enforce <1/3 validator updates

[melekes]

Refs #950

[ebuchman]

Good start, but we need to check < 1/3 with respect to voting power, not just number of validators.

Also, the change in voting power must be strictly less than 1/3, not <= 1/3

[melekes]

So, the algo should look more like:

if (>= 1/3 of vals changed) OR newVP/oldVP * 100 >= 33 {
  error
}

?

[ebuchman]

We don't even have to check the number of validators, just the voting power.

Basically we should sum the voting power changes and if thats >=1/3 of the current total, then error.

[codecov-io]

Codecov Report

Merging #1004 into develop will decrease coverage by 0.3%.
The diff coverage is 62.5%.

@@             Coverage Diff             @@
##           develop    #1004      +/-   ##
===========================================
- Coverage    59.95%   59.65%   -0.31%     
===========================================
  Files          109      109              
  Lines        10197    10225      +28     
===========================================
- Hits          6114     6100      -14     
- Misses        3523     3556      +33     
- Partials       560      569       +9

[ebuchman]

Looks great. But should have more tests

[ebuchman]

why remove this test ?

[melekes]

because it was written with an assumption that there is only one validator. I can try and rewrite it of course

[ebuchman]

right. I think it's ok since we're specifically testing the "save/load at height" behaviour, and having just one validator was an easy way to write the test, and we have other tests of multiple validators. So we should defntly keep it. If you have a nice way to write it with multiple validators, that'd of course be welcome, though now we have to be mindful that it can only change by < 1/3 :)

[ebuchman]

we should have more test cases

[melekes]

@ebuchman done. feel free to add more test cases if you want (https://github.com/tendermint/tendermint/pull/1004/files#diff-a1153b96e079da8da43231ad48de57a0R248)