-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Initial validator sets #547
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I know this is still WIP but wanted to leave feedback as early as possible
Co-authored-by: Michael Kaplan <[email protected]> Signed-off-by: minghinmatthewlam <[email protected]>
Co-authored-by: Michael Kaplan <[email protected]> Signed-off-by: minghinmatthewlam <[email protected]>
…initial-validators-ending-e2e
E2E testing for initial validator sets
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Generally makes sense to me. I left a handful of clarifying questions and cleanup suggestions.
InitialValidator[] initialValidators; | ||
} | ||
|
||
struct InitialValidator { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should have the name here match the spec. The spec update calls this ValidatorData
. Between the two, I prefer InitialValidator
, unless there's another scenario in which ValidatorData
would be used outside of initialization. @michaelkaplan13
for (uint32 i; i < numInitialValidators; ++i) { | ||
InitialValidator memory initialValidator = subnetConversionData.initialValidators[i]; | ||
bytes32 nodeID = initialValidator.nodeID; | ||
require(nodeID != bytes32(0), "ValidatorManager: invalid node ID"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this check strictly necessary? IMO node ID validity should be checked on the P-Chain side, so if the P-Chain is willing to sign it we should accept it. A zero node ID would cause the hash comparison to fail.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Expanding on this, one could argue all the validity checks on subnetConversionData
are unnecessary since the subnetConversionID
from the Warp message already encodes validated data (by the P-Chain). If the caller supplies invalid subnetConversionData
here, the hash comparison will fail regardless, and the result would be the same as if we checks the input's validity.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree and would be fine removing all of these checks.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I removed all validity checks on subnetConversionData
, but note that we still need to check that the blockchainID and validator manager address retreived from the Warp message match the contract instance.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Generally makes sense to me.
Signed-off-by: cam-schultz <[email protected]>
Signed-off-by: cam-schultz <[email protected]>
…orter into initial-validators-ending
Why this should be merged
Fixes #543 and #542
How this works
initializeValidatorSet
call which expects a Warp message that contains aSubnetConversionMessage
in its payload, and then verifies the tx ID against the hash of the bytes for the passed inSubnetConversionData
with the initial validators.initializedValidatorSet
owner
from the base struct ofValidator
, any PoA validator either added from initial validator set, or from a PoA validator manager contract can be intiialized end by anyone after migration to PoS.How this was tested
TODO
How is this documented
comments