Zero out client state before processing upgraded client proof #292
Assignees
Labels
07-tendermint
type: refactor
Architecture, code or CI improvements that may or may not tackle technical debt.
Milestone
Comments
crodriguezvega
added
07-tendermint
type: refactor
faddat
pushed a commit
to notional-labs/ibc-go
that referenced
this issue
Mar 1, 2022
faddat
pushed a commit
to notional-labs/ibc-go
that referenced
this issue
Mar 1, 2022
* WIP contextual codecs * Push changes * WIP * Merge PR cosmos#319: Remove GetSignBytes usage * Merge PR cosmos#314: Fix timeout determination * fix mutex * fix timeout bug * fix GetSignBytes * address other calls to GetSignBytes Co-authored-by: Jack Zampolin <jack.zampolin@gmail.com> * Working version * Update retries for better errors * Update import paths and address cosmos#292 * Address cosmos#293 * Address cosmos#295 * Address cosmos#315 * Add defensive key checks per cosmos#297 * Add flags for timeout offsets * Update retries to have better and more explainatory errors * WIP acks * Update to remove replace * update to sdk master * Update sdk and make changes * WIP timeouts and acks, strategy refactor * WIP cleanup * update to v0.40.0-rc2 * Refactor path generation and status * Merge PR cosmos#274: feat: allow building a shared library Co-authored-by: colin axnér <25233464+colin-axner@users.noreply.github.com> Co-authored-by: Michael FIG <mfig@agoric.com>
|
So do we need to do something like this? // Verify client proof
zeroedUpgradedClient := upgradedClient.ZeroCustomFields()
bz, err := cdc.MarshalInterface(zeroedUpgradedClient)
if err != nil {
return nil, nil, sdkerrors.Wrapf(clienttypes.ErrInvalidClient, "could not marshal client state: %v", err)
}
// construct clientState Merkle path
upgradeClientPath := constructUpgradeClientMerklePath(cs.UpgradePath, lastHeight)
if err := merkleProofClient.VerifyMembership(cs.ProofSpecs, consState.GetRoot(), upgradeClientPath, bz); err != nil {
return nil, nil, sdkerrors.Wrapf(err, "client state proof failed. Path: %s", upgradeClientPath.Pretty())
} |
|
Correct, this should be done with the 02-client refactor |
9 tasks
9 tasks
|
closed by #1674 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Summary
In 07-tendermint, we check the proof against the submitted upgraded client state. If the relayer submits the zeroed out client state wrong, it fails. We should zero out the client state before checking the proof. If the proof works for the zeroed out client state, no need to prevent an upgrade because a relayer implementation was incorrect
For Admin Use
The text was updated successfully, but these errors were encountered: