fixes 1162; race condition between delegation record queries and withdrawal acks

[joe-bowman]

1. Summary

Fixes #1162

Historically the the acknowledgement from a withdrawal triggered the reduction in the DelegationRecord for the validator to which the record pertained. However, simultaneously, an ICQ request to update delegation records is triggered at the epoch, and depending on the order of the two independent requests, the record ends up correct, or the undelegate amount less than it ought to be. This discrepancy affects redemption rate calculations, and when there is a large amount unbonding this can be material.

2.Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

3. Implementation details

To solve this issue, we add the undelegation messages to the WithdrawalWaitgroup. This means the undelegation messages and their subsequent queries for updated delegation records must complete before the RR is updated.

Note: also revert alpine to 3.18 as 3.19 is not compatible with current version of wasm.

Note (2): We intentionally choose not to throw errors when WithdrawalWaitgroup underflows, but instead log errors and consciously do not trigger a RR update. This is because failing will cause ICA messages to not be delivered. The waitgroup can end up in this state if there are undelivered acks from the previous epoch.

Summary by CodeRabbit

• New Features
  • Added delegations_epoch and delegation_epoch callbacks for improved interchain staking functionality.
  • Introduced new logic to handle refunds for deposits with specific memos and manage withdrawal waitgroups more effectively.
• Enhancements
  • Enhanced error handling and logging in interchain staking callback functions.
  • Adjusted redemption rate calculation logic to be triggered under specific conditions, improving the staking process's efficiency.
• Refactor
  • Updated Dockerfile to use different base images, impacting dependencies and the build environment.
  • Refactored callback functions in interchainstaking to use a shared function, optimizing code reuse and clarity.
• Bug Fixes
  • Fixed error handling in test cases to align with updated logic, ensuring more reliable testing outcomes.
• Chores
  • Adjusted setup script to enable unbonding feature in genesis configuration, enhancing chain setup flexibility.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
quicksilver	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Feb 23, 2024 5:45pm

[coderabbitai]

Walkthrough

The modifications primarily focus on enhancing the handling of delegation records and withdrawal acknowledgements to address potential race conditions. Changes include updates to Dockerfile base images, script adjustments for unbonding features, introduction and refinement of callback functions, error handling improvements, and adjustments in handling withdrawal waitgroups and redemption rate calculations. These changes aim to synchronize delegation record updates with unbonding transaction acknowledgements, ensuring accurate reflection of the host chain state for redemption rate calculations.

Changes

Files	Change Summary
Dockerfile, scripts/setup.sh	Updated base images and unbonding feature settings
x/interchainstaking/keeper/callbacks.go, x/interchainstaking/keeper/callbacks_test.go, x/interchainstaking/keeper/delegation.go, x/interchainstaking/keeper/hooks.go, x/interchainstaking/keeper/ibc_packet_handlers.go, x/interchainstaking/keeper/ibc_packet_handlers_test.go, x/interchainstaking/keeper/receipt.go, x/interchainstaking/keeper/redemptions.go	Enhanced handling of delegation records, withdrawal acknowledgements, callback functions, error logging, and redemption rate calculations

Assessment against linked issues

Objective	Addressed	Explanation
Identify and resolve race condition between delegation record updates and withdrawal acknowledgements (#1162)	✅
Ensure up-to-date delegation records for redemption rate calculations (#1162)	✅
Process unbondings and acknowledgements before updating redemption rate or adjust timing (#1162)	✅
Achieve synchronization between delegation record retrieval, unbonding transaction processing, and acknowledgement updates (#1162)	✅
Accurately reflect host chain delegation state on QS chain for redemption rate calculations (#1162)	✅

Poem

In the realm of code where logic intertwines,
A rabbit hopped, fixing lines by lines.
With each leap and bound, errors fell away,
Unbondings and delegations, in harmony they sway.

🐇💻 Amidst the bits and bytes, it danced with glee,
For a race condition solved, as clear as can be.
A celebration in code, under the digital sun,
A task well done, a victory won.

---

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit-tests for this file.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit tests for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository from git and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit tests.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• The JSON schema for the configuration file is available here.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/coderabbit-overrides.v2.json

CodeRabbit Discord Community

Join our Discord Community to get help, request features, and share feedback.

[coderabbitai]

Review Status

Actionable comments generated: 7

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between 6c2db0c and a112f70.

Files ignored due to path filters (1)

• scripts/registerzone.json is excluded by: !**/*.json

Files selected for processing (11)

• Dockerfile (2 hunks)
• scripts/setup.sh (1 hunks)
• x/interchainstaking/keeper/callbacks.go (7 hunks)
• x/interchainstaking/keeper/callbacks_test.go (1 hunks)
• x/interchainstaking/keeper/delegation.go (2 hunks)
• x/interchainstaking/keeper/delegation_test.go (1 hunks)
• x/interchainstaking/keeper/hooks.go (3 hunks)
• x/interchainstaking/keeper/ibc_packet_handlers.go (15 hunks)
• x/interchainstaking/keeper/ibc_packet_handlers_test.go (2 hunks)
• x/interchainstaking/keeper/receipt.go (3 hunks)
• x/interchainstaking/keeper/redemptions.go (1 hunks)

Additional comments: 22

Dockerfile (2)

• 1-1: The downgrade from alpine3.19 to alpine3.18 in the Dockerfile's builder stage is noted. Ensure all dependencies installed are compatible with Alpine 3.18.
• 25-25: The final container also uses alpine:3.18 instead of alpine:3.19. This change is consistent with the builder stage and aims to address compatibility issues with wasm. Ensure to test the final container for any potential issues arising from the downgrade.

x/interchainstaking/keeper/hooks.go (2)

• 104-106: The adjustment to reset the withdrawal waitgroup to 0 if it's greater than 0 at this point in the epoch end logic is noted. Ensure to test this logic thoroughly to avoid potential issues with waitgroup management.
• 161-161: The introduction of a new call to IncrementWithdrawalWaitgroup for delegations trigger is a critical change. It's important to ensure that this increment is correctly balanced with a corresponding decrement elsewhere in the code to avoid waitgroup leaks.

x/interchainstaking/keeper/delegation.go (2)

• 332-333: The logic to trigger redemption rate calculation when there are non-positive coins to flush and the withdrawal waitgroup is 0 is noted. This seems like a sensible fallback to ensure the redemption rate is updated correctly. Ensure this logic is thoroughly tested, especially in edge cases where the withdrawal waitgroup might be manipulated concurrently.
• 358-362: Adjusting the logic to trigger redemption rate calculation when no messages are sent and the withdrawal waitgroup is 0 is a critical change. This ensures that the redemption rate is updated even when no delegation flush messages are sent. It's important to validate this behavior through testing, particularly in scenarios where the withdrawal waitgroup's state might change unexpectedly.

x/interchainstaking/keeper/receipt.go (3)

• 215-215: Logging the successful transfer of qAssets via the "return to sender" (RTS) mechanism is a good practice for traceability. However, it's important to ensure that sensitive information is not logged, especially in production environments.

Ensure that no sensitive data is included in the log statements to maintain security and privacy.

• 225-225: Logging the transfer of qAssets to a mapped account is beneficial for traceability. Similar to the previous comment, ensure that sensitive information, such as account details, is handled appropriately in the logs.

Continue to monitor and review logging practices to ensure they align with security and privacy standards.

• 228-228: The logging statement after transferring qAssets to the sender provides useful information for auditing and debugging. It's crucial to maintain this level of transparency while ensuring that sensitive data is protected.

Keep up the good practice of detailed logging, ensuring that it does not compromise user privacy or security.

x/interchainstaking/keeper/redemptions.go (1)

• 253-255: The addition of IncrementWithdrawalWaitgroup before setting the zone in the context is a strategic move to manage withdrawal waitgroups effectively. This change is crucial for synchronizing the handling of unbonding messages with the updates to delegation records, aiming to eliminate the race condition issue identified. It's important to ensure that the IncrementWithdrawalWaitgroup method is implemented with thread safety in mind, considering the concurrent nature of blockchain operations. Given the learnings from previous PRs, it's reassuring to know that the counterpart method DecrementWithdrawalWaitgroup includes underflow protection, which is a good practice for maintaining system stability. However, it would be beneficial to verify that similar protective measures are in place for increment operations to prevent potential overflow issues, especially under high load conditions.

Ensure that the IncrementWithdrawalWaitgroup method includes necessary protections against overflow and is thread-safe to handle concurrent operations effectively.

x/interchainstaking/keeper/callbacks.go (6)

• 76-78: The addition of delegations_epoch and delegation_epoch callbacks enhances the system's ability to handle delegation updates more effectively, especially in terms of epoch-based operations. This is a positive change that aligns with the PR objectives to address race conditions in delegation record updates.
• 129-131: The enhanced error handling and logging within the RewardsCallback function, specifically the non-abortive error handling strategy, is a good practice. It ensures that even if errors occur, the system can continue processing other messages, which is crucial for maintaining system resilience and reliability.
• 139-141: The introduction of the DelegationsEpochCallback function, which utilizes the delegationsCallback with an isEpoch flag, is a smart way to reuse code for both epoch and non-epoch delegation updates. This approach reduces code duplication and maintains consistency in handling delegation callbacks.
• 162-178: > 📝 NOTE

This review was outside the diff hunks and was mapped to the diff hunk with the greatest overlap. Original lines [147-166]

The delegationsCallback function's implementation, which handles both epoch and non-epoch delegation updates, is well-designed. However, it's important to ensure that the isEpoch flag's impact on the system's behavior is thoroughly tested, especially regarding how delegation records are updated and how it affects race condition resolution.

• 162-178: > 📝 NOTE

This review was outside the diff hunks and was mapped to the diff hunk with the greatest overlap. Original lines [168-224]

The DelegationEpochCallback and delegationCallback functions, similar to the delegations callbacks, use a shared implementation with an isEpoch flag to differentiate between epoch and non-epoch operations. This consistency in design is commendable. However, the handling of delegations with zero shares, specifically the removal of such delegations, should be carefully reviewed to ensure it does not introduce unintended side effects, especially in the context of race condition resolution.

• 662-673: > 📝 NOTE

This review was outside the diff hunks and was mapped to the diff hunk with the greatest overlap. Original lines [642-670]

The logic within DelegationAccountBalanceCallback to decrement the withdrawal waitgroup and potentially trigger the redemption rate calculation is crucial for addressing the race condition issue outlined in the PR objectives. However, it's essential to ensure that this logic is robust and does not inadvertently introduce new race conditions or synchronization issues, especially when handling delegation account balances.

scripts/setup.sh (1)

• 480-480: The change to enable the unbonding feature in the interchainstaking parameters is correctly implemented with a jq command to modify the genesis configuration. This aligns with the PR objectives to manage delegation and unbonding processes more effectively.

x/interchainstaking/keeper/ibc_packet_handlers.go (2)

• 372-375: The addition of a new case to handle refunds for deposits with a specific memo ("refund") is a straightforward and effective way to address the need for refunding unprocessable deposits. This change is clear and follows the existing pattern for handling different message types. The logging provides useful context for this operation.
• 764-765: Incrementing the withdrawal waitgroup after emitting a delegation_epoch query is a necessary step to ensure that the system correctly tracks the number of outstanding operations that need to be completed before certain actions, like redemption rate calculations, can be performed. This change is consistent with the approach to manage synchronization and prevent race conditions. The logging provides useful context for this operation.

x/interchainstaking/keeper/ibc_packet_handlers_test.go (1)

• 827-827: The error field in the test case for TestHandleWithdrawRewards has been changed from true to false. This change indicates that the test case now expects the operation to succeed where it previously expected a failure. Ensure that this change aligns with the intended behavior and logic of the HandleWithdrawRewards function. If the function's behavior or the conditions under which it succeeds have not changed, this modification might indicate an oversight or misunderstanding in the test's expectations.

x/interchainstaking/keeper/callbacks_test.go (1)

• 2652-2652: The modification to assert that no error occurs aligns with the updated behavior of the DelegationAccountBalancesCallback function. It's important to ensure that this change accurately reflects the intended behavior and does not overlook potential errors that should be caught by the test.

x/interchainstaking/keeper/delegation_test.go (1)

• 220-220: The addition of a new boolean argument false to the UpdateDelegationRecordForAddress method call within the test function indicates a change in the method's signature or functionality. Ensure that this change is accurately documented and that the test case reflects the intended behavior controlled by this new argument. It's also important to verify that other usages of this method throughout the codebase have been updated accordingly to accommodate this change.

[coderabbitai]

Review Status

Actionable comments generated: 0

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between a112f70 and 7a14b31.

Files selected for processing (3)

• x/interchainstaking/keeper/callbacks.go (7 hunks)
• x/interchainstaking/keeper/ibc_packet_handlers.go (15 hunks)
• x/interchainstaking/keeper/redemptions.go (1 hunks)

Files skipped from review as they are similar to previous changes (3)

• x/interchainstaking/keeper/callbacks.go
• x/interchainstaking/keeper/ibc_packet_handlers.go
• x/interchainstaking/keeper/redemptions.go

[codecov]

Codecov Report

Attention: Patch coverage is 30.23256% with 60 lines in your changes are missing coverage. Please review.

Project coverage is 63.13%. Comparing base (6c2db0c) to head (7a14b31).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1183      +/-   ##
==========================================
- Coverage   63.40%   63.13%   -0.28%     
==========================================
  Files         171      171              
  Lines       11145    11205      +60     
==========================================
+ Hits         7067     7074       +7     
- Misses       3370     3412      +42     
- Partials      708      719      +11     

Flag	Coverage Δ
unittests	63.13% <30.23%> (-0.28%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files	Coverage Δ
x/interchainstaking/keeper/hooks.go	77.86% <100.00%> (+0.17%)	⬆️
x/interchainstaking/keeper/redemptions.go	78.73% <33.33%> (-0.80%)	⬇️
x/interchainstaking/keeper/receipt.go	76.44% <25.00%> (-0.64%)	⬇️
x/interchainstaking/keeper/delegation.go	86.93% <0.00%> (-1.79%)	⬇️
x/interchainstaking/keeper/callbacks.go	63.75% <42.85%> (-0.78%)	⬇️
x/interchainstaking/keeper/ibc_packet_handlers.go	65.60% <22.44%> (-2.76%)	⬇️