This repository has been archived by the owner on Aug 24, 2022. It is now read-only.
Upgrade tendermint to v0.33.9 #248
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.27.1 to 1.28.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.27.1...v1.28.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
…554) Bumps [github.com/tendermint/tm-db](https://github.com/tendermint/tm-db) from 0.4.1 to 0.5.0. - [Release notes](https://github.com/tendermint/tm-db/releases) - [Changelog](https://github.com/tendermint/tm-db/blob/master/CHANGELOG.md) - [Commits](tendermint/tm-db@v0.4.1...v0.5.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* deps: bump deps that bot cant - bumping deps that dependat bot does not do. Signed-off-by: Marko Baricevic <marbar3778@yahoo.com> * run go mod tidy * fix go.sum
Closes #4392 Refs #4504
closes #3602 Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>
p2p: ban bad peers
p2p: Update Changelog with ban list PR - #4548
Co-authored-by: Marko <marbar3778@yahoo.com>
Bumps [github.com/golang/protobuf](https://github.com/golang/protobuf) from 1.3.4 to 1.3.5. - [Release notes](https://github.com/golang/protobuf/releases) - [Commits](golang/protobuf@v1.3.4...v1.3.5) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
- remove tools/build folder Signed-off-by: Marko Baricevic <marbar3778@yahoo.com>
Closes #3433
Closes tendermint/tendermint#3857 Moves `lib/` folder to `jsonrpc/`. Renames: **packages** `rpc` package -> `jsonrpc` package `rpcclient` package -> `client` package `rpcserver` package -> `server` package **structs and interfaces** ``` JSONRPCClient to Client JSONRPCRequestBatch to RequestBatch JSONRPCCaller to Caller ``` **functions** ``` StartHTTPServer to Serve StartHTTPAndTLSServer to ServeTLS rpc/jsonrpc/client: rename NewURIClient to NewURI NewJSONRPCClient to New NewJSONRPCClientWithHTTPClient to NewWithHTTPClient NewWSClient to NewWS ``` **misc** - unexpose `ResponseWriterWrapper` - remove unused http_params.go
in /validators, /consensus_params and /status Closes #3161
fix bug with assigning the new pivot height during bisection. PR: #4850
these proto files are meant to help unblock ibc in their quest of migrating the ibc module to proto.
Since the light client work introduced in v0.33 it appears full nodes are no longer fully verifying commit signatures during block execution - they stop after +2/3. See in VerifyCommit: https://github.com/tendermint/tendermint/blob/0c7fd316eb006c0afc13996c00ac8bde1078b32c/types/validator_set.go#L700-L703 This means proposers can propose blocks that contain valid +2/3 signatures and then the rest of the signatures can be whatever they want. They can claim that all the other validators signed just by including a CommitSig with arbitrary signature data. While this doesn't seem to impact safety of Tendermint per se, it means that Commits may contain a lot of invalid data. This is already true of blocks, since they can include invalid txs filled with garbage, but in that case the application knows they they are invalid and can punish the proposer. But since applications dont verify commit signatures directly (they trust tendermint to do that), they won't be able to detect it. This can impact incentivization logic in the application that depends on the LastCommitInfo sent in BeginBlock, which includes which validators signed. For instance, Gaia incentivizes proposers with a bonus for including more than +2/3 of the signatures. But a proposer can now claim that bonus just by including arbitrary data for the final -1/3 of validators without actually waiting for their signatures. There may be other tricks that can be played because of this. In general, the full node should be a fully verifying machine. While it's true that the light client can avoid verifying all signatures by stopping after +2/3, the full node can not. Thus the light client and full node should use distinct VerifyCommit functions if one is going to stop after +2/3 or otherwise perform less validation (for instance light clients can also skip verifying votes for nil while full nodes can not). See a commit with a bad signature that verifies here: 56367fd. From what I can tell, Tendermint will go on to think this commit is valid and forward this data to the app, so the app will think the second validator actually signed when it clearly did not.
Closes #4926
The dump consensus state had this:
"last_commit": {
"votes": [
"Vote{0:04CBBF43CA3E 385085/00/2(Precommit) 1B73DA9FC4C8 42C97B86D89D @ 2020-05-27T06:46:51.042392895Z}",
"Vote{1:055799E028FA 385085/00/2(Precommit) 652B08AD61EA 0D507D7FA3AB @ 2020-06-28T04:57:29.20793209Z}",
"Vote{2:056024CFA910 385085/00/2(Precommit) 652B08AD61EA C8E95532A4C3 @ 2020-06-28T04:57:29.452696998Z}",
"Vote{3:0741C95814DA 385085/00/2(Precommit) 652B08AD61EA 36D567615F7C @ 2020-06-28T04:57:29.279788593Z}",
Note there's a precommit in there from the first val from May (2020-05-27) while the rest are from today (2020-06-28). It suggests there's a validator from an old instance of the network at this height (they're using the same chain-id!). Obviously a single bad validator shouldn't be an issue. But the Commit refactor work introduced a bug.
When we propose a block, we get the block.LastCommit by calling MakeCommit on the set of precommits we saw for the last height. This set may include precommits for a different block, and hence the block.LastCommit we propose may include precommits that aren't actually for the last block (but of course +2/3 will be). Before v0.33, we just skipped over these precommits during verification. But in v0.33, we expect all signatures for a blockID to be for the same block ID! Thus we end up proposing a block that we can't verify.
…(#4895) in consensus/state.go, when calulating metrics, retrieve address (ergo, pubkey) once prior to iterating over validatorset to ensure we do not make excessive calls to signer. Partially closes: #4865
…l based on it (#5638) Partially closes #5550
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
ejfitzgerald
approved these changes
Apr 29, 2021
* fix #241 : flaky test reporting invalid header time Backported from v0.34.10 fix at tendermint/tendermint@4b99502
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
bump tendermint from v0.33.3 to v0.33.9