Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CreateValidator self delegation must be at least one consensus power #8909

Merged
merged 14 commits into from
Mar 22, 2021

Conversation

colin-axner
Copy link
Contributor

@colin-axner colin-axner commented Mar 17, 2021

Description

closes: #8908

Inspired by 768 on gaia (and all the other folks who have faced this infamous error)


Before we can merge this PR, please make sure that all the following items have been
checked off. If any of the checklist items are not applicable, please leave them but
write a little note why.

  • Targeted PR against correct branch (see CONTRIBUTING.md)
  • Linked to Github issue with discussion and accepted design OR link to spec that describes this work.
  • Code follows the module structure standards.
  • Wrote unit and integration tests
  • Updated relevant documentation (docs/) or specification (x/<module>/spec/)
  • Added relevant godoc comments.
  • Added a relevant changelog entry to the Unreleased section in CHANGELOG.md
  • Re-reviewed Files changed in the Github PR explorer
  • Review Codecov Report in the comment section below once CI passes

…nimum

MsgCreateValidator ValidateBasic requires a self delegation of at least one consensus power, this prevents a common, but hard to debug error
Copy link
Member

@tac0turtle tac0turtle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

utACK,

Backport?

Copy link
Contributor

@cwgoes cwgoes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK, seems safe

@orijbot
Copy link

orijbot commented Mar 17, 2021

@colin-axner
Copy link
Contributor Author

colin-axner commented Mar 17, 2021

tested on a local backport to ensure it covers the error case described in the 768 issue linked above, here is the new error

panic: self delegation amount (100000) must be at least one consensus power (1000000): invalid delegation amount

The only tricky part left is the user needs to know to run unsafe-reset-all after fixing the issue

@colin-axner
Copy link
Contributor Author

Backport?

No this could cause issues since existing genesis files might have gentx's which break this validate basic check. The error this avoids only occurs when all the delegated validators have below one consensus power. I'm pretty sure the validator is still set in the store but not added to the validator set until someone delegates at least one consensus power

Copy link
Contributor

@alexanderbez alexanderbez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great catch 👍

CHANGELOG.md Outdated Show resolved Hide resolved
colin-axner and others added 2 commits March 17, 2021 15:27
Co-authored-by: Federico Kunze <31522760+fedekunze@users.noreply.github.com>
Copy link
Member

@AdityaSripal AdityaSripal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suppose I want to create a validator but do not have enough tokens myself to be in top 125 (taking Hub's case as an example). I might still want to create a validator and then stay dormant initially with the hopes that future delegations bump me into the active validator set.

I believe this should be allowed, but it looks like this PR will limit people to only creating validators if they have enough funds on their own to join the validator set.

Copy link
Member

@AdityaSripal AdityaSripal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Colin helped me realize that this PR just ensure we bond at least 1 atom, since 10^6 of the staking token is required to get 1 consensus power, regardless of the total supply or the number of active validators allowed

@fedekunze fedekunze added the A:automerge Automatically merge PR once all prerequisites pass. label Mar 17, 2021
@orijbot
Copy link

orijbot commented Mar 18, 2021

@orijbot
Copy link

orijbot commented Mar 18, 2021

@colin-axner colin-axner removed the A:automerge Automatically merge PR once all prerequisites pass. label Mar 18, 2021
@colin-axner
Copy link
Contributor Author

Looks like I have some tests and simulations to fix

Alessio Treglia and others added 3 commits March 18, 2021 11:32
Construct successfuly MsgCreateValidator to use a self delegation which is greater than the PowerReduction
@colin-axner
Copy link
Contributor Author

Fixed, lets wait to make sure sims pass

@orijbot
Copy link

orijbot commented Mar 18, 2021

@orijbot
Copy link

orijbot commented Mar 18, 2021

@orijbot
Copy link

orijbot commented Mar 18, 2021

@orijbot
Copy link

orijbot commented Mar 18, 2021

@codecov
Copy link

codecov bot commented Mar 18, 2021

Codecov Report

Merging #8909 (26528ca) into master (5bd93bf) will increase coverage by 0.01%.
The diff coverage is 92.30%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #8909      +/-   ##
==========================================
+ Coverage   59.27%   59.29%   +0.01%     
==========================================
  Files         571      572       +1     
  Lines       31827    31846      +19     
==========================================
+ Hits        18867    18884      +17     
- Misses      10757    10758       +1     
- Partials     2203     2204       +1     
Impacted Files Coverage Δ
x/staking/simulation/operations.go 73.16% <60.00%> (-0.30%) ⬇️
x/genutil/client/cli/migrate.go 68.42% <100.00%> (ø)
x/gov/legacy/v043/json.go 100.00% <100.00%> (ø)
x/gov/legacy/v043/store.go 85.71% <100.00%> (+1.09%) ⬆️
x/staking/types/msg.go 55.55% <100.00%> (+0.62%) ⬆️

@colin-axner
Copy link
Contributor Author

Adding automerge, the test fixes are pretty straightforward. The only test failing seems to be unrelated since I see it failing on other prs

@colin-axner colin-axner added the A:automerge Automatically merge PR once all prerequisites pass. label Mar 19, 2021
@orijbot
Copy link

orijbot commented Mar 19, 2021

@tac0turtle
Copy link
Member

tac0turtle commented Mar 22, 2021

@alessio do you know the sims are skipped?

@mergify mergify bot merged commit 8a37ba0 into master Mar 22, 2021
@mergify mergify bot deleted the colin/8908-staking-consensus-power branch March 22, 2021 12:41
@sunnya97
Copy link
Member

sunnya97 commented Mar 22, 2021

I think always requiring a CreateValidator to have a minimum of 1 consensus power isn't correct. At the moment, power-reduction is really low, so it is fine. However, #8505 makes power reduction an on-chain param, with the intent that some use cases might want the number of tokens needed to get one consensus power gets really high. In these cases, we want validators to be able to declare the validator without needing to provide 1 full consensus power by themselves.

To solve the problem this was meant to tackle (which I agree is quite annoying an issue), I believe an error should be thrown during the Genesis validation. A genesis file to be valid, should require that the total consensus power of all the genesis validators is >0. This seems like a better place to solve this issue than requiring all CreateValidators to have 1 consensus power self-bond, even after genesis.

@alexanderbez
Copy link
Contributor

You bring up a good point @sunnya97. I do also agree that to be the most flexible here, we should apply the intent of minimum consensus token power validation at genesis validation. Otherwise, we don't apply any validation, i.e. the old behavior.

Thoughts @colin-axner?

@colin-axner
Copy link
Contributor Author

Thanks for bringing this up @sunnya97. I agree with the proposal

It looks like we can add that check here. If my understanding is correct, than one of either staking, genutil (or potentially a different module) must make validator set changes. Since the initial state relative to InitGenesis has no validators, an empty validator update is invalid.

Does this sound right?

@alexanderbez
Copy link
Contributor

Yes, that sounds correct @colin-axner

@colin-axner colin-axner mentioned this pull request Mar 23, 2021
9 tasks
@colin-axner
Copy link
Contributor Author

colin-axner commented Mar 23, 2021

Opened #8960

Turns out every test in the SDK that uses simapp, runs with an empty validator set. Fixing this involves changing default Setup function to initialize a non-empty validator set, changing functions which attempt to initialize their own chain to use the Setup function, and modifying several tests which depend on this behaviour. I've documented this more in the pr.

This is beyond my available bandwidth so I'll likely just put this information into an issue and hope someone from the SDK team picks it up

mergify bot pushed a commit that referenced this pull request Oct 5, 2021
<!--
The default pull request template is for types feat, fix, or refactor.
For other templates, add one of the following parameters to the url:
- template=docs.md
- template=other.md
-->

## Description

Closes: #8961 

SDK allows InitGenesis to return with an empty validator set. In practice, the error for an empty validator set gets thrown in tendermint. To fix this,

* Add non-empty validator set check to the `mm.InitGenesis` function. This will break `simapp.Setup` because it relies on an empty validator set [#comment](#8909 (comment)).
* Update `simapp.Setup` to use a single validator.
* Fix failing tests (Most of them are keeper tests).

<!-- Add a description of the changes that this PR introduces and the files that
are the most critical to review. -->

---

### Author Checklist

*All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.*

I have...

- [x] included the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title
- [x] added `!` to the type prefix if API or client breaking change
- [x] targeted the correct branch (see [PR Targeting](https://github.com/cosmos/cosmos-sdk/blob/master/CONTRIBUTING.md#pr-targeting))
- [x] provided a link to the relevant issue or specification
- [x] followed the guidelines for [building modules](https://github.com/cosmos/cosmos-sdk/blob/master/docs/building-modules)
- [ ] included the necessary unit and integration [tests](https://github.com/cosmos/cosmos-sdk/blob/master/CONTRIBUTING.md#testing)
- [x] added a changelog entry to `CHANGELOG.md`
- [ ] included comments for [documenting Go code](https://blog.golang.org/godoc)
- [ ] updated the relevant documentation or specification
- [x] reviewed "Files changed" and left comments if necessary
- [ ] confirmed all CI checks have passed

### Reviewers Checklist

*All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.*

I have...

- [ ] confirmed the correct [type prefix](https://github.com/commitizen/conventional-commit-types/blob/v3.0.0/index.json) in the PR title
- [ ] confirmed `!` in the type prefix if API or client breaking change
- [ ] confirmed all author checklist items have been addressed 
- [ ] reviewed state machine logic
- [ ] reviewed API design and naming
- [ ] reviewed documentation is accurate
- [ ] reviewed tests and test coverage
- [ ] manually tested (if applicable)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
A:automerge Automatically merge PR once all prerequisites pass. C:x/staking
Projects
None yet
Development

Successfully merging this pull request may close these issues.

MsgCreateValidator should not allow a self delegation of 0 consensus power
9 participants