Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tendermint light client: check_{header,misbehaviour}_and_update_state() missing trusted_validator_set hash check #583

Closed
Tracked by #535
plafer opened this issue Mar 30, 2023 · 0 comments · Fixed by #584
Closed
Tracked by #535

tendermint light client: check_{header,misbehaviour}_and_update_state() missing trusted_validator_set hash check #583

plafer opened this issue Mar 30, 2023 · 0 comments · Fixed by #584
Assignees
@plafer
Labels
A: bug Admin: something isn't working A: critical Admin: critical or Important
Milestone
v0.37.0

Comments

@plafer
Copy link
Contributor

plafer commented Mar 30, 2023
edited
Loading

Bug Summary

Problem is here.

We need to add a check hash(header.trusted_validator_set) == trusted_consensus_state.next_validators_hash. This corresponds to ibc-go's checkTrustedHeader() function.

Description

The light client only keeps the hash of validator sets on chain, as the full set would be too costly to store. Therefore, we rely on the relayer to supply the full validator sets for us when updating a client (in this particular case, stored in Header.trusted_validator_set).

We should never blindly trust what a relayer gives us though. In this case, we should make sure that the relayer passed us the right validator by checking that its hash is the same as the hash we have stored on chain at trusted_consensus_state.next_validators_hash.

Today, we are missing that check, so effectively we're blindly trusting the relayer for that field.
@plafer plafer added A: bug Admin: something isn't working A: critical Admin: critical or Important labels Mar 30, 2023
@plafer plafer self-assigned this Mar 30, 2023
This was referenced Mar 30, 2023
Merged
Merged
@Farhad-Shabani Farhad-Shabani moved this to 🏗️ In Progress in ibc-rs Mar 30, 2023
@plafer plafer changed the title tendermint light client: check_header_and_update_state() missing trusted_validator_set hash check tendermint light client: check_{header,misbehaviour}_and_update_state() missing trusted_validator_set hash check Mar 31, 2023
@Farhad-Shabani Farhad-Shabani mentioned this issue Apr 5, 2023
Closed
@github-project-automation github-project-automation bot moved this from 🏗️ In Progress to ✅ Done in ibc-rs Apr 13, 2023
@Farhad-Shabani Farhad-Shabani added this to the v0.37.0 milestone Apr 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@plafer plafer

Labels
A: bug Admin: something isn't working A: critical Admin: critical or Important
Projects
None yet
Milestone
v0.37.0
Development

Successfully merging a pull request may close this issue.

Replace check_header_and_update_state with an architecture similar to ibc-go informalsystems/ibc-rs
2 participants
@plafer @Farhad-Shabani