Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix!: Remove panics on failure to send IBC packets #876

Merged
merged 13 commits into from
May 22, 2023

Conversation

mpoke
Copy link
Contributor

@mpoke mpoke commented Apr 24, 2023

Description

Closes: #731

On both the provider and consumer, if the sent fails, the packet is kept in the queue and a re-sent is attempt in the next block.

  • Replace the panic on the provider with StopConsumerChain. Note that most likely if the send if failing here, the consumer is malicious and it should be removed.
  • Replace the panic on the consumer with an error message. If packets are not eventually sent and relayed, the vscTimeout on the provider will be triggered and the consumer will be removed.

Author Checklist

All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.

I have...

  • Included the correct type prefix in the PR title
  • Added ! to the type prefix if API or client breaking change
  • Targeted the correct branch (see PR Targeting)
  • Provided a link to the relevant issue or specification
  • Followed the guidelines for building SDK modules
  • Included the necessary unit and integration tests
    • @smarshall-spitzbart could you please add the necessary tests (it seems that no tests were broken)
  • Added a changelog entry to CHANGELOG.md
  • Included comments for documenting Go code
  • Updated the relevant documentation or specification
    • @MSalopek Do we have docs on this behavior or it's too involved for the docs?
  • Reviewed "Files changed" and left comments if necessary
  • Confirmed all CI checks have passed

Reviewers Checklist

All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.

I have...

  • confirmed the correct type prefix in the PR title
  • confirmed ! in the type prefix if API or client breaking change
  • confirmed all author checklist items have been addressed
  • reviewed state machine logic
  • reviewed API design and naming
  • reviewed documentation is accurate
  • reviewed tests and test coverage

panic(fmt.Errorf("packet could not be sent over IBC: %w", err))
// Not able to send packet over IBC!
k.Logger(ctx).Error("cannot send VSC, removing consumer:", "chainID", chainID, "vscid", data.ValsetUpdateId, "err", err.Error())
// If this happens, most likely the consumer is malicious; remove it
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mpoke it's not intuitive to me why a failed IBC send would always indicate a malicious consumer. The error being returned could be caused by corrupted IBC state on the provider, where stoping a consumer could make such a scenario worse

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here's my analysis on the reasons for ccv.SendIBCPacket to return error on the provider side:

  • Channel not found – not possible as SendIBCPacket is called only for consumer with an established CCV channel and channels are not removed from the IBC module
  • Module does not own channel capability – not possible as the capability was already claimed in OnChanOpenTry, before the CCV channel was marked as established
  • The next sequence send is not found – if that happens, something is wrong with the IBC module store
  • The packet sent failed basic validation – if that happens, something is wrong with the code on the provider chain as the packet is constructed in SendIBCPacket
  • The channel’s state is CLOSED – an opened channel can be closed only by one of the following functions
    • channelKeeper.ChanCloseInit, which is called on the provider only when the consumer chain is removed (note that OnChanCloseInit returns an error, thus user-initiated channel closing are not allowed)
    • channelKeeper.ChanCloseConfirm, which entails that the consumer endpoint of the channel is CLOSED; this can happen only if the consumer receives a negative ack for a packet sent to the provider
      • Attack: A malicious consumer could send an invalid SlashPacket that fails ValidateSlashPacket, this would lead to a nack sent to the consumer, which results in channelKeeper.ChanCloseInit being called on the consumer. Finally, this would enable a relayer to send a MsgChannelCloseConfirm to the provider, which would move the channel’s state to CLOSED without updating the ChainToChannel state.
    • channelKeeper.TimeoutExecuted, which means that OnTimeoutPacket is first executed on the provider, which results in the consumer chain being removed (i.e., the ChainToChannel state is being updated).
  • The packet’s destination channelD and portID do not match the ones of the counterparty endpoint – not possible due to construction of the packet
  • There is no underlying connection – not possible as it was checked during the handshake
  • There is no underlying client state – not possible as it was checked during the handshake
  • The packet is already timed out on the consumer – not possible as the packet timeout is set in SendIBCPacket to the current block timestamp plus the timeout period and the latest known timestamp on the consumer cannot be larger than this packet timeout.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To be more conservative, we could just log an error and leave the packets in the queue. Operators need to notice that VSCPackets are no longer being relayed, otherwise the unbondings in those packets will never complete. Note that the VSC timeout is set when the packet is sent, and not when it's queued.

So we run the risk of nobody noticing for a while, which will affect users. Once we notice, we need to either do an emergency upgrade where we migrate the state (difficult) or we submit a ConsumerRemoval proposal, which would take 2 extra weeks before delegators that unbonded can get their funds back.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tough question. According to the untrusted consumer doctrine, we should not let consumers disrupt the provider. So that would lean towards just removing the consumer.

However, the unbonding pausing is somewhat of an exception that we allow, since it is limited by the VSC timeout. Since we already allow the consumer to disrupt the provider up to the VSC timeout just by not sending VSC acks, it would make sense to allow disruption up to the VSC timeout here as well.

However, if we don't stop the consumer, is it possible to recover from this state without a provider migration?

Finally, this would enable a relayer to send a MsgChannelCloseConfirm to the provider, which would move the channel’s state to CLOSED without updating the ChainToChannel state.

Is there any way to change this, so that a MsgChannelCloseConfirm would update the ChainToChannel state?

So in conclusion:

  • I support stopping the consumer here, but I want to make sure that this can only happen due to very incorrect code on the consumer, and is very unlikely to happen "by accident".
  • Why do we send a nack in response to an invalid slash packet? It seems like it would be better to just ignore those packets to avoid having the consumer stop in this code here.

@@ -196,13 +196,17 @@ func (k Keeper) SendPackets(ctx sdk.Context) {
)
if err != nil {
if clienttypes.ErrClientNotActive.Is(err) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The check for if clienttypes.ErrClientNotActive.Is(err) is no longer needed since behavior is the same whether that statement is true or not. The type of error will be printed

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The behavior is a bit different. For expired clients we log an info message. For other errors, we log an error as something is wrong.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But "error" is in the name, ErrClientNotActive. I see the logging behavior is slightly different for that error, but imo a semantic error should be logged as an error. Which also makes the code more simple/readable

@shaspitz
Copy link
Contributor

@mpoke I've added a simple test for the consumer. Re provider i'll wait on writing the test until we chat, since if we remove the StopConsumerChain call, the behavior would be a lot simpler to test

@shaspitz shaspitz marked this pull request as ready for review May 17, 2023 19:35
@shaspitz shaspitz requested a review from a team as a code owner May 17, 2023 19:35
@shaspitz
Copy link
Contributor

@mpoke tests have been added, lmk if they seem correct

Copy link
Contributor Author

@mpoke mpoke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Copy link
Contributor

@shaspitz shaspitz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approval

@shaspitz shaspitz requested a review from jtremback May 18, 2023 21:04
Copy link
Contributor

@MSalopek MSalopek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approval.

So the behaviour is this:

  • if the consumer cannot send, it will retain packets
  • if the provider cannot send VSC packets it will:
    a) retain unsent packets for consumers with inactive clients
    b) delete all packets for consumers if the error is caused by anything other than an inactive client

Re: docs
This is very nuanced, it should probably go into a new section about relaying behaviour

Copy link
Contributor

@p-offtermatt p-offtermatt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, only very minor nitpicks. I looked most closely at the tests and I don't have an opinion on stopping consumer vs logging and ignoring

// append mocks for the channel keeper to return an error
mockCalls = append(mockCalls,
mocks.MockChannelKeeper.EXPECT().GetChannel(ctx, ccv.ProviderPortID,
"CCVChannelID").Return(channeltypes.Channel{}, false).Times(1),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

.Times(1) seems unnecessary

Suggested change
"CCVChannelID").Return(channeltypes.Channel{}, false).Times(1),
"CCVChannelID").Return(channeltypes.Channel{}, false),

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm I don't see the reason to remove the Times(1) since we indeed only want this method called once. Better to be explicit with the mocking package imo

// Mock the channel keeper to return an error
gomock.InOrder(
mocks.MockChannelKeeper.EXPECT().GetChannel(ctx, types.ConsumerPortID,
"consumerCCVChannelID").Return(channeltypes.Channel{}, false).Times(1),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Times(1) seems unnecessary

Suggested change
"consumerCCVChannelID").Return(channeltypes.Channel{}, false).Times(1),
"consumerCCVChannelID").Return(channeltypes.Channel{}, false),

@shaspitz shaspitz merged commit 89d6a7d into main May 22, 2023
@shaspitz shaspitz deleted the marius/731-sendpacket-panic branch May 22, 2023 14:52
MSalopek added a commit that referenced this pull request Jun 20, 2023
* build(deps): bump gaurav-nelson/github-action-markdown-link-check from 1.0.13 to 1.0.15 (#928)

build(deps): bump gaurav-nelson/github-action-markdown-link-check

Bumps [gaurav-nelson/github-action-markdown-link-check](https://github.com/gaurav-nelson/github-action-markdown-link-check) from 1.0.13 to 1.0.15.
- [Release notes](https://github.com/gaurav-nelson/github-action-markdown-link-check/releases)
- [Commits](gaurav-nelson/github-action-markdown-link-check@1.0.13...1.0.15)

---
updated-dependencies:
- dependency-name: gaurav-nelson/github-action-markdown-link-check
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore: bump hermes (#921)

* bump the version of hermes used in docs and images

* use the multiplatform ghcr.io build of hermes

* build(deps): bump github.com/spf13/cast from 1.5.0 to 1.5.1 (#961)

Bumps [github.com/spf13/cast](https://github.com/spf13/cast) from 1.5.0 to 1.5.1.
- [Release notes](https://github.com/spf13/cast/releases)
- [Commits](spf13/cast@v1.5.0...v1.5.1)

---
updated-dependencies:
- dependency-name: github.com/spf13/cast
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* refactor: adopt the errors module to reduce the changeset for 47 (#920)

adopt the errors module to reduce the changeset for 47

Co-authored-by: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com>

* fix!: prevent denom DOS (#931)

* Merge pull request from GHSA-chqw-ff63-95r8

* squash commit of multisig fix + everything involving denom fix

* rebuild proto

* fix todos

---------

Co-authored-by: Jehan Tremback <hi@jehan.email>

* regen proto

* fix cherrypick issues

* lint

* cleans

* gosec

* restore param, remove tech debt from tests

* ibc denom as const

* add check for consumer reward denom already registered

* lint

* remove unneeded expect

---------

Co-authored-by: Jehan Tremback <hi@jehan.email>
Co-authored-by: Marius Poke <marius.poke@posteo.de>

* fix: all feature branches should have CI (#958)

* Update automated-tests.yml

* Update build.yml

* all feature branches will now run all ci jobs relevant to them

---------

Co-authored-by: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com>

* fix!: consumer key prefix order to avoid complex migrations (#963)

proper order matching v1.0.0

Co-authored-by: Marius Poke <marius.poke@posteo.de>

* docs: update changelog to prep for v1.3.0 release (#953)

* wip

* Update CHANGELOG.md

* small comment

* comment

* progress save

* another progress save

* progress save

* done

* Update CHANGELOG.md

* add denom dos entry

* remove extraneous changelog entries

* restore a couple entries

* Changes from PR review

* add entry for 963

* fix: mitigate e2e tests relaying and non-determinism (#968)

* fix: mitigate e2e tests relaying non-determinism

* fix: bump signed blocks windows in e2e test configs

* deps: bump cometbft to v0.34.28 (#906)

this bumps only cometbft

Co-authored-by: MSalopek <matija.salopek994@gmail.com>

* fix!: Remove panics on failure to send IBC packets (#876)

* provider: replace panic with StopConsumerChain

* provider: replace panic with error message

* Info logging on client expiration

* add test for consumer

* add test for provider

* linter

* Update CHANGELOG.md

---------

Co-authored-by: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com>

* build(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.3 (#969)

Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.2 to 1.8.3.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](stretchr/testify@v1.8.2...v1.8.3)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com>

* build(deps): bump slackapi/slack-github-action from 1.23.0 to 1.24.0 (#971)

Bumps [slackapi/slack-github-action](https://github.com/slackapi/slack-github-action) from 1.23.0 to 1.24.0.
- [Release notes](https://github.com/slackapi/slack-github-action/releases)
- [Commits](slackapi/slack-github-action@v1.23.0...v1.24.0)

---
updated-dependencies:
- dependency-name: slackapi/slack-github-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* refactor!: upgrade ICS imports to v2 (#974)

* v2 imports

* Update CHANGELOG.md

* docs: update PR template to consider migrations (#976)

Update PULL_REQUEST_TEMPLATE.md

* fix: v2 imports proto go_package option (#978)

* add v2 to proto files, adjust protocgen scripts

* regen proto

* fix: partially revert key assignment type safety PR (#980)

* use bytes in place where possible

* fix tests

* add v2 to proto files, adjust protocgen scripts

* regen proto

* change protos, define custom types, fix references

* Update key_assignment_test.go

* Update key_assignment.go

* format

* Update CHANGELOG.md

* nit for better diff

* docs: update top level readme for repo (#981)

* Update base.css

* Update README.md

* smol

---------

Co-authored-by: Marius Poke <marius.poke@posteo.de>

* ci: makefile target for checking if protos are updated (#979)

* proto-check makefile target

* comment

* add to GH actions workflow

* put proto check before other tests

* gotta regenerate protos

---------

Co-authored-by: Marius Poke <marius.poke@posteo.de>

* build(deps): bump github.com/cosmos/ibc-go/v4 from 4.4.0 to 4.4.2 (#982)

* build(deps): bump github.com/cosmos/ibc-go/v4 from 4.4.0 to 4.4.2

Bumps [github.com/cosmos/ibc-go/v4](https://github.com/cosmos/ibc-go) from 4.4.0 to 4.4.2.
- [Release notes](https://github.com/cosmos/ibc-go/releases)
- [Changelog](https://github.com/cosmos/ibc-go/blob/main/CHANGELOG.md)
- [Commits](cosmos/ibc-go@v4.4.0...v4.4.2)

---
updated-dependencies:
- dependency-name: github.com/cosmos/ibc-go/v4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* update changelog

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: mpoke <marius.poke@posteo.de>
Co-authored-by: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com>

* build(deps): bump JamesIves/github-pages-deploy-action from 4.4.1 to 4.4.2 (#983)

build(deps): bump JamesIves/github-pages-deploy-action

Bumps [JamesIves/github-pages-deploy-action](https://github.com/JamesIves/github-pages-deploy-action) from 4.4.1 to 4.4.2.
- [Release notes](https://github.com/JamesIves/github-pages-deploy-action/releases)
- [Commits](JamesIves/github-pages-deploy-action@v4.4.1...v4.4.2)

---
updated-dependencies:
- dependency-name: JamesIves/github-pages-deploy-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com>

* build(deps): bump github.com/stretchr/testify from 1.8.3 to 1.8.4 (#985)

Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.3 to 1.8.4.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](stretchr/testify@v1.8.3...v1.8.4)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Marius Poke <marius.poke@posteo.de>

* feat: v2 migrations (#975)

* v2 imports

* Squashed commit of the following:

commit a4c9224
Author: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com>
Date:   Wed May 24 10:13:10 2023 -0700

    Revert "Merge branch 'shawn/v2-imports' into shawn/ccv-migrations"

    This reverts commit 53e3362, reversing
    changes made to 9c3f338.

commit 6885ad1
Author: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com>
Date:   Wed May 24 10:12:49 2023 -0700

    Revert "Merge branch 'shawn/v2-imports' into shawn/ccv-migrations"

    This reverts commit 45d74c7, reversing
    changes made to 53e3362.

commit 9589144
Author: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com>
Date:   Tue May 23 14:48:06 2023 -0700

    provider migration boilerplate

commit 9521ecb
Author: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com>
Date:   Tue May 23 12:25:14 2023 -0700

    lint

commit fc3f273
Author: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com>
Date:   Tue May 23 12:20:33 2023 -0700

    old default params

commit 80a490c
Author: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com>
Date:   Tue May 23 12:15:30 2023 -0700

    naming

commit 45d74c7
Merge: 53e3362 8e6bdfb
Author: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com>
Date:   Tue May 23 12:12:03 2023 -0700

    Merge branch 'shawn/v2-imports' into shawn/ccv-migrations

commit 8e6bdfb
Author: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com>
Date:   Tue May 23 12:10:22 2023 -0700

    proto name for gov prop registration

commit 53e3362
Merge: 9c3f338 5ca68d1
Author: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com>
Date:   Tue May 23 12:05:39 2023 -0700

    Merge branch 'shawn/v2-imports' into shawn/ccv-migrations

commit 5ca68d1
Author: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com>
Date:   Tue May 23 11:53:12 2023 -0700

    fix e2e tests

commit aa6bd0c
Author: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com>
Date:   Tue May 23 11:42:47 2023 -0700

    rm bad files

commit 6e3dc88
Author: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com>
Date:   Tue May 23 11:42:14 2023 -0700

    correct generation

commit 056ef7a
Author: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com>
Date:   Tue May 23 11:29:45 2023 -0700

    proto upgrade too

commit 9c3f338
Author: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com>
Date:   Tue May 23 10:57:25 2023 -0700

    remove hardcoded old code

commit 1e73173
Merge: dbf9ded 8769fd5
Author: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com>
Date:   Tue May 23 10:07:31 2023 -0700

    Merge branch 'shawn/v2-imports' into shawn/ccv-migrations

commit 8769fd5
Author: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com>
Date:   Tue May 23 09:58:28 2023 -0700

    v2 imports

commit dbf9ded
Author: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com>
Date:   Mon May 22 16:10:05 2023 -0700

    provider migration

commit 2d95e2e
Author: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com>
Date:   Mon May 22 15:01:47 2023 -0700

    improve consumer test

commit 85f4cfd
Author: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com>
Date:   Mon May 22 14:03:20 2023 -0700

    consumer params

* rm old code

* go.mod restore

* better naming of hardcodes

* consumer boilerplate

* comments

* migrate consumer genesis states

* test and cleans

* lint

* migration and partial test

* cleans

* finish test

* comments and doc

* Update migration_test.go

* Update CHANGELOG.md

* expand in changelog

* increment consensus ver

* set key table on construction

* rm semver migration funcs

* comment explaining consensus version

* docs: cleanup changelog for v2.0.0 on main (#988)

cleans

* chore: Hardcode golangci-lint version (#990)

* Hardcode golangci-lint version

* Hardcode version in CI config

* docs: Increase the validator set of cosmos hub to 180 from 175 (#999)

Updated number of validators to 180

* fix: proper consumer key prefix ordering (#991)

* Update keys.go

* tests

* fix another bug

* fix comments

* feat: Remove consumer genesis migration on provider (#997)

* Update keys.go

* tests

* fix another bug

* remove consumer genesis deletion, link to test

* remove unused bond denom method

* Revert "remove unused bond denom method"

This reverts commit f930eca.

* remove test too

* update changelog

* docs: Update reward-distribution.md (#994)

* Update reward-distribution.md

* docs: add instructions for registering denoms

* Update docs/docs/features/reward-distribution.md

Co-authored-by: Marius Poke <marius.poke@posteo.de>

* Update reward-distribution.md

* Update docs/docs/features/reward-distribution.md

Co-authored-by: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com>

---------

Co-authored-by: MSalopek <matija.salopek994@gmail.com>
Co-authored-by: Marius Poke <marius.poke@posteo.de>

* chore: update workflow re. issues and PRs (#1002)

* update PR workflow

* update issue workflow

* rename other.md to others.md

* fix typo

---------

Co-authored-by: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com>

* docs(adr): ADR-007 pause unbonding period during equivocation proposal (#964)

* docs(adr): pause unbonding period during equivocation proposal

Co-authored-by: Albert Le Batteux <contact@albttx.tech>
Co-authored-by: Giuseppe Natale <giuseppe.natale@tendermint.com>

* fix voting period duration

* remove issue reference

* docs: filter out unbonding operations before pause/unpause

Co-authored-by: Albert Le Batteux <contact@albttx.tech>
Co-authored-by: Giuseppe Natale <giuseppe.natale@tendermint.com>

---------

Co-authored-by: Albert Le Batteux <contact@albttx.tech>
Co-authored-by: Giuseppe Natale <giuseppe.natale@tendermint.com>

* docs: Add type prefix link to CONTRIBUTING.md (#1007)

Update CONTRIBUTING.md

* chore: enable mergify (#1009)

* add config for mergify

* enable security dependecies for v2.0.x

* Markdownlint (#907)

markdownlint

Co-authored-by: Jacob Gadikian <jacobgadikian@gmail.com>

* fix: limit vsc matured packets handled per endblocker (#1004)

* initial implementation, still need tests

* UTs

* integration test

* linter

* Update CHANGELOG.md

* make vsc matured handled this block a var

* comment

* feat: integrate cometmock (#989)

* Add gorelayer and CometMock to Dockerfile

* Add option to start with cometmock in start-chain script

* Start adding support for rly

* Adjust relayer start action

* Add entrypoint for short happy path steps

* Add . nosec G204 and waiting for blocks

* Adjust rly config: Gas is free

* Remove optout steps from short happy path

* Use separate redelegate step for short happy path

* Wait for blocks after unbonding

* Make naming more descriptive and add comments

* Add comment to chain name sorting and improve comments

* Update start-chain.sh

Address comments form joint review session with @MSalopek

* Fix typo

* docs: Create adr-004-denom-dos-fixes.md (#934)

* Create adr-006-denom-dos-fixes

* Update docs/docs/adrs/adr-006-denom-dos-fixes

Co-authored-by: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com>

* Update docs/docs/adrs/adr-006-denom-dos-fixes

Co-authored-by: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com>

* Update docs/docs/adrs/adr-006-denom-dos-fixes

Co-authored-by: Marius Poke <marius.poke@posteo.de>

* Update docs/docs/adrs/adr-006-denom-dos-fixes

* Update docs/docs/adrs/adr-006-denom-dos-fixes

* rename to adr 004

* remove extra file

* add entry to Table of Contents

* add ADR 7 to ToC

---------

Co-authored-by: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com>
Co-authored-by: Marius Poke <marius.poke@posteo.de>

* docs: Fix link to template (#1027)

Fix link to template

Fixes typo in contributing.md

* feat!: Add DistributionTransmissionChannel to ConsumerAdditionProposal (#965)

* update proto

* remove transfer_channel_id from consumer genesis

* ConsumerAdditionProposal: transfer_channel_id -> distribution_transmission_channel

* send updated ConsumerAdditionProposal

* validate consumer genesis param

* remove StandaloneTransferChannelID from store

* fix TestOnChanOpenAck

* remove state breaking change

* finalize merge and fix issues

* chore: update docs and changelog

* chore: regenerate protos

* re-add integrationt tests around changeover

* mv entry in changelog

* test: add sovereign to consumer changeover e2e (#1025)

* tests: add sovereign to consumer e2e test

* rm unused bash scripts

* partially address review comments

* apply remaining review comments

* chore: apply formatting rules

---------

Co-authored-by: MSalopek <matija.salopek994@gmail.com>

* docs: ADR for throttle with retries (#1005)

* all of ADR is filled out except design portion

* design

* Update adr-008-throttle-retries.md

* Update adr-008-throttle-retries.md

* Update adr-008-throttle-retries.md

* Apply suggestions from code review

Co-authored-by: Marius Poke <marius.poke@posteo.de>

* nit formatting

* describe consumer changes first

* add comment on rareness of throttling being triggered

* split out paragraph

* hopefully better explanation

* Update adr-008-throttle-retries.md

* accepted

* TOC entry

---------

Co-authored-by: Marius Poke <marius.poke@posteo.de>

* Add time and block advancement integration for CometMock (#1017)

* Add time and block advancement

* Adhere to gocritic: use +=

* Remove extra debug output

* Fix: use correct key when consumer key is not assigned

* Correct private key address field

* Clarify comment for WaitTime

* Use bool instead of *bool type

* Add review comments

* refactor: first batch of post-merge changes

* refactor: batch sovereign changes with v47

* refactor: another batch of post-merge changes

* changes to go.mod

* refactor: final batch of changes post-merge

* refactor: rebuild protos for v47

* refactor: rebuild mocks for v47

* refactor: testing changes

* refactor: update proto tooling and rebuild protos

* lint: appease gosec

* chore: rm unused string from Makefile

* chore: rm unused in makefile .phony

* temporarily disable proto-check to run automated tests

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jacob Gadikian <jacobgadikian@gmail.com>
Co-authored-by: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com>
Co-authored-by: Jehan Tremback <hi@jehan.email>
Co-authored-by: Marius Poke <marius.poke@posteo.de>
Co-authored-by: Philip Offtermatt <57488781+p-offtermatt@users.noreply.github.com>
Co-authored-by: Milan Mulji <98309852+mmulji-ic@users.noreply.github.com>
Co-authored-by: Thomas Bruyelle <thomas.bruyelle@tendermint.com>
Co-authored-by: Albert Le Batteux <contact@albttx.tech>
Co-authored-by: Giuseppe Natale <giuseppe.natale@tendermint.com>
Co-authored-by: Ruslan Akhtariev <46343690+pysel@users.noreply.github.com>
Co-authored-by: Jehan <jehan.tremback@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Panics on failure to send IBC packets
5 participants