Repositories structuring #1
Comments
|
CC'ing @gakonst - what modifications are you planning to make to Cosmos/Tendermint in order to enable state transition fraud proofs? |
|
I wish tendemint would allow devs to plug in their own Header definitions and the header used inside of tendermint (for everything besides encoding and other places you'd need to deal with the concrete impl) would just be an interface (or trait). Similar to what we did in the Rust implementation of the light client: https://github.com/informalsystems/tendermint-rs/blob/471542d60d542a8049c81286dff13ffa467300fc/tendermint/src/lite/types.rs#L19-L31 Would the tendermint team like to integrate changes in this direction? @tessr @marbar3778 |
|
I can't speak for the tendermint team, but I'd like to see Tendermint more flexible to allow experiments / modifications like ^ without too much pain 👍 |
This is the goal for Tendermint. I hope with the move to protobuf Tendermint can better facilitate this modularity. |
|
Thanks for your feedback @melekes and @marbar3778. And cool, would be great if we could help tendermint to reach that goal even further :-) Making tendermint as flexible as mentioned above will take some time. So just summarizing what we've discussed as possible options for the meantime: @adlerjohn suggested we can use the @musalbas raised concerns about this approach as it is actually necessary that there is only one and only one data/state root that includes all consensus critical data. The reason for this is that otherwise we can't guarantee that the data behind the other roots is actually available. A good alternative seems to be to do all modifications in one fork and make the changes needed for 2. configurable somehow. But as 2. involves changes to the header (add the erasure coded merkle tree data availability scheme), this only makes sense if the header is modular/pluggable in some sense (which kinda brings us back to #1 (comment)). |
* rename adjusted to adjacent Refs tendermint/tendermint#3989 (comment) * rename ErrTooMuchChange to ErrNotEnoughVotingPowerSigned Refs tendermint/tendermint#3989 (comment) * verify commit is properly signed * remove no longer trusted headers * restore trustedHeader and trustedNextVals * check trustedHeader using options Refs tendermint/tendermint#4209 (comment) * use correct var when checking if headers are adjacent in bisection func + replace TODO with a comment tendermint/tendermint#3989 (comment) * return header in VerifyHeaderAtHeight because that way we avoid DB call + add godoc comments + check if there are no headers yet in AutoClient tendermint/tendermint#3989 (review) * TestVerifyAdjacentHeaders: add 2 more test-cases + add TestVerifyReturnsErrorIfTrustLevelIsInvalid * lite: avoid overflow when parsing key in db store! * lite: rename AutoClient#Err to Errs * lite: add a test for AutoClient * lite: fix keyPattern and call itr.Next in db store * lite: add two tests for db store * lite: add TestClientRemovesNoLongerTrustedHeaders * lite: test Client#Cleanup * lite: test restoring trustedHeader tendermint/tendermint#4209 (comment) * lite: comment out unused code in test_helpers * fix TestVerifyReturnsErrorIfTrustLevelIsInvalid after merge * change defaultRemoveNoLongerTrustedHeadersPeriod and add docs * write more doc * lite: uncomment testable examples * use stdlog.Fatal to stop AutoClient tests * make lll linter happy * separate errors for 2 cases - the validator set of a skipped header cannot be trusted, i.e. <1/3rd of h1 validator set has signed (new error, something like ErrNewValSetCantBeTrusted) - the validator set is trusted but < 2/3rds has signed (ErrNewHeaderCantBeTrusted) tendermint/tendermint#4209 (comment) * remove all headers (even the last one) that are outside of the trusting period. By doing this, we avoid checking the trustedHeader's hash in checkTrustedHeaderUsingOptions (case #1). tendermint/tendermint#4209 (comment) * explain restoreTrustedHeaderAndNextVals better tendermint/tendermint#4209 (comment) * add ConfirmationFunction option for optionally prompting for user input Y/n before removing headers Refs tendermint/tendermint#4209 (comment) * make cleaning optional tendermint/tendermint#4209 (comment) * return error when user refused to remove headers * check for double votes in VerifyCommitTrusting * leave only ErrNewValSetCantBeTrusted error to differenciate between h2Vals.VerifyCommit and h1NextVals.VerifyCommitTrusting * fix example tests * remove unnecessary if condition tendermint/tendermint#4209 (comment) It will be handled by the above switch. * verifyCommitBasic does not depend on vals Co-authored-by: Marko <marbar3778@yahoo.com>
|
There are still open questions or todos around this issue right? We didn't fully settle on this?
Although I'm not sure if most that code would't live as a cosmos-sdk module outside of tendermint anyways. And merging all other roots into a single state root:
I mean it is also the job of the app to include all state in |
|
OK, we actually concluded: one repo for now. This can be closed. |
…heck (#1186) This PR addresses the vulnerabilities identified by govulncheck in [PR #1179](https://github.com/celestiaorg/celestia-core/actions/runs/7629759074/job/20786518441?pr=1179). It upgrades the affected modules to the versions recommended by govulncheck. ``` Vulnerability #1: GO-2024-2466 Denial of service in github.com/go-git/go-git/v5 and gopkg.in/src-d/go-git.v4 More info: https://pkg.go.dev/vuln/GO-2024-2466 Module: github.com/go-git/go-git/v5 Found in: github.com/go-git/go-git/v5@v5.5.1 Fixed in: github.com/go-git/go-git/v5@v5.11.0 Example traces found: Error: #1: test/e2e/generator/generate.go:402:36: generator.gitRepoLatestReleaseVersion calls git.PlainOpenWithOptions, which calls filesystem.NewStorage Error: #2: test/e2e/generator/generate.go:402:36: generator.gitRepoLatestReleaseVersion calls git.PlainOpenWithOptions Error: #3: test/e2e/generator/generate.go:407:30: generator.gitRepoLatestReleaseVersion calls git.Repository.TagObjects Vulnerability #2: GO-2024-2456 Path traversal and RCE in github.com/go-git/go-git/v5 and gopkg.in/src-d/go-git.v4 More info: https://pkg.go.dev/vuln/GO-2024-2456 Module: github.com/go-git/go-git/v5 Found in: github.com/go-git/go-git/v5@v5.5.1 Fixed in: github.com/go-git/go-git/v5@v5.11.0 Example traces found: Error: #1: test/e2e/generator/generate.go:402:36: generator.gitRepoLatestReleaseVersion calls git.PlainOpenWithOptions, which calls filesystem.NewStorage Error: #2: test/e2e/generator/generate.go:402:36: generator.gitRepoLatestReleaseVersion calls git.PlainOpenWithOptions Error: #3: test/e2e/generator/generate.go:407:30: generator.gitRepoLatestReleaseVersion calls git.Repository.TagObjects === Informational === There are 2 vulnerabilities in modules that you require that are neither imported nor called. You may not need to take any action. See https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck for details. Vulnerability #1: GO-2024-2453 Timing side channel in github.com/cloudflare/circl More info: https://pkg.go.dev/vuln/GO-2024-2453 Module: github.com/cloudflare/circl Found in: github.com/cloudflare/circl@v1.3.1 Fixed in: github.com/cloudflare/circl@v1.3.7 Vulnerability #2: GO-2023-[17](https://github.com/celestiaorg/celestia-core/actions/runs/7629759074/job/20786518441?pr=1179#step:5:18)65 Leaked shared secret and weak blinding in github.com/cloudflare/circl More info: https://pkg.go.dev/vuln/GO-[20](https://github.com/celestiaorg/celestia-core/actions/runs/7629759074/job/20786518441?pr=1179#step:5:21)23-1765 Module: github.com/cloudflare/circl Found in: github.com/cloudflare/circl@v1.3.1 Fixed in: github.com/cloudflare/circl@v1.3.3 Your code is affected by 2 vulnerabilities from 1 module. Share feedback at https://go.dev/s/govulncheck-feedback. exit status 3 make: *** [Makefile:254: vulncheck] Error 1 Error: Process completed with exit code 2. ```
In order to fix the go vulnerabilities that are fixed in the new patch: ``` Vulnerability #1: GO-2024-2610 Errors returned from JSON marshaling may break template escaping in html/template More info: https://pkg.go.dev/vuln/GO-2024-2610 Standard library Found in: html/template@go1.22 Fixed in: html/template@go1.22.1 Example traces found: #1: test/fuzz/rpc/jsonrpc/server/handler.go:30:15: server.Fuzz calls http.ServeMux.ServeHTTP, which eventually calls template.Template.Execute #2: rpc/jsonrpc/server/http_server.go:256:15: server.maxBytesHandler.ServeHTTP calls http.HandlerFunc.ServeHTTP, which eventually calls template.Template.ExecuteTemplate Vulnerability #2: GO-2024-2600 Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http More info: https://pkg.go.dev/vuln/GO-2024-2600 Standard library Found in: net/http@go1.22 Fixed in: net/http@go1.22.1 Example traces found: #1: rpc/jsonrpc/client/http_json_client.go:213:34: client.Client.Call calls http.Client.Do #2: libs/cli/setup.go:89:26: cli.Executor.Execute calls cobra.Command.Execute, which eventually calls http.Client.Get #3: p2p/upnp/upnp.go:205:20: upnp.getServiceURL calls http.Get Vulnerability #3: GO-2024-2599 Memory exhaustion in multipart form parsing in net/textproto and net/http More info: https://pkg.go.dev/vuln/GO-2024-2599 Standard library Found in: net/textproto@go1.22 Fixed in: net/textproto@go1.22.1 Example traces found: #1: rpc/jsonrpc/server/http_server.go:62:16: server.Serve calls http.Server.Serve, which eventually calls textproto.Reader.ReadLine #2: rpc/jsonrpc/server/http_server.go:62:16: server.Serve calls http.Server.Serve, which eventually calls textproto.Reader.ReadMIMEHeader Vulnerability #4: GO-2024-2598 Verify panics on certificates with an unknown public key algorithm in crypto/x509 More info: https://pkg.go.dev/vuln/GO-2024-2598 Standard library Found in: crypto/x509@go1.22 Fixed in: crypto/x509@go1.22.1 Example traces found: #1: libs/autofile/group.go:479:30: autofile.GroupReader.Read calls bufio.Reader.Read, which eventually calls x509.Certificate.Verify Your code is affected by 4 vulnerabilities from the Go standard library. ```
In building LazyLedger, we would like to use Tendermint for two purposes, that are somewhat independent from each other, that requires a different set of modifications:
The Tendermint features we need in (1) are a subset of the ones we need in (2). We need to think about what would be the best way to structure these repositories, and if we want to have one or two forks of Tendermint.
The two options are:
The text was updated successfully, but these errors were encountered: