Merge branch 'master' into tessr/nil-commit

deps: bump github.com/magiconair/properties from 1.8.0 to 1.8.1 (#3937 )
Bumps [github.com/magiconair/properties](https://github.com/magiconair/properties) from 1.8.0 to 1.8.1. - [Release notes](https://github.com/magiconair/properties/releases) - [Changelog](https://github.com/magiconair/properties/blob/master/CHANGELOG.md) - [Commits](https://github.com/magiconair/properties/compare/v1.8.0...v1.8.1) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2025-07-24 08:41:59 +00:00 · 2019-09-04 20:25:54 +04:00 · 2019-09-04 20:12:26 +04:00 · 2019-09-04 19:58:43 +04:00 · 2019-09-03 16:09:33 -07:00 · 2019-09-03 16:08:21 -07:00
300 changed files with 15822 additions and 8173 deletions
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -216,11 +216,11 @@ jobs:
          name: Trigger website build
          command: |
            curl --silent \
-                 --show-error \
-                 -X POST \
-                 --header "Content-Type: application/json" \
-                 -d "{\"branch\": \"$CIRCLE_BRANCH\"}" \
-                 "https://circleci.com/api/v1.1/project/github/$CIRCLE_PROJECT_USERNAME/$WEBSITE_REPO_NAME/build?circle-token=$TENDERBOT_API_TOKEN" > response.json
+                --show-error \
+                -X POST \
+                --header "Content-Type: application/json" \
+                -d "{\"branch\": \"$CIRCLE_BRANCH\"}" \
+                "https://circleci.com/api/v1.1/project/github/$CIRCLE_PROJECT_USERNAME/$WEBSITE_REPO_NAME/build?circle-token=$TENDERBOT_API_TOKEN" > response.json

            RESULT=`jq -r '.status' response.json`
            MESSAGE=`jq -r '.message' response.json`
@@ -331,6 +331,63 @@ jobs:
            docker push "tendermint/tendermint"
            docker logout

+  reproducible_builds:
+    <<: *defaults
+    steps:
+      - attach_workspace:
+          at: /tmp/workspace
+      - checkout
+      - setup_remote_docker:
+          docker_layer_caching: true
+      - run:
+          name: Build tendermint
+          no_output_timeout: 20m
+          command: |
+            sudo apt-get install -y ruby
+            bash -x ./scripts/gitian-build.sh all
+            for os in darwin linux windows; do
+              cp gitian-build-${os}/result/tendermint-${os}-res.yml .
+              cp gitian-build-${os}/build/out/tendermint-*.tar.gz .
+              rm -rf gitian-build-${os}/
+            done
+      - store_artifacts:
+          path: /go/src/github.com/tendermint/tendermint/tendermint-darwin-res.yml
+      - store_artifacts:
+          path: /go/src/github.com/tendermint/tendermint/tendermint-linux-res.yml
+      - store_artifacts:
+          path: /go/src/github.com/tendermint/tendermint/tendermint-windows-res.yml
+      - store_artifacts:
+          path: /go/src/github.com/tendermint/tendermint/tendermint-*.tar.gz
+
+  # Test RPC implementation against the swagger documented specs
+  contract_tests:
+    working_directory: /home/circleci/.go_workspace/src/github.com/tendermint/tendermint
+    machine:
+      image: circleci/classic:latest
+    environment:
+      GOBIN: /home/circleci/.go_workspace/bin
+      GOPATH: /home/circleci/.go_workspace/
+      GOOS: linux
+      GOARCH: amd64
+    parallelism: 1
+    steps:
+      - checkout
+      - run:
+          name: Test RPC endpoints against swagger documentation
+          command: |
+            set -x
+            export PATH=~/.local/bin:$PATH
+
+            # install node and dredd
+            ./scripts/get_nodejs.sh
+
+            # build the binaries with a proper version of Go
+            docker run --rm -v "$PWD":/go/src/github.com/tendermint/tendermint -w /go/src/github.com/tendermint/tendermint golang make build-linux build-contract-tests-hooks
+
+            # This docker image works with go 1.7, we can install here the hook handler that contract-tests is going to use
+            go get github.com/snikch/goodman/cmd/goodman
+            make contract-tests
+
 workflows:
  version: 2
  test-suite:
@@ -340,7 +397,6 @@ workflows:
            branches:
              only:
                - master
-                - develop
      - setup_dependencies
      - test_abci_apps:
          requires:
@@ -364,6 +420,16 @@ workflows:
      - upload_coverage:
          requires:
            - test_cover
+      - reproducible_builds:
+          filters:
+            branches:
+              only:
+                - master
+                - /v[0-9]+\.[0-9]+/
+      - contract_tests:
+          requires:
+            - setup_dependencies
+
  release:
    jobs:
      - prepare_build
--- a/.gitignore
+++ b/.gitignore
@@ -43,3 +43,5 @@ terraform.tfstate.backup
 terraform.tfstate.d

 .vscode
+
+profile\.out
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -8,7 +8,6 @@ linters:
    - golint
    - maligned
    - errcheck
-    - staticcheck
    - interfacer
    - unconvert
    - goconst
@@ -16,7 +15,6 @@ linters:
    - nakedret
    - lll
    - gochecknoglobals
-    - gocritic
    - gochecknoinits
    - scopelint
    - stylecheck
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,114 @@
 # Changelog

+## v0.32.3
+
+*August 28, 2019*
+
+@climber73 wrote the [Writing a Tendermint Core application in Java
+(gRPC)](https://github.com/tendermint/tendermint/blob/master/docs/guides/java.md)
+guide.
+
+Special thanks to external contributors on this release:
+@gchaincl, @bluele, @climber73
+
+Friendly reminder, we have a [bug bounty
+program](https://hackerone.com/tendermint).
+
+### IMPROVEMENTS:
+
+- [consensus] [\#3839](https://github.com/tendermint/tendermint/issues/3839) Reduce "Error attempting to add vote" message severity (Error -> Info)
+- [mempool] [\#3877](https://github.com/tendermint/tendermint/pull/3877) Make `max_tx_bytes` configurable instead of `max_msg_bytes` (@bluele)
+- [privval] [\#3370](https://github.com/tendermint/tendermint/issues/3370) Refactor and simplify validator/kms connection handling. Please refer to [this comment](https://github.com/tendermint/tendermint/pull/3370#issue-257360971) for details
+- [rpc] [\#3880](https://github.com/tendermint/tendermint/issues/3880) Document endpoints with `swagger`, introduce contract tests of implementation against documentation
+
+### BUG FIXES:
+
+- [config] [\#3868](https://github.com/tendermint/tendermint/issues/3868) Move misplaced `max_msg_bytes` into mempool section (@bluele)
+- [rpc] [\#3910](https://github.com/tendermint/tendermint/pull/3910) Fix DATA RACE in HTTP client (@gchaincl)
+- [store] [\#3893](https://github.com/tendermint/tendermint/issues/3893) Fix "Unregistered interface types.Evidence" panic
+
+## v0.32.2
+
+*July 31, 2019*
+
+Special thanks to external contributors on this release:
+@ruseinov, @bluele, @guagualvcha
+
+Friendly reminder, we have a [bug bounty
+program](https://hackerone.com/tendermint).
+
+### BREAKING CHANGES:
+
+- Go API
+  - [libs] [\#3811](https://github.com/tendermint/tendermint/issues/3811) Remove `db` from libs in favor of `https://github.com/tendermint/tm-db`
+
+### FEATURES:
+
+- [blockchain] [\#3561](https://github.com/tendermint/tendermint/issues/3561) Add early version of the new blockchain reactor, which is supposed to be more modular and testable compared to the old version. To try it, you'll have to change `version` in the config file, [here](https://github.com/tendermint/tendermint/blob/master/config/toml.go#L303) NOTE: It's not ready for a production yet. For further information, see [ADR-40](https://github.com/tendermint/tendermint/blob/master/docs/architecture/adr-040-blockchain-reactor-refactor.md) & [ADR-43](https://github.com/tendermint/tendermint/blob/master/docs/architecture/adr-043-blockchain-riri-org.md)
+- [mempool] [\#3826](https://github.com/tendermint/tendermint/issues/3826) Make `max_msg_bytes` configurable(@bluele)
+- [node] [\#3846](https://github.com/tendermint/tendermint/pull/3846) Allow replacing existing p2p.Reactor(s) using [`CustomReactors`
+  option](https://godoc.org/github.com/tendermint/tendermint/node#CustomReactors).
+  Warning: beware of accidental name clashes. Here is the list of existing
+  reactors: MEMPOOL, BLOCKCHAIN, CONSENSUS, EVIDENCE, PEX.
+- [rpc] [\#3818](https://github.com/tendermint/tendermint/issues/3818) Make `max_body_bytes` and `max_header_bytes` configurable(@bluele)
+- [rpc] [\#2252](https://github.com/tendermint/tendermint/issues/2252) Add `/broadcast_evidence` endpoint to submit double signing and other types of evidence
+
+### IMPROVEMENTS:
+
+- [abci] [\#3809](https://github.com/tendermint/tendermint/issues/3809) Recover from application panics in `server/socket_server.go` to allow socket cleanup (@ruseinov)
+- [p2p] [\#3664](https://github.com/tendermint/tendermint/issues/3664) p2p/conn: reuse buffer when write/read from secret connection(@guagualvcha)
+- [p2p] [\#3834](https://github.com/tendermint/tendermint/issues/3834) Do not write 'Couldn't connect to any seeds' error log if there are no seeds in config file
+- [rpc] [\#3076](https://github.com/tendermint/tendermint/issues/3076) Improve transaction search performance
+
+### BUG FIXES:
+
+- [p2p] [\#3644](https://github.com/tendermint/tendermint/issues/3644) Fix error logging for connection stop (@defunctzombie)
+- [rpc] [\#3813](https://github.com/tendermint/tendermint/issues/3813) Return err if page is incorrect (less than 0 or greater than total pages)
+
+## v0.32.1
+
+*July 15, 2019*
+
+Special thanks to external contributors on this release:
+@ParthDesai, @climber73, @jim380, @ashleyvega
+
+This release contains a minor enhancement to the ABCI and some breaking changes to our libs folder, namely:
+- CheckTx requests include a `CheckTxType` enum that can be set to `Recheck` to indicate to the application that this transaction was already checked/validated and certain expensive operations (like checking signatures) can be skipped
+- Removed various functions from `libs` pkgs
+
+Friendly reminder, we have a [bug bounty
+program](https://hackerone.com/tendermint).
+
+### BREAKING CHANGES:
+
+- Go API
+
+  -  [abci] [\#2127](https://github.com/tendermint/tendermint/issues/2127) The CheckTx and DeliverTx methods in the ABCI `Application` interface now take structs  as arguments (RequestCheckTx and RequestDeliverTx, respectively), instead of just the raw tx bytes. This allows more information to be passed to these methods, for instance, indicating whether a tx has already been checked.
+  - [libs] Remove unused `db/debugDB` and `common/colors.go` & `errors/errors.go` files (@marbar3778)
+  - [libs] [\#2432](https://github.com/tendermint/tendermint/issues/2432) Remove unused `common/heap.go` file (@marbar3778)
+  - [libs] Remove unused `date.go`, `io.go`. Remove `GoPath()`, `Prompt()` and `IsDirEmpty()` functions from `os.go` (@marbar3778)
+  - [libs] Remove unused `FailRand()` func and minor clean up to `fail.go`(@marbar3778)
+
+### FEATURES:
+
+- [node] Add variadic argument to `NewNode` to support functional options, allowing the Node to be more easily customized.
+- [node][\#3730](https://github.com/tendermint/tendermint/pull/3730) Add `CustomReactors` option to `NewNode` allowing caller to pass
+  custom reactors to run inside Tendermint node (@ParthDesai)
+- [abci] [\#2127](https://github.com/tendermint/tendermint/issues/2127)RequestCheckTx has a new field, `CheckTxType`, which can take values of `CheckTxType_New` and `CheckTxType_Recheck`, indicating whether this is a new tx being checked for the first time or whether this tx is being rechecked after a block commit. This allows applications to skip certain expensive operations, like signature checking, if they've already been done once. see [docs](https://github.com/tendermint/tendermint/blob/eddb433d7c082efbeaf8974413a36641519ee895/docs/spec/abci/apps.md#mempool-connection)
+
+### IMPROVEMENTS:
+
+- [rpc] [\#3700](https://github.com/tendermint/tendermint/issues/3700) Make possible to set absolute paths for TLS cert and key (@climber73)
+- [abci] [\#3513](https://github.com/tendermint/tendermint/issues/3513) Call the reqRes callback after the resCb so they always happen in the same order
+
+### BUG FIXES:
+
+- [p2p] [\#3338](https://github.com/tendermint/tendermint/issues/3338) Prevent "sent next PEX request too soon" errors by not calling
+  ensurePeers outside of ensurePeersRoutine
+- [behaviour] [\3772](https://github.com/tendermint/tendermint/pull/3772) Return correct reason in MessageOutOfOrder (@jim380)
+- [config] [\#3723](https://github.com/tendermint/tendermint/issues/3723) Add consensus_params to testnet config generation; document time_iota_ms (@ashleyvega)
+
+
 ## v0.32.0

 *June 25, 2019*
@@ -21,29 +130,29 @@ program](https://hackerone.com/tendermint).
 ### BREAKING CHANGES:

 * CLI/RPC/Config
-  - [cli] \#3613 Switch from golang/dep to Go Modules to resolve dependencies:
+  - [cli] [\#3613](https://github.com/tendermint/tendermint/issues/3613) Switch from golang/dep to Go Modules to resolve dependencies:
    It is recommended to switch to Go Modules if your project has tendermint as
    a dependency. Read more on Modules here:
    https://github.com/golang/go/wiki/Modules
  - [config] [\#3632](https://github.com/tendermint/tendermint/pull/3632) Removed `leveldb` as generic
    option for `db_backend`. Must be `goleveldb` or `cleveldb`.
-  - [rpc] \#3616 Fix field names for `/block_results` response (eg. `results.DeliverTx`
+  - [rpc] [\#3616](https://github.com/tendermint/tendermint/issues/3616) Fix field names for `/block_results` response (eg. `results.DeliverTx`
    -> `results.deliver_tx`). See docs for details.
-  - [rpc] \#3724 RPC now binds to `127.0.0.1` by default instead of `0.0.0.0`
+  - [rpc] [\#3724](https://github.com/tendermint/tendermint/issues/3724) RPC now binds to `127.0.0.1` by default instead of `0.0.0.0`

 * Apps
-  - [abci] \#1859 `ResponseCheckTx`, `ResponseDeliverTx`, `ResponseBeginBlock`,
+  - [abci] [\#1859](https://github.com/tendermint/tendermint/issues/1859) `ResponseCheckTx`, `ResponseDeliverTx`, `ResponseBeginBlock`,
    and `ResponseEndBlock` now include `Events` instead of `Tags`. Each `Event`
    contains a `type` and a list of `attributes` (list of key-value pairs)
    allowing for inclusion of multiple distinct events in each response.

 * Go API
-  - [abci] \#3193 Use RequestDeliverTx and RequestCheckTx in the ABCI
+  - [abci] [\#3193](https://github.com/tendermint/tendermint/issues/3193) Use RequestDeliverTx and RequestCheckTx in the ABCI
    Application interface
  - [libs/db] [\#3632](https://github.com/tendermint/tendermint/pull/3632) Removed deprecated `LevelDBBackend` const
    If you have `db_backend` set to `leveldb` in your config file, please
    change it to `goleveldb` or `cleveldb`.
-  - [p2p] \#3521 Remove NewNetAddressStringWithOptionalID
+  - [p2p] [\#3521](https://github.com/tendermint/tendermint/issues/3521) Remove NewNetAddressStringWithOptionalID

 * Blockchain Protocol

@@ -52,16 +161,16 @@ program](https://hackerone.com/tendermint).
 ### FEATURES:

 ### IMPROVEMENTS:
- [abci/examples] \#3659 Change validator update tx format in the `persistent_kvstore` to use base64 for pubkeys instead of hex (@needkane)
- [consensus] \#3656 Exit if SwitchToConsensus fails
- [p2p] \#3666 Add per channel telemetry to improve reactor observability
+- [abci/examples] [\#3659](https://github.com/tendermint/tendermint/issues/3659) Change validator update tx format in the `persistent_kvstore` to use base64 for pubkeys instead of hex (@needkane)
+- [consensus] [\#3656](https://github.com/tendermint/tendermint/issues/3656) Exit if SwitchToConsensus fails
+- [p2p] [\#3666](https://github.com/tendermint/tendermint/issues/3666) Add per channel telemetry to improve reactor observability
 - [rpc] [\#3686](https://github.com/tendermint/tendermint/pull/3686) `HTTPClient#Call` returns wrapped errors, so a caller could use `errors.Cause` to retrieve an error code. (@wooparadog)

 ### BUG FIXES:
- [libs/db] \#3717 Fixed the BoltDB backend's Batch.Delete implementation (@Yawning)
- [libs/db] \#3718 Fixed the BoltDB backend's Get and Iterator implementation (@Yawning)
- [node] \#3716 Fix a bug where `nil` is recorded as node's address
- [node] \#3741 Fix profiler blocking the entire node
+- [libs/db] [\#3717](https://github.com/tendermint/tendermint/issues/3717) Fixed the BoltDB backend's Batch.Delete implementation (@Yawning)
+- [libs/db] [\#3718](https://github.com/tendermint/tendermint/issues/3718) Fixed the BoltDB backend's Get and Iterator implementation (@Yawning)
+- [node] [\#3716](https://github.com/tendermint/tendermint/issues/3716) Fix a bug where `nil` is recorded as node's address
+- [node] [\#3741](https://github.com/tendermint/tendermint/issues/3741) Fix profiler blocking the entire node

 ## v0.31.7

@@ -72,11 +181,11 @@ The regression caused the invalid committed txs to be proposed in blocks over an
 over again.

 ### BUG FIXES:
- [mempool] \#3699 Remove all committed txs from the mempool.
+- [mempool] [\#3699](https://github.com/tendermint/tendermint/issues/3699) Remove all committed txs from the mempool.
    This reverts the change from v0.31.6 where we only remove valid txs from the mempool.
    Note this means malicious proposals can cause txs to be dropped from the
    mempools of other nodes by including them in blocks before they are valid.
-    See \#3322.
+    See [\#3322](https://github.com/tendermint/tendermint/issues/3322).

 ## v0.31.6

--- a/CHANGELOG_PENDING.md
+++ b/CHANGELOG_PENDING.md
@@ -1,6 +1,6 @@
-## v0.32.1
+## v0.32.4

-**
+\*\*

 Special thanks to external contributors on this release:

@@ -9,33 +9,14 @@ program](https://hackerone.com/tendermint).

 ### BREAKING CHANGES:

-* CLI/RPC/Config
+- CLI/RPC/Config

-* Apps
+- Apps

-* Go API
-  - [abci] \#2127 ABCI / mempool: Add a "Recheck Tx" indicator. Breaks the ABCI
-    client interface (`abcicli.Client`) to allow for supplying the ABCI
-    `types.RequestCheckTx` and `types.RequestDeliverTx` structs, and lets the
-    mempool indicate to the ABCI app whether a CheckTx request is a recheck or
-    not.
-  - [libs] Remove unused `db/debugDB` and `common/colors.go` & `errors/errors.go` files (@marbar3778)
-
-* Blockchain Protocol
-
-* P2P Protocol
+- Go API

 ### FEATURES:
- [node] Refactor `NewNode` to use functional options to make it more flexible
-  and extensible in the future.
- [node] [\#3730](https://github.com/tendermint/tendermint/pull/3730) Add `CustomReactors` option to `NewNode` allowing caller to pass
-  custom reactors to run inside Tendermint node (@ParthDesai)

 ### IMPROVEMENTS:
-  - [rpc] \#3700 Make possible to set absolute paths for TLS cert and key (@climber73)

 ### BUG FIXES:
- [p2p] \#3338 Prevent "sent next PEX request too soon" errors by not calling
-  ensurePeers outside of ensurePeersRoutine
- [behaviour] Return correct reason in MessageOutOfOrder (@jim380)
-  
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -2,7 +2,7 @@

 Thank you for considering making contributions to Tendermint and related repositories! Start by taking a look at the [coding repo](https://github.com/tendermint/coding) for overall information on repository workflow and standards.

-Please follow standard github best practices: fork the repo, branch from the tip of `master`, make some commits, and submit a pull request to `master`. 
+Please follow standard github best practices: fork the repo, branch from the tip of `master`, make some commits, and submit a pull request to `master`.
 See the [open issues](https://github.com/tendermint/tendermint/issues) for things we need help with!

 Before making a pull request, please open an issue describing the
@@ -21,16 +21,16 @@ Please make sure to use `gofmt` before every commit - the easiest way to do this

 Please note that Go requires code to live under absolute paths, which complicates forking.
 While my fork lives at `https://github.com/ebuchman/tendermint`,
-the code should never exist at  `$GOPATH/src/github.com/ebuchman/tendermint`.
+the code should never exist at `$GOPATH/src/github.com/ebuchman/tendermint`.
 Instead, we use `git remote` to add the fork as a new remote for the original repo,
-`$GOPATH/src/github.com/tendermint/tendermint `, and do all the work there.
+`$GOPATH/src/github.com/tendermint/tendermint`, and do all the work there.

 For instance, to create a fork and work on a branch of it, I would:

-  * Create the fork on github, using the fork button.
-  * Go to the original repo checked out locally (i.e. `$GOPATH/src/github.com/tendermint/tendermint`)
-  * `git remote rename origin upstream`
-  * `git remote add origin git@github.com:ebuchman/basecoin.git`
+- Create the fork on github, using the fork button.
+- Go to the original repo checked out locally (i.e. `$GOPATH/src/github.com/tendermint/tendermint`)
+- `git remote rename origin upstream`
+- `git remote add origin git@github.com:ebuchman/basecoin.git`

 Now `origin` refers to my fork and `upstream` refers to the tendermint version.
 So I can `git push -u origin master` to update my fork, and make pull requests to tendermint from there.
@@ -38,8 +38,8 @@ Of course, replace `ebuchman` with your git handle.

 To pull in updates from the origin repo, run

-  * `git fetch upstream`
-  * `git rebase upstream/master` (or whatever branch you want)
+- `git fetch upstream`
+- `git rebase upstream/master` (or whatever branch you want)

 ## Dependencies

@@ -113,7 +113,7 @@ removed from the header in rpc responses as well.

 ## Branching Model and Release

-The main development branch is master. 
+The main development branch is master.

 Every release is maintained in a release branch named `vX.Y.Z`.

@@ -140,36 +140,35 @@ easy to reference the pull request where a change was introduced.

 #### Major Release

-1. start on `master` 
+1. start on `master`
 2. run integration tests (see `test_integrations` in Makefile)
 3. prepare release in a pull request against `master` (to be squash merged):
-    - copy `CHANGELOG_PENDING.md` to top of `CHANGELOG.md`
-    - run `python ./scripts/linkify_changelog.py CHANGELOG.md` to add links for
-      all issues
-    - run `bash ./scripts/authors.sh` to get a list of authors since the latest
-      release, and add the github aliases of external contributors to the top of
-      the changelog. To lookup an alias from an email, try `bash
-      ./scripts/authors.sh <email>`
-    - reset the `CHANGELOG_PENDING.md`
-    - bump versions
+   - copy `CHANGELOG_PENDING.md` to top of `CHANGELOG.md`
+   - run `python ./scripts/linkify_changelog.py CHANGELOG.md` to add links for
+     all issues
+   - run `bash ./scripts/authors.sh` to get a list of authors since the latest
+     release, and add the github aliases of external contributors to the top of
+     the changelog. To lookup an alias from an email, try `bash ./scripts/authors.sh <email>`
+   - reset the `CHANGELOG_PENDING.md`
+   - bump versions
 4. push your changes with prepared release details to `vX.X` (this will trigger the release `vX.X.0`)
 5. merge back to master (don't squash merge!)

 #### Minor Release

-If there were no breaking changes and you need to create a release nonetheless, 
-the procedure is almost exactly like with a new release above. 
+If there were no breaking changes and you need to create a release nonetheless,
+the procedure is almost exactly like with a new release above.

 The only difference is that in the end you create a pull request against the existing `X.X` branch.
 The branch name should match the release number you want to create.
-Merging this PR will trigger the next release. 
-For example, if the PR is against an existing 0.34 branch which already contains a v0.34.0 release/tag, 
+Merging this PR will trigger the next release.
+For example, if the PR is against an existing 0.34 branch which already contains a v0.34.0 release/tag,
 the patch version will be incremented and the created release will be v0.34.1.

 #### Backport Release

 1. start from the existing release branch you want to backport changes to (e.g. v0.30)
-Branch to a release/vX.X.X branch locally (e.g. release/v0.30.7)
+   Branch to a release/vX.X.X branch locally (e.g. release/v0.30.7)
 2. cherry pick the commit(s) that contain the changes you want to backport (usually these commits are from squash-merged PRs which were already reviewed)
 3. steps 2 and 3 from [Major Release](#major-release)
 4. push changes to release/vX.X.X branch
@@ -183,3 +182,16 @@ If they have `.go` files in the root directory, they will be automatically
 tested by circle using `go test -v -race ./...`. If not, they will need a
 `circle.yml`. Ideally, every repo has a `Makefile` that defines `make test` and
 includes its continuous integration status using a badge in the `README.md`.
+
+### RPC Testing
+
+If you contribute to the RPC endpoints it's important to document your changes in the [Swagger file](./docs/spec/rpc/swagger.yaml)
+To test your changes you should install `nodejs` and run:
+
+```bash
+npm i -g dredd
+make build-linux build-contract-tests-hooks
+make contract-tests
+```
+
+This command will popup a network and check every endpoint against what has been documented
--- a/DOCKER/Dockerfile.develop
+++ b/DOCKER/Dockerfile.develop
@@ -1,34 +0,0 @@
-FROM alpine:3.7
-
-ENV DATA_ROOT /tendermint
-ENV TMHOME $DATA_ROOT
-
-RUN addgroup tmuser && \
-    adduser -S -G tmuser tmuser
-
-RUN mkdir -p $DATA_ROOT && \
-    chown -R tmuser:tmuser $DATA_ROOT
-
-RUN apk add --no-cache bash curl jq
-
-ENV GOPATH /go
-ENV PATH "$PATH:/go/bin"
-RUN mkdir -p /go/src/github.com/tendermint/tendermint && \
-    apk add --no-cache go build-base git && \
-    cd /go/src/github.com/tendermint/tendermint && \
-    git clone https://github.com/tendermint/tendermint . && \
-    git checkout develop && \
-    make get_tools && \
-    make install && \
-    cd - && \
-    rm -rf /go/src/github.com/tendermint/tendermint && \
-    apk del go build-base git
-
-VOLUME $DATA_ROOT
-
-EXPOSE 26656
-EXPOSE 26657
-
-ENTRYPOINT ["tendermint"]
-
-CMD ["node", "--moniker=`hostname`", "--proxy_app=kvstore"]
--- a/DOCKER/README.md
+++ b/DOCKER/README.md
@@ -12,28 +12,25 @@
 - `0.9.1`, `0.9`, [(Dockerfile)](https://github.com/tendermint/tendermint/blob/809e0e8c5933604ba8b2d096803ada7c5ec4dfd3/DOCKER/Dockerfile)
 - `0.9.0` [(Dockerfile)](https://github.com/tendermint/tendermint/blob/d474baeeea6c22b289e7402449572f7c89ee21da/DOCKER/Dockerfile)
 - `0.8.0`, `0.8` [(Dockerfile)](https://github.com/tendermint/tendermint/blob/bf64dd21fdb193e54d8addaaaa2ecf7ac371de8c/DOCKER/Dockerfile)
- `develop` [(Dockerfile)](https://github.com/tendermint/tendermint/blob/master/DOCKER/Dockerfile.develop)
-
-`develop` tag points to the [develop](https://github.com/tendermint/tendermint/tree/develop) branch.

 ## Quick reference

-* **Where to get help:**
-  https://cosmos.network/community
+- **Where to get help:**
+  [cosmos.network/ecosystem](https://cosmos.network/ecosystem)

-* **Where to file issues:**
-  https://github.com/tendermint/tendermint/issues
+- **Where to file issues:**
+  [Tendermint Issues](https://github.com/tendermint/tendermint/issues)

-* **Supported Docker versions:**
+- **Supported Docker versions:**
  [the latest release](https://github.com/moby/moby/releases) (down to 1.6 on a best-effort basis)

 ## Tendermint

 Tendermint Core is Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine, written in any programming language, and securely replicates it on many machines.

-For more background, see the [introduction](https://tendermint.readthedocs.io/en/master/introduction.html).
+For more background, see the [the docs](https://tendermint.com/docs/introduction/#quick-start).

-To get started developing applications, see the [application developers guide](https://tendermint.readthedocs.io/en/master/getting-started.html).
+To get started developing applications, see the [application developers guide](https://tendermint.com/docs/introduction/quick-start.html).

 ## How to use this image

@@ -48,7 +45,7 @@ docker run -it --rm -v "/tmp:/tendermint" tendermint/tendermint node --proxy_app

 ## Local cluster

-To run a 4-node network, see the `Makefile` in the root of [the repo](https://github.com/tendermint/tendermint/master/Makefile) and run:
+To run a 4-node network, see the `Makefile` in the root of [the repo](https://github.com/tendermint/tendermint/blob/master/Makefile) and run:

 ```
 make build-linux
@@ -60,7 +57,7 @@ Note that this will build and use a different image than the ones provided here.

 ## License

- Tendermint's license is [Apache 2.0](https://github.com/tendermint/tendermint/master/LICENSE).
+- Tendermint's license is [Apache 2.0](https://github.com/tendermint/tendermint/blob/master/LICENSE).

 ## Contributing

--- a/20
+++ b/20
@@ -28,7 +28,7 @@ build_c:
 	CGO_ENABLED=1 go build $(BUILD_FLAGS) -tags "$(BUILD_TAGS) cleveldb" -o $(OUTPUT) ./cmd/tendermint/

 build_race:
-	CGO_ENABLED=0 go build -race $(BUILD_FLAGS) -tags $(BUILD_TAGS) -o $(OUTPUT) ./cmd/tendermint
+	CGO_ENABLED=1 go build -race $(BUILD_FLAGS) -tags $(BUILD_TAGS) -o $(OUTPUT) ./cmd/tendermint

 install:
 	CGO_ENABLED=0 go install $(BUILD_FLAGS) -tags $(BUILD_TAGS) ./cmd/tendermint
@@ -308,7 +308,23 @@ sentry-stop:
 build-slate:
 	bash scripts/slate.sh

+# Build hooks for dredd, to skip or add information on some steps
+build-contract-tests-hooks:
+ifeq ($(OS),Windows_NT)
+	go build -mod=readonly $(BUILD_FLAGS) -o build/contract_tests.exe ./cmd/contract_tests
+else
+	go build -mod=readonly $(BUILD_FLAGS) -o build/contract_tests ./cmd/contract_tests
+endif
+
+# Run a nodejs tool to test endpoints against a localnet
+# The command takes care of starting and stopping the network
+# prerequisits: build-contract-tests-hooks build-linux
+# the two build commands were not added to let this command run from generic containers or machines.
+# The binaries should be built beforehand
+contract-tests:
+	dredd
+
 # To avoid unintended conflicts with file names, always add to .PHONY
 # unless there is a reason not to.
 # https://www.gnu.org/software/make/manual/html_node/Phony-Targets.html
-.PHONY: check build build_race build_abci dist install install_abci check_tools get_tools update_tools draw_deps get_protoc protoc_abci protoc_libs gen_certs clean_certs grpc_dbserver test_cover test_apps test_persistence test_p2p test test_race test_integrations test_release test100 vagrant_test fmt rpc-docs build-linux localnet-start localnet-stop build-docker build-docker-localnode sentry-start sentry-config sentry-stop build-slate protoc_grpc protoc_all build_c install_c test_with_deadlock cleanup_after_test_with_deadlock lint
+.PHONY: check build build_race build_abci dist install install_abci check_tools get_tools update_tools draw_deps get_protoc protoc_abci protoc_libs gen_certs clean_certs grpc_dbserver test_cover test_apps test_persistence test_p2p test test_race test_integrations test_release test100 vagrant_test fmt rpc-docs build-linux localnet-start localnet-stop build-docker build-docker-localnode sentry-start sentry-config sentry-stop build-slate protoc_grpc protoc_all build_c install_c test_with_deadlock cleanup_after_test_with_deadlock lint build-contract-tests-hooks contract-tests
--- a/README.md
+++ b/README.md
@@ -1,23 +1,21 @@
 # Tendermint
+
 ![banner](docs/tendermint-core-image.jpg)

 [Byzantine-Fault Tolerant](https://en.wikipedia.org/wiki/Byzantine_fault_tolerance)
 [State Machines](https://en.wikipedia.org/wiki/State_machine_replication).
-Or [Blockchain](https://en.wikipedia.org/wiki/Blockchain_(database)), for short.
+Or [Blockchain](<https://en.wikipedia.org/wiki/Blockchain_(database)>), for short.

 [![version](https://img.shields.io/github/tag/tendermint/tendermint.svg)](https://github.com/tendermint/tendermint/releases/latest)
-[![API Reference](
-https://camo.githubusercontent.com/915b7be44ada53c290eb157634330494ebe3e30a/68747470733a2f2f676f646f632e6f72672f6769746875622e636f6d2f676f6c616e672f6764646f3f7374617475732e737667
-)](https://godoc.org/github.com/tendermint/tendermint)
+[![API Reference](https://camo.githubusercontent.com/915b7be44ada53c290eb157634330494ebe3e30a/68747470733a2f2f676f646f632e6f72672f6769746875622e636f6d2f676f6c616e672f6764646f3f7374617475732e737667)](https://godoc.org/github.com/tendermint/tendermint)
 [![Go version](https://img.shields.io/badge/go-1.12.0-blue.svg)](https://github.com/moovweb/gvm)
 [![riot.im](https://img.shields.io/badge/riot.im-JOIN%20CHAT-green.svg)](https://riot.im/app/#/room/#tendermint:matrix.org)
 [![license](https://img.shields.io/github/license/tendermint/tendermint.svg)](https://github.com/tendermint/tendermint/blob/master/LICENSE)
 [![](https://tokei.rs/b1/github/tendermint/tendermint?category=lines)](https://github.com/tendermint/tendermint)

-
-Branch    | Tests | Coverage
----------|-------|----------
-master    | [![CircleCI](https://circleci.com/gh/tendermint/tendermint/tree/master.svg?style=shield)](https://circleci.com/gh/tendermint/tendermint/tree/master) | [![codecov](https://codecov.io/gh/tendermint/tendermint/branch/master/graph/badge.svg)](https://codecov.io/gh/tendermint/tendermint)
+| Branch | Tests                                                                                                                                                | Coverage                                                                                                                             |
+| ------ | ---------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------ |
+| master | [![CircleCI](https://circleci.com/gh/tendermint/tendermint/tree/master.svg?style=shield)](https://circleci.com/gh/tendermint/tendermint/tree/master) | [![codecov](https://codecov.io/gh/tendermint/tendermint/branch/master/graph/badge.svg)](https://codecov.io/gh/tendermint/tendermint) |

 Tendermint Core is Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine - written in any programming language -
 and securely replicates it on many machines.
@@ -49,9 +47,9 @@ For examples of the kinds of bugs we're looking for, see [SECURITY.md](SECURITY.

 ## Minimum requirements

-Requirement|Notes
---|---
-Go version | Go1.11.4 or higher
+| Requirement | Notes              |
+| ----------- | ------------------ |
+| Go version  | Go1.11.4 or higher |

 ## Documentation

@@ -76,9 +74,8 @@ and the [contributing guidelines](CONTRIBUTING.md) when submitting code.
 Join the larger community on the [forum](https://forum.cosmos.network/) and the [chat](https://riot.im/app/#/room/#tendermint:matrix.org).

 To learn more about the structure of the software, watch the [Developer
-Sessions](https://www.youtube.com/playlist?list=PLdQIb0qr3pnBbG5ZG-0gr3zM86_s8Rpqv)
-and read some [Architectural
-Decision Records](https://github.com/tendermint/tendermint/tree/master/docs/architecture).
+Sessions](/docs/DEV_SESSIONS.md) and read some [Architectural Decision
+Records](https://github.com/tendermint/tendermint/tree/master/docs/architecture).

 Learn more by reading the code and comparing it to the
 [specification](https://github.com/tendermint/tendermint/tree/develop/docs/spec).
@@ -145,20 +142,20 @@ Additional documentation is found [here](/docs/tools).

 ### Sub-projects

-* [Amino](http://github.com/tendermint/go-amino), reflection-based proto3, with
+- [Amino](http://github.com/tendermint/go-amino), reflection-based proto3, with
  interfaces
-* [IAVL](http://github.com/tendermint/iavl), Merkleized IAVL+ Tree implementation
+- [IAVL](http://github.com/tendermint/iavl), Merkleized IAVL+ Tree implementation
+- [Tm-cmn](http://github.com/tendermint/tm-cmn), Commonly used libs across Tendermint & Cosmos repos

 ### Applications

-* [Cosmos SDK](http://github.com/cosmos/cosmos-sdk); a cryptocurrency application framework
-* [Ethermint](http://github.com/cosmos/ethermint); Ethereum on Tendermint
-* [Many more](https://tendermint.com/ecosystem)
+- [Cosmos SDK](http://github.com/cosmos/cosmos-sdk); a cryptocurrency application framework
+- [Ethermint](http://github.com/cosmos/ethermint); Ethereum on Tendermint
+- [Many more](https://tendermint.com/ecosystem)

 ### Research

-* [The latest gossip on BFT consensus](https://arxiv.org/abs/1807.04938)
-* [Master's Thesis on Tendermint](https://atrium.lib.uoguelph.ca/xmlui/handle/10214/9769)
-* [Original Whitepaper](https://tendermint.com/static/docs/tendermint.pdf)
-* [Blog](https://blog.cosmos.network/tendermint/home)
-
+- [The latest gossip on BFT consensus](https://arxiv.org/abs/1807.04938)
+- [Master's Thesis on Tendermint](https://atrium.lib.uoguelph.ca/xmlui/handle/10214/9769)
+- [Original Whitepaper](https://tendermint.com/static/docs/tendermint.pdf)
+- [Blog](https://blog.cosmos.network/tendermint/home)
--- a/ROADMAP.md
+++ b/ROADMAP.md
@@ -1,23 +0,0 @@
-# Roadmap
-
-BREAKING CHANGES:
- Better support for injecting randomness
- Upgrade consensus for more real-time use of evidence
-
-FEATURES:
- Use the chain as its own CA for nodes and validators
- Tooling to run multiple blockchains/apps, possibly in a single process
- State syncing (without transaction replay)
- Add authentication and rate-limitting to the RPC
-
-IMPROVEMENTS:
- Improve subtleties around mempool caching and logic
- Consensus optimizations:
-	- cache block parts for faster agreement after round changes
-	- propagate block parts rarest first
- Better testing of the consensus state machine (ie. use a DSL)
- Auto compiled serialization/deserialization code instead of go-wire reflection
-
-BUG FIXES:
- Graceful handling/recovery for apps that have non-determinism or fail to halt
- Graceful handling/recovery for violations of safety, or liveness
--- a/abci/client/grpc_client.go
+++ b/abci/client/grpc_client.go
@@ -6,8 +6,8 @@ import (
 	"sync"
 	"time"

-	context "golang.org/x/net/context"
-	grpc "google.golang.org/grpc"
+	"golang.org/x/net/context"
+	"google.golang.org/grpc"

 	"github.com/tendermint/tendermint/abci/types"
 	cmn "github.com/tendermint/tendermint/libs/common"
@@ -39,7 +39,7 @@ func NewGRPCClient(addr string, mustConnect bool) *grpcClient {
 	return cli
 }

-func dialerFunc(addr string, timeout time.Duration) (net.Conn, error) {
+func dialerFunc(ctx context.Context, addr string) (net.Conn, error) {
 	return cmn.Connect(addr)
 }

@@ -49,7 +49,7 @@ func (cli *grpcClient) OnStart() error {
 	}
 RETRY_LOOP:
 	for {
-		conn, err := grpc.Dial(cli.addr, grpc.WithInsecure(), grpc.WithDialer(dialerFunc))
+		conn, err := grpc.Dial(cli.addr, grpc.WithInsecure(), grpc.WithContextDialer(dialerFunc))
 		if err != nil {
 			if cli.mustConnect {
 				return err
@@ -65,7 +65,7 @@ RETRY_LOOP:

 	ENSURE_CONNECTED:
 		for {
-			_, err := client.Echo(context.Background(), &types.RequestEcho{Message: "hello"}, grpc.FailFast(true))
+			_, err := client.Echo(context.Background(), &types.RequestEcho{Message: "hello"}, grpc.WaitForReady(true))
 			if err == nil {
 				break ENSURE_CONNECTED
 			}
@@ -125,7 +125,7 @@ func (cli *grpcClient) SetResponseCallback(resCb Callback) {

 func (cli *grpcClient) EchoAsync(msg string) *ReqRes {
 	req := types.ToRequestEcho(msg)
-	res, err := cli.client.Echo(context.Background(), req.GetEcho(), grpc.FailFast(true))
+	res, err := cli.client.Echo(context.Background(), req.GetEcho(), grpc.WaitForReady(true))
 	if err != nil {
 		cli.StopForError(err)
 	}
@@ -134,7 +134,7 @@ func (cli *grpcClient) EchoAsync(msg string) *ReqRes {

 func (cli *grpcClient) FlushAsync() *ReqRes {
 	req := types.ToRequestFlush()
-	res, err := cli.client.Flush(context.Background(), req.GetFlush(), grpc.FailFast(true))
+	res, err := cli.client.Flush(context.Background(), req.GetFlush(), grpc.WaitForReady(true))
 	if err != nil {
 		cli.StopForError(err)
 	}
@@ -143,7 +143,7 @@ func (cli *grpcClient) FlushAsync() *ReqRes {

 func (cli *grpcClient) InfoAsync(params types.RequestInfo) *ReqRes {
 	req := types.ToRequestInfo(params)
-	res, err := cli.client.Info(context.Background(), req.GetInfo(), grpc.FailFast(true))
+	res, err := cli.client.Info(context.Background(), req.GetInfo(), grpc.WaitForReady(true))
 	if err != nil {
 		cli.StopForError(err)
 	}
@@ -152,7 +152,7 @@ func (cli *grpcClient) InfoAsync(params types.RequestInfo) *ReqRes {

 func (cli *grpcClient) SetOptionAsync(params types.RequestSetOption) *ReqRes {
 	req := types.ToRequestSetOption(params)
-	res, err := cli.client.SetOption(context.Background(), req.GetSetOption(), grpc.FailFast(true))
+	res, err := cli.client.SetOption(context.Background(), req.GetSetOption(), grpc.WaitForReady(true))
 	if err != nil {
 		cli.StopForError(err)
 	}
@@ -161,7 +161,7 @@ func (cli *grpcClient) SetOptionAsync(params types.RequestSetOption) *ReqRes {

 func (cli *grpcClient) DeliverTxAsync(params types.RequestDeliverTx) *ReqRes {
 	req := types.ToRequestDeliverTx(params)
-	res, err := cli.client.DeliverTx(context.Background(), req.GetDeliverTx(), grpc.FailFast(true))
+	res, err := cli.client.DeliverTx(context.Background(), req.GetDeliverTx(), grpc.WaitForReady(true))
 	if err != nil {
 		cli.StopForError(err)
 	}
@@ -170,7 +170,7 @@ func (cli *grpcClient) DeliverTxAsync(params types.RequestDeliverTx) *ReqRes {

 func (cli *grpcClient) CheckTxAsync(params types.RequestCheckTx) *ReqRes {
 	req := types.ToRequestCheckTx(params)
-	res, err := cli.client.CheckTx(context.Background(), req.GetCheckTx(), grpc.FailFast(true))
+	res, err := cli.client.CheckTx(context.Background(), req.GetCheckTx(), grpc.WaitForReady(true))
 	if err != nil {
 		cli.StopForError(err)
 	}
@@ -179,7 +179,7 @@ func (cli *grpcClient) CheckTxAsync(params types.RequestCheckTx) *ReqRes {

 func (cli *grpcClient) QueryAsync(params types.RequestQuery) *ReqRes {
 	req := types.ToRequestQuery(params)
-	res, err := cli.client.Query(context.Background(), req.GetQuery(), grpc.FailFast(true))
+	res, err := cli.client.Query(context.Background(), req.GetQuery(), grpc.WaitForReady(true))
 	if err != nil {
 		cli.StopForError(err)
 	}
@@ -188,7 +188,7 @@ func (cli *grpcClient) QueryAsync(params types.RequestQuery) *ReqRes {

 func (cli *grpcClient) CommitAsync() *ReqRes {
 	req := types.ToRequestCommit()
-	res, err := cli.client.Commit(context.Background(), req.GetCommit(), grpc.FailFast(true))
+	res, err := cli.client.Commit(context.Background(), req.GetCommit(), grpc.WaitForReady(true))
 	if err != nil {
 		cli.StopForError(err)
 	}
@@ -197,7 +197,7 @@ func (cli *grpcClient) CommitAsync() *ReqRes {

 func (cli *grpcClient) InitChainAsync(params types.RequestInitChain) *ReqRes {
 	req := types.ToRequestInitChain(params)
-	res, err := cli.client.InitChain(context.Background(), req.GetInitChain(), grpc.FailFast(true))
+	res, err := cli.client.InitChain(context.Background(), req.GetInitChain(), grpc.WaitForReady(true))
 	if err != nil {
 		cli.StopForError(err)
 	}
@@ -206,7 +206,7 @@ func (cli *grpcClient) InitChainAsync(params types.RequestInitChain) *ReqRes {

 func (cli *grpcClient) BeginBlockAsync(params types.RequestBeginBlock) *ReqRes {
 	req := types.ToRequestBeginBlock(params)
-	res, err := cli.client.BeginBlock(context.Background(), req.GetBeginBlock(), grpc.FailFast(true))
+	res, err := cli.client.BeginBlock(context.Background(), req.GetBeginBlock(), grpc.WaitForReady(true))
 	if err != nil {
 		cli.StopForError(err)
 	}
@@ -215,7 +215,7 @@ func (cli *grpcClient) BeginBlockAsync(params types.RequestBeginBlock) *ReqRes {

 func (cli *grpcClient) EndBlockAsync(params types.RequestEndBlock) *ReqRes {
 	req := types.ToRequestEndBlock(params)
-	res, err := cli.client.EndBlock(context.Background(), req.GetEndBlock(), grpc.FailFast(true))
+	res, err := cli.client.EndBlock(context.Background(), req.GetEndBlock(), grpc.WaitForReady(true))
 	if err != nil {
 		cli.StopForError(err)
 	}
@@ -228,18 +228,22 @@ func (cli *grpcClient) finishAsyncCall(req *types.Request, res *types.Response)
 	reqres.Done()         // Release waiters
 	reqres.SetDone()      // so reqRes.SetCallback will run the callback

-	// go routine for callbacks
+	// goroutine for callbacks
 	go func() {
-		// Notify reqRes listener if set
-		if cb := reqres.GetCallback(); cb != nil {
-			cb(res)
-		}
+		cli.mtx.Lock()
+		defer cli.mtx.Unlock()

 		// Notify client listener if set
 		if cli.resCb != nil {
 			cli.resCb(reqres.Request, res)
 		}
+
+		// Notify reqRes listener if set
+		if cb := reqres.GetCallback(); cb != nil {
+			cb(res)
+		}
 	}()
+
 	return reqres
 }

--- a/abci/cmd/abci-cli/abci-cli.go
+++ b/abci/cmd/abci-cli/abci-cli.go
@@ -174,9 +174,7 @@ where example.file looks something like:
    info
 `,
 	Args: cobra.ExactArgs(0),
-	RunE: func(cmd *cobra.Command, args []string) error {
-		return cmdBatch(cmd, args)
-	},
+	RunE: cmdBatch,
 }

 var consoleCmd = &cobra.Command{
@@ -189,9 +187,7 @@ without opening a new connection each time
 `,
 	Args:      cobra.ExactArgs(0),
 	ValidArgs: []string{"echo", "info", "set_option", "deliver_tx", "check_tx", "commit", "query"},
-	RunE: func(cmd *cobra.Command, args []string) error {
-		return cmdConsole(cmd, args)
-	},
+	RunE:      cmdConsole,
 }

 var echoCmd = &cobra.Command{
@@ -199,27 +195,21 @@ var echoCmd = &cobra.Command{
 	Short: "have the application echo a message",
 	Long:  "have the application echo a message",
 	Args:  cobra.ExactArgs(1),
-	RunE: func(cmd *cobra.Command, args []string) error {
-		return cmdEcho(cmd, args)
-	},
+	RunE:  cmdEcho,
 }
 var infoCmd = &cobra.Command{
 	Use:   "info",
 	Short: "get some info about the application",
 	Long:  "get some info about the application",
 	Args:  cobra.ExactArgs(0),
-	RunE: func(cmd *cobra.Command, args []string) error {
-		return cmdInfo(cmd, args)
-	},
+	RunE:  cmdInfo,
 }
 var setOptionCmd = &cobra.Command{
 	Use:   "set_option",
 	Short: "set an option on the application",
 	Long:  "set an option on the application",
 	Args:  cobra.ExactArgs(2),
-	RunE: func(cmd *cobra.Command, args []string) error {
-		return cmdSetOption(cmd, args)
-	},
+	RunE:  cmdSetOption,
 }

 var deliverTxCmd = &cobra.Command{
@@ -227,9 +217,7 @@ var deliverTxCmd = &cobra.Command{
 	Short: "deliver a new transaction to the application",
 	Long:  "deliver a new transaction to the application",
 	Args:  cobra.ExactArgs(1),
-	RunE: func(cmd *cobra.Command, args []string) error {
-		return cmdDeliverTx(cmd, args)
-	},
+	RunE:  cmdDeliverTx,
 }

 var checkTxCmd = &cobra.Command{
@@ -237,9 +225,7 @@ var checkTxCmd = &cobra.Command{
 	Short: "validate a transaction",
 	Long:  "validate a transaction",
 	Args:  cobra.ExactArgs(1),
-	RunE: func(cmd *cobra.Command, args []string) error {
-		return cmdCheckTx(cmd, args)
-	},
+	RunE:  cmdCheckTx,
 }

 var commitCmd = &cobra.Command{
@@ -247,9 +233,7 @@ var commitCmd = &cobra.Command{
 	Short: "commit the application state and return the Merkle root hash",
 	Long:  "commit the application state and return the Merkle root hash",
 	Args:  cobra.ExactArgs(0),
-	RunE: func(cmd *cobra.Command, args []string) error {
-		return cmdCommit(cmd, args)
-	},
+	RunE:  cmdCommit,
 }

 var versionCmd = &cobra.Command{
@@ -268,9 +252,7 @@ var queryCmd = &cobra.Command{
 	Short: "query the application state",
 	Long:  "query the application state",
 	Args:  cobra.ExactArgs(1),
-	RunE: func(cmd *cobra.Command, args []string) error {
-		return cmdQuery(cmd, args)
-	},
+	RunE:  cmdQuery,
 }

 var counterCmd = &cobra.Command{
@@ -278,9 +260,7 @@ var counterCmd = &cobra.Command{
 	Short: "ABCI demo example",
 	Long:  "ABCI demo example",
 	Args:  cobra.ExactArgs(0),
-	RunE: func(cmd *cobra.Command, args []string) error {
-		return cmdCounter(cmd, args)
-	},
+	RunE:  cmdCounter,
 }

 var kvstoreCmd = &cobra.Command{
@@ -288,9 +268,7 @@ var kvstoreCmd = &cobra.Command{
 	Short: "ABCI demo example",
 	Long:  "ABCI demo example",
 	Args:  cobra.ExactArgs(0),
-	RunE: func(cmd *cobra.Command, args []string) error {
-		return cmdKVStore(cmd, args)
-	},
+	RunE:  cmdKVStore,
 }

 var testCmd = &cobra.Command{
@@ -298,9 +276,7 @@ var testCmd = &cobra.Command{
 	Short: "run integration tests",
 	Long:  "run integration tests",
 	Args:  cobra.ExactArgs(0),
-	RunE: func(cmd *cobra.Command, args []string) error {
-		return cmdTest(cmd, args)
-	},
+	RunE:  cmdTest,
 }

 // Generates new Args array based off of previous call args to maintain flag persistence
@@ -356,16 +332,18 @@ func cmdTest(cmd *cobra.Command, args []string) error {

 func cmdBatch(cmd *cobra.Command, args []string) error {
 	bufReader := bufio.NewReader(os.Stdin)
+LOOP:
 	for {

 		line, more, err := bufReader.ReadLine()
-		if more {
+		switch {
+		case more:
 			return errors.New("Input line is too long")
-		} else if err == io.EOF {
-			break
-		} else if len(line) == 0 {
+		case err == io.EOF:
+			break LOOP
+		case len(line) == 0:
 			continue
-		} else if err != nil {
+		case err != nil:
 			return err
 		}

@@ -419,7 +397,7 @@ func muxOnCommands(cmd *cobra.Command, pArgs []string) error {
 			}

 			// otherwise, we need to skip the next one too
-			i += 1
+			i++
 			continue
 		}

--- a/abci/example/example_test.go
+++ b/abci/example/example_test.go
@@ -107,7 +107,7 @@ func testStream(t *testing.T, app types.Application) {
 //-------------------------
 // test grpc

-func dialerFunc(addr string, timeout time.Duration) (net.Conn, error) {
+func dialerFunc(ctx context.Context, addr string) (net.Conn, error) {
 	return cmn.Connect(addr)
 }

@@ -123,7 +123,7 @@ func testGRPCSync(t *testing.T, app *types.GRPCApplication) {
 	defer server.Stop()

 	// Connect to the socket
-	conn, err := grpc.Dial("unix://test.sock", grpc.WithInsecure(), grpc.WithDialer(dialerFunc))
+	conn, err := grpc.Dial("unix://test.sock", grpc.WithInsecure(), grpc.WithContextDialer(dialerFunc))
 	if err != nil {
 		t.Fatalf("Error dialing GRPC server: %v", err.Error())
 	}
--- a/abci/example/kvstore/kvstore.go
+++ b/abci/example/kvstore/kvstore.go
@@ -9,8 +9,8 @@ import (
 	"github.com/tendermint/tendermint/abci/example/code"
 	"github.com/tendermint/tendermint/abci/types"
 	cmn "github.com/tendermint/tendermint/libs/common"
-	dbm "github.com/tendermint/tendermint/libs/db"
 	"github.com/tendermint/tendermint/version"
+	dbm "github.com/tendermint/tm-db"
 )

 var (
@@ -115,6 +115,7 @@ func (app *KVStoreApplication) Commit() types.ResponseCommit {
 	return types.ResponseCommit{Data: appHash}
 }

+// Returns an associated value or nil if missing.
 func (app *KVStoreApplication) Query(reqQuery types.RequestQuery) (resQuery types.ResponseQuery) {
 	if reqQuery.Prove {
 		value := app.state.db.Get(prefixKey(reqQuery.Data))
--- a/abci/example/kvstore/kvstore_test.go
+++ b/abci/example/kvstore/kvstore_test.go
@@ -148,7 +148,7 @@ func TestValUpdates(t *testing.T) {

 	makeApplyBlock(t, kvstore, 2, diff, tx1, tx2, tx3)

-	vals1 = append(vals[:nInit-2], vals[nInit+1])
+	vals1 = append(vals[:nInit-2], vals[nInit+1]) // nolint: gocritic
 	vals2 = kvstore.Validators()
 	valsEqual(t, vals1, vals2)

--- a/abci/example/kvstore/persistent_kvstore.go
+++ b/abci/example/kvstore/persistent_kvstore.go
@@ -9,8 +9,10 @@ import (

 	"github.com/tendermint/tendermint/abci/example/code"
 	"github.com/tendermint/tendermint/abci/types"
-	dbm "github.com/tendermint/tendermint/libs/db"
+	"github.com/tendermint/tendermint/crypto/ed25519"
 	"github.com/tendermint/tendermint/libs/log"
+	tmtypes "github.com/tendermint/tendermint/types"
+	dbm "github.com/tendermint/tm-db"
 )

 const (
@@ -27,6 +29,8 @@ type PersistentKVStoreApplication struct {
 	// validator set
 	ValUpdates []types.ValidatorUpdate

+	valAddrToPubKeyMap map[string]types.PubKey
+
 	logger log.Logger
 }

@@ -40,8 +44,9 @@ func NewPersistentKVStoreApplication(dbDir string) *PersistentKVStoreApplication
 	state := loadState(db)

 	return &PersistentKVStoreApplication{
-		app:    &KVStoreApplication{state: state},
-		logger: log.NewNopLogger(),
+		app:                &KVStoreApplication{state: state},
+		valAddrToPubKeyMap: make(map[string]types.PubKey),
+		logger:             log.NewNopLogger(),
 	}
 }

@@ -83,8 +88,20 @@ func (app *PersistentKVStoreApplication) Commit() types.ResponseCommit {
 	return app.app.Commit()
 }

-func (app *PersistentKVStoreApplication) Query(reqQuery types.RequestQuery) types.ResponseQuery {
-	return app.app.Query(reqQuery)
+// When path=/val and data={validator address}, returns the validator update (types.ValidatorUpdate) varint encoded.
+// For any other path, returns an associated value or nil if missing.
+func (app *PersistentKVStoreApplication) Query(reqQuery types.RequestQuery) (resQuery types.ResponseQuery) {
+	switch reqQuery.Path {
+	case "/val":
+		key := []byte("val:" + string(reqQuery.Data))
+		value := app.app.state.db.Get(key)
+
+		resQuery.Key = reqQuery.Data
+		resQuery.Value = value
+		return
+	default:
+		return app.app.Query(reqQuery)
+	}
 }

 // Save the validators in the merkle tree
@@ -102,6 +119,19 @@ func (app *PersistentKVStoreApplication) InitChain(req types.RequestInitChain) t
 func (app *PersistentKVStoreApplication) BeginBlock(req types.RequestBeginBlock) types.ResponseBeginBlock {
 	// reset valset changes
 	app.ValUpdates = make([]types.ValidatorUpdate, 0)
+
+	for _, ev := range req.ByzantineValidators {
+		if ev.Type == tmtypes.ABCIEvidenceTypeDuplicateVote {
+			// decrease voting power by 1
+			if ev.TotalVotingPower == 0 {
+				continue
+			}
+			app.updateValidator(types.ValidatorUpdate{
+				PubKey: app.valAddrToPubKeyMap[string(ev.Validator.Address)],
+				Power:  ev.TotalVotingPower - 1,
+			})
+		}
+	}
 	return types.ResponseBeginBlock{}
 }

@@ -174,6 +204,10 @@ func (app *PersistentKVStoreApplication) execValidatorTx(tx []byte) types.Respon
 // add, update, or remove a validator
 func (app *PersistentKVStoreApplication) updateValidator(v types.ValidatorUpdate) types.ResponseDeliverTx {
 	key := []byte("val:" + string(v.PubKey.Data))
+
+	pubkey := ed25519.PubKeyEd25519{}
+	copy(pubkey[:], v.PubKey.Data)
+
 	if v.Power == 0 {
 		// remove validator
 		if !app.app.state.db.Has(key) {
@@ -183,6 +217,7 @@ func (app *PersistentKVStoreApplication) updateValidator(v types.ValidatorUpdate
 				Log:  fmt.Sprintf("Cannot remove non-existent validator %s", pubStr)}
 		}
 		app.app.state.db.Delete(key)
+		delete(app.valAddrToPubKeyMap, string(pubkey.Address()))
 	} else {
 		// add or update validator
 		value := bytes.NewBuffer(make([]byte, 0))
@@ -192,6 +227,7 @@ func (app *PersistentKVStoreApplication) updateValidator(v types.ValidatorUpdate
 				Log:  fmt.Sprintf("Error encoding validator: %v", err)}
 		}
 		app.app.state.db.Set(key, value.Bytes())
+		app.valAddrToPubKeyMap[string(pubkey.Address())] = v.PubKey
 	}

 	// we only update the changes array if we successfully updated the tree
--- a/abci/server/socket_server.go
+++ b/abci/server/socket_server.go
@@ -127,11 +127,12 @@ func (s *SocketServer) acceptConnectionsRoutine() {

 func (s *SocketServer) waitForClose(closeConn chan error, connID int) {
 	err := <-closeConn
-	if err == io.EOF {
+	switch {
+	case err == io.EOF:
 		s.Logger.Error("Connection was closed by client")
-	} else if err != nil {
+	case err != nil:
 		s.Logger.Error("Connection error", "error", err)
-	} else {
+	default:
 		// never happens
 		s.Logger.Error("Connection was closed.")
 	}
@@ -146,6 +147,16 @@ func (s *SocketServer) waitForClose(closeConn chan error, connID int) {
 func (s *SocketServer) handleRequests(closeConn chan error, conn net.Conn, responses chan<- *types.Response) {
 	var count int
 	var bufReader = bufio.NewReader(conn)
+
+	defer func() {
+		// make sure to recover from any app-related panics to allow proper socket cleanup
+		r := recover()
+		if r != nil {
+			closeConn <- fmt.Errorf("recovered from panic: %v", r)
+			s.appMtx.Unlock()
+		}
+	}()
+
 	for {

 		var req = &types.Request{}
@@ -154,7 +165,7 @@ func (s *SocketServer) handleRequests(closeConn chan error, conn net.Conn, respo
 			if err == io.EOF {
 				closeConn <- err
 			} else {
-				closeConn <- fmt.Errorf("Error reading message: %v", err.Error())
+				closeConn <- fmt.Errorf("error reading message: %v", err)
 			}
 			return
 		}
--- a/abci/types/protoreplace/protoreplace.go
+++ b/abci/types/protoreplace/protoreplace.go
@@ -40,7 +40,7 @@ func main() {
 		}
 		if writeImportTime && !wroteImport {
 			wroteImport = true
-			fmt.Fprintf(outFile, "import \"github.com/tendermint/go-wire/data\"\n")
+			fmt.Fprintf(outFile, "import \"github.com/tendermint/go-amino/data\"\n")

 		}
 		if gotPackageLine {
--- a/blockchain/v0/codec.go
+++ b/blockchain/v0/codec.go
@@ -1,4 +1,4 @@
-package blockchain
+package v0

 import (
 	amino "github.com/tendermint/go-amino"
--- a/blockchain/v0/pool.go
+++ b/blockchain/v0/pool.go
@@ -1,4 +1,4 @@
-package blockchain
+package v0

 import (
 	"errors"
@@ -59,6 +59,7 @@ var peerTimeout = 15 * time.Second // not const so we can override with tests
 	are not at peer limits, we can probably switch to consensus reactor
 */

+// BlockPool keeps track of the fast sync peers, block requests and block responses.
 type BlockPool struct {
 	cmn.BaseService
 	startTime time.Time
@@ -111,17 +112,18 @@ func (pool *BlockPool) makeRequestersRoutine() {
 		}

 		_, numPending, lenRequesters := pool.GetStatus()
-		if numPending >= maxPendingRequests {
+		switch {
+		case numPending >= maxPendingRequests:
 			// sleep for a bit.
 			time.Sleep(requestIntervalMS * time.Millisecond)
 			// check for timed out peers
 			pool.removeTimedoutPeers()
-		} else if lenRequesters >= maxTotalRequesters {
+		case lenRequesters >= maxTotalRequesters:
 			// sleep for a bit.
 			time.Sleep(requestIntervalMS * time.Millisecond)
 			// check for timed out peers
 			pool.removeTimedoutPeers()
-		} else {
+		default:
 			// request for more blocks.
 			pool.makeNextRequester()
 		}
@@ -184,6 +186,7 @@ func (pool *BlockPool) IsCaughtUp() bool {
 	return isCaughtUp
 }

+// PeekTwoBlocks returns blocks at pool.height and pool.height+1.
 // We need to see the second block's Commit to validate the first block.
 // So we peek two blocks at a time.
 // The caller will verify the commit.
@@ -200,7 +203,7 @@ func (pool *BlockPool) PeekTwoBlocks() (first *types.Block, second *types.Block)
 	return
 }

-// Pop the first block at pool.height
+// PopRequest pops the first block at pool.height.
 // It must have been validated by 'second'.Commit from PeekTwoBlocks().
 func (pool *BlockPool) PopRequest() {
 	pool.mtx.Lock()
@@ -220,7 +223,7 @@ func (pool *BlockPool) PopRequest() {
 	}
 }

-// Invalidates the block at pool.height,
+// RedoRequest invalidates the block at pool.height,
 // Remove the peer and redo request from others.
 // Returns the ID of the removed peer.
 func (pool *BlockPool) RedoRequest(height int64) p2p.ID {
@@ -236,6 +239,7 @@ func (pool *BlockPool) RedoRequest(height int64) p2p.ID {
 	return peerID
 }

+// AddBlock validates that the block comes from the peer it was expected from and calls the requester to store it.
 // TODO: ensure that blocks come in order for each peer.
 func (pool *BlockPool) AddBlock(peerID p2p.ID, block *types.Block, blockSize int) {
 	pool.mtx.Lock()
@@ -565,9 +569,9 @@ func (bpr *bpRequester) reset() {
 // Tells bpRequester to pick another peer and try again.
 // NOTE: Nonblocking, and does nothing if another redo
 // was already requested.
-func (bpr *bpRequester) redo(peerId p2p.ID) {
+func (bpr *bpRequester) redo(peerID p2p.ID) {
 	select {
-	case bpr.redoCh <- peerId:
+	case bpr.redoCh <- peerID:
 	default:
 	}
 }
@@ -622,8 +626,8 @@ OUTER_LOOP:
 	}
 }

-//-------------------------------------
-
+// BlockRequest stores a block request identified by the block Height and the PeerID responsible for
+// delivering the block
 type BlockRequest struct {
 	Height int64
 	PeerID p2p.ID
--- a/blockchain/v0/pool_test.go
+++ b/blockchain/v0/pool_test.go
@@ -1,4 +1,4 @@
-package blockchain
+package v0

 import (
 	"fmt"
--- a/blockchain/v0/reactor.go
+++ b/blockchain/v0/reactor.go
@@ -1,4 +1,4 @@
-package blockchain
+package v0

 import (
 	"errors"
@@ -11,6 +11,7 @@ import (
 	"github.com/tendermint/tendermint/libs/log"
 	"github.com/tendermint/tendermint/p2p"
 	sm "github.com/tendermint/tendermint/state"
+	"github.com/tendermint/tendermint/store"
 	"github.com/tendermint/tendermint/types"
 )

@@ -60,7 +61,7 @@ type BlockchainReactor struct {
 	initialState sm.State

 	blockExec *sm.BlockExecutor
-	store     *BlockStore
+	store     *store.BlockStore
 	pool      *BlockPool
 	fastSync  bool

@@ -69,7 +70,7 @@ type BlockchainReactor struct {
 }

 // NewBlockchainReactor returns new reactor instance.
-func NewBlockchainReactor(state sm.State, blockExec *sm.BlockExecutor, store *BlockStore,
+func NewBlockchainReactor(state sm.State, blockExec *sm.BlockExecutor, store *store.BlockStore,
 	fastSync bool) *BlockchainReactor {

 	if state.LastBlockHeight != store.Height() {
@@ -140,9 +141,9 @@ func (bcR *BlockchainReactor) GetChannels() []*p2p.ChannelDescriptor {
 // AddPeer implements Reactor by sending our state to peer.
 func (bcR *BlockchainReactor) AddPeer(peer p2p.Peer) {
 	msgBytes := cdc.MustMarshalBinaryBare(&bcStatusResponseMessage{bcR.store.Height()})
-	if !peer.Send(BlockchainChannel, msgBytes) {
-		// doing nothing, will try later in `poolRoutine`
-	}
+	peer.Send(BlockchainChannel, msgBytes)
+	// it's OK if send fails. will try later in poolRoutine
+
 	// peer is added to the pool once we receive the first
 	// bcStatusResponseMessage from the peer and call pool.SetPeerHeight
 }
@@ -190,18 +191,13 @@ func (bcR *BlockchainReactor) Receive(chID byte, src p2p.Peer, msgBytes []byte)

 	switch msg := msg.(type) {
 	case *bcBlockRequestMessage:
-		if queued := bcR.respondToPeer(msg, src); !queued {
-			// Unfortunately not queued since the queue is full.
-		}
+		bcR.respondToPeer(msg, src)
 	case *bcBlockResponseMessage:
 		bcR.pool.AddBlock(src.ID(), msg.Block, len(msgBytes))
 	case *bcStatusRequestMessage:
 		// Send peer our state.
 		msgBytes := cdc.MustMarshalBinaryBare(&bcStatusResponseMessage{bcR.store.Height()})
-		queued := src.TrySend(BlockchainChannel, msgBytes)
-		if !queued {
-			// sorry
-		}
+		src.TrySend(BlockchainChannel, msgBytes)
 	case *bcStatusResponseMessage:
 		// Got a peer status. Unverified.
 		bcR.pool.SetPeerHeight(src.ID(), msg.Height)
@@ -273,9 +269,10 @@ FOR_LOOP:
 				conR, ok := bcR.Switch.Reactor("CONSENSUS").(consensusReactor)
 				if ok {
 					conR.SwitchToConsensus(state, blocksSynced)
-				} else {
-					// should only happen during testing
 				}
+				// else {
+				// should only happen during testing
+				// }

 				break FOR_LOOP
 			}
@@ -378,6 +375,7 @@ type BlockchainMessage interface {
 	ValidateBasic() error
 }

+// RegisterBlockchainMessages registers the fast sync messages for amino encoding.
 func RegisterBlockchainMessages(cdc *amino.Codec) {
 	cdc.RegisterInterface((*BlockchainMessage)(nil), nil)
 	cdc.RegisterConcrete(&bcBlockRequestMessage{}, "tendermint/blockchain/BlockRequest", nil)
@@ -425,8 +423,8 @@ func (m *bcNoBlockResponseMessage) ValidateBasic() error {
 	return nil
 }

-func (brm *bcNoBlockResponseMessage) String() string {
-	return fmt.Sprintf("[bcNoBlockResponseMessage %d]", brm.Height)
+func (m *bcNoBlockResponseMessage) String() string {
+	return fmt.Sprintf("[bcNoBlockResponseMessage %d]", m.Height)
 }

 //-------------------------------------
--- a/blockchain/v0/reactor_test.go
+++ b/blockchain/v0/reactor_test.go
@@ -1,4 +1,4 @@
-package blockchain
+package v0

 import (
 	"os"
@@ -6,12 +6,13 @@ import (
 	"testing"
 	"time"

+	"github.com/pkg/errors"
+	"github.com/tendermint/tendermint/store"
+
 	"github.com/stretchr/testify/assert"

 	abci "github.com/tendermint/tendermint/abci/types"
 	cfg "github.com/tendermint/tendermint/config"
-	cmn "github.com/tendermint/tendermint/libs/common"
-	dbm "github.com/tendermint/tendermint/libs/db"
 	"github.com/tendermint/tendermint/libs/log"
 	"github.com/tendermint/tendermint/mock"
 	"github.com/tendermint/tendermint/p2p"
@@ -19,6 +20,7 @@ import (
 	sm "github.com/tendermint/tendermint/state"
 	"github.com/tendermint/tendermint/types"
 	tmtime "github.com/tendermint/tendermint/types/time"
+	dbm "github.com/tendermint/tm-db"
 )

 var config *cfg.Config
@@ -43,24 +45,6 @@ func randGenesisDoc(numValidators int, randPower bool, minPower int64) (*types.G
 	}, privValidators
 }

-func makeVote(header *types.Header, blockID types.BlockID, valset *types.ValidatorSet, privVal types.PrivValidator) *types.Vote {
-	addr := privVal.GetPubKey().Address()
-	idx, _ := valset.GetByAddress(addr)
-	vote := &types.Vote{
-		ValidatorAddress: addr,
-		ValidatorIndex:   idx,
-		Height:           header.Height,
-		Round:            1,
-		Timestamp:        tmtime.Now(),
-		Type:             types.PrecommitType,
-		BlockID:          blockID,
-	}
-
-	privVal.SignVote(header.ChainID, vote)
-
-	return vote
-}
-
 type BlockchainReactorPair struct {
 	reactor *BlockchainReactor
 	app     proxy.AppConns
@@ -76,16 +60,16 @@ func newBlockchainReactor(logger log.Logger, genDoc *types.GenesisDoc, privVals
 	proxyApp := proxy.NewAppConns(cc)
 	err := proxyApp.Start()
 	if err != nil {
-		panic(cmn.ErrorWrap(err, "error start app"))
+		panic(errors.Wrap(err, "error start app"))
 	}

 	blockDB := dbm.NewMemDB()
 	stateDB := dbm.NewMemDB()
-	blockStore := NewBlockStore(blockDB)
+	blockStore := store.NewBlockStore(blockDB)

 	state, err := sm.LoadStateFromDBOrGenesisDoc(stateDB, genDoc)
 	if err != nil {
-		panic(cmn.ErrorWrap(err, "error constructing state from genesis file"))
+		panic(errors.Wrap(err, "error constructing state from genesis file"))
 	}

 	// Make the BlockchainReactor itself.
@@ -104,8 +88,12 @@ func newBlockchainReactor(logger log.Logger, genDoc *types.GenesisDoc, privVals
 			lastBlockMeta := blockStore.LoadBlockMeta(blockHeight - 1)
 			lastBlock := blockStore.LoadBlock(blockHeight - 1)

-			vote := makeVote(&lastBlock.Header, lastBlockMeta.BlockID, state.Validators, privVals[0]).CommitSig()
-			lastCommit = types.NewCommit(lastBlockMeta.BlockID, []*types.CommitSig{vote})
+			vote, err := types.MakeVote(lastBlock.Header.Height, lastBlockMeta.BlockID, state.Validators, privVals[0], lastBlock.Header.ChainID)
+			if err != nil {
+				panic(err)
+			}
+			voteCommitSig := vote.CommitSig()
+			lastCommit = types.NewCommit(lastBlockMeta.BlockID, []*types.CommitSig{voteCommitSig})
 		}

 		thisBlock := makeBlock(blockHeight, state, lastCommit)
@@ -115,7 +103,7 @@ func newBlockchainReactor(logger log.Logger, genDoc *types.GenesisDoc, privVals

 		state, err = blockExec.ApplyBlock(state, blockID, thisBlock)
 		if err != nil {
-			panic(cmn.ErrorWrap(err, "error apply block"))
+			panic(errors.Wrap(err, "error apply block"))
 		}

 		blockStore.SaveBlock(thisBlock, thisParts, lastCommit)
@@ -258,6 +246,82 @@ func TestBadBlockStopsPeer(t *testing.T) {
 	assert.True(t, lastReactorPair.reactor.Switch.Peers().Size() < len(reactorPairs)-1)
 }

+func TestBcBlockRequestMessageValidateBasic(t *testing.T) {
+	testCases := []struct {
+		testName      string
+		requestHeight int64
+		expectErr     bool
+	}{
+		{"Valid Request Message", 0, false},
+		{"Valid Request Message", 1, false},
+		{"Invalid Request Message", -1, true},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.testName, func(t *testing.T) {
+			request := bcBlockRequestMessage{Height: tc.requestHeight}
+			assert.Equal(t, tc.expectErr, request.ValidateBasic() != nil, "Validate Basic had an unexpected result")
+		})
+	}
+}
+
+func TestBcNoBlockResponseMessageValidateBasic(t *testing.T) {
+	testCases := []struct {
+		testName          string
+		nonResponseHeight int64
+		expectErr         bool
+	}{
+		{"Valid Non-Response Message", 0, false},
+		{"Valid Non-Response Message", 1, false},
+		{"Invalid Non-Response Message", -1, true},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.testName, func(t *testing.T) {
+			nonResponse := bcNoBlockResponseMessage{Height: tc.nonResponseHeight}
+			assert.Equal(t, tc.expectErr, nonResponse.ValidateBasic() != nil, "Validate Basic had an unexpected result")
+		})
+	}
+}
+
+func TestBcStatusRequestMessageValidateBasic(t *testing.T) {
+	testCases := []struct {
+		testName      string
+		requestHeight int64
+		expectErr     bool
+	}{
+		{"Valid Request Message", 0, false},
+		{"Valid Request Message", 1, false},
+		{"Invalid Request Message", -1, true},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.testName, func(t *testing.T) {
+			request := bcStatusRequestMessage{Height: tc.requestHeight}
+			assert.Equal(t, tc.expectErr, request.ValidateBasic() != nil, "Validate Basic had an unexpected result")
+		})
+	}
+}
+
+func TestBcStatusResponseMessageValidateBasic(t *testing.T) {
+	testCases := []struct {
+		testName       string
+		responseHeight int64
+		expectErr      bool
+	}{
+		{"Valid Response Message", 0, false},
+		{"Valid Response Message", 1, false},
+		{"Invalid Response Message", -1, true},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.testName, func(t *testing.T) {
+			response := bcStatusResponseMessage{Height: tc.responseHeight}
+			assert.Equal(t, tc.expectErr, response.ValidateBasic() != nil, "Validate Basic had an unexpected result")
+		})
+	}
+}
+
 //----------------------------------------------
 // utility funcs

--- a/blockchain/v1/codec.go
+++ b/blockchain/v1/codec.go
@@ -0,0 +1,13 @@
+package v1
+
+import (
+	amino "github.com/tendermint/go-amino"
+	"github.com/tendermint/tendermint/types"
+)
+
+var cdc = amino.NewCodec()
+
+func init() {
+	RegisterBlockchainMessages(cdc)
+	types.RegisterBlockAmino(cdc)
+}
--- a/blockchain/v1/peer.go
+++ b/blockchain/v1/peer.go
@@ -0,0 +1,209 @@
+package v1
+
+import (
+	"fmt"
+	"math"
+	"time"
+
+	flow "github.com/tendermint/tendermint/libs/flowrate"
+	"github.com/tendermint/tendermint/libs/log"
+	"github.com/tendermint/tendermint/p2p"
+	"github.com/tendermint/tendermint/types"
+)
+
+//--------
+// Peer
+
+// BpPeerParams stores the peer parameters that are used when creating a peer.
+type BpPeerParams struct {
+	timeout     time.Duration
+	minRecvRate int64
+	sampleRate  time.Duration
+	windowSize  time.Duration
+}
+
+// BpPeer is the datastructure associated with a fast sync peer.
+type BpPeer struct {
+	logger log.Logger
+	ID     p2p.ID
+
+	Height                  int64                  // the peer reported height
+	NumPendingBlockRequests int                    // number of requests still waiting for block responses
+	blocks                  map[int64]*types.Block // blocks received or expected to be received from this peer
+	blockResponseTimer      *time.Timer
+	recvMonitor             *flow.Monitor
+	params                  *BpPeerParams // parameters for timer and monitor
+
+	onErr func(err error, peerID p2p.ID) // function to call on error
+}
+
+// NewBpPeer creates a new peer.
+func NewBpPeer(
+	peerID p2p.ID, height int64, onErr func(err error, peerID p2p.ID), params *BpPeerParams) *BpPeer {
+
+	if params == nil {
+		params = BpPeerDefaultParams()
+	}
+	return &BpPeer{
+		ID:     peerID,
+		Height: height,
+		blocks: make(map[int64]*types.Block, maxRequestsPerPeer),
+		logger: log.NewNopLogger(),
+		onErr:  onErr,
+		params: params,
+	}
+}
+
+// String returns a string representation of a peer.
+func (peer *BpPeer) String() string {
+	return fmt.Sprintf("peer: %v height: %v pending: %v", peer.ID, peer.Height, peer.NumPendingBlockRequests)
+}
+
+// SetLogger sets the logger of the peer.
+func (peer *BpPeer) SetLogger(l log.Logger) {
+	peer.logger = l
+}
+
+// Cleanup performs cleanup of the peer, removes blocks, requests, stops timer and monitor.
+func (peer *BpPeer) Cleanup() {
+	if peer.blockResponseTimer != nil {
+		peer.blockResponseTimer.Stop()
+	}
+	if peer.NumPendingBlockRequests != 0 {
+		peer.logger.Info("peer with pending requests is being cleaned", "peer", peer.ID)
+	}
+	if len(peer.blocks)-peer.NumPendingBlockRequests != 0 {
+		peer.logger.Info("peer with pending blocks is being cleaned", "peer", peer.ID)
+	}
+	for h := range peer.blocks {
+		delete(peer.blocks, h)
+	}
+	peer.NumPendingBlockRequests = 0
+	peer.recvMonitor = nil
+}
+
+// BlockAtHeight returns the block at a given height if available and errMissingBlock otherwise.
+func (peer *BpPeer) BlockAtHeight(height int64) (*types.Block, error) {
+	block, ok := peer.blocks[height]
+	if !ok {
+		return nil, errMissingBlock
+	}
+	if block == nil {
+		return nil, errMissingBlock
+	}
+	return peer.blocks[height], nil
+}
+
+// AddBlock adds a block at peer level. Block must be non-nil and recvSize a positive integer
+// The peer must have a pending request for this block.
+func (peer *BpPeer) AddBlock(block *types.Block, recvSize int) error {
+	if block == nil || recvSize < 0 {
+		panic("bad parameters")
+	}
+	existingBlock, ok := peer.blocks[block.Height]
+	if !ok {
+		peer.logger.Error("unsolicited block", "blockHeight", block.Height, "peer", peer.ID)
+		return errMissingBlock
+	}
+	if existingBlock != nil {
+		peer.logger.Error("already have a block for height", "height", block.Height)
+		return errDuplicateBlock
+	}
+	if peer.NumPendingBlockRequests == 0 {
+		panic("peer does not have pending requests")
+	}
+	peer.blocks[block.Height] = block
+	peer.NumPendingBlockRequests--
+	if peer.NumPendingBlockRequests == 0 {
+		peer.stopMonitor()
+		peer.stopBlockResponseTimer()
+	} else {
+		peer.recvMonitor.Update(recvSize)
+		peer.resetBlockResponseTimer()
+	}
+	return nil
+}
+
+// RemoveBlock removes the block of given height
+func (peer *BpPeer) RemoveBlock(height int64) {
+	delete(peer.blocks, height)
+}
+
+// RequestSent records that a request was sent, and starts the peer timer and monitor if needed.
+func (peer *BpPeer) RequestSent(height int64) {
+	peer.blocks[height] = nil
+
+	if peer.NumPendingBlockRequests == 0 {
+		peer.startMonitor()
+		peer.resetBlockResponseTimer()
+	}
+	peer.NumPendingBlockRequests++
+}
+
+// CheckRate verifies that the response rate of the peer is acceptable (higher than the minimum allowed).
+func (peer *BpPeer) CheckRate() error {
+	if peer.NumPendingBlockRequests == 0 {
+		return nil
+	}
+	curRate := peer.recvMonitor.Status().CurRate
+	// curRate can be 0 on start
+	if curRate != 0 && curRate < peer.params.minRecvRate {
+		err := errSlowPeer
+		peer.logger.Error("SendTimeout", "peer", peer,
+			"reason", err,
+			"curRate", fmt.Sprintf("%d KB/s", curRate/1024),
+			"minRate", fmt.Sprintf("%d KB/s", peer.params.minRecvRate/1024))
+		return err
+	}
+	return nil
+}
+
+func (peer *BpPeer) onTimeout() {
+	peer.onErr(errNoPeerResponse, peer.ID)
+}
+
+func (peer *BpPeer) stopMonitor() {
+	peer.recvMonitor.Done()
+	peer.recvMonitor = nil
+}
+
+func (peer *BpPeer) startMonitor() {
+	peer.recvMonitor = flow.New(peer.params.sampleRate, peer.params.windowSize)
+	initialValue := float64(peer.params.minRecvRate) * math.E
+	peer.recvMonitor.SetREMA(initialValue)
+}
+
+func (peer *BpPeer) resetBlockResponseTimer() {
+	if peer.blockResponseTimer == nil {
+		peer.blockResponseTimer = time.AfterFunc(peer.params.timeout, peer.onTimeout)
+	} else {
+		peer.blockResponseTimer.Reset(peer.params.timeout)
+	}
+}
+
+func (peer *BpPeer) stopBlockResponseTimer() bool {
+	if peer.blockResponseTimer == nil {
+		return false
+	}
+	return peer.blockResponseTimer.Stop()
+}
+
+// BpPeerDefaultParams returns the default peer parameters.
+func BpPeerDefaultParams() *BpPeerParams {
+	return &BpPeerParams{
+		// Timeout for a peer to respond to a block request.
+		timeout: 15 * time.Second,
+
+		// Minimum recv rate to ensure we're receiving blocks from a peer fast
+		// enough. If a peer is not sending data at at least that rate, we
+		// consider them to have timedout and we disconnect.
+		//
+		// Assuming a DSL connection (not a good choice) 128 Kbps (upload) ~ 15 KB/s,
+		// sending data across atlantic ~ 7.5 KB/s.
+		minRecvRate: int64(7680),
+
+		// Monitor parameters
+		sampleRate: time.Second,
+		windowSize: 40 * time.Second,
+	}
+}
--- a/blockchain/v1/peer_test.go
+++ b/blockchain/v1/peer_test.go
@@ -0,0 +1,278 @@
+package v1
+
+import (
+	"sync"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	cmn "github.com/tendermint/tendermint/libs/common"
+	"github.com/tendermint/tendermint/libs/log"
+	"github.com/tendermint/tendermint/p2p"
+	"github.com/tendermint/tendermint/types"
+)
+
+func TestPeerMonitor(t *testing.T) {
+	peer := NewBpPeer(
+		p2p.ID(cmn.RandStr(12)), 10,
+		func(err error, _ p2p.ID) {},
+		nil)
+	peer.SetLogger(log.TestingLogger())
+	peer.startMonitor()
+	assert.NotNil(t, peer.recvMonitor)
+	peer.stopMonitor()
+	assert.Nil(t, peer.recvMonitor)
+}
+
+func TestPeerResetBlockResponseTimer(t *testing.T) {
+	var (
+		numErrFuncCalls int        // number of calls to the errFunc
+		lastErr         error      // last generated error
+		peerTestMtx     sync.Mutex // modifications of ^^ variables are also done from timer handler goroutine
+	)
+	params := &BpPeerParams{timeout: 2 * time.Millisecond}
+
+	peer := NewBpPeer(
+		p2p.ID(cmn.RandStr(12)), 10,
+		func(err error, _ p2p.ID) {
+			peerTestMtx.Lock()
+			defer peerTestMtx.Unlock()
+			lastErr = err
+			numErrFuncCalls++
+		},
+		params)
+
+	peer.SetLogger(log.TestingLogger())
+	checkByStoppingPeerTimer(t, peer, false)
+
+	// initial reset call with peer having a nil timer
+	peer.resetBlockResponseTimer()
+	assert.NotNil(t, peer.blockResponseTimer)
+	// make sure timer is running and stop it
+	checkByStoppingPeerTimer(t, peer, true)
+
+	// reset with running timer
+	peer.resetBlockResponseTimer()
+	time.Sleep(time.Millisecond)
+	peer.resetBlockResponseTimer()
+	assert.NotNil(t, peer.blockResponseTimer)
+
+	// let the timer expire and ...
+	time.Sleep(3 * time.Millisecond)
+	// ... check timer is not running
+	checkByStoppingPeerTimer(t, peer, false)
+
+	peerTestMtx.Lock()
+	// ... check errNoPeerResponse has been sent
+	assert.Equal(t, 1, numErrFuncCalls)
+	assert.Equal(t, lastErr, errNoPeerResponse)
+	peerTestMtx.Unlock()
+}
+
+func TestPeerRequestSent(t *testing.T) {
+	params := &BpPeerParams{timeout: 2 * time.Millisecond}
+
+	peer := NewBpPeer(
+		p2p.ID(cmn.RandStr(12)), 10,
+		func(err error, _ p2p.ID) {},
+		params)
+
+	peer.SetLogger(log.TestingLogger())
+
+	peer.RequestSent(1)
+	assert.NotNil(t, peer.recvMonitor)
+	assert.NotNil(t, peer.blockResponseTimer)
+	assert.Equal(t, 1, peer.NumPendingBlockRequests)
+
+	peer.RequestSent(1)
+	assert.NotNil(t, peer.recvMonitor)
+	assert.NotNil(t, peer.blockResponseTimer)
+	assert.Equal(t, 2, peer.NumPendingBlockRequests)
+}
+
+func TestPeerGetAndRemoveBlock(t *testing.T) {
+	peer := NewBpPeer(
+		p2p.ID(cmn.RandStr(12)), 100,
+		func(err error, _ p2p.ID) {},
+		nil)
+
+	// Change peer height
+	peer.Height = int64(10)
+	assert.Equal(t, int64(10), peer.Height)
+
+	// request some blocks and receive few of them
+	for i := 1; i <= 10; i++ {
+		peer.RequestSent(int64(i))
+		if i > 5 {
+			// only receive blocks 1..5
+			continue
+		}
+		_ = peer.AddBlock(makeSmallBlock(i), 10)
+	}
+
+	tests := []struct {
+		name         string
+		height       int64
+		wantErr      error
+		blockPresent bool
+	}{
+		{"no request", 100, errMissingBlock, false},
+		{"no block", 6, errMissingBlock, false},
+		{"block 1 present", 1, nil, true},
+		{"block max present", 5, nil, true},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			// try to get the block
+			b, err := peer.BlockAtHeight(tt.height)
+			assert.Equal(t, tt.wantErr, err)
+			assert.Equal(t, tt.blockPresent, b != nil)
+
+			// remove the block
+			peer.RemoveBlock(tt.height)
+			_, err = peer.BlockAtHeight(tt.height)
+			assert.Equal(t, errMissingBlock, err)
+		})
+	}
+}
+
+func TestPeerAddBlock(t *testing.T) {
+	peer := NewBpPeer(
+		p2p.ID(cmn.RandStr(12)), 100,
+		func(err error, _ p2p.ID) {},
+		nil)
+
+	// request some blocks, receive one
+	for i := 1; i <= 10; i++ {
+		peer.RequestSent(int64(i))
+		if i == 5 {
+			// receive block 5
+			_ = peer.AddBlock(makeSmallBlock(i), 10)
+		}
+	}
+
+	tests := []struct {
+		name         string
+		height       int64
+		wantErr      error
+		blockPresent bool
+	}{
+		{"no request", 50, errMissingBlock, false},
+		{"duplicate block", 5, errDuplicateBlock, true},
+		{"block 1 successfully received", 1, nil, true},
+		{"block max successfully received", 10, nil, true},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			// try to get the block
+			err := peer.AddBlock(makeSmallBlock(int(tt.height)), 10)
+			assert.Equal(t, tt.wantErr, err)
+			_, err = peer.BlockAtHeight(tt.height)
+			assert.Equal(t, tt.blockPresent, err == nil)
+		})
+	}
+}
+
+func TestPeerOnErrFuncCalledDueToExpiration(t *testing.T) {
+
+	params := &BpPeerParams{timeout: 2 * time.Millisecond}
+	var (
+		numErrFuncCalls int        // number of calls to the onErr function
+		lastErr         error      // last generated error
+		peerTestMtx     sync.Mutex // modifications of ^^ variables are also done from timer handler goroutine
+	)
+
+	peer := NewBpPeer(
+		p2p.ID(cmn.RandStr(12)), 10,
+		func(err error, _ p2p.ID) {
+			peerTestMtx.Lock()
+			defer peerTestMtx.Unlock()
+			lastErr = err
+			numErrFuncCalls++
+		},
+		params)
+
+	peer.SetLogger(log.TestingLogger())
+
+	peer.RequestSent(1)
+	time.Sleep(4 * time.Millisecond)
+	// timer should have expired by now, check that the on error function was called
+	peerTestMtx.Lock()
+	assert.Equal(t, 1, numErrFuncCalls)
+	assert.Equal(t, errNoPeerResponse, lastErr)
+	peerTestMtx.Unlock()
+}
+
+func TestPeerCheckRate(t *testing.T) {
+	params := &BpPeerParams{
+		timeout:     time.Second,
+		minRecvRate: int64(100), // 100 bytes/sec exponential moving average
+	}
+	peer := NewBpPeer(
+		p2p.ID(cmn.RandStr(12)), 10,
+		func(err error, _ p2p.ID) {},
+		params)
+	peer.SetLogger(log.TestingLogger())
+
+	require.Nil(t, peer.CheckRate())
+
+	for i := 0; i < 40; i++ {
+		peer.RequestSent(int64(i))
+	}
+
+	// monitor starts with a higher rEMA (~ 2*minRecvRate), wait for it to go down
+	time.Sleep(900 * time.Millisecond)
+
+	// normal peer - send a bit more than 100 bytes/sec, > 10 bytes/100msec, check peer is not considered slow
+	for i := 0; i < 10; i++ {
+		_ = peer.AddBlock(makeSmallBlock(i), 11)
+		time.Sleep(100 * time.Millisecond)
+		require.Nil(t, peer.CheckRate())
+	}
+
+	// slow peer - send a bit less than 10 bytes/100msec
+	for i := 10; i < 20; i++ {
+		_ = peer.AddBlock(makeSmallBlock(i), 9)
+		time.Sleep(100 * time.Millisecond)
+	}
+	// check peer is considered slow
+	assert.Equal(t, errSlowPeer, peer.CheckRate())
+}
+
+func TestPeerCleanup(t *testing.T) {
+	params := &BpPeerParams{timeout: 2 * time.Millisecond}
+
+	peer := NewBpPeer(
+		p2p.ID(cmn.RandStr(12)), 10,
+		func(err error, _ p2p.ID) {},
+		params)
+	peer.SetLogger(log.TestingLogger())
+
+	assert.Nil(t, peer.blockResponseTimer)
+	peer.RequestSent(1)
+	assert.NotNil(t, peer.blockResponseTimer)
+
+	peer.Cleanup()
+	checkByStoppingPeerTimer(t, peer, false)
+}
+
+// Check if peer timer is running or not (a running timer can be successfully stopped).
+// Note: stops the timer.
+func checkByStoppingPeerTimer(t *testing.T, peer *BpPeer, running bool) {
+	assert.NotPanics(t, func() {
+		stopped := peer.stopBlockResponseTimer()
+		if running {
+			assert.True(t, stopped)
+		} else {
+			assert.False(t, stopped)
+		}
+	})
+}
+
+func makeSmallBlock(height int) *types.Block {
+	return types.MakeBlock(int64(height), []types.Tx{types.Tx("foo")}, nil, nil)
+}
--- a/blockchain/v1/pool.go
+++ b/blockchain/v1/pool.go
@@ -0,0 +1,369 @@
+package v1
+
+import (
+	"sort"
+
+	"github.com/tendermint/tendermint/libs/log"
+	"github.com/tendermint/tendermint/p2p"
+	"github.com/tendermint/tendermint/types"
+)
+
+// BlockPool keeps track of the fast sync peers, block requests and block responses.
+type BlockPool struct {
+	logger log.Logger
+	// Set of peers that have sent status responses, with height bigger than pool.Height
+	peers map[p2p.ID]*BpPeer
+	// Set of block heights and the corresponding peers from where a block response is expected or has been received.
+	blocks map[int64]p2p.ID
+
+	plannedRequests   map[int64]struct{} // list of blocks to be assigned peers for blockRequest
+	nextRequestHeight int64              // next height to be added to plannedRequests
+
+	Height        int64 // height of next block to execute
+	MaxPeerHeight int64 // maximum height of all peers
+	toBcR         bcReactor
+}
+
+// NewBlockPool creates a new BlockPool.
+func NewBlockPool(height int64, toBcR bcReactor) *BlockPool {
+	return &BlockPool{
+		Height:            height,
+		MaxPeerHeight:     0,
+		peers:             make(map[p2p.ID]*BpPeer),
+		blocks:            make(map[int64]p2p.ID),
+		plannedRequests:   make(map[int64]struct{}),
+		nextRequestHeight: height,
+		toBcR:             toBcR,
+	}
+}
+
+// SetLogger sets the logger of the pool.
+func (pool *BlockPool) SetLogger(l log.Logger) {
+	pool.logger = l
+}
+
+// ReachedMaxHeight check if the pool has reached the maximum peer height.
+func (pool *BlockPool) ReachedMaxHeight() bool {
+	return pool.Height >= pool.MaxPeerHeight
+}
+
+func (pool *BlockPool) rescheduleRequest(peerID p2p.ID, height int64) {
+	pool.logger.Info("reschedule requests made to peer for height ", "peerID", peerID, "height", height)
+	pool.plannedRequests[height] = struct{}{}
+	delete(pool.blocks, height)
+	pool.peers[peerID].RemoveBlock(height)
+}
+
+// Updates the pool's max height. If no peers are left MaxPeerHeight is set to 0.
+func (pool *BlockPool) updateMaxPeerHeight() {
+	var newMax int64
+	for _, peer := range pool.peers {
+		peerHeight := peer.Height
+		if peerHeight > newMax {
+			newMax = peerHeight
+		}
+	}
+	pool.MaxPeerHeight = newMax
+}
+
+// UpdatePeer adds a new peer or updates an existing peer with a new height.
+// If a peer is short it is not added.
+func (pool *BlockPool) UpdatePeer(peerID p2p.ID, height int64) error {
+
+	peer := pool.peers[peerID]
+
+	if peer == nil {
+		if height < pool.Height {
+			pool.logger.Info("Peer height too small",
+				"peer", peerID, "height", height, "fsm_height", pool.Height)
+			return errPeerTooShort
+		}
+		// Add new peer.
+		peer = NewBpPeer(peerID, height, pool.toBcR.sendPeerError, nil)
+		peer.SetLogger(pool.logger.With("peer", peerID))
+		pool.peers[peerID] = peer
+		pool.logger.Info("added peer", "peerID", peerID, "height", height, "num_peers", len(pool.peers))
+	} else {
+		// Check if peer is lowering its height. This is not allowed.
+		if height < peer.Height {
+			pool.RemovePeer(peerID, errPeerLowersItsHeight)
+			return errPeerLowersItsHeight
+		}
+		// Update existing peer.
+		peer.Height = height
+	}
+
+	// Update the pool's MaxPeerHeight if needed.
+	pool.updateMaxPeerHeight()
+
+	return nil
+}
+
+// Cleans and deletes the peer. Recomputes the max peer height.
+func (pool *BlockPool) deletePeer(peer *BpPeer) {
+	if peer == nil {
+		return
+	}
+	peer.Cleanup()
+	delete(pool.peers, peer.ID)
+
+	if peer.Height == pool.MaxPeerHeight {
+		pool.updateMaxPeerHeight()
+	}
+}
+
+// RemovePeer removes the blocks and requests from the peer, reschedules them and deletes the peer.
+func (pool *BlockPool) RemovePeer(peerID p2p.ID, err error) {
+	peer := pool.peers[peerID]
+	if peer == nil {
+		return
+	}
+	pool.logger.Info("removing peer", "peerID", peerID, "error", err)
+
+	// Reschedule the block requests made to the peer, or received and not processed yet.
+	// Note that some of the requests may be removed further down.
+	for h := range pool.peers[peerID].blocks {
+		pool.rescheduleRequest(peerID, h)
+	}
+
+	oldMaxPeerHeight := pool.MaxPeerHeight
+	// Delete the peer. This operation may result in the pool's MaxPeerHeight being lowered.
+	pool.deletePeer(peer)
+
+	// Check if the pool's MaxPeerHeight has been lowered.
+	// This may happen if the tallest peer has been removed.
+	if oldMaxPeerHeight > pool.MaxPeerHeight {
+		// Remove any planned requests for heights over the new MaxPeerHeight.
+		for h := range pool.plannedRequests {
+			if h > pool.MaxPeerHeight {
+				delete(pool.plannedRequests, h)
+			}
+		}
+		// Adjust the nextRequestHeight to the new max plus one.
+		if pool.nextRequestHeight > pool.MaxPeerHeight {
+			pool.nextRequestHeight = pool.MaxPeerHeight + 1
+		}
+	}
+}
+
+func (pool *BlockPool) removeShortPeers() {
+	for _, peer := range pool.peers {
+		if peer.Height < pool.Height {
+			pool.RemovePeer(peer.ID, nil)
+		}
+	}
+}
+
+func (pool *BlockPool) removeBadPeers() {
+	pool.removeShortPeers()
+	for _, peer := range pool.peers {
+		if err := peer.CheckRate(); err != nil {
+			pool.RemovePeer(peer.ID, err)
+			pool.toBcR.sendPeerError(err, peer.ID)
+		}
+	}
+}
+
+// MakeNextRequests creates more requests if the block pool is running low.
+func (pool *BlockPool) MakeNextRequests(maxNumRequests int) {
+	heights := pool.makeRequestBatch(maxNumRequests)
+	if len(heights) != 0 {
+		pool.logger.Info("makeNextRequests will make following requests",
+			"number", len(heights), "heights", heights)
+	}
+
+	for _, height := range heights {
+		h := int64(height)
+		if !pool.sendRequest(h) {
+			// If a good peer was not found for sending the request at height h then return,
+			// as it shouldn't be possible to find a peer for h+1.
+			return
+		}
+		delete(pool.plannedRequests, h)
+	}
+}
+
+// Makes a batch of requests sorted by height such that the block pool has up to maxNumRequests entries.
+func (pool *BlockPool) makeRequestBatch(maxNumRequests int) []int {
+	pool.removeBadPeers()
+	// At this point pool.requests may include heights for requests to be redone due to removal of peers:
+	// - peers timed out or were removed by switch
+	// - FSM timed out on waiting to advance the block execution due to missing blocks at h or h+1
+	// Determine the number of requests needed by subtracting the number of requests already made from the maximum
+	// allowed
+	numNeeded := int(maxNumRequests) - len(pool.blocks)
+	for len(pool.plannedRequests) < numNeeded {
+		if pool.nextRequestHeight > pool.MaxPeerHeight {
+			break
+		}
+		pool.plannedRequests[pool.nextRequestHeight] = struct{}{}
+		pool.nextRequestHeight++
+	}
+
+	heights := make([]int, 0, len(pool.plannedRequests))
+	for k := range pool.plannedRequests {
+		heights = append(heights, int(k))
+	}
+	sort.Ints(heights)
+	return heights
+}
+
+func (pool *BlockPool) sendRequest(height int64) bool {
+	for _, peer := range pool.peers {
+		if peer.NumPendingBlockRequests >= maxRequestsPerPeer {
+			continue
+		}
+		if peer.Height < height {
+			continue
+		}
+
+		err := pool.toBcR.sendBlockRequest(peer.ID, height)
+		if err == errNilPeerForBlockRequest {
+			// Switch does not have this peer, remove it and continue to look for another peer.
+			pool.logger.Error("switch does not have peer..removing peer selected for height", "peer",
+				peer.ID, "height", height)
+			pool.RemovePeer(peer.ID, err)
+			continue
+		}
+
+		if err == errSendQueueFull {
+			pool.logger.Error("peer queue is full", "peer", peer.ID, "height", height)
+			continue
+		}
+
+		pool.logger.Info("assigned request to peer", "peer", peer.ID, "height", height)
+
+		pool.blocks[height] = peer.ID
+		peer.RequestSent(height)
+
+		return true
+	}
+	pool.logger.Error("could not find peer to send request for block at height", "height", height)
+	return false
+}
+
+// AddBlock validates that the block comes from the peer it was expected from and stores it in the 'blocks' map.
+func (pool *BlockPool) AddBlock(peerID p2p.ID, block *types.Block, blockSize int) error {
+	peer, ok := pool.peers[peerID]
+	if !ok {
+		pool.logger.Error("block from unknown peer", "height", block.Height, "peer", peerID)
+		return errBadDataFromPeer
+	}
+	if wantPeerID, ok := pool.blocks[block.Height]; ok && wantPeerID != peerID {
+		pool.logger.Error("block received from wrong peer", "height", block.Height,
+			"peer", peerID, "expected_peer", wantPeerID)
+		return errBadDataFromPeer
+	}
+
+	return peer.AddBlock(block, blockSize)
+}
+
+// BlockData stores the peer responsible to deliver a block and the actual block if delivered.
+type BlockData struct {
+	block *types.Block
+	peer  *BpPeer
+}
+
+// BlockAndPeerAtHeight retrieves the block and delivery peer at specified height.
+// Returns errMissingBlock if a block was not found
+func (pool *BlockPool) BlockAndPeerAtHeight(height int64) (bData *BlockData, err error) {
+	peerID := pool.blocks[height]
+	peer := pool.peers[peerID]
+	if peer == nil {
+		return nil, errMissingBlock
+	}
+
+	block, err := peer.BlockAtHeight(height)
+	if err != nil {
+		return nil, err
+	}
+
+	return &BlockData{peer: peer, block: block}, nil
+
+}
+
+// FirstTwoBlocksAndPeers returns the blocks and the delivery peers at pool's height H and H+1.
+func (pool *BlockPool) FirstTwoBlocksAndPeers() (first, second *BlockData, err error) {
+	first, err = pool.BlockAndPeerAtHeight(pool.Height)
+	second, err2 := pool.BlockAndPeerAtHeight(pool.Height + 1)
+	if err == nil {
+		err = err2
+	}
+	return
+}
+
+// InvalidateFirstTwoBlocks removes the peers that sent us the first two blocks, blocks are removed by RemovePeer().
+func (pool *BlockPool) InvalidateFirstTwoBlocks(err error) {
+	first, err1 := pool.BlockAndPeerAtHeight(pool.Height)
+	second, err2 := pool.BlockAndPeerAtHeight(pool.Height + 1)
+
+	if err1 == nil {
+		pool.RemovePeer(first.peer.ID, err)
+	}
+	if err2 == nil {
+		pool.RemovePeer(second.peer.ID, err)
+	}
+}
+
+// ProcessedCurrentHeightBlock performs cleanup after a block is processed. It removes block at pool height and
+// the peers that are now short.
+func (pool *BlockPool) ProcessedCurrentHeightBlock() {
+	peerID, peerOk := pool.blocks[pool.Height]
+	if peerOk {
+		pool.peers[peerID].RemoveBlock(pool.Height)
+	}
+	delete(pool.blocks, pool.Height)
+	pool.logger.Debug("removed block at height", "height", pool.Height)
+	pool.Height++
+	pool.removeShortPeers()
+}
+
+// RemovePeerAtCurrentHeights checks if a block at pool's height H exists and if not, it removes the
+// delivery peer and returns. If a block at height H exists then the check and peer removal is done for H+1.
+// This function is called when the FSM is not able to make progress for some time.
+// This happens if either the block H or H+1 have not been delivered.
+func (pool *BlockPool) RemovePeerAtCurrentHeights(err error) {
+	peerID := pool.blocks[pool.Height]
+	peer, ok := pool.peers[peerID]
+	if ok {
+		if _, err := peer.BlockAtHeight(pool.Height); err != nil {
+			pool.logger.Info("remove peer that hasn't sent block at pool.Height",
+				"peer", peerID, "height", pool.Height)
+			pool.RemovePeer(peerID, err)
+			return
+		}
+	}
+	peerID = pool.blocks[pool.Height+1]
+	peer, ok = pool.peers[peerID]
+	if ok {
+		if _, err := peer.BlockAtHeight(pool.Height + 1); err != nil {
+			pool.logger.Info("remove peer that hasn't sent block at pool.Height+1",
+				"peer", peerID, "height", pool.Height+1)
+			pool.RemovePeer(peerID, err)
+			return
+		}
+	}
+}
+
+// Cleanup performs pool and peer cleanup
+func (pool *BlockPool) Cleanup() {
+	for id, peer := range pool.peers {
+		peer.Cleanup()
+		delete(pool.peers, id)
+	}
+	pool.plannedRequests = make(map[int64]struct{})
+	pool.blocks = make(map[int64]p2p.ID)
+	pool.nextRequestHeight = 0
+	pool.Height = 0
+	pool.MaxPeerHeight = 0
+}
+
+// NumPeers returns the number of peers in the pool
+func (pool *BlockPool) NumPeers() int {
+	return len(pool.peers)
+}
+
+// NeedsBlocks returns true if more blocks are required.
+func (pool *BlockPool) NeedsBlocks() bool {
+	return len(pool.blocks) < maxNumRequests
+}
--- a/blockchain/v1/pool_test.go
+++ b/blockchain/v1/pool_test.go
@@ -0,0 +1,650 @@
+package v1
+
+import (
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+
+	"github.com/tendermint/tendermint/libs/log"
+	"github.com/tendermint/tendermint/p2p"
+	"github.com/tendermint/tendermint/types"
+)
+
+type testPeer struct {
+	id     p2p.ID
+	height int64
+}
+
+type testBcR struct {
+	logger log.Logger
+}
+
+type testValues struct {
+	numRequestsSent int
+}
+
+var testResults testValues
+
+func resetPoolTestResults() {
+	testResults.numRequestsSent = 0
+}
+
+func (testR *testBcR) sendPeerError(err error, peerID p2p.ID) {
+}
+
+func (testR *testBcR) sendStatusRequest() {
+}
+
+func (testR *testBcR) sendBlockRequest(peerID p2p.ID, height int64) error {
+	testResults.numRequestsSent++
+	return nil
+}
+
+func (testR *testBcR) resetStateTimer(name string, timer **time.Timer, timeout time.Duration) {
+}
+
+func (testR *testBcR) switchToConsensus() {
+
+}
+
+func newTestBcR() *testBcR {
+	testBcR := &testBcR{logger: log.TestingLogger()}
+	return testBcR
+}
+
+type tPBlocks struct {
+	id     p2p.ID
+	create bool
+}
+
+// Makes a block pool with specified current height, list of peers, block requests and block responses
+func makeBlockPool(bcr *testBcR, height int64, peers []BpPeer, blocks map[int64]tPBlocks) *BlockPool {
+	bPool := NewBlockPool(height, bcr)
+	bPool.SetLogger(bcr.logger)
+
+	txs := []types.Tx{types.Tx("foo"), types.Tx("bar")}
+
+	var maxH int64
+	for _, p := range peers {
+		if p.Height > maxH {
+			maxH = p.Height
+		}
+		bPool.peers[p.ID] = NewBpPeer(p.ID, p.Height, bcr.sendPeerError, nil)
+		bPool.peers[p.ID].SetLogger(bcr.logger)
+
+	}
+	bPool.MaxPeerHeight = maxH
+	for h, p := range blocks {
+		bPool.blocks[h] = p.id
+		bPool.peers[p.id].RequestSent(int64(h))
+		if p.create {
+			// simulate that a block at height h has been received
+			_ = bPool.peers[p.id].AddBlock(types.MakeBlock(int64(h), txs, nil, nil), 100)
+		}
+	}
+	return bPool
+}
+
+func assertPeerSetsEquivalent(t *testing.T, set1 map[p2p.ID]*BpPeer, set2 map[p2p.ID]*BpPeer) {
+	assert.Equal(t, len(set1), len(set2))
+	for peerID, peer1 := range set1 {
+		peer2 := set2[peerID]
+		assert.NotNil(t, peer2)
+		assert.Equal(t, peer1.NumPendingBlockRequests, peer2.NumPendingBlockRequests)
+		assert.Equal(t, peer1.Height, peer2.Height)
+		assert.Equal(t, len(peer1.blocks), len(peer2.blocks))
+		for h, block1 := range peer1.blocks {
+			block2 := peer2.blocks[h]
+			// block1 and block2 could be nil if a request was made but no block was received
+			assert.Equal(t, block1, block2)
+		}
+	}
+}
+
+func assertBlockPoolEquivalent(t *testing.T, poolWanted, pool *BlockPool) {
+	assert.Equal(t, poolWanted.blocks, pool.blocks)
+	assertPeerSetsEquivalent(t, poolWanted.peers, pool.peers)
+	assert.Equal(t, poolWanted.MaxPeerHeight, pool.MaxPeerHeight)
+	assert.Equal(t, poolWanted.Height, pool.Height)
+
+}
+
+func TestBlockPoolUpdatePeer(t *testing.T) {
+	testBcR := newTestBcR()
+
+	tests := []struct {
+		name       string
+		pool       *BlockPool
+		args       testPeer
+		poolWanted *BlockPool
+		errWanted  error
+	}{
+		{
+			name:       "add a first short peer",
+			pool:       makeBlockPool(testBcR, 100, []BpPeer{}, map[int64]tPBlocks{}),
+			args:       testPeer{"P1", 50},
+			errWanted:  errPeerTooShort,
+			poolWanted: makeBlockPool(testBcR, 100, []BpPeer{}, map[int64]tPBlocks{}),
+		},
+		{
+			name:       "add a first good peer",
+			pool:       makeBlockPool(testBcR, 100, []BpPeer{}, map[int64]tPBlocks{}),
+			args:       testPeer{"P1", 101},
+			poolWanted: makeBlockPool(testBcR, 100, []BpPeer{{ID: "P1", Height: 101}}, map[int64]tPBlocks{}),
+		},
+		{
+			name:       "increase the height of P1 from 120 to 123",
+			pool:       makeBlockPool(testBcR, 100, []BpPeer{{ID: "P1", Height: 120}}, map[int64]tPBlocks{}),
+			args:       testPeer{"P1", 123},
+			poolWanted: makeBlockPool(testBcR, 100, []BpPeer{{ID: "P1", Height: 123}}, map[int64]tPBlocks{}),
+		},
+		{
+			name:       "decrease the height of P1 from 120 to 110",
+			pool:       makeBlockPool(testBcR, 100, []BpPeer{{ID: "P1", Height: 120}}, map[int64]tPBlocks{}),
+			args:       testPeer{"P1", 110},
+			errWanted:  errPeerLowersItsHeight,
+			poolWanted: makeBlockPool(testBcR, 100, []BpPeer{}, map[int64]tPBlocks{}),
+		},
+		{
+			name: "decrease the height of P1 from 105 to 102 with blocks",
+			pool: makeBlockPool(testBcR, 100, []BpPeer{{ID: "P1", Height: 105}},
+				map[int64]tPBlocks{
+					100: {"P1", true}, 101: {"P1", true}, 102: {"P1", true}}),
+			args:      testPeer{"P1", 102},
+			errWanted: errPeerLowersItsHeight,
+			poolWanted: makeBlockPool(testBcR, 100, []BpPeer{},
+				map[int64]tPBlocks{}),
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			pool := tt.pool
+			err := pool.UpdatePeer(tt.args.id, tt.args.height)
+			assert.Equal(t, tt.errWanted, err)
+			assert.Equal(t, tt.poolWanted.blocks, tt.pool.blocks)
+			assertPeerSetsEquivalent(t, tt.poolWanted.peers, tt.pool.peers)
+			assert.Equal(t, tt.poolWanted.MaxPeerHeight, tt.pool.MaxPeerHeight)
+		})
+	}
+}
+
+func TestBlockPoolRemovePeer(t *testing.T) {
+	testBcR := newTestBcR()
+
+	type args struct {
+		peerID p2p.ID
+		err    error
+	}
+
+	tests := []struct {
+		name       string
+		pool       *BlockPool
+		args       args
+		poolWanted *BlockPool
+	}{
+		{
+			name:       "attempt to delete non-existing peer",
+			pool:       makeBlockPool(testBcR, 100, []BpPeer{{ID: "P1", Height: 120}}, map[int64]tPBlocks{}),
+			args:       args{"P99", nil},
+			poolWanted: makeBlockPool(testBcR, 100, []BpPeer{{ID: "P1", Height: 120}}, map[int64]tPBlocks{}),
+		},
+		{
+			name:       "delete the only peer without blocks",
+			pool:       makeBlockPool(testBcR, 100, []BpPeer{{ID: "P1", Height: 120}}, map[int64]tPBlocks{}),
+			args:       args{"P1", nil},
+			poolWanted: makeBlockPool(testBcR, 100, []BpPeer{}, map[int64]tPBlocks{}),
+		},
+		{
+			name:       "delete the shortest of two peers without blocks",
+			pool:       makeBlockPool(testBcR, 100, []BpPeer{{ID: "P1", Height: 100}, {ID: "P2", Height: 120}}, map[int64]tPBlocks{}),
+			args:       args{"P1", nil},
+			poolWanted: makeBlockPool(testBcR, 100, []BpPeer{{ID: "P2", Height: 120}}, map[int64]tPBlocks{}),
+		},
+		{
+			name:       "delete the tallest of two peers without blocks",
+			pool:       makeBlockPool(testBcR, 100, []BpPeer{{ID: "P1", Height: 100}, {ID: "P2", Height: 120}}, map[int64]tPBlocks{}),
+			args:       args{"P2", nil},
+			poolWanted: makeBlockPool(testBcR, 100, []BpPeer{{ID: "P1", Height: 100}}, map[int64]tPBlocks{}),
+		},
+		{
+			name: "delete the only peer with block requests sent and blocks received",
+			pool: makeBlockPool(testBcR, 100, []BpPeer{{ID: "P1", Height: 120}},
+				map[int64]tPBlocks{100: {"P1", true}, 101: {"P1", false}}),
+			args:       args{"P1", nil},
+			poolWanted: makeBlockPool(testBcR, 100, []BpPeer{}, map[int64]tPBlocks{}),
+		},
+		{
+			name: "delete the shortest of two peers with block requests sent and blocks received",
+			pool: makeBlockPool(testBcR, 100, []BpPeer{{ID: "P1", Height: 120}, {ID: "P2", Height: 200}},
+				map[int64]tPBlocks{100: {"P1", true}, 101: {"P1", false}}),
+			args:       args{"P1", nil},
+			poolWanted: makeBlockPool(testBcR, 100, []BpPeer{{ID: "P2", Height: 200}}, map[int64]tPBlocks{}),
+		},
+		{
+			name: "delete the tallest of two peers with block requests sent and blocks received",
+			pool: makeBlockPool(testBcR, 100, []BpPeer{{ID: "P1", Height: 120}, {ID: "P2", Height: 110}},
+				map[int64]tPBlocks{100: {"P1", true}, 101: {"P1", false}}),
+			args:       args{"P1", nil},
+			poolWanted: makeBlockPool(testBcR, 100, []BpPeer{{ID: "P2", Height: 110}}, map[int64]tPBlocks{}),
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			tt.pool.RemovePeer(tt.args.peerID, tt.args.err)
+			assertBlockPoolEquivalent(t, tt.poolWanted, tt.pool)
+		})
+	}
+}
+
+func TestBlockPoolRemoveShortPeers(t *testing.T) {
+	testBcR := newTestBcR()
+
+	tests := []struct {
+		name       string
+		pool       *BlockPool
+		poolWanted *BlockPool
+	}{
+		{
+			name: "no short peers",
+			pool: makeBlockPool(testBcR, 100,
+				[]BpPeer{{ID: "P1", Height: 100}, {ID: "P2", Height: 110}, {ID: "P3", Height: 120}}, map[int64]tPBlocks{}),
+			poolWanted: makeBlockPool(testBcR, 100,
+				[]BpPeer{{ID: "P1", Height: 100}, {ID: "P2", Height: 110}, {ID: "P3", Height: 120}}, map[int64]tPBlocks{}),
+		},
+
+		{
+			name: "one short peer",
+			pool: makeBlockPool(testBcR, 100,
+				[]BpPeer{{ID: "P1", Height: 100}, {ID: "P2", Height: 90}, {ID: "P3", Height: 120}}, map[int64]tPBlocks{}),
+			poolWanted: makeBlockPool(testBcR, 100,
+				[]BpPeer{{ID: "P1", Height: 100}, {ID: "P3", Height: 120}}, map[int64]tPBlocks{}),
+		},
+
+		{
+			name: "all short peers",
+			pool: makeBlockPool(testBcR, 100,
+				[]BpPeer{{ID: "P1", Height: 90}, {ID: "P2", Height: 91}, {ID: "P3", Height: 92}}, map[int64]tPBlocks{}),
+			poolWanted: makeBlockPool(testBcR, 100, []BpPeer{}, map[int64]tPBlocks{}),
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			pool := tt.pool
+			pool.removeShortPeers()
+			assertBlockPoolEquivalent(t, tt.poolWanted, tt.pool)
+		})
+	}
+}
+
+func TestBlockPoolSendRequestBatch(t *testing.T) {
+	type testPeerResult struct {
+		id                      p2p.ID
+		numPendingBlockRequests int
+	}
+
+	testBcR := newTestBcR()
+
+	tests := []struct {
+		name                       string
+		pool                       *BlockPool
+		maxRequestsPerPeer         int
+		expRequests                map[int64]bool
+		expPeerResults             []testPeerResult
+		expnumPendingBlockRequests int
+	}{
+		{
+			name:                       "one peer - send up to maxRequestsPerPeer block requests",
+			pool:                       makeBlockPool(testBcR, 10, []BpPeer{{ID: "P1", Height: 100}}, map[int64]tPBlocks{}),
+			maxRequestsPerPeer:         2,
+			expRequests:                map[int64]bool{10: true, 11: true},
+			expPeerResults:             []testPeerResult{{id: "P1", numPendingBlockRequests: 2}},
+			expnumPendingBlockRequests: 2,
+		},
+		{
+			name:               "n peers - send n*maxRequestsPerPeer block requests",
+			pool:               makeBlockPool(testBcR, 10, []BpPeer{{ID: "P1", Height: 100}, {ID: "P2", Height: 100}}, map[int64]tPBlocks{}),
+			maxRequestsPerPeer: 2,
+			expRequests:        map[int64]bool{10: true, 11: true},
+			expPeerResults: []testPeerResult{
+				{id: "P1", numPendingBlockRequests: 2},
+				{id: "P2", numPendingBlockRequests: 2}},
+			expnumPendingBlockRequests: 4,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			resetPoolTestResults()
+
+			var pool = tt.pool
+			maxRequestsPerPeer = tt.maxRequestsPerPeer
+			pool.MakeNextRequests(10)
+			assert.Equal(t, testResults.numRequestsSent, maxRequestsPerPeer*len(pool.peers))
+
+			for _, tPeer := range tt.expPeerResults {
+				var peer = pool.peers[tPeer.id]
+				assert.NotNil(t, peer)
+				assert.Equal(t, tPeer.numPendingBlockRequests, peer.NumPendingBlockRequests)
+			}
+			assert.Equal(t, testResults.numRequestsSent, maxRequestsPerPeer*len(pool.peers))
+
+		})
+	}
+}
+
+func TestBlockPoolAddBlock(t *testing.T) {
+	testBcR := newTestBcR()
+	txs := []types.Tx{types.Tx("foo"), types.Tx("bar")}
+
+	type args struct {
+		peerID    p2p.ID
+		block     *types.Block
+		blockSize int
+	}
+	tests := []struct {
+		name       string
+		pool       *BlockPool
+		args       args
+		poolWanted *BlockPool
+		errWanted  error
+	}{
+		{name: "block from unknown peer",
+			pool: makeBlockPool(testBcR, 10, []BpPeer{{ID: "P1", Height: 100}}, map[int64]tPBlocks{}),
+			args: args{
+				peerID:    "P2",
+				block:     types.MakeBlock(int64(10), txs, nil, nil),
+				blockSize: 100,
+			},
+			poolWanted: makeBlockPool(testBcR, 10, []BpPeer{{ID: "P1", Height: 100}}, map[int64]tPBlocks{}),
+			errWanted:  errBadDataFromPeer,
+		},
+		{name: "unexpected block 11 from known peer - waiting for 10",
+			pool: makeBlockPool(testBcR, 10,
+				[]BpPeer{{ID: "P1", Height: 100}},
+				map[int64]tPBlocks{10: {"P1", false}}),
+			args: args{
+				peerID:    "P1",
+				block:     types.MakeBlock(int64(11), txs, nil, nil),
+				blockSize: 100,
+			},
+			poolWanted: makeBlockPool(testBcR, 10,
+				[]BpPeer{{ID: "P1", Height: 100}},
+				map[int64]tPBlocks{10: {"P1", false}}),
+			errWanted: errMissingBlock,
+		},
+		{name: "unexpected block 10 from known peer - already have 10",
+			pool: makeBlockPool(testBcR, 10,
+				[]BpPeer{{ID: "P1", Height: 100}},
+				map[int64]tPBlocks{10: {"P1", true}, 11: {"P1", false}}),
+			args: args{
+				peerID:    "P1",
+				block:     types.MakeBlock(int64(10), txs, nil, nil),
+				blockSize: 100,
+			},
+			poolWanted: makeBlockPool(testBcR, 10,
+				[]BpPeer{{ID: "P1", Height: 100}},
+				map[int64]tPBlocks{10: {"P1", true}, 11: {"P1", false}}),
+			errWanted: errDuplicateBlock,
+		},
+		{name: "unexpected block 10 from known peer P2 - expected 10 to come from P1",
+			pool: makeBlockPool(testBcR, 10,
+				[]BpPeer{{ID: "P1", Height: 100}, {ID: "P2", Height: 100}},
+				map[int64]tPBlocks{10: {"P1", false}}),
+			args: args{
+				peerID:    "P2",
+				block:     types.MakeBlock(int64(10), txs, nil, nil),
+				blockSize: 100,
+			},
+			poolWanted: makeBlockPool(testBcR, 10,
+				[]BpPeer{{ID: "P1", Height: 100}, {ID: "P2", Height: 100}},
+				map[int64]tPBlocks{10: {"P1", false}}),
+			errWanted: errBadDataFromPeer,
+		},
+		{name: "expected block from known peer",
+			pool: makeBlockPool(testBcR, 10,
+				[]BpPeer{{ID: "P1", Height: 100}},
+				map[int64]tPBlocks{10: {"P1", false}}),
+			args: args{
+				peerID:    "P1",
+				block:     types.MakeBlock(int64(10), txs, nil, nil),
+				blockSize: 100,
+			},
+			poolWanted: makeBlockPool(testBcR, 10,
+				[]BpPeer{{ID: "P1", Height: 100}},
+				map[int64]tPBlocks{10: {"P1", true}}),
+			errWanted: nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			err := tt.pool.AddBlock(tt.args.peerID, tt.args.block, tt.args.blockSize)
+			assert.Equal(t, tt.errWanted, err)
+			assertBlockPoolEquivalent(t, tt.poolWanted, tt.pool)
+		})
+	}
+}
+
+func TestBlockPoolFirstTwoBlocksAndPeers(t *testing.T) {
+	testBcR := newTestBcR()
+
+	tests := []struct {
+		name         string
+		pool         *BlockPool
+		firstWanted  int64
+		secondWanted int64
+		errWanted    error
+	}{
+		{
+			name: "both blocks missing",
+			pool: makeBlockPool(testBcR, 10,
+				[]BpPeer{{ID: "P1", Height: 100}, {ID: "P2", Height: 100}},
+				map[int64]tPBlocks{15: {"P1", true}, 16: {"P2", true}}),
+			errWanted: errMissingBlock,
+		},
+		{
+			name: "second block missing",
+			pool: makeBlockPool(testBcR, 15,
+				[]BpPeer{{ID: "P1", Height: 100}, {ID: "P2", Height: 100}},
+				map[int64]tPBlocks{15: {"P1", true}, 18: {"P2", true}}),
+			firstWanted: 15,
+			errWanted:   errMissingBlock,
+		},
+		{
+			name: "first block missing",
+			pool: makeBlockPool(testBcR, 15,
+				[]BpPeer{{ID: "P1", Height: 100}, {ID: "P2", Height: 100}},
+				map[int64]tPBlocks{16: {"P2", true}, 18: {"P2", true}}),
+			secondWanted: 16,
+			errWanted:    errMissingBlock,
+		},
+		{
+			name: "both blocks present",
+			pool: makeBlockPool(testBcR, 10,
+				[]BpPeer{{ID: "P1", Height: 100}, {ID: "P2", Height: 100}},
+				map[int64]tPBlocks{10: {"P1", true}, 11: {"P2", true}}),
+			firstWanted:  10,
+			secondWanted: 11,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			pool := tt.pool
+			gotFirst, gotSecond, err := pool.FirstTwoBlocksAndPeers()
+			assert.Equal(t, tt.errWanted, err)
+
+			if tt.firstWanted != 0 {
+				peer := pool.blocks[tt.firstWanted]
+				block := pool.peers[peer].blocks[tt.firstWanted]
+				assert.Equal(t, block, gotFirst.block,
+					"BlockPool.FirstTwoBlocksAndPeers() gotFirst = %v, want %v",
+					tt.firstWanted, gotFirst.block.Height)
+			}
+
+			if tt.secondWanted != 0 {
+				peer := pool.blocks[tt.secondWanted]
+				block := pool.peers[peer].blocks[tt.secondWanted]
+				assert.Equal(t, block, gotSecond.block,
+					"BlockPool.FirstTwoBlocksAndPeers() gotFirst = %v, want %v",
+					tt.secondWanted, gotSecond.block.Height)
+			}
+		})
+	}
+}
+
+func TestBlockPoolInvalidateFirstTwoBlocks(t *testing.T) {
+	testBcR := newTestBcR()
+
+	tests := []struct {
+		name       string
+		pool       *BlockPool
+		poolWanted *BlockPool
+	}{
+		{
+			name: "both blocks missing",
+			pool: makeBlockPool(testBcR, 10,
+				[]BpPeer{{ID: "P1", Height: 100}, {ID: "P2", Height: 100}},
+				map[int64]tPBlocks{15: {"P1", true}, 16: {"P2", true}}),
+			poolWanted: makeBlockPool(testBcR, 10,
+				[]BpPeer{{ID: "P1", Height: 100}, {ID: "P2", Height: 100}},
+				map[int64]tPBlocks{15: {"P1", true}, 16: {"P2", true}}),
+		},
+		{
+			name: "second block missing",
+			pool: makeBlockPool(testBcR, 15,
+				[]BpPeer{{ID: "P1", Height: 100}, {ID: "P2", Height: 100}},
+				map[int64]tPBlocks{15: {"P1", true}, 18: {"P2", true}}),
+			poolWanted: makeBlockPool(testBcR, 15,
+				[]BpPeer{{ID: "P2", Height: 100}},
+				map[int64]tPBlocks{18: {"P2", true}}),
+		},
+		{
+			name: "first block missing",
+			pool: makeBlockPool(testBcR, 15,
+				[]BpPeer{{ID: "P1", Height: 100}, {ID: "P2", Height: 100}},
+				map[int64]tPBlocks{18: {"P1", true}, 16: {"P2", true}}),
+			poolWanted: makeBlockPool(testBcR, 15,
+				[]BpPeer{{ID: "P1", Height: 100}},
+				map[int64]tPBlocks{18: {"P1", true}}),
+		},
+		{
+			name: "both blocks present",
+			pool: makeBlockPool(testBcR, 10,
+				[]BpPeer{{ID: "P1", Height: 100}, {ID: "P2", Height: 100}},
+				map[int64]tPBlocks{10: {"P1", true}, 11: {"P2", true}}),
+			poolWanted: makeBlockPool(testBcR, 10,
+				[]BpPeer{},
+				map[int64]tPBlocks{}),
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			tt.pool.InvalidateFirstTwoBlocks(errNoPeerResponse)
+			assertBlockPoolEquivalent(t, tt.poolWanted, tt.pool)
+		})
+	}
+}
+
+func TestProcessedCurrentHeightBlock(t *testing.T) {
+	testBcR := newTestBcR()
+
+	tests := []struct {
+		name       string
+		pool       *BlockPool
+		poolWanted *BlockPool
+	}{
+		{
+			name: "one peer",
+			pool: makeBlockPool(testBcR, 100, []BpPeer{{ID: "P1", Height: 120}},
+				map[int64]tPBlocks{100: {"P1", true}, 101: {"P1", true}}),
+			poolWanted: makeBlockPool(testBcR, 101, []BpPeer{{ID: "P1", Height: 120}},
+				map[int64]tPBlocks{101: {"P1", true}}),
+		},
+		{
+			name: "multiple peers",
+			pool: makeBlockPool(testBcR, 100,
+				[]BpPeer{{ID: "P1", Height: 120}, {ID: "P2", Height: 120}, {ID: "P3", Height: 130}},
+				map[int64]tPBlocks{
+					100: {"P1", true}, 104: {"P1", true}, 105: {"P1", false},
+					101: {"P2", true}, 103: {"P2", false},
+					102: {"P3", true}, 106: {"P3", true}}),
+			poolWanted: makeBlockPool(testBcR, 101,
+				[]BpPeer{{ID: "P1", Height: 120}, {ID: "P2", Height: 120}, {ID: "P3", Height: 130}},
+				map[int64]tPBlocks{
+					104: {"P1", true}, 105: {"P1", false},
+					101: {"P2", true}, 103: {"P2", false},
+					102: {"P3", true}, 106: {"P3", true}}),
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			tt.pool.ProcessedCurrentHeightBlock()
+			assertBlockPoolEquivalent(t, tt.poolWanted, tt.pool)
+		})
+	}
+}
+
+func TestRemovePeerAtCurrentHeight(t *testing.T) {
+	testBcR := newTestBcR()
+
+	tests := []struct {
+		name       string
+		pool       *BlockPool
+		poolWanted *BlockPool
+	}{
+		{
+			name: "one peer, remove peer for block at H",
+			pool: makeBlockPool(testBcR, 100, []BpPeer{{ID: "P1", Height: 120}},
+				map[int64]tPBlocks{100: {"P1", false}, 101: {"P1", true}}),
+			poolWanted: makeBlockPool(testBcR, 100, []BpPeer{}, map[int64]tPBlocks{}),
+		},
+		{
+			name: "one peer, remove peer for block at H+1",
+			pool: makeBlockPool(testBcR, 100, []BpPeer{{ID: "P1", Height: 120}},
+				map[int64]tPBlocks{100: {"P1", true}, 101: {"P1", false}}),
+			poolWanted: makeBlockPool(testBcR, 100, []BpPeer{}, map[int64]tPBlocks{}),
+		},
+		{
+			name: "multiple peers, remove peer for block at H",
+			pool: makeBlockPool(testBcR, 100,
+				[]BpPeer{{ID: "P1", Height: 120}, {ID: "P2", Height: 120}, {ID: "P3", Height: 130}},
+				map[int64]tPBlocks{
+					100: {"P1", false}, 104: {"P1", true}, 105: {"P1", false},
+					101: {"P2", true}, 103: {"P2", false},
+					102: {"P3", true}, 106: {"P3", true}}),
+			poolWanted: makeBlockPool(testBcR, 100,
+				[]BpPeer{{ID: "P2", Height: 120}, {ID: "P3", Height: 130}},
+				map[int64]tPBlocks{
+					101: {"P2", true}, 103: {"P2", false},
+					102: {"P3", true}, 106: {"P3", true}}),
+		},
+		{
+			name: "multiple peers, remove peer for block at H+1",
+			pool: makeBlockPool(testBcR, 100,
+				[]BpPeer{{ID: "P1", Height: 120}, {ID: "P2", Height: 120}, {ID: "P3", Height: 130}},
+				map[int64]tPBlocks{
+					100: {"P1", true}, 104: {"P1", true}, 105: {"P1", false},
+					101: {"P2", false}, 103: {"P2", false},
+					102: {"P3", true}, 106: {"P3", true}}),
+			poolWanted: makeBlockPool(testBcR, 100,
+				[]BpPeer{{ID: "P1", Height: 120}, {ID: "P3", Height: 130}},
+				map[int64]tPBlocks{
+					100: {"P1", true}, 104: {"P1", true}, 105: {"P1", false},
+					102: {"P3", true}, 106: {"P3", true}}),
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			tt.pool.RemovePeerAtCurrentHeights(errNoPeerResponse)
+			assertBlockPoolEquivalent(t, tt.poolWanted, tt.pool)
+		})
+	}
+}
--- a/blockchain/v1/reactor.go
+++ b/blockchain/v1/reactor.go
@@ -0,0 +1,622 @@
+package v1
+
+import (
+	"errors"
+	"fmt"
+	"reflect"
+	"time"
+
+	amino "github.com/tendermint/go-amino"
+	"github.com/tendermint/tendermint/behaviour"
+	"github.com/tendermint/tendermint/libs/log"
+	"github.com/tendermint/tendermint/p2p"
+	sm "github.com/tendermint/tendermint/state"
+	"github.com/tendermint/tendermint/store"
+	"github.com/tendermint/tendermint/types"
+)
+
+const (
+	// BlockchainChannel is a channel for blocks and status updates (`BlockStore` height)
+	BlockchainChannel = byte(0x40)
+	trySyncIntervalMS = 10
+	trySendIntervalMS = 10
+
+	// ask for best height every 10s
+	statusUpdateIntervalSeconds = 10
+
+	// NOTE: keep up to date with bcBlockResponseMessage
+	bcBlockResponseMessagePrefixSize   = 4
+	bcBlockResponseMessageFieldKeySize = 1
+	maxMsgSize                         = types.MaxBlockSizeBytes +
+		bcBlockResponseMessagePrefixSize +
+		bcBlockResponseMessageFieldKeySize
+)
+
+var (
+	// Maximum number of requests that can be pending per peer, i.e. for which requests have been sent but blocks
+	// have not been received.
+	maxRequestsPerPeer = 20
+	// Maximum number of block requests for the reactor, pending or for which blocks have been received.
+	maxNumRequests = 64
+)
+
+type consensusReactor interface {
+	// for when we switch from blockchain reactor and fast sync to
+	// the consensus machine
+	SwitchToConsensus(sm.State, int)
+}
+
+// BlockchainReactor handles long-term catchup syncing.
+type BlockchainReactor struct {
+	p2p.BaseReactor
+
+	initialState sm.State // immutable
+	state        sm.State
+
+	blockExec *sm.BlockExecutor
+	store     *store.BlockStore
+
+	fastSync bool
+
+	fsm          *BcReactorFSM
+	blocksSynced int
+
+	// Receive goroutine forwards messages to this channel to be processed in the context of the poolRoutine.
+	messagesForFSMCh chan bcReactorMessage
+
+	// Switch goroutine may send RemovePeer to the blockchain reactor. This is an error message that is relayed
+	// to this channel to be processed in the context of the poolRoutine.
+	errorsForFSMCh chan bcReactorMessage
+
+	// This channel is used by the FSM and indirectly the block pool to report errors to the blockchain reactor and
+	// the switch.
+	eventsFromFSMCh chan bcFsmMessage
+
+	swReporter *behaviour.SwitchReporter
+}
+
+// NewBlockchainReactor returns new reactor instance.
+func NewBlockchainReactor(state sm.State, blockExec *sm.BlockExecutor, store *store.BlockStore,
+	fastSync bool) *BlockchainReactor {
+
+	if state.LastBlockHeight != store.Height() {
+		panic(fmt.Sprintf("state (%v) and store (%v) height mismatch", state.LastBlockHeight,
+			store.Height()))
+	}
+
+	const capacity = 1000
+	eventsFromFSMCh := make(chan bcFsmMessage, capacity)
+	messagesForFSMCh := make(chan bcReactorMessage, capacity)
+	errorsForFSMCh := make(chan bcReactorMessage, capacity)
+
+	startHeight := store.Height() + 1
+	bcR := &BlockchainReactor{
+		initialState:     state,
+		state:            state,
+		blockExec:        blockExec,
+		fastSync:         fastSync,
+		store:            store,
+		messagesForFSMCh: messagesForFSMCh,
+		eventsFromFSMCh:  eventsFromFSMCh,
+		errorsForFSMCh:   errorsForFSMCh,
+	}
+	fsm := NewFSM(startHeight, bcR)
+	bcR.fsm = fsm
+	bcR.BaseReactor = *p2p.NewBaseReactor("BlockchainReactor", bcR)
+	//bcR.swReporter = behaviour.NewSwitcReporter(bcR.BaseReactor.Switch)
+
+	return bcR
+}
+
+// bcReactorMessage is used by the reactor to send messages to the FSM.
+type bcReactorMessage struct {
+	event bReactorEvent
+	data  bReactorEventData
+}
+
+type bFsmEvent uint
+
+const (
+	// message type events
+	peerErrorEv = iota + 1
+	syncFinishedEv
+)
+
+type bFsmEventData struct {
+	peerID p2p.ID
+	err    error
+}
+
+// bcFsmMessage is used by the FSM to send messages to the reactor
+type bcFsmMessage struct {
+	event bFsmEvent
+	data  bFsmEventData
+}
+
+// SetLogger implements cmn.Service by setting the logger on reactor and pool.
+func (bcR *BlockchainReactor) SetLogger(l log.Logger) {
+	bcR.BaseService.Logger = l
+	bcR.fsm.SetLogger(l)
+}
+
+// OnStart implements cmn.Service.
+func (bcR *BlockchainReactor) OnStart() error {
+	bcR.swReporter = behaviour.NewSwitcReporter(bcR.BaseReactor.Switch)
+	if bcR.fastSync {
+		go bcR.poolRoutine()
+	}
+	return nil
+}
+
+// OnStop implements cmn.Service.
+func (bcR *BlockchainReactor) OnStop() {
+	_ = bcR.Stop()
+}
+
+// GetChannels implements Reactor
+func (bcR *BlockchainReactor) GetChannels() []*p2p.ChannelDescriptor {
+	return []*p2p.ChannelDescriptor{
+		{
+			ID:                  BlockchainChannel,
+			Priority:            10,
+			SendQueueCapacity:   2000,
+			RecvBufferCapacity:  50 * 4096,
+			RecvMessageCapacity: maxMsgSize,
+		},
+	}
+}
+
+// AddPeer implements Reactor by sending our state to peer.
+func (bcR *BlockchainReactor) AddPeer(peer p2p.Peer) {
+	msgBytes := cdc.MustMarshalBinaryBare(&bcStatusResponseMessage{bcR.store.Height()})
+	peer.Send(BlockchainChannel, msgBytes)
+	// it's OK if send fails. will try later in poolRoutine
+
+	// peer is added to the pool once we receive the first
+	// bcStatusResponseMessage from the peer and call pool.updatePeer()
+}
+
+// sendBlockToPeer loads a block and sends it to the requesting peer.
+// If the block doesn't exist a bcNoBlockResponseMessage is sent.
+// If all nodes are honest, no node should be requesting for a block that doesn't exist.
+func (bcR *BlockchainReactor) sendBlockToPeer(msg *bcBlockRequestMessage,
+	src p2p.Peer) (queued bool) {
+
+	block := bcR.store.LoadBlock(msg.Height)
+	if block != nil {
+		msgBytes := cdc.MustMarshalBinaryBare(&bcBlockResponseMessage{Block: block})
+		return src.TrySend(BlockchainChannel, msgBytes)
+	}
+
+	bcR.Logger.Info("peer asking for a block we don't have", "src", src, "height", msg.Height)
+
+	msgBytes := cdc.MustMarshalBinaryBare(&bcNoBlockResponseMessage{Height: msg.Height})
+	return src.TrySend(BlockchainChannel, msgBytes)
+}
+
+func (bcR *BlockchainReactor) sendStatusResponseToPeer(msg *bcStatusRequestMessage, src p2p.Peer) (queued bool) {
+	msgBytes := cdc.MustMarshalBinaryBare(&bcStatusResponseMessage{bcR.store.Height()})
+	return src.TrySend(BlockchainChannel, msgBytes)
+}
+
+// RemovePeer implements Reactor by removing peer from the pool.
+func (bcR *BlockchainReactor) RemovePeer(peer p2p.Peer, reason interface{}) {
+	msgData := bcReactorMessage{
+		event: peerRemoveEv,
+		data: bReactorEventData{
+			peerID: peer.ID(),
+			err:    errSwitchRemovesPeer,
+		},
+	}
+	bcR.errorsForFSMCh <- msgData
+}
+
+// Receive implements Reactor by handling 4 types of messages (look below).
+func (bcR *BlockchainReactor) Receive(chID byte, src p2p.Peer, msgBytes []byte) {
+	msg, err := decodeMsg(msgBytes)
+	if err != nil {
+		bcR.Logger.Error("error decoding message",
+			"src", src, "chId", chID, "msg", msg, "err", err, "bytes", msgBytes)
+		_ = bcR.swReporter.Report(behaviour.BadMessage(src.ID(), err.Error()))
+		return
+	}
+
+	if err = msg.ValidateBasic(); err != nil {
+		bcR.Logger.Error("peer sent us invalid msg", "peer", src, "msg", msg, "err", err)
+		_ = bcR.swReporter.Report(behaviour.BadMessage(src.ID(), err.Error()))
+		return
+	}
+
+	bcR.Logger.Debug("Receive", "src", src, "chID", chID, "msg", msg)
+
+	switch msg := msg.(type) {
+	case *bcBlockRequestMessage:
+		if queued := bcR.sendBlockToPeer(msg, src); !queued {
+			// Unfortunately not queued since the queue is full.
+			bcR.Logger.Error("Could not send block message to peer", "src", src, "height", msg.Height)
+		}
+
+	case *bcStatusRequestMessage:
+		// Send peer our state.
+		if queued := bcR.sendStatusResponseToPeer(msg, src); !queued {
+			// Unfortunately not queued since the queue is full.
+			bcR.Logger.Error("Could not send status message to peer", "src", src)
+		}
+
+	case *bcBlockResponseMessage:
+		msgForFSM := bcReactorMessage{
+			event: blockResponseEv,
+			data: bReactorEventData{
+				peerID: src.ID(),
+				height: msg.Block.Height,
+				block:  msg.Block,
+				length: len(msgBytes),
+			},
+		}
+		bcR.Logger.Info("Received", "src", src, "height", msg.Block.Height)
+		bcR.messagesForFSMCh <- msgForFSM
+
+	case *bcStatusResponseMessage:
+		// Got a peer status. Unverified.
+		msgForFSM := bcReactorMessage{
+			event: statusResponseEv,
+			data: bReactorEventData{
+				peerID: src.ID(),
+				height: msg.Height,
+				length: len(msgBytes),
+			},
+		}
+		bcR.messagesForFSMCh <- msgForFSM
+
+	default:
+		bcR.Logger.Error(fmt.Sprintf("unknown message type %v", reflect.TypeOf(msg)))
+	}
+}
+
+// processBlocksRoutine processes blocks until signlaed to stop over the stopProcessing channel
+func (bcR *BlockchainReactor) processBlocksRoutine(stopProcessing chan struct{}) {
+
+	processReceivedBlockTicker := time.NewTicker(trySyncIntervalMS * time.Millisecond)
+	doProcessBlockCh := make(chan struct{}, 1)
+
+	lastHundred := time.Now()
+	lastRate := 0.0
+
+ForLoop:
+	for {
+		select {
+		case <-stopProcessing:
+			bcR.Logger.Info("finishing block execution")
+			break ForLoop
+		case <-processReceivedBlockTicker.C: // try to execute blocks
+			select {
+			case doProcessBlockCh <- struct{}{}:
+			default:
+			}
+		case <-doProcessBlockCh:
+			for {
+				err := bcR.processBlock()
+				if err == errMissingBlock {
+					break
+				}
+				// Notify FSM of block processing result.
+				msgForFSM := bcReactorMessage{
+					event: processedBlockEv,
+					data: bReactorEventData{
+						err: err,
+					},
+				}
+				_ = bcR.fsm.Handle(&msgForFSM)
+
+				if err != nil {
+					break
+				}
+
+				bcR.blocksSynced++
+				if bcR.blocksSynced%100 == 0 {
+					lastRate = 0.9*lastRate + 0.1*(100/time.Since(lastHundred).Seconds())
+					height, maxPeerHeight := bcR.fsm.Status()
+					bcR.Logger.Info("Fast Sync Rate", "height", height,
+						"max_peer_height", maxPeerHeight, "blocks/s", lastRate)
+					lastHundred = time.Now()
+				}
+			}
+		}
+	}
+}
+
+// poolRoutine receives and handles messages from the Receive() routine and from the FSM.
+func (bcR *BlockchainReactor) poolRoutine() {
+
+	bcR.fsm.Start()
+
+	sendBlockRequestTicker := time.NewTicker(trySendIntervalMS * time.Millisecond)
+	statusUpdateTicker := time.NewTicker(statusUpdateIntervalSeconds * time.Second)
+
+	stopProcessing := make(chan struct{}, 1)
+	go bcR.processBlocksRoutine(stopProcessing)
+
+ForLoop:
+	for {
+		select {
+
+		case <-sendBlockRequestTicker.C:
+			if !bcR.fsm.NeedsBlocks() {
+				continue
+			}
+			_ = bcR.fsm.Handle(&bcReactorMessage{
+				event: makeRequestsEv,
+				data: bReactorEventData{
+					maxNumRequests: maxNumRequests}})
+
+		case <-statusUpdateTicker.C:
+			// Ask for status updates.
+			go bcR.sendStatusRequest()
+
+		case msg := <-bcR.messagesForFSMCh:
+			// Sent from the Receive() routine when status (statusResponseEv) and
+			// block (blockResponseEv) response events are received
+			_ = bcR.fsm.Handle(&msg)
+
+		case msg := <-bcR.errorsForFSMCh:
+			// Sent from the switch.RemovePeer() routine (RemovePeerEv) and
+			// FSM state timer expiry routine (stateTimeoutEv).
+			_ = bcR.fsm.Handle(&msg)
+
+		case msg := <-bcR.eventsFromFSMCh:
+			switch msg.event {
+			case syncFinishedEv:
+				stopProcessing <- struct{}{}
+				// Sent from the FSM when it enters finished state.
+				break ForLoop
+			case peerErrorEv:
+				// Sent from the FSM when it detects peer error
+				bcR.reportPeerErrorToSwitch(msg.data.err, msg.data.peerID)
+				if msg.data.err == errNoPeerResponse {
+					// Sent from the peer timeout handler routine
+					_ = bcR.fsm.Handle(&bcReactorMessage{
+						event: peerRemoveEv,
+						data: bReactorEventData{
+							peerID: msg.data.peerID,
+							err:    msg.data.err,
+						},
+					})
+				}
+				// else {
+				// For slow peers, or errors due to blocks received from wrong peer
+				// the FSM had already removed the peers
+				// }
+			default:
+				bcR.Logger.Error("Event from FSM not supported", "type", msg.event)
+			}
+
+		case <-bcR.Quit():
+			break ForLoop
+		}
+	}
+}
+
+func (bcR *BlockchainReactor) reportPeerErrorToSwitch(err error, peerID p2p.ID) {
+	peer := bcR.Switch.Peers().Get(peerID)
+	if peer != nil {
+		_ = bcR.swReporter.Report(behaviour.BadMessage(peerID, err.Error()))
+	}
+}
+
+func (bcR *BlockchainReactor) processBlock() error {
+
+	first, second, err := bcR.fsm.FirstTwoBlocks()
+	if err != nil {
+		// We need both to sync the first block.
+		return err
+	}
+
+	chainID := bcR.initialState.ChainID
+
+	firstParts := first.MakePartSet(types.BlockPartSizeBytes)
+	firstPartsHeader := firstParts.Header()
+	firstID := types.BlockID{Hash: first.Hash(), PartsHeader: firstPartsHeader}
+	// Finally, verify the first block using the second's commit
+	// NOTE: we can probably make this more efficient, but note that calling
+	// first.Hash() doesn't verify the tx contents, so MakePartSet() is
+	// currently necessary.
+	err = bcR.state.Validators.VerifyCommit(chainID, firstID, first.Height, second.LastCommit)
+	if err != nil {
+		bcR.Logger.Error("error during commit verification", "err", err,
+			"first", first.Height, "second", second.Height)
+		return errBlockVerificationFailure
+	}
+
+	bcR.store.SaveBlock(first, firstParts, second.LastCommit)
+
+	bcR.state, err = bcR.blockExec.ApplyBlock(bcR.state, firstID, first)
+	if err != nil {
+		panic(fmt.Sprintf("failed to process committed block (%d:%X): %v", first.Height, first.Hash(), err))
+	}
+
+	return nil
+}
+
+// Implements bcRNotifier
+// sendStatusRequest broadcasts `BlockStore` height.
+func (bcR *BlockchainReactor) sendStatusRequest() {
+	msgBytes := cdc.MustMarshalBinaryBare(&bcStatusRequestMessage{bcR.store.Height()})
+	bcR.Switch.Broadcast(BlockchainChannel, msgBytes)
+}
+
+// Implements bcRNotifier
+// BlockRequest sends `BlockRequest` height.
+func (bcR *BlockchainReactor) sendBlockRequest(peerID p2p.ID, height int64) error {
+	peer := bcR.Switch.Peers().Get(peerID)
+	if peer == nil {
+		return errNilPeerForBlockRequest
+	}
+
+	msgBytes := cdc.MustMarshalBinaryBare(&bcBlockRequestMessage{height})
+	queued := peer.TrySend(BlockchainChannel, msgBytes)
+	if !queued {
+		return errSendQueueFull
+	}
+	return nil
+}
+
+// Implements bcRNotifier
+func (bcR *BlockchainReactor) switchToConsensus() {
+	conR, ok := bcR.Switch.Reactor("CONSENSUS").(consensusReactor)
+	if ok {
+		conR.SwitchToConsensus(bcR.state, bcR.blocksSynced)
+		bcR.eventsFromFSMCh <- bcFsmMessage{event: syncFinishedEv}
+	}
+	// else {
+	// Should only happen during testing.
+	// }
+}
+
+// Implements bcRNotifier
+// Called by FSM and pool:
+// - pool calls when it detects slow peer or when peer times out
+// - FSM calls when:
+//    - adding a block (addBlock) fails
+//    - reactor processing of a block reports failure and FSM sends back the peers of first and second blocks
+func (bcR *BlockchainReactor) sendPeerError(err error, peerID p2p.ID) {
+	bcR.Logger.Info("sendPeerError:", "peer", peerID, "error", err)
+	msgData := bcFsmMessage{
+		event: peerErrorEv,
+		data: bFsmEventData{
+			peerID: peerID,
+			err:    err,
+		},
+	}
+	bcR.eventsFromFSMCh <- msgData
+}
+
+// Implements bcRNotifier
+func (bcR *BlockchainReactor) resetStateTimer(name string, timer **time.Timer, timeout time.Duration) {
+	if timer == nil {
+		panic("nil timer pointer parameter")
+	}
+	if *timer == nil {
+		*timer = time.AfterFunc(timeout, func() {
+			msg := bcReactorMessage{
+				event: stateTimeoutEv,
+				data: bReactorEventData{
+					stateName: name,
+				},
+			}
+			bcR.errorsForFSMCh <- msg
+		})
+	} else {
+		(*timer).Reset(timeout)
+	}
+}
+
+//-----------------------------------------------------------------------------
+// Messages
+
+// BlockchainMessage is a generic message for this reactor.
+type BlockchainMessage interface {
+	ValidateBasic() error
+}
+
+// RegisterBlockchainMessages registers the fast sync messages for amino encoding.
+func RegisterBlockchainMessages(cdc *amino.Codec) {
+	cdc.RegisterInterface((*BlockchainMessage)(nil), nil)
+	cdc.RegisterConcrete(&bcBlockRequestMessage{}, "tendermint/blockchain/BlockRequest", nil)
+	cdc.RegisterConcrete(&bcBlockResponseMessage{}, "tendermint/blockchain/BlockResponse", nil)
+	cdc.RegisterConcrete(&bcNoBlockResponseMessage{}, "tendermint/blockchain/NoBlockResponse", nil)
+	cdc.RegisterConcrete(&bcStatusResponseMessage{}, "tendermint/blockchain/StatusResponse", nil)
+	cdc.RegisterConcrete(&bcStatusRequestMessage{}, "tendermint/blockchain/StatusRequest", nil)
+}
+
+func decodeMsg(bz []byte) (msg BlockchainMessage, err error) {
+	if len(bz) > maxMsgSize {
+		return msg, fmt.Errorf("msg exceeds max size (%d > %d)", len(bz), maxMsgSize)
+	}
+	err = cdc.UnmarshalBinaryBare(bz, &msg)
+	return
+}
+
+//-------------------------------------
+
+type bcBlockRequestMessage struct {
+	Height int64
+}
+
+// ValidateBasic performs basic validation.
+func (m *bcBlockRequestMessage) ValidateBasic() error {
+	if m.Height < 0 {
+		return errors.New("negative Height")
+	}
+	return nil
+}
+
+func (m *bcBlockRequestMessage) String() string {
+	return fmt.Sprintf("[bcBlockRequestMessage %v]", m.Height)
+}
+
+type bcNoBlockResponseMessage struct {
+	Height int64
+}
+
+// ValidateBasic performs basic validation.
+func (m *bcNoBlockResponseMessage) ValidateBasic() error {
+	if m.Height < 0 {
+		return errors.New("negative Height")
+	}
+	return nil
+}
+
+func (m *bcNoBlockResponseMessage) String() string {
+	return fmt.Sprintf("[bcNoBlockResponseMessage %d]", m.Height)
+}
+
+//-------------------------------------
+
+type bcBlockResponseMessage struct {
+	Block *types.Block
+}
+
+// ValidateBasic performs basic validation.
+func (m *bcBlockResponseMessage) ValidateBasic() error {
+	return m.Block.ValidateBasic()
+}
+
+func (m *bcBlockResponseMessage) String() string {
+	return fmt.Sprintf("[bcBlockResponseMessage %v]", m.Block.Height)
+}
+
+//-------------------------------------
+
+type bcStatusRequestMessage struct {
+	Height int64
+}
+
+// ValidateBasic performs basic validation.
+func (m *bcStatusRequestMessage) ValidateBasic() error {
+	if m.Height < 0 {
+		return errors.New("negative Height")
+	}
+	return nil
+}
+
+func (m *bcStatusRequestMessage) String() string {
+	return fmt.Sprintf("[bcStatusRequestMessage %v]", m.Height)
+}
+
+//-------------------------------------
+
+type bcStatusResponseMessage struct {
+	Height int64
+}
+
+// ValidateBasic performs basic validation.
+func (m *bcStatusResponseMessage) ValidateBasic() error {
+	if m.Height < 0 {
+		return errors.New("negative Height")
+	}
+	return nil
+}
+
+func (m *bcStatusResponseMessage) String() string {
+	return fmt.Sprintf("[bcStatusResponseMessage %v]", m.Height)
+}
--- a/blockchain/v1/reactor_fsm.go
+++ b/blockchain/v1/reactor_fsm.go
@@ -0,0 +1,450 @@
+package v1
+
+import (
+	"errors"
+	"fmt"
+	"sync"
+	"time"
+
+	"github.com/tendermint/tendermint/libs/log"
+	"github.com/tendermint/tendermint/p2p"
+	"github.com/tendermint/tendermint/types"
+)
+
+// Blockchain Reactor State
+type bcReactorFSMState struct {
+	name string
+
+	// called when transitioning out of current state
+	handle func(*BcReactorFSM, bReactorEvent, bReactorEventData) (next *bcReactorFSMState, err error)
+	// called when entering the state
+	enter func(fsm *BcReactorFSM)
+
+	// timeout to ensure FSM is not stuck in a state forever
+	// the timer is owned and run by the fsm instance
+	timeout time.Duration
+}
+
+func (s *bcReactorFSMState) String() string {
+	return s.name
+}
+
+// BcReactorFSM is the datastructure for the Blockchain Reactor State Machine
+type BcReactorFSM struct {
+	logger log.Logger
+	mtx    sync.Mutex
+
+	startTime time.Time
+
+	state      *bcReactorFSMState
+	stateTimer *time.Timer
+	pool       *BlockPool
+
+	// interface used to call the Blockchain reactor to send StatusRequest, BlockRequest, reporting errors, etc.
+	toBcR bcReactor
+}
+
+// NewFSM creates a new reactor FSM.
+func NewFSM(height int64, toBcR bcReactor) *BcReactorFSM {
+	return &BcReactorFSM{
+		state:     unknown,
+		startTime: time.Now(),
+		pool:      NewBlockPool(height, toBcR),
+		toBcR:     toBcR,
+	}
+}
+
+// bReactorEventData is part of the message sent by the reactor to the FSM and used by the state handlers.
+type bReactorEventData struct {
+	peerID         p2p.ID
+	err            error        // for peer error: timeout, slow; for processed block event if error occurred
+	height         int64        // for status response; for processed block event
+	block          *types.Block // for block response
+	stateName      string       // for state timeout events
+	length         int          // for block response event, length of received block, used to detect slow peers
+	maxNumRequests int          // for request needed event, maximum number of pending requests
+}
+
+// Blockchain Reactor Events (the input to the state machine)
+type bReactorEvent uint
+
+const (
+	// message type events
+	startFSMEv = iota + 1
+	statusResponseEv
+	blockResponseEv
+	processedBlockEv
+	makeRequestsEv
+	stopFSMEv
+
+	// other events
+	peerRemoveEv = iota + 256
+	stateTimeoutEv
+)
+
+func (msg *bcReactorMessage) String() string {
+	var dataStr string
+
+	switch msg.event {
+	case startFSMEv:
+		dataStr = ""
+	case statusResponseEv:
+		dataStr = fmt.Sprintf("peer=%v height=%v", msg.data.peerID, msg.data.height)
+	case blockResponseEv:
+		dataStr = fmt.Sprintf("peer=%v block.height=%v length=%v",
+			msg.data.peerID, msg.data.block.Height, msg.data.length)
+	case processedBlockEv:
+		dataStr = fmt.Sprintf("error=%v", msg.data.err)
+	case makeRequestsEv:
+		dataStr = ""
+	case stopFSMEv:
+		dataStr = ""
+	case peerRemoveEv:
+		dataStr = fmt.Sprintf("peer: %v is being removed by the switch", msg.data.peerID)
+	case stateTimeoutEv:
+		dataStr = fmt.Sprintf("state=%v", msg.data.stateName)
+	default:
+		dataStr = fmt.Sprintf("cannot interpret message data")
+	}
+
+	return fmt.Sprintf("%v: %v", msg.event, dataStr)
+}
+
+func (ev bReactorEvent) String() string {
+	switch ev {
+	case startFSMEv:
+		return "startFSMEv"
+	case statusResponseEv:
+		return "statusResponseEv"
+	case blockResponseEv:
+		return "blockResponseEv"
+	case processedBlockEv:
+		return "processedBlockEv"
+	case makeRequestsEv:
+		return "makeRequestsEv"
+	case stopFSMEv:
+		return "stopFSMEv"
+	case peerRemoveEv:
+		return "peerRemoveEv"
+	case stateTimeoutEv:
+		return "stateTimeoutEv"
+	default:
+		return "event unknown"
+	}
+
+}
+
+// states
+var (
+	unknown      *bcReactorFSMState
+	waitForPeer  *bcReactorFSMState
+	waitForBlock *bcReactorFSMState
+	finished     *bcReactorFSMState
+)
+
+// timeouts for state timers
+const (
+	waitForPeerTimeout                 = 3 * time.Second
+	waitForBlockAtCurrentHeightTimeout = 10 * time.Second
+)
+
+// errors
+var (
+	// internal to the package
+	errNoErrorFinished        = errors.New("fast sync is finished")
+	errInvalidEvent           = errors.New("invalid event in current state")
+	errMissingBlock           = errors.New("missing blocks")
+	errNilPeerForBlockRequest = errors.New("peer for block request does not exist in the switch")
+	errSendQueueFull          = errors.New("block request not made, send-queue is full")
+	errPeerTooShort           = errors.New("peer height too low, old peer removed/ new peer not added")
+	errSwitchRemovesPeer      = errors.New("switch is removing peer")
+	errTimeoutEventWrongState = errors.New("timeout event for a state different than the current one")
+	errNoTallerPeer           = errors.New("fast sync timed out on waiting for a peer taller than this node")
+
+	// reported eventually to the switch
+	errPeerLowersItsHeight             = errors.New("fast sync peer reports a height lower than previous")            // handle return
+	errNoPeerResponseForCurrentHeights = errors.New("fast sync timed out on peer block response for current heights") // handle return
+	errNoPeerResponse                  = errors.New("fast sync timed out on peer block response")                     // xx
+	errBadDataFromPeer                 = errors.New("fast sync received block from wrong peer or block is bad")       // xx
+	errDuplicateBlock                  = errors.New("fast sync received duplicate block from peer")
+	errBlockVerificationFailure        = errors.New("fast sync block verification failure")              // xx
+	errSlowPeer                        = errors.New("fast sync peer is not sending us data fast enough") // xx
+
+)
+
+func init() {
+	unknown = &bcReactorFSMState{
+		name: "unknown",
+		handle: func(fsm *BcReactorFSM, ev bReactorEvent, data bReactorEventData) (*bcReactorFSMState, error) {
+			switch ev {
+			case startFSMEv:
+				// Broadcast Status message. Currently doesn't return non-nil error.
+				fsm.toBcR.sendStatusRequest()
+				return waitForPeer, nil
+
+			case stopFSMEv:
+				return finished, errNoErrorFinished
+
+			default:
+				return unknown, errInvalidEvent
+			}
+		},
+	}
+
+	waitForPeer = &bcReactorFSMState{
+		name:    "waitForPeer",
+		timeout: waitForPeerTimeout,
+		enter: func(fsm *BcReactorFSM) {
+			// Stop when leaving the state.
+			fsm.resetStateTimer()
+		},
+		handle: func(fsm *BcReactorFSM, ev bReactorEvent, data bReactorEventData) (*bcReactorFSMState, error) {
+			switch ev {
+			case stateTimeoutEv:
+				if data.stateName != "waitForPeer" {
+					fsm.logger.Error("received a state timeout event for different state",
+						"state", data.stateName)
+					return waitForPeer, errTimeoutEventWrongState
+				}
+				// There was no statusResponse received from any peer.
+				// Should we send status request again?
+				return finished, errNoTallerPeer
+
+			case statusResponseEv:
+				if err := fsm.pool.UpdatePeer(data.peerID, data.height); err != nil {
+					if fsm.pool.NumPeers() == 0 {
+						return waitForPeer, err
+					}
+				}
+				if fsm.stateTimer != nil {
+					fsm.stateTimer.Stop()
+				}
+				return waitForBlock, nil
+
+			case stopFSMEv:
+				if fsm.stateTimer != nil {
+					fsm.stateTimer.Stop()
+				}
+				return finished, errNoErrorFinished
+
+			default:
+				return waitForPeer, errInvalidEvent
+			}
+		},
+	}
+
+	waitForBlock = &bcReactorFSMState{
+		name:    "waitForBlock",
+		timeout: waitForBlockAtCurrentHeightTimeout,
+		enter: func(fsm *BcReactorFSM) {
+			// Stop when leaving the state.
+			fsm.resetStateTimer()
+		},
+		handle: func(fsm *BcReactorFSM, ev bReactorEvent, data bReactorEventData) (*bcReactorFSMState, error) {
+			switch ev {
+
+			case statusResponseEv:
+				err := fsm.pool.UpdatePeer(data.peerID, data.height)
+				if fsm.pool.NumPeers() == 0 {
+					return waitForPeer, err
+				}
+				if fsm.pool.ReachedMaxHeight() {
+					return finished, err
+				}
+				return waitForBlock, err
+
+			case blockResponseEv:
+				fsm.logger.Debug("blockResponseEv", "H", data.block.Height)
+				err := fsm.pool.AddBlock(data.peerID, data.block, data.length)
+				if err != nil {
+					// A block was received that was unsolicited, from unexpected peer, or that we already have it.
+					// Ignore block, remove peer and send error to switch.
+					fsm.pool.RemovePeer(data.peerID, err)
+					fsm.toBcR.sendPeerError(err, data.peerID)
+				}
+				if fsm.pool.NumPeers() == 0 {
+					return waitForPeer, err
+				}
+				return waitForBlock, err
+
+			case processedBlockEv:
+				if data.err != nil {
+					first, second, _ := fsm.pool.FirstTwoBlocksAndPeers()
+					fsm.logger.Error("error processing block", "err", data.err,
+						"first", first.block.Height, "second", second.block.Height)
+					fsm.logger.Error("send peer error for", "peer", first.peer.ID)
+					fsm.toBcR.sendPeerError(data.err, first.peer.ID)
+					fsm.logger.Error("send peer error for", "peer", second.peer.ID)
+					fsm.toBcR.sendPeerError(data.err, second.peer.ID)
+					// Remove the first two blocks. This will also remove the peers
+					fsm.pool.InvalidateFirstTwoBlocks(data.err)
+				} else {
+					fsm.pool.ProcessedCurrentHeightBlock()
+					// Since we advanced one block reset the state timer
+					fsm.resetStateTimer()
+				}
+
+				// Both cases above may result in achieving maximum height.
+				if fsm.pool.ReachedMaxHeight() {
+					return finished, nil
+				}
+
+				return waitForBlock, data.err
+
+			case peerRemoveEv:
+				// This event is sent by the switch to remove disconnected and errored peers.
+				fsm.pool.RemovePeer(data.peerID, data.err)
+				if fsm.pool.NumPeers() == 0 {
+					return waitForPeer, nil
+				}
+				if fsm.pool.ReachedMaxHeight() {
+					return finished, nil
+				}
+				return waitForBlock, nil
+
+			case makeRequestsEv:
+				fsm.makeNextRequests(data.maxNumRequests)
+				return waitForBlock, nil
+
+			case stateTimeoutEv:
+				if data.stateName != "waitForBlock" {
+					fsm.logger.Error("received a state timeout event for different state",
+						"state", data.stateName)
+					return waitForBlock, errTimeoutEventWrongState
+				}
+				// We haven't received the block at current height or height+1. Remove peer.
+				fsm.pool.RemovePeerAtCurrentHeights(errNoPeerResponseForCurrentHeights)
+				fsm.resetStateTimer()
+				if fsm.pool.NumPeers() == 0 {
+					return waitForPeer, errNoPeerResponseForCurrentHeights
+				}
+				if fsm.pool.ReachedMaxHeight() {
+					return finished, nil
+				}
+				return waitForBlock, errNoPeerResponseForCurrentHeights
+
+			case stopFSMEv:
+				if fsm.stateTimer != nil {
+					fsm.stateTimer.Stop()
+				}
+				return finished, errNoErrorFinished
+
+			default:
+				return waitForBlock, errInvalidEvent
+			}
+		},
+	}
+
+	finished = &bcReactorFSMState{
+		name: "finished",
+		enter: func(fsm *BcReactorFSM) {
+			fsm.logger.Info("Time to switch to consensus reactor!", "height", fsm.pool.Height)
+			fsm.toBcR.switchToConsensus()
+			fsm.cleanup()
+		},
+		handle: func(fsm *BcReactorFSM, ev bReactorEvent, data bReactorEventData) (*bcReactorFSMState, error) {
+			return finished, nil
+		},
+	}
+}
+
+// Interface used by FSM for sending Block and Status requests,
+// informing of peer errors and state timeouts
+// Implemented by BlockchainReactor and tests
+type bcReactor interface {
+	sendStatusRequest()
+	sendBlockRequest(peerID p2p.ID, height int64) error
+	sendPeerError(err error, peerID p2p.ID)
+	resetStateTimer(name string, timer **time.Timer, timeout time.Duration)
+	switchToConsensus()
+}
+
+// SetLogger sets the FSM logger.
+func (fsm *BcReactorFSM) SetLogger(l log.Logger) {
+	fsm.logger = l
+	fsm.pool.SetLogger(l)
+}
+
+// Start starts the FSM.
+func (fsm *BcReactorFSM) Start() {
+	_ = fsm.Handle(&bcReactorMessage{event: startFSMEv})
+}
+
+// Handle processes messages and events sent to the FSM.
+func (fsm *BcReactorFSM) Handle(msg *bcReactorMessage) error {
+	fsm.mtx.Lock()
+	defer fsm.mtx.Unlock()
+	fsm.logger.Debug("FSM received", "event", msg, "state", fsm.state)
+
+	if fsm.state == nil {
+		fsm.state = unknown
+	}
+	next, err := fsm.state.handle(fsm, msg.event, msg.data)
+	if err != nil {
+		fsm.logger.Error("FSM event handler returned", "err", err,
+			"state", fsm.state, "event", msg.event)
+	}
+
+	oldState := fsm.state.name
+	fsm.transition(next)
+	if oldState != fsm.state.name {
+		fsm.logger.Info("FSM changed state", "new_state", fsm.state)
+	}
+	return err
+}
+
+func (fsm *BcReactorFSM) transition(next *bcReactorFSMState) {
+	if next == nil {
+		return
+	}
+	if fsm.state != next {
+		fsm.state = next
+		if next.enter != nil {
+			next.enter(fsm)
+		}
+	}
+}
+
+// Called when entering an FSM state in order to detect lack of progress in the state machine.
+// Note the use of the 'bcr' interface to facilitate testing without timer expiring.
+func (fsm *BcReactorFSM) resetStateTimer() {
+	fsm.toBcR.resetStateTimer(fsm.state.name, &fsm.stateTimer, fsm.state.timeout)
+}
+
+func (fsm *BcReactorFSM) isCaughtUp() bool {
+	return fsm.state == finished
+}
+
+func (fsm *BcReactorFSM) makeNextRequests(maxNumRequests int) {
+	fsm.pool.MakeNextRequests(maxNumRequests)
+}
+
+func (fsm *BcReactorFSM) cleanup() {
+	fsm.pool.Cleanup()
+}
+
+// NeedsBlocks checks if more block requests are required.
+func (fsm *BcReactorFSM) NeedsBlocks() bool {
+	fsm.mtx.Lock()
+	defer fsm.mtx.Unlock()
+	return fsm.state.name == "waitForBlock" && fsm.pool.NeedsBlocks()
+}
+
+// FirstTwoBlocks returns the two blocks at pool height and height+1
+func (fsm *BcReactorFSM) FirstTwoBlocks() (first, second *types.Block, err error) {
+	fsm.mtx.Lock()
+	defer fsm.mtx.Unlock()
+	firstBP, secondBP, err := fsm.pool.FirstTwoBlocksAndPeers()
+	if err == nil {
+		first = firstBP.block
+		second = secondBP.block
+	}
+	return
+}
+
+// Status returns the pool's height and the maximum peer height.
+func (fsm *BcReactorFSM) Status() (height, maxPeerHeight int64) {
+	fsm.mtx.Lock()
+	defer fsm.mtx.Unlock()
+	return fsm.pool.Height, fsm.pool.MaxPeerHeight
+}
--- a/blockchain/v1/reactor_fsm_test.go
+++ b/blockchain/v1/reactor_fsm_test.go
@@ -0,0 +1,938 @@
+package v1
+
+import (
+	"fmt"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+	cmn "github.com/tendermint/tendermint/libs/common"
+	"github.com/tendermint/tendermint/libs/log"
+	"github.com/tendermint/tendermint/p2p"
+	"github.com/tendermint/tendermint/types"
+)
+
+type lastBlockRequestT struct {
+	peerID p2p.ID
+	height int64
+}
+
+type lastPeerErrorT struct {
+	peerID p2p.ID
+	err    error
+}
+
+// reactor for FSM testing
+type testReactor struct {
+	logger            log.Logger
+	fsm               *BcReactorFSM
+	numStatusRequests int
+	numBlockRequests  int
+	lastBlockRequest  lastBlockRequestT
+	lastPeerError     lastPeerErrorT
+	stateTimerStarts  map[string]int
+}
+
+func sendEventToFSM(fsm *BcReactorFSM, ev bReactorEvent, data bReactorEventData) error {
+	return fsm.Handle(&bcReactorMessage{event: ev, data: data})
+}
+
+type fsmStepTestValues struct {
+	currentState string
+	event        bReactorEvent
+	data         bReactorEventData
+
+	wantErr           error
+	wantState         string
+	wantStatusReqSent bool
+	wantReqIncreased  bool
+	wantNewBlocks     []int64
+	wantRemovedPeers  []p2p.ID
+}
+
+// ---------------------------------------------------------------------------
+// helper test function for different FSM events, state and expected behavior
+func sStopFSMEv(current, expected string) fsmStepTestValues {
+	return fsmStepTestValues{
+		currentState: current,
+		event:        stopFSMEv,
+		wantState:    expected,
+		wantErr:      errNoErrorFinished}
+}
+
+func sUnknownFSMEv(current string) fsmStepTestValues {
+	return fsmStepTestValues{
+		currentState: current,
+		event:        1234,
+		wantState:    current,
+		wantErr:      errInvalidEvent}
+}
+
+func sStartFSMEv() fsmStepTestValues {
+	return fsmStepTestValues{
+		currentState:      "unknown",
+		event:             startFSMEv,
+		wantState:         "waitForPeer",
+		wantStatusReqSent: true}
+}
+
+func sStateTimeoutEv(current, expected string, timedoutState string, wantErr error) fsmStepTestValues {
+	return fsmStepTestValues{
+		currentState: current,
+		event:        stateTimeoutEv,
+		data: bReactorEventData{
+			stateName: timedoutState,
+		},
+		wantState: expected,
+		wantErr:   wantErr,
+	}
+}
+
+func sProcessedBlockEv(current, expected string, reactorError error) fsmStepTestValues {
+	return fsmStepTestValues{
+		currentState: current,
+		event:        processedBlockEv,
+		data: bReactorEventData{
+			err: reactorError,
+		},
+		wantState: expected,
+		wantErr:   reactorError,
+	}
+}
+
+func sStatusEv(current, expected string, peerID p2p.ID, height int64, err error) fsmStepTestValues {
+	return fsmStepTestValues{
+		currentState: current,
+		event:        statusResponseEv,
+		data:         bReactorEventData{peerID: peerID, height: height},
+		wantState:    expected,
+		wantErr:      err}
+}
+
+func sMakeRequestsEv(current, expected string, maxPendingRequests int) fsmStepTestValues {
+	return fsmStepTestValues{
+		currentState:     current,
+		event:            makeRequestsEv,
+		data:             bReactorEventData{maxNumRequests: maxPendingRequests},
+		wantState:        expected,
+		wantReqIncreased: true,
+	}
+}
+
+func sMakeRequestsEvErrored(current, expected string,
+	maxPendingRequests int, err error, peersRemoved []p2p.ID) fsmStepTestValues {
+	return fsmStepTestValues{
+		currentState:     current,
+		event:            makeRequestsEv,
+		data:             bReactorEventData{maxNumRequests: maxPendingRequests},
+		wantState:        expected,
+		wantErr:          err,
+		wantRemovedPeers: peersRemoved,
+		wantReqIncreased: true,
+	}
+}
+
+func sBlockRespEv(current, expected string, peerID p2p.ID, height int64, prevBlocks []int64) fsmStepTestValues {
+	txs := []types.Tx{types.Tx("foo"), types.Tx("bar")}
+	return fsmStepTestValues{
+		currentState: current,
+		event:        blockResponseEv,
+		data: bReactorEventData{
+			peerID: peerID,
+			height: height,
+			block:  types.MakeBlock(int64(height), txs, nil, nil),
+			length: 100},
+		wantState:     expected,
+		wantNewBlocks: append(prevBlocks, height),
+	}
+}
+
+func sBlockRespEvErrored(current, expected string,
+	peerID p2p.ID, height int64, prevBlocks []int64, wantErr error, peersRemoved []p2p.ID) fsmStepTestValues {
+	txs := []types.Tx{types.Tx("foo"), types.Tx("bar")}
+
+	return fsmStepTestValues{
+		currentState: current,
+		event:        blockResponseEv,
+		data: bReactorEventData{
+			peerID: peerID,
+			height: height,
+			block:  types.MakeBlock(int64(height), txs, nil, nil),
+			length: 100},
+		wantState:        expected,
+		wantErr:          wantErr,
+		wantRemovedPeers: peersRemoved,
+		wantNewBlocks:    prevBlocks,
+	}
+}
+
+func sPeerRemoveEv(current, expected string, peerID p2p.ID, err error, peersRemoved []p2p.ID) fsmStepTestValues {
+	return fsmStepTestValues{
+		currentState: current,
+		event:        peerRemoveEv,
+		data: bReactorEventData{
+			peerID: peerID,
+			err:    err,
+		},
+		wantState:        expected,
+		wantRemovedPeers: peersRemoved,
+	}
+}
+
+// --------------------------------------------
+
+func newTestReactor(height int64) *testReactor {
+	testBcR := &testReactor{logger: log.TestingLogger(), stateTimerStarts: make(map[string]int)}
+	testBcR.fsm = NewFSM(height, testBcR)
+	testBcR.fsm.SetLogger(testBcR.logger)
+	return testBcR
+}
+
+func fixBlockResponseEvStep(step *fsmStepTestValues, testBcR *testReactor) {
+	// There is currently no good way to know to which peer a block request was sent.
+	// So in some cases where it does not matter, before we simulate a block response
+	// we cheat and look where it is expected from.
+	if step.event == blockResponseEv {
+		height := step.data.height
+		peerID, ok := testBcR.fsm.pool.blocks[height]
+		if ok {
+			step.data.peerID = peerID
+		}
+	}
+}
+
+type testFields struct {
+	name               string
+	startingHeight     int64
+	maxRequestsPerPeer int
+	maxPendingRequests int
+	steps              []fsmStepTestValues
+}
+
+func executeFSMTests(t *testing.T, tests []testFields, matchRespToReq bool) {
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			// Create test reactor
+			testBcR := newTestReactor(tt.startingHeight)
+
+			if tt.maxRequestsPerPeer != 0 {
+				maxRequestsPerPeer = tt.maxRequestsPerPeer
+			}
+
+			for _, step := range tt.steps {
+				assert.Equal(t, step.currentState, testBcR.fsm.state.name)
+
+				var heightBefore int64
+				if step.event == processedBlockEv && step.data.err == errBlockVerificationFailure {
+					heightBefore = testBcR.fsm.pool.Height
+				}
+				oldNumStatusRequests := testBcR.numStatusRequests
+				oldNumBlockRequests := testBcR.numBlockRequests
+				if matchRespToReq {
+					fixBlockResponseEvStep(&step, testBcR)
+				}
+
+				fsmErr := sendEventToFSM(testBcR.fsm, step.event, step.data)
+				assert.Equal(t, step.wantErr, fsmErr)
+
+				if step.wantStatusReqSent {
+					assert.Equal(t, oldNumStatusRequests+1, testBcR.numStatusRequests)
+				} else {
+					assert.Equal(t, oldNumStatusRequests, testBcR.numStatusRequests)
+				}
+
+				if step.wantReqIncreased {
+					assert.True(t, oldNumBlockRequests < testBcR.numBlockRequests)
+				} else {
+					assert.Equal(t, oldNumBlockRequests, testBcR.numBlockRequests)
+				}
+
+				for _, height := range step.wantNewBlocks {
+					_, err := testBcR.fsm.pool.BlockAndPeerAtHeight(height)
+					assert.Nil(t, err)
+				}
+				if step.event == processedBlockEv && step.data.err == errBlockVerificationFailure {
+					heightAfter := testBcR.fsm.pool.Height
+					assert.Equal(t, heightBefore, heightAfter)
+					firstAfter, err1 := testBcR.fsm.pool.BlockAndPeerAtHeight(testBcR.fsm.pool.Height)
+					secondAfter, err2 := testBcR.fsm.pool.BlockAndPeerAtHeight(testBcR.fsm.pool.Height + 1)
+					assert.NotNil(t, err1)
+					assert.NotNil(t, err2)
+					assert.Nil(t, firstAfter)
+					assert.Nil(t, secondAfter)
+				}
+
+				assert.Equal(t, step.wantState, testBcR.fsm.state.name)
+
+				if step.wantState == "finished" {
+					assert.True(t, testBcR.fsm.isCaughtUp())
+				}
+			}
+		})
+	}
+}
+
+func TestFSMBasic(t *testing.T) {
+	tests := []testFields{
+		{
+			name:               "one block, one peer - TS2",
+			startingHeight:     1,
+			maxRequestsPerPeer: 2,
+			steps: []fsmStepTestValues{
+				sStartFSMEv(),
+				sStatusEv("waitForPeer", "waitForBlock", "P1", 2, nil),
+				sMakeRequestsEv("waitForBlock", "waitForBlock", maxNumRequests),
+				sBlockRespEv("waitForBlock", "waitForBlock", "P1", 1, []int64{}),
+				sBlockRespEv("waitForBlock", "waitForBlock", "P2", 2, []int64{1}),
+				sProcessedBlockEv("waitForBlock", "finished", nil),
+			},
+		},
+		{
+			name:               "multi block, multi peer - TS2",
+			startingHeight:     1,
+			maxRequestsPerPeer: 2,
+			steps: []fsmStepTestValues{
+				sStartFSMEv(),
+				sStatusEv("waitForPeer", "waitForBlock", "P1", 4, nil),
+				sStatusEv("waitForBlock", "waitForBlock", "P2", 4, nil),
+				sMakeRequestsEv("waitForBlock", "waitForBlock", maxNumRequests),
+
+				sBlockRespEv("waitForBlock", "waitForBlock", "P1", 1, []int64{}),
+				sBlockRespEv("waitForBlock", "waitForBlock", "P1", 2, []int64{1}),
+				sBlockRespEv("waitForBlock", "waitForBlock", "P2", 3, []int64{1, 2}),
+				sBlockRespEv("waitForBlock", "waitForBlock", "P2", 4, []int64{1, 2, 3}),
+
+				sProcessedBlockEv("waitForBlock", "waitForBlock", nil),
+				sProcessedBlockEv("waitForBlock", "waitForBlock", nil),
+				sProcessedBlockEv("waitForBlock", "finished", nil),
+			},
+		},
+	}
+
+	executeFSMTests(t, tests, true)
+}
+
+func TestFSMBlockVerificationFailure(t *testing.T) {
+	tests := []testFields{
+		{
+			name:               "block verification failure - TS2 variant",
+			startingHeight:     1,
+			maxRequestsPerPeer: 3,
+			steps: []fsmStepTestValues{
+				sStartFSMEv(),
+
+				// add P1 and get blocks 1-3 from it
+				sStatusEv("waitForPeer", "waitForBlock", "P1", 3, nil),
+				sMakeRequestsEv("waitForBlock", "waitForBlock", maxNumRequests),
+				sBlockRespEv("waitForBlock", "waitForBlock", "P1", 1, []int64{}),
+				sBlockRespEv("waitForBlock", "waitForBlock", "P1", 2, []int64{1}),
+				sBlockRespEv("waitForBlock", "waitForBlock", "P1", 3, []int64{1, 2}),
+
+				// add P2
+				sStatusEv("waitForBlock", "waitForBlock", "P2", 3, nil),
+
+				// process block failure, should remove P1 and all blocks
+				sProcessedBlockEv("waitForBlock", "waitForBlock", errBlockVerificationFailure),
+
+				// get blocks 1-3 from P2
+				sMakeRequestsEv("waitForBlock", "waitForBlock", maxNumRequests),
+				sBlockRespEv("waitForBlock", "waitForBlock", "P2", 1, []int64{}),
+				sBlockRespEv("waitForBlock", "waitForBlock", "P2", 2, []int64{1}),
+				sBlockRespEv("waitForBlock", "waitForBlock", "P2", 3, []int64{1, 2}),
+
+				// finish after processing blocks 1 and 2
+				sProcessedBlockEv("waitForBlock", "waitForBlock", nil),
+				sProcessedBlockEv("waitForBlock", "finished", nil),
+			},
+		},
+	}
+
+	executeFSMTests(t, tests, false)
+}
+
+func TestFSMBadBlockFromPeer(t *testing.T) {
+	tests := []testFields{
+		{
+			name:               "block we haven't asked for",
+			startingHeight:     1,
+			maxRequestsPerPeer: 3,
+			steps: []fsmStepTestValues{
+				sStartFSMEv(),
+				// add P1 and ask for blocks 1-3
+				sStatusEv("waitForPeer", "waitForBlock", "P1", 300, nil),
+				sMakeRequestsEv("waitForBlock", "waitForBlock", maxNumRequests),
+
+				// blockResponseEv for height 100 should cause an error
+				sBlockRespEvErrored("waitForBlock", "waitForPeer",
+					"P1", 100, []int64{}, errMissingBlock, []p2p.ID{}),
+			},
+		},
+		{
+			name:               "block we already have",
+			startingHeight:     1,
+			maxRequestsPerPeer: 3,
+			steps: []fsmStepTestValues{
+				sStartFSMEv(),
+				// add P1 and get block 1
+				sStatusEv("waitForPeer", "waitForBlock", "P1", 100, nil),
+				sMakeRequestsEv("waitForBlock", "waitForBlock", maxNumRequests),
+				sBlockRespEv("waitForBlock", "waitForBlock",
+					"P1", 1, []int64{}),
+
+				// Get block 1 again. Since peer is removed together with block 1,
+				// the blocks present in the pool should be {}
+				sBlockRespEvErrored("waitForBlock", "waitForPeer",
+					"P1", 1, []int64{}, errDuplicateBlock, []p2p.ID{"P1"}),
+			},
+		},
+		{
+			name:               "block from unknown peer",
+			startingHeight:     1,
+			maxRequestsPerPeer: 3,
+			steps: []fsmStepTestValues{
+				sStartFSMEv(),
+				// add P1 and get block 1
+				sStatusEv("waitForPeer", "waitForBlock", "P1", 3, nil),
+
+				// get block 1 from unknown peer P2
+				sMakeRequestsEv("waitForBlock", "waitForBlock", maxNumRequests),
+				sBlockRespEvErrored("waitForBlock", "waitForBlock",
+					"P2", 1, []int64{}, errBadDataFromPeer, []p2p.ID{"P2"}),
+			},
+		},
+		{
+			name:               "block from wrong peer",
+			startingHeight:     1,
+			maxRequestsPerPeer: 3,
+			steps: []fsmStepTestValues{
+				sStartFSMEv(),
+				// add P1, make requests for blocks 1-3 to P1
+				sStatusEv("waitForPeer", "waitForBlock", "P1", 3, nil),
+				sMakeRequestsEv("waitForBlock", "waitForBlock", maxNumRequests),
+
+				// add P2
+				sStatusEv("waitForBlock", "waitForBlock", "P2", 3, nil),
+
+				// receive block 1 from P2
+				sBlockRespEvErrored("waitForBlock", "waitForBlock",
+					"P2", 1, []int64{}, errBadDataFromPeer, []p2p.ID{"P2"}),
+			},
+		},
+	}
+
+	executeFSMTests(t, tests, false)
+}
+
+func TestFSMBlockAtCurrentHeightDoesNotArriveInTime(t *testing.T) {
+	tests := []testFields{
+		{
+			name:               "block at current height undelivered - TS5",
+			startingHeight:     1,
+			maxRequestsPerPeer: 3,
+			steps: []fsmStepTestValues{
+				sStartFSMEv(),
+				// add P1, get blocks 1 and 2, process block 1
+				sStatusEv("waitForPeer", "waitForBlock", "P1", 3, nil),
+				sMakeRequestsEv("waitForBlock", "waitForBlock", maxNumRequests),
+				sBlockRespEv("waitForBlock", "waitForBlock",
+					"P1", 1, []int64{}),
+				sBlockRespEv("waitForBlock", "waitForBlock",
+					"P1", 2, []int64{1}),
+				sProcessedBlockEv("waitForBlock", "waitForBlock", nil),
+
+				// add P2
+				sStatusEv("waitForBlock", "waitForBlock", "P2", 3, nil),
+
+				// timeout on block 3, P1 should be removed
+				sStateTimeoutEv("waitForBlock", "waitForBlock", "waitForBlock", errNoPeerResponseForCurrentHeights),
+
+				// make requests and finish by receiving blocks 2 and 3 from P2
+				sMakeRequestsEv("waitForBlock", "waitForBlock", maxNumRequests),
+				sBlockRespEv("waitForBlock", "waitForBlock", "P2", 2, []int64{}),
+				sBlockRespEv("waitForBlock", "waitForBlock", "P2", 3, []int64{2}),
+				sProcessedBlockEv("waitForBlock", "finished", nil),
+			},
+		},
+		{
+			name:               "block at current height undelivered, at maxPeerHeight after peer removal - TS3",
+			startingHeight:     1,
+			maxRequestsPerPeer: 3,
+			steps: []fsmStepTestValues{
+				sStartFSMEv(),
+				// add P1, request blocks 1-3 from P1
+				sStatusEv("waitForPeer", "waitForBlock", "P1", 3, nil),
+				sMakeRequestsEv("waitForBlock", "waitForBlock", maxNumRequests),
+
+				// add P2 (tallest)
+				sStatusEv("waitForBlock", "waitForBlock", "P2", 30, nil),
+				sMakeRequestsEv("waitForBlock", "waitForBlock", maxNumRequests),
+
+				// receive blocks 1-3 from P1
+				sBlockRespEv("waitForBlock", "waitForBlock", "P1", 1, []int64{}),
+				sBlockRespEv("waitForBlock", "waitForBlock", "P1", 2, []int64{1}),
+				sBlockRespEv("waitForBlock", "waitForBlock", "P1", 3, []int64{1, 2}),
+
+				// process blocks at heights 1 and 2
+				sProcessedBlockEv("waitForBlock", "waitForBlock", nil),
+				sProcessedBlockEv("waitForBlock", "waitForBlock", nil),
+
+				// timeout on block at height 4
+				sStateTimeoutEv("waitForBlock", "finished", "waitForBlock", nil),
+			},
+		},
+	}
+
+	executeFSMTests(t, tests, true)
+}
+
+func TestFSMPeerRelatedEvents(t *testing.T) {
+	tests := []testFields{
+		{
+			name:           "peer remove event with no blocks",
+			startingHeight: 1,
+			steps: []fsmStepTestValues{
+				sStartFSMEv(),
+				// add P1, P2, P3
+				sStatusEv("waitForPeer", "waitForBlock", "P1", 3, nil),
+				sStatusEv("waitForBlock", "waitForBlock", "P2", 3, nil),
+				sStatusEv("waitForBlock", "waitForBlock", "P3", 3, nil),
+
+				// switch removes P2
+				sPeerRemoveEv("waitForBlock", "waitForBlock", "P2", errSwitchRemovesPeer, []p2p.ID{"P2"}),
+			},
+		},
+		{
+			name:           "only peer removed while in waitForBlock state",
+			startingHeight: 100,
+			steps: []fsmStepTestValues{
+				sStartFSMEv(),
+				// add P1
+				sStatusEv("waitForPeer", "waitForBlock", "P1", 200, nil),
+
+				// switch removes P1
+				sPeerRemoveEv("waitForBlock", "waitForPeer", "P1", errSwitchRemovesPeer, []p2p.ID{"P1"}),
+			},
+		},
+		{
+			name:               "highest peer removed while in waitForBlock state, node reaches maxPeerHeight - TS4 ",
+			startingHeight:     100,
+			maxRequestsPerPeer: 3,
+			steps: []fsmStepTestValues{
+				sStartFSMEv(),
+				// add P1 and make requests
+				sStatusEv("waitForPeer", "waitForBlock", "P1", 101, nil),
+				sMakeRequestsEv("waitForBlock", "waitForBlock", maxNumRequests),
+				// add P2
+				sStatusEv("waitForBlock", "waitForBlock", "P2", 200, nil),
+
+				// get blocks 100 and 101 from P1 and process block at height 100
+				sBlockRespEv("waitForBlock", "waitForBlock", "P1", 100, []int64{}),
+				sBlockRespEv("waitForBlock", "waitForBlock", "P1", 101, []int64{100}),
+				sProcessedBlockEv("waitForBlock", "waitForBlock", nil),
+
+				// switch removes peer P1, should be finished
+				sPeerRemoveEv("waitForBlock", "finished", "P2", errSwitchRemovesPeer, []p2p.ID{"P2"}),
+			},
+		},
+		{
+			name:               "highest peer lowers its height in waitForBlock state, node reaches maxPeerHeight - TS4",
+			startingHeight:     100,
+			maxRequestsPerPeer: 3,
+			steps: []fsmStepTestValues{
+				sStartFSMEv(),
+				// add P1 and make requests
+				sStatusEv("waitForPeer", "waitForBlock", "P1", 101, nil),
+				sMakeRequestsEv("waitForBlock", "waitForBlock", maxNumRequests),
+
+				// add P2
+				sStatusEv("waitForBlock", "waitForBlock", "P2", 200, nil),
+
+				// get blocks 100 and 101 from P1
+				sBlockRespEv("waitForBlock", "waitForBlock", "P1", 100, []int64{}),
+				sBlockRespEv("waitForBlock", "waitForBlock", "P1", 101, []int64{100}),
+
+				// processed block at heights 100
+				sProcessedBlockEv("waitForBlock", "waitForBlock", nil),
+
+				// P2 becomes short
+				sStatusEv("waitForBlock", "finished", "P2", 100, errPeerLowersItsHeight),
+			},
+		},
+		{
+			name:           "new short peer while in waitForPeer state",
+			startingHeight: 100,
+			steps: []fsmStepTestValues{
+				sStartFSMEv(),
+				sStatusEv("waitForPeer", "waitForPeer", "P1", 3, errPeerTooShort),
+			},
+		},
+		{
+			name:           "new short peer while in waitForBlock state",
+			startingHeight: 100,
+			steps: []fsmStepTestValues{
+				sStartFSMEv(),
+				sStatusEv("waitForPeer", "waitForBlock", "P1", 200, nil),
+				sStatusEv("waitForBlock", "waitForBlock", "P2", 3, errPeerTooShort),
+			},
+		},
+		{
+			name:           "only peer updated with low height while in waitForBlock state",
+			startingHeight: 100,
+			steps: []fsmStepTestValues{
+				sStartFSMEv(),
+				sStatusEv("waitForPeer", "waitForBlock", "P1", 200, nil),
+				sStatusEv("waitForBlock", "waitForPeer", "P1", 3, errPeerLowersItsHeight),
+			},
+		},
+		{
+			name:               "peer does not exist in the switch",
+			startingHeight:     9999999,
+			maxRequestsPerPeer: 3,
+			steps: []fsmStepTestValues{
+				sStartFSMEv(),
+				// add P1
+				sStatusEv("waitForPeer", "waitForBlock", "P1", 20000000, nil),
+				// send request for block 9999999
+				// Note: For this block request the "switch missing the peer" error is simulated,
+				// see implementation of bcReactor interface, sendBlockRequest(), in this file.
+				sMakeRequestsEvErrored("waitForBlock", "waitForBlock",
+					maxNumRequests, nil, []p2p.ID{"P1"}),
+			},
+		},
+	}
+
+	executeFSMTests(t, tests, true)
+}
+
+func TestFSMStopFSM(t *testing.T) {
+	tests := []testFields{
+		{
+			name: "stopFSMEv in unknown",
+			steps: []fsmStepTestValues{
+				sStopFSMEv("unknown", "finished"),
+			},
+		},
+		{
+			name:           "stopFSMEv in waitForPeer",
+			startingHeight: 1,
+			steps: []fsmStepTestValues{
+				sStartFSMEv(),
+				sStopFSMEv("waitForPeer", "finished"),
+			},
+		},
+		{
+			name:           "stopFSMEv in waitForBlock",
+			startingHeight: 1,
+			steps: []fsmStepTestValues{
+				sStartFSMEv(),
+				sStatusEv("waitForPeer", "waitForBlock", "P1", 3, nil),
+				sStopFSMEv("waitForBlock", "finished"),
+			},
+		},
+	}
+
+	executeFSMTests(t, tests, false)
+}
+
+func TestFSMUnknownElements(t *testing.T) {
+	tests := []testFields{
+		{
+			name: "unknown event for state unknown",
+			steps: []fsmStepTestValues{
+				sUnknownFSMEv("unknown"),
+			},
+		},
+		{
+			name: "unknown event for state waitForPeer",
+			steps: []fsmStepTestValues{
+				sStartFSMEv(),
+				sUnknownFSMEv("waitForPeer"),
+			},
+		},
+		{
+			name:           "unknown event for state waitForBlock",
+			startingHeight: 1,
+			steps: []fsmStepTestValues{
+				sStartFSMEv(),
+				sStatusEv("waitForPeer", "waitForBlock", "P1", 3, nil),
+				sUnknownFSMEv("waitForBlock"),
+			},
+		},
+	}
+
+	executeFSMTests(t, tests, false)
+}
+
+func TestFSMPeerStateTimeoutEvent(t *testing.T) {
+	tests := []testFields{
+		{
+			name:               "timeout event for state waitForPeer while in state waitForPeer - TS1",
+			startingHeight:     1,
+			maxRequestsPerPeer: 3,
+			steps: []fsmStepTestValues{
+				sStartFSMEv(),
+				sStateTimeoutEv("waitForPeer", "finished", "waitForPeer", errNoTallerPeer),
+			},
+		},
+		{
+			name:               "timeout event for state waitForPeer while in a state != waitForPeer",
+			startingHeight:     1,
+			maxRequestsPerPeer: 3,
+			steps: []fsmStepTestValues{
+				sStartFSMEv(),
+				sStateTimeoutEv("waitForPeer", "waitForPeer", "waitForBlock", errTimeoutEventWrongState),
+			},
+		},
+		{
+			name:               "timeout event for state waitForBlock while in state waitForBlock ",
+			startingHeight:     1,
+			maxRequestsPerPeer: 3,
+			steps: []fsmStepTestValues{
+				sStartFSMEv(),
+				sStatusEv("waitForPeer", "waitForBlock", "P1", 3, nil),
+				sMakeRequestsEv("waitForBlock", "waitForBlock", maxNumRequests),
+				sStateTimeoutEv("waitForBlock", "waitForPeer", "waitForBlock", errNoPeerResponseForCurrentHeights),
+			},
+		},
+		{
+			name:               "timeout event for state waitForBlock while in a state != waitForBlock",
+			startingHeight:     1,
+			maxRequestsPerPeer: 3,
+			steps: []fsmStepTestValues{
+				sStartFSMEv(),
+				sStatusEv("waitForPeer", "waitForBlock", "P1", 3, nil),
+				sMakeRequestsEv("waitForBlock", "waitForBlock", maxNumRequests),
+				sStateTimeoutEv("waitForBlock", "waitForBlock", "waitForPeer", errTimeoutEventWrongState),
+			},
+		},
+		{
+			name:               "timeout event for state waitForBlock with multiple peers",
+			startingHeight:     1,
+			maxRequestsPerPeer: 3,
+			steps: []fsmStepTestValues{
+				sStartFSMEv(),
+				sStatusEv("waitForPeer", "waitForBlock", "P1", 3, nil),
+				sMakeRequestsEv("waitForBlock", "waitForBlock", maxNumRequests),
+				sStatusEv("waitForBlock", "waitForBlock", "P2", 3, nil),
+				sStateTimeoutEv("waitForBlock", "waitForBlock", "waitForBlock", errNoPeerResponseForCurrentHeights),
+			},
+		},
+	}
+
+	executeFSMTests(t, tests, false)
+}
+
+func makeCorrectTransitionSequence(startingHeight int64, numBlocks int64, numPeers int, randomPeerHeights bool,
+	maxRequestsPerPeer int, maxPendingRequests int) testFields {
+
+	// Generate numPeers peers with random or numBlocks heights according to the randomPeerHeights flag.
+	peerHeights := make([]int64, numPeers)
+	for i := 0; i < numPeers; i++ {
+		if i == 0 {
+			peerHeights[0] = numBlocks
+			continue
+		}
+		if randomPeerHeights {
+			peerHeights[i] = int64(cmn.MaxInt(cmn.RandIntn(int(numBlocks)), int(startingHeight)+1))
+		} else {
+			peerHeights[i] = numBlocks
+		}
+	}
+
+	// Approximate the slice capacity to save time for appends.
+	testSteps := make([]fsmStepTestValues, 0, 3*numBlocks+int64(numPeers))
+
+	testName := fmt.Sprintf("%v-blocks %v-startingHeight %v-peers %v-maxRequestsPerPeer %v-maxNumRequests",
+		numBlocks, startingHeight, numPeers, maxRequestsPerPeer, maxPendingRequests)
+
+	// Add startFSMEv step.
+	testSteps = append(testSteps, sStartFSMEv())
+
+	// For each peer, add statusResponseEv step.
+	for i := 0; i < numPeers; i++ {
+		peerName := fmt.Sprintf("P%d", i)
+		if i == 0 {
+			testSteps = append(
+				testSteps,
+				sStatusEv("waitForPeer", "waitForBlock", p2p.ID(peerName), peerHeights[i], nil))
+		} else {
+			testSteps = append(testSteps,
+				sStatusEv("waitForBlock", "waitForBlock", p2p.ID(peerName), peerHeights[i], nil))
+		}
+	}
+
+	height := startingHeight
+	numBlocksReceived := 0
+	prevBlocks := make([]int64, 0, maxPendingRequests)
+
+forLoop:
+	for i := 0; i < int(numBlocks); i++ {
+
+		// Add the makeRequestEv step periodically.
+		if i%int(maxRequestsPerPeer) == 0 {
+			testSteps = append(
+				testSteps,
+				sMakeRequestsEv("waitForBlock", "waitForBlock", maxNumRequests),
+			)
+		}
+
+		// Add the blockRespEv step
+		testSteps = append(
+			testSteps,
+			sBlockRespEv("waitForBlock", "waitForBlock",
+				"P0", height, prevBlocks))
+		prevBlocks = append(prevBlocks, height)
+		height++
+		numBlocksReceived++
+
+		// Add the processedBlockEv step periodically.
+		if numBlocksReceived >= int(maxRequestsPerPeer) || height >= numBlocks {
+			for j := int(height) - numBlocksReceived; j < int(height); j++ {
+				if j >= int(numBlocks) {
+					// This is the last block that is processed, we should be in "finished" state.
+					testSteps = append(
+						testSteps,
+						sProcessedBlockEv("waitForBlock", "finished", nil))
+					break forLoop
+				}
+				testSteps = append(
+					testSteps,
+					sProcessedBlockEv("waitForBlock", "waitForBlock", nil))
+			}
+			numBlocksReceived = 0
+			prevBlocks = make([]int64, 0, maxPendingRequests)
+		}
+	}
+
+	return testFields{
+		name:               testName,
+		startingHeight:     startingHeight,
+		maxRequestsPerPeer: maxRequestsPerPeer,
+		maxPendingRequests: maxPendingRequests,
+		steps:              testSteps,
+	}
+}
+
+const (
+	maxStartingHeightTest       = 100
+	maxRequestsPerPeerTest      = 20
+	maxTotalPendingRequestsTest = 600
+	maxNumPeersTest             = 1000
+	maxNumBlocksInChainTest     = 10000 //should be smaller than 9999999
+)
+
+func makeCorrectTransitionSequenceWithRandomParameters() testFields {
+	// Generate a starting height for fast sync.
+	startingHeight := int64(cmn.RandIntn(maxStartingHeightTest) + 1)
+
+	// Generate the number of requests per peer.
+	maxRequestsPerPeer := cmn.RandIntn(maxRequestsPerPeerTest) + 1
+
+	// Generate the maximum number of total pending requests, >= maxRequestsPerPeer.
+	maxPendingRequests := cmn.RandIntn(maxTotalPendingRequestsTest-int(maxRequestsPerPeer)) + maxRequestsPerPeer
+
+	// Generate the number of blocks to be synced.
+	numBlocks := int64(cmn.RandIntn(maxNumBlocksInChainTest)) + startingHeight
+
+	// Generate a number of peers.
+	numPeers := cmn.RandIntn(maxNumPeersTest) + 1
+
+	return makeCorrectTransitionSequence(startingHeight, numBlocks, numPeers, true, maxRequestsPerPeer, maxPendingRequests)
+}
+
+func shouldApplyProcessedBlockEvStep(step *fsmStepTestValues, testBcR *testReactor) bool {
+	if step.event == processedBlockEv {
+		_, err := testBcR.fsm.pool.BlockAndPeerAtHeight(testBcR.fsm.pool.Height)
+		if err == errMissingBlock {
+			return false
+		}
+		_, err = testBcR.fsm.pool.BlockAndPeerAtHeight(testBcR.fsm.pool.Height + 1)
+		if err == errMissingBlock {
+			return false
+		}
+	}
+	return true
+}
+
+func TestFSMCorrectTransitionSequences(t *testing.T) {
+
+	tests := []testFields{
+		makeCorrectTransitionSequence(1, 100, 10, true, 10, 40),
+		makeCorrectTransitionSequenceWithRandomParameters(),
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			// Create test reactor
+			testBcR := newTestReactor(tt.startingHeight)
+
+			if tt.maxRequestsPerPeer != 0 {
+				maxRequestsPerPeer = tt.maxRequestsPerPeer
+			}
+
+			for _, step := range tt.steps {
+				assert.Equal(t, step.currentState, testBcR.fsm.state.name)
+
+				oldNumStatusRequests := testBcR.numStatusRequests
+				fixBlockResponseEvStep(&step, testBcR)
+				if !shouldApplyProcessedBlockEvStep(&step, testBcR) {
+					continue
+				}
+
+				fsmErr := sendEventToFSM(testBcR.fsm, step.event, step.data)
+				assert.Equal(t, step.wantErr, fsmErr)
+
+				if step.wantStatusReqSent {
+					assert.Equal(t, oldNumStatusRequests+1, testBcR.numStatusRequests)
+				} else {
+					assert.Equal(t, oldNumStatusRequests, testBcR.numStatusRequests)
+				}
+
+				assert.Equal(t, step.wantState, testBcR.fsm.state.name)
+				if step.wantState == "finished" {
+					assert.True(t, testBcR.fsm.isCaughtUp())
+				}
+			}
+
+		})
+	}
+}
+
+// ----------------------------------------
+// implements the bcRNotifier
+func (testR *testReactor) sendPeerError(err error, peerID p2p.ID) {
+	testR.logger.Info("Reactor received sendPeerError call from FSM", "peer", peerID, "err", err)
+	testR.lastPeerError.peerID = peerID
+	testR.lastPeerError.err = err
+}
+
+func (testR *testReactor) sendStatusRequest() {
+	testR.logger.Info("Reactor received sendStatusRequest call from FSM")
+	testR.numStatusRequests++
+}
+
+func (testR *testReactor) sendBlockRequest(peerID p2p.ID, height int64) error {
+	testR.logger.Info("Reactor received sendBlockRequest call from FSM", "peer", peerID, "height", height)
+	testR.numBlockRequests++
+	testR.lastBlockRequest.peerID = peerID
+	testR.lastBlockRequest.height = height
+	if height == 9999999 {
+		// simulate switch does not have peer
+		return errNilPeerForBlockRequest
+	}
+	return nil
+}
+
+func (testR *testReactor) resetStateTimer(name string, timer **time.Timer, timeout time.Duration) {
+	testR.logger.Info("Reactor received resetStateTimer call from FSM", "state", name, "timeout", timeout)
+	if _, ok := testR.stateTimerStarts[name]; !ok {
+		testR.stateTimerStarts[name] = 1
+	} else {
+		testR.stateTimerStarts[name]++
+	}
+}
+
+func (testR *testReactor) switchToConsensus() {
+}
+
+// ----------------------------------------
--- a/blockchain/v1/reactor_test.go
+++ b/blockchain/v1/reactor_test.go
@@ -0,0 +1,413 @@
+package v1
+
+import (
+	"fmt"
+	"os"
+	"sort"
+	"sync"
+	"testing"
+	"time"
+
+	"github.com/pkg/errors"
+	"github.com/stretchr/testify/assert"
+	abci "github.com/tendermint/tendermint/abci/types"
+	cfg "github.com/tendermint/tendermint/config"
+	"github.com/tendermint/tendermint/libs/log"
+	"github.com/tendermint/tendermint/mock"
+	"github.com/tendermint/tendermint/p2p"
+	"github.com/tendermint/tendermint/proxy"
+	sm "github.com/tendermint/tendermint/state"
+	"github.com/tendermint/tendermint/store"
+	"github.com/tendermint/tendermint/types"
+	tmtime "github.com/tendermint/tendermint/types/time"
+	dbm "github.com/tendermint/tm-db"
+)
+
+var config *cfg.Config
+
+func randGenesisDoc(numValidators int, randPower bool, minPower int64) (*types.GenesisDoc, []types.PrivValidator) {
+	validators := make([]types.GenesisValidator, numValidators)
+	privValidators := make([]types.PrivValidator, numValidators)
+	for i := 0; i < numValidators; i++ {
+		val, privVal := types.RandValidator(randPower, minPower)
+		validators[i] = types.GenesisValidator{
+			PubKey: val.PubKey,
+			Power:  val.VotingPower,
+		}
+		privValidators[i] = privVal
+	}
+	sort.Sort(types.PrivValidatorsByAddress(privValidators))
+
+	return &types.GenesisDoc{
+		GenesisTime: tmtime.Now(),
+		ChainID:     config.ChainID(),
+		Validators:  validators,
+	}, privValidators
+}
+
+func makeVote(header *types.Header, blockID types.BlockID, valset *types.ValidatorSet, privVal types.PrivValidator) *types.Vote {
+	addr := privVal.GetPubKey().Address()
+	idx, _ := valset.GetByAddress(addr)
+	vote := &types.Vote{
+		ValidatorAddress: addr,
+		ValidatorIndex:   idx,
+		Height:           header.Height,
+		Round:            1,
+		Timestamp:        tmtime.Now(),
+		Type:             types.PrecommitType,
+		BlockID:          blockID,
+	}
+
+	_ = privVal.SignVote(header.ChainID, vote)
+
+	return vote
+}
+
+type BlockchainReactorPair struct {
+	bcR  *BlockchainReactor
+	conR *consensusReactorTest
+}
+
+func newBlockchainReactor(logger log.Logger, genDoc *types.GenesisDoc, privVals []types.PrivValidator, maxBlockHeight int64) *BlockchainReactor {
+	if len(privVals) != 1 {
+		panic("only support one validator")
+	}
+
+	app := &testApp{}
+	cc := proxy.NewLocalClientCreator(app)
+	proxyApp := proxy.NewAppConns(cc)
+	err := proxyApp.Start()
+	if err != nil {
+		panic(errors.Wrap(err, "error start app"))
+	}
+
+	blockDB := dbm.NewMemDB()
+	stateDB := dbm.NewMemDB()
+	blockStore := store.NewBlockStore(blockDB)
+
+	state, err := sm.LoadStateFromDBOrGenesisDoc(stateDB, genDoc)
+	if err != nil {
+		panic(errors.Wrap(err, "error constructing state from genesis file"))
+	}
+
+	// Make the BlockchainReactor itself.
+	// NOTE we have to create and commit the blocks first because
+	// pool.height is determined from the store.
+	fastSync := true
+	db := dbm.NewMemDB()
+	blockExec := sm.NewBlockExecutor(db, log.TestingLogger(), proxyApp.Consensus(),
+		mock.Mempool{}, sm.MockEvidencePool{})
+	sm.SaveState(db, state)
+
+	// let's add some blocks in
+	for blockHeight := int64(1); blockHeight <= maxBlockHeight; blockHeight++ {
+		lastCommit := types.NewCommit(types.BlockID{}, nil)
+		if blockHeight > 1 {
+			lastBlockMeta := blockStore.LoadBlockMeta(blockHeight - 1)
+			lastBlock := blockStore.LoadBlock(blockHeight - 1)
+
+			vote := makeVote(&lastBlock.Header, lastBlockMeta.BlockID, state.Validators, privVals[0]).CommitSig()
+			lastCommit = types.NewCommit(lastBlockMeta.BlockID, []*types.CommitSig{vote})
+		}
+
+		thisBlock := makeBlock(blockHeight, state, lastCommit)
+
+		thisParts := thisBlock.MakePartSet(types.BlockPartSizeBytes)
+		blockID := types.BlockID{Hash: thisBlock.Hash(), PartsHeader: thisParts.Header()}
+
+		state, err = blockExec.ApplyBlock(state, blockID, thisBlock)
+		if err != nil {
+			panic(errors.Wrap(err, "error apply block"))
+		}
+
+		blockStore.SaveBlock(thisBlock, thisParts, lastCommit)
+	}
+
+	bcReactor := NewBlockchainReactor(state.Copy(), blockExec, blockStore, fastSync)
+	bcReactor.SetLogger(logger.With("module", "blockchain"))
+
+	return bcReactor
+}
+
+func newBlockchainReactorPair(logger log.Logger, genDoc *types.GenesisDoc, privVals []types.PrivValidator, maxBlockHeight int64) BlockchainReactorPair {
+
+	consensusReactor := &consensusReactorTest{}
+	consensusReactor.BaseReactor = *p2p.NewBaseReactor("Consensus reactor", consensusReactor)
+
+	return BlockchainReactorPair{
+		newBlockchainReactor(logger, genDoc, privVals, maxBlockHeight),
+		consensusReactor}
+}
+
+type consensusReactorTest struct {
+	p2p.BaseReactor     // BaseService + p2p.Switch
+	switchedToConsensus bool
+	mtx                 sync.Mutex
+}
+
+func (conR *consensusReactorTest) SwitchToConsensus(state sm.State, blocksSynced int) {
+	conR.mtx.Lock()
+	defer conR.mtx.Unlock()
+	conR.switchedToConsensus = true
+}
+
+func TestFastSyncNoBlockResponse(t *testing.T) {
+
+	config = cfg.ResetTestRoot("blockchain_new_reactor_test")
+	defer os.RemoveAll(config.RootDir)
+	genDoc, privVals := randGenesisDoc(1, false, 30)
+
+	maxBlockHeight := int64(65)
+
+	reactorPairs := make([]BlockchainReactorPair, 2)
+
+	logger := log.TestingLogger()
+	reactorPairs[0] = newBlockchainReactorPair(logger, genDoc, privVals, maxBlockHeight)
+	reactorPairs[1] = newBlockchainReactorPair(logger, genDoc, privVals, 0)
+
+	p2p.MakeConnectedSwitches(config.P2P, 2, func(i int, s *p2p.Switch) *p2p.Switch {
+		s.AddReactor("BLOCKCHAIN", reactorPairs[i].bcR)
+		s.AddReactor("CONSENSUS", reactorPairs[i].conR)
+		moduleName := fmt.Sprintf("blockchain-%v", i)
+		reactorPairs[i].bcR.SetLogger(logger.With("module", moduleName))
+
+		return s
+
+	}, p2p.Connect2Switches)
+
+	defer func() {
+		for _, r := range reactorPairs {
+			_ = r.bcR.Stop()
+			_ = r.conR.Stop()
+		}
+	}()
+
+	tests := []struct {
+		height   int64
+		existent bool
+	}{
+		{maxBlockHeight + 2, false},
+		{10, true},
+		{1, true},
+		{maxBlockHeight + 100, false},
+	}
+
+	for {
+		time.Sleep(10 * time.Millisecond)
+		reactorPairs[1].conR.mtx.Lock()
+		if reactorPairs[1].conR.switchedToConsensus {
+			reactorPairs[1].conR.mtx.Unlock()
+			break
+		}
+		reactorPairs[1].conR.mtx.Unlock()
+	}
+
+	assert.Equal(t, maxBlockHeight, reactorPairs[0].bcR.store.Height())
+
+	for _, tt := range tests {
+		block := reactorPairs[1].bcR.store.LoadBlock(tt.height)
+		if tt.existent {
+			assert.True(t, block != nil)
+		} else {
+			assert.True(t, block == nil)
+		}
+	}
+}
+
+// NOTE: This is too hard to test without
+// an easy way to add test peer to switch
+// or without significant refactoring of the module.
+// Alternatively we could actually dial a TCP conn but
+// that seems extreme.
+func TestFastSyncBadBlockStopsPeer(t *testing.T) {
+	numNodes := 4
+	maxBlockHeight := int64(148)
+
+	config = cfg.ResetTestRoot("blockchain_reactor_test")
+	defer os.RemoveAll(config.RootDir)
+	genDoc, privVals := randGenesisDoc(1, false, 30)
+
+	otherChain := newBlockchainReactorPair(log.TestingLogger(), genDoc, privVals, maxBlockHeight)
+	defer func() {
+		_ = otherChain.bcR.Stop()
+		_ = otherChain.conR.Stop()
+	}()
+
+	reactorPairs := make([]BlockchainReactorPair, numNodes)
+	logger := make([]log.Logger, numNodes)
+
+	for i := 0; i < numNodes; i++ {
+		logger[i] = log.TestingLogger()
+		height := int64(0)
+		if i == 0 {
+			height = maxBlockHeight
+		}
+		reactorPairs[i] = newBlockchainReactorPair(logger[i], genDoc, privVals, height)
+	}
+
+	switches := p2p.MakeConnectedSwitches(config.P2P, numNodes, func(i int, s *p2p.Switch) *p2p.Switch {
+		reactorPairs[i].conR.mtx.Lock()
+		s.AddReactor("BLOCKCHAIN", reactorPairs[i].bcR)
+		s.AddReactor("CONSENSUS", reactorPairs[i].conR)
+		moduleName := fmt.Sprintf("blockchain-%v", i)
+		reactorPairs[i].bcR.SetLogger(logger[i].With("module", moduleName))
+		reactorPairs[i].conR.mtx.Unlock()
+		return s
+
+	}, p2p.Connect2Switches)
+
+	defer func() {
+		for _, r := range reactorPairs {
+			_ = r.bcR.Stop()
+			_ = r.conR.Stop()
+		}
+	}()
+
+outerFor:
+	for {
+		time.Sleep(10 * time.Millisecond)
+		for i := 0; i < numNodes; i++ {
+			reactorPairs[i].conR.mtx.Lock()
+			if !reactorPairs[i].conR.switchedToConsensus {
+				reactorPairs[i].conR.mtx.Unlock()
+				continue outerFor
+			}
+			reactorPairs[i].conR.mtx.Unlock()
+		}
+		break
+	}
+
+	//at this time, reactors[0-3] is the newest
+	assert.Equal(t, numNodes-1, reactorPairs[1].bcR.Switch.Peers().Size())
+
+	//mark last reactorPair as an invalid peer
+	reactorPairs[numNodes-1].bcR.store = otherChain.bcR.store
+
+	lastLogger := log.TestingLogger()
+	lastReactorPair := newBlockchainReactorPair(lastLogger, genDoc, privVals, 0)
+	reactorPairs = append(reactorPairs, lastReactorPair)
+
+	switches = append(switches, p2p.MakeConnectedSwitches(config.P2P, 1, func(i int, s *p2p.Switch) *p2p.Switch {
+		s.AddReactor("BLOCKCHAIN", reactorPairs[len(reactorPairs)-1].bcR)
+		s.AddReactor("CONSENSUS", reactorPairs[len(reactorPairs)-1].conR)
+		moduleName := fmt.Sprintf("blockchain-%v", len(reactorPairs)-1)
+		reactorPairs[len(reactorPairs)-1].bcR.SetLogger(lastLogger.With("module", moduleName))
+		return s
+
+	}, p2p.Connect2Switches)...)
+
+	for i := 0; i < len(reactorPairs)-1; i++ {
+		p2p.Connect2Switches(switches, i, len(reactorPairs)-1)
+	}
+
+	for {
+		time.Sleep(1 * time.Second)
+		lastReactorPair.conR.mtx.Lock()
+		if lastReactorPair.conR.switchedToConsensus {
+			lastReactorPair.conR.mtx.Unlock()
+			break
+		}
+		lastReactorPair.conR.mtx.Unlock()
+
+		if lastReactorPair.bcR.Switch.Peers().Size() == 0 {
+			break
+		}
+	}
+
+	assert.True(t, lastReactorPair.bcR.Switch.Peers().Size() < len(reactorPairs)-1)
+}
+
+func TestBcBlockRequestMessageValidateBasic(t *testing.T) {
+	testCases := []struct {
+		testName      string
+		requestHeight int64
+		expectErr     bool
+	}{
+		{"Valid Request Message", 0, false},
+		{"Valid Request Message", 1, false},
+		{"Invalid Request Message", -1, true},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.testName, func(t *testing.T) {
+			request := bcBlockRequestMessage{Height: tc.requestHeight}
+			assert.Equal(t, tc.expectErr, request.ValidateBasic() != nil, "Validate Basic had an unexpected result")
+		})
+	}
+}
+
+func TestBcNoBlockResponseMessageValidateBasic(t *testing.T) {
+	testCases := []struct {
+		testName          string
+		nonResponseHeight int64
+		expectErr         bool
+	}{
+		{"Valid Non-Response Message", 0, false},
+		{"Valid Non-Response Message", 1, false},
+		{"Invalid Non-Response Message", -1, true},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.testName, func(t *testing.T) {
+			nonResponse := bcNoBlockResponseMessage{Height: tc.nonResponseHeight}
+			assert.Equal(t, tc.expectErr, nonResponse.ValidateBasic() != nil, "Validate Basic had an unexpected result")
+		})
+	}
+}
+
+func TestBcStatusRequestMessageValidateBasic(t *testing.T) {
+	testCases := []struct {
+		testName      string
+		requestHeight int64
+		expectErr     bool
+	}{
+		{"Valid Request Message", 0, false},
+		{"Valid Request Message", 1, false},
+		{"Invalid Request Message", -1, true},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.testName, func(t *testing.T) {
+			request := bcStatusRequestMessage{Height: tc.requestHeight}
+			assert.Equal(t, tc.expectErr, request.ValidateBasic() != nil, "Validate Basic had an unexpected result")
+		})
+	}
+}
+
+func TestBcStatusResponseMessageValidateBasic(t *testing.T) {
+	testCases := []struct {
+		testName       string
+		responseHeight int64
+		expectErr      bool
+	}{
+		{"Valid Response Message", 0, false},
+		{"Valid Response Message", 1, false},
+		{"Invalid Response Message", -1, true},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.testName, func(t *testing.T) {
+			response := bcStatusResponseMessage{Height: tc.responseHeight}
+			assert.Equal(t, tc.expectErr, response.ValidateBasic() != nil, "Validate Basic had an unexpected result")
+		})
+	}
+}
+
+//----------------------------------------------
+// utility funcs
+
+func makeTxs(height int64) (txs []types.Tx) {
+	for i := 0; i < 10; i++ {
+		txs = append(txs, types.Tx([]byte{byte(height), byte(i)}))
+	}
+	return txs
+}
+
+func makeBlock(height int64, state sm.State, lastCommit *types.Commit) *types.Block {
+	block, _ := state.MakeBlock(height, makeTxs(height), lastCommit, nil, state.Validators.GetProposer().Address)
+	return block
+}
+
+type testApp struct {
+	abci.BaseApplication
+}
--- a/blockchain/v2/schedule.go
+++ b/blockchain/v2/schedule.go
@@ -0,0 +1,387 @@
+// nolint:unused
+package v2
+
+import (
+	"fmt"
+	"math"
+	"math/rand"
+	"time"
+
+	"github.com/tendermint/tendermint/p2p"
+)
+
+type Event interface{}
+
+type blockState int
+
+const (
+	blockStateUnknown blockState = iota
+	blockStateNew
+	blockStatePending
+	blockStateReceived
+	blockStateProcessed
+)
+
+func (e blockState) String() string {
+	switch e {
+	case blockStateUnknown:
+		return "Unknown"
+	case blockStateNew:
+		return "New"
+	case blockStatePending:
+		return "Pending"
+	case blockStateReceived:
+		return "Received"
+	case blockStateProcessed:
+		return "Processed"
+	default:
+		return fmt.Sprintf("unknown blockState: %d", e)
+	}
+}
+
+type peerState int
+
+const (
+	peerStateNew = iota
+	peerStateReady
+	peerStateRemoved
+)
+
+func (e peerState) String() string {
+	switch e {
+	case peerStateNew:
+		return "New"
+	case peerStateReady:
+		return "Ready"
+	case peerStateRemoved:
+		return "Removed"
+	default:
+		return fmt.Sprintf("unknown peerState: %d", e)
+	}
+}
+
+type scPeer struct {
+	peerID      p2p.ID
+	state       peerState
+	height      int64
+	lastTouched time.Time
+	lastRate    int64
+}
+
+func newScPeer(peerID p2p.ID) *scPeer {
+	return &scPeer{
+		peerID:      peerID,
+		state:       peerStateNew,
+		height:      -1,
+		lastTouched: time.Time{},
+	}
+}
+
+// The schedule is a composite data structure which allows a scheduler to keep
+// track of which blocks have been scheduled into which state.
+type schedule struct {
+	initHeight int64
+	// a list of blocks in which blockState
+	blockStates map[int64]blockState
+
+	// a map of peerID to schedule specific peer struct `scPeer` used to keep
+	// track of peer specific state
+	peers map[p2p.ID]*scPeer
+
+	// a map of heights to the peer we are waiting for a response from
+	pendingBlocks map[int64]p2p.ID
+
+	// the time at which a block was put in blockStatePending
+	pendingTime map[int64]time.Time
+
+	// the peerID of the peer which put the block in blockStateReceived
+	receivedBlocks map[int64]p2p.ID
+}
+
+func newSchedule(initHeight int64) *schedule {
+	sc := schedule{
+		initHeight:     initHeight,
+		blockStates:    make(map[int64]blockState),
+		peers:          make(map[p2p.ID]*scPeer),
+		pendingBlocks:  make(map[int64]p2p.ID),
+		pendingTime:    make(map[int64]time.Time),
+		receivedBlocks: make(map[int64]p2p.ID),
+	}
+
+	sc.setStateAtHeight(initHeight, blockStateNew)
+
+	return &sc
+}
+
+func (sc *schedule) addPeer(peerID p2p.ID) error {
+	if _, ok := sc.peers[peerID]; ok {
+		return fmt.Errorf("Cannot add duplicate peer %s", peerID)
+	}
+	sc.peers[peerID] = newScPeer(peerID)
+	return nil
+}
+
+func (sc *schedule) touchPeer(peerID p2p.ID, time time.Time) error {
+	peer, ok := sc.peers[peerID]
+	if !ok {
+		return fmt.Errorf("Couldn't find peer %s", peerID)
+	}
+
+	if peer.state == peerStateRemoved {
+		return fmt.Errorf("Tried to touch peer in peerStateRemoved")
+	}
+
+	peer.lastTouched = time
+
+	return nil
+}
+
+func (sc *schedule) removePeer(peerID p2p.ID) error {
+	peer, ok := sc.peers[peerID]
+	if !ok {
+		return fmt.Errorf("Couldn't find peer %s", peerID)
+	}
+
+	if peer.state == peerStateRemoved {
+		return fmt.Errorf("Tried to remove peer %s in peerStateRemoved", peerID)
+	}
+
+	for height, pendingPeerID := range sc.pendingBlocks {
+		if pendingPeerID == peerID {
+			sc.setStateAtHeight(height, blockStateNew)
+			delete(sc.pendingTime, height)
+			delete(sc.pendingBlocks, height)
+		}
+	}
+
+	for height, rcvPeerID := range sc.receivedBlocks {
+		if rcvPeerID == peerID {
+			sc.setStateAtHeight(height, blockStateNew)
+			delete(sc.receivedBlocks, height)
+		}
+	}
+
+	peer.state = peerStateRemoved
+
+	return nil
+}
+
+func (sc *schedule) setPeerHeight(peerID p2p.ID, height int64) error {
+	peer, ok := sc.peers[peerID]
+	if !ok {
+		return fmt.Errorf("Can't find peer %s", peerID)
+	}
+
+	if peer.state == peerStateRemoved {
+		return fmt.Errorf("Cannot set peer height for a peer in peerStateRemoved")
+	}
+
+	if height < peer.height {
+		return fmt.Errorf("Cannot move peer height lower. from %d to %d", peer.height, height)
+	}
+
+	peer.height = height
+	peer.state = peerStateReady
+	for i := sc.minHeight(); i <= height; i++ {
+		if sc.getStateAtHeight(i) == blockStateUnknown {
+			sc.setStateAtHeight(i, blockStateNew)
+		}
+	}
+
+	return nil
+}
+
+func (sc *schedule) getStateAtHeight(height int64) blockState {
+	if height < sc.initHeight {
+		return blockStateProcessed
+	} else if state, ok := sc.blockStates[height]; ok {
+		return state
+	} else {
+		return blockStateUnknown
+	}
+}
+
+func (sc *schedule) getPeersAtHeight(height int64) []*scPeer {
+	peers := []*scPeer{}
+	for _, peer := range sc.peers {
+		if peer.height >= height {
+			peers = append(peers, peer)
+		}
+	}
+
+	return peers
+}
+
+func (sc *schedule) peersInactiveSince(duration time.Duration, now time.Time) []p2p.ID {
+	peers := []p2p.ID{}
+	for _, peer := range sc.peers {
+		if now.Sub(peer.lastTouched) > duration {
+			peers = append(peers, peer.peerID)
+		}
+	}
+
+	return peers
+}
+
+func (sc *schedule) peersSlowerThan(minSpeed int64) []p2p.ID {
+	peers := []p2p.ID{}
+	for _, peer := range sc.peers {
+		if peer.lastRate < minSpeed {
+			peers = append(peers, peer.peerID)
+		}
+	}
+
+	return peers
+}
+
+func (sc *schedule) setStateAtHeight(height int64, state blockState) {
+	sc.blockStates[height] = state
+}
+
+func (sc *schedule) markReceived(peerID p2p.ID, height int64, size int64, now time.Time) error {
+	peer, ok := sc.peers[peerID]
+	if !ok {
+		return fmt.Errorf("Can't find peer %s", peerID)
+	}
+
+	if peer.state == peerStateRemoved {
+		return fmt.Errorf("Cannot receive blocks from removed peer %s", peerID)
+	}
+
+	if state := sc.getStateAtHeight(height); state != blockStatePending || sc.pendingBlocks[height] != peerID {
+		return fmt.Errorf("Received block %d from peer %s without being requested", height, peerID)
+	}
+
+	pendingTime, ok := sc.pendingTime[height]
+	if !ok || now.Sub(pendingTime) <= 0 {
+		return fmt.Errorf("Clock error. Block %d received at %s but requested at %s",
+			height, pendingTime, now)
+	}
+
+	peer.lastRate = size / int64(now.Sub(pendingTime).Seconds())
+
+	sc.setStateAtHeight(height, blockStateReceived)
+	delete(sc.pendingBlocks, height)
+	delete(sc.pendingTime, height)
+
+	sc.receivedBlocks[height] = peerID
+
+	return nil
+}
+
+func (sc *schedule) markPending(peerID p2p.ID, height int64, time time.Time) error {
+	peer, ok := sc.peers[peerID]
+	if !ok {
+		return fmt.Errorf("Can't find peer %s", peerID)
+	}
+
+	state := sc.getStateAtHeight(height)
+	if state != blockStateNew {
+		return fmt.Errorf("Block %d should be in blockStateNew but was %s", height, state)
+	}
+
+	if peer.state != peerStateReady {
+		return fmt.Errorf("Cannot schedule %d from %s in %s", height, peerID, peer.state)
+	}
+
+	if height > peer.height {
+		return fmt.Errorf("Cannot request height %d from peer %s who is at height %d",
+			height, peerID, peer.height)
+	}
+
+	sc.setStateAtHeight(height, blockStatePending)
+	sc.pendingBlocks[height] = peerID
+	// XXX: to make this more accurate we can introduce a message from
+	// the IO routine which indicates the time the request was put on the wire
+	sc.pendingTime[height] = time
+
+	return nil
+}
+
+func (sc *schedule) markProcessed(height int64) error {
+	state := sc.getStateAtHeight(height)
+	if state != blockStateReceived {
+		return fmt.Errorf("Can't mark height %d received from block state %s", height, state)
+	}
+
+	delete(sc.receivedBlocks, height)
+
+	sc.setStateAtHeight(height, blockStateProcessed)
+
+	return nil
+}
+
+// allBlockProcessed returns true if all blocks are in blockStateProcessed and
+// determines if the schedule has been completed
+func (sc *schedule) allBlocksProcessed() bool {
+	for _, state := range sc.blockStates {
+		if state != blockStateProcessed {
+			return false
+		}
+	}
+	return true
+}
+
+// highest block | state == blockStateNew
+func (sc *schedule) maxHeight() int64 {
+	var max int64 = 0
+	for height, state := range sc.blockStates {
+		if state == blockStateNew && height > max {
+			max = height
+		}
+	}
+
+	return max
+}
+
+// lowest block | state == blockStateNew
+func (sc *schedule) minHeight() int64 {
+	var min int64 = math.MaxInt64
+	for height, state := range sc.blockStates {
+		if state == blockStateNew && height < min {
+			min = height
+		}
+	}
+
+	return min
+}
+
+func (sc *schedule) pendingFrom(peerID p2p.ID) []int64 {
+	heights := []int64{}
+	for height, pendingPeerID := range sc.pendingBlocks {
+		if pendingPeerID == peerID {
+			heights = append(heights, height)
+		}
+	}
+	return heights
+}
+
+func (sc *schedule) selectPeer(peers []*scPeer) *scPeer {
+	// FIXME: properPeerSelector
+	s := rand.NewSource(time.Now().Unix())
+	r := rand.New(s)
+
+	return peers[r.Intn(len(peers))]
+}
+
+// XXX: this duplicates the logic of peersInactiveSince and peersSlowerThan
+func (sc *schedule) prunablePeers(peerTimout time.Duration, minRecvRate int64, now time.Time) []p2p.ID {
+	prunable := []p2p.ID{}
+	for peerID, peer := range sc.peers {
+		if now.Sub(peer.lastTouched) > peerTimout || peer.lastRate < minRecvRate {
+			prunable = append(prunable, peerID)
+		}
+	}
+
+	return prunable
+}
+
+func (sc *schedule) numBlockInState(targetState blockState) uint32 {
+	var num uint32 = 0
+	for _, state := range sc.blockStates {
+		if state == targetState {
+			num++
+		}
+	}
+	return num
+}
--- a/blockchain/v2/schedule_test.go
+++ b/blockchain/v2/schedule_test.go
@@ -0,0 +1,272 @@
+package v2
+
+import (
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/tendermint/tendermint/p2p"
+)
+
+func TestScheduleInit(t *testing.T) {
+	var (
+		initHeight int64 = 5
+		sc               = newSchedule(initHeight)
+	)
+
+	assert.Equal(t, blockStateNew, sc.getStateAtHeight(initHeight))
+	assert.Equal(t, blockStateProcessed, sc.getStateAtHeight(initHeight-1))
+	assert.Equal(t, blockStateUnknown, sc.getStateAtHeight(initHeight+1))
+}
+
+func TestAddPeer(t *testing.T) {
+	var (
+		initHeight int64  = 5
+		peerID     p2p.ID = "1"
+		peerIDTwo  p2p.ID = "2"
+		sc                = newSchedule(initHeight)
+	)
+
+	assert.Nil(t, sc.addPeer(peerID))
+	assert.Nil(t, sc.addPeer(peerIDTwo))
+	assert.Error(t, sc.addPeer(peerID))
+}
+
+func TestTouchPeer(t *testing.T) {
+	var (
+		initHeight int64  = 5
+		peerID     p2p.ID = "1"
+		sc                = newSchedule(initHeight)
+		now               = time.Now()
+	)
+
+	assert.Error(t, sc.touchPeer(peerID, now),
+		"Touching an unknown peer should return errPeerNotFound")
+
+	assert.Nil(t, sc.addPeer(peerID),
+		"Adding a peer should return no error")
+	assert.Nil(t, sc.touchPeer(peerID, now),
+		"Touching a peer should return no error")
+
+	threshold := 10 * time.Second
+	assert.Empty(t, sc.peersInactiveSince(threshold, now.Add(9*time.Second)),
+		"Expected no peers to have been touched over 9 seconds")
+	assert.Containsf(t, sc.peersInactiveSince(threshold, now.Add(11*time.Second)), peerID,
+		"Expected one %s to have been touched over 10 seconds ago", peerID)
+}
+
+func TestPeerHeight(t *testing.T) {
+	var (
+		initHeight int64  = 5
+		peerID     p2p.ID = "1"
+		peerHeight int64  = 20
+		sc                = newSchedule(initHeight)
+	)
+
+	assert.NoError(t, sc.addPeer(peerID),
+		"Adding a peer should return no error")
+	assert.NoError(t, sc.setPeerHeight(peerID, peerHeight))
+	for i := initHeight; i <= peerHeight; i++ {
+		assert.Equal(t, sc.getStateAtHeight(i), blockStateNew,
+			"Expected all blocks to be in blockStateNew")
+		peerIDs := []p2p.ID{}
+		for _, peer := range sc.getPeersAtHeight(i) {
+			peerIDs = append(peerIDs, peer.peerID)
+		}
+
+		assert.Containsf(t, peerIDs, peerID,
+			"Expected %s to have block %d", peerID, i)
+	}
+}
+
+func TestTransitionPending(t *testing.T) {
+	var (
+		initHeight int64  = 5
+		peerID     p2p.ID = "1"
+		peerIDTwo  p2p.ID = "2"
+		peerHeight int64  = 20
+		sc                = newSchedule(initHeight)
+		now               = time.Now()
+	)
+
+	assert.NoError(t, sc.addPeer(peerID),
+		"Adding a peer should return no error")
+	assert.Nil(t, sc.addPeer(peerIDTwo),
+		"Adding a peer should return no error")
+
+	assert.Error(t, sc.markPending(peerID, peerHeight, now),
+		"Expected scheduling a block from a peer in peerStateNew to fail")
+
+	assert.NoError(t, sc.setPeerHeight(peerID, peerHeight),
+		"Expected setPeerHeight to return no error")
+	assert.NoError(t, sc.setPeerHeight(peerIDTwo, peerHeight),
+		"Expected setPeerHeight to return no error")
+
+	assert.NoError(t, sc.markPending(peerID, peerHeight, now),
+		"Expected markingPending new block to succeed")
+	assert.Error(t, sc.markPending(peerIDTwo, peerHeight, now),
+		"Expected markingPending by a second peer to fail")
+
+	assert.Equal(t, blockStatePending, sc.getStateAtHeight(peerHeight),
+		"Expected the block to to be in blockStatePending")
+
+	assert.NoError(t, sc.removePeer(peerID),
+		"Expected removePeer to return no error")
+
+	assert.Equal(t, blockStateNew, sc.getStateAtHeight(peerHeight),
+		"Expected the block to to be in blockStateNew")
+
+	assert.Error(t, sc.markPending(peerID, peerHeight, now),
+		"Expected markingPending removed peer to fail")
+
+	assert.NoError(t, sc.markPending(peerIDTwo, peerHeight, now),
+		"Expected markingPending on a ready peer to succeed")
+
+	assert.Equal(t, blockStatePending, sc.getStateAtHeight(peerHeight),
+		"Expected the block to to be in blockStatePending")
+}
+
+func TestTransitionReceived(t *testing.T) {
+	var (
+		initHeight int64  = 5
+		peerID     p2p.ID = "1"
+		peerIDTwo  p2p.ID = "2"
+		peerHeight int64  = 20
+		blockSize  int64  = 1024
+		sc                = newSchedule(initHeight)
+		now               = time.Now()
+		receivedAt        = now.Add(1 * time.Second)
+	)
+
+	assert.NoError(t, sc.addPeer(peerID),
+		"Expected adding peer %s to succeed", peerID)
+	assert.NoError(t, sc.addPeer(peerIDTwo),
+		"Expected adding peer %s to succeed", peerIDTwo)
+	assert.NoError(t, sc.setPeerHeight(peerID, peerHeight),
+		"Expected setPeerHeight to return no error")
+	assert.NoErrorf(t, sc.setPeerHeight(peerIDTwo, peerHeight),
+		"Expected setPeerHeight on %s to %d to succeed", peerIDTwo, peerHeight)
+	assert.NoError(t, sc.markPending(peerID, initHeight, now),
+		"Expected markingPending new block to succeed")
+
+	assert.Error(t, sc.markReceived(peerIDTwo, initHeight, blockSize, receivedAt),
+		"Expected marking markReceived from a non requesting peer to fail")
+
+	assert.NoError(t, sc.markReceived(peerID, initHeight, blockSize, receivedAt),
+		"Expected marking markReceived on a pending block to succeed")
+
+	assert.Error(t, sc.markReceived(peerID, initHeight, blockSize, receivedAt),
+		"Expected marking markReceived on received block to fail")
+
+	assert.Equalf(t, blockStateReceived, sc.getStateAtHeight(initHeight),
+		"Expected block %d to be blockHeightReceived", initHeight)
+
+	assert.NoErrorf(t, sc.removePeer(peerID),
+		"Expected removePeer removing %s to succeed", peerID)
+
+	assert.Equalf(t, blockStateNew, sc.getStateAtHeight(initHeight),
+		"Expected block %d to be blockStateNew", initHeight)
+
+	assert.NoErrorf(t, sc.markPending(peerIDTwo, initHeight, now),
+		"Expected markingPending  %d from %s to succeed", initHeight, peerIDTwo)
+	assert.NoErrorf(t, sc.markReceived(peerIDTwo, initHeight, blockSize, receivedAt),
+		"Expected marking markReceived %d from %s to succeed", initHeight, peerIDTwo)
+	assert.Equalf(t, blockStateReceived, sc.getStateAtHeight(initHeight),
+		"Expected block %d to be blockStateReceived", initHeight)
+}
+
+func TestTransitionProcessed(t *testing.T) {
+	var (
+		initHeight int64  = 5
+		peerID     p2p.ID = "1"
+		peerHeight int64  = 20
+		blockSize  int64  = 1024
+		sc                = newSchedule(initHeight)
+		now               = time.Now()
+		receivedAt        = now.Add(1 * time.Second)
+	)
+
+	assert.NoError(t, sc.addPeer(peerID),
+		"Expected adding peer %s to succeed", peerID)
+	assert.NoErrorf(t, sc.setPeerHeight(peerID, peerHeight),
+		"Expected setPeerHeight on %s to %d to succeed", peerID, peerHeight)
+	assert.NoError(t, sc.markPending(peerID, initHeight, now),
+		"Expected markingPending new block to succeed")
+	assert.NoError(t, sc.markReceived(peerID, initHeight, blockSize, receivedAt),
+		"Expected marking markReceived on a pending block to succeed")
+
+	assert.Error(t, sc.markProcessed(initHeight+1),
+		"Expected marking %d as processed to fail", initHeight+1)
+	assert.NoError(t, sc.markProcessed(initHeight),
+		"Expected marking %d as processed to succeed", initHeight)
+
+	assert.Equalf(t, blockStateProcessed, sc.getStateAtHeight(initHeight),
+		"Expected block %d to be blockStateProcessed", initHeight)
+
+	assert.NoError(t, sc.removePeer(peerID),
+		"Expected removing peer %s to succeed", peerID)
+
+	assert.Equalf(t, blockStateProcessed, sc.getStateAtHeight(initHeight),
+		"Expected block %d to be blockStateProcessed", initHeight)
+}
+
+func TestMinMaxHeight(t *testing.T) {
+	var (
+		initHeight int64  = 5
+		peerID     p2p.ID = "1"
+		peerHeight int64  = 20
+		sc                = newSchedule(initHeight)
+		now               = time.Now()
+	)
+
+	assert.Equal(t, initHeight, sc.minHeight(),
+		"Expected min height to be the initialized height")
+
+	assert.Equal(t, initHeight, sc.maxHeight(),
+		"Expected max height to be the initialized height")
+
+	assert.NoError(t, sc.addPeer(peerID),
+		"Adding a peer should return no error")
+
+	assert.NoError(t, sc.setPeerHeight(peerID, peerHeight),
+		"Expected setPeerHeight to return no error")
+
+	assert.Equal(t, peerHeight, sc.maxHeight(),
+		"Expected max height to increase to peerHeight")
+
+	assert.Nil(t, sc.markPending(peerID, initHeight, now.Add(1*time.Second)),
+		"Expected marking initHeight as pending to return no error")
+
+	assert.Equal(t, initHeight+1, sc.minHeight(),
+		"Expected marking initHeight as pending to move minHeight forward")
+}
+
+func TestPeersSlowerThan(t *testing.T) {
+	var (
+		initHeight int64  = 5
+		peerID     p2p.ID = "1"
+		peerHeight int64  = 20
+		blockSize  int64  = 1024
+		sc                = newSchedule(initHeight)
+		now               = time.Now()
+		receivedAt        = now.Add(1 * time.Second)
+	)
+
+	assert.NoError(t, sc.addPeer(peerID),
+		"Adding a peer should return no error")
+
+	assert.NoError(t, sc.setPeerHeight(peerID, peerHeight),
+		"Expected setPeerHeight to return no error")
+
+	assert.NoError(t, sc.markPending(peerID, peerHeight, now),
+		"Expected markingPending on to return no error")
+
+	assert.NoError(t, sc.markReceived(peerID, peerHeight, blockSize, receivedAt),
+		"Expected markingPending on to return no error")
+
+	assert.Empty(t, sc.peersSlowerThan(blockSize-1),
+		"expected no peers to be slower than blockSize-1 bytes/sec")
+
+	assert.Containsf(t, sc.peersSlowerThan(blockSize+1), peerID,
+		"expected %s to be slower than blockSize+1 bytes/sec", peerID)
+}
--- a/cmd/contract_tests/main.go
+++ b/cmd/contract_tests/main.go
@@ -0,0 +1,34 @@
+package main
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/snikch/goodman/hooks"
+	"github.com/snikch/goodman/transaction"
+)
+
+func main() {
+	// This must be compiled beforehand and given to dredd as parameter, in the meantime the server should be running
+	h := hooks.NewHooks()
+	server := hooks.NewServer(hooks.NewHooksRunner(h))
+	h.BeforeAll(func(t []*transaction.Transaction) {
+		fmt.Println(t[0].Name)
+	})
+	h.BeforeEach(func(t *transaction.Transaction) {
+		if strings.HasPrefix(t.Name, "Tx") ||
+			// We need a proper example of evidence to broadcast
+			strings.HasPrefix(t.Name, "Info > /broadcast_evidence") ||
+			// We need a proper example of path and data
+			strings.HasPrefix(t.Name, "ABCI > /abci_query") ||
+			// We need to find a way to make a transaction before starting the tests,
+			// that hash should replace the dummy one in hte swagger file
+			strings.HasPrefix(t.Name, "Info > /tx") {
+			t.Skip = true
+			fmt.Printf("%s Has been skipped\n", t.Name)
+		}
+	})
+	server.Serve()
+	defer server.Listener.Close()
+	fmt.Print("FINE")
+}
--- a/cmd/priv_val_server/main.go
+++ b/cmd/priv_val_server/main.go
@@ -48,15 +48,17 @@ func main() {
 		os.Exit(1)
 	}

-	rs := privval.NewSignerServiceEndpoint(logger, *chainID, pv, dialer)
-	err := rs.Start()
+	sd := privval.NewSignerDialerEndpoint(logger, dialer)
+	ss := privval.NewSignerServer(sd, *chainID, pv)
+
+	err := ss.Start()
 	if err != nil {
 		panic(err)
 	}

 	// Stop upon receiving SIGTERM or CTRL-C.
 	cmn.TrapSignal(logger, func() {
-		err := rs.Stop()
+		err := ss.Stop()
 		if err != nil {
 			panic(err)
 		}
--- a/cmd/tendermint/commands/codec.go
+++ b/cmd/tendermint/commands/codec.go
--- a/cmd/tendermint/commands/lite.go
+++ b/cmd/tendermint/commands/lite.go
@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"net/url"

+	"github.com/pkg/errors"
 	"github.com/spf13/cobra"

 	cmn "github.com/tendermint/tendermint/libs/common"
@@ -80,7 +81,7 @@ func runProxy(cmd *cobra.Command, args []string) error {
 	logger.Info("Constructing Verifier...")
 	cert, err := proxy.NewVerifier(chainID, home, node, logger, cacheSize)
 	if err != nil {
-		return cmn.ErrorWrap(err, "constructing Verifier")
+		return errors.Wrap(err, "constructing Verifier")
 	}
 	cert.SetLogger(logger)
 	sc := proxy.SecureClient(node, cert)
@@ -88,7 +89,7 @@ func runProxy(cmd *cobra.Command, args []string) error {
 	logger.Info("Starting proxy...")
 	err = proxy.StartProxy(sc, listenAddr, logger, maxOpenConnections)
 	if err != nil {
-		return cmn.ErrorWrap(err, "starting proxy")
+		return errors.Wrap(err, "starting proxy")
 	}

 	// Run forever
--- a/cmd/tendermint/commands/root_test.go
+++ b/cmd/tendermint/commands/root_test.go
@@ -165,7 +165,7 @@ func TestRootConfig(t *testing.T) {
 func WriteConfigVals(dir string, vals map[string]string) error {
 	data := ""
 	for k, v := range vals {
-		data = data + fmt.Sprintf("%s = \"%s\"\n", k, v)
+		data += fmt.Sprintf("%s = \"%s\"\n", k, v)
 	}
 	cfile := filepath.Join(dir, "config.toml")
 	return ioutil.WriteFile(cfile, []byte(data), 0666)
--- a/cmd/tendermint/commands/run_node.go
+++ b/cmd/tendermint/commands/run_node.go
@@ -19,7 +19,7 @@ func AddNodeFlags(cmd *cobra.Command) {
 	cmd.Flags().String("priv_validator_laddr", config.PrivValidatorListenAddr, "Socket address to listen on for connections from external priv_validator process")

 	// node flags
-	cmd.Flags().Bool("fast_sync", config.FastSync, "Fast blockchain syncing")
+	cmd.Flags().Bool("fast_sync", config.FastSyncMode, "Fast blockchain syncing")

 	// abci flags
 	cmd.Flags().String("proxy_app", config.ProxyApp, "Proxy app address, or one of: 'kvstore', 'persistent_kvstore', 'counter', 'counter_serial' or 'noop' for local testing.")
--- a/cmd/tendermint/commands/testnet.go
+++ b/cmd/tendermint/commands/testnet.go
@@ -161,9 +161,10 @@ func testnetFiles(cmd *cobra.Command, args []string) error {

 	// Generate genesis doc from generated validators
 	genDoc := &types.GenesisDoc{
-		GenesisTime: tmtime.Now(),
-		ChainID:     "chain-" + cmn.RandStr(6),
-		Validators:  genVals,
+		ChainID:         "chain-" + cmn.RandStr(6),
+		ConsensusParams: types.DefaultConsensusParams(),
+		GenesisTime:     tmtime.Now(),
+		Validators:      genVals,
 	}

 	// Write genesis file.
--- a/config/config.go
+++ b/config/config.go
@@ -2,6 +2,7 @@ package config

 import (
 	"fmt"
+	"net/http"
 	"os"
 	"path/filepath"
 	"time"
@@ -64,6 +65,7 @@ type Config struct {
 	RPC             *RPCConfig             `mapstructure:"rpc"`
 	P2P             *P2PConfig             `mapstructure:"p2p"`
 	Mempool         *MempoolConfig         `mapstructure:"mempool"`
+	FastSync        *FastSyncConfig        `mapstructure:"fastsync"`
 	Consensus       *ConsensusConfig       `mapstructure:"consensus"`
 	TxIndex         *TxIndexConfig         `mapstructure:"tx_index"`
 	Instrumentation *InstrumentationConfig `mapstructure:"instrumentation"`
@@ -76,6 +78,7 @@ func DefaultConfig() *Config {
 		RPC:             DefaultRPCConfig(),
 		P2P:             DefaultP2PConfig(),
 		Mempool:         DefaultMempoolConfig(),
+		FastSync:        DefaultFastSyncConfig(),
 		Consensus:       DefaultConsensusConfig(),
 		TxIndex:         DefaultTxIndexConfig(),
 		Instrumentation: DefaultInstrumentationConfig(),
@@ -89,6 +92,7 @@ func TestConfig() *Config {
 		RPC:             TestRPCConfig(),
 		P2P:             TestP2PConfig(),
 		Mempool:         TestMempoolConfig(),
+		FastSync:        TestFastSyncConfig(),
 		Consensus:       TestConsensusConfig(),
 		TxIndex:         TestTxIndexConfig(),
 		Instrumentation: TestInstrumentationConfig(),
@@ -120,6 +124,9 @@ func (cfg *Config) ValidateBasic() error {
 	if err := cfg.Mempool.ValidateBasic(); err != nil {
 		return errors.Wrap(err, "Error in [mempool] section")
 	}
+	if err := cfg.FastSync.ValidateBasic(); err != nil {
+		return errors.Wrap(err, "Error in [fastsync] section")
+	}
 	if err := cfg.Consensus.ValidateBasic(); err != nil {
 		return errors.Wrap(err, "Error in [consensus] section")
 	}
@@ -151,7 +158,7 @@ type BaseConfig struct {
 	// If this node is many blocks behind the tip of the chain, FastSync
 	// allows them to catchup quickly by downloading blocks in parallel
 	// and verifying their commits
-	FastSync bool `mapstructure:"fast_sync"`
+	FastSyncMode bool `mapstructure:"fast_sync"`

 	// Database backend: goleveldb | cleveldb | boltdb
 	// * goleveldb (github.com/syndtr/goleveldb - most popular implementation)
@@ -216,7 +223,7 @@ func DefaultBaseConfig() BaseConfig {
 		LogLevel:           DefaultPackageLogLevels(),
 		LogFormat:          LogFormatPlain,
 		ProfListenAddress:  "",
-		FastSync:           true,
+		FastSyncMode:       true,
 		FilterPeers:        false,
 		DBBackend:          "goleveldb",
 		DBPath:             "data",
@@ -228,7 +235,7 @@ func TestBaseConfig() BaseConfig {
 	cfg := DefaultBaseConfig()
 	cfg.chainID = "tendermint_test"
 	cfg.ProxyApp = "kvstore"
-	cfg.FastSync = false
+	cfg.FastSyncMode = false
 	cfg.DBBackend = "memdb"
 	return cfg
 }
@@ -351,6 +358,12 @@ type RPCConfig struct {
 	// See https://github.com/tendermint/tendermint/issues/3435
 	TimeoutBroadcastTxCommit time.Duration `mapstructure:"timeout_broadcast_tx_commit"`

+	// Maximum size of request body, in bytes
+	MaxBodyBytes int64 `mapstructure:"max_body_bytes"`
+
+	// Maximum size of request header, in bytes
+	MaxHeaderBytes int `mapstructure:"max_header_bytes"`
+
 	// The path to a file containing certificate that is used to create the HTTPS server.
 	// Migth be either absolute path or path related to tendermint's config directory.
 	//
@@ -373,7 +386,7 @@ func DefaultRPCConfig() *RPCConfig {
 	return &RPCConfig{
 		ListenAddress:          "tcp://127.0.0.1:26657",
 		CORSAllowedOrigins:     []string{},
-		CORSAllowedMethods:     []string{"HEAD", "GET", "POST"},
+		CORSAllowedMethods:     []string{http.MethodHead, http.MethodGet, http.MethodPost},
 		CORSAllowedHeaders:     []string{"Origin", "Accept", "Content-Type", "X-Requested-With", "X-Server-Time"},
 		GRPCListenAddress:      "",
 		GRPCMaxOpenConnections: 900,
@@ -385,6 +398,9 @@ func DefaultRPCConfig() *RPCConfig {
 		MaxSubscriptionsPerClient: 5,
 		TimeoutBroadcastTxCommit:  10 * time.Second,

+		MaxBodyBytes:   int64(1000000), // 1MB
+		MaxHeaderBytes: 1 << 20,        // same as the net/http default
+
 		TLSCertFile: "",
 		TLSKeyFile:  "",
 	}
@@ -417,6 +433,12 @@ func (cfg *RPCConfig) ValidateBasic() error {
 	if cfg.TimeoutBroadcastTxCommit < 0 {
 		return errors.New("timeout_broadcast_tx_commit can't be negative")
 	}
+	if cfg.MaxBodyBytes < 0 {
+		return errors.New("max_body_bytes can't be negative")
+	}
+	if cfg.MaxHeaderBytes < 0 {
+		return errors.New("max_header_bytes can't be negative")
+	}
 	return nil
 }

@@ -616,6 +638,7 @@ type MempoolConfig struct {
 	Size        int    `mapstructure:"size"`
 	MaxTxsBytes int64  `mapstructure:"max_txs_bytes"`
 	CacheSize   int    `mapstructure:"cache_size"`
+	MaxTxBytes  int    `mapstructure:"max_tx_bytes"`
 }

 // DefaultMempoolConfig returns a default configuration for the Tendermint mempool
@@ -629,6 +652,7 @@ func DefaultMempoolConfig() *MempoolConfig {
 		Size:        5000,
 		MaxTxsBytes: 1024 * 1024 * 1024, // 1GB
 		CacheSize:   10000,
+		MaxTxBytes:  1024 * 1024, // 1MB
 	}
 }

@@ -661,9 +685,44 @@ func (cfg *MempoolConfig) ValidateBasic() error {
 	if cfg.CacheSize < 0 {
 		return errors.New("cache_size can't be negative")
 	}
+	if cfg.MaxTxBytes < 0 {
+		return errors.New("max_tx_bytes can't be negative")
+	}
 	return nil
 }

+//-----------------------------------------------------------------------------
+// FastSyncConfig
+
+// FastSyncConfig defines the configuration for the Tendermint fast sync service
+type FastSyncConfig struct {
+	Version string `mapstructure:"version"`
+}
+
+// DefaultFastSyncConfig returns a default configuration for the fast sync service
+func DefaultFastSyncConfig() *FastSyncConfig {
+	return &FastSyncConfig{
+		Version: "v0",
+	}
+}
+
+// TestFastSyncConfig returns a default configuration for the fast sync.
+func TestFastSyncConfig() *FastSyncConfig {
+	return DefaultFastSyncConfig()
+}
+
+// ValidateBasic performs basic validation.
+func (cfg *FastSyncConfig) ValidateBasic() error {
+	switch cfg.Version {
+	case "v0":
+		return nil
+	case "v1":
+		return nil
+	default:
+		return fmt.Errorf("unknown fastsync version %s", cfg.Version)
+	}
+}
+
 //-----------------------------------------------------------------------------
 // ConsensusConfig

--- a/config/config_test.go
+++ b/config/config_test.go
@@ -1,6 +1,7 @@
 package config

 import (
+	"reflect"
 	"testing"
 	"time"

@@ -52,3 +53,116 @@ func TestTLSConfiguration(t *testing.T) {
 	cfg.RPC.TLSKeyFile = "/abs/path/to/file.key"
 	assert.Equal("/abs/path/to/file.key", cfg.RPC.KeyFile())
 }
+
+func TestBaseConfigValidateBasic(t *testing.T) {
+	cfg := TestBaseConfig()
+	assert.NoError(t, cfg.ValidateBasic())
+
+	// tamper with log format
+	cfg.LogFormat = "invalid"
+	assert.Error(t, cfg.ValidateBasic())
+}
+
+func TestRPCConfigValidateBasic(t *testing.T) {
+	cfg := TestRPCConfig()
+	assert.NoError(t, cfg.ValidateBasic())
+
+	fieldsToTest := []string{
+		"GRPCMaxOpenConnections",
+		"MaxOpenConnections",
+		"MaxSubscriptionClients",
+		"MaxSubscriptionsPerClient",
+		"TimeoutBroadcastTxCommit",
+		"MaxBodyBytes",
+		"MaxHeaderBytes",
+	}
+
+	for _, fieldName := range fieldsToTest {
+		reflect.ValueOf(cfg).Elem().FieldByName(fieldName).SetInt(-1)
+		assert.Error(t, cfg.ValidateBasic())
+		reflect.ValueOf(cfg).Elem().FieldByName(fieldName).SetInt(0)
+	}
+}
+
+func TestP2PConfigValidateBasic(t *testing.T) {
+	cfg := TestP2PConfig()
+	assert.NoError(t, cfg.ValidateBasic())
+
+	fieldsToTest := []string{
+		"MaxNumInboundPeers",
+		"MaxNumOutboundPeers",
+		"FlushThrottleTimeout",
+		"MaxPacketMsgPayloadSize",
+		"SendRate",
+		"RecvRate",
+	}
+
+	for _, fieldName := range fieldsToTest {
+		reflect.ValueOf(cfg).Elem().FieldByName(fieldName).SetInt(-1)
+		assert.Error(t, cfg.ValidateBasic())
+		reflect.ValueOf(cfg).Elem().FieldByName(fieldName).SetInt(0)
+	}
+}
+
+func TestMempoolConfigValidateBasic(t *testing.T) {
+	cfg := TestMempoolConfig()
+	assert.NoError(t, cfg.ValidateBasic())
+
+	fieldsToTest := []string{
+		"Size",
+		"MaxTxsBytes",
+		"CacheSize",
+		"MaxTxBytes",
+	}
+
+	for _, fieldName := range fieldsToTest {
+		reflect.ValueOf(cfg).Elem().FieldByName(fieldName).SetInt(-1)
+		assert.Error(t, cfg.ValidateBasic())
+		reflect.ValueOf(cfg).Elem().FieldByName(fieldName).SetInt(0)
+	}
+}
+
+func TestFastSyncConfigValidateBasic(t *testing.T) {
+	cfg := TestFastSyncConfig()
+	assert.NoError(t, cfg.ValidateBasic())
+
+	// tamper with version
+	cfg.Version = "v1"
+	assert.NoError(t, cfg.ValidateBasic())
+
+	cfg.Version = "invalid"
+	assert.Error(t, cfg.ValidateBasic())
+}
+
+func TestConsensusConfigValidateBasic(t *testing.T) {
+	cfg := TestConsensusConfig()
+	assert.NoError(t, cfg.ValidateBasic())
+
+	fieldsToTest := []string{
+		"TimeoutPropose",
+		"TimeoutProposeDelta",
+		"TimeoutPrevote",
+		"TimeoutPrevoteDelta",
+		"TimeoutPrecommit",
+		"TimeoutPrecommitDelta",
+		"TimeoutCommit",
+		"CreateEmptyBlocksInterval",
+		"PeerGossipSleepDuration",
+		"PeerQueryMaj23SleepDuration",
+	}
+
+	for _, fieldName := range fieldsToTest {
+		reflect.ValueOf(cfg).Elem().FieldByName(fieldName).SetInt(-1)
+		assert.Error(t, cfg.ValidateBasic())
+		reflect.ValueOf(cfg).Elem().FieldByName(fieldName).SetInt(0)
+	}
+}
+
+func TestInstrumentationConfigValidateBasic(t *testing.T) {
+	cfg := TestInstrumentationConfig()
+	assert.NoError(t, cfg.ValidateBasic())
+
+	// tamper with maximum open connections
+	cfg.MaxOpenConnections = -1
+	assert.Error(t, cfg.ValidateBasic())
+}
--- a/config/toml.go
+++ b/config/toml.go
@@ -79,7 +79,7 @@ moniker = "{{ .BaseConfig.Moniker }}"
 # If this node is many blocks behind the tip of the chain, FastSync
 # allows them to catchup quickly by downloading blocks in parallel
 # and verifying their commits
-fast_sync = {{ .BaseConfig.FastSync }}
+fast_sync = {{ .BaseConfig.FastSyncMode }}

 # Database backend: goleveldb | cleveldb | boltdb
 # * goleveldb (github.com/syndtr/goleveldb - most popular implementation)
@@ -192,6 +192,12 @@ max_subscriptions_per_client = {{ .RPC.MaxSubscriptionsPerClient }}
 # See https://github.com/tendermint/tendermint/issues/3435
 timeout_broadcast_tx_commit = "{{ .RPC.TimeoutBroadcastTxCommit }}"

+# Maximum size of request body, in bytes
+max_body_bytes = {{ .RPC.MaxBodyBytes }}
+
+# Maximum size of request header, in bytes
+max_header_bytes = {{ .RPC.MaxHeaderBytes }}
+
 # The path to a file containing certificate that is used to create the HTTPS server.
 # Migth be either absolute path or path related to tendermint's config directory.
 # If the certificate is signed by a certificate authority,
@@ -288,6 +294,18 @@ max_txs_bytes = {{ .Mempool.MaxTxsBytes }}
 # Size of the cache (used to filter transactions we saw earlier) in transactions
 cache_size = {{ .Mempool.CacheSize }}

+# Maximum size of a single transaction.
+# NOTE: the max size of a tx transmitted over the network is {max_tx_bytes} + {amino overhead}.
+max_tx_bytes = {{ .Mempool.MaxTxBytes }}
+
+##### fast sync configuration options #####
+[fastsync]
+
+# Fast Sync version to use:
+#   1) "v0" (default) - the legacy fast sync implementation
+#   2) "v1" - refactor of v0 version for better testability
+version = "{{ .FastSync.Version }}"
+
 ##### consensus configuration options #####
 [consensus]

--- a/consensus/codec.go
+++ b/consensus/codec.go
--- a/consensus/common_test.go
+++ b/consensus/common_test.go
@@ -20,19 +20,19 @@ import (
 	"github.com/tendermint/tendermint/abci/example/counter"
 	"github.com/tendermint/tendermint/abci/example/kvstore"
 	abci "github.com/tendermint/tendermint/abci/types"
-	bc "github.com/tendermint/tendermint/blockchain"
 	cfg "github.com/tendermint/tendermint/config"
 	cstypes "github.com/tendermint/tendermint/consensus/types"
 	cmn "github.com/tendermint/tendermint/libs/common"
-	dbm "github.com/tendermint/tendermint/libs/db"
 	"github.com/tendermint/tendermint/libs/log"
 	tmpubsub "github.com/tendermint/tendermint/libs/pubsub"
 	mempl "github.com/tendermint/tendermint/mempool"
 	"github.com/tendermint/tendermint/p2p"
 	"github.com/tendermint/tendermint/privval"
 	sm "github.com/tendermint/tendermint/state"
+	"github.com/tendermint/tendermint/store"
 	"github.com/tendermint/tendermint/types"
 	tmtime "github.com/tendermint/tendermint/types/time"
+	dbm "github.com/tendermint/tm-db"
 )

 const (
@@ -280,7 +280,7 @@ func newConsensusStateWithConfig(thisConfig *cfg.Config, state sm.State, pv type

 func newConsensusStateWithConfigAndBlockStore(thisConfig *cfg.Config, state sm.State, pv types.PrivValidator, app abci.Application, blockDB dbm.DB) *ConsensusState {
 	// Get BlockStore
-	blockStore := bc.NewBlockStore(blockDB)
+	blockStore := store.NewBlockStore(blockDB)

 	// one for mempool, one for consensus
 	mtx := new(sync.Mutex)
--- a/consensus/mempool_test.go
+++ b/consensus/mempool_test.go
@@ -11,10 +11,10 @@ import (

 	"github.com/tendermint/tendermint/abci/example/code"
 	abci "github.com/tendermint/tendermint/abci/types"
-	dbm "github.com/tendermint/tendermint/libs/db"
 	mempl "github.com/tendermint/tendermint/mempool"
 	sm "github.com/tendermint/tendermint/state"
 	"github.com/tendermint/tendermint/types"
+	dbm "github.com/tendermint/tm-db"
 )

 // for testing
@@ -82,14 +82,14 @@ func TestMempoolProgressInHigherRound(t *testing.T) {
 	ensureNewRound(newRoundCh, height, round) // first round at first height
 	ensureNewEventOnChannel(newBlockCh)       // first block gets committed

-	height = height + 1 // moving to the next height
+	height++ // moving to the next height
 	round = 0

 	ensureNewRound(newRoundCh, height, round) // first round at next height
 	deliverTxsRange(cs, 0, 1)                 // we deliver txs, but dont set a proposal so we get the next round
 	ensureNewTimeout(timeoutCh, height, round, cs.config.TimeoutPropose.Nanoseconds())

-	round = round + 1                         // moving to the next round
+	round++                                   // moving to the next round
 	ensureNewRound(newRoundCh, height, round) // wait for the next round
 	ensureNewEventOnChannel(newBlockCh)       // now we can commit the block
 }
@@ -155,12 +155,14 @@ func TestMempoolRmBadTx(t *testing.T) {
 		// and the tx should get removed from the pool
 		err := assertMempool(cs.txNotifier).CheckTx(txBytes, func(r *abci.Response) {
 			if r.GetCheckTx().Code != code.CodeTypeBadNonce {
-				t.Fatalf("expected checktx to return bad nonce, got %v", r)
+				t.Errorf("expected checktx to return bad nonce, got %v", r)
+				return
 			}
 			checkTxRespCh <- struct{}{}
 		})
 		if err != nil {
-			t.Fatalf("Error after CheckTx: %v", err)
+			t.Errorf("Error after CheckTx: %v", err)
+			return
 		}

 		// check for the tx
@@ -180,7 +182,8 @@ func TestMempoolRmBadTx(t *testing.T) {
 	case <-checkTxRespCh:
 		// success
 	case <-ticker:
-		t.Fatalf("Timed out waiting for tx to return")
+		t.Errorf("Timed out waiting for tx to return")
+		return
 	}

 	// Wait until the tx is removed
@@ -189,7 +192,8 @@ func TestMempoolRmBadTx(t *testing.T) {
 	case <-emptyMempoolCh:
 		// success
 	case <-ticker:
-		t.Fatalf("Timed out waiting for tx to be removed")
+		t.Errorf("Timed out waiting for tx to be removed")
+		return
 	}
 }

--- a/consensus/reactor_test.go
+++ b/consensus/reactor_test.go
@@ -17,29 +17,31 @@ import (
 	abcicli "github.com/tendermint/tendermint/abci/client"
 	"github.com/tendermint/tendermint/abci/example/kvstore"
 	abci "github.com/tendermint/tendermint/abci/types"
-	bc "github.com/tendermint/tendermint/blockchain"
 	cfg "github.com/tendermint/tendermint/config"
-	dbm "github.com/tendermint/tendermint/libs/db"
+	cstypes "github.com/tendermint/tendermint/consensus/types"
+	cmn "github.com/tendermint/tendermint/libs/common"
 	"github.com/tendermint/tendermint/libs/log"
 	mempl "github.com/tendermint/tendermint/mempool"
 	"github.com/tendermint/tendermint/p2p"
 	"github.com/tendermint/tendermint/p2p/mock"
 	sm "github.com/tendermint/tendermint/state"
+	"github.com/tendermint/tendermint/store"
 	"github.com/tendermint/tendermint/types"
+	dbm "github.com/tendermint/tm-db"
 )

 //----------------------------------------------
 // in-process testnets

-func startConsensusNet(t *testing.T, css []*ConsensusState, N int) (
+func startConsensusNet(t *testing.T, css []*ConsensusState, n int) (
 	[]*ConsensusReactor,
 	[]types.Subscription,
 	[]*types.EventBus,
 ) {
-	reactors := make([]*ConsensusReactor, N)
+	reactors := make([]*ConsensusReactor, n)
 	blocksSubs := make([]types.Subscription, 0)
-	eventBuses := make([]*types.EventBus, N)
-	for i := 0; i < N; i++ {
+	eventBuses := make([]*types.EventBus, n)
+	for i := 0; i < n; i++ {
 		/*logger, err := tmflags.ParseLogLevel("consensus:info,*:error", logger, "info")
 		if err != nil {	t.Fatal(err)}*/
 		reactors[i] = NewConsensusReactor(css[i], true) // so we dont start the consensus states
@@ -58,7 +60,7 @@ func startConsensusNet(t *testing.T, css []*ConsensusState, N int) (
 		}
 	}
 	// make connected switches and start all reactors
-	p2p.MakeConnectedSwitches(config.P2P, N, func(i int, s *p2p.Switch) *p2p.Switch {
+	p2p.MakeConnectedSwitches(config.P2P, n, func(i int, s *p2p.Switch) *p2p.Switch {
 		s.AddReactor("CONSENSUS", reactors[i])
 		s.SetLogger(reactors[i].conS.Logger.With("module", "p2p"))
 		return s
@@ -68,7 +70,7 @@ func startConsensusNet(t *testing.T, css []*ConsensusState, N int) (
 	// If we started the state machines before everyone was connected,
 	// we'd block when the cs fires NewBlockEvent and the peers are trying to start their reactors
 	// TODO: is this still true with new pubsub?
-	for i := 0; i < N; i++ {
+	for i := 0; i < n; i++ {
 		s := reactors[i].conS.GetState()
 		reactors[i].SwitchToConsensus(s, 0)
 	}
@@ -133,7 +135,7 @@ func TestReactorWithEvidence(t *testing.T) {
 		// css[i] = newConsensusStateWithConfig(thisConfig, state, privVals[i], app)

 		blockDB := dbm.NewMemDB()
-		blockStore := bc.NewBlockStore(blockDB)
+		blockStore := store.NewBlockStore(blockDB)

 		// one for mempool, one for consensus
 		mtx := new(sync.Mutex)
@@ -235,7 +237,7 @@ func TestReactorCreatesBlockWhenEmptyBlocksFalse(t *testing.T) {

 	// send a tx
 	if err := assertMempool(css[3].txNotifier).CheckTx([]byte{1, 2, 3}, nil); err != nil {
-		//t.Fatal(err)
+		t.Error(err)
 	}

 	// wait till everyone makes the first new block
@@ -632,3 +634,253 @@ func capture() {
 	count := runtime.Stack(trace, true)
 	fmt.Printf("Stack of %d bytes: %s\n", count, trace)
 }
+
+//-------------------------------------------------------------
+// Ensure basic validation of structs is functioning
+
+func TestNewRoundStepMessageValidateBasic(t *testing.T) {
+	testCases := []struct {
+		testName               string
+		messageHeight          int64
+		messageRound           int
+		messageStep            cstypes.RoundStepType
+		messageLastCommitRound int
+		expectErr              bool
+	}{
+		{"Valid Message", 0, 0, 0x01, 1, false},
+		{"Invalid Message", -1, 0, 0x01, 1, true},
+		{"Invalid Message", 0, -1, 0x01, 1, true},
+		{"Invalid Message", 0, 0, 0x00, 1, true},
+		{"Invalid Message", 0, 0, 0x00, 0, true},
+		{"Invalid Message", 1, 0, 0x01, 0, true},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.testName, func(t *testing.T) {
+			message := NewRoundStepMessage{
+				Height:          tc.messageHeight,
+				Round:           tc.messageRound,
+				Step:            tc.messageStep,
+				LastCommitRound: tc.messageLastCommitRound,
+			}
+
+			assert.Equal(t, tc.expectErr, message.ValidateBasic() != nil, "Validate Basic had an unexpected result")
+		})
+	}
+}
+
+func TestNewValidBlockMessageValidateBasic(t *testing.T) {
+	testBitArray := cmn.NewBitArray(1)
+	testCases := []struct {
+		testName          string
+		messageHeight     int64
+		messageRound      int
+		messageBlockParts *cmn.BitArray
+		expectErr         bool
+	}{
+		{"Valid Message", 0, 0, testBitArray, false},
+		{"Invalid Message", -1, 0, testBitArray, true},
+		{"Invalid Message", 0, -1, testBitArray, true},
+		{"Invalid Message", 0, 0, cmn.NewBitArray(0), true},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.testName, func(t *testing.T) {
+			message := NewValidBlockMessage{
+				Height:     tc.messageHeight,
+				Round:      tc.messageRound,
+				BlockParts: tc.messageBlockParts,
+			}
+
+			message.BlockPartsHeader.Total = 1
+
+			assert.Equal(t, tc.expectErr, message.ValidateBasic() != nil, "Validate Basic had an unexpected result")
+		})
+	}
+}
+
+func TestProposalPOLMessageValidateBasic(t *testing.T) {
+	testBitArray := cmn.NewBitArray(1)
+	testCases := []struct {
+		testName                string
+		messageHeight           int64
+		messageProposalPOLRound int
+		messageProposalPOL      *cmn.BitArray
+		expectErr               bool
+	}{
+		{"Valid Message", 0, 0, testBitArray, false},
+		{"Invalid Message", -1, 0, testBitArray, true},
+		{"Invalid Message", 0, -1, testBitArray, true},
+		{"Invalid Message", 0, 0, cmn.NewBitArray(0), true},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.testName, func(t *testing.T) {
+			message := ProposalPOLMessage{
+				Height:           tc.messageHeight,
+				ProposalPOLRound: tc.messageProposalPOLRound,
+				ProposalPOL:      tc.messageProposalPOL,
+			}
+
+			assert.Equal(t, tc.expectErr, message.ValidateBasic() != nil, "Validate Basic had an unexpected result")
+		})
+	}
+}
+
+func TestBlockPartMessageValidateBasic(t *testing.T) {
+	testPart := new(types.Part)
+	testCases := []struct {
+		testName      string
+		messageHeight int64
+		messageRound  int
+		messagePart   *types.Part
+		expectErr     bool
+	}{
+		{"Valid Message", 0, 0, testPart, false},
+		{"Invalid Message", -1, 0, testPart, true},
+		{"Invalid Message", 0, -1, testPart, true},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.testName, func(t *testing.T) {
+			message := BlockPartMessage{
+				Height: tc.messageHeight,
+				Round:  tc.messageRound,
+				Part:   tc.messagePart,
+			}
+
+			assert.Equal(t, tc.expectErr, message.ValidateBasic() != nil, "Validate Basic had an unexpected result")
+		})
+	}
+
+	message := BlockPartMessage{Height: 0, Round: 0, Part: new(types.Part)}
+	message.Part.Index = -1
+
+	assert.Equal(t, true, message.ValidateBasic() != nil, "Validate Basic had an unexpected result")
+}
+
+func TestHasVoteMessageValidateBasic(t *testing.T) {
+	const (
+		validSignedMsgType   types.SignedMsgType = 0x01
+		invalidSignedMsgType types.SignedMsgType = 0x03
+	)
+
+	testCases := []struct {
+		testName      string
+		messageHeight int64
+		messageRound  int
+		messageType   types.SignedMsgType
+		messageIndex  int
+		expectErr     bool
+	}{
+		{"Valid Message", 0, 0, validSignedMsgType, 0, false},
+		{"Invalid Message", -1, 0, validSignedMsgType, 0, true},
+		{"Invalid Message", 0, -1, validSignedMsgType, 0, true},
+		{"Invalid Message", 0, 0, invalidSignedMsgType, 0, true},
+		{"Invalid Message", 0, 0, validSignedMsgType, -1, true},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.testName, func(t *testing.T) {
+			message := HasVoteMessage{
+				Height: tc.messageHeight,
+				Round:  tc.messageRound,
+				Type:   tc.messageType,
+				Index:  tc.messageIndex,
+			}
+
+			assert.Equal(t, tc.expectErr, message.ValidateBasic() != nil, "Validate Basic had an unexpected result")
+		})
+	}
+}
+
+func TestVoteSetMaj23MessageValidateBasic(t *testing.T) {
+	const (
+		validSignedMsgType   types.SignedMsgType = 0x01
+		invalidSignedMsgType types.SignedMsgType = 0x03
+	)
+
+	validBlockID := types.BlockID{}
+	invalidBlockID := types.BlockID{
+		Hash: cmn.HexBytes{},
+		PartsHeader: types.PartSetHeader{
+			Total: -1,
+			Hash:  cmn.HexBytes{},
+		},
+	}
+
+	testCases := []struct {
+		testName       string
+		messageHeight  int64
+		messageRound   int
+		messageType    types.SignedMsgType
+		messageBlockID types.BlockID
+		expectErr      bool
+	}{
+		{"Valid Message", 0, 0, validSignedMsgType, validBlockID, false},
+		{"Invalid Message", -1, 0, validSignedMsgType, validBlockID, true},
+		{"Invalid Message", 0, -1, validSignedMsgType, validBlockID, true},
+		{"Invalid Message", 0, 0, invalidSignedMsgType, validBlockID, true},
+		{"Invalid Message", 0, 0, validSignedMsgType, invalidBlockID, true},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.testName, func(t *testing.T) {
+			message := VoteSetMaj23Message{
+				Height:  tc.messageHeight,
+				Round:   tc.messageRound,
+				Type:    tc.messageType,
+				BlockID: tc.messageBlockID,
+			}
+
+			assert.Equal(t, tc.expectErr, message.ValidateBasic() != nil, "Validate Basic had an unexpected result")
+		})
+	}
+}
+
+func TestVoteSetBitsMessageValidateBasic(t *testing.T) {
+	const (
+		validSignedMsgType   types.SignedMsgType = 0x01
+		invalidSignedMsgType types.SignedMsgType = 0x03
+	)
+
+	validBlockID := types.BlockID{}
+	invalidBlockID := types.BlockID{
+		Hash: cmn.HexBytes{},
+		PartsHeader: types.PartSetHeader{
+			Total: -1,
+			Hash:  cmn.HexBytes{},
+		},
+	}
+	testBitArray := cmn.NewBitArray(1)
+
+	testCases := []struct {
+		testName       string
+		messageHeight  int64
+		messageRound   int
+		messageType    types.SignedMsgType
+		messageBlockID types.BlockID
+		messageVotes   *cmn.BitArray
+		expectErr      bool
+	}{
+		{"Valid Message", 0, 0, validSignedMsgType, validBlockID, testBitArray, false},
+		{"Invalid Message", -1, 0, validSignedMsgType, validBlockID, testBitArray, true},
+		{"Invalid Message", 0, -1, validSignedMsgType, validBlockID, testBitArray, true},
+		{"Invalid Message", 0, 0, invalidSignedMsgType, validBlockID, testBitArray, true},
+		{"Invalid Message", 0, 0, validSignedMsgType, invalidBlockID, testBitArray, true},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.testName, func(t *testing.T) {
+			message := VoteSetBitsMessage{
+				Height: tc.messageHeight,
+				Round:  tc.messageRound,
+				Type:   tc.messageType,
+				// Votes:   tc.messageVotes,
+				BlockID: tc.messageBlockID,
+			}
+
+			assert.Equal(t, tc.expectErr, message.ValidateBasic() != nil, "Validate Basic had an unexpected result")
+		})
+	}
+}
--- a/consensus/replay.go
+++ b/consensus/replay.go
@@ -13,8 +13,8 @@ import (

 	abci "github.com/tendermint/tendermint/abci/types"
 	//auto "github.com/tendermint/tendermint/libs/autofile"
+	dbm "github.com/tendermint/tm-db"

-	dbm "github.com/tendermint/tendermint/libs/db"
 	"github.com/tendermint/tendermint/libs/log"
 	"github.com/tendermint/tendermint/mock"
 	"github.com/tendermint/tendermint/proxy"
@@ -141,14 +141,16 @@ func (cs *ConsensusState) catchupReplay(csHeight int64) error {
 	var msg *TimedWALMessage
 	dec := WALDecoder{gr}

+LOOP:
 	for {
 		msg, err = dec.Decode()
-		if err == io.EOF {
-			break
-		} else if IsDataCorruptionError(err) {
+		switch {
+		case err == io.EOF:
+			break LOOP
+		case IsDataCorruptionError(err):
 			cs.Logger.Error("data has been corrupted in last height of consensus WAL", "err", err, "height", csHeight)
 			return err
-		} else if err != nil {
+		case err != nil:
 			return err
 		}

@@ -320,11 +322,9 @@ func (h *Handshaker) ReplayBlocks(
 				}
 				state.Validators = types.NewValidatorSet(vals)
 				state.NextValidators = types.NewValidatorSet(vals)
-			} else {
+			} else if len(h.genDoc.Validators) == 0 {
 				// If validator set is not set in genesis and still empty after InitChain, exit.
-				if len(h.genDoc.Validators) == 0 {
-					return nil, fmt.Errorf("validator set is nil in genesis and still empty after InitChain")
-				}
+				return nil, fmt.Errorf("validator set is nil in genesis and still empty after InitChain")
 			}

 			if res.ConsensusParams != nil {
@@ -335,19 +335,20 @@ func (h *Handshaker) ReplayBlocks(
 	}

 	// First handle edge cases and constraints on the storeBlockHeight.
-	if storeBlockHeight == 0 {
+	switch {
+	case storeBlockHeight == 0:
 		assertAppHashEqualsOneFromState(appHash, state)
 		return appHash, nil

-	} else if storeBlockHeight < appBlockHeight {
+	case storeBlockHeight < appBlockHeight:
 		// the app should never be ahead of the store (but this is under app's control)
 		return appHash, sm.ErrAppBlockHeightTooHigh{CoreHeight: storeBlockHeight, AppHeight: appBlockHeight}

-	} else if storeBlockHeight < stateBlockHeight {
+	case storeBlockHeight < stateBlockHeight:
 		// the state should never be ahead of the store (this is under tendermint's control)
 		panic(fmt.Sprintf("StateBlockHeight (%d) > StoreBlockHeight (%d)", stateBlockHeight, storeBlockHeight))

-	} else if storeBlockHeight > stateBlockHeight+1 {
+	case storeBlockHeight > stateBlockHeight+1:
 		// store should be at most one ahead of the state (this is under tendermint's control)
 		panic(fmt.Sprintf("StoreBlockHeight (%d) > StateBlockHeight + 1 (%d)", storeBlockHeight, stateBlockHeight+1))
 	}
@@ -371,12 +372,13 @@ func (h *Handshaker) ReplayBlocks(
 	} else if storeBlockHeight == stateBlockHeight+1 {
 		// We saved the block in the store but haven't updated the state,
 		// so we'll need to replay a block using the WAL.
-		if appBlockHeight < stateBlockHeight {
+		switch {
+		case appBlockHeight < stateBlockHeight:
 			// the app is further behind than it should be, so replay blocks
 			// but leave the last block to go through the WAL
 			return h.replayBlocks(state, proxyApp, appBlockHeight, storeBlockHeight, true)

-		} else if appBlockHeight == stateBlockHeight {
+		case appBlockHeight == stateBlockHeight:
 			// We haven't run Commit (both the state and app are one block behind),
 			// so replayBlock with the real app.
 			// NOTE: We could instead use the cs.WAL on cs.Start,
@@ -385,7 +387,7 @@ func (h *Handshaker) ReplayBlocks(
 			state, err = h.replayBlock(state, storeBlockHeight, proxyApp.Consensus())
 			return state.AppHash, err

-		} else if appBlockHeight == storeBlockHeight {
+		case appBlockHeight == storeBlockHeight:
 			// We ran Commit, but didn't save the state, so replayBlock with mock app.
 			abciResponses, err := sm.LoadABCIResponses(h.stateDB, storeBlockHeight)
 			if err != nil {
--- a/consensus/replay_file.go
+++ b/consensus/replay_file.go
@@ -10,15 +10,15 @@ import (
 	"strings"

 	"github.com/pkg/errors"
+	dbm "github.com/tendermint/tm-db"

-	bc "github.com/tendermint/tendermint/blockchain"
 	cfg "github.com/tendermint/tendermint/config"
 	cmn "github.com/tendermint/tendermint/libs/common"
-	dbm "github.com/tendermint/tendermint/libs/db"
 	"github.com/tendermint/tendermint/libs/log"
 	"github.com/tendermint/tendermint/mock"
 	"github.com/tendermint/tendermint/proxy"
 	sm "github.com/tendermint/tendermint/state"
+	"github.com/tendermint/tendermint/store"
 	"github.com/tendermint/tendermint/types"
 )

@@ -231,10 +231,8 @@ func (pb *playback) replayConsoleLoop() int {
 					fmt.Println("back takes an integer argument")
 				} else if i > pb.count {
 					fmt.Printf("argument to back must not be larger than the current count (%d)\n", pb.count)
-				} else {
-					if err := pb.replayReset(i, newStepSub); err != nil {
-						pb.cs.Logger.Error("Replay reset error", "err", err)
-					}
+				} else if err := pb.replayReset(i, newStepSub); err != nil {
+					pb.cs.Logger.Error("Replay reset error", "err", err)
 				}
 			}

@@ -280,7 +278,7 @@ func newConsensusStateForReplay(config cfg.BaseConfig, csConfig *cfg.ConsensusCo
 	dbType := dbm.DBBackendType(config.DBBackend)
 	// Get BlockStore
 	blockStoreDB := dbm.NewDB("blockstore", dbType, config.DBDir())
-	blockStore := bc.NewBlockStore(blockStoreDB)
+	blockStore := store.NewBlockStore(blockStoreDB)

 	// Get State
 	stateDB := dbm.NewDB("state", dbType, config.DBDir())
--- a/consensus/replay_test.go
+++ b/consensus/replay_test.go
@@ -22,15 +22,14 @@ import (
 	cfg "github.com/tendermint/tendermint/config"
 	"github.com/tendermint/tendermint/crypto"
 	cmn "github.com/tendermint/tendermint/libs/common"
-	dbm "github.com/tendermint/tendermint/libs/db"
 	"github.com/tendermint/tendermint/libs/log"
 	"github.com/tendermint/tendermint/mock"
 	"github.com/tendermint/tendermint/privval"
 	"github.com/tendermint/tendermint/proxy"
 	sm "github.com/tendermint/tendermint/state"
 	"github.com/tendermint/tendermint/types"
-	tmtime "github.com/tendermint/tendermint/types/time"
 	"github.com/tendermint/tendermint/version"
+	dbm "github.com/tendermint/tm-db"
 )

 func TestMain(m *testing.M) {
@@ -546,8 +545,7 @@ func TestMockProxyApp(t *testing.T) {
 		abciRes.DeliverTx = make([]*abci.ResponseDeliverTx, len(loadedAbciRes.DeliverTx))
 		// Execute transactions and get hash.
 		proxyCb := func(req *abci.Request, res *abci.Response) {
-			switch r := res.Value.(type) {
-			case *abci.Response_DeliverTx:
+			if r, ok := res.Value.(*abci.Response_DeliverTx); ok {
 				// TODO: make use of res.Log
 				// TODO: make use of this info
 				// Blocks may include invalid txs.
@@ -849,31 +847,14 @@ func makeBlocks(n int, state *sm.State, privVal types.PrivValidator) []*types.Bl
 	return blocks
 }

-func makeVote(header *types.Header, blockID types.BlockID, valset *types.ValidatorSet, privVal types.PrivValidator) *types.Vote {
-	addr := privVal.GetPubKey().Address()
-	idx, _ := valset.GetByAddress(addr)
-	vote := &types.Vote{
-		ValidatorAddress: addr,
-		ValidatorIndex:   idx,
-		Height:           header.Height,
-		Round:            1,
-		Timestamp:        tmtime.Now(),
-		Type:             types.PrecommitType,
-		BlockID:          blockID,
-	}
-
-	privVal.SignVote(header.ChainID, vote)
-
-	return vote
-}
-
 func makeBlock(state sm.State, lastBlock *types.Block, lastBlockMeta *types.BlockMeta,
 	privVal types.PrivValidator, height int64) (*types.Block, *types.PartSet) {

 	lastCommit := types.NewCommit(types.BlockID{}, nil)
 	if height > 1 {
-		vote := makeVote(&lastBlock.Header, lastBlockMeta.BlockID, state.Validators, privVal).CommitSig()
-		lastCommit = types.NewCommit(lastBlockMeta.BlockID, []*types.CommitSig{vote})
+		vote, _ := types.MakeVote(lastBlock.Header.Height, lastBlockMeta.BlockID, state.Validators, privVal, lastBlock.Header.ChainID)
+		voteCommitSig := vote.CommitSig()
+		lastCommit = types.NewCommit(lastBlockMeta.BlockID, []*types.CommitSig{voteCommitSig})
 	}

 	return state.MakeBlock(height, []types.Tx{}, lastCommit, nil, state.Validators.GetProposer().Address)
--- a/consensus/state.go
+++ b/consensus/state.go
@@ -690,13 +690,13 @@ func (cs *ConsensusState) handleMsg(mi msgInfo) {
 			cs.statsMsgQueue <- mi
 		}

-		if err == ErrAddingVote {
-			// TODO: punish peer
-			// We probably don't want to stop the peer here. The vote does not
-			// necessarily comes from a malicious peer but can be just broadcasted by
-			// a typical peer.
-			// https://github.com/tendermint/tendermint/issues/1281
-		}
+		// if err == ErrAddingVote {
+		// TODO: punish peer
+		// We probably don't want to stop the peer here. The vote does not
+		// necessarily comes from a malicious peer but can be just broadcasted by
+		// a typical peer.
+		// https://github.com/tendermint/tendermint/issues/1281
+		// }

 		// NOTE: the vote is broadcast to peers by the reactor listening
 		// for vote events
@@ -709,7 +709,7 @@ func (cs *ConsensusState) handleMsg(mi msgInfo) {
 		return
 	}

-	if err != nil {
+	if err != nil { // nolint:staticcheck
 		// Causes TestReactorValidatorSetChanges to timeout
 		// https://github.com/tendermint/tendermint/issues/3406
 		// cs.Logger.Error("Error with msg", "height", cs.Height, "round", cs.Round,
@@ -924,10 +924,8 @@ func (cs *ConsensusState) defaultDecideProposal(height int64, round int) {
 		}
 		cs.Logger.Info("Signed proposal", "height", height, "round", round, "proposal", proposal)
 		cs.Logger.Debug(fmt.Sprintf("Signed proposal block: %v", block))
-	} else {
-		if !cs.replayMode {
-			cs.Logger.Error("enterPropose: Error signing proposal", "height", height, "round", round, "err", err)
-		}
+	} else if !cs.replayMode {
+		cs.Logger.Error("enterPropose: Error signing proposal", "height", height, "round", round, "err", err)
 	}
 }

@@ -954,14 +952,15 @@ func (cs *ConsensusState) isProposalComplete() bool {
 // NOTE: keep it side-effect free for clarity.
 func (cs *ConsensusState) createProposalBlock() (block *types.Block, blockParts *types.PartSet) {
 	var commit *types.Commit
-	if cs.Height == 1 {
+	switch {
+	case cs.Height == 1:
 		// We're creating a proposal for the first block.
 		// The commit is empty, but not nil.
 		commit = types.NewCommit(types.BlockID{}, nil)
-	} else if cs.LastCommit.HasTwoThirdsMajority() {
+	case cs.LastCommit.HasTwoThirdsMajority():
 		// Make the commit from LastCommit
 		commit = cs.LastCommit.MakeCommit()
-	} else {
+	default:
 		// This shouldn't happen.
 		cs.Logger.Error("enterPropose: Cannot propose anything: No commit for the previous block.")
 		return
@@ -1227,9 +1226,10 @@ func (cs *ConsensusState) enterCommit(height int64, commitRound int) {
 			cs.ProposalBlockParts = types.NewPartSetFromHeader(blockID.PartsHeader)
 			cs.eventBus.PublishEventValidBlock(cs.RoundStateEvent())
 			cs.evsw.FireEvent(types.EventValidBlock, &cs.RoundState)
-		} else {
-			// We just need to keep waiting.
 		}
+		// else {
+		// We just need to keep waiting.
+		// }
 	}
 }

@@ -1518,9 +1518,11 @@ func (cs *ConsensusState) tryAddVote(vote *types.Vote, peerID p2p.ID) (bool, err
 			cs.evpool.AddEvidence(voteErr.DuplicateVoteEvidence)
 			return added, err
 		} else {
-			// Probably an invalid signature / Bad peer.
-			// Seems this can also err sometimes with "Unexpected step" - perhaps not from a bad peer ?
-			cs.Logger.Error("Error attempting to add vote", "err", err)
+			// Either
+			// 1) bad peer OR
+			// 2) not a bad peer? this can also err sometimes with "Unexpected step" OR
+			// 3) tmkms use with multiple validators connecting to a single tmkms instance (https://github.com/tendermint/tendermint/issues/3839).
+			cs.Logger.Info("Error attempting to add vote", "err", err)
 			return added, ErrAddingVote
 		}
 	}
@@ -1629,17 +1631,18 @@ func (cs *ConsensusState) addVote(vote *types.Vote, peerID p2p.ID) (added bool,
 		}

 		// If +2/3 prevotes for *anything* for future round:
-		if cs.Round < vote.Round && prevotes.HasTwoThirdsAny() {
+		switch {
+		case cs.Round < vote.Round && prevotes.HasTwoThirdsAny():
 			// Round-skip if there is any 2/3+ of votes ahead of us
 			cs.enterNewRound(height, vote.Round)
-		} else if cs.Round == vote.Round && cstypes.RoundStepPrevote <= cs.Step { // current round
+		case cs.Round == vote.Round && cstypes.RoundStepPrevote <= cs.Step: // current round
 			blockID, ok := prevotes.TwoThirdsMajority()
 			if ok && (cs.isProposalComplete() || len(blockID.Hash) == 0) {
 				cs.enterPrecommit(height, vote.Round)
 			} else if prevotes.HasTwoThirdsAny() {
 				cs.enterPrevoteWait(height, vote.Round)
 			}
-		} else if cs.Proposal != nil && 0 <= cs.Proposal.POLRound && cs.Proposal.POLRound == vote.Round {
+		case cs.Proposal != nil && 0 <= cs.Proposal.POLRound && cs.Proposal.POLRound == vote.Round:
 			// If the proposal is now complete, enter prevote of cs.Round.
 			if cs.isProposalComplete() {
 				cs.enterPrevote(height, cs.Round)
@@ -1669,7 +1672,7 @@ func (cs *ConsensusState) addVote(vote *types.Vote, peerID p2p.ID) (added bool,
 		}

 	default:
-		panic(fmt.Sprintf("Unexpected vote type %X", vote.Type)) // go-wire should prevent this.
+		panic(fmt.Sprintf("Unexpected vote type %X", vote.Type)) // go-amino should prevent this.
 	}

 	return
--- a/consensus/state_test.go
+++ b/consensus/state_test.go
@@ -181,7 +181,7 @@ func TestStateBadProposal(t *testing.T) {
 	propBlock, _ := cs1.createProposalBlock() //changeProposer(t, cs1, vs2)

 	// make the second validator the proposer by incrementing round
-	round = round + 1
+	round++
 	incrementRound(vss[1:]...)

 	// make the block bad by tampering with statehash
@@ -374,7 +374,7 @@ func TestStateLockNoPOL(t *testing.T) {

 	///

-	round = round + 1 // moving to the next round
+	round++ // moving to the next round
 	ensureNewRound(newRoundCh, height, round)
 	t.Log("#### ONTO ROUND 1")
 	/*
@@ -418,7 +418,7 @@ func TestStateLockNoPOL(t *testing.T) {
 	// then we enterPrecommitWait and timeout into NewRound
 	ensureNewTimeout(timeoutWaitCh, height, round, cs1.config.Precommit(round).Nanoseconds())

-	round = round + 1 // entering new round
+	round++ // entering new round
 	ensureNewRound(newRoundCh, height, round)
 	t.Log("#### ONTO ROUND 2")
 	/*
@@ -460,7 +460,7 @@ func TestStateLockNoPOL(t *testing.T) {

 	incrementRound(vs2)

-	round = round + 1 // entering new round
+	round++ // entering new round
 	ensureNewRound(newRoundCh, height, round)
 	t.Log("#### ONTO ROUND 3")
 	/*
@@ -544,7 +544,7 @@ func TestStateLockPOLRelock(t *testing.T) {
 	// timeout to new round
 	ensureNewTimeout(timeoutWaitCh, height, round, cs1.config.Precommit(round).Nanoseconds())

-	round = round + 1 // moving to the next round
+	round++ // moving to the next round
 	//XXX: this isnt guaranteed to get there before the timeoutPropose ...
 	if err := cs1.SetProposalAndBlock(prop, propBlock, propBlockParts, "some peer"); err != nil {
 		t.Fatal(err)
@@ -621,8 +621,6 @@ func TestStateLockPOLUnlock(t *testing.T) {
 	// the proposed block should now be locked and our precommit added
 	validatePrecommit(t, cs1, round, round, vss[0], theBlockHash, theBlockHash)

-	rs = cs1.GetRoundState()
-
 	// add precommits from the rest
 	signAddVotes(cs1, types.PrecommitType, nil, types.PartSetHeader{}, vs2, vs4)
 	signAddVotes(cs1, types.PrecommitType, theBlockHash, theBlockParts, vs3)
@@ -637,7 +635,7 @@ func TestStateLockPOLUnlock(t *testing.T) {
 	lockedBlockHash := rs.LockedBlock.Hash()

 	incrementRound(vs2, vs3, vs4)
-	round = round + 1 // moving to the next round
+	round++ // moving to the next round

 	ensureNewRound(newRoundCh, height, round)
 	t.Log("#### ONTO ROUND 1")
@@ -720,7 +718,7 @@ func TestStateLockPOLSafety1(t *testing.T) {

 	incrementRound(vs2, vs3, vs4)

-	round = round + 1 // moving to the next round
+	round++ // moving to the next round
 	ensureNewRound(newRoundCh, height, round)

 	//XXX: this isnt guaranteed to get there before the timeoutPropose ...
@@ -757,7 +755,7 @@ func TestStateLockPOLSafety1(t *testing.T) {
 	ensureNewTimeout(timeoutWaitCh, height, round, cs1.config.Precommit(round).Nanoseconds())

 	incrementRound(vs2, vs3, vs4)
-	round = round + 1 // moving to the next round
+	round++ // moving to the next round

 	ensureNewRound(newRoundCh, height, round)

@@ -823,7 +821,7 @@ func TestStateLockPOLSafety2(t *testing.T) {

 	incrementRound(vs2, vs3, vs4)

-	round = round + 1 // moving to the next round
+	round++ // moving to the next round
 	t.Log("### ONTO Round 1")
 	// jump in at round 1
 	startTestRound(cs1, height, round)
@@ -852,7 +850,7 @@ func TestStateLockPOLSafety2(t *testing.T) {
 	// timeout of precommit wait to new round
 	ensureNewTimeout(timeoutWaitCh, height, round, cs1.config.Precommit(round).Nanoseconds())

-	round = round + 1 // moving to the next round
+	round++ // moving to the next round
 	// in round 2 we see the polkad block from round 0
 	newProp := types.NewProposal(height, round, 0, propBlockID0)
 	if err := vs3.SignProposal(config.ChainID(), newProp); err != nil {
@@ -922,7 +920,7 @@ func TestProposeValidBlock(t *testing.T) {
 	ensureNewTimeout(timeoutWaitCh, height, round, cs1.config.Precommit(round).Nanoseconds())

 	incrementRound(vs2, vs3, vs4)
-	round = round + 1 // moving to the next round
+	round++ // moving to the next round

 	ensureNewRound(newRoundCh, height, round)

@@ -947,14 +945,14 @@ func TestProposeValidBlock(t *testing.T) {

 	signAddVotes(cs1, types.PrecommitType, nil, types.PartSetHeader{}, vs2, vs3, vs4)

-	round = round + 2 // moving to the next round
+	round += 2 // moving to the next round

 	ensureNewRound(newRoundCh, height, round)
 	t.Log("### ONTO ROUND 3")

 	ensureNewTimeout(timeoutWaitCh, height, round, cs1.config.Precommit(round).Nanoseconds())

-	round = round + 1 // moving to the next round
+	round++ // moving to the next round

 	ensureNewRound(newRoundCh, height, round)

@@ -1046,7 +1044,7 @@ func TestSetValidBlockOnDelayedProposal(t *testing.T) {
 	voteCh := subscribeToVoter(cs1, addr)
 	proposalCh := subscribe(cs1.eventBus, types.EventQueryCompleteProposal)

-	round = round + 1 // move to round in which P0 is not proposer
+	round++ // move to round in which P0 is not proposer
 	incrementRound(vs2, vs3, vs4)

 	startTestRound(cs1, cs1.Height, round)
@@ -1125,7 +1123,7 @@ func TestWaitingTimeoutProposeOnNewRound(t *testing.T) {
 	incrementRound(vss[1:]...)
 	signAddVotes(cs1, types.PrevoteType, nil, types.PartSetHeader{}, vs2, vs3, vs4)

-	round = round + 1 // moving to the next round
+	round++ // moving to the next round
 	ensureNewRound(newRoundCh, height, round)

 	rs := cs1.GetRoundState()
@@ -1159,7 +1157,7 @@ func TestRoundSkipOnNilPolkaFromHigherRound(t *testing.T) {
 	incrementRound(vss[1:]...)
 	signAddVotes(cs1, types.PrecommitType, nil, types.PartSetHeader{}, vs2, vs3, vs4)

-	round = round + 1 // moving to the next round
+	round++ // moving to the next round
 	ensureNewRound(newRoundCh, height, round)

 	ensurePrecommit(voteCh, height, round)
@@ -1167,7 +1165,7 @@ func TestRoundSkipOnNilPolkaFromHigherRound(t *testing.T) {

 	ensureNewTimeout(timeoutWaitCh, height, round, cs1.config.Precommit(round).Nanoseconds())

-	round = round + 1 // moving to the next round
+	round++ // moving to the next round
 	ensureNewRound(newRoundCh, height, round)
 }

@@ -1317,8 +1315,6 @@ func TestStartNextHeightCorrectly(t *testing.T) {
 	// the proposed block should now be locked and our precommit added
 	validatePrecommit(t, cs1, round, round, vss[0], theBlockHash, theBlockHash)

-	rs = cs1.GetRoundState()
-
 	// add precommits
 	signAddVotes(cs1, types.PrecommitType, nil, types.PartSetHeader{}, vs2)
 	signAddVotes(cs1, types.PrecommitType, theBlockHash, theBlockParts, vs3)
@@ -1370,8 +1366,6 @@ func TestResetTimeoutPrecommitUponNewHeight(t *testing.T) {
 	ensurePrecommit(voteCh, height, round)
 	validatePrecommit(t, cs1, round, round, vss[0], theBlockHash, theBlockHash)

-	rs = cs1.GetRoundState()
-
 	// add precommits
 	signAddVotes(cs1, types.PrecommitType, nil, types.PartSetHeader{}, vs2)
 	signAddVotes(cs1, types.PrecommitType, theBlockHash, theBlockParts, vs3)
@@ -1517,7 +1511,7 @@ func TestStateHalt1(t *testing.T) {
 	// timeout to new round
 	ensureNewTimeout(timeoutWaitCh, height, round, cs1.config.Precommit(round).Nanoseconds())

-	round = round + 1 // moving to the next round
+	round++ // moving to the next round

 	ensureNewRound(newRoundCh, height, round)
 	rs = cs1.GetRoundState()
--- a/consensus/types/codec.go
+++ b/consensus/types/codec.go
--- a/consensus/wal_generator.go
+++ b/consensus/wal_generator.go
@@ -12,16 +12,16 @@ import (
 	"github.com/pkg/errors"

 	"github.com/tendermint/tendermint/abci/example/kvstore"
-	bc "github.com/tendermint/tendermint/blockchain"
 	cfg "github.com/tendermint/tendermint/config"
 	cmn "github.com/tendermint/tendermint/libs/common"
-	"github.com/tendermint/tendermint/libs/db"
 	"github.com/tendermint/tendermint/libs/log"
 	"github.com/tendermint/tendermint/mock"
 	"github.com/tendermint/tendermint/privval"
 	"github.com/tendermint/tendermint/proxy"
 	sm "github.com/tendermint/tendermint/state"
+	"github.com/tendermint/tendermint/store"
 	"github.com/tendermint/tendermint/types"
+	db "github.com/tendermint/tm-db"
 )

 // WALGenerateNBlocks generates a consensus WAL. It does this by spinning up a
@@ -55,7 +55,8 @@ func WALGenerateNBlocks(t *testing.T, wr io.Writer, numBlocks int) (err error) {
 	}
 	state.Version.Consensus.App = kvstore.ProtocolVersion
 	sm.SaveState(stateDB, state)
-	blockStore := bc.NewBlockStore(blockStoreDB)
+	blockStore := store.NewBlockStore(blockStoreDB)
+
 	proxyApp := proxy.NewAppConns(proxy.NewLocalClientCreator(app))
 	proxyApp.SetLogger(logger.With("module", "proxy"))
 	if err := proxyApp.Start(); err != nil {
--- a/crypto/ed25519/ed25519.go
+++ b/crypto/ed25519/ed25519.go
@@ -54,7 +54,7 @@ func (privKey PrivKeyEd25519) Bytes() []byte {
 // incorrect signature.
 func (privKey PrivKeyEd25519) Sign(msg []byte) ([]byte, error) {
 	signatureBytes := ed25519.Sign(privKey[:], msg)
-	return signatureBytes[:], nil
+	return signatureBytes, nil
 }

 // PubKey gets the corresponding public key from the private key.
@@ -100,7 +100,7 @@ func GenPrivKey() PrivKeyEd25519 {
 // genPrivKey generates a new ed25519 private key using the provided reader.
 func genPrivKey(rand io.Reader) PrivKeyEd25519 {
 	seed := make([]byte, 32)
-	_, err := io.ReadFull(rand, seed[:])
+	_, err := io.ReadFull(rand, seed)
 	if err != nil {
 		panic(err)
 	}
--- a/crypto/internal/benchmarking/bench.go
+++ b/crypto/internal/benchmarking/bench.go
@@ -24,10 +24,10 @@ func (zeroReader) Read(buf []byte) (int, error) {

 // BenchmarkKeyGeneration benchmarks the given key generation algorithm using
 // a dummy reader.
-func BenchmarkKeyGeneration(b *testing.B, GenerateKey func(reader io.Reader) crypto.PrivKey) {
+func BenchmarkKeyGeneration(b *testing.B, generateKey func(reader io.Reader) crypto.PrivKey) {
 	var zero zeroReader
 	for i := 0; i < b.N; i++ {
-		GenerateKey(zero)
+		generateKey(zero)
 	}
 }

--- a/crypto/merkle/codec.go
+++ b/crypto/merkle/codec.go
--- a/crypto/merkle/proof.go
+++ b/crypto/merkle/proof.go
@@ -3,7 +3,7 @@ package merkle
 import (
 	"bytes"

-	cmn "github.com/tendermint/tendermint/libs/common"
+	"github.com/pkg/errors"
 )

 //----------------------------------------
@@ -44,11 +44,11 @@ func (poz ProofOperators) Verify(root []byte, keypath string, args [][]byte) (er
 		key := op.GetKey()
 		if len(key) != 0 {
 			if len(keys) == 0 {
-				return cmn.NewError("Key path has insufficient # of parts: expected no more keys but got %+v", string(key))
+				return errors.Errorf("Key path has insufficient # of parts: expected no more keys but got %+v", string(key))
 			}
 			lastKey := keys[len(keys)-1]
 			if !bytes.Equal(lastKey, key) {
-				return cmn.NewError("Key mismatch on operation #%d: expected %+v but got %+v", i, string(lastKey), string(key))
+				return errors.Errorf("Key mismatch on operation #%d: expected %+v but got %+v", i, string(lastKey), string(key))
 			}
 			keys = keys[:len(keys)-1]
 		}
@@ -58,10 +58,10 @@ func (poz ProofOperators) Verify(root []byte, keypath string, args [][]byte) (er
 		}
 	}
 	if !bytes.Equal(root, args[0]) {
-		return cmn.NewError("Calculated root hash is invalid: expected %+v but got %+v", root, args[0])
+		return errors.Errorf("Calculated root hash is invalid: expected %+v but got %+v", root, args[0])
 	}
 	if len(keys) != 0 {
-		return cmn.NewError("Keypath not consumed all")
+		return errors.New("Keypath not consumed all")
 	}
 	return nil
 }
@@ -92,7 +92,7 @@ func (prt *ProofRuntime) RegisterOpDecoder(typ string, dec OpDecoder) {
 func (prt *ProofRuntime) Decode(pop ProofOp) (ProofOperator, error) {
 	decoder := prt.decoders[pop.Type]
 	if decoder == nil {
-		return nil, cmn.NewError("unrecognized proof type %v", pop.Type)
+		return nil, errors.Errorf("unrecognized proof type %v", pop.Type)
 	}
 	return decoder(pop)
 }
@@ -102,7 +102,7 @@ func (prt *ProofRuntime) DecodeProof(proof *Proof) (ProofOperators, error) {
 	for _, pop := range proof.Ops {
 		operator, err := prt.Decode(pop)
 		if err != nil {
-			return nil, cmn.ErrorWrap(err, "decoding a proof operator")
+			return nil, errors.Wrap(err, "decoding a proof operator")
 		}
 		poz = append(poz, operator)
 	}
@@ -122,7 +122,7 @@ func (prt *ProofRuntime) VerifyAbsence(proof *Proof, root []byte, keypath string
 func (prt *ProofRuntime) Verify(proof *Proof, root []byte, keypath string, args [][]byte) (err error) {
 	poz, err := prt.DecodeProof(proof)
 	if err != nil {
-		return cmn.ErrorWrap(err, "decoding proof")
+		return errors.Wrap(err, "decoding proof")
 	}
 	return poz.Verify(root, keypath, args)
 }
--- a/crypto/merkle/proof_key_path.go
+++ b/crypto/merkle/proof_key_path.go
@@ -6,7 +6,7 @@ import (
 	"net/url"
 	"strings"

-	cmn "github.com/tendermint/tendermint/libs/common"
+	"github.com/pkg/errors"
 )

 /*
@@ -87,7 +87,7 @@ func (pth KeyPath) String() string {
 // Each key must use a known encoding.
 func KeyPathToKeys(path string) (keys [][]byte, err error) {
 	if path == "" || path[0] != '/' {
-		return nil, cmn.NewError("key path string must start with a forward slash '/'")
+		return nil, errors.New("key path string must start with a forward slash '/'")
 	}
 	parts := strings.Split(path[1:], "/")
 	keys = make([][]byte, len(parts))
@@ -96,13 +96,13 @@ func KeyPathToKeys(path string) (keys [][]byte, err error) {
 			hexPart := part[2:]
 			key, err := hex.DecodeString(hexPart)
 			if err != nil {
-				return nil, cmn.ErrorWrap(err, "decoding hex-encoded part #%d: /%s", i, part)
+				return nil, errors.Wrapf(err, "decoding hex-encoded part #%d: /%s", i, part)
 			}
 			keys[i] = key
 		} else {
 			key, err := url.PathUnescape(part)
 			if err != nil {
-				return nil, cmn.ErrorWrap(err, "decoding url-encoded part #%d: /%s", i, part)
+				return nil, errors.Wrapf(err, "decoding url-encoded part #%d: /%s", i, part)
 			}
 			keys[i] = []byte(key) // TODO Test this with random bytes, I'm not sure that it works for arbitrary bytes...
 		}
--- a/crypto/merkle/proof_simple_value.go
+++ b/crypto/merkle/proof_simple_value.go
@@ -4,8 +4,9 @@ import (
 	"bytes"
 	"fmt"

+	"github.com/pkg/errors"
+
 	"github.com/tendermint/tendermint/crypto/tmhash"
-	cmn "github.com/tendermint/tendermint/libs/common"
 )

 const ProofOpSimpleValue = "simple:v"
@@ -39,12 +40,12 @@ func NewSimpleValueOp(key []byte, proof *SimpleProof) SimpleValueOp {

 func SimpleValueOpDecoder(pop ProofOp) (ProofOperator, error) {
 	if pop.Type != ProofOpSimpleValue {
-		return nil, cmn.NewError("unexpected ProofOp.Type; got %v, want %v", pop.Type, ProofOpSimpleValue)
+		return nil, errors.Errorf("unexpected ProofOp.Type; got %v, want %v", pop.Type, ProofOpSimpleValue)
 	}
 	var op SimpleValueOp // a bit strange as we'll discard this, but it works.
 	err := cdc.UnmarshalBinaryLengthPrefixed(pop.Data, &op)
 	if err != nil {
-		return nil, cmn.ErrorWrap(err, "decoding ProofOp.Data into SimpleValueOp")
+		return nil, errors.Wrap(err, "decoding ProofOp.Data into SimpleValueOp")
 	}
 	return NewSimpleValueOp(pop.Key, op.Proof), nil
 }
@@ -64,7 +65,7 @@ func (op SimpleValueOp) String() string {

 func (op SimpleValueOp) Run(args [][]byte) ([][]byte, error) {
 	if len(args) != 1 {
-		return nil, cmn.NewError("expected 1 arg, got %v", len(args))
+		return nil, errors.Errorf("expected 1 arg, got %v", len(args))
 	}
 	value := args[0]
 	hasher := tmhash.New()
@@ -78,7 +79,7 @@ func (op SimpleValueOp) Run(args [][]byte) ([][]byte, error) {
 	kvhash := leafHash(bz.Bytes())

 	if !bytes.Equal(kvhash, op.Proof.LeafHash) {
-		return nil, cmn.NewError("leaf hash mismatch: want %X got %X", op.Proof.LeafHash, kvhash)
+		return nil, errors.Errorf("leaf hash mismatch: want %X got %X", op.Proof.LeafHash, kvhash)
 	}

 	return [][]byte{
--- a/crypto/merkle/proof_test.go
+++ b/crypto/merkle/proof_test.go
@@ -3,9 +3,9 @@ package merkle
 import (
 	"testing"

+	"github.com/pkg/errors"
 	"github.com/stretchr/testify/assert"
 	amino "github.com/tendermint/go-amino"
-	cmn "github.com/tendermint/tendermint/libs/common"
 )

 const ProofOpDomino = "test:domino"
@@ -34,7 +34,7 @@ func DominoOpDecoder(pop ProofOp) (ProofOperator, error) {
 	var op DominoOp // a bit strange as we'll discard this, but it works.
 	err := amino.UnmarshalBinaryLengthPrefixed(pop.Data, &op)
 	if err != nil {
-		return nil, cmn.ErrorWrap(err, "decoding ProofOp.Data into SimpleValueOp")
+		return nil, errors.Wrap(err, "decoding ProofOp.Data into SimpleValueOp")
 	}
 	return NewDominoOp(string(pop.Key), op.Input, op.Output), nil
 }
@@ -50,10 +50,10 @@ func (dop DominoOp) ProofOp() ProofOp {

 func (dop DominoOp) Run(input [][]byte) (output [][]byte, err error) {
 	if len(input) != 1 {
-		return nil, cmn.NewError("Expected input of length 1")
+		return nil, errors.New("Expected input of length 1")
 	}
 	if string(input[0]) != dop.Input {
-		return nil, cmn.NewError("Expected input %v, got %v",
+		return nil, errors.Errorf("Expected input %v, got %v",
 			dop.Input, string(input[0]))
 	}
 	return [][]byte{[]byte(dop.Output)}, nil
--- a/crypto/merkle/simple_proof.go
+++ b/crypto/merkle/simple_proof.go
@@ -2,10 +2,9 @@ package merkle

 import (
 	"bytes"
-	"errors"
 	"fmt"

-	cmn "github.com/tendermint/tendermint/libs/common"
+	"github.com/pkg/errors"
 )

 // SimpleProof represents a simple Merkle proof.
@@ -75,11 +74,11 @@ func (sp *SimpleProof) Verify(rootHash []byte, leaf []byte) error {
 		return errors.New("Proof index cannot be negative")
 	}
 	if !bytes.Equal(sp.LeafHash, leafHash) {
-		return cmn.NewError("invalid leaf hash: wanted %X got %X", leafHash, sp.LeafHash)
+		return errors.Errorf("invalid leaf hash: wanted %X got %X", leafHash, sp.LeafHash)
 	}
 	computedHash := sp.ComputeRootHash()
 	if !bytes.Equal(computedHash, rootHash) {
-		return cmn.NewError("invalid root hash: wanted %X got %X", rootHash, computedHash)
+		return errors.Errorf("invalid root hash: wanted %X got %X", rootHash, computedHash)
 	}
 	return nil
 }
@@ -162,11 +161,12 @@ func (spn *SimpleProofNode) FlattenAunts() [][]byte {
 	// Nonrecursive impl.
 	innerHashes := [][]byte{}
 	for spn != nil {
-		if spn.Left != nil {
+		switch {
+		case spn.Left != nil:
 			innerHashes = append(innerHashes, spn.Left.Hash)
-		} else if spn.Right != nil {
+		case spn.Right != nil:
 			innerHashes = append(innerHashes, spn.Right.Hash)
-		} else {
+		default:
 			break
 		}
 		spn = spn.Parent
--- a/crypto/multisig/codec.go
+++ b/crypto/multisig/codec.go
--- a/crypto/secp256k1/internal/secp256k1/curve.go
+++ b/crypto/secp256k1/internal/secp256k1/curve.go
@@ -30,6 +30,7 @@
 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

+// nolint:gocritic
 package secp256k1

 import (
--- a/docs/.vuepress/config.js
+++ b/docs/.vuepress/config.js
@@ -34,6 +34,14 @@ module.exports = {
          "/introduction/what-is-tendermint"
        ]
      },
+      {
+        title: "Guides",
+        collapsable: false,
+        children: [
+          "/guides/go-built-in",
+          "/guides/go"
+        ]
+      },
      {
        title: "Apps",
        collapsable: false,
--- a/docs/DEV_SESSIONS.md
+++ b/docs/DEV_SESSIONS.md
@@ -0,0 +1,33 @@
+# Developer Sessions
+
+The Tendermint Core developer call is comprised of both [Interchain
+Foundation](http://interchain.io/) and [All in Bits](https://tendermint.com/)
+team members discussing the development of [Tendermint
+BFT](https://github.com/tendermint/tendermint) and related research. The goal
+of the Tendermint Core developer calls is to provide transparency into the
+decision making process, technical information, update cycles etc.
+
+## List
+
+| Date            | Topic                                     | Link(s)                                                                                                           |
+| --------------- | ----------------------------------------- | -------------------------------------------------------------------------------------------------------------- |
+| August 2019     | Part Three: Tendermint Lite Client        | [YouTube](https://www.youtube.com/watch?v=whyL6UrKe7I&list=PLdQIb0qr3pnBbG5ZG-0gr3zM86_s8Rpqv&index=5)         |
+| August 2019     | Fork Accountability                       | [YouTube](https://www.youtube.com/watch?v=Jph-4PGtdPo&list=PLdQIb0qr3pnBbG5ZG-0gr3zM86_s8Rpqv&index=4)         |
+| July 2019       | Part Two: Tendermint Lite Client          | [YouTube](https://www.youtube.com/watch?v=gTjG7jNNdKQ&list=PLdQIb0qr3pnBbG5ZG-0gr3zM86_s8Rpqv&index=6)         |
+| July 2019       | Part One: Tendermint Lite Client          | [YouTube](https://www.youtube.com/watch?v=C6fH_sgPJzA&list=PLdQIb0qr3pnBbG5ZG-0gr3zM86_s8Rpqv&index=7)         |
+| June 2019       | Testnet Deployments                       | [YouTube](https://www.youtube.com/watch?v=gYA6no7tRlM&list=PLdQIb0qr3pnBbG5ZG-0gr3zM86_s8Rpqv&index=10)        |
+| June 2019       | Blockchain Reactor Refactor               | [YouTube](https://www.youtube.com/watch?v=JLBGH8yxABk&list=PLdQIb0qr3pnBbG5ZG-0gr3zM86_s8Rpqv&index=11)        |
+| June 2019       | Tendermint Rust Libraries                 | [YouTube](https://www.youtube.com/watch?v=-WXKdyoGHwA&list=PLdQIb0qr3pnBbG5ZG-0gr3zM86_s8Rpqv&index=9)         |
+| May 2019        | Merkle Tree Deep Dive                     | [YouTube](https://www.youtube.com/watch?v=L3bt2Uw8ICg&list=PLdQIb0qr3pnBbG5ZG-0gr3zM86_s8Rpqv&index=8)         |
+| May 2019        | Remote Signer Refactor                    | [YouTube](https://www.youtube.com/watch?v=eUyXXEEuBzQ&list=PLdQIb0qr3pnBbG5ZG-0gr3zM86_s8Rpqv&index=12)        |
+| May 2019        | Introduction to Ansible                   | [YouTube](https://www.youtube.com/watch?v=72clQLjzPg4&list=PLdQIb0qr3pnBbG5ZG-0gr3zM86_s8Rpqv&index=14&t=0s)   |  |  |
+| April 2019      | Tendermint State Sync Design Discussion   | [YouTube](https://www.youtube.com/watch?v=4k23j2QHwrM&list=PLdQIb0qr3pnBbG5ZG-0gr3zM86_s8Rpqv&index=11)        |
+| April 2019      | ADR-036 - Blockchain Reactor Refactor     | [YouTube](https://www.youtube.com/watch?v=TW2xC1LwEkE&list=PLdQIb0qr3pnBbG5ZG-0gr3zM86_s8Rpqv&index=10)        |
+| April 2019      | Verifying Distributed Algorithms          | [YouTube](https://www.youtube.com/watch?v=tMd4lgPVBxE&list=PLdQIb0qr3pnBbG5ZG-0gr3zM86_s8Rpqv&index=9)         |
+| April 2019      | Byzantine Model Checker Presentation      | [YouTube](https://www.youtube.com/watch?v=rdXl4VCQyow&list=PLdQIb0qr3pnBbG5ZG-0gr3zM86_s8Rpqv&index=8)         |
+| January 2019    | Proposer Selection in Idris               | [YouTube](https://www.youtube.com/watch?v=hWZdc9c1aH8&list=PLdQIb0qr3pnBbG5ZG-0gr3zM86_s8Rpqv&index=7)         |
+| January 2019    | Current Mempool Design                    | [YouTube](https://www.youtube.com/watch?v=--iGIYYiLu4&list=PLdQIb0qr3pnBbG5ZG-0gr3zM86_s8Rpqv&index=6)         |
+| December 2018   | ABCI Proxy App                            | [YouTube](https://www.youtube.com/watch?v=s6sQ2HOVHdo&list=PLdQIb0qr3pnBbG5ZG-0gr3zM86_s8Rpqv&index=5)         |
+| October 2018    | DB Performance                            | [YouTube](https://www.youtube.com/watch?v=jVSNHi4l0fQ&list=PLdQIb0qr3pnBbG5ZG-0gr3zM86_s8Rpqv&index=4)         |
+| October 2018    | Alternative Mempool Algorithms            | [YouTube](https://www.youtube.com/watch?v=XxH5ZtM4vMM&list=PLdQIb0qr3pnBbG5ZG-0gr3zM86_s8Rpqv&index=2)         |
+| October 2018    | Tendermint Termination                    | [YouTube](https://www.youtube.com/watch?v=YBZjecfjeIk&list=PLdQIb0qr3pnBbG5ZG-0gr3zM86_s8Rpqv)                 |
--- a/docs/DOCS_README.md
+++ b/docs/DOCS_README.md
@@ -6,14 +6,12 @@ The documentation for Tendermint Core is hosted at:
 - https://tendermint-staging.interblock.io/docs/

 built from the files in this (`/docs`) directory for
-[master](https://github.com/tendermint/tendermint/tree/master/docs)
-and [develop](https://github.com/tendermint/tendermint/tree/develop/docs),
-respectively.
+[master](https://github.com/tendermint/tendermint/tree/master/docs) respectively.

 ## How It Works

 There is a CircleCI job listening for changes in the `/docs` directory, on both
-the  `master` and `develop` branches. Any updates to files in this directory
+the `master` branch. Any updates to files in this directory
 on those branches will automatically trigger a website deployment. Under the hood,
 the private website repository has a `make build-docs` target consumed by a CircleCI job in that repo.

@@ -35,7 +33,7 @@ of the sidebar.
 **NOTE:** Strongly consider the existing links - both within this directory
 and to the website docs - when moving or deleting files.

-Links to directories *MUST* end in a `/`.
+Links to directories _MUST_ end in a `/`.

 Relative links should be used nearly everywhere, having discovered and weighed the following:

@@ -101,4 +99,4 @@ We are using [Algolia](https://www.algolia.com) to power full-text search. This
 ## Consistency

 Because the build processes are identical (as is the information contained herein), this file should be kept in sync as
-much as possible with its [counterpart in the Cosmos SDK repo](https://github.com/cosmos/cosmos-sdk/blob/develop/docs/DOCS_README.md).
+much as possible with its [counterpart in the Cosmos SDK repo](https://github.com/cosmos/cosmos-sdk/blob/master/docs/DOCS_README.md).
--- a/docs/app-dev/abci-cli.md
+++ b/docs/app-dev/abci-cli.md
@@ -62,7 +62,7 @@ as `abci-cli` above. The kvstore just stores transactions in a merkle
 tree.

 Its code can be found
-[here](https://github.com/tendermint/tendermint/blob/develop/abci/cmd/abci-cli/abci-cli.go)
+[here](https://github.com/tendermint/tendermint/blob/master/abci/cmd/abci-cli/abci-cli.go)
 and looks like:

 ```
@@ -137,7 +137,7 @@ response.

 The server may be generic for a particular language, and we provide a
 [reference implementation in
-Golang](https://github.com/tendermint/tendermint/tree/develop/abci/server). See the
+Golang](https://github.com/tendermint/tendermint/tree/master/abci/server). See the
 [list of other ABCI implementations](./ecosystem.md) for servers in
 other languages.

@@ -324,7 +324,7 @@ But the ultimate flexibility comes from being able to write the
 application easily in any language.

 We have implemented the counter in a number of languages [see the
-example directory](https://github.com/tendermint/tendermint/tree/develop/abci/example).
+example directory](https://github.com/tendermint/tendermint/tree/master/abci/example).

 To run the Node.js version, fist download & install [the Javascript ABCI server](https://github.com/tendermint/js-abci):

--- a/docs/app-dev/app-development.md
+++ b/docs/app-dev/app-development.md
@@ -48,9 +48,9 @@ open ABCI connection with the application, which hosts an ABCI server.
 Shown are the request and response types sent on each connection.

 Most of the examples below are from [kvstore
-application](https://github.com/tendermint/tendermint/blob/develop/abci/example/kvstore/kvstore.go),
+application](https://github.com/tendermint/tendermint/blob/master/abci/example/kvstore/kvstore.go),
 which is a part of the abci repo. [persistent_kvstore
-application](https://github.com/tendermint/tendermint/blob/develop/abci/example/kvstore/persistent_kvstore.go)
+application](https://github.com/tendermint/tendermint/blob/master/abci/example/kvstore/persistent_kvstore.go)
 is used to show `BeginBlock`, `EndBlock` and `InitChain` example
 implementations.

--- a/docs/architecture/README.md
+++ b/docs/architecture/README.md
@@ -20,3 +20,41 @@ it stands today.
 If recorded decisions turned out to be lacking, convene a discussion, record the new decisions here, and then modify the code to match.

 Note the context/background should be written in the present tense.
+
+### Table of Contents:
+
+- [ADR-001-Logging](./adr-001-logging.md)
+- [ADR-002-Event-Subscription](./adr-002-event-subscription.md)
+- [ADR-003-ABCI-APP-RPC](./adr-003-abci-app-rpc.md)
+- [ADR-004-Historical-Validators](./adr-004-historical-validators.md)
+- [ADR-005-Consensus-Params](./adr-005-consensus-params.md)
+- [ADR-006-Trust-Metric](./adr-006-trust-metric.md)
+- [ADR-007-Trust-Metric-Usage](./adr-007-trust-metric-usage.md)
+- [ADR-008-Priv-Validator](./adr-008-priv-validator.md)
+- [ADR-009-ABCI-Design](./adr-009-abci-design.md)
+- [ADR-010-Crypto-Changes](./adr-010-crypto-changes.md)
+- [ADR-011-Monitoring](./adr-011-monitoring.md)
+- [ADR-012-Peer-Transport](./adr-012-peer-transport.md)
+- [ADR-013-Symmetric-Crypto](./adr-013-symmetric-crypto.md)
+- [ADR-014-Secp-Malleability](./adr-014-secp-malleability.md)
+- [ADR-015-Crypto-Encoding](./adr-015-crypto-encoding.md)
+- [ADR-016-Protocol-Versions](./adr-016-protocol-versions.md)
+- [ADR-017-Chain-Versions](./adr-017-chain-versions.md)
+- [ADR-018-ABCI-Validators](./adr-018-abci-validators.md)
+- [ADR-019-Multisigs](./adr-019-multisigs.md)
+- [ADR-020-Block-Size](./adr-020-block-size.md)
+- [ADR-021-ABCI-Events](./adr-021-abci-events.md)
+- [ADR-022-ABCI-Errors](./adr-022-abci-errors.md)
+- [ADR-023-ABCI-Propose-tx](./adr-023-ABCI-propose-tx.md)
+- [ADR-024-Sign-Bytes](./adr-024-sign-bytes.md)
+- [ADR-025-Commit](./adr-025-commit.md)
+- [ADR-026-General-Merkle-Proof](./adr-026-general-merkle-proof.md)
+- [ADR-029-Check-Tx-Consensus](./adr-029-check-tx-consensus.md)
+- [ADR-030-Consensus-Refactor](./adr-030-consensus-refactor.md)
+- [ADR-033-Pubsub](./adr-033-pubsub.md)
+- [ADR-034-Priv-Validator-File-Structure](./adr-034-priv-validator-file-structure.md)
+- [ADR-035-Documentation](./adr-035-documentation.md)
+- [ADR-037-Deliver-Block](./adr-037-deliver-block.md)
+- [ADR-039-Peer-Behaviour](./adr-039-peer-behaviour.md)
+- [ADR-041-Proposer-Selection-via-ABCI](./adr-041-proposer-selection-via-abci.md)
+- [ADR-043-Blockchain-RiRi-Org](./adr-043-blockchain-riri-org.md)
--- a/docs/architecture/adr-018-ABCI-Validators.md
+++ b/docs/architecture/adr-018-ABCI-Validators.md
@@ -2,10 +2,7 @@

 ## Changelog

-016-08-2018: Follow up from review:
-    - Revert changes to commit round
-    - Remind about justification for removing pubkey
-    - Update pros/cons
+016-08-2018: Follow up from review: - Revert changes to commit round - Remind about justification for removing pubkey - Update pros/cons
 05-08-2018: Initial draft

 ## Context
@@ -35,11 +32,11 @@ message ValidatorUpdate {
 }
 ```

-As noted in ADR-009[https://github.com/tendermint/tendermint/blob/develop/docs/architecture/adr-009-ABCI-design.md],
+As noted in ADR-009[https://github.com/tendermint/tendermint/blob/master/docs/architecture/adr-009-ABCI-design.md],
 the `Validator` does not contain a pubkey because quantum public keys are
 quite large and it would be wasteful to send them all over ABCI with every block.
 Thus, applications that want to take advantage of the information in BeginBlock
-are *required* to store pubkeys in state (or use much less efficient lazy means
+are _required_ to store pubkeys in state (or use much less efficient lazy means
 of verifying BeginBlock data).

 ### RequestBeginBlock
--- a/docs/architecture/adr-042-state-sync.md
+++ b/docs/architecture/adr-042-state-sync.md
@@ -0,0 +1,239 @@
+# ADR 042: State Sync Design
+
+## Changelog
+
+2019-06-27: Init by EB
+2019-07-04: Follow up by brapse
+
+## Context
+StateSync is a feature which would allow a new node to receive a
+snapshot of the application state without downloading blocks or going
+through consensus. Once downloaded, the node could switch to FastSync
+and eventually participate in consensus. The goal of StateSync is to
+facilitate setting up a new node as quickly as possible.
+
+## Considerations
+Because Tendermint doesn't know anything about the application state,
+StateSync will broker messages between nodes and through
+the ABCI to an opaque applicaton. The implementation will have multiple
+touch points on both the tendermint code base and ABCI application.
+
+* A StateSync reactor to facilitate peer communication - Tendermint
+* A Set of ABCI messages to transmit application state to the reactor - Tendermint
+* A Set of MultiStore APIs for exposing snapshot data to the ABCI - ABCI application
+* A Storage format with validation and performance considerations - ABCI application
+
+### Implementation Properties
+Beyond the approach, any implementation of StateSync can be evaluated
+across different criteria:
+
+* Speed: Expected throughput of producing and consuming snapshots
+* Safety: Cost of pushing invalid snapshots to a node
+* Liveness: Cost of preventing a node from receiving/constructing a snapshot
+* Effort: How much effort does an implementation require
+
+### Implementation Question
+* What is the format of a snapshot
+    * Complete snapshot 
+    * Ordered IAVL key ranges
+    * Compressed individually chunks which can be validated
+* How is data validated
+    * Trust a peer with it's data blindly
+    * Trust a majority of peers
+    * Use light client validation to validate each chunk against consensus
+      produced merkle tree root
+* What are the performance characteristics
+    * Random vs sequential reads
+    * How parallelizeable is the scheduling algorithm
+
+### Proposals
+Broadly speaking there are two approaches to this problem which have had
+varying degrees of discussion and progress. These approach can be
+summarized as:
+
+**Lazy:** Where snapshots are produced dynamically at request time. This
+solution would use the existing data structure.
+**Eager:** Where snapshots are produced periodically and served from disk at
+request time. This solution would create an auxiliary data structure
+optimized for batch read/writes.
+
+Additionally the propsosals tend to vary on how they provide safety
+properties. 
+
+**LightClient** Where a client can aquire the merkle root from the block
+headers synchronized from a trusted validator set. Subsets of the application state,
+called chunks can therefore be validated on receipt to ensure each chunk
+is part of the merkle root.
+
+**Majority of Peers** Where manifests of chunks along with checksums are
+downloaded and compared against versions provided by a majority of
+peers.
+
+#### Lazy StateSync
+An [initial specification](https://docs.google.com/document/d/15MFsQtNA0MGBv7F096FFWRDzQ1vR6_dics5Y49vF8JU/edit?ts=5a0f3629) was published by Alexis Sellier.
+In this design, the state has a given `size` of primitive elements (like
+keys or nodes), each element is assigned a number from 0 to `size-1`,
+and chunks consists of a range of such elements.  Ackratos raised
+[some concerns](https://docs.google.com/document/d/1npGTAa1qxe8EQZ1wG0a0Sip9t5oX2vYZNUDwr_LVRR4/edit)
+about this design, somewhat specific to the IAVL tree, and mainly concerning
+performance of random reads and of iterating through the tree to determine element numbers
+(ie. elements aren't indexed by the element number).
+
+An alternative design was suggested by Jae Kwon in
+[#3639](https://github.com/tendermint/tendermint/issues/3639) where chunking
+happens lazily and in a dynamic way: nodes request key ranges from their peers,
+and peers respond with some subset of the
+requested range and with notes on how to request the rest in parallel from other
+peers. Unlike chunk numbers, keys can be verified directly. And if some keys in the
+range are ommitted, proofs for the range will fail to verify.
+This way a node can start by requesting the entire tree from one peer,
+and that peer can respond with say the first few keys, and the ranges to request
+from other peers.
+
+Additionally, per chunk validation tends to come more naturally to the
+Lazy approach since it tends to use the existing structure of the tree
+(ie. keys or nodes) rather than state-sync specific chunks. Such a
+design for tendermint was originally tracked in
+[#828](https://github.com/tendermint/tendermint/issues/828).
+
+#### Eager StateSync
+Warp Sync as implemented in Parity
+["Warp Sync"](https://wiki.parity.io/Warp-Sync-Snapshot-Format.html) to rapidly
+download both blocks and state snapshots from peers. Data is carved into ~4MB
+chunks and snappy compressed. Hashes of snappy compressed chunks are stored in a
+manifest file which co-ordinates the state-sync. Obtaining a correct manifest
+file seems to require an honest majority of peers. This means you may not find
+out the state is incorrect until you download the whole thing and compare it
+with a verified block header. 
+
+A similar solution was implemented by Binance in
+[#3594](https://github.com/tendermint/tendermint/pull/3594)
+based on their initial implementation in
+[PR #3243](https://github.com/tendermint/tendermint/pull/3243)
+and [some learnings](https://docs.google.com/document/d/1npGTAa1qxe8EQZ1wG0a0Sip9t5oX2vYZNUDwr_LVRR4/edit).
+Note this still requires the honest majority peer assumption.
+
+As an eager protocol, warp-sync can efficiently compress larger, more
+predicatable chunks once per snapshot and service many new peers. By
+comparison lazy chunkers would have to compress each chunk at request
+time.
+
+### Analysis of Lazy vs Eager
+Lazy vs Eager have more in common than they differ. They all require
+reactors on the tendermint side, a set of ABCI messages and a method for
+serializing/deserializing snapshots facilitated by a SnapshotFormat.
+
+The biggest difference between Lazy and Eager proposals is in the
+read/write patterns necessitated by serving a snapshot chunk.
+Specifically, Lazy State Sync performs random reads to the underlying data
+structure while Eager can optimize for sequential reads.
+
+This distinctin between approaches was demonstrated by Binance's
+[ackratos](https://github.com/ackratos) in their implementation of [Lazy
+State sync](https://github.com/tendermint/tendermint/pull/3243), The
+[analysis](https://docs.google.com/document/d/1npGTAa1qxe8EQZ1wG0a0Sip9t5oX2vYZNUDwr_LVRR4/)
+of the performance, and follow up implementation of [Warp
+Sync](http://github.com/tendermint/tendermint/pull/3594).
+
+#### Compairing Security Models
+There are several different security models which have been
+discussed/proposed in the past but generally fall into two categories.
+
+Light client validation: In which the node receiving data is expected to
+first perform a light client sync and have all the nessesary block
+headers. Within the trusted block header (trusted in terms of from a
+validator set subject to [weak
+subjectivity](https://github.com/tendermint/tendermint/pull/3795)) and
+can compare any subset of keys called a chunk against the merkle root.
+The advantage of light client validation is that the block headers are
+signed by validators which have something to lose for malicious
+behaviour. If a validator were to provide an invalid proof, they can be
+slashed.
+
+Majority of peer validation: A manifest file containing a list of chunks
+along with checksums of each chunk is downloaded from a
+trusted source. That source can be a community resource similar to
+[sum.golang.org](https://sum.golang.org) or downloaded from the majority
+of peers. One disadantage of the majority of peer security model is the
+vuliberability to eclipse attacks in which a malicious users looks to
+saturate a target node's peer list and produce a manufactured picture of
+majority.
+
+A third option would be to include snapshot related data in the
+block header. This could include the manifest with related checksums and be
+secured through consensus. One challenge of this approach is to
+ensure that creating snapshots does not put undo burden on block
+propsers by synchronizing snapshot creation and block creation. One
+approach to minimizing the burden is for snapshots for height
+`H` to be included in block `H+n` where `n` is some `n` block away,
+giving the block propser enough time to complete the snapshot
+asynchronousy.
+
+## Proposal: Eager StateSync With Per Chunk Light Client Validation
+The conclusion after some concideration of the advantages/disadvances of
+eager/lazy and different security models is to produce a state sync
+which eagerly produces snapshots and uses light client validation. This
+approach has the performance advantages of pre-computing efficient
+snapshots which can streamed to new nodes on demand using sequential IO.
+Secondly, by using light client validation we cna validate each chunk on
+receipt and avoid the potential eclipse attack of majority of peer based
+security.
+
+### Implementation
+Tendermint is responsible for downloading and verifying chunks of
+AppState from peers. ABCI Application is responsible for taking
+AppStateChunk objects from TM and constructing a valid state tree whose
+root corresponds with the AppHash of syncing block. In particular we
+will need implement:
+
+* Build new StateSync reactor brokers message transmission between the peers
+  and the ABCI application
+* A set of ABCI Messages
+* Design SnapshotFormat as an interface which can:
+    * validate chunks
+    * read/write chunks from file
+    * read/write chunks to/from application state store
+    * convert manifests into chunkRequest ABCI messages
+* Implement SnapshotFormat for cosmos-hub with concrete implementation for:
+    * read/write chunks in a way which can be:
+        * parallelized across peers
+        * validated on receipt
+    * read/write to/from IAVL+ tree
+
+![StateSync Architecture Diagram](img/state-sync.png)
+
+## Implementation Path
+* Create StateSync reactor based on  [#3753](https://github.com/tendermint/tendermint/pull/3753)
+* Design SnapshotFormat with an eye towards cosmos-hub implementation
+* ABCI message to send/receive SnapshotFormat
+* IAVL+ changes to support SnapshotFormat
+* Deliver Warp sync (no chunk validation)
+* light client implementation for weak subjectivity
+* Deliver StateSync with chunk validation
+
+## Status
+
+Proposed
+
+## Concequences
+
+### Neutral
+
+### Positive
+* Safe & performant state sync design substantiated with real world implementation experience
+* General interfaces allowing application specific innovation
+* Parallizable implementation trajectory with reasonable engineering effort
+
+### Negative
+* Static Scheduling lacks opportunity for real time chunk availability optimizations
+
+## References
+[sync: Sync current state without full replay for Applications](https://github.com/tendermint/tendermint/issues/828) - original issue
+[tendermint state sync proposal](https://docs.google.com/document/d/15MFsQtNA0MGBv7F096FFWRDzQ1vR6_dics5Y49vF8JU/edit?ts=5a0f3629) - Cloudhead proposal
+[tendermint state sync proposal 2](https://docs.google.com/document/d/1npGTAa1qxe8EQZ1wG0a0Sip9t5oX2vYZNUDwr_LVRR4/edit) - ackratos proposal
+[proposal 2 implementation](https://github.com/tendermint/tendermint/pull/3243)  - ackratos implementation
+[WIP General/Lazy State-Sync pseudo-spec](https://github.com/tendermint/tendermint/issues/3639) - Jae Proposal
+[Warp Sync Implementation](https://github.com/tendermint/tendermint/pull/3594) - ackratos
+[Chunk Proposal](https://github.com/tendermint/tendermint/pull/3799) - Bucky proposed
+
+
--- a/docs/architecture/adr-043-blockchain-riri-org.md
+++ b/docs/architecture/adr-043-blockchain-riri-org.md
@@ -0,0 +1,391 @@
+# ADR 043: Blockhchain Reactor Riri-Org
+
+## Changelog
+* 18-06-2019: Initial draft
+* 08-07-2019: Reviewed
+
+## Context
+
+The blockchain reactor is responsible for two high level processes:sending/receiving blocks from peers and FastSync-ing blocks to catch upnode who is far behind.  The goal of [ADR-40](https://github.com/tendermint/tendermint/blob/master/docs/architecture/adr-040-blockchain-reactor-refactor.md) was to refactor these two processes by separating business logic currently wrapped up in go-channels into pure `handle*` functions.  While the ADR specified what the final form of the reactor might look like it lacked guidance on intermediary steps to get there. 
+The following diagram illustrates the state of the [blockchain-reorg](https://github.com/tendermint/tendermint/pull/35610) reactor which will be referred to as `v1`.
+
+![v1 Blockchain Reactor Architecture
+Diagram](https://github.com/tendermint/tendermint/blob/f9e556481654a24aeb689bdadaf5eab3ccd66829/docs/architecture/img/blockchain-reactor-v1.png)
+
+While `v1` of the blockchain reactor has shown significant improvements in terms of simplifying the concurrency model, the current PR has run into few roadblocks.
+
+* The current PR large and difficult to review.
+* Block gossiping and fast sync processes are highly coupled to the shared `Pool` data structure.
+* Peer communication is spread over multiple components creating complex dependency graph which must be mocked out during testing.
+* Timeouts modeled as stateful tickers introduce non-determinism in tests
+
+This ADR is meant to specify the missing components and control necessary to achieve [ADR-40](https://github.com/tendermint/tendermint/blob/master/docs/architecture/adr-040-blockchain-reactor-refactor.md).
+
+## Decision
+
+Partition the responsibilities of the blockchain reactor into a set of components which communicate exclusively with events. Events will contain timestamps allowing each component to track time as internal state. The internal state will be mutated by a set of `handle*` which will produce event(s). The integration between components will happen in the reactor and reactor tests will then become integration tests between components. This design will be known as `v2`.
+
+![v2 Blockchain Reactor Architecture
+Diagram](https://github.com/tendermint/tendermint/blob/f9e556481654a24aeb689bdadaf5eab3ccd66829/docs/architecture/img/blockchain-reactor-v2.png)
+
+### Reactor changes in detail
+
+The reactor will include a demultiplexing routine which will send each message to each sub routine for independent processing. Each sub routine will then select the messages it's interested in and call the handle specific function specified in [ADR-40](https://github.com/tendermint/tendermint/blob/master/docs/architecture/adr-040-blockchain-reactor-refactor.md). The demuxRoutine acts as "pacemaker" setting the time in which events are expected to be handled.
+
+
+```go
+func demuxRoutine(msgs, scheduleMsgs, processorMsgs, ioMsgs) {
+	timer := time.NewTicker(interval)
+	for {
+		select {
+			case <-timer.C:
+				now := evTimeCheck{time.Now()}
+				schedulerMsgs <- now
+				processorMsgs <- now
+				ioMsgs <- now
+			case msg:= <- msgs:
+				msg.time = time.Now()
+				// These channels should produce backpressure before
+				// being full to avoid starving each other
+				schedulerMsgs <- msg
+				processorMsgs <- msg
+				ioMesgs <- msg
+				if msg == stop {
+					break;
+				}
+		}
+	}
+}
+
+func processRoutine(input chan Message, output chan Message) {
+	processor := NewProcessor(..)
+	for {
+		msg := <- input
+		switch msg := msg.(type) {
+			case bcBlockRequestMessage:
+				output <- processor.handleBlockRequest(msg))
+			...
+			case stop:
+				processor.stop()
+				break;
+	}
+}
+
+func scheduleRoutine(input chan Message, output chan Message) {
+	schelduer = NewScheduler(...)
+	for {
+		msg := <-msgs
+		switch msg := input.(type) {
+			case bcBlockResponseMessage:
+				output <- scheduler.handleBlockResponse(msg)
+			...
+			case stop:
+				schedule.stop()
+				break;
+		}
+	}
+}
+```
+
+## Lifecycle management
+
+A set of routines for individual processes allow processes to run in parallel with clear lifecycle management. `Start`, `Stop`, and `AddPeer` hooks currently present in the reactor will delegate to the sub-routines allowing them to manage internal state independent without further coupling to the reactor.
+
+```go
+func (r *BlockChainReactor) Start() {
+	r.msgs := make(chan Message, maxInFlight)
+	schedulerMsgs := make(chan Message)
+	processorMsgs := make(chan Message)
+	ioMsgs := make(chan Message)
+
+	go processorRoutine(processorMsgs, r.msgs)
+	go scheduleRoutine(schedulerMsgs, r.msgs)
+	go ioRoutine(ioMsgs, r.msgs)
+	...
+}
+
+func (bcR *BlockchainReactor) Receive(...) {
+	...
+	r.msgs <- msg
+	...
+}
+
+func (r *BlockchainReactor) Stop() {
+	...
+	r.msgs <- stop
+	...
+}
+
+...
+func (r *BlockchainReactor) Stop() {
+	...
+	r.msgs <- stop
+	...
+}
+...
+
+func (r *BlockchainReactor) AddPeer(peer p2p.Peer) {
+	...
+	r.msgs <- bcAddPeerEv{peer.ID}
+	...
+}
+
+```
+
+## IO handling
+An io handling routine within the reactor will isolate peer communication. Message going through the ioRoutine will usually be one way, using `p2p` APIs. In the case in which the `p2p` API such as `trySend` return errors, the ioRoutine can funnel those message back to the demuxRoutine for distribution to the other routines. For instance errors from the ioRoutine can be consumed by the scheduler to inform better peer selection implementations.
+
+```go
+func (r *BlockchainReacor) ioRoutine(ioMesgs chan Message, outMsgs chan Message) {
+	...
+	for {
+		msg := <-ioMsgs
+		switch msg := msg.(type) {
+			case scBlockRequestMessage:
+				queued := r.sendBlockRequestToPeer(...)
+				if queued {
+					outMsgs <- ioSendQueued{...}
+				}
+			case scStatusRequestMessage
+				r.sendStatusRequestToPeer(...)
+			case bcPeerError
+				r.Swtich.StopPeerForError(msg.src)
+				...
+			...
+			case bcFinished
+				break;
+		}
+	}
+}
+
+```
+### Processor Internals
+
+The processor is responsible for ordering, verifying and executing blocks. The Processor will maintain an internal cursor `height` refering to the last processed block. As a set of blocks arrive unordered, the Processor will check if it has `height+1` necessary to process the next block. The processor also maintains the map `blockPeers` of peers to height, to keep track of which peer provided the block at `height`. `blockPeers` can be used in`handleRemovePeer(...)` to reschedule all unprocessed blocks provided by a peer who has errored.
+
+```go
+type Processor struct {
+	height int64 // the height cursor
+	state ...
+	blocks [height]*Block	 // keep a set of blocks in memory until they are processed
+	blockPeers [height]PeerID // keep track of which heights came from which peerID
+	lastTouch timestamp
+}
+
+func (proc *Processor) handleBlockResponse(peerID, block) {
+    if block.height <= height || block[block.height] {
+	} else if blocks[block.height] {
+		return errDuplicateBlock{}
+	} else  {
+		blocks[block.height] = block
+	}
+
+	if blocks[height] && blocks[height+1] {
+		... = state.Validators.VerifyCommit(...)
+		... = store.SaveBlock(...)
+		state, err = blockExec.ApplyBlock(...)
+		...
+		if err == nil {
+			delete blocks[height]
+			height++
+			lastTouch = msg.time
+			return pcBlockProcessed{height-1}
+		} else {
+			... // Delete all unprocessed block from the peer
+			return pcBlockProcessError{peerID, height}
+		}
+	}
+}
+
+func (proc *Processor) handleRemovePeer(peerID) {
+	events = []
+	// Delete all unprocessed blocks from peerID
+	for i = height; i < len(blocks); i++ {
+		if blockPeers[i] == peerID {
+			events = append(events, pcBlockReschedule{height})
+
+			delete block[height]
+		}
+	}
+	return events
+}
+
+func handleTimeCheckEv(time) {
+	if time - lastTouch > timeout {
+		// Timeout the processor
+		...
+	}
+}
+```
+
+## Schedule
+
+The Schedule maintains the internal state used for scheduling blockRequestMessages based on some scheduling algorithm. The schedule needs to maintain state on:
+
+* The state `blockState` of every block seem up to height of maxHeight
+* The set of peers and their peer state `peerState`
+* which peers have which blocks
+* which blocks have been requested from which peers
+
+```go
+type blockState int
+
+const (
+	blockStateNew = iota
+	blockStatePending,
+	blockStateReceived,
+	blockStateProcessed
+)
+
+type schedule {
+    // a list of blocks in which blockState
+	blockStates        map[height]blockState
+
+    // a map of which blocks are available from which peers
+	blockPeers         map[height]map[p2p.ID]scPeer
+
+    // a map of peerID to schedule specific peer struct `scPeer`
+	peers              map[p2p.ID]scPeer
+    
+    // a map of heights to the peer we are waiting for a response from
+	pending map[height]scPeer
+
+	targetPending  int // the number of blocks we want in blockStatePending
+	targetReceived int // the number of blocks we want in blockStateReceived
+
+	peerTimeout        int
+	peerMinSpeed       int
+}
+
+func (sc *schedule) numBlockInState(state blockState) uint32 {
+	num := 0
+	for i := sc.minHeight(); i <= sc.maxHeight(); i++ {
+		if sc.blockState[i] == state {
+			num++
+		}
+	}
+	return num
+}
+
+
+func (sc *schedule) popSchedule(maxRequest int) []scBlockRequestMessage {
+	// We only want to schedule requests such that we have less than sc.targetPending and sc.targetReceived
+	// This ensures we don't saturate the network or flood the processor with unprocessed blocks
+	todo := min(sc.targetPending - sc.numBlockInState(blockStatePending), sc.numBlockInState(blockStateReceived))
+	events := []scBlockRequestMessage{}
+	for i := sc.minHeight(); i < sc.maxMaxHeight(); i++ {
+		if todo == 0 {
+			break
+		}
+		if blockStates[i] == blockStateNew {
+			peer = sc.selectPeer(blockPeers[i])
+			sc.blockStates[i] = blockStatePending
+			sc.pending[i] = peer
+			events = append(events, scBlockRequestMessage{peerID: peer.peerID, height: i})
+			todo--
+		}
+	}
+	return events
+}
+...
+
+type scPeer struct {
+	peerID               p2p.ID
+	numOustandingRequest int
+	lastTouched          time.Time
+	monitor              flow.Monitor
+}
+
+```
+
+# Scheduler
+The scheduler is configured to maintain a target `n` of in flight
+messages and will use feedback from `_blockResponseMessage`,
+`_statusResponseMessage` and `_peerError` produce an optimal assignment
+of scBlockRequestMessage at each `timeCheckEv`.
+
+```
+
+func handleStatusResponse(peerID, height, time) {
+	schedule.touchPeer(peerID, time)
+	schedule.setPeerHeight(peerID, height)
+}
+
+func handleBlockResponseMessage(peerID, height, block, time) {
+	schedule.touchPeer(peerID, time)
+	schedule.markReceived(peerID, height, size(block))
+}
+
+func handleNoBlockResponseMessage(peerID, height, time) {
+	schedule.touchPeer(peerID, time)
+	// reschedule that block, punish peer...
+    ...
+}
+
+func handlePeerError(peerID)  {
+    // Remove the peer, reschedule the requests
+    ...
+}
+
+func handleTimeCheckEv(time) {
+	// clean peer list
+
+    events = []
+	for peerID := range schedule.peersNotTouchedSince(time) {
+		pending = schedule.pendingFrom(peerID) 
+		schedule.setPeerState(peerID, timedout)
+		schedule.resetBlocks(pending)
+		events = append(events, peerTimeout{peerID})
+    }
+
+	events = append(events, schedule.popSchedule())
+
+	return events
+}
+```
+
+## Peer
+The Peer Stores per peer state based on messages received by the scheduler.
+
+```go
+type Peer struct {
+	lastTouched timestamp
+	lastDownloaded timestamp
+	pending map[height]struct{}
+	height height // max height for the peer
+	state {
+		pending,   // we know the peer but not the height
+		active,    // we know the height
+		timeout    // the peer has timed out
+	}
+}
+```
+
+## Status
+
+Work in progress
+
+## Consequences
+
+### Positive
+
+* Test become deterministic
+* Simulation becomes a-termporal: no need wait for a wall-time timeout
+* Peer Selection can be independently tested/simulated
+* Develop a general approach to refactoring reactors
+
+### Negative
+
+### Neutral
+
+### Implementation Path
+
+* Implement the scheduler, test the scheduler, review the rescheduler
+* Implement the processor, test the processor, review the processor
+* Implement the demuxer, write integration test, review integration tests
+
+## References
+
+
+* [ADR-40](https://github.com/tendermint/tendermint/blob/master/docs/architecture/adr-040-blockchain-reactor-refactor.md): The original blockchain reactor re-org proposal
+* [Blockchain re-org](https://github.com/tendermint/tendermint/pull/3561): The current blockchain reactor re-org implementation (v1)
--- a/docs/architecture/adr-044-lite-client-with-weak-subjectivity.md
+++ b/docs/architecture/adr-044-lite-client-with-weak-subjectivity.md
@@ -0,0 +1,141 @@
+# ADR 044: Lite Client with Weak Subjectivity
+
+## Changelog
+* 13-07-2019: Initial draft
+* 14-08-2019: Address cwgoes comments
+
+## Context
+
+The concept of light clients was introduced in the Bitcoin white paper. It
+describes a watcher of distributed consensus process that only validates the
+consensus algorithm and not the state machine transactions within.
+
+Tendermint light clients allow bandwidth & compute-constrained devices, such as smartphones, low-power embedded chips, or other blockchains to
+efficiently verify the consensus of a Tendermint blockchain. This forms the
+basis of safe and efficient state synchronization for new network nodes and
+inter-blockchain communication (where a light client of one Tendermint instance
+runs in another chain's state machine).
+
+In a network that is expected to reliably punish validators for misbehavior
+by slashing bonded stake and where the validator set changes
+infrequently, clients can take advantage of this assumption to safely
+synchronize a lite client without downloading the intervening headers.
+
+Light clients (and full nodes) operating in the Proof Of Stake context need a
+trusted block height from a trusted source that is no older than 1 unbonding
+window plus a configurable evidence submission synchrony bound. This is called “weak subjectivity”.
+
+Weak subjectivity is required in Proof of Stake blockchains because it is
+costless for an attacker to buy up voting keys that are no longer bonded and
+fork the network at some point in its prior history. See Vitalik’s post at
+[Proof of Stake: How I Learned to Love Weak
+Subjectivity](https://blog.ethereum.org/2014/11/25/proof-stake-learned-love-weak-subjectivity/).
+
+Currently, Tendermint provides a lite client implementation in the
+[lite](https://github.com/tendermint/tendermint/tree/master/lite) package. This
+lite client implements a bisection algorithm that tries to use a binary search
+to find the minimum number of block headers where the validator set voting
+power changes are less than < 1/3rd. This interface does not support weak
+subjectivity at this time. The Cosmos SDK also does not support counterfactual
+slashing, nor does the lite client have any capacity to report evidence making
+these systems *theoretically unsafe*.
+
+NOTE: Tendermint provides a somewhat different (stronger) light client model
+than Bitcoin under eclipse, since the eclipsing node(s) can only fool the light
+client if they have two-thirds of the private keys from the last root-of-trust.
+
+## Decision
+
+### The Weak Subjectivity Interface
+
+Add the weak subjectivity interface for when a new light client connects to the
+network or when a light client that has been offline for longer than the
+unbonding period connects to the network. Specifically, the node needs to
+initialize the following structure before syncing from user input:
+
+```
+type TrustOptions struct {
+    // Required: only trust commits up to this old.
+    // Should be equal to the unbonding period minus some delta for evidence reporting.
+    TrustPeriod time.Duration `json:"trust-period"`
+
+    // Option 1: TrustHeight and TrustHash can both be provided
+    // to force the trusting of a particular height and hash.
+    // If the latest trusted height/hash is more recent, then this option is
+    // ignored.
+    TrustHeight int64  `json:"trust-height"`
+    TrustHash   []byte `json:"trust-hash"`
+
+    // Option 2: Callback can be set to implement a confirmation
+    // step if the trust store is uninitialized, or expired.
+    Callback func(height int64, hash []byte) error
+}
+```
+
+The expectation is the user will get this information from a trusted source
+like a validator, a friend, or a secure website. A more user friendly
+solution with trust tradeoffs is that we establish an https based protocol with
+a default end point that populates this information. Also an on-chain registry
+of roots-of-trust (e.g. on the Cosmos Hub) seems likely in the future.
+
+### Linear Verification
+
+The linear verification algorithm requires downloading all headers
+between the `TrustHeight` and the `LatestHeight`. The lite client downloads the
+full header for the provided `TrustHeight` and then proceeds to download `N+1`
+headers and applies the [Tendermint validation
+rules](https://github.com/tendermint/tendermint/blob/master/docs/spec/blockchain/blockchain.md#validation)
+to each block.
+
+### Bisecting Verification
+
+Bisecting Verification is a more bandwidth and compute intensive mechanism that
+in the most optimistic case requires a light client to only download two block
+headers to come into synchronization.
+
+The bisection algorithm proceeds in the following fashion. The client downloads
+and verifies the full block header for `TrustHeight` and then  fetches
+`LatestHeight` blocker header. The client then verifies the `LatestHeight`
+header. Finally the client attempts to verify the `LatestHeight` header with
+voting powers taken from `NextValidatorSet` in the `TrustHeight` header. This
+verification will succeed if the validators from `TrustHeight` still have > 2/3
+1 of voting power in the `LatestHeight`. If this succeeds, the client is fully
+synchronized. If this fails, then following Bisection Algorithm should be
+executed.
+
+The Client tries to download the block at the mid-point block between
+`LatestHeight` and `TrustHeight` and attempts that same algorithm as above
+using `MidPointHeight` instead of `LatestHeight` and a different threshold -
+1/3 +1 of voting power for *non-adjacent headers*. In the case the of failure,
+recursively perform the `MidPoint` verification until success then start over
+with an updated `NextValidatorSet` and `TrustHeight`.
+
+If the client encounters a forged header, it should submit the header along
+with some other intermediate headers as the evidence of misbehavior to other
+full nodes. After that, it can retry the bisection using another full node. An
+optimal client will cache trusted headers from the previous run to minimize
+network usage.
+
+---
+
+Check out the formal specification
+[here](https://github.com/tendermint/tendermint/blob/master/docs/spec/consensus/light-client.md).
+
+## Status
+
+Accepted.
+
+## Consequences
+
+### Positive
+
+* light client which is safe to use (it can go offline, but not for too long)
+
+### Negative
+
+* complexity of bisection
+
+### Neutral
+
+* social consensus can be prone to errors (for cases where a new light client
+  joins a network or it has been offline for too long)
--- a/docs/architecture/img/blockchain-reactor-v1.png
+++ b/docs/architecture/img/blockchain-reactor-v1.png
--- a/docs/architecture/img/blockchain-reactor-v2.png
+++ b/docs/architecture/img/blockchain-reactor-v2.png
--- a/docs/architecture/img/state-sync.png
+++ b/docs/architecture/img/state-sync.png
--- a/docs/guides/go-built-in.md
+++ b/docs/guides/go-built-in.md
@@ -0,0 +1,639 @@
+# Creating a built-in application in Go
+
+## Guide assumptions
+
+This guide is designed for beginners who want to get started with a Tendermint
+Core application from scratch. It does not assume that you have any prior
+experience with Tendermint Core.
+
+Tendermint Core is Byzantine Fault Tolerant (BFT) middleware that takes a state
+transition machine - written in any programming language - and securely
+replicates it on many machines.
+
+Although Tendermint Core is written in the Golang programming language, prior
+knowledge of it is not required for this guide. You can learn it as we go due
+to it's simplicity. However, you may want to go through [Learn X in Y minutes
+Where X=Go](https://learnxinyminutes.com/docs/go/) first to familiarize
+yourself with the syntax.
+
+By following along with this guide, you'll create a Tendermint Core project
+called kvstore, a (very) simple distributed BFT key-value store.
+
+## Built-in app vs external app
+
+Running your application inside the same process as Tendermint Core will give
+you the best possible performance.
+
+For other languages, your application have to communicate with Tendermint Core
+through a TCP, Unix domain socket or gRPC.
+
+## 1.1 Installing Go
+
+Please refer to [the official guide for installing
+Go](https://golang.org/doc/install).
+
+Verify that you have the latest version of Go installed:
+
+```sh
+$ go version
+go version go1.12.7 darwin/amd64
+```
+
+Make sure you have `$GOPATH` environment variable set:
+
+```sh
+$ echo $GOPATH
+/Users/melekes/go
+```
+
+## 1.2 Creating a new Go project
+
+We'll start by creating a new Go project.
+
+```sh
+$ mkdir -p $GOPATH/src/github.com/me/kvstore
+$ cd $GOPATH/src/github.com/me/kvstore
+```
+
+Inside the example directory create a `main.go` file with the following content:
+
+```go
+package main
+
+import (
+	"fmt"
+)
+
+func main() {
+	fmt.Println("Hello, Tendermint Core")
+}
+```
+
+When run, this should print "Hello, Tendermint Core" to the standard output.
+
+```sh
+$ go run main.go
+Hello, Tendermint Core
+```
+
+## 1.3 Writing a Tendermint Core application
+
+Tendermint Core communicates with the application through the Application
+BlockChain Interface (ABCI). All message types are defined in the [protobuf
+file](https://github.com/tendermint/tendermint/blob/develop/abci/types/types.proto).
+This allows Tendermint Core to run applications written in any programming
+language.
+
+Create a file called `app.go` with the following content:
+
+```go
+package main
+
+import (
+	abcitypes "github.com/tendermint/tendermint/abci/types"
+)
+
+type KVStoreApplication struct {}
+
+var _ abcitypes.Application = (*KVStoreApplication)(nil)
+
+func NewKVStoreApplication() *KVStoreApplication {
+	return &KVStoreApplication{}
+}
+
+func (KVStoreApplication) Info(req abcitypes.RequestInfo) abcitypes.ResponseInfo {
+	return abcitypes.ResponseInfo{}
+}
+
+func (KVStoreApplication) SetOption(req abcitypes.RequestSetOption) abcitypes.ResponseSetOption {
+	return abcitypes.ResponseSetOption{}
+}
+
+func (KVStoreApplication) DeliverTx(req abcitypes.RequestDeliverTx) abcitypes.ResponseDeliverTx {
+	return abcitypes.ResponseDeliverTx{Code: 0}
+}
+
+func (KVStoreApplication) CheckTx(req abcitypes.RequestCheckTx) abcitypes.ResponseCheckTx {
+	return abcitypes.ResponseCheckTx{Code: 0}
+}
+
+func (KVStoreApplication) Commit() abcitypes.ResponseCommit {
+	return abcitypes.ResponseCommit{}
+}
+
+func (KVStoreApplication) Query(req abcitypes.RequestQuery) abcitypes.ResponseQuery {
+	return abcitypes.ResponseQuery{Code: 0}
+}
+
+func (KVStoreApplication) InitChain(req abcitypes.RequestInitChain) abcitypes.ResponseInitChain {
+	return abcitypes.ResponseInitChain{}
+}
+
+func (KVStoreApplication) BeginBlock(req abcitypes.RequestBeginBlock) abcitypes.ResponseBeginBlock {
+	return abcitypes.ResponseBeginBlock{}
+}
+
+func (KVStoreApplication) EndBlock(req abcitypes.RequestEndBlock) abcitypes.ResponseEndBlock {
+	return abcitypes.ResponseEndBlock{}
+}
+```
+
+Now I will go through each method explaining when it's called and adding
+required business logic.
+
+### 1.3.1 CheckTx
+
+When a new transaction is added to the Tendermint Core, it will ask the
+application to check it (validate the format, signatures, etc.).
+
+```go
+func (app *KVStoreApplication) isValid(tx []byte) (code uint32) {
+	// check format
+	parts := bytes.Split(tx, []byte("="))
+	if len(parts) != 2 {
+		return 1
+	}
+
+	key, value := parts[0], parts[1]
+
+	// check if the same key=value already exists
+	err := app.db.View(func(txn *badger.Txn) error {
+		item, err := txn.Get(key)
+		if err != nil && err != badger.ErrKeyNotFound {
+			return err
+		}
+		if err == nil {
+			return item.Value(func(val []byte) error {
+				if bytes.Equal(val, value) {
+					code = 2
+				}
+				return nil
+			})
+		}
+		return nil
+	})
+	if err != nil {
+		panic(err)
+	}
+
+	return code
+}
+
+func (app *KVStoreApplication) CheckTx(req abcitypes.RequestCheckTx) abcitypes.ResponseCheckTx {
+	code := app.isValid(req.Tx)
+	return abcitypes.ResponseCheckTx{Code: code, GasWanted: 1}
+}
+```
+
+Don't worry if this does not compile yet.
+
+If the transaction does not have a form of `{bytes}={bytes}`, we return `1`
+code. When the same key=value already exist (same key and value), we return `2`
+code. For others, we return a zero code indicating that they are valid.
+
+Note that anything with non-zero code will be considered invalid (`-1`, `100`,
+etc.) by Tendermint Core.
+
+Valid transactions will eventually be committed given they are not too big and
+have enough gas. To learn more about gas, check out ["the
+specification"](https://tendermint.com/docs/spec/abci/apps.html#gas).
+
+For the underlying key-value store we'll use
+[badger](https://github.com/dgraph-io/badger), which is an embeddable,
+persistent and fast key-value (KV) database.
+
+```go
+import "github.com/dgraph-io/badger"
+
+type KVStoreApplication struct {
+	db           *badger.DB
+	currentBatch *badger.Txn
+}
+
+func NewKVStoreApplication(db *badger.DB) *KVStoreApplication {
+	return &KVStoreApplication{
+		db: db,
+	}
+}
+```
+
+### 1.3.2 BeginBlock -> DeliverTx -> EndBlock -> Commit
+
+When Tendermint Core has decided on the block, it's transfered to the
+application in 3 parts: `BeginBlock`, one `DeliverTx` per transaction and
+`EndBlock` in the end. DeliverTx are being transfered  asynchronously, but the
+responses are expected to come in order.
+
+```
+func (app *KVStoreApplication) BeginBlock(req abcitypes.RequestBeginBlock) abcitypes.ResponseBeginBlock {
+	app.currentBatch = app.db.NewTransaction(true)
+	return abcitypes.ResponseBeginBlock{}
+}
+
+```
+
+Here we create a batch, which will store block's transactions.
+
+```go
+func (app *KVStoreApplication) DeliverTx(req abcitypes.RequestDeliverTx) abcitypes.ResponseDeliverTx {
+	code := app.isValid(req.Tx)
+	if code != 0 {
+		return abcitypes.ResponseDeliverTx{Code: code}
+	}
+
+	parts := bytes.Split(req.Tx, []byte("="))
+	key, value := parts[0], parts[1]
+
+	err := app.currentBatch.Set(key, value)
+	if err != nil {
+		panic(err)
+	}
+
+	return abcitypes.ResponseDeliverTx{Code: 0}
+}
+```
+
+If the transaction is badly formatted or the same key=value already exist, we
+again return the non-zero code. Otherwise, we add it to the current batch.
+
+In the current design, a block can include incorrect transactions (those who
+passed CheckTx, but failed DeliverTx or transactions included by the proposer
+directly). This is done for performance reasons.
+
+Note we can't commit transactions inside the `DeliverTx` because in such case
+`Query`, which may be called in parallel, will return inconsistent data (i.e.
+it will report that some value already exist even when the actual block was not
+yet committed).
+
+`Commit` instructs the application to persist the new state.
+
+```go
+func (app *KVStoreApplication) Commit() abcitypes.ResponseCommit {
+	app.currentBatch.Commit()
+	return abcitypes.ResponseCommit{Data: []byte{}}
+}
+```
+
+### 1.3.3 Query
+
+Now, when the client wants to know whenever a particular key/value exist, it
+will call Tendermint Core RPC `/abci_query` endpoint, which in turn will call
+the application's `Query` method.
+
+Applications are free to provide their own APIs. But by using Tendermint Core
+as a proxy, clients (including [light client
+package](https://godoc.org/github.com/tendermint/tendermint/lite)) can leverage
+the unified API across different applications. Plus they won't have to call the
+otherwise separate Tendermint Core API for additional proofs.
+
+Note we don't include a proof here.
+
+```go
+func (app *KVStoreApplication) Query(reqQuery abcitypes.RequestQuery) (resQuery abcitypes.ResponseQuery) {
+	resQuery.Key = reqQuery.Data
+	err := app.db.View(func(txn *badger.Txn) error {
+		item, err := txn.Get(reqQuery.Data)
+		if err != nil && err != badger.ErrKeyNotFound {
+			return err
+		}
+		if err == badger.ErrKeyNotFound {
+			resQuery.Log = "does not exist"
+		} else {
+			return item.Value(func(val []byte) error {
+				resQuery.Log = "exists"
+				resQuery.Value = val
+				return nil
+			})
+		}
+		return nil
+	})
+	if err != nil {
+		panic(err)
+	}
+	return
+}
+```
+
+The complete specification can be found
+[here](https://tendermint.com/docs/spec/abci/).
+
+## 1.4 Starting an application and a Tendermint Core instance in the same process
+
+Put the following code into the "main.go" file:
+
+```go
+package main
+
+import (
+	"flag"
+	"fmt"
+	"os"
+	"os/signal"
+	"path/filepath"
+	"syscall"
+
+	"github.com/dgraph-io/badger"
+	"github.com/pkg/errors"
+	"github.com/spf13/viper"
+
+	abci "github.com/tendermint/tendermint/abci/types"
+	cfg "github.com/tendermint/tendermint/config"
+	tmflags "github.com/tendermint/tendermint/libs/cli/flags"
+	"github.com/tendermint/tendermint/libs/log"
+	nm "github.com/tendermint/tendermint/node"
+	"github.com/tendermint/tendermint/p2p"
+	"github.com/tendermint/tendermint/privval"
+	"github.com/tendermint/tendermint/proxy"
+)
+
+var configFile string
+
+func init() {
+	flag.StringVar(&configFile, "config", "$HOME/.tendermint/config/config.toml", "Path to config.toml")
+}
+
+func main() {
+	db, err := badger.Open(badger.DefaultOptions("/tmp/badger"))
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "failed to open badger db: %v", err)
+		os.Exit(1)
+	}
+	defer db.Close()
+	app := NewKVStoreApplication(db)
+
+	flag.Parse()
+
+	node, err := newTendermint(app, configFile)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "%v", err)
+		os.Exit(2)
+	}
+
+	node.Start()
+	defer func() {
+		node.Stop()
+		node.Wait()
+	}()
+
+	c := make(chan os.Signal, 1)
+	signal.Notify(c, os.Interrupt, syscall.SIGTERM)
+	<-c
+	os.Exit(0)
+}
+
+func newTendermint(app abci.Application, configFile string) (*nm.Node, error) {
+	// read config
+	config := cfg.DefaultConfig()
+	config.RootDir = filepath.Dir(filepath.Dir(configFile))
+	viper.SetConfigFile(configFile)
+	if err := viper.ReadInConfig(); err != nil {
+		return nil, errors.Wrap(err, "viper failed to read config file")
+	}
+	if err := viper.Unmarshal(config); err != nil {
+		return nil, errors.Wrap(err, "viper failed to unmarshal config")
+	}
+	if err := config.ValidateBasic(); err != nil {
+		return nil, errors.Wrap(err, "config is invalid")
+	}
+
+	// create logger
+	logger := log.NewTMLogger(log.NewSyncWriter(os.Stdout))
+	var err error
+	logger, err = tmflags.ParseLogLevel(config.LogLevel, logger, cfg.DefaultLogLevel())
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to parse log level")
+	}
+
+	// read private validator
+	pv := privval.LoadFilePV(
+		config.PrivValidatorKeyFile(),
+		config.PrivValidatorStateFile(),
+	)
+
+	// read node key
+	nodeKey, err := p2p.LoadNodeKey(config.NodeKeyFile())
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to load node's key")
+	}
+
+	// create node
+	node, err := nm.NewNode(
+		config,
+		pv,
+		nodeKey,
+		proxy.NewLocalClientCreator(app),
+		nm.DefaultGenesisDocProviderFunc(config),
+		nm.DefaultDBProvider,
+		nm.DefaultMetricsProvider(config.Instrumentation),
+		logger)
+	if err != nil {
+		return nil, errors.Wrap(err, "failed to create new Tendermint node")
+	}
+
+	return node, nil
+}
+```
+
+This is a huge blob of code, so let's break it down into pieces.
+
+First, we initialize the Badger database and create an app instance:
+
+```go
+db, err := badger.Open(badger.DefaultOptions("/tmp/badger"))
+if err != nil {
+	fmt.Fprintf(os.Stderr, "failed to open badger db: %v", err)
+	os.Exit(1)
+}
+defer db.Close()
+app := NewKVStoreApplication(db)
+```
+
+Then we use it to create a Tendermint Core `Node` instance:
+
+```go
+flag.Parse()
+
+node, err := newTendermint(app, configFile)
+if err != nil {
+	fmt.Fprintf(os.Stderr, "%v", err)
+	os.Exit(2)
+}
+
+...
+
+// create node
+node, err := nm.NewNode(
+	config,
+	pv,
+	nodeKey,
+	proxy.NewLocalClientCreator(app),
+	nm.DefaultGenesisDocProviderFunc(config),
+	nm.DefaultDBProvider,
+	nm.DefaultMetricsProvider(config.Instrumentation),
+	logger)
+if err != nil {
+	return nil, errors.Wrap(err, "failed to create new Tendermint node")
+}
+```
+
+`NewNode` requires a few things including a configuration file, a private
+validator, a node key and a few others in order to construct the full node.
+
+Note we use `proxy.NewLocalClientCreator` here to create a local client instead
+of one communicating through a socket or gRPC.
+
+[viper](https://github.com/spf13/viper) is being used for reading the config,
+which we will generate later using the `tendermint init` command.
+
+```go
+config := cfg.DefaultConfig()
+config.RootDir = filepath.Dir(filepath.Dir(configFile))
+viper.SetConfigFile(configFile)
+if err := viper.ReadInConfig(); err != nil {
+	return nil, errors.Wrap(err, "viper failed to read config file")
+}
+if err := viper.Unmarshal(config); err != nil {
+	return nil, errors.Wrap(err, "viper failed to unmarshal config")
+}
+if err := config.ValidateBasic(); err != nil {
+	return nil, errors.Wrap(err, "config is invalid")
+}
+```
+
+We use `FilePV`, which is a private validator (i.e. thing which signs consensus
+messages). Normally, you would use `SignerRemote` to connect to an external
+[HSM](https://kb.certus.one/hsm.html).
+
+```go
+pv := privval.LoadFilePV(
+	config.PrivValidatorKeyFile(),
+	config.PrivValidatorStateFile(),
+)
+
+```
+
+`nodeKey` is needed to identify the node in a p2p network.
+
+```go
+nodeKey, err := p2p.LoadNodeKey(config.NodeKeyFile())
+if err != nil {
+	return nil, errors.Wrap(err, "failed to load node's key")
+}
+```
+
+As for the logger, we use the build-in library, which provides a nice
+abstraction over [go-kit's
+logger](https://github.com/go-kit/kit/tree/master/log).
+
+```go
+logger := log.NewTMLogger(log.NewSyncWriter(os.Stdout))
+var err error
+logger, err = tmflags.ParseLogLevel(config.LogLevel, logger, cfg.DefaultLogLevel())
+if err != nil {
+	return nil, errors.Wrap(err, "failed to parse log level")
+}
+```
+
+Finally, we start the node and add some signal handling to gracefully stop it
+upon receiving SIGTERM or Ctrl-C.
+
+```go
+node.Start()
+defer func() {
+	node.Stop()
+	node.Wait()
+}()
+
+c := make(chan os.Signal, 1)
+signal.Notify(c, os.Interrupt, syscall.SIGTERM)
+<-c
+os.Exit(0)
+```
+
+## 1.5 Getting Up and Running
+
+We are going to use [Go modules](https://github.com/golang/go/wiki/Modules) for
+dependency management.
+
+```sh
+$ export GO111MODULE=on
+$ go mod init github.com/me/example
+$ go build
+```
+
+This should build the binary.
+
+To create a default configuration, nodeKey and private validator files, let's
+execute `tendermint init`. But before we do that, we will need to install
+Tendermint Core.
+
+```sh
+$ rm -rf /tmp/example
+$ cd $GOPATH/src/github.com/tendermint/tendermint
+$ make install
+$ TMHOME="/tmp/example" tendermint init
+
+I[2019-07-16|18:40:36.480] Generated private validator                  module=main keyFile=/tmp/example/config/priv_validator_key.json stateFile=/tmp/example2/data/priv_validator_state.json
+I[2019-07-16|18:40:36.481] Generated node key                           module=main path=/tmp/example/config/node_key.json
+I[2019-07-16|18:40:36.482] Generated genesis file                       module=main path=/tmp/example/config/genesis.json
+```
+
+We are ready to start our application:
+
+```sh
+$ ./example -config "/tmp/example/config/config.toml"
+
+badger 2019/07/16 18:42:25 INFO: All 0 tables opened in 0s
+badger 2019/07/16 18:42:25 INFO: Replaying file id: 0 at offset: 0
+badger 2019/07/16 18:42:25 INFO: Replay took: 695.227s
+E[2019-07-16|18:42:25.818] Couldn't connect to any seeds                module=p2p
+I[2019-07-16|18:42:26.853] Executed block                               module=state height=1 validTxs=0 invalidTxs=0
+I[2019-07-16|18:42:26.865] Committed state                              module=state height=1 txs=0 appHash=
+```
+
+Now open another tab in your terminal and try sending a transaction:
+
+```sh
+$ curl -s 'localhost:26657/broadcast_tx_commit?tx="tendermint=rocks"'
+{
+  "jsonrpc": "2.0",
+  "id": "",
+  "result": {
+    "check_tx": {
+      "gasWanted": "1"
+    },
+    "deliver_tx": {},
+    "hash": "1B3C5A1093DB952C331B1749A21DCCBB0F6C7F4E0055CD04D16346472FC60EC6",
+    "height": "128"
+  }
+}
+```
+
+Response should contain the height where this transaction was committed.
+
+Now let's check if the given key now exists and its value:
+
+```
+$ curl -s 'localhost:26657/abci_query?data="tendermint"'
+{
+  "jsonrpc": "2.0",
+  "id": "",
+  "result": {
+    "response": {
+      "log": "exists",
+      "key": "dGVuZGVybWludA==",
+      "value": "cm9ja3M="
+    }
+  }
+}
+```
+
+"dGVuZGVybWludA==" and "cm9ja3M=" are the base64-encoding of the ASCII of
+"tendermint" and "rocks" accordingly.
+
+## Outro
+
+I hope everything went smoothly and your first, but hopefully not the last,
+Tendermint Core application is up and running. If not, please [open an issue on
+Github](https://github.com/tendermint/tendermint/issues/new/choose). To dig
+deeper, read [the docs](https://tendermint.com/docs/).
--- a/docs/guides/go.md
+++ b/docs/guides/go.md
@@ -0,0 +1,523 @@
+# Creating an application in Go
+
+## Guide Assumptions
+
+This guide is designed for beginners who want to get started with a Tendermint
+Core application from scratch. It does not assume that you have any prior
+experience with Tendermint Core.
+
+Tendermint Core is Byzantine Fault Tolerant (BFT) middleware that takes a state
+transition machine - written in any programming language - and securely
+replicates it on many machines.
+
+Although Tendermint Core is written in the Golang programming language, prior
+knowledge of it is not required for this guide. You can learn it as we go due
+to it's simplicity. However, you may want to go through [Learn X in Y minutes
+Where X=Go](https://learnxinyminutes.com/docs/go/) first to familiarize
+yourself with the syntax.
+
+By following along with this guide, you'll create a Tendermint Core project
+called kvstore, a (very) simple distributed BFT key-value store.
+
+## Built-in app vs external app
+
+To get maximum performance it is better to run your application alongside
+Tendermint Core. [Cosmos SDK](https://github.com/cosmos/cosmos-sdk) is written
+this way. Please refer to [Writing a built-in Tendermint Core application in
+Go](./go-built-in.md) guide for details.
+
+Having a separate application might give you better security guarantees as two
+processes would be communicating via established binary protocol. Tendermint
+Core will not have access to application's state.
+
+## 1.1 Installing Go
+
+Please refer to [the official guide for installing
+Go](https://golang.org/doc/install).
+
+Verify that you have the latest version of Go installed:
+
+```sh
+$ go version
+go version go1.12.7 darwin/amd64
+```
+
+Make sure you have `$GOPATH` environment variable set:
+
+```sh
+$ echo $GOPATH
+/Users/melekes/go
+```
+
+## 1.2 Creating a new Go project
+
+We'll start by creating a new Go project.
+
+```sh
+$ mkdir -p $GOPATH/src/github.com/me/kvstore
+$ cd $GOPATH/src/github.com/me/kvstore
+```
+
+Inside the example directory create a `main.go` file with the following content:
+
+```go
+package main
+
+import (
+	"fmt"
+)
+
+func main() {
+	fmt.Println("Hello, Tendermint Core")
+}
+```
+
+When run, this should print "Hello, Tendermint Core" to the standard output.
+
+```sh
+$ go run main.go
+Hello, Tendermint Core
+```
+
+## 1.3 Writing a Tendermint Core application
+
+Tendermint Core communicates with the application through the Application
+BlockChain Interface (ABCI). All message types are defined in the [protobuf
+file](https://github.com/tendermint/tendermint/blob/develop/abci/types/types.proto).
+This allows Tendermint Core to run applications written in any programming
+language.
+
+Create a file called `app.go` with the following content:
+
+```go
+package main
+
+import (
+	abcitypes "github.com/tendermint/tendermint/abci/types"
+)
+
+type KVStoreApplication struct {}
+
+var _ abcitypes.Application = (*KVStoreApplication)(nil)
+
+func NewKVStoreApplication() *KVStoreApplication {
+	return &KVStoreApplication{}
+}
+
+func (KVStoreApplication) Info(req abcitypes.RequestInfo) abcitypes.ResponseInfo {
+	return abcitypes.ResponseInfo{}
+}
+
+func (KVStoreApplication) SetOption(req abcitypes.RequestSetOption) abcitypes.ResponseSetOption {
+	return abcitypes.ResponseSetOption{}
+}
+
+func (KVStoreApplication) DeliverTx(req abcitypes.RequestDeliverTx) abcitypes.ResponseDeliverTx {
+	return abcitypes.ResponseDeliverTx{Code: 0}
+}
+
+func (KVStoreApplication) CheckTx(req abcitypes.RequestCheckTx) abcitypes.ResponseCheckTx {
+	return abcitypes.ResponseCheckTx{Code: 0}
+}
+
+func (KVStoreApplication) Commit() abcitypes.ResponseCommit {
+	return abcitypes.ResponseCommit{}
+}
+
+func (KVStoreApplication) Query(req abcitypes.RequestQuery) abcitypes.ResponseQuery {
+	return abcitypes.ResponseQuery{Code: 0}
+}
+
+func (KVStoreApplication) InitChain(req abcitypes.RequestInitChain) abcitypes.ResponseInitChain {
+	return abcitypes.ResponseInitChain{}
+}
+
+func (KVStoreApplication) BeginBlock(req abcitypes.RequestBeginBlock) abcitypes.ResponseBeginBlock {
+	return abcitypes.ResponseBeginBlock{}
+}
+
+func (KVStoreApplication) EndBlock(req abcitypes.RequestEndBlock) abcitypes.ResponseEndBlock {
+	return abcitypes.ResponseEndBlock{}
+}
+```
+
+Now I will go through each method explaining when it's called and adding
+required business logic.
+
+### 1.3.1 CheckTx
+
+When a new transaction is added to the Tendermint Core, it will ask the
+application to check it (validate the format, signatures, etc.).
+
+```go
+func (app *KVStoreApplication) isValid(tx []byte) (code uint32) {
+	// check format
+	parts := bytes.Split(tx, []byte("="))
+	if len(parts) != 2 {
+		return 1
+	}
+
+	key, value := parts[0], parts[1]
+
+	// check if the same key=value already exists
+	err := app.db.View(func(txn *badger.Txn) error {
+		item, err := txn.Get(key)
+		if err != nil && err != badger.ErrKeyNotFound {
+			return err
+		}
+		if err == nil {
+			return item.Value(func(val []byte) error {
+				if bytes.Equal(val, value) {
+					code = 2
+				}
+				return nil
+			})
+		}
+		return nil
+	})
+	if err != nil {
+		panic(err)
+	}
+
+	return code
+}
+
+func (app *KVStoreApplication) CheckTx(req abcitypes.RequestCheckTx) abcitypes.ResponseCheckTx {
+	code := app.isValid(req.Tx)
+	return abcitypes.ResponseCheckTx{Code: code, GasWanted: 1}
+}
+```
+
+Don't worry if this does not compile yet.
+
+If the transaction does not have a form of `{bytes}={bytes}`, we return `1`
+code. When the same key=value already exist (same key and value), we return `2`
+code. For others, we return a zero code indicating that they are valid.
+
+Note that anything with non-zero code will be considered invalid (`-1`, `100`,
+etc.) by Tendermint Core.
+
+Valid transactions will eventually be committed given they are not too big and
+have enough gas. To learn more about gas, check out ["the
+specification"](https://tendermint.com/docs/spec/abci/apps.html#gas).
+
+For the underlying key-value store we'll use
+[badger](https://github.com/dgraph-io/badger), which is an embeddable,
+persistent and fast key-value (KV) database.
+
+```go
+import "github.com/dgraph-io/badger"
+
+type KVStoreApplication struct {
+	db           *badger.DB
+	currentBatch *badger.Txn
+}
+
+func NewKVStoreApplication(db *badger.DB) *KVStoreApplication {
+	return &KVStoreApplication{
+		db: db,
+	}
+}
+```
+
+### 1.3.2 BeginBlock -> DeliverTx -> EndBlock -> Commit
+
+When Tendermint Core has decided on the block, it's transfered to the
+application in 3 parts: `BeginBlock`, one `DeliverTx` per transaction and
+`EndBlock` in the end. DeliverTx are being transfered  asynchronously, but the
+responses are expected to come in order.
+
+```
+func (app *KVStoreApplication) BeginBlock(req abcitypes.RequestBeginBlock) abcitypes.ResponseBeginBlock {
+	app.currentBatch = app.db.NewTransaction(true)
+	return abcitypes.ResponseBeginBlock{}
+}
+
+```
+
+Here we create a batch, which will store block's transactions.
+
+```go
+func (app *KVStoreApplication) DeliverTx(req abcitypes.RequestDeliverTx) abcitypes.ResponseDeliverTx {
+	code := app.isValid(req.Tx)
+	if code != 0 {
+		return abcitypes.ResponseDeliverTx{Code: code}
+	}
+
+	parts := bytes.Split(req.Tx, []byte("="))
+	key, value := parts[0], parts[1]
+
+	err := app.currentBatch.Set(key, value)
+	if err != nil {
+		panic(err)
+	}
+
+	return abcitypes.ResponseDeliverTx{Code: 0}
+}
+```
+
+If the transaction is badly formatted or the same key=value already exist, we
+again return the non-zero code. Otherwise, we add it to the current batch.
+
+In the current design, a block can include incorrect transactions (those who
+passed CheckTx, but failed DeliverTx or transactions included by the proposer
+directly). This is done for performance reasons.
+
+Note we can't commit transactions inside the `DeliverTx` because in such case
+`Query`, which may be called in parallel, will return inconsistent data (i.e.
+it will report that some value already exist even when the actual block was not
+yet committed).
+
+`Commit` instructs the application to persist the new state.
+
+```go
+func (app *KVStoreApplication) Commit() abcitypes.ResponseCommit {
+	app.currentBatch.Commit()
+	return abcitypes.ResponseCommit{Data: []byte{}}
+}
+```
+
+### 1.3.3 Query
+
+Now, when the client wants to know whenever a particular key/value exist, it
+will call Tendermint Core RPC `/abci_query` endpoint, which in turn will call
+the application's `Query` method.
+
+Applications are free to provide their own APIs. But by using Tendermint Core
+as a proxy, clients (including [light client
+package](https://godoc.org/github.com/tendermint/tendermint/lite)) can leverage
+the unified API across different applications. Plus they won't have to call the
+otherwise separate Tendermint Core API for additional proofs.
+
+Note we don't include a proof here.
+
+```go
+func (app *KVStoreApplication) Query(reqQuery abcitypes.RequestQuery) (resQuery abcitypes.ResponseQuery) {
+	resQuery.Key = reqQuery.Data
+	err := app.db.View(func(txn *badger.Txn) error {
+		item, err := txn.Get(reqQuery.Data)
+		if err != nil && err != badger.ErrKeyNotFound {
+			return err
+		}
+		if err == badger.ErrKeyNotFound {
+			resQuery.Log = "does not exist"
+		} else {
+			return item.Value(func(val []byte) error {
+				resQuery.Log = "exists"
+				resQuery.Value = val
+				return nil
+			})
+		}
+		return nil
+	})
+	if err != nil {
+		panic(err)
+	}
+	return
+}
+```
+
+The complete specification can be found
+[here](https://tendermint.com/docs/spec/abci/).
+
+## 1.4 Starting an application and a Tendermint Core instances
+
+Put the following code into the "main.go" file:
+
+```go
+package main
+
+import (
+	"flag"
+	"fmt"
+	"os"
+	"os/signal"
+	"syscall"
+
+	"github.com/dgraph-io/badger"
+
+	abciserver "github.com/tendermint/tendermint/abci/server"
+	"github.com/tendermint/tendermint/libs/log"
+)
+
+var socketAddr string
+
+func init() {
+	flag.StringVar(&socketAddr, "socket-addr", "unix://example.sock", "Unix domain socket address")
+}
+
+func main() {
+	db, err := badger.Open(badger.DefaultOptions("/tmp/badger"))
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "failed to open badger db: %v", err)
+		os.Exit(1)
+	}
+	defer db.Close()
+	app := NewKVStoreApplication(db)
+
+	flag.Parse()
+
+	logger := log.NewTMLogger(log.NewSyncWriter(os.Stdout))
+
+	server := abciserver.NewSocketServer(socketAddr, app)
+	server.SetLogger(logger)
+	if err := server.Start(); err != nil {
+		fmt.Fprintf(os.Stderr, "error starting socket server: %v", err)
+		os.Exit(1)
+	}
+	defer server.Stop()
+
+	c := make(chan os.Signal, 1)
+	signal.Notify(c, os.Interrupt, syscall.SIGTERM)
+	<-c
+	os.Exit(0)
+}
+```
+
+This is a huge blob of code, so let's break it down into pieces.
+
+First, we initialize the Badger database and create an app instance:
+
+```go
+db, err := badger.Open(badger.DefaultOptions("/tmp/badger"))
+if err != nil {
+	fmt.Fprintf(os.Stderr, "failed to open badger db: %v", err)
+	os.Exit(1)
+}
+defer db.Close()
+app := NewKVStoreApplication(db)
+```
+
+Then we start the ABCI server and add some signal handling to gracefully stop
+it upon receiving SIGTERM or Ctrl-C. Tendermint Core will act as a client,
+which connects to our server and send us transactions and other messages.
+
+```go
+server := abciserver.NewSocketServer(socketAddr, app)
+server.SetLogger(logger)
+if err := server.Start(); err != nil {
+	fmt.Fprintf(os.Stderr, "error starting socket server: %v", err)
+	os.Exit(1)
+}
+defer server.Stop()
+
+c := make(chan os.Signal, 1)
+signal.Notify(c, os.Interrupt, syscall.SIGTERM)
+<-c
+os.Exit(0)
+```
+
+## 1.5 Getting Up and Running
+
+We are going to use [Go modules](https://github.com/golang/go/wiki/Modules) for
+dependency management.
+
+```sh
+$ export GO111MODULE=on
+$ go mod init github.com/me/example
+$ go build
+```
+
+This should build the binary.
+
+To create a default configuration, nodeKey and private validator files, let's
+execute `tendermint init`. But before we do that, we will need to install
+Tendermint Core.
+
+```sh
+$ rm -rf /tmp/example
+$ cd $GOPATH/src/github.com/tendermint/tendermint
+$ make install
+$ TMHOME="/tmp/example" tendermint init
+
+I[2019-07-16|18:20:36.480] Generated private validator                  module=main keyFile=/tmp/example/config/priv_validator_key.json stateFile=/tmp/example2/data/priv_validator_state.json
+I[2019-07-16|18:20:36.481] Generated node key                           module=main path=/tmp/example/config/node_key.json
+I[2019-07-16|18:20:36.482] Generated genesis file                       module=main path=/tmp/example/config/genesis.json
+```
+
+Feel free to explore the generated files, which can be found at
+`/tmp/example/config` directory. Documentation on the config can be found
+[here](https://tendermint.com/docs/tendermint-core/configuration.html).
+
+We are ready to start our application:
+
+```sh
+$ rm example.sock
+$ ./example
+
+badger 2019/07/16 18:25:11 INFO: All 0 tables opened in 0s
+badger 2019/07/16 18:25:11 INFO: Replaying file id: 0 at offset: 0
+badger 2019/07/16 18:25:11 INFO: Replay took: 300.4s
+I[2019-07-16|18:25:11.523] Starting ABCIServer                          impl=ABCIServ
+```
+
+Then we need to start Tendermint Core and point it to our application. Staying
+within the application directory execute:
+
+```sh
+$ TMHOME="/tmp/example" tendermint node --proxy_app=unix://example.sock
+
+I[2019-07-16|18:26:20.362] Version info                                 module=main software=0.32.1 block=10 p2p=7
+I[2019-07-16|18:26:20.383] Starting Node                                module=main impl=Node
+E[2019-07-16|18:26:20.392] Couldn't connect to any seeds                module=p2p
+I[2019-07-16|18:26:20.394] Started node                                 module=main nodeInfo="{ProtocolVersion:{P2P:7 Block:10 App:0} ID_:8dab80770ae8e295d4ce905d86af78c4ff634b79 ListenAddr:tcp://0.0.0.0:26656 Network:test-chain-nIO96P Version:0.32.1 Channels:4020212223303800 Moniker:app48.fun-box.ru Other:{TxIndex:on RPCAddress:tcp://127.0.0.1:26657}}"
+I[2019-07-16|18:26:21.440] Executed block                               module=state height=1 validTxs=0 invalidTxs=0
+I[2019-07-16|18:26:21.446] Committed state                              module=state height=1 txs=0 appHash=
+```
+
+This should start the full node and connect to our ABCI application.
+
+```
+I[2019-07-16|18:25:11.525] Waiting for new connection...
+I[2019-07-16|18:26:20.329] Accepted a new connection
+I[2019-07-16|18:26:20.329] Waiting for new connection...
+I[2019-07-16|18:26:20.330] Accepted a new connection
+I[2019-07-16|18:26:20.330] Waiting for new connection...
+I[2019-07-16|18:26:20.330] Accepted a new connection
+```
+
+Now open another tab in your terminal and try sending a transaction:
+
+```sh
+$ curl -s 'localhost:26657/broadcast_tx_commit?tx="tendermint=rocks"'
+{
+  "jsonrpc": "2.0",
+  "id": "",
+  "result": {
+    "check_tx": {
+      "gasWanted": "1"
+    },
+    "deliver_tx": {},
+    "hash": "CDD3C6DFA0A08CAEDF546F9938A2EEC232209C24AA0E4201194E0AFB78A2C2BB",
+    "height": "33"
+}
+```
+
+Response should contain the height where this transaction was committed.
+
+Now let's check if the given key now exists and its value:
+
+```
+$ curl -s 'localhost:26657/abci_query?data="tendermint"'
+{
+  "jsonrpc": "2.0",
+  "id": "",
+  "result": {
+    "response": {
+      "log": "exists",
+      "key": "dGVuZGVybWludA==",
+      "value": "cm9ja3My"
+    }
+  }
+}
+```
+
+"dGVuZGVybWludA==" and "cm9ja3M=" are the base64-encoding of the ASCII of
+"tendermint" and "rocks" accordingly.
+
+## Outro
+
+I hope everything went smoothly and your first, but hopefully not the last,
+Tendermint Core application is up and running. If not, please [open an issue on
+Github](https://github.com/tendermint/tendermint/issues/new/choose). To dig
+deeper, read [the docs](https://tendermint.com/docs/).
--- a/docs/guides/java.md
+++ b/docs/guides/java.md
@@ -0,0 +1,600 @@
+# Creating an application in Java
+
+## Guide Assumptions
+
+This guide is designed for beginners who want to get started with a Tendermint
+Core application from scratch. It does not assume that you have any prior
+experience with Tendermint Core.
+
+Tendermint Core is Byzantine Fault Tolerant (BFT) middleware that takes a state
+transition machine (your application) - written in any programming language - and securely
+replicates it on many machines.
+
+By following along with this guide, you'll create a Tendermint Core project
+called kvstore, a (very) simple distributed BFT key-value store. The application (which should
+implementing the blockchain interface (ABCI)) will be written in Java.
+
+This guide assumes that you are not new to JVM world. If you are new please see [JVM Minimal Survival Guide](https://hadihariri.com/2013/12/29/jvm-minimal-survival-guide-for-the-dotnet-developer/#java-the-language-java-the-ecosystem-java-the-jvm) and [Gradle Docs](https://docs.gradle.org/current/userguide/userguide.html).
+
+## Built-in app vs external app
+
+If you use Golang, you can run your app and Tendermint Core in the same process to get maximum performance.
+[Cosmos SDK](https://github.com/cosmos/cosmos-sdk) is written this way.
+Please refer to [Writing a built-in Tendermint Core application in Go](./go-built-in.md) guide for details.
+
+If you choose another language, like we did in this guide, you have to write a separate app,
+which will communicate with Tendermint Core via a socket (UNIX or TCP) or gRPC.
+This guide will show you how to build external application using RPC server.
+
+Having a separate application might give you better security guarantees as two
+processes would be communicating via established binary protocol. Tendermint
+Core will not have access to application's state.
+
+## 1.1 Installing Java and Gradle
+
+Please refer to [the Oracle's guide for installing JDK](https://www.oracle.com/technetwork/java/javase/downloads/index.html).
+
+Verify that you have installed Java successfully:
+
+```sh
+$ java -version
+java version "12.0.2" 2019-07-16
+Java(TM) SE Runtime Environment (build 12.0.2+10)
+Java HotSpot(TM) 64-Bit Server VM (build 12.0.2+10, mixed mode, sharing)
+```
+
+You can choose any version of Java higher or equal to 8.
+This guide is written using Java SE Development Kit 12.
+
+Make sure you have `$JAVA_HOME` environment variable set:
+
+```sh
+$ echo $JAVA_HOME
+/Library/Java/JavaVirtualMachines/jdk-12.0.2.jdk/Contents/Home
+```
+
+For Gradle installation, please refer to [their official guide](https://gradle.org/install/).
+
+## 1.2 Creating a new Java project
+
+We'll start by creating a new Gradle project.
+
+```sh
+$ export KVSTORE_HOME=~/kvstore
+$ mkdir $KVSTORE_HOME
+$ cd $KVSTORE_HOME
+```
+
+Inside the example directory run:
+```sh
+gradle init --dsl groovy --package io.example --project-name example --type java-application --test-framework junit
+```
+This will create a new project for you. The tree of files should look like:
+```sh
+$ tree
+.
+|-- build.gradle
+|-- gradle
+|   `-- wrapper
+|       |-- gradle-wrapper.jar
+|       `-- gradle-wrapper.properties
+|-- gradlew
+|-- gradlew.bat
+|-- settings.gradle
+`-- src
+    |-- main
+    |   |-- java
+    |   |   `-- io
+    |   |       `-- example
+    |   |           `-- App.java
+    |   `-- resources
+    `-- test
+        |-- java
+        |   `-- io
+        |       `-- example
+        |           `-- AppTest.java
+        `-- resources
+```
+
+When run, this should print "Hello world." to the standard output.
+
+```sh
+$ ./gradlew run
+> Task :run
+Hello world.
+```
+
+## 1.3 Writing a Tendermint Core application
+
+Tendermint Core communicates with the application through the Application
+BlockChain Interface (ABCI). All message types are defined in the [protobuf
+file](https://github.com/tendermint/tendermint/blob/develop/abci/types/types.proto).
+This allows Tendermint Core to run applications written in any programming
+language.
+
+### 1.3.1 Compile .proto files
+
+Add the following piece to the top of the `build.gradle`:
+```groovy
+buildscript {
+    repositories {
+        mavenCentral()
+    }
+    dependencies {
+        classpath 'com.google.protobuf:protobuf-gradle-plugin:0.8.8'
+    }
+}
+```
+
+Enable the protobuf plugin in the `plugins` section of the `build.gradle`:
+```groovy
+plugins {
+    id 'com.google.protobuf' version '0.8.8'
+}
+```
+
+Add the following code to `build.gradle`:
+```groovy
+protobuf {
+    protoc {
+        artifact = "com.google.protobuf:protoc:3.7.1"
+    }
+    plugins {
+        grpc {
+            artifact = 'io.grpc:protoc-gen-grpc-java:1.22.1'
+        }
+    }
+    generateProtoTasks {
+        all()*.plugins {
+            grpc {}
+        }
+    }
+}
+```
+
+Now we should be ready to compile the `*.proto` files.
+
+
+Copy the necessary `.proto` files to your project:
+```sh
+mkdir -p \
+  $KVSTORE_HOME/src/main/proto/github.com/tendermint/tendermint/abci/types \
+  $KVSTORE_HOME/src/main/proto/github.com/tendermint/tendermint/crypto/merkle \
+  $KVSTORE_HOME/src/main/proto/github.com/tendermint/tendermint/libs/common \
+  $KVSTORE_HOME/src/main/proto/github.com/gogo/protobuf/gogoproto
+
+cp $GOPATH/src/github.com/tendermint/tendermint/abci/types/types.proto \
+   $KVSTORE_HOME/src/main/proto/github.com/tendermint/tendermint/abci/types/types.proto
+cp $GOPATH/src/github.com/tendermint/tendermint/crypto/merkle/merkle.proto \
+   $KVSTORE_HOME/src/main/proto/github.com/tendermint/tendermint/crypto/merkle/merkle.proto
+cp $GOPATH/src/github.com/tendermint/tendermint/libs/common/types.proto \
+   $KVSTORE_HOME/src/main/proto/github.com/tendermint/tendermint/libs/common/types.proto
+cp $GOPATH/src/github.com/gogo/protobuf/gogoproto/gogo.proto \
+   $KVSTORE_HOME/src/main/proto/github.com/gogo/protobuf/gogoproto/gogo.proto
+```
+
+Add these dependencies to `build.gradle`:
+```groovy
+dependencies {
+    implementation 'io.grpc:grpc-protobuf:1.22.1'
+    implementation 'io.grpc:grpc-netty-shaded:1.22.1'
+    implementation 'io.grpc:grpc-stub:1.22.1'
+}
+```
+
+To generate all protobuf-type classes run:
+```sh
+./gradlew generateProto
+```
+To verify that everything went smoothly, you can inspect the `build/generated/` directory:
+```sh
+$ tree build/generated/
+build/generated/
+|-- source
+|   `-- proto
+|       `-- main
+|           |-- grpc
+|           |   `-- types
+|           |       `-- ABCIApplicationGrpc.java
+|           `-- java
+|               |-- com
+|               |   `-- google
+|               |       `-- protobuf
+|               |           `-- GoGoProtos.java
+|               |-- common
+|               |   `-- Types.java
+|               |-- merkle
+|               |   `-- Merkle.java
+|               `-- types
+|                   `-- Types.java
+```
+
+### 1.3.2 Implementing ABCI
+
+The resulting `$KVSTORE_HOME/build/generated/source/proto/main/grpc/types/ABCIApplicationGrpc.java` file
+contains the abstract class `ABCIApplicationImplBase`, which is an interface we'll need to implement.
+
+Create `$KVSTORE_HOME/src/main/java/io/example/KVStoreApp.java` file with the following content:
+```java
+package io.example;
+
+import io.grpc.stub.StreamObserver;
+import types.ABCIApplicationGrpc;
+import types.Types.*;
+
+class KVStoreApp extends ABCIApplicationGrpc.ABCIApplicationImplBase {
+    
+    // methods implementation
+
+}
+```
+
+Now I will go through each method of `ABCIApplicationImplBase` explaining when it's called and adding
+required business logic.
+
+### 1.3.3 CheckTx
+
+When a new transaction is added to the Tendermint Core, it will ask the
+application to check it (validate the format, signatures, etc.).
+
+```java
+@Override
+public void checkTx(RequestCheckTx req, StreamObserver<ResponseCheckTx> responseObserver) {
+    var tx = req.getTx();
+    int code = validate(tx);
+    var resp = ResponseCheckTx.newBuilder()
+            .setCode(code)
+            .setGasWanted(1)
+            .build();
+    responseObserver.onNext(resp);
+    responseObserver.onCompleted();
+}
+
+private int validate(ByteString tx) {
+    List<byte[]> parts = split(tx, '=');
+    if (parts.size() != 2) {
+        return 1;
+    }
+    byte[] key = parts.get(0);
+    byte[] value = parts.get(1);
+
+    // check if the same key=value already exists
+    var stored = getPersistedValue(key);
+    if (stored != null && Arrays.equals(stored, value)) {
+        return 2;
+    }
+
+    return 0;
+}
+
+private List<byte[]> split(ByteString tx, char separator) {
+    var arr = tx.toByteArray();
+    int i;
+    for (i = 0; i < tx.size(); i++) {
+        if (arr[i] == (byte)separator) {
+            break;
+        }
+    }
+    if (i == tx.size()) {
+        return Collections.emptyList();
+    }
+    return List.of(
+            tx.substring(0, i).toByteArray(),
+            tx.substring(i + 1).toByteArray()
+    );
+}
+```
+
+Don't worry if this does not compile yet.
+
+If the transaction does not have a form of `{bytes}={bytes}`, we return `1`
+code. When the same key=value already exist (same key and value), we return `2`
+code. For others, we return a zero code indicating that they are valid.
+
+Note that anything with non-zero code will be considered invalid (`-1`, `100`,
+etc.) by Tendermint Core.
+
+Valid transactions will eventually be committed given they are not too big and
+have enough gas. To learn more about gas, check out ["the
+specification"](https://tendermint.com/docs/spec/abci/apps.html#gas).
+
+For the underlying key-value store we'll use
+[JetBrains Xodus](https://github.com/JetBrains/xodus), which is a transactional schema-less embedded high-performance database written in Java.
+
+`build.gradle`:
+```groovy
+dependencies {
+    implementation 'org.jetbrains.xodus:xodus-environment:1.3.91'
+}
+```
+
+```java
+...
+import jetbrains.exodus.ArrayByteIterable;
+import jetbrains.exodus.ByteIterable;
+import jetbrains.exodus.env.Environment;
+import jetbrains.exodus.env.Store;
+import jetbrains.exodus.env.StoreConfig;
+import jetbrains.exodus.env.Transaction;
+
+class KVStoreApp extends ABCIApplicationGrpc.ABCIApplicationImplBase {
+    private Environment env;
+    private Transaction txn = null;
+    private Store store = null;
+
+    KVStoreApp(Environment env) {
+        this.env = env;
+    }
+
+    ...
+
+    private byte[] getPersistedValue(byte[] k) {
+        return env.computeInReadonlyTransaction(txn -> {
+            var store = env.openStore("store", StoreConfig.WITHOUT_DUPLICATES, txn);
+            ByteIterable byteIterable = store.get(txn, new ArrayByteIterable(k));
+            if (byteIterable == null) {
+                return null;
+            }
+            return byteIterable.getBytesUnsafe();
+        });
+    }
+}
+```
+
+### 1.3.4 BeginBlock -> DeliverTx -> EndBlock -> Commit
+
+When Tendermint Core has decided on the block, it's transferred to the
+application in 3 parts: `BeginBlock`, one `DeliverTx` per transaction and
+`EndBlock` in the end. `DeliverTx` are being transferred  asynchronously, but the
+responses are expected to come in order.
+
+```java
+@Override
+public void beginBlock(RequestBeginBlock req, StreamObserver<ResponseBeginBlock> responseObserver) {
+    txn = env.beginTransaction();
+    store = env.openStore("store", StoreConfig.WITHOUT_DUPLICATES, txn);
+    var resp = ResponseBeginBlock.newBuilder().build();
+    responseObserver.onNext(resp);
+    responseObserver.onCompleted();
+}
+```
+Here we begin a new transaction, which will accumulate the block's transactions and open the corresponding store.
+
+```java
+@Override
+public void deliverTx(RequestDeliverTx req, StreamObserver<ResponseDeliverTx> responseObserver) {
+    var tx = req.getTx();
+    int code = validate(tx);
+    if (code == 0) {
+        List<byte[]> parts = split(tx, '=');
+        var key = new ArrayByteIterable(parts.get(0));
+        var value = new ArrayByteIterable(parts.get(1));
+        store.put(txn, key, value);
+    }
+    var resp = ResponseDeliverTx.newBuilder()
+            .setCode(code)
+            .build();
+    responseObserver.onNext(resp);
+    responseObserver.onCompleted();
+}
+```
+
+If the transaction is badly formatted or the same key=value already exist, we
+again return the non-zero code. Otherwise, we add it to the store.
+
+In the current design, a block can include incorrect transactions (those who
+passed `CheckTx`, but failed `DeliverTx` or transactions included by the proposer
+directly). This is done for performance reasons.
+
+Note we can't commit transactions inside the `DeliverTx` because in such case
+`Query`, which may be called in parallel, will return inconsistent data (i.e.
+it will report that some value already exist even when the actual block was not
+yet committed).
+
+`Commit` instructs the application to persist the new state.
+
+```java
+@Override
+public void commit(RequestCommit req, StreamObserver<ResponseCommit> responseObserver) {
+    txn.commit();
+    var resp = ResponseCommit.newBuilder()
+            .setData(ByteString.copyFrom(new byte[8]))
+            .build();
+    responseObserver.onNext(resp);
+    responseObserver.onCompleted();
+}
+```
+
+### 1.3.5 Query
+
+Now, when the client wants to know whenever a particular key/value exist, it
+will call Tendermint Core RPC `/abci_query` endpoint, which in turn will call
+the application's `Query` method.
+
+Applications are free to provide their own APIs. But by using Tendermint Core
+as a proxy, clients (including [light client
+package](https://godoc.org/github.com/tendermint/tendermint/lite)) can leverage
+the unified API across different applications. Plus they won't have to call the
+otherwise separate Tendermint Core API for additional proofs.
+
+Note we don't include a proof here.
+
+```java
+@Override
+public void query(RequestQuery req, StreamObserver<ResponseQuery> responseObserver) {
+    var k = req.getData().toByteArray();
+    var v = getPersistedValue(k);
+    var builder = ResponseQuery.newBuilder();
+    if (v == null) {
+        builder.setLog("does not exist");
+    } else {
+        builder.setLog("exists");
+        builder.setKey(ByteString.copyFrom(k));
+        builder.setValue(ByteString.copyFrom(v));
+    }
+    responseObserver.onNext(builder.build());
+    responseObserver.onCompleted();
+}
+```
+
+The complete specification can be found
+[here](https://tendermint.com/docs/spec/abci/).
+
+## 1.4 Starting an application and a Tendermint Core instances
+
+Put the following code into the `$KVSTORE_HOME/src/main/java/io/example/App.java` file:
+
+```java
+package io.example;
+
+import jetbrains.exodus.env.Environment;
+import jetbrains.exodus.env.Environments;
+
+import java.io.IOException;
+
+public class App {
+    public static void main(String[] args) throws IOException, InterruptedException {
+        try (Environment env = Environments.newInstance("tmp/storage")) {
+            var app = new KVStoreApp(env);
+            var server = new GrpcServer(app, 26658);
+            server.start();
+            server.blockUntilShutdown();
+        }
+    }
+}
+```
+
+It is the entry point of the application.
+Here we create a special object `Environment`, which knows where to store the application state.
+Then we create and start the gRPC server to handle Tendermint Core requests.
+
+Create the `$KVSTORE_HOME/src/main/java/io/example/GrpcServer.java` file with the following content:
+```java
+package io.example;
+
+import io.grpc.BindableService;
+import io.grpc.Server;
+import io.grpc.ServerBuilder;
+
+import java.io.IOException;
+
+class GrpcServer {
+    private Server server;
+
+    GrpcServer(BindableService service, int port) {
+        this.server = ServerBuilder.forPort(port)
+                .addService(service)
+                .build();
+    }
+
+    void start() throws IOException {
+        server.start();
+        System.out.println("gRPC server started, listening on $port");
+        Runtime.getRuntime().addShutdownHook(new Thread(() -> {
+            System.out.println("shutting down gRPC server since JVM is shutting down");
+            GrpcServer.this.stop();
+            System.out.println("server shut down");
+        }));
+    }
+
+    private void stop() {
+        server.shutdown();
+    }
+
+    /**
+     * Await termination on the main thread since the grpc library uses daemon threads.
+     */
+    void blockUntilShutdown() throws InterruptedException {
+        server.awaitTermination();
+    }
+}
+```
+
+## 1.5 Getting Up and Running
+
+To create a default configuration, nodeKey and private validator files, let's
+execute `tendermint init`. But before we do that, we will need to install
+Tendermint Core.
+
+```sh
+$ rm -rf /tmp/example
+$ cd $GOPATH/src/github.com/tendermint/tendermint
+$ make install
+$ TMHOME="/tmp/example" tendermint init
+
+I[2019-07-16|18:20:36.480] Generated private validator                  module=main keyFile=/tmp/example/config/priv_validator_key.json stateFile=/tmp/example2/data/priv_validator_state.json
+I[2019-07-16|18:20:36.481] Generated node key                           module=main path=/tmp/example/config/node_key.json
+I[2019-07-16|18:20:36.482] Generated genesis file                       module=main path=/tmp/example/config/genesis.json
+```
+
+Feel free to explore the generated files, which can be found at
+`/tmp/example/config` directory. Documentation on the config can be found
+[here](https://tendermint.com/docs/tendermint-core/configuration.html).
+
+We are ready to start our application:
+
+```sh
+./gradlew run
+
+gRPC server started, listening on 26658
+```
+
+Then we need to start Tendermint Core and point it to our application. Staying
+within the application directory execute:
+
+```sh
+$ TMHOME="/tmp/example" tendermint node --abci grpc --proxy_app tcp://127.0.0.1:26658
+
+I[2019-07-28|15:44:53.632] Version info                                 module=main software=0.32.1 block=10 p2p=7
+I[2019-07-28|15:44:53.677] Starting Node                                module=main impl=Node
+I[2019-07-28|15:44:53.681] Started node                                 module=main nodeInfo="{ProtocolVersion:{P2P:7 Block:10 App:0} ID_:7639e2841ccd47d5ae0f5aad3011b14049d3f452 ListenAddr:tcp://0.0.0.0:26656 Network:test-chain-Nhl3zk Version:0.32.1 Channels:4020212223303800 Moniker:Ivans-MacBook-Pro.local Other:{TxIndex:on RPCAddress:tcp://127.0.0.1:26657}}"
+I[2019-07-28|15:44:54.801] Executed block                               module=state height=8 validTxs=0 invalidTxs=0
+I[2019-07-28|15:44:54.814] Committed state                              module=state height=8 txs=0 appHash=0000000000000000
+```
+
+Now open another tab in your terminal and try sending a transaction:
+
+```sh
+$ curl -s 'localhost:26657/broadcast_tx_commit?tx="tendermint=rocks"'
+{
+  "jsonrpc": "2.0",
+  "id": "",
+  "result": {
+    "check_tx": {
+      "gasWanted": "1"
+    },
+    "deliver_tx": {},
+    "hash": "CDD3C6DFA0A08CAEDF546F9938A2EEC232209C24AA0E4201194E0AFB78A2C2BB",
+    "height": "33"
+}
+```
+
+Response should contain the height where this transaction was committed.
+
+Now let's check if the given key now exists and its value:
+
+```sh
+$ curl -s 'localhost:26657/abci_query?data="tendermint"'
+{
+  "jsonrpc": "2.0",
+  "id": "",
+  "result": {
+    "response": {
+      "log": "exists",
+      "key": "dGVuZGVybWludA==",
+      "value": "cm9ja3My"
+    }
+  }
+}
+```
+
+`dGVuZGVybWludA==` and `cm9ja3M=` are the base64-encoding of the ASCII of `tendermint` and `rocks` accordingly.
+
+## Outro
+
+I hope everything went smoothly and your first, but hopefully not the last,
+Tendermint Core application is up and running. If not, please [open an issue on
+Github](https://github.com/tendermint/tendermint/issues/new/choose). To dig
+deeper, read [the docs](https://tendermint.com/docs/).
+
+The full source code of this example project can be found [here](https://github.com/climber73/tendermint-abci-grpc-java).
--- a/docs/guides/kotlin.md
+++ b/docs/guides/kotlin.md
@@ -0,0 +1,574 @@
+# Creating an application in Kotlin
+
+## Guide Assumptions
+
+This guide is designed for beginners who want to get started with a Tendermint
+Core application from scratch. It does not assume that you have any prior
+experience with Tendermint Core.
+
+Tendermint Core is Byzantine Fault Tolerant (BFT) middleware that takes a state
+transition machine (your application) - written in any programming language - and securely
+replicates it on many machines.
+
+By following along with this guide, you'll create a Tendermint Core project
+called kvstore, a (very) simple distributed BFT key-value store. The application (which should
+implementing the blockchain interface (ABCI)) will be written in Kotlin.
+
+This guide assumes that you are not new to JVM world. If you are new please see [JVM Minimal Survival Guide](https://hadihariri.com/2013/12/29/jvm-minimal-survival-guide-for-the-dotnet-developer/#java-the-language-java-the-ecosystem-java-the-jvm) and [Gradle Docs](https://docs.gradle.org/current/userguide/userguide.html).
+
+## Built-in app vs external app
+
+If you use Golang, you can run your app and Tendermint Core in the same process to get maximum performance.
+[Cosmos SDK](https://github.com/cosmos/cosmos-sdk) is written this way.
+Please refer to [Writing a built-in Tendermint Core application in Go](./go-built-in.md) guide for details.
+
+If you choose another language, like we did in this guide, you have to write a separate app,
+which will communicate with Tendermint Core via a socket (UNIX or TCP) or gRPC.
+This guide will show you how to build external application using RPC server.
+
+Having a separate application might give you better security guarantees as two
+processes would be communicating via established binary protocol. Tendermint
+Core will not have access to application's state.
+
+## 1.1 Installing Java and Gradle
+
+Please refer to [the Oracle's guide for installing JDK](https://www.oracle.com/technetwork/java/javase/downloads/index.html).
+
+Verify that you have installed Java successfully:
+
+```sh
+$ java -version
+java version "1.8.0_162"
+Java(TM) SE Runtime Environment (build 1.8.0_162-b12)
+Java HotSpot(TM) 64-Bit Server VM (build 25.162-b12, mixed mode)
+```
+
+You can choose any version of Java higher or equal to 8.
+In my case it is Java SE Development Kit 8.
+
+Make sure you have `$JAVA_HOME` environment variable set:
+
+```sh
+$ echo $JAVA_HOME
+/Library/Java/JavaVirtualMachines/jdk1.8.0_162.jdk/Contents/Home
+```
+
+For Gradle installation, please refer to [their official guide](https://gradle.org/install/).
+
+## 1.2 Creating a new Kotlin project
+
+We'll start by creating a new Gradle project.
+
+```sh
+$ export KVSTORE_HOME=~/kvstore
+$ mkdir $KVSTORE_HOME
+$ cd $KVSTORE_HOME
+```
+
+Inside the example directory run:
+```sh
+gradle init --dsl groovy --package io.example --project-name example --type kotlin-application
+```
+This will create a new project for you. The tree of files should look like:
+```sh
+$ tree
+.
+|-- build.gradle
+|-- gradle
+|   `-- wrapper
+|       |-- gradle-wrapper.jar
+|       `-- gradle-wrapper.properties
+|-- gradlew
+|-- gradlew.bat
+|-- settings.gradle
+`-- src
+    |-- main
+    |   |-- kotlin
+    |   |   `-- io
+    |   |       `-- example
+    |   |           `-- App.kt
+    |   `-- resources
+    `-- test
+        |-- kotlin
+        |   `-- io
+        |       `-- example
+        |           `-- AppTest.kt
+        `-- resources
+```
+
+When run, this should print "Hello world." to the standard output.
+
+```sh
+$ ./gradlew run
+> Task :run
+Hello world.
+```
+
+## 1.3 Writing a Tendermint Core application
+
+Tendermint Core communicates with the application through the Application
+BlockChain Interface (ABCI). All message types are defined in the [protobuf
+file](https://github.com/tendermint/tendermint/blob/develop/abci/types/types.proto).
+This allows Tendermint Core to run applications written in any programming
+language.
+
+### 1.3.1 Compile .proto files
+
+Add the following piece to the top of the `build.gradle`:
+```groovy
+buildscript {
+    repositories {
+        mavenCentral()
+    }
+    dependencies {
+        classpath 'com.google.protobuf:protobuf-gradle-plugin:0.8.8'
+    }
+}
+```
+
+Enable the protobuf plugin in the `plugins` section of the `build.gradle`:
+```groovy
+plugins {
+    id 'com.google.protobuf' version '0.8.8'
+}
+```
+
+Add the following code to `build.gradle`:
+```groovy
+protobuf {
+    protoc {
+        artifact = "com.google.protobuf:protoc:3.7.1"
+    }
+    plugins {
+        grpc {
+            artifact = 'io.grpc:protoc-gen-grpc-java:1.22.1'
+        }
+    }
+    generateProtoTasks {
+        all()*.plugins {
+            grpc {}
+        }
+    }
+}
+```
+
+Now we should be ready to compile the `*.proto` files.
+
+
+Copy the necessary `.proto` files to your project:
+```sh
+mkdir -p \
+  $KVSTORE_HOME/src/main/proto/github.com/tendermint/tendermint/abci/types \
+  $KVSTORE_HOME/src/main/proto/github.com/tendermint/tendermint/crypto/merkle \
+  $KVSTORE_HOME/src/main/proto/github.com/tendermint/tendermint/libs/common \
+  $KVSTORE_HOME/src/main/proto/github.com/gogo/protobuf/gogoproto
+
+cp $GOPATH/src/github.com/tendermint/tendermint/abci/types/types.proto \
+   $KVSTORE_HOME/src/main/proto/github.com/tendermint/tendermint/abci/types/types.proto
+cp $GOPATH/src/github.com/tendermint/tendermint/crypto/merkle/merkle.proto \
+   $KVSTORE_HOME/src/main/proto/github.com/tendermint/tendermint/crypto/merkle/merkle.proto
+cp $GOPATH/src/github.com/tendermint/tendermint/libs/common/types.proto \
+   $KVSTORE_HOME/src/main/proto/github.com/tendermint/tendermint/libs/common/types.proto
+cp $GOPATH/src/github.com/gogo/protobuf/gogoproto/gogo.proto \
+   $KVSTORE_HOME/src/main/proto/github.com/gogo/protobuf/gogoproto/gogo.proto
+```
+
+Add these dependencies to `build.gradle`:
+```groovy
+dependencies {
+    implementation 'io.grpc:grpc-protobuf:1.22.1'
+    implementation 'io.grpc:grpc-netty-shaded:1.22.1'
+    implementation 'io.grpc:grpc-stub:1.22.1'
+}
+```
+
+To generate all protobuf-type classes run:
+```sh
+./gradlew generateProto
+```
+To verify that everything went smoothly, you can inspect the `build/generated/` directory:
+```sh
+$ tree build/generated/
+build/generated/
+`-- source
+    `-- proto
+        `-- main
+            |-- grpc
+            |   `-- types
+            |       `-- ABCIApplicationGrpc.java
+            `-- java
+                |-- com
+                |   `-- google
+                |       `-- protobuf
+                |           `-- GoGoProtos.java
+                |-- common
+                |   `-- Types.java
+                |-- merkle
+                |   `-- Merkle.java
+                `-- types
+                    `-- Types.java
+```
+
+### 1.3.2 Implementing ABCI
+
+The resulting `$KVSTORE_HOME/build/generated/source/proto/main/grpc/types/ABCIApplicationGrpc.java` file
+contains the abstract class `ABCIApplicationImplBase`, which is an interface we'll need to implement.
+
+Create `$KVSTORE_HOME/src/main/kotlin/io/example/KVStoreApp.kt` file with the following content:
+```kotlin
+package io.example
+
+import io.grpc.stub.StreamObserver
+import types.ABCIApplicationGrpc
+import types.Types.*
+
+class KVStoreApp : ABCIApplicationGrpc.ABCIApplicationImplBase() {
+    
+    // methods implementation
+
+}
+```
+
+Now I will go through each method of `ABCIApplicationImplBase` explaining when it's called and adding
+required business logic.
+
+### 1.3.3 CheckTx
+
+When a new transaction is added to the Tendermint Core, it will ask the
+application to check it (validate the format, signatures, etc.).
+
+```kotlin
+override fun checkTx(req: RequestCheckTx, responseObserver: StreamObserver<ResponseCheckTx>) {
+    val code = req.tx.validate()
+    val resp = ResponseCheckTx.newBuilder()
+            .setCode(code)
+            .setGasWanted(1)
+            .build()
+    responseObserver.onNext(resp)
+    responseObserver.onCompleted()
+}
+
+private fun ByteString.validate(): Int {
+    val parts = this.split('=')
+    if (parts.size != 2) {
+        return 1
+    }
+    val key = parts[0]
+    val value = parts[1]
+
+    // check if the same key=value already exists
+    val stored = getPersistedValue(key)
+    if (stored != null && stored.contentEquals(value)) {
+        return 2
+    }
+
+    return 0
+}
+
+private fun ByteString.split(separator: Char): List<ByteArray> {
+    val arr = this.toByteArray()
+    val i = (0 until this.size()).firstOrNull { arr[it] == separator.toByte() }
+            ?: return emptyList()
+    return listOf(
+            this.substring(0, i).toByteArray(),
+            this.substring(i + 1).toByteArray()
+    )
+}
+```
+
+Don't worry if this does not compile yet.
+
+If the transaction does not have a form of `{bytes}={bytes}`, we return `1`
+code. When the same key=value already exist (same key and value), we return `2`
+code. For others, we return a zero code indicating that they are valid.
+
+Note that anything with non-zero code will be considered invalid (`-1`, `100`,
+etc.) by Tendermint Core.
+
+Valid transactions will eventually be committed given they are not too big and
+have enough gas. To learn more about gas, check out ["the
+specification"](https://tendermint.com/docs/spec/abci/apps.html#gas).
+
+For the underlying key-value store we'll use
+[JetBrains Xodus](https://github.com/JetBrains/xodus), which is a transactional schema-less embedded high-performance database written in Java.
+
+`build.gradle`:
+```groovy
+dependencies {
+    implementation 'org.jetbrains.xodus:xodus-environment:1.3.91'
+}
+```
+
+```kotlin
+...
+import jetbrains.exodus.ArrayByteIterable
+import jetbrains.exodus.env.Environment
+import jetbrains.exodus.env.Store
+import jetbrains.exodus.env.StoreConfig
+import jetbrains.exodus.env.Transaction
+
+class KVStoreApp(
+    private val env: Environment
+) : ABCIApplicationGrpc.ABCIApplicationImplBase() {
+
+    private var txn: Transaction? = null
+    private var store: Store? = null
+
+    ...
+
+    private fun getPersistedValue(k: ByteArray): ByteArray? {
+        return env.computeInReadonlyTransaction { txn ->
+            val store = env.openStore("store", StoreConfig.WITHOUT_DUPLICATES, txn)
+            store.get(txn, ArrayByteIterable(k))?.bytesUnsafe
+        }
+    }
+}
+```
+
+### 1.3.4 BeginBlock -> DeliverTx -> EndBlock -> Commit
+
+When Tendermint Core has decided on the block, it's transferred to the
+application in 3 parts: `BeginBlock`, one `DeliverTx` per transaction and
+`EndBlock` in the end. `DeliverTx` are being transferred  asynchronously, but the
+responses are expected to come in order.
+
+```kotlin
+override fun beginBlock(req: RequestBeginBlock, responseObserver: StreamObserver<ResponseBeginBlock>) {
+    txn = env.beginTransaction()
+    store = env.openStore("store", StoreConfig.WITHOUT_DUPLICATES, txn!!)
+    val resp = ResponseBeginBlock.newBuilder().build()
+    responseObserver.onNext(resp)
+    responseObserver.onCompleted()
+}
+```
+Here we begin a new transaction, which will accumulate the block's transactions and open the corresponding store.
+
+```kotlin
+override fun deliverTx(req: RequestDeliverTx, responseObserver: StreamObserver<ResponseDeliverTx>) {
+    val code = req.tx.validate()
+    if (code == 0) {
+        val parts = req.tx.split('=')
+        val key = ArrayByteIterable(parts[0])
+        val value = ArrayByteIterable(parts[1])
+        store!!.put(txn!!, key, value)
+    }
+    val resp = ResponseDeliverTx.newBuilder()
+            .setCode(code)
+            .build()
+    responseObserver.onNext(resp)
+    responseObserver.onCompleted()
+}
+```
+
+If the transaction is badly formatted or the same key=value already exist, we
+again return the non-zero code. Otherwise, we add it to the store.
+
+In the current design, a block can include incorrect transactions (those who
+passed `CheckTx`, but failed `DeliverTx` or transactions included by the proposer
+directly). This is done for performance reasons.
+
+Note we can't commit transactions inside the `DeliverTx` because in such case
+`Query`, which may be called in parallel, will return inconsistent data (i.e.
+it will report that some value already exist even when the actual block was not
+yet committed).
+
+`Commit` instructs the application to persist the new state.
+
+```kotlin
+override fun commit(req: RequestCommit, responseObserver: StreamObserver<ResponseCommit>) {
+    txn!!.commit()
+    val resp = ResponseCommit.newBuilder()
+            .setData(ByteString.copyFrom(ByteArray(8)))
+            .build()
+    responseObserver.onNext(resp)
+    responseObserver.onCompleted()
+}
+```
+
+### 1.3.5 Query
+
+Now, when the client wants to know whenever a particular key/value exist, it
+will call Tendermint Core RPC `/abci_query` endpoint, which in turn will call
+the application's `Query` method.
+
+Applications are free to provide their own APIs. But by using Tendermint Core
+as a proxy, clients (including [light client
+package](https://godoc.org/github.com/tendermint/tendermint/lite)) can leverage
+the unified API across different applications. Plus they won't have to call the
+otherwise separate Tendermint Core API for additional proofs.
+
+Note we don't include a proof here.
+
+```kotlin
+override fun query(req: RequestQuery, responseObserver: StreamObserver<ResponseQuery>) {
+    val k = req.data.toByteArray()
+    val v = getPersistedValue(k)
+    val builder = ResponseQuery.newBuilder()
+    if (v == null) {
+        builder.log = "does not exist"
+    } else {
+        builder.log = "exists"
+        builder.key = ByteString.copyFrom(k)
+        builder.value = ByteString.copyFrom(v)
+    }
+    responseObserver.onNext(builder.build())
+    responseObserver.onCompleted()
+}
+```
+
+The complete specification can be found
+[here](https://tendermint.com/docs/spec/abci/).
+
+## 1.4 Starting an application and a Tendermint Core instances
+
+Put the following code into the `$KVSTORE_HOME/src/main/kotlin/io/example/App.kt` file:
+
+```kotlin
+package io.example
+
+import jetbrains.exodus.env.Environments
+
+fun main() {
+    Environments.newInstance("tmp/storage").use { env ->
+        val app = KVStoreApp(env)
+        val server = GrpcServer(app, 26658)
+        server.start()
+        server.blockUntilShutdown()
+    }
+}
+```
+
+It is the entry point of the application.
+Here we create a special object `Environment`, which knows where to store the application state.
+Then we create and start the gRPC server to handle Tendermint Core requests.
+
+Create `$KVSTORE_HOME/src/main/kotlin/io/example/GrpcServer.kt` file with the following content:
+```kotlin
+package io.example
+
+import io.grpc.BindableService
+import io.grpc.ServerBuilder
+
+class GrpcServer(
+        private val service: BindableService,
+        private val port: Int
+) {
+    private val server = ServerBuilder
+            .forPort(port)
+            .addService(service)
+            .build()
+
+    fun start() {
+        server.start()
+        println("gRPC server started, listening on $port")
+        Runtime.getRuntime().addShutdownHook(object : Thread() {
+            override fun run() {
+                println("shutting down gRPC server since JVM is shutting down")
+                this@GrpcServer.stop()
+                println("server shut down")
+            }
+        })
+    }
+
+    fun stop() {
+        server.shutdown()
+    }
+
+    /**
+     * Await termination on the main thread since the grpc library uses daemon threads.
+     */
+    fun blockUntilShutdown() {
+        server.awaitTermination()
+    }
+
+}
+```
+
+## 1.5 Getting Up and Running
+
+To create a default configuration, nodeKey and private validator files, let's
+execute `tendermint init`. But before we do that, we will need to install
+Tendermint Core.
+
+```sh
+$ rm -rf /tmp/example
+$ cd $GOPATH/src/github.com/tendermint/tendermint
+$ make install
+$ TMHOME="/tmp/example" tendermint init
+
+I[2019-07-16|18:20:36.480] Generated private validator                  module=main keyFile=/tmp/example/config/priv_validator_key.json stateFile=/tmp/example2/data/priv_validator_state.json
+I[2019-07-16|18:20:36.481] Generated node key                           module=main path=/tmp/example/config/node_key.json
+I[2019-07-16|18:20:36.482] Generated genesis file                       module=main path=/tmp/example/config/genesis.json
+```
+
+Feel free to explore the generated files, which can be found at
+`/tmp/example/config` directory. Documentation on the config can be found
+[here](https://tendermint.com/docs/tendermint-core/configuration.html).
+
+We are ready to start our application:
+
+```sh
+./gradlew run
+
+gRPC server started, listening on 26658
+```
+
+Then we need to start Tendermint Core and point it to our application. Staying
+within the application directory execute:
+
+```sh
+$ TMHOME="/tmp/example" tendermint node --abci grpc --proxy_app tcp://127.0.0.1:26658
+
+I[2019-07-28|15:44:53.632] Version info                                 module=main software=0.32.1 block=10 p2p=7
+I[2019-07-28|15:44:53.677] Starting Node                                module=main impl=Node
+I[2019-07-28|15:44:53.681] Started node                                 module=main nodeInfo="{ProtocolVersion:{P2P:7 Block:10 App:0} ID_:7639e2841ccd47d5ae0f5aad3011b14049d3f452 ListenAddr:tcp://0.0.0.0:26656 Network:test-chain-Nhl3zk Version:0.32.1 Channels:4020212223303800 Moniker:Ivans-MacBook-Pro.local Other:{TxIndex:on RPCAddress:tcp://127.0.0.1:26657}}"
+I[2019-07-28|15:44:54.801] Executed block                               module=state height=8 validTxs=0 invalidTxs=0
+I[2019-07-28|15:44:54.814] Committed state                              module=state height=8 txs=0 appHash=0000000000000000
+```
+
+Now open another tab in your terminal and try sending a transaction:
+
+```sh
+$ curl -s 'localhost:26657/broadcast_tx_commit?tx="tendermint=rocks"'
+{
+  "jsonrpc": "2.0",
+  "id": "",
+  "result": {
+    "check_tx": {
+      "gasWanted": "1"
+    },
+    "deliver_tx": {},
+    "hash": "CDD3C6DFA0A08CAEDF546F9938A2EEC232209C24AA0E4201194E0AFB78A2C2BB",
+    "height": "33"
+}
+```
+
+Response should contain the height where this transaction was committed.
+
+Now let's check if the given key now exists and its value:
+
+```sh
+$ curl -s 'localhost:26657/abci_query?data="tendermint"'
+{
+  "jsonrpc": "2.0",
+  "id": "",
+  "result": {
+    "response": {
+      "log": "exists",
+      "key": "dGVuZGVybWludA==",
+      "value": "cm9ja3My"
+    }
+  }
+}
+```
+
+`dGVuZGVybWludA==` and `cm9ja3M=` are the base64-encoding of the ASCII of `tendermint` and `rocks` accordingly.
+
+## Outro
+
+I hope everything went smoothly and your first, but hopefully not the last,
+Tendermint Core application is up and running. If not, please [open an issue on
+Github](https://github.com/tendermint/tendermint/issues/new/choose). To dig
+deeper, read [the docs](https://tendermint.com/docs/).
+
+The full source code of this example project can be found [here](https://github.com/climber73/tendermint-abci-grpc-kotlin).
--- a/docs/introduction/install.md
+++ b/docs/introduction/install.md
@@ -1,9 +1,9 @@
 # Install Tendermint

 The fastest and easiest way to install the `tendermint` binary
-is to run [this script](https://github.com/tendermint/tendermint/blob/develop/scripts/install/install_tendermint_ubuntu.sh) on
+is to run [this script](https://github.com/tendermint/tendermint/blob/master/scripts/install/install_tendermint_ubuntu.sh) on
 a fresh Ubuntu instance,
-or [this script](https://github.com/tendermint/tendermint/blob/develop/scripts/install/install_tendermint_bsd.sh)
+or [this script](https://github.com/tendermint/tendermint/blob/master/scripts/install/install_tendermint_bsd.sh)
 on a fresh FreeBSD instance. Read the comments / instructions carefully (i.e., reset your terminal after running the script,
 make sure you are okay with the network connections being made).

--- a/docs/introduction/introduction.md
+++ b/docs/introduction/introduction.md
@@ -122,7 +122,7 @@ consensus engine, and provides a particular application state.
 ## ABCI Overview

 The [Application BlockChain Interface
-(ABCI)](https://github.com/tendermint/tendermint/tree/develop/abci)
+(ABCI)](https://github.com/tendermint/tendermint/tree/master/abci)
 allows for Byzantine Fault Tolerant replication of applications
 written in any programming language.

@@ -190,7 +190,7 @@ core to the application. The application replies with corresponding
 response messages.

 The messages are specified here: [ABCI Message
-Types](https://github.com/tendermint/tendermint/blob/develop/abci/README.md#message-types).
+Types](https://github.com/tendermint/tendermint/blob/master/abci/README.md#message-types).

 The **DeliverTx** message is the work horse of the application. Each
 transaction in the blockchain is delivered with this message. The
--- a/docs/introduction/what-is-tendermint.md
+++ b/docs/introduction/what-is-tendermint.md
@@ -116,7 +116,7 @@ consensus engine, and provides a particular application state.
 ## ABCI Overview

 The [Application BlockChain Interface
-(ABCI)](https://github.com/tendermint/tendermint/tree/develop/abci)
+(ABCI)](https://github.com/tendermint/tendermint/tree/master/abci)
 allows for Byzantine Fault Tolerant replication of applications
 written in any programming language.

@@ -184,7 +184,7 @@ core to the application. The application replies with corresponding
 response messages.

 The messages are specified here: [ABCI Message
-Types](https://github.com/tendermint/tendermint/blob/develop/abci/README.md#message-types).
+Types](https://github.com/tendermint/tendermint/blob/master/abci/README.md#message-types).

 The **DeliverTx** message is the work horse of the application. Each
 transaction in the blockchain is delivered with this message. The
--- a/docs/networks/docker-compose.md
+++ b/docs/networks/docker-compose.md
@@ -78,9 +78,9 @@ cd $GOPATH/src/github.com/tendermint/tendermint
 rm -rf ./build/node*
 ```

-## Configuring abci containers 
+## Configuring abci containers

-To use your own abci applications with 4-node setup edit the [docker-compose.yaml](https://github.com/tendermint/tendermint/blob/develop/docker-compose.yml) file and add image to your abci application.
+To use your own abci applications with 4-node setup edit the [docker-compose.yaml](https://github.com/tendermint/tendermint/blob/master/docker-compose.yml) file and add image to your abci application.

 ```
 abci0:
@@ -129,7 +129,7 @@ To use your own abci applications with 4-node setup edit the [docker-compose.yam

 ```

-Override the [command](https://github.com/tendermint/tendermint/blob/master/networks/local/localnode/Dockerfile#L12) in each node to connect to it's abci. 
+Override the [command](https://github.com/tendermint/tendermint/blob/master/networks/local/localnode/Dockerfile#L12) in each node to connect to it's abci.

 ```
  node0:
--- a/docs/networks/terraform-and-ansible.md
+++ b/docs/networks/terraform-and-ansible.md
@@ -8,7 +8,7 @@ testnets on those servers.
 ## Install

 NOTE: see the [integration bash
-script](https://github.com/tendermint/tendermint/blob/develop/networks/remote/integration.sh)
+script](https://github.com/tendermint/tendermint/blob/master/networks/remote/integration.sh)
 that can be run on a fresh DO droplet and will automatically spin up a 4
 node testnet. The script more or less does everything described below.

--- a/docs/spec/abci/README.md
+++ b/docs/spec/abci/README.md
@@ -2,11 +2,11 @@

 ABCI is the interface between Tendermint (a state-machine replication engine)
 and your application (the actual state machine). It consists of a set of
-*methods*, where each method has a corresponding `Request` and `Response`
+_methods_, where each method has a corresponding `Request` and `Response`
 message type. Tendermint calls the ABCI methods on the ABCI application by sending the `Request*`
 messages and receiving the `Response*` messages in return.

-All message types are defined in a [protobuf file](https://github.com/tendermint/tendermint/blob/develop/abci/types/types.proto).
+All message types are defined in a [protobuf file](https://github.com/tendermint/tendermint/blob/master/abci/types/types.proto).
 This allows Tendermint to run applications written in any programming language.

 This specification is split as follows:
--- a/docs/spec/abci/abci.md
+++ b/docs/spec/abci/abci.md
@@ -3,9 +3,9 @@
 ## Overview

 The ABCI message types are defined in a [protobuf
-file](https://github.com/tendermint/tendermint/blob/develop/abci/types/types.proto).
+file](https://github.com/tendermint/tendermint/blob/master/abci/types/types.proto).

-ABCI methods are split across 3 separate ABCI *connections*:
+ABCI methods are split across 3 separate ABCI _connections_:

 - `Consensus Connection`: `InitChain, BeginBlock, DeliverTx, EndBlock, Commit`
 - `Mempool Connection`: `CheckTx`
@@ -85,7 +85,7 @@ Example:
 				cmn.KVPair{Key: []byte("amount"), Value: []byte("...")},
 				cmn.KVPair{Key: []byte("reason"), Value: []byte("...")},
 			},
-		},		
+		},
 		// ...
 	},
 }
@@ -115,19 +115,19 @@ non-determinism must be fixed and the nodes restarted.
 Sources of non-determinism in applications may include:

 - Hardware failures
-    - Cosmic rays, overheating, etc.
+  - Cosmic rays, overheating, etc.
 - Node-dependent state
-    - Random numbers
-    - Time
+  - Random numbers
+  - Time
 - Underspecification
-    - Library version changes
-    - Race conditions
-    - Floating point numbers
-    - JSON serialization
-    - Iterating through hash-tables/maps/dictionaries
+  - Library version changes
+  - Race conditions
+  - Floating point numbers
+  - JSON serialization
+  - Iterating through hash-tables/maps/dictionaries
 - External Sources
-    - Filesystem
-    - Network calls (eg. some external REST API service)
+  - Filesystem
+  - Network calls (eg. some external REST API service)

 See [#56](https://github.com/tendermint/abci/issues/56) for original discussion.

@@ -240,9 +240,9 @@ Commit are included in the header of the next block.
  - `Path (string)`: Path of request, like an HTTP GET path. Can be
    used with or in liue of Data.
    - Apps MUST interpret '/store' as a query by key on the
-    underlying store. The key SHOULD be specified in the Data field.
+      underlying store. The key SHOULD be specified in the Data field.
    - Apps SHOULD allow queries over specific types like
-    '/accounts/...' or '/votes/...'
+      '/accounts/...' or '/votes/...'
  - `Height (int64)`: The block height for which you want the query
    (default=0 returns data for the latest committed block). Note
    that this is the height of the block containing the
@@ -269,7 +269,7 @@ Commit are included in the header of the next block.
  - Query for data from the application at current or past height.
  - Optionally return Merkle proof.
  - Merkle proof includes self-describing `type` field to support many types
-  of Merkle trees and encoding formats.
+    of Merkle trees and encoding formats.

 ### BeginBlock

@@ -297,11 +297,9 @@ Commit are included in the header of the next block.
 - **Request**:
  - `Tx ([]byte)`: The request transaction bytes
  - `Type (CheckTxType)`: What type of `CheckTx` request is this? At present,
-    there are two possible values: `CheckTx_Unchecked` (the default, which says
-    that a full check is required), and `CheckTx_Checked` (when the mempool is
+    there are two possible values: `CheckTx_New` (the default, which says
+    that a full check is required), and `CheckTx_Recheck` (when the mempool is
    initiating a normal recheck of a transaction).
-  - `AdditionalData ([]byte)`: Reserved for future use. See
-    [here](https://github.com/tendermint/tendermint/issues/2127#issuecomment-456661420).
 - **Response**:
  - `Code (uint32)`: Response code
  - `Data ([]byte)`: Result bytes, if any.
@@ -486,7 +484,7 @@ Commit are included in the header of the next block.
  - `Votes ([]VoteInfo)`: List of validators addresses in the last validator set
    with their voting power and whether or not they signed a vote.

-###  ConsensusParams
+### ConsensusParams

 - **Fields**:
  - `Block (BlockParams)`: Parameters limiting the size of a block and time between consecutive blocks.
@@ -500,17 +498,17 @@ Commit are included in the header of the next block.
  - `MaxBytes (int64)`: Max size of a block, in bytes.
  - `MaxGas (int64)`: Max sum of `GasWanted` in a proposed block.
    - NOTE: blocks that violate this may be committed if there are Byzantine proposers.
-        It's the application's responsibility to handle this when processing a
-        block!
+      It's the application's responsibility to handle this when processing a
+      block!

 ### EvidenceParams

 - **Fields**:
  - `MaxAge (int64)`: Max age of evidence, in blocks. Evidence older than this
    is considered stale and ignored.
-        - This should correspond with an app's "unbonding period" or other
-          similar mechanism for handling Nothing-At-Stake attacks.
-        - NOTE: this should change to time (instead of blocks)!
+    - This should correspond with an app's "unbonding period" or other
+      similar mechanism for handling Nothing-At-Stake attacks.
+    - NOTE: this should change to time (instead of blocks)!

 ### ValidatorParams

@@ -532,4 +530,3 @@ Commit are included in the header of the next block.
  - `Type (string)`: Type of Merkle proof and how it's encoded.
  - `Key ([]byte)`: Key in the Merkle tree that this proof is for.
  - `Data ([]byte)`: Encoded Merkle proof for the key.
-
--- a/docs/spec/abci/apps.md
+++ b/docs/spec/abci/apps.md
@@ -65,7 +65,10 @@ begin.
 After `Commit`, CheckTx is run again on all transactions that remain in the
 node's local mempool after filtering those included in the block. To prevent the
 mempool from rechecking all transactions every time a block is committed, set
-the configuration option `mempool.recheck=false`.
+the configuration option `mempool.recheck=false`. As of Tendermint v0.32.1,
+an additional `Type` parameter is made available to the CheckTx function that
+indicates whether an incoming transaction is new (`CheckTxType_New`), or a
+recheck (`CheckTxType_Recheck`).

 Finally, the mempool will unlock and new transactions can be processed through CheckTx again.

@@ -208,7 +211,7 @@ message PubKey {

 The `pub_key` currently supports only one type:

- `type = "ed25519" and`data = <raw 32-byte public key>`
+- `type = "ed25519"` and `data = <raw 32-byte public key>`

 The `power` is the new voting power for the validator, with the
 following rules:
--- a/docs/spec/abci/client-server.md
+++ b/docs/spec/abci/client-server.md
@@ -9,7 +9,7 @@ Applications](./apps.md).
 ## Message Protocol

 The message protocol consists of pairs of requests and responses defined in the
-[protobuf file](https://github.com/tendermint/tendermint/blob/develop/abci/types/types.proto).
+[protobuf file](https://github.com/tendermint/tendermint/blob/master/abci/types/types.proto).

 Some messages have no fields, while others may include byte-arrays, strings, integers,
 or custom protobuf types.
@@ -33,9 +33,9 @@ The latter two can be tested using the `abci-cli` by setting the `--abci` flag
 appropriately (ie. to `socket` or `grpc`).

 See examples, in various stages of maintenance, in
-[Go](https://github.com/tendermint/tendermint/tree/develop/abci/server),
+[Go](https://github.com/tendermint/tendermint/tree/master/abci/server),
 [JavaScript](https://github.com/tendermint/js-abci),
-[Python](https://github.com/tendermint/tendermint/tree/develop/abci/example/python3/abci),
+[Python](https://github.com/tendermint/tendermint/tree/master/abci/example/python3/abci),
 [C++](https://github.com/mdyring/cpp-tmsp), and
 [Java](https://github.com/jTendermint/jabci).

@@ -44,14 +44,13 @@ See examples, in various stages of maintenance, in
 The simplest implementation uses function calls within Golang.
 This means ABCI applications written in Golang can be compiled with TendermintCore and run as a single binary.

-
 ### GRPC

 If GRPC is available in your language, this is the easiest approach,
 though it will have significant performance overhead.

 To get started with GRPC, copy in the [protobuf
-file](https://github.com/tendermint/tendermint/blob/develop/abci/types/types.proto)
+file](https://github.com/tendermint/tendermint/blob/master/abci/types/types.proto)
 and compile it using the GRPC plugin for your language. For instance,
 for golang, the command is `protoc --go_out=plugins=grpc:. types.proto`.
 See the [grpc documentation for more details](http://www.grpc.io/docs/).
@@ -107,4 +106,4 @@ received or a block is committed.

 It is unlikely that you will need to implement a client. For details of
 our client, see
-[here](https://github.com/tendermint/tendermint/tree/develop/abci/client).
+[here](https://github.com/tendermint/tendermint/tree/master/abci/client).
--- a/docs/spec/blockchain/encoding.md
+++ b/docs/spec/blockchain/encoding.md
@@ -59,20 +59,20 @@ familiar with amino encoding.
 You can simply use below table and concatenate Prefix || Length (of raw bytes) || raw bytes
 ( while || stands for byte concatenation here).

-| Type               | Name                          | Prefix     | Length   | Notes |
-| ------------------ | ----------------------------- | ---------- | -------- | ----- |
-| PubKeyEd25519      | tendermint/PubKeyEd25519      | 0x1624DE64 | 0x20     |       |
-| PubKeySecp256k1    | tendermint/PubKeySecp256k1    | 0xEB5AE987 | 0x21     |       |
-| PrivKeyEd25519     | tendermint/PrivKeyEd25519     | 0xA3288910 | 0x40     |       |
-| PrivKeySecp256k1   | tendermint/PrivKeySecp256k1   | 0xE1B0F79B | 0x20     |       |
-| PubKeyMultisigThreshold | tendermint/PubKeyMultisigThreshold | 0x22C1F7E2 | variable |  |
+| Type                    | Name                               | Prefix     | Length   | Notes |
+| ----------------------- | ---------------------------------- | ---------- | -------- | ----- |
+| PubKeyEd25519           | tendermint/PubKeyEd25519           | 0x1624DE64 | 0x20     |       |
+| PubKeySecp256k1         | tendermint/PubKeySecp256k1         | 0xEB5AE987 | 0x21     |       |
+| PrivKeyEd25519          | tendermint/PrivKeyEd25519          | 0xA3288910 | 0x40     |       |
+| PrivKeySecp256k1        | tendermint/PrivKeySecp256k1        | 0xE1B0F79B | 0x20     |       |
+| PubKeyMultisigThreshold | tendermint/PubKeyMultisigThreshold | 0x22C1F7E2 | variable |       |

 ### Example

 For example, the 33-byte (or 0x21-byte in hex) Secp256k1 pubkey
-   `020BD40F225A57ED383B440CF073BC5539D0341F5767D2BF2D78406D00475A2EE9`
-   would be encoded as
-   `EB5AE98721020BD40F225A57ED383B440CF073BC5539D0341F5767D2BF2D78406D00475A2EE9`
+`020BD40F225A57ED383B440CF073BC5539D0341F5767D2BF2D78406D00475A2EE9`
+would be encoded as
+`EB5AE98721020BD40F225A57ED383B440CF073BC5539D0341F5767D2BF2D78406D00475A2EE9`

 ### Key Types

@@ -170,11 +170,11 @@ We use the RFC 6962 specification of a merkle tree, with sha256 as the hash func
 Merkle trees are used throughout Tendermint to compute a cryptographic digest of a data structure.
 The differences between RFC 6962 and the simplest form a merkle tree are that:

-1) leaf nodes and inner nodes have different hashes.
+1. leaf nodes and inner nodes have different hashes.
   This is for "second pre-image resistance", to prevent the proof to an inner node being valid as the proof of a leaf.
   The leaf nodes are `SHA256(0x00 || leaf_data)`, and inner nodes are `SHA256(0x01 || left_hash || right_hash)`.

-2) When the number of items isn't a power of two, the left half of the tree is as big as it could be.
+2. When the number of items isn't a power of two, the left half of the tree is as big as it could be.
   (The largest power of two less than the number of items) This allows new leaves to be added with less
   recomputation. For example:

@@ -290,7 +290,7 @@ func computeHashFromAunts(index, total int, leafHash []byte, innerHashes [][]byt

 ### IAVL+ Tree

-Because Tendermint only uses a Simple Merkle Tree, application developers are expect to use their own Merkle tree in their applications. For example, the IAVL+ Tree - an immutable self-balancing binary tree for persisting application state is used by the [Cosmos SDK](https://github.com/cosmos/cosmos-sdk/blob/develop/docs/sdk/core/multistore.md)
+Because Tendermint only uses a Simple Merkle Tree, application developers are expect to use their own Merkle tree in their applications. For example, the IAVL+ Tree - an immutable self-balancing binary tree for persisting application state is used by the [Cosmos SDK](https://github.com/cosmos/cosmos-sdk/blob/master/docs/clients/lite/specification.md)

 ## JSON

--- a/docs/spec/consensus/consensus.md
+++ b/docs/spec/consensus/consensus.md
@@ -73,11 +73,11 @@ parameters over each successive round.
      |(When +2/3 Precommits for block found)                  |
      v                                                        |
 +--------------------------------------------------------------------+
-       |  Commit                                                            |
-       |                                                                    |
-       |  * Set CommitTime = now;                                           |
-       |  * Wait for block, then stage/save/commit block;                   |
-       +--------------------------------------------------------------------+
+|  Commit                                                            |
+|                                                                    |
+|  * Set CommitTime = now;                                           |
+|  * Wait for block, then stage/save/commit block;                   |
+--------------------------------------------------------------------+
 ```

 # Background Gossip
@@ -120,7 +120,7 @@ A proposal is signed and published by the designated proposer at each
 round. The proposer is chosen by a deterministic and non-choking round
 robin selection algorithm that selects proposers in proportion to their
 voting power (see
-[implementation](https://github.com/tendermint/tendermint/blob/develop/types/validator_set.go)).
+[implementation](https://github.com/tendermint/tendermint/blob/master/types/validator_set.go)).

 A proposal at `(H,R)` is composed of a block and an optional latest
 `PoLC-Round < R` which is included iff the proposer knows of one. This
@@ -131,13 +131,15 @@ liveness property.

 ### Propose Step (height:H,round:R)

-Upon entering `Propose`: - The designated proposer proposes a block at
-`(H,R)`.
+Upon entering `Propose`:
+- The designated proposer proposes a block at `(H,R)`.

-The `Propose` step ends: - After `timeoutProposeR` after entering
-`Propose`. --> goto `Prevote(H,R)` - After receiving proposal block
-and all prevotes at `PoLC-Round`. --> goto `Prevote(H,R)` - After
-[common exit conditions](#common-exit-conditions)
+The `Propose` step ends:
+- After `timeoutProposeR` after entering `Propose`. --> goto
+  `Prevote(H,R)`
+- After receiving proposal block and all prevotes at `PoLC-Round`. -->
+  goto `Prevote(H,R)`
+- After [common exit conditions](#common-exit-conditions)

 ### Prevote Step (height:H,round:R)

@@ -152,10 +154,12 @@ Upon entering `Prevote`, each validator broadcasts its prevote vote.
 - Else, if the proposal is invalid or wasn't received on time, it
  prevotes `<nil>`.

-The `Prevote` step ends: - After +2/3 prevotes for a particular block or
-`<nil>`. -->; goto `Precommit(H,R)` - After `timeoutPrevote` after
-receiving any +2/3 prevotes. --> goto `Precommit(H,R)` - After
-[common exit conditions](#common-exit-conditions)
+The `Prevote` step ends:
+- After +2/3 prevotes for a particular block or `<nil>`. -->; goto
+  `Precommit(H,R)`
+- After `timeoutPrevote` after receiving any +2/3 prevotes. --> goto
+  `Precommit(H,R)`
+- After [common exit conditions](#common-exit-conditions)

 ### Precommit Step (height:H,round:R)

@@ -163,17 +167,19 @@ Upon entering `Precommit`, each validator broadcasts its precommit vote.

 - If the validator has a PoLC at `(H,R)` for a particular block `B`, it
  (re)locks (or changes lock to) and precommits `B` and sets
-  `LastLockRound = R`. - Else, if the validator has a PoLC at `(H,R)` for
-  `<nil>`, it unlocks and precommits `<nil>`. - Else, it keeps the lock
-  unchanged and precommits `<nil>`.
+  `LastLockRound = R`.
+- Else, if the validator has a PoLC at `(H,R)` for `<nil>`, it unlocks
+  and precommits `<nil>`.
+- Else, it keeps the lock unchanged and precommits `<nil>`.

 A precommit for `<nil>` means "I didn’t see a PoLC for this round, but I
 did get +2/3 prevotes and waited a bit".

-The Precommit step ends: - After +2/3 precommits for `<nil>`. -->
-goto `Propose(H,R+1)` - After `timeoutPrecommit` after receiving any
-+2/3 precommits. --> goto `Propose(H,R+1)` - After [common exit
-conditions](#common-exit-conditions)
+The Precommit step ends:
+- After +2/3 precommits for `<nil>`. --> goto `Propose(H,R+1)`
+- After `timeoutPrecommit` after receiving any +2/3 precommits. --> goto
+  `Propose(H,R+1)`
+- After [common exit conditions](#common-exit-conditions)

 ### Common exit conditions

--- a/docs/spec/consensus/light-client.md
+++ b/docs/spec/consensus/light-client.md
@@ -1,145 +1,329 @@
-# Lite Client
+# Lite client

-A lite client is a process that connects to the Tendermint Full Node(s) and then tries to verify application data using the Merkle proofs. In this document we describe mechanisms that ensures that the Tendermint lite client
-has the same level of security as Full Node processes (without being itself a Full Node).
+A lite client is a process that connects to Tendermint full nodes and then tries to verify application data using the Merkle proofs.

-## Lite client requirements from Tendermint and Proof of Stake modules
+## Context of this document

-Before explaining lite client mechanisms and operations we need to define some requirements expected from the Tendermint blockchain. Tendermint provides a deterministic, Byzantine fault-tolerant, source of time (called
-[BFT Time](/Users/zarkomilosevic/go-workspace/src/github.com/tendermint/tendermint/docs/spec/consensus/bft-time.md)).
-BFT time is monotonically increasing and in case of at most 1/3 of voting power equivalent of faulty validators guaranteed to be close to the wall time of correct validators. For correct functioning of lite client we need a guarantee that BFT time does not drift more than some known parameter BFT_TIME_DRIFT_BOUND (that should normally be measured in hours, maybe even days) from client wall time. Note that this requirement currently only holds in case 
-at most 1/3 of voting power equivalent of validators report wrong time, but we might need to strengthen this requirement further to also be able to tolerate time-related misbehavior of more than 1/3 voting power equivalent of validators (https://github.com/tendermint/tendermint/issues/2653, https://github.com/tendermint/tendermint/issues/2840).  
+In order to make sure that full nodes have the incentive to follow the protocol, we have to address the following three Issues

-Furthermore, lite client security is tightly coupled with the notion of UNBONDING_PERIOD that is at the core of the security of proof of stake blockchain systems (for example Cosmos Hub). UNBONDING_PERIOD is period of time that needs to pass from the withdraw event until stake is liquid. During this period unbonded validator cannot participate in the consensus protocol (and is therefore not rewarded) but can be slashed for misbehavior (done either before withdraw event or during UNBONDING_PERIOD). This is used to protect against a validator attacking the network and then immediately withdrawing his stake. Cosmos Hub is currently enforcing a 21-day UNBONDING_PERIOD. Note that UNBONDING_PERIOD is measured with respect to BFT time and that this has significant effect on the security of lite client operation as validators are not slashable outside their UNBONDING_PERIOD. There is a hidden implicit assumptions regarding the UNBONDING_PERIOD: we assume that Tendermint will always generate blocks within duration of UNBONDING_PERIOD. If chain halts for the duration of UNBONDING_PERIOD security of lite clients are jeopardized. Probably more secure solution would be defining UNBONDING_PERIOD as a hybrid of wall time and logical time (number of block heights). In that case UNBONDING_PERIOD is over when the both conditions are true. In that case no assumption is being made on the chain progress (which is in theory hard to make as Tendermint operate in partially synchronous system model), and system is secure (including lite clients) even in case of long halts.   
+1) The lite client needs a method to verify headers it obtains from full nodes according to trust assumptions -- this document.

-## Lite client initialization
+2) The lite client must be able to connect to one correct full node to detect and report on failures in the trust assumptions (i.e., conflicting headers) -- a future document.

-Lite client is initialized using a trusted socially verified validator set hash. This is part of the security model for
-proof of stake blockchains (see https://github.com/tendermint/tendermint/issues/1771). We assume that initialization 
-procedure receive as input the following parameters: 
+3) In the event the trust assumption fails (i.e., a lite client is fooled by a conflicting header), the Tendermint fork accountability protocol must account for the evidence -- see #3840

- height h: height of the blockchain for which trusted validator set hash is provided and
- trusted validator set hash.
+## Problem statement

-Given this information, light client initialization logic will call `Validators` method on the node it is connected to 
-obtain `ResultValidators` that contains validators that has committed the block h. Then we check if MerkleRoot
-of the validator set is equal to the trusted validator set hash. If verification failed, initialization exits with error, otherwise it proceeds. 

-Next step is determining if the block at hight h is correctly signed by the obtained validator set. This is achieved by 
-calling `Commit` method for a given height that returns `SignedHeader` that is a header together with the set of 
-`Precommit` messages that commit the corresponding block. Light client logic then needs to verify if the set of signatures defined the valid commit for the given block. If this verification fails, initialization exits with error, otherwise it proceeds. 
+We assume that the lite client knows a (base) header *inithead* it trusts (by social consensus or because the lite client has decided to trust the header before). The goal is to check whether another header *newhead* can be trusted based on the data in *inithead*.

-Final step (this should actually be part of the second step) of the initialization procedure is ensuring that we operate within UNBONDING_PERIOD of the trusted validator set. This can be expressed with the following formula:
+The correctness of the protocol is based on the assumption that *inithead* was generated by an instance of Tendermint consensus. The term "trusting" above indicates that the correctness on the protocol depends on this assumption. It is in the responsibility of the user that runs the lite client to make sure that the risk of trusting a corrupted/forged *inithead* is negligible.

-`header.Time + UNBONDING_PERIOD <= Now() - BFT_TIME_DRIFT_BOUND`.

-Note that outside this time window lite client cannot trust validator set as validators could potentially unbonded its stake so security of the lite client does not hold as they are not slashable for its actions. Therefore, they can eclipse client and cheat about the system state without risk of being punished for such misbehavior. 
+## Definitions

-Note that this formula shows a fundamental dependence of lite client security on the wall time. If UNBONDING_PERIOD
-would be defined only in terms of logical time (block heights), lite client will not have a way to know if trusted validator set is still withing its UNBONDING_PERIOD as it does not have a way of reliably determining top of the chain.
-Therefore, it seems that having BFT time in sync with standard notions of time (for example NTP) is necessarily for correct operations of the system. 
+### Data structures

-Lite client security depends also on the guarantee that faulty validator behavior will be punished. Therefore if a client detect faulty behavior we need to guarantee that proof of misbehavior evidence transaction will be committed within UNBONDING_PERIOD of faulty validators so it can be slashed. This can be achieved by having client considering
-time period smaller than UNBONDING_PERIOD. Let's denote this time period LITE_CLIENT_CERTIFICATE_PERIOD, and we can assume that it's set to a fraction of UNBONDING_PERIOD. For example, it can be set to be half of UNBONDING_PERIOD. 
-This normally leaves a lot of time to client to ensure that evidence transaction is committed by the network during
-the UNBONDING_PERIOD. As these periods are normally measured in days, a client can in the worst case rely on 
-social channels to ensure that evidence transaction is proposed by some validator. Note that we might also assume that as part of validator service some validators might have "hot line" that can be used to submit evidence of misbehavior. 
+In the following, only the details of the data structures needed for this specification are given.

-Given a trusted validator set whose trust is established by the header H, we say that this validator set is trusted the latest until `H.Time + LITE_CLIENT_CERTIFICATE_PERIOD`, i.e., the trusted period is defined by the following formula:
-`header.Time + LITE_CLIENT_CERTIFICATE_PERIOD <= Now() - BFT_TIME_DRIFT_BOUND`. If this formula does not hold, we say
-that trust in the given validator set is revoked and client need to establish a new root of trust.
+  * header fields
+    - *height*
+    - *bfttime*: the chain time when the header (block) was generated
+    - *V*: validator set containing validators for this block.
+    - *NextV*: validator set for next block.
+    - *commit*: evidence that block with height *height* - 1 was committed by a set of validators (canonical commit). We will use ```signers(commit)``` to refer to the set of validators that committed the block.

-For the purpose of this lite client specification, we assume that the Tendermint Full Node exposes the following functions over Tendermint RPC:
+  * signed header fields: contains a header and a  *commit* for the current header; a "seen commit". In the Tendermint consensus the "canonical commit" is stored in header *height* + 1.

-```golang
-Validators(height int64) (ResultValidators, error) // returns validator set for the given height
-Commit(height int64) (SignedHeader, error) // returns signed header for the given height
+  * For each header *h* it has locally stored, the lite client stores whether
+    it trusts *h*. We write *trust(h) = true*, if this is the case.

-type ResultValidators struct {
-    BlockHeight   int64
-    Validators    []Validator
-}
+  * Validator fields. We will write a validator as a tuple *(v,p)* such that
+    + *v* is the identifier (we assume identifiers are unique in each validator set)
+    + *p* is its voting power

-type SignedHeader struct {
-    Header        Header
-    Commit        Commit
-}
-```
-Locally, lite client manages the following state:

-```golang
-type LiteClientState struct {
-  ValSet            []Validator        // validator set at the given height
-  ValSetHash        []byte             // hash of the current validator set
-  NextValSet        []Validator        // next validator set
-  NextValSetHash    []byte             // hash of the next validator set
-  Height            int64              // current height
-  ValSetTime        int64              // time when the current and next validator set is initialized
-}
+### Functions
+
+For the purpose of this lite client specification, we assume that the Tendermint Full Node exposes the following function over Tendermint RPC:
+```go
+    func Commit(height int64) (SignedHeader, error)
+      // returns signed header: header (with the fields from
+      // above) with Commit that include signatures of
+      // validators that signed the header
+
+
+    type SignedHeader struct {
+      Header        Header
+      Commit        Commit
+    }
 ```

-Initialization procedure is captured by the following pseudo code:
+### Definitions

-```golang
-Init(height int64, valSetHash Hash): (LiteClientState, error) {
-  state = LiteClientState {}
-  valSet = Validators(height).Validators
-  if Hash(valSet) != valSetHash then return (nil, error)
+* *tp*: trusting period   
+* for realtime *t*, the predicate *correct(v,t)* is true if the validator *v*
+  follows the protocol until time *t* (we will see about recovery later).

-  signedHeader = Commit(height)
-  if signedHeader.Header.Time + LITE_CLIENT_CERTIFICATE_PERIOD > Now() - BFT_TIME_DRIFT_BOUND then return (nil, error)
-  if votingPower(signedHeader.Commit) <= 2/3 totalVotingPower(valSet) then return (nil, error)
-  
-  nextValSet = Validators(height+1).Validators
-  if Hash(nextValSet) != signedHeader.Header.NextValSetHash then return (nil, error)

-  state.ValSet = nextValSet
-  state.ValSetHash = signedHeader.Header.NextValSetHash
-  state.Height = height
-  state.ValSetTime = signedHeader.Header.Time
-  
-  return state, nil
-}  
+
+
+### Tendermint Failure Model
+
+If a block *h* is generated at time *bfttime* (and this time is stored in the block), then a set of validators that hold more than 2/3 of the voting power in h.Header.NextV is correct until time h.Header.bfttime + tp.
+
+Formally,
+\[
+\sum_{(v,p) \in h.Header.NextV \wedge correct(v,h.Header.bfttime + tp)} p >
+2/3 \sum_{(v,p) \in h.Header.NextV} p
+\]
+
+*Assumption*: "correct" is defined w.r.t. realtime (some Newtonian global notion of time, i.e., wall time), while *bfttime* corresponds to the reading of the local clock of a validator (how this time is computed may change when the Tendermint consensus is modified). In this note, we assume that all clocks are synchronized to realtime. We can make this more precise eventually (incorporating clock drift, accuracy, precision, etc.). Right now, we consider this assumption sufficient, as clock synchronization (under NTP) is in the order of milliseconds and *tp* is in the order of weeks.  
+
+*Remark*: This failure model might change to a hybrid version that takes heights into account in the future.
+
+The specification in this document considers an implementation of the lite client under this assumption. Issues like *counter-factual signing* and *fork accountability* and *evidence submission* are mechanisms that justify this assumption by incentivizing validators to follow the protocol.
+If they don't, and we have more that 1/3 faults, safety may be violated. Our approach then is to *detect* these cases (after the fact), and take suitable repair actions (automatic and social). This is discussed in an upcoming document on "Fork accountability". (These safety violations include the lite client wrongly trusting a header, a fork in the blockchain, etc.)
+
+
+## Lite Client Trusting Spec
+
+The lite client communicates with a full node and learns new headers. The goal is to locally decide whether to trust a header. Our implementation needs to ensure the following two properties:
+
+- Lite Client Completeness: If header *h* was correctly generated by an instance of Tendermint consensus (and its age is less than the trusting period), then the lite client should eventually set *trust(h)* to true.
+
+- Lite Client Accuracy:  If header *h* was *not generated* by an instance of Tendermint consensus, then the lite client should never set *trust(h)* to true.
+
+*Remark*: If in the course of the computation, the lite client obtains certainty that some headers were forged by adversaries (that is were not generated by an instance of Tendermint consensus), it may submit (a subset of) the headers it has seen as evidence of misbehavior.
+
+*Remark*: In Completeness we use "eventually", while in practice *trust(h)* should be set to true before *h.Header.bfttime + tp*. If not, the block cannot be trusted because it is too old.
+
+*Remark*: If a header *h* is marked with *trust(h)*, but it is too old (its bfttime is more than *tp* ago), then the lite client should set *trust(h)* to false again.
+
+*Assumption*: Initially, the lite client has a header *inithead* that it trusts correctly, that is, *inithead* was correctly generated by the Tendermint consensus.
+
+To reason about the correctness, we may prove the following invariant.
+
+*Verification Condition: Lite Client Invariant.*
+ For each lite client *l* and each header *h*:
+if *l* has set *trust(h) = true*,
+  then validators that are correct until time *h.Header.bfttime + tp* have more than two thirds of the voting power in *h.Header.NextV*.
+
+  Formally,
+  \[
+  \sum_{(v,p) \in h.Header.NextV \wedge correct(v,h.Header.bfttime + tp)} p >
+  2/3 \sum_{(v,p) \in h.Header.NextV} p
+  \]
+
+*Remark.* To prove the invariant, we will have to prove that the lite client only trusts headers that were correctly generated by Tendermint consensus, then the formula above follows from the Tendermint failure model.
+
+
+## High Level Solution
+
+Upon initialization, the lite client is given a header *inithead* it trusts (by
+social consensus). It is assumed that *inithead* satisfies the lite client invariant. (If *inithead* has been correctly generated by Tendermint consensus, the invariant follows from the Tendermint Failure Model.)
+
+When a lite clients sees a signed new header *snh*, it has to decide whether to trust the new
+header. Trust can be obtained by (possibly) the combination of three methods.
+
+1. **Uninterrupted sequence of proof.** If a block is appended to the chain, where the last block
+is trusted (and properly committed by the old validator set in the next block),
+and the new block contains a new validator set, the new block is trusted if the lite client knows all headers in the prefix.
+Intuitively, a trusted validator set is assumed to only chose a new validator set that will obey the Tendermint Failure Model.
+
+2. **Trusting period.** Based on a trusted block *h*, and the lite client
+invariant, which ensures the fault assumption during the trusting period, we can check whether at least one  validator, that has been continuously correct from *h.Header.bfttime* until now, has signed *snh*.
+If this is the case, similarly to above, the chosen validator set in *snh* does not violate the Tendermint Failure Model.
+
+3. **Bisection.** If a check according to the trusting period fails, the lite client can try to obtain a header *hp* whose height lies between *h* and *snh* in order to check whether *h* can be used to get trust for *hp*, and *hp* can be used to get trust for *snh*. If this is the case we can trust *snh*; if not, we may continue recursively.
+
+## How to use it
+
+We consider the following use case:
+ the lite client wants to verify a header for some given height *k*. Thus:
+  - it requests the signed header for height *k* from a full node
+  - it tries to verify this header with the methods described here.
+
+This can be used in several settings:
+  - someone tells the lite client that application data that is relevant for it can be read in the block of height *k*.
+  - the lite clients wants the latest state. It asks a full nude for the current height, and uses the response for *k*.
+
+
+## Details
+
+*Assumptions*
+
+1. *tp < unbonding period*.
+2. *snh.Header.bfttime < now*
+3. *snh.Header.bfttime < h.Header.bfttime+tp*
+4. *trust(h)=true*
+
+
+**Observation 1.** If *h.Header.bfttime + tp > now*, we trust the old
+validator set *h.Header.NextV*.
+
+When we say we trust *h.Header.NextV* we do *not* trust that each individual validator in *h.Header.NextV* is correct, but we only trust the fact that at most 1/3 of them are faulty (more precisely, the faulty ones have at most 1/3 of the total voting power).
+
+
+
+### Functions
+
+The function *Bisection* checks whether to trust header *h2* based on the trusted header *h1*. It does so by calling
+the function *CheckSupport* in the process of
+bisection/recursion. *CheckSupport* implements the trusted period method and, for two adjacent headers (in term of heights), it checks uninterrupted sequence of proof.
+
+*Assumption*: In the following, we assume that *h2.Header.height > h1.Header.height*. We will quickly discuss the other case in the next section.
+
+We consider the following set-up:
+- the lite client communicates with one full node
+- the lite client locally stores all the signed headers it obtained (trusted or not). In the pseudo code below we write *Store(header)* for this.
+- If *Bisection* returns *false*, then the lite client has seen a  forged header.
+  * However, it does not know which header(s) is/are the problematic one(s).
+  * In this case, the lite client can submit (some of) the headers it has seen as evidence. As the lite client communicates with one full node only when executing Bisection, there are two cases
+    - the full node is faulty
+    - the full node is correct and there was a fork in Tendermint consensus. Header *h1* is from a different branch than the one taken by the full node. This case is not focus of this document, but will be treated in the document on fork accountability.
+
+- the lite client must retry to retrieve correct headers from another full node
+  * it picks a new full node
+  * it restarts *Bisection*
+  * there might be optimizations; a lite client may not need to call *Commit(k)*, for a height *k* for which it already has a signed header it trusts.
+  * how to make sure that a lite client can communicate with a correct full node will be the focus of a separate document (recall Issue 3 from "Context of this document").
+
+**Auxiliary Functions.** We will use the  function ```votingpower_in(V1,V2)``` to compute the voting power the validators in set V1 have according to their voting power in set V2;
+we will write ```totalVotingPower(V)``` for ```votingpower_in(V,V)```, which returns the total voting power in V.
+We further use the function ```signers(Commit)``` that returns the set of validators that signed the Commit.
+
+**CheckSupport.** The following function checks whether we can trust the header h2 based on header h1 following the trusting period method.
+
+```go
+  func CheckSupport(h1,h2,trustlevel) bool {
+    if h1.Header.bfttime + tp < now { // Observation 1
+      return false // old header was once trusted but it is expired
+    }  
+    vp_all := totalVotingPower(h1.Header.NextV)
+      // total sum of voting power of validators in h2
+
+    if h2.Header.height == h1.Header.height + 1 {
+      // specific check for adjacent headers; everything must be
+      // properly signed.
+      // also check that h2.Header.V == h1.Header.NextV
+      // Plus the following check that 2/3 of the voting power
+      // in h1 signed h2
+      return (votingpower_in(signers(h2.Commit),h1.Header.NextV) >
+              2/3 * vp_all)
+        // signing validators are more than two third in h1.
+    }
+
+    return (votingpower_in(signers(h2.Commit),h1.Header.NextV) >
+            max(1/3,trustlevel) * vp_all)
+      // get validators in h1 that signed h2
+      // sum of voting powers in h1 of
+      // validators that signed h2
+      // is more than a third in h1
+  }
 ```

-To be able to validate a Merkle proof, a light client needs to validate the blockchain header that contains the root app hash.Validating a blockchain header in Tendermint consists in verifying that the header is committed (signed) by >2/3 of the voting power of the corresponding validator set. As the validator set is a dynamic set (it is changing), one of the core functionality of the lite client is updating the current validator set, that is then used to verify the
-blockchain header, and further the corresponding Merkle proofs.
+  *Remark*: Basic header verification must be done for *h2*. Similar checks are done in:  
+  https://github.com/tendermint/tendermint/blob/master/types/validator_set.go#L591-L633

-We assume that each validator set change is signed (committed) by the current validator set. More precisely,
-given a block `H` that contains transactions that are modifying the current validator set, the Merkle root hash of the next validator set (modified based on transactions from block H) are in block `H+1` (and signed by the current validator
-set), and then starting from the block `H+2`, it will be signed by the next validator set.
+  *Remark*: There are some sanity checks which are not in the code:
+  *h2.Header.height > h1.Header.height* and *h2.Header.bfttime > h1.Header.bfttime* and *h2.Header.bfttime < now*.

-The core of the light client logic is captured by the VerifyAndUpdate function that is used to update
-trusted validator set to the one from the given height.
+  *Remark*: ```return (votingpower_in(signers(h2.Commit),h1.Header.NextV) > max(1/3,trustlevel) * vp_all)``` may return false even if *h2* was properly generated by Tendermint consensus in the case of big changes in the validator sets. However, the check ```return (votingpower_in(signers(h2.Commit),h1.Header.NextV) >
+          2/3 * vp_all)``` must return true if *h1* and *h2* were generated by Tendermint consensus.

-```golang
-VerifyAndUpdate(state LiteClientState, height int64): error {
-  if signedHeader.Header.Height <= height then return error
-  
-  // check if certification period of the current validator set is still secure
-  if state.ValSetTime + LITE_CLIENT_CERTIFICATE_PERIOD > Now() - BFT_TIME_DRIFT_BOUND then return error
+*Remark*: The 1/3 check differs from a previously proposed method that was based on intersecting validator sets and checking that the new validator set contains "enough" correct validators. We found that the old check is not suited for realistic changes in the validator sets. The new method is not only based on cardinalities, but also exploits that we can trust what is signed by a correct validator (i.e., signed by more than 1/3 of the voting power).

-  for i = state.Height+1; i < height; i++ {
-    signedHeader = Commit(i)
-    if votingPower(signedHeader.Commit) <= 2/3 totalVotingPower(state.ValSet) then return error
-    if signedHeader.Header.ValidatorsHash != state.ValSetHash then return error
+*Correctness arguments*

-    nextValSetHash = signedHeader.Header.NextValidatorsHash
+Towards Lite Client Accuracy:
+- Assume by contradiction that *h2* was not generated correctly and the lite client sets trust to true because *CheckSupport* returns true.
+- h1 is trusted and sufficiently new
+- by Tendermint Fault Model, less than 1/3 of voting power held by faulty validators => at least one correct validator *v* has signed *h2*.
+- as *v* is correct up to now, it followed the Tendermint consensus protocol at least up to signing *h2* => *h2* was correctly generated, we arrive at the required contradiction.

-    nextValSet = Validators(i+1).Validators
-    if Hash(nextValSet) != nextValSetHash then return (0, error)

-    // at this point we can install new valset
-    state.ValSet = nextValSet
-    state.ValSetHash = nextValSetHash
-    state.Height = i
-    state.ValSetTime = signedHeader.Header.Time
-  }  
+Towards Lite Client Completeness:
+- The check is successful if sufficiently many validators of *h1* are still validators in *h2* and signed *h2*.
+- If *h2.Header.height = h1.Header.height + 1*, and both headers were generated correctly, the test passes
+
+*Verification Condition:* We may need a Tendermint invariant stating that if *h2.Header.height = h1.Header.height + 1* then *signers(h2.Commit) \subseteq h1.Header.NextV*.
+
+*Remark*: The variable *trustlevel* can be used if the user believes that relying on one correct validator is not sufficient. However, in case of (frequent) changes in the validator set, the higher the *trustlevel* is chosen, the more unlikely it becomes that CheckSupport returns true for non-adjacent headers.
+
+**Bisection.** The following function uses CheckSupport in a recursion to find intermediate headers that allow to establish a sequence of trust.
+
+
+
+
+```go
+func Bisection(h1,h2,trustlevel) bool{
+  if CheckSupport(h1,h2,trustlevel) {
+    return true
+  }
+  if h2.Header.height == h1.Header.height + 1 {
+    // we have adjacent headers that are not matching (failed
+    // the CheckSupport)
+    // we could submit evidence here
+    return false
+  }
+  pivot := (h1.Header.height + h2.Header.height) / 2
+  hp := Commit(pivot)
+    // ask a full node for header of height pivot
+  Store(hp)  
+    // store header hp locally
+  if Bisection(h1,hp,trustlevel) {
+    // only check right branch if hp is trusted
+    // (otherwise a lot of unnecessary computation may be done)
+    return Bisection(hp,h2,trustlevel)
+  }
+  else {
+    return false
+  }
 }
+```  

-Note that in the logic above we assume that the lite client will always go upward with respect to header verifications,
-i.e., that it will always be used to verify more recent headers. Going backward is problematic as having trust in 
-some validator set at height h does not give us trust in validator set before height h. Therefore, if lite client query
-is about smaller height, trusted validator set for smaller heights is needed. 

-In case a call to the FullNode or subsequent checks fail, a light client need to implement some recovery strategy, for example connecting to other FullNode.
+
+
+*Correctness arguments (sketch)*
+
+Lite Client Accuracy:
+- Assume by contradiction that *h2* was not generated correctly and the lite client sets trust to true because Bisection returns true.
+- Bisection returns true only if all calls to CheckSupport in the recursion return true.
+- Thus we have a sequence of headers that all satisfied the CheckSupport
+- again a contradiction
+
+Lite Client Completeness:
+
+This is only ensured if upon *Commit(pivot)* the lite client is always provided with a correctly generated header.
+
+*Stalling*
+
+With Bisection, a faulty full node could stall a lite client by creating a long sequence of headers that are queried one-by-one by the lite client and look OK, before the lite client eventually detects a problem. There are several ways to address this:
+* Each call to ```Commit``` could be issued to a different full node
+* Instead of querying header by header, the lite client tells a full node which header it trusts, and the height of the header it needs. The full node responds with the header along with a proof consisting of intermediate headers that the light client can use to verify. Roughly, Bisection would then be executed at the full node.
+* We may set a timeout how long bisection may take.
+
+
+### The case *h2.Header.height < h1.Header.height*
+
+In the use case where someone tells the lite client that application data that is relevant for it can be read in the block of height *k* and the lite client trusts a more recent header, we can use the hashes to verify headers "down the chain." That is, we iterate down the heights and check the hashes in each step.
+
+*Remark.* For the case were the lite client trusts two headers *i* and *j* with *i < k < j*, we should discuss/experiment whether the forward or the backward method is more effective.
+
+```go
+func Backwards(h1,h2) bool {
+  assert (h2.Header.height < h1.Header.height)
+  old := h1
+  for i := h1.Header.height - 1; i > h2.Header.height; i-- {
+    new := Commit(i)
+    Store(new)
+    if (hash(new) != old.Header.hash) {
+      return false
+    }
+    old := new
+  }
+  return (hash(h2) == old.Header.hash)
+ }
+```
--- a/docs/spec/p2p/connection.md
+++ b/docs/spec/p2p/connection.md
@@ -61,7 +61,7 @@ func (m MConnection) TrySend(chID byte, msg interface{}) bool {}

 `Send(chID, msg)` is a blocking call that waits until `msg` is successfully queued
 for the channel with the given id byte `chID`. The message `msg` is serialized
-using the `tendermint/wire` submodule's `WriteBinary()` reflection routine.
+using the `tendermint/go-amino` submodule's `WriteBinary()` reflection routine.

 `TrySend(chID, msg)` is a nonblocking call that queues the message msg in the channel
 with the given id byte chID if the queue is not full; otherwise it returns false immediately.
--- a/docs/spec/reactors/block_sync/bcv1/img/bc-reactor-new-datastructs.png
+++ b/docs/spec/reactors/block_sync/bcv1/img/bc-reactor-new-datastructs.png
--- a/docs/spec/reactors/block_sync/bcv1/img/bc-reactor-new-fsm.png
+++ b/docs/spec/reactors/block_sync/bcv1/img/bc-reactor-new-fsm.png
--- a/docs/spec/reactors/block_sync/bcv1/img/bc-reactor-new-goroutines.png
+++ b/docs/spec/reactors/block_sync/bcv1/img/bc-reactor-new-goroutines.png
--- a/docs/spec/reactors/block_sync/bcv1/impl-v1.md
+++ b/docs/spec/reactors/block_sync/bcv1/impl-v1.md
@@ -0,0 +1,237 @@
+# Blockchain Reactor v1
+
+### Data Structures
+The data structures used are illustrated below.
+
+![Data Structures](img/bc-reactor-new-datastructs.png)
+
+#### BlockchainReactor
+- is a `p2p.BaseReactor`.
+- has a `store.BlockStore` for persistence.
+- executes blocks using an `sm.BlockExecutor`.
+- starts the FSM and the `poolRoutine()`.
+- relays the fast-sync responses and switch messages to the FSM.
+- handles errors from the FSM and when necessarily reports them to the switch.
+- implements the blockchain reactor interface used by the FSM to send requests, errors to the switch and state timer resets.
+- registers all the concrete types and interfaces for serialisation.
+
+```go
+type BlockchainReactor struct {
+	p2p.BaseReactor
+
+	initialState sm.State // immutable
+	state        sm.State
+
+	blockExec *sm.BlockExecutor
+	store     *store.BlockStore
+
+	fastSync bool
+
+	fsm          *BcReactorFSM
+	blocksSynced int
+
+	// Receive goroutine forwards messages to this channel to be processed in the context of the poolRoutine.
+	messagesForFSMCh chan bcReactorMessage
+
+	// Switch goroutine may send RemovePeer to the blockchain reactor. This is an error message that is relayed
+	// to this channel to be processed in the context of the poolRoutine.
+	errorsForFSMCh chan bcReactorMessage
+
+	// This channel is used by the FSM and indirectly the block pool to report errors to the blockchain reactor and
+	// the switch.
+	eventsFromFSMCh chan bcFsmMessage
+}
+```
+
+#### BcReactorFSM
+- implements a simple finite state machine.
+- has a state and a state timer.
+- has a `BlockPool` to keep track of block requests sent to peers and blocks received from peers.
+- uses an interface to send status requests, block requests and reporting errors. The interface is implemented by the `BlockchainReactor` and tests.
+
+```go
+type BcReactorFSM struct {
+	logger log.Logger
+	mtx    sync.Mutex
+
+	startTime time.Time
+
+	state      *bcReactorFSMState
+	stateTimer *time.Timer
+	pool       *BlockPool
+
+	// interface used to call the Blockchain reactor to send StatusRequest, BlockRequest, reporting errors, etc.
+	toBcR bcReactor
+}
+```
+
+#### BlockPool
+- maintains a peer set, implemented as a map of peer ID to `BpPeer`.
+- maintains a set of requests made to peers, implemented as a map of block request heights to peer IDs.
+- maintains a list of future block requests needed to advance the fast-sync. This is a list of block heights. 
+- keeps track of the maximum height of the peers in the set.
+- uses an interface to send requests and report errors to the reactor (via FSM).
+
+```go
+type BlockPool struct {
+	logger log.Logger
+	// Set of peers that have sent status responses, with height bigger than pool.Height
+	peers map[p2p.ID]*BpPeer
+	// Set of block heights and the corresponding peers from where a block response is expected or has been received.
+	blocks map[int64]p2p.ID
+
+	plannedRequests   map[int64]struct{} // list of blocks to be assigned peers for blockRequest
+	nextRequestHeight int64              // next height to be added to plannedRequests
+
+	Height        int64 // height of next block to execute
+	MaxPeerHeight int64 // maximum height of all peers
+	toBcR         bcReactor
+}
+```
+Some reasons for the `BlockPool` data structure content:
+1. If a peer is removed by the switch fast access is required to the peer and the block requests made to that peer in order to redo them.
+2. When block verification fails fast access is required from the block height to the peer and the block requests made to that peer in order to redo them.
+3. The `BlockchainReactor` main routine decides when the block pool is running low and asks the `BlockPool` (via FSM) to make more requests. The `BlockPool` creates a list of requests and triggers the sending of the block requests (via the interface). The reason it maintains a list of requests is the redo operations that may occur during error handling. These are redone when the `BlockchainReactor` requires more blocks.
+
+#### BpPeer
+- keeps track of a single peer, with height bigger than the initial height.
+- maintains the block requests made to the peer and the blocks received from the peer until they are executed.
+- monitors the peer speed when there are pending requests.
+- it has an active timer when pending requests are present and reports error on timeout.
+
+```go
+type BpPeer struct {
+	logger log.Logger
+	ID     p2p.ID
+
+	Height                  int64                  // the peer reported height
+	NumPendingBlockRequests int                    // number of requests still waiting for block responses
+	blocks                  map[int64]*types.Block // blocks received or expected to be received from this peer
+	blockResponseTimer      *time.Timer
+	recvMonitor             *flow.Monitor
+	params                  *BpPeerParams // parameters for timer and monitor
+
+	onErr func(err error, peerID p2p.ID) // function to call on error
+}
+```
+
+### Concurrency Model
+
+The diagram below shows the goroutines (depicted by the gray blocks), timers (shown on the left with their values) and channels (colored rectangles). The FSM box shows some of the functionality and it is not a separate goroutine.
+
+The interface used by the FSM is shown in light red with the `IF` block. This is used to:
+- send block requests 
+- report peer errors to the switch - this results in the reactor calling `switch.StopPeerForError()` and, if triggered by the peer timeout routine, a `removePeerEv` is sent to the FSM and action is taken from the context of the `poolRoutine()`
+- ask the reactor to reset the state timers. The timers are owned by the FSM while the timeout routine is defined by the reactor. This was done in order to avoid running timers in tests and will change in the next revision.
+ 
+There are two main goroutines implemented by the blockchain reactor. All I/O operations are performed from the `poolRoutine()` context while the CPU intensive operations related to the block execution are performed from the context of the `executeBlocksRoutine()`. All goroutines are detailed in the next sections.
+
+![Go Routines Diagram](img/bc-reactor-new-goroutines.png)
+
+#### Receive()
+Fast-sync messages from peers are received by this goroutine. It performs basic validation and:
+- in helper mode (i.e. for request message) it replies immediately. This is different than the proposal in adr-040 that specifies having the FSM handling these.
+- forwards response messages to the `poolRoutine()`.
+
+#### poolRoutine()
+(named kept as in the previous reactor). 
+It starts the `executeBlocksRoutine()` and the FSM. It then waits in a loop for events. These are received from the following channels:
+- `sendBlockRequestTicker.C` - every 10msec the reactor asks FSM to make more block requests up to a maximum. Note: currently this value is constant but could be changed based on low/ high watermark thresholds for the number of blocks received and waiting to be processed, the number of blockResponse messages waiting in messagesForFSMCh, etc.
+- `statusUpdateTicker.C` - every 10 seconds the reactor broadcasts status requests to peers. While adr-040 specifies this to run within the FSM, at this point this functionality is kept in the reactor.
+- `messagesForFSMCh` - the `Receive()` goroutine sends status and block response messages to this channel and the reactor calls FSM to handle them.
+- `errorsForFSMCh` - this channel receives the following events: 
+    - peer remove - when the switch removes a peer
+    - sate timeout event - when FSM state timers trigger
+  The reactor forwards this messages to the FSM.
+- `eventsFromFSMCh` - there are two type of events sent over this channel:
+    - `syncFinishedEv` - triggered when FSM enters `finished` state and calls the switchToConsensus() interface function.
+    - `peerErrorEv`- peer timer expiry goroutine sends this event over the channel for processing from poolRoutine() context.
+    
+#### executeBlocksRoutine()
+Started by the `poolRoutine()`, it retrieves blocks from the pool and executes them:
+- `processReceivedBlockTicker.C` - a ticker event is received over the channel every 10msec and its handling results in a signal being sent to the doProcessBlockCh channel.
+- doProcessBlockCh - events are received on this channel as described as above and upon processing blocks are retrieved from the pool and executed. 
+
+
+### FSM
+
+![fsm](img/bc-reactor-new-fsm.png)
+
+#### States
+##### init (aka unknown)
+The FSM is created in `unknown` state. When started, by the reactor (`startFSMEv`), it broadcasts Status requests and transitions to `waitForPeer` state.
+
+##### waitForPeer
+In this state, the FSM waits for a Status responses from a "tall" peer. A timer is running in this state to allow the FSM to finish if there are no useful peers.
+
+If the timer expires, it moves to `finished` state and calls the reactor to switch to consensus.
+If a Status response is received from a peer within the timeout, the FSM transitions to `waitForBlock` state.
+
+##### waitForBlock
+In this state the FSM makes Block requests (triggered by a ticker in reactor) and waits for Block responses. There is a timer running in this state to detect if a peer is not sending the block at current processing height. If the timer expires, the FSM removes the peer where the request was sent and all requests made to that peer are redone.
+
+As blocks are received they are stored by the pool. Block execution is independently performed by the reactor and the result reported to the FSM:
+- if there are no errors, the FSM increases the pool height and resets the state timer.
+- if there are errors, the peers that delivered the two blocks (at height and height+1) are removed and the requests redone.
+
+In this state the FSM may receive peer remove events in any of the following scenarios: 
+- the switch is removing a peer
+- a peer is penalized because it has not responded to some block requests for a long time
+- a peer is penalized for being slow
+
+When processing of the last block (the one with height equal to the highest peer height minus one) is successful, the FSM transitions to `finished` state.
+If after a peer update or removal the pool height is same as maxPeerHeight, the FSM transitions to `finished` state.
+
+##### finished
+When entering this state, the FSM calls the reactor to switch to consensus and performs cleanup.
+
+#### Events
+
+The following events are handled by the FSM:
+
+```go
+const (
+	startFSMEv = iota + 1
+	statusResponseEv
+	blockResponseEv
+	processedBlockEv
+	makeRequestsEv
+	stopFSMEv
+	peerRemoveEv = iota + 256
+	stateTimeoutEv
+)
+```
+
+### Examples of Scenarios and Termination Handling
+A few scenarios are covered in this section together with the current/ proposed handling.
+In general, the scenarios involving faulty peers are made worse by the fact that they may quickly be re-added.
+
+#### 1. No Tall Peers
+
+S: In this scenario a node is started and while there are status responses received, none of the peers are at a height higher than this node.
+
+H: The FSM times out in `waitForPeer` state, moves to `finished` state where it calls the reactor to switch to consensus.
+
+#### 2. Typical Fast Sync
+
+S: A node fast syncs blocks from honest peers and eventually downloads and executes the penultimate block.
+
+H: The FSM in `waitForBlock` state will receive the processedBlockEv from the reactor and detect that the termination height is achieved.
+
+#### 3. Peer Claims Big Height but no Blocks
+
+S: In this scenario a faulty peer claims a big height (for which there are no blocks).
+
+H: The requests for the non-existing block will timeout, the peer removed and the pool's `MaxPeerHeight` updated. FSM checks if the termination height is achieved when peers are removed.
+
+#### 4. Highest Peer Removed or Updated to Short
+
+S: The fast sync node is caught up with all peers except one tall peer. The tall peer is removed or it sends status response with low height.
+
+H: FSM checks termination condition on peer removal and updates.
+
+#### 5. Block At Current Height Delayed
+
+S: A peer can block the progress of fast sync by delaying indefinitely the block response for the current processing height (h1).
+
+H: Currently, given h1 < h2, there is no enforcement at peer level that the response for h1 should be received before h2. So a peer will timeout only after delivering all blocks except h1. However the `waitForBlock` state timer fires if the block for current processing height is not received within a timeout. The peer is removed and the requests to that peer (including the one for current height) redone.
--- a/Show More
+++ b/Show More