* lite2: advance to latest header

without any exponential steps

rename autoUpdate to autoUpdateRoutine

* lite2: wait in Cleanup until goroutines finished running

* docs: minor doc fixes

- minor doc fixes that i ran into while reading things
- test if we have github actions

Signed-off-by: Marko Baricevic <marbar3778@yahoo.com>

* no github actions yet

* add with

* revert and change wording

* Add adr-051 to docs

* add details

* Update docs/architecture/adr-051-double-signing-protection-with-tendermint-mode.md

Co-Authored-By: Anton Kaliaev <anton.kalyaev@gmail.com>

* rename adr-051 for only double singing protection

* remove contents about tendermint mode

* change title to Double Signing Rist Reduction

* rename adr md file

* add a adr link to ToC

Co-authored-by: b-harvest <38277329+dlguddus@users.noreply.github.com>
Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>

* lite2: add Start method

There are few reasons to do that:

1) separation of state and dynamics (some users will want to delay
   starting the light client; does not matter we should not allow them
   to create a light client object)
2) less important, but some users might not need autoUpdateRoutine and
   removeNoLongerTrustedHeadersRoutine routines

* lite2: wait till routines are finished in Stop

because they are started in Start, it feels more natural to wait for
them to finish in Stop.

* lite2: add TrustedValidatorSet func

I have added order_by which can be "asc" or "desc" (should be in string format) in the tx_search RPC method.

Fixes: #3333

Author: @princesinha19

Closes #4341

* docs: update links to rpc

- links to rpc have not been updated. thank you @okwme

Signed-off-by: Marko Baricevic <marbar3778@yahoo.com>

* Update docs/app-dev/indexing-transactions.md

* lite2: add Start method

There are few reasons to do that:

1) separation of state and dynamics (some users will want to delay
   starting the light client; does not matter we should not allow them
   to create a light client object)
2) less important, but some users might not need autoUpdateRoutine and
   removeNoLongerTrustedHeadersRoutine routines

* lite2: wait till routines are finished in Stop

because they are started in Start, it feels more natural to wait for
them to finish in Stop.

* lite2: add TrustedValidatorSet func

* refactor cleanup code

* changed restore header and val function to handle negative height

* reverted restoreTrustedHeaderAndNextVals() functionality

Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>

not MaxOpenConnections

Fixes #4311

Also, set MaxBodyBytes, MaxHeaderBytes and WriteTimeout similar to HTTP
server.

Closes #4330

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.26.0 to 1.27.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.26.0...v1.27.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Closes #4350

Checks that the chain ID of the witness and that of the lite client are the same before updating the witness list.

Bumps [github.com/golang/protobuf](https://github.com/golang/protobuf) from 1.3.2 to 1.3.3.
- [Release notes](https://github.com/golang/protobuf/releases)
- [Commits](golang/protobuf@v1.3.2...v1.3.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

* lite2: make witnesses mandatory

at least one witness is required

* lite2: return an error if there are no witnesses

tendermint/tendermint#4358 (review)

* cmd/lite: add witnesses flag

* fix linter errors

* update guides with correct path to libs/kv proto files

* Apply suggestions from code review

Co-Authored-By: Anton Kaliaev <anton.kalyaev@gmail.com>

* format something to rerun ci

Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>

…354)

Closes issue #4338

Uses a wrapper function around both the signedHeader and validatorSet calls to the primary provider which attempts to retrieve the information 5 times before deeming the provider unavailable and replacing the primary provider with the first alternative before trying recursively again (until all alternatives are depleted)

Employs a mutex lock for any operations involving the providers of the light client to ensure no operations occurs whilst the new primary is chosen.

Commits:

* created swapProvider function

* eliminates old primary provider after replacement. Uses a mutex when changing providers

* renamed to replaceProvider

* created wrapped functions for signed header and val set

* created test for primary provider replacement

* implemented suggested revisions

* created Witnesses() and Primary()

* modified backoffAndJitterTime

* modified backoffAndJitterTime

* changed backoff base and jitter to functional arguments

* implemented suggested changes

* removed backoff function

* changed exp function to match go version

* halved the backoff time

* removed seeding and added comments

* fixed incorrect test

* extract backoff timeout calc into a function

Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>

Closes #4328

When TrustedHeader(height) is called, if the height is less than the trusted height but the header is not in the trusted store then a function finds the previous lowest height with a trusted header and performs a forwards sequential verification to the header of the height that was given. If no error is found it updates the trusted store with the header and validator set for that height and can then return them to the user.

Commits:

* drafted trusted header

* created function to find previous trusted height

* updates missing headers less than the trusted height

* minor cosmetic tweaks

* incorporated suggestions

* lite2: implement Backwards verification

and add SignedHeaderAfter func to Store interface

Refs tendermint/tendermint#4328 (comment)

* remove unused method

* write tests

* start with next height in SignedHeaderAfter func

* fix linter errors

* address Callum's comments

Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>

As opposed to checking a random witness, all witnesses provided should be used as a reference against the header provided by the primary node. This increases security (at the tradeoff of speed) but also gives control to the user. The more witnesses provided, the more secure the lite client can be.

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.27.0 to 1.27.1.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.27.0...v1.27.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

* validate trust options

* add NewClientFromTrustedStore func

* make maxRetryAttempts an option

Closes #4370

* hash size should be equal to tmhash.Size

* make maxRetryAttempts uint

* make maxRetryAttempts uint16

maxRetryAttempts possible - 68 years

* we do not store trustingPeriod

* added test to create client from trusted store

* remove header and vals from primary

to make sure we're restoring them from the DB

… (#4378)

* proto: add buf and protogen script

- add buf with minimal changes
- add protogen script to easier generate proto files

Signed-off-by: Marko Baricevic <marbar3778@yahoo.com>

* add protoc needs

* add some needed shell cmds

* remove buf from tools as it is not needed everytime

* add proto lint and breakage to ci

* add section in changelog and upgrading files

* address pr comments

* remove space in circle config

* remove spaces in makefile comment

* add section on contributing on how to work with proto

* bump buf to 0.7

* test bufbuild image

* test install make in bufbuild image

* revert to tendermintdev image

* Update Makefile

Co-Authored-By: Anton Kaliaev <anton.kalyaev@gmail.com>

Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>

* witnesses are dropped after no response

* test witness dropout

* corrected import structure

* moved non responsiveness check to compare function

* removed dropout test as witnesses are never dropped

* created test to compare witnesses

- erik fixed many of the broken links, just fixed two outstanding ones.

- closes #4381

Signed-off-by: Marko Baricevic <marbar3778@yahoo.com>

Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>

* proto: minor linting

minor linting after working with the proto files in the sdk.

there is no logic change just spacing fixes

Signed-off-by: Marko Baricevic <marbar3778@yahoo.com>

* hardcore linting

before:
&http{AFBSD743A...}

after:
http{https://127.0.0.1:26657}

Co-authored-by: Marko <marbar3778@yahoo.com>

refactored lite client tests

Fixes #2649

* make: remove sentry setup cmds

removal of make comands for sentry setup. it was unclear if they were being maintained and there has not been a mention of people using them

- closes #4379

Signed-off-by: Marko Baricevic <marbar3778@yahoo.com>

* remove depreacted readme

* add not being maintained section to docs

Signed-off-by: Marko Baricevic <marbar3778@yahoo.com>

* release: minor release 0.33.1

- minor release for 0.33.1

Signed-off-by: Marko Baricevic <marbar3778@yahoo.com>

* remvoe wording

* version bump

Signed-off-by: Marko Baricevic <marbar3778@yahoo.com>

upgrade: update upgrade.md for protobuf changes

* docs: update Light Client Protocol page

Closes #4331

* one way to get hash & height

* adr: light client implementation

Closes #2133

* note on chain IDs

* explain why witnesses are required

* if chain forks maliciously, chain ID stays the same

* add a note about min witnesses while cross-checking

Release/v0.33.1

The .PHONY targets in the Makefile are usually placed far away from the actual targets, and thus aren't always updated. Placing the .PHONY targets right next to the targets they cover make them more visible and thus more likely to be updated when necessary.

Currently the sequence function always starts from the trustedHeader and trustedNextVals stored in the lite client. Whereas the bisection one allows the method to be started from any combination of header and validator set. I opened up the sequence verification method to do the same

Closes #4385

* extract TrustOptions into its own file

* print trusted hash before asking whenever to rollback or not

so the user could reset the light client with the trusted header

* do not return an error if rollback is aborted

reason: we trust the old header presumably, so can continue from it.

* add note about time of initial header

* improve logging and add comments

* cross-check newHeader after LC verified it

* check if header is not nil

so we don't crash on the next line

* remove witness if it sends us incorrect header

* require at least one witness

* fix build and tests

* rename tests and assert for specific error

* wrote a test

* fix linter errors

* only check 1/3 if headers diverge

* update theme

* Update version

* Updated Questions section in the footer

* Remove links to Riot chat

* Typo

* Add Discord link

Co-authored-by: Marko <marbar3778@yahoo.com>

Using the WebSocket server, when the same client calls multiple time the subscribe method, only the last subscription receives all the events of the previous ones.

example:

    subscription1 = tm.event = 'NewBlock'
    subscription2 = tm.event = 'Tx'

In this case, subscription2 will receive the new blocks but subscription1 will not.

This came from the WebSocket handler that had the declaration of the rpcrequest moved and so overridden for every request and given in the JSONReq client context (so the id of the subscription was not the right one).

This fixes the issue by simply declaring the rpcrequest inside the loop so every request will create a new object without overwriting the previous one.

Closes #4398

* divided verify functions

* extacted method

* renamed functions. Created standard Verify function

* checked non-adjacency. separated VerifyCommit

* lint fixes

* fix godoc documentation for VerifyAdjacent and VerifyNonAdjacent

* add a comment about VerifyCommit being the last check

Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>

* dep: bump gokitdep: bump gokitdep: bump gokitdep: bump gokitdep: bump gokitdep: bump gokitdep: bump gokitdep: bump gokitdep: bump gokit-

Signedoff-by: Marko Baricevic <marbar3778@yahoo.com>

* go mod tidy

* test go version change

* combination of multiple cmds

Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>

…433)

replaces #4434

Signed-off-by: Marko Baricevic <marbar3778@yahoo.com>

refs #4329

As opposed to using recursion to implement the bisection method of verifying a header, which could have problems with memory allocation (especially for smaller devices), the bisection algorithm now uses a for loop.

* modified bisection to loop

* made lint changes

* made lint changes

* move note to VerifyHeader

since it applies both for sequence and bisection

* test bisection jumps to header signed by 1/3+

 of old validator set

* update labels in debug log calls

* copy tc

Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>

The work includes the reactor which ties together all the seperate routines involved in the design of the blockchain v2 refactor. This PR replaces #4067 which got far too large and messy after a failed attempt to rebase.

## Commits:

* Blockchainv 2 reactor:

	+ I cleaner copy of the work done in #4067 which fell too far behind and was a nightmare to rebase.
	+ The work includes the reactor which ties together all the seperate routines involved in the design of the blockchain v2 refactor.

* fixes after merge

* reorder iIO interface methodset

* change iO -> IO

* panic before send nil block

* rename switchToConsensus -> trySwitchToConsensus

* rename tdState -> tmState

* Update blockchain/v2/reactor.go

Co-Authored-By: Bot from GolangCI <42910462+golangcibot@users.noreply.github.com>

* remove peer when it sends a block unsolicited

* check for not ready in markReceived

* fix error

* fix the pcFinished event

* typo fix

* add documentation for processor fields

* simplify time.Since

* try and make the linter happy

* some doc updates

* fix channel diagram

* Update adr-043-blockchain-riri-org.md

* panic on nil switch

* liting fixes

* account for nil block in bBlockResponseMessage

* panic on duplicate block enqueued by processor

* linting

* goimport reactor_test.go

Co-authored-by: Bot from GolangCI <42910462+golangcibot@users.noreply.github.com>
Co-authored-by: Anca Zamfir <ancazamfir@users.noreply.github.com>
Co-authored-by: Marko <marbar3778@yahoo.com>
Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>

…#4431)

from error to debug

Closes #3583

Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.4.0 to 1.5.0.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](stretchr/testify@v1.4.0...v1.5.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

…441)

Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.5.0 to 1.5.1.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](stretchr/testify@v1.5.0...v1.5.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 0.0.3 to 0.0.6.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](spf13/cobra@v0.0.3...v0.0.6)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

…428)

closes #4413 and #4419

When VerifyHeaderAtHeight() is called, TrustedHeader is initially run to check if the header has already been verified and returns the Header.

If the new header height is less than the lite clients latestTrustedHeader height, than backwards verification is performed else either sequence or bisection

Refactored a test to reflect the changes

* use trustedHeader func for already verified Headers

* remove fetch missing header from TrustedHeader

* check for already trusted Header in VerifyHeaderAtHeight

* replace updateTrustedHeaderAndVals to updateTrustedHeaderAndNextVals

* rename trustedHeader and trustedNextVals

* refactored backwards and included it in VerifyHeader

* cleaned up test to match changes

* lite2: fixes after my own review

Refs tendermint/tendermint#4428 (review)

* fix ineffectual assignment

* lite2: check that header exists in VerifyHeader

* extract function

Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>

* p2p: use curve25519.X25519() instead of ScalarMult()

* Renamed array to shrKeyArray

* Updated CHANGELOG_PENDING

* Revert "Updated CHANGELOG_PENDING"

This reverts commit dbb72e0bf721287847ac136c99f385ce7456d1f7.

closes #4426

The sequence and bisection methods no longer save the intermediate headers and validator sets that they require to verify a currently untrusted header.

## Commits:

* sequence and bisection don't save intermediate headers and vals

* check the next validator hash matches the header

* check expired header at start of backwards verification

* added tests

* handled cleanup warning

* lint fix

* removed redundant code

* tweaked minor errors

* avoided premature trusting of nextVals

* fix test error

* updated trustedHeader and Vals together

* fixed bisection error

* fixed sequence error for different vals and made test

* fixes after my own review

* reorder vars to be consistent

with the rest of the code

Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>

Closes #4417

Before we were storing trustedHeader (height=1) and trustedNextVals
(height=2).

After this change, we will be storing trustedHeader (height=1) and
trustedVals (height=1). This a) simplifies the code b) fixes #4399
inconsistent pairing issue c) gives a relayer access to the current
validator set #4470.

The only downside is more jumps during bisection. If validator set
changes between trustedHeader and the next header (by 2/3 or more), the
light client will be forced to download the next header and check that
2/3+ signed the transition. But we don't expect validator set change too
much and too often, so it's an acceptable compromise.

Closes #4470 and #4399

closes #4464

…(#4477)

closes: #4455

Verifying backwards checks that the trustedHeader hasn't expired both before and after the loop in case of verifying many headers (a longer operation), but not during the loop itself.

TrustedHeader() no longer checks whether the header saved in the store has expired.

Tests have been updated to reflect the changes

## Commits:

* verify headers backwards out of trust period

* removed expiration check in trusted header func

* modified tests to reflect changes

* wrote new tests for backwards verification

* modified TrustedHeader and TrustedValSet functions

* condensed test functions

* condensed test functions further

* fix build error

* update doc

* add comments

* remove unnecessary declaration

* extract latestHeight check into a separate func

Co-authored-by: Callum Waters <cmwaters19@gmail.com>

Bumps [github.com/tendermint/tm-db](https://github.com/tendermint/tm-db) from 0.4.0 to 0.4.1.
- [Release notes](https://github.com/tendermint/tm-db/releases)
- [Changelog](https://github.com/tendermint/tm-db/blob/master/CHANGELOG.md)
- [Commits](tendermint/tm-db@v0.4.0...v0.4.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>

Refs #4442

Add some inline notes for context of why test are commented out and not deleted.

Ref. #4482

* github: edit templates for use in issues and pull requests

Signed-off-by: Marko Baricevic <marbar3778@yahoo.com>

* fix sdk to tendermint

closes #4469

Improved speed of cleanup by using SignedHeaderAfter instead of TrustedHeader to jump from header to header.

Prune() is now called when a new header and validator set are saved and is a function dealt by the database itself

## Commits:

* prune headers and vals

* modified cleanup and tests

* fixes after my own review

* implement Prune func

* make db ops concurrently safe

* use Iterator in SignedHeaderAfter

we should iterate from height+1, not from the end!

* simplify cleanup

Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>

Closes #4473

Closes: #4488

## Commits:

* run example tests

* introduce max clock drift

clockDrift variable from the spec.
10s should cover most of the clients.

References:

- http://vancouver-webpages.com/time/web.html
- https://blog.codinghorror.com/keeping-time-on-the-pc/

* fix ExampleClient_Update

* add test

* increase clock drift

* fix linter warning

* test functions take time.Now and other minor changes

* updated remaining test files

* Update validation_test.go

* fix typo

* go fmt

* import time

Co-authored-by: Marko <marbar3778@yahoo.com>

Bumps [github.com/golang/protobuf](https://github.com/golang/protobuf) from 1.3.3 to 1.3.4.
- [Release notes](https://github.com/golang/protobuf/releases)
- [Commits](golang/protobuf@v1.3.3...v1.3.4)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

* docs: adr-046 add bisection algorithm details

Closes #4329

* format fig. 1 title

* docs: adr-046 we no longer download headers in TrustedHeader

tendermint/tendermint#4496 (comment)

Signed-off-by: Marko Baricevic <marbar3778@yahoo.com>

Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

…(#4493)

* example/kvstore: return ABCI query height

* CHANGELOG: added PR link

* Updated tests

* lite2: fix tendermint lite sub command

- better logging
- chainID as an argument
- more examples

* one more log msg

* lite2: fire update right away after start

* turn off auto update in verification tests

Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

Closes #4211

* rpc: use BlockStoreRPC instead of BlockStore

BlockStoreRPC is a limited version of BlockStore interface, which does
not include SaveBlock method.

Closes #4159

* remove BlockStoreRPC interface in favor of single BlockStore

interface

Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

Closes #4303

Before:

```
TMHOME="/Users/daniel/go/src/github.com/tendermint/thome" tendermint node --proxy_app=unix:///Users/daniel/go/src/github.com/kvstore/example.sock

ERROR: 1 error(s) decoding:

* error decoding 'consensus.create_empty_blocks_interval': time: invalid duration
```

After:

```
$ TMHOME=/tmp ./build/tendermint node --proxy_app=kvstore
ERROR: failed to create node: Couldn't read GenesisDoc file: open /tmp/config/genesis.json: no such file or directory
```