Revision - fb8b00f - lite2: light client with weak subjectivity (#3989)

Revision fb8b00f1d85144a6a5b6c064be3efc1a1d731269 authored by Anton Kaliaev on 25 November 2019, 15:07:40 UTC, committed by GitHub on 25 November 2019, 15:07:40 UTC

lite2: light client with weak subjectivity (#3989)

Refs #1771

ADR: https://github.com/tendermint/tendermint/blob/master/docs/architecture/adr-044-lite-client-with-weak-subjectivity.md

## Commits:

* add Verifier and VerifyCommitTrusting

* add two more checks

make trustLevel an option

* float32 for trustLevel

* check newHeader time

* started writing lite Client

* unify Verify methods

* ensure h2.Header.bfttime < h1.Header.bfttime + tp

* move trust checks into Verify function

* add more comments

* more docs

* started writing tests

* unbonding period failures

* tests are green

* export ErrNewHeaderTooFarIntoFuture

* make golangci happy

* test for non-adjusted headers

* more precision

* providers and stores

* VerifyHeader and VerifyHeaderAtHeight funcs

* fix compile errors

* remove lastVerifiedHeight, persist new trusted header

* sequential verification

* remove TrustedStore option

* started writing tests for light client

* cover basic cases for linear verification

* bisection tests PASS

* rename BisectingVerification to SkippingVerification

* refactor the code

* add TrustedHeader method

* consolidate sequential verification tests

* consolidate skipping verification tests

* rename trustedVals to trustedNextVals

* start writing docs

* ValidateTrustLevel func and ErrOldHeaderExpired error

* AutoClient and example tests

* fix errors

* update doc

* remove ErrNewHeaderTooFarIntoFuture

This check is unnecessary given existing a) ErrOldHeaderExpired b)
h2.Time > now checks.

* return an error if we're at more recent height

* add comments

* add LastSignedHeaderHeight method to Store

I think it's fine if Store tracks last height

* copy over proxy from old lite package

* make TrustedHeader return latest if height=0

* modify LastSignedHeaderHeight to return an error if no headers exist

* copy over proxy impl

* refactor proxy and start http lite client

* Tx and BlockchainInfo methods

* Block method

* commit method

* code compiles again

* lite client compiles

* extract updateLiteClientIfNeededTo func

* move final parts

* add placeholder for tests

* force usage of lite http client in proxy

* comment out query tests for now

* explicitly mention tp: trusting period

* verify nextVals in VerifyHeader

* refactor bisection

* move the NextValidatorsHash check into updateTrustedHeaderAndVals

+ update the comment

* add ConsensusParams method to RPC client

* add ConsensusParams to rpc/mock/client

* change trustLevel type to a new cmn.Fraction type

+ update SkippingVerification comment

* stress out trustLevel is only used for non-adjusted headers

* fixes after Fede's review

Co-authored-by: Federico Kunze <31522760+fedekunze@users.noreply.github.com>

* compare newHeader with a header from an alternative provider

* save pivot header

Refs https://github.com/tendermint/tendermint/pull/3989#discussion_r349122824

* check header can still be trusted in TrustedHeader

Refs https://github.com/tendermint/tendermint/pull/3989#discussion_r349101424

* lite: update Validators and Block endpoints

- Block no longer contains BlockMeta
- Validators now accept two additional params: page and perPage

* make linter happy

1 parent ceb1053

Files
Changes

Permalinks

base_verifier.go

package lite

import (
	"bytes"

	"github.com/pkg/errors"

	lerr "github.com/tendermint/tendermint/lite/errors"
	"github.com/tendermint/tendermint/types"
)

var _ Verifier = (*BaseVerifier)(nil)

// BaseVerifier lets us check the validity of SignedHeaders at height or
// later, requiring sufficient votes (> 2/3) from the given valset.
// To verify blocks produced by a blockchain with mutable validator sets,
// use the DynamicVerifier.
// TODO: Handle unbonding time.
type BaseVerifier struct {
	chainID string
	height  int64
	valset  *types.ValidatorSet
}

// NewBaseVerifier returns a new Verifier initialized with a validator set at
// some height.
func NewBaseVerifier(chainID string, height int64, valset *types.ValidatorSet) *BaseVerifier {
	if valset.IsNilOrEmpty() {
		panic("NewBaseVerifier requires a valid valset")
	}
	return &BaseVerifier{
		chainID: chainID,
		height:  height,
		valset:  valset,
	}
}

// Implements Verifier.
func (bv *BaseVerifier) ChainID() string {
	return bv.chainID
}

// Implements Verifier.
func (bv *BaseVerifier) Verify(signedHeader types.SignedHeader) error {

	// We can't verify commits for a different chain.
	if signedHeader.ChainID != bv.chainID {
		return errors.Errorf("BaseVerifier chainID is %v, cannot verify chainID %v",
			bv.chainID, signedHeader.ChainID)
	}

	// We can't verify commits older than bv.height.
	if signedHeader.Height < bv.height {
		return errors.Errorf("BaseVerifier height is %v, cannot verify height %v",
			bv.height, signedHeader.Height)
	}

	// We can't verify with the wrong validator set.
	if !bytes.Equal(signedHeader.ValidatorsHash,
		bv.valset.Hash()) {
		return lerr.ErrUnexpectedValidators(signedHeader.ValidatorsHash, bv.valset.Hash())
	}

	// Do basic sanity checks.
	err := signedHeader.ValidateBasic(bv.chainID)
	if err != nil {
		return errors.Wrap(err, "in verify")
	}

	// Check commit signatures.
	err = bv.valset.VerifyCommit(
		bv.chainID, signedHeader.Commit.BlockID,
		signedHeader.Height, signedHeader.Commit)
	if err != nil {
		return errors.Wrap(err, "in verify")
	}

	return nil
}

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...