ICS 04: fix timeout conditions for ordered (without/with allow timeout) channels #977
Conversation
crodriguezvega
requested review from
mpoke,
AdityaSripal and
cwgoes
as code owners
| @@ -964,7 +964,7 @@ function timeoutPacket( | |||
| // ordered channel: check that packet has not been received | |||
| // only allow timeout on next sequence so all sequences before the timed out packet are processed (received/timed out) | |||
| // before this packet times out | |||
| abortTransactionUnless(nextSequenceRecv == packet.sequence) | |||
| abortTransactionUnless(nextSequenceRecv <= packet.sequence) | |||
There was a problem hiding this comment.
I think its clearer to write
abortTransactionUnless(packet.Sequence >= nextSequenceRecv)
| switch channel.order { | ||
| case ORDERED: | ||
| // ordered channel: check that packet has not been received | ||
| abortTransactionUnless(nextSequenceRecv <= packet.sequence) |
There was a problem hiding this comment.
I changed the ordered to match what the implementation does and what the spec also does for regular packet timeouts.
|
|
||
| // NOTE: For ORDERED_ALLOW_TIMEOUT, the relayer must first attempt the receive on the destination chain | ||
| // before the timeout receipt can be written and subsequently proven on the sender chain in timeoutPacket | ||
| case ORDERED_ALLOW_TIMEOUT: |
There was a problem hiding this comment.
I split ORDERED and ORDERED_ALLOW_TIMEOUT because conditions are different.
| // only allow timeout on next sequence so all sequences before the timed out packet are processed (received/timed out) | ||
| // before this packet times out | ||
| abortTransactionUnless(nextSequenceRecv == packet.sequence) | ||
| abortTransactionUnless(nextSequenceRecv > packet.sequence) |
There was a problem hiding this comment.
For both packet timeouts and for timeout on close the nextSequenceRecv on the counterparty would have been incremented by one before the timeout receipt is written.
There was a problem hiding this comment.
I believe this was correct as it was
There was a problem hiding this comment.
The reason for changing it is that in line 709 inside recvPacket the nextSequenceRecv is incremented by 1 before the timeout receipt is written:
nextSequenceRecv = nextSequenceRecv + 1
provableStore.set(nextSequenceRecvPath(packet.destPort, packet.destChannel), nextSequenceRecv)So if I relayer tries to timeout the packet, the nextSequenceRecv in the timeout message will be > than packet.sequence, won't it?
Same thing for the condition checked in timeoutOnClose.
Is this reasoning correct, @AdityaSripal?
There was a problem hiding this comment.
@AdityaSripal for timing out a packet if the channel is open, should the condition still be that the relayer must attempt to receive the packet (as the comment above this line says)? If that's the case, then I guess it's ok to not support the situation where packet.sequence is >= nextSequenceRecv.
| @@ -964,7 +964,7 @@ function timeoutPacket( | |||
| // ordered channel: check that packet has not been received | |||
| // only allow timeout on next sequence so all sequences before the timed out packet are processed (received/timed out) | |||
| // before this packet times out | |||
| abortTransactionUnless(nextSequenceRecv == packet.sequence) | |||
| abortTransactionUnless(nextSequenceRecv <= packet.sequence) | |||
There was a problem hiding this comment.
I think its clearer to write
abortTransactionUnless(packet.Sequence >= nextSequenceRecv)
| // only allow timeout on next sequence so all sequences before the timed out packet are processed (received/timed out) | ||
| // before this packet times out | ||
| abortTransactionUnless(nextSequenceRecv == packet.sequence) | ||
| abortTransactionUnless(nextSequenceRecv > packet.sequence) |
There was a problem hiding this comment.
I believe this was correct as it was
| // NOTE: For ORDERED_ALLOW_TIMEOUT, the relayer must first attempt the receive on the destination chain | ||
| // before the timeout receipt can be written and subsequently proven on the sender chain in timeoutPacket | ||
| case ORDERED_ALLOW_TIMEOUT: | ||
| abortTransactionUnless(nextSequenceRecv > packet.sequence) |
…annot attempt receive
| // only allow timeout on next sequence so all sequences before the timed out packet are processed (received/timed out) | ||
| // before this packet times out | ||
| abortTransactionUnless(nextSequenceRecv == packet.sequence) | ||
| abortTransactionUnless(nextSequenceRecv > packet.sequence) |
There was a problem hiding this comment.
@AdityaSripal for timing out a packet if the channel is open, should the condition still be that the relayer must attempt to receive the packet (as the comment above this line says)? If that's the case, then I guess it's ok to not support the situation where packet.sequence is >= nextSequenceRecv.
| // Otherwise, if packet.sequence < nextSequenceRecv, then the relayer has attempted | ||
| // to receive the packet on the destination chain, and nextSequenceRecv has been incremented. | ||
| // In this situation, verify the presence of timeout receipt. | ||
| if packet.sequence < nextSequenceRecv { |
There was a problem hiding this comment.
If packet.sequence >= nextSequenceRecv, then timeout, otherwise verify there is a timeout receipt.
…unction-timeoutpacket-and-timeoutonclose
| // only allow timeout on next sequence so all sequences before the timed out packet are processed (received/timed out) | ||
| // before this packet times out | ||
| abortTransactionUnless(nextSequenceRecv == packet.sequence) | ||
| abortTransactionUnless(packet.sequence < nextSequenceRecv) |
There was a problem hiding this comment.
@AdityaSripal if a channel is open and the relayer must first attempt to receive the packet on destination chain, I guess it is ok to assume that nextSequenceRecv will have been incremented and therefore is > packet.sequence?
There was a problem hiding this comment.
No we will actually want the equals here because I think it makes sense to enforce that timeout happens in order as well.
There was a problem hiding this comment.
Should the condition be then abortTransactionUnless(packet.sequence == nextSequenceRecv - 1) since nextSequenceRecv will have been incremented when attempting to receive packet with packet.sequence?
| // only allow timeout on next sequence so all sequences before the timed out packet are processed (received/timed out) | ||
| // before this packet times out | ||
| abortTransactionUnless(nextSequenceRecv == packet.sequence) | ||
| abortTransactionUnless(packet.sequence < nextSequenceRecv) |
There was a problem hiding this comment.
No we will actually want the equals here because I think it makes sense to enforce that timeout happens in order as well.
| @@ -1190,8 +1190,7 @@ function timeoutPacket( | |||
| // ordered channel: check that packet has not been received | |||
| // only allow timeout on next sequence so all sequences before the timed out packet are processed (received/timed out) | |||
| // before this packet times out | |||
| abortTransactionUnless(nextSequenceRecv == packet.sequence) | |||
|
|
|||
| abortTransactionUnless(packet.sequence >= nextSequenceRecv) | |||
There was a problem hiding this comment.
Again I think this should remain as is. It would enforce that the only packet that gets timed out is the first in line
AdityaSripal
deleted the
carlos/965-ics04-something-confusing-about-function-timeoutpacket-and-timeoutonclose
branch
closes: #965