-
Notifications
You must be signed in to change notification settings - Fork 129
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix!: Remove panics on failure to send IBC packets #876
Conversation
panic(fmt.Errorf("packet could not be sent over IBC: %w", err)) | ||
// Not able to send packet over IBC! | ||
k.Logger(ctx).Error("cannot send VSC, removing consumer:", "chainID", chainID, "vscid", data.ValsetUpdateId, "err", err.Error()) | ||
// If this happens, most likely the consumer is malicious; remove it |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mpoke it's not intuitive to me why a failed IBC send would always indicate a malicious consumer. The error being returned could be caused by corrupted IBC state on the provider, where stoping a consumer could make such a scenario worse
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here's my analysis on the reasons for ccv.SendIBCPacket
to return error on the provider side:
- Channel not found – not possible as SendIBCPacket is called only for consumer with an established CCV channel and channels are not removed from the IBC module
- Module does not own channel capability – not possible as the capability was already claimed in OnChanOpenTry, before the CCV channel was marked as established
- The next sequence send is not found – if that happens, something is wrong with the IBC module store
- The packet sent failed basic validation – if that happens, something is wrong with the code on the provider chain as the packet is constructed in SendIBCPacket
- The channel’s state is CLOSED – an opened channel can be closed only by one of the following functions
- channelKeeper.ChanCloseInit, which is called on the provider only when the consumer chain is removed (note that OnChanCloseInit returns an error, thus user-initiated channel closing are not allowed)
- channelKeeper.ChanCloseConfirm, which entails that the consumer endpoint of the channel is CLOSED; this can happen only if the consumer receives a negative ack for a packet sent to the provider
- Attack: A malicious consumer could send an invalid SlashPacket that fails ValidateSlashPacket, this would lead to a nack sent to the consumer, which results in channelKeeper.ChanCloseInit being called on the consumer. Finally, this would enable a relayer to send a MsgChannelCloseConfirm to the provider, which would move the channel’s state to CLOSED without updating the ChainToChannel state.
- channelKeeper.TimeoutExecuted, which means that OnTimeoutPacket is first executed on the provider, which results in the consumer chain being removed (i.e., the ChainToChannel state is being updated).
- The packet’s destination channelD and portID do not match the ones of the counterparty endpoint – not possible due to construction of the packet
- There is no underlying connection – not possible as it was checked during the handshake
- There is no underlying client state – not possible as it was checked during the handshake
- The packet is already timed out on the consumer – not possible as the packet timeout is set in SendIBCPacket to the current block timestamp plus the timeout period and the latest known timestamp on the consumer cannot be larger than this packet timeout.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To be more conservative, we could just log an error and leave the packets in the queue. Operators need to notice that VSCPackets
are no longer being relayed, otherwise the unbondings in those packets will never complete. Note that the VSC timeout is set when the packet is sent, and not when it's queued.
So we run the risk of nobody noticing for a while, which will affect users. Once we notice, we need to either do an emergency upgrade where we migrate the state (difficult) or we submit a ConsumerRemoval proposal, which would take 2 extra weeks before delegators that unbonded can get their funds back.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tough question. According to the untrusted consumer doctrine, we should not let consumers disrupt the provider. So that would lean towards just removing the consumer.
However, the unbonding pausing is somewhat of an exception that we allow, since it is limited by the VSC timeout. Since we already allow the consumer to disrupt the provider up to the VSC timeout just by not sending VSC acks, it would make sense to allow disruption up to the VSC timeout here as well.
However, if we don't stop the consumer, is it possible to recover from this state without a provider migration?
Finally, this would enable a relayer to send a MsgChannelCloseConfirm to the provider, which would move the channel’s state to CLOSED without updating the ChainToChannel state.
Is there any way to change this, so that a MsgChannelCloseConfirm would update the ChainToChannel state?
So in conclusion:
- I support stopping the consumer here, but I want to make sure that this can only happen due to very incorrect code on the consumer, and is very unlikely to happen "by accident".
- Why do we send a nack in response to an invalid slash packet? It seems like it would be better to just ignore those packets to avoid having the consumer stop in this code here.
@@ -196,13 +196,17 @@ func (k Keeper) SendPackets(ctx sdk.Context) { | |||
) | |||
if err != nil { | |||
if clienttypes.ErrClientNotActive.Is(err) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The check for if clienttypes.ErrClientNotActive.Is(err)
is no longer needed since behavior is the same whether that statement is true or not. The type of error will be printed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The behavior is a bit different. For expired clients we log an info message. For other errors, we log an error as something is wrong.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But "error" is in the name, ErrClientNotActive
. I see the logging behavior is slightly different for that error, but imo a semantic error should be logged as an error. Which also makes the code more simple/readable
@mpoke I've added a simple test for the consumer. Re provider i'll wait on writing the test until we chat, since if we remove the |
@mpoke tests have been added, lmk if they seem correct |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approval
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approval.
So the behaviour is this:
- if the consumer cannot send, it will retain packets
- if the provider cannot send VSC packets it will:
a) retain unsent packets for consumers with inactive clients
b) delete all packets for consumers if the error is caused by anything other than an inactive client
Re: docs
This is very nuanced, it should probably go into a new section about relaying behaviour
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, only very minor nitpicks. I looked most closely at the tests and I don't have an opinion on stopping consumer vs logging and ignoring
// append mocks for the channel keeper to return an error | ||
mockCalls = append(mockCalls, | ||
mocks.MockChannelKeeper.EXPECT().GetChannel(ctx, ccv.ProviderPortID, | ||
"CCVChannelID").Return(channeltypes.Channel{}, false).Times(1), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
.Times(1) seems unnecessary
"CCVChannelID").Return(channeltypes.Channel{}, false).Times(1), | |
"CCVChannelID").Return(channeltypes.Channel{}, false), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm I don't see the reason to remove the Times(1)
since we indeed only want this method called once. Better to be explicit with the mocking package imo
// Mock the channel keeper to return an error | ||
gomock.InOrder( | ||
mocks.MockChannelKeeper.EXPECT().GetChannel(ctx, types.ConsumerPortID, | ||
"consumerCCVChannelID").Return(channeltypes.Channel{}, false).Times(1), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Times(1) seems unnecessary
"consumerCCVChannelID").Return(channeltypes.Channel{}, false).Times(1), | |
"consumerCCVChannelID").Return(channeltypes.Channel{}, false), |
* build(deps): bump gaurav-nelson/github-action-markdown-link-check from 1.0.13 to 1.0.15 (#928) build(deps): bump gaurav-nelson/github-action-markdown-link-check Bumps [gaurav-nelson/github-action-markdown-link-check](https://github.com/gaurav-nelson/github-action-markdown-link-check) from 1.0.13 to 1.0.15. - [Release notes](https://github.com/gaurav-nelson/github-action-markdown-link-check/releases) - [Commits](gaurav-nelson/github-action-markdown-link-check@1.0.13...1.0.15) --- updated-dependencies: - dependency-name: gaurav-nelson/github-action-markdown-link-check dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: bump hermes (#921) * bump the version of hermes used in docs and images * use the multiplatform ghcr.io build of hermes * build(deps): bump github.com/spf13/cast from 1.5.0 to 1.5.1 (#961) Bumps [github.com/spf13/cast](https://github.com/spf13/cast) from 1.5.0 to 1.5.1. - [Release notes](https://github.com/spf13/cast/releases) - [Commits](spf13/cast@v1.5.0...v1.5.1) --- updated-dependencies: - dependency-name: github.com/spf13/cast dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * refactor: adopt the errors module to reduce the changeset for 47 (#920) adopt the errors module to reduce the changeset for 47 Co-authored-by: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com> * fix!: prevent denom DOS (#931) * Merge pull request from GHSA-chqw-ff63-95r8 * squash commit of multisig fix + everything involving denom fix * rebuild proto * fix todos --------- Co-authored-by: Jehan Tremback <hi@jehan.email> * regen proto * fix cherrypick issues * lint * cleans * gosec * restore param, remove tech debt from tests * ibc denom as const * add check for consumer reward denom already registered * lint * remove unneeded expect --------- Co-authored-by: Jehan Tremback <hi@jehan.email> Co-authored-by: Marius Poke <marius.poke@posteo.de> * fix: all feature branches should have CI (#958) * Update automated-tests.yml * Update build.yml * all feature branches will now run all ci jobs relevant to them --------- Co-authored-by: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com> * fix!: consumer key prefix order to avoid complex migrations (#963) proper order matching v1.0.0 Co-authored-by: Marius Poke <marius.poke@posteo.de> * docs: update changelog to prep for v1.3.0 release (#953) * wip * Update CHANGELOG.md * small comment * comment * progress save * another progress save * progress save * done * Update CHANGELOG.md * add denom dos entry * remove extraneous changelog entries * restore a couple entries * Changes from PR review * add entry for 963 * fix: mitigate e2e tests relaying and non-determinism (#968) * fix: mitigate e2e tests relaying non-determinism * fix: bump signed blocks windows in e2e test configs * deps: bump cometbft to v0.34.28 (#906) this bumps only cometbft Co-authored-by: MSalopek <matija.salopek994@gmail.com> * fix!: Remove panics on failure to send IBC packets (#876) * provider: replace panic with StopConsumerChain * provider: replace panic with error message * Info logging on client expiration * add test for consumer * add test for provider * linter * Update CHANGELOG.md --------- Co-authored-by: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com> * build(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.3 (#969) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.2 to 1.8.3. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](stretchr/testify@v1.8.2...v1.8.3) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com> * build(deps): bump slackapi/slack-github-action from 1.23.0 to 1.24.0 (#971) Bumps [slackapi/slack-github-action](https://github.com/slackapi/slack-github-action) from 1.23.0 to 1.24.0. - [Release notes](https://github.com/slackapi/slack-github-action/releases) - [Commits](slackapi/slack-github-action@v1.23.0...v1.24.0) --- updated-dependencies: - dependency-name: slackapi/slack-github-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * refactor!: upgrade ICS imports to v2 (#974) * v2 imports * Update CHANGELOG.md * docs: update PR template to consider migrations (#976) Update PULL_REQUEST_TEMPLATE.md * fix: v2 imports proto go_package option (#978) * add v2 to proto files, adjust protocgen scripts * regen proto * fix: partially revert key assignment type safety PR (#980) * use bytes in place where possible * fix tests * add v2 to proto files, adjust protocgen scripts * regen proto * change protos, define custom types, fix references * Update key_assignment_test.go * Update key_assignment.go * format * Update CHANGELOG.md * nit for better diff * docs: update top level readme for repo (#981) * Update base.css * Update README.md * smol --------- Co-authored-by: Marius Poke <marius.poke@posteo.de> * ci: makefile target for checking if protos are updated (#979) * proto-check makefile target * comment * add to GH actions workflow * put proto check before other tests * gotta regenerate protos --------- Co-authored-by: Marius Poke <marius.poke@posteo.de> * build(deps): bump github.com/cosmos/ibc-go/v4 from 4.4.0 to 4.4.2 (#982) * build(deps): bump github.com/cosmos/ibc-go/v4 from 4.4.0 to 4.4.2 Bumps [github.com/cosmos/ibc-go/v4](https://github.com/cosmos/ibc-go) from 4.4.0 to 4.4.2. - [Release notes](https://github.com/cosmos/ibc-go/releases) - [Changelog](https://github.com/cosmos/ibc-go/blob/main/CHANGELOG.md) - [Commits](cosmos/ibc-go@v4.4.0...v4.4.2) --- updated-dependencies: - dependency-name: github.com/cosmos/ibc-go/v4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * update changelog --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: mpoke <marius.poke@posteo.de> Co-authored-by: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com> * build(deps): bump JamesIves/github-pages-deploy-action from 4.4.1 to 4.4.2 (#983) build(deps): bump JamesIves/github-pages-deploy-action Bumps [JamesIves/github-pages-deploy-action](https://github.com/JamesIves/github-pages-deploy-action) from 4.4.1 to 4.4.2. - [Release notes](https://github.com/JamesIves/github-pages-deploy-action/releases) - [Commits](JamesIves/github-pages-deploy-action@v4.4.1...v4.4.2) --- updated-dependencies: - dependency-name: JamesIves/github-pages-deploy-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com> * build(deps): bump github.com/stretchr/testify from 1.8.3 to 1.8.4 (#985) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.3 to 1.8.4. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](stretchr/testify@v1.8.3...v1.8.4) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Marius Poke <marius.poke@posteo.de> * feat: v2 migrations (#975) * v2 imports * Squashed commit of the following: commit a4c9224 Author: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com> Date: Wed May 24 10:13:10 2023 -0700 Revert "Merge branch 'shawn/v2-imports' into shawn/ccv-migrations" This reverts commit 53e3362, reversing changes made to 9c3f338. commit 6885ad1 Author: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com> Date: Wed May 24 10:12:49 2023 -0700 Revert "Merge branch 'shawn/v2-imports' into shawn/ccv-migrations" This reverts commit 45d74c7, reversing changes made to 53e3362. commit 9589144 Author: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com> Date: Tue May 23 14:48:06 2023 -0700 provider migration boilerplate commit 9521ecb Author: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com> Date: Tue May 23 12:25:14 2023 -0700 lint commit fc3f273 Author: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com> Date: Tue May 23 12:20:33 2023 -0700 old default params commit 80a490c Author: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com> Date: Tue May 23 12:15:30 2023 -0700 naming commit 45d74c7 Merge: 53e3362 8e6bdfb Author: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com> Date: Tue May 23 12:12:03 2023 -0700 Merge branch 'shawn/v2-imports' into shawn/ccv-migrations commit 8e6bdfb Author: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com> Date: Tue May 23 12:10:22 2023 -0700 proto name for gov prop registration commit 53e3362 Merge: 9c3f338 5ca68d1 Author: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com> Date: Tue May 23 12:05:39 2023 -0700 Merge branch 'shawn/v2-imports' into shawn/ccv-migrations commit 5ca68d1 Author: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com> Date: Tue May 23 11:53:12 2023 -0700 fix e2e tests commit aa6bd0c Author: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com> Date: Tue May 23 11:42:47 2023 -0700 rm bad files commit 6e3dc88 Author: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com> Date: Tue May 23 11:42:14 2023 -0700 correct generation commit 056ef7a Author: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com> Date: Tue May 23 11:29:45 2023 -0700 proto upgrade too commit 9c3f338 Author: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com> Date: Tue May 23 10:57:25 2023 -0700 remove hardcoded old code commit 1e73173 Merge: dbf9ded 8769fd5 Author: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com> Date: Tue May 23 10:07:31 2023 -0700 Merge branch 'shawn/v2-imports' into shawn/ccv-migrations commit 8769fd5 Author: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com> Date: Tue May 23 09:58:28 2023 -0700 v2 imports commit dbf9ded Author: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com> Date: Mon May 22 16:10:05 2023 -0700 provider migration commit 2d95e2e Author: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com> Date: Mon May 22 15:01:47 2023 -0700 improve consumer test commit 85f4cfd Author: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com> Date: Mon May 22 14:03:20 2023 -0700 consumer params * rm old code * go.mod restore * better naming of hardcodes * consumer boilerplate * comments * migrate consumer genesis states * test and cleans * lint * migration and partial test * cleans * finish test * comments and doc * Update migration_test.go * Update CHANGELOG.md * expand in changelog * increment consensus ver * set key table on construction * rm semver migration funcs * comment explaining consensus version * docs: cleanup changelog for v2.0.0 on main (#988) cleans * chore: Hardcode golangci-lint version (#990) * Hardcode golangci-lint version * Hardcode version in CI config * docs: Increase the validator set of cosmos hub to 180 from 175 (#999) Updated number of validators to 180 * fix: proper consumer key prefix ordering (#991) * Update keys.go * tests * fix another bug * fix comments * feat: Remove consumer genesis migration on provider (#997) * Update keys.go * tests * fix another bug * remove consumer genesis deletion, link to test * remove unused bond denom method * Revert "remove unused bond denom method" This reverts commit f930eca. * remove test too * update changelog * docs: Update reward-distribution.md (#994) * Update reward-distribution.md * docs: add instructions for registering denoms * Update docs/docs/features/reward-distribution.md Co-authored-by: Marius Poke <marius.poke@posteo.de> * Update reward-distribution.md * Update docs/docs/features/reward-distribution.md Co-authored-by: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com> --------- Co-authored-by: MSalopek <matija.salopek994@gmail.com> Co-authored-by: Marius Poke <marius.poke@posteo.de> * chore: update workflow re. issues and PRs (#1002) * update PR workflow * update issue workflow * rename other.md to others.md * fix typo --------- Co-authored-by: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com> * docs(adr): ADR-007 pause unbonding period during equivocation proposal (#964) * docs(adr): pause unbonding period during equivocation proposal Co-authored-by: Albert Le Batteux <contact@albttx.tech> Co-authored-by: Giuseppe Natale <giuseppe.natale@tendermint.com> * fix voting period duration * remove issue reference * docs: filter out unbonding operations before pause/unpause Co-authored-by: Albert Le Batteux <contact@albttx.tech> Co-authored-by: Giuseppe Natale <giuseppe.natale@tendermint.com> --------- Co-authored-by: Albert Le Batteux <contact@albttx.tech> Co-authored-by: Giuseppe Natale <giuseppe.natale@tendermint.com> * docs: Add type prefix link to CONTRIBUTING.md (#1007) Update CONTRIBUTING.md * chore: enable mergify (#1009) * add config for mergify * enable security dependecies for v2.0.x * Markdownlint (#907) markdownlint Co-authored-by: Jacob Gadikian <jacobgadikian@gmail.com> * fix: limit vsc matured packets handled per endblocker (#1004) * initial implementation, still need tests * UTs * integration test * linter * Update CHANGELOG.md * make vsc matured handled this block a var * comment * feat: integrate cometmock (#989) * Add gorelayer and CometMock to Dockerfile * Add option to start with cometmock in start-chain script * Start adding support for rly * Adjust relayer start action * Add entrypoint for short happy path steps * Add . nosec G204 and waiting for blocks * Adjust rly config: Gas is free * Remove optout steps from short happy path * Use separate redelegate step for short happy path * Wait for blocks after unbonding * Make naming more descriptive and add comments * Add comment to chain name sorting and improve comments * Update start-chain.sh Address comments form joint review session with @MSalopek * Fix typo * docs: Create adr-004-denom-dos-fixes.md (#934) * Create adr-006-denom-dos-fixes * Update docs/docs/adrs/adr-006-denom-dos-fixes Co-authored-by: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com> * Update docs/docs/adrs/adr-006-denom-dos-fixes Co-authored-by: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com> * Update docs/docs/adrs/adr-006-denom-dos-fixes Co-authored-by: Marius Poke <marius.poke@posteo.de> * Update docs/docs/adrs/adr-006-denom-dos-fixes * Update docs/docs/adrs/adr-006-denom-dos-fixes * rename to adr 004 * remove extra file * add entry to Table of Contents * add ADR 7 to ToC --------- Co-authored-by: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com> Co-authored-by: Marius Poke <marius.poke@posteo.de> * docs: Fix link to template (#1027) Fix link to template Fixes typo in contributing.md * feat!: Add DistributionTransmissionChannel to ConsumerAdditionProposal (#965) * update proto * remove transfer_channel_id from consumer genesis * ConsumerAdditionProposal: transfer_channel_id -> distribution_transmission_channel * send updated ConsumerAdditionProposal * validate consumer genesis param * remove StandaloneTransferChannelID from store * fix TestOnChanOpenAck * remove state breaking change * finalize merge and fix issues * chore: update docs and changelog * chore: regenerate protos * re-add integrationt tests around changeover * mv entry in changelog * test: add sovereign to consumer changeover e2e (#1025) * tests: add sovereign to consumer e2e test * rm unused bash scripts * partially address review comments * apply remaining review comments * chore: apply formatting rules --------- Co-authored-by: MSalopek <matija.salopek994@gmail.com> * docs: ADR for throttle with retries (#1005) * all of ADR is filled out except design portion * design * Update adr-008-throttle-retries.md * Update adr-008-throttle-retries.md * Update adr-008-throttle-retries.md * Apply suggestions from code review Co-authored-by: Marius Poke <marius.poke@posteo.de> * nit formatting * describe consumer changes first * add comment on rareness of throttling being triggered * split out paragraph * hopefully better explanation * Update adr-008-throttle-retries.md * accepted * TOC entry --------- Co-authored-by: Marius Poke <marius.poke@posteo.de> * Add time and block advancement integration for CometMock (#1017) * Add time and block advancement * Adhere to gocritic: use += * Remove extra debug output * Fix: use correct key when consumer key is not assigned * Correct private key address field * Clarify comment for WaitTime * Use bool instead of *bool type * Add review comments * refactor: first batch of post-merge changes * refactor: batch sovereign changes with v47 * refactor: another batch of post-merge changes * changes to go.mod * refactor: final batch of changes post-merge * refactor: rebuild protos for v47 * refactor: rebuild mocks for v47 * refactor: testing changes * refactor: update proto tooling and rebuild protos * lint: appease gosec * chore: rm unused string from Makefile * chore: rm unused in makefile .phony * temporarily disable proto-check to run automated tests --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jacob Gadikian <jacobgadikian@gmail.com> Co-authored-by: Shawn <44221603+smarshall-spitzbart@users.noreply.github.com> Co-authored-by: Jehan Tremback <hi@jehan.email> Co-authored-by: Marius Poke <marius.poke@posteo.de> Co-authored-by: Philip Offtermatt <57488781+p-offtermatt@users.noreply.github.com> Co-authored-by: Milan Mulji <98309852+mmulji-ic@users.noreply.github.com> Co-authored-by: Thomas Bruyelle <thomas.bruyelle@tendermint.com> Co-authored-by: Albert Le Batteux <contact@albttx.tech> Co-authored-by: Giuseppe Natale <giuseppe.natale@tendermint.com> Co-authored-by: Ruslan Akhtariev <46343690+pysel@users.noreply.github.com> Co-authored-by: Jehan <jehan.tremback@gmail.com>
Description
Closes: #731
On both the provider and consumer, if the sent fails, the packet is kept in the queue and a re-sent is attempt in the next block.
StopConsumerChain
. Note that most likely if the send if failing here, the consumer is malicious and it should be removed.Author Checklist
All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.
I have...
!
to the type prefix if API or client breaking changeCHANGELOG.md
Reviewers Checklist
All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.
I have...
!
in the type prefix if API or client breaking change