Closes#4926
The dump consensus state had this:
"last_commit": {
"votes": [
"Vote{0:04CBBF43CA3E 385085/00/2(Precommit) 1B73DA9FC4C8 42C97B86D89D @ 2020-05-27T06:46:51.042392895Z}",
"Vote{1:055799E028FA 385085/00/2(Precommit) 652B08AD61EA 0D507D7FA3AB @ 2020-06-28T04:57:29.20793209Z}",
"Vote{2:056024CFA910 385085/00/2(Precommit) 652B08AD61EA C8E95532A4C3 @ 2020-06-28T04:57:29.452696998Z}",
"Vote{3:0741C95814DA 385085/00/2(Precommit) 652B08AD61EA 36D567615F7C @ 2020-06-28T04:57:29.279788593Z}",
Note there's a precommit in there from the first val from May (2020-05-27) while the rest are from today (2020-06-28). It suggests there's a validator from an old instance of the network at this height (they're using the same chain-id!). Obviously a single bad validator shouldn't be an issue. But the Commit refactor work introduced a bug.
When we propose a block, we get the block.LastCommit by calling MakeCommit on the set of precommits we saw for the last height. This set may include precommits for a different block, and hence the block.LastCommit we propose may include precommits that aren't actually for the last block (but of course +2/3 will be). Before v0.33, we just skipped over these precommits during verification. But in v0.33, we expect all signatures for a blockID to be for the same block ID! Thus we end up proposing a block that we can't verify.
Since the light client work introduced in v0.33 it appears full nodes
are no longer fully verifying commit signatures during block execution -
they stop after +2/3. See in VerifyCommit:
0c7fd316eb/types/validator_set.go (L700-L703)
This means proposers can propose blocks that contain valid +2/3
signatures and then the rest of the signatures can be whatever they
want. They can claim that all the other validators signed just by
including a CommitSig with arbitrary signature data. While this doesn't
seem to impact safety of Tendermint per se, it means that Commits may
contain a lot of invalid data. This is already true of blocks, since
they can include invalid txs filled with garbage, but in that case the
application knows they they are invalid and can punish the proposer. But
since applications dont verify commit signatures directly (they trust
tendermint to do that), they won't be able to detect it.
This can impact incentivization logic in the application that depends on
the LastCommitInfo sent in BeginBlock, which includes which validators
signed. For instance, Gaia incentivizes proposers with a bonus for
including more than +2/3 of the signatures. But a proposer can now claim
that bonus just by including arbitrary data for the final -1/3 of
validators without actually waiting for their signatures. There may be
other tricks that can be played because of this.
In general, the full node should be a fully verifying machine. While
it's true that the light client can avoid verifying all signatures by
stopping after +2/3, the full node can not. Thus the light client and
full node should use distinct VerifyCommit functions if one is going to
stop after +2/3 or otherwise perform less validation (for instance light
clients can also skip verifying votes for nil while full nodes can not).
See a commit with a bad signature that verifies here: 56367fd. From what
I can tell, Tendermint will go on to think this commit is valid and
forward this data to the app, so the app will think the second validator
actually signed when it clearly did not.
In order to have more control over the mempool implementation,
introduce a new exported function RemoveTxByKey.
Export also TxKey() and TxKeySize. Use TxKeySize const instead of
sha256.size, so future changes on the hash function won't break the API.
Allows using a TxKey (32 bytes reference) as parameter instead of
the complete array set. So the application layer does not need to
keep track of the whole transaction but only of the sha256 hash (32 bytes).
This function is useful when mempool.Recheck is disabled.
Allows the Application layer to implement its own cleaning mechanism
without having to re-implement the whole mempool interface.
Mempool.Update() would probably also need to change from txBytes to txKey,
but that would require to change the Interface thus will break backwards
compatibility. For now RemoveTxByKey() looks like a good compromise,
it won't break anything and will help to solve some mempool issues from the
application layer.
Signed-off-by: p4u <pau@dabax.net>
## Description
partially cleanup in preparation for errcheck
i ignored a bunch of defer errors in tests but with the update to go 1.14 we can use `t.Cleanup(func() { if err := <>; err != nil {..}}` to cover those errors, I will do this in pr number two of enabling errcheck.
ref #5059
## Description
To provide the ability to add more message types without needing to cause a breaking change the mempool message was migrated to a oneof.
Closes: #XXX
fix bug so that PotentialAmnesiaEvidence is being gossiped
handle inbound amnesia evidence correctly
add method to check if potential amnesia evidence is on trial
fix a bug with the height when we upgrade to amnesia evidence
change evidence to using just pointers.
More logging in the evidence module
Co-authored-by: Marko <marbar3778@yahoo.com>
* types: reject blocks w/ ConflictingHeadersEvidence
Closes#5037
* types: reject blocks w/ PotentialAmnesiaEvidence
as well
PotentialAmnesiaEvidence does not contribute anything on its own,
therefore should not be committed on chain.
* fix lint issue
Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.6.0 to 1.7.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/prometheus/client_golang/releases">github.com/prometheus/client_golang's releases</a>.</em></p>
<blockquote>
<h2>1.7.0 / 2020-06-17</h2>
<ul>
<li>[CHANGE] API client: Add start/end parameters to <code>LabelNames</code> and <code>LabelValues</code>. <a href="https://github-redirect.dependabot.com/prometheus/client_golang/issues/767">#767</a></li>
<li>[FEATURE] testutil: Add <code>GatherAndCount</code> and enable filtering in <code>CollectAndCount</code> <a href="https://github-redirect.dependabot.com/prometheus/client_golang/issues/753">#753</a></li>
<li>[FEATURE] API client: Add support for <code>status</code> and <code>runtimeinfo</code> endpoints. <a href="https://github-redirect.dependabot.com/prometheus/client_golang/issues/755">#755</a></li>
<li>[ENHANCEMENT] Wrapping <code>nil</code> with a <code>WrapRegistererWith...</code> function creates a no-op <code>Registerer</code>. <a href="https://github-redirect.dependabot.com/prometheus/client_golang/issues/764">#764</a></li>
<li>[ENHANCEMENT] promlint: Allow Kelvin as a base unit for cases like color temperature. <a href="https://github-redirect.dependabot.com/prometheus/client_golang/issues/761">#761</a></li>
<li>[BUGFIX] push: Properly handle empty job and label values. <a href="https://github-redirect.dependabot.com/prometheus/client_golang/issues/752">#752</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/prometheus/client_golang/blob/master/CHANGELOG.md">github.com/prometheus/client_golang's changelog</a>.</em></p>
<blockquote>
<h2>1.7.0 / 2020-06-17</h2>
<ul>
<li>[CHANGE] API client: Add start/end parameters to <code>LabelNames</code> and <code>LabelValues</code>. <a href="https://github-redirect.dependabot.com/prometheus/client_golang/issues/767">#767</a></li>
<li>[FEATURE] testutil: Add <code>GatherAndCount</code> and enable filtering in <code>CollectAndCount</code> <a href="https://github-redirect.dependabot.com/prometheus/client_golang/issues/753">#753</a></li>
<li>[FEATURE] API client: Add support for <code>status</code> and <code>runtimeinfo</code> endpoints. <a href="https://github-redirect.dependabot.com/prometheus/client_golang/issues/755">#755</a></li>
<li>[ENHANCEMENT] Wrapping <code>nil</code> with a <code>WrapRegistererWith...</code> function creates a no-op <code>Registerer</code>. <a href="https://github-redirect.dependabot.com/prometheus/client_golang/issues/764">#764</a></li>
<li>[ENHANCEMENT] promlint: Allow Kelvin as a base unit for cases like color temperature. <a href="https://github-redirect.dependabot.com/prometheus/client_golang/issues/761">#761</a></li>
<li>[BUGFIX] push: Properly handle empty job and label values. <a href="https://github-redirect.dependabot.com/prometheus/client_golang/issues/752">#752</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="b05e50c929"><code>b05e50c</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/prometheus/client_golang/issues/769">#769</a> from prometheus/beorn7/release</li>
<li><a href="cc5731c16c"><code>cc5731c</code></a> Cut v1.7.0</li>
<li><a href="3c8b15fa0d"><code>3c8b15f</code></a> Update dependencies</li>
<li><a href="c304bb07a6"><code>c304bb0</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/prometheus/client_golang/issues/767">#767</a> from Nexucis/feature/labelNames-parameter</li>
<li><a href="3defbd9c7c"><code>3defbd9</code></a> add start/end parameter for LabelValues</li>
<li><a href="6ce5f2ca8a"><code>6ce5f2c</code></a> add start/end parameter for LabelNames</li>
<li><a href="03575cad4e"><code>03575ca</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/prometheus/client_golang/issues/764">#764</a> from prometheus/wrap-nil</li>
<li><a href="9c8ba1f945"><code>9c8ba1f</code></a> Review feedback: add comment and tests for WrapRegistererWith.</li>
<li><a href="614377c550"><code>614377c</code></a> Review feedback: use one line.</li>
<li><a href="8961609f91"><code>8961609</code></a> Ensure that nil registers are treat as a no-op, even when wrapping.</li>
<li>Additional commits viewable in <a href="https://github.com/prometheus/client_golang/compare/v1.6.0...v1.7.0">compare view</a></li>
</ul>
</details>
<br />
[![Dependabot compatibility score](https://api.dependabot.com/badges/compatibility_score?dependency-name=github.com/prometheus/client_golang&package-manager=go_modules&previous-version=1.6.0&new-version=1.7.0)](https://dependabot.com/compatibility-score/?dependency-name=github.com/prometheus/client_golang&package-manager=go_modules&previous-version=1.6.0&new-version=1.7.0)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
Dependabot will merge this PR once CI passes on it, as requested by @marbar3778.
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
</details>
## Description
This PR removes options in picking different pubkey types. We don't support anything other than ed25519 so this was redundant.
We only ever supported ed25519 keys so not sure why we exposed different options.
Not sure if this needs a changelog entry ?
Closes: #XXX
## Description
This PR moves all proto files under one dir (`/proto`). The script to generate adding functionality to copy the files that still need to be in the same place. (abci & rpc)
renames every proto package from `tendermint.proto.<pkg_name>` to `tendermint.<pkg_name>`
Removes unneeded types in privval proto directory
Closes: #XXX
* test-vectors for backwards compatibility:
- copy & paste test-vectors from v0.33.5 to ensure
backwards compatibility for vote's SignBytes
* WIP: everything besides time seems to match :-/
* almost
* Found the culprit: field nums weren't consecutive ints ...
* fix order of partset header too
* this last votes-related test can easily be fixed
* some minor changes and fix last failing test
* move proto types back to stdtime, fix various linting
* use libs/protoio
* remvoe commented code
* add comments
* fix tests
* uncomment testscases
* dont ignore error panic
* fix signable test
* fix happy path testing
* fix comment
Co-authored-by: Marko Baricevic <marbar3778@yahoo.com>
## Description
Update gogoproto tools cmd to download the correct version. I still need to update the docker container and test that they generate the same
Closes: #XXX