
Mar 9, 2020
Merged

Fix Timing Issues on UpdateClient #5764

merged 6 commits into from
Mar 9, 2020

Conversation

AdityaSripal
Copy link
Member

Description

Checking the header against the local time introduces a lot of timing issues in the relayer. We can achieve the same security by explicitly checking if header.Timestamp has past trusting period.

ref @zmanian comment: cosmos/ibc#367 (comment)

For contributor use:

  • Targeted PR against correct branch (see CONTRIBUTING.md)
  • Linked to Github issue with discussion and accepted design OR link to spec that describes this work.
  • Code follows the module structure standards.
  • Wrote unit and integration tests
  • Updated relevant documentation (docs/) or specification (x/<module>/spec/)
  • Added relevant godoc comments.
  • Added a relevant changelog entry to the Unreleased section in CHANGELOG.md
  • Re-reviewed Files changed in the Github PR explorer

For admin use:

  • Added appropriate labels to PR (ex. WIP, R4R, docs, etc)
  • Reviewers assigned
  • Squashed all commits, uses message "Merge pull request #XYZ: [title]" (coding standards)

@AdityaSripal AdityaSripal changed the base branch from master to ibc-alpha March 8, 2020 00:40
@AdityaSripal AdityaSripal changed the base branch from ibc-alpha to aditya/remove-nextvalset March 8, 2020 00:41
cwgoes
cwgoes suggested changes Mar 9, 2020
View reviewed changes
Copy link
Contributor

@cwgoes cwgoes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we adopt the upstream Tendermint clockSkew change instead?

x/ibc/07-tendermint/update.go Outdated
@@ -85,6 +85,8 @@ func checkValidity(
}

// Verify next header with the last header's validatorset as trusted validatorset
// TODO: Figure out a better way to add some leeway in currentTimestamp checking either in Tendermint or here
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Per @melekes it sounds like this has just been fixed upstream, so let's remove this and instead update upstream?

x/ibc/07-tendermint/update.go
// assert header timestamp is not in the future (& transitively that is not past the trusting period)
if header.Time.Unix() > currentTimestamp.Unix() {
// assert header timestamp is not past the trusting period
if header.Time.Sub(clientState.GetLatestTimestamp()) >= clientState.TrustingPeriod {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks fine, see cosmos/ibc#390 (review).

cwgoes
cwgoes approved these changes Mar 9, 2020
View reviewed changes
Copy link
Contributor

@cwgoes cwgoes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK

@AdityaSripal AdityaSripal changed the base branch from aditya/remove-nextvalset to ibc-alpha March 9, 2020 18:22
@AdityaSripal AdityaSripal merged commit aed047d into ibc-alpha Mar 9, 2020
@AdityaSripal AdityaSripal deleted the aditya/robust-timing branch March 9, 2020 18:23
@AdityaSripal AdityaSripal mentioned this pull request Mar 9, 2020
Closed
11 tasks
@AdityaSripal AdityaSripal restored the aditya/robust-timing branch March 9, 2020 18:26
@AdityaSripal AdityaSripal mentioned this pull request Mar 9, 2020
Closed
@colin-axner colin-axner deleted the aditya/robust-timing branch October 8, 2020 09:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cwgoes cwgoes cwgoes approved these changes

@alessio alessio Awaiting requested review from alessio

@alexanderbez alexanderbez Awaiting requested review from alexanderbez

@fedekunze fedekunze Awaiting requested review from fedekunze

@hschoenburg hschoenburg Awaiting requested review from hschoenburg

@nylira nylira Awaiting requested review from nylira

@jackzampolin jackzampolin Awaiting requested review from jackzampolin jackzampolin is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@AdityaSripal @cwgoes