* witnesses are dropped after no response
* test witness dropout
* corrected import structure
* moved non responsiveness check to compare function
* removed dropout test as witnesses are never dropped
* created test to compare witnesses
* validate trust options
* add NewClientFromTrustedStore func
* make maxRetryAttempts an option
Closes#4370
* hash size should be equal to tmhash.Size
* make maxRetryAttempts uint
* make maxRetryAttempts uint16
maxRetryAttempts possible - 68 years
* we do not store trustingPeriod
* added test to create client from trusted store
* remove header and vals from primary
to make sure we're restoring them from the DB
As opposed to checking a random witness, all witnesses provided should be used as a reference against the header provided by the primary node. This increases security (at the tradeoff of speed) but also gives control to the user. The more witnesses provided, the more secure the lite client can be.
Closes#4328
When TrustedHeader(height) is called, if the height is less than the trusted height but the header is not in the trusted store then a function finds the previous lowest height with a trusted header and performs a forwards sequential verification to the header of the height that was given. If no error is found it updates the trusted store with the header and validator set for that height and can then return them to the user.
Commits:
* drafted trusted header
* created function to find previous trusted height
* updates missing headers less than the trusted height
* minor cosmetic tweaks
* incorporated suggestions
* lite2: implement Backwards verification
and add SignedHeaderAfter func to Store interface
Refs https://github.com/tendermint/tendermint/issues/4328#issuecomment-581878549
* remove unused method
* write tests
* start with next height in SignedHeaderAfter func
* fix linter errors
* address Callum's comments
Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>
Closes issue #4338
Uses a wrapper function around both the signedHeader and validatorSet calls to the primary provider which attempts to retrieve the information 5 times before deeming the provider unavailable and replacing the primary provider with the first alternative before trying recursively again (until all alternatives are depleted)
Employs a mutex lock for any operations involving the providers of the light client to ensure no operations occurs whilst the new primary is chosen.
Commits:
* created swapProvider function
* eliminates old primary provider after replacement. Uses a mutex when changing providers
* renamed to replaceProvider
* created wrapped functions for signed header and val set
* created test for primary provider replacement
* implemented suggested revisions
* created Witnesses() and Primary()
* modified backoffAndJitterTime
* modified backoffAndJitterTime
* changed backoff base and jitter to functional arguments
* implemented suggested changes
* removed backoff function
* changed exp function to match go version
* halved the backoff time
* removed seeding and added comments
* fixed incorrect test
* extract backoff timeout calc into a function
Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>
* lite2: add Start method
There are few reasons to do that:
1) separation of state and dynamics (some users will want to delay
starting the light client; does not matter we should not allow them
to create a light client object)
2) less important, but some users might not need autoUpdateRoutine and
removeNoLongerTrustedHeadersRoutine routines
* lite2: wait till routines are finished in Stop
because they are started in Start, it feels more natural to wait for
them to finish in Stop.
* lite2: add TrustedValidatorSet func
* refactor cleanup code
* changed restore header and val function to handle negative height
* reverted restoreTrustedHeaderAndNextVals() functionality
Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>
* lite2: add Start method
There are few reasons to do that:
1) separation of state and dynamics (some users will want to delay
starting the light client; does not matter we should not allow them
to create a light client object)
2) less important, but some users might not need autoUpdateRoutine and
removeNoLongerTrustedHeadersRoutine routines
* lite2: wait till routines are finished in Stop
because they are started in Start, it feels more natural to wait for
them to finish in Stop.
* lite2: add TrustedValidatorSet func
* lite2: advance to latest header
without any exponential steps
rename autoUpdate to autoUpdateRoutine
* lite2: wait in Cleanup until goroutines finished running
* lite2: move AutoClient into Client
Most of the users will want auto update feature, so it makes sense to
move it into the Client itself, rather than having a separate
abstraction (it makes the code cleaner, but introduces an extra thing
the user will need to learn).
Also, add `FirstTrustedHeight` func to Client to get first trusted height.
* fix db store tests
* separate examples for auto and manual clients
* AutoUpdate tries to update to latest state
NOT 1 header at a time
* fix errors
* lite2: make Logger an option
remove SetLogger func
* fix lite cmd
* lite2: make concurrency assumptions explicit
* fixes after my own review
* no need for nextHeightFn
sequence func will download intermediate headers
* correct comment
* dep: update tm-db to 0.4.0
- update 0.4.0 as it is a breaking change and cannot be handled by depndabot
Signed-off-by: Marko Baricevic <marbar3778@yahoo.com>
* more work towards error handling
* error and emtpy bytes handling
* work on tests
* add changelog entry, change some error handling
* address some pr comments
* panic in a few more places
* move error higher up
* redo some error handling
* fix some bz == nil to len(bz) == 0
* change statebytes
* lint: golint issue fixes
- on my local machine golint is a lot stricter than the bot so slowly going through and fixing things.
Signed-off-by: Marko Baricevic <marbar3778@yahoo.com>
* more fixes from golint
* remove isPeerPersistentFn
* add changelog entry
* libs/common: Refactor libs/common 5
- move mathematical functions and types out of `libs/common` to math pkg
- move net functions out of `libs/common` to net pkg
- move string functions out of `libs/common` to strings pkg
- move async functions out of `libs/common` to async pkg
- move bit functions out of `libs/common` to bits pkg
- move cmap functions out of `libs/common` to cmap pkg
- move os functions out of `libs/common` to os pkg
Signed-off-by: Marko Baricevic <marbar3778@yahoo.com>
* fix testing issues
* fix tests
closes#41417
woooooooooooooooooo kill the cmn pkg
Signed-off-by: Marko Baricevic <marbar3778@yahoo.com>
* add changelog entry
* fix goimport issues
* run gofmt
* libs/common: Refactor libs/common 4
- move byte function out of cmn to its own pkg
- move tempfile out of cmn to its own pkg
- move throttletimer to its own pkg
ref #4147
Signed-off-by: Marko Baricevic <marbar3778@yahoo.com>
* add changelog entry
* fix linting issues
* libs/common: refactor libs common 3
- move nil.go into types folder and make private
- move service & baseservice out of common into service pkg
ref #4147
Signed-off-by: Marko Baricevic <marbar3778@yahoo.com>
* add changelog entry
* libs/common: refactor libs/common 2
- move random function to there own pkg
Signed-off-by: Marko Baricevic <marbar3778@yahoo.com>
* change imports and usage throughout repo
* fix goimports
* add changelog entry
* types: change `Commit` to consist of just signatures
These are final changes towards removing votes from commit and leaving
only signatures (see ADR-25)
Fixes#1648
* bring back TestCommitToVoteSetWithVotesForAnotherBlockOrNilBlock
+ add absent flag to Vote to indicate that it's for another block
* encode nil votes as CommitSig with BlockIDFlagAbsent
+ make Commit#Precommits array of non-pointers
because precommit will never be nil
* add NewCommitSigAbsent and Absent() funcs
* uncomment validation in CommitSig#ValidateBasic
* add comments to ValidatorSet funcs
* add a changelog entry
* break instead of continue
continue does not make sense in these cases
* types: rename Commit#Precommits to Signatures
* swagger: fix /commit response
* swagger: change block_id_flag type
* fix merge conflicts
Refs #1771
ADR: https://github.com/tendermint/tendermint/blob/master/docs/architecture/adr-044-lite-client-with-weak-subjectivity.md
## Commits:
* add Verifier and VerifyCommitTrusting
* add two more checks
make trustLevel an option
* float32 for trustLevel
* check newHeader time
* started writing lite Client
* unify Verify methods
* ensure h2.Header.bfttime < h1.Header.bfttime + tp
* move trust checks into Verify function
* add more comments
* more docs
* started writing tests
* unbonding period failures
* tests are green
* export ErrNewHeaderTooFarIntoFuture
* make golangci happy
* test for non-adjusted headers
* more precision
* providers and stores
* VerifyHeader and VerifyHeaderAtHeight funcs
* fix compile errors
* remove lastVerifiedHeight, persist new trusted header
* sequential verification
* remove TrustedStore option
* started writing tests for light client
* cover basic cases for linear verification
* bisection tests PASS
* rename BisectingVerification to SkippingVerification
* refactor the code
* add TrustedHeader method
* consolidate sequential verification tests
* consolidate skipping verification tests
* rename trustedVals to trustedNextVals
* start writing docs
* ValidateTrustLevel func and ErrOldHeaderExpired error
* AutoClient and example tests
* fix errors
* update doc
* remove ErrNewHeaderTooFarIntoFuture
This check is unnecessary given existing a) ErrOldHeaderExpired b)
h2.Time > now checks.
* return an error if we're at more recent height
* add comments
* add LastSignedHeaderHeight method to Store
I think it's fine if Store tracks last height
* copy over proxy from old lite package
* make TrustedHeader return latest if height=0
* modify LastSignedHeaderHeight to return an error if no headers exist
* copy over proxy impl
* refactor proxy and start http lite client
* Tx and BlockchainInfo methods
* Block method
* commit method
* code compiles again
* lite client compiles
* extract updateLiteClientIfNeededTo func
* move final parts
* add placeholder for tests
* force usage of lite http client in proxy
* comment out query tests for now
* explicitly mention tp: trusting period
* verify nextVals in VerifyHeader
* refactor bisection
* move the NextValidatorsHash check into updateTrustedHeaderAndVals
+ update the comment
* add ConsensusParams method to RPC client
* add ConsensusParams to rpc/mock/client
* change trustLevel type to a new cmn.Fraction type
+ update SkippingVerification comment
* stress out trustLevel is only used for non-adjusted headers
* fixes after Fede's review
Co-authored-by: Federico Kunze <31522760+fedekunze@users.noreply.github.com>
* compare newHeader with a header from an alternative provider
* save pivot header
Refs https://github.com/tendermint/tendermint/pull/3989#discussion_r349122824
* check header can still be trusted in TrustedHeader
Refs https://github.com/tendermint/tendermint/pull/3989#discussion_r349101424
* lite: update Validators and Block endpoints
- Block no longer contains BlockMeta
- Validators now accept two additional params: page and perPage
* make linter happy