Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Map iteration non determinism in consumer AccumulateChanges #505

Closed
2 tasks done
danwt opened this issue Nov 21, 2022 · 6 comments · Fixed by #584
Closed
2 tasks done

Map iteration non determinism in consumer AccumulateChanges #505

danwt opened this issue Nov 21, 2022 · 6 comments · Fixed by #584
Assignees
@jtremback
Labels
type: bug Issues that need priority attention -- something isn't working

Comments

@danwt
Copy link
Contributor

danwt commented Nov 21, 2022
edited
Loading

Problem

AccumulateChanges used to aggregate tendermint updates on the consumer uses non deterministic map iteration to produce a list, and then writes the list to store in one go. I think this could cause a consensus error.

Closing criteria

Fix the nondeterminism.

Problem details

interchain-security/x/ccv/utils/utils.go

Lines 29 to 31 in 25b0d01

for _, update := range m {
out = append(out, update)
}

interchain-security/x/ccv/consumer/keeper/relay.go

Lines 58 to 59 in 25b0d01

err := k.SetPendingChanges(ctx, ccv.ValidatorSetChangePacketData{
ValidatorUpdates: pendingChanges,

TODOs

  • Labels have been added for issue
  • Issue has been added to the ICS project
@danwt danwt added the type: bug Issues that need priority attention -- something isn't working label Nov 21, 2022
@danwt danwt moved this to Todo in Replicated Security Nov 21, 2022
@danwt
Copy link
Contributor Author

danwt commented Nov 23, 2022

I'm not sure that it's safe to use .String() to get the map key

interchain-security/x/ccv/utils/utils.go

Lines 19 to 25 in 25b0d01

for i := 0; i < len(currentChanges); i++ {
m[currentChanges[i].PubKey.String()] = currentChanges[i]
}
for i := 0; i < len(newChanges); i++ {
m[newChanges[i].PubKey.String()] = newChanges[i]
} 

// DeterministicStringify returns a deterministic string representation of the
// key. This is useful to identify like keys with different representations.
func DeterministicStringify(k tmprotocrypto.PublicKey) string {
	sdkPubKey, err := cryptocodec.FromTmProtoPublicKey(k)
	if err != nil {
		panic("could not get sdk public key from tm proto public key")
	}
	return string(sdkPubKey.Bytes())
}

Maybe it's better to use consensus address here^^

// The list of tendermint updates should hash the same across all consensus nodes
	// that means it is necessary to sort for determinism.
	sort.Slice(consumerUpdatesAsList, func(i, j int) bool {
		if consumerUpdatesAsList[i].Power > consumerUpdatesAsList[j].Power {
			return true
		}
		return consumerUpdatesAsList[i].PubKey.String() > consumerUpdatesAsList[j].PubKey.String()
	})

@jtremback jtremback self-assigned this Nov 23, 2022
@danwt danwt mentioned this issue Nov 25, 2022
Closed
2 tasks
@mpoke
Copy link
Contributor

mpoke commented Nov 29, 2022

AccumulateChanges used to aggregate tendermint updates on the consumer uses non deterministic map iteration to produce a list, and then writes the list to store in one go. I think this could cause a consensus error.

Does ABCI require the lists of validator updates return by different nodes in EndBlock to be in the same order?

Maybe it's better to use consensus address here

Would that mean hashing the public key for every update? That sounds like a lot of hashing just for this purpose.

@mpoke
Copy link
Contributor

mpoke commented Nov 29, 2022

It seems that the only requirement is that any two nodes return the same list of updates, but not necessarily in the same order. Confirmed by @sergio-mena

@danwt
Copy link
Contributor Author

danwt commented Nov 29, 2022

Ahh yeah I forgot that these are never committed to store, because the pending updates are always deleted in endblock. I think it's fine then.

@danwt danwt closed this as completed Nov 29, 2022
Repository owner moved this from Todo to Done in Replicated Security Nov 29, 2022
@jtremback jtremback reopened this Nov 30, 2022
Repository owner moved this from Done to In Progress in Replicated Security Nov 30, 2022
@jtremback
Copy link
Contributor

I still think we should fix this. The fix is very easy.

@jtremback jtremback moved this from In Progress to Next in Replicated Security Dec 5, 2022
@danwt
Copy link
Contributor Author

danwt commented Dec 5, 2022
edited
Loading

Snippet like

// The list of tendermint updates should hash the same across all consensus nodes
	// that means it is necessary to sort for determinism.
	sort.Slice(consumerUpdatesAsList, func(i, j int) bool {
		if consumerUpdatesAsList[i].Power > consumerUpdatesAsList[j].Power {
			return true
		}
		return consumerUpdatesAsList[i].PubKey.String() > consumerUpdatesAsList[j].PubKey.String()
	})

EDIT: not correct :/ lol

@jtremback jtremback mentioned this issue Dec 12, 2022
Merged
24 tasks
@jtremback jtremback moved this from Next to Waiting for review in Replicated Security Dec 12, 2022
Repository owner moved this from Waiting for review to Done in Replicated Security Dec 13, 2022
@ivan-gavran ivan-gavran mentioned this issue Feb 3, 2023
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jtremback jtremback

Labels
type: bug Issues that need priority attention -- something isn't working
Projects
No open projects
Replicated Security
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

add sorting into AccumulateChanges and add a unit test for it cosmos/interchain-security
4 participants
@jtremback @mpoke @danwt and others