Conversation
Codecov Report
@@ Coverage Diff @@
## master #5443 +/- ##
==========================================
- Coverage 63.29% 61.31% -1.98%
==========================================
Files 181 259 +78
Lines 19080 23456 +4376
==========================================
+ Hits 12077 14383 +2306
- Misses 5973 7615 +1642
- Partials 1030 1458 +428
|
melekes
reviewed
Oct 2, 2020
docs/tendermint-core/light-client.md
Outdated
| primary with witnesses. Therefore light clients should be set with enough witnesses. | ||
|
|
||
| [Trust Options](https://pkg.go.dev/github.com/tendermint/tendermint/light?tab=doc#TrustOptions) | ||
| If the detector observes a faulty provider it will report it to another provider |
Contributor
There was a problem hiding this comment.
I think we should state that the light client is not safe when a) more than {trust_level} of validators are malicious b) all witnesses are malicious
Contributor
Author
There was a problem hiding this comment.
Sure, this would be in replacement of lines 44 - 49 right? or the entire section
Contributor
There was a problem hiding this comment.
I'd just add it, not replace.
Contributor
There was a problem hiding this comment.
not a replacement, but rather an addition which clearly states the fact.
tessr
reviewed
Oct 2, 2020
docs/tendermint-core/light-client.md
Outdated
| The objective of the light client protocol is to get a commit for a recent | ||
| block hash where the commit includes a majority of signatures from the last | ||
| known validator set. From there, all the application state is verifiable with | ||
| The the light client protocol verifies headers by retrieving a chain of headers, |
Contributor
There was a problem hiding this comment.
Suggested change
| The the light client protocol verifies headers by retrieving a chain of headers, | |
| The light client protocol verifies headers by retrieving a chain of headers, |
docs/tendermint-core/light-client.md
Outdated
| primary with witnesses. Therefore light clients should be set with enough witnesses. | ||
|
|
||
| [Trust Options](https://pkg.go.dev/github.com/tendermint/tendermint/light?tab=doc#TrustOptions) | ||
| If the detector observes a faulty provider it will report it to another provider |
Contributor
There was a problem hiding this comment.
I'd just add it, not replace.
light/detector.go
Outdated
| CommonHeight: commonHeight, // the first block in the bisection is common to both providers | ||
| } | ||
| c.logger.Error("Attack detected. Sending evidence againt primary by witness", "ev", ev, | ||
| c.logger.Error("Attack detected. Sending evidence againt primary by witness", "ev", primaryEv, |
Contributor
There was a problem hiding this comment.
Shall we clarify that this attack was just attempted, in the spirit of not spooking any users?
Suggested change
| c.logger.Error("Attack detected. Sending evidence againt primary by witness", "ev", primaryEv, | |
| c.logger.Error("Attempted attack detected. Sending evidence against primary by witness", "ev", primaryEv, |
light/errors.go
Outdated
|
|
||
| // ErrLightClientAttack is returned when the light client has detected an attempt | ||
| // to verify a false header and has sent the evidence to either a witness or primary. | ||
| var ErrLightClientAttack = errors.New("ATTACK DETECTED. Light client received valid conflicting header from witness." + |
Contributor
There was a problem hiding this comment.
Suggested change
| var ErrLightClientAttack = errors.New("ATTACK DETECTED. Light client received valid conflicting header from witness." + | |
| var ErrLightClientAttack = errors.New("Attempted attack detected. Light client received valid conflicting header from witness." + |
Contributor
|
This looks pretty good to me. Maybe we can add a message to the logs for detected attack attempts that's something like
|
tessr
approved these changes
Oct 2, 2020
lovincyrus
added a commit
that referenced
this pull request
Oct 5, 2020
* docs: specify TM version in go tutorials (#5427) Closes #5425 * privval: allow passing options to NewSignerDialerEndpoint (#5434) Required for #5291 to set timeouts for remote signers. * config: set statesync.rpc_servers when generating config file (#5433) Required for #5291, to generate configuration files with state sync RPC servers. * consensus: check block parts don't exceed maximum block bytes (#5431) * ci: docker remvoe circleci and add github action (#5420) * privval: fix ping message encoding (#5441) Fixes #5371. * docs: revise ADR 56, documenting short term decision around amnesia evidence (#5440) * light: expand on errors and docs (#5443) * test: add end-to-end testing framework (#5435) Partial fix for #5291. For details, see [README.md](https://github.com/tendermint/tendermint/blob/erik/e2e-tests/test/e2e/README.md) and [RFC-001](https://github.com/tendermint/tendermint/blob/master/docs/rfc/rfc-001-end-to-end-testing.md). This only includes a single test case under `test/e2e/tests/`, as a proof of concept - additional test cases will be submitted separately. A randomized testnet generator will also be submitted separately, there a currently just a handful of static testnets under `test/e2e/networks/`. This will eventually replace the current P2P tests and run in CI. * changelog: add missing date to v0.33.5 release, fix indentation (#5454) I forgot to add the date when we cut 0.33.5. This fixes that. It also fixes a header indentation issue for 0.33.8. * test: add basic end-to-end test cases (#5450) Partial fix for #5291. This adds a basic set of test cases for core network invariants. Although small, it is sufficient to replace and extend the current set of P2P tests. Further test cases can be added later. * test: add GitHub action for end-to-end tests (#5452) Partial fix for #5291. * fix RPC blockresults reutrn (#5459) ## Description In blocks_results we use the proto definition of abciResponses: https://github.com/tendermint/tendermint/blob/2672b91ab099b8b02f3afabae4a0a745acd93c3f/rpc/core/blocks.go#L152-L155, this leads to the use of the proto definition of the pubkey which is an interface in go (oneof). The interface must be registered with the JSON encoder to have it work correctly. A clearer divide between proto types and native types is needed. Closes: #XXX * circleci: remove Gitian reproducible_builds job (#5462) * docs: fix links to adr 56 (#5464) ## Description fix broken link from a previous change * test: remove P2P tests (#5453) Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com> Co-authored-by: Erik Grinaker <erik@interchain.berlin> Co-authored-by: Callum Waters <cmwaters19@gmail.com> Co-authored-by: Marko <marbar3778@yahoo.com> Co-authored-by: Tess Rinearson <tess.rinearson@gmail.com>
lovincyrus
added a commit
that referenced
this pull request
Oct 5, 2020
* docs: specify TM version in go tutorials (#5427) Closes #5425 * privval: allow passing options to NewSignerDialerEndpoint (#5434) Required for #5291 to set timeouts for remote signers. * config: set statesync.rpc_servers when generating config file (#5433) Required for #5291, to generate configuration files with state sync RPC servers. * consensus: check block parts don't exceed maximum block bytes (#5431) * ci: docker remvoe circleci and add github action (#5420) * privval: fix ping message encoding (#5441) Fixes #5371. * docs: revise ADR 56, documenting short term decision around amnesia evidence (#5440) * light: expand on errors and docs (#5443) * makefile: config build-docs for branch and path prefix * update versions with new 0.33 branch Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com> Co-authored-by: Erik Grinaker <erik@interchain.berlin> Co-authored-by: Callum Waters <cmwaters19@gmail.com> Co-authored-by: Marko <marbar3778@yahoo.com>
melekes
pushed a commit
that referenced
this pull request
Oct 9, 2020
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Updates light docs with a section on security and adds a more informative error in the case of a light client attack.