-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
R4R: Allow the undelegation of more coins than were delegated; More validity checks. #3717
Changes from 8 commits
da12165
b7d1d69
2f9a0da
c938039
066e11f
f7c3cc6
637902d
71774b8
d9b5071
0c0b142
aca59ac
002e49f
c80e4ae
2925cc8
46e9d4b
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change | ||||
---|---|---|---|---|---|---|
@@ -1,6 +1,7 @@ | ||||||
package simulation | ||||||
|
||||||
import ( | ||||||
"fmt" | ||||||
"math/big" | ||||||
"math/rand" | ||||||
"time" | ||||||
|
@@ -37,14 +38,37 @@ func RandStringOfLength(r *rand.Rand, n int) string { | |||||
} | ||||||
|
||||||
// Generate a random amount | ||||||
// Note: The range of RandomAmount includes max, and is, in fact, biased to return max. | ||||||
func RandomAmount(r *rand.Rand, max sdk.Int) sdk.Int { | ||||||
return sdk.NewInt(int64(r.Intn(int(max.Int64())))) | ||||||
// return sdk.NewInt(int64(r.Intn(int(max.Int64())))) | ||||||
max2 := big.NewInt(0).Mul(max.BigInt(), big.NewInt(2)) | ||||||
randInt := big.NewInt(0).Rand(r, max2) | ||||||
if randInt.Cmp(max.BigInt()) > 0 { | ||||||
randInt = max.BigInt() | ||||||
} | ||||||
result := sdk.NewIntFromBigInt(randInt) | ||||||
// Sanity | ||||||
if result.GT(max) { | ||||||
panic(fmt.Sprintf("%v > %v", result, max)) | ||||||
} | ||||||
return result | ||||||
} | ||||||
|
||||||
// RandomDecAmount generates a random decimal amount | ||||||
// Note: The range of RandomDecAmount includes max, and is, in fact, biased to return max. | ||||||
func RandomDecAmount(r *rand.Rand, max sdk.Dec) sdk.Dec { | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Suggested change
|
||||||
randInt := big.NewInt(0).Rand(r, max.Int) | ||||||
return sdk.NewDecFromBigIntWithPrec(randInt, sdk.Precision) | ||||||
// randInt := big.NewInt(0).Rand(r, max.Int) | ||||||
max2 := big.NewInt(0).Mul(max.Int, big.NewInt(2)) | ||||||
randInt := big.NewInt(0).Rand(r, max2) | ||||||
if randInt.Cmp(max.Int) > 0 { | ||||||
randInt = max.Int | ||||||
} | ||||||
result := sdk.NewDecFromBigIntWithPrec(randInt, sdk.Precision) | ||||||
// Sanity | ||||||
if result.GT(max) { | ||||||
panic(fmt.Sprintf("%v > %v", result, max)) | ||||||
} | ||||||
return result | ||||||
} | ||||||
|
||||||
// RandomSetGenesis wraps mock.RandomSetGenesis, but using simulation accounts | ||||||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -47,7 +47,16 @@ func (k Keeper) handleDoubleSign(ctx sdk.Context, addr crypto.Address, infractio | |
consAddr := sdk.ConsAddress(addr) | ||
pubkey, err := k.getPubkey(ctx, addr) | ||
if err != nil { | ||
panic(fmt.Sprintf("Validator consensus-address %v not found", consAddr)) | ||
// ignore evidence that cannot be handled. | ||
return | ||
// NOTE: | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We aren't talking about having the validators in storage here, we're talking about just the public keys associated with the consensus addresses. Why would Tendermint ever send the application a consensus address for which the application hadn't stored a public key? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. it's in the comment below. because the app deletes the validator after the unbonding period is over (say), and the simulator or tendermint doesn't yet know exactly when this happens. so currently the simulator is breaking the app because it's not very intelligent with inserting evidence. same could happen w/ tendermint. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Indeed the app does delete the validator after the unbonding period is over ( There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. It doesn't seem likely that programmers will get it all right, even if Tendermint were to support evidence... it just seems like a difficult thing to do, or even to prove from the perspective of a developer, even if the criterion for evidence correctness were to be defined by the app in another ABCI message (say). So let's go with defensive here, which we can undo later easily (since it's a single if statement). Later apps can upgrade to become less permissive, and that's fine once Tendermint+SDK's been upgraded to support evidence at only allowable heights. Notifying the programmer/operator of these issues can be done via WARN logging/notification of some sort, which should be built out on the Tendermint side. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I would put all documentation above the return statement. |
||
// We used to panic with: | ||
// `panic(fmt.Sprintf("Validator consensus-address %v not found", consAddr))`, | ||
// but this couples the expectations of the app to both Tendermint and | ||
// the simulator. Both are expected to provide the full range of | ||
// allowable but none of the disallowed evidence types. Instead of | ||
// getting this coordination right, it is easier to relax the | ||
// constraints and ignore evidence that cannot be handled. | ||
} | ||
|
||
// Reject evidence if the double-sign is too old | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think this is necessary to differentiate... RandomAmount might as well be biased all the time intelligently...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IMHO it's not intuitive. Can the same be said for the native go library's rand functions?