Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cover light client equivocation attacks in E2E tests #1180

Closed
Tracked by #732
sainoe opened this issue Aug 2, 2023 · 5 comments
Closed
Tracked by #732

Cover light client equivocation attacks in E2E tests #1180

sainoe opened this issue Aug 2, 2023 · 5 comments
Assignees
Labels
S: NewThings Work towards your business objectives with new products, features, or integrations scope: testing Code review, testing, making sure the code is following the specification.

Comments

@sainoe
Copy link
Contributor

sainoe commented Aug 2, 2023

Problem

Currently, the E2E tests are only testing the ICS misbehaviour handling feature by triggering a "lunatic" light client attack.
However, this test case isn't sufficient since only the "equivocation" light client attacks are expected to be handled and lead to the jailing and tombstoning of validators.

Closing criteria

Add a test case that generates an "equivocation" light client attack to the E2E tests.

Problem details

The current way of generating a "lunatic" attack is by forking the consumer chain. This results in the malicious chain sending invalid client headers to the provider chain. Note that after observing the block produced by the main and forked chain, the only block header fields that aren't equal are: time, app_hash, and last_commit_hash. Maybe it's a point to start in order to simulate an "equivocation" attack.

@sainoe sainoe self-assigned this Aug 2, 2023
@sainoe sainoe added the scope: testing Code review, testing, making sure the code is following the specification. label Aug 2, 2023
@sainoe sainoe added this to Cosmos Hub Aug 2, 2023
@github-project-automation github-project-automation bot moved this to 🩹 Triage in Cosmos Hub Aug 2, 2023
@p-offtermatt
Copy link
Contributor

p-offtermatt commented Aug 9, 2023

Hey, I took a look at this and it looks like CometMock could be useful here.
I added support for equivocation in CometMock - it can produce DuplicateVoteEvidence now.
Is this the type of evidence you were looking to produce? see #1190

@mpoke mpoke moved this from 🩹 Triage to 📥 Todo in Cosmos Hub Aug 11, 2023
@sainoe
Copy link
Contributor Author

sainoe commented Aug 21, 2023

Hi. Great work in integrating the equivocation into CometMock!
Here the need is to get a LightClientAttackEvidence that embeds a double signing infraction committed to a block. Does CometMock already support that?

Note that these E2E tests also involve a Hermes Relayer probing evidences committed on-chain.

@p-offtermatt
Copy link
Contributor

Ah, I misunderstood - I added DoubleSignEvidence to CometMock, LightClientAttackEvidence is not something I have looked at yet. I have looking into adding LightClientAttackEvidence to CometMock on the roadmap informalsystems/CometMock#34, but if the test crucially relies on Hermes, CometMock won't be able to help at the moment, see cosmos/cosmos-sdk#16277

If you think this could also be done with the go relayer, let me know and I'm happy to add LightClientAttackEvidence as soon as I can!

@sainoe sainoe changed the title Add equivocation light client attack to E2E tests Cover light client equivocation attacks in E2E tests Aug 22, 2023
@p-offtermatt
Copy link
Contributor

Hey, light client attacks are now available in CometMock, see #1249. Again, this does not work with Hermes, but just mentioning here in case this is useful.

@mpoke mpoke added the S: NewThings Work towards your business objectives with new products, features, or integrations label Sep 14, 2023
@sainoe sainoe moved this from 📥 F2: Todo to 🤔 F1: Investigate in Cosmos Hub Oct 4, 2023
@sainoe
Copy link
Contributor Author

sainoe commented Nov 21, 2023

Adressed in #1388 & #1249.

@sainoe sainoe closed this as completed Nov 21, 2023
@github-project-automation github-project-automation bot moved this from 🤔 F1: Investigate to 👍 F4: Assessment in Cosmos Hub Nov 21, 2023
@mpoke mpoke moved this from 👍 F4: Assessment to ✅ Done in Cosmos Hub Nov 23, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
S: NewThings Work towards your business objectives with new products, features, or integrations scope: testing Code review, testing, making sure the code is following the specification.
Projects
Status: ✅ Done
Development

No branches or pull requests

3 participants