CometBFT specification

[lasarojc]

Was tendermint/tendermint#9321

CometBFT consists of many protocols and interfaces that need to be very well understood. Currently, not all protocols are clearly specified. This issue is designed to track the current state of the specification of CometBFT protocols and provide a clear overview of the remaining work in that respect.

Definition of done

This issue will be considered done when each sub-issue (corresponding to individual protocols and interfaces) is completed.
For a sub-issue to be considered completed it needs to provide the following:

• (1) What properties does the protocol provide (externally visible variables, events, together with safety, liveness, "best effort" properties)
• (2) What does the protocol expect from other protocols: shared state, timing, transition properties (when the node transitions from blocksync to consensus it should be at most x heights behind the current height of the chain)
• (3) How is the protocol operating (protocol description)
• (4) Observations/shortcomings/potential issues (I guess when we do this work, we will find problems that eventually should be addressed. We might note them down here together with the version of the software they apply to)

Satisfaction criteria

For 1) and 2): The protocol team and the engineering team are confident that we have a complete list, and we understand the properties well enough to be sure that they can be formalized.

For 3) protocol team and engineering team agree that the description and the code are well aligned, and captures worst case scenarios / corner cases

For 4) we should provide some evaluation of the current state. Written constructively so that we can infer future steps. (perhaps describing scenarios where the implemented protocol behaves differently from what people think it might do).

CometBFT protocols

Here we provide a list of protocols that exist in CometBFT along with the existing documentation and its status.

Consensus

• Algorithm in arXiv: OK (except separation of proposal and block)
• PBTS extension
• Port from retired 0.36 to main
• Detection of equivocation: missing
• Formal specification of the Gossip layer #15
• Interface between consensus and other CometBFT modules.
• Develop onboarding material explaining/answering some crucial parts of the Tendermint consensus algorithm (e.g., innovative Tendermint termination mechanism)
• Specification of the WAL and the replay mechanism

Accountability

• Detection of misbehavior - Amnesia: missing
• Light client detection: OK (perhaps re-organize lightclient)
• Evidence handling: missing
• Evidence gossiping: missing

Mempool

• Good coverage of parameters (in docs).
• Specifications missing. (There is an ADR on the priority mempool. spec: priority mempool specification tendermint/tendermint#9310 to write the spec for priority mempool.)
  • Problem statement
    • Mempool transaction handling properties #223
  • Protocol description
  • spec/mempool: First version of a formal specification #612
• Interface
  • Documentation contains interface to clients - how to post transactions
  • Research: practical behavior, performance, (problems felt in mempool are actually problems of peer-to-peer)

Peer exchange (PEX) and p2p :

• Existing issue: Specify the operation of the p2p layer #19
• p2p: Define a specification #20

Block sync:

• [] Existing issue: spec: blocksync  tendermint/tendermint#8586

State sync

• spec: define syncing protocols #22

Light client

• Documentation adequate and exists here.

CometBFT interfaces

ABCI

• ABCI is well specified and understood. Ongoing issue.
• Tutorials
  • Old ABCI version
  • ABCI ++

Peer management

• API + network properties are currently not clearly specified. Under this we can cover as well any related information on cryptography, encryption, authentication

Client facing

• Mempool (missing for non SDK users)
• RPC (missing for non SDK users)
• config.toml revisit parameters and find out why they are not consensus params
  • Does it depend on the node? (operator knows best)
  • Does it need to be protected by agreement?
  • Does it have an "agreed" component and an "operator-based" component?

Private key storage and use

• Spec of API? Secure?

Persistence, Data Availability

• Database
• Data availability implications of pruning, statesync, retain_height. What are the network-wide properties that we need?

Core data types

• Check the validity and update the specs for the core types #1014