-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Upgrade][DO NOT update branch] Alpha TestNet v0.0.11 #967
base: main
Are you sure you want to change the base?
Conversation
Upgrade has been tested and validated locally:
|
This is interesting. The diff between versions shows we need to add a new authorization, but we already have it on Alpha TestNet: poktrolld q authz grants-by-granter pokt10d07y265gmmuvt4z0w9aw880jnsr700j8yv32t --node=https://shannon-testnet-grove-seed-rpc.alpha.poktroll.com - authorization:
type: cosmos-sdk/GenericAuthorization
value:
msg: /poktroll.session.MsgUpdateParam
expiration: "2500-01-01T00:00:00Z"
grantee: pokt1r6ja6rz6rpae58njfrsgs5n5sp3r36r2q9j04h
granter: pokt10d07y265gmmuvt4z0w9aw880jnsr700j8yv32t |
Tested again after authorization code removed:
I think we're good to go. I'll wait for a review, before I cut a new version. |
// Adds new parameters using ignite's config.yml as a reference. Assuming we don't need any other parameters. | ||
// https://github.com/pokt-network/poktroll/compare/v0.0.10...v0.0.11-rc | ||
applyNewParameters := func(ctx context.Context) (err error) { | ||
logger := cosmosTypes.UnwrapSDKContext(ctx).Logger() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks @bryanchriswhite for the hint!
) upgradetypes.UpgradeHandler { | ||
|
||
// Adds new parameters using ignite's config.yml as a reference. Assuming we don't need any other parameters. | ||
// https://github.com/pokt-network/poktroll/compare/v0.0.10...v0.0.11-rc |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should this be -rc
or just 0.1
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It should be an -rc
here. We created RC release to bootstrap beta TestNet. The release must have this code (the upgrade handler) inside the binary. So we're just using the RC as a version to create a release on.
app/upgrades/v0.0.11.go
Outdated
SourceOwner: 0.15, | ||
Application: 0.0, | ||
} | ||
tokenomicsParams.DaoRewardAddress = AlphaTestNetPnfAddress |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this be AlphaTestNetPnfAddress
or BetaTestNetPnfAddress
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is an upgrade exclusive to Alpha TestNet
} | ||
|
||
// The diff shows that the only new authz authorization is for the `poktroll.session.MsgUpdateParam` message. | ||
// However, this message is already authorized for the `pokt10d07y265gmmuvt4z0w9aw880jnsr700j8yv32t` address. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this the alpha or beta PNF address
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Neither/both? This is a gov module address that persists across networks.
app/upgrades/v0.0.11.go
Outdated
|
||
// Set tokenomics params. The values are based on default values for LocalNet/Beta TestNet. | ||
// Validate with: `poktrolld q tokenomics params --node=https://testnet-validated-validator-rpc.poktroll.com/` | ||
tokenomicsParams := keepers.TokenomicsKeeper.GetParams(ctx) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here's the line that caused a panic: https://gist.github.com/okdas/50f417e3a86230e9e1aea85da841e1de
I need to investigate why I did not have this issue during local upgrade from v0.0.10 to v0.0.11. Will try to replicate using ONLY binaries provided in releases.
Could it be the before state is different on Alpha TestNet? If so, going to document this so we check for that in the future.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here's the line that caused a panic: gist.github.com/okdas/50f417e3a86230e9e1aea85da841e1de
Why did this cause the panic?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Olshansk My first hypothesis it has happened due to the protobuf type change, but that should have been caught on the local test. For some reason, it did not. I'm going to be looking into that today.
I expect we will change an upgrade procedure to migrate each module individually, which can preserve the types between upgrades. There are some pros and cons associated with that. So far, I wanted the upgrade process to look simple, but it seems like additional complexity might worth it to avoid such issues in the future.
I need to spend more time to provide a complete answer.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I need to spend more time to provide a complete answer.
This is REALLY REALLY REALLY REALLY important, so please dive as deep as necessary to the finest grain of detail.
I'm going to remove the merge from main into this branch and do a force push. |
@okdas Following up on an offline discussion.
If you can't resolve it by mid-day today, let's do the following:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Undoing my approval per the latest discussion in this thread
Here's my investigation so far: https://www.notion.so/buildwithgrove/Alpha-TestNet-v0-0-11-Postmortem-152a36edfff680d58411c8fa384f877c?pvs=4 TLDR: KVStore had a different representation of empty params for the tokenomics module (alpha testnet vs local node), which explains the difference in behavior and why this was not caught locally. I've also included some action items for us (me mostly) to do to avoid this and issues that were uncovered during this upgrade / postmortem investigation. @bryanchriswhite I would love you to look into this as well, and I'm happy to pair/help. |
OK, and now that I sent the previous message, it struck me what exactly happened here. Alpha TestNet was provisioned using And it had a value, too: https://github.com/pokt-network/pocket-network-genesis/blob/master/shannon/testnet-alpha/genesis.json#L1018 That protobuf was then removed in As I did not see any changes in the protobuf when comparing If we did not remove the parameter or used a different field ID for the new fields, this wouldn't happen. |
TL;DR, we SHOULD use
🤯 Nice sleuthing! 🚀
Point taken that going forward, we need to be much more careful about backwards compatibility. In this particular case, I don' think there's any way we could've avoided moving this field (to the shared module) as it was necessary to resolve a dependency cycle. In cases like this, it seems like the correct thing to do, going forward, would be to remove the field but also add its field number (and possibly field name) as
EDIT: Upon further reflection, I realize that I was conflating the modification the genesis type itself with what's happening here; we changed a dependency of the genesis type. This may actually be more of a typical case after all. To rephrase, the genesis type wasn't modified, neither was it expected that the genesis JSON should be modified. As a result, in such cases, the This (re-)raises the point of versoined protobuf source, which we currently are not setup for, neither from a go package nor a proto source package persective. I think we will need to do something like the following in order to pre-allocate sufficient degrees of freedom to ensure we can safely increment the protobuf types into the future, without causing chaos from both the go module/pkg and buf.build perspectives: Current proto directory structure:
Conventional (versioned):
This would result in version-namespaced type URLs (e.g. (cc: @Olshansk ) |
cf24879
to
986ed73
Compare
|
GitGuardian id | GitGuardian status | Secret | Commit | Filename | |
---|---|---|---|---|---|
13506804 | Triggered | Generic High Entropy Secret | c457f7b | localnet/kubernetes/config-path-1.yaml | View secret |
14150880 | Triggered | Generic High Entropy Secret | c457f7b | localnet/kubernetes/config-path-3.yaml | View secret |
14150881 | Triggered | Generic High Entropy Secret | c457f7b | localnet/kubernetes/config-path-2.yaml | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secrets safely. Learn here the best practices.
- Revoke and rotate these secrets.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
Firstly, great investigation @okdas! @bryanchriswhite I want to avoid the Let's continue with:
Things we'll look out for:
|
Summary
An upgrade for Alpha TestNet from v0.0.10 to v0.0.11.
Issue
Beta TestNet has been launched using v0.0.11 (release candidate), and we need to upgrade alpha so both networks use the same version.
Type of change
Chain upgrade.
Testing
Sanity Checklist