Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Detect light client attacks and report them to both the chain and the RPC node #3224

Merged
merged 45 commits into from
May 19, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
45 commits
Select commit Hold shift + click to select a range
c0249ea
Prepare for generating light client attacks
romac Mar 10, 2023
78fc720
Remove redundant message
romac Mar 15, 2023
965f065
Improve script
romac Mar 15, 2023
e255cdd
Use tendermint-rs with new misbehavior detector
romac Mar 21, 2023
484b47f
Small refactor in client worker
romac Mar 21, 2023
8b58222
Cleanup and notes in ForeignClient
romac Mar 21, 2023
cb1bfaa
Some more cleanup
romac Mar 21, 2023
3857dbf
Call to the new attack detector
romac Mar 22, 2023
fff78c0
Build evidence to report to the chain
romac Mar 29, 2023
199ce6c
Fix client updates
romac Mar 30, 2023
e92b040
It's working, I think
romac Mar 30, 2023
6307217
Move create_fork.sh to scripts folder
romac Mar 30, 2023
f7093e8
Use tendermint-rs branch
romac Apr 4, 2023
b046064
Use new light client detector crate
romac Apr 11, 2023
b8f47b9
Remove explicit dependency on `tendermint-light-client-verifier`
romac Apr 11, 2023
0c71c03
Update to latest detector
romac Apr 13, 2023
22229c5
Add integration test for misbehavior detection
romac Apr 13, 2023
e5e64a6
Merge branch 'master' into romac/attack-detector
romac Apr 13, 2023
84ed103
Fix clippy warnings
romac Apr 13, 2023
83b8a9b
Print Hermes logs
romac Apr 13, 2023
421e4b6
Update to latest detector
romac Apr 14, 2023
c0617a0
Update to latest detector
romac Apr 14, 2023
80ebe7a
Remove unused `headers_compatible`
romac Apr 14, 2023
5061e6a
Remove unused import
romac Apr 14, 2023
9b9ffce
Get current time from chain's sync status
romac Apr 14, 2023
5515b26
Compute proper supporting headers
romac Apr 18, 2023
3c4776a
Infallible height conversions
romac Apr 18, 2023
a0779e3
Refactor to include trusted and target headers in supporting headers …
romac Apr 18, 2023
4ced561
Always omit target header from supporting set
romac Apr 18, 2023
1ef7067
Use trusted height and not height of last supporting header
romac Apr 18, 2023
9469be4
Use target header of new round of verification to get trusted height …
romac Apr 18, 2023
b23a5a3
Update tendermint-rs to v0.31.1
romac Apr 20, 2023
558d0b0
Update `ibc-proto` to v0.30.0
romac Apr 20, 2023
17ba1b5
Compilation fixes after detector update
romac Apr 20, 2023
28df2c0
Merge branch 'master' into romac/attack-detector
romac Apr 26, 2023
032a894
Use witness trace computed by the detector instead of verifying again…
romac Apr 26, 2023
65df0ec
Fix merge issues
ancazamfir Apr 27, 2023
cfbc186
Update to latest detector
romac Apr 27, 2023
5f253fe
Ensure trusted validator set matches the fetched one
romac Apr 28, 2023
db293c8
Update to latest detector
romac Apr 28, 2023
fa406fd
Update to tendermint-rs v0.32.0 and `ibc-proto` v0.31.0-alpha.2
romac May 3, 2023
6ab7065
Merge branch 'master' into romac/attack-detector
romac May 3, 2023
6ddb359
Merge branch 'master' into romac/attack-detector
romac May 8, 2023
55ed44e
Merge branch 'master' into romac/attack-detector
romac May 16, 2023
237a52c
Add changelog entry
romac May 16, 2023
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
- When enabled for misbehaviour (ie. when `mode.misbehaviour.enabled = true`),
Hermes will now monitors on-chain client updates and verify the submitted
headers comparing with headers it retrieves from its RPC node.
If it detects conflicting headers, it will now submit a `MisbehaviourMsg`
to the chain hosting the IBC client.
In addition, Hermes will also submit the evidence to the reference chain.
([\#3224](https://github.com/informalsystems/hermes/issues/3224))
96 changes: 96 additions & 0 deletions .github/workflows/misbehaviour.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,96 @@
name: Misbehaviour
on:
pull_request:
paths:
- .github/workflows/misbehaviour.yaml
- Cargo.toml
- Cargo.lock
- flake.nix
- flake.lock
- ci/**
- scripts/**
- crates/**
push:
branches: master
paths:
- .github/workflows/misbehaviour.yaml
- Cargo.toml
- Cargo.lock
- flake.nix
- flake.lock
- ci/**
- scripts/**
- crates/**

env:
CARGO_INCREMENTAL: 0
CARGO_PROFILE_DEV_DEBUG: 1
CARGO_PROFILE_RELEASE_DEBUG: 1
RUST_BACKTRACE: short
CARGO_NET_RETRY: 10
RUSTUP_MAX_RETRIES: 10

# Cancel previous runs of this workflow when a new commit is added to the PR, branch or tag
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true

jobs:
misbehaviour:
romac marked this conversation as resolved.
Show resolved Hide resolved
runs-on: ubuntu-20.04
timeout-minutes: 20
strategy:
fail-fast: false
matrix:
chain:
- package: gaia8
command: gaiad
account_prefix: cosmos
- package: gaia9
command: gaiad
account_prefix: cosmos
steps:
- uses: actions/checkout@v2
- name: Install Nix
uses: cachix/install-nix-action@v20
with:
extra_nix_config: |
experimental-features = nix-command flakes
- name: Use cachix cache
uses: cachix/cachix-action@v12
with:
name: cosmos
- name: Install sconfig
uses: jaxxstorm/action-install-gh-release@v1.10.0
with:
repo: freshautomations/sconfig
platform: linux
arch: amd64
extension-matching: disable
rename-to: sconfig
chmod: 0755
- name: Install stoml
uses: jaxxstorm/action-install-gh-release@v1.10.0
with:
repo: freshautomations/stoml
platform: linux
arch: amd64
extension-matching: disable
rename-to: stoml
chmod: 0755
- name: Install Rust
uses: actions-rs/toolchain@v1
with:
toolchain: stable
override: true
- name: Use Rust cache
uses: Swatinem/rust-cache@v1
- name: Build Hermes
uses: actions-rs/cargo@v1
with:
command: build
- name: Run test
working-directory: ci/misbehaviour
run: |
nix shell .#${{ matrix.chain.package }} -c bash misbehaviour_test.sh

Loading