Skip to content

feat(attester): IBC-compatible attester overlay with signed votes#392

Draft
randygrok wants to merge 25 commits intomainfrom
jgimeno/prod-readiness
Draft

feat(attester): IBC-compatible attester overlay with signed votes#392
randygrok wants to merge 25 commits intomainfrom
jgimeno/prod-readiness

Conversation

@randygrok
Copy link
Copy Markdown
Contributor

Summary

  • Add IBC-compatible attester overlay. A fixed set of attesters (loaded at
    genesis) signs each block's cmtproto.Vote; the ABCI adapter reconstructs a
    cmttypes.Commit that a 07-tendermint light client verifies via
    VerifyCommitLight on counterparty chains.
  • Reintroduce vote signature verification in MsgAttest and pin
    vote.BlockID.Hash to the sequencer's stored block hash, preventing
    attester-forged-BlockID attacks.
  • Deterministic commit reconstruction in pkg/rpc/core/blocks.go: ordered by
    validator address, BlockIDFlagAbsent for non-signers, 2/3 voted-power
    quorum gate.
  • Attester client (server/attester_cmd.go) signs every block with the
    ed25519 consensus key, derives the consensus address correctly, and fetches
    latest height via /block (not /status, which returns 0 in attester mode).
  • Disable MsgJoinAttesterSet / MsgLeaveAttesterSet; the set is
    genesis-fixed for this iteration.
  • End-to-end Docker integration test with Hermes + Celestia: asserts
    VerifyCommitLight passes on an attested commit and exercises bidirectional
    ICS20 transfers.

Notable details

  • GenesisState.UnpackInterfaces implemented so Any-typed pubkeys resolve
    after JSON unmarshaling.
  • Genesis loader validates pubkey↔consensus_address at raw-byte level
    (prefix-agnostic bech32) to tolerate celestia/cosmos prefix drift.
  • BlockIDProvider wired post-adapter-creation via the app-side
    networkKeeperBlockIDWirer interface; the integration-test app.go patch
    injects SetNetworkKeeperBlockIDProvider automatically.

Known limitations

  • Last commit (Tests 3+4, GM-native transfer to Celestia) fails because
    Celestia v4's tokenfilter IBC middleware rejects non-utia inbound —
    counterparty policy, not an attester-system bug. Follow-up: convert to
    assert the expected ack-error, or revert.
  • Single-attester deployment tested. Multi-attester timestamp-divergence path
    (each attester stamps votes from its own /block read) is not exercised.
  • Code-review items still open: stale `MsgJoin`/`MsgLeave` references in a
    couple of tests, `GenesisState.Validate()` doesn't check `AttesterInfos`,
    CLI still registers disabled tx subcommands. Non-blocking for this draft.

…idation

- Add consensus_address field (field 4) to AttesterInfo proto and regenerate pb.go
- Add types/attester.go with NewAttesterInfo, GetPubKey, and UnpackInterfaces helpers
- Rewrite InitGenesis to materialise AttesterInfo, AttesterSet, ValidatorIndex,
  and ValidatorPower from genesis attester_infos, sorted by pubkey address ascending
  to match CometBFT NewValidatorSet ordering; enforce pubkey/address match
- Rewrite ExportGenesis to round-trip attester_infos; ValidatorIndices no longer exported
- Add keeper/genesis_test.go covering load, mismatch rejection, and export round-trip
Wire verifyVote into the Attest handler so every attestation is
cryptographically verified. Remove the SIGN_MODE_CHECKPOINT gate (every
height is now attestable) and the MinVoteLen constant (superseded by the
full proto decode + signature check inside verifyVote).

Update TestAttestHeightBounds to seed attesters directly via keeper
calls and build properly signed votes via signTestVote. Update
TestAttest and TestAttestVotePayloadValidation similarly.
Both handlers now return ErrInvalidRequest with "attester set changes
disabled" since the set is fixed at genesis. Remove MaxAttesters const
which was only enforced at join time.
…d quorum gate

Add AttesterSet RPC to the network query service so getCommitForHeight can
build a cmttypes.Commit that 07-tendermint accepts: one entry per validator
in canonical index order, BlockIDFlagAbsent for non-signers, and a hard
refusal to serve until more than 2/3 of the set has signed.
…ommitLight

Add AddGenesisAttester post-init hook that writes one AttesterInfo entry to
app_state.network.attester_infos using the node's ed25519 consensus pubkey and
the operator address from the validator keyring entry.

Wire the hook into getGmChain so the attester set is populated before genesis is
finalized. Without this, MsgAttest rejects votes from unregistered keys and
LastAttestedHeight stays 0, breaking Hermes IBC client creation.

After the attester starts, wait for the chain to reach height 10 and assert that
VerifyCommitLight passes on the fetched commit as an early failure signal before
Hermes setup.
Attesters previously could sign a well-formed cmtproto.Vote over an
arbitrary BlockID.Hash — the signature self-verified and the bitmap bit
was set, but the reconstructed commit failed 07-tendermint
VerifyCommitLight on IBC counterparties.

verifyVote now fetches the canonical BlockID from the adapter store via
a new BlockIDProvider interface, rejecting mismatches. Provider is wired
post-depinject via an app-side networkKeeperBlockIDWirer; if unwired,
verification fails closed.

Includes regression tests for mismatched and unwired-provider paths.
@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented Apr 23, 2026

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: ffac8f58-dc74-4465-b769-93047919e527

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch jgimeno/prod-readiness

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant