Conversation
Codecov Report
@@ Coverage Diff @@
## develop #1336 +/- ##
===========================================
- Coverage 61.48% 61.43% -0.05%
===========================================
Files 114 114
Lines 10988 10988
===========================================
- Hits 6756 6751 -5
- Misses 3585 3587 +2
- Partials 647 650 +3
|
| if isValid(signedHeader) then | ||
| setValidatorSet(signedHeader) | ||
| else return error | ||
| return |
| ``` | ||
|
|
||
| We assume that Tendermint keeps track of the validator set changes and that each time a validator set is changed it is | ||
| being assigned the next sequence number. We can this number the validator set sequence number. Tendermint also remembers |
There was a problem hiding this comment.
We can this number the validator set sequence number. is very funky, probably needs to be grammatically corrected.
There was a problem hiding this comment.
It's a typo. It should be " We call this number the validator set sequence number".
There was a problem hiding this comment.
"We can call this number ..."
| validator set (modified based on transactions from block H) will be in block `H+1` (and signed by the current validator | ||
| set), and then starting from the block `H+2`, it will be signed by the next validator set. | ||
|
|
||
| Note that the real Tendermint RPC api is slightly different (for example, response messages contains more data and function |
There was a problem hiding this comment.
API should be in caps as it is an acronym.
| valSetNumber int64 // sequence number of the current validator set | ||
| valSetHash []byte // hash of the current validator set | ||
| valSetTime int64 // time when the current validator set is initialised | ||
| ``` |
There was a problem hiding this comment.
Improved readbility:
valSet []Validator // current validator set (last known and verified validator set)
valSetNumber int64 // sequence number of the current validator set
valSetHash []byte // hash of the current validator set
valSetTime int64 // time when the current validator set is initialised| Validators []Validator | ||
| ValSetTime int64 // time the current validator set is initialised, i.e, time of the last validator change before header BlockHeight | ||
| } | ||
| ``` |
There was a problem hiding this comment.
Improve formatting:
type SignedHeader struct {
Header Header
Commit Commit
ValSetNumber int64
}
type ResultValidators struct {
BlockHeight int64
Validators []Validator
// time the current validator set is initialised, i.e, time of the last validator change before header BlockHeight
ValSetTime int64
}| if isValid(signedHeader) then | ||
| setValidatorSet(signedHeader) | ||
| else return error | ||
| return |
| and 2) update the validator set (when the given header is valid and it is more recent than the seen headers). | ||
|
|
||
| ```golang | ||
| Certify(signedHeader SignedHeader): |
There was a problem hiding this comment.
I know this is just a description of the current working of the light client, but Certify seems to conflate too many things, validation and mutation namely, while the name does not communicate that.
There was a problem hiding this comment.
This can be seen more as a description of core mechanisms of the light client. Current implementation is quite different. I agree that this is not the best name and that updating validator set is a side effect. My idea was just to have Certify as an entry point where we show how everything works together. The same underlying mechanisms can be used in the context of IBC, pooled security architecture and the light client. Do you have a suggestion how we organise the content differently?
There was a problem hiding this comment.
Something that would imply mutation could be a good start e.g.: Update
9a20f10 to
1660411
Compare
| return true | ||
| else | ||
| updateValidatorSet(signedHeader.ValSetNumber) | ||
| return Certify(signedHeader) |
There was a problem hiding this comment.
This is a recursive call, correct? What happened if the subsequent call to Certify fails even so updateValidatorSet has been called already?
There was a problem hiding this comment.
I think that it's not a problem in updating validator set and failing to check next header. With a correct FullNode this should never happen. In general, any call to the FullNode might fail or some of subsequent check could fail. At that point Certify function should fail and light client should decide how to deal with it, for example to connect to other FullNode. I added a note at the end.
There was a problem hiding this comment.
Gotcha, thanks for the clarification. Not sure if it was made explicit somehwere what the guarantees are for the light client.
There was a problem hiding this comment.
We should make guarantees explicit, this is a first step to agree on the basic mechanisms.
1660411 to
416f03c
Compare
| blockchain header, and further the corresponding Merkle proofs. | ||
|
|
||
| For the purpose of this light client specification, we assume that the Tendermint Full Node exposes the following functions over | ||
| Tendermint RPC: |
There was a problem hiding this comment.
| type SignedHeader struct { | ||
| Header Header | ||
| Commit Commit | ||
| ValSetNumber int64 |
There was a problem hiding this comment.
Why is this number needed?
You return it on the signed header, but you don't return it on ResultValidator.
There was a problem hiding this comment.
Strictly speaking, it is not needed, but it emphasises that validator set changes are first class citizens. It also simplifies supporting applications that require to strictly track validator set changes. Light client logic also seems simpler. The cost of supporting it does not seem high. We could also add this number in ResultValidator for symmetry.
|
I think we need to fix the condition re the Unbonding period (if its longer than the unbonding period, we have to revert to social consensus, we cant trust Tendermint nodes!). Otherwise I think it looks good. Notation could be a bit better re mutable state but good enough to merge for now. |
No description provided.