-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix Timing Issues on UpdateClient #5764
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we adopt the upstream Tendermint clockSkew
change instead?
x/ibc/07-tendermint/update.go
Outdated
@@ -85,6 +85,8 @@ func checkValidity( | |||
} | |||
|
|||
// Verify next header with the last header's validatorset as trusted validatorset | |||
// TODO: Figure out a better way to add some leeway in currentTimestamp checking either in Tendermint or here |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Per @melekes it sounds like this has just been fixed upstream, so let's remove this and instead update upstream?
// assert header timestamp is not in the future (& transitively that is not past the trusting period) | ||
if header.Time.Unix() > currentTimestamp.Unix() { | ||
// assert header timestamp is not past the trusting period | ||
if header.Time.Sub(clientState.GetLatestTimestamp()) >= clientState.TrustingPeriod { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks fine, see cosmos/ibc#390 (review).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ACK
Description
Checking the header against the local time introduces a lot of timing issues in the relayer. We can achieve the same security by explicitly checking if header.Timestamp has past trusting period.
ref @zmanian comment: cosmos/ibc#367 (comment)
For contributor use:
docs/
) or specification (x/<module>/spec/
)godoc
comments.Unreleased
section inCHANGELOG.md
Files changed
in the Github PR explorerFor admin use:
WIP
,R4R
,docs
, etc)