celestiaorg / celestia-app Goto Github PK
View Code? Open in Web Editor NEWCelestia consensus node
Home Page: https://celestiaorg.github.io/celestia-app/
License: Apache License 2.0
Celestia consensus node
Home Page: https://celestiaorg.github.io/celestia-app/
License: Apache License 2.0
When the app was updated to the latest version of lazyledger-core and the sdk, one of the changes to the sdk was to add the RegisterGRPCServer
method to the server.Application
interface. This method has yet to be implemented in the app, and results in the app not being accessible via grpc.
Verifying a fraud proof requires knowledge of the state logic. We need to investigate which parts will have to live:
Lazyledger-core most likely should provide a simple library (reactor?) to gossip fraud proofs. Maybe the evidence pool can be re-used for that. This should be as light-weight as possible, as we would want light-clients to also participate in the gossiping.
Fraud proofs will be gossiped by Celestia-nodes: https://github.com/celestiaorg/celestia-node
Additionally, celestia-core needs to collect the intermediate state in Block.Data (celestiaorg/celestia-core#84).
The Cosmos-SDK probably needs modifications to produce these intermediate state roots (celestiaorg/cosmos-sdk#8 and celestiaorg/cosmos-sdk#9).
Fraud proofs generation and verification could happen in a separate module/in the lazyledger-app itself.
The overall design should be part of rollkit/rollkit#23 too. ADRs that link to each other in the particular repositories will inform this design document.
Ideally, the design should be independent of which tree is actually used (iavl/smt/other) (ref: celestiaorg/cosmos-sdk#8)
If we would have had more tests that use the cli to generate transactions, then we would have noticed #132 sooner. The way we generate MsgWirePayForMessage
s is atypical for an cosmos-sdk chain in that we are actually generating and signing multiple iterations of the same transaction. We need to have better testing for this.
This should be completed either when completing #132 or directly after, as completing that will require a refactor of the current way we generate transactions using the cli.
Brought up by @nickw321 (thanks): Investigate what it would take to make this abci-app rosetta compatible:
https://blog.cosmos.network/rosetta-api-for-cosmos-sdk-1c67b92da0b3
Might also be relevant to optimint.
After updating to the latest version of the cosmos-sdk #27 we should make the required changes to update here as well. A lot has changed since the last version we used, and we will have to make some minor adjustments. It should also be noted that starport does not yet have support for the latest version of the cosmos-sdk, so if we have too much trouble, then we might just want to use the version they use (v0.42.6) instead of the latest version.
blocked by:
keyring lib is throwing errors during make install
process
git rev-parse --verify HEAD
d061ef0f782e062a52db16da26bfe974a544a2d9
make install
# github.com/keybase/go-keychain cgo-gcc-prolog:203:11: warning: 'SecTrustedApplicationCreateFromPath' is deprecated: first deprecated in macOS 10.15 - No longer supported [-Wdeprecated-declarations] /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/Security.framework/Headers/SecTrustedApplication.h:59:10: note: 'SecTrustedApplicationCreateFromPath' has been explicitly marked deprecated here
Note: If updating the lib then
../../../../pkg/mod/github.com/cosmos/[email protected]/keychain.go:136:8: kcItem.SetAccess undefined (type keychain.Item has no field or method SetAccess)
Before launch, we should further strip down the state machine to a bare minimum that supports staking, fees, and transfers fees only. That said, governance and upgrades might also be part of this.
Action items:
┆Issue is synchronized with this Asana task by Unito
The latest cli addition still needs integration tests. This should include
Preferably Apache-2,0.
Namespaces up to and including NAMESPACE_ID_MAX_RESERVED = 255 are reserved, not messages: https://github.com/lazyledger/lazyledger-specs/blob/de5f4f74f56922e9fa735ef79d9e6e6492a2bad1/specs/consensus.md#constants.
There should also be a check somewhere that a reserved namespace ID that's up to 255 but not specifically reserved is invalid.
Originally posted by @adlerjohn in celestiaorg/celestia-core#261 (comment)
There should be a check in MsgWirePayForMessage
's ValidateBasic
message to make sure that a message is not using reserved namespaces.
Logging has been refactored in the cosmos-sdk. Starport apps have yet to be updated accordingly, so these flags have to be manually added to the start
sub-command in order to pass the logging configurations to lazyledger-core.
I see two very easy solutions to this, we could
Ideally, we would add them to the cosmos-sdk, right next to other start
sub-command flags. However, any changes we make to the sdk will have to be undone each time we upstream anything.
I assume you do not need startport serve
to run the app? https://github.com/lazyledger/lazyledger-app/blob/master/readme.md#get-started
The latest addition to the cli follows the format of the rest of the starport generated cli, except it use relies on hex encoding for accepting the two raw byte arguments. While most users are not going to be using the cli, we still need to figure an ideal, or at least consistent, UI/UX.
As far as I remember, currently no fees are deducted for PayForMessage. Is that right? Or do we actually make use of the default fee-machanism of the SDK?
Ideally via github actions:
at least:
ideally:
Block header hashes are defined, but not transaction IDs. Need to define specifically how to compute a transaction ID.
Potentially this can be done by following what gaia does (I did some testing with Alessio back in the days but I don't remember the details and the process likely improved and changed over time):
We should give a recommendation in the guide on which minimum amount of tokens to add in order to not bump into issues for future node operators
If we execute something like this celestia-appd gentx <user_n> 100000stake --chain-id <abc> --keyring-backend <xyz>
Then we get the error
Error: error during handshake: error on replay: validator set is nil in genesis and still empty after InitChain
This is not directly/explicitly pointing to the issue of insufficient amount of tokens for gentx.
In order to avoid future repeated questions from the community, we should include an info field in the guideline that recommends a minimum amount to include in order to not bump into this issue. Something like
celestia-appd gentx <user_n> 1000000stake --chain-id <abc> --keyring-backend <xyz>
(1mil instead of 100k)
Currently, the binary that runs lazyledger is called lazyledger-appd
. We should probably rename this to lazyledger
or lazyledgerd
?
Also, the repo name could just be lazyledger
or lazyledger-rsm
(replicated state machine) or some other name we should settle on.
There was also the suggestion to rename the tendermint binaries in lazyledger-core. IMO, their name can just stay the same. The consensus is in fact tendermint consensus and the user-facing binaries are in here.
Also, another name to consider is the one chosen for modules (currently there is only one): https://github.com/lazyledger/lazyledger-app/tree/master/x/lazyledgerapp
Currently, the nonce in MsgWirePayForMessage
is not being used. Instead, the sdk handles the AccountNumber SequenceNumber
for the app. The app should be modified so that it follows the spec and handles the nonce inside of MsgWirePayForMessage
, instead of relying on the sdk to handle the AccountNumber
SequenceNumber.
Create an API to check for messages inclusion.
The first step has already been done by writing code to find subtree root paths. The next step should be to create an API that allows us to easily check for message inclusion given the original data square, the position of the message in question, the size of that message, along with the commitment provided in the SignedPayForMessage
.
SignedPayForData
and the actual data in the square given the location and message size.depends on #49
We currently set the share size (rather arbitrarily) to 256 bytes. IMO this should be increased to maybe 1KB or more. Independent of what I think there must be a rationale document for the parameter choice explaining pros/cons and why we settled on whatever value.
Per discussion in #155, we have decided that the code to create MsgWirePayForMessages
programmatically will need to exist in a different repo. This is because if the code is imported from this repo, it adds a dependency on celestia-core, which causes dependency hell for any projects that also import tendermint.
We are going to have to add functionality to baseapp #5, specifically implement the new ABCI methods from lazyledger-core. We could simply change baseapp in the cosmos-sdk, but that is highly undesirable. Ideally, our solution should keep as many changes in the lazyledger-app as possible.
I'm proposing that we simply wrap any usage of the baseapp with a type
that by default forwards all ABCI methods to the baseapp's methods, except when we need to "overwrite" one, we can without making any change to the sdk.
type wrappedBaseApp struct {
bApp *baseapp.BaseApp
}
// forward to baseapp's methods
func (w *wrappedBaseApp) Info(req abci.RequestInfo) abci.ResponseInfo {
return w.bApp.Info(req)
}
func (w *wrappedBaseApp) PreprocessTxs(txs abci.RequestPreprocessTxs) abci.ResponsePreprocessTxs {
// todo: insert custom code here
return w.bApp.PreprocessTxs(txs)
}
type App struct {
*wrappedBaseApp
...
}
I have an implementation here, but would like to make sure I'm not doing anything overly cumbersome before I commit.
Namespaces are now kept in the actual message to ensure that they are recoverable, see the spec PR. This should also be accounted for in the app, specifically SHARE_SIZE - NAMESPACE_ID_BYTES - SHARE_RESERVED_BYTES
As we do not tag ll-core yet, we should rather point to master imo:
https://github.com/lazyledger/lazyledger-app/blob/1e3ebd5361536f0a171e24b1f378ae649b58c691/go.mod#L26
The specification makes some changes to the staking logic used internally in the cosmos-sdk:
Some of these changes are absolutely required for fraud proofs others are simplifications/optimizations.
Concrete action items for this issue (should be split into multiple issues/prs):
While the implementation can happen as late as the incentivized testnet, all other todos should be tackled earlier as they will determine how much work this actually is.
Modules in the sdk all have a package called simulation that interfaces with the simapp
framework for fuzzing. Implement the simulation package for lazyledgerapp so that proper simulation fuzzing can be done as described here
After defining WirePayForMessage
and connecting it the rest of the application, the draft implementation for PreprocessTxs needs to:
WirePayForMessage
sThere are still some design decisions that need to be made. Notably:
Currently, the signature for WirePayForMessage
is being validated in WirePayForMessage
's ValidateBasic
method using the public key of the sender. This is unnecessary, because the signature is already being verified by the auth module's sigverify antehandler, and undesirable because it requires the 33 byte public key be included in each WirePayForMessage
. Instead the signature verification in ValidateBasic
should be removed, and only the sender's address (20 bytes) should be included in WirePayForMessage
.
Implement MessageInclusionFraudProofs and add them to the spec.
Message inclusion fraud proofs are needed to ensure that when a SignedTransactionDataPayForMessage
(STDPfM) is included in a block, then the message that it pays for is also included in the block data.
The fraud proof can be constructed using the WrappedTransaction
of the STDPfM that does not have a message included in the block data. The position and the number of shares used by the message are used to locate the subtree root for that message. Then an nmt merkle proof can be generated for that sub tree root (aka commitment to the message). If the merkle root the merkle proof is not equal to it's respective column or row root in the DataAvailabilityHeader
, then the fraud proof is valid, and the block is invalid.
The position is included in the WrappedTransaction
, and the number of shares used by the message can be calculated using the ShareSize
constant and the messageSize field found in the STDPfM.
MessageInclusionFraudProof
and add it to the specMessageInclusionFraudProof
MessageInclusionFraudProof
blocked by celestiaorg/celestia-core#462
tracked in celestiaorg/celestia-core#459
We need to create a docker image for the celestia-app that handles all installation inside
We don't have a docker image for the repo except for the contrib dir part
To make an image that
The number of shares used for transactions, intermediate state roots, evidence, etc. should be bounded by some parameter. Otherwise, a malicious validator could create a maximum-size block filled with only transactions, and all full node would be required to fully download and process the block to compute the state.
Currently, we only support externally-owned accounts (EOAs), i.e. accounts that are controlled by a single secret key.
We would like to natively support multisigs, i.e. accounts that are controlled by more than one secret key, since this offers more security for users and validators (similar to 2FA). A downside of supporting native multisigs is increase in state transition complexity.
We want to implement eip-1559 style fee burning (but in the current tendermint deferred execution model).
This requires two parts:
Until then, we can probably just live with #48.
Due to an error on my part, the handler for SignedTransactionDataPayForMessage
is not being properly incorporated into the app. To incorporate properly, the keeper package in the lazyledgerapp module should have its own MsgServer
interface, that accounts for the additional method that does not have an endpoint.
With the addition of #129, we started signing over the the entire sdk.Tx
that contians the MsgPayForMessage
instead of only the sdk.Message
when we create MsgWirePayForMessages
. This means that when we create the WirePayForMessage
, we need to know everything that goes in the transaction for MsgPayForMessage will contain, such as gas price, sequence, etc, ahead of time before we sign it. This is the case when programmatically generating MsgWirePayForMessages
using the client code (like we do in optimint), but this is not the case when generating MsgWirePayForMessages
using the cli.
We should changes the way we generate and broadcast MsgWirePayForMessages
when using the cli. Instead of using the default cosmos-sdk to BroadcastTxs, which parses things like gas-price, sequence, etc after generating the MsgWirePayForMessage
, we should parse the cli flags/args manually and create the tx using the client code before signing the commitments.
Some client code for for signing and broadcasting WirePayForMessage
s was implemented in #76, and per the suggestion in this comment rollkit/rollkit#76 (comment) , we should keep that code here. It might also be nice to change up the API slightly to be a tad more general, and maybe even reuse that code in the already implemented cli.
I quickly skimmed through the imports and it seems that the app imports a mixture of lazyledger-core and github.com/tendermint/tendermint.
Most of the devops tests from gaia and the cosmos-sdk could be used in lazyledger-app, but a few had to be temporarily removed because they are meant to use versioned docker images. When we start versioning, we should get a docker hub account for lazyledger, and begin creating docker images for each release.
Taking some inspiration from this post's suggestion of
Application ID 0 is interpreted as an empty entry and can be inserted anywhere by the block producers; it might be required for padding. Any application ID 0 fields should be ignored by clients.
We could use the application ID 0x0000000000000000
to denote any padding shares, then modify the rules of the NMT to simply ignore such shares when computing the min and max namespace IDs of a subtree. Note that the NMT already has special rules to handle tail padding, though since tail padding has the maximum namespace ID it is guaranteed to be lexicographically sorted. These padding shares with a zero namespace ID would not be.
The intuitions around why this should be possible is that there is no need to use the lexicographic-less-than binary relation specifically. The binary relation used for ordering namespace IDs does not necessarily need to be transitive or antisymmetric for its entire domain. As such, we can simply define a new one that ignores the zero namespace ID (i.e. is true
if one or more of the inputs to the relation is the zero namespace ID).
The reason this would be useful is that currently padding between messages cannot be distinguished from messages. This means applications must potentially download a bunch of extra data that isn't useful for them. If padding has a distinct namespace ID, then it can be distinguished and simply not downloaded.
Addresses are currently of length 20. there was discussion in discord to migrate to 32 byte addresses. This would include nodeID's as well.
This is also outlined in the spec as the favored approach.
In order to update to the latest release version of the cosmos-sdk, we need to use a patched version of tendermint/spm due to #10226 cosmos/cosmos-sdk@bdc0ca0 removing the ReadHomeFlag
function
Currently, the specs do not define the concrete Leader selection and the Fork Choice rule:
https://github.com/celestiaorg/celestia-specs/blob/06be92043f8ec39bab4222708c0fb44eb7fbca60/src/specs/consensus.md#fork-choice
IMO, these could be very short paragraphs (one or two sentences) that give an overview and refer to tendermint for the details. If there is anything LL specific to consider here (e.g. any difference that stems from the minority assumption), it should also be mentioned somewhere.
We also need to consider:
partly includes: celestiaorg/celestia-node#1134
The specification must include all system-wide parameters. Client side parameters should also be specified in the sense that there should be a recommendation for defaults and where applicable it should specify which ranges do make sense.
ref: #732
In the future, there will likely be multiple libraries and methods to generate WirePayForMessage
, but currently there are none. I think a good starting point is to do so using a cli. The cli for lazyledger-appd
is using the default starport scaffolding, and luckily the starport team has made it easy to add sub-commands to the existing code.
The first draft of the cli will probably look something like this, but more details will be in the PR
lazyledgerappd tx lazyledgerapp create-PayForMessage [hexNamespace] [hexMessage] [flags]
Clarify how to meter for gas for messages and state-relevant Txs too.
Dropping some raw notes from discussions we had:
Transaction cost metering should only be based on bytes .
potenial workarounds: implicitly set gas limit to infinity (maybe not infinity, maybe use gas used purely for byte cost). This means no need for gas limit field in tx.
Some context:
In the SDK applications can define gas metering as they please.
Here is an example of metering based on bytes: https://github.com/cosmos/cosmos-sdk/blob/eb8aaf939513d3bf6e82bd13691cfbe9ef4ad28c/x/auth/ante/basic.go#L88-L95
more docs:
https://docs.cosmos.network/master/basics/gas-fees.html#block-gas-meter
and the AnteHandler: https://docs.cosmos.network/master/basics/gas-fees.html#antehandler
Note the implementation can happen for the incentivized testnet but we should definitely "de-risk" this earlier, i.e. we should start looking into what exact changes will be necessary certainly before the test-net milsetone.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.