Verify Client on Connection Handshake #7057
Conversation
Codecov Report
@@ Coverage Diff @@
## master #7057 +/- ##
==========================================
- Coverage 55.60% 54.44% -1.16%
==========================================
Files 457 547 +90
Lines 27440 37659 +10219
==========================================
+ Hits 15257 20503 +5246
- Misses 11083 15469 +4386
- Partials 1100 1687 +587 |
| expectedUbdPeriod, tmClient.UnbondingPeriod) | ||
| } | ||
|
|
||
| if tmClient.UnbondingPeriod < tmClient.TrustingPeriod { |
There was a problem hiding this comment.
This is currently the only check I enforce on TrustingPeriod, should I add others? @cwgoes
There was a problem hiding this comment.
I don't think so; although some values (almost unbonding period and very very low) are practically unworkable, that should be paid attention to by users or relayers when creating a client
AdityaSripal
requested review from
aaronc,
alessio,
alexanderbez,
clevinson,
fedekunze and
jgimeno
as code owners
Co-authored-by: Federico Kunze <[email protected]>
Do you mean in the ics repo @colin-axner ? I believe I've updated the docs of function in code, but I've missed any or they're insufficient please point them out and ill fix them |
No not ICS specs, |
| // VerifyClientConsensusState returns nil since a local host client does not store consensus | ||
| // states. |
There was a problem hiding this comment.
this is actually not intuitive to me and is also not documented on the spec if it should return an error or not. cc @cwgoes
There was a problem hiding this comment.
If this returns an error, then you can never open a connection with localhost client because the VerifyClientConsensusState will fail.
There was a problem hiding this comment.
ditto on adding to localhost spec dir
There was a problem hiding this comment.
It should not return an error; it should just pass.
| _ []byte, | ||
| connectionID string, | ||
| connectionEnd connectionexported.ConnectionI, | ||
| ) error { | ||
| path, err := commitmenttypes.ApplyPrefix(prefix, host.ConnectionPath(connectionID)) |
There was a problem hiding this comment.
I think this requires a spec change too. @cwgoes
There was a problem hiding this comment.
if not, document why the implementation differs from spec
There was a problem hiding this comment.
We do not need a prefix because we are already being passed in the clientID prefixed store into our function.
So we shouldn't be prefixing at all with ibc. We really only need that prefix in the specific clients when we are construcing the proof path. It's not needed to get from the clientStore.
There was a problem hiding this comment.
this is good info for when we add a spec dir for locahost since this differs from the ICS spec in implementation but not semantics
There was a problem hiding this comment.
Aye, excellent use-case for a spec directory.
Co-authored-by: colin axnér <[email protected]> Co-authored-by: Federico Kunze <[email protected]>
…nto aditya/verify-client
|
@colin-axner updated the spec for messages. The Although I do believe an in-depth explanation of the handshakes (which will explain proving self consensus states and clients for the connection handshake) in IBC is sorely needed so I will add it to an IBC docs wishlist issue to be tackled in separate PR. Added that item to this issue: #6134 (comment) |
| @@ -91,13 +91,36 @@ func (cs ClientState) CheckMisbehaviourAndUpdateState( | |||
| return nil, sdkerrors.Wrap(clienttypes.ErrInvalidEvidence, "cannot submit misbehaviour to localhost client") | |||
| } | |||
|
|
|||
| // VerifyClientConsensusState returns an error since a local host client does not store consensus | |||
| // VerifyClientState verifies that the localhost client state is stored locally | |||
| func (cs ClientState) VerifyClientState( | |||
| if err != nil { | ||
| return err | ||
| } | ||
|
|
||
| if connectionEnd != &prevConnection { | ||
| if !reflect.DeepEqual(&prevConnection, connectionEnd) { |
There was a problem hiding this comment.
nit, this line is not covered by tests
| if err != nil { | ||
| return err | ||
| } | ||
|
|
||
| if channel != &prevChannel { | ||
| if !reflect.DeepEqual(&prevChannel, channel) { |
|
I opened an issue to begin tracking things that should be noted in the client specs #7119 . Feel free to add to the comment anything in particular that is important to note or is non-trivial to understand |
There was a problem hiding this comment.
LGTM, great work! agree with @fedekunze pending test request
| expectedUbdPeriod, tmClient.UnbondingPeriod) | ||
| } | ||
|
|
||
| if tmClient.UnbondingPeriod < tmClient.TrustingPeriod { |
There was a problem hiding this comment.
I don't think so; although some values (almost unbonding period and very very low) are practically unworkable, that should be paid attention to by users or relayers when creating a client
| // VerifyClientConsensusState returns nil since a local host client does not store consensus | ||
| // states. |
There was a problem hiding this comment.
It should not return an error; it should just pass.
| _ []byte, | ||
| connectionID string, | ||
| connectionEnd connectionexported.ConnectionI, | ||
| ) error { | ||
| path, err := commitmenttypes.ApplyPrefix(prefix, host.ConnectionPath(connectionID)) |
There was a problem hiding this comment.
Aye, excellent use-case for a spec directory.
| @@ -197,6 +200,48 @@ func (k Keeper) GetSelfConsensusState(ctx sdk.Context, height uint64) (exported. | |||
| return consensusState, true | |||
| } | |||
|
|
|||
| // ValidateSelfClient validates the client parameters for a client of the running chain | |||
| // This function is only used to validate the client state the counterparty stores for this chain | |||
| func (k Keeper) ValidateSelfClient(ctx sdk.Context, clientState exported.ClientState) error { | |||
There was a problem hiding this comment.
This doesn't check:
- Max clock drift
- Frozen height
Maximum clock drift can vary, so I think it's alright not to check that, but we should just make sure there aren't any values which will cause Tendermint to throw errors.
We should probably verify that the latter is 0 initially? Not required security-wise though.
Once we add an epoch number we'll need to check that.
There was a problem hiding this comment.
Yes, I can add a frozen check, also epoch is implicitly checked by checking equality on chainID
AdityaSripal
added
the
A:automerge
* verify client state * add client state to msgs and retrieve in handler * fix connection msgs * fixed handshake tests * fix tests * fix sim tests * revert pb edit * add ValidateClient tests * Apply suggestions from code review Co-authored-by: Federico Kunze <[email protected]> * fix tests * fixed msgs test * use ibctesting for client state consts * Apply suggestions from code review Co-authored-by: colin axnér <[email protected]> Co-authored-by: Federico Kunze <[email protected]> * address rest of comments * rename to ValidateSelfClient and update spec * lint * Update x/ibc/02-client/keeper/keeper_test.go * Update x/ibc/02-client/keeper/keeper_test.go * complete rest of review * improve cov Co-authored-by: Federico Kunze <[email protected]> Co-authored-by: colin axnér <[email protected]>
Description
closes: #6524
Before we can merge this PR, please make sure that all the following items have been
checked off. If any of the checklist items are not applicable, please leave them but
write a little note why.
docs/) or specification (x/<module>/spec/)godoccomments.Unreleasedsection inCHANGELOG.mdFiles changedin the Github PR explorerCodecov Reportin the comment section below once CI passes