fluencelabs/tendermint
1
0
Fork 0
mirror of https://github.com/fluencelabs/tendermint synced 2025-05-13 23:31:19 +00:00
Code Issues Projects Releases Wiki Activity

write about evidence handling

Browse Source
This commit is contained in:
Anton Kaliaev 2019-08-28 14:20:42 +04:00
parent ed15b562df
commit 09db7253d5
No known key found for this signature in database
GPG Key ID: 7B6881D965918214
1 changed files with 35 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
docs/architecture/adr-044-lite-client-with-weak-subjectivity.md
View File

@ -54,22 +54,25 @@ network or when a light client that has been offline for longer than the
unbonding period connects to the network. Specifically, the node needs to unbonding period connects to the network. Specifically, the node needs to
initialize the following structure before syncing from user input: initialize the following structure before syncing from user input:
``` ```go
type TrustOptions struct { type TrustOptions struct {
// Required: only trust commits up to this old. // Required: only trust commits up to this old.
// Should be equal to the unbonding period minus some delta for evidence reporting. // Should be equal to the unbonding period minus some delta for evidence reporting.
TrustPeriod time.Duration `json:"trust-period"` TrustPeriod time.Duration `json:"trust-period"`
// Option 1: TrustHeight and TrustHash can both be provided // Required: validator whom we've got the TrustHeight/Hash from
// to force the trusting of a particular height and hash. ValidatorAddress types.Address `json:"validator-address"`
// If the latest trusted height/hash is more recent, then this option is
// ignored.
TrustHeight int64 `json:"trust-height"`
TrustHash []byte `json:"trust-hash"`
// Option 2: Callback can be set to implement a confirmation // Option 1: TrustHeight and TrustHash can both be provided
// step if the trust store is uninitialized, or expired. // to force the trusting of a particular height and hash.
Callback func(height int64, hash []byte) error // If the latest trusted height/hash is more recent, then this option is
// ignored.
TrustHeight int64 `json:"trust-height"`
TrustHash []byte `json:"trust-hash"`
// Option 2: Callback can be set to implement a confirmation
// step if the trust store is uninitialized, or expired.
Callback func(height int64, hash []byte) error
} }
``` ```
@ -164,6 +167,9 @@ type Verifier struct {
// Source of new FullCommit(s). // Source of new FullCommit(s).
source Provider source Provider
// Backup sources for checking the primary for misbehavior by comparing data
backup []Provider
// Where trusted FullCommit(s) are stored. // Where trusted FullCommit(s) are stored.
trusted PersistentProvider trusted PersistentProvider
} }
@ -268,6 +274,22 @@ require.NoError(t, err)
light client should also be able to submit evidence of malfeasance and handle light client should also be able to submit evidence of malfeasance and handle
evidence coming from a full node or another source. evidence coming from a full node or another source.
We'll need to add evidence to `FullCommit`.
```go
type FullCommit struct {
SignedHeader types.SignedHeader `json:"signed_header"`
Validators *types.ValidatorSet `json:"validator_set"`
NextValidators *types.ValidatorSet `json:"next_validator_set"`
Evidence types.EvidenceList `json:"evidence"`
}
```
When/if evidence is received, client should check it and disconnect from the
node if `evidence.Address == TrustOptions.ValidatorAddress`. It's unwise to
think that a node will send an evidence of its misbehavior. That's why we
should also check `backup` sources in the background.
## Status ## Status
Accepted. Accepted.